function build_blacklists($aspid = false)
{
$unix = new unix();
$FINALARRAY = array();
$f = array();
$PidFile = "/etc/artica-postfix/pids/squid_build_blacklists.pid";
$dbfile = "/var/log/squid/ufdbgclient.black.db";
if ($aspid) {
$pid = $unix->get_pid_from_file($PidFile);
if ($pid != getmypid()) {
if ($unix->process_exists($pid, basename(__FILE__))) {
echo "Starting......: " . date("H:i:s") . " Blacklists: Another artica script running pid {$pid}, aborting ...\n";
WriteToSyslogMail("build_blacklists():: Another artica script running pid {$pid}, aborting ...", basename(__FILE__));
return;
}
}
}
@unlink($dbfile);
try {
echo "berekley_db:: Creating {$dbfile} database\n";
$db_desttmp = @dba_open($dbfile, "c", "db4");
@dba_close($db_desttmp);
} catch (Exception $e) {
$error = $e->getMessage();
echo "berekley_db::FATAL ERROR {$error} on {$dbfile}\n";
return;
}
$q = new mysql_squid_builder();
$array = array();
$db_con = @dba_open($dbfile, "c", "db4");
$sql = "SELECT * FROM deny_websites";
$results = $q->QUERY_SQL($sql);
if (!$q->ok) {
echo "Starting......: " . date("H:i:s") . " [ACLS]: {$q->mysql_error}\n";
return;
}
@unlink("/etc/squid3/www-blacklists.db");
while ($ligne = mysql_fetch_assoc($results)) {
if ($ligne["items"] == null) {
continue;
}
$item = $ligne["items"];
$item = str_replace("/", "\\/", $item);
$item = str_replace(".", "\\.", $item);
$item = str_replace("*", ".*?", $item);
@dba_replace($item, $item, $db_con);
$array[] = $ligne["items"];
}
@dba_close($db_con);
@file_put_contents("/var/log/squid/ufdbgclient.reload", "#");
@chown("/var/log/squid/ufdbgclient.reload", "squid");
@chgrp("/var/log/squid/ufdbgclient.reload", "squid");
$acl = new squid_acls();
$url_rewrite_program = $acl->clean_dstdomains($array);
echo "Starting......: " . date("H:i:s") . " [ACLS]: " . count($url_rewrite_program) . " blacklisted webistes\n";
@file_put_contents("/etc/squid3/www-blacklists.db", @implode("\n", $url_rewrite_program) . "\n");
@chown("/etc/squid3/www-blacklists.db", "squid");
@chgrp("/etc/squid3/www-blacklists.db", "squid");
}
function build()
{
$sock = new sockets();
$EnableRemoteStatisticsAppliance = $sock->GET_INFO("EnableRemoteStatisticsAppliance");
if (!is_numeric($EnableRemoteStatisticsAppliance)) {
$EnableRemoteStatisticsAppliance = 0;
}
if ($EnableRemoteStatisticsAppliance == 1) {
return;
}
send_email_events("Order to rebuild filters configuration", @implode("\nParams:", $argv), "proxy");
$funtion = __FUNCTION__;
if (!isset($GLOBALS["VERBOSE"])) {
$GLOBALS["VERBOSE"] = false;
}
if ($GLOBALS["VERBOSE"]) {
echo "{$funtion}::" . __LINE__ . " Loading libraries\n";
}
$users = new usersMenus();
$sock = new sockets();
$unix = new unix();
$php5 = $unix->LOCATE_PHP5_BIN();
$chown = $unix->find_program("chown");
$chmod = $unix->find_program("chmod");
$squidbin = $unix->find_program("squid3");
$nohup = $unix->find_program("nohup");
$unix->SystemCreateUser("squid", "squid");
@mkdir("/var/tmp", 0775, true);
$EnableWebProxyStatsAppliance = $sock->GET_INFO("EnableWebProxyStatsAppliance");
$EnableRemoteStatisticsAppliance = $sock->GET_INFO("EnableRemoteStatisticsAppliance");
if (!is_numeric($EnableWebProxyStatsAppliance)) {
$EnableWebProxyStatsAppliance = 0;
}
if (!is_numeric($EnableRemoteStatisticsAppliance)) {
$EnableRemoteStatisticsAppliance = 0;
}
$UseRemoteUfdbguardService = $sock->GET_INFO('UseRemoteUfdbguardService');
if (!is_file($squidbin)) {
$squidbin = $unix->find_program("squid");
}
$EnableUfdbGuard = intval($sock->EnableUfdbGuard());
$SQUIDEnable = $sock->GET_INFO("SQUIDEnable");
if (!is_numeric($SQUIDEnable)) {
$SQUIDEnable = 1;
}
if (!is_numeric($UseRemoteUfdbguardService)) {
$UseRemoteUfdbguardService = 0;
}
if ($GLOBALS["VERBOSE"]) {
echo "DEBUG::{$funtion}:: EnableWebProxyStatsAppliance={$EnableWebProxyStatsAppliance}\n";
}
if ($GLOBALS["VERBOSE"]) {
echo "DEBUG::{$funtion}:: EnableRemoteStatisticsAppliance={$EnableRemoteStatisticsAppliance}\n";
}
if ($GLOBALS["VERBOSE"]) {
echo "DEBUG::{$funtion}:: EnableUfdbGuard={$EnableUfdbGuard}\n";
}
if ($GLOBALS["VERBOSE"]) {
echo "DEBUG::{$funtion}:: SQUIDEnable={$SQUIDEnable}\n";
}
if ($GLOBALS["VERBOSE"]) {
echo "DEBUG::{$funtion}:: UseRemoteUfdbguardService={$UseRemoteUfdbguardService}\n";
}
$GLOBALS["SQUIDBIN"] = $squidbin;
if ($EnableWebProxyStatsAppliance == 0) {
$installed = false;
if ($users->SQUIDGUARD_INSTALLED) {
$installed = true;
echo "Starting......: " . date("H:i:s") . " SquidGuard is installed\n";
}
if ($users->APP_UFDBGUARD_INSTALLED) {
$installed = true;
echo "Starting......: " . date("H:i:s") . " Webfiltering service is installed\n";
}
if ($users->DANSGUARDIAN_INSTALLED) {
$installed = true;
echo "Starting......: " . date("H:i:s") . " Dansguardian is installed\n";
}
if (!$installed) {
if ($GLOBALS["VERBOSE"]) {
echo "No one installed...\n";
shell_exec("{$nohup} " . LOCATE_PHP5_BIN2() . " " . dirname(__FILE__) . "/exec.usrmactranslation.php >/dev/null 2>&1 &");
return false;
}
}
}
if ($EnableUfdbGuard == 0) {
if ($GLOBALS["VERBOSE"]) {
echo "UfDbguard is disabled ( see EnableUfdbGuard ) in line: " . __LINE__ . "\n";
}
return;
}
if ($SQUIDEnable == 0) {
if ($GLOBALS["VERBOSE"]) {
echo "UfDbguard is disabled ( see SQUIDEnable ) in line: " . __LINE__ . "\n";
}
return;
}
if ($UseRemoteUfdbguardService == 1) {
if ($GLOBALS["VERBOSE"]) {
echo "UfDbguard is disabled ( see UseRemoteUfdbguardService ) in line: " . __LINE__ . "\n";
}
return;
}
if ($GLOBALS["VERBOSE"]) {
echo "FIX_1_CATEGORY_CHECKED()\n";
}
FIX_1_CATEGORY_CHECKED();
if ($EnableRemoteStatisticsAppliance == 1) {
if ($GLOBALS["VERBOSE"]) {
echo "Use the Web statistics appliance to get configuration file...\n";
}
shell_exec("{$nohup} " . LOCATE_PHP5_BIN2() . " " . dirname(__FILE__) . "/exec.usrmactranslation.php >/dev/null 2>&1 &");
ufdbguard_remote();
return;
}
if ($GLOBALS["VERBOSE"]) {
echo "{$funtion}::" . __LINE__ . "Loading compile_dansguardian()\n";
}
$dans = new compile_dansguardian();
if ($GLOBALS["VERBOSE"]) {
echo "{$funtion}::" . __LINE__ . "Loading compile_dansguardian::->build()\n";
}
$dans->build();
echo "Starting......: " . date("H:i:s") . " Dansguardian compile done...\n";
if (function_exists('WriteToSyslogMail')) {
WriteToSyslogMail("build() -> reconfigure UfdbGuardd", basename(__FILE__));
}
build_ufdbguard_config();
ufdbguard_schedule();
if ($EnableWebProxyStatsAppliance == 1) {
echo "Starting......: " . date("H:i:s") . " This server is a Squid Appliance, compress databases and notify proxies\n";
CompressCategories();
notify_remote_proxys();
}
shell_exec("{$php5} /usr/share/artica-postfix/exec.initslapd.php --ufdbguard");
CheckPermissions();
ufdbguard_admin_events("Service will be rebuiled and restarted", __FUNCTION__, __FILE__, __LINE__, "config");
shell_exec("{$nohup} " . LOCATE_PHP5_BIN2() . " " . dirname(__FILE__) . "/exec.usrmactranslation.php >/dev/null 2>&1 &");
if (!$GLOBALS["RESTART"]) {
if (is_file("/etc/init.d/ufdb")) {
echo "Starting......: " . date("H:i:s") . " Checking watchdog\n";
ufdbguard_watchdog();
echo "Starting......: " . date("H:i:s") . " Webfiltering service reloading service\n";
build_ufdbguard_HUP();
}
}
if ($GLOBALS["RESTART"]) {
if (is_file("/etc/init.d/ufdb")) {
echo "Starting......: " . date("H:i:s") . " Restarting\n";
shell_exec("/etc/init.d/ufdb restart");
}
}
if ($users->DANSGUARDIAN_INSTALLED) {
echo "Starting......: " . date("H:i:s") . " Dansguardian reloading service\n";
shell_exec("/usr/share/artica-postfix/bin/artica-install --reload-dansguardian --withoutconfig");
}
}
function RecipientsToAdd($mailto, $tmpfname)
{
$sock = new sockets();
return null;
$RecipientsToAddEnableSingleMail = $sock->GET_INFO("RecipientsToAddEnableSingleMail");
if ($RecipientsToAddEnableSingleMail == null) {
$RecipientsToAddEnableSingleMail = 1;
}
$ldap = new clladp();
$uid = $ldap->uid_from_email($mailto);
events("<{$mailto}> \"uid={$uid}\" RecipientsToAddEnableSingleMail=\"{$RecipientsToAddEnableSingleMail}\"", __FUNCTION__, __LINE__);
if ($uid == null) {
return true;
}
$filter = "(&(objectClass=UserArticaClass)(uid={$uid}))";
$attr = array("RecipientToAdd");
$sr = @ldap_search($ldap->ldap_connection, $ldap->suffix, $filter, $attr);
if (!$sr) {
return true;
}
$hash = ldap_get_entries($ldap->ldap_connection, $sr);
if ($hash["count"] == 0) {
return true;
}
for ($i = 0; $i < $hash["count"]; $i++) {
for ($z = 0; $z < $hash[$i][strtolower("RecipientToAdd")]["count"]; $z++) {
$rcpt = $hash[$i][strtolower("RecipientToAdd")][$z];
if ($rcpt == null) {
events("rcpt {$mailto} cc to <{$rcpt}> SKIP", __FUNCTION__, __LINE__);
continue;
}
if ($mailto == $rcpt) {
events("rcpt {$mailto} cc to <{$rcpt}> SKIP", __FUNCTION__, __LINE__);
continue;
}
WriteToSyslogMail("rcpt {$mailto} cc to <{$rcpt}>", "artica-filter");
$mails[] = $rcpt;
}
}
if (count($mails) == 0) {
return;
}
if (!is_array($mails)) {
return;
}
events(count($mails) . " cc emails", __FUNCTION__, __LINE__);
if ($RecipientsToAddEnableSingleMail != 1) {
WriteToSyslogMail("from: <{$GLOBALS["sender"]}> to:<{$mailto}> Add Blind Carbon Copy to " . count($mails) . " recipient(s) (" . implode(",", $mails . ")", "artica-filter"));
}
if ($RecipientsToAddEnableSingleMail == 1) {
while (list($num, $recipient) = each($mails)) {
WriteToSyslogMail("from: <{$GLOBALS["sender"]}> to:<{$recipient}> create a new mail");
$cmd = "/usr/share/artica-postfix/bin/artica-msmtp --host 127.0.0.1 --read-envelope-from -- {$recipient} < {$tmpfname}";
exec($cmd, $results);
}
return true;
}
$datas = explode("\n", @file_get_contents($tmpfname));
while (list($num, $ligne) = each($datas)) {
if (preg_match("#Bcc:\\s+(.*)#i", $line, $regs)) {
events("ADD Bcc: line {$num}", __FUNCTION__, __LINE__);
$datas[$num] = $regs[1] . ',' . implode(", ", $mails);
break;
}
if (trim($ligne) == null) {
events("insert Bcc: line {$num}", __FUNCTION__, __LINE__);
$datas[$num] = "Bcc: " . implode(", ", $mails) . "\n";
break;
}
}
@file_put_contents($tmpfname, implode("\n", $datas));
}
function xsyslog($text)
{
if (function_exists("WriteToSyslogMail")) {
WriteToSyslogMail($text, basename(__FILE__));
}
}
function archive_process($file)
{
$unix = new unix();
$timeMessage = filemtime($file);
$fullmessagesdir = "/opt/artica/share/www/original_messages";
$target_file = $file;
$filename = basename($target_file);
if (!isset($GLOBALS["GREP"])) {
$GLOBALS["GREP"] = $unix->find_program("grep");
}
if (!isset($GLOBALS["MYHOSTNAME"])) {
$GLOBALS["MYHOSTNAME"] = $unix->hostname_g();
}
$grep = $GLOBALS["GREP"];
$ARCHIVED = false;
$MailArchiverEnabled = $GLOBALS["MailArchiverEnabled"];
$MailArchiverToMySQL = $GLOBALS["MailArchiverToMySQL"];
$MailArchiverToMailBox = $GLOBALS["MailArchiverToMailBox"];
$MailArchiverMailBox = $GLOBALS["MailArchiverMailBox"];
$MailArchiverToSMTP = $GLOBALS["MailArchiverToSMTP"];
$MailArchiverSMTP = $GLOBALS["MailArchiverSMTP"];
$MailArchiverSMTPINcoming = $GLOBALS["MailArchiverSMTPINcoming"];
if (!is_numeric($MailArchiverSMTP)) {
$MailArchiverSMTP = 0;
}
$realmailfrom = null;
$realmailto = null;
exec("{$grep} X-REAL- {$file} 2>&1", $resultsgrep);
while (list($num, $line) = each($resultsgrep)) {
events("[{$num}] {$line}", __LINE__);
if (preg_match("#X-REAL-MAILFROM:\\s+<(.*?)>#", $line, $re)) {
$realmailfrom = trim($re[1]);
continue;
}
if (preg_match("#X-REAL-RCPTTO:\\s+<(.*?)>#", $line, $re)) {
$realmailto = trim($re[1]);
continue;
}
if ($realmailto == null) {
if (preg_match("#X-REAL-RCPTTO:\\s+(.*)#", $line, $re)) {
$realmailto = trim($re[1]);
continue;
}
}
if ($realmailfrom == null) {
if (preg_match("#X-REAL-MAILFROM:\\s+(.*)#", $line, $re)) {
$realmailfrom = trim($re[1]);
continue;
}
}
if (preg_match("#X-REAL-ARCHIVED#", $line, $re)) {
events("{$file} detected as already archived...", __LINE__);
$ARCHIVED = true;
}
}
$realmailfrom = str_replace("<", "", $realmailfrom);
$realmailfrom = str_replace(">", "", $realmailfrom);
$realmailto = str_replace(">", "", $realmailto);
$realmailto = str_replace("<", "", $realmailto);
if ($GLOBALS["VERBOSE"]) {
echo "X-REAL-MAILFROM: `{$realmailfrom}` X-REAL-RCPTTO: `{$realmailto}`\n";
}
if ($GLOBALS["VERBOSE"]) {
echo "MailArchiverToMailBox = {$MailArchiverToMailBox};MailArchiverSMTP={$MailArchiverSMTP}; \n";
}
if ($MailArchiverToMailBox == 1) {
if ($GLOBALS["VERBOSE"]) {
