diff options
Diffstat (limited to 'config')
24 files changed, 4493 insertions, 1421 deletions
diff --git a/config/dansguardian/dansguardian.conf.template b/config/dansguardian/dansguardian.conf.template new file mode 100755 index 00000000..7b3fcc4c --- /dev/null +++ b/config/dansguardian/dansguardian.conf.template @@ -0,0 +1,715 @@ +<?php +/* + dansguardian.inc + part of the Dansguardian package for pfSense + Copyright (C) 2012 Marcello Coutinho + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + +*/ + +#create dansguardian.conf + $dg=<<<EOF +# DansGuardian config file for version 2.12.0.0 + +# **NOTE** as of version 2.7.5 most of the list files are now in dansguardianf1.conf + + +# Web Access Denied Reporting (does not affect logging) +# +# -1 = log, but do not block - Stealth mode +# 0 = just say 'Access Denied' +# 1 = report why but not what denied phrase +# 2 = report fully +# 3 = use HTML template file (accessdeniedaddress ignored) - recommended +# +reportinglevel = {$reportlevel} + +# Language dir where languages are stored for internationalisation. +# The HTML template within this dir is only used when reportinglevel +# is set to 3. When used, DansGuardian will display the HTML file instead of +# using the perl cgi script. This option is faster, cleaner +# and easier to customise the access denied page. +# The language file is used no matter what setting however. +# +languagedir = '/usr/local/share/dansguardian/languages' + +# language to use from languagedir. +language = '{$reportlanguage}' + +# Logging Settings +# +# 0 = none 1 = just denied 2 = all text based 3 = all requests +loglevel = {$loglevel} + +# Log Exception Hits +# Log if an exception (user, ip, URL, phrase) is matched and so +# the page gets let through. Can be useful for diagnosing +# why a site gets through the filter. +# 0 = never log exceptions +# 1 = log exceptions, but do not explicitly mark them as such +# 2 = always log & mark exceptions (default) +logexceptionhits = {$logexceptionhits} + +# Log File Format +# 1 = DansGuardian format (space delimited) +# 2 = CSV-style format +# 3 = Squid Log File Format +# 4 = Tab delimited +logfileformat = {$logfileformat} + +# truncate large items in log lines +# 0 = no truncating (default) +#maxlogitemlength = 0 + +# anonymize logs (blank out usernames & IPs) +anonymizelogs = {$anonymizelogs} + + +# Syslog logging +# +# Use syslog for access logging instead of logging to the file +# at the defined or built-in "loglocation" +#logsyslog = off + +# Log file location +# +# Defines the log directory and filename. +loglocation = '/var/log/dansguardian/access.log' + + +# Statistics log file location +# +# Defines the stat file directory and filename. +# Only used in conjunction with maxips > 0 +# Once every 3 minutes, the current number of IPs in the cache, and the most +# that have been in the cache since the daemon was started, are written to this +# file. IPs persist in the cache for 7 days. +statlocation = '/var/log/dansguardian/stats' + + +# Network Settings +# +# the IP that DansGuardian listens on. If left blank DansGuardian will +# listen on all IPs. That would include all NICs, loopback, modem, etc. +# Normally you would have your firewall protecting this, but if you want +# you can limit it to a certain IP. To bind to multiple interfaces, +# specify each IP on an individual filterip line. +# You can have the same IP twice so long as it has a different port. +{$filterip} + +# the ports that DansGuardian listens to. Specify one line per filterip +# line. You can specify different authentication mechanisms per port but +# only if the mechanisms can co-exist (e.g. basic/proxy auth can't) +#filterports = 8080 +#filterports = 8081 +{$filterports} + +# the ip of the proxy (default is the loopback - i.e. this server) +proxyip = 127.0.0.1 + +# the port DansGuardian connects to proxy on +proxyport = 3128 + +# Whether to retrieve the original destination IP in transparent proxy +# setups and check it against the domain pulled from the HTTP headers. +# +# Be aware that when visiting sites which use a certain type of round-robin +# DNS for load balancing, DG may mark requests as invalid unless DG gets +# exactly the same answers to its DNS requests as clients. The chances of +# this happening can be increased if all clients and servers on the same LAN +# make use of a local, caching DNS server instead of using upstream DNS +# directly. +# +# See http://www.kb.cert.org/vuls/id/435052 +# on (default) | off +#!! Not compiled !! originalip = on + +# accessdeniedaddress is the address of your web server to which the cgi +# dansguardian reporting script was copied. Only used in reporting levels 1 and 2. +# +# This webserver must be either: +# 1. Non-proxied. Either a machine on the local network, or listed as an exception +# in your browser's proxy configuration. +# 2. Added to the exceptionsitelist. Option 1 is preferable; this option is +# only for users using both transparent proxying and a non-local server +# to host this script. +# +# Individual filter groups can override this setting in their own configuration. +# +accessdeniedaddress = 'http://YOURSERVER.YOURDOMAIN/cgi-bin/dansguardian.pl' + +# Non standard delimiter (only used with accessdeniedaddress) +# To help preserve the full banned URL, including parameters, the variables +# passed into the access denied CGI are separated using non-standard +# delimiters. This can be useful to ensure correct operation of the filter +# bypass modes. Parameters are split using "::" in place of "&", and "==" in +# place of "=". +# Default is enabled, but to go back to the standard mode, disable it. +nonstandarddelimiter = {$nonstandarddelimiter} + + + +# Banned image replacement +# Images that are banned due to domain/url/etc reasons including those +# in the adverts blacklists can be replaced by an image. This will, +# for example, hide images from advert sites and remove broken image +# icons from banned domains. +# on (default) | off +usecustombannedimage = {$usecustombannedimage} +custombannedimagefile = '/usr/local/share/dansguardian/transparent1x1.gif' + + +#Banned flash replacement +usecustombannedflash = {$usecustombannedflash} +custombannedflashfile = '/usr/local/share/dansguardian/blockedflash.swf' + + + +# Filter groups options +# filtergroups sets the number of filter groups. A filter group is a set of content +# filtering options you can apply to a group of users. The value must be 1 or more. +# DansGuardian will automatically look for dansguardianfN.conf where N is the filter +# group. To assign users to groups use the filtergroupslist option. All users default +# to filter group 1. You must have some sort of authentication to be able to map users +# to a group. The more filter groups the more copies of the lists will be in RAM so +# use as few as possible. +filtergroups = {$filtergroups} +filtergroupslist = '/usr/local/etc/dansguardian/lists/filtergroupslist' + + + +# Authentication files location +bannediplist = '/usr/local/etc/dansguardian/lists/bannediplist' +exceptioniplist = '/usr/local/etc/dansguardian/lists/exceptioniplist' + +# Per-Room blocking definition directory +# A directory containing text files containing the room's name followed by IPs or ranges +# Think of it as bannediplist on crack +perroomblockingdirectory = '/usr/local/etc/dansguardian/lists/bannedrooms/' + +# Show weighted phrases found +# If enabled then the phrases found that made up the total which excedes +# the naughtyness limit will be logged and, if the reporting level is +# high enough, reported. on | off +showweightedfound = {$showweightedfound} + +# Weighted phrase mode +# There are 3 possible modes of operation: +# 0 = off = do not use the weighted phrase feature. +# 1 = on, normal = normal weighted phrase operation. +# 2 = on, singular = each weighted phrase found only counts once on a page. +# +# IMPORTANT: Note that setting this to "0" turns off all features which +# extract phrases from page content, including banned & exception +# phrases (not just weighted), search term filtering, and scanning for +# links to banned URLs. +# +weightedphrasemode = {$weightedphrasemode} + + + +# Positive (clean) result caching for URLs +# Caches good pages so they don't need to be scanned again. +# It also works with AV plugins. +# 0 = off (recommended for ISPs with users with disimilar browsing) +# 1000 = recommended for most users +# 5000 = suggested max upper limit +# If you're using an AV plugin then use at least 5000. +urlcachenumber = {$urlcachenumber} +# +# Age before they are stale and should be ignored in seconds +# 0 = never +# 900 = recommended = 15 mins +urlcacheage ={$urlcacheage} + + + +# Cache for content (AV) scan results as 'clean' +# By default, to save CPU, files scanned and found to be +# clean are inserted into the clean cache and NOT scanned +# again for a while. If you don't like this then choose +# to disable it. +# on = cache results; do not re-scan +# off = do not cache; always re-scan +# (on|off) default = on. +scancleancache = {$scancleancache} + + + +# Smart, Raw and Meta/Title phrase content filtering options +# Smart is where the multiple spaces and HTML are removed before phrase filtering +# Raw is where the raw HTML including meta tags are phrase filtered +# Meta/Title is where only meta and title tags are phrase filtered (v. quick) +# CPU usage can be effectively halved by using setting 0 or 1 compared to 2 +# 0 = raw only +# 1 = smart only +# 2 = both of the above (default) +# 3 = meta/title +phrasefiltermode = {$phrasefiltermode} + +# Lower casing options +# When a document is scanned the uppercase letters are converted to lower case +# in order to compare them with the phrases. However this can break Big5 and +# other 16-bit texts. If needed preserve the case. As of version 2.7.0 accented +# characters are supported. +# 0 = force lower case (default) +# 1 = do not change case +# 2 = scan first in lower case, then in original case +preservecase = {$preservecase} + +# Note: +# If phrasefiltermode and preserve case are both 2, this equates to 4 phrase +# filtering passes. If you have a large enough userbase for this to be a +# worry, and need to filter pages in exotic character encodings, it may be +# better to run two instances on separate servers: one with preservecase 1 +# (and possibly forcequicksearch 1) and non ASCII/UTF-8 phrase lists, and one +# with preservecase 0 and ASCII/UTF-8 lists. + + + +# Hex decoding options +# When a document is scanned it can optionally convert %XX to chars. +# If you find documents are getting past the phrase filtering due to encoding +# then enable. However this can break Big5 and other 16-bit texts. +# off = disabled (default) +# on = enabled +hexdecodecontent = {$hexdecodecontent} + + + +# Force Quick Search rather than DFA search algorithm +# The current DFA implementation is not totally 16-bit character compatible +# but is used by default as it handles large phrase lists much faster. +# If you wish to use a large number of 16-bit character phrases then +# enable this option. +# off (default) | on (Big5 compatible) +forcequicksearch = {$forcequicksearch} + + + +# Reverse lookups for banned site and URLs. +# If set to on, DansGuardian will look up the forward DNS for an IP URL +# address and search for both in the banned site and URL lists. This would +# prevent a user from simply entering the IP for a banned address. +# It will reduce searching speed somewhat so unless you have a local caching +# DNS server, leave it off and use the Blanket IP Block option in the +# bannedsitelist file instead. +reverseaddresslookups = {$reverseaddresslookups} + + + +# Reverse lookups for banned and exception IP lists. +# If set to on, DansGuardian will look up the forward DNS for the IP +# of the connecting computer. This means you can put in hostnames in +# the exceptioniplist and bannediplist. +# If a client computer is matched against an IP given in the lists, then the +# IP will be recorded in any log entries; if forward DNS is successful and a +# match occurs against a hostname, the hostname will be logged instead. +# It will reduce searching speed somewhat so unless you have a local DNS server, +# leave it off. +reverseclientiplookups = {$reverseclientiplookups} + + +# Perform reverse lookups on client IPs for successful requests. +# If set to on, DansGuardian will look up the forward DNS for the IP +# of the connecting computer, and log host names (where available) rather than +# IPs against requests. +# This is not dependent on reverseclientiplookups being enabled; however, if it +# is, enabling this option does not incur any additional forward DNS requests. +logclienthostnames = {$logclienthostnames} + + +# Build bannedsitelist and bannedurllist cache files. +# This will compare the date stamp of the list file with the date stamp of +# the cache file and will recreate as needed. +# If a .processed file exists for an item (e.g. domain/URL) list, then that +# will be used instead, if it is up to date (i.e. newer than the unprocessed +# list file). +# This can increase process start speed on slow computers. +# Fast computers do not need this option. +# on | off, default = on +createlistcachefiles = {$createlistcachefiles} + + +# Prefer cached list files +# If enabled, DansGuardian will always prefer to load ".processed" versions of +# list files, regardless of their time stamps relative to the original +# unprocessed lists. This is not generally useful unless you have a specific +# list update process which results in - for example - up-to-date, pre-sorted +# ".processed" list files with dummy unprocessed files. +# on | off, default = off +prefercachedlists = {$prefercachedlists} + + + +# POST protection (web upload and forms) +# does not block forms without any file upload, i.e. this is just for +# blocking or limiting uploads +# measured in kibibytes after MIME encoding and header bumph +# use 0 for a complete block +# use higher (e.g. 512 = 512Kbytes) for limiting +# use -1 for no blocking +#maxuploadsize = 512 +#maxuploadsize = 0 +maxuploadsize = {$maxuploadsize} + + + +# Max content filter size +# Sometimes web servers label binary files as text which can be very +# large which causes a huge drain on memory and cpu resources. +# To counter this, you can limit the size of the document to be +# filtered and get it to just pass it straight through. +# This setting also applies to content regular expression modification. +# The value must not be higher than maxcontentramcachescansize +# The size is in Kibibytes - eg 2048 = 2Mb +# use 0 to set it to maxcontentramcachescansize +maxcontentfiltersize = {$maxcontentfiltersize} + + + +# Max content ram cache scan size +# This is only used if you use a content scanner plugin such as AV +# This is the max size of file that DG will download and cache +# in RAM. After this limit is reached it will cache to disk +# This value must be less than or equal to maxcontentfilecachescansize. +# The size is in Kibibytes - eg 10240 = 10Mb +# use 0 to set it to maxcontentfilecachescansize +# This option may be ignored by the configured download manager. +maxcontentramcachescansize = {$maxcontentramcachescansize} + + + +# Max content file cache scan size +# This is only used if you use a content scanner plugin such as AV +# This is the max size file that DG will download +# so that it can be scanned or virus checked. +# This value must be greater or equal to maxcontentramcachescansize. +# The size is in Kibibytes - eg 10240 = 10Mb +maxcontentfilecachescansize = {$maxcontentfilecachescansize} + + + +# File cache dir +# Where DG will download files to be scanned if too large for the +# RAM cache. +filecachedir = '/tmp' + + + +# Delete file cache after user completes download +# When a file gets save to temp it stays there until it is deleted. +# You can choose to have the file deleted when the user makes a sucessful +# download. This will mean if they click on the link to download from +# the temp store a second time it will give a 404 error. +# You should configure something to delete old files in temp to stop it filling up. +# on|off (defaults to on) +deletedownloadedtempfiles = {$deletedownloadedtempfiles} + + + +# Initial Trickle delay +# This is the number of seconds a browser connection is left waiting +# before first being sent *something* to keep it alive. The +# *something* depends on the download manager chosen. +# Do not choose a value too low or normal web pages will be affected. +# A value between 20 and 110 would be sensible +# This may be ignored by the configured download manager. +initialtrickledelay = {$initialtrickledelay} + + + +# Trickle delay +# This is the number of seconds a browser connection is left waiting +# before being sent more *something* to keep it alive. The +# *something* depends on the download manager chosen. +# This may be ignored by the configured download manager. +trickledelay = {$trickledelay} + + + +# Download Managers +# These handle downloads of files to be filtered and scanned. +# They differ in the method they deal with large downloads. +# Files usually need to be downloaded 100% before they can be +# filtered and scanned before being sent on to the browser. +# Normally the browser can just wait, but with content scanning, +# for example to AV, the browser may timeout or the user may get +# confused so the download manager has to do some sort of +# 'keep alive'. +# +# There are various methods possible but not all are included. +# The author does not have the time to write them all so I have +# included a plugin systam. Also, not all methods work with all +# browsers and clients. Specifically some fancy methods don't +# work with software that downloads updates. To solve this, +# each plugin can support a regular expression for matching +# the client's user-agent string, and lists of the mime types +# and extensions it should manage. +# +# Note that these are the matching methods provided by the base plugin +# code, and individual plugins may override or add to them. +# See the individual plugin conf files for supported options. +# +# The plugins are matched in the order you specify and the last +# one is forced to match as the default, regardless of user agent +# and other matching mechanisms. +# +downloadmanager = '/usr/local/etc/dansguardian/downloadmanagers/fancy.conf' +##!! Not compiled !! downloadmanager = '/usr/local/etc/dansguardian/downloadmanagers/trickle.conf' +downloadmanager = '/usr/local/etc/dansguardian/downloadmanagers/default.conf' + + + +# Content Scanners (Also known as AV scanners) +# These are plugins that scan the content of all files your browser fetches +# for example to AV scan. The options are limitless. Eventually all of +# DansGuardian will be plugin based. You can have more than one content +# scanner. The plugins are run in the order you specify. +# This is one of the few places you can have multiple options of the same name. +# +# Some of the scanner(s) require 3rd party software and libraries eg clamav. +# See the individual plugin conf file for more options (if any). +# +{$contentscanners} + + +# Content scanner timeout +# Some of the content scanners support using a timeout value to stop +# processing (eg AV scanning) the file if it takes too long. +# If supported this will be used. +# The default of 60 seconds is probably reasonable. +contentscannertimeout = {$contentscannertimeout} + + + +# Content scan exceptions +# If 'on' exception sites, urls, users etc will be scanned +# This is probably not desirable behavour as exceptions are +# supposed to be trusted and will increase load. +# Correct use of grey lists are a better idea. +# (on|off) default = off +contentscanexceptions = {$contentscanexceptions} + + + +# Auth plugins +# These replace the usernameidmethod* options in previous versions. They +# handle the extraction of client usernames from various sources, such as +# Proxy-Authorisation headers and ident servers, enabling requests to be +# handled according to the settings of the user's filter group. +# Multiple plugins can be specified, and will be used per port in the order +# filterports are listed. +# +# If you do not use multiple filter groups, you need not specify this option. +# +#authplugin = '/usr/local/etc/dansguardian/authplugins/proxy-basic.conf' +#authplugin = '/usr/local/etc/dansguardian/authplugins/proxy-digest.conf' +#authplugin = '/usr/local/etc/dansguardian/authplugins/proxy-ntlm.conf' +#authplugin = '/usr/local/etc/dansguardian/authplugins/ident.conf' +#authplugin = '/usr/local/etc/dansguardian/authplugins/ip.conf' +{$authplugin} + + +# Re-check replaced URLs +# As a matter of course, URLs undergo regular expression search/replace (urlregexplist) +# *after* checking the exception site/URL/regexpURL lists, but *before* checking against +# the banned site/URL lists, allowing certain requests that would be matched against the +# latter in their original state to effectively be converted into grey requests. +# With this option enabled, the exception site/URL/regexpURL lists are also re-checked +# after replacement, making it possible for URL replacement to trigger exceptions based +# on them. +# Defaults to off. +recheckreplacedurls = {$recheckreplacedurls} + + + +# Misc settings + +# if on it adds an X-Forwarded-For: <clientip> to the HTTP request +# header. This may help solve some problem sites that need to know the +# source ip. on | off +forwardedfor = {$forwardedfor} + + +# if on it uses the X-Forwarded-For: <clientip> to determine the client +# IP. This is for when you have squid between the clients and DansGuardian. +# Warning - headers are easily spoofed. on | off +usexforwardedfor = {$usexforwardedfor} + + +# if on it logs some debug info regarding fork()ing and accept()ing which +# can usually be ignored. These are logged by syslog. It is safe to leave +# it on or off +logconnectionhandlingerrors = {$logconnectionhandlingerrors} + + + +# Fork pool options + +# If on, this causes DG to write to the log file whenever child processes are +# created or destroyed (other than by crashes). This information can help in +# understanding and tuning the following parameters, but is not generally +# useful in production. +logchildprocesshandling = {$logchildprocesshandling} + +# sets the maximum number of processes to spawn to handle the incoming +# connections. Max value usually 250 depending on OS. +# On large sites you might want to try 180. +maxchildren = {$maxchildren} + + +# sets the minimum number of processes to spawn to handle the incoming connections. +# On large sites you might want to try 32. +minchildren = {$minchildren} + + +# sets the minimum number of processes to be kept ready to handle connections. +# On large sites you might want to try 8. +minsparechildren = {$minsparechildren} + + +# sets the minimum number of processes to spawn when it runs out +# On large sites you might want to try 10. +preforkchildren = {$preforkchildren} + + +# sets the maximum number of processes to have doing nothing. +# When this many are spare it will cull some of them. +# On large sites you might want to try 64. +maxsparechildren = {$maxsparechildren} + + +# sets the maximum age of a child process before it croaks it. +# This is the number of connections they handle before exiting. +# On large sites you might want to try 10000. +maxagechildren = {$maxagechildren} + + +# Sets the maximum number client IP addresses allowed to connect at once. +# Use this to set a hard limit on the number of users allowed to concurrently +# browse the web. Set to 0 for no limit, and to disable the IP cache process. +maxips = {$maxips} + + + +# Process options +# (Change these only if you really know what you are doing). +# These options allow you to run multiple instances of DansGuardian on a single machine. +# Remember to edit the log file path above also if that is your intention. + +# IPC filename +# +# Defines IPC server directory and filename used to communicate with the log process. +ipcfilename = '/tmp/.dguardianipc' + +# URL list IPC filename +# +# Defines URL list IPC server directory and filename used to communicate with the URL +# cache process. +urlipcfilename = '/tmp/.dguardianurlipc' + +# IP list IPC filename +# +# Defines IP list IPC server directory and filename, for communicating with the client +# IP cache process. +ipipcfilename = '/tmp/.dguardianipipc' + +# PID filename +# +# Defines process id directory and filename. +#pidfilename = '/var/run/dansguardian.pid' + +# Disable daemoning +# If enabled the process will not fork into the background. +# It is not usually advantageous to do this. +# on|off (defaults to off) +nodaemon = {$nodaemon} + +# Disable logging process +# on|off (defaults to off) +nologger = {$nologger} + +# Enable logging of "ADs" category blocks +# on|off (defaults to off) +logadblocks = {$logadblocks} + +# Enable logging of client User-Agent +# Some browsers will cause a *lot* of extra information on each line! +# on|off (defaults to off) +loguseragent = {$loguseragent} + +# Daemon runas user and group +# This is the user that DansGuardian runs as. Normally the user/group nobody. +# Uncomment to use. Defaults to the user set at compile time. +# Temp files created during virus scanning are given owner and group read +# permissions; to use content scanners based on external processes, such as +# clamdscan, the two processes must run with either the same group or user ID. +daemonuser = '{$daemonuser}' +daemongroup = '{$daemongroup}' + +# Soft restart +# When on this disables the forced killing off all processes in the process group. +# This is not to be confused with the -g run time option - they are not related. +# on|off (defaults to off) +softrestart = {$softrestart} + +# Mail program +# Path (sendmail-compatible) email program, with options. +# Not used if usesmtp is disabled (filtergroup specific). +#!! Not compiled !!mailer = '/usr/sbin/sendmail -t' + +#SSL certificate checking path +#Path to CA certificates used to validate the certificates of https sites. +#sslcertificatepath = '/etc/ssl/certs/' + +#SSL man in the middle +#CA certificate path +#Path to the CA certificate to use as a signing certificate for +#generated certificates. +#cacertificatepath = '/home/stephen/dginstall/ca.pem' +{$ca_pem} + +#CA private key path +#path to the private key that matches the public key in the CA certificate. +#caprivatekeypath = '/home/stephen/dginstall/ca.key' +{$ca_pk} + +#Cert private key path +#The public / private key pair used by all generated certificates +#certprivatekeypath = '/home/stephen/dginstall/cert.key' +{$cert_key} + +#Generated cert path +#The location where generated certificates will be saved for future use. +#(must be writable by the dg user) +#generatedcertpath = '/home/stephen/dginstall/generatedcerts/' + +#Generated link path = '' +#The location where symlinks to certificates will be created. +#(must be writable by the dg user) +#generatedlinkpath = '/home/stephen/dginstall/generatedlinks/' + +EOF; +?> diff --git a/config/dansguardian/dansguardian.inc b/config/dansguardian/dansguardian.inc index bbee18a3..343c38b9 100755 --- a/config/dansguardian/dansguardian.inc +++ b/config/dansguardian/dansguardian.inc @@ -37,6 +37,15 @@ function dg_text_area_decode($text){ return preg_replace('/\r\n/', "\n",base64_decode($text)); } +function dg_get_real_interface_address($iface) { + global $config; + $iface = convert_friendly_interface_to_real_interface_name($iface); + $line = trim(shell_exec("ifconfig $iface | grep inet | grep -v inet6")); + $postfix_enabled=$config['installedpackages']['postfix']['config'][0]['enable_postfix']; + list($dummy, $ip, $dummy2, $netmask) = explode(" ", $line); + return array($ip, long2ip(hexdec($netmask))); +} + function sync_package_dansguardian() { global $config; @@ -49,53 +58,58 @@ function sync_package_dansguardian() { $dansguardian_limits=$config['installedpackages']['dansguardianlimits']['config'][0]; if (is_array($config['installedpackages']['dansguardianlog'])) $dansguardian_log=$config['installedpackages']['dansguardianlog']['config'][0]; - + if (is_array($config['installedpackages']['dansguardianusers'])) + $dansguardian_users=$config['installedpackages']['dansguardianusers']['config'][0]; + if (is_array($config['installedpackages']['dansguardianblacklist']['config'])) + $dansguardian_blacklist=$config['installedpackages']['dansguardianblacklist']['config'][0]; + #daemon options $dansguardian_enabled=$dansguardian['enable_dg']; - $filterports=($dansguardian['filterports']?$dansguardian['filterports']:"8080"); + $filterport=($dansguardian['filterports']?$dansguardian['filterports']:"8080"); $softrestart=(preg_match('/softrestart/',$dansguardian['daemon_options'])?"yes":"no"); - $nodaemon=(preg_match('/nodaemon/',$dansguardian['daemon_options'])?"yes":"no"); - if ($dansguardian['children']) - list($min_children,$max_children) = split ("/", $dansguardian['children'], 2); + $nodaemon=(preg_match('/nodaemon/',$dansguardian['daemon_options'])?"yes":"off"); + if (preg_match("/\d+\/\d+/",$dansguardian['children'])) + list($minchildren,$maxchildren) = split ("/", $dansguardian['children'], 2); else - list($min_children,$max_children) = split ("/", "8/120", 2); - if ($dansguardian['sparechildren']) - list($min_spare_children,$max_spare_children) = split ("/", $dansguardian['sparechildren'], 2); + list($minchildren,$maxchildren) = split ("/", "8/120", 2); + if (preg_match("/\d+\/\d+/",$dansguardian['sparechildren'])) + list($minsparechildren,$maxsparechildren) = split ("/", $dansguardian['sparechildren'], 2); else - list($min_spare_children,$max_spare_children) = split ("/", "8/64", 2); + list($minsparechildren,$maxsparechildren) = split ("/", "8/64", 2); $maxagechildren=($dansguardian['maxagechildren']?