<?xml version="1.0" encoding="utf-8" ?> <!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> <?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> <packagegui> <copyright> <![CDATA[ /* ========================================================================== */ /* dansguardian_groups.xml part of pfSense (http://www.pfSense.com) Copyright (C) 2012-2013 Marcello Coutinho All rights reserved. */ /* ========================================================================== */ /* Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code MUST retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /* ========================================================================== */ ]]> </copyright> <description>Describe your package here</description> <requirements>Describe your package requirements here</requirements> <faq>Currently there are no FAQ items provided.</faq> <name>dansguardiangroups</name> <version>1.0</version> <title>Services: Dansguardian</title> <include_file>/usr/local/pkg/dansguardian.inc</include_file> <tabs> <tab> <text>Daemon</text> <url>/pkg_edit.php?xml=dansguardian.xml&id=0</url> </tab> <tab> <text>General</text> <url>/pkg_edit.php?xml=dansguardian_config.xml&id=0</url> </tab> <tab> <text>Limits</text> <url>/pkg_edit.php?xml=dansguardian_limits.xml&id=0</url> </tab> <tab> <text>Blacklist</text> <url>/pkg_edit.php?xml=dansguardian_blacklist.xml&id=0</url> </tab> <tab> <text>ACLs</text> <url>/pkg.php?xml=dansguardian_site_acl.xml</url> </tab> <tab> <text>LDAP</text> <url>/pkg.php?xml=dansguardian_ldap.xml</url> </tab> <tab> <text>Groups</text> <url>/pkg.php?xml=dansguardian_groups.xml</url> <active/> </tab> <tab> <text>Users</text> <url>/pkg_edit.php?xml=dansguardian_users.xml</url> </tab> <tab> <text>IPs</text> <url>/pkg_edit.php?xml=dansguardian_ips.xml</url> </tab> <tab> <text>Report and log</text> <url>/pkg_edit.php?xml=dansguardian_log.xml&id=0</url> </tab> <tab> <text>Sync</text> <url>/pkg_edit.php?xml=dansguardian_sync.xml&id=0</url> </tab> <tab> <text>Help</text> <url>/dansguardian_about.php</url> </tab> </tabs> <adddeleteeditpagefields> <columnitem> <fielddescr>Group name</fielddescr> <fieldname>name</fieldname> </columnitem> <columnitem> <fielddescr>Group mode</fielddescr> <fieldname>mode</fieldname> </columnitem> <columnitem> <fielddescr>Reporting level</fielddescr> <fieldname>reportinglevel</fieldname> </columnitem> <columnitem> <fielddescr>Description</fielddescr> <fieldname>description</fieldname> </columnitem> <movable>on</movable> </adddeleteeditpagefields> <fields> <field> <name>Description</name> <type>listtopic</type> </field> <field> <fielddescr>Filter Group Name</fielddescr> <fieldname>name</fieldname> <description><![CDATA[Enter Group Names.]]></description> <type>input</type> <size>20</size> </field> <field> <fielddescr>List Description</fielddescr> <fieldname>description</fieldname> <type>input</type> <size>60</size> </field> <field> <name>Acess Lists</name> <type>listtopic</type> </field> <field> <fielddescr>Group Options</fielddescr> <fieldname>group_options</fieldname> <description><![CDATA[Select options to apply on this group. Default values are in ( )]]></description> <type>select</type> <options> <option><name>Scan clean cache (on)</name><value>scancleancache</value></option> <option><name>Hex decode content (off)</name><value>hexdecodecontent</value></option> <option><name>Block Download not in Exception Lists (off)</name><value>blockdownloads</value></option> <option><name>Enable PICS rating support (off)</name><value>enablepics</value></option> <option><name>Enable Deep URL Analysis (off)</name><value>deepurlanalysis</value></option> <option><name>Infection/Scan Error Bypass on Scan Errors Only (on)</name><value>infectionbypasserrorsonly</value></option> <option><name>Disable content scanning (off)</name><value>disablecontentscan</value></option> <option><name>Check Server SSLCertificates (off)</name><value>sslcheckcert</value></option> <option><name>Filter ssl sites forging SSL Certificates (off)</name><value>sslmitm</value></option> </options> <multiple/> <size>9</size> </field> <field> <fielddescr>Pics</fielddescr> <fieldname>picsacl</fieldname> <description><![CDATA[Select Pics Access List to apply on this group.]]></description> <type>select_source</type> <source><![CDATA[$config['installedpackages']['dansguardianpicsacl']['config']]]></source> <source_name>name</source_name> <source_value>name</source_value> <multiple/> <size>5</size> </field> <field> <fielddescr>Phrase</fielddescr> <fieldname>phraseacl</fieldname> <description><![CDATA[Select Phrase ACL to apply on this group.]]