<?php /* dansguardian.inc part of the Dansguardian package for pfSense Copyright (C) 2012 Marcello Coutinho All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ require_once("util.inc"); require("globals.inc"); #require("guiconfig.inc"); function dg_text_area_decode($text){ return preg_replace('/\r\n/', "\n",base64_decode($text)); } function dg_get_real_interface_address($iface) { global $config; $iface = convert_friendly_interface_to_real_interface_name($iface); $line = trim(shell_exec("ifconfig $iface | grep inet | grep -v inet6")); $postfix_enabled=$config['installedpackages']['postfix']['config'][0]['enable_postfix']; list($dummy, $ip, $dummy2, $netmask) = explode(" ", $line); return array($ip, long2ip(hexdec($netmask))); } function check_ca_hashes(){ global $config,$g; #check certificates $cert_count=0; if (is_dir('/usr/local/share/certs')) if ($handle = opendir('/usr/local/share/certs')) { while (false !== ($file = readdir($handle))) if (preg_match ("/\d+.0/",$file)) $cert_count++; } closedir($handle); if ($cert_count < 10){ conf_mount_rw(); #create ca-root hashes from ca-root-nss package log_error("Creating root certificate bundle hashes from the Mozilla Project"); $cas=file('/usr/local/share/certs/ca-root-nss.crt'); $cert=0; foreach ($cas as $ca){ if (preg_match("/--BEGIN CERTIFICATE--/",$ca)) $cert=1; if ($cert == 1) $crt.=$ca; if (preg_match("/-END CERTIFICATE-/",$ca)){ file_put_contents("/tmp/cert.pem",$crt, LOCK_EX); $cert_hash=array(); exec("/usr/bin/openssl x509 -hash -noout -in /tmp/cert.pem",$cert_hash); file_put_contents("/usr/local/share/certs/".$cert_hash[0].".0",$crt,LOCK_EX); $crt=""; $cert=0; } } } } function sync_package_dansguardian() { global $config,$g; # detect boot process if (is_array($_POST)){ if (preg_match("/\w+/",$_POST['__csrf_magic'])) unset($boot_process); else $boot_process="on"; } #assign xml arrays if (!is_array($config['installedpackages']['dansguardian'])) $config['installedpackages']['dansguardian']['config'][0]=array('interface'=>'lo0', 'daemon_options'=>'softrestart'); $dansguardian=$config['installedpackages']['dansguardian']['config'][0]; if (!is_array($config['installedpackages']['dansguardianconfig'])) $config['installedpackages']['dansguardianconfig']['config'][0]=array('auth_plugin'=>'', 'scan_options'=>'scancleancache,createlistcachefiles,deletedownloadedtempfiles', 'weightedphrasemode'=>'2', 'preservecase'=>'0', 'phrasefiltermode'=>'2', 'cron'=>'day'); $dansguardian_config=$config['installedpackages']['dansguardianconfig']['config'][0]; if (!is_array($config['installedpackages']['dansguardianlog'])) $config['installedpackages']['dansguardianlog']['config'][0]=array('report_level'=>'3', 'report_language'=>'ukenglish', 'report_options'=>'showweightedfound,usecustombannedimage,nonstandarddelimiter', 'logging_options'=>'logconnectionhandlingerrors', 'loglevel'=>'2', 'logexceptionhits'=>'2', 'logfileformat'=>'1'); $dansguardian_log=$config['installedpackages']['dansguardianlog']['config'][0]; if (is_array($config['installedpackages']['dansguardianlimits'])) $dansguardian_limits=$config['installedpackages']['dansguardianlimits']['config'][0]; if (is_array($config['installedpackages']['dansguardianusers'])) $dansguardian_users=$config['installedpackages']['dansguardianusers']['config'][0]; if (is_array($config['installedpackages']['dansguardianblacklist']['config'])) $dansguardian_blacklist=$config['installedpackages']['dansguardianblacklist']['config'][0]; #daemon options $dansguardian_enabled=$dansguardian['enable_dg']; $filterport=($dansguardian['filterports']?$dansguardian['filterports']:"8080"); $softrestart=(preg_match('/softrestart/',$dansguardian['daemon_options'])?"yes":"no"); $nodaemon=(preg_match('/nodaemon/',$dansguardian['daemon_options'])?"yes":"off"); if (preg_match("/\d+\/\d+/",$dansguardian['children'])) list($minchildren,$maxchildren) = split ("/", $dansguardian['children'], 2); else list($minchildren,$maxchildren) = split ("/", "8/120", 2); if (preg_match("/\d+\/\d+/",$dansguardian['sparechildren'])) list($minsparechildren,$maxsparechildren) = split ("/", $dansguardian['sparechildren'], 2); else list($minsparechildren,$maxsparechildren) = split ("/", "8/64", 2); $maxagechildren=($dansguardian['maxagechildren']?$dansguardian['maxagechildren']:"500"); $maxips=($dansguardian['maxips']?$dansguardian['maxips']:"0"); $preforkchildren=($dansguardian['preforkchildren']?$dansguardian['preforkchildren']:"10"); $proxyip=($dansguardian['proxyip']?$dansguardian['proxyip']:"127.0.0.1"); $proxyport=($dansguardian['proxyport']?$dansguardian['proxyport']:"127.0.0.1"); #general options $urlcachenumber=($dansguardian_config['urlcachenumber']?$dansguardian_config['urlcachenumber']:"1000"); $urlcacheage=($dansguardian_config['urlcacheage']?$dansguardian_config['urlcacheage']:"900"); $scancleancache=(preg_match('/scancleancache/',$dansguardian_config['scan_options'])?"on":"off"); $hexdecodecontent=(preg_match('/hexdecodecontent/',$dansguardian_config['scan_options'])?"on":"off"); $forcequicksearch=(preg_match('/forcequicksearch/',$dansguardian_config['scan_options'])?"on":"off"); $reverseaddresslookups=(preg_match('/reverseaddresslookups/',$dansguardian_config['scan_options'])?"on":"off"); $reverseclientiplookups=(preg_match('/reverseclientiplookups/',$dansguardian_config['scan_options'])?"on":"off"); $logclienthostnames=(preg_match('/logclienthostnames/',$dansguardian_config['scan_options'])?"on":"off"); $createlistcachefiles=(preg_match('/createlistcachefiles/',$dansguardian_config['scan_options'])?"on":"off"); $prefercachedlists=(preg_match('/prefercachedlists/',$dansguardian_config['scan_options'])?"on":"off"); $deletedownloadedtempfiles=(preg_match('/deletedownloadedtempfiles/',$dansguardian_config['scan_options'])?"on":"off"); $weightedphrasemode=($dansguardian_config['weightedphrasemode']?$dansguardian_config['weightedphrasemode']:"2"); $phrasefiltermode=($dansguardian_config['phrasefiltermode']?$dansguardian_config['phrasefiltermode']:"2"); $preservecase=($dansguardian_config['preservecase']?$dansguardian_config['preservecase']:"0"); $clamdscan=(preg_match('/clamdscan/',$dansguardian_config['content_scanners'])?"on":"off"); $icapscan=(preg_match('/icapscan/',$dansguardian_config['content_scanners'])?"on":"off"); $contentscannertimeout=($dansguardian_config['contentscannertimeout']?$dansguardian_config['contentscannertimeout']:"60"); $contentscanexceptions=($dansguardian_config['contentscanexceptions']?"on":"off"); $recheckreplacedurls=(preg_match('/recheckreplacedurls/',$dansguardian_config['misc_options'])?"on":"off"); $forwardedfor=(preg_match('/forwardedfor/',$dansguardian_config['misc_options'])?"on":"off"); $recheckreplacedurls=(preg_match('/icapscan/',$dansguardian_config['misc_options'])?"on":"off"); $usexforwardedfor=(preg_match('/usexforwardedfor/',$dansguardian_config['misc_options'])?"on":"off"); $authplugin=(preg_match('/usr/',$dansguardian_config['auth_plugin'])?"authplugin = '".$dansguardian_config['auth_plugin']."'":""); /*if ($dansguardian_config['auth_plugin']!=""){ $auth_plugins=explode(",",$dansguardian_config['auth_plugin']); $authplugin=""; foreach ($auth_plugins as $auth_selected) $authplugin.="authplugin = '".$auth_selected."'\n"; } */ #limits $maxuploadsize=($dansguardian_limits['maxuploadsize']?$dansguardian_limits['maxuploadsize']:"-1"); $maxcontentfiltersize=($dansguardian_limits['maxcontentfiltersize']?$dansguardian_limits['maxcontentfiltersize']:"256"); $maxcontentramcachescansize=($dansguardian_limits['maxcontentramcachescansize']?