$dansguardian['maxagechildren']:"500"); $maxips=($dansguardian['maxips']?$dansguardian['maxips']:"0"); - + $preforkchildren=($dansguardian['preforkchildren']?$dansguardian['preforkchildren']:"10"); #general options $urlcachenumber=($dansguardian_config['urlcachenumber']?$dansguardian_config['urlcachenumber']:"1000"); $urlcacheage=($dansguardian_config['urlcacheage']?$dansguardian_config['urlcacheage']:"900"); - $scancleancache=(preg_match('/scancleancache/',$dansguardian_config['scan_options'])?"yes":"no"); - $hexdecodecontent=(preg_match('/hexdecodecontent/',$dansguardian_config['scan_options'])?"yes":"no"); - $forcequicksearch=(preg_match('/forcequicksearch/',$dansguardian_config['scan_options'])?"yes":"no"); - $reverseaddresslookups=(preg_match('/reverseaddresslookups/',$dansguardian_config['scan_options'])?"yes":"no"); - $reverseclientiplookups=(preg_match('/reverseclientiplookups/',$dansguardian_config['scan_options'])?"yes":"no"); - $logclienthostnames=(preg_match('/logclienthostnames/',$dansguardian_config['scan_options'])?"yes":"no"); - $createlistcachefiles=(preg_match('/createlistcachefiles/',$dansguardian_config['scan_options'])?"yes":"no"); - $prefercachedlists=(preg_match('/prefercachedlists/',$dansguardian_config['scan_options'])?"yes":"no"); - $deletedownloadedtempfiles=(preg_match('/deletedownloadedtempfiles/',$dansguardian_config['scan_options'])?"yes":"no"); + $scancleancache=(preg_match('/scancleancache/',$dansguardian_config['scan_options'])?"on":"off"); + $hexdecodecontent=(preg_match('/hexdecodecontent/',$dansguardian_config['scan_options'])?"on":"off"); + $forcequicksearch=(preg_match('/forcequicksearch/',$dansguardian_config['scan_options'])?"on":"off"); + $reverseaddresslookups=(preg_match('/reverseaddresslookups/',$dansguardian_config['scan_options'])?"on":"off"); + $reverseclientiplookups=(preg_match('/reverseclientiplookups/',$dansguardian_config['scan_options'])?"on":"off"); + $logclienthostnames=(preg_match('/logclienthostnames/',$dansguardian_config['scan_options'])?"on":"off"); + $createlistcachefiles=(preg_match('/createlistcachefiles/',$dansguardian_config['scan_options'])?"on":"off"); + $prefercachedlists=(preg_match('/prefercachedlists/',$dansguardian_config['scan_options'])?"on":"off"); + $deletedownloadedtempfiles=(preg_match('/deletedownloadedtempfiles/',$dansguardian_config['scan_options'])?"on":"off"); $weightedphrasemode=($dansguardian_config['weightedphrasemode']?$dansguardian_config['weightedphrasemode']:"2"); $phrasefiltermode=($dansguardian_config['phrasefiltermode']?$dansguardian_config['phrasefiltermode']:"2"); $preservecase=($dansguardian_config['preservecase']?$dansguardian_config['preservecase']:"0"); - $clamdscan=(preg_match('/clamdscan/',$dansguardian_config['content_scanners'])?"yes":"no"); - $icapscan=(preg_match('/icapscan/',$dansguardian_config['content_scanners'])?"yes":"no"); + $clamdscan=(preg_match('/clamdscan/',$dansguardian_config['content_scanners'])?"on":"off"); + $icapscan=(preg_match('/icapscan/',$dansguardian_config['content_scanners'])?"on":"off"); $contentscannertimeout=($dansguardian_config['contentscannertimeout']?$dansguardian_config['contentscannertimeout']:"60"); $contentscanexceptions=($dansguardian_config['contentscanexceptions']?"on":"off"); - $recheckreplacedurls=(preg_match('/recheckreplacedurls/',$dansguardian_config['misc_options'])?"yes":"no"); - $forwardedfor=(preg_match('/forwardedfor/',$dansguardian_config['misc_options'])?"yes":"no"); - $recheckreplacedurls=(preg_match('/icapscan/',$dansguardian_config['misc_options'])?"yes":"no"); - $usexforwardedfor=(preg_match('/usexforwardedfor/',$dansguardian_config['misc_options'])?"yes":"no"); + $recheckreplacedurls=(preg_match('/recheckreplacedurls/',$dansguardian_config['misc_options'])?"on":"off"); + $forwardedfor=(preg_match('/forwardedfor/',$dansguardian_config['misc_options'])?"on":"off"); + $recheckreplacedurls=(preg_match('/icapscan/',$dansguardian_config['misc_options'])?"on":"off"); + $usexforwardedfor=(preg_match('/usexforwardedfor/',$dansguardian_config['misc_options'])?"on":"off"); + $authplugin=(preg_match('/usr/',$dansguardian_config['auth_plugin'])?"authplugin = '".$dansguardian_config['auth_plugin']."'":""); #limits $maxuploadsize=($dansguardian_limits['maxuploadsize']?$dansguardian_limits['maxuploadsize']:"-1"); $maxcontentfiltersize=($dansguardian_limits['maxcontentfiltersize']?$dansguardian_limits['maxcontentfiltersize']:"256"); - $maxcontentramcachescansize=($dansguardian_limits['maxcontentramcachescansize']?$dansguardian_limits['maxcontentramcachescansize']:"2000"); - $maxcontentfilecachescansize=($dansguardian_limits['maxcontentfilecachescansize']?$dansguardian_limits['maxcontentfilecachescansize']:"1000"); + $maxcontentramcachescansize=($dansguardian_limits['maxcontentramcachescansize']?$dansguardian_limits['maxcontentramcachescansize']:"1000"); + $maxcontentfilecachescansize=($dansguardian_limits['maxcontentfilecachescansize']?$dansguardian_limits['maxcontentfilecachescansize']:"2000"); $initialtrickledelay=($dansguardian_limits['initialtrickledelay']?$dansguardian_limits['initialtrickledelay']:"20"); $trickledelay=($dansguardian_limits['trickledelay']?$dansguardian_limits['trickledelay']:"20"); @@ -117,993 +131,625 @@ function sync_package_dansguardian() { $logexceptionhits=($dansguardian_log['logexceptionhits']?$dansguardian_log['logexceptionhits']:"2"); $logfileformat=($dansguardian_log['logfileformat']?$dansguardian_log['logfileformat']:"1"); - /* -Language Strings = %report-dir%/languages.conf -*/ #check files - $load_samples=0; + #create sample files + $files = array( "/dansguardianf1.conf", + "/lists/filtergroupslist", + "/lists/bannedphraselist", + "/lists/exceptionphraselist", + "/lists/weightedphraselist", + "/lists/exceptionsitelist", + "/lists/bannedsitelist", + "/lists/greysitelist", + "/lists/logsitelist", + "/lists/bannedregexpurllist", + "/lists/bannedurllist", + "/lists/exceptionregexpurllist", + "/lists/exceptionurllist", + "/lists/greyurllist", + "/lists/logregexpurllist", + "/lists/logurllist", + "/lists/urlregexplist", + "/lists/exceptionfilesitelist", + "/lists/exceptionfileurllist", + "/lists/searchengineregexplist", + "/lists/bannedsearchtermlist", + "/lists/weightedsearchtermlist", + "/lists/exceptionsearchtermlist", + "/lists/contentregexplist", + "/lists/exceptionextensionlist", + "/lists/bannedextensionlist", + "/lists/exceptionmimetypelist", + "/lists/bannedmimetypelist", + "/lists/headerregexplist", + "/lists/bannedregexpheaderlist", + "/lists/contentscanners/exceptionvirusextensionlist", + "/lists/contentscanners/exceptionvirusmimetypelist", + "/lists/contentscanners/exceptionvirussitelist", + "/lists/contentscanners/exceptionvirusurllist", + "/lists/pics"); + + $dansguardian_dir="/usr/local/etc/dansguardian"; + foreach ($files as $file) + if (! file_exists($dansguardian_dir.$file.'.sample')){ + $new_file=""; + $install_file=file($dansguardian_dir.$file); + foreach ($install_file as $line) + if (! preg_match("/Include/",$line)) + $new_file.= $line; + file_put_contents($dansguardian_dir.$file.'.sample',$new_file,LOCK_EX); + } + + $load_samples=0; - if($attachments['filename_rules'] == ""){ - $config['installedpackages']['msattachments']['config'][0]['filename_rules']=base64_encode(file_get_contents($dansguardian_dir.'/archives.filename.rules.conf.sample')); - $load_samples++; - } - if($attachments['filetype_rules'] == ""){ - $config['installedpackages']['msattachments']['config'][0]['filetype_rules']=base64_encode(file_get_contents($dansguardian_dir.'/archives.filetype.rules.conf.sample')); - $load_samples++; - } - if($content['phishing_safe'] == ""){ - $config['installedpackages']['mscontent']['config'][0]['phishing_safe']=base64_encode(file_get_contents($dansguardian_dir.'/phishing.safe.sites.conf.sample')); - $load_samples++; + #contentscanners preg_replace patterns + $match[0]="/(conf)/"; + $match[1]="/(\/usr.local)/"; + $match[2]="/,/"; + $replace[0]="$1'"; + $replace[1]="contentscanner = '$1"; + $replace[2]="\n"; + + $contentscanners=preg_replace($match,$replace,$dansguardian_config['content_scanners']); + + #includes preg_replace patterns + $match[0]="/(.)$/"; + $match[1]="/\/usr.local/"; + $match[2]="/,/"; + $replace[0]="$1>\n"; + $replace[1]="\n.Include</usr/local"; + $replace[2]=">"; + + #phrase ACL + #create a default setup if not exists + if (!is_array($config['installedpackages']['dansguardianphraseacl']['config'])){ + $banned_file=file("/usr/local/etc/dansguardian/lists/bannedphraselist"); + foreach($banned_file as $file_line) + if (preg_match ("/^.Include<(\S+)>/",$file_line,$matches)) + $banned_includes .= $matches[1].","; + + $weighted_file=file("/usr/local/etc/dansguardian/lists/weightedphraselist"); + foreach($weighted_file as $file_line) + if (preg_match ("/^.Include<(\S+)>/",$file_line,$matches)) + $weighted_includes .= $matches[1].","; + $config['installedpackages']['dansguardianphraseacl']['config'][0]=array('name'=>'Default', + 'description'=>'Default Phrase access list setup', + 'banned_enabled'=> "on", + 'weighted_enabled'=> "on", + 'exception_enabled'=> "on", + 'banned_includes' => substr($banned_includes,0,-1), + 'weighted_includes' => substr($weighted_includes,0,-1)); } - if($content['phishing_bad'] == ""){ - $config['installedpackages']['mscontent']['config'][0]['phishing_bad']=base64_encode(file_get_contents($dansguardian_dir.'/phishing.bad.sites.conf.sample')); - $load_samples++; + #loop on array + $count=0; + if (is_array($config['installedpackages']['dansguardianphraseacl']['config'])) + foreach($config['installedpackages']['dansguardianphraseacl']['config'] as $dansguardian_phrase){ + #bannedphraselist + if($dansguardian_phrase['banned_phraselist'] == "" && file_exists ($dansguardian_dir.'/lists/bannedphraselist.sample')){ + $config['installedpackages']['dansguardianphraseacl']['config'][$count]['banned_phraselist']=base64_encode(file_get_contents($dansguardian_dir.'/lists/bannedphraselist.sample')); + $load_samples++; + } + $includes=preg_replace($match,$replace,$dansguardian_phrase['banned_includes']); + file_put_contents($dansguardian_dir."/lists/bannedphraselist.".$dansguardian_phrase['name'],($dansguardian_phrase['banned_enabled']?dg_text_area_decode($config['installedpackages']['dansguardianphraseacl']['config'][$count]['banned_phraselist']).$includes:""),LOCK_EX); + + #weightedphraselist + if($dansguardian_phrase['weighted_phraselist'] == "" && file_exists ($dansguardian_dir.'/lists/weightedphraselist.sample')){ + $config['installedpackages']['dansguardianphraseacl']['config'][$count]['weighted_phraselist']=base64_encode(file_get_contents($dansguardian_dir.'/lists/weightedphraselist.sample')); + $load_samples++; + } + $includes=preg_replace($match,$replace,$dansguardian_phrase['weighted_includes']); + file_put_contents($dansguardian_dir."/lists/weightedphraselist.".$dansguardian_phrase['name'],($dansguardian_phrase['weighted_enabled']?dg_text_area_decode($config['installedpackages']['dansguardianphraseacl']['config'][$count]['weighted_phraselist']).$includes:""),LOCK_EX); + + #exceptionphraselist + if($dansguardian_phrase['exception_phraselist'] == "" && file_exists ($dansguardian_dir.'/lists/exceptionphraselist.sample')){ + $config['installedpackages']['dansguardianphraseacl']['config'][$count]['exception_phraselist']=base64_encode(file_get_contents($dansguardian_dir.'/lists/exceptionphraselist.sample')); + $load_samples++; + } + file_put_contents($dansguardian_dir."/lists/exceptionphraselist.".$dansguardian_phrase['name'],($dansguardian_phrase['exception_enabled']?dg_text_area_decode($config['installedpackages']['dansguardianphraseacl']['config'][$count]['exception_phraselist']):""),LOCK_EX); + $count++; + } + + #site ACL + #create a default setup if not exists + if (!is_array($config['installedpackages']['dansguardiansiteacl']['config'])) + $config['installedpackages']['dansguardiansiteacl']['config'][0]=array('name'=>'Default', + 'description'=>'Default Site access list setup', + 'exceptionsite_enabled'=> "on", + 'bannedsite_enabled'=> "on", + 'greysite_enabled'=> "on", + 'urlsite_enabled'=> "on"); + #loop on array + $count=0; + foreach($config['installedpackages']['dansguardiansiteacl']['config'] as $dansguardian_site){ + #exceptionsitelist + if($dansguardian_site['exception_sitelist'] == "" && file_exists ($dansguardian_dir.'/lists/exceptionsitelist.sample')){ + $config['installedpackages']['dansguardiansiteacl']['config'][$count]['exception_sitelist']=base64_encode(file_get_contents($dansguardian_dir.'/lists/exceptionsitelist.sample')); + $load_samples++; + } + $includes=preg_replace($match,$replace,$dansguardian_site['exception_includes']); + file_put_contents($dansguardian_dir."/lists/exceptionsitelist.".$dansguardian_site['name'],($dansguardian_site['exceptionsite_enabled']?dg_text_area_decode($config['installedpackages']['dansguardiansiteacl']['config'][$count]['exception_sitelist']).$includes:""),LOCK_EX); + + #exceptionfilesitelist + if($dansguardian_site['exceptionfile_sitelist'] == "" && file_exists ($dansguardian_dir.'/lists/exceptionfilesitelist.sample')){ + $config['installedpackages']['dansguardiansiteacl']['config'][$count]['exceptionfile_sitelist']=base64_encode(file_get_contents($dansguardian_dir.'/lists/exceptionfilesitelist.sample')); + $load_samples++; + } + file_put_contents($dansguardian_dir."/lists/exceptionfilesitelist.".$dansguardian_site['name'],($dansguardian_site['exceptionsite_enabled']?dg_text_area_decode($config['installedpackages']['dansguardiansiteacl']['config'][$count]['exceptionfile_sitelist']):""),LOCK_EX); + + #bannedsitelist + if($dansguardian_site['banned_sitelist'] == "" && file_exists ($dansguardian_dir.'/lists/bannedsitelist.sample')){ + $config['installedpackages']['dansguardiansiteacl']['config'][$count]['banned_sitelist']=base64_encode(file_get_contents($dansguardian_dir.'/lists/bannedsitelist.sample')); + $load_samples++; + } + $includes=preg_replace($match,$replace,$dansguardian_site['banned_includes']); + file_put_contents($dansguardian_dir."/lists/bannedsitelist.".$dansguardian_site['name'],($dansguardian_site['bannedsite_enabled']?dg_text_area_decode($config['installedpackages']['dansguardiansiteacl']['config'][$count]['banned_sitelist']).$includes:""),LOCK_EX); + + #greysitelist + if($dansguardian_site['grey_sitelist'] == "" && file_exists ($dansguardian_dir.'/lists/greysitelist.sample')){ + $config['installedpackages']['dansguardiansiteacl']['config'][$count]['grey_sitelist']=base64_encode(file_get_contents($dansguardian_dir.'/lists/greysitelist.sample')); + $load_samples++; + } + file_put_contents($dansguardian_dir."/lists/greysitelist.".$dansguardian_site['name'],($dansguardian_site['greysite_enabled']?dg_text_area_decode($config['installedpackages']['dansguardiansiteacl']['config'][$count]['grey_sitelist']):""),LOCK_EX); + + #logsitelist + if($dansguardian_site['log_sitelist'] == "" && file_exists ($dansguardian_dir.'/lists/logsitelist.sample')){ + $config['installedpackages']['dansguardiansiteacl']['config'][$count]['log_sitelist']=base64_encode(file_get_contents($dansguardian_dir.'/lists/logsitelist.sample')); + $load_samples++; + } + file_put_contents($dansguardian_dir."/lists/logsitelist.".$dansguardian_site['name'],($dansguardian_site['urlsite_enabled']?dg_text_area_decode($config['installedpackages']['dansguardiansiteacl']['config'][$count]['log_sitelist']):""),LOCK_EX); + $count++; } - if($content['country_domains'] == ""){ - $config['installedpackages']['mscontent']['config'][0]['country_domains']=base64_encode(file_get_contents($dansguardian_dir.'/country.domains.conf.sample')); - $load_samples++; - } - if($antispam['sa_pref_file'] == ""){ - $config['installedpackages']['msantispam']['config'][0]['sa_pref_file']=base64_encode(file_get_contents($dansguardian_dir.'/spam.assassin.prefs.conf.sample')); - $load_samples++; - } - if($antispam['rbl_file'] == ""){ - $config['installedpackages']['msantispam']['config'][0]['rbl_file']=base64_encode(file_get_contents($dansguardian_dir.'/spam.lists.conf.sample')); - $load_samples++; - } - if($antispam['mcp_pref_file'] == ""){ - $config['installedpackages']['msantispam']['config'][0]['mcp_pref_file']=base64_encode(file_get_contents($dansguardian_dir.'/mcp/mcp.spam.assassin.prefs.conf.sample')); - copy($dansguardian_dir.'/mcp/10_example.cf.sample',$dansguardian_dir.'/mcp/10_example.cf'); - copy($dansguardian_dir.'/mcp/v320.pre.sample',$dansguardian_dir.'/mcp/v320.pre'); - $load_samples++; - } - if($antispam['bounce'] == ""){ - $config['installedpackages']['msantispam']['config'][0]['bounce']=base64_encode(file_get_contents($dansguardian_dir.'/rules/bounce.rules.sample')); - $load_samples++; - } - if($antispam['spam_whitelist'] == ""){ - $config['installedpackages']['msantispam']['config'][0]['spam_whitelist']=base64_encode(file_get_contents($dansguardian_dir.'/rules/spam.whitelist.rules.sample')); - $load_samples++; - } - if($antispam['max_message_size'] == ""){ - $config['installedpackages']['msantispam']['config'][0]['max_message_size']=base64_encode(file_get_contents($dansguardian_dir.'/rules/max.message.size.rules.sample')); - $load_samples++; - } - - $report_dir="/usr/local/share/dansguardian/reports/".strtolower($report['language']); - #CHECK REPORT FILES - $report_files= array('deletedbadcontent' => 'deleted.content.message.txt', - 'deletedbadfilename' => 'deleted.filename.message.txt', - 'deletedvirus' =>'deleted.virus.message.txt', - 'deletedsize' => 'deleted.size.message.txt', - 'storedbadcontent' => 'stored.content.message.txt', - 'storedbadfilename' => 'stored.filename.message.txt', - 'storedvirus' => 'stored.virus.message.txt', - 'storedsize' => 'stored.size.message.txt', - 'disinfected' => 'disinfected.report.txt', - 'sendercontent' => 'sender.content.report.txt', - 'sendererror' => 'sender.error.report.txt', - 'senderbadfilename' => 'sender.filename.report.txt', - 'sendervirus' => 'sender.virus.report.txt', - 'sendersize' => 'sender.size.report.txt', - 'senderrbl' => 'sender.spam.rbl.report.txt', - 'sendersa' => 'sender.spam.sa.report.txt', - 'sendermcp' => 'sender.mcp.report.txt', - 'senderspam'=>'sender.spam.report.txt', - 'recipientmcp'=>'recipient.mcp.report.txt', - 'recipientspam'=>'recipient.spam.report.txt', - 'rejection' =>'rejection.report.txt'); - foreach ($report_files as $key_r => $file_r){ - if ($report[$key_r] == ""){ - #$input_errors[]= $key; - $config['installedpackages']['msreport']['config'][0][$key_r]=base64_encode(file_get_contents($report_dir.'/'.$file_r.'.sample')); - file_put_contents($report_dir.'/'.$file_r,dg_text_area_decode($config['installedpackages']['msreport']['config'][0][$key_r]),LOCK_EX); + #URL ACL + #create a default setup if not exists + if (!is_array($config['installedpackages']['dansguardianurlacl']['config'])) + $config['installedpackages']['dansguardianurlacl']['config'][0]=array('name'=>'Default', + 'description'=>'Default Url access list setup', + 'bannedurl_enabled'=> "on", + 'exceptionurl_enabled'=> "on", + 'contenturl_enabled'=> "on", + 'greyurl_enabled'=> "on"); + #loop on array + $count=0; + foreach($config['installedpackages']['dansguardianurlacl']['config'] as $dansguardian_url){ + #bannedurllist + if($dansguardian_url['banned_urllist'] == "" && file_exists ($dansguardian_dir.'/lists/bannedurllist.sample')){ + $config['installedpackages']['dansguardianurlacl']['config'][$count]['banned_urllist']=base64_encode(file_get_contents($dansguardian_dir.'/lists/bannedurllist.sample')); $load_samples++; - } - #print $key_r ."X $file_r X". base64_encode(file_get_contents($report_dir.'/'.$file_r.'.sample')) ."<br>"; + } + $includes=preg_replace($match,$replace,$dansguardian_url['banned_includes']); + file_put_contents($dansguardian_dir."/lists/bannedurllist.".$dansguardian_url['name'],($dansguardian_url['bannedurl_enabled']?dg_text_area_decode($config['installedpackages']['dansguardianurlacl']['config'][$count]['banned_urllist']).$includes:""),LOCK_EX); + + #bannedregexpurllist + if($dansguardian_url['bannedregexp_urllist'] == "" && file_exists ($dansguardian_dir.'/lists/bannedregexpurllist.sample')){ + $config['installedpackages']['dansguardianurlacl']['config'][$count]['bannedregexp_urllist']=base64_encode(file_get_contents($dansguardian_dir.'/lists/bannedregexpurllist.sample')); + $load_samples++; + } + file_put_contents($dansguardian_dir."/lists/bannedregexpurllist.".$dansguardian_url['name'],($dansguardian_url['bannedurl_enabled']?dg_text_area_decode($config['installedpackages']['dansguardianurlacl']['config'][$count]['bannedregexp_urllist']).$includes:""),LOCK_EX); + + #greyurllist + if($dansguardian_url['grey_urllist'] == "" && file_exists ($dansguardian_dir.'/lists/greyurllist.sample')){ + $config['installedpackages']['dansguardianurlacl']['config'][$count]['grey_urllist']=base64_encode(file_get_contents($dansguardian_dir.'/lists/greyurllist.sample')); + $load_samples++; + } + file_put_contents($dansguardian_dir."/lists/greyurllist.".$dansguardian_url['name'],($dansguardian_url['greyurl_enabled']?dg_text_area_decode($config['installedpackages']['dansguardianurlacl']['config'][$count]['grey_urllist']):""),LOCK_EX); + + #exceptionfileurllist + if($dansguardian_url['exception_urllist'] == "" && file_exists ($dansguardian_dir.'/lists/exceptionfileurllist.sample')){ + $config['installedpackages']['dansguardianurlacl']['config'][$count]['exception_urllist']=base64_encode(file_get_contents($dansguardian_dir.'/lists/exceptionfileurllist.sample')); + $load_samples++; + } + file_put_contents($dansguardian_dir."/lists/exceptionfileurllist.".$dansguardian_url['name'],($dansguardian_url['exceptionurl_enabled']?dg_text_area_decode($config['installedpackages']['dansguardianurlacl']['config'][$count]['exception_urllist']):""),LOCK_EX); - if ($alert['sig']){ - if($alert['sig_html'] == ""){ - $config['installedpackages']['msalerts']['config'][0]['sig_html']=base64_encode(file_get_contents($report_dir.'/inline.sig.html')); + #exceptionregexpurllist + if($dansguardian_url['exceptionregexp_urllist'] == "" && file_exists ($dansguardian_dir.'/lists/exceptionregexpurllist.sample')){ + $config['installedpackages']['dansguardianurlacl']['config'][$count]['exceptionregexp_urllist']=base64_encode(file_get_contents($dansguardian_dir.'/lists/exceptionregexpurllist.sample')); + $load_samples++; + } + file_put_contents($dansguardian_dir."/lists/exceptionregexpurllist.".$dansguardian_url['name'],($dansguardian_url['exceptionurl_enabled']?dg_text_area_decode($config['installedpackages']['dansguardianurlacl']['config'][$count]['exceptionregexp_urllist']):""),LOCK_EX); + + #exceptionurllist + if($dansguardian_url['exception_urllist'] == "" && file_exists ($dansguardian_dir.'/lists/exceptionurllist.sample')){ + $config['installedpackages']['dansguardianurlacl']['config'][$count]['exception_urllist']=base64_encode(file_get_contents($dansguardian_dir.'/lists/exceptionurllist.sample')); + $load_samples++; + } + file_put_contents($dansguardian_dir."/lists/exceptionurllist.".$dansguardian_url['name'],($dansguardian_url['exceptionurl_enabled']?dg_text_area_decode($config['installedpackages']['dansguardianurlacl']['config'][$count]['exception_urllist']):""),LOCK_EX); + + #urlregexplist + if($dansguardian_url['modify_urllist'] == "" && file_exists ($dansguardian_dir.'/lists/urlregexplist.sample')){ + $config['installedpackages']['dansguardianurlacl']['config'][$count]['modify_urllist']=base64_encode(file_get_contents($dansguardian_dir.'/lists/urlregexplist.sample')); + $load_samples++; + } + file_put_contents($dansguardian_dir."/lists/urlregexplist.".$dansguardian_url['name'],($dansguardian_url['contenturl_enabled']?dg_text_area_decode($config['installedpackages']['dansguardianurlacl']['config'][$count]['modify_urllist']):""),LOCK_EX); + + #logurllist + if($dansguardian_url['log_urllist'] == "" && file_exists ($dansguardian_dir.'/lists/logurllist.sample')){ + $config['installedpackages']['dansguardianurlacl']['config'][$count]['log_urllist']=base64_encode(file_get_contents($dansguardian_dir.'/lists/logurllist.sample')); + $load_samples++; + } + file_put_contents($dansguardian_dir."/lists/logurllist.".$dansguardian_url['name'],($dansguardian_url['logurl_enabled']?dg_text_area_decode($config['installedpackages']['dansguardianurlacl']['config'][$count]['log_urllist']):""),LOCK_EX); + + #logregexpurllist + if($dansguardian_url['logregexp_urllist'] == "" && file_exists ($dansguardian_dir.'/lists/logregexpurllist.sample')){ + $config['installedpackages']['dansguardianurlacl']['config'][$count]['logregexp_urllist']=base64_encode(file_get_contents($dansguardian_dir.'/lists/logregexpurllist.sample')); + $load_samples++; + } + file_put_contents($dansguardian_dir."/lists/logregexpurllist.".$dansguardian_url['name'],($dansguardian_url['logurl_enabled']?dg_text_area_decode($config['installedpackages']['dansguardianurlacl']['config'][$count]['logregexp_urllist']):""),LOCK_EX); + $count++; + } + + #Pics ACL + #create a default setup if not exists + if (!is_array($config['installedpackages']['dansguardianpicsacl']['config'])) + $config['installedpackages']['dansguardianpicsacl']['config'][0]=array('name'=>'Default', + 'description'=>'Default file access list setup'); + #loop on array + $count=0; + foreach($config['installedpackages']['dansguardianpicsacl']['config'] as $dansguardian_pics){ + #pics + if($dansguardian_pics['pics'] == "" && file_exists ($dansguardian_dir.'/lists/pics.sample')){ + $config['installedpackages']['dansguardianpicsacl']['config'][$count]['pics']=base64_encode(file_get_contents($dansguardian_dir.'/lists/pics.sample')); $load_samples++; - } - if($alert['sig_txt'] == ""){ - $config['installedpackages']['msalerts']['config'][0]['sig_txt']=base64_encode(file_get_contents($report_dir.'/inline.sig.txt')); + } + file_put_contents($dansguardian_dir."/lists/pics.".$dansguardian_pics['name'],($dansguardian_pics['pics_enabled']?dg_text_area_decode($config['installedpackages']['dansguardianpicsacl']['config'][$count]['pics']):""),LOCK_EX); + $count++; + } + + #Search ACL + #create a default setup if not exists + if (!is_array($config['installedpackages']['dansguardiansearchacl']['config'])) + $config['installedpackages']['dansguardiansearchacl']['config'][0]=array('name'=>'Default', + 'description'=>'Default search engine list setup'); + #loop on array + $count=0; + foreach($config['installedpackages']['dansguardiansearchacl']['config'] as $dansguardian_search){ + #searchengineregexplist + if($dansguardian_search['searchengineregexplist'] == "" && file_exists ($dansguardian_dir.'/lists/searchengineregexplist.sample')){ + $config['installedpackages']['dansguardiansearchacl']['config'][$count]['searchengineregexplist']=base64_encode(file_get_contents($dansguardian_dir.'/lists/searchengineregexplist.sample')); $load_samples++; - } } + file_put_contents($dansguardian_dir."/lists/searchengineregexplist.".$dansguardian_search['name'],($dansguardian_search['regexp_enabled']?dg_text_area_decode($config['installedpackages']['dansguardiansearchacl']['config'][$count]['searchengineregexplist']):""),LOCK_EX); - if ($alert['warning']){ - if($alert['warning_html'] == ""){ - $config['installedpackages']['msalerts']['config'][0]['warning_html']=base64_encode(file_get_contents($report_dir.'/inline.warning.html')); + #bannedsearchtermlist + if($dansguardian_search['banned_searchtermlist'] == "" && file_exists ($dansguardian_dir.'/lists/bannedsearchtermlist.sample')){ + $config['installedpackages']['dansguardiansearchacl']['config'][$count]['banned_searchtermlist']=base64_encode(file_get_contents($dansguardian_dir.'/lists/bannedsearchtermlist.sample')); $load_samples++; - } - if($alert['warning_txt'] == ""){ - $config['installedpackages']['msalerts']['config'][0]['warning_txt']=base64_encode(file_get_contents($report_dir.'/inline.warning.txt')); + } + file_put_contents($dansguardian_dir."/lists/bannedsearchtermlist.".$dansguardian_search['name'],($dansguardian_search['banned_enabled']?dg_text_area_decode($config['installedpackages']['dansguardiansearchacl']['config'][$count]['banned_searchtermlist']):""),LOCK_EX); + + #weightedsearchtermlist + if($dansguardian_search['weighted_searchtermlist'] == "" && file_exists ($dansguardian_dir.'/lists/weightedsearchtermlist.sample')){ + $config['installedpackages']['dansguardiansearchacl']['config'][$count]['weighted_searchtermlist']=base64_encode(file_get_contents($dansguardian_dir.'/lists/weightedsearchtermlist.sample')); + $load_samples++; + } + file_put_contents($dansguardian_dir."/lists/weightedsearchtermlist.".