function ApplyConfig($smooth = false) { if (function_exists("WriteToSyslogMail")) { WriteToSyslogMail("Invoke ApplyConfig function", basename(__FILE__)); } $unix = new unix(); $ulimit = $unix->find_program("ulimit"); if (is_file($ulimit)) { shell_exec("{$ulimit} -HSd unlimited"); } else { echo "Starting......: " . date("H:i:s") . " [SYS]: Squid ulimit no such binary...\n"; } echo "Starting......: " . date("H:i:s") . " [SYS]: Squid apply kernel settings\n"; build_progress("{reconfigure} Kernel values", 46); kernel_values(); echo "Starting......: " . date("H:i:s") . " [SYS]: Squid apply Checks security limits\n"; build_progress("{reconfigure} Security limits", 47); security_limit(); echo "Starting......: " . date("H:i:s") . " [SYS]: Squid Checking Remote appliances...\n"; build_progress("{reconfigure} checks remote appliances", 48); remote_appliance_restore_tables(); echo "Starting......: " . date("H:i:s") . " [SYS]: Squid Checking Remote appliances done...\n"; $nohup = $unix->find_program("nohup"); $php5 = $unix->LOCATE_PHP5_BIN(); $squidbin = $unix->find_program("squid"); $SQUID_CONFIG_PATH = $unix->SQUID_CONFIG_PATH(); echo "Starting......: " . date("H:i:s") . " [SYS]: Squid loading libraires...\n"; $sock = new sockets(); $squid = new squidbee(); if (!is_file($squidbin)) { $squidbin = $unix->find_program("squid3"); } echo "Starting......: " . date("H:i:s") . " [SYS]: Squid binary: `{$squidbin}`\n"; echo "Starting......: " . date("H:i:s") . " [SYS]: Squid Conf..: `{$SQUID_CONFIG_PATH}`\n"; echo "Starting......: " . date("H:i:s") . " [SYS]: Squid php...: `{$php5}`\n"; echo "Starting......: " . date("H:i:s") . " [SYS]: Squid nohup.: `{$nohup}`\n"; $DenySquidWriteConf = $sock->GET_INFO("DenySquidWriteConf"); if (!is_numeric($DenySquidWriteConf)) { $DenySquidWriteConf = 0; } echo "Starting......: " . date("H:i:s") . " [SYS]: Squid Checking `DenySquidWriteConf` = {$DenySquidWriteConf}\n"; @copy("/etc/artica-postfix/settings/Daemons/SquidNudityScanParams", "/etc/squid3/SquidNudityScanParams"); echo "Starting......: " . date("H:i:s") . " [SYS]: Squid Checking `NudeBooster`\n"; build_progress("{reconfigure} Nude booster", 49); NudeBooster(); if (!is_dir("/usr/share/squid-langpack")) { echo "Starting......: " . date("H:i:s") . " [SYS]: Squid Checking Templates from MySQL\n"; $unix->THREAD_COMMAND_SET("{$php5} " . __FILE__ . " --tpl-save"); } $EnableRemoteStatisticsAppliance = 0; echo "Starting......: " . date("H:i:s") . " [SYS]: Squid Build blocked Websites list...\n"; build_progress("{reconfigure} Whitelisted browsers", 50); acl_whitelisted_browsers(); build_progress("{reconfigure} allowed browsers", 51); acl_allowed_browsers(); echo "Starting......: " . date("H:i:s") . " Checking wrapzap\n"; build_progress("{reconfigure} wrapzap", 52); wrapzap(); build_progress("{reconfigure} Mime.conf", 53); mime_conf(); build_progress("{reconfigure} Blocked websites", 54); $squid->BuildBlockedSites(); build_progress("{reconfigure} FTP clients ACLs", 55); acl_clients_ftp(); build_progress("{reconfigure} Dynamic rules caches", 56); echo "Starting......: " . date("H:i:s") . " [SYS]: Dynamic rules caches...