From cf08e91af27301092ea4ef4bd96762fcd82db58c Mon Sep 17 00:00:00 2001 From: marcelloc Date: Fri, 27 Jan 2012 14:24:51 -0200 Subject: Dansguardian - First release --- config/dansguardian/dansguardian.conf.template | 715 +++++++++ config/dansguardian/dansguardian.inc | 1615 ++++++++------------ config/dansguardian/dansguardian.php | 114 ++ config/dansguardian/dansguardian.xml | 125 +- config/dansguardian/dansguardian_about.php | 114 ++ config/dansguardian/dansguardian_antivirus_acl.xml | 193 +++ config/dansguardian/dansguardian_blacklist.xml | 156 ++ config/dansguardian/dansguardian_config.xml | 134 +- config/dansguardian/dansguardian_content_acl.xml | 160 ++ config/dansguardian/dansguardian_file_acl.xml | 200 +++ config/dansguardian/dansguardian_filters.xml | 241 --- config/dansguardian/dansguardian_groups.xml | 340 +++++ config/dansguardian/dansguardian_header_acl.xml | 180 +++ config/dansguardian/dansguardian_limits.xml | 22 +- config/dansguardian/dansguardian_lists.xml | 329 ---- config/dansguardian/dansguardian_log.xml | 22 +- config/dansguardian/dansguardian_phrase_acl.xml | 223 +++ config/dansguardian/dansguardian_pics_acl.xml | 157 ++ config/dansguardian/dansguardian_search_acl.xml | 217 +++ config/dansguardian/dansguardian_site_acl.xml | 253 +++ config/dansguardian/dansguardian_sync.xml | 20 +- config/dansguardian/dansguardian_url_acl.xml | 293 ++++ config/dansguardian/dansguardian_users_footer.xml | 14 + config/dansguardian/dansguardian_users_header.xml | 91 ++ config/dansguardian/dansguardianfx.conf.template | 382 +++++ 25 files changed, 4691 insertions(+), 1619 deletions(-) create mode 100755 config/dansguardian/dansguardian.conf.template create mode 100644 config/dansguardian/dansguardian.php create mode 100755 config/dansguardian/dansguardian_about.php create mode 100755 config/dansguardian/dansguardian_antivirus_acl.xml create mode 100644 config/dansguardian/dansguardian_blacklist.xml create mode 100755 config/dansguardian/dansguardian_content_acl.xml create mode 100755 config/dansguardian/dansguardian_file_acl.xml delete mode 100755 config/dansguardian/dansguardian_filters.xml create mode 100755 config/dansguardian/dansguardian_groups.xml create mode 100755 config/dansguardian/dansguardian_header_acl.xml delete mode 100755 config/dansguardian/dansguardian_lists.xml create mode 100755 config/dansguardian/dansguardian_phrase_acl.xml create mode 100644 config/dansguardian/dansguardian_pics_acl.xml create mode 100755 config/dansguardian/dansguardian_search_acl.xml create mode 100755 config/dansguardian/dansguardian_site_acl.xml create mode 100755 config/dansguardian/dansguardian_url_acl.xml create mode 100644 config/dansguardian/dansguardian_users_footer.xml create mode 100644 config/dansguardian/dansguardian_users_header.xml create mode 100644 config/dansguardian/dansguardianfx.conf.template (limited to 'config/dansguardian') diff --git a/config/dansguardian/dansguardian.conf.template b/config/dansguardian/dansguardian.conf.template new file mode 100755 index 00000000..7b3fcc4c --- /dev/null +++ b/config/dansguardian/dansguardian.conf.template @@ -0,0 +1,715 @@ + 0 +# Once every 3 minutes, the current number of IPs in the cache, and the most +# that have been in the cache since the daemon was started, are written to this +# file. IPs persist in the cache for 7 days. +statlocation = '/var/log/dansguardian/stats' + + +# Network Settings +# +# the IP that DansGuardian listens on. If left blank DansGuardian will +# listen on all IPs. That would include all NICs, loopback, modem, etc. +# Normally you would have your firewall protecting this, but if you want +# you can limit it to a certain IP. To bind to multiple interfaces, +# specify each IP on an individual filterip line. +# You can have the same IP twice so long as it has a different port. +{$filterip} + +# the ports that DansGuardian listens to. Specify one line per filterip +# line. You can specify different authentication mechanisms per port but +# only if the mechanisms can co-exist (e.g. basic/proxy auth can't) +#filterports = 8080 +#filterports = 8081 +{$filterports} + +# the ip of the proxy (default is the loopback - i.e. this server) +proxyip = 127.0.0.1 + +# the port DansGuardian connects to proxy on +proxyport = 3128 + +# Whether to retrieve the original destination IP in transparent proxy +# setups and check it against the domain pulled from the HTTP headers. +# +# Be aware that when visiting sites which use a certain type of round-robin +# DNS for load balancing, DG may mark requests as invalid unless DG gets +# exactly the same answers to its DNS requests as clients. The chances of +# this happening can be increased if all clients and servers on the same LAN +# make use of a local, caching DNS server instead of using upstream DNS +# directly. +# +# See http://www.kb.cert.org/vuls/id/435052 +# on (default) | off +#!! Not compiled !! originalip = on + +# accessdeniedaddress is the address of your web server to which the cgi +# dansguardian reporting script was copied. Only used in reporting levels 1 and 2. +# +# This webserver must be either: +# 1. Non-proxied. Either a machine on the local network, or listed as an exception +# in your browser's proxy configuration. +# 2. Added to the exceptionsitelist. Option 1 is preferable; this option is +# only for users using both transparent proxying and a non-local server +# to host this script. +# +# Individual filter groups can override this setting in their own configuration. +# +accessdeniedaddress = 'http://YOURSERVER.YOURDOMAIN/cgi-bin/dansguardian.pl' + +# Non standard delimiter (only used with accessdeniedaddress) +# To help preserve the full banned URL, including parameters, the variables +# passed into the access denied CGI are separated using non-standard +# delimiters. This can be useful to ensure correct operation of the filter +# bypass modes. Parameters are split using "::" in place of "&", and "==" in +# place of "=". +# Default is enabled, but to go back to the standard mode, disable it. +nonstandarddelimiter = {$nonstandarddelimiter} + + + +# Banned image replacement +# Images that are banned due to domain/url/etc reasons including those +# in the adverts blacklists can be replaced by an image. This will, +# for example, hide images from advert sites and remove broken image +# icons from banned domains. +# on (default) | off +usecustombannedimage = {$usecustombannedimage} +custombannedimagefile = '/usr/local/share/dansguardian/transparent1x1.gif' + + +#Banned flash replacement +usecustombannedflash = {$usecustombannedflash} +custombannedflashfile = '/usr/local/share/dansguardian/blockedflash.swf' + + + +# Filter groups options +# filtergroups sets the number of filter groups. A filter group is a set of content +# filtering options you can apply to a group of users. The value must be 1 or more. +# DansGuardian will automatically look for dansguardianfN.conf where N is the filter +# group. To assign users to groups use the filtergroupslist option. All users default +# to filter group 1. You must have some sort of authentication to be able to map users +# to a group. The more filter groups the more copies of the lists will be in RAM so +# use as few as possible. +filtergroups = {$filtergroups} +filtergroupslist = '/usr/local/etc/dansguardian/lists/filtergroupslist' + + + +# Authentication files location +bannediplist = '/usr/local/etc/dansguardian/lists/bannediplist' +exceptioniplist = '/usr/local/etc/dansguardian/lists/exceptioniplist' + +# Per-Room blocking definition directory +# A directory containing text files containing the room's name followed by IPs or ranges +# Think of it as bannediplist on crack +perroomblockingdirectory = '/usr/local/etc/dansguardian/lists/bannedrooms/' + +# Show weighted phrases found +# If enabled then the phrases found that made up the total which excedes +# the naughtyness limit will be logged and, if the reporting level is +# high enough, reported. on | off +showweightedfound = {$showweightedfound} + +# Weighted phrase mode +# There are 3 possible modes of operation: +# 0 = off = do not use the weighted phrase feature. +# 1 = on, normal = normal weighted phrase operation. +# 2 = on, singular = each weighted phrase found only counts once on a page. +# +# IMPORTANT: Note that setting this to "0" turns off all features which +# extract phrases from page content, including banned & exception +# phrases (not just weighted), search term filtering, and scanning for +# links to banned URLs. +# +weightedphrasemode = {$weightedphrasemode} + + + +# Positive (clean) result caching for URLs +# Caches good pages so they don't need to be scanned again. +# It also works with AV plugins. +# 0 = off (recommended for ISPs with users with disimilar browsing) +# 1000 = recommended for most users +# 5000 = suggested max upper limit +# If you're using an AV plugin then use at least 5000. +urlcachenumber = {$urlcachenumber} +# +# Age before they are stale and should be ignored in seconds +# 0 = never +# 900 = recommended = 15 mins +urlcacheage ={$urlcacheage} + + + +# Cache for content (AV) scan results as 'clean' +# By default, to save CPU, files scanned and found to be +# clean are inserted into the clean cache and NOT scanned +# again for a while. If you don't like this then choose +# to disable it. +# on = cache results; do not re-scan +# off = do not cache; always re-scan +# (on|off) default = on. +scancleancache = {$scancleancache} + + + +# Smart, Raw and Meta/Title phrase content filtering options +# Smart is where the multiple spaces and HTML are removed before phrase filtering +# Raw is where the raw HTML including meta tags are phrase filtered +# Meta/Title is where only meta and title tags are phrase filtered (v. quick) +# CPU usage can be effectively halved by using setting 0 or 1 compared to 2 +# 0 = raw only +# 1 = smart only +# 2 = both of the above (default) +# 3 = meta/title +phrasefiltermode = {$phrasefiltermode} + +# Lower casing options +# When a document is scanned the uppercase letters are converted to lower case +# in order to compare them with the phrases. However this can break Big5 and +# other 16-bit texts. If needed preserve the case. As of version 2.7.0 accented +# characters are supported. +# 0 = force lower case (default) +# 1 = do not change case +# 2 = scan first in lower case, then in original case +preservecase = {$preservecase} + +# Note: +# If phrasefiltermode and preserve case are both 2, this equates to 4 phrase +# filtering passes. If you have a large enough userbase for this to be a +# worry, and need to filter pages in exotic character encodings, it may be +# better to run two instances on separate servers: one with preservecase 1 +# (and possibly forcequicksearch 1) and non ASCII/UTF-8 phrase lists, and one +# with preservecase 0 and ASCII/UTF-8 lists. + + + +# Hex decoding options +# When a document is scanned it can optionally convert %XX to chars. +# If you find documents are getting past the phrase filtering due to encoding +# then enable. However this can break Big5 and other 16-bit texts. +# off = disabled (default) +# on = enabled +hexdecodecontent = {$hexdecodecontent} + + + +# Force Quick Search rather than DFA search algorithm +# The current DFA implementation is not totally 16-bit character compatible +# but is used by default as it handles large phrase lists much faster. +# If you wish to use a large number of 16-bit character phrases then +# enable this option. +# off (default) | on (Big5 compatible) +forcequicksearch = {$forcequicksearch} + + + +# Reverse lookups for banned site and URLs. +# If set to on, DansGuardian will look up the forward DNS for an IP URL +# address and search for both in the banned site and URL lists. This would +# prevent a user from simply entering the IP for a banned address. +# It will reduce searching speed somewhat so unless you have a local caching +# DNS server, leave it off and use the Blanket IP Block option in the +# bannedsitelist file instead. +reverseaddresslookups = {$reverseaddresslookups} + + + +# Reverse lookups for banned and exception IP lists. +# If set to on, DansGuardian will look up the forward DNS for the IP +# of the connecting computer. This means you can put in hostnames in +# the exceptioniplist and bannediplist. +# If a client computer is matched against an IP given in the lists, then the +# IP will be recorded in any log entries; if forward DNS is successful and a +# match occurs against a hostname, the hostname will be logged instead. +# It will reduce searching speed somewhat so unless you have a local DNS server, +# leave it off. +reverseclientiplookups = {$reverseclientiplookups} + + +# Perform reverse lookups on client IPs for successful requests. +# If set to on, DansGuardian will look up the forward DNS for the IP +# of the connecting computer, and log host names (where available) rather than +# IPs against requests. +# This is not dependent on reverseclientiplookups being enabled; however, if it +# is, enabling this option does not incur any additional forward DNS requests. +logclienthostnames = {$logclienthostnames} + + +# Build bannedsitelist and bannedurllist cache files. +# This will compare the date stamp of the list file with the date stamp of +# the cache file and will recreate as needed. +# If a .processed file exists for an item (e.g. domain/URL) list, then that +# will be used instead, if it is up to date (i.e. newer than the unprocessed +# list file). +# This can increase process start speed on slow computers. +# Fast computers do not need this option. +# on | off, default = on +createlistcachefiles = {$createlistcachefiles} + + +# Prefer cached list files +# If enabled, DansGuardian will always prefer to load ".processed" versions of +# list files, regardless of their time stamps relative to the original +# unprocessed lists. This is not generally useful unless you have a specific +# list update process which results in - for example - up-to-date, pre-sorted +# ".processed" list files with dummy unprocessed files. +# on | off, default = off +prefercachedlists = {$prefercachedlists} + + + +# POST protection (web upload and forms) +# does not block forms without any file upload, i.e. this is just for +# blocking or limiting uploads +# measured in kibibytes after MIME encoding and header bumph +# use 0 for a complete block +# use higher (e.g. 512 = 512Kbytes) for limiting +# use -1 for no blocking +#maxuploadsize = 512 +#maxuploadsize = 0 +maxuploadsize = {$maxuploadsize} + + + +# Max content filter size +# Sometimes web servers label binary files as text which can be very +# large which causes a huge drain on memory and cpu resources. +# To counter this, you can limit the size of the document to be +# filtered and get it to just pass it straight through. +# This setting also applies to content regular expression modification. +# The value must not be higher than maxcontentramcachescansize +# The size is in Kibibytes - eg 2048 = 2Mb +# use 0 to set it to maxcontentramcachescansize +maxcontentfiltersize = {$maxcontentfiltersize} + + + +# Max content ram cache scan size +# This is only used if you use a content scanner plugin such as AV +# This is the max size of file that DG will download and cache +# in RAM. After this limit is reached it will cache to disk +# This value must be less than or equal to maxcontentfilecachescansize. +# The size is in Kibibytes - eg 10240 = 10Mb +# use 0 to set it to maxcontentfilecachescansize +# This option may be ignored by the configured download manager. +maxcontentramcachescansize = {$maxcontentramcachescansize} + + + +# Max content file cache scan size +# This is only used if you use a content scanner plugin such as AV +# This is the max size file that DG will download +# so that it can be scanned or virus checked. +# This value must be greater or equal to maxcontentramcachescansize. +# The size is in Kibibytes - eg 10240 = 10Mb +maxcontentfilecachescansize = {$maxcontentfilecachescansize} + + + +# File cache dir +# Where DG will download files to be scanned if too large for the +# RAM cache. +filecachedir = '/tmp' + + + +# Delete file cache after user completes download +# When a file gets save to temp it stays there until it is deleted. +# You can choose to have the file deleted when the user makes a sucessful +# download. This will mean if they click on the link to download from +# the temp store a second time it will give a 404 error. +# You should configure something to delete old files in temp to stop it filling up. +# on|off (defaults to on) +deletedownloadedtempfiles = {$deletedownloadedtempfiles} + + + +# Initial Trickle delay +# This is the number of seconds a browser connection is left waiting +# before first being sent *something* to keep it alive. The +# *something* depends on the download manager chosen. +# Do not choose a value too low or normal web pages will be affected. +# A value between 20 and 110 would be sensible +# This may be ignored by the configured download manager. +initialtrickledelay = {$initialtrickledelay} + + + +# Trickle delay +# This is the number of seconds a browser connection is left waiting +# before being sent more *something* to keep it alive. The +# *something* depends on the download manager chosen. +# This may be ignored by the configured download manager. +trickledelay = {$trickledelay} + + + +# Download Managers +# These handle downloads of files to be filtered and scanned. +# They differ in the method they deal with large downloads. +# Files usually need to be downloaded 100% before they can be +# filtered and scanned before being sent on to the browser. +# Normally the browser can just wait, but with content scanning, +# for example to AV, the browser may timeout or the user may get +# confused so the download manager has to do some sort of +# 'keep alive'. +# +# There are various methods possible but not all are included. +# The author does not have the time to write them all so I have +# included a plugin systam. Also, not all methods work with all +# browsers and clients. Specifically some fancy methods don't +# work with software that downloads updates. To solve this, +# each plugin can support a regular expression for matching +# the client's user-agent string, and lists of the mime types +# and extensions it should manage. +# +# Note that these are the matching methods provided by the base plugin +# code, and individual plugins may override or add to them. +# See the individual plugin conf files for supported options. +# +# The plugins are matched in the order you specify and the last +# one is forced to match as the default, regardless of user agent +# and other matching mechanisms. +# +downloadmanager = '/usr/local/etc/dansguardian/downloadmanagers/fancy.conf' +##!! Not compiled !! downloadmanager = '/usr/local/etc/dansguardian/downloadmanagers/trickle.conf' +downloadmanager = '/usr/local/etc/dansguardian/downloadmanagers/default.conf' + + + +# Content Scanners (Also known as AV scanners) +# These are plugins that scan the content of all files your browser fetches +# for example to AV scan. The options are limitless. Eventually all of +# DansGuardian will be plugin based. You can have more than one content +# scanner. The plugins are run in the order you specify. +# This is one of the few places you can have multiple options of the same name. +# +# Some of the scanner(s) require 3rd party software and libraries eg clamav. +# See the individual plugin conf file for more options (if any). +# +{$contentscanners} + + +# Content scanner timeout +# Some of the content scanners support using a timeout value to stop +# processing (eg AV scanning) the file if it takes too long. +# If supported this will be used. +# The default of 60 seconds is probably reasonable. +contentscannertimeout = {$contentscannertimeout} + + + +# Content scan exceptions +# If 'on' exception sites, urls, users etc will be scanned +# This is probably not desirable behavour as exceptions are +# supposed to be trusted and will increase load. +# Correct use of grey lists are a better idea. +# (on|off) default = off +contentscanexceptions = {$contentscanexceptions} + + + +# Auth plugins +# These replace the usernameidmethod* options in previous versions. They +# handle the extraction of client usernames from various sources, such as +# Proxy-Authorisation headers and ident servers, enabling requests to be +# handled according to the settings of the user's filter group. +# Multiple plugins can be specified, and will be used per port in the order +# filterports are listed. +# +# If you do not use multiple filter groups, you need not specify this option. +# +#authplugin = '/usr/local/etc/dansguardian/authplugins/proxy-basic.conf' +#authplugin = '/usr/local/etc/dansguardian/authplugins/proxy-digest.conf' +#authplugin = '/usr/local/etc/dansguardian/authplugins/proxy-ntlm.conf' +#authplugin = '/usr/local/etc/dansguardian/authplugins/ident.conf' +#authplugin = '/usr/local/etc/dansguardian/authplugins/ip.conf' +{$authplugin} + + +# Re-check replaced URLs +# As a matter of course, URLs undergo regular expression search/replace (urlregexplist) +# *after* checking the exception site/URL/regexpURL lists, but *before* checking against +# the banned site/URL lists, allowing certain requests that would be matched against the +# latter in their original state to effectively be converted into grey requests. +# With this option enabled, the exception site/URL/regexpURL lists are also re-checked +# after replacement, making it possible for URL replacement to trigger exceptions based +# on them. +# Defaults to off. +recheckreplacedurls = {$recheckreplacedurls} + + + +# Misc settings + +# if on it adds an X-Forwarded-For: to the HTTP request +# header. This may help solve some problem sites that need to know the +# source ip. on | off +forwardedfor = {$forwardedfor} + + +# if on it uses the X-Forwarded-For: to determine the client +# IP. This is for when you have squid between the clients and DansGuardian. +# Warning - headers are easily spoofed. on | off +usexforwardedfor = {$usexforwardedfor} + + +# if on it logs some debug info regarding fork()ing and accept()ing which +# can usually be ignored. These are logged by syslog. It is safe to leave +# it on or off +logconnectionhandlingerrors = {$logconnectionhandlingerrors} + + + +# Fork pool options + +# If on, this causes DG to write to the log file whenever child processes are +# created or destroyed (other than by crashes). This information can help in +# understanding and tuning the following parameters, but is not generally +# useful in production. +logchildprocesshandling = {$logchildprocesshandling} + +# sets the maximum number of processes to spawn to handle the incoming +# connections. Max value usually 250 depending on OS. +# On large sites you might want to try 180. +maxchildren = {$maxchildren} + + +# sets the minimum number of processes to spawn to handle the incoming connections. +# On large sites you might want to try 32. +minchildren = {$minchildren} + + +# sets the minimum number of processes to be kept ready to handle connections. +# On large sites you might want to try 8. +minsparechildren = {$minsparechildren} + + +# sets the minimum number of processes to spawn when it runs out +# On large sites you might want to try 10. +preforkchildren = {$preforkchildren} + + +# sets the maximum number of processes to have doing nothing. +# When this many are spare it will cull some of them. +# On large sites you might want to try 64. +maxsparechildren = {$maxsparechildren} + + +# sets the maximum age of a child process before it croaks it. +# This is the number of connections they handle before exiting. +# On large sites you might want to try 10000. +maxagechildren = {$maxagechildren} + + +# Sets the maximum number client IP addresses allowed to connect at once. +# Use this to set a hard limit on the number of users allowed to concurrently +# browse the web. Set to 0 for no limit, and to disable the IP cache process. +maxips = {$maxips} + + + +# Process options +# (Change these only if you really know what you are doing). +# These options allow you to run multiple instances of DansGuardian on a single machine. +# Remember to edit the log file path above also if that is your intention. + +# IPC filename +# +# Defines IPC server directory and filename used to communicate with the log process. +ipcfilename = '/tmp/.dguardianipc' + +# URL list IPC filename +# +# Defines URL list IPC server directory and filename used to communicate with the URL +# cache process. +urlipcfilename = '/tmp/.dguardianurlipc' + +# IP list IPC filename +# +# Defines IP list IPC server directory and filename, for communicating with the client +# IP cache process. +ipipcfilename = '/tmp/.dguardianipipc' + +# PID filename +# +# Defines process id directory and filename. +#pidfilename = '/var/run/dansguardian.pid' + +# Disable daemoning +# If enabled the process will not fork into the background. +# It is not usually advantageous to do this. +# on|off (defaults to off) +nodaemon = {$nodaemon} + +# Disable logging process +# on|off (defaults to off) +nologger = {$nologger} + +# Enable logging of "ADs" category blocks +# on|off (defaults to off) +logadblocks = {$logadblocks} + +# Enable logging of client User-Agent +# Some browsers will cause a *lot* of extra information on each line! +# on|off (defaults to off) +loguseragent = {$loguseragent} + +# Daemon runas user and group +# This is the user that DansGuardian runs as. Normally the user/group nobody. +# Uncomment to use. Defaults to the user set at compile time. +# Temp files created during virus scanning are given owner and group read +# permissions; to use content scanners based on external processes, such as +# clamdscan, the two processes must run with either the same group or user ID. +daemonuser = '{$daemonuser}' +daemongroup = '{$daemongroup}' + +# Soft restart +# When on this disables the forced killing off all processes in the process group. +# This is not to be confused with the -g run time option - they are not related. +# on|off (defaults to off) +softrestart = {$softrestart} + +# Mail program +# Path (sendmail-compatible) email program, with options. +# Not used if usesmtp is disabled (filtergroup specific). +#!! Not compiled !!mailer = '/usr/sbin/sendmail -t' + +#SSL certificate checking path +#Path to CA certificates used to validate the certificates of https sites. +#sslcertificatepath = '/etc/ssl/certs/' + +#SSL man in the middle +#CA certificate path +#Path to the CA certificate to use as a signing certificate for +#generated certificates. +#cacertificatepath = '/home/stephen/dginstall/ca.pem' +{$ca_pem} + +#CA private key path +#path to the private key that matches the public key in the CA certificate. +#caprivatekeypath = '/home/stephen/dginstall/ca.key' +{$ca_pk} + +#Cert private key path +#The public / private key pair used by all generated certificates +#certprivatekeypath = '/home/stephen/dginstall/cert.key' +{$cert_key} + +#Generated cert path +#The location where generated certificates will be saved for future use. +#(must be writable by the dg user) +#generatedcertpath = '/home/stephen/dginstall/generatedcerts/' + +#Generated link path = '' +#The location where symlinks to certificates will be created. +#(must be writable by the dg user) +#generatedlinkpath = '/home/stephen/dginstall/generatedlinks/' + +EOF; +?