echo "archive_process_smtp({$fullmessagesdir},{$realmailfrom})\n";
}
if (!$ARCHIVED) {
if (!archive_process_smtp($file, $realmailfrom)) {
return false;
}
}
}
if ($MailArchiverSMTP == 1) {
if (!$ARCHIVED) {
if (!archive_process_smtpsrv($file, $realmailfrom, $realmailto)) {
return false;
}
}
}
if (!$ARCHIVED) {
if (!archive_process_copyto($file, $realmailfrom, $realmailto)) {
return false;
}
}
if ($MailArchiverToMySQL == 0) {
return true;
}
$ldap = new clladp();
$q = new mysql_mailarchive_builder();
events("Unpack {$target_file}");
$mm = new demime($target_file);
if (!$mm->unpack()) {
events("Failed unpack with error \"{$mm->error}\"");
if ($mm->MustkillMail) {
@unlink($target_file);
}
return false;
}
$message_html = $mm->ExportToHtml($target_file);
if (strlen($message_html) == 0) {
system_admin_events("{$target_file}: HTML FAILED...", __FUNCTION__, __FILE__, __LINE__, "archive");
return false;
}
if (count($mm->mailto_array) == 0) {
if ($realmailto != null) {
$mm->mailto_array[] = $realmailto;
}
}
if (count($mm->mailto_array) == 0) {
system_admin_events("{$target_file}: Fatal No recipients Aborting", __FUNCTION__, __FILE__, __LINE__, "archive");
return true;
}
$filesize = @filesize($target_file);
events("Message with " . count($mm->mailto_array) . " recipients html file:" . strlen($message_html) . " bytes");
if ($realmailfrom != null) {
$mm->mailfrom = $realmailfrom;
}
if (preg_match("#(.+?)@(.+)#", $mm->mailfrom, $re)) {
$domain_from = $re[2];
}
$message_html = addslashes($message_html);
$mm->message_date = date("Y-m-d H:i:s", $timeMessage);
$tableDest = date("Ymd", $timeMessage);
if (!$q->BuildDayTable($tableDest)) {
system_admin_events("Fatal unable to create {$tableDest} date...", __FUNCTION__, __FILE__, __LINE__, "archive");
return false;
}
$SubjectMysql = addslashes(mime_decode($mm->subject));
while (list($num, $recipient) = each($mm->mailto_array)) {
if (preg_match("#(.+?)@(.+)#", $recipient, $re)) {
$recipient_domain = $re[2];
}
$ou = $mm->GetOuFromEmail($recipient);
$sql_source_file = $target_file;
events("(New message)time={$mm->message_date} message-id=<{$mm->message_id}> from=<{$mm->mailfrom}> to=<{$recipient}> size={$filesize}");
$newmessageid = md5($mm->message_id . $recipient);
$sqlfilesize = @filesize($target_file);
$BinMessg = addslashes(fread(fopen($target_file, "r"), $sqlfilesize));
$sql = "INSERT IGNORE INTO `{$tableDest}` (\n\t\t\t\tMessageID,\n\t\t\t\tzDate,\n\t\t\t\tmailfrom,\n\t\t\t\tmailfrom_domain,\n\t\t\t\tsubject,\n\t\t\t\tMessageBody,\n\t\t\t\torganization,\n\t\t\t\tmailto,\n\t\t\t\tfile_path,\n\t\t\t\toriginal_messageid,\n\t\t\t\tmessage_size,\n\t\t\t\tBinMessg,filename,filesize\n\t\t\t\t)\n\t\t\tVALUES(\n\t\t\t\t'{$newmessageid}',\n\t\t\t\t'{$mm->message_date}',\n\t\t\t\t'{$mm->mailfrom}',\n\t\t\t\t'{$domain_from}',\n\t\t\t\t'{$SubjectMysql}',\n\t\t\t\t'{$message_html}',\n\t\t\t\t'{$ou}',\n\t\t\t\t'{$recipient}',\n\t\t\t\t'{$sql_source_file}',\n\t\t\t\t'{$mm->message_id}',\n\t\t\t\t'{$filesize}','{$BinMessg}','{$filename}','{$sqlfilesize}')";
if (!$q->QUERY_SQL($sql)) {
system_admin_events("Fatal {$q->mysql_error}", __FUNCTION__, __FILE__, __LINE__, "archive");
return false;
}
}
events("Analyze sender {$mm->mailfrom}...");
$ou = $mm->GetOuFromEmail($mm->mailfrom);
if ($ou == null) {
events("Not organization found for {$mm->mailfrom}...");
return true;
}
$recipients = $mm->mailto_array;
$impled_rctp = implode(";", $recipients);
$sql = "INSERT IGNORE INTO `{$tableDest}` (\n\t\t\t\tMessageID,\n\t\t\t\tzDate,\n\t\t\t\tmailfrom,\n\t\t\t\tmailfrom_domain,\n\t\t\t\tsubject,\n\t\t\t\tMessageBody,\n\t\t\t\torganization,\n\t\t\t\tmailto,\n\t\t\t\tfile_path,\n\t\t\t\toriginal_messageid,\n\t\t\t\tmessage_size,BinMessg,filename,filesize\n\t\t\t\t)\n\t\t\tVALUES(\n\t\t\t\t'{$newmessageid}',\n\t\t\t\t'{$mm->message_date}',\n\t\t\t\t'{$mm->mailfrom}',\n\t\t\t\t'{$domain_from}',\n\t\t\t\t'{$SubjectMysql}',\n\t\t\t\t'{$message_html}',\n\t\t\t\t'{$ou}',\n\t\t\t\t'{$impled_rctp}',\n\t\t\t\t'{$sql_source_file}',\n\t\t\t\t'{$mm->message_id}',\n\t\t\t\t'{$filesize}','{$BinMessg}','{$filename}','{$sqlfilesize}')";
$q->QUERY_SQL($sql);
if (!$q->ok) {
system_admin_events("Fatal {$q->mysql_error}", __FUNCTION__, __FILE__, __LINE__, "archive");
return false;
}
WriteToSyslogMail("{$mm->message_id}: <{$mm->mailfrom}> to: <{$impled_rctp}> size={$filesize} bytes (saved into backup area)", __FILE__);
events("time={$mm->message_date} message-id=<{$mm->message_id}> from=<{$mm->mailfrom}> to=<{$impled_rctp}> size={$filesize}");
return true;
}
function remove_database($allprocedure = false)
{
$unix = new unix();
$pidfile = "/etc/artica-postfix/pids/" . basename(__FILE__) . "." . __FUNCTION__ . ".pid";
if ($allprocedure) {
$pid = $unix->get_pid_from_file($pidfile);
if ($unix->process_exists($pid, basename(__FILE__))) {
$time = $unix->PROCCESS_TIME_MIN($pid);
build_progress_status(100, "Already task running PID {$pid}");
if ($GLOBALS["OUTPUT"]) {
echo "Stopping......: " . date("H:i:s") . " [INIT]: Already task running PID {$pid} since {$time}mn\n";
}
return;
}
}
$mysql = $unix->find_program("mysql");
$rm = $unix->find_program("rm");
$sock = new sockets();
build_progress_status(2, "Stopping monitor");
shell_exec("/etc/init.d/monit stop");
shell_exec("/etc/init.d/artica-status stop --force");
shell_exec("/etc/init.d/postfix-logger stop");
build_progress_status(5, "Removing MySQL Zarafa Database");
WriteToSyslogMail("Action: Removing Zarafa Database MySQL client `{$mysql}`....", __FILE__);
$cmd = "{$mysql} --socket=/var/run/mysqld/zarafa-db.sock --protocol=socket --user=root --batch --debug-info --database=zarafa --execute=\"DROP DATABASE zarafa\" 2>&1";
$results = array();
exec("{$cmd}", $results);
$WORKDIR = $sock->GET_INFO("ZarafaDedicateMySQLWorkDir");
if ($WORKDIR == null) {
$WORKDIR = "/home/zarafa-db";
}
while (list($num, $ligne) = each($results)) {
echo WriteToSyslogMail("MySQL: (Delete Database) {$ligne}", __FILE__);
}
build_progress_status(10, "Removing Zarafa Database MySQL");
if (is_dir("{$WORKDIR}")) {
recursive_remove_directory("{$WORKDIR}");
}
WriteToSyslogMail("Action: Restarting MySQL service...", __FILE__);
WriteToSyslogMail("Action: Stopping MySQL service...", __FILE__);
build_progress_status(15, "Stopping MySQL Zarafa Database");
build_progress_status(40, "Stopping Zarafa Server service");
WriteToSyslogMail("Action: Stopping Zarafa server...", __FILE__);
@unlink("/tmp/zarafa-upgrade-lock");
system("/etc/init.d/zarafa-server stop --kill");
stop(true);
WriteToSyslogMail("Action: Starting MySQL service (InnoDB recovery mode)...", __FILE__);
build_progress_status(20, "Starting MySQL Zarafa Database (InnoDB recovery mode)");
start(true, true);
while (list($num, $ligne) = each($results)) {
echo "Service: {$ligne}\n";
}
sleep(5);
$ZARAFADB_PID = ZARAFADB_PID();
if (!$unix->process_exists($ZARAFADB_PID)) {
build_progress_status(110, "{failed}");
return;
}
if ($allprocedure) {
build_progress_status(25, "Restarting MySQL service (normal)");
echo "Action: Restarting MySQL service...\n";
echo "Action: Stopping MySQL service...\n";
build_progress_status(30, "Stopping MySQL service (normal)");
stop(true);
echo "Action: Starting MySQL service (InnoDB normal mode)...\n";
build_progress_status(35, "Starting MySQL service (normal)");
start(true, false);
while (list($num, $ligne) = each($results)) {
echo "Service: {$ligne}\n";
}
sleep(5);
$ZARAFADB_PID = ZARAFADB_PID();
if (!$unix->process_exists($ZARAFADB_PID)) {
build_progress_status(110, "{failed}");
return;
}
}
build_progress_status(40, "Stopping Zarafa Server service");
WriteToSyslogMail("Action: Stopping Zarafa server...", __FILE__);
@unlink("/tmp/zarafa-upgrade-lock");
system("/etc/init.d/zarafa-server stop --kill");
$pid = XZARAFA_SERVER_PID();
if ($unix->process_exists($pid)) {
$kill = $unix->find_program("kill");
unix_system_kill_force($pid);
}
build_progress_status(43, "Starting monitors");
shell_exec("/etc/init.d/monit start");
shell_exec("/etc/init.d/artica-status start");
shell_exec("/etc/init.d/postfix-logger start");
build_progress_status(45, "Restarting Zarafa Server service");
WriteToSyslogMail("Action: Restarting Zarafa server...", __FILE__);
shell_exec("/etc/init.d/zarafa-server restart");
WriteToSyslogMail("Action: sleeping 5s", __FILE__);
sleep(5);
build_progress_status(50, "Restarting Zarafa Server service");
WriteToSyslogMail("Action: Restarting Zarafa server...", __FILE__);
system("/etc/init.d/zarafa-server restart");
build_progress_status(60, "Checking DB size");
databasesize(true);
build_progress_status(100, "{finish}");
}
$GLOBALS["CLASS_UNIX"] = $unix;
if (!is_file($GLOBALS["postfix"])) {
die;
}
$pidfile = "/etc/artica-postfix/pids/" . basename(__FILE__) . ".pid";
$pid = $unix->get_pid_from_file($pidfile);
if ($unix->process_exists($pid, basename(__FILE__))) {
$time = $unix->PROCCESS_TIME_MIN($pid);
echo "Starting......: " . date("H:i:s") . " Already executed pid:{$pid} since {$time}Mn\n";
$unix->send_email_events("Postfix user databases aborted (instance executed)", "Already instance pid {$pid} is executed", "postfix");
die;
}
@file_put_contents($pidfile, getmypid());
$ldap = new clladp();
if ($ldap->ldapFailed) {
WriteToSyslogMail("Fatal: connecting to ldap server {$ldap->ldap_host}", basename(__FILE__), true);
echo "Starting......: " . date("H:i:s") . " failed connecting to ldap server {$ldap->ldap_host}\n";
$unix->send_email_events("Postfix user databases aborted (ldap failed)", "The process has been scheduled to start in few seconds.", "postfix");
$unix->THREAD_COMMAND_SET(trim($unix->LOCATE_PHP5_BIN() . " " . __FILE__ . " {$argv[1]}"));
die;
}
if ($argv[1] == "--dump-db_extern") {
$GLOBALS["VERBOSE"] = true;
ini_set('html_errors', 0);
ini_set('display_errors', 1);
ini_set('error_reporting', E_ALL);
DUMP_EXTERNALS_DBS();
die;
}
if ($GLOBALS["EnablePostfixMultiInstance"] == 1) {
if ($argv[1] == "--aliases") {
function build_blacklists($aspid = false)
{
$unix = new unix();
$FINALARRAY = array();
$f = array();
$PidFile = "/etc/artica-postfix/pids/squid_build_blacklists.pid";
$dbfile = "/var/log/squid/ufdbgclient.black.db";
if ($aspid) {
$pid = $unix->get_pid_from_file($PidFile);
if ($pid != getmypid()) {
if ($unix->process_exists($pid, basename(__FILE__))) {
echo "Starting......: " . date("H:i:s") . " Blacklists: Another artica script running pid {$pid}, aborting ...\n";
WriteToSyslogMail("build_blacklists():: Another artica script running pid {$pid}, aborting ...", basename(__FILE__));
return;
}
}
}
build_progress_wb("{compiling}", 41);
@unlink($dbfile);
try {
echo "berekley_db:: Creating {$dbfile} database\n";
$db_desttmp = @dba_open($dbfile, "c", "db4");
@dba_close($db_desttmp);
} catch (Exception $e) {
$error = $e->getMessage();
echo "berekley_db::FATAL ERROR {$error} on {$dbfile}\n";
return;
}
@file_put_contents("/etc/squid3/ip-blacklists.db", "#");
@file_put_contents("/etc/squid3/www-blacklists.db", "#");
$ARRAY_IPS = array();
$ip = new IP();
$q = new mysql_squid_builder();
$array = array();
$db_con = @dba_open($dbfile, "c", "db4");
$sql = "SELECT * FROM deny_websites";
$results = $q->QUERY_SQL($sql);
if ($GLOBALS["VERBOSE"]) {
echo "BLACK " . mysql_num_rows($results) . " items SQL\n";
}
if (!$q->ok) {
echo "Starting......: " . date("H:i:s") . " [ACLS]: {$q->mysql_error}\n";
return;
}
@unlink("/etc/squid3/www-blacklists.db");
build_progress_wb("{compiling}", 42);
while ($ligne = mysql_fetch_assoc($results)) {
if ($ligne["items"] == null) {
continue;
}
$item = $ligne["items"];
if (preg_match("#^http:\\/\\/([0-9\\.]+)(\\/|\$)#", $item, $re)) {
$ARRAY_IPS[$re[1]] = true;
continue;
}
if ($ip->isValid($item)) {
$ARRAY_IPS[$item] = true;
continue;
}
$item = str_replace("/", "\\/", $item);
$item = str_replace(".", "\\.", $item);
$item = str_replace("*", ".*?", $item);
@dba_replace($item, $item, $db_con);
if ($GLOBALS["VERBOSE"]) {
echo "BLACK {$item}\n";
}
$array[] = $ligne["items"];
}
@dba_close($db_con);
build_progress_wb("{compiling}", 43);
@file_put_contents("/var/log/squid/ufdbgclient.reload", "#");
@chown("/var/log/squid/ufdbgclient.reload", "squid");
@chgrp("/var/log/squid/ufdbgclient.reload", "squid");
$acl = new squid_acls();
$url_rewrite_program = $acl->clean_dstdomains($array);