></description> <type>select_source</type> <source><![CDATA[$config['installedpackages']['dansguardianphraseacl']['config']]]></source> <source_name>name</source_name> <source_value>name</source_value> <multiple/> <size>5</size> </field> <field> <fielddescr>Site</fielddescr> <fieldname>siteacl</fieldname> <description><![CDATA[Select Site Access Lists to apply on this group.]]></description> <type>select_source</type> <source><![CDATA[$config['installedpackages']['dansguardiansiteacl']['config']]]></source> <source_name>name</source_name> <source_value>name</source_value> <multiple/> <size>5</size> </field> <field> <fielddescr>URL</fielddescr> <fieldname>urlacl</fieldname> <description><![CDATA[Select URL Access Lists to apply on this group.]]></description> <type>select_source</type> <source><![CDATA[$config['installedpackages']['dansguardianurlacl']['config']]]></source> <source_name>name</source_name> <source_value>name</source_value> <multiple/> <size>5</size> </field> <field> <fielddescr>Extension</fielddescr> <fieldname>extensionacl</fieldname> <description><![CDATA[Select Extension Access Lists to apply on this group.]]></description> <type>select_source</type> <source><![CDATA[$config['installedpackages']['dansguardianfileacl']['config']]]></source> <source_name>name</source_name> <source_value>name</source_value> <multiple/> <size>5</size> </field> <field> <fielddescr>Header</fielddescr> <fieldname>headeracl</fieldname> <description><![CDATA[Select Header Access Lists to apply on this group.]]></description> <type>select_source</type> <source><![CDATA[$config['installedpackages']['dansguardianheaderacl']['config']]]></source> <source_name>name</source_name> <source_value>name</source_value> <multiple/> <size>5</size> </field> <field> <fielddescr>Content</fielddescr> <fieldname>contentacl</fieldname> <description><![CDATA[Select Content Access Lists to apply on this group.]]></description> <type>select_source</type> <source><![CDATA[$config['installedpackages']['dansguardiancontentacl']['config']]]></source> <source_name>name</source_name> <source_value>name</source_value> <multiple/> <size>5</size> </field> <field> <fielddescr>Search</fielddescr> <fieldname>searchacl</fieldname> <description><![CDATA[Select Search Access lists to apply on this group.]]></description> <type>select_source</type> <source><![CDATA[$config['installedpackages']['dansguardiansearchacl']['config']]]></source> <source_name>name</source_name> <source_value>name</source_value> <multiple/> <size>5</size> </field> <field> <name>Values</name> <type>listtopic</type> </field> <field> <fielddescr>Filter Group Mode</fielddescr> <fieldname>mode</fieldname> <description><![CDATA[ This option determines whether members of this group have their web access unfiltered, filtered, or banned.<br> This mechanism replaces the "banneduserlist"]]></description> <type>select</type> <options> <option><name>Filtered (default)</name><value>1</value></option> <option><name>unfiltered (exception)</name><value>2</value></option> <option><name>banned</name><value>0</value></option> </options> </field> <field> <fielddescr>Reporting Level</fielddescr> <fieldname>reportinglevel</fieldname> <description><![CDATA[Web Access Denied Reporting (does not affect logging)<br> If defined, this overrides the global setting in dansguardian.conf for members of this filter group.]]></description> <type>select</type> <options> <option><name>Use General log option selected on Report and log - recommended</name><value>global</value></option> <option><name>Use HTML template file (accessdeniedaddress ignored)</name><value>3</value></option> <option><name>Report fully</name><value>2</value></option> <option><name>Report why but not what denied phrase</name><value>1</value></option> <option><name>Just say 'Access Denied'</name><value>0</value></option> <option><name>Log but do not block - Stealth mode</name><value>-1</value></option> </options> </field> <field> <fielddescr>Access Denied cgi</fielddescr> <fieldname>reportingcgi</fieldname> <description><![CDATA[While using Report Level (report fully) or (Report why but not what denied phrase), specify here the url link to your access denied cgi script ex:http://YOURSERVER.YOURDOMAIN/cgi-bin/dansguardian.pl]]></description> <type>input</type> <size>70</size> </field> <field> <fielddescr>Weighted phrase mode</fielddescr> <fieldname>weightedphrasemode</fieldname> <description><![CDATA[IMPORTANT: Note that setting this to "0" turns off all features which extract phrases from page content, including banned & exception phrases (not just weighted), search term filtering, and scanning for links to banned URLs.]]