> diff --git a/config/dansguardian/dansguardian.inc b/config/dansguardian/dansguardian.inc index bbee18a3..343c38b9 100755 --- a/config/dansguardian/dansguardian.inc +++ b/config/dansguardian/dansguardian.inc @@ -37,6 +37,15 @@ function dg_text_area_decode($text){ return preg_replace('/\r\n/', "\n",base64_decode($text)); } +function dg_get_real_interface_address($iface) { + global $config; + $iface = convert_friendly_interface_to_real_interface_name($iface); + $line = trim(shell_exec("ifconfig $iface | grep inet | grep -v inet6")); + $postfix_enabled=$config['installedpackages']['postfix']['config'][0]['enable_postfix']; + list($dummy, $ip, $dummy2, $netmask) = explode(" ", $line); + return array($ip, long2ip(hexdec($netmask))); +} + function sync_package_dansguardian() { global $config; @@ -49,53 +58,58 @@ function sync_package_dansguardian() { $dansguardian_limits=$config['installedpackages']['dansguardianlimits']['config'][0]; if (is_array($config['installedpackages']['dansguardianlog'])) $dansguardian_log=$config['installedpackages']['dansguardianlog']['config'][0]; - + if (is_array($config['installedpackages']['dansguardianusers'])) + $dansguardian_users=$config['installedpackages']['dansguardianusers']['config'][0]; + if (is_array($config['installedpackages']['dansguardianblacklist']['config'])) + $dansguardian_blacklist=$config['installedpackages']['dansguardianblacklist']['config'][0]; + #daemon options $dansguardian_enabled=$dansguardian['enable_dg']; - $filterports=($dansguardian['filterports']?$dansguardian['filterports']:"8080"); + $filterport=($dansguardian['filterports']?$dansguardian['filterports']:"8080"); $softrestart=(preg_match('/softrestart/',$dansguardian['daemon_options'])?"yes":"no"); - $nodaemon=(preg_match('/nodaemon/',$dansguardian['daemon_options'])?"yes":"no"); - if ($dansguardian['children']) - list($min_children,$max_children) = split ("/", $dansguardian['children'], 2); + $nodaemon=(preg_match('/nodaemon/',$dansguardian['daemon_options'])?"yes":"off"); + if (preg_match("/\d+\/\d+/",$dansguardian['children'])) + list($minchildren,$maxchildren) = split ("/", $dansguardian['children'], 2); else - list($min_children,$max_children) = split ("/", "8/120", 2); - if ($dansguardian['sparechildren']) - list($min_spare_children,$max_spare_children) = split ("/", $dansguardian['sparechildren'], 2); + list($minchildren,$maxchildren) = split ("/", "8/120", 2); + if (preg_match("/\d+\/\d+/",$dansguardian['sparechildren'])) + list($minsparechildren,$maxsparechildren) = split ("/", $dansguardian['sparechildren'], 2); else - list($min_spare_children,$max_spare_children) = split ("/", "8/64", 2); + list($minsparechildren,$maxsparechildren) = split ("/", "8/64", 2); $maxagechildren=($dansguardian['maxagechildren']?$dansguardian['maxagechildren']:"500"); $maxips=($dansguardian['maxips']?$dansguardian['maxips']:"0"); - + $preforkchildren=($dansguardian['preforkchildren']?$dansguardian['preforkchildren']:"10"); #general options $urlcachenumber=($dansguardian_config['urlcachenumber']?$dansguardian_config['urlcachenumber']:"1000"); $urlcacheage=($dansguardian_config['urlcacheage']?$dansguardian_config['urlcacheage']:"900"); - $scancleancache=(preg_match('/scancleancache/',$dansguardian_config['scan_options'])?"yes":"no"); - $hexdecodecontent=(preg_match('/hexdecodecontent/',$dansguardian_config['scan_options'])?"yes":"no"); - $forcequicksearch=(preg_match('/forcequicksearch/',$dansguardian_config['scan_options'])?"yes":"no"); - $reverseaddresslookups=(preg_match('/reverseaddresslookups/',$dansguardian_config['scan_options'])?"yes":"no"); - $reverseclientiplookups=(preg_match('/reverseclientiplookups/',$dansguardian_config['scan_options'])?"yes":"no"); - $logclienthostnames=(preg_match('/logclienthostnames/',$dansguardian_config['scan_options'])?"yes":"no"); - $createlistcachefiles=(preg_match('/createlistcachefiles/',$dansguardian_config['scan_options'])?"yes":"no"); - $prefercachedlists=(preg_match('/prefercachedlists/',$dansguardian_config['scan_options'])?"yes":"no"); - $deletedownloadedtempfiles=(preg_match('/deletedownloadedtempfiles/',$dansguardian_config['scan_options'])?"yes":"no"); + $scancleancache=(preg_match('/scancleancache/',$dansguardian_config['scan_options'])?"on":"off"); + $hexdecodecontent=(preg_match('/hexdecodecontent/',$dansguardian_config['scan_options'])?"on":"off"); + $forcequicksearch=(preg_match('/forcequicksearch/',$dansguardian_config['scan_options'])?"on":"off"); + $reverseaddresslookups=(preg_match('/reverseaddresslookups/',$dansguardian_config['scan_options'])?"on":"off"); + $reverseclientiplookups=(preg_match('/reverseclientiplookups/',$dansguardian_config['scan_options'])?"on":"off"); + $logclienthostnames=(preg_match('/logclienthostnames/',$dansguardian_config['scan_options'])?"on":"off"); + $createlistcachefiles=(preg_match('/createlistcachefiles/',$dansguardian_config['scan_options'])?"on":"off"); + $prefercachedlists=(preg_match('/prefercachedlists/',$dansguardian_config['scan_options'])?"on":"off"); + $deletedownloadedtempfiles=(preg_match('/deletedownloadedtempfiles/',$dansguardian_config['scan_options'])?"on":"off"); $weightedphrasemode=($dansguardian_config['weightedphrasemode']?$dansguardian_config['weightedphrasemode']:"2"); $phrasefiltermode=($dansguardian_config['phrasefiltermode']?$dansguardian_config['phrasefiltermode']:"2"); $preservecase=($dansguardian_config['preservecase']?$dansguardian_config['preservecase']:"0"); - $clamdscan=(preg_match('/clamdscan/',$dansguardian_config['content_scanners'])?"yes":"no"); - $icapscan=(preg_match('/icapscan/',$dansguardian_config['content_scanners'])?"yes":"no"); + $clamdscan=(preg_match('/clamdscan/',$dansguardian_config['content_scanners'])?"on":"off"); + $icapscan=(preg_match('/icapscan/',$dansguardian_config['content_scanners'])?"on":"off"); $contentscannertimeout=($dansguardian_config['contentscannertimeout']?$dansguardian_config['contentscannertimeout']:"60"); $contentscanexceptions=($dansguardian_config['contentscanexceptions']?"on":"off"); - $recheckreplacedurls=(preg_match('/recheckreplacedurls/',$dansguardian_config['misc_options'])?"yes":"no"); - $forwardedfor=(preg_match('/forwardedfor/',$dansguardian_config['misc_options'])?"yes":"no"); - $recheckreplacedurls=(preg_match('/icapscan/',$dansguardian_config['misc_options'])?"yes":"no"); - $usexforwardedfor=(preg_match('/usexforwardedfor/',$dansguardian_config['misc_options'])?"yes":"no"); + $recheckreplacedurls=(preg_match('/recheckreplacedurls/',$dansguardian_config['misc_options'])?"on":"off"); + $forwardedfor=(preg_match('/forwardedfor/',$dansguardian_config['misc_options'])?"on":"off"); + $recheckreplacedurls=(preg_match('/icapscan/',$dansguardian_config['misc_options'])?"on":"off"); + $usexforwardedfor=(preg_match('/usexforwardedfor/',$dansguardian_config['misc_options'])?"on":"off"); + $authplugin=(preg_match('/usr/',$dansguardian_config['auth_plugin'])?"authplugin = '".$dansguardian_config['auth_plugin']."'":""); #limits $maxuploadsize=($dansguardian_limits['maxuploadsize']?$dansguardian_limits['maxuploadsize']:"-1"); $maxcontentfiltersize=($dansguardian_limits['maxcontentfiltersize']?$dansguardian_limits['maxcontentfiltersize']:"256"); - $maxcontentramcachescansize=($dansguardian_limits['maxcontentramcachescansize']?$dansguardian_limits['maxcontentramcachescansize']:"2000"); - $maxcontentfilecachescansize=($dansguardian_limits['maxcontentfilecachescansize']?$dansguardian_limits['maxcontentfilecachescansize']:"1000"); + $maxcontentramcachescansize=($dansguardian_limits['maxcontentramcachescansize']?$dansguardian_limits['maxcontentramcachescansize']:"1000"); + $maxcontentfilecachescansize=($dansguardian_limits['maxcontentfilecachescansize']?$dansguardian_limits['maxcontentfilecachescansize']:"2000"); $initialtrickledelay=($dansguardian_limits['initialtrickledelay']?$dansguardian_limits['initialtrickledelay']:"20"); $trickledelay=($dansguardian_limits['trickledelay']?$dansguardian_limits['trickledelay']:"20"); @@ -117,993 +131,625 @@ function sync_package_dansguardian() { $logexceptionhits=($dansguardian_log['logexceptionhits']?$dansguardian_log['logexceptionhits']:"2"); $logfileformat=($dansguardian_log['logfileformat']?$dansguardian_log['logfileformat']:"1"); - /* -Language Strings = %report-dir%/languages.conf -*/ #check files - $load_samples=0; + #create sample files + $files = array( "/dansguardianf1.conf", + "/lists/filtergroupslist", + "/lists/bannedphraselist", + "/lists/exceptionphraselist", + "/lists/weightedphraselist", + "/lists/exceptionsitelist", + "/lists/bannedsitelist", + "/lists/greysitelist", + "/lists/logsitelist", + "/lists/bannedregexpurllist", + "/lists/bannedurllist", + "/lists/exceptionregexpurllist", + "/lists/exceptionurllist", + "/lists/greyurllist", + "/lists/logregexpurllist", + "/lists/logurllist", + "/lists/urlregexplist", + "/lists/exceptionfilesitelist", + "/lists/exceptionfileurllist", + "/lists/searchengineregexplist", + "/lists/bannedsearchtermlist", + "/lists/weightedsearchtermlist", + "/lists/exceptionsearchtermlist", + "/lists/contentregexplist", + "/lists/exceptionextensionlist", + "/lists/bannedextensionlist", + "/lists/exceptionmimetypelist", + "/lists/bannedmimetypelist", + "/lists/headerregexplist", + "/lists/bannedregexpheaderlist", + "/lists/contentscanners/exceptionvirusextensionlist", + "/lists/contentscanners/exceptionvirusmimetypelist", + "/lists/contentscanners/exceptionvirussitelist", + "/lists/contentscanners/exceptionvirusurllist", + "/lists/pics"); + + $dansguardian_dir="/usr/local/etc/dansguardian"; + foreach ($files as $file) + if (! file_exists($dansguardian_dir.$file.'.sample')){ + $new_file=""; + $install_file=file($dansguardian_dir.$file); + foreach ($install_file as $line) + if (! preg_match("/Include/",$line)) + $new_file.= $line; + file_put_contents($dansguardian_dir.$file.'.sample',$new_file,LOCK_EX); + } + + $load_samples=0; - if($attachments['filename_rules'] == ""){ - $config['installedpackages']['msattachments']['config'][0]['filename_rules']=base64_encode(file_get_contents($dansguardian_dir.'/archives.filename.rules.conf.sample')); - $load_samples++; - } - if($attachments['filetype_rules'] == ""){ - $config['installedpackages']['msattachments']['config'][0]['filetype_rules']=base64_encode(file_get_contents($dansguardian_dir.'/archives.filetype.rules.conf.sample')); - $load_samples++; - } - if($content['phishing_safe'] == ""){ - $config['installedpackages']['mscontent']['config'][0]['phishing_safe']=base64_encode(file_get_contents($dansguardian_dir.'/phishing.safe.sites.conf.sample')); - $load_samples++; + #contentscanners preg_replace patterns + $match[0]="/(conf)/"; + $match[1]="/(\/usr.local)/"; + $match[2]="/,/"; + $replace[0]="$1'"; + $replace[1]="contentscanner = '$1"; + $replace[2]="\n"; + + $contentscanners=preg_replace($match,$replace,$dansguardian_config['content_scanners']); + + #includes preg_replace patterns + $match[0]="/(.)$/"; + $match[1]="/\/usr.local/"; + $match[2]="/,/"; + $replace[0]="$1>\n"; + $replace[1]="\n.Include/",$file_line,$matches)) + $banned_includes .= $matches[1].","; + + $weighted_file=file("/usr/local/etc/dansguardian/lists/weightedphraselist"); + foreach($weighted_file as $file_line) + if (preg_match ("/^.Include<(\S+)>/",$file_line,$matches)) + $weighted_includes .= $matches[1].","; + $config['installedpackages']['dansguardianphraseacl']['config'][0]=array('name'=>'Default', + 'description'=>'Default Phrase access list setup', + 'banned_enabled'=> "on", + 'weighted_enabled'=> "on", + 'exception_enabled'=> "on", + 'banned_includes' => substr($banned_includes,0,-1), + 'weighted_includes' => substr($weighted_includes,0,-1)); } - if($content['phishing_bad'] == ""){ - $config['installedpackages']['mscontent']['config'][0]['phishing_bad']=base64_encode(file_get_contents($dansguardian_dir.'/phishing.bad.sites.conf.sample')); - $load_samples++; + #loop on array + $count=0; + if (is_array($config['installedpackages']['dansguardianphraseacl']['config'])) + foreach($config['installedpackages']['dansguardianphraseacl']['config'] as $dansguardian_phrase){ + #bannedphraselist + if($dansguardian_phrase['banned_phraselist'] == "" && file_exists ($dansguardian_dir.'/lists/bannedphraselist.sample')){ + $config['installedpackages']['dansguardianphraseacl']['config'][$count]['banned_phraselist']=base64_encode(file_get_contents($dansguardian_dir.'/lists/bannedphraselist.sample')); + $load_samples++; + } + $includes=preg_replace($match,$replace,$dansguardian_phrase['banned_includes']); + file_put_contents($dansguardian_dir."/lists/bannedphraselist.".$dansguardian_phrase['name'],($dansguardian_phrase['banned_enabled']?dg_text_area_decode($config['installedpackages']['dansguardianphraseacl']['config'][$count]['banned_phraselist']).$includes:""),LOCK_EX); + + #weightedphraselist + if($dansguardian_phrase['weighted_phraselist'] == "" && file_exists ($dansguardian_dir.'/lists/weightedphraselist.sample')){ + $config['installedpackages']['dansguardianphraseacl']['config'][$count]['weighted_phraselist']=base64_encode(file_get_contents($dansguardian_dir.'/lists/weightedphraselist.sample')); + $load_samples++; + } + $includes=preg_replace($match,$replace,$dansguardian_phrase['weighted_includes']); + file_put_contents($dansguardian_dir."/lists/weightedphraselist.".$dansguardian_phrase['name'],($dansguardian_phrase['weighted_enabled']?dg_text_area_decode($config['installedpackages']['dansguardianphraseacl']['config'][$count]['weighted_phraselist']).$includes:""),LOCK_EX); + + #exceptionphraselist + if($dansguardian_phrase['exception_phraselist'] == "" && file_exists ($dansguardian_dir.'/lists/exceptionphraselist.sample')){ + $config['installedpackages']['dansguardianphraseacl']['config'][$count]['exception_phraselist']=base64_encode(file_get_contents($dansguardian_dir.'/lists/exceptionphraselist.sample')); + $load_samples++; + } + file_put_contents($dansguardian_dir."/lists/exceptionphraselist.".$dansguardian_phrase['name'],($dansguardian_phrase['exception_enabled']?dg_text_area_decode($config['installedpackages']['dansguardianphraseacl']['config'][$count]['exception_phraselist']):""),LOCK_EX); + $count++; + } + + #site ACL + #create a default setup if not exists + if (!is_array($config['installedpackages']['dansguardiansiteacl']['config'])) + $config['installedpackages']['dansguardiansiteacl']['config'][0]=array('name'=>'Default', + 'description'=>'Default Site access list setup', + 'exceptionsite_enabled'=> "on", + 'bannedsite_enabled'=> "on", + 'greysite_enabled'=> "on", + 'urlsite_enabled'=> "on"); + #loop on array + $count=0; + foreach($config['installedpackages']['dansguardiansiteacl']['config'] as $dansguardian_site){ + #exceptionsitelist + if($dansguardian_site['exception_sitelist'] == "" && file_exists ($dansguardian_dir.'/lists/exceptionsitelist.sample')){ + $config['installedpackages']['dansguardiansiteacl']['config'][$count]['exception_sitelist']=base64_encode(file_get_contents($dansguardian_dir.'/lists/exceptionsitelist.sample')); + $load_samples++; + } + $includes=preg_replace($match,$replace,$dansguardian_site['exception_includes']); + file_put_contents($dansguardian_dir."/lists/exceptionsitelist.".$dansguardian_site['name'],($dansguardian_site['exceptionsite_enabled']?dg_text_area_decode($config['installedpackages']['dansguardiansiteacl']['config'][$count]['exception_sitelist']).$includes:""),LOCK_EX); + + #exceptionfilesitelist + if($dansguardian_site['exceptionfile_sitelist'] == "" && file_exists ($dansguardian_dir.'/lists/exceptionfilesitelist.sample')){ + $config['installedpackages']['dansguardiansiteacl']['config'][$count]['exceptionfile_sitelist']=base64_encode(file_get_contents($dansguardian_dir.'/lists/exceptionfilesitelist.sample')); + $load_samples++; + } + file_put_contents($dansguardian_dir."/lists/exceptionfilesitelist.".$dansguardian_site['name'],($dansguardian_site['exceptionsite_enabled']?dg_text_area_decode($config['installedpackages']['dansguardiansiteacl']['config'][$count]['exceptionfile_sitelist']):""),LOCK_EX); + + #bannedsitelist + if($dansguardian_site['banned_sitelist'] == "" && file_exists ($dansguardian_dir.'/lists/bannedsitelist.sample')){ + $config['installedpackages']['dansguardiansiteacl']['config'][$count]['banned_sitelist']=base64_encode(file_get_contents($dansguardian_dir.'/lists/bannedsitelist.sample')); + $load_samples++; + } + $includes=preg_replace($match,$replace,$dansguardian_site['banned_includes']); + file_put_contents($dansguardian_dir."/lists/bannedsitelist.".$dansguardian_site['name'],($dansguardian_site['bannedsite_enabled']?dg_text_area_decode($config['installedpackages']['dansguardiansiteacl']['config'][$count]['banned_sitelist']).$includes:""),LOCK_EX); + + #greysitelist + if($dansguardian_site['grey_sitelist'] == "" && file_exists ($dansguardian_dir.'/lists/greysitelist.sample')){ + $config['installedpackages']['dansguardiansiteacl']['config'][$count]['grey_sitelist']=base64_encode(file_get_contents($dansguardian_dir.'/lists/greysitelist.sample')); + $load_samples++; + } + file_put_contents($dansguardian_dir."/lists/greysitelist.".$dansguardian_site['name'],($dansguardian_site['greysite_enabled']?dg_text_area_decode($config['installedpackages']['dansguardiansiteacl']['config'][$count]['grey_sitelist']):""),LOCK_EX); + + #logsitelist + if($dansguardian_site['log_sitelist'] == "" && file_exists ($dansguardian_dir.'/lists/logsitelist.sample')){ + $config['installedpackages']['dansguardiansiteacl']['config'][$count]['log_sitelist']=base64_encode(file_get_contents($dansguardian_dir.'/lists/logsitelist.sample')); + $load_samples++; + } + file_put_contents($dansguardian_dir."/lists/logsitelist.".$dansguardian_site['name'],($dansguardian_site['urlsite_enabled']?dg_text_area_decode($config['installedpackages']['dansguardiansiteacl']['config'][$count]['log_sitelist']):""),LOCK_EX); + $count++; } - if($content['country_domains'] == ""){ - $config['installedpackages']['mscontent']['config'][0]['country_domains']=base64_encode(file_get_contents($dansguardian_dir.'/country.domains.conf.sample')); - $load_samples++; - } - if($antispam['sa_pref_file'] == ""){ - $config['installedpackages']['msantispam']['config'][0]['sa_pref_file']=base64_encode(file_get_contents($dansguardian_dir.'/spam.assassin.prefs.conf.sample')); - $load_samples++; - } - if($antispam['rbl_file'] == ""){ - $config['installedpackages']['msantispam']['config'][0]['rbl_file']=base64_encode(file_get_contents($dansguardian_dir.'/spam.lists.conf.sample')); - $load_samples++; - } - if($antispam['mcp_pref_file'] == ""){ - $config['installedpackages']['msantispam']['config'][0]['mcp_pref_file']=base64_encode(file_get_contents($dansguardian_dir.'/mcp/mcp.spam.assassin.prefs.conf.sample')); - copy($dansguardian_dir.'/mcp/10_example.cf.sample',$dansguardian_dir.'/mcp/10_example.cf'); - copy($dansguardian_dir.'/mcp/v320.pre.sample',$dansguardian_dir.'/mcp/v320.pre'); - $load_samples++; - } - if($antispam['bounce'] == ""){ - $config['installedpackages']['msantispam']['config'][0]['bounce']=base64_encode(file_get_contents($dansguardian_dir.'/rules/bounce.rules.sample')); - $load_samples++; - } - if($antispam['spam_whitelist'] == ""){ - $config['installedpackages']['msantispam']['config'][0]['spam_whitelist']=base64_encode(file_get_contents($dansguardian_dir.'/rules/spam.whitelist.rules.sample')); - $load_samples++; - } - if($antispam['max_message_size'] == ""){ - $config['installedpackages']['msantispam']['config'][0]['max_message_size']=base64_encode(file_get_contents($dansguardian_dir.'/rules/max.message.size.rules.sample')); - $load_samples++; - } - - $report_dir="/usr/local/share/dansguardian/reports/".strtolower($report['language']); - #CHECK REPORT FILES - $report_files= array('deletedbadcontent' => 'deleted.content.message.txt', - 'deletedbadfilename' => 'deleted.filename.message.txt', - 'deletedvirus' =>'deleted.virus.message.txt', - 'deletedsize' => 'deleted.size.message.txt', - 'storedbadcontent' => 'stored.content.message.txt', - 'storedbadfilename' => 'stored.filename.message.txt', - 'storedvirus' => 'stored.virus.message.txt', - 'storedsize' => 'stored.size.message.txt', - 'disinfected' => 'disinfected.report.txt', - 'sendercontent' => 'sender.content.report.txt', - 'sendererror' => 'sender.error.report.txt', - 'senderbadfilename' => 'sender.filename.report.txt', - 'sendervirus' => 'sender.virus.report.txt', - 'sendersize' => 'sender.size.report.txt', - 'senderrbl' => 'sender.spam.rbl.report.txt', - 'sendersa' => 'sender.spam.sa.report.txt', - 'sendermcp' => 'sender.mcp.report.txt', - 'senderspam'=>'sender.spam.report.txt', - 'recipientmcp'=>'recipient.mcp.report.txt', - 'recipientspam'=>'recipient.spam.report.txt', - 'rejection' =>'rejection.report.txt'); - foreach ($report_files as $key_r => $file_r){ - if ($report[$key_r] == ""){ - #$input_errors[]= $key; - $config['installedpackages']['msreport']['config'][0][$key_r]=base64_encode(file_get_contents($report_dir.'/'.$file_r.'.sample')); - file_put_contents($report_dir.'/'.$file_r,dg_text_area_decode($config['installedpackages']['msreport']['config'][0][$key_r]),LOCK_EX); + #URL ACL + #create a default setup if not exists + if (!is_array($config['installedpackages']['dansguardianurlacl']['config'])) + $config['installedpackages']['dansguardianurlacl']['config'][0]=array('name'=>'Default', + 'description'=>'Default Url access list setup', + 'bannedurl_enabled'=> "on", + 'exceptionurl_enabled'=> "on", + 'contenturl_enabled'=> "on", + 'greyurl_enabled'=> "on"); + #loop on array + $count=0; + foreach($config['installedpackages']['dansguardianurlacl']['config'] as $dansguardian_url){ + #bannedurllist + if($dansguardian_url['banned_urllist'] == "" && file_exists ($dansguardian_dir.'/lists/bannedurllist.sample')){ + $config['installedpackages']['dansguardianurlacl']['config'][$count]['banned_urllist']=base64_encode(file_get_contents($dansguardian_dir.'/lists/bannedurllist.sample')); $load_samples++; - } - #print $key_r ."X $file_r X". base64_encode(file_get_contents($report_dir.'/'.$file_r.'.sample')) ."