\n"; dyn_caches(); build_progress("{reconfigure} Webfiltering whitelisted", 57); echo "Starting......: " . date("H:i:s") . " [SYS]: Squid Build url_rewrite_access deny...\n"; urlrewriteaccessdeny(); echo "Starting......: " . date("H:i:s") . " [SYS]:Squid building main configuration done\n"; if ($GLOBALS["NOAPPLY"]) { $DenySquidWriteConf = 0; } if ($DenySquidWriteConf == 0) { @mkdir("/tmp", 0755, true); $squid->CURRENT_PROGRESS = 79; $squid->MAX_PROGRESS = 79; $conf = $squid->BuildSquidConf(); $conf = str_replace("\n\n", "\n", $conf); build_progress("{writing_configuration}", 79); @file_put_contents("/tmp/squid.conf", $conf); echo "Starting......: " . date("H:i:s") . " [SYS]: Squid Check validity of the configuration file with /tmp/squid.conf...\n"; $GLOBALS["SQUID_PATTERN_ERROR"] = array(); CheckConfig("/tmp/squid.conf"); if (count($GLOBALS["SQUID_PATTERN_ERROR"]) > 0) { echo "Starting......: " . date("H:i:s") . " [SYS]: Some errors are detected and cleaned\n"; squid_admin_mysql(1, "Some errors has been detected in settings", "Please check theses values:\n" . @implode("\n", $GLOBALS["SQUID_PATTERN_ERROR"])); $conf = @file_get_contents("/tmp/squid.conf"); } exec("{$squidbin} -f /tmp/squid.conf -k parse 2>&1", $results); while (list($index, $ligne) = each($results)) { if (strpos($ligne, "| WARNING:") > 0) { continue; } if (preg_match("#ERROR: Failed#", $ligne)) { build_progress("{operation_failed} !!!", 110); echo "Starting......: " . date("H:i:s") . " [SYS]: Squid `{$ligne}`, aborting configuration, keep the old one...\n"; echo "<div style='font-size:16px;font-weight:bold;color:#E71010'>{$ligne}</div>"; $sock->TOP_NOTIFY("{$ligne}", "error"); return; } if (preg_match("#Segmentation fault#", $ligne)) { build_progress("{operation_failed} Segmentation fault !!!", 110); echo "Starting......: " . date("H:i:s") . " [SYS]: Squid `{$ligne}`, aborting configuration, keep the old one...\n"; echo "<div style='font-size:16px;font-weight:bold;color:#E71010'>{$ligne}</div>"; $sock->TOP_NOTIFY("{$ligne}", "error"); return; } if (preg_match("#(unrecognized|FATAL|Bungled)#", $ligne)) { build_progress("{operation_failed} Bungled !!!", 110); echo "Starting......: " . date("H:i:s") . " [SYS]: Squid `{$ligne}`, aborting configuration, keep the old one...\n"; echo "<div style='font-size:16px;font-weight:bold;color:#E71010'>{$ligne}</div>"; if (preg_match("#line ([0-9]+):#", $ligne, $ri)) { $Buggedline = $ri[1]; $tt = explode("\n", @file_get_contents("/tmp/squid.conf")); echo "<HR>"; for ($i = $Buggedline - 2; $i < $Buggedline + 2; $i++) { $lineNumber = $i + 1; $colorbugged = "black"; if (trim($tt[$i]) == null) { continue; } if ($lineNumber == $Buggedline) { $colorbugged = "#E71010"; } echo "<div style='font-size:12px;font-weight:bold;color:{$colorbugged}'>[line:{$lineNumber}]: {$tt[$i]}</div>"; } } echo "<HR>"; $sock->TOP_NOTIFY("{$ligne}", "error"); return; } if (preg_match("#strtokFile:\\s+(.+?)