echo "Starting......: " . date("H:i:s") . " [ACLS]: " . count($url_rewrite_program) . " blacklisted webistes\n";
@file_put_contents("/etc/squid3/www-blacklists.db", @implode("\n", $url_rewrite_program) . "\n");
@chown("/etc/squid3/www-blacklists.db", "squid");
@chgrp("/etc/squid3/www-blacklists.db", "squid");
if (count($ARRAY_IPS) > 0) {
while (list($item, $line) = each($ARRAY_IPS)) {
$zips[] = $item;
}
@file_put_contents("/etc/squid3/ip-blacklists.db", @implode("\n", $zips) . "\n");
@chown("/etc/squid3/ip-blacklists.db", "squid");
@chgrp("/etc/squid3/ip-blacklists.db", "squid");
}
build_progress_wb("{compiling}", 44);
$php = $unix->LOCATE_PHP5_BIN();
$nohup = $unix->find_program("nohup");
$DenyBlacksites = false;
$f = explode("\n", @file_get_contents("/etc/squid3/squid.conf"));
while (list($num, $line) = each($f)) {
if (preg_match("#DenyBlacksites dstdomain#", $line, $re)) {
$DenyBlacksites = true;
}
}
if (!$DenyBlacksites) {
system("{$php} /usr/share/artica-postfix/exec.squid.php --build --force --noufdbg");
return;
}
build_progress_wb("{compiling}", 44);
shell_exec("{$nohup} /etc/init.d/squid reload --script=" . basename(__FILE__));
}
$GLOBALS["postalias"] = $unix->find_program("postalias");
$GLOBALS["postfix"] = $unix->find_program("postfix");
if (class_exists("clladp")) {
$ldap = new clladp();
if ($ldap->ldapFailed) {
WriteToSyslogMail("Fatal: connecting to ldap server {$ldap->ldap_host}", basename(__FILE__), true);
echo "Starting......: " . date("H:i:s") . " failed connecting to ldap server {$ldap->ldap_host}\n";
$unix->send_email_events("Postfix user databases aborted (ldap failed)", "The process has been scheduled to start in few seconds.", "postfix");
$unix->THREAD_COMMAND_SET(trim($unix->LOCATE_PHP5_BIN() . " " . __FILE__ . " {$argv[1]}"));
die;
}
}
if (class_exists("mysql")) {
$mysql = new mysql();
if (!$mysql->TestingConnection()) {
WriteToSyslogMail("Fatal: connecting to MySQL server {$mysql->mysql_error}", basename(__FILE__), true);
echo "Starting......: " . date("H:i:s") . " failed connecting to ldap server {$mysql->mysql_error}\n";
$unix->send_email_events("Postfix user databases aborted (MySQL failed)", "The process has been scheduled to start in few seconds.", "postfix");
$unix->THREAD_COMMAND_SET(trim($unix->LOCATE_PHP5_BIN() . " " . __FILE__ . " {$argv[1]}"));
die;
}
}
if ($argv[1] == '--reconfigure-all') {
reconfigure();
die;
}
if ($argv[1] == '--restart-all') {
restart_all_instances();
die;
}
if ($argv[1] == '--aliases') {
function archive_process($file)
{
$fullmessagesdir = "/opt/artica/share/www/original_messages";
$target_file = $file;
$filename = basename($target_file);
$ldap = new clladp();
$q = new mysql();
events("Unpack {$target_file}");
$mm = new demime($target_file);
if (!$mm->unpack()) {
events("Failed unpack with error \"{$mm->error}\"");
if ($mm->MustkillMail) {
@unlink($target_file);
}
return false;
}
$message_html = $mm->ExportToHtml($target_file);
if (strlen($message_html) == 0) {
return false;
}
if (count($mm->mailto_array) == 0) {
events("No recipients Aborting");
return true;
}
$filesize = filesize($target_file);
events("Message with " . count($mm->mailto_array) . " recipients html file:" . strlen($message_html) . " bytes");
if (preg_match("#(.+?)@(.+)#", $mm->mailfrom, $re)) {
$domain_from = $re[2];
}
$message_html = addslashes($message_html);
while (list($num, $recipient) = each($mm->mailto_array)) {
if (preg_match("#(.+?)@(.+)#", $recipient, $re)) {
$recipient_domain = $re[2];
}
$ou = $mm->GetOuFromEmail($recipient);
$sql_source_file = $target_file;
events("(New message)time={$mm->message_date} message-id=<{$mm->message_id}> from=<{$mm->mailfrom}> to=<{$recipient}> size={$filesize}");
$newmessageid = md5($mm->message_id . $recipient);
$sqlfilesize = @filesize($target_file);
$BinMessg = addslashes(fread(fopen($target_file, "r"), $sqlfilesize));
$sql = "INSERT IGNORE INTO storage (\n\t\t\t\tMessageID,\n\t\t\t\tzDate,\n\t\t\t\tmailfrom,\n\t\t\t\tmailfrom_domain,\n\t\t\t\tsubject,\n\t\t\t\tMessageBody,\n\t\t\t\torganization,\n\t\t\t\tmailto,\n\t\t\t\tfile_path,\n\t\t\t\toriginal_messageid,\n\t\t\t\tmessage_size,\n\t\t\t\tBinMessg,filename,filesize\n\t\t\t\t)\n\t\t\tVALUES(\n\t\t\t\t'{$newmessageid}',\n\t\t\t\t'{$mm->message_date}',\n\t\t\t\t'{$mm->mailfrom}',\n\t\t\t\t'{$domain_from}',\n\t\t\t\t'{$mm->subject}',\n\t\t\t\t'{$message_html}',\n\t\t\t\t'{$ou}',\n\t\t\t\t'{$recipient}',\n\t\t\t\t'{$sql_source_file}',\n\t\t\t\t'{$mm->message_id}',\n\t\t\t\t'{$filesize}','{$BinMessg}','{$filename}','{$sqlfilesize}')";
if (!$q->QUERY_SQL($sql, "artica_backup")) {
events($q->mysql_error);
file_put_contents("/var/log/artica-postfix/mysql-error." . md5($sql) . ".err", "{$sql}\n\n{$q->mysql_error}");
events("error saved into /var/log/artica-postfix/mysql-error." . md5($sql) . ".err");
return false;
} else {
events("Success saved in mysql...");
}
}
events("Analyze sender {$mm->mailfrom}...");
$ou = $mm->GetOuFromEmail($mm->mailfrom);
if ($ou == null) {
events("Not organization found for {$mm->mailfrom}...");
return true;
}
$recipients = $mm->mailto_array;
$impled_rctp = implode(";", $recipients);
$sql = "INSERT IGNORE INTO storage (\n\t\t\t\tMessageID,\n\t\t\t\tzDate,\n\t\t\t\tmailfrom,\n\t\t\t\tmailfrom_domain,\n\t\t\t\tsubject,\n\t\t\t\tMessageBody,\n\t\t\t\torganization,\n\t\t\t\tmailto,\n\t\t\t\tfile_path,\n\t\t\t\toriginal_messageid,\n\t\t\t\tmessage_size,BinMessg,filename,filesize\n\t\t\t\t)\n\t\t\tVALUES(\n\t\t\t\t'{$newmessageid}',\n\t\t\t\t'{$mm->message_date}',\n\t\t\t\t'{$mm->mailfrom}',\n\t\t\t\t'{$domain_from}',\n\t\t\t\t'{$mm->subject}',\n\t\t\t\t'{$message_html}',\n\t\t\t\t'{$ou}',\n\t\t\t\t'{$impled_rctp}',\n\t\t\t\t'{$sql_source_file}',\n\t\t\t\t'{$mm->message_id}',\n\t\t\t\t'{$filesize}','{$BinMessg}','{$filename}','{$sqlfilesize}')";
if (!$q->QUERY_SQL($sql, "artica_backup")) {
events($q->mysql_error);
file_put_contents("/var/log/artica-postfix/mysql-error." . md5($sql) . ".err", "{$sql}\n\n{$q->mysql_error}");
WriteToSyslogMail("error saved into /var/log/artica-postfix/mysql-error." . md5($sql) . ".err", __FILE__);
return false;
}
WriteToSyslogMail("{$mm->message_id}: <{$mm->mailfrom}> to: <{$impled_rctp}> size={$filesize} bytes (saved into backup area)", __FILE__);
events("time={$mm->message_date} message-id=<{$mm->message_id}> from=<{$mm->mailfrom}> to=<{$impled_rctp}> size={$filesize}");
return true;
}
function ApplyConfig($smooth = false)
{
if (function_exists("WriteToSyslogMail")) {
WriteToSyslogMail("Invoke ApplyConfig function", basename(__FILE__));
}
$unix = new unix();
$ulimit = $unix->find_program("ulimit");
if (is_file($ulimit)) {
shell_exec("{$ulimit} -HSd unlimited");
} else {
echo "Starting......: " . date("H:i:s") . " [SYS]: Squid ulimit no such binary...\n";
}
echo "Starting......: " . date("H:i:s") . " [SYS]: Squid apply kernel settings\n";
build_progress("{reconfigure} Kernel values", 46);
kernel_values();
echo "Starting......: " . date("H:i:s") . " [SYS]: Squid apply Checks security limits\n";
build_progress("{reconfigure} Security limits", 47);
security_limit();
echo "Starting......: " . date("H:i:s") . " [SYS]: Squid Checking Remote appliances...\n";
build_progress("{reconfigure} checks remote appliances", 48);
remote_appliance_restore_tables();
echo "Starting......: " . date("H:i:s") . " [SYS]: Squid Checking Remote appliances done...\n";
$nohup = $unix->find_program("nohup");
$php5 = $unix->LOCATE_PHP5_BIN();
$squidbin = $unix->find_program("squid");
$SQUID_CONFIG_PATH = $unix->SQUID_CONFIG_PATH();
echo "Starting......: " . date("H:i:s") . " [SYS]: Squid loading libraires...\n";
$sock = new sockets();
$squid = new squidbee();
if (!is_file($squidbin)) {
$squidbin = $unix->find_program("squid3");
}
echo "Starting......: " . date("H:i:s") . " [SYS]: Squid binary: `{$squidbin}`\n";
echo "Starting......: " . date("H:i:s") . " [SYS]: Squid Conf..: `{$SQUID_CONFIG_PATH}`\n";
echo "Starting......: " . date("H:i:s") . " [SYS]: Squid php...: `{$php5}`\n";
echo "Starting......: " . date("H:i:s") . " [SYS]: Squid nohup.: `{$nohup}`\n";
$DenySquidWriteConf = $sock->GET_INFO("DenySquidWriteConf");
if (!is_numeric($DenySquidWriteConf)) {
$DenySquidWriteConf = 0;
}
echo "Starting......: " . date("H:i:s") . " [SYS]: Squid Checking `DenySquidWriteConf` = {$DenySquidWriteConf}\n";
@copy("/etc/artica-postfix/settings/Daemons/SquidNudityScanParams", "/etc/squid3/SquidNudityScanParams");
echo "Starting......: " . date("H:i:s") . " [SYS]: Squid Checking `NudeBooster`\n";
build_progress("{reconfigure} Nude booster", 49);
NudeBooster();
if (!is_dir("/usr/share/squid-langpack")) {
echo "Starting......: " . date("H:i:s") . " [SYS]: Squid Checking Templates from MySQL\n";
$unix->THREAD_COMMAND_SET("{$php5} " . __FILE__ . " --tpl-save");
}
$EnableRemoteStatisticsAppliance = 0;
echo "Starting......: " . date("H:i:s") . " [SYS]: Squid Build blocked Websites list...\n";
build_progress("{reconfigure} Whitelisted browsers", 50);
acl_whitelisted_browsers();
build_progress("{reconfigure} allowed browsers", 51);
acl_allowed_browsers();
echo "Starting......: " . date("H:i:s") . " Checking wrapzap\n";
build_progress("{reconfigure} wrapzap", 52);
wrapzap();
build_progress("{reconfigure} Mime.conf", 53);
mime_conf();
build_progress("{reconfigure} Blocked websites", 54);
$squid->BuildBlockedSites();
build_progress("{reconfigure} FTP clients ACLs", 55);
acl_clients_ftp();
build_progress("{reconfigure} Dynamic rules caches", 56);
echo "Starting......: " . date("H:i:s") . " [SYS]: Dynamic rules caches...\n";
dyn_caches();
build_progress("{reconfigure} Webfiltering whitelisted", 57);
echo "Starting......: " . date("H:i:s") . " [SYS]: Squid Build url_rewrite_access deny...\n";
urlrewriteaccessdeny();
echo "Starting......: " . date("H:i:s") . " [SYS]:Squid building main configuration done\n";
if ($GLOBALS["NOAPPLY"]) {
$DenySquidWriteConf = 0;
}
if ($DenySquidWriteConf == 0) {
@mkdir("/tmp", 0755, true);
$squid->CURRENT_PROGRESS = 79;
$squid->MAX_PROGRESS = 79;
$conf = $squid->BuildSquidConf();
$conf = str_replace("\n\n", "\n", $conf);
build_progress("{writing_configuration}", 79);
@file_put_contents("/tmp/squid.conf", $conf);
echo "Starting......: " . date("H:i:s") . " [SYS]: Squid Check validity of the configuration file with /tmp/squid.conf...\n";
$GLOBALS["SQUID_PATTERN_ERROR"] = array();
CheckConfig("/tmp/squid.conf");
if (count($GLOBALS["SQUID_PATTERN_ERROR"]) > 0) {
echo "Starting......: " . date("H:i:s") . " [SYS]: Some errors are detected and cleaned\n";
squid_admin_mysql(1, "Some errors has been detected in settings", "Please check theses values:\n" . @implode("\n", $GLOBALS["SQUID_PATTERN_ERROR"]));
$conf = @file_get_contents("/tmp/squid.conf");
}
exec("{$squidbin} -f /tmp/squid.conf -k parse 2>&1", $results);
while (list($index, $ligne) = each($results)) {
if (strpos($ligne, "| WARNING:") > 0) {
continue;
}
if (preg_match("#ERROR: Failed#", $ligne)) {
build_progress("{operation_failed} !!!", 110);
echo "Starting......: " . date("H:i:s") . " [SYS]: Squid `{$ligne}`, aborting configuration, keep the old one...\n";
echo "<div style='font-size:16px;font-weight:bold;color:#E71010'>{$ligne}</div>";
$sock->TOP_NOTIFY("{$ligne}", "error");
return;
}
if (preg_match("#Segmentation fault#", $ligne)) {
build_progress("{operation_failed} Segmentation fault !!!", 110);
echo "Starting......: " . date("H:i:s") . " [SYS]: Squid `{$ligne}`, aborting configuration, keep the old one...\n";
echo "<div style='font-size:16px;font-weight:bold;color:#E71010'>{$ligne}</div>";
$sock->TOP_NOTIFY("{$ligne}", "error");
return;
}
if (preg_match("#(unrecognized|FATAL|Bungled)#", $ligne)) {
build_progress("{operation_failed} Bungled !!!", 110);
echo "Starting......: " . date("H:i:s") . " [SYS]: Squid `{$ligne}`, aborting configuration, keep the old one...\n";
echo "<div style='font-size:16px;font-weight:bold;color:#E71010'>{$ligne}</div>";
if (preg_match("#line ([0-9]+):#", $ligne, $ri)) {
$Buggedline = $ri[1];
$tt = explode("\n", @file_get_contents("/tmp/squid.conf"));
echo "<HR>";
for ($i = $Buggedline - 2; $i < $Buggedline + 2; $i++) {
$lineNumber = $i + 1;
$colorbugged = "black";
if (trim($tt[$i]) == null) {
continue;
}