$dansguardian_limits['maxcontentramcachescansize']:"1000"); $maxcontentfilecachescansize=($dansguardian_limits['maxcontentfilecachescansize']?$dansguardian_limits['maxcontentfilecachescansize']:"2000"); $initialtrickledelay=($dansguardian_limits['initialtrickledelay']?$dansguardian_limits['initialtrickledelay']:"20"); $trickledelay=($dansguardian_limits['trickledelay']?$dansguardian_limits['trickledelay']:"20"); #report and log $reportlevel=($dansguardian_log['report_level']?$dansguardian_log['report_level']:"3"); if ($reportlevel == 1 || $reportlevel== 2){ if (preg_match("@(\w+://[a-zA-Z0-9.:/\-]+)@",$dansguardian_log['reportingcgi'],$cgimatches)){ $accessdeniedaddress="accessdeniedaddress = '".$cgimatches[1]."'"; } else{ log_error("dansguardian - " . $dansguardian_log['reportingcgi'] . " is not a valid access denied cgi url"); file_notice("dansguardian - " . $dansguardian_log['reportingcgi'] . " is not a valid access denied cgi url",""); } } $accessdenied=($dansguardian_log['reportingcgi']?$dansguardian_log['report_level']:"3"); $reportlanguage=($dansguardian_log['report_language']?$dansguardian_log['report_language']:"ukenglish"); $showweightedfound=(preg_match('/showweightedfound/',$dansguardian_log['report_options'])?"on":"off"); $usecustombannedflash=(preg_match('/usecustombannedflash/',$dansguardian_log['report_options'])?"on":"off"); if (file_exists('/usr/local/share/dansguardian/blockedflash.swf')) $custombannedflashfile="custombannedflashfile = '/usr/local/share/dansguardian/blockedflash.swf'"; $usecustombannedimage=(preg_match('/usecustombannedimage/',$dansguardian_log['report_options'])?"on":"off"); $nonstandarddelimiter=(preg_match('/nonstandarddelimiter/',$dansguardian_log['report_options'])?"on":"off"); $logchildprocesshandling=(preg_match('/logchildprocesshandling/',$dansguardian_log['logging_options'])?"on":"off"); $logconnectionhandlingerrors=(preg_match('/logconnectionhandlingerrors/',$dansguardian_log['logging_options'])?"on":"off"); $nologger=(preg_match('/nologger/',$dansguardian_log['logging_options'])?"on":"off"); $logadblocks=(preg_match('/logadblocks/',$dansguardian_log['logging_options'])?"on":"off"); $anonymizelogs=(preg_match('/anonymizelogs/',$dansguardian_log['logging_options'])?"on":"off"); $loglevel=($dansguardian_log['loglevel']?$dansguardian_log['loglevel']:"2"); $logexceptionhits=($dansguardian_log['logexceptionhits']?$dansguardian_log['logexceptionhits']:"2"); $logfileformat=($dansguardian_log['logfileformat']?$dansguardian_log['logfileformat']:"1"); #check files #create sample files $files = array( "/dansguardianf1.conf", "/lists/filtergroupslist", "/lists/bannedphraselist", "/lists/exceptionphraselist", "/lists/weightedphraselist", "/lists/exceptionsitelist", "/lists/bannedsitelist", "/lists/greysitelist", "/lists/logsitelist", "/lists/bannedregexpurllist", "/lists/bannedurllist", "/lists/exceptionregexpurllist", "/lists/exceptionurllist", "/lists/greyurllist", "/lists/logregexpurllist", "/lists/logurllist", "/lists/urlregexplist", "/lists/exceptionfilesitelist", "/lists/exceptionfileurllist", "/lists/searchengineregexplist", "/lists/bannedsearchtermlist", "/lists/weightedsearchtermlist", "/lists/exceptionsearchtermlist", "/lists/contentregexplist", "/lists/exceptionextensionlist", "/lists/bannedextensionlist", "/lists/exceptionmimetypelist", "/lists/bannedmimetypelist", "/lists/headerregexplist", "/lists/bannedregexpheaderlist", "/lists/authplugins/ipgroups", "/lists/contentscanners/exceptionvirusextensionlist", "/lists/contentscanners/exceptionvirusmimetypelist", "/lists/contentscanners/exceptionvirussitelist", "/lists/contentscanners/exceptionvirusurllist", "/lists/pics"); $dansguardian_dir="/usr/local/etc/dansguardian"; foreach ($files as $file) if (! file_exists($dansguardian_dir.$file.'.sample')){ $new_file=""; $install_file=file($dansguardian_dir.$file); foreach ($install_file as $line) if (! preg_match("/Include/",$line)) $new_file.= $line; file_put_contents($dansguardian_dir.$file.'.sample',$new_file,LOCK_EX); } $load_samples=0; #ssl men-in-the-middle feature $dirs=array("/var/log/dansguardian/stats","/etc/ssl/demoCA","/etc/ssl/demoCA/private","/etc/ssl/demoCA/crl","/etc/ssl/demoCA/certs",$dansguardian_dir."/ssl/generatedcerts",$dansguardian_dir."/ssl/generatedlinks"); foreach ($dirs as $dir) if (!is_dir($dir)) mkdir ($dir,0755,true); $ca_cert = lookup_ca($dansguardian_config["dca"]); if ($ca_cert != false) { if(base64_decode($ca_cert['prv'])) { file_put_contents("/etc/ssl/demoCA/private/cakey.pem",base64_decode($ca_cert['prv'])); $ca_pk = "caprivatekeypath = '/etc/ssl/demoCA/private/cakey.pem'"; } if(base64_decode($ca_cert['crt'])) { $cert_hash=array(); file_put_contents("/etc/ssl/demoCA/cacert.pem",base64_decode($ca_cert['crt'])); exec("/usr/bin/openssl x509 -hash -noout -in /etc/ssl/demoCA/cacert.pem",$cert_hash); file_put_contents("/usr/local/share/certs/".$cert_hash[0].".0",base64_decode($ca_cert['crt'])); $ca_pem = "cacertificatepath = '/etc/ssl/demoCA/cacert.pem'"; $generatedcertpath= "generatedcertpath = '/etc/ssl/demoCA/certs/'"; #generatedcertpath = ".$dansguardian_dir . "/ssl/generatedcerts"; $generatedlinkpath= "generatedlinkpath = '".$dansguardian_dir . "/ssl/generatedlinks'"; } $svr_cert = lookup_cert($dansguardian_config["dcert"]); if ($svr_cert != false) { if(base64_decode($svr_cert['prv'])) { file_put_contents("/etc/ssl/demoCA/private/serverkey.pem",base64_decode($svr_cert['prv'])); $cert_key = "certprivatekeypath = '/etc/ssl/demoCA/private/serverkey.pem' "; } } } #contentscanners preg_replace patterns $match[0]="/(conf)/"; $match[1]="/(\/usr.local)/"; $match[2]="/,/"; $replace[0]="$1'"; $replace[1]="contentscanner = '$1"; $replace[2]="\n"; $contentscanners=preg_replace($match,$replace,$dansguardian_config['content_scanners']); #includes preg_replace patterns $match[0]="/(.)$/"; $match[1]="/\/usr.local/"; $match[2]="/,/"; $replace[0]="$1>\n"; $replace[1]="\n.Include</usr/local"; $replace[2]=">"; #phrase ACL #create a default setup if not exists if (!is_array($config['installedpackages']['dansguardianphraseacl']['config'])){ $banned_file=file("/usr/local/etc/dansguardian/lists/bannedphraselist"); foreach($banned_file as $file_line) if (preg_match ("/^.Include<(\S+)>/",$file_line,$matches)) $banned_includes .= $matches[1].","; $weighted_file=file("/usr/local/etc/dansguardian/lists/weightedphraselist"); foreach($weighted_file as $file_line) if (preg_match ("/^.Include<(\S+)>/",$file_line,$matches)) $weighted_includes .= $matches[1].","; $config['installedpackages']['dansguardianphraseacl']['config'][0]=array('name'=>'Default', 'description'=>'Default Phrase access list setup', 'banned_enabled'=> "on", 'weighted_enabled'=> "on", 'exception_enabled'=> "on", 'banned_includes' => substr($banned_includes,0,-1), 'weighted_includes' => substr($weighted_includes,0,-1)); } #loop on array $count=0; if (is_array($config['installedpackages']['dansguardianphraseacl']['config'])) foreach($config['installedpackages']['dansguardianphraseacl']['config'] as $dansguardian_phrase){ #bannedphraselist if($dansguardian_phrase['banned_phraselist'] == "" && file_exists ($dansguardian_dir.'/lists/bannedphraselist.sample')){ $config['installedpackages']['dansguardianphraseacl']['config'][$count]['banned_phraselist']=base64_encode(file_get_contents($dansguardian_dir.'/lists/bannedphraselist.sample')); $load_samples++; } $includes=preg_replace($match,$replace,$dansguardian_phrase['banned_includes']); file_put_contents($dansguardian_dir."