\\s+not found#", $ligne, $re)) { $filename = trim($re[1]); echo "Starting......: " . date("H:i:s") . " [SYS]: Squid missing {$filename}, create an empty one\n"; @mkdir(dirname($filename), 0755, true); @file_put_contents($filename, ""); @chown($filename, "squid"); @chgrp($filename, "squid"); continue; } if (preg_match("#Processing:\\s+#", $ligne)) { continue; } if (preg_match("#Warning: empty ACL#", $ligne)) { continue; } if (preg_match("#searching predictable#", $ligne)) { continue; } if (preg_match("#is a subnetwork of#", $ligne)) { continue; } if (preg_match("#You should probably#", $ligne)) { continue; } if (preg_match("#Startup:\\s+#", $ligne)) { continue; } echo "Starting......: " . date("H:i:s") . " [SYS]: {$ligne}\n"; } @file_put_contents("/etc/artica-postfix/settings/Daemons/GlobalSquidConf", $conf); echo "Starting......: " . date("H:i:s") . " [SYS]: Squid Check validity OK...\n"; if ($GLOBALS["NOAPPLY"]) { echo "Starting......: " . date("H:i:s") . " [SYS]: WARNING \"NOAPPLY\" Artica is denied to apply settings...\n"; return true; } echo "Starting......: " . date("H:i:s") . " [SYS]: Squid Writing configuration file \"{$SQUID_CONFIG_PATH}\" " . strlen($conf) . " bytes...\n"; @file_put_contents($SQUID_CONFIG_PATH, $conf); @mkdir("/etc/squid3", 0755, true); if ($SQUID_CONFIG_PATH != "/etc/squid3/squid.conf") { @file_put_contents("/etc/squid3/squid.conf", $conf); } $sock->TOP_NOTIFY("{squid_parameters_was_saved}", "info"); $cmd = $unix->LOCATE_PHP5_BIN() . " " . __FILE__ . " --templates --noreload"; $unix->THREAD_COMMAND_SET($cmd); } build_progress("{checking}: squidclamav", 79); if (!$smooth) { squidclamav(); } build_progress("{checking}: wrapzap", 79); if (!$smooth) { wrapzap(); } build_progress("{checking}: Cerificates", 79); if (!$smooth) { certificate_generate(); } $cmd = $nohup . " " . $unix->LOCATE_PHP5_BIN() . " " . __FILE__ . " --cache-infos --force >/dev/null 2>&1 &"; if ($GLOBALS["VERBOSE"]) { echo "{$cmd}\n"; } shell_exec($cmd); shell_exec("{$nohup} {$php5} /usr/share/artica-postfix/exec.syslog-engine.php --rsylogd >/dev/null 2>&1 &"); shell_exec("{$nohup} {$php5} /usr/share/artica-postfix/exec.squid.watchdog.php --init >/dev/null 2>&1 &"); if (!$smooth) { build_progress("{checking}: Check Files And Security", 79); CheckFilesAndSecurity(); } return true; }
function ApplyConfig() { $unix = new unix(); $squid = new squidbee(); writelogs("->BuildBlockedSites", __FUNCTION__, __FILE__, __LINE__); $squid->BuildBlockedSites(); acl_clients_ftp(); acl_whitelisted_browsers(); acl_allowed_browsers(); $SQUID_CONFIG_PATH = $unix->SQUID_CONFIG_PATH(); if (!is_file($SQUID_CONFIG_PATH)) { writelogs("Unable to stat squid configuration file \"{$SQUID_CONFIG_PATH}\"", __FUNCTION__, __FILE__, __LINE__); return; } echo "Starting......: Squid building main configuration done\n"; $squid = new squidbee(); $conf = $squid->BuildSquidConf(); @file_put_contents("/etc/artica-postfix/settings/Daemons/GlobalSquidConf", $conf); @file_put_contents($SQUID_CONFIG_PATH, $conf); if ($squid->EnableKerbAuth) { shell_exec($unix->LOCATE_PHP5_BIN() . " " . dirname(__FILE__) . "/exec.kerbauth.php --build"); } squidclamav(); wrapzap(); certificate_generate(); SQUID_TEMPLATES(); CheckFilesAndSecurity(); }