if ($lineNumber == $Buggedline) {
$colorbugged = "#E71010";
}
echo "<div style='font-size:12px;font-weight:bold;color:{$colorbugged}'>[line:{$lineNumber}]: {$tt[$i]}</div>";
}
}
echo "<HR>";
$sock->TOP_NOTIFY("{$ligne}", "error");
return;
}
if (preg_match("#strtokFile:\\s+(.+?)\\s+not found#", $ligne, $re)) {
$filename = trim($re[1]);
echo "Starting......: " . date("H:i:s") . " [SYS]: Squid missing {$filename}, create an empty one\n";
@mkdir(dirname($filename), 0755, true);
@file_put_contents($filename, "");
@chown($filename, "squid");
@chgrp($filename, "squid");
continue;
}
if (preg_match("#Processing:\\s+#", $ligne)) {
continue;
}
if (preg_match("#Warning: empty ACL#", $ligne)) {
continue;
}
if (preg_match("#searching predictable#", $ligne)) {
continue;
}
if (preg_match("#is a subnetwork of#", $ligne)) {
continue;
}
if (preg_match("#You should probably#", $ligne)) {
continue;
}
if (preg_match("#Startup:\\s+#", $ligne)) {
continue;
}
echo "Starting......: " . date("H:i:s") . " [SYS]: {$ligne}\n";
}
@file_put_contents("/etc/artica-postfix/settings/Daemons/GlobalSquidConf", $conf);
echo "Starting......: " . date("H:i:s") . " [SYS]: Squid Check validity OK...\n";
if ($GLOBALS["NOAPPLY"]) {
echo "Starting......: " . date("H:i:s") . " [SYS]: WARNING \"NOAPPLY\" Artica is denied to apply settings...\n";
return true;
}
echo "Starting......: " . date("H:i:s") . " [SYS]: Squid Writing configuration file \"{$SQUID_CONFIG_PATH}\" " . strlen($conf) . " bytes...\n";
@file_put_contents($SQUID_CONFIG_PATH, $conf);
@mkdir("/etc/squid3", 0755, true);
if ($SQUID_CONFIG_PATH != "/etc/squid3/squid.conf") {
@file_put_contents("/etc/squid3/squid.conf", $conf);
}
$sock->TOP_NOTIFY("{squid_parameters_was_saved}", "info");
$cmd = $unix->LOCATE_PHP5_BIN() . " " . __FILE__ . " --templates --noreload";
$unix->THREAD_COMMAND_SET($cmd);
}
build_progress("{checking}: squidclamav", 79);
if (!$smooth) {
squidclamav();
}
build_progress("{checking}: wrapzap", 79);
if (!$smooth) {
wrapzap();
}
build_progress("{checking}: Cerificates", 79);
if (!$smooth) {
certificate_generate();
}
$cmd = $nohup . " " . $unix->LOCATE_PHP5_BIN() . " " . __FILE__ . " --cache-infos --force >/dev/null 2>&1 &";
if ($GLOBALS["VERBOSE"]) {
echo "{$cmd}\n";
}
shell_exec($cmd);
shell_exec("{$nohup} {$php5} /usr/share/artica-postfix/exec.syslog-engine.php --rsylogd >/dev/null 2>&1 &");
shell_exec("{$nohup} {$php5} /usr/share/artica-postfix/exec.squid.watchdog.php --init >/dev/null 2>&1 &");
if (!$smooth) {
build_progress("{checking}: Check Files And Security", 79);
CheckFilesAndSecurity();
}
return true;
}
function SwapWatchdog()
{
$reboot = false;
$DisableSWAPP = $GLOBALS["CLASS_SOCKETS"]->GET_INFO("DisableSWAPP");
if (!is_numeric($DisableSWAPP)) {
$DisableSWAPP = 0;
}
if ($DisableSWAPP == 1) {
return;
}
mkdir_test("/etc/artica-postfix/cron.1", 0755, true);
$filecache = "/etc/artica-postfix/cron.1/SwapOffOn.time";
$filecache20 = "/etc/artica-postfix/cron.1/SwapOffOn20.time";
$filecache50 = "/etc/artica-postfix/cron.1/SwapOffOn50.time";
$filecache100 = "/etc/artica-postfix/cron.1/SwapOffOn50.time";
$ps = $GLOBALS["CLASS_UNIX"]->find_program("ps");
$SwapOffOn = unserialize(base64_decode($GLOBALS["CLASS_SOCKETS"]->GET_INFO("SwapOffOn")));
if (!is_numeric($SwapOffOn["SwapEnabled"])) {
$SwapOffOn["SwapEnabled"] = 1;
}
if (!is_numeric($SwapOffOn["SwapMaxPourc"])) {
$SwapOffOn["SwapMaxPourc"] = 20;
}
if (!is_numeric($SwapOffOn["SwapMaxMB"])) {
$SwapOffOn["SwapMaxMB"] = 0;
}
if (!is_numeric($SwapOffOn["SwapTimeOut"])) {
$SwapOffOn["SwapTimeOut"] = 60;
}
include_once dirname(__FILE__) . "/ressources/class.main_cf.inc";
$sys = new systeminfos();
if ($sys->swap_used == 0) {
return;
}
if ($sys->swap_total == 0) {
return;
}
if ($sys->swap_used == $sys->swap_total) {
return;
}
events("{$sys->swap_used}/{$sys->swap_total} ", __FUNCTION__, __LINE__);
$pourc = round($sys->swap_used / $sys->swap_total * 100);
$notif = $notif . "{$sys->swap_used}/{$sys->swap_total}\n";
events("{$sys->swap_used}MB used ({$pourc}%)", __FUNCTION__, __LINE__);
if ($pourc > 20) {
if ($pourc < 50) {
$filetime = $GLOBALS["CLASS_UNIX"]->file_time_min($filecache20);
if ($filetime > 30) {
@unlink($filecache20);
@file_put_contents($filecache20, time());
squid_admin_mysql(1, "[INFO]: System swap exceed {$pourc}%", "Time {$filetime}Mn\nYou will find here a snapshot of current tasks\n" . $GLOBALS["CLASS_UNIX"]->ps_mem_report(), __FILE__, __LINE__);
}
}
}
if ($pourc > 50) {
if ($pourc < 70) {
$filetime = $GLOBALS["CLASS_UNIX"]->file_time_min($filecache50);
if ($filetime > 15) {
@unlink($filecache50);
@file_put_contents($filecache50, time());
squid_admin_mysql(1, "[WARNING]: System swap exceed {$pourc}%", "Time {$filetime}Mn\nYou will find here a snapshot of current tasks\n" . $GLOBALS["CLASS_UNIX"]->ps_mem_report(), __FILE__, __LINE__);
}
}
}
if ($pourc > 70) {
$filetime = $GLOBALS["CLASS_UNIX"]->file_time_min($filecache100);
if ($filetime > 10) {
@unlink($filecache100);
@file_put_contents($filecache100, time());
squid_admin_mysql(0, "[ALERT!!]: System swap exceed {$pourc}%", "Time {$filetime}Mn\nYou will find here a snapshot of current tasks\n" . $GLOBALS["CLASS_UNIX"]->ps_mem_report(), __FILE__, __LINE__);
}
}
if ($SwapOffOn["SwapEnabled"] == 0) {
return;
}
$filetime = $GLOBALS["CLASS_UNIX"]->file_time_min($filecache);
if ($filetime < $SwapOffOn["SwapTimeOut"]) {
events("{$filetime}Mn need to wait {$SwapOffOn["SwapTimeOut"]}mn", __FUNCTION__, __LINE__);
return;
}
if ($SwapOffOn["SwapMaxMB"] > 0) {
if ($sys->swap_used > $SwapOffOn["SwapMaxMB"]) {
$execeed_text = $SwapOffOn["SwapMaxMB"] . "MB";
$reboot = true;
}
}
if ($SwapOffOn["SwapMaxMB"] == 0) {
if ($pourc > 3) {
if ($pourc > $SwapOffOn["SwapMaxPourc"]) {
$execeed_text = $SwapOffOn["SwapMaxPourc"] . "%";
$reboot = true;
}
}
}
@unlink($filecache);
@file_put_contents($filecache, time());
if (!$reboot) {
return;
}
$swapoff = $GLOBALS["CLASS_UNIX"]->find_program("swapoff");
$swapon = $GLOBALS["CLASS_UNIX"]->find_program("swapon");
if (!is_file($swapoff)) {
events("swapoff no such file", __FUNCTION__, __LINE__);
shell_exec2("sync; echo \"3\" > /proc/sys/vm/drop_caches >/dev/null 2>&1");
return;
}
if (!is_file($swapon)) {
events("swapon no such file", __FUNCTION__, __LINE__);
shell_exec2("sync; echo \"3\" > /proc/sys/vm/drop_caches >/dev/null 2>&1");
return;
}
$time = time();
if (function_exists("WriteToSyslogMail")) {
WriteToSyslogMail("SwapWatchdog:: Starting to purge the swap file because it execeed rules", basename(__FILE__));
}
$cmd = "{$swapoff} -a 2>&1";
$results = array();
$results[] = $cmd;
events("running {$cmd}", __FUNCTION__, __LINE__);
exec($cmd, $results);
$cmd = "{$swapon} -a 2>&1";
$results[] = $cmd;
events("running {$cmd}", __FUNCTION__, __LINE__);
exec($cmd, $results);
$text = @implode("\n", $results);
$time_duration = distanceOfTimeInWords($time, time());
shell_exec2("sync; echo \"3\" > /proc/sys/vm/drop_caches >/dev/null 2>&1");
events("results: {$time_duration}\n {$text}", __FUNCTION__, __LINE__);
$notif = $notif . "\nMemory swap purge {$execeed_text} ({$time_duration})\n{$text}";
$notif = $notif . "\n" . $GLOBALS["CLASS_UNIX"]->ps_mem_report();
squid_admin_mysql(1, "Memory swap purge {$execeed_text}", "(Execution time: {$time_duration})", __FILE__, __LINE__);
$GLOBALS["CLASS_UNIX"]->send_email_events("Memory swap purge {$execeed_text} (task time execuction: {$time_duration})", $text, "system");
$sqdbin = $GLOBALS["CLASS_UNIX"]->find_program("squid");
if (!is_file($sqdbin)) {
$sqdbin = $GLOBALS["CLASS_UNIX"]->find_program("squid3");
}
if (is_file($sqdbin)) {
$php5 = $GLOBALS["CLASS_UNIX"]->LOCATE_PHP5_BIN();
$nohup = $GLOBALS["CLASS_UNIX"]->find_program("nohup");
if (function_exists("debug_backtrace")) {
$trace = debug_backtrace();
if (isset($trace[1])) {
$sourcefunction = $trace[1]["function"];
$sourceline = $trace[1]["line"];
$executed = "Executed by {$sourcefunction}() line {$sourceline}\nusing argv:{$GLOBALS["ARGVS"]}\n";
}
}
squid_admin_mysql(1, "Asking to reload proxy service after purging the Swap file", "{$executed}\n{$notif}", __FILE__, __LINE__);
if (function_exists("WriteToSyslogMail")) {
WriteToSyslogMail("SwapWatchdog:: reloading Squid after purging the Swap file", basename(__FILE__));
}
shell_exec2("{$nohup} {$php5} /usr/share/artica-postfix/exec.squid.php --reload-squid --bywatchdog >/dev/null 2>&1 &");
}
}
function JOIN_ACTIVEDIRECTORY()
{
$unix = new unix();
$function = __FUNCTION__;
$user = new settings_inc();
$netbin = $unix->LOCATE_NET_BIN_PATH();
if (!is_file($netbin)) {
echo "Starting......: " . date("H:i:s") . " {$function}, net, no such binary\n";
return;
}
if (!$user->SAMBA_INSTALLED) {
echo "Starting......: " . date("H:i:s") . " {$function}, Samba, no such software\n";
return;
}
$NetADSINFOS = $unix->SAMBA_GetNetAdsInfos();
$KDC_SERVER = $NetADSINFOS["KDC server"];
$sock = new sockets();
$array = unserialize(base64_decode($sock->GET_INFO("SambaAdInfos")));
run_msktutils();
$domainUp = strtoupper($array["ADDOMAIN"]);
$domain_lower = strtolower($array["ADDOMAIN"]);
$adminpassword = $array["PASSWORD"];
$adminpassword = $unix->shellEscapeChars($adminpassword);
$adminname = $array["ADADMIN"];
$ad_server = $array["ADSERVER"];
$workgroup = $array["WORKGROUP"];
$ipaddr = trim($array["ADSERVER_IP"]);
if ($GLOBALS["VERBOSE"]) {
echo "{$function}, Using Password: {$adminpassword}";
}
if (function_exists("WriteToSyslogMail")) {
WriteToSyslogMail("Trying to relink this server with Active Directory {$ad_server}.{$domain_lower} server", basename(__FILE__));
}
echo "Starting......: " . date("H:i:s") . " Samba, [{$adminname}]: Kdc server ads : {$KDC_SERVER}\n";
if ($KDC_SERVER == null) {
$cmd = "{$netbin} ads join -W {$ad_server}.{$domain_lower} -S {$ad_server} -U {$adminname}%{$adminpassword} 2>&1";
if ($GLOBALS["VERBOSE"]) {
echo "Starting......: " . date("H:i:s") . " {$function}, {$cmd}\n";
}
exec("{$cmd}", $results);
while (list($index, $line) = each($results)) {
echo "Starting......: " . date("H:i:s") . " {$function}, ads join [{$adminname}]: {$line}\n";
}
$NetADSINFOS = $unix->SAMBA_GetNetAdsInfos();
$KDC_SERVER = $NetADSINFOS["KDC server"];
}
if ($KDC_SERVER == null) {
echo "Starting......: " . date("H:i:s") . " Samba, [{$adminname}]: unable to join the domain {$domain_lower}\n";
}
echo "Starting......: " . date("H:i:s") . " Samba, [{$adminname}]: setauthuser..\n";
$cmd = "{$netbin} setauthuser -U {$adminname}%{$adminpassword}";
if ($GLOBALS["VERBOSE"]) {
echo "Starting......: " . date("H:i:s") . " {$function}, {$cmd}\n";
}
shell_exec($cmd);
if ($ipaddr == null) {
$JOINEDRES = false;
echo "Starting......: " . date("H:i:s") . " Samba, [{$adminname} 0]: join for {$workgroup} (without IP addr)\n";
if ($GLOBALS["VERBOSE"]) {
echo "Starting......: " . date("H:i:s") . " {$function},[{$adminname} 0]: {$cmd}\n";
}
$cmd = "{$netbin} join -U {$adminname}%{$adminpassword} {$workgroup} 2>&1";
exec($cmd, $A1);
while (list($index, $line) = each($A1)) {
if (preg_match("#Joined#", $line)) {
echo "Starting......: " . date("H:i:s") . " Samba, [{$adminname} 0]: join for {$workgroup} (without IP addr) success\n";
$JOINEDRES = true;
break;
}
if (function_exists("WriteToSyslogMail")) {
WriteToSyslogMail("Starting......: " . date("H:i:s") . " Samba, {$line}", basename(__FILE__));
}
}
if (!$JOINEDRES) {
echo "Starting......: " . date("H:i:s") . " Samba, [{$adminname} 0]: join as netrpc.. (without IP addr)\n";
$cmd = "{$netbin} rpc join -U {$adminname}%{$adminpassword} {$workgroup} 2>&1";
exec($cmd, $A2);
if ($GLOBALS["VERBOSE"]) {
echo "Starting......: " . date("H:i:s") . " {$function}, {$cmd}\n";
}
while (list($index, $line) = each($A2)) {
if (preg_match("#Joined#", $line)) {
echo "Starting......: " . date("H:i:s") . " Samba, [{$adminname} 0]: join for {$workgroup} (without IP addr) success\n";
$JOINEDRES = true;
break;
}
if (function_exists("WriteToSyslogMail")) {
WriteToSyslogMail("Starting......: " . date("H:i:s") . " Samba, {$line}", basename(__FILE__));
}
}
}
}
if ($ipaddr != null) {
if (!$GLOBALS["VERBOSE"]) {
echo "Starting......: " . date("H:i:s") . " {$function}, [{$adminname} 1]: ads '{$netbin} ads join -I {$ipaddr} -U {$adminname}%**** {$workgroup}'\n";
}