></description> <type>select</type> <options> <option><name>Use Weighted phrase mode value from general config</name><value>default</value></option> <option><name>Singular = each weighted phrase found only counts once on a page.</name><value>2</value></option> <option><name>Normal = normal weighted phrase operation.</name><value>1</value></option> <option><name>Off = do not use the weighted phrase feature.</name><value>0</value></option> </options> </field> <field> <fielddescr>Naughtiness limit</fielddescr> <fieldname>naughtynesslimit</fieldname> <description><![CDATA[This the limit over which the page will be blocked. Each weighted phrase is given a value either positive or negative and the values added up.<br> Phrases to do with good subjects will have negative values, and bad subjects will have positive values.<br> See the weightedphraselist file for examples.<br> As a guide:<br> <strong>50 is for young children, 100 for old children, 160 for young adults.</strong>]]></description> <type>input</type> <size>10</size> </field> <field> <fielddescr>Search term limit</fielddescr> <fieldname>searchtermlimit</fieldname> <description><![CDATA[<strong>Default 30</strong><br>The limit over which requests will be blocked for containing search terms which match the weightedphraselist.<br> This should usually be lower than the 'naughtynesslimit' value above, because the amount of text being filtered is only a few words, rather than a whole page.<br> A value of 0 here indicates that search terms should be extracted, for logging/reporting purposes, but no filtering should be performed on the resulting text.]]></description> <type>input</type> <size>10</size> </field> <field> <fielddescr>Max upload size</fielddescr> <fieldname>maxuploadsize</fieldname> <type>input</type> <size>10</size> <description><![CDATA[POST protection (web upload and forms) does not block forms without any file upload, i.e. this is just for blocking or limiting uploads measured in kilobytes after MIME encoding and header bump<br> use 0 for a complete block<br> use higher (e.g. 512 = 512Kbytes) for limiting<br> use -1 for no blocking(default)<br> Leave empty to use global Max upload size limit value.]]></description> </field> <field> <fielddescr>Category display threshold</fielddescr> <fieldname>categorydisplaythreshold</fieldname> <description><![CDATA[This option only applies to pages blocked by weighted phrase filtering.<br> Defines the minimum score that must be accumulated within a particular category in order for it to show up on the block pages' category list.<br> All categories under which the page scores positively will be logged; those that were not displayed to the user appear in brackets.<br> -1 = display only the highest scoring category<br> <strong>0 = display all categories (default)</strong><br> > 0 = minimum score for a category to be displayed]]></description> <type>input</type> <size>10</size> </field> <field> <fielddescr>Embedded URL weighting</fielddescr> <fieldname>embeddedurlweight</fieldname> <description><![CDATA[ When set to something greater than zero, this option causes URLs embedded within a page's HTML (from links, image tags, etc.) to be extracted and checked against the bannedsitelist and bannedurllist.<br> Each link to a banned page causes the amount set here to be added to the page's weighting.<br> The behaviour of this option with regards to multiple occurrences of a site/URL is affected by the weightedphrasemode setting.<br><br> <strong>Set to 0 to disable(default)</strong>. WARNING: This option is highly CPU intensive!]]></description> <type>input</type> <size>10</size> </field> <field> <fielddescr>Temporary Denied Page Bypass</fielddescr> <fieldname>bypass</fieldname> <description><![CDATA[This provides a link on the denied page to bypass the ban for a few minutes. To be secure it uses a random hashed secret generated at daemon startup.<br> You define the number of seconds the bypass will function for before the deny will appear again.<br> To allow the link on the denied page to appear you will need to edit the template.html or dansguardian.pl file for your language.