/lists/bannedphraselist.".$dansguardian_phrase['name'],($dansguardian_phrase['banned_enabled']?dg_text_area_decode($config['installedpackages']['dansguardianphraseacl']['config'][$count]['banned_phraselist']).$includes:""),LOCK_EX); #weightedphraselist if($dansguardian_phrase['weighted_phraselist'] == "" && file_exists ($dansguardian_dir.'/lists/weightedphraselist.sample')){ $config['installedpackages']['dansguardianphraseacl']['config'][$count]['weighted_phraselist']=base64_encode(file_get_contents($dansguardian_dir.'/lists/weightedphraselist.sample')); $load_samples++; } $includes=preg_replace($match,$replace,$dansguardian_phrase['weighted_includes']); file_put_contents($dansguardian_dir."/lists/weightedphraselist.".$dansguardian_phrase['name'],($dansguardian_phrase['weighted_enabled']?dg_text_area_decode($config['installedpackages']['dansguardianphraseacl']['config'][$count]['weighted_phraselist']).$includes:""),LOCK_EX); #exceptionphraselist if($dansguardian_phrase['exception_phraselist'] == "" && file_exists ($dansguardian_dir.'/lists/exceptionphraselist.sample')){ $config['installedpackages']['dansguardianphraseacl']['config'][$count]['exception_phraselist']=base64_encode(file_get_contents($dansguardian_dir.'/lists/exceptionphraselist.sample')); $load_samples++; } file_put_contents($dansguardian_dir."/lists/exceptionphraselist.".$dansguardian_phrase['name'],($dansguardian_phrase['exception_enabled']?dg_text_area_decode($config['installedpackages']['dansguardianphraseacl']['config'][$count]['exception_phraselist']):""),LOCK_EX); $count++; } #site ACL #create a default setup if not exists if (!is_array($config['installedpackages']['dansguardiansiteacl']['config'])) $config['installedpackages']['dansguardiansiteacl']['config'][0]=array('name'=>'Default', 'description'=>'Default Site access list setup', 'exceptionsite_enabled'=> "on", 'bannedsite_enabled'=> "on", 'greysite_enabled'=> "on", 'urlsite_enabled'=> "on"); #loop on array $count=0; foreach($config['installedpackages']['dansguardiansiteacl']['config'] as $dansguardian_site){ #exceptionsitelist if($dansguardian_site['exception_sitelist'] == "" && file_exists ($dansguardian_dir.'/lists/exceptionsitelist.sample')){ $config['installedpackages']['dansguardiansiteacl']['config'][$count]['exception_sitelist']=base64_encode(file_get_contents($dansguardian_dir.'/lists/exceptionsitelist.sample')); $load_samples++; } $includes=preg_replace($match,$replace,$dansguardian_site['exception_includes']); file_put_contents($dansguardian_dir."/lists/exceptionsitelist.".$dansguardian_site['name'],($dansguardian_site['exceptionsite_enabled']?dg_text_area_decode($config['installedpackages']['dansguardiansiteacl']['config'][$count]['exception_sitelist']).$includes:""),LOCK_EX); #exceptionfilesitelist if($dansguardian_site['exceptionfile_sitelist'] == "" && file_exists ($dansguardian_dir.'/lists/exceptionfilesitelist.sample')){ $config['installedpackages']['dansguardiansiteacl']['config'][$count]['exceptionfile_sitelist']=base64_encode(file_get_contents($dansguardian_dir.'/lists/exceptionfilesitelist.sample')); $load_samples++; } file_put_contents($dansguardian_dir."/lists/exceptionfilesitelist.".$dansguardian_site['name'],($dansguardian_site['exceptionsite_enabled']?dg_text_area_decode($config['installedpackages']['dansguardiansiteacl']['config'][$count]['exceptionfile_sitelist']):""),LOCK_EX); #bannedsitelist if($dansguardian_site['banned_sitelist'] == "" && file_exists ($dansguardian_dir.'/lists/bannedsitelist.sample')){ $config['installedpackages']['dansguardiansiteacl']['config'][$count]['banned_sitelist']=base64_encode(file_get_contents($dansguardian_dir.'/lists/bannedsitelist.sample')); $load_samples++; } $includes=preg_replace($match,$replace,$dansguardian_site['banned_includes']); file_put_contents($dansguardian_dir."/lists/bannedsitelist.".$dansguardian_site['name'],($dansguardian_site['bannedsite_enabled']?dg_text_area_decode($config['installedpackages']['dansguardiansiteacl']['config'][$count]['banned_sitelist']).$includes:""),LOCK_EX); #greysitelist if($dansguardian_site['grey_sitelist'] == "" && file_exists ($dansguardian_dir.'/lists/greysitelist.sample')){ $config['installedpackages']['dansguardiansiteacl']['config'][$count]['grey_sitelist']=base64_encode(file_get_contents($dansguardian_dir.'/lists/greysitelist.sample')); $load_samples++; } file_put_contents($dansguardian_dir."/lists/greysitelist.".$dansguardian_site['name'],($dansguardian_site['greysite_enabled']?dg_text_area_decode($config['installedpackages']['dansguardiansiteacl']['config'][$count]['grey_sitelist']):""),LOCK_EX); #logsitelist if($dansguardian_site['log_sitelist'] == "" && file_exists ($dansguardian_dir.'/lists/logsitelist.sample')){ $config['installedpackages']['dansguardiansiteacl']['config'][$count]['log_sitelist']=base64_encode(file_get_contents($dansguardian_dir.'/lists/logsitelist.sample')); $load_samples++; } file_put_contents($dansguardian_dir."/lists/logsitelist.".$dansguardian_site['name'],($dansguardian_site['urlsite_enabled']?dg_text_area_decode($config['installedpackages']['dansguardiansiteacl']['config'][$count]['log_sitelist']):""),LOCK_EX); $count++; } #URL ACL #create a default setup if not exists if (!is_array($config['installedpackages']['dansguardianurlacl']['config'])) $config['installedpackages']['dansguardianurlacl']['config'][0]=array('name'=>'Default', 'description'=>'Default Url access list setup', 'bannedurl_enabled'=> "on", 'exceptionurl_enabled'=> "on", 'contenturl_enabled'=> "on", 'greyurl_enabled'=> "on"); #loop on array $count=0; foreach($config['installedpackages']['dansguardianurlacl']['config'] as $dansguardian_url){ #bannedurllist if($dansguardian_url['banned_urllist'] == "" && file_exists ($dansguardian_dir.'/lists/bannedurllist.sample')){ $config['installedpackages']['dansguardianurlacl']['config'][$count]['banned_urllist']=base64_encode(file_get_contents($dansguardian_dir.'/lists/bannedurllist.sample')); $load_samples++; } $includes=preg_replace($match,$replace,$dansguardian_url['banned_includes']); file_put_contents($dansguardian_dir."/lists/bannedurllist.".$dansguardian_url['name'],($dansguardian_url['bannedurl_enabled']?dg_text_area_decode($config['installedpackages']['dansguardianurlacl']['config'][$count]['banned_urllist']).$includes:""),LOCK_EX); #bannedregexpurllist if($dansguardian_url['bannedregexp_urllist'] == "" && file_exists ($dansguardian_dir.'/lists/bannedregexpurllist.sample')){ $config['installedpackages']['dansguardianurlacl']['config'][$count]['bannedregexp_urllist']=base64_encode(file_get_contents($dansguardian_dir.'/lists/bannedregexpurllist.sample')); $load_samples++; } file_put_contents($dansguardian_dir."/lists/bannedregexpurllist.".$dansguardian_url['name'],($dansguardian_url['bannedurl_enabled']?dg_text_area_decode($config['installedpackages']['dansguardianurlacl']['config'][$count]['bannedregexp_urllist']):""),LOCK_EX); #greyurllist if($dansguardian_url['grey_urllist'] == "" && file_exists ($dansguardian_dir.'/lists/greyurllist.sample')){ $config['installedpackages']['dansguardianurlacl']['config'][$count]['grey_urllist']=base64_encode(file_get_contents($dansguardian_dir.'/lists/greyurllist.sample')); $load_samples++; } file_put_contents($dansguardian_dir."/lists/greyurllist.".$dansguardian_url['name'],($dansguardian_url['greyurl_enabled']?dg_text_area_decode($config['installedpackages']['dansguardianurlacl']['config'][$count]['grey_urllist']):""),LOCK_EX); #exceptionfileurllist if($dansguardian_url['exceptionfile_urllist'] == "" && file_exists ($dansguardian_dir.'