$dansguardian_search['name'],($dansguardian_search['weighted_enabled']?dg_text_area_decode($config['installedpackages']['dansguardiansearchacl']['config'][$count]['weighted_searchtermlist']):""),LOCK_EX); + + #exceptionsearchtermlist + if($dansguardian_search['exception_searchtermlist'] == "" && file_exists ($dansguardian_dir.'/lists/exceptionsearchtermlist.sample')){ + $config['installedpackages']['dansguardiansearchacl']['config'][$count]['exception_searchtermlist']=base64_encode(file_get_contents($dansguardian_dir.'/lists/exceptionsearchtermlist.sample')); $load_samples++; + } + file_put_contents($dansguardian_dir."/lists/exceptionsearchtermlist.".$dansguardian_search['name'],($dansguardian_search['exception_enabled']?dg_text_area_decode($config['installedpackages']['dansguardiansearchacl']['config'][$count]['exception_searchtermlist']):""),LOCK_EX); + $count++; + } + + #File ACL + #create a default setup if not exists + if (!is_array($config['installedpackages']['dansguardianfileacl']['config'])) + $config['installedpackages']['dansguardianfileacl']['config'][0]=array('name'=>'Default', + 'description'=>'Default file access list setup', + 'exception_enabled'=> "on", + 'banned_enabled'=> "on"); + #loop on array + $count=0; + foreach($config['installedpackages']['dansguardianfileacl']['config'] as $dansguardian_file){ + #exceptionextensionlist + if($dansguardian_file['exception_extensionlist'] == "" && file_exists ($dansguardian_dir.'/lists/exceptionextensionlist.sample')){ + $config['installedpackages']['dansguardianfileacl']['config'][$count]['exception_extensionlist']=base64_encode(file_get_contents($dansguardian_dir.'/lists/exceptionextensionlist.sample')); + $load_samples++; } + file_put_contents($dansguardian_dir."/lists/exceptionextensionlist.".$dansguardian_file['name'],($dansguardian_file['exception_enabled']?dg_text_area_decode($config['installedpackages']['dansguardianfileacl']['config'][$count]['exception_extensionlist']):""),LOCK_EX); + + #exceptionmimetypelist + if($dansguardian_file['exception_mimetypelist'] == "" && file_exists ($dansguardian_dir.'/lists/exceptionmimetypelist.sample')){ + $config['installedpackages']['dansguardianfileacl']['config'][$count]['exception_mimetypelist']=base64_encode(file_get_contents($dansguardian_dir.'/lists/exceptionmimetypelist.sample')); + $load_samples++; + } + file_put_contents($dansguardian_dir."/lists/exceptionmimetypelist.".$dansguardian_file['name'],($dansguardian_file['exception_enabled']?dg_text_area_decode($config['installedpackages']['exception_mimetypelist']):""),LOCK_EX); + + #bannedextensionlist + if($dansguardian_file['banned_extensionlist'] == "" && file_exists ($dansguardian_dir.'/lists/bannedextensionlist.sample')){ + $config['installedpackages']['dansguardianfileacl']['config'][$count]['banned_extensionlist']=base64_encode(file_get_contents($dansguardian_dir.'/lists/bannedextensionlist.sample')); + $load_samples++; + } + file_put_contents($dansguardian_dir."/lists/bannedextensionlist.".$dansguardian_file['name'],($dansguardian_file['banned_enabled']?dg_text_area_decode($config['installedpackages']['dansguardianfileacl']['config'][$count]['banned_extensionlist']):""),LOCK_EX); + + #bannedmimetypelist + if($dansguardian_file['banned_mimetypelist'] == "" && file_exists ($dansguardian_dir.'/lists/bannedmimetypelist.sample')){ + $config['installedpackages']['dansguardianfileacl']['config'][$count]['banned_mimetypelist']=base64_encode(file_get_contents($dansguardian_dir.'/lists/bannedmimetypelist.sample')); + $load_samples++; + } + file_put_contents($dansguardian_dir."/lists/bannedmimetypelist.".$dansguardian_file['name'],($dansguardian_file['banned_enabled']?dg_text_area_decode($config['installedpackages']['dansguardianfileacl']['config'][$count]['banned_mimetypelist']):""),LOCK_EX); + $count++; + } + + #header ACL + #create a default setup if not exists + if (!is_array($config['installedpackages']['dansguardianheaderacl']['config'])) + $config['installedpackages']['dansguardianheaderacl']['config'][0]=array('name'=>'Default', + 'description'=>'Default header access list setup'); + #loop on array + $count=0; + foreach($config['installedpackages']['dansguardianheaderacl']['config'] as $dansguardian_header){ + #headerregexplist + if($dansguardian_header['header_regexplist'] == "" && file_exists ($dansguardian_dir.'/lists/headerregexplist.sample')){ + $config['installedpackages']['dansguardianheaderacl']['config'][$count]['header_regexplist']=base64_encode(file_get_contents($dansguardian_dir.'/lists/headerregexplist.sample')); + $load_samples++; + } + file_put_contents($dansguardian_dir."/lists/headerregexplist.".$dansguardian_header['name'],($dansguardian_header['regexp_enabled']?dg_text_area_decode($config['installedpackages']['dansguardianheaderacl']['config'][$count]['header_regexplist']):""),LOCK_EX); + + #bannedregexpheaderlist + if($dansguardian_header['banned_regexpheaderlist'] == "" && file_exists ($dansguardian_dir.'/lists/bannedregexpheaderlist.sample')){ + $config['installedpackages']['dansguardianheaderacl']['config'][$count]['banned_regexpheaderlist']=base64_encode(file_get_contents($dansguardian_dir.'/lists/bannedregexpheaderlist.sample')); + $load_samples++; } + file_put_contents($dansguardian_dir."/lists/bannedregexpheaderlist.".$dansguardian_header['name'],($dansguardian_header['banned_enabled']?dg_text_area_decode($config['installedpackages']['dansguardianheaderacl']['config'][$count]['banned_regexpheaderlist']):""),LOCK_EX); + $count++; + } + + #Content ACL + #create a default setup if not exists + if (!is_array($config['installedpackages']['dansguardiancontentacl']['config'])) + $config['installedpackages']['dansguardiancontentacl']['config'][0]=array('name'=>'Default', + 'description'=>'Default content setup'); + #loop on array + $count=0; + foreach($config['installedpackages']['dansguardiancontentacl']['config'] as $dansguardian_content){ + #content_regexplist + if($dansguardian_content['content_regexplist'] == "" && file_exists ($dansguardian_dir.'/lists/contentregexplist.sample')){ + $config['installedpackages']['dansguardiancontentacl']['config'][$count]['content_regexplist']=base64_encode(file_get_contents($dansguardian_dir.'/lists/contentregexplist.sample')); + $load_samples++; + } + file_put_contents($dansguardian_dir."/lists/contentregexplist.".$dansguardian_content['name'],($dansguardian_content['content_enabled']?dg_text_area_decode($config['installedpackages']['dansguardiancontentacl']['config'][$count]['content_regexplist']):""),LOCK_EX); + $count++; + } + + #Antivirus ACL + #create a default setup if not exists + if (!is_array($config['installedpackages']['dansguardianantivirusacl']['config'])) + $config['installedpackages']['dansguardianantivirusacl']['config'][0]=array(); + + #exceptionvirusmimetypelist + if($dansguardian_antivirus['mime_list'] == "" && file_exists ($dansguardian_dir.'/lists/contentscanners/exceptionvirusmimetypelist.sample')){ + $config['installedpackages']['dansguardianantivirusacl']['config'][0]['mime_list']=base64_encode(file_get_contents($dansguardian_dir.'/lists/contentscanners/exceptionvirusmimetypelist.sample')); + $load_samples++; + } + file_put_contents($dansguardian_dir."/lists/contentscanners/exceptionvirusmimetypelist",($dansguardian_antivirus['mime_enabled']?dg_text_area_decode($config['installedpackages']['dansguardianantivirusacl']['config'][0]['mime_list']):""),LOCK_EX); + #exceptionvirussitelist + if($dansguardian_antivirus['site_list'] == "" && file_exists ($dansguardian_dir.'/lists/contentscanners/exceptionvirussitelist.sample')){ + $config['installedpackages']['dansguardianantivirusacl']['config'][0]['site_list']=base64_encode(file_get_contents($dansguardian_dir.'/lists/contentscanners/exceptionvirussitelist.sample')); + $load_samples++; + } + file_put_contents($dansguardian_dir."/lists/contentscanners/exceptionvirussitelist",($dansguardian_antivirus['site_enabled']?dg_text_area_decode($config['installedpackages']['dansguardianantivirusacl']['config'][0]['site_list']):""),LOCK_EX); + + #exceptionvirusurllist + if($dansguardian_antivirus['url_list'] == "" && file_exists ($dansguardian_dir.'/lists/contentscanners/exceptionvirusurllist.sample')){ + $config['installedpackages']['dansguardianantivirusacl']['config'][0]['url_list']=base64_encode(file_get_contents($dansguardian_dir.'/lists/contentscanners/exceptionvirusurllist.sample')); + $load_samples++; } - #exit; + file_put_contents($dansguardian_dir."/lists/contentscanners/exceptionvirusurllist",($dansguardian_antivirus['url_enabled']?dg_text_area_decode($config['installedpackages']['dansguardianantivirusacl']['config'][0]['url_list']):""),LOCK_EX); + + #exceptionvirusextensionlist + if($dansguardian_antivirus['extension_list'] == "" && file_exists ($dansguardian_dir.'/lists/contentscanners/exceptionvirusextensionlist.sample')){ + $config['installedpackages']['dansguardianantivirusacl']['config'][0]['extension_list']=base64_encode(file_get_contents($dansguardian_dir.'/lists/contentscanners/exceptionvirusextensionlist.sample')); + $load_samples++; + } + file_put_contents($dansguardian_dir."/lists/contentscanners/exceptionvirusextensionlist",($dansguardian_antivirus['extension_enabled']?dg_text_area_decode($config['installedpackages']['dansguardianantivirusacl']['config'][0]['extension_list']):""),LOCK_EX); + if($load_samples > 0) write_config(); + #Filtergroups + if (!is_array($config['installedpackages']['dansguardiangroups']['config'])) + $config['installedpackages']['dansguardiangroups']['config'][0]=array('name'=>'Default', + 'description'=>'Default dansguardian filtergroup', + 'picsacl'=> "Default", + 'phraseacl'=> "Default", + 'siteacl'=> "Default", + 'extensionacl'=> "Default", + 'headeracl'=> "Default", + 'contentacl'=> "Default", + 'searchacl'=> "Default", + 'urlacl'=> "Default", + 'group_options' => "scancleancache,infectionbypasserrorsonly", + 'reportinglevel'=>'3', + 'mode'=> "1"); + + $groups=array("scancleancache","hexdecodecontent","blockdownloads","enablepics","deepurlanalysis","infectionbypasserrorsonly","disablecontentscan","sslcertcheck","sslmitm"); + #loop on array + $count=1; + $user_xml=""; + $filtergroupslist=""; + foreach($config['installedpackages']['dansguardiangroups']['config'] as $dansguardian_groups){ + $dansguardian_group_name=strtolower($dansguardian_groups['name']); + $dgfg[$count]=$dansguardian_group_name; + $dansguardian_groups['blockdownloads']=($dansguardian_groups['blockdownloads']?$dansguardian_groups['blockdownloads']:"off"); + $dansguardian_groups['weightedphrasemode']=(preg_match("/\d/",$dansguardian_groups['weightedphrasemode'])?$dansguardian_groups['weightedphrasemode']:$dansguardian_config['weightedphrasemode']); + $dansguardian_groups['naughtynesslimit']=($dansguardian_groups['naughtynesslimit']?$dansguardian_groups['naughtynesslimit']:"50"); + $dansguardian_groups['searchtermlimit']=($dansguardian_groups['searchtermlimit']?$dansguardian_groups['searchtermlimit']:"30"); + $dansguardian_groups['categorydisplaythreshold']=($dansguardian_groups['categorydisplaythreshold']?$dansguardian_groups['categorydisplaythreshold']:"0"); + $dansguardian_groups['embeddedurlweight']=($dansguardian_groups['embeddedurlweight']?$dansguardian_groups['embeddedurlweight']:"0"); + $dansguardian_groups['bypass']=($dansguardian_groups['bypass']?$dansguardian_groups['bypass']:"0"); + $dansguardian_groups['infectionbypass']=($dansguardian_groups['infectionbypass']?$dansguardian_groups['infectionbypass']:"0"); + foreach ($groups as $group) + $dansguardian_groups[$group]=(preg_match("/$group/",$dansguardian_groups['group_options'])?"on":"off"); + include("/usr/local/pkg/dansguardianfx.conf.template"); + file_put_contents($dansguardian_dir."/dansguardianf".$count.".conf", $dgf, LOCK_EX); -#create dansguardian.conf - $dg=<<<EOF -# DansGuardian config file for version 2.12.0.0 - -# **NOTE** as of version 2.7.5 most of the list files are now in dansguardianf1.conf - - -# Web Access Denied Reporting (does not affect logging) -# -# -1 = log, but do not block - Stealth mode -# 0 = just say 'Access Denied' -# 1 = report why but not what denied phrase -# 2 = report fully -# 3 = use HTML template file (accessdeniedaddress ignored) - recommended -# -reportinglevel = {$reportlevel} - -# Language dir where languages are stored for internationalisation. -# The HTML template within this dir is only used when reportinglevel -# is set to 3. When used, DansGuardian will display the HTML file instead of -# using the perl cgi script. This option is faster, cleaner -# and easier to customise the access denied page. -# The language file is used no matter what setting however. -# -languagedir = '/usr/local/share/dansguardian/languages' - -# language to use from languagedir. -language = '{$reportlanguage}' - -# Logging Settings -# -# 0 = none 1 = just denied 2 = all text based 3 = all requests -loglevel = {$loglevel} - -# Log Exception Hits -# Log if an exception (user, ip, URL, phrase) is matched and so -# the page gets let through. Can be useful for diagnosing -# why a site gets through the filter. -# 0 = never log exceptions -# 1 = log exceptions, but do not explicitly mark them as such -# 2 = always log & mark exceptions (default) -logexceptionhits = {$logexceptionhits} - -# Log File Format -# 1 = DansGuardian format (space delimited) -# 2 = CSV-style format -# 3 = Squid Log File Format -# 4 = Tab delimited -logfileformat = {$logfileformat} - -# truncate large items in log lines -# 0 = no truncating (default) -#maxlogitemlength = 0 - -# anonymize logs (blank out usernames & IPs) -anonymizelogs = {$anonymizelogs} - - -# Syslog logging -# -# Use syslog for access logging instead of logging to the file -# at the defined or built-in "loglocation" -#logsyslog = off - -# Log file location -# -# Defines the log directory and filename. -#loglocation = '/var/log/access.log' - - -# Statistics log file location -# -# Defines the stat file directory and filename. -# Only used in conjunction with maxips > 0 -# Once every 3 minutes, the current number of IPs in the cache, and the most -# that have been in the cache since the daemon was started, are written to this -# file. IPs persist in the cache for 7 days. -#statlocation = '/var/log/stats' - - -# Network Settings -# -# the IP that DansGuardian listens on. If left blank DansGuardian will -# listen on all IPs. That would include all NICs, loopback, modem, etc. -# Normally you would have your firewall protecting this, but if you want -# you can limit it to a certain IP. To bind to multiple interfaces, -# specify each IP on an individual filterip line. -# You can have the same IP twice so long as it has a different port. -filterip = {$filterip} - -# the ports that DansGuardian listens to. Specify one line per filterip -# line. You can specify different authentication mechanisms per port but -# only if the mechanisms can co-exist (e.g. basic/proxy auth can't) -filterports = 8080 -#filterports = 8081 -{$filterports} - -# the ip of the proxy (default is the loopback - i.e. this server) -proxyip = 127.0.0.1 - -# the port DansGuardian connects to proxy on -proxyport = 3128 - -# Whether to retrieve the original destination IP in transparent proxy -# setups and check it against the domain pulled from the HTTP headers. -# -# Be aware that when visiting sites which use a certain type of round-robin -# DNS for load balancing, DG may mark requests as invalid unless DG gets -# exactly the same answers to its DNS requests as clients. The chances of -# this happening can be increased if all clients and servers on the same LAN -# make use of a local, caching DNS server instead of using upstream DNS -# directly. -# -# See http://www.kb.cert.org/vuls/id/435052 -# on (default) | off -#!! Not compiled !! originalip = on - -# accessdeniedaddress is the address of your web server to which the cgi -# dansguardian reporting script was copied. Only used in reporting levels 1 and 2. -# -# This webserver must be either: -# 1. Non-proxied. Either a machine on the local network, or listed as an exception -# in your browser's proxy configuration. -# 2. Added to the exceptionsitelist. Option 1 is preferable; this option is -# only for users using both transparent proxying and a non-local server -# to host this script. -# -# Individual filter groups can override this setting in their own configuration. -# -accessdeniedaddress = 'http://YOURSERVER.YOURDOMAIN/cgi-bin/dansguardian.pl' - -# Non standard delimiter (only used with accessdeniedaddress) -# To help preserve the full banned URL, including parameters, the variables -# passed into the access denied CGI are separated using non-standard -# delimiters. This can be useful to ensure correct operation of the filter -# bypass modes. Parameters are split using "::" in place of "&", and "==" in -# place of "=". -# Default is enabled, but to go back to the standard mode, disable it. -nonstandarddelimiter = {$nonstandarddelimiter} - - - -# Banned image replacement -# Images that are banned due to domain/url/etc reasons including those -# in the adverts blacklists can be replaced by an image. This will, -# for example, hide images from advert sites and remove broken image -# icons from banned domains. -# on (default) | off -usecustombannedimage = {$usecustombannedimage} -custombannedimagefile = '/usr/local/share/dansguardian/transparent1x1.gif' - - -#Banned flash replacement -usecustombannedflash = {$usecustombannedflash} -custombannedflashfile = '/usr/local/share/dansguardian/blockedflash.swf' - - - -# Filter groups options -# filtergroups sets the number of filter groups. A filter group is a set of content -# filtering options you can apply to a group of users. The value must be 1 or more. -# DansGuardian will automatically look for dansguardianfN.conf where N is the filter -# group. To assign users to groups use the filtergroupslist option. All users default -# to filter group 1. You must have some sort of authentication to be able to map users -# to a group. The more filter groups the more copies of the lists will be in RAM so -# use as few as possible. -filtergroups = 1 -filtergroupslist = '/usr/local/etc/dansguardian/lists/filtergroupslist' - - - -# Authentication files location -bannediplist = '/usr/local/etc/dansguardian/lists/bannediplist' -exceptioniplist = '/usr/local/etc/dansguardian/lists/exceptioniplist' - -# Per-Room blocking definition directory -# A directory containing text files containing the room's name followed by IPs or ranges -# Think of it as bannediplist on crack -perroomblockingdirectory = '/usr/local/etc/dansguardian/lists/bannedrooms/' - -# Show weighted phrases found -# If enabled then the phrases found that made up the total which excedes -# the naughtyness limit will be logged and, if the reporting level is -# high enough, reported. on | off -showweightedfound = {$showweightedfound} - -# Weighted phrase mode -# There are 3 possible modes of operation: -# 0 = off = do not use the weighted phrase feature. -# 1 = on, normal = normal weighted phrase operation. -# 2 = on, singular = each weighted phrase found only counts once on a page. -# -# IMPORTANT: Note that setting this to "0" turns off all features which -# extract phrases from page content, including banned & exception -# phrases (not just weighted), search term filtering, and scanning for -# links to banned URLs. -# -weightedphrasemode = {$weightedphrasemode} - - - -# Positive (clean) result caching for URLs -# Caches good pages so they don't need to be scanned again. -# It also works with AV plugins. -# 0 = off (recommended for ISPs with users with disimilar browsing) -# 1000 = recommended for most users -# 5000 = suggested max upper limit -# If you're using an AV plugin then use at least 5000. -urlcachenumber = {$urlcachenumber} -# -# Age before they are stale and should be ignored in seconds -# 0 = never -# 900 = recommended = 15 mins -urlcacheage ={$urlcacheage} - - - -# Cache for content (AV) scan results as 'clean' -# By default, to save CPU, files scanned and found to be -# clean are inserted into the clean cache and NOT scanned -# again for a while. If you don't like this then choose -# to disable it. -# on = cache results; do not re-scan -# off = do not cache; always re-scan -# (on|off) default = on. -scancleancache = {$scancleancache} - - - -# Smart, Raw and Meta/Title phrase content filtering options -# Smart is where the multiple spaces and HTML are removed before phrase filtering -# Raw is where the raw HTML including meta tags are phrase filtered -# Meta/Title is where only meta and title tags are phrase filtered (v. quick) -# CPU usage can be effectively halved by using setting 0 or 1 compared to 2 -# 0 = raw only -# 1 = smart only -# 2 = both of the above (default) -# 3 = meta/title -phrasefiltermode = {$phrasefiltermode} - -# Lower casing options -# When a document is scanned the uppercase letters are converted to lower case -# in order to compare them with the phrases. However this can break Big5 and -# other 16-bit texts. If needed preserve the case. As of version 2.7.0 accented -# characters are supported. -# 0 = force lower case (default) -# 1 = do not change case -# 2 = scan first in lower case, then in original case -preservecase = {$preservecase} - -# Note: -# If phrasefiltermode and preserve case are both 2, this equates to 4 phrase -# filtering passes. If you have a large enough userbase for this to be a -# worry, and need to filter pages in exotic character encodings, it may be -# better to run two instances on separate servers: one with preservecase 1 -# (and possibly forcequicksearch 1) and non ASCII/UTF-8 phrase lists, and one -# with preservecase 0 and ASCII/UTF-8 lists. - - - -# Hex decoding options -# When a document is scanned it can optionally convert %XX to chars. -# If you find documents are getting past the phrase filtering due to encoding -# then enable. However this can break Big5 and other 16-bit texts. -# off = disabled (default) -# on = enabled -hexdecodecontent = {$hexdecodecontent} - - - -# Force Quick Search rather than DFA search algorithm -# The current DFA implementation is not totally 16-bit character compatible -# but is used by default as it handles large phrase lists much faster. -# If you wish to use a large number of 16-bit character phrases then -# enable this option. -# off (default) | on (Big5 compatible) -forcequicksearch = {$forcequicksearch} - - - -# Reverse lookups for banned site and URLs. -# If set to on, DansGuardian will look up the forward DNS for an IP URL -# address and search for both in the banned site and URL lists. This would -# prevent a user from simply entering the IP for a banned address. -# It will reduce searching speed somewhat so unless you have a local caching -# DNS server, leave it off and use the Blanket IP Block option in the -# bannedsitelist file instead. -reverseaddresslookups = {$reverseaddresslookups} - - - -# Reverse lookups for banned and exception IP lists. -# If set to on, DansGuardian will look up the forward DNS for the IP -# of the connecting computer. This means you can put in hostnames in -# the exceptioniplist and bannediplist. -# If a client computer is matched against an IP given in the lists, then the -# IP will be recorded in any log entries; if forward DNS is successful and a -# match occurs against a hostname, the hostname will be logged instead. -# It will reduce searching speed somewhat so unless you have a local DNS server, -# leave it off. -reverseclientiplookups = {$reverseclientiplookups} - - -# Perform reverse lookups on client IPs for successful requests. -# If set to on, DansGuardian will look up the forward DNS for the IP -# of the connecting computer, and log host names (where available) rather than -# IPs against requests. -# This is not dependent on reverseclientiplookups being enabled; however, if it -# is, enabling this option does not incur any additional forward DNS requests. -logclienthostnames = {$logclienthostnames} - - -# Build bannedsitelist and bannedurllist cache files. -# This will compare the date stamp of the list file with the date stamp of -# the cache file and will recreate as needed. -# If a .processed file exists for an item (e.g. domain/URL) list, then that -# will be used instead, if it is up to date (i.e. newer than the unprocessed -# list file). -# This can increase process start speed on slow computers. -# Fast computers do not need this option. -# on | off, default = on -createlistcachefiles = {$createlistcachefiles} - - -# Prefer cached list files -# If enabled, DansGuardian will always prefer to load ".processed" versions of -# list files, regardless of their time stamps relative to the original -# unprocessed lists. This is not generally useful unless you have a specific -# list update process which results in - for example - up-to-date, pre-sorted -# ".processed" list files with dummy unprocessed files. -# on | off, default = off -prefercachedlists = {$prefercachedlists} - - - -# POST protection (web upload and forms) -# does not block forms without any file upload, i.e. this is just for -# blocking or limiting uploads -# measured in kibibytes after MIME encoding and header bumph -# use 0 for a complete block -# use higher (e.g. 512 = 512Kbytes) for limiting -# use -1 for no blocking -#maxuploadsize = 512 -#maxuploadsize = 0 -maxuploadsize = {$maxuploadsize} - - - -# Max content filter size -# Sometimes web servers label binary files as text which can be very -# large which causes a huge drain on memory and cpu resources. -# To counter this, you can limit the size of the document to be -# filtered and get it to just pass it straight through. -# This setting also applies to content regular expression modification. -# The value must not be higher than maxcontentramcachescansize -# The size is in Kibibytes - eg 2048 = 2Mb -# use 0 to set it to maxcontentramcachescansize -maxcontentfiltersize = {$maxcontentfiltersize} - - - -# Max content ram cache scan size -# This is only used if you use a content scanner plugin such as AV -# This is the max size of file that DG will download and cache -# in RAM. After this limit is reached it will cache to disk -# This value must be less than or equal to maxcontentfilecachescansize. -# The size is in Kibibytes - eg 10240 = 10Mb -# use 0 to set it to maxcontentfilecachescansize -# This option may be ignored by the configured download manager. -maxcontentramcachescansize = {$maxcontentramcachescansize} - - - -# Max content file cache scan size -# This is only used if you use a content scanner plugin such as AV -# This is the max size file that DG will download -# so that it can be scanned or virus checked. -# This value must be greater or equal to maxcontentramcachescansize. -# The size is in Kibibytes - eg 10240 = 10Mb -maxcontentfilecachescansize = {$maxcontentfilecachescansize} - - - -# File cache dir -# Where DG will download files to be scanned if too large for the -# RAM cache. -filecachedir = '/tmp' - - - -# Delete file cache after user completes download -# When a file gets save to temp it stays there until it is deleted. -# You can choose to have the file deleted when the user makes a sucessful -# download. This will mean if they click on the link to download from -# the temp store a second time it will give a 404 error. -# You should configure something to delete old files in temp to stop it filling up. -# on|off (defaults to on) -deletedownloadedtempfiles = {$deletedownloadedtempfiles} - - - -# Initial Trickle delay -# This is the number of seconds a browser connection is left waiting -# before first being sent *something* to keep it alive. The -# *something* depends on the download manager chosen. -# Do not choose a value too low or normal web pages will be affected. -# A value between 20 and 110 would be sensible -# This may be ignored by the configured download manager. -initialtrickledelay = {$initialtrickledelay} - - - -# Trickle delay -# This is the number of seconds a browser connection is left waiting -# before being sent more *something* to keep it alive. The -# *something* depends on the download manager chosen. -# This may be ignored by the configured download manager. -trickledelay = {$trickledelay} - - - -# Download Managers -# These handle downloads of files to be filtered and scanned. -# They differ in the method they deal with large downloads. -# Files usually need to be downloaded 100% before they can be -# filtered and scanned before being sent on to the browser. -# Normally the browser can just wait, but with content scanning, -# for example to AV, the browser may timeout or the user may get -# confused so the download manager has to do some sort of -# 'keep alive'. -# -# There are various methods possible but not all are included. -# The author does not have the time to write them all so I have -# included a plugin systam. Also, not all methods work with all -# browsers and clients. Specifically some fancy methods don't -# work with software that downloads updates. To solve this, -# each plugin can support a regular expression for matching -# the client's user-agent string, and lists of the mime types -# and extensions it should manage. -# -# Note that these are the matching methods provided by the base plugin -# code, and individual plugins may override or add to them. -# See the individual plugin conf files for supported options. -# -# The plugins are matched in the