function ApplyConfig($smooth = false) { if (function_exists("WriteToSyslogMail")) { WriteToSyslogMail("Invoke ApplyConfig function", basename(__FILE__)); } $unix = new unix(); $ulimit = $unix->find_program("ulimit"); if (is_file($ulimit)) { shell_exec("{$ulimit} -HSd unlimited"); } else { echo "Starting......: " . date("H:i:s") . " [SYS]: Squid ulimit no such binary...\n"; } echo "Starting......: " . date("H:i:s") . " [SYS]: Squid apply kernel settings\n"; build_progress("{reconfigure} Kernel values", 46); kernel_values(); echo "Starting......: " . date("H:i:s") . " [SYS]: Squid apply Checks security limits\n"; build_progress("{reconfigure} Security limits", 47); security_limit(); echo "Starting......: " . date("H:i:s") . " [SYS]: Squid Checking Remote appliances...\n"; build_progress("{reconfigure} checks remote appliances", 48); remote_appliance_restore_tables(); echo "Starting......: " . date("H:i:s") . " [SYS]: Squid Checking Remote appliances done...\n"; $nohup = $unix->find_program("nohup"); $php5 = $unix->LOCATE_PHP5_BIN(); $squidbin = $unix->find_program("squid"); $SQUID_CONFIG_PATH = $unix->SQUID_CONFIG_PATH(); echo "Starting......: " . date("H:i:s") . " [SYS]: Squid loading libraires...\n"; $sock = new sockets(); $squid = new squidbee(); if (!is_file($squidbin)) { $squidbin = $unix->find_program("squid3"); } echo "Starting......: " . date("H:i:s") . " [SYS]: Squid binary: `{$squidbin}`\n"; echo "Starting......: " . date("H:i:s") . " [SYS]: Squid Conf..: `{$SQUID_CONFIG_PATH}`\n"; echo "Starting......: " . date("H:i:s") . " [SYS]: Squid php...: `{$php5}`\n"; echo "Starting......: " . date("H:i:s") . " [SYS]: Squid nohup.: `{$nohup}`\n"; $DenySquidWriteConf = $sock->GET_INFO("DenySquidWriteConf"); if (!is_numeric($DenySquidWriteConf)) { $DenySquidWriteConf = 0; } echo "Starting......: " . date("H:i:s") . " [SYS]: Squid Checking `DenySquidWriteConf` = {$DenySquidWriteConf}\n"; @copy("/etc/artica-postfix/settings/Daemons/SquidNudityScanParams", "/etc/squid3/SquidNudityScanParams"); echo "Starting......: " . date("H:i:s") . " [SYS]: Squid Checking `NudeBooster`\n"; build_progress("{reconfigure} Nude booster", 49); NudeBooster(); if (!is_dir("/usr/share/squid-langpack")) { echo "Starting......: " . date("H:i:s") . " [SYS]: Squid Checking Templates from MySQL\n"; $unix->THREAD_COMMAND_SET("{$php5} " . __FILE__ . " --tpl-save"); } $EnableRemoteStatisticsAppliance = 0; echo "Starting......: " . date("H:i:s") . " [SYS]: Squid Build blocked Websites list...\n"; if (!is_dir("/etc/squid3/artica-meta")) { @mkdir("/etc/squid3/artica-meta", 0755, true); } if (!is_file("/etc/squid3/artica-meta/whitelist-net.db")) { @touch("/etc/squid3/artica-meta/whitelist-net.db"); } if (!is_file("/etc/squid3/artica-meta/whitelist-domains.db")) { @touch("/etc/squid3/artica-meta/whitelist-domains.db"); } build_progress("{reconfigure} Whitelisted browsers", 50); acl_whitelisted_browsers(); build_progress("{reconfigure} allowed browsers", 51); acl_allowed_browsers(); echo "Starting......: " . date("H:i:s") . " Checking wrapzap\n"; build_progress("{reconfigure} wrapzap", 52); wrapzap(); build_progress("{reconfigure} Mime.conf", 53); mime_conf(); build_progress("{reconfigure} Blocked websites", 54); $squid->BuildBlockedSites(); build_progress("{reconfigure} FTP clients ACLs", 55); acl_clients_ftp(); build_progress("{checking_wccp_mode}", 55); system("{$php5} /usr/share/artica-postfix/exec.squid.wccp.php --squid"); build_progress("{reconfigure} Dynamic rules caches", 56); echo "Starting......: " . date("H:i:s") . " [SYS]: Dynamic rules caches...