//$cmd="$netbin ads join -S $ad_server.$domain_lower -I $ipaddr -U $adminname%$adminpassword 2>&1";
$cmd = "{$netbin} ads join -I {$ipaddr} -U {$adminname}%{$adminpassword} {$workgroup} 2>&1";
if ($GLOBALS["VERBOSE"]) {
echo "Starting......: " . date("H:i:s") . " {$function},[{$adminname} 1]: {$cmd}\n";
}
exec($cmd, $BIGRES2);
while (list($index, $line) = each($BIGRES2)) {
if (preg_match("#Failed to join#i", $line)) {
echo "Starting......: " . date("H:i:s") . " {$function}, [{$adminname} 1]: ads join failed ({$line}), using pure IP\n";
if (!$GLOBALS["VERBOSE"]) {
echo "Starting......: " . date("H:i:s") . " {$function}, [{$adminname} 1]: '{$netbin} ads join -I {$ipaddr} -U {$adminname}%*** {$workgroup}'\n";
}
$cmd = "{$netbin} ads join -I {$ipaddr} -U {$adminname}%{$adminpassword} {$workgroup} 2>&1";
if ($GLOBALS["VERBOSE"]) {
echo "Starting......: " . date("H:i:s") . " {$function}, {$cmd}\n";
}
$BIGRESS = array();
$BIGRES1 = array();
exec($cmd, $BIGRES1);
while (list($index, $line) = each($BIGRES1)) {
echo "Starting......: " . date("H:i:s") . " {$function}, [{$adminname} 2] {$line}\n";
if (function_exists("WriteToSyslogMail")) {
WriteToSyslogMail("Starting......: " . date("H:i:s") . " {$function}, {$line}", basename(__FILE__));
}
}
break;
}
echo "Starting......: " . date("H:i:s") . " Samba,[{$adminname} 1] {$line}\n";
if (function_exists("WriteToSyslogMail")) {
WriteToSyslogMail("Starting......: " . date("H:i:s") . " {$function}, {$line}", basename(__FILE__));
}
}
/*echo "Starting......: ".date("H:i:s")." Samba, [$adminname]: join with IP Adrr:$ipaddr..\n";
$cmd="$netbin join -U $adminname%$adminpassword -I $ipaddr";
if($GLOBALS["VERBOSE"]){echo "Starting......: ".date("H:i:s")." Samba, $cmd\n";}
shell_exec($cmd);*/
}
if ($KDC_SERVER == null) {
$NetADSINFOS = $unix->SAMBA_GetNetAdsInfos();
$KDC_SERVER = $NetADSINFOS["KDC server"];
}
if ($KDC_SERVER == null) {
echo "Starting......: " . date("H:i:s") . " Samba, [{$adminname}]: unable to join the domain {$domain_lower}\n";
}
echo "Starting......: " . date("H:i:s") . " Samba, [{$adminname}]: Kdc server ads : {$KDC_SERVER}\n";
unset($results);
$cmd = "{$netbin} ads keytab create -P -U {$adminname}%{$adminpassword} 2>&1";
if ($GLOBALS["VERBOSE"]) {
echo "Starting......: " . date("H:i:s") . " Samba, {$cmd}\n";
}
exec("{$cmd}", $results);
$php5 = $unix->LOCATE_PHP5_BIN();
$unix->THREAD_COMMAND_SET("{$php5} " . dirname(__FILE__) . "/exec.adusers.php --computers");
while (list($index, $line) = each($results)) {
echo "Starting......: " . date("H:i:s") . " Samba,ads keytab: [{$adminname}]: {$line}\n";
}
shell_exec("/etc/init.d/winbind restart");
}
function LOG_ADDED_CATZ($category_table, $rownumbers)
{
//webfilters_bigcatzlogs
if (function_exists("debug_backtrace")) {
$trace = @debug_backtrace();
if (isset($trace[1])) {
$called = "called by " . basename($trace[1]["file"]) . " {$trace[1]["function"]}() line {$trace[1]["line"]}";
}
}
if ($rownumbers == 0) {
return;
}
if (!is_numeric($rownumbers)) {
return;
}
if ($category_table == null) {
if (function_exists("WriteToSyslog")) {
WriteToSyslog("Fatal: No category Table set {$called}", basename(__FILE__));
}
}
if ($this->TABLE_EXISTS("webfilters_bigcatzlogs")) {
$this->CheckTables();
}
$categoryname = $this->tablename_tocat($category_table);
if ($categoryname == null) {
if (function_exists("WriteToSyslog")) {
WriteToSyslog("Warning: Unable to find category for {$categoryname} {$called}", basename(__FILE__));
}
}
$sql = "INSERT IGNORE INTO webfilters_bigcatzlogs (zDate,category_table,category,AddedItems) \n\t\tVALUES (NOW(),'{$category_table}','{$categoryname}','{$rownumbers}')";
$this->QUERY_SQL($sql);
if (!$this->ok) {
if (function_exists("WriteToSyslogMail")) {
WriteToSyslogMail(__FUNCTION__ . "::{$q->mysql_error}", basename(__FILE__));
}
return;
}
//if(function_exists("WriteToSyslogMail")){WriteToSyslogMail("$category_table $rownumbers new items", basename(__FILE__));}
$ID = time();
$sql = "INSERT IGNORE INTO instant_updates (ID,zDate,CountItems) VALUES('{$ID}',NOW(),'{$rownumbers}')";
$this->QUERY_SQL($sql);
}
function Parseline($buffer)
{
$buffer = trim($buffer);
$GLOBALS["COUNT-LINES"]++;
if ($GLOBALS["COUNT-LINES"] > 5000) {
$GLOBALS["TOTAL-LINES"] = $GLOBALS["TOTAL-LINES"] + $GLOBALS["COUNT-LINES"];
$distanceInSeconds = round(abs(time() - $GLOBALS["COUNT-LINES-TIME"]));
$distanceInMinutes = round($distanceInSeconds / 60);
events("{$GLOBALS["TOTAL-LINES"]} Parsed...");
if ($distanceInMinutes > 2) {
events("{$GLOBALS["TOTAL-LINES"]} Check size...");
$GLOBALS["COUNT-LINES-TIME"] = time();
shell_exec($GLOBALS["CLEANCMD"]);
$GLOBALS["COUNT-LINES"] = 0;
}
}
if (strpos($buffer, '): operation="file_perm" pid=') > 0) {
return;
}
$dust = new syslogger();
if (strpos($buffer, "]: [DEBUG]") > 0) {
return;
}
if ($dust->MailDustbin($buffer)) {
return;
}
//kernel dustbin
if (strpos($buffer, "ext4_dx_add_entry: Directory index full") > 0) {
return true;
}
if (strpos($buffer, "] ll header:") > 0) {
return true;
}
if (strpos($buffer, "exec.squid.watchdog.php") > 0) {
return true;
}
if (strpos($buffer, "using local addresses only for domain") > 0) {
return true;
}
//squid dustbin
if (strpos($buffer, "Load average increasing, re-enabling all cpus for irq balancing") > 0) {
return true;
}
if (strpos($buffer, "artica-watchdog[") > 0) {
return true;
}
if (strpos($buffer, "exec.syslog-engine.php") > 0) {
return true;
}
if (strpos($buffer, "exec.postfix-logger.php") > 0) {
return true;
}
if (strpos($buffer, "]: WARNING: ") > 0) {
return true;
}
if (strpos($buffer, " epmd running") > 0) {
return true;
}
if (strpos($buffer, "#]: Startup: Initializing") > 0) {
return true;
}
if (strpos($buffer, "]: Reconfiguring Squid Cache") > 0) {
return true;
}
if (strpos($buffer, "]: Closing HTTP port") > 0) {
return true;
}
if (strpos($buffer, "]: Processing Configuration File:") > 0) {
return true;
}
if (strpos($buffer, "]: Startup: Initialized") > 0) {
return true;
}
if (strpos($buffer, "]: Warning: empty ACL") > 0) {
return true;
}
if (strpos($buffer, "]: Accepting HTTP Socket connections") > 0) {
return true;
}
if (strpos($buffer, " RELEASE ") > 0) {
return true;
}
if (strpos($buffer, " SWAPOUT ") > 0) {
return true;
}
if (strpos($buffer, "RELEASE -1 FFFFFFFF") > 0) {
return true;
}
//Postfix dustbin
if (preg_match("#Do you need to run.+?sa-update#", $buffer)) {
amavis_sa_update($buffer);
return;
}
if (strpos($buffer, " fcrontab[") > 0) {
return true;
}
if (strpos($buffer, "exec.mailarchive.php") > 0) {
return true;
}
if (strpos($buffer, "Orphan Comm::Connection: local=") > 0) {
return true;
}
if (strpos($buffer, "class.mysql.squid.builder.php") > 0) {
return true;
}
if (strpos($buffer, "Orphans since last started") > 0) {
return true;
}
if (strpos($buffer, "general, No Profile configured! Allowing") > 0) {
return true;
}
if (strpos($buffer, "general, KHSE: no threat detected in") > 0) {
return true;
}
if (preg_match("#exec.dstat.top.php#", $buffer)) {
return true;
}
if (preg_match("#artica-filter#", $buffer)) {
return true;
}
if (preg_match("#postfix\\/#", $buffer)) {
return true;
}
if (preg_match("#CRON\\[#", $buffer)) {
return true;
}
if (preg_match("#: CACHEMGR:#", $buffer)) {
return true;
}
if (preg_match("#exec\\.postfix-logger\\.php:#", $buffer)) {
return true;
}
if (preg_match("#artica-install\\[#", $buffer)) {
return true;
}
// monit dustbin
if (preg_match("#monitor action done#", $buffer)) {
return true;
}
if (preg_match("#monitor service.+?on user request#", $buffer)) {
return true;
}
if (preg_match("#CRON\\[.+?\\(root\\).+CMD#", $buffer)) {
return true;
}
if (preg_match("#winbindd\\[.+?winbindd_listen_fde_handler#", $buffer)) {
return true;
}
if (strpos($buffer, "Other action already in progress -- please try again later") > 0) {
return true;
}
if (strpos($buffer, "class.cronldap.inc") > 0) {
return true;
}
if (strpos($buffer, "Awakened by User defined") > 0) {
return true;
}
if (strpos($buffer, ": Checking summary") > 0) {
return true;
}
//Zarafa dustbin
if (strpos($buffer, ": End of session (logoff)") > 0) {
return true;
}
if (strpos($buffer, " receives session ") > 0) {
return true;
}
if (strpos($buffer, ": Disconnecting client") > 0) {
return true;
}
if (strpos($buffer, " thread exiting") > 0) {
return true;
}
if (strpos($buffer, ": Accepted connection from") > 0) {
return true;
}
if (strpos($buffer, ": Not authorized for command: CAPA") > 0) {
return true;
}
if (strpos($buffer, ": Starting worker process for") > 0) {
return true;
}
// **************** peut être utilisé ???
if (strpos($buffer, "User supplied password using program zarafa-gateway") > 0) {
return true;
}
if (strpos($buffer, "authenticated through User supplied password using program") > 0) {
return true;
}
if (strpos($buffer, "authenticated through Pipe socket using program") > 0) {
return true;
}
if (strpos($buffer, "conntrack-tools[") > 0) {
return true;
}
if (strpos($buffer, "]: (root) CMD (") > 0) {
return true;
}
if (strpos($buffer, "]: MemoryInstances") > 0) {
return true;
}
if (strpos($buffer, "]: launch_all_status(") > 0) {
return true;
}
if (strpos($buffer, "]: PROCESS IN MEMORY") > 0) {
return true;
}
if (strpos($buffer, ">/dev/null 2>&1 &") > 0) {
return true;
}
if (strpos($buffer, "executed...end") > 0) {
return true;
}
if (strpos($buffer, "requests per minute") > 0) {
return true;
}
if (strpos($buffer, "Ask all status to MONIT") > 0) {
return true;
}
if (strpos($buffer, "exec.status.php[") > 0) {
return true;
}
if (preg_match("#slapd.+?conn=[0-9]+\\s+fd=.+?closed#", $buffer)) {
return true;
}
if (strpos($buffer, "msmtp: ") > 0) {
return true;
}
if (strpos($buffer, "*system*awstats") > 0) {
return true;
}
if (strpos($buffer, "extra modules loaded after daemonizing/chrooting") > 0) {
return;
}
if (strpos($buffer, "/etc/cron.d/awstats") > 0) {
return;
}
if (strpos($buffer, "emailrelay:") > 0) {
return;
}
if (strpos($buffer, "pptpd-logwtmp.so loaded") > 0) {
return;
}
if (strpos($buffer, "Reinitializing monit daemon") > 0) {
return;
}
if (strpos($buffer, "Monit reloaded") > 0) {
return;
}
if (strpos($buffer, "Tarticaldap.logon") > 0) {
return;
}
if (strpos($buffer, "pulseaudio[") > 0) {
return;
}
if (strpos($buffer, "exec: /usr/bin/php5") > 0) {
return;
}
if (strpos($buffer, "Found decoder for ") > 0) {
return;
}
if (strpos($buffer, "Internal decoder for ") > 0) {
return;
}
if (strpos($buffer, "Loaded Icons") > 0) {
return;
}
if (strpos($buffer, "CP ConfReq") > 0) {
return;
}
if (strpos($buffer, "CP ConfAck") > 0) {
return;
}
if (strpos($buffer, "CP EchoReq") > 0) {
return;
}
if (strpos($buffer, "/usr/sbin/cron") > 0) {
return;
}
if (strpos($buffer, "no IPv6 routers present") > 0) {
return;
}
if (strpos($buffer, "AM.PDP-SOCK") > 0) {
return;
}
if (strpos($buffer, "disconnect from unknown") > 0) {
return;
}
//amavis - Mail Dutdsbin
//LDAP Dustbin
if (strpos($buffer, "SEARCH RESULT tag=") > 0) {
return;
}
if (strpos($buffer, 'SRCH base="cn=') > 0) {
return;
}
if (strpos($buffer, 'ACCEPT from IP=') > 0) {
return;
}
if (strpos($buffer, 'closed (connection lost)') > 0) {
return;
}
//automount dustbin
if (strpos($buffer, "handle_packet: type") > 0) {
return;
}
if (strpos($buffer, "dev_ioctl_send_fail: token") > 0) {
return;
}
if (strpos($buffer, "lookup_mount: lookup(ldap)") > 0) {
return;
}
if (strpos($buffer, "handle_packet_missing_indirect: token") > 0) {
return;
}
if (strpos($buffer, "getuser_func: called with context") > 0) {
return;
}
if (strpos($buffer, "attempting to mount entry /automounts") > 0) {
return;
}
if (strpos($buffer, "lookup_one: lookup(ldap)") > 0) {
return;
}
if (strpos($buffer, "do_bind: lookup(ldap):") > 0) {
return;
}
if (strpos($buffer, "sun_mount: parse") > 0) {
return;
}
if (strpos($buffer, "]: failed to mount /") > 0) {
return;
}
if (strpos($buffer, "]: do_mount:") > 0) {
return;
}
if (strpos($buffer, "]: parse_mount: parse") > 0) {
return;
}
if (strpos($buffer, "mount_mount: mount(generic):") > 0) {
return;
}
if (strpos($buffer, ">> Error connecting to") > 0) {
return;
}
if (strpos($buffer, ">> Refer to the mount") > 0) {
return;
}
if (strpos($buffer, "getpass_func: context (nil)") > 0) {
return;
}
//ROOT Dustbin
if (strpos($buffer, "(root) CMD") > 0) {
return;
}
if (strpos($buffer, "RELOAD (/etc/cron") > 0) {
return;
}