order you specify and the last -# one is forced to match as the default, regardless of user agent -# and other matching mechanisms. -# -downloadmanager = '/usr/local/etc/dansguardian/downloadmanagers/fancy.conf' -##!! Not compiled !! downloadmanager = '/usr/local/etc/dansguardian/downloadmanagers/trickle.conf' -downloadmanager = '/usr/local/etc/dansguardian/downloadmanagers/default.conf' - - - -# Content Scanners (Also known as AV scanners) -# These are plugins that scan the content of all files your browser fetches -# for example to AV scan. The options are limitless. Eventually all of -# DansGuardian will be plugin based. You can have more than one content -# scanner. The plugins are run in the order you specify. -# This is one of the few places you can have multiple options of the same name. -# -# Some of the scanner(s) require 3rd party software and libraries eg clamav. -# See the individual plugin conf file for more options (if any). -# -#contentscanner = '/usr/local/etc/dansguardian/contentscanners/clamdscan.conf' -#!! Not compiled !! contentscanner = '/usr/local/etc/dansguardian/contentscanners/avastdscan.conf' -#!! Not compiled !! contentscanner = '/usr/local/etc/dansguardian/contentscanners/kavdscan.conf' -#contentscanner = '/usr/local/etc/dansguardian/contentscanners/icapscan.conf' -#!! Not compiled !! contentscanner = '/usr/local/etc/dansguardian/contentscanners/commandlinescan.conf' - - - -# Content scanner timeout -# Some of the content scanners support using a timeout value to stop -# processing (eg AV scanning) the file if it takes too long. -# If supported this will be used. -# The default of 60 seconds is probably reasonable. -contentscannertimeout = {$contentscannertimeout} - - - -# Content scan exceptions -# If 'on' exception sites, urls, users etc will be scanned -# This is probably not desirable behavour as exceptions are -# supposed to be trusted and will increase load. -# Correct use of grey lists are a better idea. -# (on|off) default = off -contentscanexceptions = {$contentscanexceptions} - - - -# Auth plugins -# These replace the usernameidmethod* options in previous versions. They -# handle the extraction of client usernames from various sources, such as -# Proxy-Authorisation headers and ident servers, enabling requests to be -# handled according to the settings of the user's filter group. -# Multiple plugins can be specified, and will be used per port in the order -# filterports are listed. -# -# If you do not use multiple filter groups, you need not specify this option. -# -#authplugin = '/usr/local/etc/dansguardian/authplugins/proxy-basic.conf' -#authplugin = '/usr/local/etc/dansguardian/authplugins/proxy-digest.conf' -#authplugin = '/usr/local/etc/dansguardian/authplugins/proxy-ntlm.conf' -#authplugin = '/usr/local/etc/dansguardian/authplugins/ident.conf' -#authplugin = '/usr/local/etc/dansguardian/authplugins/ip.conf' - - - -# Re-check replaced URLs -# As a matter of course, URLs undergo regular expression search/replace (urlregexplist) -# *after* checking the exception site/URL/regexpURL lists, but *before* checking against -# the banned site/URL lists, allowing certain requests that would be matched against the -# latter in their original state to effectively be converted into grey requests. -# With this option enabled, the exception site/URL/regexpURL lists are also re-checked -# after replacement, making it possible for URL replacement to trigger exceptions based -# on them. -# Defaults to off. -recheckreplacedurls = {$recheckreplacedurls} - - - -# Misc settings - -# if on it adds an X-Forwarded-For: <clientip> to the HTTP request -# header. This may help solve some problem sites that need to know the -# source ip. on | off -forwardedfor = {$forwardedfor} - - -# if on it uses the X-Forwarded-For: <clientip> to determine the client -# IP. This is for when you have squid between the clients and DansGuardian. -# Warning - headers are easily spoofed. on | off -usexforwardedfor = {usexforwardedfor} - - -# if on it logs some debug info regarding fork()ing and accept()ing which -# can usually be ignored. These are logged by syslog. It is safe to leave -# it on or off -logconnectionhandlingerrors = {$logconnectionhandlingerrors} - - - -# Fork pool options - -# If on, this causes DG to write to the log file whenever child processes are -# created or destroyed (other than by crashes). This information can help in -# understanding and tuning the following parameters, but is not generally -# useful in production. -logchildprocesshandling = {$logchildprocesshandling} - -# sets the maximum number of processes to spawn to handle the incoming -# connections. Max value usually 250 depending on OS. -# On large sites you might want to try 180. -maxchildren = {$maxchildren} - - -# sets the minimum number of processes to spawn to handle the incoming connections. -# On large sites you might want to try 32. -minchildren = {$minchildren} - - -# sets the minimum number of processes to be kept ready to handle connections. -# On large sites you might want to try 8. -minsparechildren = {$minsparechildren} - - -# sets the minimum number of processes to spawn when it runs out -# On large sites you might want to try 10. -preforkchildren = {$preforkchildren} - - -# sets the maximum number of processes to have doing nothing. -# When this many are spare it will cull some of them. -# On large sites you might want to try 64. -maxsparechildren = {$maxsparechildren} - - -# sets the maximum age of a child process before it croaks it. -# This is the number of connections they handle before exiting. -# On large sites you might want to try 10000. -maxagechildren = {$maxagechildren} - - -# Sets the maximum number client IP addresses allowed to connect at once. -# Use this to set a hard limit on the number of users allowed to concurrently -# browse the web. Set to 0 for no limit, and to disable the IP cache process. -maxips = {$maxips} - - - -# Process options -# (Change these only if you really know what you are doing). -# These options allow you to run multiple instances of DansGuardian on a single machine. -# Remember to edit the log file path above also if that is your intention. - -# IPC filename -# -# Defines IPC server directory and filename used to communicate with the log process. -ipcfilename = '/tmp/.dguardianipc' - -# URL list IPC filename -# -# Defines URL list IPC server directory and filename used to communicate with the URL -# cache process. -urlipcfilename = '/tmp/.dguardianurlipc' - -# IP list IPC filename -# -# Defines IP list IPC server directory and filename, for communicating with the client -# IP cache process. -ipipcfilename = '/tmp/.dguardianipipc' - -# PID filename -# -# Defines process id directory and filename. -#pidfilename = '/var/run/dansguardian.pid' - -# Disable daemoning -# If enabled the process will not fork into the background. -# It is not usually advantageous to do this. -# on|off (defaults to off) -nodaemon = {$nodaemon} - -# Disable logging process -# on|off (defaults to off) -nologger = {$nologger} - -# Enable logging of "ADs" category blocks -# on|off (defaults to off) -logadblocks = {$logadblocks} - -# Enable logging of client User-Agent -# Some browsers will cause a *lot* of extra information on each line! -# on|off (defaults to off) -loguseragent = {$loguseragent} - -# Daemon runas user and group -# This is the user that DansGuardian runs as. Normally the user/group nobody. -# Uncomment to use. Defaults to the user set at compile time. -# Temp files created during virus scanning are given owner and group read -# permissions; to use content scanners based on external processes, such as -# clamdscan, the two processes must run with either the same group or user ID. -#daemonuser = 'nobody' -#daemongroup = 'nobody' - -# Soft restart -# When on this disables the forced killing off all processes in the process group. -# This is not to be confused with the -g run time option - they are not related. -# on|off (defaults to off) -softrestart = {softrestart} - -# Mail program -# Path (sendmail-compatible) email program, with options. -# Not used if usesmtp is disabled (filtergroup specific). -#!! Not compiled !!mailer = '/usr/sbin/sendmail -t' - -#SSL certificate checking path -#Path to CA certificates used to validate the certificates of https sites. -#sslcertificatepath = '/etc/ssl/certs/' - -#SSL man in the middle -#CA certificate path -#Path to the CA certificate to use as a signing certificate for -#generated certificates. -#cacertificatepath = '/home/stephen/dginstall/ca.pem' - -#CA private key path -#path to the private key that matches the public key in the CA certificate. -#caprivatekeypath = '/home/stephen/dginstall/ca.key' - -#Cert private key path -#The public / private key pair used by all generated certificates -#certprivatekeypath = '/home/stephen/dginstall/cert.key' - -#Generated cert path -#The location where generated certificates will be saved for future use. -#(must be writable by the dg user) -#generatedcertpath = '/home/stephen/dginstall/generatedcerts/' + if ($config['installedpackages']['dansguardianusers']['config'][0][$dansguardian_group_name]!=""){ + $import_users = explode("\n", base64_decode($config['installedpackages']['dansguardianusers']['config'][0][$dansguardian_group_name])); + asort($import_users); + $config['installedpackages']['dansguardianusers']['config'][0][$dansguardian_group_name]=base64_encode(implode("\n", $import_users)); + foreach ($import_users as $new_user){ + if (preg_match("/(\S+)\s+(\S+)/",$new_user,$matches)) + $filtergroupslist.=$matches[1]."=filter".$count." #".$matches[2]."\n"; + elseif (preg_match("/(\S+)/",$new_user,$matches)) + $filtergroupslist.=$matches[1]."=filter".$count."\n"; + } + } + $filtergroup_count=count($import_users); + #Default group catch all unauth groups as well non listed users + if($count > 1) + $user_xml .=<<<EOF + <field> + <name>{$dansguardian_groups['description']} ({$filtergroup_count})</name> + <type>listtopic</type> + </field> + <field> + <fieldname>{$dansguardian_group_name}</fieldname> + <fielddescr>{$dansguardian_groups['name']}</fielddescr> + <description><![CDATA[Include users for this group one per line<br>Hint:PFSENSE\marcelloc #Marcello Coutinho]]></description> + <type>textarea</type> + + <cols>80</cols><rows>12</rows> + <encoding>base64</encoding> + </field> +EOF; + + $count++; + } + #Create/update filtergroupslist + file_put_contents($dansguardian_dir."/lists/filtergroupslist",$filtergroupslist,LOCK_EX); + #Create/update userlist xml file + $user_xml_header=file_get_contents("/usr/local/pkg/dansguardian_users_header.xml"); + $user_xml_footer=file_get_contents("/usr/local/pkg/dansguardian_users_footer.xml"); + file_put_contents("/usr/local/pkg/dansguardian_users.xml",$user_xml_header.$user_xml.$user_xml_footer,LOCK_EX); + + #check blacklist download files + if ($dansguardian_blacklist['cron']=="now" && $dansguardian_blacklist['blacklist']){ + $config['installedpackages']['dansguardianblacklist']['config'][0]['cron']="never"; + log_error("Blacklist udpate process started"); + file_notice("Dansguardian - Blacklist udpate process started",""); + file_put_contents("/root/dansguardian_custom.script",base64_decode($dansguardian_blacklist['custom_script']),LOCK_EX); + if ($dansguardian_blacklist['enable_custom_script'] && $dansguardian_blacklist['custom_script'] != "") + mwexec_bg("/root/dansguardian_custom.script"); + else + mwexec_bg("/usr/local/bin/php /usr/local/www/dansguardian.php fetch_blacklist"); + mwexec_bg("/usr/local/bin/php /usr/local/www/dansguardian.php udpate_lists"); + } + + #get clamav user + $cconf="/usr/local/etc/clamd.conf"; + $cconf_file=file_get_contents($cconf); + if (preg_match("/User (\w+)/",$cconf_file,$matches)){ + $daemonuser = $matches[1]; + $daemongroup = 'nobody'; + } + else{ + $daemonuser = 'nobody'; + $daemongroup = 'nobody'; + } + $filtergroups=($count > 1?($count -1):1); + + $filterip=""; + $filterports=""; + foreach (explode(",", $dansguardian['interface']) as $i => $iface) { + $real_ifaces[] = dg_get_real_interface_address($iface); + if($real_ifaces[$i][0]) + $filterip .="filterip = ".$real_ifaces[$i][0]."\n"; + $filterports.="filterports = ".$filterport."\n"; + } + $filterip=($filterip==""?"filterip = ":$filterip); + $filterports=($filterports==""?"filterports = $filterport":$filterports); + include("/usr/local/pkg/dansguardian.conf.template"); -#Generated link path = '' -#The location where symlinks to certificates will be created. -#(must be writable by the dg user) -#generatedlinkpath = '/home/stephen/dginstall/generatedlinks/' -EOF; #write files conf_mount_rw(); - $mlang=strtolower($report['language']); - $mfiles[]="/usr/local/etc/dansguardian/virus.scanners.conf"; - $mfiles[]="/usr/local/share/dansguardian/reports/{$mlang}/inline.spam.warning.txt"; - $mfiles[]="/usr/local/share/dansguardian/reports/{$mlang}/languages.conf"; - - foreach ($mfiles as $mfile) - if (! file_exists ($mfile)) - copy($mfile.".sample",$mfile); - - write_config(); + #update file owner + mwexec("chown -R $daemonuser:$daemongroup /usr/loca/etc/dansguardian"); + mwexec("chown -R $daemonuser:$daemongroup /var/log/dansguardian"); - file_put_contents($dansguardian_dir."/dansguardian.conf", $mc, LOCK_EX); - file_put_contents($dansguardian_dir."/filename.rules.conf",dg_text_area_decode($config['installedpackages']['msattachments']['config'][0]['filename_rules']),LOCK_EX); - file_put_contents($dansguardian_dir."/filetype.rules.conf",dg_text_area_decode($config['installedpackages']['msattachments']['config'][0]['filetype_rules']),LOCK_EX); - file_put_contents($dansguardian_dir."/archives.filename.rules.conf",dg_text_area_decode($config['installedpackages']['msattachments']['config'][0]['filename_rules']),LOCK_EX); - file_put_contents($dansguardian_dir."/archives.filetype.rules.conf",dg_text_area_decode($config['installedpackages']['msattachments']['config'][0]['filetype_rules']),LOCK_EX); - file_put_contents($dansguardian_dir."/phishing.safe.sites.conf",dg_text_area_decode($config['installedpackages']['mscontent']['config'][0]['phishing_safe']),LOCK_EX); - file_put_contents($dansguardian_dir."/phishing.bad.sites.conf",dg_text_area_decode($config['installedpackages']['mscontent']['config'][0]['phishing_bad']),LOCK_EX); - file_put_contents($dansguardian_dir."/country.domains.conf",dg_text_area_decode($config['installedpackages']['mscontent']['config'][0]['country_domains']),LOCK_EX); - file_put_contents($dansguardian_dir.'/spam.assassin.prefs.conf',$sa_temp,LOCK_EX); - file_put_contents($dansguardian_dir.'/spam.lists.conf',dg_text_area_decode($config['installedpackages']['msantispam']['config'][0]['rbl_file']),LOCK_EX); - file_put_contents($dansguardian_dir.'/mcp/mcp.spam.assassin.prefs.conf',dg_text_area_decode($config['installedpackages']['msantispam']['config'][0]['mcp_pref_file']),LOCK_EX); - file_put_contents($dansguardian_dir.'/rules/bounce.rules',dg_text_area_decode($config['installedpackages']['msantispam']['config'][0]['bounce']),LOCK_EX); - file_put_contents($dansguardian_dir.'/rules/max.message.size.rules',dg_text_area_decode($config['installedpackages']['msantispam']['config'][0]['max_message_size']),LOCK_EX); - file_put_contents($dansguardian_dir.'/rules/spam.whitelist.rules',dg_text_area_decode($config['installedpackages']['msantispam']['config'][0]['spam_whitelist']),LOCK_EX); - - foreach ($report_files as $key_r => $file_r) - file_put_contents($report_dir.'/'.$file_r,dg_text_area_decode($config['installedpackages']['msreport']['config'][0][$key_r]),LOCK_EX); - - if ($alert['sig']){ - $sig_html=dg_text_area_decode($config['installedpackages']['msalerts']['config'][0]['sig_html']); - $sig_txt=dg_text_area_decode($config['installedpackages']['msalerts']['config'][0]['sig_txt']);} - else{ - $sig_html=""; - $sig_txt="";} - file_put_contents($report_dir.'/inline.sig.txt',$sig_txt,LOCK_EX); - file_put_contents($report_dir.'/inline.sig.html',$sig_html,LOCK_EX); - - if ($alert['warning']){ - $warning_html=dg_text_area_decode($config['installedpackages']['msalerts']['config'][0]['warning_html']); - $warning_txt=dg_text_area_decode($config['installedpackages']['msalerts']['config'][0]['warning_txt']);} - else{ - $warning_html=""; - $warning_txt="";} - file_put_contents($report_dir.'/inline.warning.txt',$warning_txt,LOCK_EX); - file_put_contents($report_dir.'/inline.warning.html',$warning_html,LOCK_EX); + #create config files + file_put_contents($dansguardian_dir."/dansguardian.conf", $dg, LOCK_EX); #check virus_scanner options $libexec_dir="/usr/local/libexec/dansguardian/"; - if ($virus_scanning == "yes"){ - if ($antivirus['virus_scanner'] =="none"){ - unlink_if_exists($libexec_dir.'clamav-autoupdate'); - unlink_if_exists($libexec_dir.'clamav-wrapper'); - } - else{ - if (file_exists('/var/run/clamav/')) - chown('/var/run/clamav/', 'dansguardian'); - if (file_exists('/var/log/clamav/')) - chown('/var/log/clamav/', 'dansguardian'); - if (file_exists('/var/db/clamav/')) - chown('/var/db/clamav/', 'dansguardian'); - if (file_exists('/var/db/clamav/bytecode.cld')) - chown('/var/db/clamav/bytecode.cld', 'dansguardian'); - if (file_exists('/var/db/clamav/daily.cld')) - chown('/var/db/clamav/daily.cld', 'dansguardian'); - if (file_exists('/var/db/clamav/main.cvd')) - chown('/var/db/clamav/main.cvd', 'dansguardian'); - if (file_exists('/var/db/clamav/mirrors.dat')) - chown('/var/db/clamav/mirrors.dat', 'dansguardian'); - if (file_exists('/var/log/clamav/clamd.log')) - chown('/var/log/clamav/clamd.log', 'dansguardian'); - if (file_exists('/var/log/clamav/freshclam.log')) - chown('/var/log/clamav/freshclam.log', 'dansguardian'); + if (preg_match("/clamd/",$dansguardian_config['content_scanners'])){ - copy($libexec_dir.'clamav-autoupdate.sample',$libexec_dir.'clamav-autoupdate'); - chmod ($libexec_dir.'clamav-autoupdate',0755); - copy($libexec_dir.'clamav-wrapper.sample',$libexec_dir.'clamav-wrapper'); - chmod ($libexec_dir.'clamav-autoupdate',0755); - if (!file_exists('/var/db/clamav/main.cvd')){ - log_error('No clamav database found, running freshclam in background.'); - mwexec_bg('/usr/local/bin/freshclam'); - } - #clamav-wrapper file - $cconf=$libexec_dir."clamav-wrapper"; - $cconf_file=file_get_contents($cconf); - if (preg_match('/"clamav"/',$cconf_file)){ - $cconf_file=preg_replace('/"clamav"/','"dansguardian"',$cconf_file); - file_put_contents($cconf, $cconf_file, LOCK_EX); - } + if (!file_exists('/var/db/clamav/main.cvd')){ + log_error('No clamav database found for dansguardian, running freshclam in background.'); + mwexec_bg('/usr/local/bin/freshclam'); + } - #freshclam conf file - $cconf="/usr/local/etc/freshclam.conf"; + $match=array(); + $match[0]='/NO/'; + $replace=array(); + $replace[0]='YES'; + + #clamdscan.conf dansguardian file + $cconf="/usr/local/etc/dansguardian/contentscanners/clamdscan.conf"; $cconf_file=file_get_contents($cconf); - if (preg_match('/DatabaseOwner clamav/',$cconf_file)){ - $cconf_file=preg_replace("/DatabaseOwner clamav/","DatabaseOwner dansguardian",$cconf_file); - file_put_contents($cconf, $cconf_file, LOCK_EX); + if (!preg_match('/clamav/',$cconf_file)){ + file_put_contents($cconf, $cconf_file."\nclamdudsfile = '/var/run/clamav/clamd.sock'", LOCK_EX); } - + #clamd conf file $cconf="/usr/local/etc/clamd.conf"; $cconf_file=file_get_contents($cconf); - if (preg_match('/User clamav/',$cconf_file)){ - $cconf_file=preg_replace("/User clamav/","User dansguardian",$cconf_file); - file_put_contents($cconf, $cconf_file, LOCK_EX); - } - #clamd script file - $script='/usr/local/etc/rc.d/clamav-clamd'; - $script_file=file($script); - foreach ($script_file as $script_line){ - if(preg_match("/command=/",$script_line)){ - $new_clamav_startup.= "/bin/mkdir /var/run/clamav\n"; - $new_clamav_startup.= "chown dansguardian /var/run/clamav\n"; - $new_clamav_startup.=$script_line; + if (preg_match("/User (\w+)/",$cconf_file,$matches)){ + #clamd script file + $script='/usr/local/etc/rc.d/clamav-clamd'; + $script_file=file($script); + foreach ($script_file as $script_line){ + if(preg_match("/command=/",$script_line)){ + $new_clamav_startup.= "/bin/mkdir /var/run/clamav\n"; + $new_clamav_startup.= "chown ".$matches[1]." /var/run/clamav\n"; + $new_clamav_startup.=$script_line; + } + elseif(!preg_match("/(mkdir|chown|sleep|mailscanner)/",$script_line)) { + $new_clamav_startup.=preg_replace("/NO/","YES",$script_line); + } } - elseif(!preg_match("/(mkdir|chown|sleep|dansguardian)/",$script_line)) { - $new_clamav_startup.=preg_replace("/NO/","YES",$script_line); - } - } - file_put_contents($script, $new_clamav_startup, LOCK_EX); - chmod ($script,0755); - mwexec("$script stop"); - mwexec_bg("$script start"); - } - } - else{ - unlink_if_exists($libexec_dir.'clamav-autoupdate'); - unlink_if_exists($libexec_dir.'clamav-wrapper'); - } - - #check dcc startup script - $script='/usr/local/etc/rc.d/dccifd'; - $script_file=file_get_contents($script); - if (preg_match('/NO/',$script_file)){ - $script_file=preg_replace("/NO/","YES",$script_file); - file_put_contents($script, $script_file, LOCK_EX); + file_put_contents($script, $new_clamav_startup, LOCK_EX); chmod ($script,0755); - } - #check dcc config file - $script='/usr/local/dcc/dcc_conf'; - $script_file=file_get_contents($script); - if (preg_match('/DCCIFD_ENABLE=off/',$script_file)){ - $script_file=preg_replace("/DCCIFD_ENABLE=off/","DCCIFD_ENABLE=on",$script_file); - file_put_contents($script, $script_file, LOCK_EX); - } - mwexec("$script stop"); - mwexec_bg("$script start"); - - $script='/usr/local/etc/rc.d/dansguardian'; + mwexec("$script stop"); + unlink_if_exists("/tmp/.dguardianipc"); + unlink_if_exists("/tmp/.dguardianurlipc"); + mwexec_bg("$script start"); + } + } - #fix MIME::ToolUtils deprecated function and usecure dependency calls in /usr/local/sbin/dansguardian - $cconf="/usr/local/sbin/dansguardian"; - $cconf_file=file_get_contents($cconf); - $pattern2[0]='/perl\W+I/'; - $pattern2[1]='/\smy .current = config MIME::ToolUtils/'; - $replacement2[0]='perl -U -I'; - $replacement2[1]=' #my $current = config MIME::ToolUtils'; - if (preg_match('/perl\W+I/',$cconf_file)){ - $cconf_file=preg_replace($pattern2,$replacement2,$cconf_file); - file_put_contents($cconf, $cconf_file, LOCK_EX); - #force old process stop - mwexec("$script stop"); - } - - $script_file=file_get_contents($script); - if (preg_match('/NO/',$script_file)){ - $script_file=preg_replace("/NO/","YES",$script_file); - file_put_contents($script, $script_file, LOCK_EX); - chmod ($script,0755); - } + $dirs=array('/usr/local/etc/dansguardian/lists/bannedrooms/', + '/var/log/dansguardian'); + foreach ($dirs as $dir) + if (!is_dir($dir)) + mkdir ($dir,0755,true); + + $script='/usr/local/etc/rc.d/dansguardian'; if($config['installedpackages']['dansguardian']['config'][0]['enable']){ - log_error("Reload dansguardian"); + $script_file=file_get_contents($script); + if (preg_match('/NO/',$script_file)){ + $script_file=preg_replace("/NO/","YES",$script_file); + file_put_contents($script, $script_file, LOCK_EX); + } chmod ($script,0755); - mwexec("$script stop"); - sleep(2); - mwexec_bg("$script start"); + mwexec("$script stop"); + mwexec_bg("$script start"); } else{ - log_error("Stopping dansguardian if running"); mwexec("$script stop"); - chmod ($script,0444); + chmod ($script,0444); } + + if (!file_exists('/usr/local/etc/dansguardian/lists/phraselists/pornography/weighted_russian_utf8')) + file_put_contents('/usr/local/etc/dansguardian/lists/phraselists/pornography/weighted_russian_utf8',"",LOCK_EX); + conf_mount_ro(); $synconchanges = $config['installedpackages']['dansguardiansync']['config'][0]['synconchanges']; if(!$synconchanges && !$syncondbchanges) @@ -1124,17 +770,10 @@ EOF; function dansguardian_validate_input($post, &$input_errors) { foreach ($post as $key => $value) { - if (empty($value)) - continue; - if (substr($key, 0, 6) == "domain" && is_numeric(substr($key, 6))) { - if (!is_domain($value)) - $input_errors[] = "{$value} is not a valid domain name."; - } else if (substr($key, 0, 12) == "mailserverip" && is_numeric(substr($key, 12))) { - if (empty($post['domain' . substr($key, 12)])) - $input_errors[] = "Domain for {$value} cannot be blank."; - if (!is_ipaddr($value) && !is_hostname($value)) - $input_errors[] = "{$value} is not a valid IP address or host name."; - } + if ($key == "name" && $value == "") + $input_errors[] = "{$key} could not be empty."; + else if ($key == "name" && $value=="sample") + $input_errors[] = "{$value} cannot be used as name."; } } @@ -1146,7 +785,7 @@ function dansguardian_php_deinstall_command() { mwexec("/usr/local/etc/rc.d/dansguardian.sh stop"); sleep(1); conf_mount_rw(); - unlink_if_exists("/usr/local/etc/rc.d/dansguardian.sh"); + unlink_if_exists("/usr/local/etc/rc.d/dansguardian"); conf_mount_ro(); } @@ -1180,12 +819,22 @@ function dansguardian_do_xmlrpc_sync($sync_to_ip, $password,$sync_type) { if ($sync_xml){ log_error("Include dansguardian config"); $xml['dansguardian'] = $config['installedpackages']['dansguardian']; - $xml['msreport'] = $config['installedpackages']['msreport']; - $xml['mscontent'] = $config['installedpackages']['mscontent']; - $xml['msantivirus'] = $config['installedpackages']['msantivirus']; - $xml['msantispam'] = $config['installedpackages']['msantispam']; - $xml['msalerts'] = $config['installedpackages']['msalerts']; - } + $xml['dansguardianantivirusacl'] = $config['installedpackages']['dansguardianantivirusacl']; + $xml['dansguardianconfig'] = $config['installedpackages']['dansguardianconfig']; + $xml['dansguardiancontentacl'] = $config['installedpackages']['dansguardiancontentacl']; + $xml['dansguardianfileacl'] = $config['installedpackages']['dansguardianfileacl']; + $xml['dansguardiangroups'] = $config['installedpackages']['dansguardiangroups']; + $xml['dansguardianheaderacl'] = $config['installedpackages']['dansguardianheaderacl']; + $xml['dansguardianlimits'] = $config['installedpackages']['dansguardianlimits']; + $xml['dansguardianlog'] = $config['installedpackages']['dansguardianlog']; + $xml['dansguardianphraseacl'] = $config['installedpackages']['dansguardianphraseacl']; + $xml['dansguardianpicsacl'] = $config['installedpackages']['dansguardianpicsacl']; + $xml['dansguardiansearchacl'] = $config['installedpackages']['dansguardiansearchacl']; + $xml['dansguardiansiteacl'] = $config['installedpackages']['dansguardiansiteacl']; + $xml['dansguardianurlacl'] = $config['installedpackages']['dansguardianurlacl']; + $xml['dansguardianusers'] = $config['installedpackages']['dansguardianusers']; + + } if (count($xml) > 0){ /* assemble xmlrpc payload */ $params = array( diff --git a/config/dansguardian/dansguardian.php b/config/dansguardian/dansguardian.php new file mode 100644 index 00000000..8998d1f8 --- /dev/null +++ b/config/dansguardian/dansguardian.php @@ -0,0 +1,114 @@ +<?php +/* $Id$ */ +/* ========================================================================== */ +/* + dansguardian.php + part of pfSense (http://www.pfSense.com) + Copyright (C) 2012 Marcello Coutinho + + All rights reserved. +*/ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ +/* ========================================================================== */ + +require_once("/etc/inc/util.inc"); +require_once("/etc/inc/functions.inc"); +require_once("/etc/inc/pkg-utils.inc"); +require_once("/etc/inc/globals.inc"); +require_once("/usr/local/pkg/dansguardian.inc"); + +function fetch_blacklist(){ + global $config,$g; + $url=$config['installedpackages']['dansguardianblacklist']['config'][0]['url']; + if (is_url($url)){ + conf_mount_rw(); + print "file download start.."; + exec("/usr/bin/fetch -o /usr/local/etc/dansguardian/lists/blacklist.tgz ".escapeshellarg($url)); + chdir ("/usr/local/etc/dansguardian/lists"); + if (is_dir ("blacklists.old")) + exec ('rm -rf /usr/local/etc/dansguardian/lists/blacklists.old'); + rename("blacklists","blacklists.old"); + exec('/usr/bin/tar -xvzf /usr/local/etc/dansguardian/lists/blacklist.tgz 2>&1',$output,$return); + if (preg_match("/x (\w+)/",$output[0],$matches)){ + if ($matches[1] != "blacklists") + rename("./".$matches[1],"blacklists"); + read_lists(); + file_notice("Dansguardian - Blacklist applied, check site and URL access lists for categories",""); + } + else + file_notice("Dansguardian - Could not determine Blacklist extract dir. Categories not updated",""); + } + else{ + file_notice("Dansguardian - Blacklist url is invalid.",""); + } +} +function read_lists(){ + global $config,$g; + $group_type=array(); + $dir="/usr/local/etc/dansguardian/lists"; + #read dansguardian lists dirs + $groups= array("phraselists", "blacklists", "whitelists"); + #assigns know list files + $types=array('domains','urls','banned','weighted','exception','expression'); + #clean previous xml config for dansguardian lists + foreach ($groups as $group) + foreach ($types as $clean) + $config['installedpackages']['dansguardian'.$group.$clean]['config']=array(); + + #clean previous xml config for dansguardian lists + foreach ($groups as $group) + if (is_dir("$dir/$group/")){ + #read dir content and find lists + $lists= scandir("$dir/$group/"); + foreach ($lists as $list) + if (!preg_match ("/^\./",$list)){ + $category= scandir("$dir/$group/$list/"); + foreach ($category as $file) + if (!preg_match ("/^\./",$file)){ + #assign list to array + $type=split("_",$file); + print $type[0]." --- $list --- $file\n"; + if (!in_array($type[0],$group_type)) + $list_type[]=$type[0]; + $xml_group=($list=="whitelist"?"whitelists":$group); + $xml_type=($type[0]=="domains.processed"?"domains":$type[0]); + $config['installedpackages']['dansguardian'.$xml_group.$xml_type]['config'][]=array("descr"=> "$list $file","list" => $list,"file" => "$dir/$group/$list/$file"); + } + } + } + + #var_dump($config['installedpackages']['dansguardian']['config']); + #foreach ($types as $clean) + #var_dump($config['installedpackages']['dansguardianfiles'.$clean]['config']); + write_config(); +} + +if ($argv[1]=="update_lists") + read_lists(); + +if ($argv[1]=="fetch_blacklist") + fetch_blacklist(); + +?>
