public function GetFamilySitestt($domain, $getpartOnly = false) { if (!class_exists("squid_familysite")) { include_once dirname(__FILE__) . "/class.squid.familysites.inc"; } $fam = new squid_familysite(); return $fam->GetFamilySitestt($domain, $getpartOnly); }
function ParseSizeBuffer($buffer) { if (!class_exists("class.logfile_daemon.inc")) { include_once "/usr/share/artica-postfix/ressources/class.logfile_daemon.inc"; } $re = explode(":::", $buffer); $mac = trim(strtolower($re[0])); if ($mac == "-") { $mac == null; } $mac = str_replace("-", ":", $mac); if ($mac == "00:00:00:00:00:00") { $mac = null; } $ipaddr = trim($re[1]); // uid $uid = $re[2]; $uid2 = $re[3]; if ($uid == "-") { $uid = null; } if ($uid2 == "-") { $uid2 = null; } if (preg_match("#^[0-9]+\\.[0-9]+\\.[0-9]+\\.[0-9]+\$#", $uid2)) { $uid2 = null; } if ($uid == null) { if ($uid2 != null) { $uid = $uid2; } } $zdate = $re[4]; $xtime = time(); $SUFFIX_DATE = date("YmdH", $xtime); $logzdate = date("Y-m-d H:i:s", $xtime); $proto = $re[5]; $uri = $re[6]; $code_error = $re[8]; $SIZE = $re[9]; $SquidCode = $re[10]; $UserAgent = urldecode($re[11]); $Forwarded = $re[12]; $sitename = trim($re[13]); $hostname = $re[14]; $response_time = $re[15]; $MimeType = $re[16]; $uid = str_replace("%20", " ", $uid); $uid = str_replace("%25", "-", $uid); if ($uid == "-") { $uid = null; } $Forwarded = str_replace("%25", "", $Forwarded); //events("MimeType: ......: $MimeType"); if (strpos($uid, '$') > 0) { if (substr($uid, strlen($uid) - 1, 1) == "\$") { $uid = null; } } if (preg_match("#^[0-9]+\\.[0-9]+\\.[0-9]+\\.[0-9]+\$#", $uid)) { $uid = null; } if (!preg_match("#^[0-9]+\\.[0-9]+\\.[0-9]+\\.[0-9]+\$#", $ipaddr)) { eventsfailed("***** WRONG LINE ipaddr:{$ipaddr} column 13 " . @implode(" | ", $re) . "*****"); return; } if ($sitename == "-") { $h = parse_url($uri); if (isset($h["host"])) { $sitename = $h["host"]; } if ($sitename == "-") { eventsfailed("***** WRONG SITENAME {$sitename} column 13 " . @implode(" | ", $re) . "*****"); eventsfailed("{$buffer}"); eventsfailed("*"); $GLOBALS["REFUSED_REQUESTS"] = $GLOBALS["REFUSED_REQUESTS"] + 1; return; } if ($sitename == null) { eventsfailed("***** WRONG SITENAME {$sitename} column 13 " . @implode(" | ", $re) . "*****"); eventsfailed("{$buffer}"); eventsfailed("*"); $GLOBALS["REFUSED_REQUESTS"] = $GLOBALS["REFUSED_REQUESTS"] + 1; return; } } if (strpos($sitename, ":") > 0) { $XA = explode(":", $sitename); $sitename = $XA[0]; } if ($sitename == "127.0.0.1") { $GLOBALS["REFUSED_REQUESTS"] = $GLOBALS["REFUSED_REQUESTS"] + 1; if ($GLOBALS["VERBOSE"]) { events("127.0.0.1 -> uid = null -> SKIP"); } return; } if ($Forwarded == "unknown") { $Forwarded = null; } if ($Forwarded == "-") { $Forwarded = null; } if ($Forwarded == "0.0.0.0") { $Forwarded = null; } if ($Forwarded == "255.255.255.255") { $Forwarded = null; } if (strlen($Forwarded) > 4) { $ipaddr = $Forwarded; $mac = null; } $ipaddr = str_replace("%25", "-", $ipaddr); $mac = str_replace("%25", "-", $mac); if ($mac == "-") { $mac = null; } if ($ipaddr == "127.0.0.1" or $ipaddr == "::") { if ($uid == null) { $GLOBALS["REFUSED_REQUESTS"] = $GLOBALS["REFUSED_REQUESTS"] + 1; if ($GLOBALS["VERBOSE"]) { events("127.0.0.1 -> uid = null -> SKIP"); } return; } } if (preg_match("#([0-9:a-z]+)\$#", $mac, $z)) { $mac = $z[1]; } if ($GLOBALS["VERBOSE"]) { events("ITEM: DATE......: {$logzdate}"); events("ITEM: MAC.......: {$mac}"); events("ITEM: IP........: {$ipaddr}"); events("ITEM: Size......: {$SIZE}"); events("ITEM: SQUID CODE: {$SquidCode}"); events("ITEM: HTTP CODE.: {$code_error}"); events("ITEM: uid.......: {$uid}"); events("ITEM: uri.......: {$uri}"); events("ITEM: UserAgent.: {$UserAgent}"); events("ITEM: Forwarded.: {$Forwarded}"); events("ITEM: SiteName..: {$sitename}"); } if ($UserAgent != null) { UserAuthDB($mac, $ipaddr, $uid, $hostname, $UserAgent); } else { events("No UserAgents in {$buffer}"); } $GLOBALS["COUNT_HASH_TABLE"] = $GLOBALS["COUNT_HASH_TABLE"] + 1; $arrayURI = parse_url($uri); $sitename = $arrayURI["host"]; if (strpos($sitename, ":")) { $xtr = explode(":", $sitename); $sitename = $xtr[0]; if (preg_match("#^www\\.(.+)#", $sitename, $rz)) { $sitename = $rz[1]; } } $TimeCache = date("YmdH"); if (!isset($GLOBALS["FAMLILYSITE"][$sitename])) { $fam = new squid_familysite(); $GLOBALS["FAMLILYSITE"][$sitename] = $fam->GetFamilySites($sitename); } $FamilySite = $GLOBALS["FAMLILYSITE"][$sitename]; $TablePrimaireHour = "squidhour_" . $TimeCache; $TableSizeHours = "sizehour_" . $TimeCache; $TableCacheHours = "cachehour_" . $TimeCache; $tableYoutube = "youtubehours_" . $TimeCache; $tableSearchWords = "searchwords_" . $TimeCache; $tableQuotaTemp = "quotatemp_" . $TimeCache; $category = null; if ($GLOBALS["DisableLogFileDaemonCategories"] == 0) { if ($GLOBALS["VERBOSE"]) { $time_start = microtime(true); } $category = ufdbcat($sitename); if ($GLOBALS["VERBOSE"]) { $time_end = microtime(true); $time_calc = $time_end - $time_start; } if ($GLOBALS["VERBOSE"]) { events("{$sitename} = {$category} {$time_calc}ms"); } } $logfile_daemon = new logfile_daemon(); $cached = $logfile_daemon->CACHEDORNOT($SquidCode); $SearchWords = $logfile_daemon->SearchWords($uri); $GLOBALS["ACCEPTED_REQUESTS"] = $GLOBALS["ACCEPTED_REQUESTS"] + 1; $MAIN["TIMESTAMP"] = time(); $MAIN["URI"] = $uri; $MAIN["sitename"] = $sitename; $MAIN["SIZE"] = $SIZE; $MAIN["CACHED"] = $cached; $MAIN["IPADDR"] = $ipaddr; $MAIN["CATEGORY"] = $category; $MAIN["MIMETYPE"] = $MimeType; $MAIN["FAMILYSITE"] = $GLOBALS["FAMLILYSITE"][$sitename]; $MAIN["MAC"] = $mac; $MAIN["UID"] = $uid; $MAIN["USERAGENT"] = $UserAgent; $MAIN["SQUID_CODE"] = $SquidCode; $MAIN["RESPONSE_TIME"] = $response_time; $MAIN["PROTO"] = $proto; $MAIN["HTTP_CODE"] = $code_error; if ($hostname != null) { $MAIN["HOSTNAME"] = $hostname; } if (is_array($SearchWords)) { $MAIN["WORDS"] = $SearchWords["WORDS"]; } $md5 = md5(serialize($MAIN)); berekley_add($md5, base64_encode(serialize($MAIN))); return; if (!isset($GLOBALS["RTTCREATED"][$TimeCache])) { events("Creating RTTH_{$TimeCache} table..."); if (create_tables($TimeCache)) { $GLOBALS["RTTCREATED"][$TimeCache] = true; } } $sql = "INSERT IGNORE INTO `squidlogs`.