//Cyrus DUSTBIN
//pdns dustbin
if (strpos($buffer, "question for '") > 0) {
return;
}
if (strpos($buffer, "answer to question '") > 0) {
return;
}
if (strpos($buffer, "failed (res=3)") > 0) {
return;
}
if (preg_match("#pdns_recursor\\[[0-9]+\\]: \\[[0-9]+\\]\\s+#", $buffer)) {
return;
}
//roundcube dustbin
if (strpos($buffer, "IMAP Error: Empty password") > 0) {
return;
}
//monit dustbin
if (strpos($buffer, "Monit has not changed") > 0) {
return;
}
if (strpos($buffer, ": synchronized to ") > 0) {
return;
}
if (strpos($buffer, "monit HTTP server stopped") > 0) {
return;
}
if (strpos($buffer, "Shutting down monit HTTP server") > 0) {
return;
}
if (strpos($buffer, "Starting monit HTTP server at") > 0) {
return;
}
if (strpos($buffer, "Reinitializing monit - Control") > 0) {
return;
}
//squid dustbin:
if (strpos($buffer, "Unlinkd pipe opened on FD") > 0) {
return;
}
if (strpos($buffer, "Beginning Validation Procedure") > 0) {
return;
}
//EMAILRELAY DUSTBIN
if (strpos($buffer, "emailrelay: info: failing file") > 0) {
return;
}
if (strpos($buffer, "emailrelay: info: no more messages to send") > 0) {
return;
}
if (strpos($buffer, "emailrelay: warning: cannot do tls") > 0) {
return;
}
if (strpos($buffer, "]: monit daemon at") > 0) {
return;
}
if (strpos($buffer, "artica-ldap[") > 0) {
return;
}
if (strpos($buffer, "want to change spamassassin settings but not installed") > 0) {
return;
}
//SAMBA DUSTBIN
if (strpos($buffer, "smb_register_idmap") > 0) {
return;
}
if (strpos($buffer, "could not find idmap alloc module ad") > 0) {
return;
}
if (strpos($buffer, "Idmap module nss already registered") > 0) {
return;
}
if (strpos($buffer, "'winbindd' process PID changed to") > 0) {
return;
}
if (strpos($buffer, "idmap_alloc module tdb already registered") > 0) {
return;
}
if (strpos($buffer, "ad_idmap_cached_connection_internal") > 0) {
return;
}
if (strpos($buffer, "idmap_ad_unixids_to_sids") > 0) {
return;
}
if (strpos($buffer, "libads/kerberos.c:") > 0) {
return;
}
if (strpos($buffer, "initialize_winbindd_cache") > 0) {
return;
}
if (strpos($buffer, "winbindd/winbindd_group.c") > 0) {
return;
}
if (strpos($buffer, "winbindd/winbindd_util.c") > 0) {
return;
}
if (strpos($buffer, "smb_register_idmap_alloc") > 0) {
return;
}
if (strpos($buffer, "Idmap module passdb already registered") > 0) {
return;
}
if (strpos($buffer, "Cleaning up brl and lock database after unclean shutdown") > 0) {
return;
}
if (strpos($buffer, "winbindd_sig_term_handler") > 0) {
return;
}
if (strpos($buffer, "wins_registration_timeout") > 0) {
return;
}
if (strpos($buffer, ": netbios connect:") > 0) {
return;
}
if (strpos($buffer, "cleanup_timeout_fn") > 0) {
return;
}
if (strpos($buffer, "struct wbint_Gid2Sid") > 0) {
return;
}
if (strpos($buffer, ": doing parameter") > 0) {
return;
}
if (strpos($buffer, "param/loadparm.c") > 0) {
return;
}
if (strpos($buffer, ": wins_registration_timeout:") > 0) {
return;
}
if (strpos($buffer, "src: struct server_id") > 0) {
return;
}
if (strpos($buffer, "dest: struct server_id") > 0) {
return;
}
if (strpos($buffer, "messages: struct messaging_rec") > 0) {
return;
}
if (strpos($buffer, "ndr/ndr.c") > 0) {
return;
}
if (strpos($buffer, "smbd/reply.c") > 0) {
return;
}
if (strpos($buffer, "lib/smbldap.c") > 0) {
return;
}
if (strpos($buffer, "srvsvc_NetShare") > 0) {
return;
}
if (strpos($buffer, "]: Global parameter") > 0) {
return;
}
if (strpos($buffer, "STYPE_IPC_HIDDEN") > 0) {
return;
}
if (strpos($buffer, "STYPE_DISKTREE") > 0) {
return;
}
if (strpos($buffer, ": NTLMSSP_") > 0) {
return;
}
if (strpos($buffer, "MSG_SMB_UNLOCK") > 0) {
return;
}
if (strpos($buffer, ": messages: ARRAY(") > 0) {
return;
}
if (strpos($buffer, "struct messaging_array") > 0) {
return;
}
if (strpos($buffer, ": msg_version :") > 0) {
return;
}
if (strpos($buffer, ": num_messages :") > 0) {
return;
}
if (strpos($buffer, ": sid :") > 0) {
return;
}
if (strpos($buffer, ": sid :") > 0) {
return;
}
if (strpos($buffer, ": id :") > 0) {
return;
}
if (strpos($buffer, ": dom_name :") > 0) {
return;
}
if (strpos($buffer, ": msg_version :") > 0) {
return;
}
if (strpos($buffer, ": buf :") > 0) {
return;
}
if (strpos($buffer, ": result :") > 0) {
return;
}
if (strpos($buffer, ": gid :") > 0) {
return;
}
if (strpos($buffer, "server_unc") > 0) {
return;
}
if (strpos($buffer, "union ntlmssp_AvValue") > 0) {
return;
}
if (strpos($buffer, "MsvAvNbDomainName") > 0) {
return;
}
if (strpos($buffer, "NegotiateFlags") > 0) {
return;
}
if (strpos($buffer, "AvDnsComputerName") > 0) {
return;
}
if (strpos($buffer, "Version: struct VERSION") > 0) {
return;
}
if (strpos($buffer, "array: ARRAY(") > 0) {
return;
}
if (strpos($buffer, "info_ctr") > 0) {
return;
}
if (strpos($buffer, "init_sam_from_ldap: Entry found") > 0) {
return;
}
//Snort dustbin
//pdns_recursor[23651]: stats: 600 questions, 665 cache entries, 29 negative entries, 0% cache hits"
// check_ntlm_password: Authentication for user [root] -> [root] FAILED with error NT_STATUS_WRONG_PASSWORD
if (strpos($buffer, "]: last message repeated") > 0) {
return;
}
//pdns dustbin
if (strpos($buffer, "Looking for CNAME") > 0) {
return;
}
if (strpos($buffer, "No CNAME cache hit of") > 0) {
return;
}
if (strpos($buffer, "Found cache hit") > 0) {
return;
}
if (strpos($buffer, ": Resolved '") > 0) {
return;
}
if (strpos($buffer, ": Trying IP") > 0) {
return;
}
if (strpos($buffer, ".: Got 1 answers") > 0) {
return;
}
if (strpos($buffer, ": accept answer") > 0) {
return;
}
if (strpos($buffer, ": determining status") > 0) {
return;
}
if (strpos($buffer, ": got negative caching") > 0) {
return;
}
if (strpos($buffer, ": No cache hit for") > 0) {
return;
}
if (strpos($buffer, ": Checking if we have NS") > 0) {
return;
}
if (strpos($buffer, ": no valid/useful NS") > 0) {
return;
}
if (strpos($buffer, ": NS (with ip, or non-glue)") > 0) {
return;
}
if (strpos($buffer, ": We have NS in cache") > 0) {
return;
}
if (strpos($buffer, ".: Nameservers:") > 0) {
return;
}
if (strpos($buffer, ": Trying to resolve NS") > 0) {
return;
}
if (strpos($buffer, ".: got NS record") > 0) {
return;
}
if (strpos($buffer, ".: status=") > 0) {
return;
}
if (strpos($buffer, ".: Starting additional") > 0) {
return;
}
if (strpos($buffer, ".: Done with additional") > 0) {
return;
}
if (strpos($buffer, ".: Found cache CNAME hit") > 0) {
return;
}
if (strpos($buffer, ".: answer is in") > 0) {
return;
}
if (strpos($buffer, "is negatively cached via") > 0) {
return;
}
if (strpos($buffer, ".: within bailiwick") > 0) {
return;
}
if (strpos($buffer, "]: Query: '") > 0) {
return;
}
if (strpos($buffer, "bdb_equality_candidates:") > 0) {
return;
}
if (strpos($buffer, "Cache consultations done") > 0) {
return;
}
if (strpos($buffer, ".: Entire record") > 0) {
return;
}
if (strpos($buffer, "got upwards/level NS record") > 0) {
return;
}
if (strpos($buffer, "), rcode=0, in") > 0) {
return;
}
if (strpos($buffer, "] ns1.") > 0) {
return;
}
if (strpos($buffer, "error resolving, possible error: Connection refused") > 0) {
return;
}
if (strpos($buffer, "Failed to resolve via any of the") > 0) {
return;
}
if (strpos($buffer, "failed (res=-1)") > 0) {
return;
}
if (strpos($buffer, "question answered from packet cache from") > 0) {
return;
}
if (strpos($buffer, ": timeout resolving") > 0) {
return;
}
if (strpos($buffer, ": query throttled") > 0) {
return;
}
if (strpos($buffer, "]: Invalid query packet") > 0) {
return;
}
if (strpos($buffer, 'BIND dn="cn=') > 0) {
return;
}
if (strpos($buffer, 'RESULT tag=') > 0) {
return;
}
if (strpos($buffer, 'SRCH base="') > 0) {
return;
}
if (strpos($buffer, 'SRCH attr=') > 0) {
return;
}
if (strpos($buffer, 'MOD attr=') > 0) {
return;
}
if (strpos($buffer, 'MOD dn=') > 0) {
return;
}
if (strpos($buffer, ' UNBIND') > 0) {
return;
}
if (strpos($buffer, ": connection_input: conn=") > 0) {
return;
}
if (strpos($buffer, "attr=dNSTTL aRecord nSRecord cNAMERecord") > 0) {
return;
}
if (strpos($buffer, ": monit HTTP server started") > 0) {
return;
}
if (strpos($buffer, "Awakened by the") > 0) {
return;
}
//nginx
if (preg_match("#nginx:.*?notice.+?gracefully shutting down#", $buffer)) {
squid_admin_mysql(1, "Reverse Proxy service gracefully shutting down", $buffer, __FILE__, __LINE__);
return;
}
if (preg_match("#nginx:.+?start worker processes#", $buffer)) {
squid_admin_mysql(2, "Reverse Proxy service starting", $buffer, __FILE__, __LINE__);
return;
}
if (preg_match("#nginx:.*?:\\s+reconfiguring#", $buffer)) {
squid_admin_mysql(1, "Reverse Proxy service was reconfigured", $buffer, __FILE__, __LINE__);
return;
}
if (preg_match("#wifidog.*?Failed to open HTML message file#", $buffer)) {
squid_admin_mysql(1, "Creating HTML message for the Hotspot", null, __FILE__, __LINE__);
shell_exec2("{$GLOBALS["LOCATE_PHP5_BIN"]} {$GLOBALS["BASE_ROOT"]}/hostpot.php --templates >/dev/null 2>&1");
shell_exec2("{$GLOBALS["nohup"]} {$GLOBALS["LOCATE_PHP5_BIN"]} {$GLOBALS["BASE_ROOT"]}/exec.wifidog.php --restart");
return;
}
if (preg_match("#wifidog\\[.*?Removing Firewall rules#", $buffer, $re)) {
squid_admin_mysql(1, "HotSpot is stopped", null, __FILE__, __LINE__);
return;
}
//Crash kernel
if (preg_match("#nf_queue: full at [0-9]+ entries,\\s+dropping packets#", $buffer, $re)) {
$file = "/etc/artica-postfix/croned.1/nf_queue.full";
if (IfFileTime($file, 5)) {
system_admin_events("Fatal! nf_queue is full\n{$buffer}\nYou should consider increase your hardware memory and CPU\nor disable Network application detection", __FUNCTION__, __FILE__, __LINE__, "system");
if ($GLOBALS["SQUID_INSTALLED"]) {
squid_admin_mysql(0, "Fatal! nf_queue is full", "{$buffer}\nYou should consider increase your hardware memory and CPU\nor disable Network application detection", __FILE__, __LINE__);
}
}
return;
}
if (preg_match("#glibc detected.*?\\/(.+?):\\s+(.+?):#", $buffer, $re)) {
system_admin_events("Fatal! Crash {$re[1]} {$re[2]} [action=Run Sync]\n{$buffer}", __FUNCTION__, __FILE__, __LINE__, "system");
if ($GLOBALS["SQUID_INSTALLED"]) {
squid_admin_mysql(0, "Fatal! Crash {$re[1]} {$re[2]} [action=Run Sync]", $buffer, __FILE__, __LINE__);
}
shell_exec("{$GLOBALS["nohup"]} {$GLOBALS["SYNC_BIN"]} >/dev/null 2>&1 &");
return;
}
if (preg_match("#kernel:\\[.*?general protection fault:\\s+[0-9]+\\s+\\[\\#([0-9]+)\\]\\s+SMP#", $buffer, $re)) {
if ($GLOBALS["SQUID_INSTALLED"]) {
squid_admin_mysql(0, "Kernel crash !! general protection fault on SMP processor", $buffer, __FILE__, __LINE__);
}
system_admin_events("Kernel crash !! general protection fault on SMP Processor\n{$buffer}", __FUNCTION__, __FILE__, __LINE__, "system");
return;
}
if (preg_match("#kernel:.*?squid\\[.*?segfault at.*?error.*?in squid#", $buffer)) {
squid_admin_mysql(0, "Fatal, proxy service was crashed !!!", "Here it is the report\n{$buffer}\nService is automatically started\n", __FILE__, __LINE__);
shell_exec(trim("{$GLOBALS["nohup"]} {$GLOBALS["LOCATE_PHP5_BIN"]} /usr/share/artica-postfix/exec.squid.watchdog.php --start --crashed --cache-logs >/dev/null 2>&1 &"));
return;
}
if (preg_match("#class\\.sockets\\.inc.*?Fatal ERROR 500#", $buffer)) {
shell_exec(trim("{$GLOBALS["nohup"]} {$GLOBALS["LOCATE_PHP5_BIN"]} /usr/share/artica-postfix/exec.framework.php --restart >/dev/null 2>&1 &"));
return;
}
if (strpos($buffer, "rdpproxy:") > 0) {
if (!isset($GLOBALS["CLASS_RDPPROXY_MONITOR"])) {
$GLOBALS["CLASS_RDPPROXY_MONITOR"] = new rdpproxy_monitor();
}
$GLOBALS["CLASS_RDPPROXY_MONITOR"]->parse($buffer);
return;
}
if (strpos($buffer, "C-ICAP") > 0) {
if ($GLOBALS["CLASS_C_ICAP_MONITOR"]->parse($buffer)) {
return;
}
}
//UCARP
if (preg_match("#ucarp\\[.*?Switching to state:\\s+BACKUP#", $buffer)) {
if (!is_file("/usr/share/ucarp/Master")) {
foreach (glob("/usr/share/ucarp/vip-*-down.sh") as $filename) {
$tt[] = $filename;
shell_exec("{$GLOBALS["nohup"]} {$filename} >/dev/null 2>&1 &");
}
squid_admin_mysql(0, "FailOver: Slave switch to backup mode", "Executed\n" . @implode("\n", $tt), __FILE__, __LINE__);
} else {
squid_admin_mysql(0, "FailOver: Master shutdown connections transfered to slave", "\n", __FILE__, __LINE__);
}
return;
}
if (preg_match("#ucarp\\[.*?Switching to state:\\s+MASTER#", $buffer)) {
if (!is_file("/usr/share/ucarp/Master")) {