\ No newline at end of file diff --git a/config/dansguardian/dansguardian.xml b/config/dansguardian/dansguardian.xml index c8b630d1..22315ef8 100644 --- a/config/dansguardian/dansguardian.xml +++ b/config/dansguardian/dansguardian.xml @@ -44,7 +44,7 @@ <faq>Currently there are no FAQ items provided.</faq> <name>dansguardian</name> <version>1.0</version> - <title>Services: Sansguardian</title> + <title>Services: Dansguardian</title> <include_file>/usr/local/pkg/dansguardian.inc</include_file> <menu> <name>dansguardian</name> @@ -53,31 +53,36 @@ <url>pkg_edit.php?xml=dansguardian.xml</url> </menu> <additional_files_needed> - <item>http:/www.pfsense.org/packages/config/pf-blocker/dansguardian.inc</item> + <item>http:/www.pfsense.org/packages/config/dansguardian/dansguardian.inc</item> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/pf-blocker/dansguardian.php</item> + <item>http://www.pfsense.org/packages/config/dansguardian/dansguardian.php</item> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/pf-blocker/dansguardian.widget.php</item> - <prefix>/usr/local/www/widgets/widgets/</prefix> + <item>http://www.pfsense.org/packages/config/dansguardian/dansguardian_limits.xml</item> + <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/dansguardian/dansguardian_limits.xml</item> + <item>http://www.pfsense.org/packages/config/dansguardian/dansguardian_users_header.xml</item> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/dansguardian/dansguardian_lists.xml</item> + <item>http://www.pfsense.org/packages/config/dansguardian/dansguardian_users_footer.xml</item> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> + <item>http://www.pfsense.org/packages/config/dansguardian/dansguardian_about.php</item> + <prefix>/usr/local/www/</prefix> + <chmod>0755</chmod> + </additional_files_needed> + <additional_files_needed> <item>http://www.pfsense.org/packages/config/dansguardian/dansguardian_config.xml</item> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> @@ -87,6 +92,76 @@ <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> </additional_files_needed> + <additional_files_needed> + <item>http://www.pfsense.org/packages/config/dansguardian/dansguardianfx.conf.template</item> + <prefix>/usr/local/pkg/</prefix> + <chmod>0755</chmod> + </additional_files_needed> + <additional_files_needed> + <item>http://www.pfsense.org/packages/config/dansguardian/dansguardian_url_acl.xml</item> + <prefix>/usr/local/pkg/</prefix> + <chmod>0755</chmod> + </additional_files_needed> + <additional_files_needed> + <item>http://www.pfsense.org/packages/config/dansguardian/dansguardian_site_acl.xml</item> + <prefix>/usr/local/pkg/</prefix> + <chmod>0755</chmod> + </additional_files_needed> + <additional_files_needed> + <item>http://www.pfsense.org/packages/config/dansguardian/dansguardian_search_acl.xml</item> + <prefix>/usr/local/pkg/</prefix> + <chmod>0755</chmod> + </additional_files_needed> + <additional_files_needed> + <item>http://www.pfsense.org/packages/config/dansguardian/dansguardian_pics_acl.xml</item> + <prefix>/usr/local/pkg/</prefix> + <chmod>0755</chmod> + </additional_files_needed> + <additional_files_needed> + <item>http://www.pfsense.org/packages/config/dansguardian/dansguardian_phrase_acl.xml</item> + <prefix>/usr/local/pkg/</prefix> + <chmod>0755</chmod> + </additional_files_needed> + <additional_files_needed> + <item>http://www.pfsense.org/packages/config/dansguardian/dansguardian_log.xml</item> + <prefix>/usr/local/pkg/</prefix> + <chmod>0755</chmod> + </additional_files_needed> + <additional_files_needed> + <item>http://www.pfsense.org/packages/config/dansguardian/dansguardian_header_acl.xml</item> + <prefix>/usr/local/pkg/</prefix> + <chmod>0755</chmod> + </additional_files_needed> + <additional_files_needed> + <item>http://www.pfsense.org/packages/config/dansguardian/dansguardian_groups.xml</item> + <prefix>/usr/local/pkg/</prefix> + <chmod>0755</chmod> + </additional_files_needed> + <additional_files_needed> + <item>http://www.pfsense.org/packages/config/dansguardian/dansguardian_file_acl.xml</item> + <prefix>/usr/local/pkg/</prefix> + <chmod>0755</chmod> + </additional_files_needed> + <additional_files_needed> + <item>http://www.pfsense.org/packages/config/dansguardian/dansguardian_content_acl.xml</item> + <prefix>/usr/local/pkg/</prefix> + <chmod>0755</chmod> + </additional_files_needed> + <additional_files_needed> + <item>http://www.pfsense.org/packages/config/dansguardian/dansguardian_blacklist.xml</item> + <prefix>/usr/local/pkg/</prefix> + <chmod>0755</chmod> + </additional_files_needed> + <additional_files_needed> + <item>http://www.pfsense.org/packages/config/dansguardian/dansguardian_antivirus_acl.xml</item> + <prefix>/usr/local/pkg/</prefix> + <chmod>0755</chmod> + </additional_files_needed> + <additional_files_needed> + <item>http://www.pfsense.org/packages/config/dansguardian/dansguardian.conf.template</item> + <prefix>/usr/local/pkg/</prefix> + <chmod>0755</chmod> + </additional_files_needed> <tabs> <tab> <text>Daemon</text> @@ -102,11 +177,23 @@ <url>/pkg_edit.php?xml=dansguardian_limits.xml&id=0</url> </tab> <tab> - <text>Filter Groups</text> - <url>/pkg.php?xml=dansguardian_lists.xml</url> + <text>Blacklist</text> + <url>/pkg_edit.php?xml=dansguardian_blacklist.xml&id=0</url> + </tab> + <tab> + <text>Access Lists</text> + <url>/pkg_edit.php?xml=dansguardian_antivirus_acl.xml&id=0</url> + </tab> + <tab> + <text>Groups</text> + <url>/pkg.php?xml=dansguardian_groups.xml</url> + </tab> + <tab> + <text>Users</text> + <url>/pkg_edit.php?xml=dansguardian_users.xml</url> </tab> <tab> - <text>Report and Log</text> + <text>Report and log</text> <url>/pkg_edit.php?xml=dansguardian_log.xml&id=0</url> </tab> <tab> @@ -114,8 +201,8 @@ <url>/pkg_edit.php?xml=dansguardian_sync.xml&id=0</url> </tab> <tab> - <text>About</text> - <url>/pkg_edit.php?xml=dansguardian.php&id=0</url> + <text>Help</text> + <url>/dansguardian_about.php</url> </tab> </tabs> <fields> @@ -125,13 +212,13 @@ </field> <field> <fielddescr>Enable dansguardian</fielddescr> - <fieldname>enable_dg</fieldname> + <fieldname>enable</fieldname> <type>checkbox</type> - <description></description> + <description><![CDATA[<a target=_new href='http://dansguardian.org/?page=copyright2'>I agree with dansguardian terms and licence.</a>]]></description> </field> <field> <fielddescr>Listen Interface(s)</fielddescr> - <fieldname>inbound_interface</fieldname> + <fieldname>interface</fieldname> <description><![CDATA[Default: <strong>WAN</strong><br>Select interface(s) that you want to block incoming traffic.]]></description> <type>interfaces_selection</type> <required/> @@ -176,6 +263,14 @@ On large sites you might want to try 8/64.]]></description> </field> <field> + <fielddescr>Prefork Children</fielddescr> + <fieldname>preforkchildren</fieldname> + <type>input</type> + <size>10</size> + <description><![CDATA[sets the minimum number of processes to spawn when it runs out<br> + On large sites you might want to try 10]]></description> + </field> + <field> <fielddescr>Max Age Children</fielddescr> <fieldname>maxagechildren</fieldname> <type>input</type> diff --git a/config/dansguardian/dansguardian_about.php b/config/dansguardian/dansguardian_about.php new file mode 100755 index 00000000..306ddc3e --- /dev/null +++ b/config/dansguardian/dansguardian_about.php @@ -0,0 +1,114 @@ +<?php +/* + mailscanner_about.php + part of pfSense (http://www.pfsense.com/) + Copyright (C) 2011 Marcello Coutinho <marcellocoutinho@gmail.com> + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +require("guiconfig.inc"); + +$pfSversion = str_replace("\n", "", file_get_contents("/etc/version")); +if(strstr($pfSversion, "1.2")) + $one_two = true; + +$pgtitle = "About: Dansguardian Package"; +include("head.inc"); + +?> +<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> +<?php include("fbegin.inc"); ?> + +<?php if($one_two): ?> +<p class="pgtitle"><?=$pgtitle?></font></p> +<?php endif; ?> +<?php if ($input_errors) print_input_errors($input_errors); ?> +<?php if ($savemsg) print_info_box($savemsg); ?> + + +<div id="mainlevel"> + <table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr><td> + <?php + $tab_array = array(); + $tab_array[] = array(gettext("Daemon"), false, "/pkg_edit.php?xml=dansguardian.xml&id=0"); + $tab_array[] = array(gettext("General"), false, "/pkg_edit.php?xml=dansguardian_general.xml&id=0"); + $tab_array[] = array(gettext("Limits"), false, "/pkg_edit.php?xml=dansguardian_limits.xml&id=0"); + $tab_array[] = array(gettext("Blacklist"), false, "/pkg_edit.php?xml=dansguardian_blacklist.xml&id=0"); + $tab_array[] = array(gettext("Access Lists"), false, "/pkg_edit.php?xml=dansguardian_antivirus.xml&id=0"); + $tab_array[] = array(gettext("Groups"), false, "/pkg.php?xml=dansguardian_groups.xml&id=0"); + $tab_array[] = array(gettext("Users"), false, "/pkg.php?xml=dansguardian_users.xml&id=0"); + $tab_array[] = array(gettext("Report and Log"), false, "/pkg_edit.php?xml=dansguardian_log.xml&id=0"); + $tab_array[] = array(gettext("XMLRPC Sync"), false, "/pkg_edit.php?xml=dansguardian_sync.xml&id=0"); + $tab_array[] = array(gettext("Help"), true, "/dansguardian_about.php"); + display_top_tabs($tab_array); +?> + </td></tr> + <tr> + + <td> + <div id="mainarea"> + <table class="tabcont" width="100%" border="0" cellpadding="8" cellspacing="0"> + <tr><td></td></tr> + <tr> + <td colspan="2" valign="top" class="listtopic"><?=gettext("Help docs"); ?></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Copyright");?></td> + <td width="78%" class="vtable"><?=gettext("<a target=_new href='http://dansguardian.org/?page=copyright2'>Copyright and licensing for Dansguardian 2</a><br><br>");?> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Blacklists");?></td> + <td width="78%" class="vtable"><?=gettext("<a target=_new href='http://www.squidguard.org/blacklists.html'>Dansguardian Blacklists</a><br><br>");?> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Whatis");?></td> + <td width="78%" class="vtable"><?=gettext("<a target=_new href='http://dansguardian.org/?page=whatisdg'>What is Dansguardian</a><br><br>");?> + </tr> + <tr> + <td colspan="2" valign="top" class="listtopic"><?=gettext("About dansguardian package"); ?></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Credits ");?></td> + <td width="78%" class="vtable"><?=gettext("Package Created by <a target=_new href='http://forum.pfsense.org/index.php?action=profile;u=4710'>Marcello Coutinho</a><br><br>");?></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Donatios ");?></td> + <td width="78%" class="vtable"><?=gettext("If you like this package, please <a target=_new href='http://www.pfsense.org/index.php?option=com_content&task=view&id=47&Itemid=77'>donate to pfSense project</a>.<br><br> + If you want that your donation goes to this package developer, make a note on donation forwarding it to me.<br><br>");?></td> + </tr> + </table> + + </div> + </td> + </tr> + + + </table> + <br> + <div id="search_results"></div> +</div> +<?php include("fend.inc"); ?> +</body> +</html> diff --git a/config/dansguardian/dansguardian_antivirus_acl.xml b/config/dansguardian/dansguardian_antivirus_acl.xml new file mode 100755 index 00000000..21c5c17e --- /dev/null +++ b/config/dansguardian/dansguardian_antivirus_acl.xml @@ -0,0 +1,193 @@ +<?xml version="1.0" encoding="utf-8" ?> +<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> +<packagegui> + <copyright> + <![CDATA[ +/* ========================================================================== */ +/* + dansguardian_file_acl.xml + part of pfSense (http://www.pfSense.com) + Copyright (C) 2012 Marcello Coutinho + + All rights reserved. +*/ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ +/* ========================================================================== */ + ]]> + </copyright> + <description>Describe your package here</description> + <requirements>Describe your package requirements here</requirements> + <faq>Currently there are no FAQ items provided.</faq> + <name>dansguardianantivirusacl</name> + <version>1.0</version> + <title>Services: Dansguardian - Access Lists</title> + <include_file>/usr/local/pkg/dansguardian.inc</include_file> + <tabs> + <tab> + <text>Back to config</text> + <url>/pkg_edit.php?xml=dansguardian.xml&id=0</url> + </tab> + <tab> + <text>Antivirus</text> + <url>/pkg_edit.php?xml=dansguardian_antivirus_acl.xml&id=0</url> + <active/> + </tab> + <tab> + <text>Pics</text> + <url>/pkg.php?xml=dansguardian_pics_acl.xml&id=0</url> + </tab> + <tab> + <text>Phase</text> + <url>/pkg.php?xml=dansguardian_phrase_acl.xml</url> + </tab> + <tab> + <text>Site</text> + <url>/pkg.php?xml=dansguardian_site_acl.xml</url> + </tab> + <tab> + <text>URL</text> + <url>/pkg.php?xml=dansguardian_url_acl.xml</url> + </tab> + <tab> + <text>Extension</text> + <url>/pkg.php?xml=dansguardian_file_acl.xml</url> + </tab> + <tab> + <text>Content</text> + <url>/pkg.php?xml=dansguardian_content_acl.xml</url> + </tab> + <tab> + <text>Header</text> + <url>/pkg.php?xml=dansguardian_header_acl.xml</url> + </tab> + <tab> + <text>Searche Engine</text> + <url>/pkg.php?xml=dansguardian_search_acl.xml</url> + </tab> + <tab> + <text>Groups</text> + <url>/pkg.php?xml=dansguardian_groups.xml</url> + </tab> + <tab> + <text>Users</text> + <url>/pkg_edit.php?xml=dansguardian_users.xml</url> + </tab> + </tabs> + <fields> + <field> + <name>Extension</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Enable</fielddescr> + <fieldname>extension_enabled</fieldname> + <type>checkbox</type> + <description></description> + </field> + <field> + <fielddescr>config</fielddescr> + <fieldname>extension_list</fieldname> + <description><![CDATA[Enter extension exception virus scanner list.<br> + Leave empty to load dansguardian defaults]]></description> + <type>textarea</type> + <cols>80</cols> + <rows>10</rows> + <encoding>base64</encoding> + </field> + <field> + <name>Mime</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Enable</fielddescr> + <fieldname>mime_enabled</fieldname> + <type>checkbox</type> + <description></description> + </field> + <field> + <fielddescr>config</fielddescr> + <fieldname>mime_list</fieldname> + <description><![CDATA[Enter mime type exception virus scanner list.<br> + Leave empty to load dansguardian defaults]]></description> + <type>textarea</type> + <cols>80</cols> + <rows>10</rows> + <encoding>base64</encoding> + </field> + <field> + <name>Site</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Enable</fielddescr> + <fieldname>site_enabled</fieldname> + <type>checkbox</type> + <description></description> + </field> + <field> + <fielddescr>config</fielddescr> + <fieldname>site_list</fieldname> + <description><![CDATA[Enter site exception virus scanner list.<br> + Leave empty to load dansguardian defaults]]></description> + <type>textarea</type> + <cols>80</cols> + <rows>10</rows> + <encoding>base64</encoding> + </field> +<field> + <name>URL</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Enable</fielddescr> + <fieldname>url_enabled</fieldname> + <type>checkbox</type> + <description></description> + </field> + <field> + <fielddescr>config</fielddescr> + <fieldname>url_list</fieldname> + <description><![CDATA[Enter url exception virus scanner list.<br> + Leave empty to load dansguardian defaults]]></description> + <type>textarea</type> + <cols>80</cols> + <rows>10</rows> + <encoding>base64</encoding> + </field> + </fields> + <custom_php_install_command> + dansguardian_php_install_command(); + </custom_php_install_command> + <custom_php_deinstall_command> + dansguardian_php_deinstall_command(); + </custom_php_deinstall_command> + <custom_php_validation_command> + dansguardian_validate_input($_POST, &$input_errors); + </custom_php_validation_command> + <custom_php_resync_config_command> + sync_package_dansguardian(); + </custom_php_resync_config_command> +</packagegui>
\ No newline at end of file diff --git a/config/dansguardian/dansguardian_blacklist.xml b/config/dansguardian/dansguardian_blacklist.xml new file mode 100644 index 00000000..d518f531 --- /dev/null +++ b/config/dansguardian/dansguardian_blacklist.xml @@ -0,0 +1,156 @@ +<?xml version="1.0" encoding="utf-8" ?> +<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> +<packagegui> + <copyright> + <![CDATA[ +/* $Id$ */ +/* ========================================================================== */ +/* + dansguardian_limits.xml + part of the dansguardian for pfSense + Copyright (C) 2012 Marcello Coutinho + + All rights reserved. + */ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ +/* ========================================================================== */ + ]]> + </copyright> + <description>Describe your package here</description> + <requirements>Describe your package requirements here</requirements> + <faq>Currently there are no FAQ items provided.</faq> + <name>dansguardianblacklist</name> + <version>1.0</version> + <title>Services: Dansguardian</title> + <include_file>/usr/local/pkg/dansguardian.inc</include_file> + <tabs> + <tab> + <text>Daemon</text> + <url>/pkg_edit.php?xml=dansguardian.xml&id=0</url> + </tab> + <tab> + <text>General</text> + <url>/pkg_edit.php?xml=dansguardian_config.xml&id=0</url> + </tab> + <tab> + <text>Limits</text> + <url>/pkg_edit.php?xml=dansguardian_limits.xml&id=0</url> + </tab> + <tab> + <text>Blacklist</text> + <url>/pkg_edit.php?xml=dansguardian_blacklist.xml&id=0</url> + <active/> + </tab> + <tab> + <text>Access Lists</text> + <url>/pkg_edit.php?xml=dansguardian_antivirus_acl.xml&id=0</url> + </tab> + <tab> + <text>Groups</text> + <url>/pkg.php?xml=dansguardian_groups.xml</url> + </tab> + <tab> + <text>Users</text> + <url>/pkg_edit.php?xml=dansguardian_users.xml</url> + </tab> + <tab> + <text>Report and log</text> + <url>/pkg_edit.php?xml=dansguardian_log.xml&id=0</url> + </tab> + <tab> + <text>XMLRPC Sync</text> + <url>/pkg_edit.php?xml=dansguardian_sync.xml&id=0</url> + </tab> + <tab> + <text>Help</text> + <url>/dansguardian_about.php</url> + </tab> +</tabs> + <fields> + <field> + <name>Blacklist options</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Enable</fielddescr> + <fieldname>blacklist</fieldname> + <type>checkbox</type> + </field> + <field> + <fielddescr>Update frequency</fielddescr> + <fieldname>cron</fieldname> + <description><![CDATA[Default:<strong>Never</strong><br> + Select how often pfsense will re download Blacklist files]]></description> + <type>select</type> + <options> + <option><name>Never</name><value>never</value></option> + <option><name>Now</name><value>now</value></option> + <option><name>Every day</name><value>day</value></option> + <option><name>Every 2 days</name><value>02days</value></option> + <option><name>Once a week</name><value>week</value></option> + </options> + </field> + <field> + <fielddescr>Blacklist URL</fielddescr> + <fieldname>url</fieldname> + <description><![CDATA[Enter FTP, HTTP or LOCAL (pfSense) URL blacklist archive.<br> + File must be in tar.gz or tgz format.]]></description> + <type>input</type> + <size>80</size> + </field> + <field> + <name>Custom update script</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Enable</fielddescr> + <fieldname>enable_custom_script</fieldname> + <type>checkbox</type> + </field> + <field> + <fielddescr>script</fielddescr> + <fieldname>update_script</fieldname> + <description><![CDATA[Enter custom script to update Blacklists<br> + This script will be called by update frequency schedule.]]></description> + <type>textarea</type> + <cols>80</cols> + <rows>15</rows> + <encoding>base64</encoding> + </field> + </fields> + <custom_php_install_command> + dansguardian_php_install_command(); + </custom_php_install_command> + <custom_php_deinstall_command> + dansguardian_php_deinstall_command(); + </custom_php_deinstall_command> + <custom_php_validation_command> + dansguardian_validate_input($_POST, &$input_errors); + </custom_php_validation_command> + <custom_php_resync_config_command> + sync_package_dansguardian(); + </custom_php_resync_config_command> +</packagegui> diff --git a/config/dansguardian/dansguardian_config.xml b/config/dansguardian/dansguardian_config.xml index d3ed5277..7e4eda17 100644 --- a/config/dansguardian/dansguardian_config.xml +++ b/config/dansguardian/dansguardian_config.xml @@ -61,11 +61,23 @@ <url>/pkg_edit.php?xml=dansguardian_limits.xml&id=0</url> </tab> <tab> - <text>Filter Groups</text> - <url>/pkg.php?xml=dansguardian_lists.xml</url> + <text>Blacklist</text> + <url>/pkg_edit.php?xml=dansguardian_blacklist.xml&id=0</url> </tab> <tab> - <text>Report and Log</text> + <text>Access Lists</text> + <url>/pkg_edit.php?xml=dansguardian_antivirus_acl.xml&id=0</url> + </tab> + <tab> + <text>Groups</text> + <url>/pkg.php?xml=dansguardian_groups.xml</url> + </tab> + <tab> + <text>Users</text> + <url>/pkg_edit.php?xml=dansguardian_users.xml</url> + </tab> + <tab> + <text>Report and log</text> <url>/pkg_edit.php?xml=dansguardian_log.xml&id=0</url> </tab> <tab> @@ -73,8 +85,8 @@ <url>/pkg_edit.php?xml=dansguardian_sync.xml&id=0</url> </tab> <tab> - <text>About</text> - <url>/pkg_edit.php?xml=dansguardian.php&id=0</url> + <text>Help</text> + <url>/dansguardian_about.php</url> </tab> </tabs> <fields> @@ -83,24 +95,19 @@ <type>listtopic</type> </field> <field> - <fielddescr>Url cache number</fielddescr> - <fieldname>urlcachenumber</fieldname> - <type>input</type> - <size>10</size> - <description><![CDATA[Positive (clean) result caching for URLs Caches good pages so they don't need to be scanned again.It also works with AV plugins.<br> - 0 = off (recommended for ISPs with users with disimilar browsing)<br> - <strong>1000 = recommended for most user</strong><br> - 5000 = suggested max upper limit<br> - If you're using an AV plugin then use at least 5000.]]></description> - </field> - <field> - <fielddescr>Url cache age</fielddescr> - <fieldname>urlcacheage</fieldname> - <type>input</type> - <size>10</size> - <description><![CDATA[Age before cache are stale and should be ignored in seconds<br> - <strong>900 = 15 mins(recommended)</strong><br> - 0 = never]]></description> + <fielddescr>Auth Plugin</fielddescr> + <fieldname>auth_plugin</fieldname> + <description><![CDATA[This option handle the extraction of client usernames from various sources, such as Proxy-Authorisation headers and ident servers, + enabling requests to be handled according to the settings of the user's filter group.]]></description> + <type>select</type> + <options> + <option><name>Proxy-Basic</name><value>/usr/local/etc/dansguardian/authplugins/proxy-basic.conf</value></option> + <option><name>Proxy-Digest</name><value>/usr/local/etc/dansguardian/authplugins/proxy-digest.conf</value></option> + <option><name>Proxy-Ntlm</name><value>/usr/local/etc/dansguardian/authplugins/proxy-ntlm.conf</value></option> + <option><name>Ident</name><value>/usr/local/etc/dansguardian/authplugins/ident.conf</value></option> + <option><name>Ip Address</name><value>/usr/local/etc/dansguardian/authplugins/ip.conf</value></option> + <option><name>none</name><value></value></option> + </options> </field> <field> <fielddescr>Scan Options</fielddescr> @@ -134,6 +141,18 @@ </options> </field> <field> + <fielddescr>Lower casing options</fielddescr> + <fieldname>preservecase</fieldname> + <description><![CDATA[When a document is scanned the uppercase letters are converted to lower case in order to compare them with the phrases.<br> + However this can break Big5 and other 16-bit texts. If needed preserve the case.]]></description> + <type>select</type> + <options> + <option><name>Force lower case (default)</name><value>0</value></option> + <option><name>Do not change case</name><value>1</value></option> + <option><name>Scan first in lower case, then in original case</name><value>2</value></option> + </options> + </field> + <field> <fielddescr>Phrase filter mode</fielddescr> <fieldname>phrasefiltermode</fieldname> <description><![CDATA[Smart, Raw and Meta/Title phrase content filtering options<br> @@ -149,30 +168,62 @@ <option><name>raw only</name><value>0</value></option> </options> </field> + <field> + <fielddescr>Url cache number</fielddescr> + <fieldname>urlcachenumber</fieldname> + <type>input</type> + <size>10</size> + <description><![CDATA[Positive (clean) result caching for URLs Caches good pages so they don't need to be scanned again.It also works with AV plugins.<br> + 0 = off (recommended for ISPs with users with disimilar browsing)<br> + <strong>1000 = recommended for most user</strong><br> + 5000 = suggested max upper limit<br> + If you're using an AV plugin then use at least 5000.]]></description> + </field> <field> - <fielddescr>Lower casing options</fielddescr> - <fieldname>preservecase</fieldname> - <description><![CDATA[When a document is scanned the uppercase letters are converted to lower case in order to compare them with the phrases.<br> - However this can break Big5 and other 16-bit texts. If needed preserve the case.]]></description> - <type>select</type> - <options> - <option><name>Force lower case (default)</name><value>0</value></option> - <option><name>Do not change case</name><value>1</value></option> - <option><name>Scan first in lower case, then in original case</name><value>2</value></option> - </options> + <fielddescr>Url cache age</fielddescr> + <fieldname>urlcacheage</fieldname> + <type>input</type> + <size>10</size> + <description><![CDATA[Age before cache are stale and should be ignored in seconds<br> + <strong>900 = 15 mins(recommended)</strong><br> + 0 = never]]></description> + </field> + <field> + <name>SSL man in the middle Filtering</name> + <type>listtopic</type> </field> - <field> + <field> + <fielddescr>CA</fielddescr> + <fieldname>ca</fieldname> + <description><![CDATA[Select Certificate Authority to use when SSL filtering is enabled on Group options<br> + To create a CA on pfsense, go to <strong>system -> Cert Manager<strong>]]></description> + <type>select_source</type> + <source><![CDATA[$config['ca']]]></source> + <source_name>descr</source_name> + <source_value>refid</source_value> + </field> + <field> + <fielddescr>Cert</fielddescr> + <fieldname>cert</fieldname> + <description><![CDATA[Select Certificate pair to use when SSL filtering is enabled on Group options<br> + To create a Certificate on pfsense, go to <strong>system -> Cert Manager<strong>]]></description> + <type>select_source</type> + <source><![CDATA[$config['cert']]]></source> + <source_name>descr</source_name> + <source_value>refid</source_value> + </field> + <field> <name>Content Scanner</name> <type>listtopic</type> </field> <field> - <fielddescr>Content Scanners</fielddescr> + <fielddescr>Content Scanners (antivirus)</fielddescr> <fieldname>content_scanners</fieldname> <description><![CDATA[Content Scanners options. Default values are in ( )]]></description> <type>select</type> <options> - <option><name>clamdscan (on)</name><value>clamdscan</value></option> - <option><name>icapscan (on)</name><value>icapscan</value></option> + <option><name>clamdscan (off)</name><value>/usr/local/etc/dansguardian/contentscanners/clamdscan.conf</value></option> + <option><name>icapscan (off)</name><value>/usr/local/etc/dansguardian/contentscanners/icapscan.conf</value></option> </options> <multiple/> <size>3</size> @@ -196,6 +247,15 @@ Correct use of grey lists are a better idea.]]></description> </field> <field> + <fielddescr>ICAP URL</fielddescr> + <fieldname>contentscannertimeout</fieldname> + <type>input</type> + <size>40</size> + <description><![CDATA[Enter ICAP URL in <strong>icap://icapserver:1344/avscan</strong> format<br> + Use hostname rather than IP address and Always specify the port]]></description> + </field> + + <field> <name>Misc settings</name> <type>listtopic</type> </field> diff --git a/config/dansguardian/dansguardian_content_acl.xml b/config/dansguardian/dansguardian_content_acl.xml new file mode 100755 index 00000000..14524b8d --- /dev/null +++ b/config/dansguardian/dansguardian_content_acl.xml @@ -0,0 +1,160 @@ +<?xml version="1.0" encoding="utf-8" ?> +<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> +<packagegui> + <copyright> + <![CDATA[ +/* ========================================================================== */ +/* + dansguardian_content_acl.xml + part of pfSense (http://www.pfSense.com) + Copyright (C) 2012 Marcello Coutinho + + All rights reserved. +*/ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ +/* ========================================================================== */ + ]]> + </copyright> + <description>Describe your package here</description> + <requirements>Describe your package requirements here</requirements> + <faq>Currently there are no FAQ items provided.</faq> + <name>dansguardiancontentacl</name> + <version>1.0</version> + <title>Services: Dansguardian - Access Lists</title> + <include_file>/usr/local/pkg/dansguardian.inc</include_file> + <tabs> + <tab> + <text>Back to Config</text> + <url>/pkg_edit.php?xml=dansguardian.xml&id=0</url> + </tab> + <tab> + <text>Antivirus</text> + <url>/pkg_edit.php?xml=dansguardian_antivirus_acl.xml&id=0</url> + </tab> + <tab> + <text>Pics</text> + <url>/pkg.php?xml=dansguardian_pics_acl.xml&id=0</url> + </tab> + <tab> + <text>Phase</text> + <url>/pkg.php?xml=dansguardian_phrase_acl.xml</url> + </tab> + <tab> + <text>Site</text> + <url>/pkg.php?xml=dansguardian_site_acl.xml</url> + </tab> + <tab> + <text>URL</text> + <url>/pkg.php?xml=dansguardian_url_acl.xml</url> + </tab> + <tab> + <text>Extension</text> + <url>/pkg.php?xml=dansguardian_file_acl.xml</url> + </tab> + <tab> + <text>Content</text> + <url>/pkg.php?xml=dansguardian_content_acl.xml</url> + <active/> + </tab> + <tab> + <text>Header</text> + <url>/pkg.php?xml=dansguardian_header_acl.xml</url> + </tab> + <tab> + <text>Searche Engine</text> + <url>/pkg.php?xml=dansguardian_search_acl.xml</url> + </tab> + <tab> + <text>Groups</text> + <url>/pkg.php?xml=dansguardian_groups.xml</url> + </tab> + <tab> + <text>Users</text> + <url>/pkg_edit.php?xml=dansguardian_users.xml</url> + </tab> + </tabs> + <adddeleteeditpagefields> + <columnitem> + <fielddescr>Group name</fielddescr> + <fieldname>name</fieldname> + </columnitem> + <columnitem> + <fielddescr>Description</fielddescr> + <fieldname>description</fieldname> + </columnitem> + </adddeleteeditpagefields> + <fields> + <field> + <name>File Access Lists</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Name</fielddescr> + <fieldname>name</fieldname> + <description></description> + <type>input</type> + <size>25</size> + </field> + <field> + <fielddescr>description</fielddescr> + <fieldname>description</fieldname> + <type>input</type> + <size>80</size> + </field> + <field> + <name>Banned</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Enable</fielddescr> + <fieldname>content_enabled</fieldname> + <type>checkbox</type> + <description></description> + </field> + <field> + <fielddescr>Config</fielddescr> + <fieldname>content_regexplist</fieldname> + <description><![CDATA[Enter content regexp for this group.<br> + Leave empty to load dansguardian defaults]]></description> + <type>textarea</type> + <cols>80</cols> + <rows>30</rows> + <encoding>base64</encoding> + </field> +</fields> + <custom_php_install_command> + dansguardian_php_install_command(); + </custom_php_install_command> + <custom_php_deinstall_command> + dansguardian_php_deinstall_command(); + </custom_php_deinstall_command> + <custom_php_validation_command> + dansguardian_validate_input($_POST, &$input_errors); + </custom_php_validation_command> + <custom_php_resync_config_command> + sync_package_dansguardian(); + </custom_php_resync_config_command> +</packagegui>