/lists/exceptionfileurllist.sample')){ $config['installedpackages']['dansguardianurlacl']['config'][$count]['exceptionfile_urllist']=base64_encode(file_get_contents($dansguardian_dir.'/lists/exceptionfileurllist.sample')); $load_samples++; } file_put_contents($dansguardian_dir."/lists/exceptionfileurllist.".$dansguardian_url['name'],($dansguardian_url['exceptionurl_enabled']?dg_text_area_decode($config['installedpackages']['dansguardianurlacl']['config'][$count]['exceptionfile_urllist']):""),LOCK_EX); #exceptionregexpurllist if($dansguardian_url['exceptionregexp_urllist'] == "" && file_exists ($dansguardian_dir.'/lists/exceptionregexpurllist.sample')){ $config['installedpackages']['dansguardianurlacl']['config'][$count]['exceptionregexp_urllist']=base64_encode(file_get_contents($dansguardian_dir.'/lists/exceptionregexpurllist.sample')); $load_samples++; } file_put_contents($dansguardian_dir."/lists/exceptionregexpurllist.".$dansguardian_url['name'],($dansguardian_url['exceptionurl_enabled']?dg_text_area_decode($config['installedpackages']['dansguardianurlacl']['config'][$count]['exceptionregexp_urllist']):""),LOCK_EX); #exceptionurllist if($dansguardian_url['exception_urllist'] == "" && file_exists ($dansguardian_dir.'/lists/exceptionurllist.sample')){ $config['installedpackages']['dansguardianurlacl']['config'][$count]['exception_urllist']=base64_encode(file_get_contents($dansguardian_dir.'/lists/exceptionurllist.sample')); $load_samples++; } $includes=preg_replace($match,$replace,$dansguardian_url['exception_includes']); file_put_contents($dansguardian_dir."/lists/exceptionurllist.".$dansguardian_url['name'],($dansguardian_url['exceptionurl_enabled']?dg_text_area_decode($config['installedpackages']['dansguardianurlacl']['config'][$count]['exception_urllist']).$includes:""),LOCK_EX); #urlregexplist if($dansguardian_url['modify_urllist'] == "" && file_exists ($dansguardian_dir.'/lists/urlregexplist.sample')){ $config['installedpackages']['dansguardianurlacl']['config'][$count]['modify_urllist']=base64_encode(file_get_contents($dansguardian_dir.'/lists/urlregexplist.sample')); $load_samples++; } file_put_contents($dansguardian_dir."/lists/urlregexplist.".$dansguardian_url['name'],($dansguardian_url['contenturl_enabled']?dg_text_area_decode($config['installedpackages']['dansguardianurlacl']['config'][$count]['modify_urllist']):""),LOCK_EX); #logurllist if($dansguardian_url['log_urllist'] == "" && file_exists ($dansguardian_dir.'/lists/logurllist.sample')){ $config['installedpackages']['dansguardianurlacl']['config'][$count]['log_urllist']=base64_encode(file_get_contents($dansguardian_dir.'/lists/logurllist.sample')); $load_samples++; } file_put_contents($dansguardian_dir."/lists/logurllist.".$dansguardian_url['name'],($dansguardian_url['logurl_enabled']?dg_text_area_decode($config['installedpackages']['dansguardianurlacl']['config'][$count]['log_urllist']):""),LOCK_EX); #logregexpurllist if($dansguardian_url['logregexp_urllist'] == "" && file_exists ($dansguardian_dir.'/lists/logregexpurllist.sample')){ $config['installedpackages']['dansguardianurlacl']['config'][$count]['logregexp_urllist']=base64_encode(file_get_contents($dansguardian_dir.'/lists/logregexpurllist.sample')); $load_samples++; } file_put_contents($dansguardian_dir."/lists/logregexpurllist.".$dansguardian_url['name'],($dansguardian_url['logurl_enabled']?dg_text_area_decode($config['installedpackages']['dansguardianurlacl']['config'][$count]['logregexp_urllist']):""),LOCK_EX); $count++; } #Pics ACL #create a default setup if not exists if (!is_array($config['installedpackages']['dansguardianpicsacl']['config'])) $config['installedpackages']['dansguardianpicsacl']['config'][0]=array('name'=>'Default', 'description'=>'Default file access list setup'); #loop on array $count=0; foreach($config['installedpackages']['dansguardianpicsacl']['config'] as $dansguardian_pics){ #pics if($dansguardian_pics['pics'] == "" && file_exists ($dansguardian_dir.'/lists/pics.sample')){ $config['installedpackages']['dansguardianpicsacl']['config'][$count]['pics']=base64_encode(file_get_contents($dansguardian_dir.'/lists/pics.sample')); $load_samples++; } file_put_contents($dansguardian_dir."/lists/pics.".$dansguardian_pics['name'],($dansguardian_pics['pics_enabled']?dg_text_area_decode($config['installedpackages']['dansguardianpicsacl']['config'][$count]['pics']):""),LOCK_EX); $count++; } #Search ACL #create a default setup if not exists if (!is_array($config['installedpackages']['dansguardiansearchacl']['config'])) $config['installedpackages']['dansguardiansearchacl']['config'][0]=array('name'=>'Default', 'description'=>'Default search engine list setup'); #loop on array $count=0; foreach($config['installedpackages']['dansguardiansearchacl']['config'] as $dansguardian_search){ #searchengineregexplist if($dansguardian_search['searchengineregexplist'] == "" && file_exists ($dansguardian_dir.'/lists/searchengineregexplist.sample')){ $config['installedpackages']['dansguardiansearchacl']['config'][$count]['searchengineregexplist']=base64_encode(file_get_contents($dansguardian_dir.'/lists/searchengineregexplist.sample')); $load_samples++; } file_put_contents($dansguardian_dir."/lists/searchengineregexplist.".$dansguardian_search['name'],($dansguardian_search['regexp_enabled']?dg_text_area_decode($config['installedpackages']['dansguardiansearchacl']['config'][$count]['searchengineregexplist']):""),LOCK_EX); #bannedsearchtermlist if($dansguardian_search['banned_searchtermlist'] == "" && file_exists ($dansguardian_dir.'/lists/bannedsearchtermlist.sample')){ $config['installedpackages']['dansguardiansearchacl']['config'][$count]['banned_searchtermlist']=base64_encode(file_get_contents($dansguardian_dir.'/lists/bannedsearchtermlist.sample')); $load_samples++; } file_put_contents($dansguardian_dir."/lists/bannedsearchtermlist.".$dansguardian_search['name'],($dansguardian_search['banned_enabled']?dg_text_area_decode($config['installedpackages']['dansguardiansearchacl']['config'][$count]['banned_searchtermlist']):""),LOCK_EX); #weightedsearchtermlist if($dansguardian_search['weighted_searchtermlist'] == "" && file_exists ($dansguardian_dir.'/lists/weightedsearchtermlist.sample')){ $config['installedpackages']['dansguardiansearchacl']['config'][$count]['weighted_searchtermlist']=base64_encode(file_get_contents($dansguardian_dir.'/lists/weightedsearchtermlist.sample')); $load_samples++; } file_put_contents($dansguardian_dir."/lists/weightedsearchtermlist.".$dansguardian_search['name'],($dansguardian_search['weighted_enabled']?dg_text_area_decode($config['installedpackages']['dansguardiansearchacl']['config'][$count]['weighted_searchtermlist']):""),LOCK_EX); #exceptionsearchtermlist if($dansguardian_search['exception_searchtermlist'] == "" && file_exists ($dansguardian_dir.'/lists/exceptionsearchtermlist.sample')){ $config['installedpackages']['dansguardiansearchacl']['config'][$count]['exception_searchtermlist']=base64_encode(file_get_contents($dansguardian_dir.'/lists/exceptionsearchtermlist.sample')); $load_samples++; } file_put_contents($dansguardian_dir."/lists/exceptionsearchtermlist.".