squid_admin_mysql(0, "FailOver: Slave switch to Master mode and accept connections", "\n", __FILE__, __LINE__);
} else {
squid_admin_mysql(0, "FailOver: Master return back and accept connections", "\n", __FILE__, __LINE__);
}
return;
}
// SHOREWALL
if (preg_match("#Shorewall:(.+?)2(.+?):(.+?):IN=(.*?)\\s+OUT=(.*?)\\s+MAC=(.*?)\\s+SRC=(.*?)\\s+DST=(.*?)\\s+.*?PROTO=(.*?)\\s+.*?DPT=([0-9]+)#", $buffer, $re)) {
$ZONE_FROM = $re[1];
$ZONE_TO = $re[2];
$ACTION = $re[2];
$NIC_IN = $re[4];
$NIC_OUT = $re[5];
$MAC_SRC = strtolower($re[6]);
$IP_SRC = $re[7];
$IP_DST = $re[8];
$PROTO = $re[9];
$PORT = $re[10];
$DATE = date("Y-m-d H:i:s");
$currentHour = date("YmdH");
if (!isset($GLOBALS["MYSQL_SHOREWALL"])) {
$GLOBALS["MYSQL_SHOREWALL"] = new mysql_shorewall();
}
if (!isset($GLOBALS["MYSQL_SHOREWALL_T"][date("YmdH")])) {
$GLOBALS["MYSQL_SHOREWALL"]->BuildHourTable();
}
$sql = "INSERT IGNORE INTO `FWH_{$currentHour}` (`ZDATE`,`ZONE_FROM`,`ZONE_TO`,`ACTION`,`NIC_IN`,`NIC_OUT`,`MAC_SRC`,`IP_SRC`,`IP_DST`,`PROTO`,`PORT`) VALUES\n\t('{$DATE}','{$ZONE_FROM}','{$ZONE_TO}','{$ACTION}','{$NIC_IN}','{$NIC_OUT}','{$MAC_SRC}','{$IP_SRC}','{$IP_DST}','{$PROTO}','{$PORT}')";
$GLOBALS["MYSQL_SHOREWALL"]->QUERY_SQL($sql);
if (count($GLOBALS["MYSQL_SHOREWALL_T"]) > 10) {
unset($GLOBALS["MYSQL_SHOREWALL_T"]);
}
return;
}
if (preg_match("#kernel:.*?:\\s+(.+?):\\s+link down#", $buffer, $re)) {
system_admin_events("{$re[1]}: Network Interface Down\n{$buffer}", __FUNCTION__, __FILE__, __LINE__, "network");
squid_admin_mysql(0, "{$re[1]}: Network Interface Down", $buffer, __FILE__, __LINE__);
return;
}
if (preg_match("#kernel:.*?\\]\\s+ADDRCONF.*?:\\s+(.+?):\\s+link is not ready#", $buffer, $re)) {
system_admin_events("{$re[1]}: Network Interface not ready\n{$buffer}", __FUNCTION__, __FILE__, __LINE__, "network");
squid_admin_mysql(0, "{$re[1]}: Network Interface not ready", $buffer, __FILE__, __LINE__);
return;
}
if (preg_match("#kernel:.*?\\]\\s+ADDRCONF.*?:\\s+(.+?):\\s+link becomes ready#", $buffer, $re)) {
system_admin_events("{$re[1]}: Network Interface becomes ready\n{$buffer}", __FUNCTION__, __FILE__, __LINE__, "network");
squid_admin_mysql(0, "{$re[1]}: Network Interface becomes ready", $buffer, __FILE__, __LINE__);
return;
}
if (preg_match("#kernel:.*?:\\s+(.+?):\\s+link up#", $buffer, $re)) {
system_admin_events("{$re[1]}: Network Interface Up\n{$buffer}", __FUNCTION__, __FILE__, __LINE__, "network");
squid_admin_mysql(2, "{$re[1]}: Network Interface Up", $buffer, __FILE__, __LINE__);
return;
}
if (preg_match("#FATAL ERROR: unable to open remote file .*?framework\\.sock#", $buffer, $re)) {
$file = "/etc/artica-postfix/croned.1/lighttpd.framework.sock.error";
if (IfFileTime($file, 1)) {
system_admin_events("Framework issue, restarting framework service\n{$buffer}", __FUNCTION__, __FILE__, __LINE__, "artica");
$cmd = "{$GLOBALS["nohup"]} /etc/init.d/artica-framework restart >/dev/null 2>&1 &";
shell_exec($cmd);
}
return;
}
if (preg_match("#lighttpd\\[.*?connect failed: No such file or directory on unix:\\/var\\/run\\/php-fpm\\.sock#", $buffer, $re)) {
$file = "/etc/artica-postfix/croned.1/lighttpd.phpfpm.sock.error";
if (IfFileTime($file, 1)) {
system_admin_events("PHP-FPM issue, starting PHP-FPM service\n{$buffer}", __FUNCTION__, __FILE__, __LINE__, "artica");
$cmd = "{$GLOBALS["nohup"]} /etc/init.d/php5-fpm start >/dev/null 2>&1 &";
shell_exec($cmd);
}
return;
}
// LIGTTPD
if (preg_match("#lighttpd.*?connections\\.c.*?SSL.*?error.*?Broken pipe#", $buffer, $re)) {
$file = "/etc/artica-postfix/croned.1/lighttpd.connections.Broken.pipe";
if (IfFileTime($file, 2)) {
shell_exec("{$GLOBALS["nohup"]} /etc/init.d/artica-webconsole restart >/dev/null 2>&1 &");
}
return;
}
if (dhcpd($buffer)) {
return;
}
if (preg_match("#squid.*?\\[[0-9]+\\]:#", $buffer)) {
squid_parser($buffer);
return;
}
if (preg_match("#\\(squid-.*?\\):#", $buffer)) {
squid_parser($buffer);
return;
}
if (preg_match("#nss_wins.*?\\[[0-9]+\\]:#", $buffer)) {
nss_parser($buffer);
return;
}
if (preg_match("#haproxy.*?\\[[0-9]+\\]:#", $buffer)) {
haproxy_parser($buffer);
return;
}
if (preg_match("#kernel.*?\\[#", $buffer)) {
Kernel_parser($buffer);
return;
}
if (preg_match("#coova-chilli.+?net\\.c.*?Cannot assign requested address.*?ioctl.*?SIOCSIFFLAGS#", $buffer, $re)) {
$file = "/etc/artica-postfix/croned.1/coova-chilli.SIOCSIFFLAGS";
if (IfFileTime($file, 5)) {
events("HotSpot Failed to bin address, disable hotSpot system!");
system_admin_events("HotSpot Failed to bin address, disable hotSpot system!", __FUNCTION__, __FILE__, __LINE__, "system");
@file_put_contents("/etc/artica-postfix/settings/Daemons/EnableChilli", 0);
ToSyslog("kernel: [ Artica-Net] Start Network [artica-ifup] (" . basename(__FILE__) . "/" . __LINE__ . ")");
$cmd = "{$GLOBALS["nohup"]} /etc/init.d/artica-ifup start >/dev/null 2>&1 &";
shell_exec($cmd);
$cmd = "{$GLOBALS["nohup"]} /etc/init.d/chilli stop >/dev/null 2>&1 &";
shell_exec($cmd);
WriteFileCache($file);
return;
}
events("{$buffer} = > TIMEOUT ... ");
return;
}
if (preg_match("#'apache' total mem amount of ([0-9]+)([a-zA-Z])+\\s+matches resource limit#", $buffer, $re)) {
$file = "/etc/artica-postfix/croned.1/apache.matches.resource.limit";
if (IfFileTime($file, 5)) {
$unit = strtolower($re[2]);
if ($unit == "kb") {
$size = $re[1];
$size = round($size / 1024, 2);
$cmd = "{$GLOBALS["nohup"]} /etc/init.d/artica-postfix restart apachesrc >/dev/null 2>&1 &";
events("{$size}M {$buffer} = {$cmd} ... ");
shell_exec($cmd);
WriteFileCache($file);
return;
}
events("{$buffer} = > TIMEOUT ... ");
return;
}
}
if (preg_match("#connect failed: No such file or directory on unix:\\/var\\/run\\/php-fpm\\.sock#", $buffer)) {
$file = "/etc/artica-postfix/croned.1/lighttpd.php-fpm.sock.No.such.file.directory.0";
if (IfFileTime($file, 1)) {
$cmd = "{$GLOBALS["nohup"]} {$GLOBALS["LOCATE_PHP5_BIN"]} /usr/share/artica-postfix/exec.initslapd.php --phppfm-fix >/dev/null 2>&1 &";
events("{$buffer} = {$cmd} ... ");
shell_exec($cmd);
WriteFileCache($file);
return;
}
events("{$buffer} = > TIMEOUT ... ");
return;
}
if (preg_match("#lighttpd.*?mod_fastcgi.*?connect failed:\\s+No such file or directory on unix:\\/var\\/run\\/php-fpm\\.sock#", $buffer)) {
$file = "/etc/artica-postfix/croned.1/lighttpd.php-fpm.sock.No.such.file.directory";
if (IfFileTime($file, 1)) {
$cmd = "{$GLOBALS["nohup"]} {$GLOBALS["LOCATE_PHP5_BIN"]} /usr/share/artica-postfix/exec.initslapd.php --phppfm-fix >/dev/null 2>&1 &";
events("{$buffer} = {$cmd} ... ");
shell_exec($cmd);
WriteFileCache($file);
return;
}
events("{$buffer} = > TIMEOUT ... ");
return;
}
if (preg_match("#haarp.*?munmap_chunk.*?invalid pointer#", $buffer)) {
$GLOBALS["HAARP_FATAL"]++;
if (haarp_remove()) {
return;
}
$file = "/etc/artica-postfix/croned.1/haarp.invalid.pointer";
events("invalid pointer haarp:" . __LINE__);
squid_admin_mysql(1, "Haarp issue: {$GLOBALS["HAARP_FATAL"]}/5 invalid pointer", "Proxy service have issues with haarp,\n{$buffer}\n the service will be restarted", __FILE__, __LINE__);
if (IfFileTime($file, 3)) {
squid_admin_notifs("Warning, Haarp issues.\nProxy service have issues with haarp,\n{$buffer}\n the service will be restarted");
shell_exec("{$GLOBALS["nohup"]} /etc/init.d/haarp start >/dev/null 2>&1 &");
WriteFileCache($file);
}
return;
}
if (preg_match("#kernel:\\s+\\[.*?haarp.*?general protection.*?libmysqlclient\\.#", $buffer)) {
$GLOBALS["HAARP_FATAL"]++;
if (haarp_remove()) {
return;
}
$file = "/etc/artica-postfix/croned.1/haarp.general.protection";
events("general protection haarp:" . __LINE__);
squid_admin_mysql(1, "Haarp issue: {$GLOBALS["HAARP_FATAL"]}/5 general protection libmysqlclient", "Proxy service have issues with haarp,\n{$buffer}\n the service will be restarted", __FILE__, __LINE__);
if (IfFileTime($file, 1)) {
squid_admin_notifs("Warning, Haarp issues.\nProxy service have issues with haarp,\n{$buffer}\n the service will be restarted");
shell_exec("{$GLOBALS["nohup"]} /etc/init.d/haarp start >/dev/null 2>&1 &");
WriteFileCache($file);
}
return;
}
if (preg_match("#monit\\[.+?APP_UFDBGUARD.+?start:#", $buffer)) {
return;
}
if (preg_match("#monit\\[.+?system statistic error.+?cannot get real memory buffers amount#", $buffer)) {
$file = "/etc/artica-postfix/croned.1/squid.Failed.to.make.swap.directory";
if (IfFileTime($file, 10)) {
email_events("Watchdog failed, cannot get real memory buffers amount", "monit claim \"{$buffer}\" Artica will install the latest monit version....", 'system');
shell_exec("{$GLOBALS["nohup"]} /usr/share/artica-postfix/bin/artica-make APP_MONIT >/dev/null 2>&1 &");
WriteFileCache($file);
}
return;
}
if (preg_match("#squid\\.monitrc:.*?syntax error#", $buffer)) {
$cmd = "{$GLOBALS["nohup"]} {$GLOBALS["LOCATE_PHP5_BIN"]} /usr/share/artica-postfix/exec.squid.php --watchdog-config >/dev/null 2>&1 &";
events("{$buffer} Monit = {$cmd} ... ");
shell_exec($cmd);
return;
}
if (preg_match("#artica-cron\\[.+?: Could not add job : serial queue is full#", $buffer)) {
$cmd = "{$GLOBALS["nohup"]} /etc/init.d/artica-postfix restart fcron >/dev/null 2>&1 &";
events("{$buffer} fcron CMD = {$cmd} ... ");
shell_exec($cmd);
return;
}
if (preg_match("#cron\\[.+?Fork error : could not exec.+?Cannot allocate memory#", $buffer)) {
if ($GLOBALS["NOOUTOFMEMORYREBOOT"] != 1) {
$uptime = $GLOBALS["CLASS_UNIX"]->uptime();
exec("{$GLOBALS["PS_BIN"]} aux 2>&1", $resultsa);
email_events("Memory full: System will be rebooted after running after {$uptime}", "System claim \"{$buffer}\" the operating system will be rebooted ({$reboot}).", 'proxy');
if ($GLOBALS["SQUID_INSTALLED"]) {
squid_admin_mysql(0, "Memory full: System will be rebooted after running after {$uptime}", "System claim \"{$buffer}\" the operating system will be rebooted\n" . @implode("\n", $resultsa), __FILE__, __LINE__);
}
UcarpDown();
shell_exec("{$GLOBALS["SHUTDOWN_BIN"]} -rF now");
return;
}
}
if (preg_match("#monit: Error reading pid from file '(.+?)\\/ufdbguardd.pid'#", $buffer, $re)) {
$cmd = "{$GLOBALS["nohup"]} {$GLOBALS["LOCATE_PHP5_BIN"]} " . dirname(__FILE__) . "/exec.squidguard.php --ufdbguard-start >/dev/null 2>&1 &";
events("{$buffer} Monit CMD = {$cmd} ... ");
shell_exec($cmd);
return;
}
if (preg_match("#Cannot open.*?\\/var\\/log\\/squid\\/store\\.log.*?No space left on device#is", $buffer, $re)) {
$file = "/etc/artica-postfix/croned.1/varlogfull";
if (IfFileTime($file, 5)) {
$results[] = "\n\n-------------- SPACE AVAILABLE -------------\n\n";
exec("{$GLOBALS["DF_BIN"]} -h 2>&1", $results);
$results[] = "\n\n-------------- INODES AVAILABLE -------------\n\n";
exec("{$GLOBALS["DF_BIN"]} -i 2>&1", $results);
squid_admin_mysql(0, "Fatal: no space left on log partition", "A specific procedure as been executed to make more free space.\nHere it is the current status\n" . @implode("\n", $results), __FILE__, __LINE__);
$cmd = "{$GLOBALS["nohup"]} {$GLOBALS["LOCATE_PHP5_BIN"]} " . dirname(__FILE__) . "/exec.varlog-urgency.php --squid >/dev/null 2>&1 &";
shell_exec($cmd);
WriteFileCache($file);
}
}
if (preg_match("#\\(squid-.+?Failed to make swap directory\\s+(.+?):\\s+\\(13\\)\\s+Permission denied#i", $buffer, $re)) {
$file = "/etc/artica-postfix/croned.1/squid.Failed.to.make.swap.directory";
if (IfFileTime($file, 10)) {
$cmd = "{$GLOBALS["nohup"]} {$GLOBALS["LOCATE_PHP5_BIN"]} " . dirname(__FILE__) . "/exec.squid.php --reconfigure-squid >/dev/null 2>&1 &";
events("--> Repair squid dir '{$re[1]}'... {$cmd}");
@mkdir($re[1], 0755, true);
@chmod($re[1], 0755);
@chown($re[1], "squid");
@chgrp($re[1], "squid");
shell_exec($cmd);
WriteFileCache($file);
}
return;
}
if (strpos($buffer, "DETECTED IN") > 0) {
if (preg_match("#KHSE: THREAT\\s+(.+?)\\s+DETECTED IN\\s+(.+)#", $buffer, $re)) {
$user = "******";
$local_ip = "unknown";
$rulename = "Antivirus KSE";
$category = "KSE_THREAT";
$public_ip = "unknown";
$virus = $re[1];
$uri = $re[2];
if (preg_match("#(|http|https|ftp|ftps)://(.+)#", $uri, $re)) {
$www = $re[2];
}
if (preg_match("#^www\\.(.+)#", $www, $re)) {
$www = $re[1];
}
if (strpos($www, "/") > 0) {
$tb = explode("/", $www);
$www = $tb[0];
}
$date = time();
$table = date('Ymd') . "_blocked";
$md5 = md5("{$date},{$local_ip},{$rulename},{$category},{$www},{$public_ip}");