`RTTH_{$TimeCache}` (`xtime`,`sitename`,`ipaddr`,`uid`,`MAC`,`size`) VALUES('{$xtime}','{$FamilySite}','{$ipaddr}','{$uid}','{$mac}','{$SIZE}')"; if ($GLOBALS["VERBOSE"]) { $time_start = microtime(true); } if (!SEND_MYSQL($sql)) { @file_put_contents("/var/log/squid/mysql-rtterrors/" . md5($sql), serialize(array("TABLE" => "RTTH_{$TimeCache}", "CMD" => $sql))); } if ($GLOBALS["VERBOSE"]) { $time_end = microtime(true); $time_calc = $time_end - $time_start; } if ($GLOBALS["VERBOSE"]) { events("RTTH_{$TimeCache} {$time_calc}ms DisableLogFileDaemonMySQL={$GLOBALS["DisableLogFileDaemonMySQL"]}"); } $uri = xmysql_escape_string2($uri); if (!isset($GLOBALS["CODE_TO_STRING"][$code_error])) { $GLOBALS["CODE_TO_STRING"][$code_error] = $logfile_daemon->codeToString($code_error); } $zMD5 = md5("{$uri}{$xtime}{$mac}{$ipaddr}"); $TYPE = $GLOBALS["CODE_TO_STRING"][$code_error]; $cached = $GLOBALS["CACHEDX"][$SquidCode]; $UserAgent = xmysql_escape_string2($UserAgent); if ($GLOBALS["VERBOSE"]) { $time_start = microtime(true); } $sql = "INSERT IGNORE INTO `{$TableSizeHours}` (`zDate`,`size`,`cached`) VALUES ('{$logzdate}','{$SIZE}','{$cached}')"; if (!SEND_MYSQL($sql)) { @file_put_contents("/var/log/squid/mysql-rtterrors/" . md5($sql), serialize(array("TimeCache" => $TimeCache, "TABLE" => $TableSizeHours, "CMD" => $sql))); } if ($GLOBALS["VERBOSE"]) { $time_end = microtime(true); $time_calc = $time_end - $time_start; } if ($GLOBALS["VERBOSE"]) { events("{$TableSizeHours} = {$time_calc}ms"); } $sql = "INSERT IGNORE INTO `{$tableQuotaTemp}` (`xtime`,`keyr`,`ipaddr`,`familysite`,`servername`,`uid`,`MAC`,`size`) VALUES \n\t('{$logzdate}','{$zMD5}','{$ipaddr}','{$FamilySite}','{$FamilySite}','{$uid}','{$mac}','{$SIZE}')"; if (!SEND_MYSQL($sql)) { @file_put_contents("/var/log/squid/mysql-rtterrors/" . md5($sql), serialize(array("TimeCache" => $TimeCache, "TABLE" => $tableQuotaTemp, "CMD" => $sql))); } $sql = "INSERT IGNORE INTO `{$TablePrimaireHour}` (`sitename`,`uri`,`TYPE`,`REASON`,`CLIENT`,`hostname`,`zDate`,`zMD5`,`uid`,`QuerySize`,`cached`,`MAC`,`category`) VALUES ('{$sitename}','{$uri}','{$TYPE}','{$TYPE}','{$ipaddr}','{$hostname}','{$logzdate}','{$zMD5}','{$uid}','{$SIZE}','{$cached}','{$mac}','{$category}')"; if (!SEND_MYSQL($sql)) { @file_put_contents("/var/log/squid/mysql-rtterrors/" . md5($sql), serialize(array("TABLE" => $TablePrimaireHour, "CMD" => $sql))); } $sql = "INSERT IGNORE INTO `{$TableCacheHours}` (`zDate`,`size`,`cached`,`familysite`) VALUES ('{$logzdate}','{$SIZE}','{$cached}','{$FamilySite}')"; if (!SEND_MYSQL($sql)) { @file_put_contents("/var/log/squid/mysql-rtterrors/" . md5($sql), serialize(array("TimeCache" => $TimeCache, "TABLE" => $TableCacheHours, "CMD" => $sql))); } if (strpos(" {$uri}", "youtube") > 0) { $VIDEOID = $logfile_daemon->GetYoutubeID($uri); if ($VIDEOID != null) { $sql = "INSERT IGNORE INTO `{$tableYoutube}` (`zDate`,`ipaddr`,`hostname`,`uid`,`MAC` ,`account`,`youtubeid`) VALUES ('{$logzdate}','{$ipaddr}','','{$uid}','{$mac}','0','{$VIDEOID}')"; events_youtube($sql); if (!SEND_MYSQL($sql)) { @file_put_contents("/var/log/squid/mysql-rtterrors/" . md5($sql), serialize(array("TimeCache" => $TimeCache, "TABLE" => $tableYoutube, "CMD" => $sql))); } } } if (is_array($SearchWords)) { $words = xmysql_escape_string2($SearchWords["WORDS"]); $sql = "INSERT IGNORE INTO `{$tableSearchWords}` (`zmd5`,`sitename`,`zDate`,`ipaddr`,`hostname`,`uid`,`MAC`,`account`,`familysite`,`words`) VALUES ('{$zMD5}','{$sitename}','{$logzdate}','{$ipaddr}','{$hostname}','{$uid}','{$mac}','0','{$FamilySite}','{$words}')"; if (!SEND_MYSQL($sql)) { @file_put_contents("/var/log/squid/mysql-rtterrors/" . md5($sql), serialize(array("TimeCache" => $TimeCache, "TABLE" => $tableYoutube, "CMD" => $sql))); } } if (count($GLOBALS["CACHE_SQL"]) > 2) { events("CACHE_SQL = " . count($GLOBALS["CACHE_SQL"] . " seems 2 minutes")); empty_TableHash(); } $dd = date("Hi"); if (count($GLOBALS["CACHE_SQL"][$dd]) > 1000) { events("CACHE_SQL[{$dd}] = " . count($GLOBALS["CACHE_SQL"][$dd])); empty_TableHash(); } return; $GLOBALS["RTTHASH"][$SUFFIX_DATE][] = array("TIME" => $xtime, "MAC" => $mac, "IPADDR" => $ipaddr, "SIZE" => $SIZE, "SQUID_CODE" => $SquidCode, "HTTP_CODE" => $code_error, "UID" => $uid, "URI" => $uri, "USERAGENT" => $UserAgent, "SITENAME" => $sitename, "HOSTNAME" => $hostname, "RESPONSE_TIME" => $response_time); $GLOBALS["ACCEPTED_REQUESTS"] = $GLOBALS["ACCEPTED_REQUESTS"] + 1; if (count($GLOBALS["RTTHASH"][$SUFFIX_DATE]) > 50) { if ($GLOBALS["VERBOSE"]) { events("-> empty_TableHash()"); } empty_TableHash(); } if ($GLOBALS["VERBOSE"]) { events("---------------------- DONE ----------------------"); } }
function parseTemplate_extension($uri) { $js_forced["revsci.net"] = true; $js_forced["omtrdc.net"] = true; $array = parse_url($uri); $hostname = $array["host"]; $fam = new squid_familysite(); $hostname = $fam->GetFamilySites($hostname); if (count($array) == 0) { return false; } if (!isset($array["path"])) { return false; } $path_parts = pathinfo($array["path"]); $ext = $path_parts['extension']; if (preg_match("#(.+?)\\?#", $ext, $re)) { $ext = $re[1]; } if ($ext == "php") { return false; } if ($ext == "html") { return false; } $basename = $path_parts['basename']; $filename = $path_parts['basename']; if (preg_match("#\\/pixel\\?#", $uri)) { parseTemplate_extension_gif(); return true; } if (isset($js_forced[$hostname])) { $ext = "js"; } if ($filename == null) { $filename = "1x1.{$ext}"; } $ctype = null; switch ($ext) { case "gif": parseTemplate_extension_gif($filename); return true; case "png": $ctype = "image/png"; break; case "jpeg": $ctype = "image/jpg"; break; case "jpg": $ctype = "image/jpg"; break; case "js": $ctype = "application/x-javascript"; break; case "css": $ctype = "text/css"; break; } //aspx if ($ext == "js") { header("content-type: application/x-javascript"); echo "// blocked by url filtering\n"; return true; } if ($ext == "css") { header("content-type: text/css"); echo "\n"; echo "/**\n"; echo "* blocked by url filtering\n"; echo "* \n"; echo "*/\n"; return true; } if ($ext == "ico") { $fsize = filesize("ressources/templates/Squid/favicon.ico"); header("content-type: image/vnd.microsoft.icon"); header("Content-Length: " . $fsize); ob_clean(); flush(); readfile($fsize); return true; } if ($ctype != null) { if (!is_file("img/{$filename}")) { $filename = null; } if ($filename == null) { $filename = "1x1.{$ext}"; } $fsize = filesize("img/{$filename}"); header("Content-Type: {$ctype}"); header("Content-Length: " . $fsize); ob_clean(); flush(); readfile($fsize); return true; } writelogs("{$uri}: {$ext} ({$filename}) Unkown", __FUNCTION__, __FILE__, __LINE__); }