\n"; dyn_caches(); build_progress("{reconfigure} Webfiltering whitelisted", 57); echo "Starting......: " . date("H:i:s") . " [SYS]: Squid Build url_rewrite_access deny...\n"; urlrewriteaccessdeny(); echo "Starting......: " . date("H:i:s") . " [SYS]:Squid building main configuration done\n"; build_progress("{reconfigure} Check files and security", 58); CheckFilesAndSecurity(); $tar = $unix->find_program("tar"); if ($GLOBALS["NOAPPLY"]) { $DenySquidWriteConf = 0; } if ($DenySquidWriteConf == 0) { @mkdir("/tmp", 0755, true); $squid->CURRENT_PROGRESS = 79; $squid->MAX_PROGRESS = 79; $conf = $squid->BuildSquidConf(); $conf = str_replace("\n\n", "\n", $conf); build_progress("{writing_configuration}", 79); @file_put_contents("/tmp/squid.conf", $conf); echo "Starting......: " . date("H:i:s") . " [SYS]: Squid Check validity of the configuration file with /tmp/squid.conf...\n"; $GLOBALS["SQUID_PATTERN_ERROR"] = array(); $squid_checks = new squid_checks("/tmp/squid.conf"); if (!$squid_checks->squid_parse()) { build_progress("{checking}: {failed}", 110); return; } echo "Starting......: " . date("H:i:s") . " [SYS]: Squid Check validity OK...\n"; if ($GLOBALS["NOAPPLY"]) { echo "Starting......: " . date("H:i:s") . " [SYS]: WARNING \"NOAPPLY\" Artica is denied to apply settings...\n"; return true; } echo "Starting......: " . date("H:i:s") . " [SYS]: Squid Writing configuration file \"{$SQUID_CONFIG_PATH}\" " . strlen($conf) . " bytes...\n"; @file_put_contents($SQUID_CONFIG_PATH, $conf); @mkdir("/etc/squid3", 0755, true); if ($SQUID_CONFIG_PATH != "/etc/squid3/squid.conf") { @file_put_contents("/etc/squid3/squid.conf", $conf); } $sock->TOP_NOTIFY("{squid_parameters_was_saved}", "info"); $cmd = $unix->LOCATE_PHP5_BIN() . " " . __FILE__ . " --templates --noreload"; $unix->THREAD_COMMAND_SET($cmd); } build_progress("{checking}: squidclamav", 79); if (!$smooth) { squidclamav(); } build_progress("{checking}: wrapzap", 79); if (!$smooth) { wrapzap(); } build_progress("{checking}: Cerificates", 79); if (!$smooth) { certificate_generate(); } $cmd = $nohup . " " . $unix->LOCATE_PHP5_BIN() . " " . __FILE__ . " --cache-infos --force >/dev/null 2>&1 &"; if ($GLOBALS["VERBOSE"]) { echo "{$cmd}\n"; } shell_exec($cmd); shell_exec("{$nohup} {$php5} /usr/share/artica-postfix/exec.syslog-engine.php --rsylogd >/dev/null 2>&1 &"); if (!$smooth) { build_progress("{checking}: Check Files And Security", 79); CheckFilesAndSecurity(); } if (is_file("/root/squid-good.tgz")) { @unlink("/root/squid-good.tgz"); } chdir("/etc/squid3"); shell_exec("cd /etc/squid3"); shell_exec("tar -czf /root/squid-good.tgz *"); chdir("/root"); shell_exec("cd /root"); return true; }