$dansguardian_search['name'],($dansguardian_search['exception_enabled']?dg_text_area_decode($config['installedpackages']['dansguardiansearchacl']['config'][$count]['exception_searchtermlist']):""),LOCK_EX); $count++; } #File ACL #create a default setup if not exists if (!is_array($config['installedpackages']['dansguardianfileacl']['config'])) $config['installedpackages']['dansguardianfileacl']['config'][0]=array('name'=>'Default', 'description'=>'Default file access list setup', 'exception_enabled'=> "on", 'banned_enabled'=> "on"); #loop on array $count=0; foreach($config['installedpackages']['dansguardianfileacl']['config'] as $dansguardian_file){ #exceptionextensionlist if($dansguardian_file['exception_extensionlist'] == "" && file_exists ($dansguardian_dir.'/lists/exceptionextensionlist.sample')){ $config['installedpackages']['dansguardianfileacl']['config'][$count]['exception_extensionlist']=base64_encode(file_get_contents($dansguardian_dir.'/lists/exceptionextensionlist.sample')); $load_samples++; } file_put_contents($dansguardian_dir."/lists/exceptionextensionlist.".$dansguardian_file['name'],($dansguardian_file['exception_enabled']?dg_text_area_decode($config['installedpackages']['dansguardianfileacl']['config'][$count]['exception_extensionlist']):""),LOCK_EX); #exceptionmimetypelist if($dansguardian_file['exception_mimetypelist'] == "" && file_exists ($dansguardian_dir.'/lists/exceptionmimetypelist.sample')){ $config['installedpackages']['dansguardianfileacl']['config'][$count]['exception_mimetypelist']=base64_encode(file_get_contents($dansguardian_dir.'/lists/exceptionmimetypelist.sample')); $load_samples++; } file_put_contents($dansguardian_dir."/lists/exceptionmimetypelist.".$dansguardian_file['name'],($dansguardian_file['exception_enabled']?dg_text_area_decode($config['installedpackages']['exception_mimetypelist']):""),LOCK_EX); #bannedextensionlist if($dansguardian_file['banned_extensionlist'] == "" && file_exists ($dansguardian_dir.'/lists/bannedextensionlist.sample')){ $config['installedpackages']['dansguardianfileacl']['config'][$count]['banned_extensionlist']=base64_encode(file_get_contents($dansguardian_dir.'/lists/bannedextensionlist.sample')); $load_samples++; } file_put_contents($dansguardian_dir."/lists/bannedextensionlist.".$dansguardian_file['name'],($dansguardian_file['banned_enabled']?dg_text_area_decode($config['installedpackages']['dansguardianfileacl']['config'][$count]['banned_extensionlist']):""),LOCK_EX); #bannedmimetypelist if($dansguardian_file['banned_mimetypelist'] == "" && file_exists ($dansguardian_dir.'/lists/bannedmimetypelist.sample')){ $config['installedpackages']['dansguardianfileacl']['config'][$count]['banned_mimetypelist']=base64_encode(file_get_contents($dansguardian_dir.'/lists/bannedmimetypelist.sample')); $load_samples++; } file_put_contents($dansguardian_dir."/lists/bannedmimetypelist.".$dansguardian_file['name'],($dansguardian_file['banned_enabled']?dg_text_area_decode($config['installedpackages']['dansguardianfileacl']['config'][$count]['banned_mimetypelist']):""),LOCK_EX); $count++; } #header ACL #create a default setup if not exists if (!is_array($config['installedpackages']['dansguardianheaderacl']['config'])) $config['installedpackages']['dansguardianheaderacl']['config'][0]=array('name'=>'Default', 'description'=>'Default header access list setup'); #loop on array $count=0; foreach($config['installedpackages']['dansguardianheaderacl']['config'] as $dansguardian_header){ #headerregexplist if($dansguardian_header['header_regexplist'] == "" && file_exists ($dansguardian_dir.'/lists/headerregexplist.sample')){ $config['installedpackages']['dansguardianheaderacl']['config'][$count]['header_regexplist']=base64_encode(file_get_contents($dansguardian_dir.'/lists/headerregexplist.sample')); $load_samples++; } file_put_contents($dansguardian_dir."/lists/headerregexplist.".$dansguardian_header['name'],($dansguardian_header['regexp_enabled']?dg_text_area_decode($config['installedpackages']['dansguardianheaderacl']['config'][$count]['header_regexplist']):""),LOCK_EX); #bannedregexpheaderlist if($dansguardian_header['banned_regexpheaderlist'] == "" && file_exists ($dansguardian_dir.'/lists/bannedregexpheaderlist.sample')){ $config['installedpackages']['dansguardianheaderacl']['config'][$count]['banned_regexpheaderlist']=base64_encode(file_get_contents($dansguardian_dir.'/lists/bannedregexpheaderlist.sample')); $load_samples++; } file_put_contents($dansguardian_dir."/lists/bannedregexpheaderlist.".$dansguardian_header['name'],($dansguardian_header['banned_enabled']?dg_text_area_decode($config['installedpackages']['dansguardianheaderacl']['config'][$count]['banned_regexpheaderlist']):""),LOCK_EX); $count++; } #Content ACL #create a default setup if not exists if (!is_array($config['installedpackages']['dansguardiancontentacl']['config'])) $config['installedpackages']['dansguardiancontentacl']['config'][0]=array('name'=>'Default', 'description'=>'Default content setup'); #loop on array $count=0; foreach($config['installedpackages']['dansguardiancontentacl']['config'] as $dansguardian_content){ #content_regexplist if($dansguardian_content['content_regexplist'] == "" && file_exists ($dansguardian_dir.'/lists/contentregexplist.sample')){ $config['installedpackages']['dansguardiancontentacl']['config'][$count]['content_regexplist']=base64_encode(file_get_contents($dansguardian_dir.'/lists/contentregexplist.sample')); $load_samples++; } file_put_contents($dansguardian_dir."/lists/contentregexplist.".$dansguardian_content['name'],($dansguardian_content['content_enabled']?dg_text_area_decode($config['installedpackages']['dansguardiancontentacl']['config'][$count]['content_regexplist']):""),LOCK_EX); $count++; } #Antivirus ACL #create a default setup if not exists if (!is_array($config['installedpackages']['dansguardianantivirusacl']['config'])) $config['installedpackages']['dansguardianantivirusacl']['config'][0]=array(); $dansguardian_antivirus=$config['installedpackages']['dansguardianantivirusacl']['config'][0]; #exceptionvirusmimetypelist if($dansguardian_antivirus['mime_list'] == "" && file_exists ($dansguardian_dir.'/lists/contentscanners/exceptionvirusmimetypelist.sample')){ $config['installedpackages']['dansguardianantivirusacl']['config'][0]['mime_list']=base64_encode(file_get_contents($dansguardian_dir.'/lists/contentscanners/exceptionvirusmimetypelist.sample')); $load_samples++; } file_put_contents($dansguardian_dir."/lists/contentscanners/exceptionvirusmimetypelist",($dansguardian_antivirus['mime_enabled']?dg_text_area_decode($config['installedpackages']['dansguardianantivirusacl']['config'][0]['mime_list']):""),LOCK_EX); #exceptionvirussitelist if($dansguardian_antivirus['site_list'] == "" && file_exists ($dansguardian_dir.'/lists/contentscanners/exceptionvirussitelist.sample')){ $config['installedpackages']['dansguardianantivirusacl']['config'][0]['site_list']=base64_encode(file_get_contents($dansguardian_dir.'/lists/contentscanners/exceptionvirussitelist.sample')); $load_samples++; } file_put_contents($dansguardian_dir."/lists/contentscanners/exceptionvirussitelist",($dansguardian_antivirus['site_enabled']?dg_text_area_decode($config['installedpackages']['dansguardianantivirusacl']['config'][0]['site_list']):""),LOCK_EX); #exceptionvirusurllist if($dansguardian_antivirus['url_list'] == "" && file_exists ($dansguardian_dir.'/lists/contentscanners/exceptionvirusurllist.sample')){ $config['installedpackages']['dansguardianantivirusacl']['config'][0]['url_list']=base64_encode(file_get_contents($dansguardian_dir.'/lists/contentscanners/exceptionvirusurllist.sample')); $load_samples++; } file_put_contents($dansguardian_dir."