function x_GetFamilySites($sitename) { if (isset($GLOBALS["GetFamilySites"][$sitename])) { return $GLOBALS["GetFamilySites"][$sitename]; } $fam = new squid_familysite(); $GLOBALS["GetFamilySites"][$sitename] = $fam->GetFamilySites($sitename); return $GLOBALS["GetFamilySites"][$sitename]; }
function Ranswomare($ARRAY) { $function = __FUNCTION__; $database = "/etc/squid3/ransomwaretracker.db"; if (!is_file($database)) { if ($GLOBALS["DEBUG_RANSOMARE"]) { events("{$database} no such file"); } return false; } $URI = $ARRAY["ORGURI"]; $urlenc = urlencode($URI); $SquidGuardIPWeb = $GLOBALS["SquidGuardIPWeb"]; $userid = $ARRAY["userid"]; $PROTO = $ARRAY["PROTO"]; $IP = $ARRAY["IP"]; $IpClass = new IP(); if (preg_match("#([0-9\\.]+)\\/(.*)#", $IP, $re)) { $hostname = $re[2]; $IP = $re[1]; } if ($GLOBALS["DEBUG_RANSOMARE"]) { events("{$function}: RANSOMARE_FTIME = {$GLOBALS["RANSOMARE_FTIME"]}"); } if (!isset($GLOBALS["RANSOMARE_FTIME"])) { $GLOBALS["RANSOMARE_FTIME"] = filemtime($database); $GLOBALS["RANSOMARE_DB"] = unserialize(@file_get_contents($database)); } if (!isset($GLOBALS["RANSOMARE_DB"])) { $GLOBALS["RANSOMARE_FTIME"] = filemtime($database); $GLOBALS["RANSOMARE_DB"] = unserialize(@file_get_contents($database)); } $ftime = filemtime($database); if ($ftime != $GLOBALS["RANSOMARE_FTIME"]) { $GLOBALS["RANSOMARE_FTIME"] = filemtime($database); $GLOBALS["RANSOMARE_DB"] = unserialize(@file_get_contents($database)); } $MAIN = $GLOBALS["RANSOMARE_DB"]; $H = parse_url($URI); $domain = $H["host"]; if (strpos($domain, ":") > 0) { $xdomain = explode(":", $domain); $domain = $xdomain[0]; } $domain = strtolower($domain); if (preg_match("#(\\/|\\.)(windowsupdate|microsoft|netflix|google|msftncsi|teamviewer|lastpass|steamusercontent|nflxvideo|kaspersky)\\.[a-z]+#", $domain)) { if ($GLOBALS["DEBUG_RANSOMARE"]) { events("{$function}: {$domain}: \"SKIP\""); } return false; } if ($GLOBALS["DEBUG_RANSOMARE"]) { events("{$function}: {$domain}: \"{$URI}\""); } $returned = "{$GLOBALS["SquidGuardIPWeb"]}?rule-id=0SquidGuardIPWeb=" . base64_encode($GLOBALS["SquidGuardIPWeb"]) . "&clientaddr={$IP}&clientname={$IP}&clientuser={$userid}" . "&clientgroup=default&targetgroup=ransomware&url={$urlenc}"; if ($IpClass->isValid($domain)) { if ($GLOBALS["DEBUG_RANSOMARE"]) { events("{$function}: {$domain}: Check {$domain} in " . count($MAIN["IPS"]) . " IPS"); } if (isset($MAIN["IPS"][$domain])) { ufdbgevents("default", "ransomware"); if ($GLOBALS["DEBUG_RANSOMARE"]) { events("{$function}: {$domain}: TRUE IP"); } Output_results($returned, __FUNCTION__, __LINE__); return true; } if ($GLOBALS["DEBUG_RANSOMARE"]) { events("{$function}: {$domain}: \"PASS [OK]\""); } return false; } $f = new squid_familysite(); $familysite = $f->GetFamilySites($domain); if ($GLOBALS["DEBUG_RANSOMARE"]) { events("{$function}: {$domain}: Check {$domain} in " . count($MAIN["DOMAINS"]) . " domains"); } if (isset($MAIN["DOMAINS"][$domain])) { if ($GLOBALS["DEBUG_RANSOMARE"]) { events("{$domain}: TRUE DOMAIN"); } ufdbgevents("default", "ransomware"); Output_results($returned, __FUNCTION__, __LINE__); return true; } if ($GLOBALS["DEBUG_RANSOMARE"]) { events("{$function}: {$domain}: Check {$familysite} in " . count($MAIN["DOMAINS"]) . " domains"); } if (isset($MAIN["DOMAINS"][$familysite])) { if ($GLOBALS["DEBUG_RANSOMARE"]) { events("{$function}: {$domain}: TRUE DOMAIN FAMILYSITE"); } ufdbgevents("default", "ransomware"); Output_results($returned, __FUNCTION__, __LINE__); return true; } if ($GLOBALS["DEBUG_RANSOMARE"]) { events("{$function}: {$domain}: Check {$URI} in " . count($MAIN["URIS"]) . " Urls"); } if (isset($MAIN["URIS"][$URI])) { if ($GLOBALS["DEBUG_RANSOMARE"]) { events("{$function}: {$domain}: TRUE URL"); } ufdbgevents("default", "ransomware"); Output_results($returned, __FUNCTION__, __LINE__); return true; } if ($GLOBALS["DEBUG_RANSOMARE"]) { events("{$function}: {$domain}: \"PASS [OK]\""); } }
function CheckRules($ARRAY) { $IPSRC = $ARRAY["IPADDR"]; $DOMAIN = $ARRAY["DOMAIN"]; $fam = new squid_familysite(); $FAMILY = $fam->GetFamilySites($DOMAIN); if ($FAMILY == "articatech.net") { return false; } if ($FAMILY == "artica.fr") { return false; } if ($IPSRC == "127.0.0.1") { return false; } $MAIN = LoadRules(); if (isset($MAIN["IPSRC"])) { if (isset($MAIN["IPSRC"][$IPSRC])) { if ($GLOBALS["DEBUG_LEVEL"] > 1) { WLOG("CheckRules()::[BLOCK]: {$IPSRC}"); } return true; } if ($GLOBALS["DEBUG_LEVEL"] > 1) { WLOG("CheckRules()::[SKIP]: IP:{$IPSRC}"); } } if (isset($MAIN["DOMS"])) { if (isset($MAIN["DOMS"][$DOMAIN])) { if ($GLOBALS["DEBUG_LEVEL"] > 1) { WLOG("CheckRules()::[BLOCK]: {$DOMAIN}"); } return true; } if ($GLOBALS["DEBUG_LEVEL"] > 1) { WLOG("CheckRules()::[SKIP]: DOM:{$DOMAIN}"); } if (isset($MAIN["DOMS"][$FAMILY])) { if ($GLOBALS["DEBUG_LEVEL"] > 1) { WLOG("CheckRules()::[BLOCK]: {$FAMILY}"); } return true; } if ($GLOBALS["DEBUG_LEVEL"] > 1) { WLOG("CheckRules()::[SKIP]: DOM:{$FAMILY}"); } } if (isset($MAIN["IPDOM"])) { if (!isset($MAIN["IPDOM"][$IPSRC])) { if ($GLOBALS["DEBUG_LEVEL"] > 1) { WLOG("CheckRules()::[SKIP]: {$IPSRC} FOR {$IPSRC}/FAMILY"); } return false; } if (!isset($MAIN["IPDOM"][$IPSRC][$FAMILY])) { if ($GLOBALS["DEBUG_LEVEL"] > 1) { WLOG("CheckRules()::[SKIP]: {$IPSRC} FOR {$IPSRC}/{$FAMILY}"); } return false; } if ($GLOBALS["DEBUG_LEVEL"] > 1) { WLOG("CheckRules()::[BLOCK]: {$IPSRC}/{$FAMILY}"); } return true; } }