\ No newline at end of file diff --git a/config/dansguardian/dansguardian_file_acl.xml b/config/dansguardian/dansguardian_file_acl.xml new file mode 100755 index 00000000..4dba7567 --- /dev/null +++ b/config/dansguardian/dansguardian_file_acl.xml @@ -0,0 +1,200 @@ +<?xml version="1.0" encoding="utf-8" ?> +<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> +<packagegui> + <copyright> + <![CDATA[ +/* ========================================================================== */ +/* + dansguardian_file_acl.xml + part of pfSense (http://www.pfSense.com) + Copyright (C) 2012 Marcello Coutinho + + All rights reserved. +*/ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ +/* ========================================================================== */ + ]]> + </copyright> + <description>Describe your package here</description> + <requirements>Describe your package requirements here</requirements> + <faq>Currently there are no FAQ items provided.</faq> + <name>dansguardianfileacl</name> + <version>1.0</version> + <title>Services: Dansguardian - Access Lists</title> + <include_file>/usr/local/pkg/dansguardian.inc</include_file> + <tabs> + <tab> + <text>Back to Config</text> + <url>/pkg_edit.php?xml=dansguardian.xml&id=0</url> + </tab> + <tab> + <text>Antivirus</text> + <url>/pkg_edit.php?xml=dansguardian_antivirus_acl.xml&id=0</url> + </tab> + <tab> + <text>Pics</text> + <url>/pkg.php?xml=dansguardian_pics_acl.xml&id=0</url> + </tab> + <tab> + <text>Phase</text> + <url>/pkg.php?xml=dansguardian_phrase_acl.xml</url> + </tab> + <tab> + <text>Site</text> + <url>/pkg.php?xml=dansguardian_site_acl.xml</url> + </tab> + <tab> + <text>URL</text> + <url>/pkg.php?xml=dansguardian_url_acl.xml</url> + </tab> + <tab> + <text>Extension</text> + <url>/pkg.php?xml=dansguardian_file_acl.xml</url> + <active/> + </tab> + <tab> + <text>Content</text> + <url>/pkg.php?xml=dansguardian_content_acl.xml</url> + </tab> + <tab> + <text>Header</text> + <url>/pkg.php?xml=dansguardian_header_acl.xml</url> + </tab> + <tab> + <text>Searche Engine</text> + <url>/pkg.php?xml=dansguardian_search_acl.xml</url> + </tab> + <tab> + <text>Groups</text> + <url>/pkg.php?xml=dansguardian_groups.xml</url> + </tab> + <tab> + <text>Users</text> + <url>/pkg_edit.php?xml=dansguardian_users.xml</url> + </tab> + </tabs> + <adddeleteeditpagefields> + <columnitem> + <fielddescr>Group name</fielddescr> + <fieldname>name</fieldname> + </columnitem> + <columnitem> + <fielddescr>Description</fielddescr> + <fieldname>description</fieldname> + </columnitem> + </adddeleteeditpagefields> + <fields> + <field> + <name>File Access Lists</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Name</fielddescr> + <fieldname>name</fieldname> + <description></description> + <type>input</type> + <size>25</size> + </field> + <field> + <fielddescr>description</fielddescr> + <fieldname>description</fieldname> + <type>input</type> + <size>80</size> + </field> + <field> + <name>Banned</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Enable</fielddescr> + <fieldname>banned_enabled</fieldname> + <type>checkbox</type> + <description></description> + </field> + <field> + <fielddescr>Extension</fielddescr> + <fieldname>banned_extensionlist</fieldname> + <description><![CDATA[Enter banned extension List for this group.<br> + Leave empty to load dansguardian defaults]]></description> + <type>textarea</type> + <cols>80</cols> + <rows>10</rows> + <encoding>base64</encoding> + </field> + <field> + <fielddescr>Mime</fielddescr> + <fieldname>banned_mimetypelist</fieldname> + <description><![CDATA[Enter banned mimetype List for this group.<br> + Leave empty to load dansguardian defaults]]></description> + <type>textarea</type> + <cols>80</cols> + <rows>10</rows> + <encoding>base64</encoding> + </field> + <field> + <name>Exception</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Enable</fielddescr> + <fieldname>exception_enabled</fieldname> + <type>checkbox</type> + <description></description> + </field> + <field> + <fielddescr>Extension</fielddescr> + <fieldname>exception_extensionlist</fieldname> + <description><![CDATA[Enter banned extension List for this group.<br> + Leave empty to load dansguardian defaults]]></description> + <type>textarea</type> + <cols>80</cols> + <rows>10</rows> + <encoding>base64</encoding> + </field> + <field> + <fielddescr>Mime</fielddescr> + <fieldname>exception_mimetypelist</fieldname> + <description><![CDATA[Enter banned mimetype List for this group.<br> + Leave empty to load dansguardian defaults]]></description> + <type>textarea</type> + <cols>80</cols> + <rows>10</rows> + <encoding>base64</encoding> + </field> + </fields> + <custom_php_install_command> + dansguardian_php_install_command(); + </custom_php_install_command> + <custom_php_deinstall_command> + dansguardian_php_deinstall_command(); + </custom_php_deinstall_command> + <custom_php_validation_command> + dansguardian_validate_input($_POST, &$input_errors); + </custom_php_validation_command> + <custom_php_resync_config_command> + sync_package_dansguardian(); + </custom_php_resync_config_command> +</packagegui>
\ No newline at end of file diff --git a/config/dansguardian/dansguardian_filters.xml b/config/dansguardian/dansguardian_filters.xml deleted file mode 100755 index 42f1c0ae..00000000 --- a/config/dansguardian/dansguardian_filters.xml +++ /dev/null @@ -1,241 +0,0 @@ -<?xml version="1.0" encoding="utf-8" ?> -<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> -<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> -<packagegui> - <copyright> - <![CDATA[ -/* ========================================================================== */ -/* - pfblocker_lists.xml - part of pfSense (http://www.pfSense.com) - Copyright (C) 2010 Scott Ullrich <sullrich@gmail.com> - Copyright (C) 2011 Marcello Coutinho - - All rights reserved. -*/ -/* ========================================================================== */ -/* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ - ]]> - </copyright> - <description>Describe your package here</description> - <requirements>Describe your package requirements here</requirements> - <faq>Currently there are no FAQ items provided.</faq> - <name>pfblockerlists</name> - <version>1.0</version> - <title>Firewall: pfBlocker</title> - <include_file>/usr/local/pkg/pfblocker.inc</include_file> - <menu> - <name>pfBlocker </name> - <tooltiptext></tooltiptext> - <section>Firewall</section> - <configfile>pfblocker_lists.xml</configfile> - </menu> -<tabs> - <tab> - <text>General</text> - <url>/pkg_edit.php?xml=pfblocker.xml&id=0</url> - </tab> - <tab> - <text>Lists</text> - <url>/pkg.php?xml=pfblocker_lists.xml</url> - <active/> - </tab> - - <tab> - <text>Top Spammers</text> - <url>/pkg_edit.php?xml=pfblocker_topspammers.xml&id=0</url> - </tab> - - <tab> - <text>Africa</text> - <url>/pkg_edit.php?xml=pfblocker_Africa.xml&id=0</url> - - </tab> - <tab> - <text>Asia</text> - <url>/pkg_edit.php?xml=pfblocker_Asia.xml&id=0</url> - - </tab> - <tab> - <text>Europe</text> - <url>/pkg_edit.php?xml=pfblocker_Europe.xml&id=0</url> - </tab> - <tab> - <text>North America</text> - <url>/pkg_edit.php?xml=pfblocker_NorthAmerica.xml&id=0</url> - </tab> - <tab> - <text>Oceania</text> - <url>/pkg_edit.php?xml=pfblocker_Oceania.xml&id=0</url> - </tab> - <tab> - <text>South America</text> - <url>/pkg_edit.php?xml=pfblocker_SouthAmerica.xml&id=0</url> - </tab> - <tab> - <text>XMLRPC Sync</text> - <url>/pkg_edit.php?xml=pfblocker_sync.xml&id=0</url> - </tab> -</tabs> - <adddeleteeditpagefields> - <columnitem> - <fielddescr>Alias</fielddescr> - <fieldname>aliasname</fieldname> - </columnitem> - <columnitem> - <fielddescr>Description</fielddescr> - <fieldname>description</fieldname> - </columnitem> - - <columnitem> - <fielddescr>Action</fielddescr> - <fieldname>action</fieldname> - </columnitem> - <columnitem> - <fielddescr>Update Frequency</fielddescr> - <fieldname>cron</fieldname> - </columnitem> - </adddeleteeditpagefields> - <fields> - <field> - <name>Network ranges / CIDR lists</name> - <type>listtopic</type> - </field> - <field> - <fielddescr>Alias Name</fielddescr> - <fieldname>aliasname</fieldname> - <description><![CDATA[Enter lists Alias Names.<br> - Example: Badguys<br> - Do not include pfBlocker name, it's done by package.<br> - <strong>International, special or space caracters will be ignored in pfsense alias name.</strong><br>]]></description> - <type>input</type> - <size>20</size> - </field> - <field> - <fielddescr>List Description</fielddescr> - <fieldname>description</fieldname> - <type>input</type> - <size>90</size> - </field> - <field> - <fielddescr><![CDATA[Lists]]></fielddescr> - <fieldname>none</fieldname> - <description><![CDATA['Format' - Choose the file format that url will retrieve or local file format.<br> - 'Url or local file' - Add direct link to list (Example: <a target=_new href='http://list.iblocklist.com/?list=bt_ads&fileformat=p2p&archiveformat=gz'>Ads</a>, - <a target=_new href='http://list.iblocklist.com/?list=bt_spyware&fileformat=p2p&archiveformat=gz'>Spyware</a>, - <a target=_new href='http://list.iblocklist.com/?list=bt_proxy&fileformat=p2p&archiveformat=gz'>Proxies</a> )<br> - <br><strong>Note: </strong><br> - Compressed lists must be in gz format.<br> - Downloaded or local file must have only one network per line and could follows PeerBlock syntax or this below:<br> - Network ranges: <strong>172.16.1.0-172.16.1.255</strong><br> - IP Address: <strong>172.16.1.10</strong><br> - CIDR: <strong>172.16.1.0/24</strong> - ]]></description> - <type>rowhelper</type> - <rowhelper> - <rowhelperfield> - <fielddescr>Format</fielddescr> - <fieldname>format</fieldname> - <type>select</type> - <options> - <option><name>gz</name><value>gz</value></option> - <option><name>txt</name><value>txt</value></option> - </options> - </rowhelperfield> - <rowhelperfield> - <fielddescr>Url or localfile</fielddescr> - <fieldname>url</fieldname> - <type>input</type> - <size>75</size> - </rowhelperfield> - </rowhelper> - </field> - <field> - <fielddescr>List Action</fielddescr> - <description><![CDATA[Default:<strong>Deny Inbound</strong><br> - Select action for network on lists you have selected.<br><br> - <strong>Note: </strong><br>'Deny Both' - Will deny access on Both directions.<br> - 'Deny Inbound' - Will deny access from selected lists to your network.<br> - 'Deny Outbound' - Will deny access from your users to ip lists you selected to block.<br> - 'Permit Inbound' - Will allow access from selected lists to your network.<br> - 'Permit Outbound' - Will allow access from your users to ip lists you selected to block.<br> - 'Disabled' - Will just keep selection and do nothing to selected Lists.<br> - 'Alias Only' - Will create an alias with selected Lists to help custom rule assignments.<br><br> - <strong>While creating rules with this list, keep aliasname in the beggining of rule description and do not end description with 'rule'.<br></strong> - custom rules with 'Aliasname something rule' description will be removed by package.]]></description> - <fieldname>action</fieldname> - <type>select</type> - <options> - <option><name>Deny Inbound</name><value>Deny_Inbound</value></option> - <option><name>Deny Outbound</name><value>Deny_Outbound</value></option> - <option><name>Deny Both</name><value>Deny_Both</value></option> - <option><name>Permit Inbound</name><value>Permit_Inbound</value></option> - <option><name>Permit Outbound</name><value>Permit_Outbound</value></option> - <option><name>Alias only</name><value>Alias_only</value></option> - <option><name>Disabled</name><value>Disabled</value></option> - </options> - </field> - <field> - <fielddescr>Update frequency</fielddescr> - <fieldname>cron</fieldname> - <description><![CDATA[Default:<strong>Never</strong><br> - Select how often pfsense will download List files]]></description> - <type>select</type> - <options> - <option><name>Never</name><value>Never</value></option> - <option><name>Every Hour</name><value>01hour</value></option> - <option><name>Every 4 Hours</name><value>04hours</value></option> - <option><name>Every 12 Hours</name><value>12hours</value></option> - <option><name>Once a day</name><value>EveryDay</value></option> - </options> - </field> - <field> - <name>Custom list</name> - <type>listtopic</type> - </field> - <field> - <fielddescr>CIDR</fielddescr> - <fieldname>custom</fieldname> - <description><![CDATA[Enter networks you want to include in this alias. One network per line in CIDR format.<br> - Example: 192.168.1.0/24]]></description> - <type>textarea</type> - <cols>50</cols> - <rows>10</rows> - <encoding>base64</encoding> - </field> - </fields> - <custom_php_install_command> - pfblocker_php_install_command(); - </custom_php_install_command> - <custom_php_deinstall_command> - pfblocker_php_deinstall_command(); - </custom_php_deinstall_command> - <custom_php_validation_command> - pfblocker_validate_input($_POST, &$input_errors); - </custom_php_validation_command> - <custom_php_resync_config_command> - sync_package_pfblocker(); - </custom_php_resync_config_command> -</packagegui>
\ No newline at end of file diff --git a/config/dansguardian/dansguardian_lists.xml b/config/dansguardian/dansguardian_groups.xml index e78658cd..4f56601f 100755 --- a/config/dansguardian/dansguardian_lists.xml +++ b/config/dansguardian/dansguardian_groups.xml @@ -6,7 +6,7 @@ <![CDATA[ /* ========================================================================== */ /* - dansguardian_lists.xml + dansguardian_groups.xml part of pfSense (http://www.pfSense.com) Copyright (C) 2012 Marcello Coutinho @@ -41,7 +41,7 @@ <description>Describe your package here</description> <requirements>Describe your package requirements here</requirements> <faq>Currently there are no FAQ items provided.</faq> - <name>dansguardianlists</name> + <name>dansguardiangroups</name> <version>1.0</version> <title>Services: Dansguardian</title> <include_file>/usr/local/pkg/dansguardian.inc</include_file> @@ -59,12 +59,24 @@ <url>/pkg_edit.php?xml=dansguardian_limits.xml&id=0</url> </tab> <tab> - <text>Filter Groups</text> - <url>/pkg.php?xml=dansguardian_lists.xml</url> + <text>Blacklist</text> + <url>/pkg_edit.php?xml=dansguardian_blacklist.xml&id=0</url> + </tab> + <tab> + <text>Access Lists</text> + <url>/pkg_edit.php?xml=dansguardian_antivirus_acl.xml&id=0</url> + </tab> + <tab> + <text>Groups</text> + <url>/pkg.php?xml=dansguardian_groups.xml</url> <active/> </tab> <tab> - <text>Report and Log</text> + <text>Users</text> + <url>/pkg_edit.php?xml=dansguardian_users.xml</url> + </tab> + <tab> + <text>Report and log</text> <url>/pkg_edit.php?xml=dansguardian_log.xml&id=0</url> </tab> <tab> @@ -72,8 +84,8 @@ <url>/pkg_edit.php?xml=dansguardian_sync.xml&id=0</url> </tab> <tab> - <text>About</text> - <url>/pkg_edit.php?xml=dansguardian.php&id=0</url> + <text>Help</text> + <url>/dansguardian_about.php</url> </tab> </tabs> <adddeleteeditpagefields> @@ -90,15 +102,6 @@ <fielddescr>Description</fielddescr> <fieldname>description</fieldname> </columnitem> - - <columnitem> - <fielddescr>Action</fielddescr> - <fieldname>action</fieldname> - </columnitem> - <columnitem> - <fielddescr>Update Frequency</fielddescr> - <fieldname>cron</fieldname> - </columnitem> </adddeleteeditpagefields> <fields> <field> @@ -107,17 +110,120 @@ </field> <field> <fielddescr>Filter Group Name</fielddescr> - <fieldname>groupname</fieldname> - <description><![CDATA[Enter lists Alias Names.<br> - Example: Badguys<br> - Do not include pfBlocker name, it's done by package.<br> - <strong>International, special or space caracters will be ignored in pfsense alias name.</strong><br>]]></description> + <fieldname>name</fieldname> + <description><![CDATA[Enter Group Names.]]></description> <type>input</type> <size>20</size> </field> + <field> + <fielddescr>List Description</fielddescr> + <fieldname>description</fieldname> + <type>input</type> + <size>60</size> + </field> + <field> + <name>Acess Lists</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Group Options</fielddescr> + <fieldname>group_options</fieldname> + <description><![CDATA[Select options to apply on this group. Default values are in ( )]]></description> + <type>select</type> + <options> + <option><name>Scan clean cache (on)</name><value>scancleancache</value></option> + <option><name>Hex decode content (off)</name><value>hexdecodecontent</value></option> + <option><name>Block Download not in Exception Lists (off)</name><value>blockdownloads</value></option> + <option><name>Enable PICS rating support (off)</name><value>enablepics</value></option> + <option><name>Enable Deep URL Analysis (off)</name><value>deepurlanalysis</value></option> + <option><name>Infection/Scan Error Bypass on Scan Errors Only (on)</name><value>infectionbypasserrorsonly</value></option> + <option><name>Disable content scanning (off)</name><value>disablecontentscan</value></option> + <option><name>Check servers ssl certificates (off)</name><value>sslcertcheck</value></option> + <option><name>Filter ssl sites forging SSL Certificates (off)</name><value>sslmitm</value></option> + </options> + <multiple/> + <size>10</size> + </field> + + <field> + <fielddescr>Pics</fielddescr> + <fieldname>picsacl</fieldname> + <description><![CDATA[Select Pics Access List to apply on this group.]]></description> + <type>select_source</type> + <source><![CDATA[$config['installedpackages']['dansguardianpicsacl']['config']]]></source> + <source_name>name</source_name> + <source_value>name</source_value> + </field> + <field> + <fielddescr>Phrase</fielddescr> + <fieldname>phraseacl</fieldname> + <description><![CDATA[Select Phrase ACL to apply on this group.]]></description> + <type>select_source</type> + <source><![CDATA[$config['installedpackages']['dansguardianphraseacl']['config']]]></source> + <source_name>name</source_name> + <source_value>name</source_value> + </field> + <field> + <fielddescr>Site</fielddescr> + <fieldname>siteacl</fieldname> + <description><![CDATA[Select Site Access List to apply on this group.]]></description> + <type>select_source</type> + <source><![CDATA[$config['installedpackages']['dansguardiansiteacl']['config']]]></source> + <source_name>name</source_name> + <source_value>name</source_value> + </field> + <field> + <fielddescr>URL</fielddescr> + <fieldname>urlacl</fieldname> + <description><![CDATA[Select URL Access List to apply on this group.]]></description> + <type>select_source</type> + <source><![CDATA[$config['installedpackages']['dansguardianurlacl']['config']]]></source> + <source_name>name</source_name> + <source_value>name</source_value> + </field> + <field> + <fielddescr>Extension</fielddescr> + <fieldname>extensionacl</fieldname> + <description><![CDATA[Select Extension Access List to apply on this group.]]></description> + <type>select_source</type> + <source><![CDATA[$config['installedpackages']['dansguardianfileacl']['config']]]></source> + <source_name>name</source_name> + <source_value>name</source_value> + </field> + <field> + <fielddescr>Header</fielddescr> + <fieldname>headeracl</fieldname> + <description><![CDATA[Select Header Access List to apply on this group.]]></description> + <type>select_source</type> + <source><![CDATA[$config['installedpackages']['dansguardianheaderacl']['config']]]></source> + <source_name>name</source_name> + <source_value>name</source_value> + </field> + <field> + <fielddescr>Content</fielddescr> + <fieldname>contentacl</fieldname> + <description><![CDATA[Select Content Access List to apply on this group.]]></description> + <type>select_source</type> + <source><![CDATA[$config['installedpackages']['dansguardiancontentacl']['config']]]></source> + <source_name>name</source_name> + <source_value>name</source_value> + </field> + <field> + <fielddescr>Search</fielddescr> + <fieldname>searchacl</fieldname> + <description><![CDATA[Select Search Access list to apply on this group.]]></description> + <type>select_source</type> + <source><![CDATA[$config['installedpackages']['dansguardiansearchacl']['config']]]></source> + <source_name>name</source_name> + <source_value>name</source_value> + </field> + <field> + <name>Values</name> + <type>listtopic</type> + </field> <field> <fielddescr>Filter Group Mode</fielddescr> - <fieldname>groupmode</fieldname> + <fieldname>mode</fieldname> <description><![CDATA[ This option determines whether members of this group have their web access unfiltered, filtered, or banned.<br> This mechanism replaces the "banneduserlist"]]></description> <type>select</type> @@ -127,19 +233,9 @@ <option><name>banned</name><value>0</value></option> </options> </field> - <field> - <fielddescr>List Description</fielddescr> - <fieldname>description</fieldname> - <type>input</type> - <size>90</size> - </field> - <field> - <name>Values</name> - <type>listtopic</type> - </field> <field> <fielddescr>Reporting Level</fielddescr> - <fieldname>report_level</fieldname> + <fieldname>reportinglevel</fieldname> <description><![CDATA[Web Access Denied Reporting (does not affect logging)<br> If defined, this overrides the global setting in dansguardian.conf for members of this filter group.]]></description> <type>select</type> @@ -154,10 +250,15 @@ <field> <fielddescr>Weighted phrase mode</fielddescr> <fieldname>weightedphrasemode</fieldname> - <description><![CDATA[Optional; overrides the weightedphrasemode option in dansguardian.conf for this particular group.<br> - See documentation for supported values in that file.]]></description> - <type>input</type> - <size>10</size> + <description><![CDATA[IMPORTANT: Note that setting this to "0" turns off all features which extract phrases from page content, + including banned & exception phrases (not just weighted), search term filtering, and scanning for links to banned URLs.]]></description> + <type>select</type> + <options> + <option><name>Use Weighted phrase mode value from general config</name><value>default</value></option> + <option><name>Singular = each weighted phrase found only counts once on a page.</name><value>2</value></option> + <option><name>Normal = normal weighted phrase operation.</name><value>1</value></option> + <option><name>Off = do not use the weighted phrase feature.</name><value>0</value></option> + </options> </field> <field> <fielddescr>Naughtiness limite</fielddescr> @@ -223,107 +324,17 @@ <type>input</type> <size>10</size> </field> - <field> - <name>Lists</name> - <type>listtopic</type> - </field> - <field> - <fielddescr>Group Options</fielddescr> - <fieldname>group_options</fieldname> - <description><![CDATA[Select options to apply on this group. Default values are in ( )]]></description> - <type>select</type> - <options> - <option><name>Scan clean cache (on)</name><value>scancleancache</value></option> - <option><name>Hex decode content (off)</name><value>hexdecodecontent</value></option> - <option><name>Block Download not in Exception Lists (off)</name><value>blockdownloads</value></option> - <option><name>Enable PICS rating support (off)</name><value>enablepics</value></option> - <option><name>Enable Deep URL Analysis (off)</name><value>deepurlanalysis</value></option> - <option><name>Infection/Scan Error Bypass on Scan Errors Only (on)</name><value>infectionbypasserrorsonly</value></option> - <option><name>Disable content scanning (off)</name><value>disablecontentscan</value></option> - <option><name>Check servers ssl certificates (off)</name><value>sslcertcheck</value></option> - <option><name>Filter ssl sites forging SSL Certificates (off)</name><value>sslmitm</value></option> - </options> - <multiple/> - <size>10</size> - </field> - <field> - <fielddescr>Content filtering</fielddescr> - <fieldname>group_options</fieldname> - <description><![CDATA[Select List you want to apply on this group.]]></description> - <type>select</type> - <options> - <option><name>Banned Phrase List</name><value>bannedphraselist</value></option> - <option><name>Weighted Phrase List</name><value>weightedphraselist</value></option> - <option><name>Exception Phrase List</name><value>exceptionphraselist</value></option> - <option><name>Banned Site List</name><value>bannedsitelist</value></option> - <option><name>Grey Site List</name><value>greysitelist</value></option> - <option><name>Exception Site List</name><value>exceptionsitelist</value></option> - <option><name>Grey Url List</name><value>greyurllist</value></option> - <option><name>Exception Url List</name><value>exceptionurllist</value></option> - <option><name>Exception Regexp Url List</name><value>exceptionregexpurllist</value></option> - <option><name>Banned Regexp Url List</name><value>bannedregexpurllist</value></option> - <option><name>Content Regexp List</name><value>contentregexplist</value></option> - <option><name>Pics File</name><value>picsfile</value></option> - <option><name>Url Regexp List</name><value>urlregexplist</value></option> - </options> - <multiple/> - <size>14</size> - </field> - <field> - <fielddescr>File type filtering</fielddescr> - <fieldname>file_options</fieldname> - <description><![CDATA[Select List you want to apply on this group.]]></description> - <type>select</type> - <options> - <option><name>Exception Extension List</name><value>exceptionextensionlist</value></option> - <option><name>Exception Mime Type List</name><value>exceptionmimetypelist</value></option> - <option><name>Exception Phrase List</name><value>exceptionphraselist</value></option> - <option><name>Banned Extension List</name><value>bannedextensionlist</value></option> - <option><name>Banned Mime Type List</name><value>bannedmimetypelist</value></option> - <option><name>Exception File Site ist</name><value>exceptionfileurllist</value></option> - </options> - <multiple/> - <size>7</size> - </field> - <field> - <fielddescr>search engine filtering</fielddescr> - <fieldname>file_options</fieldname> - <description><![CDATA[Select search engine filtering you want to apply on this group.]]></description> - <type>select</type> - <options> - <option><name>Search Engine Regexp List</name><value>searchengineregexplist</value></option> - <option><name>Banned Search Termlist</name><value>exceptionmimetypelist</value></option> - <option><name>Weightd Search Term List</name><value>weightedsearchtermlist</value></option> - <option><name>Exception Search Term List</name><value>exceptionsearchtermlist</value></option> - </options> - <multiple/> - <size>5</size> - </field> - <field> - <name>Custom list</name> - <type>listtopic</type> - </field> - <field> - <fielddescr>CIDR</fielddescr> - <fieldname>custom</fieldname> - <description><![CDATA[Enter networks you want to include in this alias. One network per line in CIDR format.<br> - Example: 192.168.1.0/24]]></description> - <type>textarea</type> - <cols>50</cols> - <rows>10</rows> - <encoding>base64</encoding> - </field> </fields> <custom_php_install_command> - pfblocker_php_install_command(); + dansguardian_php_install_command(); </custom_php_install_command> <custom_php_deinstall_command> - pfblocker_php_deinstall_command(); + dansguardian_php_deinstall_command(); </custom_php_deinstall_command> <custom_php_validation_command> - pfblocker_validate_input($_POST, &$input_errors); + dansguardian_validate_input($_POST, &$input_errors); </custom_php_validation_command> <custom_php_resync_config_command> - sync_package_pfblocker(); + sync_package_dansguardian(); </custom_php_resync_config_command> </packagegui>