"; + } + $includes=preg_replace($match,$replace,$dansguardian_url['banned_includes']); + file_put_contents($dansguardian_dir."/lists/bannedurllist.".$dansguardian_url['name'],($dansguardian_url['bannedurl_enabled']?dg_text_area_decode($config['installedpackages']['dansguardianurlacl']['config'][$count]['banned_urllist']).$includes:""),LOCK_EX); + + #bannedregexpurllist + if($dansguardian_url['bannedregexp_urllist'] == "" && file_exists ($dansguardian_dir.'/lists/bannedregexpurllist.sample')){ + $config['installedpackages']['dansguardianurlacl']['config'][$count]['bannedregexp_urllist']=base64_encode(file_get_contents($dansguardian_dir.'/lists/bannedregexpurllist.sample')); + $load_samples++; + } + file_put_contents($dansguardian_dir."/lists/bannedregexpurllist.".$dansguardian_url['name'],($dansguardian_url['bannedurl_enabled']?dg_text_area_decode($config['installedpackages']['dansguardianurlacl']['config'][$count]['bannedregexp_urllist']).$includes:""),LOCK_EX); + + #greyurllist + if($dansguardian_url['grey_urllist'] == "" && file_exists ($dansguardian_dir.'/lists/greyurllist.sample')){ + $config['installedpackages']['dansguardianurlacl']['config'][$count]['grey_urllist']=base64_encode(file_get_contents($dansguardian_dir.'/lists/greyurllist.sample')); + $load_samples++; + } + file_put_contents($dansguardian_dir."/lists/greyurllist.".$dansguardian_url['name'],($dansguardian_url['greyurl_enabled']?dg_text_area_decode($config['installedpackages']['dansguardianurlacl']['config'][$count]['grey_urllist']):""),LOCK_EX); + + #exceptionfileurllist + if($dansguardian_url['exception_urllist'] == "" && file_exists ($dansguardian_dir.'/lists/exceptionfileurllist.sample')){ + $config['installedpackages']['dansguardianurlacl']['config'][$count]['exception_urllist']=base64_encode(file_get_contents($dansguardian_dir.'/lists/exceptionfileurllist.sample')); + $load_samples++; + } + file_put_contents($dansguardian_dir."/lists/exceptionfileurllist.".$dansguardian_url['name'],($dansguardian_url['exceptionurl_enabled']?dg_text_area_decode($config['installedpackages']['dansguardianurlacl']['config'][$count]['exception_urllist']):""),LOCK_EX); - if ($alert['sig']){ - if($alert['sig_html'] == ""){ - $config['installedpackages']['msalerts']['config'][0]['sig_html']=base64_encode(file_get_contents($report_dir.'/inline.sig.html')); + #exceptionregexpurllist + if($dansguardian_url['exceptionregexp_urllist'] == "" && file_exists ($dansguardian_dir.'/lists/exceptionregexpurllist.sample')){ + $config['installedpackages']['dansguardianurlacl']['config'][$count]['exceptionregexp_urllist']=base64_encode(file_get_contents($dansguardian_dir.'/lists/exceptionregexpurllist.sample')); + $load_samples++; + } + file_put_contents($dansguardian_dir."/lists/exceptionregexpurllist.".$dansguardian_url['name'],($dansguardian_url['exceptionurl_enabled']?dg_text_area_decode($config['installedpackages']['dansguardianurlacl']['config'][$count]['exceptionregexp_urllist']):""),LOCK_EX); + + #exceptionurllist + if($dansguardian_url['exception_urllist'] == "" && file_exists ($dansguardian_dir.'/lists/exceptionurllist.sample')){ + $config['installedpackages']['dansguardianurlacl']['config'][$count]['exception_urllist']=base64_encode(file_get_contents($dansguardian_dir.'/lists/exceptionurllist.sample')); + $load_samples++; + } + file_put_contents($dansguardian_dir."/lists/exceptionurllist.".$dansguardian_url['name'],($dansguardian_url['exceptionurl_enabled']?dg_text_area_decode($config['installedpackages']['dansguardianurlacl']['config'][$count]['exception_urllist']):""),LOCK_EX); + + #urlregexplist + if($dansguardian_url['modify_urllist'] == "" && file_exists ($dansguardian_dir.'/lists/urlregexplist.sample')){ + $config['installedpackages']['dansguardianurlacl']['config'][$count]['modify_urllist']=base64_encode(file_get_contents($dansguardian_dir.'/lists/urlregexplist.sample')); + $load_samples++; + } + file_put_contents($dansguardian_dir."/lists/urlregexplist.".$dansguardian_url['name'],($dansguardian_url['contenturl_enabled']?dg_text_area_decode($config['installedpackages']['dansguardianurlacl']['config'][$count]['modify_urllist']):""),LOCK_EX); + + #logurllist + if($dansguardian_url['log_urllist'] == "" && file_exists ($dansguardian_dir.'/lists/logurllist.sample')){ + $config['installedpackages']['dansguardianurlacl']['config'][$count]['log_urllist']=base64_encode(file_get_contents($dansguardian_dir.'/lists/logurllist.sample')); + $load_samples++; + } + file_put_contents($dansguardian_dir."/lists/logurllist.".$dansguardian_url['name'],($dansguardian_url['logurl_enabled']?dg_text_area_decode($config['installedpackages']['dansguardianurlacl']['config'][$count]['log_urllist']):""),LOCK_EX); + + #logregexpurllist + if($dansguardian_url['logregexp_urllist'] == "" && file_exists ($dansguardian_dir.'/lists/logregexpurllist.sample')){ + $config['installedpackages']['dansguardianurlacl']['config'][$count]['logregexp_urllist']=base64_encode(file_get_contents($dansguardian_dir.'/lists/logregexpurllist.sample')); + $load_samples++; + } + file_put_contents($dansguardian_dir."/lists/logregexpurllist.".$dansguardian_url['name'],($dansguardian_url['logurl_enabled']?dg_text_area_decode($config['installedpackages']['dansguardianurlacl']['config'][$count]['logregexp_urllist']):""),LOCK_EX); + $count++; + } + + #Pics ACL + #create a default setup if not exists + if (!is_array($config['installedpackages']['dansguardianpicsacl']['config'])) + $config['installedpackages']['dansguardianpicsacl']['config'][0]=array('name'=>'Default', + 'description'=>'Default file access list setup'); + #loop on array + $count=0; + foreach($config['installedpackages']['dansguardianpicsacl']['config'] as $dansguardian_pics){ + #pics + if($dansguardian_pics['pics'] == "" && file_exists ($dansguardian_dir.'/lists/pics.sample')){ + $config['installedpackages']['dansguardianpicsacl']['config'][$count]['pics']=base64_encode(file_get_contents($dansguardian_dir.'/lists/pics.sample')); $load_samples++; - } - if($alert['sig_txt'] == ""){ - $config['installedpackages']['msalerts']['config'][0]['sig_txt']=base64_encode(file_get_contents($report_dir.'/inline.sig.txt')); + } + file_put_contents($dansguardian_dir."/lists/pics.".$dansguardian_pics['name'],($dansguardian_pics['pics_enabled']?dg_text_area_decode($config['installedpackages']['dansguardianpicsacl']['config'][$count]['pics']):""),LOCK_EX); + $count++; + } + + #Search ACL + #create a default setup if not exists + if (!is_array($config['installedpackages']['dansguardiansearchacl']['config'])) + $config['installedpackages']['dansguardiansearchacl']['config'][0]=array('name'=>'Default', + 'description'=>'Default search engine list setup'); + #loop on array + $count=0; + foreach($config['installedpackages']['dansguardiansearchacl']['config'] as $dansguardian_search){ + #searchengineregexplist + if($dansguardian_search['searchengineregexplist'] == "" && file_exists ($dansguardian_dir.'/lists/searchengineregexplist.sample')){ + $config['installedpackages']['dansguardiansearchacl']['config'][$count]['searchengineregexplist']=base64_encode(file_get_contents($dansguardian_dir.'/lists/searchengineregexplist.sample')); $load_samples++; - } } + file_put_contents($dansguardian_dir."/lists/searchengineregexplist.".$dansguardian_search['name'],($dansguardian_search['regexp_enabled']?dg_text_area_decode($config['installedpackages']['dansguardiansearchacl']['config'][$count]['searchengineregexplist']):""),LOCK_EX); - if ($alert['warning']){ - if($alert['warning_html'] == ""){ - $config['installedpackages']['msalerts']['config'][0]['warning_html']=base64_encode(file_get_contents($report_dir.'/inline.warning.html')); + #bannedsearchtermlist + if($dansguardian_search['banned_searchtermlist'] == "" && file_exists ($dansguardian_dir.'/lists/bannedsearchtermlist.sample')){ + $config['installedpackages']['dansguardiansearchacl']['config'][$count]['banned_searchtermlist']=base64_encode(file_get_contents($dansguardian_dir.'/lists/bannedsearchtermlist.sample')); $load_samples++; - } - if($alert['warning_txt'] == ""){ - $config['installedpackages']['msalerts']['config'][0]['warning_txt']=base64_encode(file_get_contents($report_dir.'/inline.warning.txt')); + } + file_put_contents($dansguardian_dir."/lists/bannedsearchtermlist.".$dansguardian_search['name'],($dansguardian_search['banned_enabled']?dg_text_area_decode($config['installedpackages']['dansguardiansearchacl']['config'][$count]['banned_searchtermlist']):""),LOCK_EX); + + #weightedsearchtermlist + if($dansguardian_search['weighted_searchtermlist'] == "" && file_exists ($dansguardian_dir.'/lists/weightedsearchtermlist.sample')){ + $config['installedpackages']['dansguardiansearchacl']['config'][$count]['weighted_searchtermlist']=base64_encode(file_get_contents($dansguardian_dir.'/lists/weightedsearchtermlist.sample')); + $load_samples++; + } + file_put_contents($dansguardian_dir."/lists/weightedsearchtermlist.".$dansguardian_search['name'],($dansguardian_search['weighted_enabled']?dg_text_area_decode($config['installedpackages']['dansguardiansearchacl']['config'][$count]['weighted_searchtermlist']):""),LOCK_EX); + + #exceptionsearchtermlist + if($dansguardian_search['exception_searchtermlist'] == "" && file_exists ($dansguardian_dir.'/lists/exceptionsearchtermlist.sample')){ + $config['installedpackages']['dansguardiansearchacl']['config'][$count]['exception_searchtermlist']=base64_encode(file_get_contents($dansguardian_dir.'/lists/exceptionsearchtermlist.sample')); $load_samples++; + } + file_put_contents($dansguardian_dir."/lists/exceptionsearchtermlist.".$dansguardian_search['name'],($dansguardian_search['exception_enabled']?dg_text_area_decode($config['installedpackages']['dansguardiansearchacl']['config'][$count]['exception_searchtermlist']):""),LOCK_EX); + $count++; + } + + #File ACL + #create a default setup if not exists + if (!is_array($config['installedpackages']['dansguardianfileacl']['config'])) + $config['installedpackages']['dansguardianfileacl']['config'][0]=array('name'=>'Default', + 'description'=>'Default file access list setup', + 'exception_enabled'=> "on", + 'banned_enabled'=> "on"); + #loop on array + $count=0; + foreach($config['installedpackages']['dansguardianfileacl']['config'] as $dansguardian_file){ + #exceptionextensionlist + if($dansguardian_file['exception_extensionlist'] == "" && file_exists ($dansguardian_dir.'/lists/exceptionextensionlist.sample')){ + $config['installedpackages']['dansguardianfileacl']['config'][$count]['exception_extensionlist']=base64_encode(file_get_contents($dansguardian_dir.'/lists/exceptionextensionlist.sample')); + $load_samples++; } + file_put_contents($dansguardian_dir."/lists/exceptionextensionlist.".$dansguardian_file['name'],($dansguardian_file['exception_enabled']?dg_text_area_decode($config['installedpackages']['dansguardianfileacl']['config'][$count]['exception_extensionlist']):""),LOCK_EX); + + #exceptionmimetypelist + if($dansguardian_file['exception_mimetypelist'] == "" && file_exists ($dansguardian_dir.'/lists/exceptionmimetypelist.sample')){ + $config['installedpackages']['dansguardianfileacl']['config'][$count]['exception_mimetypelist']=base64_encode(file_get_contents($dansguardian_dir.'/lists/exceptionmimetypelist.sample')); + $load_samples++; + } + file_put_contents($dansguardian_dir."/lists/exceptionmimetypelist.".$dansguardian_file['name'],($dansguardian_file['exception_enabled']?dg_text_area_decode($config['installedpackages']['exception_mimetypelist']):""),LOCK_EX); + + #bannedextensionlist + if($dansguardian_file['banned_extensionlist'] == "" && file_exists ($dansguardian_dir.'/lists/bannedextensionlist.sample')){ + $config['installedpackages']['dansguardianfileacl']['config'][$count]['banned_extensionlist']=base64_encode(file_get_contents($dansguardian_dir.'/lists/bannedextensionlist.sample')); + $load_samples++; + } + file_put_contents($dansguardian_dir."/lists/bannedextensionlist.".$dansguardian_file['name'],($dansguardian_file['banned_enabled']?dg_text_area_decode($config['installedpackages']['dansguardianfileacl']['config'][$count]['banned_extensionlist']):""),LOCK_EX); + + #bannedmimetypelist + if($dansguardian_file['banned_mimetypelist'] == "" && file_exists ($dansguardian_dir.'/lists/bannedmimetypelist.sample')){ + $config['installedpackages']['dansguardianfileacl']['config'][$count]['banned_mimetypelist']=base64_encode(file_get_contents($dansguardian_dir.'/lists/bannedmimetypelist.sample')); + $load_samples++; + } + file_put_contents($dansguardian_dir."/lists/bannedmimetypelist.".$dansguardian_file['name'],($dansguardian_file['banned_enabled']?dg_text_area_decode($config['installedpackages']['dansguardianfileacl']['config'][$count]['banned_mimetypelist']):""),LOCK_EX); + $count++; + } + + #header ACL + #create a default setup if not exists + if (!is_array($config['installedpackages']['dansguardianheaderacl']['config'])) + $config['installedpackages']['dansguardianheaderacl']['config'][0]=array('name'=>'Default', + 'description'=>'Default header access list setup'); + #loop on array + $count=0; + foreach($config['installedpackages']['dansguardianheaderacl']['config'] as $dansguardian_header){ + #headerregexplist + if($dansguardian_header['header_regexplist'] == "" && file_exists ($dansguardian_dir.'/lists/headerregexplist.sample')){ + $config['installedpackages']['dansguardianheaderacl']['config'][$count]['header_regexplist']=base64_encode(file_get_contents($dansguardian_dir.'/lists/headerregexplist.sample')); + $load_samples++; + } + file_put_contents($dansguardian_dir."/lists/headerregexplist.".$dansguardian_header['name'],($dansguardian_header['regexp_enabled']?dg_text_area_decode($config['installedpackages']['dansguardianheaderacl']['config'][$count]['header_regexplist']):""),LOCK_EX); + + #bannedregexpheaderlist + if($dansguardian_header['banned_regexpheaderlist'] == "" && file_exists ($dansguardian_dir.'/lists/bannedregexpheaderlist.sample')){ + $config['installedpackages']['dansguardianheaderacl']['config'][$count]['banned_regexpheaderlist']=base64_encode(file_get_contents($dansguardian_dir.'/lists/bannedregexpheaderlist.sample')); + $load_samples++; } + file_put_contents($dansguardian_dir."/lists/bannedregexpheaderlist.".$dansguardian_header['name'],($dansguardian_header['banned_enabled']?dg_text_area_decode($config['installedpackages']['dansguardianheaderacl']['config'][$count]['banned_regexpheaderlist']):""),LOCK_EX); + $count++; + } + + #Content ACL + #create a default setup if not exists + if (!is_array($config['installedpackages']['dansguardiancontentacl']['config'])) + $config['installedpackages']['dansguardiancontentacl']['config'][0]=array('name'=>'Default', + 'description'=>'Default content setup'); + #loop on array + $count=0; + foreach($config['installedpackages']['dansguardiancontentacl']['config'] as $dansguardian_content){ + #content_regexplist + if($dansguardian_content['content_regexplist'] == "" && file_exists ($dansguardian_dir.'/lists/contentregexplist.sample')){ + $config['installedpackages']['dansguardiancontentacl']['config'][$count]['content_regexplist']=base64_encode(file_get_contents($dansguardian_dir.'/lists/contentregexplist.sample')); + $load_samples++; + } + file_put_contents($dansguardian_dir."/lists/contentregexplist.".$dansguardian_content['name'],($dansguardian_content['content_enabled']?dg_text_area_decode($config['installedpackages']['dansguardiancontentacl']['config'][$count]['content_regexplist']):""),LOCK_EX); + $count++; + } + + #Antivirus ACL + #create a default setup if not exists + if (!is_array($config['installedpackages']['dansguardianantivirusacl']['config'])) + $config['installedpackages']['dansguardianantivirusacl']['config'][0]=array(); + + #exceptionvirusmimetypelist + if($dansguardian_antivirus['mime_list'] == "" && file_exists ($dansguardian_dir.'/lists/contentscanners/exceptionvirusmimetypelist.sample')){ + $config['installedpackages']['dansguardianantivirusacl']['config'][0]['mime_list']=base64_encode(file_get_contents($dansguardian_dir.'/lists/contentscanners/exceptionvirusmimetypelist.sample')); + $load_samples++; + } + file_put_contents($dansguardian_dir."/lists/contentscanners/exceptionvirusmimetypelist",($dansguardian_antivirus['mime_enabled']?dg_text_area_decode($config['installedpackages']['dansguardianantivirusacl']['config'][0]['mime_list']):""),LOCK_EX); + #exceptionvirussitelist + if($dansguardian_antivirus['site_list'] == "" && file_exists ($dansguardian_dir.'/lists/contentscanners/exceptionvirussitelist.sample')){ + $config['installedpackages']['dansguardianantivirusacl']['config'][0]['site_list']=base64_encode(file_get_contents($dansguardian_dir.'/lists/contentscanners/exceptionvirussitelist.sample')); + $load_samples++; + } + file_put_contents($dansguardian_dir."/lists/contentscanners/exceptionvirussitelist",($dansguardian_antivirus['site_enabled']?dg_text_area_decode($config['installedpackages']['dansguardianantivirusacl']['config'][0]['site_list']):""),LOCK_EX); + + #exceptionvirusurllist + if($dansguardian_antivirus['url_list'] == "" && file_exists ($dansguardian_dir.'/lists/contentscanners/exceptionvirusurllist.sample')){ + $config['installedpackages']['dansguardianantivirusacl']['config'][0]['url_list']=base64_encode(file_get_contents($dansguardian_dir.'/lists/contentscanners/exceptionvirusurllist.sample')); + $load_samples++; } - #exit; + file_put_contents($dansguardian_dir."/lists/contentscanners/exceptionvirusurllist",($dansguardian_antivirus['url_enabled']?dg_text_area_decode($config['installedpackages']['dansguardianantivirusacl']['config'][0]['url_list']):""),LOCK_EX); + + #exceptionvirusextensionlist + if($dansguardian_antivirus['extension_list'] == "" && file_exists ($dansguardian_dir.'/lists/contentscanners/exceptionvirusextensionlist.sample')){ + $config['installedpackages']['dansguardianantivirusacl']['config'][0]['extension_list']=base64_encode(file_get_contents($dansguardian_dir.'/lists/contentscanners/exceptionvirusextensionlist.sample')); + $load_samples++; + } + file_put_contents($dansguardian_dir."/lists/contentscanners/exceptionvirusextensionlist",($dansguardian_antivirus['extension_enabled']?dg_text_area_decode($config['installedpackages']['dansguardianantivirusacl']['config'][0]['extension_list']):""),LOCK_EX); + if($load_samples > 0) write_config(); + #Filtergroups + if (!is_array($config['installedpackages']['dansguardiangroups']['config'])) + $config['installedpackages']['dansguardiangroups']['config'][0]=array('name'=>'Default', + 'description'=>'Default dansguardian filtergroup', + 'picsacl'=> "Default", + 'phraseacl'=> "Default", + 'siteacl'=> "Default", + 'extensionacl'=> "Default", + 'headeracl'=> "Default", + 'contentacl'=> "Default", + 'searchacl'=> "Default", + 'urlacl'=> "Default", + 'group_options' => "scancleancache,infectionbypasserrorsonly", + 'reportinglevel'=>'3', + 'mode'=> "1"); + + $groups=array("scancleancache","hexdecodecontent","blockdownloads","enablepics","deepurlanalysis","infectionbypasserrorsonly","disablecontentscan","sslcertcheck","sslmitm"); + #loop on array + $count=1; + $user_xml=""; + $filtergroupslist=""; + foreach($config['installedpackages']['dansguardiangroups']['config'] as $dansguardian_groups){ + $dansguardian_group_name=strtolower($dansguardian_groups['name']); + $dgfg[$count]=$dansguardian_group_name; + $dansguardian_groups['blockdownloads']=($dansguardian_groups['blockdownloads']?