function paranoidmode($local_ip, $www) { if ($GLOBALS["UfdbEnableParanoidMode"] == 0) { return; } if (intval($GLOBALS["UfdbEnableParanoidBlockW"]) < 1000) { $GLOBALS["UfdbEnableParanoidBlockW"] = 5000; } if (intval($GLOBALS["UfdbEnableParanoidBlockC"]) < 1000) { $GLOBALS["UfdbEnableParanoidBlockW"] = 5000; } if (intval($GLOBALS["UfdbEnableParanoidBlockU"]) == 0) { $GLOBALS["UfdbEnableParanoidBlockU"] = 100; } if (isset($GLOBALS["UfdbEnableParanoidModeCounter"])) { $GLOBALS["UfdbEnableParanoidModeCounter"] = 0; } $GLOBALS["UfdbEnableParanoidModeCounter"] = $GLOBALS["UfdbEnableParanoidModeCounter"] + 1; if (!isset($GLOBALS["MEMORY_FAMILY"][$www])) { $f = new squid_familysite(); $GLOBALS["MEMORY_FAMILY"][$www] = $f->GetFamilySites($www); } $www = $GLOBALS["MEMORY_FAMILY"][$www]; $Y = date("Y"); $M = date("M"); $D = date("d"); $H = date("H"); $DAYC = intval(@file_get_contents("/home/artica/ufdbcounters/{$Y}/{$M}/{$D}/{$www}/{$local_ip}")); // $HOURC=intval(@file_get_contents("/home/artica/ufdbcounters/$Y/$M/$D/$H/$www/$local_ip")); if ($DAYC > $GLOBALS["UfdbEnableParanoidBlockU"]) { $pattern = "{$local_ip}/{$www}"; $sql = "INSERT IGNORE INTO `webfilters_paranoid` (pattern,object,zDate) VALUES ('{$pattern}','dstdomainsrc',NOW())"; $md5 = md5($sql); if (!isset($GLOBALS["SQLSAVED"][$md5])) { $q = new mysql_squid_builder(); $q->QUERY_SQL($sql); if (!$q->ok) { squid_admin_mysql(0, "Paranoid mode FATAL! {$q->mysql_error}", null, __FILE__, __LINE__); return; } $GLOBALS["SQLSAVED"][$md5] = true; squid_admin_mysql(0, "Paranoid mode bann {$local_ip} to {$www} after {$DAYC} events", null, __FILE__, __LINE__); shell_exec("{$GLOBALS["nohup"]} {$GLOBALS["PHP5_BIN"]} /usr/share/artica-postfix/exec.squid.paranoid.php >/dev/null 2>&1 &"); } } $DAYC = intval(@file_get_contents("/home/artica/ufdbcounters/{$Y}/{$M}/{$D}/{$www}/TOT")); // $HOURC=intval(@file_get_contents("/home/artica/ufdbcounters/$Y/$M/$D/$H/$www/TOT")); if ($DAYC > $GLOBALS["UfdbEnableParanoidBlockW"] - 1) { $sql = "INSERT IGNORE INTO `webfilters_paranoid` (pattern,object,zDate) VALUES ('{$www}','dstdomain',NOW())"; $md5 = md5($sql); if (!isset($GLOBALS["SQLSAVED"][$md5])) { $q = new mysql_squid_builder(); $q->QUERY_SQL($sql); if (!$q->ok) { squid_admin_mysql(0, "Paranoid mode FATAL! {$q->mysql_error}", null, __FILE__, __LINE__); return; } $GLOBALS["SQLSAVED"][$md5] = true; squid_admin_mysql(0, "Paranoid mode {$www} is banned! after {$DAYC} events", null, __FILE__, __LINE__); shell_exec("{$GLOBALS["nohup"]} {$GLOBALS["PHP5_BIN"]} /usr/share/artica-postfix/exec.squid.paranoid.php >/dev/null 2>&1 &"); } } $DAYC = intval(@file_get_contents("/home/artica/ufdbcounters/{$Y}/{$M}/{$D}/{$local_ip}/TOT")); // $HOURC=intval(@file_get_contents("/home/artica/ufdbcounters/$Y/$M/$D/$H/$local_ip/TOT")); if ($DAYC > $GLOBALS["UfdbEnableParanoidBlockC"] - 1) { $sql = "INSERT IGNORE INTO `webfilters_paranoid` (pattern,object,zDate) VALUES ('{$local_ip}','src',NOW())"; $md5 = md5($sql); if (!isset($GLOBALS["SQLSAVED"][$md5])) { $q = new mysql_squid_builder(); $q->QUERY_SQL($sql); if (!$q->ok) { squid_admin_mysql(0, "Paranoid mode FATAL! {$q->mysql_error}", null, __FILE__, __LINE__); return; } $DZ = array(); squid_admin_mysql(0, "Paranoid mode {$local_ip} is banned! after {$DAYC} events", null, __FILE__, __LINE__); $GLOBALS["SQLSAVED"][$md5] = true; shell_exec("{$GLOBALS["nohup"]} {$GLOBALS["PHP5_BIN"]} /usr/share/artica-postfix/exec.squid.global.access.php >/dev/null 2>&1 &"); } } if ($GLOBALS["UfdbEnableParanoidModeCounter"] > 5) { if (isset($GLOBALS["MEMORY_FAMILY"])) { if (count($GLOBALS["MEMORY_FAMILY"]) > 5000) { $GLOBALS["MEMORY_FAMILY"] = array(); } } $GLOBALS["UfdbEnableParanoidModeCounter"] = 0; } }
function events_list() { $sock = new sockets(); $catz = new mysql_catz(); $sock->getFrameWork("squid.php?access-real=yes&rp={$_POST["rp"]}&query=" . urlencode($_POST["query"]) . "&SearchString={$_GET["SearchString"]}"); $filename = "/usr/share/artica-postfix/ressources/logs/access.log.tmp"; $dataZ = explode("\n", @file_get_contents($filename)); $tpl = new templates(); $data = array(); $data['page'] = 1; $data['total'] = count($data); $data['rows'] = array(); $today = date("Y-m-d"); $tcp = new IP(); $cachedT = $tpl->_ENGINE_parse_body("{cached}"); $unknown = $tpl->javascript_parse_text("{unknown}"); $c = 0; if (count($dataZ) == 0) { json_error_show("no data"); } $zcat = new squid_familysite(); $logfileD = new logfile_daemon(); krsort($dataZ); $IP = new IP(); while (list($num, $line) = each($dataZ)) { $TR = preg_split("/[\\s]+/", $line); if (count($TR) < 5) { continue; } $c++; $color = "black"; $date = date("Y-m-d H:i:s", $TR[0]); $durationunit = "s"; $duration = $TR[1] / 1000; if ($duration < 60) { $duration = round($duration, 2); } if ($duration > 60) { $duration = round($duration / 60, 2); $durationunit = "mn"; } $ip = $TR[2]; $zCode = explode("/", $TR[3]); $size = $TR[4]; $PROTO = $TR[5]; if ($logfileD->CACHEDORNOT($zCode[0])) { $color = "#009223"; } $codeToString = $logfileD->codeToString($zCode[1]); $port = null; $infos = null; $prefix = null; $query = null; $scheme = null; if ($PROTO == "CONNECT") { $color = "#BAB700"; $PROTO = "SSL"; $scheme = "https"; } if ($zCode[1] > 399) { $color = "#D0080A"; } if ($zCode[1] == 307) { $color = "#F59C44"; } if ($PROTO == "GET" or $PROTO == "POST") { if (preg_match("#TCP_REDIRECT#", $zCode[0])) { $color = "#A01E1E"; } } $URL = $TR[6]; $SOURCE_URL = $URL; $fontsize = 14; if ($_GET["minsize"] == 1) { $fontsize = 12; } $user = "******"; if ($user == "-") { $user = null; } if ($user != null) { $user = "******"; } if (!isset($parse["scheme"])) { if ($PROTO == "SSL") { $GET_URL = "https://{$SOURCE_URL}"; } } else { $GET_URL = $SOURCE_URL; } $parse = parse_url($URL); if ($scheme == null) { $scheme = $parse["scheme"]; } $hostname = $parse["host"]; if (preg_match("#(.+?):([0-9]+)#", $hostname, $re)) { $hostname = $re[1]; $port = $re[2]; } if ($IP->isValid($hostname)) { $parse["query"] = null; $parse["path"] = null; $TT = explode(".", $hostname); $net = $TT[0] . "." . $TT[1] . "." . $TT[2]; $infos = " (<a href=\"http://www.tcpiputils.com/browse/ip-address/{$hostname}\" style='text-decoration:underline;color:black' target=_new>TCP Utils</a> | <a href=\"https://db-ip.com/all/{$net}\" style='text-decoration:underline;color:black' target=_new>Subnet</a>)"; } $path = $parse["path"]; $query = $parse["query"]; $familysite = $zcat->GetFamilySites($hostname); $familysite = str_replace("'", "`", $familysite); $familysiteEnc = urlencode($familysite); if ($familysite != $hostname) { $prefix = str_replace(".{$familysite}", "", $hostname); if ($prefix != "www") { $prefix = "<a href=\"javascript:blur();\"\n\t\t\t\tOnClick=\"javascript:Loadjs('squid.access.webfilter.tasks.php?familysite={$hostname}')\"\n\t\t\t\tstyle='text-decoration:underline;font-size:{$fontsize}px;color:{$color};font-weight:bold'>{$prefix}</a>"; } } $familysite = "<a href=\"javascript:blur();\" \n\t\tOnClick=\"javascript:Loadjs('squid.access.webfilter.tasks.php?familysite={$familysiteEnc}')\"\n\t\tstyle='text-decoration:underline;font-size:{$fontsize}px;color:{$color}'>{$familysite}</a>"; $URL = "{$scheme}://"; if ($prefix != null) { $URL = $URL . "{$prefix}."; } $URL = $URL . "{$familysite}"; if ($port != null) { $URL = $URL . ":{$port}"; } if (!isset($_GET["categories-scan"])) { if ($path != null) { $URL = $URL . $path; } if ($query != null) { $URL = $URL . "?