\ No newline at end of file diff --git a/config/dansguardian/dansguardian_header_acl.xml b/config/dansguardian/dansguardian_header_acl.xml new file mode 100755 index 00000000..2a07af24 --- /dev/null +++ b/config/dansguardian/dansguardian_header_acl.xml @@ -0,0 +1,180 @@ +<?xml version="1.0" encoding="utf-8" ?> +<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> +<packagegui> + <copyright> + <![CDATA[ +/* ========================================================================== */ +/* + dansguardian_header_acl.xml + part of pfSense (http://www.pfSense.com) + Copyright (C) 2012 Marcello Coutinho + + All rights reserved. +*/ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ +/* ========================================================================== */ + ]]> + </copyright> + <description>Describe your package here</description> + <requirements>Describe your package requirements here</requirements> + <faq>Currently there are no FAQ items provided.</faq> + <name>dansguardianheaderacl</name> + <version>1.0</version> + <title>Services: Dansguardian - Access Lists</title> + <include_file>/usr/local/pkg/dansguardian.inc</include_file> + <tabs> + <tab> + <text>Back to Config</text> + <url>/pkg_edit.php?xml=dansguardian.xml&id=0</url> + </tab> + <tab> + <text>Antivirus</text> + <url>/pkg_edit.php?xml=dansguardian_antivirus_acl.xml&id=0</url> + </tab> + <tab> + <text>Pics</text> + <url>/pkg.php?xml=dansguardian_pics_acl.xml&id=0</url> + </tab> + <tab> + <text>Phase</text> + <url>/pkg.php?xml=dansguardian_phrase_acl.xml</url> + </tab> + <tab> + <text>Site</text> + <url>/pkg.php?xml=dansguardian_site_acl.xml</url> + </tab> + <tab> + <text>URL</text> + <url>/pkg.php?xml=dansguardian_url_acl.xml</url> + </tab> + <tab> + <text>Extension</text> + <url>/pkg.php?xml=dansguardian_file_acl.xml</url> + </tab> + <tab> + <text>Content</text> + <url>/pkg.php?xml=dansguardian_content_acl.xml</url> + </tab> + <tab> + <text>Header</text> + <url>/pkg.php?xml=dansguardian_header_acl.xml</url> + <active/> + </tab> + <tab> + <text>Searche Engine</text> + <url>/pkg.php?xml=dansguardian_search_acl.xml</url> + </tab> + <tab> + <text>Groups</text> + <url>/pkg.php?xml=dansguardian_groups.xml</url> + </tab> + <tab> + <text>Users</text> + <url>/pkg_edit.php?xml=dansguardian_users.xml</url> + </tab> + </tabs> + <adddeleteeditpagefields> + <columnitem> + <fielddescr>Group name</fielddescr> + <fieldname>name</fieldname> + </columnitem> + <columnitem> + <fielddescr>Description</fielddescr> + <fieldname>description</fieldname> + </columnitem> + </adddeleteeditpagefields> + <fields> + <field> + <name>Header Access Lists</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Name</fielddescr> + <fieldname>name</fieldname> + <description></description> + <type>input</type> + <size>25</size> + </field> + <field> + <fielddescr>description</fielddescr> + <fieldname>description</fieldname> + <type>input</type> + <size>80</size> + </field> + <field> + <name>Banned</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Enable</fielddescr> + <fieldname>banned_enabled</fieldname> + <type>checkbox</type> + <description></description> + </field> + <field> + <fielddescr>config</fielddescr> + <fieldname>banned_regexpheaderlist</fieldname> + <description><![CDATA[Enter banned regexp header List for this group.<br> + Leave empty to load dansguardian defaults]]></description> + <type>textarea</type> + <cols>80</cols> + <rows>10</rows> + <encoding>base64</encoding> + </field> + <field> + <name>Replace</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Enable</fielddescr> + <fieldname>regexp_enabled</fieldname> + <type>checkbox</type> + <description></description> + </field> + <field> + <fielddescr>Config</fielddescr> + <fieldname>header_regexplist</fieldname> + <description><![CDATA[Enter header regexp replace List for this group.<br> + Leave empty to load dansguardian defaults]]></description> + <type>textarea</type> + <cols>80</cols> + <rows>10</rows> + <encoding>base64</encoding> + </field> + </fields> + <custom_php_install_command> + dansguardian_php_install_command(); + </custom_php_install_command> + <custom_php_deinstall_command> + dansguardian_php_deinstall_command(); + </custom_php_deinstall_command> + <custom_php_validation_command> + dansguardian_validate_input($_POST, &$input_errors); + </custom_php_validation_command> + <custom_php_resync_config_command> + sync_package_dansguardian(); + </custom_php_resync_config_command> +</packagegui>
\ No newline at end of file diff --git a/config/dansguardian/dansguardian_limits.xml b/config/dansguardian/dansguardian_limits.xml index 2a1be7d6..e28393a1 100644 --- a/config/dansguardian/dansguardian_limits.xml +++ b/config/dansguardian/dansguardian_limits.xml @@ -61,11 +61,23 @@ <active/> </tab> <tab> - <text>Filter Groups</text> - <url>/pkg.php?xml=dansguardian_lists.xml</url> + <text>Blacklist</text> + <url>/pkg_edit.php?xml=dansguardian_blacklist.xml&id=0</url> </tab> <tab> - <text>Report and Log</text> + <text>Access Lists</text> + <url>/pkg_edit.php?xml=dansguardian_antivirus_acl.xml&id=0</url> + </tab> + <tab> + <text>Groups</text> + <url>/pkg.php?xml=dansguardian_groups.xml</url> + </tab> + <tab> + <text>Users</text> + <url>/pkg_edit.php?xml=dansguardian_users.xml</url> + </tab> + <tab> + <text>Report and log</text> <url>/pkg_edit.php?xml=dansguardian_log.xml&id=0</url> </tab> <tab> @@ -73,8 +85,8 @@ <url>/pkg_edit.php?xml=dansguardian_sync.xml&id=0</url> </tab> <tab> - <text>About</text> - <url>/pkg_edit.php?xml=dansguardian.php&id=0</url> + <text>Help</text> + <url>/dansguardian_about.php</url> </tab> </tabs> <fields> diff --git a/config/dansguardian/dansguardian_log.xml b/config/dansguardian/dansguardian_log.xml index 386fe159..ceb7ccb0 100644 --- a/config/dansguardian/dansguardian_log.xml +++ b/config/dansguardian/dansguardian_log.xml @@ -60,11 +60,23 @@ <url>/pkg_edit.php?xml=dansguardian_limits.xml&id=0</url> </tab> <tab> - <text>Filter Groups</text> - <url>/pkg.php?xml=dansguardian_lists.xml</url> + <text>Blacklist</text> + <url>/pkg_edit.php?xml=dansguardian_blacklist.xml&id=0</url> </tab> <tab> - <text>Report and Log</text> + <text>Access Lists</text> + <url>/pkg_edit.php?xml=dansguardian_antivirus_acl.xml&id=0</url> + </tab> + <tab> + <text>Groups</text> + <url>/pkg.php?xml=dansguardian_groups.xml</url> + </tab> + <tab> + <text>Users</text> + <url>/pkg_edit.php?xml=dansguardian_users.xml</url> + </tab> + <tab> + <text>Report and log</text> <url>/pkg_edit.php?xml=dansguardian_log.xml&id=0</url> <active/> </tab> @@ -73,8 +85,8 @@ <url>/pkg_edit.php?xml=dansguardian_sync.xml&id=0</url> </tab> <tab> - <text>About</text> - <url>/pkg_edit.php?xml=dansguardian.php&id=0</url> + <text>Help</text> + <url>/dansguardian_about.php</url> </tab> </tabs> <fields> diff --git a/config/dansguardian/dansguardian_phrase_acl.xml b/config/dansguardian/dansguardian_phrase_acl.xml new file mode 100755 index 00000000..1d49ef9e --- /dev/null +++ b/config/dansguardian/dansguardian_phrase_acl.xml @@ -0,0 +1,223 @@ +<?xml version="1.0" encoding="utf-8" ?> +<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> +<packagegui> + <copyright> + <![CDATA[ +/* ========================================================================== */ +/* + dansguardian_phrase_acl.xml + part of pfSense (http://www.pfSense.com) + Copyright (C) 2012 Marcello Coutinho + + All rights reserved. +*/ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ +/* ========================================================================== */ + ]]> + </copyright> + <description>Describe your package here</description> + <requirements>Describe your package requirements here</requirements> + <faq>Currently there are no FAQ items provided.</faq> + <name>dansguardianphraseacl</name> + <version>1.0</version> + <title>Services: Dansguardian - Access Lists</title> + <include_file>/usr/local/pkg/dansguardian.inc</include_file> + <tabs> + <tab> + <text>Back to Config</text> + <url>/pkg_edit.php?xml=dansguardian.xml&id=0</url> + </tab> + <tab> + <text>Antivirus</text> + <url>/pkg_edit.php?xml=dansguardian_antivirus_acl.xml&id=0</url> + </tab> + <tab> + <text>Pics</text> + <url>/pkg.php?xml=dansguardian_pics_acl.xml&id=0</url> + </tab> + <tab> + <text>Phase</text> + <url>/pkg.php?xml=dansguardian_phrase_acl.xml</url> + <active/> + </tab> + <tab> + <text>Site</text> + <url>/pkg.php?xml=dansguardian_site_acl.xml</url> + </tab> + <tab> + <text>URL</text> + <url>/pkg.php?xml=dansguardian_url_acl.xml</url> + </tab> + <tab> + <text>Extension</text> + <url>/pkg.php?xml=dansguardian_file_acl.xml</url> + </tab> + <tab> + <text>Content</text> + <url>/pkg.php?xml=dansguardian_content_acl.xml</url> + </tab> + <tab> + <text>Header</text> + <url>/pkg.php?xml=dansguardian_header_acl.xml</url> + </tab> + <tab> + <text>Searche Engine</text> + <url>/pkg.php?xml=dansguardian_search_acl.xml</url> + </tab> + <tab> + <text>Groups</text> + <url>/pkg.php?xml=dansguardian_groups.xml</url> + </tab> + <tab> + <text>Users</text> + <url>/pkg_edit.php?xml=dansguardian_users.xml</url> + </tab> +</tabs> +<adddeleteeditpagefields> + <columnitem> + <fielddescr>Access List name</fielddescr> + <fieldname>name</fieldname> + </columnitem> + <columnitem> + <fielddescr>Access List Descriptions</fielddescr> + <fieldname>description</fieldname> + </columnitem> + </adddeleteeditpagefields> + <fields> + <field> + <name>Phrase Access List</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Name</fielddescr> + <fieldname>name</fieldname> + <description></description> + <type>input</type> + <size>25</size> + </field> + <field> + <fielddescr>Description</fielddescr> + <fieldname>description</fieldname> + <type>input</type> + <size>80</size> + </field> + <field> + <name>Banned Lists</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Enable</fielddescr> + <fieldname>banned_enabled</fieldname> + <type>checkbox</type> + <description></description> + </field> + <field> + <fielddescr>Include</fielddescr> + <fieldname>banned_includes</fieldname> + <description><![CDATA[Select Include files to banned phrase filter.]]></description> + <type>select_source</type> + <source><![CDATA[$config['installedpackages']['dansguardianphraselistsbanned']['config']]]></source> + <source_name>descr</source_name> + <source_value>file</source_value> + <multiple/> + <size>10</size> + </field> + <field> + <fielddescr>Config file</fielddescr> + <fieldname>banned_phraselist</fieldname> + <description><![CDATA[Enter Banned Pharase List for this group.<br> + Leave empty to load dansguardian defaults]]></description> + <type>textarea</type> + <cols>80</cols> + <rows>10</rows> + <encoding>base64</encoding> + </field> + <field> + <name>Weighted Lists</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Enable</fielddescr> + <fieldname>weighted_enabled</fieldname> + <type>checkbox</type> + <description></description> + </field> + <field> + <fielddescr>Include</fielddescr> + <fieldname>weighted_includes</fieldname> + <description><![CDATA[Select Include files to weighted phrase filter.]]></description> + <type>select_source</type> + <source><![CDATA[$config['installedpackages']['dansguardianphraselistsweighted']['config']]]></source> + <source_name>descr</source_name> + <source_value>file</source_value> + <multiple/> + <size>20</size> + </field> + <field> + <fielddescr>Config file</fielddescr> + <fieldname>weighted_phraselist</fieldname> + <description><![CDATA[Enter Weighted Pharase List for this group.<br> + Leave empty to load dansguardian defaults]]></description> + <type>textarea</type> + <cols>80</cols> + <rows>10</rows> + <encoding>base64</encoding> + </field> + <field> + <name>Exception Lists</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Enable</fielddescr> + <fieldname>exception_enabled</fieldname> + <type>checkbox</type> + <description></description> + </field> + + <field> + <fielddescr>Config file</fielddescr> + <fieldname>exception_phraselist</fieldname> + <description><![CDATA[Enter exception Pharase List for this group.<br> + Leave empty to load dansguardian defaults]]></description> + <type>textarea</type> + <cols>80</cols> + <rows>10</rows> + <encoding>base64</encoding> + </field> + </fields> + <custom_php_install_command> + dansguardian_php_install_command(); + </custom_php_install_command> + <custom_php_deinstall_command> + dansguardian_php_deinstall_command(); + </custom_php_deinstall_command> + <custom_php_validation_command> + dansguardian_validate_input($_POST, &$input_errors); + </custom_php_validation_command> + <custom_php_resync_config_command> + sync_package_dansguardian(); + </custom_php_resync_config_command> +</packagegui>
\ No newline at end of file diff --git a/config/dansguardian/dansguardian_pics_acl.xml b/config/dansguardian/dansguardian_pics_acl.xml new file mode 100644 index 00000000..016d360e --- /dev/null +++ b/config/dansguardian/dansguardian_pics_acl.xml @@ -0,0 +1,157 @@ +<?xml version="1.0" encoding="utf-8" ?> +<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> +<packagegui> + <copyright> + <![CDATA[ +/* $Id$ */ +/* ========================================================================== */ +/* + dansguardian_limits.xml + part of the dansguardian for pfSense + Copyright (C) 2012 Marcello Coutinho + + All rights reserved. + */ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ +/* ========================================================================== */ + ]]> + </copyright> + <description>Describe your package here</description> + <requirements>Describe your package requirements here</requirements> + <faq>Currently there are no FAQ items provided.</faq> + <name>dansguardianpicsacl</name> + <version>1.0</version> + <title>Services: Dansguardian - Access Lists</title> + <include_file>/usr/local/pkg/dansguardian.inc</include_file> + <tabs> + <tab> + <text>Back to Config</text> + <url>/pkg_edit.php?xml=dansguardian.xml&id=0</url> + </tab> + <tab> + <text>Antivirus</text> + <url>/pkg_edit.php?xml=dansguardian_antivirus_acl.xml&id=0</url> + </tab> + <tab> + <text>Pics</text> + <url>/pkg.php?xml=dansguardian_pics_acl.xml&id=0</url> + <active/> + </tab> + <tab> + <text>Phase</text> + <url>/pkg.php?xml=dansguardian_phrase_acl.xml</url> + </tab> + <tab> + <text>Site</text> + <url>/pkg.php?xml=dansguardian_site_acl.xml</url> + </tab> + <tab> + <text>URL</text> + <url>/pkg.php?xml=dansguardian_url_acl.xml</url> + </tab> + <tab> + <text>Extension</text> + <url>/pkg.php?xml=dansguardian_file_acl.xml</url> + </tab> + <tab> + <text>Content</text> + <url>/pkg.php?xml=dansguardian_content_acl.xml</url> + </tab> + <tab> + <text>Header</text> + <url>/pkg.php?xml=dansguardian_header_acl.xml</url> + </tab> + <tab> + <text>Searche Engine</text> + <url>/pkg.php?xml=dansguardian_search_acl.xml</url> + </tab> + <tab> + <text>Groups</text> + <url>/pkg.php?xml=dansguardian_groups.xml</url> + </tab> + <tab> + <text>Users</text> + <url>/pkg_edit.php?xml=dansguardian_users.xml</url> + </tab> +</tabs> +<adddeleteeditpagefields> + <columnitem> + <fielddescr>Access List Name</fielddescr> + <fieldname>name</fieldname> + </columnitem> + <columnitem> + <fielddescr>Access List Description</fielddescr> + <fieldname>description</fieldname> + </columnitem> +</adddeleteeditpagefields> + <fields> + <field> + <name>Pics</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Name</fielddescr> + <fieldname>name</fieldname> + <description></description> + <type>input</type> + <size>25</size> + </field> + <field> + <fielddescr>description</fielddescr> + <fieldname>description</fieldname> + <type>input</type> + <size>80</size> + </field> + <field> + <fielddescr>Enable</fielddescr> + <fieldname>pics_enabled</fieldname> + <type>checkbox</type> + <description></description> + </field> + <field> + <fielddescr>config</fielddescr> + <fieldname>pics</fieldname> + <description><![CDATA[Enter pics config for this group.<br> + Leave empty to load dansguardian defaults]]></description> + <type>textarea</type> + <cols>80</cols> + <rows>70</rows> + <encoding>base64</encoding> + </field> + </fields> + <custom_php_install_command> + dansguardian_php_install_command(); + </custom_php_install_command> + <custom_php_deinstall_command> + dansguardian_php_deinstall_command(); + </custom_php_deinstall_command> + <custom_php_validation_command> + dansguardian_validate_input($_POST, &$input_errors); + </custom_php_validation_command> + <custom_php_resync_config_command> + sync_package_dansguardian(); + </custom_php_resync_config_command> +</packagegui> diff --git a/config/dansguardian/dansguardian_search_acl.xml b/config/dansguardian/dansguardian_search_acl.xml new file mode 100755 index 00000000..8ed714f3 --- /dev/null +++ b/config/dansguardian/dansguardian_search_acl.xml @@ -0,0 +1,217 @@ +<?xml version="1.0" encoding="utf-8" ?> +<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> +<packagegui> + <copyright> + <![CDATA[ +/* ========================================================================== */ +/* + dansguardian_search_acl.xml + part of pfSense (http://www.pfSense.com) + Copyright (C) 2012 Marcello Coutinho + + All rights reserved. +*/ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ +/* ========================================================================== */ + ]]> + </copyright> + <description>Describe your package here</description> + <requirements>Describe your package requirements here</requirements> + <faq>Currently there are no FAQ items provided.</faq> + <name>dansguardiansearchacl</name> + <version>1.0</version> + <title>Services: Dansguardian - Access Lists</title> + <include_file>/usr/local/pkg/dansguardian.inc</include_file> + <tabs> + <tab> + <text>Back to Config</text> + <url>/pkg_edit.php?xml=dansguardian.xml&id=0</url> + </tab> + <tab> + <text>Antivirus</text> + <url>/pkg_edit.php?xml=dansguardian_antivirus_acl.xml&id=0</url> + </tab> + <tab> + <text>Pics</text> + <url>/pkg.php?xml=dansguardian_pics_acl.xml&id=0</url> + </tab> + <tab> + <text>Phase</text> + <url>/pkg.php?xml=dansguardian_phrase_acl.xml</url> + </tab> + <tab> + <text>Site</text> + <url>/pkg.php?xml=dansguardian_site_acl.xml</url> + </tab> + <tab> + <text>URL</text> + <url>/pkg.php?xml=dansguardian_url_acl.xml</url> + </tab> + <tab> + <text>Extension</text> + <url>/pkg.php?xml=dansguardian_file_acl.xml</url> + </tab> + <tab> + <text>Content</text> + <url>/pkg.php?xml=dansguardian_content_acl.xml</url> + </tab> + <tab> + <text>Header</text> + <url>/pkg.php?xml=dansguardian_header_acl.xml</url> + </tab> + <tab> + <text>Searche Engine</text> + <url>/pkg.php?xml=dansguardian_search_acl.xml</url> + <active/> + </tab> + <tab> + <text>Groups</text> + <url>/pkg.php?xml=dansguardian_groups.xml</url> + </tab> + <tab> + <text>Users</text> + <url>/pkg_edit.php?xml=dansguardian_users.xml</url> + </tab> +</tabs> +<adddeleteeditpagefields> + <columnitem> + <fielddescr>Access List Name</fielddescr> + <fieldname>name</fieldname> + </columnitem> + <columnitem> + <fielddescr>Access List Description</fielddescr> + <fieldname>description</fieldname> + </columnitem> + </adddeleteeditpagefields> + <fields> + <field> + <name>Description</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Name</fielddescr> + <fieldname>name</fieldname> + <description></description> + <type>input</type> + <size>25</size> + </field> + <field> + <fielddescr>description</fielddescr> + <fieldname>description</fieldname> + <type>input</type> + <size>80</size> + </field> + <field> + <name>Banned</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Enable</fielddescr> + <fieldname>banned_enabled</fieldname> + <type>checkbox</type> + <description></description> + </field> + <field> + <fielddescr>Config</fielddescr> + <fieldname>banned_searchtermlist</fieldname> + <description><![CDATA[Enter banned Search engine regexp List for this group.]]></description> + <type>textarea</type> + <cols>80</cols> + <rows>10</rows> + <encoding>base64</encoding> + </field> + <field> + <name>Exception</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Enable</fielddescr> + <fieldname>exception_enabled</fieldname> + <type>checkbox</type> + <description></description> + </field> + <field> + <fielddescr>config</fielddescr> + <fieldname>exception_searchtermlist</fieldname> + <description><![CDATA[Enter exception search term List for this group.]]></description> + <type>textarea</type> + <cols>80</cols> + <rows>10</rows> + <encoding>base64</encoding> + </field> + <field> + <name>Weighted</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Enable</fielddescr> + <fieldname>weighted_enabled</fieldname> + <type>checkbox</type> + <description></description> + </field> + <field> + <fielddescr>Config</fielddescr> + <fieldname>weighted_searchtermlist</fieldname> + <description><![CDATA[Enter Search engine weighted List for this group.]]></description> + <type>textarea</type> + <cols>80</cols> + <rows>10</rows> + <encoding>base64</encoding> + </field> + <field> + <name>Regexp</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Enable</fielddescr> + <fieldname>regexp_enabled</fieldname> + <type>checkbox</type> + <description></description> + </field> + <field> + <fielddescr>Config</fielddescr> + <fieldname>searchengineregexplist</fieldname> + <description><![CDATA[Enter Search engine regexp List for this group.]]></description> + <type>textarea</type> + <cols>80</cols> + <rows>10</rows> + <encoding>base64</encoding> + </field> + + </fields> + <custom_php_install_command> + dansguardian_php_install_command(); + </custom_php_install_command> + <custom_php_deinstall_command> + dansguardian_php_deinstall_command(); + </custom_php_deinstall_command> + <custom_php_validation_command> + dansguardian_validate_input($_POST, &$input_errors); + </custom_php_validation_command> + <custom_php_resync_config_command> + sync_package_dansguardian(); + </custom_php_resync_config_command> +</packagegui>
\ No newline at end of file diff --git a/config/dansguardian/dansguardian_site_acl.xml b/config/dansguardian/dansguardian_site_acl.xml new file mode 100755 index 00000000..69f4fa80 --- /dev/null +++ b/config/dansguardian/dansguardian_site_acl.xml @@ -0,0 +1,253 @@ +<?xml version="1.0" encoding="utf-8" ?> +<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> +<packagegui> + <copyright> + <![CDATA[ +/* ========================================================================== */ +/* + dansguardian_site_acl.xml + part of pfSense (http://www.pfSense.com) + Copyright (C) 2012 Marcello Coutinho + + All rights reserved. +*/ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ +/* ========================================================================== */ + ]]> + </copyright> + <description>Describe your package here</description> + <requirements>Describe your package requirements here</requirements> + <faq>Currently there are no FAQ items provided.</faq> + <name>dansguardiansiteacl</name> + <version>1.0</version> + <title>Services: Dansguardian - Access Lists</title> + <include_file>/usr/local/pkg/dansguardian.inc</include_file> + <tabs> + <tab> + <text>Back to Config</text> + <url>/pkg_edit.php?xml=dansguardian.xml&id=0</url> + </tab> + <tab> + <text>Antivirus</text> + <url>/pkg_edit.php?xml=dansguardian_antivirus_acl.xml&id=0</url> + </tab> + <tab> + <text>Pics</text> + <url>/pkg.php?xml=dansguardian_pics_acl.xml&id=0</url> + </tab> + <tab> + <text>Phase</text> + <url>/pkg.php?xml=dansguardian_phrase_acl.xml</url> + </tab> + <tab> + <text>Site</text> + <url>/pkg.php?xml=dansguardian_site_acl.xml</url> + <active/> + </tab> + <tab> + <text>URL</text> + <url>/pkg.php?xml=dansguardian_url_acl.xml</url> + </tab> + <tab> + <text>Extension</text> + <url>/pkg.php?xml=dansguardian_file_acl.xml</url> + </tab> + <tab> + <text>Content</text> + <url>/pkg.php?xml=dansguardian_content_acl.xml</url> + </tab> + <tab> + <text>Header</text> + <url>/pkg.php?xml=dansguardian_header_acl.xml</url> + </tab> + <tab> + <text>Searche Engine</text> + <url>/pkg.php?xml=dansguardian_search_acl.xml</url> + </tab> + <tab> + <text>Groups</text> + <url>/pkg.php?xml=dansguardian_groups.xml</url> + </tab> + <tab> + <text>Users</text> + <url>/pkg_edit.php?xml=dansguardian_users.xml</url> + </tab> +</tabs> +<adddeleteeditpagefields> + <columnitem> + <fielddescr>Access List Name</fielddescr> + <fieldname>name</fieldname> + </columnitem> + <columnitem> + <fielddescr>Access List Description</fielddescr> + <fieldname>description</fieldname> + </columnitem> + </adddeleteeditpagefields> + <fields> + <field> + <name>Site Access Lists</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Name</fielddescr> + <fieldname>name</fieldname> + <description></description> + <type>input</type> + <size>25</size> + </field> + <field> + <fielddescr>description</fielddescr> + <fieldname>description</fieldname> + <type>input</type> + <size>80</size> + </field> + <field> + <name>Banned</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Enable</fielddescr> + <fieldname>bannedsite_enabled</fieldname> + <type>checkbox</type> + <description></description> + </field> + <field> + <fielddescr>Include</fielddescr> + <fieldname>banned_includes</fieldname> + <description><![CDATA[Select Include files to banned phrase filter.]]></description> + <type>select_source</type> + <source><![CDATA[$config['installedpackages']['dansguardianblacklistsdomains']['config']]]></source> + <source_name>descr</source_name> + <source_value>file</source_value> + <multiple/> + <size>20</size> + </field> + <field> + <fielddescr>Config</fielddescr> + <fieldname>banned_sitelist</fieldname> + <description><![CDATA[Enter Banned Site List for this group.<br> + Leave empty to load dansguardian defaults]]></description> + <type>textarea</type> + <cols>80</cols> + <rows>10</rows> + <encoding>base64</encoding> + </field> + <field> + <name>Grey</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Enable</fielddescr> + <fieldname>greysite_enable</fieldname> + <type>checkbox</type> + <description></description> + </field> + <field> + <fielddescr>Config</fielddescr> + <fieldname>grey_sitelist</fieldname> + <description><![CDATA[Enter Weighted Site List for this group.<br> + Leave empty to load dansguardian defaults]]></description> + <type>textarea</type> + <cols>80</cols> + <rows>10</rows> + <encoding>base64</encoding> + </field> + <field> + <name>Exception</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Enable</fielddescr> + <fieldname>exceptionsite_enabled</fieldname> + <type>checkbox</type> + <description></description> + </field> + <field> + <fielddescr>Include</fielddescr> + <fieldname>exception_includes</fieldname> + <description><![CDATA[Select Include files to exception site lists.]]></description> + <type>select_source</type> + <source><![CDATA[$config['installedpackages']['dansguardianwhitelistsdomains']['config']]]></source> + <source_name>descr</source_name> + <source_value>file</source_value> + <multiple/> + <size>5</size> + </field> + <field> + <fielddescr>Config</fielddescr> + <fieldname>exception_sitelist</fieldname> + <description><![CDATA[Enter exception Site List for this group.<br> + Leave empty to load dansguardian defaults]]></description> + <type>textarea</type> + <cols>80</cols> + <rows>10</rows> + <encoding>base64</encoding> + </field> + <field> + <fielddescr>File</fielddescr> + <fieldname>exceptionfile_sitelist</fieldname> + <description><![CDATA[Enter exception File Site List for this group.<br> + Leave empty to load dansguardian defaults]]></description> + <type>textarea</type> + <cols>80</cols> + <rows>10</rows> + <encoding>base64</encoding> + </field> + <field> + <name>Log</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Enable</fielddescr> + <fieldname>logsite_enabled</fieldname> + <type>checkbox</type> + <description></description> + </field> + <field> + <fielddescr>Config</fielddescr> + <fieldname>log_sitelist</fieldname> + <description><![CDATA[Enter log only site List for this group.<br> + Leave empty to load dansguardian defaults]]></description> + <type>textarea</type> + <cols>80</cols> + <rows>10</rows> + <encoding>base64</encoding> + </field> + + </fields> + <custom_php_install_command> + dansguardian_php_install_command(); + </custom_php_install_command> + <custom_php_deinstall_command> + dansguardian_php_deinstall_command(); + </custom_php_deinstall_command> + <custom_php_validation_command> + dansguardian_validate_input($_POST, &$input_errors); + </custom_php_validation_command> + <custom_php_resync_config_command> + sync_package_dansguardian(); + </custom_php_resync_config_command> +</packagegui>