$dansguardian_groups['blockdownloads']:"off"); + $dansguardian_groups['weightedphrasemode']=(preg_match("/\d/",$dansguardian_groups['weightedphrasemode'])?$dansguardian_groups['weightedphrasemode']:$dansguardian_config['weightedphrasemode']); + $dansguardian_groups['naughtynesslimit']=($dansguardian_groups['naughtynesslimit']?$dansguardian_groups['naughtynesslimit']:"50"); + $dansguardian_groups['searchtermlimit']=($dansguardian_groups['searchtermlimit']?$dansguardian_groups['searchtermlimit']:"30"); + $dansguardian_groups['categorydisplaythreshold']=($dansguardian_groups['categorydisplaythreshold']?$dansguardian_groups['categorydisplaythreshold']:"0"); + $dansguardian_groups['embeddedurlweight']=($dansguardian_groups['embeddedurlweight']?$dansguardian_groups['embeddedurlweight']:"0"); + $dansguardian_groups['bypass']=($dansguardian_groups['bypass']?$dansguardian_groups['bypass']:"0"); + $dansguardian_groups['infectionbypass']=($dansguardian_groups['infectionbypass']?$dansguardian_groups['infectionbypass']:"0"); + foreach ($groups as $group) + $dansguardian_groups[$group]=(preg_match("/$group/",$dansguardian_groups['group_options'])?"on":"off"); + include("/usr/local/pkg/dansguardianfx.conf.template"); + file_put_contents($dansguardian_dir."/dansguardianf".$count.".conf", $dgf, LOCK_EX); -#create dansguardian.conf - $dg=<< 0 -# Once every 3 minutes, the current number of IPs in the cache, and the most -# that have been in the cache since the daemon was started, are written to this -# file. IPs persist in the cache for 7 days. -#statlocation = '/var/log/stats' - - -# Network Settings -# -# the IP that DansGuardian listens on. If left blank DansGuardian will -# listen on all IPs. That would include all NICs, loopback, modem, etc. -# Normally you would have your firewall protecting this, but if you want -# you can limit it to a certain IP. To bind to multiple interfaces, -# specify each IP on an individual filterip line. -# You can have the same IP twice so long as it has a different port. -filterip = {$filterip} - -# the ports that DansGuardian listens to. Specify one line per filterip -# line. You can specify different authentication mechanisms per port but -# only if the mechanisms can co-exist (e.g. basic/proxy auth can't) -filterports = 8080 -#filterports = 8081 -{$filterports} - -# the ip of the proxy (default is the loopback - i.e. this server) -proxyip = 127.0.0.1 - -# the port DansGuardian connects to proxy on -proxyport = 3128 - -# Whether to retrieve the original destination IP in transparent proxy -# setups and check it against the domain pulled from the HTTP headers. -# -# Be aware that when visiting sites which use a certain type of round-robin -# DNS for load balancing, DG may mark requests as invalid unless DG gets -# exactly the same answers to its DNS requests as clients. The chances of -# this happening can be increased if all clients and servers on the same LAN -# make use of a local, caching DNS server instead of using upstream DNS -# directly. -# -# See http://www.kb.cert.org/vuls/id/435052 -# on (default) | off -#!! Not compiled !! originalip = on - -# accessdeniedaddress is the address of your web server to which the cgi -# dansguardian reporting script was copied. Only used in reporting levels 1 and 2. -# -# This webserver must be either: -# 1. Non-proxied. Either a machine on the local network, or listed as an exception -# in your browser's proxy configuration. -# 2. Added to the exceptionsitelist. Option 1 is preferable; this option is -# only for users using both transparent proxying and a non-local server -# to host this script. -# -# Individual filter groups can override this setting in their own configuration. -# -accessdeniedaddress = 'http://YOURSERVER.YOURDOMAIN/cgi-bin/dansguardian.pl' - -# Non standard delimiter (only used with accessdeniedaddress) -# To help preserve the full banned URL, including parameters, the variables -# passed into the access denied CGI are separated using non-standard -# delimiters. This can be useful to ensure correct operation of the filter -# bypass modes. Parameters are split using "::" in place of "&", and "==" in -# place of "=". -# Default is enabled, but to go back to the standard mode, disable it. -nonstandarddelimiter = {$nonstandarddelimiter} - - - -# Banned image replacement -# Images that are banned due to domain/url/etc reasons including those -# in the adverts blacklists can be replaced by an image. This will, -# for example, hide images from advert sites and remove broken image -# icons from banned domains. -# on (default) | off -usecustombannedimage = {$usecustombannedimage} -custombannedimagefile = '/usr/local/share/dansguardian/transparent1x1.gif' - - -#Banned flash replacement -usecustombannedflash = {$usecustombannedflash} -custombannedflashfile = '/usr/local/share/dansguardian/blockedflash.swf' - - - -# Filter groups options -# filtergroups sets the number of filter groups. A filter group is a set of content -# filtering options you can apply to a group of users. The value must be 1 or more. -# DansGuardian will automatically look for dansguardianfN.conf where N is the filter -# group. To assign users to groups use the filtergroupslist option. All users default -# to filter group 1. You must have some sort of authentication to be able to map users -# to a group. The more filter groups the more copies of the lists will be in RAM so -# use as few as possible. -filtergroups = 1 -filtergroupslist = '/usr/local/etc/dansguardian/lists/filtergroupslist' - - - -# Authentication files location -bannediplist = '/usr/local/etc/dansguardian/lists/bannediplist' -exceptioniplist = '/usr/local/etc/dansguardian/lists/exceptioniplist' - -# Per-Room blocking definition directory -# A directory containing text files containing the room's name followed by IPs or ranges -# Think of it as bannediplist on crack -perroomblockingdirectory = '/usr/local/etc/dansguardian/lists/bannedrooms/' - -# Show weighted phrases found -# If enabled then the phrases found that made up the total which excedes -# the naughtyness limit will be logged and, if the reporting level is -# high enough, reported. on | off -showweightedfound = {$showweightedfound} - -# Weighted phrase mode -# There are 3 possible modes of operation: -# 0 = off = do not use the weighted phrase feature. -# 1 = on, normal = normal weighted phrase operation. -# 2 = on, singular = each weighted phrase found only counts once on a page. -# -# IMPORTANT: Note that setting this to "0" turns off all features which -# extract phrases from page content, including banned & exception -# phrases (not just weighted), search term filtering, and scanning for -# links to banned URLs. -# -weightedphrasemode = {$weightedphrasemode} - - - -# Positive (clean) result caching for URLs -# Caches good pages so they don't need to be scanned again. -# It also works with AV plugins. -# 0 = off (recommended for ISPs with users with disimilar browsing) -# 1000 = recommended for most users -# 5000 = suggested max upper limit -# If you're using an AV plugin then use at least 5000. -urlcachenumber = {$urlcachenumber} -# -# Age before they are stale and should be ignored in seconds -# 0 = never -# 900 = recommended = 15 mins -urlcacheage ={$urlcacheage} - - - -# Cache for content (AV) scan results as 'clean' -# By default, to save CPU, files scanned and found to be -# clean are inserted into the clean cache and NOT scanned -# again for a while. If you don't like this then choose -# to disable it. -# on = cache results; do not re-scan -# off = do not cache; always re-scan -# (on|off) default = on. -scancleancache = {$scancleancache} - - - -# Smart, Raw and Meta/Title phrase content filtering options -# Smart is where the multiple spaces and HTML are removed before phrase filtering -# Raw is where the raw HTML including meta tags are phrase filtered -# Meta/Title is where only meta and title tags are phrase filtered (v. quick) -# CPU usage can be effectively halved by using setting 0 or 1 compared to 2 -# 0 = raw only -# 1 = smart only -# 2 = both of the above (default) -# 3 = meta/title -phrasefiltermode = {$phrasefiltermode} - -# Lower casing options -# When a document is scanned the uppercase letters are converted to lower case -# in order to compare them with the phrases. However this can break Big5 and -# other 16-bit texts. If needed preserve the case. As of version 2.7.0 accented -# characters are supported. -# 0 = force lower case (default) -# 1 = do not change case -# 2 = scan first in lower case, then in original case -preservecase = {$preservecase} - -# Note: -# If phrasefiltermode and preserve case are both 2, this equates to 4 phrase -# filtering passes. If you have a large enough userbase for this to be a -# worry, and need to filter pages in exotic character encodings, it may be -# better to run two instances on separate servers: one with preservecase 1 -# (and possibly forcequicksearch 1) and non ASCII/UTF-8 phrase lists, and one -# with preservecase 0 and ASCII/UTF-8 lists. - - - -# Hex decoding options -# When a document is scanned it can optionally convert %XX to chars. -# If you find documents are getting past the phrase filtering due to encoding -# then enable. However this can break Big5 and other 16-bit texts. -# off = disabled (default) -# on = enabled -hexdecodecontent = {$hexdecodecontent} - - - -# Force Quick Search rather than DFA search algorithm -# The current DFA implementation is not totally 16-bit character compatible -# but is used by default as it handles large phrase lists much faster. -# If you wish to use a large number of 16-bit character phrases then -# enable this option. -# off (default) | on (Big5 compatible) -forcequicksearch = {$forcequicksearch} - - - -# Reverse lookups for banned site and URLs. -# If set to on, DansGuardian will look up the forward DNS for an IP URL -# address and search for both in the banned site and URL lists. This would -# prevent a user from simply entering the IP for a banned address. -# It will reduce searching speed somewhat so unless you have a local caching -# DNS server, leave it off and use the Blanket IP Block option in the -# bannedsitelist file instead. -reverseaddresslookups = {$reverseaddresslookups} - - - -# Reverse lookups for banned and exception IP lists. -# If set to on, DansGuardian will look up the forward DNS for the IP -# of the connecting computer. This means you can put in hostnames in -# the exceptioniplist and bannediplist. -# If a client computer is matched against an IP given in the lists, then the -# IP will be recorded in any log entries; if forward DNS is successful and a -# match occurs against a hostname, the hostname will be logged instead. -# It will reduce searching speed somewhat so unless you have a local DNS server, -# leave it off. -reverseclientiplookups = {$reverseclientiplookups} - - -# Perform reverse lookups on client IPs for successful requests. -# If set to on, DansGuardian will look up the forward DNS for the IP -# of the connecting computer, and log host names (where available) rather than -# IPs against requests. -# This is not dependent on reverseclientiplookups being enabled; however, if it -# is, enabling this option does not incur any additional forward DNS requests. -logclienthostnames = {$logclienthostnames} - - -# Build bannedsitelist and bannedurllist cache files. -# This will compare the date stamp of the list file with the date stamp of -# the cache file and will recreate as needed. -# If a .processed file exists for an item (e.g. domain/URL) list, then that -# will be used instead, if it is up to date (i.e. newer than the unprocessed -# list file). -# This can increase process start speed on slow computers. -# Fast computers do not need this option. -# on | off, default = on -createlistcachefiles = {$createlistcachefiles} - - -# Prefer cached list files -# If enabled, DansGuardian will always prefer to load ".processed" versions of -# list files, regardless of their time stamps relative to the original -# unprocessed lists. This is not generally useful unless you have a specific -# list update process which results in - for example - up-to-date, pre-sorted -# ".processed" list files with dummy unprocessed files. -# on | off, default = off -prefercachedlists = {$prefercachedlists} - - - -# POST protection (web upload and forms) -# does not block forms without any file upload, i.e. this is just for -# blocking or limiting uploads -# measured in kibibytes after MIME encoding and header bumph -# use 0 for a complete block -# use higher (e.g. 512 = 512Kbytes) for limiting -# use -1 for no blocking -#maxuploadsize = 512 -#maxuploadsize = 0 -maxuploadsize = {$maxuploadsize} - - - -# Max content filter size -# Sometimes web servers label binary files as text which can be very -# large which causes a huge drain on memory and cpu resources. -# To counter this, you can limit the size of the document to be -# filtered and get it to just pass it straight through. -# This setting also applies to content regular expression modification. -# The value must not be higher than maxcontentramcachescansize -# The size is in Kibibytes - eg 2048 = 2Mb -# use 0 to set it to maxcontentramcachescansize -maxcontentfiltersize = {$maxcontentfiltersize} - - - -# Max content ram cache scan size -# This is only used if you use a content scanner plugin such as AV -# This is the max size of file that DG will download and cache -# in RAM. After this limit is reached it will cache to disk -# This value must be less than or equal to maxcontentfilecachescansize. -# The size is in Kibibytes - eg 10240 = 10Mb -# use 0 to set it to maxcontentfilecachescansize -# This option may be ignored by the configured download manager. -maxcontentramcachescansize = {$maxcontentramcachescansize} - - - -# Max content file cache scan size -# This is only used if you use a content scanner plugin such as AV -# This is the max size file that DG will download -# so that it can be scanned or virus checked. -# This value must be greater or equal to maxcontentramcachescansize. -# The size is in Kibibytes - eg 10240 = 10Mb -maxcontentfilecachescansize = {$maxcontentfilecachescansize} - - - -# File cache dir -# Where DG will download files to be scanned if too large for the -# RAM cache. -filecachedir = '/tmp' - - - -# Delete file cache after user completes download -# When a file gets save to temp it stays there until it is deleted. -# You can choose to have the file deleted when the user makes a sucessful -# download. This will mean if they click on the link to download from -# the temp store a second time it will give a 404 error. -# You should configure something to delete old files in temp to stop it filling up. -# on|off (defaults to on) -deletedownloadedtempfiles = {$deletedownloadedtempfiles} - - - -# Initial Trickle delay -# This is the number of seconds a browser connection is left waiting -# before first being sent *something* to keep it alive. The -# *something* depends on the download manager chosen. -# Do not choose a value too low or normal web pages will be affected. -# A value between 20 and 110 would be sensible -# This may be ignored by the configured download manager. -initialtrickledelay = {$initialtrickledelay} - - - -# Trickle delay -# This is the number of seconds a browser connection is left waiting -# before being sent more *something* to keep it alive. The -# *something* depends on the download manager chosen. -# This may be ignored by the configured download manager. -trickledelay = {$trickledelay} - - - -# Download Managers -# These handle downloads of files to be filtered and scanned. -# They differ in the method they deal with large downloads. -# Files usually need to be downloaded 100% before they can be -# filtered and scanned before being sent on to the browser. -# Normally the browser can just wait, but with content scanning, -# for example to AV, the browser may timeout or the user may get -# confused so the download manager has to do some sort of -# 'keep alive'. -# -# There are various methods possible but not all are included. -# The author does not have the time to write them all so I have -# included a plugin systam. Also, not all methods work with all -# browsers and clients. Specifically some fancy methods don't -# work with software that downloads updates. To solve this, -# each plugin can support a regular expression for matching -# the client's user-agent string, and lists of the mime types -# and extensions it should manage. -# -# Note that these are the matching methods provided by the base plugin -# code, and individual plugins may override or add to them. -# See the individual plugin conf files for supported options. -# -# The plugins are matched in the order you specify and the last -# one is forced to match as the default, regardless of user agent -# and other matching mechanisms. -# -downloadmanager = '/usr/local/etc/dansguardian/downloadmanagers/fancy.conf' -##!! Not compiled !! downloadmanager = '/usr/local/etc/dansguardian/downloadmanagers/trickle.conf' -downloadmanager = '/usr/local/etc/dansguardian/downloadmanagers/default.conf' - - - -# Content Scanners (Also known as AV scanners) -# These are plugins that scan the content of all files your browser fetches -# for example to AV scan. The options are limitless. Eventually all of -# DansGuardian will be plugin based. You can have more than one content -# scanner. The plugins are run in the order you specify. -# This is one of the few places you can have multiple options of the same name. -# -# Some of the scanner(s) require 3rd party software and libraries eg clamav. -# See the individual plugin conf file for more options (if any). -# -#contentscanner = '/usr/local/etc/dansguardian/contentscanners/clamdscan.conf' -#!! Not compiled !! contentscanner = '/usr/local/etc/dansguardian/contentscanners/avastdscan.conf' -#!! Not compiled !! contentscanner = '/usr/local/etc/dansguardian/contentscanners/kavdscan.conf' -#contentscanner = '/usr/local/etc/dansguardian/contentscanners/icapscan.conf' -#!! Not compiled !! contentscanner = '/usr/local/etc/dansguardian/contentscanners/commandlinescan.conf' - - - -# Content scanner timeout -# Some of the content scanners support using a timeout value to stop -# processing (eg AV scanning) the file if it takes too long. -# If supported this will be used. -# The default of 60 seconds is probably reasonable. -contentscannertimeout = {$contentscannertimeout} - - - -# Content scan exceptions -# If 'on' exception sites, urls, users etc will be scanned -# This is probably not desirable behavour as exceptions are -# supposed to be trusted and will increase load. -# Correct use of grey lists are a better idea. -# (on|off) default = off -contentscanexceptions = {$contentscanexceptions} - - - -# Auth plugins -# These replace the usernameidmethod* options in previous versions. They -# handle the extraction of client usernames from various sources, such as -# Proxy-Authorisation headers and ident servers, enabling requests to be -# handled according to the settings of the user's filter group. -# Multiple plugins can be specified, and will be used per port in the order -# filterports are listed. -# -# If you do not use multiple filter groups, you need not specify this option. -# -#authplugin = '/usr/local/etc/dansguardian/authplugins/proxy-basic.conf' -#authplugin = '/usr/local/etc/dansguardian/authplugins/proxy-digest.conf' -#authplugin = '/usr/local/etc/dansguardian/authplugins/proxy-ntlm.conf' -#authplugin = '/usr/local/etc/dansguardian/authplugins/ident.conf' -#authplugin = '/usr/local/etc/dansguardian/authplugins/ip.conf' - - - -# Re-check replaced URLs -# As a matter of course, URLs undergo regular expression search/replace (urlregexplist) -# *after* checking the exception site/URL/regexpURL lists, but *before* checking against -# the banned site/URL lists, allowing certain requests that would be matched against the -# latter in their original state to effectively be converted into grey requests. -# With this option enabled, the exception site/URL/regexpURL lists are also re-checked -# after replacement, making it possible for URL replacement to trigger exceptions based -# on them. -# Defaults to off. -recheckreplacedurls = {$recheckreplacedurls} - - - -# Misc settings - -# if on it adds an X-Forwarded-For: to the HTTP request -# header. This may help solve some problem sites that need to know the -# source ip. on | off -forwardedfor = {$forwardedfor} - - -# if on it uses the X-Forwarded-For: to determine the client -# IP. This is for when you have squid between the clients and DansGuardian. -# Warning - headers are easily spoofed. on | off -usexforwardedfor = {usexforwardedfor} - - -# if on it logs some debug info regarding fork()ing and accept()ing which -# can usually be ignored. These are logged by syslog. It is safe to leave -# it on or off -logconnectionhandlingerrors = {$logconnectionhandlingerrors} - - - -# Fork pool options - -# If on, this causes DG to write to the log file whenever child processes are -# created or destroyed (other than by crashes). This information can help in -# understanding and tuning the following parameters, but is not generally -# useful in production. -logchildprocesshandling = {$logchildprocesshandling} - -# sets the maximum number of processes to spawn to handle the incoming -# connections. Max value usually 250 depending on OS. -# On large sites you might want to try 180. -maxchildren = {$maxchildren} - - -# sets the minimum number of processes to spawn to handle the incoming connections. -# On large sites you might want to try 32. -minchildren = {$minchildren} - - -# sets the minimum number of processes to be kept ready to handle connections. -# On large sites you might want to try 8. -minsparechildren = {$minsparechildren} - - -# sets the minimum number of processes to spawn when it runs out -# On large sites you might want to try 10. -preforkchildren = {$preforkchildren} - - -# sets the maximum number of processes to have doing nothing. -# When this many are spare it will cull some of them. -# On large sites you might want to try 64. -maxsparechildren = {$maxsparechildren} - - -# sets the maximum age of a child process before it croaks it. -# This is the number of connections they handle before exiting. -# On large sites you might want to try 10000. -maxagechildren = {$maxagechildren} - - -# Sets the maximum number client IP addresses allowed to connect at once. -# Use this to set a hard limit on the number of users allowed to concurrently -# browse the web. Set to 0 for no limit, and to disable the IP cache process. -maxips = {$maxips} - - - -# Process options -# (Change these only if you really know what you are doing). -# These options allow you to run multiple instances of DansGuardian on a single machine. -# Remember to edit the log file path above also if that is your intention. - -# IPC filename -# -# Defines IPC server directory and filename used to communicate with the log process. -ipcfilename = '/tmp/.dguardianipc' - -# URL list IPC filename -# -# Defines URL list IPC server directory and filename used to communicate with the URL -# cache process. -urlipcfilename = '/tmp/.dguardianurlipc' - -# IP list IPC filename -# -# Defines IP list IPC server directory and filename, for communicating with the client -# IP cache process. -ipipcfilename = '/tmp/.dguardianipipc' - -# PID filename -# -# Defines process id directory and filename. -#pidfilename = '/var/run/dansguardian.pid' - -# Disable daemoning -# If enabled the process will not fork into the background. -# It is not usually advantageous to do this. -# on|off (defaults to off) -nodaemon = {$nodaemon} - -# Disable logging process -# on|off (defaults to off) -nologger = {$nologger} - -# Enable logging of "ADs" category blocks -# on|off (defaults to off) -logadblocks = {$logadblocks} - -# Enable logging of client User-Agent -# Some browsers will cause a *lot* of extra information on each line! -# on|off (defaults to off) -loguseragent = {$loguseragent} - -# Daemon runas user and group -# This is the user that DansGuardian runs as. Normally the user/group nobody. -# Uncomment to use. Defaults to the user set at compile time. -# Temp files created during virus scanning are given owner and group read -# permissions; to use content scanners based on external processes, such as -# clamdscan, the two processes must run with either the same group or user ID. -#daemonuser = 'nobody' -#daemongroup = 'nobody' - -# Soft restart -# When on this disables the forced killing off all processes in the process group. -# This is not to be confused with the -g run time option - they are not related. -# on|off (defaults to off) -softrestart = {softrestart} - -# Mail program -# Path (sendmail-compatible) email program, with options. -# Not used if usesmtp is disabled (filtergroup specific). -#!! Not compiled !!mailer = '/usr/sbin/sendmail -t' - -#SSL certificate checking path -#Path to CA certificates used to validate the certificates of https sites. -#sslcertificatepath = '/etc/ssl/certs/' - -#SSL man in the middle -#CA certificate path -#Path to the CA certificate to use as a signing certificate for -#generated certificates. -#cacertificatepath = '/home/stephen/dginstall/ca.pem' - -#CA private key path -#path to the private key that matches the public key in the CA certificate. -#caprivatekeypath = '/home/stephen/dginstall/ca.key' - -#Cert private key path -#The public / private key pair used by all generated certificates -#certprivatekeypath = '/home/stephen/dginstall/cert.key' - -#Generated cert path -#The location where generated certificates will be saved for future use. -#(must be writable by the dg user) -#generatedcertpath = '/home/stephen/dginstall/generatedcerts/' + if ($config['installedpackages']['dansguardianusers']['config'][0][$dansguardian_group_name]!=""){ + $import_users = explode("\n", base64_decode($config['installedpackages']['dansguardianusers']['config'][0][$dansguardian_group_name])); + asort($import_users); + $config['installedpackages']['dansguardianusers']['config'][0][$dansguardian_group_name]=base64_encode(implode("\n", $import_users)); + foreach ($import_users as $new_user){ + if (preg_match("/(\S+)\s+(\S+)/",$new_user,$matches)) + $filtergroupslist.=$matches[1]."=filter".$count." #".$matches[2]."\n"; + elseif (preg_match("/(\S+)/",$new_user,$matches)) + $filtergroupslist.=$matches[1]."=filter".$count."\n"; + } + } + $filtergroup_count=count($import_users); + #Default group catch all unauth groups as well non listed users + if($count > 1) + $user_xml .=<< + {$dansguardian_groups['description']} ({$filtergroup_count}) + listtopic + + + {$dansguardian_group_name} + {$dansguardian_groups['name']} + Hint:PFSENSE\marcelloc #Marcello Coutinho]]> + textarea + + 8012 + base64 + +EOF; + + $count++; + } + #Create/update filtergroupslist + file_put_contents($dansguardian_dir."/lists/filtergroupslist",$filtergroupslist,LOCK_EX); + #Create/update userlist xml file + $user_xml_header=file_get_contents("/usr/local/pkg/dansguardian_users_header.xml"); + $user_xml_footer=file_get_contents("/usr/local/pkg/dansguardian_users_footer.xml"); + file_put_contents("/usr/local/pkg/dansguardian_users.xml",$user_xml_header.$user_xml.$user_xml_footer,LOCK_EX); + + #check blacklist download files + if ($dansguardian_blacklist['cron']=="now" && $dansguardian_blacklist['blacklist']){ + $config['installedpackages']['dansguardianblacklist']['config'][0]['cron']="never"; + log_error("Blacklist udpate process started"); + file_notice("Dansguardian - Blacklist udpate process started",""); + file_put_contents("/root/dansguardian_custom.script",base64_decode($dansguardian_blacklist['custom_script']),LOCK_EX); + if ($dansguardian_blacklist['enable_custom_script'] && $dansguardian_blacklist['custom_script'] != "") + mwexec_bg("/root/dansguardian_custom.script"); + else + mwexec_bg("/usr/local/bin/php /usr/local/www/dansguardian.php fetch_blacklist"); + mwexec_bg("/usr/local/bin/php /usr/local/www/dansguardian.php udpate_lists"); + } + + #get clamav user + $cconf="/usr/local/etc/clamd.conf"; + $cconf_file=file_get_contents($cconf); + if (preg_match("/User (\w+)/",$cconf_file,$matches)){ + $daemonuser = $matches[1]; + $daemongroup = 'nobody'; + } + else{ + $daemonuser = 'nobody'; + $daemongroup = 'nobody'; + } + $filtergroups=($count > 1?($count -1):1); + + $filterip=""; + $filterports=""; + foreach (explode(",", $dansguardian['interface']) as $i => $iface) { + $real_ifaces[] = dg_get_real_interface_address($iface); + if($real_ifaces[$i][0]) + $filterip .="filterip = ".$real_ifaces[$i][0]."\n"; + $filterports.="filterports = ".$filterport."\n"; + } + $filterip=($filterip==""?"filterip = ":$filterip); + $filterports=($filterports==""?"filterports = $filterport":$filterports); + include("/usr/local/pkg/dansguardian.conf.template"); -#Generated link path = '' -#The location where symlinks to certificates will be created. -#(must be writable by the dg user) -#generatedlinkpath = '/home/stephen/dginstall/generatedlinks/' -EOF; #write files conf_mount_rw(); - $mlang=strtolower($report['language']); - $mfiles[]="/usr/local/etc/dansguardian/virus.scanners.conf"; - $mfiles[]="/usr/local/share/dansguardian/reports/{$mlang}/inline.spam.warning.txt"; - $mfiles[]="/usr/local/share/dansguardian/reports/{$mlang}/languages.conf"; - - foreach ($mfiles as $mfile) - if (! file_exists ($mfile)) - copy($mfile.".sample",$mfile); - - write_config(); + #update file owner + mwexec("chown -R $daemonuser:$daemongroup /usr/loca/etc/dansguardian"); + mwexec("chown -R $daemonuser:$daemongroup /var/log/dansguardian"); - file_put_contents($dansguardian_dir."/dansguardian.conf", $mc, LOCK_EX); - file_put_contents($dansguardian_dir."/filename.rules.conf",dg_text_area_decode($config['installedpackages']['msattachments']['config'][0]['filename_rules']),LOCK_EX); - file_put_contents($dansguardian_dir."/filetype.rules.conf",dg_text_area_decode($config['installedpackages']['msattachments']['config'][0]['filetype_rules']),LOCK_EX); - file_put_contents($dansguardian_dir."/archives.filename.rules.conf",dg_text_area_decode($config['installedpackages']['msattachments']['config'][0]['filename_rules']),LOCK_EX); - file_put_contents($dansguardian_dir."/archives.filetype.rules.conf",dg_text_area_decode($config['installedpackages']['msattachments']['config'][0]['filetype_rules']),LOCK_EX); - file_put_contents($dansguardian_dir."/phishing.safe.sites.conf",dg_text_area_decode($config['installedpackages']['mscontent']['config'][0]['phishing_safe']),LOCK_EX); - file_put_contents($dansguardian_dir."/phishing.bad.sites.conf",dg_text_area_decode($config['installedpackages']['mscontent']['config'][0]['phishing_bad']),LOCK_EX); - file_put_contents($dansguardian_dir."/country.domains.conf",dg_text_area_decode($config['installedpackages']['mscontent']['config'][0]['country_domains']),LOCK_EX); - file_put_contents($dansguardian_dir.'/spam.assassin.prefs.conf',$sa_temp,LOCK_EX); - file_put_contents($dansguardian_dir.'/spam.lists.conf',dg_text_area_decode($config['installedpackages']['msantispam']['config'][0]['rbl_file']),LOCK_EX); - file_put_contents($dansguardian_dir.'/mcp/mcp.spam.assassin.prefs.conf',dg_text_area_decode($config['installedpackages']['msantispam']['config'][0]['mcp_pref_file']),LOCK_EX); - file_put_contents($dansguardian_dir.'/rules/bounce.rules',dg_text_area_decode($config['installedpackages']['msantispam']['config'][0]['bounce']),LOCK_EX); - file_put_contents($dansguardian_dir.'/rules/max.message.size.rules',dg_text_area_decode($config['installedpackages']['msantispam']['config'][0]['max_message_size']),LOCK_EX); - file_put_contents($dansguardian_dir.'/rules/spam.whitelist.rules',dg_text_area_decode($config['installedpackages']['msantispam']['config'][0]['spam_whitelist']),LOCK_EX); - - foreach ($report_files as $key_r => $file_r) - file_put_contents($report_dir.'/'.$file_r,dg_text_area_decode($config['installedpackages']['msreport']['config'][0][$key_r]),LOCK_EX); - - if ($alert['sig']){ - $sig_html=dg_text_area_decode($config['installedpackages']['msalerts']['config'][0]['sig_html']); - $sig_txt=dg_text_area_decode($config['installedpackages']['msalerts']['config'][0]['sig_txt']);} - else{ - $sig_html=""; - $sig_txt="";} - file_put_contents($report_dir.'/inline.sig.txt',$sig_txt,LOCK_EX); - file_put_contents($report_dir.'/inline.sig.html',$sig_html,LOCK_EX); - - if ($alert['warning']){ - $warning_html=dg_text_area_decode($config['installedpackages']['msalerts']['config'][0]['warning_html']); - $warning_txt=dg_text_area_decode($config['installedpackages']['msalerts']['config'][0]['warning_txt']);} - else{ - $warning_html=""; - $warning_txt="";} - file_put_contents($report_dir.'/inline.warning.txt',$warning_txt,LOCK_EX); - file_put_contents($report_dir.'/inline.warning.html',$warning_html,LOCK_EX); + #create config files + file_put_contents($dansguardian_dir."/dansguardian.conf", $dg, LOCK_EX); #check virus_scanner options $libexec_dir="/usr/local/libexec/dansguardian/"; - if ($virus_scanning == "yes"){ - if ($antivirus['virus_scanner'] =="none"){ - unlink_if_exists($libexec_dir.'clamav-autoupdate'); - unlink_if_exists($libexec_dir.'clamav-wrapper'); - } - else{ - if (file_exists('/var/run/clamav/')) - chown('/var/run/clamav/', 'dansguardian'); - if (file_exists('/var/log/clamav/')) - chown('/var/log/clamav/', 'dansguardian'); - if (file_exists('/var/db/clamav/')) - chown('/var/db/clamav/', 'dansguardian'); - if (file_exists('/var/db/clamav/bytecode.cld')) - chown('/var/db/clamav/bytecode.cld', 'dansguardian'); - if (file_exists('/var/db/clamav/daily.cld')) - chown('/var/db/clamav/daily.cld', 'dansguardian'); - if (file_exists('/var/db/clamav/main.cvd')) - chown('/var/db/clamav/main.cvd', 'dansguardian'); - if (file_exists('/var/db/clamav/mirrors.dat')) - chown('/var/db/clamav/mirrors.dat', 'dansguardian'); - if (file_exists('/var/log/clamav/clamd.log')) - chown('/var/log/clamav/clamd.log', 'dansguardian'); - if (file_exists('/var/log/clamav/freshclam.log')) - chown('/var/log/clamav/freshclam.log', 'dansguardian'); + if (preg_match("/clamd/",$dansguardian_config['content_scanners'])){ - copy($libexec_dir.'clamav-autoupdate.sample',$libexec_dir.'clamav-autoupdate'); - chmod ($libexec_dir.'clamav-autoupdate',0755); - copy($libexec_dir.'clamav-wrapper.sample',$libexec_dir.'clamav-wrapper'); - chmod ($libexec_dir.'clamav-autoupdate',0755); - if (!file_exists('/var/db/clamav/main.cvd')){ - log_error('No clamav database found, running freshclam in background.'); - mwexec_bg('/usr/local/bin/freshclam'); - } - #clamav-wrapper file - $cconf=$libexec_dir."clamav-wrapper"; - $cconf_file=file_get_contents($cconf); - if (preg_match('/"clamav"/',$cconf_file)){ - $cconf_file=preg_replace('/"clamav"/','"dansguardian"',$cconf_file); - file_put_contents($cconf, $cconf_file, LOCK_EX); - } + if (!file_exists('/var/db/clamav/main.cvd')){ + log_error('No clamav database found for dansguardian, running freshclam in background.'); + mwexec_bg('/usr/local/bin/freshclam'); + } - #freshclam conf file - $cconf="/usr/local/etc/freshclam.conf"; + $match=array(); + $match[0]='/NO/'; + $replace=array(); + $replace[0]='YES'; + + #clamdscan.conf dansguardian file + $cconf="/usr/local/etc/dansguardian/contentscanners/clamdscan.conf"; $cconf_file=file_get_contents($cconf); - if (preg_match('/DatabaseOwner clamav/',$cconf_file)){ - $cconf_file=preg_replace("/DatabaseOwner clamav/","DatabaseOwner dansguardian",$cconf_file); - file_put_contents($cconf, $cconf_file, LOCK_EX); + if (!preg_match('/clamav/',$cconf_file)){ + file_put_contents($cconf, $cconf_file."\nclamdudsfile = '/var/run/clamav/clamd.sock'", LOCK_EX); } - + #clamd conf file $cconf="/usr/local/etc/clamd.conf"; $cconf_file=file_get_contents($cconf); - if (preg_match('/User clamav/',$cconf_file)){ - $cconf_file=preg_replace("/User clamav/","User dansguardian",$cconf_file); - file_put_contents($cconf, $cconf_file, LOCK_EX); - } - #clamd script file - $script='/usr/local/etc/rc.d/clamav-clamd'; - $script_file=file($script); - foreach ($script_file as $script_line){ - if(preg_match("/command=/",$script_line)){ - $new_clamav_startup.= "/bin/mkdir /var/run/clamav\n"; - $new_clamav_startup.= "chown dansguardian /var/run/clamav\n"; - $new_clamav_startup.=$script_line; + if (preg_match("/User (\w+)/",$cconf_file,$matches)){ + #clamd script file + $script='/usr/local/etc/rc.d/clamav-clamd'; + $script_file=file($script); + foreach ($script_file as $script_line){ + if(preg_match("/command=/",$script_line)){ + $new_clamav_startup.= "/bin/mkdir /var/run/clamav\n"; + $new_clamav_startup.= "chown ".$matches[1]." /var/run/clamav\n"; + $new_clamav_startup.=$script_line; + } + elseif(!preg_match("/(mkdir|chown|sleep|mailscanner)/",$script_line)) { + $new_clamav_startup.=preg_replace("/NO/","YES",$script_line); + } } - elseif(!preg_match("/(mkdir|chown|sleep|dansguardian)/",$script_line)) { - $new_clamav_startup.