{$query}"; } } else { $category = $catz->GET_CATEGORIES($hostname); if ($category == null) { $category = " ({$unknown})"; } else { $category = " ({$category})"; } $URL = $URL . $category; } $TR[6] = $URL; $link = "<a href=\"{$GET_URL}\" target=_new><img src='img/icon-link.png'></a>"; if ($size > 1024) { $size = FormatBytes($size / 1024); } else { $size = "{$size} Bytes"; } $date = str_replace($today . " ", "", $date); $data['rows'][] = array('id' => md5($line), 'cell' => array("<span style='font-size:{$fontsize}px;color:{$color}'>{$date}</span>", "<span style='font-size:{$fontsize}px;color:{$color}'>{$ip}{$user}</span>", "<span style='font-size:{$fontsize}px;color:{$color}'>{$zCode[0]} - {$codeToString}</span>", "<span style='font-size:{$fontsize}px;color:{$color}'>{$PROTO}</span>", "<span style='font-size:{$fontsize}px;color:{$color}'>{$TR[6]}{$infos}</span>", "<center style='font-size:{$fontsize}px;color:{$color}'>{$link}</center>", "<span style='font-size:{$fontsize}px;color:{$color}'>{$size}</span>", "<span style='font-size:{$fontsize}px;color:{$color}'>{$duration}{$durationunit}</span>", "{$ip}")); } $data['total'] = $c; echo json_encode($data); }
function TIME_QUOTA($url) { if (trim($url) == null) { if ($GLOBALS["DEBUG"]) { WLOG("TIME_QUOTA::URL is null [" . __LINE__ . "]"); return false; } } if (strpos(" {$url}", "127.0.0.1 00:00:00:00:00:00") > 0) { return false; } if ($GLOBALS["DEBUG"]) { WLOG("TIME_QUOTA::{$url} [" . __LINE__ . "]"); } $values = explode(" ", $url); $USERNAME = $values[0]; if (strpos($USERNAME, '$') > 0) { if (substr($USERNAME, strlen($USERNAME) - 1, 1) == "\$") { $USERNAME = null; } } $IPADDR = $values[1]; $MAC = $values[2]; $XFORWARD = $values[3]; $WWW = $values[4]; if ($GLOBALS["DEBUG"]) { WLOG("TIME_QUOTA::USERNAME:{$USERNAME} [" . __LINE__ . "]"); } if ($GLOBALS["DEBUG"]) { WLOG("TIME_QUOTA::IPADDR..:{$IPADDR} [" . __LINE__ . "]"); } if ($GLOBALS["DEBUG"]) { WLOG("TIME_QUOTA::MAC.....:{$MAC} [" . __LINE__ . "]"); } if ($GLOBALS["DEBUG"]) { WLOG("TIME_QUOTA::XFORWARD:{$XFORWARD} [" . __LINE__ . "]"); } if ($GLOBALS["DEBUG"]) { WLOG("TIME_QUOTA::WWW.....:{$WWW} [" . __LINE__ . "]"); } $USERNAME = str_replace("%20", " ", $USERNAME); $USERNAME = str_replace("%25", "-", $USERNAME); $IPADDR = str_replace("%25", "-", $IPADDR); $MAC = str_replace("%25", "-", $MAC); $XFORWARD = str_replace("%25", "-", $XFORWARD); if ($XFORWARD == "-") { $XFORWARD = null; } if ($MAC == "00:00:00:00:00:00") { $MAC = null; } if ($MAC == "-") { $MAC = null; } if ($USERNAME == "-") { $USERNAME = null; } $IPCalls = new IP(); if ($IPCalls->isIPAddress($XFORWARD)) { $IPADDR = $XFORWARD; } if (preg_match("#(.+?):[0-9]+#", $WWW, $re)) { $WWW = $re[1]; } if (preg_match("#^www\\.(.+)#", $WWW, $re)) { $WWW = $re[1]; } $fam = new squid_familysite(); $WWW = $fam->GetFamilySites($WWW); $db_con = dba_open($GLOBALS["DBPATH"], "c", "db4"); if (!$db_con) { WLOG("FATAL!!! TIME_QUOTA::{$GLOBALS["DBPATH"]}, unable to open"); return false; } $mainkey = md5(trim("{$USERNAME}{$IPADDR}{$MAC}{$WWW}")); if ($USERNAME != null) { $mainkey = md5("{$USERNAME}{$WWW}"); } if ($USERNAME == null) { if ($MAC != null) { $mainkey = md5("{$MAC}{$WWW}"); } } $Fetched = true; if (!dba_exists($mainkey, $db_con)) { $Fetched = false; if ($GLOBALS["DEBUG"]) { WLOG("FATAL!!! TIME_QUOTA::{$mainkey} doesn't exists"); } } else { if ($GLOBALS["DEBUG"]) { WLOG("TIME_QUOTA::{$mainkey} Exists OK"); } } if (!$Fetched) { $array["START"] = time(); $array["website"] = $WWW; $array["username"] = $USERNAME; $array["ipaddr"] = $IPADDR; $array["MAC"] = $MAC; $array["END"] = time(); $array["ORG_START"] = time(); if ($GLOBALS["DEBUG"]) { WLOG("TIME_QUOTA::[{$WWW}]: new item for UID:{$USERNAME}; IPADDR={$IPADDR};MAC={$MAC},sitename={$WWW}"); } dba_replace($mainkey, serialize($array), $db_con); @dba_close($db_con); return false; } $array = unserialize(dba_fetch($mainkey, $db_con)); if (!isset($array["END"])) { $array["END"] = time(); } if (!isset($array["ORG_START"])) { $array["ORG_START"] = time(); } if (!is_array($array)) { if ($GLOBALS["DEBUG"]) { WLOG("[{$WWW}]: FATAL!!! Array is not an array..."); } } else { if ($GLOBALS["DEBUG"]) { WLOG("[{$WWW}]: In DB www:{$array["website"]} Last scan {$array["END"]}"); } } if (!is_numeric($array["START"])) { $array["START"] = time(); } if (!is_numeric($array["ORG_START"])) { $array["ORG_START"] = time(); } if ($array["START"] == 0) { $array["START"] = time(); } if (!isset($array["website"])) { $array["website"] = $WWW; } if (!isset($array["username"])) { $array["username"] = $USERNAME; } if (!isset($array["ipaddr"])) { $array["ipaddr"] = $IPADDR; } if (!isset($array["MAC"])) { $array["MAC"] = $MAC; } $array["SEC"] = time() - $array["START"]; $array["TIME"] = time_passed_min($array["START"], time()); if ($GLOBALS["ACL_RULES"] > 0) { $array = TIMED_OUT($array); } if (!isset($array["LOCK"])) { $array["LOCK"] = false; } if ($array["LOCK"]) { if ($GLOBALS["DEBUG"]) { WLOG("[{$WWW}]: ** LOCKED **"); } } $array["END"] = time(); if ($GLOBALS["DEBUG"]) { WLOG("[{$WWW}]: TIME_QUOTA::Start: {$array["START"]} ({$array["SEC"]} seconds) for UID:{$USERNAME}; IPADDR={$IPADDR};MAC={$MAC},sitename={$WWW}"); } if (!dba_replace($mainkey, serialize($array), $db_con)) { WLOG("[{$WWW}]: TIME_QUOTA::FATAL ERROR, dba_replace {$mainkey}"); } @dba_close($db_con); return $array["LOCK"]; }