/lists/contentscanners/exceptionvirusurllist",($dansguardian_antivirus['url_enabled']?dg_text_area_decode($config['installedpackages']['dansguardianantivirusacl']['config'][0]['url_list']):""),LOCK_EX); #exceptionvirusextensionlist if($dansguardian_antivirus['extension_list'] == "" && file_exists ($dansguardian_dir.'/lists/contentscanners/exceptionvirusextensionlist.sample')){ $config['installedpackages']['dansguardianantivirusacl']['config'][0]['extension_list']=base64_encode(file_get_contents($dansguardian_dir.'/lists/contentscanners/exceptionvirusextensionlist.sample')); $load_samples++; } file_put_contents($dansguardian_dir."/lists/contentscanners/exceptionvirusextensionlist",($dansguardian_antivirus['extension_enabled']?dg_text_area_decode($config['installedpackages']['dansguardianantivirusacl']['config'][0]['extension_list']):""),LOCK_EX); #log report if ($dansguardian_log['report_file']=="" && file_exists("/usr/local/share/dansguardian/languages/".$reportlanguage."/template.html")){ $report_file=file_get_contents("/usr/local/share/dansguardian/languages/".$reportlanguage."/template.html"); $report_file=preg_replace('/<.*(html|head)>/','',$report_file); $config['installedpackages']['dansguardianlog']['config'][0]['report_file']=base64_encode($report_file); $dansguardian_log['report_file']=base64_encode($report_file); $load_samples++; } if($load_samples > 0) write_config(); #Filtergroups if (!is_array($config['installedpackages']['dansguardiangroups']['config'])) $config['installedpackages']['dansguardiangroups']['config'][0]=array('name'=>'Default', 'description'=>'Default dansguardian filtergroup', 'picsacl'=> "Default", 'phraseacl'=> "Default", 'siteacl'=> "Default", 'extensionacl'=> "Default", 'headeracl'=> "Default", 'contentacl'=> "Default", 'searchacl'=> "Default", 'urlacl'=> "Default", 'group_options' => "scancleancache,infectionbypasserrorsonly", 'reportinglevel'=>'3', 'mode'=> "1", 'report_level'=>"general"); $groups=array("scancleancache","hexdecodecontent","blockdownloads","enablepics","deepurlanalysis","infectionbypasserrorsonly","disablecontentscan","sslcertcheck","sslmitm"); #loop on array $count=1; $user_xml=""; $filtergroupslist=""; foreach($config['installedpackages']['dansguardiangroups']['config'] as $dansguardian_groups){ $dansguardian_group_name=strtolower($dansguardian_groups['name']); $dgfg[$count]=$dansguardian_group_name; $dansguardian_groups['blockdownloads']=($dansguardian_groups['blockdownloads']?$dansguardian_groups['blockdownloads']:"off"); $dansguardian_groups['weightedphrasemode']=(preg_match("/\d/",$dansguardian_groups['weightedphrasemode'])?$dansguardian_groups['weightedphrasemode']:$dansguardian_config['weightedphrasemode']); $dansguardian_groups['naughtynesslimit']=($dansguardian_groups['naughtynesslimit']?$dansguardian_groups['naughtynesslimit']:"50"); $dansguardian_groups['searchtermlimit']=($dansguardian_groups['searchtermlimit']?$dansguardian_groups['searchtermlimit']:"30"); $dansguardian_groups['categorydisplaythreshold']=($dansguardian_groups['categorydisplaythreshold']?$dansguardian_groups['categorydisplaythreshold']:"0"); $dansguardian_groups['embeddedurlweight']=($dansguardian_groups['embeddedurlweight']?$dansguardian_groups['embeddedurlweight']:"0"); $dansguardian_groups['bypass']=($dansguardian_groups['bypass']?$dansguardian_groups['bypass']:"0"); $dansguardian_groups['infectionbypass']=($dansguardian_groups['infectionbypass']?$dansguardian_groups['infectionbypass']:"0"); $dansguardian_groups['mitmkey']=($dansguardian_groups['mitmkey']?$dansguardian_groups['mitmkey']:"dgs3dD3da"); switch ($dansguardian_groups['reportinglevel']){ case "1": case "2": $groupreportinglevel="reportinglevel = ".$dansguardian_groups['reportinglevel']; if (preg_match("@(\w+://[a-zA-Z0-9.:/\-]+)@",$dansguardian_groups['reportingcgi'],$cgimatches)){ $groupaccessdeniedaddress="accessdeniedaddress = '".$cgimatches[1]."'"; } else{ log_error('Dansguardian - Group '.$dansguardian_groups['name']. ' does not has a valid access denied cgi url.'); file_notice('Dansguardian - Group '.$dansguardian_groups['name']. ' does not has a valid access denied cgi url.',""); } break; case "-1": case "0": case "3": $groupreportinglevel="reportinglevel = ".$dansguardian_groups['reportinglevel']; $groupaccessdeniedaddress=""; break; default: $groupreportinglevel=""; $groupaccessdeniedaddress=""; } foreach ($groups as $group) $dansguardian_groups[$group]=(preg_match("/$group/",$dansguardian_groups['group_options'])?"on":"off"); include("/usr/local/pkg/dansguardianfx.conf.template"); file_put_contents($dansguardian_dir."/dansguardianf".$count.".conf", $dgf, LOCK_EX); if ($config['installedpackages']['dansguardianusers']['config'][0][$dansguardian_group_name]!=""){ $import_users = explode("\n", base64_decode($config['installedpackages']['dansguardianusers']['config'][0][$dansguardian_group_name])); asort($import_users); $config['installedpackages']['dansguardianusers']['config'][0][$dansguardian_group_name]=base64_encode(implode("\n", $import_users)); foreach ($import_users as $new_user){ if (preg_match("/(\S+)\s+(\S+)/",$new_user,$matches)) $filtergroupslist.=$matches[1]."=filter".$count." #".$matches[2]."\n"; elseif (preg_match("/(\S+)/",$new_user,$matches)) $filtergroupslist.=$matches[1]."=filter".$count."\n"; } } if ($config['installedpackages']['dansguardianips']['config'][0][$dansguardian_group_name]!=""){ $import_ips = explode("\n", base64_decode($config['installedpackages']['dansguardianips']['config'][0][$dansguardian_group_name])); asort($import_ips); $config['installedpackages']['dansguardianips']['config'][0][$dansguardian_group_name]=base64_encode(implode("\n", $import_ips)); foreach ($import_ips as $new_ip){ if (preg_match("/(\S+)\s+(.*)/",$new_ip,$matches)) $filtergroupsiplist.=$matches[1]." = filter".$count." #".$matches[2]."\n"; elseif (preg_match("/(\S+)/",$new_ip,$matches)) $filtergroupsiplist.=$matches[1]." = filter".$count."\n"; } } $filtergroup_count=count($import_users); $filtergroupip_count=count($import_ips); #Default group catch all unauth groups as well non listed users if($count > 1) $user_xml .=<<<EOF <field> <name>{$dansguardian_groups['description']} ({$filtergroup_count})</name> <type>listtopic</type> </field> <field> <fieldname>{$dansguardian_group_name}</fieldname> <fielddescr>{$dansguardian_groups['name']}</fielddescr> <description><![CDATA[Include users for this group one per line<br>Hint:PFSENSE\marcelloc #Marcello Coutinho]]></description> <type>textarea</type> <cols>80</cols><rows>12</rows> <encoding>base64</encoding> </field> EOF; $ips_xml .=<<<EOF <field> <name>{$dansguardian_groups['description']} ({$filtergroupip_count})</name> <type>listtopic</type> </field> <field> <fieldname>{$dansguardian_group_name}</fieldname> <fielddescr>{$dansguardian_groups['name']}</fielddescr> <description><![CDATA[Include ip addresses and or ipadresses/netmask for this group one per line<br>Hint:192.168.1.0/255.255.255.0<br>192.168.1.5]]></description> <type>textarea</type> <cols>80</cols><rows>12</rows> <encoding>base64</encoding> </field> EOF; $count++; } if ($user_xml==""){ $user_xml .=<<<EOF <field> <name>Users</name> <type>listtopic</type> </field> <field> <fielddescr>Users</fielddescr> <fieldname>info_checkbox</fieldname> <type>checkbox</type> <description><![CDATA[Dansguardian users are required only when you have more then one group.<br>All unauthenticated users or unlisted uses will match first filter group.]]></description> </field> EOF; } #Create/update filtergroupslist file_put_contents($dansguardian_dir."/lists/filtergroupslist",$filtergroupslist,LOCK_EX); #Create/update filtergroupsiplist file_put_contents($dansguardian_dir."