=preg_replace("/NO/","YES",$script_line); - } - } - file_put_contents($script, $new_clamav_startup, LOCK_EX); - chmod ($script,0755); - mwexec("$script stop"); - mwexec_bg("$script start"); - } - } - else{ - unlink_if_exists($libexec_dir.'clamav-autoupdate'); - unlink_if_exists($libexec_dir.'clamav-wrapper'); - } - - #check dcc startup script - $script='/usr/local/etc/rc.d/dccifd'; - $script_file=file_get_contents($script); - if (preg_match('/NO/',$script_file)){ - $script_file=preg_replace("/NO/","YES",$script_file); - file_put_contents($script, $script_file, LOCK_EX); + file_put_contents($script, $new_clamav_startup, LOCK_EX); chmod ($script,0755); - } - #check dcc config file - $script='/usr/local/dcc/dcc_conf'; - $script_file=file_get_contents($script); - if (preg_match('/DCCIFD_ENABLE=off/',$script_file)){ - $script_file=preg_replace("/DCCIFD_ENABLE=off/","DCCIFD_ENABLE=on",$script_file); - file_put_contents($script, $script_file, LOCK_EX); - } - mwexec("$script stop"); - mwexec_bg("$script start"); - - $script='/usr/local/etc/rc.d/dansguardian'; + mwexec("$script stop"); + unlink_if_exists("/tmp/.dguardianipc"); + unlink_if_exists("/tmp/.dguardianurlipc"); + mwexec_bg("$script start"); + } + } - #fix MIME::ToolUtils deprecated function and usecure dependency calls in /usr/local/sbin/dansguardian - $cconf="/usr/local/sbin/dansguardian"; - $cconf_file=file_get_contents($cconf); - $pattern2[0]='/perl\W+I/'; - $pattern2[1]='/\smy .current = config MIME::ToolUtils/'; - $replacement2[0]='perl -U -I'; - $replacement2[1]=' #my $current = config MIME::ToolUtils'; - if (preg_match('/perl\W+I/',$cconf_file)){ - $cconf_file=preg_replace($pattern2,$replacement2,$cconf_file); - file_put_contents($cconf, $cconf_file, LOCK_EX); - #force old process stop - mwexec("$script stop"); - } - - $script_file=file_get_contents($script); - if (preg_match('/NO/',$script_file)){ - $script_file=preg_replace("/NO/","YES",$script_file); - file_put_contents($script, $script_file, LOCK_EX); - chmod ($script,0755); - } + $dirs=array('/usr/local/etc/dansguardian/lists/bannedrooms/', + '/var/log/dansguardian'); + foreach ($dirs as $dir) + if (!is_dir($dir)) + mkdir ($dir,0755,true); + + $script='/usr/local/etc/rc.d/dansguardian'; if($config['installedpackages']['dansguardian']['config'][0]['enable']){ - log_error("Reload dansguardian"); + $script_file=file_get_contents($script); + if (preg_match('/NO/',$script_file)){ + $script_file=preg_replace("/NO/","YES",$script_file); + file_put_contents($script, $script_file, LOCK_EX); + } chmod ($script,0755); - mwexec("$script stop"); - sleep(2); - mwexec_bg("$script start"); + mwexec("$script stop"); + mwexec_bg("$script start"); } else{ - log_error("Stopping dansguardian if running"); mwexec("$script stop"); - chmod ($script,0444); + chmod ($script,0444); } + + if (!file_exists('/usr/local/etc/dansguardian/lists/phraselists/pornography/weighted_russian_utf8')) + file_put_contents('/usr/local/etc/dansguardian/lists/phraselists/pornography/weighted_russian_utf8',"",LOCK_EX); + conf_mount_ro(); $synconchanges = $config['installedpackages']['dansguardiansync']['config'][0]['synconchanges']; if(!$synconchanges && !$syncondbchanges) @@ -1124,17 +770,10 @@ EOF; function dansguardian_validate_input($post, &$input_errors) { foreach ($post as $key => $value) { - if (empty($value)) - continue; - if (substr($key, 0, 6) == "domain" && is_numeric(substr($key, 6))) { - if (!is_domain($value)) - $input_errors[] = "{$value} is not a valid domain name."; - } else if (substr($key, 0, 12) == "mailserverip" && is_numeric(substr($key, 12))) { - if (empty($post['domain' . substr($key, 12)])) - $input_errors[] = "Domain for {$value} cannot be blank."; - if (!is_ipaddr($value) && !is_hostname($value)) - $input_errors[] = "{$value} is not a valid IP address or host name."; - } + if ($key == "name" && $value == "") + $input_errors[] = "{$key} could not be empty."; + else if ($key == "name" && $value=="sample") + $input_errors[] = "{$value} cannot be used as name."; } } @@ -1146,7 +785,7 @@ function dansguardian_php_deinstall_command() { mwexec("/usr/local/etc/rc.d/dansguardian.sh stop"); sleep(1); conf_mount_rw(); - unlink_if_exists("/usr/local/etc/rc.d/dansguardian.sh"); + unlink_if_exists("/usr/local/etc/rc.d/dansguardian"); conf_mount_ro(); } @@ -1180,12 +819,22 @@ function dansguardian_do_xmlrpc_sync($sync_to_ip, $password,$sync_type) { if ($sync_xml){ log_error("Include dansguardian config"); $xml['dansguardian'] = $config['installedpackages']['dansguardian']; - $xml['msreport'] = $config['installedpackages']['msreport']; - $xml['mscontent'] = $config['installedpackages']['mscontent']; - $xml['msantivirus'] = $config['installedpackages']['msantivirus']; - $xml['msantispam'] = $config['installedpackages']['msantispam']; - $xml['msalerts'] = $config['installedpackages']['msalerts']; - } + $xml['dansguardianantivirusacl'] = $config['installedpackages']['dansguardianantivirusacl']; + $xml['dansguardianconfig'] = $config['installedpackages']['dansguardianconfig']; + $xml['dansguardiancontentacl'] = $config['installedpackages']['dansguardiancontentacl']; + $xml['dansguardianfileacl'] = $config['installedpackages']['dansguardianfileacl']; + $xml['dansguardiangroups'] = $config['installedpackages']['dansguardiangroups']; + $xml['dansguardianheaderacl'] = $config['installedpackages']['dansguardianheaderacl']; + $xml['dansguardianlimits'] = $config['installedpackages']['dansguardianlimits']; + $xml['dansguardianlog'] = $config['installedpackages']['dansguardianlog']; + $xml['dansguardianphraseacl'] = $config['installedpackages']['dansguardianphraseacl']; + $xml['dansguardianpicsacl'] = $config['installedpackages']['dansguardianpicsacl']; + $xml['dansguardiansearchacl'] = $config['installedpackages']['dansguardiansearchacl']; + $xml['dansguardiansiteacl'] = $config['installedpackages']['dansguardiansiteacl']; + $xml['dansguardianurlacl'] = $config['installedpackages']['dansguardianurlacl']; + $xml['dansguardianusers'] = $config['installedpackages']['dansguardianusers']; + + } if (count($xml) > 0){ /* assemble xmlrpc payload */ $params = array( diff --git a/config/dansguardian/dansguardian.php b/config/dansguardian/dansguardian.php new file mode 100644 index 00000000..8998d1f8 --- /dev/null +++ b/config/dansguardian/dansguardian.php @@ -0,0 +1,114 @@ +&1',$output,$return); + if (preg_match("/x (\w+)/",$output[0],$matches)){ + if ($matches[1] != "blacklists") + rename("./".$matches[1],"blacklists"); + read_lists(); + file_notice("Dansguardian - Blacklist applied, check site and URL access lists for categories",""); + } + else + file_notice("Dansguardian - Could not determine Blacklist extract dir. Categories not updated",""); + } + else{ + file_notice("Dansguardian - Blacklist url is invalid.",""); + } +} +function read_lists(){ + global $config,$g; + $group_type=array(); + $dir="/usr/local/etc/dansguardian/lists"; + #read dansguardian lists dirs + $groups= array("phraselists", "blacklists", "whitelists"); + #assigns know list files + $types=array('domains','urls','banned','weighted','exception','expression'); + #clean previous xml config for dansguardian lists + foreach ($groups as $group) + foreach ($types as $clean) + $config['installedpackages']['dansguardian'.$group.$clean]['config']=array(); + + #clean previous xml config for dansguardian lists + foreach ($groups as $group) + if (is_dir("$dir/$group/")){ + #read dir content and find lists + $lists= scandir("$dir/$group/"); + foreach ($lists as $list) + if (!preg_match ("/^\./",$list)){ + $category= scandir("$dir/$group/$list/"); + foreach ($category as $file) + if (!preg_match ("/^\./",$file)){ + #assign list to array + $type=split("_",$file); + print $type[0]." --- $list --- $file\n"; + if (!in_array($type[0],$group_type)) + $list_type[]=$type[0]; + $xml_group=($list=="whitelist"?"whitelists":$group); + $xml_type=($type[0]=="domains.processed"?"domains":$type[0]); + $config['installedpackages']['dansguardian'.$xml_group.$xml_type]['config'][]=array("descr"=> "$list $file","list" => $list,"file" => "$dir/$group/$list/$file"); + } + } + } + + #var_dump($config['installedpackages']['dansguardian']['config']); + #foreach ($types as $clean) + #var_dump($config['installedpackages']['dansguardianfiles'.$clean]['config']); + write_config(); +} + +if ($argv[1]=="update_lists") + read_lists(); + +if ($argv[1]=="fetch_blacklist") + fetch_blacklist(); + +?> \ No newline at end of file diff --git a/config/dansguardian/dansguardian.xml b/config/dansguardian/dansguardian.xml index c8b630d1..22315ef8 100644 --- a/config/dansguardian/dansguardian.xml +++ b/config/dansguardian/dansguardian.xml @@ -44,7 +44,7 @@ Currently there are no FAQ items provided. dansguardian 1.0 - Services: Sansguardian + Services: Dansguardian /usr/local/pkg/dansguardian.inc dansguardian @@ -53,30 +53,35 @@ pkg_edit.php?xml=dansguardian.xml - http:/www.pfsense.org/packages/config/pf-blocker/dansguardian.inc + http:/www.pfsense.org/packages/config/dansguardian/dansguardian.inc /usr/local/pkg/ 0755 - http://www.pfsense.org/packages/config/pf-blocker/dansguardian.php + http://www.pfsense.org/packages/config/dansguardian/dansguardian.php /usr/local/www/ 0755 - http://www.pfsense.org/packages/config/pf-blocker/dansguardian.widget.php - /usr/local/www/widgets/widgets/ + http://www.pfsense.org/packages/config/dansguardian/dansguardian_limits.xml + /usr/local/pkg/ 0755 - http://www.pfsense.org/packages/config/dansguardian/dansguardian_limits.xml + http://www.pfsense.org/packages/config/dansguardian/dansguardian_users_header.xml /usr/local/pkg/ 0755 - http://www.pfsense.org/packages/config/dansguardian/dansguardian_lists.xml + http://www.pfsense.org/packages/config/dansguardian/dansguardian_users_footer.xml /usr/local/pkg/ 0755 + + http://www.pfsense.org/packages/config/dansguardian/dansguardian_about.php + /usr/local/www/ + 0755 + http://www.pfsense.org/packages/config/dansguardian/dansguardian_config.xml /usr/local/pkg/ @@ -87,6 +92,76 @@ /usr/local/pkg/ 0755 + + http://www.pfsense.org/packages/config/dansguardian/dansguardianfx.conf.template + /usr/local/pkg/ + 0755 + + + http://www.pfsense.org/packages/config/dansguardian/dansguardian_url_acl.xml + /usr/local/pkg/ + 0755 + + + http://www.pfsense.org/packages/config/dansguardian/dansguardian_site_acl.xml + /usr/local/pkg/ + 0755 + + + http://www.pfsense.org/packages/config/dansguardian/dansguardian_search_acl.xml + /usr/local/pkg/ + 0755 + + + http://www.pfsense.org/packages/config/dansguardian/dansguardian_pics_acl.xml + /usr/local/pkg/ + 0755 + + + http://www.pfsense.org/packages/config/dansguardian/dansguardian_phrase_acl.xml + /usr/local/pkg/ + 0755 + + + http://www.pfsense.org/packages/config/dansguardian/dansguardian_log.xml + /usr/local/pkg/ + 0755 + + + http://www.pfsense.org/packages/config/dansguardian/dansguardian_header_acl.xml + /usr/local/pkg/ + 0755 + + + http://www.pfsense.org/packages/config/dansguardian/dansguardian_groups.xml + /usr/local/pkg/ + 0755 + + + http://www.pfsense.org/packages/config/dansguardian/dansguardian_file_acl.xml + /usr/local/pkg/ + 0755 + + + http://www.pfsense.org/packages/config/dansguardian/dansguardian_content_acl.xml + /usr/local/pkg/ + 0755 + + + http://www.pfsense.org/packages/config/dansguardian/dansguardian_blacklist.xml + /usr/local/pkg/ + 0755 + + + http://www.pfsense.org/packages/config/dansguardian/dansguardian_antivirus_acl.xml + /usr/local/pkg/ + 0755 + + + http://www.pfsense.org/packages/config/dansguardian/dansguardian.conf.template + /usr/local/pkg/ + 0755 + Daemon @@ -102,11 +177,23 @@ /pkg_edit.php?xml=dansguardian_limits.xml&id=0 - Filter Groups - /pkg.php?xml=dansguardian_lists.xml + Blacklist + /pkg_edit.php?xml=dansguardian_blacklist.xml&id=0 + + + Access Lists + /pkg_edit.php?xml=dansguardian_antivirus_acl.xml&id=0 + + + Groups + /pkg.php?xml=dansguardian_groups.xml + + + Users + /pkg_edit.php?xml=dansguardian_users.xml - Report and Log + Report and log /pkg_edit.php?xml=dansguardian_log.xml&id=0 @@ -114,8 +201,8 @@ /pkg_edit.php?xml=dansguardian_sync.xml&id=0 - About - /pkg_edit.php?xml=dansguardian.php&id=0 + Help + /dansguardian_about.php @@ -125,13 +212,13 @@ Enable dansguardian - enable_dg + enable checkbox - + I agree with dansguardian terms and licence.]]> Listen Interface(s) - inbound_interface + interface WAN
Select interface(s) that you want to block incoming traffic.]]> interfaces_selection @@ -175,6 +262,14 @@ Sets the minimum and maximun number of processes to be kept ready to handle connections.
On large sites you might want to try 8/64.]]> + + Prefork Children + preforkchildren + input + 10 + + On large sites you might want to try 10]]> + Max Age Children maxagechildren diff --git a/config/dansguardian/dansguardian_about.php b/config/dansguardian/dansguardian_about.php new file mode 100755 index 00000000..306ddc3e --- /dev/null +++ b/config/dansguardian/dansguardian_about.php @@ -0,0 +1,114 @@ + + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +require("guiconfig.inc"); + +$pfSversion = str_replace("\n", "", file_get_contents("/etc/version")); +if(strstr($pfSversion, "1.2")) + $one_two = true; + +$pgtitle = "About: Dansguardian Package"; +include("head.inc"); + +?> + + + + +

+ + + + + +
+ + + + + + + + +
+ +
+
+ + + + + + + + + + + + + + + + + + + + + + + + + +
Copyright and licensing for Dansguardian 2

");?> +
Dansguardian Blacklists

");?> +
What is Dansguardian

");?> +
Marcello Coutinho

");?>
donate to pfSense project.

+ If you want that your donation goes to this package developer, make a note on donation forwarding it to me.

");?>
+ +
+
+
+
+
+ + + diff --git a/config/dansguardian/dansguardian_antivirus_acl.xml b/config/dansguardian/dansguardian_antivirus_acl.xml new file mode 100755 index 00000000..21c5c17e --- /dev/null +++ b/config/dansguardian/dansguardian_antivirus_acl.xml @@ -0,0 +1,193 @@ + + + + + + + + Describe your package here + Describe your package requirements here + Currently there are no FAQ items provided. + dansguardianantivirusacl + 1.0 + Services: Dansguardian - Access Lists + /usr/local/pkg/dansguardian.inc + + + Back to config + /pkg_edit.php?xml=dansguardian.xml&id=0 + + + Antivirus + /pkg_edit.php?xml=dansguardian_antivirus_acl.xml&id=0 + + + + Pics + /pkg.php?xml=dansguardian_pics_acl.xml&id=0 + + + Phase + /pkg.php?xml=dansguardian_phrase_acl.xml + + + Site + /pkg.php?xml=dansguardian_site_acl.xml + + + URL + /pkg.php?xml=dansguardian_url_acl.xml + + + Extension + /pkg.php?xml=dansguardian_file_acl.xml + + + Content + /pkg.php?xml=dansguardian_content_acl.xml + + + Header + /pkg.php?xml=dansguardian_header_acl.xml + + + Searche Engine + /pkg.php?xml=dansguardian_search_acl.xml + + + Groups + /pkg.php?xml=dansguardian_groups.xml + + + Users + /pkg_edit.php?xml=dansguardian_users.xml + + + + + Extension + listtopic + + + Enable + extension_enabled + checkbox + + + + config + extension_list + + Leave empty to load dansguardian defaults]]> + textarea + 80 + 10 + base64 + + + Mime + listtopic + + + Enable + mime_enabled + checkbox + + + + config + mime_list + + Leave empty to load dansguardian defaults]]> + textarea + 80 + 10 + base64 + + + Site + listtopic + + + Enable + site_enabled + checkbox + + + + config + site_list + + Leave empty to load dansguardian defaults]]> + textarea + 80 + 10 + base64 + + + URL + listtopic + + + Enable + url_enabled + checkbox + + + + config + url_list + + Leave empty to load dansguardian defaults]]> + textarea + 80 + 10 + base64 + + + + dansguardian_php_install_command(); + + + dansguardian_php_deinstall_command(); + + + dansguardian_validate_input($_POST, &$input_errors); + + + sync_package_dansguardian(); + + \ No newline at end of file diff --git a/config/dansguardian/dansguardian_blacklist.xml b/config/dansguardian/dansguardian_blacklist.xml new file mode 100644 index 00000000..d518f531 --- /dev/null +++ b/config/dansguardian/dansguardian_blacklist.xml @@ -0,0 +1,156 @@ + + + + + + + + Describe your package here + Describe your package requirements here + Currently there are no FAQ items provided. + dansguardianblacklist + 1.0 + Services: Dansguardian + /usr/local/pkg/dansguardian.inc + + + Daemon + /pkg_edit.php?xml=dansguardian.xml&id=0 + + + General + /pkg_edit.php?xml=dansguardian_config.xml&id=0 + + + Limits + /pkg_edit.php?xml=dansguardian_limits.xml&id=0 + + + Blacklist + /pkg_edit.php?xml=dansguardian_blacklist.xml&id=0 + + + + Access Lists + /pkg_edit.php?xml=dansguardian_antivirus_acl.xml&id=0 + + + Groups + /pkg.php?xml=dansguardian_groups.xml + + + Users + /pkg_edit.php?xml=dansguardian_users.xml + + + Report and log + /pkg_edit.php?xml=dansguardian_log.xml&id=0 + + + XMLRPC Sync + /pkg_edit.php?xml=dansguardian_sync.xml&id=0 + + + Help + /dansguardian_about.php + + + + + Blacklist options + listtopic + + + Enable + blacklist + checkbox + + + Update frequency + cron + Never
+ Select how often pfsense will re download Blacklist files]]> + select + + + + + + + + + + Blacklist URL + url + + File must be in tar.gz or tgz format.]]> + input + 80 + + + Custom update script + listtopic + + + Enable + enable_custom_script + checkbox + + + script + update_script + + This script will be called by update frequency schedule.]]> + textarea + 80 + 15 + base64 + + + + dansguardian_php_install_command(); + + + dansguardian_php_deinstall_command(); + + + dansguardian_validate_input($_POST, &$input_errors); + + + sync_package_dansguardian(); + + diff --git a/config/dansguardian/dansguardian_config.xml b/config/dansguardian/dansguardian_config.xml index d3ed5277..7e4eda17 100644 --- a/config/dansguardian/dansguardian_config.xml +++ b/config/dansguardian/dansguardian_config.xml @@ -61,11 +61,23 @@ /pkg_edit.php?xml=dansguardian_limits.xml&id=0 - Filter Groups - /pkg.php?xml=dansguardian_lists.xml + Blacklist + /pkg_edit.php?xml=dansguardian_blacklist.xml&id=0 - Report and Log + Access Lists + /pkg_edit.php?xml=dansguardian_antivirus_acl.xml&id=0 + + + Groups + /pkg.php?xml=dansguardian_groups.xml + + + Users + /pkg_edit.php?xml=dansguardian_users.xml + + + Report and log /pkg_edit.php?xml=dansguardian_log.xml&id=0 @@ -73,8 +85,8 @@ /pkg_edit.php?xml=dansguardian_sync.xml&id=0 - About - /pkg_edit.php?xml=dansguardian.php&id=0 + Help + /dansguardian_about.php @@ -83,24 +95,19 @@ listtopic - Url cache number - urlcachenumber - input - 10 - - 0 = off (recommended for ISPs with users with disimilar browsing)
- 1000 = recommended for most user
- 5000 = suggested max upper limit
- If you're using an AV plugin then use at least 5000.]]> - - - Url cache age - urlcacheage - input - 10 - - 900 = 15 mins(recommended)
- 0 = never]]> + Auth Plugin + auth_plugin + + select + + + + + + + + Scan Options @@ -133,6 +140,18 @@ + + Lower casing options + preservecase + + However this can break Big5 and other 16-bit texts. If needed preserve the case.]]> + select + + + + + + Phrase filter mode phrasefiltermode @@ -148,31 +167,63 @@ + + + Url cache number + urlcachenumber + input + 10 + + 0 = off (recommended for ISPs with users with disimilar browsing)
+ 1000 = recommended for most user
+ 5000 = suggested max upper limit
+ If you're using an AV plugin then use at least 5000.]]> - Lower casing options - preservecase - - However this can break Big5 and other 16-bit texts. If needed preserve the case.]]> - select - - - - - + Url cache age + urlcacheage + input + 10 + + 900 = 15 mins(recommended)
+ 0 = never]]> + + + SSL man in the middle Filtering + listtopic - + + CA + ca + + To create a CA on pfsense, go to system -> Cert Manager]]> + select_source + + descr + refid + + + Cert + cert + + To create a Certificate on pfsense, go to system -> Cert Manager]]> + select_source + + descr + refid + + Content Scanner listtopic - Content Scanners + Content Scanners (antivirus) content_scanners select - - + + 3 @@ -195,6 +246,15 @@ This is probably not desirable behavour as exceptions are supposed to be trusted and will increase load.