function events_list() { $sock = new sockets(); include_once 'ressources/class.ufdbguard-tools.inc'; $sock->getFrameWork("squid.php?ufdb-real=yes&rp={$_POST["rp"]}&query=" . urlencode($_POST["query"])); $filename = "/usr/share/artica-postfix/ressources/logs/ufdb.log.tmp"; $dataZ = explode("\n", @file_get_contents($filename)); $tpl = new templates(); $data = array(); $data['page'] = 1; $data['total'] = count($data); $data['rows'] = array(); $today = date("Y-m-d"); $tcp = new IP(); $c = 0; krsort($dataZ); if (count($dataZ) == 0) { json_error_show("no data"); } $logfileD = new logfile_daemon(); $zcat = new squid_familysite(); while (list($num, $line) = each($dataZ)) { $TR = preg_split("/[\\s]+/", $line); if (count($TR) < 5) { continue; } $c++; $color = "black"; $date = $TR[0]; $TIME = $TR[1]; $PID = $TR[2]; $ALLOW = $TR[3]; $CLIENT = $TR[4]; $CLIENT_IP = $TR[5]; $RULE = $TR[6]; $CATEGORY = CategoryCodeToCatName($TR[7]); $URI = $TR[8]; $PROTO = $TR[9]; $parse = parse_url($URI); $hostname = $parse["host"]; if (!isset($parse["host"])) { continue; } if ($CLIENT == null) { $CLIENT = "-"; } if ($ALLOW == "BLOCK-LD") { $color = "#D0080A"; } if ($ALLOW == "BLOCK") { $color = "#D0080A"; } if ($ALLOW == "REDIR") { $color = "#BAB700"; } if ($ALLOW == "PASS") { $color = "#009223"; } $familysite = $zcat->GetFamilySites($hostname); $familysiteEnc = urlencode($familysite); if ($CLIENT == $CLIENT_IP) { $CLIENT_IP = null; } else { $CLIENT_IP = "/{$CLIENT_IP}"; } $hostname = texttooltip($hostname, "{webfiltering_tasks_explain}", "Loadjs('squid.access.webfilter.tasks.php?familysite={$familysiteEnc}')"); $fontsize = 14; if ($_GET["minsize"] == 1) { $fontsize = 12; } if ($date == $today) { $date = null; } $data['rows'][] = array('id' => md5($line), 'cell' => array("<span style='font-size:{$fontsize}px;color:{$color}'>{$date} {$TIME}</span>", "<span style='font-size:{$fontsize}px;color:{$color}'>{$CLIENT}{$CLIENT_IP}</span>", "<span style='font-size:{$fontsize}px;color:{$color}'>{$RULE}/{$CATEGORY}</span>", "<span style='font-size:{$fontsize}px;color:{$color}'>{$ALLOW}</span>", "<span style='font-size:{$fontsize}px;color:{$color}'>{$PROTO}</span>", "<span style='font-size:{$fontsize}px;color:{$color}'>{$hostname}</span>", "<span style='font-size:{$fontsize}px;color:{$color}'>{$URI}</span>")); } if ($c == 0) { json_error_show("No data"); } $data['total'] = $c; echo json_encode($data); }
function SIZE_QUOTA($url) { if (trim($url) == null) { if ($GLOBALS["DEBUG"]) { WLOG("SIZE_QUOTA::URL is null [" . __LINE__ . "]"); return false; } } //- Group75 administrateur 192.168.1.9 00:26:b9:78:8f:0a - ttvpsy.psychologies.com ttvpsy.psychologies.com 75 $MAIN = explode(" ", $url); $EXT_LOG = $MAIN[0]; $MYGROUP = $MAIN[1]; $USERNAME = $MAIN[2]; $IPADDR = $MAIN[3]; $MAC = $MAIN[4]; $XFORWARD = trim($MAIN[5]); $WWW = $MAIN[6]; $WWW_SRC = $WWW; $gpid = $MAIN[7]; if ($IPADDR == "127.0.0.1") { return false; } if ($XFORWARD == "-") { $XFORWARD = null; } if (strpos($USERNAME, '$') > 0) { if (substr($USERNAME, strlen($USERNAME) - 1, 1) == "\$") { $USERNAME = null; } } $USERNAME = str_replace("%20", " ", $USERNAME); $USERNAME = str_replace("%25", "-", $USERNAME); $IPADDR = str_replace("%25", "-", $IPADDR); $MAC = str_replace("%25", "-", $MAC); $XFORWARD = str_replace("%25", "-", $XFORWARD); if ($XFORWARD == "-") { $XFORWARD = null; } if ($MAC == "00:00:00:00:00:00") { $MAC = null; } if ($MAC == "-") { $MAC = null; } if ($USERNAME == "-") { $USERNAME = null; } $IPCalls = new IP(); if ($IPCalls->isIPAddress($XFORWARD)) { $IPADDR = $XFORWARD; } if (preg_match("#(.+?):[0-9]+#", $WWW, $re)) { $WWW = $re[1]; } if (preg_match("#^www\\.(.+)#", $WWW, $re)) { $WWW = $re[1]; } if (!class_exists("squid_familysite")) { include_once dirname(__FILE__) . "/ressources/class.squid.familysites.inc"; } $fam = new squid_familysite(); $WWW = $fam->GetFamilySites($WWW); $LOG_PREFIX = "{$WWW}"; if ($GLOBALS["DEBUG"]) { WLOG("{$LOG_PREFIX}: {$WWW_SRC}::GROUPID:{$gpid}; USERNAME:{$USERNAME};MAC:{$MAC}; IPADDR:{$IPADDR} [" . __LINE__ . "]"); } LOADING_RULES($gpid); if (!isset($GLOBALS["ACL_RULES"][$gpid]["WEEK"])) { $GLOBALS["ACL_RULES"][$gpid]["WEEK"] = 0; } if (!isset($GLOBALS["ACL_RULES"][$gpid]["HOUR"])) { $GLOBALS["ACL_RULES"][$gpid]["HOUR"] = 0; } if (!isset($GLOBALS["ACL_RULES"][$gpid]["DAY"])) { $GLOBALS["ACL_RULES"][$gpid]["DAY"] = 0; } if (!isset($GLOBALS["ACL_RULES"][$gpid]["MEMBER_HOUR"])) { $GLOBALS["ACL_RULES"][$gpid]["MEMBER_HOUR"] = 0; } if (!isset($GLOBALS["ACL_RULES"][$gpid]["MEMBER_WEEK"])) { $GLOBALS["ACL_RULES"][$gpid]["MEMBER_WEEK"] = 0; } if (!isset($GLOBALS["ACL_RULES"][$gpid]["MEMBER_DAY"])) { $GLOBALS["ACL_RULES"][$gpid]["MEMBER_DAY"] = 0; } if (!isset($GLOBALS["ACL_RULES"][$gpid]["WEBSITE_HOUR"])) { $GLOBALS["ACL_RULES"][$gpid]["WEBSITE_HOUR"] = 0; } if (!isset($GLOBALS["ACL_RULES"][$gpid]["WEBSITE_WEEK"])) { $GLOBALS["ACL_RULES"][$gpid]["WEBSITE_WEEK"] = 0; } if (!isset($GLOBALS["ACL_RULES"][$gpid]["WEBSITE_HOUR"])) { $GLOBALS["ACL_RULES"][$gpid]["WEBSITE_HOUR"] = 0; } $MaxPerDay = intval($GLOBALS["ACL_RULES"][$gpid]["DAY"]); $MaxPerHour = intval($GLOBALS["ACL_RULES"][$gpid]["HOUR"]); $MaxPerWeek = intval($GLOBALS["ACL_RULES"][$gpid]["WEEK"]); $MEMBER_HOUR = intval($GLOBALS["ACL_RULES"][$gpid]["MEMBER_HOUR"]); $MEMBER_DAY = intval($GLOBALS["ACL_RULES"][$gpid]["MEMBER_DAY"]); $MEMBER_WEEK = intval($GLOBALS["ACL_RULES"][$gpid]["MEMBER_WEEK"]); $WEBSITE_HOUR = intval($GLOBALS["ACL_RULES"][$gpid]["WEBSITE_HOUR"]); $WEBSITE_DAY = intval($GLOBALS["ACL_RULES"][$gpid]["WEBSITE_DAY"]); $WEBSITE_WEEK = intval($GLOBALS["ACL_RULES"][$gpid]["WEBSITE_WEEK"]); if (CHECK_WEBSITE($WWW, $WEBSITE_HOUR, $WEBSITE_DAY, $WEBSITE_WEEK)) { WLOG("{$LOG_PREFIX}: {$WWW} match size"); return true; } if (isset($GLOBALS["ACL_RULES"][$gpid]["CATEGORIES_HOUR"])) { if (CHECK_CATEGORY_HOUR($WWW_SRC, $gpid)) { WLOG("{$LOG_PREFIX}: {$WWW} Hourly Category match size"); return true; } } else { WLOG("{$LOG_PREFIX}: {$gpid} CATEGORIES_HOUR not set"); } if (isset($GLOBALS["ACL_RULES"][$gpid]["CATEGORIES_DAY"])) { if (CHECK_CATEGORY_DAY($WWW_SRC, $gpid)) { WLOG("{$LOG_PREFIX}: {$WWW} Daily Category match size"); return true; } } if (isset($GLOBALS["ACL_RULES"][$gpid]["CATEGORIES_WEEK"])) { if (CHECK_CATEGORY_WEEK($WWW_SRC, $gpid)) { WLOG("{$LOG_PREFIX}: {$WWW} Weekly Category match size"); return true; } } if ($USERNAME != null) { $CHECK_USER = true; if (CHECK_UID($WWW, "UID/{$USERNAME}", $MaxPerHour, $MaxPerDay, $MaxPerWeek)) { WLOG("{$LOG_PREFIX}: {$USERNAME} {$WWW} match size"); return true; } if (CHECK_MEMBER("UID/{$USERNAME}", $MEMBER_HOUR, $MEMBER_DAY, $MEMBER_WEEK)) { WLOG("{$LOG_PREFIX}: {$USERNAME} match size"); return true; } } if (!$CHECK_USER) { if ($MAC != null) { $CHECK_USER = true; if (CHECK_UID($WWW, "MAC/{$MAC}", $MaxPerHour, $MaxPerDay, $MaxPerWeek)) { WLOG("{$LOG_PREFIX}: {$MAC} {$WWW} match size"); return true; } if (CHECK_MEMBER("UID/{$MAC}", $MEMBER_HOUR, $MEMBER_DAY, $MEMBER_WEEK)) { WLOG("{$LOG_PREFIX}: {$USERNAME} match size"); return true; } } } if (!$CHECK_USER) { if ($IPADDR != null) { if (CHECK_UID($WWW, "IPADDR/{$IPADDR}", $MaxPerHour, $MaxPerDay, $MaxPerWeek)) { WLOG("{$LOG_PREFIX}: {$IPADDR} {$WWW} match size"); return true; } if (CHECK_MEMBER("UID/{$IPADDR}", $MEMBER_HOUR, $MEMBER_DAY, $MEMBER_WEEK)) { WLOG("{$LOG_PREFIX}: {$USERNAME} match size"); return true; } } } return false; }