/lists/authplugins/ipgroups",$filtergroupsiplist,LOCK_EX); #Create/update userlist xml file $ips_xml_header=file_get_contents("/usr/local/pkg/dansguardian_ips_header.xml"); $user_xml_header=file_get_contents("/usr/local/pkg/dansguardian_users_header.xml"); $user_xml_footer=file_get_contents("/usr/local/pkg/dansguardian_users_footer.xml"); file_put_contents("/usr/local/pkg/dansguardian_users.xml",$user_xml_header.$user_xml.$user_xml_footer,LOCK_EX); file_put_contents("/usr/local/pkg/dansguardian_ips.xml",$ips_xml_header.$ips_xml.$user_xml_footer,LOCK_EX); #Create report template if (is_dir("/usr/local/share/dansguardian/languages/".$reportlanguage)) file_put_contents("/usr/local/share/dansguardian/languages/".$reportlanguage."/template.html",dg_text_area_decode($dansguardian_log['report_file']),LOCK_EX); #check blacklist download files if ($dansguardian_blacklist['cron']=="force_download"){ log_error("Blacklist udpate process started"); file_notice("Dansguardian - Blacklist udpate process started",""); file_put_contents("/root/dansguardian_custom.script",base64_decode($dansguardian_blacklist['custom_script']),LOCK_EX); if ($dansguardian_blacklist['enable_custom_script'] && $dansguardian_blacklist['custom_script'] != "") mwexec_bg("/root/dansguardian_custom.script"); else mwexec_bg("/usr/local/bin/php /usr/local/www/dansguardian.php fetch_blacklist"); } #update xml categories from downloaded file if ($dansguardian_blacklist['cron']=="force_update"){ $config['installedpackages']['dansguardianblacklist']['config'][0]['cron']="never"; mwexec_bg("/usr/local/bin/php /usr/local/www/dansguardian.php update_lists"); } #Import default blacklists if (!is_array($config['installedpackages']['dansguardianblacklistsurls']['config'])) mwexec_bg("/usr/local/bin/php /usr/local/www/dansguardian.php update_lists"); #get clamav user $cconf="/usr/local/etc/clamd.conf"; $cconf_file=file_get_contents($cconf); if (preg_match("/User (\w+)/",$cconf_file,$matches)){ $daemonuser = $matches[1]; $daemongroup = 'nobody'; } else{ $daemonuser = 'nobody'; $daemongroup = 'nobody'; } $filtergroups=($count > 1?($count -1):1); $filterip=""; $filterports=""; foreach (explode(",", $dansguardian['interface']) as $i => $iface) { $real_ifaces[] = dg_get_real_interface_address($iface); if($real_ifaces[$i][0]) $filterip .="filterip = ".$real_ifaces[$i][0]."\n"; $filterports.="filterports = ".$filterport."\n"; } $filterip=($filterip==""?"filterip = ":$filterip); $filterports=($filterports==""?"filterports = $filterport":$filterports); include("/usr/local/pkg/dansguardian.conf.template"); #check cron_tab $new_cron=array(); $cron_found=0; if (is_array($config['cron']['item'])) foreach($config['cron']['item'] as $cron) if (preg_match("/usr.local.(bin.freshclam|www.dansguardian)/",$cron["command"])) $cron_found++; else $new_cron['item'][]=$cron; $cron_cmd="/usr/local/bin/freshclam"; if($dansguardian_config['cron'] && preg_match("/clamd/",$dansguardian_config['content_scanners'])) switch ($dansguardian_config['cron']){ case "day": $new_cron['item'][]=array( "minute" => "0", "hour" => "0", "mday" => "*", "month" => "*", "wday" => "*", "who" => "root", "command"=> $cron_cmd); $config['cron']=$new_cron; $cron_found++; break; case "02days": $new_cron['item'][]=array( "minute" => "0", "hour" => "0", "mday" => "*/2", "month" => "*", "wday" => "*", "who" => "root", "command"=> $cron_cmd); $config['cron']=$new_cron; $cron_found++; break; case "week": $new_cron['item'][]=array( "minute" => "0", "hour" => "0", "mday" => "*/7", "month" => "*", "wday" => "*", "who" => "root", "command"=> $cron_cmd); $config['cron']=$new_cron; $cron_found++; break; } $cron_cmd="/usr/local/bin/php /usr/local/www/dansguardian.php fetch_blacklist"; if($dansguardian_blacklist['cron']) switch ($dansguardian_blacklist['cron']){ case "day": $new_cron['item'][]=array( "minute" => "0", "hour" => "0", "mday" => "*", "month" => "*", "wday" => "*", "who" => "root", "command"=> $cron_cmd); $config['cron']=$new_cron; $cron_found++; break; case "02days": $new_cron['item'][]=array( "minute" => "0", "hour" => "0", "mday" => "*/2", "month" => "*", "wday" => "*", "who" => "root", "command"=> $cron_cmd); $config['cron']=$new_cron; $cron_found++; break; case "week": $new_cron['item'][]=array( "minute" => "0", "hour" => "0", "mday" => "*/7", "month" => "*", "wday" => "*", "who" => "root", "command"=> $cron_cmd); $config['cron']=$new_cron; $cron_found++; break; } $cron_cmd="/usr/local/bin/php /usr/local/www/dansguardian_ldap.php"; if (is_array($config['installedpackages']['dansguardiangroups']['config'])) foreach ($config['installedpackages']['dansguardiangroups']['config'] as $dansguardian_groups){ if(preg_match('/(\d+)m/',$dansguardian_groups['freq'],$matches)){ $new_cron['item'][]=array( "minute" => "*/".$matches[1], "hour" => "*", "mday" => "*", "month" => "*", "wday" => "*", "who" => "root", "command"=> $cron_cmd." ".$dansguardian_groups['name']); $config['cron']=$new_cron; $cron_found++; } if(preg_match('/(\d+)h/',$dansguardian_groups['freq'],$matches)){ $new_cron['item'][]=array( "minute" => "0", "hour" => "*/".$matches[1], "mday" => "*", "month" => "*", "wday" => "*", "who" => "root", "command"=> $cron_cmd." ".$dansguardian_groups['name']); $config['cron']=$new_cron; $cron_found++; } } #write files conf_mount_rw(); write_config(); #update cron if ($cron_found > 0){ $config['cron']=$new_cron; write_config(); configure_cron(); } $dirs=array('/usr/local/etc/dansguardian/lists/bannedrooms/', '/var/log/dansguardian'); foreach ($dirs as $dir) if (!is_dir($dir)) mkdir ($dir,0755,true); #update file owner mwexec("chown -R $daemonuser:$daemongroup /usr/local/etc/dansguardian"); mwexec("chown -R $daemonuser:$daemongroup /var/log/dansguardian"); #create config files file_put_contents($dansguardian_dir."/dansguardian.conf", $dg, LOCK_EX); #check virus_scanner options $libexec_dir="/usr/local/libexec/dansguardian/"; if (preg_match("/clamd/",$dansguardian_config['content_scanners'])){ if (!(file_exists('/var/db/clamav/main.cvd')||file_exists('/var/db/clamav/main.cld'))){ file_notice("Dansguardian - No antivirus database found for clamav, running freshclam in background.",""); log_error('No antivirus database found for clamav, running freshclam in background.'); mwexec_bg('/usr/local/bin/freshclam'); } $match=array(); $match[0]='/NO/'; $replace=array(); $replace[0]='YES'; #clamdscan.conf dansguardian file $cconf="/usr/local/etc/dansguardian/contentscanners/clamdscan.conf"; $cconf_file=file_get_contents($cconf); if (preg_match('/#clamdudsfile/',$cconf_file)){ $cconf_file=preg_replace('/#clamdudsfile/','clamdudsfile',$cconf_file); file_put_contents($cconf, $cconf_file, LOCK_EX); } #clamd conf file $cconf="/usr/local/etc/clamd.conf"; $cconf_file=file_get_contents($cconf); if (preg_match("/User (\w+)/",$cconf_file,$matches)){ #clamd script file $script='/usr/local/etc/rc.d/clamav-clamd'; $script_file=file($script); foreach ($script_file as $script_line){ if(preg_match("/command=/",$script_line)){ $new_clamav_startup.= 'if [ ! -d /var/run/clamav ];then /bin/mkdir /var/run/clamav;fi'."\n"; $new_clamav_startup.= "chown -R ".$matches[1]." /var/run/clamav\n"; $new_clamav_startup.= "chown -R ".$matches[1]." /var/log/clamav\n"; $new_clamav_startup.=$script_line; } elseif(!preg_match("/(mkdir|chown|sleep|mailscanner)/",$script_line)) { $new_clamav_startup.