Correct use of grey lists are a better idea.]]> + + ICAP URL + contentscannertimeout + input + 40 + icap://icapserver:1344/avscan format
+ Use hostname rather than IP address and Always specify the port]]> + + Misc settings listtopic diff --git a/config/dansguardian/dansguardian_content_acl.xml b/config/dansguardian/dansguardian_content_acl.xml new file mode 100755 index 00000000..14524b8d --- /dev/null +++ b/config/dansguardian/dansguardian_content_acl.xml @@ -0,0 +1,160 @@ + + + + + + + + Describe your package here + Describe your package requirements here + Currently there are no FAQ items provided. + dansguardiancontentacl + 1.0 + Services: Dansguardian - Access Lists + /usr/local/pkg/dansguardian.inc + + + Back to Config + /pkg_edit.php?xml=dansguardian.xml&id=0 + + + Antivirus + /pkg_edit.php?xml=dansguardian_antivirus_acl.xml&id=0 + + + Pics + /pkg.php?xml=dansguardian_pics_acl.xml&id=0 + + + Phase + /pkg.php?xml=dansguardian_phrase_acl.xml + + + Site + /pkg.php?xml=dansguardian_site_acl.xml + + + URL + /pkg.php?xml=dansguardian_url_acl.xml + + + Extension + /pkg.php?xml=dansguardian_file_acl.xml + + + Content + /pkg.php?xml=dansguardian_content_acl.xml + + + + Header + /pkg.php?xml=dansguardian_header_acl.xml + + + Searche Engine + /pkg.php?xml=dansguardian_search_acl.xml + + + Groups + /pkg.php?xml=dansguardian_groups.xml + + + Users + /pkg_edit.php?xml=dansguardian_users.xml + + + + + Group name + name + + + Description + description + + + + + File Access Lists + listtopic + + + Name + name + + input + 25 + + + description + description + input + 80 + + + Banned + listtopic + + + Enable + content_enabled + checkbox + + + + Config + content_regexplist + + Leave empty to load dansguardian defaults]]> + textarea + 80 + 30 + base64 + + + + dansguardian_php_install_command(); + + + dansguardian_php_deinstall_command(); + + + dansguardian_validate_input($_POST, &$input_errors); + + + sync_package_dansguardian(); + + \ No newline at end of file diff --git a/config/dansguardian/dansguardian_file_acl.xml b/config/dansguardian/dansguardian_file_acl.xml new file mode 100755 index 00000000..4dba7567 --- /dev/null +++ b/config/dansguardian/dansguardian_file_acl.xml @@ -0,0 +1,200 @@ + + + + + + + + Describe your package here + Describe your package requirements here + Currently there are no FAQ items provided. + dansguardianfileacl + 1.0 + Services: Dansguardian - Access Lists + /usr/local/pkg/dansguardian.inc + + + Back to Config + /pkg_edit.php?xml=dansguardian.xml&id=0 + + + Antivirus + /pkg_edit.php?xml=dansguardian_antivirus_acl.xml&id=0 + + + Pics + /pkg.php?xml=dansguardian_pics_acl.xml&id=0 + + + Phase + /pkg.php?xml=dansguardian_phrase_acl.xml + + + Site + /pkg.php?xml=dansguardian_site_acl.xml + + + URL + /pkg.php?xml=dansguardian_url_acl.xml + + + Extension + /pkg.php?xml=dansguardian_file_acl.xml + + + + Content + /pkg.php?xml=dansguardian_content_acl.xml + + + Header + /pkg.php?xml=dansguardian_header_acl.xml + + + Searche Engine + /pkg.php?xml=dansguardian_search_acl.xml + + + Groups + /pkg.php?xml=dansguardian_groups.xml + + + Users + /pkg_edit.php?xml=dansguardian_users.xml + + + + + Group name + name + + + Description + description + + + + + File Access Lists + listtopic + + + Name + name + + input + 25 + + + description + description + input + 80 + + + Banned + listtopic + + + Enable + banned_enabled + checkbox + + + + Extension + banned_extensionlist + + Leave empty to load dansguardian defaults]]> + textarea + 80 + 10 + base64 + + + Mime + banned_mimetypelist + + Leave empty to load dansguardian defaults]]> + textarea + 80 + 10 + base64 + + + Exception + listtopic + + + Enable + exception_enabled + checkbox + + + + Extension + exception_extensionlist + + Leave empty to load dansguardian defaults]]> + textarea + 80 + 10 + base64 + + + Mime + exception_mimetypelist + + Leave empty to load dansguardian defaults]]> + textarea + 80 + 10 + base64 + + + + dansguardian_php_install_command(); + + + dansguardian_php_deinstall_command(); + + + dansguardian_validate_input($_POST, &$input_errors); + + + sync_package_dansguardian(); + + \ No newline at end of file diff --git a/config/dansguardian/dansguardian_filters.xml b/config/dansguardian/dansguardian_filters.xml deleted file mode 100755 index 42f1c0ae..00000000 --- a/config/dansguardian/dansguardian_filters.xml +++ /dev/null @@ -1,241 +0,0 @@ - - - - - - - Copyright (C) 2011 Marcello Coutinho - - All rights reserved. -*/ -/* ========================================================================== */ -/* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ - ]]> - - Describe your package here - Describe your package requirements here - Currently there are no FAQ items provided. - pfblockerlists - 1.0 - Firewall: pfBlocker - /usr/local/pkg/pfblocker.inc - - pfBlocker - -
Firewall
- pfblocker_lists.xml - - - - General - /pkg_edit.php?xml=pfblocker.xml&id=0 - - - Lists - /pkg.php?xml=pfblocker_lists.xml - - - - - Top Spammers - /pkg_edit.php?xml=pfblocker_topspammers.xml&id=0 - - - - Africa - /pkg_edit.php?xml=pfblocker_Africa.xml&id=0 - - - - Asia - /pkg_edit.php?xml=pfblocker_Asia.xml&id=0 - - - - Europe - /pkg_edit.php?xml=pfblocker_Europe.xml&id=0 - - - North America - /pkg_edit.php?xml=pfblocker_NorthAmerica.xml&id=0 - - - Oceania - /pkg_edit.php?xml=pfblocker_Oceania.xml&id=0 - - - South America - /pkg_edit.php?xml=pfblocker_SouthAmerica.xml&id=0 - - - XMLRPC Sync - /pkg_edit.php?xml=pfblocker_sync.xml&id=0 - - - - - Alias - aliasname - - - Description - description - - - - Action - action - - - Update Frequency - cron - - - - - Network ranges / CIDR lists - listtopic - - - Alias Name - aliasname - - Example: Badguys
- Do not include pfBlocker name, it's done by package.
- International, special or space caracters will be ignored in pfsense alias name.
]]> - input - 20 - - - List Description - description - input - 90 - - - - none - - 'Url or local file' - Add direct link to list (Example: Ads, - Spyware, - Proxies )
-
Note:
- Compressed lists must be in gz format.
- Downloaded or local file must have only one network per line and could follows PeerBlock syntax or this below:
- Network ranges: 172.16.1.0-172.16.1.255
- IP Address: 172.16.1.10
- CIDR: 172.16.1.0/24 - ]]> - rowhelper - - - Format - format - select - - - - - - - Url or localfile - url - input - 75 - - - - - List Action - Deny Inbound
- Select action for network on lists you have selected.

- Note:
'Deny Both' - Will deny access on Both directions.
- 'Deny Inbound' - Will deny access from selected lists to your network.
- 'Deny Outbound' - Will deny access from your users to ip lists you selected to block.
- 'Permit Inbound' - Will allow access from selected lists to your network.
- 'Permit Outbound' - Will allow access from your users to ip lists you selected to block.
- 'Disabled' - Will just keep selection and do nothing to selected Lists.
- 'Alias Only' - Will create an alias with selected Lists to help custom rule assignments.

- While creating rules with this list, keep aliasname in the beggining of rule description and do not end description with 'rule'.
 - custom rules with 'Aliasname something rule' description will be removed by package.]]> - action - select - - - - - - - - - - - - Update frequency - cron - Never
- Select how often pfsense will download List files]]> - select - - - - - - - - - - Custom list - listtopic - - - CIDR - custom - - Example: 192.168.1.0/24]]> - textarea - 50 - 10 - base64 - - - - pfblocker_php_install_command(); - - - pfblocker_php_deinstall_command(); - - - pfblocker_validate_input($_POST, &$input_errors); - - - sync_package_pfblocker(); - - \ No newline at end of file diff --git a/config/dansguardian/dansguardian_groups.xml b/config/dansguardian/dansguardian_groups.xml new file mode 100755 index 00000000..4f56601f --- /dev/null +++ b/config/dansguardian/dansguardian_groups.xml @@ -0,0 +1,340 @@ + + + + + + + + Describe your package here + Describe your package requirements here + Currently there are no FAQ items provided. + dansguardiangroups + 1.0 + Services: Dansguardian + /usr/local/pkg/dansguardian.inc + + + Daemon + /pkg_edit.php?xml=dansguardian.xml&id=0 + + + General + /pkg_edit.php?xml=dansguardian_config.xml&id=0 + + + Limits + /pkg_edit.php?xml=dansguardian_limits.xml&id=0 + + + Blacklist + /pkg_edit.php?xml=dansguardian_blacklist.xml&id=0 + + + Access Lists + /pkg_edit.php?xml=dansguardian_antivirus_acl.xml&id=0 + + + Groups + /pkg.php?xml=dansguardian_groups.xml + + + + Users + /pkg_edit.php?xml=dansguardian_users.xml + + + Report and log + /pkg_edit.php?xml=dansguardian_log.xml&id=0 + + + XMLRPC Sync + /pkg_edit.php?xml=dansguardian_sync.xml&id=0 + + + Help + /dansguardian_about.php + + + + + Group name + name + + + Group mode + mode + + + + Description + description + + + + + Description + listtopic + + + Filter Group Name + name + + input + 20 + + + List Description + description + input + 60 + + + Acess Lists + listtopic + + + Group Options + group_options + + select + + + + + + + + + + + + + 10 + + + + Pics + picsacl + + select_source + + name + name + + + Phrase + phraseacl + + select_source + + name + name + + + Site + siteacl + + select_source + + name + name + + + URL + urlacl + + select_source + + name + name + + + Extension + extensionacl + + select_source + + name + name + + + Header + headeracl + + select_source + + name + name + + + Content + contentacl + + select_source + + name + name + + + Search + searchacl + + select_source + + name + name + + + Values + listtopic + + + Filter Group Mode + mode + + This mechanism replaces the "banneduserlist"]]> + select + + + + + + + + Reporting Level + reportinglevel + + If defined, this overrides the global setting in dansguardian.conf for members of this filter group.]]> + select + + + + + + + + + + Weighted phrase mode + weightedphrasemode + + select + + + + + + + + + Naughtiness limite + naughtynesslimit + + Phrases to do with good subjects will have negative values, and bad subjects will have positive values.
+ See the weightedphraselist file for examples.
+ As a guide:
+ 50 is for young children, 100 for old children, 160 for young adults.]]> + input + 10 + + + Search term limit + searchtermlimit + Default 30
The limit over which requests will be blocked for containing search terms which match the weightedphraselist.
+ This should usually be lower than the 'naughtynesslimit' value above, because the amount of text being filtered is only a few words, rather than a whole page.
+ A value of 0 here indicates that search terms should be extracted, for logging/reporting purposes, but no filtering should be performed on the resulting text.]]> + input + 10 + + + Category display threshold + categorydisplaythreshold + + Defines the minimum score that must be accumulated within a particular category in order for it to show up on the block pages' category list.
+ All categories under which the page scores positively will be logged; those that were not displayed to the user appear in brackets.
+ -1 = display only the highest scoring category
+ 0 = display all categories (default)
+ > 0 = minimum score for a category to be displayed]]> + input + 10 + + + Embedded URL weighting + embeddedurlweight + + Each link to a banned page causes the amount set here to be added to the page's weighting.
+ The behaviour of this option with regards to multiple occurrences of a site/URL is affected by the weightedphrasemode setting.

+ Set to 0 to disable(default). + WARNING: This option is highly CPU intensive!]]> + input + 10 + + + Temporary Denied Page Bypass + bypass + + You define the number of seconds the bypass will function for before the deny will appear again.
+ To allow the link on the denied page to appear you will need to edit the template.html or dansguardian.pl file for your language.
+ 300 = enable for 5 minutes
+ 0 = disable ( defaults to 0 )]]> + input + 10 + + + Infection/Scan Error Bypass + infectionbypass + + The option specifies the number of seconds for which the bypass link will be valid.
+ 300 = enable for 5 minutes
+ 0 = disable ( defaults to 0 )]]> + input + 10 + + + + dansguardian_php_install_command(); + + + dansguardian_php_deinstall_command(); + + + dansguardian_validate_input($_POST, &$input_errors); + + + sync_package_dansguardian(); + + \ No newline at end of file diff --git a/config/dansguardian/dansguardian_header_acl.xml b/config/dansguardian/dansguardian_header_acl.xml new file mode 100755 index 00000000..2a07af24 --- /dev/null +++ b/config/dansguardian/dansguardian_header_acl.xml @@ -0,0 +1,180 @@ + + + + + + + + Describe your package here + Describe your package requirements here + Currently there are no FAQ items provided. + dansguardianheaderacl + 1.0 + Services: Dansguardian - Access Lists + /usr/local/pkg/dansguardian.inc + + + Back to Config + /pkg_edit.php?xml=dansguardian.xml&id=0 + + + Antivirus + /pkg_edit.php?xml=dansguardian_antivirus_acl.xml&id=0 + + + Pics + /pkg.php?xml=dansguardian_pics_acl.xml&id=0 + + + Phase + /pkg.php?xml=dansguardian_phrase_acl.xml + + + Site + /pkg.php?xml=dansguardian_site_acl.xml + + + URL + /pkg.php?xml=dansguardian_url_acl.xml + + + Extension + /pkg.php?xml=dansguardian_file_acl.xml + + + Content + /pkg.php?xml=dansguardian_content_acl.xml + + + Header + /pkg.php?xml=dansguardian_header_acl.xml + + + + Searche Engine + /pkg.php?xml=dansguardian_search_acl.xml + + + Groups + /pkg.php?xml=dansguardian_groups.xml + + + Users + /pkg_edit.php?xml=dansguardian_users.xml + + + + + Group name + name + + + Description + description + + + + + Header Access Lists + listtopic + + + Name + name + + input + 25 + + + description + description + input + 80 + + + Banned + listtopic + + + Enable + banned_enabled + checkbox + + + + config + banned_regexpheaderlist + + Leave empty to load dansguardian defaults]]> + textarea + 80 + 10 + base64 + + + Replace + listtopic + + + Enable + regexp_enabled + checkbox + + + + Config + header_regexplist + + Leave empty to load dansguardian defaults]]> + textarea + 80 + 10 + base64 + + + + dansguardian_php_install_command(); + + + dansguardian_php_deinstall_command(); + + + dansguardian_validate_input($_POST, &$input_errors); + + + sync_package_dansguardian(); + + \ No newline at end of file diff --git a/config/dansguardian/dansguardian_limits.xml b/config/dansguardian/dansguardian_limits.xml index 2a1be7d6..e28393a1 100644 --- a/config/dansguardian/dansguardian_limits.xml +++ b/config/dansguardian/dansguardian_limits.xml @@ -61,11 +61,23 @@ - Filter Groups - /pkg.php?xml=dansguardian_lists.xml + Blacklist + /pkg_edit.php?xml=dansguardian_blacklist.xml&id=0 - Report and Log + Access Lists + /pkg_edit.php?xml=dansguardian_antivirus_acl.xml&id=0 + + + Groups + /pkg.php?xml=dansguardian_groups.xml + + + Users + /pkg_edit.php?xml=dansguardian_users.xml + + + Report and log /pkg_edit.php?xml=dansguardian_log.xml&id=0 @@ -73,8 +85,8 @@ /pkg_edit.php?xml=dansguardian_sync.xml&id=0 - About - /pkg_edit.php?xml=dansguardian.php&id=0 + Help + /dansguardian_about.php diff --git a/config/dansguardian/dansguardian_lists.xml b/config/dansguardian/dansguardian_lists.xml deleted file mode 100755 index e78658cd..00000000 --- a/config/dansguardian/dansguardian_lists.xml +++ /dev/null @@ -1,329 +0,0 @@ - - - - - - - - Describe your package here - Describe your package requirements here - Currently there are no FAQ items provided. - dansguardianlists - 1.0 - Services: Dansguardian - /usr/local/pkg/dansguardian.inc - - - Daemon - /pkg_edit.php?xml=dansguardian.xml&id=0 - - - General - /pkg_edit.php?xml=dansguardian_config.xml&id=0 - - - Limits - /pkg_edit.php?xml=dansguardian_limits.xml&id=0 - - - Filter Groups - /pkg.php?xml=dansguardian_lists.xml - - - - Report and Log - /pkg_edit.php?xml=dansguardian_log.xml&id=0 - - - XMLRPC Sync - /pkg_edit.php?xml=dansguardian_sync.xml&id=0 - - - About - /pkg_edit.php?xml=dansguardian.php&id=0 - - - - - Group name - name - - - Group mode - mode - - - - Description - description - - - - Action - action - - - Update Frequency - cron - - - - - Description - listtopic - - - Filter Group Name - groupname - - Example: Badguys
- Do not include pfBlocker name, it's done by package.
- International, special or space caracters will be ignored in pfsense alias name.
]]> - input - 20 - - - Filter Group Mode - groupmode - - This mechanism replaces the "banneduserlist"]]> - select - - - - - - - - List Description - description - input - 90 - - - Values - listtopic - - - Reporting Level - report_level - - If defined, this overrides the global setting in dansguardian.conf for members of this filter group.]]> - select - - - - - - - - - - Weighted phrase mode - weightedphrasemode - - See documentation for supported values in that file.]]> - input - 10 - - - Naughtiness limite - naughtynesslimit - - Phrases to do with good subjects will have negative values, and bad subjects will have positive values.
- See the weightedphraselist file for examples.
- As a guide:
- 50 is for young children, 100 for old children, 160 for young adults.]]> - input - 10 - - - Search term limit - searchtermlimit - Default 30
The limit over which requests will be blocked for containing search terms which match the weightedphraselist.
- This should usually be lower than the 'naughtynesslimit' value above, because the amount of text being filtered is only a few words, rather than a whole page.
- A value of 0 here indicates that search terms should be extracted, for logging/reporting purposes, but no filtering should be performed on the resulting text.]]> - input - 10 - - - Category display threshold - categorydisplaythreshold - - Defines the minimum score that must be accumulated within a particular category in order for it to show up on the block pages' category list.
- All categories under which the page scores positively will be logged; those that were not displayed to the user appear in brackets.
- -1 = display only the highest scoring category
- 0 = display all categories (default)
- > 0 = minimum score for a category to be displayed]]> - input - 10 - - - Embedded URL weighting - embeddedurlweight - - Each link to a banned page causes the amount set here to be added to the page's weighting.
- The behaviour of this option with regards to multiple occurrences of a site/URL is affected by the weightedphrasemode setting.

- Set to 0 to disable(default). - WARNING: This option is highly CPU intensive!]]> - input - 10 - - - Temporary Denied Page Bypass - bypass - - You define the number of seconds the bypass will function for before the deny will appear again.
- To allow the link on the denied page to appear you will need to edit the template.html or dansguardian.pl file for your language.
- 300 = enable for 5 minutes
- 0 = disable ( defaults to 0 )]]> - input - 10 - - - Infection/Scan Error Bypass - infectionbypass - - The option specifies the number of seconds for which the bypass link will be valid.