#!/usr/bin/php -q <?php $GLOBALS["DEBUG"] = false; //ini_set('html_errors',0);ini_set('display_errors', 1);ini_set('error_reporting', E_ALL);ini_set('error_prepend_string','');ini_set('error_append_string',''); error_reporting(0); include_once dirname(__FILE__) . "/ressources/class.mysql.squid.builder.php"; include_once dirname(__FILE__) . "/ressources/class.squid.familysites.inc"; include_once dirname(__FILE__) . "/framework/class.unix.inc"; $GLOBALS["MYPID"] = getmypid(); WLOG("Starting PID:{$GLOBALS["MYPID"]}"); $c = 0; $DCOUNT = 0; $fam = new squid_familysite(); while (!feof(STDIN)) { $ARRAY = array(); $data = trim(fgets(STDIN)); if ($data == null) { continue; } if (strpos($data, "cache_object://") > 0) { fwrite(STDOUT, "ERR\n"); continue; } $result = false; $tr = explode(" ", $data); while (list($index, $value) = each($tr)) { if ($index == 5) { continue; } $tr[$index] = trim($value); $tr[$index] = str_replace("%25", "", $tr[$index]);
function save() { $type = $_POST["object"]; if ($_POST["website"] != null) { if (strpos($_POST["website"], "://")) { $parse_url = parse_url($_POST["website"]); $_POST["website"] = $parse_url["host"]; } $fam = new squid_familysite(); $_POST["website"] = $fam->GetFamilySites($_POST["website"]); } if ($type == "src") { $pattern = $_POST["ipaddr"]; } if ($type == "dstdomain") { $pattern = $_POST["website"]; } if ($type == "dstdomainsrc") { $pattern = "{$_POST["ipaddr"]}/{$_POST["website"]}"; } $q = new mysql_squid_builder(); $q->QUERY_SQL("DELETE FROM webfilters_paranoid WHERE `pattern`='{$pattern}'"); $sql = "INSERT IGNORE INTO `webfilters_paranoid` (pattern,object,zDate) \n\tVALUES ('{$pattern}','{$type}',NOW())"; $q->QUERY_SQL($sql); if (!$q->ok) { echo $q->mysql_error; } }
function SIZE_QUOTA($url) { if (trim($url) == null) { if ($GLOBALS["DEBUG"]) { WLOG("SIZE_QUOTA::URL is null [" . __LINE__ . "]"); return false; } } if (strpos(" {$url}", "127.0.0.1 00:00:00:00:00:00") > 0) { return false; } if ($GLOBALS["DEBUG"]) { WLOG("SIZE_QUOTA::{$url} [" . __LINE__ . "]"); } $values = explode(" ", $url); $USERNAME = $values[0]; if (strpos($USERNAME, '$') > 0) { if (substr($USERNAME, strlen($USERNAME) - 1, 1) == "\$") { $USERNAME = null; } } $IPADDR = $values[1]; $MAC = $values[2]; $XFORWARD = $values[3]; $WWW = $values[4]; if ($GLOBALS["DEBUG"]) { WLOG("SIZE_QUOTA::USERNAME:{$USERNAME} [" . __LINE__ . "]"); } if ($GLOBALS["DEBUG"]) { WLOG("SIZE_QUOTA::IPADDR..:{$IPADDR} [" . __LINE__ . "]"); } if ($GLOBALS["DEBUG"]) { WLOG("SIZE_QUOTA::MAC.....:{$MAC} [" . __LINE__ . "]"); } if ($GLOBALS["DEBUG"]) { WLOG("SIZE_QUOTA::XFORWARD:{$XFORWARD} [" . __LINE__ . "]"); } if ($GLOBALS["DEBUG"]) { WLOG("SIZE_QUOTA::WWW.....:{$WWW} [" . __LINE__ . "]"); } $USERNAME = str_replace("%20", " ", $USERNAME); $USERNAME = str_replace("%25", "-", $USERNAME); $IPADDR = str_replace("%25", "-", $IPADDR); $MAC = str_replace("%25", "-", $MAC); $XFORWARD = str_replace("%25", "-", $XFORWARD); if ($XFORWARD == "-") { $XFORWARD = null; } if ($MAC == "00:00:00:00:00:00") { $MAC = null; } if ($MAC == "-") { $MAC = null; } if ($USERNAME == "-") { $USERNAME = null; } $IPCalls = new IP(); if ($IPCalls->isIPAddress($XFORWARD)) { $IPADDR = $XFORWARD; } if (preg_match("#(.+?):[0-9]+#", $WWW, $re)) { $WWW = $re[1]; } if (preg_match("#^www\\.(.+)#", $WWW, $re)) { $WWW = $re[1]; } if (!class_exists("squid_familysite")) { include_once dirname(__FILE__) . "/ressources/class.squid.familysites.inc"; } $fam = new squid_familysite(); $WWW = $fam->GetFamilySites($WWW); if ($IPADDR != null) { $keymd5 = md5("{$WWW}{$IPADDR}"); $LOG_PREFIX = "{$IPADDR}/{$WWW}"; } if ($MAC != null) { $keymd5 = md5("{$WWW}{$MAC}"); $LOG_PREFIX = "{$MAC}/{$WWW}"; } if ($USERNAME != null) { $keymd5 = md5("{$WWW}{$USERNAME}"); $LOG_PREFIX = "{$USERNAME}/{$WWW}"; } $database_size_path = "/var/log/squid/" . date("YW") . "_QUOTASIZE.db"; if (!is_file($database_size_path)) { if ($GLOBALS["DEBUG"]) { WLOG("{$LOG_PREFIX}:FATAL!!! {$database_size_path} doesn't exists"); } return false; } $db_con = dba_open($database_size_path, "r", "db4"); if (!$db_con) { if ($GLOBALS["DEBUG"]) { WLOG("{$LOG_PREFIX}:FATAL!!! SIZE_QUOTA::{$database_size_path}, unable to open"); } return false; } if (!dba_exists($keymd5, $db_con)) { if ($GLOBALS["DEBUG"]) { WLOG("{$LOG_PREFIX}:FATAL!!! SIZE_QUOTA::{$keymd5} doesn't exists"); } return false; } $array = unserialize(dba_fetch($keymd5, $db_con)); dba_close($db_con); $current_hour = 0; $current_day = 0; $current_week = 0; if (isset($array["HOURLY"][date("d")][date("H")])) { $current_hour = intval($array["HOURLY"][date("d")][date("H")]); $current_hour = $current_hour / 1024; $current_hour = $current_hour / 1024; } if (isset($array["DAILY"][date("d")])) { $current_day = intval($array["DAILY"][date("d")]); $current_day = $current_day / 1024; $current_day = $current_day / 1024; } if (isset($array["WEEK"])) { $current_week = intval($array["WEEK"]); $current_week = $current_week / 1024; $current_week = $current_week / 1024; } $rules_week = $GLOBALS["ACL_RULES"]["WEEK"]; $rules_hour = $GLOBALS["ACL_RULES"]["HOUR"]; $rules_day = $GLOBALS["ACL_RULES"]["DAY"]; if ($GLOBALS["DEBUG"]) { WLOG("{$LOG_PREFIX}:{$current_hour}MB/{$current_day}MB/{$current_week}MB - {$rules_hour}MB/{$rules_day}MB/{$rules_week}MB"); } if ($rules_week > 0) { if ($current_week > $rules_week) { if ($GLOBALS["DEBUG"]) { WLOG("{$LOG_PREFIX}: WEEKLY: {$current_week}MB/{$rules_week}MB MACTHES --> OK"); } return true; } } if ($rules_day > 0) { if ($current_day > $rules_day) { if ($GLOBALS["DEBUG"]) { WLOG("{$LOG_PREFIX}: DAILY: {$current_day}MB/{$rules_day}MB MACTHES --> OK"); } return true; } } if ($rules_hour > 0) { if ($current_hour > $rules_hour) { if ($GLOBALS["DEBUG"]) { WLOG("{$LOG_PREFIX}:HOURLY: {$current_hour}MB/{$rules_hour}MB MACTHES --> OK"); } return true; } } return false; }
function api_GetFamilySites($sitename) { if (isset($GLOBALS["GetFamilySites"][$sitename])) { return $GLOBALS["GetFamilySites"][$sitename]; } if (!class_exists("squid_familysite")) { include_once dirname(__FILE__) . "/class.squid.familysites.inc"; } $fam = new squid_familysite(); $GLOBALS["GetFamilySites"][$sitename] = $fam->GetFamilySites($sitename); return $GLOBALS["GetFamilySites"][$sitename]; }