\ No newline at end of file diff --git a/config/dansguardian/dansguardian_sync.xml b/config/dansguardian/dansguardian_sync.xml index 9fb69102..22e4a879 100755 --- a/config/dansguardian/dansguardian_sync.xml +++ b/config/dansguardian/dansguardian_sync.xml @@ -59,8 +59,20 @@ <url>/pkg_edit.php?xml=dansguardian_limits.xml&id=0</url> </tab> <tab> - <text>Filter Groups</text> - <url>/pkg.php?xml=dansguardian_lists.xml</url> + <text>Blacklist</text> + <url>/pkg_edit.php?xml=dansguardian_blacklist.xml&id=0</url> + </tab> + <tab> + <text>Access Lists</text> + <url>/pkg_edit.php?xml=dansguardian_antivirus_acl.xml&id=0</url> + </tab> + <tab> + <text>Groups</text> + <url>/pkg.php?xml=dansguardian_groups.xml</url> + </tab> + <tab> + <text>Users</text> + <url>/pkg_edit.php?xml=dansguardian_users.xml</url> </tab> <tab> <text>Report and Log</text> @@ -72,8 +84,8 @@ <active/> </tab> <tab> - <text>About</text> - <url>/pkg_edit.php?xml=dansguardian.php&id=0</url> + <text>Help</text> + <url>/dansguardian_about.php</url> </tab> </tabs> <fields> diff --git a/config/dansguardian/dansguardian_url_acl.xml b/config/dansguardian/dansguardian_url_acl.xml new file mode 100755 index 00000000..e7fdba14 --- /dev/null +++ b/config/dansguardian/dansguardian_url_acl.xml @@ -0,0 +1,293 @@ +<?xml version="1.0" encoding="utf-8" ?> +<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> +<packagegui> + <copyright> + <![CDATA[ +/* ========================================================================== */ +/* + dansguardian_url_acl.xml + part of pfSense (http://www.pfSense.com) + Copyright (C) 2012 Marcello Coutinho + + All rights reserved. +*/ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ +/* ========================================================================== */ + ]]> + </copyright> + <description>Describe your package here</description> + <requirements>Describe your package requirements here</requirements> + <faq>Currently there are no FAQ items provided.</faq> + <name>dansguardianurlacl</name> + <version>1.0</version> + <title>Services: Dansguardian - Access Lists</title> + <include_file>/usr/local/pkg/dansguardian.inc</include_file> + <tabs> + <tab> + <text>Back to Config</text> + <url>/pkg_edit.php?xml=dansguardian.xml&id=0</url> + </tab> + <tab> + <text>Antivirus</text> + <url>/pkg_edit.php?xml=dansguardian_antivirus_acl.xml&id=0</url> + </tab> + <tab> + <text>Pics</text> + <url>/pkg.php?xml=dansguardian_pics_acl.xml&id=0</url> + </tab> + <tab> + <text>Phase</text> + <url>/pkg.php?xml=dansguardian_phrase_acl.xml</url> + </tab> + <tab> + <text>Site</text> + <url>/pkg.php?xml=dansguardian_site_acl.xml</url> + </tab> + <tab> + <text>URL</text> + <url>/pkg.php?xml=dansguardian_url_acl.xml</url> + <active/> + </tab> + <tab> + <text>Extension</text> + <url>/pkg.php?xml=dansguardian_file_acl.xml</url> + </tab> + <tab> + <text>Content</text> + <url>/pkg.php?xml=dansguardian_file_acl.xml</url> + </tab> + <tab> + <text>Header</text> + <url>/pkg.php?xml=dansguardian_header_acl.xml</url> + </tab> + <tab> + <text>Searche Engine</text> + <url>/pkg.php?xml=dansguardian_search_acl.xml</url> + </tab> + <tab> + <text>Groups</text> + <url>/pkg.php?xml=dansguardian_groups.xml</url> + </tab> + <tab> + <text>Users</text> + <url>/pkg_edit.php?xml=dansguardian_users.xml</url> + </tab> +</tabs> +<adddeleteeditpagefields> + <columnitem> + <fielddescr>Access List Name</fielddescr> + <fieldname>name</fieldname> + </columnitem> + <columnitem> + <fielddescr>Access List Description</fielddescr> + <fieldname>description</fieldname> + </columnitem> + </adddeleteeditpagefields> + <fields> + <field> + <name>URL Access Lists</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Name</fielddescr> + <fieldname>name</fieldname> + <description></description> + <type>input</type> + <size>25</size> + </field> + <field> + <fielddescr>description</fielddescr> + <fieldname>description</fieldname> + <type>input</type> + <size>80</size> + </field> + <field> + <name>Banned</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Enable</fielddescr> + <fieldname>bannedurl_enabled</fieldname> + <type>checkbox</type> + <description></description> + </field> + <field> + <fielddescr>Include</fielddescr> + <fieldname>banned_includes</fieldname> + <description><![CDATA[Select Include files to URL phrase filter.]]></description> + <type>select_source</type> + <source><![CDATA[$config['installedpackages']['dansguardianblacklistsurls']['config']]]></source> + <source_name>descr</source_name> + <source_value>file</source_value> + <multiple/> + <size>20</size> + </field> + <field> + <fielddescr>Config</fielddescr> + <fieldname>banned_urllist</fieldname> + <description><![CDATA[Enter Banned Url List for this group.<br> + Leave empty to load dansguardian defaults]]></description> + <type>textarea</type> + <cols>80</cols> + <rows>10</rows> + <encoding>base64</encoding> + </field> + <field> + <fielddescr>Regexp</fielddescr> + <fieldname>bannedregexp_urllist</fieldname> + <description><![CDATA[Enter Banned Regex Url List for this group.<br> + Leave empty to load dansguardian defaults]]></description> + <type>textarea</type> + <cols>80</cols> + <rows>10</rows> + <encoding>base64</encoding> + </field> + + <field> + <name>Grey</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Enable</fielddescr> + <fieldname>greyurl_enabled</fieldname> + <type>checkbox</type> + <description></description> + </field> + <field> + <fielddescr>Grey</fielddescr> + <fieldname>grey_urllist</fieldname> + <description><![CDATA[Enter Gray url List for this group.<br> + Leave empty to load dansguardian defaults]]></description> + <type>textarea</type> + <cols>80</cols> + <rows>10</rows> + <encoding>base64</encoding> + </field> + <field> + <name>Exception</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Enable</fielddescr> + <fieldname>exceptionurl_enabled</fieldname> + <type>checkbox</type> + <description></description> + </field> + <field> + <fielddescr>Config</fielddescr> + <fieldname>exception_urllist</fieldname> + <description><![CDATA[Enter exception url List for this group.<br> + Leave empty to load dansguardian defaults]]></description> + <type>textarea</type> + <cols>80</cols> + <rows>10</rows> + <encoding>base64</encoding> + </field> + <field> + <fielddescr>regexp</fielddescr> + <fieldname>exceptionregexp_urllist</fieldname> + <description><![CDATA[Enter exception regex url List for this group.<br> + Leave empty to load dansguardian defaults]]></description> + <type>textarea</type> + <cols>80</cols> + <rows>10</rows> + <encoding>base64</encoding> + </field> + <field> + <fielddescr>file</fielddescr> + <fieldname>exceptionfile_urllist</fieldname> + <description><![CDATA[Enter exception file url List for this group.<br> + Leave empty to load dansguardian defaults]]></description> + <type>textarea</type> + <cols>80</cols> + <rows>10</rows> + <encoding>base64</encoding> + </field> + <field> + <name>Modify</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Enable</fielddescr> + <fieldname>contenturl_enabled</fieldname> + <type>checkbox</type> + <description></description> + </field> + <field> + <fielddescr>config</fielddescr> + <fieldname>modify_urllist</fieldname> + <description><![CDATA[Enter Exception url List for this group.<br> + Leave empty to load dansguardian defaults]]></description> + <type>textarea</type> + <cols>80</cols> + <rows>10</rows> + <encoding>base64</encoding> + </field> + <field> + <name>Log</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Enable</fielddescr> + <fieldname>logurl_enabled</fieldname> + <type>checkbox</type> + <description></description> + </field> + <field> + <fielddescr>config</fielddescr> + <fieldname>log_urllist</fieldname> + <description><![CDATA[Enter log only url List for this group.<br> + Leave empty to load dansguardian defaults]]></description> + <type>textarea</type> + <cols>80</cols> + <rows>10</rows> + <encoding>base64</encoding> + </field> + <field> + <fielddescr>regexp</fielddescr> + <fieldname>logregexp_urllist</fieldname> + <description><![CDATA[Enter log only regexp url List for this group.<br> + Leave empty to load dansguardian defaults]]></description> + <type>textarea</type> + <cols>80</cols> + <rows>10</rows> + <encoding>base64</encoding> + </field> + + </fields> + <custom_php_install_command> + dansguardian_php_install_command(); + </custom_php_install_command> + <custom_php_deinstall_command> + dansguardian_php_deinstall_command(); + </custom_php_deinstall_command> + <custom_php_validation_command> + dansguardian_validate_input($_POST, &$input_errors); + </custom_php_validation_command> + <custom_php_resync_config_command> + sync_package_dansguardian(); + </custom_php_resync_config_command> +</packagegui>
\ No newline at end of file diff --git a/config/dansguardian/dansguardian_users_footer.xml b/config/dansguardian/dansguardian_users_footer.xml new file mode 100644 index 00000000..1288b919 --- /dev/null +++ b/config/dansguardian/dansguardian_users_footer.xml @@ -0,0 +1,14 @@ + </fields> + <custom_php_install_command> + dansguardian_php_install_command(); + </custom_php_install_command> + <custom_php_deinstall_command> + dansguardian_php_deinstall_command(); + </custom_php_deinstall_command> + <custom_php_validation_command> + dansguardian_validate_input($_POST, &$input_errors); + </custom_php_validation_command> + <custom_php_resync_config_command> + sync_package_dansguardian(); + </custom_php_resync_config_command> +</packagegui> diff --git a/config/dansguardian/dansguardian_users_header.xml b/config/dansguardian/dansguardian_users_header.xml new file mode 100644 index 00000000..921d7ebf --- /dev/null +++ b/config/dansguardian/dansguardian_users_header.xml @@ -0,0 +1,91 @@ +<?xml version="1.0" encoding="utf-8" ?> +<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> +<packagegui> + <copyright> + <![CDATA[ +/* $Id$ */ +/* ========================================================================== */ +/* + dansguardian_users.xml + part of the dansguardian for pfSense + Copyright (C) 2012 Marcello Coutinho + + All rights reserved. + */ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ +/* ========================================================================== */ + ]]> + </copyright> + <description>Describe your package here</description> + <requirements>Describe your package requirements here</requirements> + <faq>Currently there are no FAQ items provided.</faq> + <name>dansguardianusers</name> + <version>1.0</version> + <title>Services: Dansguardian</title> + <include_file>/usr/local/pkg/dansguardian.inc</include_file> + <tabs><tab> + <text>Daemon</text> + <url>/pkg_edit.php?xml=dansguardian.xml&id=0</url> + </tab> + <tab> + <text>General</text> + <url>/pkg_edit.php?xml=dansguardian_config.xml&id=0</url> + </tab> + <tab> + <text>Limits</text> + <url>/pkg_edit.php?xml=dansguardian_limits.xml&id=0</url> + </tab> + <tab> + <text>Blacklist</text> + <url>/pkg_edit.php?xml=dansguardian_blacklist.xml&id=0</url> + </tab> + <tab> + <text>Access Lists</text> + <url>/pkg_edit.php?xml=dansguardian_antivirus_acl.xml&id=0</url> + </tab> + <tab> + <text>Groups</text> + <url>/pkg.php?xml=dansguardian_groups.xml</url> + </tab> + <tab> + <text>Users</text> + <url>/pkg_edit.php?xml=dansguardian_users.xml</url> + <active/> + </tab> + <tab> + <text>Report and log</text> + <url>/pkg_edit.php?xml=dansguardian_log.xml&id=0</url> + </tab> + <tab> + <text>XMLRPC Sync</text> + <url>/pkg_edit.php?xml=dansguardian_sync.xml&id=0</url> + </tab> + <tab> + <text>Help</text> + <url>/dansguardian_about.php</url> + </tab> +</tabs> + <fields> diff --git a/config/dansguardian/dansguardianfx.conf.template b/config/dansguardian/dansguardianfx.conf.template new file mode 100644 index 00000000..cb811e21 --- /dev/null +++ b/config/dansguardian/dansguardianfx.conf.template @@ -0,0 +1,382 @@ +<?php +/* + dansguardianfx.conf.template + part of the Dansguardian package for pfSense + Copyright (C) 2012 Marcello Coutinho + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + +*/ + +$dgf= <<<EOF +# DansGuardian filter group config file for version 2.12.0.0 + + +# Filter group mode +# This option determines whether members of this group have their web access +# unfiltered, filtered, or banned. This mechanism replaces the "banneduserlist" +# and "exceptionuserlist" files from previous versions. +# +# 0 = banned +# 1 = filtered +# 2 = unfiltered (exception) +# +# Only filter groups with a mode of 1 need to define phrase, URL, site, extension, +# mimetype and PICS lists; in other modes, these options are ignored to conserve +# memory. +# +# Defaults to 0 if unspecified. +# Unauthenticated users are treated as being in the first filter group. +groupmode = {$dansguardian_groups['mode']} + +# Filter group name +# Used to fill in the -FILTERGROUP- placeholder in the HTML template file, and to +# name the group in the access logs +# Defaults to empty string +groupname = '{$dansguardian_groups['name']}' + +# Content filtering files location +bannedphraselist = '/usr/local/etc/dansguardian/lists/weightedphraselist.{$dansguardian_groups['phraseacl']}' +weightedphraselist = '/usr/local/etc/dansguardian/lists/weightedphraselist.{$dansguardian_groups['phraseacl']}' +exceptionphraselist = '/usr/local/etc/dansguardian/lists/exceptionphraselist.{$dansguardian_groups['phraseacl']}' +bannedsitelist = '/usr/local/etc/dansguardian/lists/bannedsitelist.{$dansguardian_groups['siteacl']}' +greysitelist = '/usr/local/etc/dansguardian/lists/greysitelist.{$dansguardian_groups['siteacl']}' +exceptionsitelist = '/usr/local/etc/dansguardian/lists/exceptionsitelist.{$dansguardian_groups['siteacl']}' +bannedurllist = '/usr/local/etc/dansguardian/lists/bannedurllist.{$dansguardian_groups['urlacl']}' +greyurllist = '/usr/local/etc/dansguardian/lists/greyurllist.{$dansguardian_groups['urlacl']}' +exceptionurllist = '/usr/local/etc/dansguardian/lists/exceptionurllist.{$dansguardian_groups['urlacl']}' +exceptionregexpurllist = '/usr/local/etc/dansguardian/lists/exceptionregexpurllist.{$dansguardian_groups['urlacl']}' +bannedregexpurllist = '/usr/local/etc/dansguardian/lists/bannedregexpurllist.{$dansguardian_groups['urlacl']}' +picsfile = '/usr/local/etc/dansguardian/lists/{$dansguardian_groups['picsacl']}' +contentregexplist = '/usr/local/etc/dansguardian/lists/contentregexplist.{$dansguardian_groups['contentacl']}' +urlregexplist = '/usr/local/etc/dansguardian/lists/urlregexplist.{$dansguardian_groups['urlacl']}' + +# Filetype filtering +# +# Blanket download blocking +# If enabled, all files will be blocked, unless they match the +# exceptionextensionlist or exceptionmimetypelist. +# These lists do not override virus scanning. +# Exception lists defined above override all types of filtering, including +# the blanket download block. +# Defaults to disabled. +# (on | off) +# +blockdownloads = {$dansguardian_groups['blockdownloads']} +exceptionextensionlist = '/usr/local/etc/dansguardian/lists/exceptionextensionlist.{$dansguardian_groups['extensionacl']}' +exceptionmimetypelist = '/usr/local/etc/dansguardian/lists/exceptionmimetypelist.{$dansguardian_groups['extensionacl']}' +# +# Use the following lists to block specific kinds of file downloads. +# The two exception lists above can be used to override these. +# +bannedextensionlist = '/usr/local/etc/dansguardian/lists/bannedextensionlist.{$dansguardian_groups['extensionacl']}' +bannedmimetypelist = '/usr/local/etc/dansguardian/lists/bannedmimetypelist.{$dansguardian_groups['extensionacl']}' +# +# In either file filtering mode, the following list can be used to override +# MIME type & extension blocks for particular domains & URLs (trusted download sites). +# +exceptionfilesitelist = '/usr/local/etc/dansguardian/lists/exceptionfilesitelist.{$dansguardian_groups['siteacl']}' +exceptionfileurllist = '/usr/local/etc/dansguardian/lists/exceptionfileurllist.{$dansguardian_groups['urlacl']}' + +# Categorise without blocking: +# Supply categorised lists here and the category string shall be logged against +# matching requests, but matching these lists does not perform any filtering +# action. +logsitelist = '/usr/local/etc/dansguardian/lists/logsitelist.{$dansguardian_groups['siteacl']}' +logurllist = '/usr/local/etc/dansguardian/lists/logurllist.{$dansguardian_groups['urlacl']}' +logregexpurllist = '/usr/local/etc/dansguardian/lists/logregexpurllist.{$dansguardian_groups['urlacl']}' + +# Outgoing HTTP header rules: +# Optional lists for blocking based on, and modification of, outgoing HTTP +# request headers. Format for headerregexplist is one modification rule per +# line, similar to content/URL modifications. Format for +# bannedregexpheaderlist is one regular expression per line, with matching +# headers causing a request to be blocked. +# Headers are matched/replaced on a line-by-line basis, not as a contiguous +# block. +# Use for example, to remove cookies or prevent certain user-agents. +headerregexplist = '/usr/local/etc/dansguardian/lists/headerregexplist.{$dansguardian_groups['headeracl']}' +bannedregexpheaderlist = '/usr/local/etc/dansguardian/lists/bannedregexpheaderlist.{$dansguardian_groups['headeracl']}' + +# Weighted phrase mode +# Optional; overrides the weightedphrasemode option in dansguardian.conf +# for this particular group. See documentation for supported values in +# that file. +weightedphrasemode = {$dansguardian_groups['weightedphrasemode']} + +# Naughtiness limit +# This the limit over which the page will be blocked. Each weighted phrase is given +# a value either positive or negative and the values added up. Phrases to do with +# good subjects will have negative values, and bad subjects will have positive +# values. See the weightedphraselist file for examples. +# As a guide: +# 50 is for young children, 100 for old children, 160 for young adults. +naughtynesslimit = {$dansguardian_groups['naughtynesslimit']} + +# Search term blocking +# Search terms can be extracted from search URLs and filtered using the +# bannedphraselist, weightedphraselist and exceptionphraselist, with a separate +# threshold for blocking than that used for normal page content. +# To do this, the first two options below must be enabled. +# +# Search engine regular expression list +# List of regular expressions for matching search engine URLs. It is assumed +# that the search terms themselves will be contained within the first submatch +# of each expression. +searchengineregexplist = '/usr/local/etc/dansguardian/lists/searchengineregexplist.{$dansguardian_groups['searchacl']}' +# +# Search term limit +# The limit over which requests will be blocked for containing search terms +# which match the weightedphraselist. This should usually be lower than the +# 'naughtynesslimit' value above, because the amount of text being filtered +# is only a few words, rather than a whole page. +# This option must be uncommented if searchengineregexplist is uncommented. +# A value of 0 here indicates that search terms should be extracted, +# for logging/reporting purposes, but no filtering should be performed +# on the resulting text. +searchtermlimit = {$dansguardian_groups['searchtermlimit']} +# +# Search term lists +# If the three lines below are uncommented, search term blocking will use +# the banned, weighted & exception phrases from these lists, instead of using +# the same phrase lists as for page content. This is optional but recommended, +# as weights for individual phrases in the "normal" lists may not be +# appropriate for blocking when those phrases appear in a much smaller block +# of text. +# Please note that all or none of the below should be uncommented, not a +# mixture. +bannedsearchtermlist = '/usr/local/etc/dansguardian/lists/bannedsearchtermlist.{$dansguardian_groups['searchacl']}' +weightedsearchtermlist = '/usr/local/etc/dansguardian/lists/weightedsearchtermlist.{$dansguardian_groups['searchacl']}' +exceptionsearchtermlist = '/usr/local/etc/dansguardian/lists/exceptionsearchtermlist.{$dansguardian_groups['searchacl']}' + +# Category display threshold +# This option only applies to pages blocked by weighted phrase filtering. +# Defines the minimum score that must be accumulated within a particular +# category in order for it to show up on the block pages' category list. +# All categories under which the page scores positively will be logged; those +# that were not displayed to the user appear in brackets. +# +# -1 = display only the highest scoring category +# 0 = display all categories (default) +# > 0 = minimum score for a category to be displayed +categorydisplaythreshold = {$dansguardian_groups['categorydisplaythreshold']} + +# Embedded URL weighting +# When set to something greater than zero, this option causes URLs embedded within a +# page's HTML (from links, image tags, etc.) to be extracted and checked against the +# bannedsitelist and bannedurllist. Each link to a banned page causes the amount set +# here to be added to the page's weighting. +# The behaviour of this option with regards to multiple occurrences of a site/URL is +# affected by the weightedphrasemode setting. +# +# NB: Currently, this feature uses regular expressions that require the PCRE library. +# As such, it is only available if you compiled DansGuardian with '--enable-pcre=yes'. +# You can check compile-time options by running 'dansguardian -v'. +# +# Set to 0 to disable. +# Defaults to 0. +# WARNING: This option is highly CPU intensive! +embeddedurlweight = {$dansguardian_groups['embeddedurlweight']} + +# Enable PICS rating support +# +# Defaults to disabled +# (on | off) +enablepics = {$dansguardian_groups['enablepics']} + +# Temporary Denied Page Bypass +# This provides a link on the denied page to bypass the ban for a few minutes. To be +# secure it uses a random hashed secret generated at daemon startup. You define the +# number of seconds the bypass will function for before the deny will appear again. +# To allow the link on the denied page to appear you will need to edit the template.html +# or dansguardian.pl file for your language. +# 300 = enable for 5 minutes +# 0 = disable ( defaults to 0 ) +# -1 = enable but you require a separate program/CGI to generate a valid link +bypass = {$dansguardian_groups['bypass']} + +# Temporary Denied Page Bypass Secret Key +# Rather than generating a random key you can specify one. It must be more than 8 chars. +# '' = generate a random one (recommended and default) +# 'Mary had a little lamb.' = an example +# '76b42abc1cd0fdcaf6e943dcbc93b826' = an example +bypasskey = '{$dansguardian_groups['bypasskey']}' + +# Infection/Scan Error Bypass +# Similar to the 'bypass' setting, but specifically for bypassing files scanned and found +# to be infected, or files that trigger scanner errors - for example, archive types with +# recognised but unsupported compression schemes, or corrupt archives. +# The option specifies the number of seconds for which the bypass link will be valid. +# 300 = enable for 5 minutes +# 0 = disable (default) +# -1 = enable, but require a separate program/CGI to generate a valid link +infectionbypass = {$dansguardian_groups['infectionbypass']} + +# Infection/Scan Error Bypass Secret Key +# Same as the 'bypasskey' option, but used for infection bypass mode. +infectionbypasskey = '{$dansguardian_groups['infectionbypasskey']}' + +# Infection/Scan Error Bypass on Scan Errors Only +# Enable this option to allow infectionbypass links only when virus scanning fails, +# not when a file is found to contain a virus. +# on = enable (default and highly recommended) +# off = disable +infectionbypasserrorsonly = {$dansguardian_groups['infectionbypasserrorsonly']} + +# Disable content scanning +# If you enable this option you will disable content scanning for this group. +# Content scanning primarily is AV scanning (if enabled) but could include +# other types. +# (on|off) default = off. +disablecontentscan = {$dansguardian_groups['disablecontentscan']} + +# Enable Deep URL Analysis +# When enabled, DG looks for URLs within URLs, checking against the bannedsitelist and +# bannedurllist. This can be used, for example, to block images originating from banned +# sites from appearing in Google Images search results, as the original URLs are +# embedded in the thumbnail GET requests. +# (on|off) default = off +deepurlanalysis = {$dansguardian_groups['deepurlanalysis']} + +# reportinglevel +# +# -1 = log, but do not block - Stealth mode +# 0 = just say 'Access Denied' +# 1 = report why but not what denied phrase +# 2 = report fully +# 3 = use HTML template file (accessdeniedaddress ignored) - recommended +# +# If defined, this overrides the global setting in dansguardian.conf for +# members of this filter group. +# +#reportinglevel = {$dansguardian_groups['reportinglevel']} + +# accessdeniedaddress is the address of your web server to which the cgi +# dansguardian reporting script was copied. Only used in reporting levels +# 1 and 2. +# +# This webserver must be either: +# 1. Non-proxied. Either a machine on the local network, or listed as an +# exception in your browser's proxy configuration. +# 2. Added to the exceptionsitelist. Option 1 is preferable; this option is +# only for users using both transparent proxying and a non-local server +# to host this script. +# +# If defined, this overrides the global setting in dansguardian.conf for +# members of this filter group. +# +#accessdeniedaddress = 'http://YOURSERVER.YOURDOMAIN/cgi-bin/dansguardian.pl' + +# HTML Template override +# If defined, this specifies a custom HTML template file for members of this +# filter group, overriding the global setting in dansguardian.conf. This is +# only used in reporting level 3. +# +# The default template file path is <languagedir>/<language>/template.html +# e.g. /usr/local/share/dansguardian/languages/ukenglish/template.html when using 'ukenglish' +# language. +# +# This option generates a file path of the form: +# <languagedir>/<language>/<htmltemplate> +# e.g. /usr/local/share/dansguardian/languages/ukenglish/custom.html +# +#htmltemplate = 'custom.html' + +# Email reporting - original patch by J. Gauthier + +# Use SMTP +# If on, will enable system wide events to be reported by email. +# need to configure mail program (see 'mailer' in global config) +# and email recipients +# default usesmtp = off +#!! Not compiled !!usesmtp = off + +# mailfrom +# who the email would come from +# example: mailfrom = 'dansguardian@mycompany.com' +#!! Not compiled !!mailfrom = '' + +# avadmin +# who the virus emails go to (if notify av is on) +# example: avadmin = 'admin@mycompany.com' +#!! Not compiled !!avadmin = '' + +# contentdmin +# who the content emails go to (when thresholds are exceeded) +# and contentnotify is on +# example: contentadmin = 'admin@mycompany.com' +#!! Not compiled !!contentadmin = '' + +# avsubject +# Subject of the email sent when a virus is caught. +# only applicable if notifyav is on +# default avsubject = 'dansguardian virus block' +#!! Not compiled !!avsubject = 'dansguardian virus block' + +# content +# Subject of the email sent when violation thresholds are exceeded +# default contentsubject = 'dansguardian violation' +#!! Not compiled !!contentsubject = 'dansguardian violation' + +# notifyAV +# This will send a notification, if usesmtp/notifyav is on, any time an +# infection is found. +# Important: If this option is off, viruses will still be recorded like a +# content infraction. +#!! Not compiled !!notifyav = off + +# notifycontent +# This will send a notification, if usesmtp is on, based on thresholds +# below +#!! Not compiled !!notifycontent = off + +# thresholdbyuser +# results are only predictable with user authenticated configs +# if enabled the violation/threshold count is kept track of by the user +#!! Not compiled !!thresholdbyuser = off + +#violations +# number of violations before notification +# setting to 0 will never trigger a notification +#!! Not compiled !!violations = 0 + +#threshold +# this is in seconds. If 'violations' occur in 'threshold' seconds, then +# a notification is made. +# if this is set to 0, then whenever the set number of violations are made a +# notifaction will be sent. +#!! Not compiled !!threshold = 0 + +#SSL certificate checking +# Check that ssl certificates for servers on https connections are valid +# and signed by a ca in the configured path +sslcertcheck = {$dansguardian_groups['sslcertcheck']} + +#SSL man in the middle +# Forge ssl certificates for all sites, decrypt the data then re encrypt it +# using a different private key. Used to filter ssl sites +sslmitm = {$dansguardian_groups['sslmitm']} + +EOF; + +?>
\ No newline at end of file |