- 300 = enable for 5 minutes
- 0 = disable ( defaults to 0 )]]> - input - 10 - - - Lists - listtopic - - - Group Options - group_options - - select - - - - - - - - - - - - - 10 - - - Content filtering - group_options - - select - - - - - - - - - - - - - - - - - 14 - - - File type filtering - file_options - - select - - - - - - - - - - 7 - - - search engine filtering - file_options - - select - - - - - - - - 5 - - - Custom list - listtopic - - - CIDR - custom - - Example: 192.168.1.0/24]]> - textarea - 50 - 10 - base64 - - - - pfblocker_php_install_command(); - - - pfblocker_php_deinstall_command(); - - - pfblocker_validate_input($_POST, &$input_errors); - - - sync_package_pfblocker(); - - \ No newline at end of file diff --git a/config/dansguardian/dansguardian_log.xml b/config/dansguardian/dansguardian_log.xml index 386fe159..ceb7ccb0 100644 --- a/config/dansguardian/dansguardian_log.xml +++ b/config/dansguardian/dansguardian_log.xml @@ -60,11 +60,23 @@ /pkg_edit.php?xml=dansguardian_limits.xml&id=0 - Filter Groups - /pkg.php?xml=dansguardian_lists.xml + Blacklist + /pkg_edit.php?xml=dansguardian_blacklist.xml&id=0 - Report and Log + Access Lists + /pkg_edit.php?xml=dansguardian_antivirus_acl.xml&id=0 + + + Groups + /pkg.php?xml=dansguardian_groups.xml + + + Users + /pkg_edit.php?xml=dansguardian_users.xml + + + Report and log /pkg_edit.php?xml=dansguardian_log.xml&id=0 @@ -73,8 +85,8 @@ /pkg_edit.php?xml=dansguardian_sync.xml&id=0 - About - /pkg_edit.php?xml=dansguardian.php&id=0 + Help + /dansguardian_about.php diff --git a/config/dansguardian/dansguardian_phrase_acl.xml b/config/dansguardian/dansguardian_phrase_acl.xml new file mode 100755 index 00000000..1d49ef9e --- /dev/null +++ b/config/dansguardian/dansguardian_phrase_acl.xml @@ -0,0 +1,223 @@ + + + + + + + + Describe your package here + Describe your package requirements here + Currently there are no FAQ items provided. + dansguardianphraseacl + 1.0 + Services: Dansguardian - Access Lists + /usr/local/pkg/dansguardian.inc + + + Back to Config + /pkg_edit.php?xml=dansguardian.xml&id=0 + + + Antivirus + /pkg_edit.php?xml=dansguardian_antivirus_acl.xml&id=0 + + + Pics + /pkg.php?xml=dansguardian_pics_acl.xml&id=0 + + + Phase + /pkg.php?xml=dansguardian_phrase_acl.xml + + + + Site + /pkg.php?xml=dansguardian_site_acl.xml + + + URL + /pkg.php?xml=dansguardian_url_acl.xml + + + Extension + /pkg.php?xml=dansguardian_file_acl.xml + + + Content + /pkg.php?xml=dansguardian_content_acl.xml + + + Header + /pkg.php?xml=dansguardian_header_acl.xml + + + Searche Engine + /pkg.php?xml=dansguardian_search_acl.xml + + + Groups + /pkg.php?xml=dansguardian_groups.xml + + + Users + /pkg_edit.php?xml=dansguardian_users.xml + + + + + Access List name + name + + + Access List Descriptions + description + + + + + Phrase Access List + listtopic + + + Name + name + + input + 25 + + + Description + description + input + 80 + + + Banned Lists + listtopic + + + Enable + banned_enabled + checkbox + + + + Include + banned_includes + + select_source + + descr + file + + 10 + + + Config file + banned_phraselist + + Leave empty to load dansguardian defaults]]> + textarea + 80 + 10 + base64 + + + Weighted Lists + listtopic + + + Enable + weighted_enabled + checkbox + + + + Include + weighted_includes + + select_source + + descr + file + + 20 + + + Config file + weighted_phraselist + + Leave empty to load dansguardian defaults]]> + textarea + 80 + 10 + base64 + + + Exception Lists + listtopic + + + Enable + exception_enabled + checkbox + + + + + Config file + exception_phraselist + + Leave empty to load dansguardian defaults]]> + textarea + 80 + 10 + base64 + + + + dansguardian_php_install_command(); + + + dansguardian_php_deinstall_command(); + + + dansguardian_validate_input($_POST, &$input_errors); + + + sync_package_dansguardian(); + + \ No newline at end of file diff --git a/config/dansguardian/dansguardian_pics_acl.xml b/config/dansguardian/dansguardian_pics_acl.xml new file mode 100644 index 00000000..016d360e --- /dev/null +++ b/config/dansguardian/dansguardian_pics_acl.xml @@ -0,0 +1,157 @@ + + + + + + + + Describe your package here + Describe your package requirements here + Currently there are no FAQ items provided. + dansguardianpicsacl + 1.0 + Services: Dansguardian - Access Lists + /usr/local/pkg/dansguardian.inc + + + Back to Config + /pkg_edit.php?xml=dansguardian.xml&id=0 + + + Antivirus + /pkg_edit.php?xml=dansguardian_antivirus_acl.xml&id=0 + + + Pics + /pkg.php?xml=dansguardian_pics_acl.xml&id=0 + + + + Phase + /pkg.php?xml=dansguardian_phrase_acl.xml + + + Site + /pkg.php?xml=dansguardian_site_acl.xml + + + URL + /pkg.php?xml=dansguardian_url_acl.xml + + + Extension + /pkg.php?xml=dansguardian_file_acl.xml + + + Content + /pkg.php?xml=dansguardian_content_acl.xml + + + Header + /pkg.php?xml=dansguardian_header_acl.xml + + + Searche Engine + /pkg.php?xml=dansguardian_search_acl.xml + + + Groups + /pkg.php?xml=dansguardian_groups.xml + + + Users + /pkg_edit.php?xml=dansguardian_users.xml + + + + + Access List Name + name + + + Access List Description + description + + + + + Pics + listtopic + + + Name + name + + input + 25 + + + description + description + input + 80 + + + Enable + pics_enabled + checkbox + + + + config + pics + + Leave empty to load dansguardian defaults]]> + textarea + 80 + 70 + base64 + + + + dansguardian_php_install_command(); + + + dansguardian_php_deinstall_command(); + + + dansguardian_validate_input($_POST, &$input_errors); + + + sync_package_dansguardian(); + + diff --git a/config/dansguardian/dansguardian_search_acl.xml b/config/dansguardian/dansguardian_search_acl.xml new file mode 100755 index 00000000..8ed714f3 --- /dev/null +++ b/config/dansguardian/dansguardian_search_acl.xml @@ -0,0 +1,217 @@ + + + + + + + + Describe your package here + Describe your package requirements here + Currently there are no FAQ items provided. + dansguardiansearchacl + 1.0 + Services: Dansguardian - Access Lists + /usr/local/pkg/dansguardian.inc + + + Back to Config + /pkg_edit.php?xml=dansguardian.xml&id=0 + + + Antivirus + /pkg_edit.php?xml=dansguardian_antivirus_acl.xml&id=0 + + + Pics + /pkg.php?xml=dansguardian_pics_acl.xml&id=0 + + + Phase + /pkg.php?xml=dansguardian_phrase_acl.xml + + + Site + /pkg.php?xml=dansguardian_site_acl.xml + + + URL + /pkg.php?xml=dansguardian_url_acl.xml + + + Extension + /pkg.php?xml=dansguardian_file_acl.xml + + + Content + /pkg.php?xml=dansguardian_content_acl.xml + + + Header + /pkg.php?xml=dansguardian_header_acl.xml + + + Searche Engine + /pkg.php?xml=dansguardian_search_acl.xml + + + + Groups + /pkg.php?xml=dansguardian_groups.xml + + + Users + /pkg_edit.php?xml=dansguardian_users.xml + + + + + Access List Name + name + + + Access List Description + description + + + + + Description + listtopic + + + Name + name + + input + 25 + + + description + description + input + 80 + + + Banned + listtopic + + + Enable + banned_enabled + checkbox + + + + Config + banned_searchtermlist + + textarea + 80 + 10 + base64 + + + Exception + listtopic + + + Enable + exception_enabled + checkbox + + + + config + exception_searchtermlist + + textarea + 80 + 10 + base64 + + + Weighted + listtopic + + + Enable + weighted_enabled + checkbox + + + + Config + weighted_searchtermlist + + textarea + 80 + 10 + base64 + + + Regexp + listtopic + + + Enable + regexp_enabled + checkbox + + + + Config + searchengineregexplist + + textarea + 80 + 10 + base64 + + + + + dansguardian_php_install_command(); + + + dansguardian_php_deinstall_command(); + + + dansguardian_validate_input($_POST, &$input_errors); + + + sync_package_dansguardian(); + + \ No newline at end of file diff --git a/config/dansguardian/dansguardian_site_acl.xml b/config/dansguardian/dansguardian_site_acl.xml new file mode 100755 index 00000000..69f4fa80 --- /dev/null +++ b/config/dansguardian/dansguardian_site_acl.xml @@ -0,0 +1,253 @@ + + + + + + + + Describe your package here + Describe your package requirements here + Currently there are no FAQ items provided. + dansguardiansiteacl + 1.0 + Services: Dansguardian - Access Lists + /usr/local/pkg/dansguardian.inc + + + Back to Config + /pkg_edit.php?xml=dansguardian.xml&id=0 + + + Antivirus + /pkg_edit.php?xml=dansguardian_antivirus_acl.xml&id=0 + + + Pics + /pkg.php?xml=dansguardian_pics_acl.xml&id=0 + + + Phase + /pkg.php?xml=dansguardian_phrase_acl.xml + + + Site + /pkg.php?xml=dansguardian_site_acl.xml + + + + URL + /pkg.php?xml=dansguardian_url_acl.xml + + + Extension + /pkg.php?xml=dansguardian_file_acl.xml + + + Content + /pkg.php?xml=dansguardian_content_acl.xml + + + Header + /pkg.php?xml=dansguardian_header_acl.xml + + + Searche Engine + /pkg.php?xml=dansguardian_search_acl.xml + + + Groups + /pkg.php?xml=dansguardian_groups.xml + + + Users + /pkg_edit.php?xml=dansguardian_users.xml + + + + + Access List Name + name + + + Access List Description + description + + + + + Site Access Lists + listtopic + + + Name + name + + input + 25 + + + description + description + input + 80 + + + Banned + listtopic + + + Enable + bannedsite_enabled + checkbox + + + + Include + banned_includes + + select_source + + descr + file + + 20 + + + Config + banned_sitelist + + Leave empty to load dansguardian defaults]]> + textarea + 80 + 10 + base64 + + + Grey + listtopic + + + Enable + greysite_enable + checkbox + + + + Config + grey_sitelist + + Leave empty to load dansguardian defaults]]> + textarea + 80 + 10 + base64 + + + Exception + listtopic + + + Enable + exceptionsite_enabled + checkbox + + + + Include + exception_includes + + select_source + + descr + file + + 5 + + + Config + exception_sitelist + + Leave empty to load dansguardian defaults]]> + textarea + 80 + 10 + base64 + + + File + exceptionfile_sitelist + + Leave empty to load dansguardian defaults]]> + textarea + 80 + 10 + base64 + + + Log + listtopic + + + Enable + logsite_enabled + checkbox + + + + Config + log_sitelist + + Leave empty to load dansguardian defaults]]> + textarea + 80 + 10 + base64 + + + + + dansguardian_php_install_command(); + + + dansguardian_php_deinstall_command(); + + + dansguardian_validate_input($_POST, &$input_errors); + + + sync_package_dansguardian(); + + \ No newline at end of file diff --git a/config/dansguardian/dansguardian_sync.xml b/config/dansguardian/dansguardian_sync.xml index 9fb69102..22e4a879 100755 --- a/config/dansguardian/dansguardian_sync.xml +++ b/config/dansguardian/dansguardian_sync.xml @@ -59,8 +59,20 @@ /pkg_edit.php?xml=dansguardian_limits.xml&id=0 - Filter Groups - /pkg.php?xml=dansguardian_lists.xml + Blacklist + /pkg_edit.php?xml=dansguardian_blacklist.xml&id=0 + + + Access Lists + /pkg_edit.php?xml=dansguardian_antivirus_acl.xml&id=0 + + + Groups + /pkg.php?xml=dansguardian_groups.xml + + + Users + /pkg_edit.php?xml=dansguardian_users.xml Report and Log @@ -72,8 +84,8 @@ - About - /pkg_edit.php?xml=dansguardian.php&id=0 + Help + /dansguardian_about.php diff --git a/config/dansguardian/dansguardian_url_acl.xml b/config/dansguardian/dansguardian_url_acl.xml new file mode 100755 index 00000000..e7fdba14 --- /dev/null +++ b/config/dansguardian/dansguardian_url_acl.xml @@ -0,0 +1,293 @@ + + + + + + + + Describe your package here + Describe your package requirements here + Currently there are no FAQ items provided. + dansguardianurlacl + 1.0 + Services: Dansguardian - Access Lists + /usr/local/pkg/dansguardian.inc + + + Back to Config + /pkg_edit.php?xml=dansguardian.xml&id=0 + + + Antivirus + /pkg_edit.php?xml=dansguardian_antivirus_acl.xml&id=0 + + + Pics + /pkg.php?xml=dansguardian_pics_acl.xml&id=0 + + + Phase + /pkg.php?xml=dansguardian_phrase_acl.xml + + + Site + /pkg.php?xml=dansguardian_site_acl.xml + + + URL + /pkg.php?xml=dansguardian_url_acl.xml + + + + Extension + /pkg.php?xml=dansguardian_file_acl.xml + + + Content + /pkg.php?xml=dansguardian_file_acl.xml + + + Header + /pkg.php?xml=dansguardian_header_acl.xml + + + Searche Engine + /pkg.php?xml=dansguardian_search_acl.xml + + + Groups + /pkg.php?xml=dansguardian_groups.xml + + + Users + /pkg_edit.php?xml=dansguardian_users.xml + + + + + Access List Name + name + + + Access List Description + description + + + + + URL Access Lists + listtopic + + + Name + name + + input + 25 + + + description + description + input + 80 + + + Banned + listtopic + + + Enable + bannedurl_enabled + checkbox + + + + Include + banned_includes + + select_source + + descr + file + + 20 + + + Config + banned_urllist + + Leave empty to load dansguardian defaults]]> + textarea + 80 + 10 + base64 + + + Regexp + bannedregexp_urllist + + Leave empty to load dansguardian defaults]]> + textarea + 80 + 10 + base64 + + + + Grey + listtopic + + + Enable + greyurl_enabled + checkbox + + + + Grey + grey_urllist + + Leave empty to load dansguardian defaults]]> + textarea + 80 + 10 + base64 + + + Exception + listtopic + + + Enable + exceptionurl_enabled + checkbox + + + + Config + exception_urllist + + Leave empty to load dansguardian defaults]]> + textarea + 80 + 10 + base64 + + + regexp + exceptionregexp_urllist + + Leave empty to load dansguardian defaults]]> + textarea + 80 + 10 + base64 + + + file + exceptionfile_urllist + + Leave empty to load dansguardian defaults]]> + textarea + 80 + 10 + base64 + + + Modify + listtopic + + + Enable + contenturl_enabled + checkbox + + + + config + modify_urllist + + Leave empty to load dansguardian defaults]]> + textarea + 80 + 10 + base64 + + + Log + listtopic + + + Enable + logurl_enabled + checkbox + + + + config + log_urllist + + Leave empty to load dansguardian defaults]]> + textarea + 80 + 10 + base64 + + + regexp + logregexp_urllist + + Leave empty to load dansguardian defaults]]> + textarea + 80 + 10 + base64 + + + + + dansguardian_php_install_command(); + + + dansguardian_php_deinstall_command(); + + + dansguardian_validate_input($_POST, &$input_errors); + + + sync_package_dansguardian(); + + \ No newline at end of file diff --git a/config/dansguardian/dansguardian_users_footer.xml b/config/dansguardian/dansguardian_users_footer.xml new file mode 100644 index 00000000..1288b919 --- /dev/null +++ b/config/dansguardian/dansguardian_users_footer.xml @@ -0,0 +1,14 @@ + + + dansguardian_php_install_command(); + + + dansguardian_php_deinstall_command(); + + + dansguardian_validate_input($_POST, &$input_errors); + + + sync_package_dansguardian(); + + diff --git a/config/dansguardian/dansguardian_users_header.xml b/config/dansguardian/dansguardian_users_header.xml new file mode 100644 index 00000000..921d7ebf --- /dev/null +++ b/config/dansguardian/dansguardian_users_header.xml @@ -0,0 +1,91 @@ + + + + + + + + Describe your package here + Describe your package requirements here + Currently there are no FAQ items provided. + dansguardianusers + 1.0 + Services: Dansguardian + /usr/local/pkg/dansguardian.inc + + Daemon + /pkg_edit.php?xml=dansguardian.xml&id=0 + + + General + /pkg_edit.php?xml=dansguardian_config.xml&id=0 + + + Limits + /pkg_edit.php?xml=dansguardian_limits.xml&id=0 + + + Blacklist + /pkg_edit.php?xml=dansguardian_blacklist.xml&id=0 + + + Access Lists + /pkg_edit.php?xml=dansguardian_antivirus_acl.xml&id=0 + + + Groups + /pkg.php?xml=dansguardian_groups.xml + + + Users + /pkg_edit.php?xml=dansguardian_users.xml + + + + Report and log + /pkg_edit.php?xml=dansguardian_log.xml&id=0 + + + XMLRPC Sync + /pkg_edit.php?xml=dansguardian_sync.xml&id=0 + + + Help + /dansguardian_about.php + + + diff --git a/config/dansguardian/dansguardianfx.conf.template b/config/dansguardian/dansguardianfx.conf.template new file mode 100644 index 00000000..cb811e21 --- /dev/null +++ b/config/dansguardian/dansguardianfx.conf.template @@ -0,0 +1,382 @@ + 0 = minimum score for a category to be displayed +categorydisplaythreshold = {$dansguardian_groups['categorydisplaythreshold']} + +# Embedded URL weighting +# When set to something greater than zero, this option causes URLs embedded within a +# page's HTML (from links, image tags, etc.) to be extracted and checked against the +# bannedsitelist and bannedurllist. Each link to a banned page causes the amount set +# here to be added to the page's weighting. +# The behaviour of this option with regards to multiple occurrences of a site/URL is +# affected by the weightedphrasemode setting. +# +# NB: Currently, this feature uses regular expressions that require the PCRE library. +# As such, it is only available if you compiled DansGuardian with '--enable-pcre=yes'. +# You can check compile-time options by running 'dansguardian -v'. +# +# Set to 0 to disable. +# Defaults to 0. +# WARNING: This option is highly CPU intensive! +embeddedurlweight = {$dansguardian_groups['embeddedurlweight']} + +# Enable PICS rating support +# +# Defaults to disabled +# (on | off) +enablepics = {$dansguardian_groups['enablepics']} + +# Temporary Denied Page Bypass +# This provides a link on the denied page to bypass the ban for a few minutes. To be +# secure it uses a random hashed secret generated at daemon startup. You define the +# number of seconds the bypass will function for before the deny will appear again. +# To allow the link on the denied page to appear you will need to edit the template.html +# or dansguardian.pl file for your language. +# 300 = enable for 5 minutes +# 0 = disable ( defaults to 0 ) +# -1 = enable but you require a separate program/CGI to generate a valid link +bypass = {$dansguardian_groups['bypass']} + +# Temporary Denied Page Bypass Secret Key +# Rather than generating a random key you can specify one. It must be more than 8 chars. +# '' = generate a random one (recommended and default) +# 'Mary had a little lamb.' = an example +# '76b42abc1cd0fdcaf6e943dcbc93b826' = an example +bypasskey = '{$dansguardian_groups['bypasskey']}' + +# Infection/Scan Error Bypass +# Similar to the 'bypass' setting, but specifically for bypassing files scanned and found +# to be infected, or files that trigger scanner errors - for example, archive types with +# recognised but unsupported compression schemes, or corrupt archives. +# The option specifies the number of seconds for which the bypass link will be valid. +# 300 = enable for 5 minutes +# 0 = disable (default) +# -1 = enable, but require a separate program/CGI to generate a valid link +infectionbypass = {$dansguardian_groups['infectionbypass']} + +# Infection/Scan Error Bypass Secret Key +# Same as the 'bypasskey' option, but used for infection bypass mode. +infectionbypasskey = '{$dansguardian_groups['infectionbypasskey']}' + +# Infection/Scan Error Bypass on Scan Errors Only +# Enable this option to allow infectionbypass links only when virus scanning fails, +# not when a file is found to contain a virus. +# on = enable (default and highly recommended) +# off = disable +infectionbypasserrorsonly = {$dansguardian_groups['infectionbypasserrorsonly']} + +# Disable content scanning +# If you enable this option you will disable content scanning for this group. +# Content scanning primarily is AV scanning (if enabled) but could include +# other types. +# (on|off) default = off. +disablecontentscan = {$dansguardian_groups['disablecontentscan']} + +# Enable Deep URL Analysis +# When enabled, DG looks for URLs within URLs, checking against the bannedsitelist and +# bannedurllist. This can be used, for example, to block images originating from banned +# sites from appearing in Google Images search results, as the original URLs are +# embedded in the thumbnail GET requests. +# (on|off) default = off +deepurlanalysis = {$dansguardian_groups['deepurlanalysis']} + +# reportinglevel +# +# -1 = log, but do not block - Stealth mode +# 0 = just say 'Access Denied' +# 1 = report why but not what denied phrase +# 2 = report fully +# 3 = use HTML template file (accessdeniedaddress ignored) - recommended +# +# If defined, this overrides the global setting in dansguardian.conf for +# members of this filter group. +# +#reportinglevel = {$dansguardian_groups['reportinglevel']} + +# accessdeniedaddress is the address of your web server to which the cgi +# dansguardian reporting script was copied. Only used in reporting levels +# 1 and 2. +# +# This webserver must be either: +# 1. Non-proxied. Either a machine on the local network, or listed as an +# exception in your browser's proxy configuration. +# 2. Added to the exceptionsitelist. Option 1 is preferable; this option is +# only for users using both transparent proxying and a non-local server +# to host this script. +# +# If defined, this overrides the global setting in dansguardian.conf for +# members of this filter group. +# +#accessdeniedaddress = 'http://YOURSERVER.YOURDOMAIN/cgi-bin/dansguardian.pl' + +# HTML Template override +# If defined, this specifies a custom HTML template file for members of this +# filter group, overriding the global setting in dansguardian.conf. This is +# only used in reporting level 3. +# +# The default template file path is //template.html +# e.g. /usr/local/share/dansguardian/languages/ukenglish/template.html when using 'ukenglish' +# language. +# +# This option generates a file path of the form: +# // +# e.g. /usr/local/share/dansguardian/languages/ukenglish/custom.html +# +#htmltemplate = 'custom.html' + +# Email reporting - original patch by J. Gauthier + +# Use SMTP +# If on, will enable system wide events to be reported by email. +# need to configure mail program (see 'mailer' in global config) +# and email recipients +# default usesmtp = off +#!! Not compiled !!usesmtp = off + +# mailfrom +# who the email would come from +# example: mailfrom = 'dansguardian@mycompany.com' +#!! Not compiled !!mailfrom = '' + +# avadmin +# who the virus emails go to (if notify av is on) +# example: avadmin = 'admin@mycompany.com' +#!! Not compiled !!avadmin = '' + +# contentdmin +# who the content emails go to (when thresholds are exceeded) +# and contentnotify is on +# example: contentadmin = 'admin@mycompany.com' +#!! Not compiled !!contentadmin = '' + +# avsubject +# Subject of the email sent when a virus is caught. +# only applicable if notifyav is on +# default avsubject = 'dansguardian virus block' +#!! Not compiled !!avsubject = 'dansguardian virus block' + +# content +# Subject of the email sent when violation thresholds are exceeded +# default contentsubject = 'dansguardian violation' +#!! Not compiled !!contentsubject = 'dansguardian violation' + +# notifyAV +# This will send a notification, if usesmtp/notifyav is on, any time an +# infection is found. +# Important: If this option is off, viruses will still be recorded like a +# content infraction. +#!! Not compiled !!notifyav = off + +# notifycontent +# This will send a notification, if usesmtp is on, based on thresholds +# below +#!! Not compiled !!notifycontent = off + +# thresholdbyuser +# results are only predictable with user authenticated configs +# if enabled the violation/threshold count is kept track of by the user +#!! Not compiled !!thresholdbyuser = off + +#violations +# number of violations before notification +# setting to 0 will never trigger a notification +#!! Not compiled !!violations = 0 + +#threshold +# this is in seconds. If 'violations' occur in 'threshold' seconds, then +# a notification is made. +# if this is set to 0, then whenever the set number of violations are made a +# notifaction will be sent. +#!! Not compiled !!threshold = 0 + +#SSL certificate checking +# Check that ssl certificates for servers on https connections are valid +# and signed by a ca in the configured path +sslcertcheck = {$dansguardian_groups['sslcertcheck']} + +#SSL man in the middle +# Forge ssl certificates for all sites, decrypt the data then re encrypt it +# using a different private key. Used to filter ssl sites +sslmitm = {$dansguardian_groups['sslmitm']} + +EOF; + +?> \ No newline at end of file -- cgit v1.2.3