function categories_match($gpid, $sitname) { if (preg_match("#^www\\.(.+)#", $sitname, $re)) { $sitname = $re[1]; } if (preg_match("#^(.+):[0-9]+]#", $sitname, $re)) { $sitname = $re[1]; } if ($GLOBALS["DEBUG_LEVEL"] > 1) { WLOG("Analyze: Group: {$gpid} `{$sitname}`"); } $categories_get_memory = categories_get_memory($gpid, $sitname); if ($categories_get_memory != null) { if ($GLOBALS["DEBUG_LEVEL"] > 1) { WLOG("Group: {$gpid} `{$sitname}` -> MEMORY: `{$categories_get_memory}` "); } if ($categories_get_memory == "UNKNOWN") { return null; } return $categories_get_memory; } $q = new mysql_catz(); if ($GLOBALS["DEBUG_LEVEL"] > 1) { WLOG("Group: {$gpid} `{$sitname}` -> CATEGORY ?? [" . __LINE__ . "]"); } $categoriF = $q->GET_CATEGORIES($sitname); $trans = $q->TransArray(); if ($GLOBALS["DEBUG_LEVEL"] > 1) { WLOG("Group: {$gpid} `{$sitname}` -> category: `{$categoriF}` "); } if ($categoriF == null) { if ($GLOBALS["DEBUG_LEVEL"] > 1) { WLOG("squid_familysite()"); } if (!class_exists("squid_familysite")) { include_once dirname(__FILE__) . "/ressources/class.squid.familysites.inc"; } $qF = new squid_familysite(); $familysite = $qF->GetFamilySites($sitname); if ($familysite != $sitname) { $categoriF = $q->GET_CATEGORIES($familysite); if ($GLOBALS["DEBUG_LEVEL"] > 1) { WLOG("Group: {$gpid} `{$sitname}` -> {$familysite} -> category: `{$categoriF}` "); } } } if ($categoriF == null) { categories_set_memory($gpid, $sitname, "UNKNOWN"); return null; } if (strpos($categoriF, ",") > 0) { $categoriT = explode(",", $categoriF); } else { $categoriT[] = $categoriF; } while (list($a, $b) = each($categoriT)) { $MAIN[$b] = true; } $filename = "/etc/squid3/acls/catz_gpid{$gpid}.acl"; $categories = unserialize(@file_get_contents($filename)); while (list($category_table, $category_rule) = each($categories)) { $category_rule = urlencode($category_rule); $categoryname = $trans[$category_table]; if (isset($MAIN[$categoryname])) { if ($GLOBALS["DEBUG_LEVEL"] > 1) { WLOG("FOUND `{$categoryname}` -> `{$category_rule}` "); } categories_set_memory($gpid, $sitname, $category_rule); return $category_rule; } } categories_set_memory($gpid, $sitname, "UNKNOWN"); }
#!/usr/bin/php -q <?php $GLOBALS["DEBUG"] = false; $GLOBALS["HERLPER_LOADED_BY_SQUID"] = true; include_once dirname(__FILE__) . "/ressources/class.squid.familysites.inc"; include_once dirname(__FILE__) . "/ressources/class.mysql.catz.inc"; $GLOBALS["MYPID"] = getmypid(); WLOG("Starting PID:{$GLOBALS["MYPID"]}"); $GLOBALS["XVFERTSZ"] = XVFERTSZ(); $fam = new squid_familysite(); $q = new mysql_catz(); $DCOUNT = 0; while (!feof(STDIN)) { $Buffer = trim(fgets(STDIN)); if ($Buffer == null) { if ($GLOBALS["DEBUG"]) { WLOG("{$DCOUNT}] LOOP::URL `{$Buffer}` is null [" . __LINE__ . "]"); } continue; } if ($GLOBALS["DEBUG"]) { WLOG("{$DCOUNT}] LOOP::URL `{$Buffer}` [" . __LINE__ . "]"); } $MAIN = explode(" ", $Buffer); $prefix_channel = null; // administrateur 192.168.1.177 3c:a9:f4:13:9b:90 - www.google.fr 57 if (is_numeric($MAIN[0])) { $GLOBALS["CHANNEL"] = $MAIN[0]; $GLOBALS["DOMAIN"] = trim($MAIN[1]); } else { $GLOBALS["DOMAIN"] = trim($MAIN[0]);
function Paranoid($nopid = false) { $unix = new unix(); if (!$nopid) { $mypid = getmypid(); if (isset($argv[1])) { $argv = $argv[1]; } $pids = $unix->PIDOF_PATTERN_ALL(basename(__FILE__) . ".*?{$argv}"); if (count($pids) > 1) { while (list($num, $ligne) = each($pids)) { $cmdline = @file_get_contents("/proc/{$num}/cmdline"); echo "Starting......: " . date("H:i:s") . " [SERV]: [{$mypid}] Already process PID {$num} {$cmdline} exists..\n"; echo "Starting......: " . date("H:i:s") . " [SERV]: [{$mypid}] Running " . @file_get_contents("/proc/{$num}/cmdline") . "\n"; } build_progress_paranoid("{already_process_exists_try_later}", 110); die; } } $ParanoidBlockerEmergency = intval(@file_get_contents("/etc/artica-postfix/settings/Daemons/ParanoidBlockerEmergency")); $UfdbEnableParanoidMode = intval(@file_get_contents("/etc/artica-postfix/settings/Daemons/UfdbEnableParanoidMode")); if ($ParanoidBlockerEmergency == 1) { if (isInSquid()) { build_progress_paranoid("{reconfigure}", 70); $php = $unix->LOCATE_PHP5_BIN(); system("{$php} /usr/share/artica-postfix/exec.squid.php --build --force"); } build_progress_paranoid("{emergency}!!!", 110); @unlink("/etc/squid3/paranoid.db"); return; } if ($UfdbEnableParanoidMode == 0) { @unlink("/etc/squid3/paranoid.db"); if (isInSquid()) { build_progress_paranoid("{reconfigure}", 70); $php = $unix->LOCATE_PHP5_BIN(); system("{$php} /usr/share/artica-postfix/exec.squid.php --build --force"); } build_progress_paranoid("{disabled}!!!", 110); return; } $sock = new sockets(); if ($sock->EnableUfdbGuard() == 0) { build_progress_paranoid("{webfiltering} {disabled}!!!", 110); @unlink("/etc/squid3/paranoid.db"); return; } build_progress_paranoid("{webfiltering} {enabled} OK", 25); $ipClass = new IP(); $SquidFam = new squid_familysite(); $q = new mysql_squid_builder(); $ARRAY = array(); $results = $q->QUERY_SQL("SELECT pattern, object FROM webfilters_paranoid"); while ($ligne = mysql_fetch_assoc($results)) { $ligne["pattern"] = trim(strtolower($ligne["pattern"])); if ($ligne["pattern"] == null) { continue; } build_progress_paranoid("{$ligne["pattern"]}", 50); $ARRAY[$ligne["object"]][$ligne["pattern"]] = true; } $src = array(); $dstdomain = array(); if (isset($ARRAY["src"])) { while (list($pattern, $xtrace) = each($ARRAY["src"])) { if (!$ipClass->isValid($pattern)) { continue; } $MAIN["IPSRC"][$pattern] = true; } } if (isset($ARRAY["dstdomain"])) { while (list($pattern, $xtrace) = each($ARRAY["dstdomain"])) { $MAIN["DOMS"][$pattern] = true; } } if (isset($ARRAY["dstdomainsrc"])) { while (list($pattern, $xtrace) = each($ARRAY["dstdomainsrc"])) { $fr = explode("/", $pattern); if (!$ipClass->isValid($fr[0])) { continue; } if ($fr[1] == null) { continue; } $fr[1] = $SquidFam->GetFamilySites($fr[1]); $MAIN["IPDOM"][trim($fr[0])][trim(strtolower($fr[1]))] = true; } } if (!isInSquid()) { build_progress_paranoid("{reconfigure}", 70); $php = $unix->LOCATE_PHP5_BIN(); system("{$php} /usr/share/artica-postfix/exec.squid.php --build --force"); } if (!isInSquid()) { build_progress_paranoid("{failed}", 110); return; } build_progress_paranoid("{enabled} OK", 80); if ($GLOBALS["RSQUID"]) { $squidbin = $unix->LOCATE_SQUID_BIN(); shell_exec("{$squidbin} -k reconfigure"); } @file_put_contents("/etc/squid3/paranoid.db", serialize($MAIN)); build_progress_paranoid("{done}", 100); }