<br> 300 = enable for 5 minutes<br> <strong>0 = disable ( defaults to 0 )</strong>]]></description> <type>input</type> <size>10</size> </field> <field> <fielddescr>Temporary Denied Page Bypass Secret Key</fielddescr> <fieldname>bypasskey</fieldname> <description><![CDATA[If not empty, rather than generating a random key you can specify one. It must be more than 8 chars.<br> Ex1:Mary had a little lamb.<br> Ex2:76b42abc1cd0fdcaf6e943dcbc93b826]]></description> <type>input</type> <size>70</size> </field> <field> <fielddescr>Infection/Scan Error Bypass</fielddescr> <fieldname>infectionbypass</fieldname> <description><![CDATA[Similar to the 'bypass' setting, but specifically for bypassing files scanned and found to be infected, or files that trigger scanner errors - for example, archive types with recognised but unsupported compression schemes, or corrupt archives.<br> The option specifies the number of seconds for which the bypass link will be valid.<br> 300 = enable for 5 minutes<br> <strong>0 = disable ( defaults to 0 )</strong>]]></description> <type>input</type> <size>10</size> </field> <field> <name>LDAP</name> <type>listtopic</type> </field> <field> <fielddescr>LDAP group name source</fielddescr> <fieldname>groupnamesource</fieldname> <description><![CDATA[ This option determines where to look for LDAP group/OU name.]]></description> <type>select</type> <options> <option><name>Dansguardian Group Name(default)</name><value>name</value></option> <option><name>Dansguardian Group Description</name><value>description</value></option> </options> </field> <field> <fielddescr>LDAP</fielddescr> <fieldname>ldap</fieldname> <description><![CDATA[Select LDAP servers to extract users from<br> The group must has the same name( or description) in dansguardian and on active directory<br> <strong>This is not aplicable for default group</strong>]]></description> <type>select_source</type> <size>05</size> <multiple/> <source><![CDATA[$config['installedpackages']['dansguardianldap']['config']]]></source> <source_name>dc</source_name> <source_value>dc</source_value> </field> <field> <fielddescr>LDAP user account status</fielddescr> <fieldname>useraccountcontrol</fieldname> <description><![CDATA[Import only users with these account status. Leave empty to do not check account status.]]></description> <type>select</type> <options> <option><name>Normal (code 512)</name><value>512</value></option> <option><name>Disabled Account (code 514)</name><value>514</value></option> <option><name>Account is Disabled (code 2)</name><value>2</value></option> <option><name>Account Locked Out (code 16)</name><value>16</value></option> <option><name>Entered Bad Password (code 17)</name><value>17</value></option> <option><name>No Password is Required(code 32)</name><value>32</value></option> <option><name>Password CANNOT Change(code 64)</name><value>64</value></option> <option><name>Password has Expired (code 8388608)</name><value>8388608</value></option> <option><name>Account will Never Expire (code 65536)</name><value>65536</value></option> <option><name>Enabled and Does NOT expire Paswword (code 66048)</name><value>66048</value></option> <option><name>Server Trusted Account for Delegation (code 8192)</name><value>8192</value></option> <option><name>Trusted Account for Delegation (code 524288)</name><value>524288</value></option> <option><name>Enabled, User Cannot Change Password, Password Never Expires (code 590336)</name><value>590336</value></option> <option><name>Normal Account, Password will not expire and Currently Disabled (code 66050)</name><value>66050</value></option> <option><name>Account Enabled, Password does not expire, currently Locked out (code 66064)</name><value>66064</value></option> </options> <multiple/> <size>16</size> </field> <field> <fielddescr>Update frequency</fielddescr> <fieldname>freq</fieldname> <description><![CDATA[How often extract users from active directory and verify changes<br> Valid options are minutes(m), hours(h)<br> Sample: To update every two minute, use 2m]]></description> <type>input</type> <size>05</size> </field> </fields> <custom_php_install_command> dansguardian_php_install_command(); </custom_php_install_command> <custom_php_deinstall_command> dansguardian_php_deinstall_command(); </custom_php_deinstall_command> <custom_php_validation_command> dansguardian_validate_input($_POST, &$input_errors); </custom_php_validation_command> <custom_php_resync_config_command> sync_package_dansguardian(); </custom_php_resync_config_command> </packagegui>