=preg_replace("/NO/","YES",$script_line); } } file_put_contents($script, $new_clamav_startup, LOCK_EX); chmod ($script,0755); if (file_exists('/var/run/dansguardian.pid') && is_process_running('clamd') && !isset($boot_process)){ log_error('Stopping clamav-clamd'); mwexec("$script stop"); } unlink_if_exists("/tmp/.dguardianipc"); unlink_if_exists("/tmp/.dguardianurlipc"); if (! is_process_running('clamd')){ log_error('Starting clamav-clamd'); mwexec_bg("$script start"); } } } #check certificate hashed $script='/usr/local/etc/rc.d/dansguardian'; if($config['installedpackages']['dansguardian']['config'][0]['enable']){ copy('/usr/local/pkg/dansguardian_rc.template','/usr/local/etc/rc.d/dansguardian'); chmod ($script,0755); if (is_process_running('dansguardian')){ #prevent multiple reloads during boot process if (!isset($boot_process)){ log_error('Reloading Dansguardian'); exec("/usr/local/sbin/dansguardian -r"); } } else{ log_error('Starting Dansguardian'); mwexec("$script start"); } } else{ if (is_process_running('dansguardian')){ log_error('Stopping Dansguardian'); mwexec("$script stop"); } if (file_exists($script)) chmod ($script,444); } if (!file_exists('/usr/local/etc/dansguardian/lists/phraselists/pornography/weighted_russian_utf8')) file_put_contents('/usr/local/etc/dansguardian/lists/phraselists/pornography/weighted_russian_utf8',"",LOCK_EX); #check ca certs hashes check_ca_hashes(); #mount read only conf_mount_ro(); #avoid sync during boot process if (!isset($boot_process)){ $synconchanges = $config['installedpackages']['dansguardiansync']['config'][0]['synconchanges']; if(!$synconchanges && !$syncondbchanges) return; log_error("[dansguardian] dansguardian_xmlrpc_sync.php is starting."); foreach ($config['installedpackages']['dansguardiansync']['config'] as $rs ){ foreach($rs['row'] as $sh){ $sync_to_ip = $sh['ipaddress']; $password = $sh['password']; $sync_type = $sh['sync_type']; if($password && $sync_to_ip) dansguardian_do_xmlrpc_sync($sync_to_ip, $password,$sync_type); } } log_error("[dansguardian] dansguardian_xmlrpc_sync.php is ending."); } } function dansguardian_validate_input($post, &$input_errors) { foreach ($post as $key => $value) { if (preg_match("/^(name|description)$/",$key) && $value == "") $input_errors[] = "{$key} could not be empty."; else if ($key == "name" && $value=="sample") $input_errors[] = "{$value} cannot be used as name."; else if ($key == "name" && preg_match("/\W/",$value)) $input_errors[] = "{$value} cannot be used as name. Use only a-z 0-9 characters"; else if (empty($value)) continue; else if($key == "freq" && (!preg_match("/^\d+(h|m|d)$/",$value) || $value == 0)) $input_errors[] = "A valid number with a time reference is required for the field 'Update Frequency'"; } } function dansguardian_php_install_command() { sync_package_dansguardian(); } function dansguardian_php_deinstall_command() { global $config,$g; mwexec("/usr/local/etc/rc.d/dansguardian stop"); sleep(1); conf_mount_rw(); chmod ("/usr/local/etc/rc.d/dansguardian",0444); conf_mount_ro(); } function dansguardian_do_xmlrpc_sync($sync_to_ip, $password,$sync_type) { global $config, $g; if(!$password) return; if(!$sync_to_ip) return; $xmlrpc_sync_neighbor = $sync_to_ip; if($config['system']['webgui']['protocol'] != "") { $synchronizetoip = $config['system']['webgui']['protocol']; $synchronizetoip .= "://"; } $port = $config['system']['webgui']['port']; /* if port is empty lets rely on the protocol selection */ if($port == "") { if($config['system']['webgui']['protocol'] == "http") $port = "80"; else $port = "443"; } $synchronizetoip .= $sync_to_ip; /* xml will hold the sections to sync */ $xml = array(); $sync_xml=$config['installedpackages']['dansguardiansync']['config'][0]['synconchanges']; if ($sync_xml){ log_error("Include dansguardian config"); $xml['dansguardian'] = $config['installedpackages']['dansguardian']; $xml['dansguardianantivirusacl'] = $config['installedpackages']['dansguardianantivirusacl']; $xml['dansguardianconfig'] = $config['installedpackages']['dansguardianconfig']; $xml['dansguardianblacklist'] = $config['installedpackages']['dansguardianblacklist']; $xml['dansguardianldap'] = $config['installedpackages']['dansguardianldap']; $xml['dansguardiancontentacl'] = $config['installedpackages']['dansguardiancontentacl']; $xml['dansguardianfileacl'] = $config['installedpackages']['dansguardianfileacl']; $xml['dansguardiangroups'] = $config['installedpackages']['dansguardiangroups']; $xml['dansguardianheaderacl'] = $config['installedpackages']['dansguardianheaderacl']; $xml['dansguardianlimits'] = $config['installedpackages']['dansguardianlimits']; $xml['dansguardianlog'] = $config['installedpackages']['dansguardianlog']; $xml['dansguardianphraseacl'] = $config['installedpackages']['dansguardianphraseacl']; $xml['dansguardianpicsacl'] = $config['installedpackages']['dansguardianpicsacl']; $xml['dansguardiansearchacl'] = $config['installedpackages']['dansguardiansearchacl']; $xml['dansguardiansiteacl'] = $config['installedpackages']['dansguardiansiteacl']; $xml['dansguardianurlacl'] = $config['installedpackages']['dansguardianurlacl']; $xml['dansguardianusers'] = $config['installedpackages']['dansguardianusers']; } if (count($xml) > 0){ /* assemble xmlrpc payload */ $params = array( XML_RPC_encode($password), XML_RPC_encode($xml) ); /* set a few variables needed for sync code borrowed from filter.inc */ $url = $synchronizetoip; log_error("Beginning dansguardian XMLRPC sync to {$url}:{$port}."); $method = 'pfsense.merge_installedpackages_section_xmlrpc'; $msg = new XML_RPC_Message($method, $params); $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); $cli->setCredentials('admin', $password); if($g['debug']) $cli->setDebug(1); /* send our XMLRPC message and timeout after 250 seconds */ $resp = $cli->send($msg, "250"); if(!$resp) { $error = "A communications error occurred while attempting dansguardian XMLRPC sync with {$url}:{$port}."; log_error($error); file_notice("sync_settings", $error, "dansguardian Settings Sync", ""); } elseif($resp->faultCode()) { $cli->setDebug(1); $resp = $cli->send($msg, "250"); $error = "An error code was received while attempting dansguardian XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); log_error($error); file_notice("sync_settings", $error, "dansguardian Settings Sync", ""); } else { log_error("dansguardian XMLRPC sync successfully completed with {$url}:{$port}."); } /* tell dansguardian to reload our settings on the destionation sync host. */ $method = 'pfsense.exec_php'; $execcmd = "require_once('/usr/local/pkg/dansguardian.inc');\n"; $execcmd .= "sync_package_dansguardian();"; /* assemble xmlrpc payload */ $params = array( XML_RPC_encode($password), XML_RPC_encode($execcmd) ); log_error("dansguardian XMLRPC reload data {$url}:{$port}."); $msg = new XML_RPC_Message($method, $params); $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); $cli->setCredentials('admin', $password); $resp = $cli->send($msg, "250"); if(!$resp) { $error = "A communications error occurred while attempting dansguardian XMLRPC sync with {$url}:{$port} (pfsense.exec_php)."; log_error($error); file_notice("sync_settings", $error, "dansguardian Settings Sync", ""); } elseif($resp->faultCode()) { $cli->setDebug(1); $resp = $cli->send($msg, "250"); $error = "An error code was received while attempting dansguardian XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); log_error($error); file_notice("sync_settings", $error, "dansguardian Settings Sync", ""); } else { log_error("dansguardian XMLRPC reload data success with {$url}:{$port} (pfsense.exec_php)."); } } } ?>