$sql = "('{$local_ip}','{$www}','{$category}','{$rulename}','{$public_ip}','THREAT {$virus} DETECTED','Security issue','unknown')";
if (!is_dir("{$GLOBALS["ARTICALOGDIR"]}/ufdbguard-queue")) {
@mkdir("{$GLOBALS["ARTICALOGDIR"]}/ufdbguard-queue", 0755, true);
}
@file_put_contents("{$GLOBALS["ARTICALOGDIR"]}/ufdbguard-queue/{$md5}.sql", $sql);
eventsAuth("[KHSE]: blocked THREAT {$virus} DETECTED IN {$uri}");
return;
}
}
$auth = new auth_tail();
if ($auth->ParseLog($buffer)) {
return;
}
$auth = null;
// ---------------------- DANSGUARDIAN ---------------------------------
if (strpos($buffer, "dansguardian[") > 0) {
if (preg_match("#dansguardian\\[.+?:\\s+[0-9\\.]+\\s+[0-9:]+\\s+(.+?)\\s+([0-9\\.]+)\\s+(.+?)\\s+\\*([A-Z]+)\\*\\s+(.+?):\\s+(.+?)\\s+([A-Z]+)\\s+[0-9]+\\s+[0-9]+\\s+(.+?)\\s+([0-9]+)#", $buffer, $re)) {
$array["userid"] = trim($re[1]);
$array["ipaddr"] = $re[2];
$array["uri"] = $re[3];
$array["EVENT"] = $re[4];
$array["WHY"] = trim($re[5]);
$array["EXPLAIN"] = $re[6];
$array["BLOCKTYPE"] = $re[8];
$array["RULEID"] = $re[9];
$array["TIME"] = date('Y-m-d H:i:s');
eventsAuth("[Dansguardian]: blocked {$array["uri"]} {$array["BLOCKTYPE"]} {$array["RULEID"]}");
@file_put_contents("{$GLOBALS["ARTICALOGDIR"]}/dansguardian-stats4/" . md5(serialize($array)), serialize($array));
}
return;
}
// Samba/Winbind **********************************************************************************************************************************************
if (preg_match("#winbindd\\[.+?Connection to LDAP server failed for the\\s+[0-9]+\\s+try#", $buffer, $re)) {
$file = "/etc/artica-postfix/croned.1/samba." . md5("winbindd\\[.+?Connection to LDAP server failed for the\\s+[0-9]+\\s+try") . ".error";
system_admin_events("winbindd connection to LDAP failed, update password...", __FUNCTION__, __FILE__, __LINE__, "samba");
if (IfFileTime($file, 5)) {
system_admin_events("winbindd connection to LDAP failed, update password...", __FUNCTION__, __FILE__, __LINE__, "samba");
shell_exec("{$GLOBALS["nohup"]} /usr/share/artica-postfix/exec.samba.php --smbpasswd >/dev/null 2>&1 &");
}
return true;
}
if (preg_match("#net:\\s+ads_keytab_add_entry: unable to determine machine account's dns name in AD#", $buffer, $re)) {
$file = "/etc/artica-postfix/croned.1/samba." . md5("net:\\s+ads_keytab_add_entry: unable to determine machine account's dns name in AD") . ".error";
if (IfFileTime($file, 10)) {
email_events("Active Directory: Unable to determine machine account's dns name in AD", "System claims:\n{$buffer}\nThere is link problem with your Active Directory", 'system');
WriteFileCache($file);
}
return true;
}
if (preg_match("#winbindd\\[.*?Could not fetch our SID - did we join#", $buffer, $re)) {
$file = "/etc/artica-postfix/croned.1/ntlm.samba.could.not.fetch.our.SID.join.error";
if (IfFileTime($file, 3)) {
squid_admin_mysql(0, "NTLM: not joinded", $buffer, __FILE__, __LINE__);
$cmd = "{$GLOBALS["LOCATE_PHP5_BIN"]} " . dirname(__FILE__) . "/exec.kerbauth.php --join";
events("Active Directory: NTLM:: not joinded -> {$cmd}");
shell_exec("{$GLOBALS["nohup"]} {$cmd} >/dev/null 2>&1 &");
WriteFileCache($file);
} else {
events("Active Directory: NTLM: not joinded -> WAIT");
}
return;
}
if (preg_match("#\\(ntlm_auth\\): could not obtain winbind domain name\\!#", $buffer, $re)) {
$file = "/etc/artica-postfix/croned.1/ntlm.samba.could.not.obtain.winbind.domain.name.error";
if (IfFileTime($file, 3)) {
squid_admin_mysql(0, "NTLM: could not obtain winbind domain name", $buffer, __FILE__, __LINE__);
$cmd = "{$GLOBALS["LOCATE_PHP5_BIN"]} " . dirname(__FILE__) . "/exec.kerbauth.php --join";
events("Active Directory: NTLM:: could not obtain winbind domain name -> {$cmd}");
shell_exec("{$GLOBALS["nohup"]} {$cmd} >/dev/null 2>&1 &");
WriteFileCache($file);
} else {
events("Active Directory: NTLM:: could not obtain winbind domain name -> WAIT");
}
return;
}
if (preg_match("#smbd\\[.+?:.+?PANIC\\s+\\(pid.+?:\\s+internal error#", $buffer, $re)) {
email_events("Samba: SMBD daemon has crashed", "Samba claims:\n{$buffer}\nArtica cannot do something, please try to re-install samba...", 'samba');
return;
}
if (preg_match("#kerberos_kinit_password\\s+(.+?)\\s+failed:\\s+Preauthentication failed#i", $buffer, $re)) {
$file = "/etc/artica-postfix/croned.1/samba." . md5("kerberos_kinit_password+Preauthentication failed") . ".error";
if (IfFileTime($file, 2)) {
squid_admin_mysql(0, "NTLM: Preauthentication failed", $buffer, __FILE__, __LINE__);
$cmd = "{$GLOBALS["LOCATE_PHP5_BIN"]} " . dirname(__FILE__) . "/exec.kerbauth.php --ping --force";
email_events("Active Directory: Preauthentication failed", "System claims:\n{$buffer}\nThere is link problem with your Active Directory\nArtica will try to relink the system by executing {$cmd} --verbose\nbut you should try to investigate if this server is able to resolve the Active Directory server", 'system');
events("Active Directory: Preauthentication failed -> {$cmd}");
shell_exec("{$GLOBALS["nohup"]} {$cmd} >/dev/null 2>&1 &");
$cmd = "{$GLOBALS["LOCATE_PHP5_BIN"]} " . dirname(__FILE__) . "/exec.kerbauth.php --join";
events("Active Directory: Preauthentication failed -> {$cmd}");
shell_exec("{$GLOBALS["nohup"]} {$cmd} >/dev/null 2>&1 &");
@unlink($file);
WriteFileCache($file);
}
return true;
}
// **********************************************************************************************************************************************
if (preg_match("#dnsmasq.+? failed to read\\s+(.+?):\\s+Permission denied#", $buffer, $re)) {
if (!isset($GLOBALS["aa-complain"])) {
$GLOBALS["aa-complain"] = $GLOBALS["CLASS_UNIX"]->find_program("aa-complain");
}
if (!isset($GLOBALS["dnsmasq_bin"])) {
$GLOBALS["dnsmasq_bin"] = $GLOBALS["CLASS_UNIX"]->find_program("dnsmasq");
}
$targetedfile = $re[1];
$file = "/etc/artica-postfix/croned.1/dnsmasq." . md5($targetedfile) . ".Permission.denied";
events("dnsmasq {$targetedfile} -> Permission denied");
if (IfFileTime($file, 10)) {
events("dnsmasq {$targetedfile} -> chmod 755");
if (is_file($GLOBALS["aa-complain"])) {
events("dnsmasq {$GLOBALS["aa-complain"]} -> {$GLOBALS["dnsmasq_bin"]}");
shell_exec("{$GLOBALS["aa-complain"]} {$GLOBALS["dnsmasq_bin"]}");
}
email_events("dnsmasq: Permission denied on {$targetedfile}", "dnmasq claims:\n{$buffer}\nArtica will change permission of this file to 0755 in order to fix this issue and put it into aa-complain mode", 'system');
shell_exec("/bin/chmod 755 \"{$targetedfile}\"");
shell_exec(trim("{$GLOBALS["nohup"]} /etc/init.d/dnsmasq restart >/dev/null 2>&1 &"));
@unlink($file);
WriteFileCache($file);
}
return;
}
if (preg_match("#pam_ldap: error trying to bind \\(Invalid credentials\\)#", $buffer, $re)) {
$file = "/etc/artica-postfix/croned.1/pam_ldap.Invalid.credentials";
if (IfFileTime($file, 10)) {
email_events("pam_ldap: system unable to contact the LDAP server", "system claims:\n{$buffer}\nArtica will reconfigure nss-ldap system\nSome systems request rebooting\nto be sure, reboot your server", 'system');
shell_exec(trim("{$GLOBALS["nohup"]} /usr/share/artica-postfix/bin/artica-install --nsswitch >/dev/null 2>&1 &"));
@unlink($file);
WriteFileCache($file);
}
return;
}
if (preg_match("#net:\\s+failed to bind to server.+?Error: Invalid credentials#", $buffer, $re)) {
$file = "/etc/artica-postfix/croned.1/net.Invalid.credentials";
if (IfFileTime($file, 10)) {
email_events("Samba/net: system unable to contact the LDAP server", "Samba/net claims:\n{$buffer}\nArtica will reconfigure samba system\n", 'system');
shell_exec(trim("{$GLOBALS["nohup"]} {$GLOBALS["LOCATE_PHP5_BIN"]} /usr/share/artica-postfix/exec.samba.php --build >/dev/null 2>&1 &"));
@unlink($file);
WriteFileCache($file);
}
return;
}
if (preg_match("#pdns.+?:\\s+\\[LdapBackend\\] Unable to search LDAP directory: Starting LDAP search: Can't contact LDAP server#", $buffer, $re)) {
events("--> PDNS LDAP FAILED");
$file = "/etc/artica-postfix/croned.1/pdns.Can.t.contact.LDAP.server";
if (IfFileTime($file, 10)) {
email_events("PowerDNS: DNS server is unable to contact the LDAP server", "PDNS claims:\n{$buffer}\nArtica will restart PowerDNS service", 'system');
shell_exec(trim("{$GLOBALS["nohup"]} /etc/init.d/pdns restart >/dev/null 2>&1 &"));
@unlink($file);
WriteFileCache($file);
}
return;
}
if (preg_match("#pdns_recursor\\[.*?Failed to update \\. records, RCODE=([0-9]+)#", $buffer, $re)) {
events("--> Failed to update \\. records, RCODE={$re[1]}");
$file = "/etc/artica-postfix/croned.1/pdns.failed.to.update.record.{$re[1]}";
if (IfFileTime($file, 2)) {
shell_exec(trim("{$GLOBALS["LOCATE_PHP5_BIN"]} /usr/share/artica-postfix/exec.initslapd.php --pdns-recursor >/dev/null 2>&1"));
shell_exec(trim("{$GLOBALS["nohup"]} /etc/init.d/pdns-recursor restart >/dev/null 2>&1 &"));
}
return;
}
if (preg_match("#pdns(?:\\[\\d{1,5}\\])?: Not authoritative for '.*',.*sending servfail to\\s+(.+?)\\s+\\(recursion was desired\\)#", $buffer, $re)) {
events("--> PDNS Hack {$re[2]}");
if ($GLOBALS["PDNS_HACK"] == 1) {
$GLOBALS["PDNS_HACK_DB"][$re[2]] = $GLOBALS["PDNS_HACK_DB"][$re[2]] + 1;
if ($GLOBALS["PDNS_HACK_DB"][$re[2]] > $GLOBALS["PDNS_HACK_MAX"]) {
events("--> PDNS Hack {$re[2]} will be banned");
@file_put_contents("{$GLOBALS["ARTICALOGDIR"]}/pdns-hack-queue/" . time(), $re[2]);
unset($GLOBALS["PDNS_HACK_DB"][$re[2]]);
}
}
return;
}
if (preg_match("#auditd\\[.+?Unable to set audit pid, exiting#", $buffer)) {
$file = "/etc/artica-postfix/croned.1/Unable.to.set.audit.pid";
if (IfFileTime($file, 10)) {
email_events("Auditd: cannot start", "auditd claims:\n{$buffer}\nIt seems that Auditd cannot start, if you run this computer on an OpenVZ VPS server, be sure that your Administrator has enabled audtid capability\n\t\t\tTake a look here http://bugzilla.openvz.org/show_bug.cgi?id=1157\n\t\t\t\nthis notification is not a good information.\nthe Auditd feature is now disabled\n", 'system');
@unlink($file);
@file_put_contents("/etc/artica-postfix/settings/Daemons/EnableAuditd", "0");
shell_exec(trim("{$GLOBALS["nohup"]} /etc/init.d/artica-postfix stop auditd >/dev/null 2>&1 &"));
WriteFileCache($file);
return;
}
}
if (preg_match("#snort\\[[0-9]+\\]:\\s+\\[.+?\\]\\s+(.+?)\\s+\\[Classification: (.+?)\\]\\s+\\[Priority:\\s+([0-9]+)\\]:\\/s+\\{(.+?)\\}\\s+(.+?):([0-9]+)\\s+->\\s+(.+?):([0-9]+)#", $buffer, $re)) {
$md5 = md5($buffer);
$filename = "{$GLOBALS["ARTICALOGDIR"]}/snort-queue/" . time() . ".{$md5}.snort";
@file_put_contents($filename, serialize($re));
return;
}
if (preg_match("#snort\\[.+?:\\s+Can.+?t acquire.+?cooked-mode frame doesn.+?t have room for sll header#", $buffer, $re)) {
$file = "/etc/artica-postfix/croned.1/snort.cant.bind";
if (IfFileTime($file, 10)) {
email_events("SNORT: Fatal error: could not acquire the network", "snort claims:\n{$buffer}\nIt seems that snort is unable to hook your Interface Card, perhaps your server running in a Xen environnement or any virtual system\nthis notification is not a good information.\nYou should remove the IDS feature from Artica or remove SNORT package\nYour system cannot support IDS system.\nsee http://seclists.org/snort/2011/q2/52\nhttp://support.citrix.com/article/CTX116204", 'system');
@unlink($file);
WriteFileCache($file);
return;
}
}
if (preg_match("#.+?roundcube-(.+?): FAILED login for (.+?) from ([0-9\\.]+)#", $buffer, $re)) {
Roundcubehack($re[1], $re[2], $re[3]);
return;
}
if (preg_match("#net:\\s+failed to bind to server ldap.+?localhost#", $buffer)) {
events("--> exec.samba.php --fix-etc-hosts");
shell_exec("{$GLOBALS["nohup"]} {$GLOBALS["LOCATE_PHP5_BIN"]} /usr/share/artica-postfix/exec.samba.php --fix-etc-hosts >/dev/null 2>&1 &");
$file = "/etc/artica-postfix/croned.1/net-ldap-bind";
if (IfFileTime($file, 5)) {
shell_exec("{$GLOBALS["nohup"]} /etc/init.d/slapd restart --framework=" . basename(__FILE__) . " >/dev/null 2>&1 &");
WriteFileCache($file);
return;
}
}
if (preg_match("#(winbindd|smbd)\\[.+?failed to bind to server.+?Invalid credentials#", $buffer)) {
events("SAMBA: Invalid credentials");
$file = "/etc/artica-postfix/croned.1/samba-ldap-credentials";
if (IfFileTime($file, 5)) {
if (is_file("/var/lib/samba/winbindd_idmap.tdb")) {
@unlink("/var/lib/samba/winbindd_idmap.tdb");
}
if (is_file("/var/lib/samba/group_mapping.ldb")) {
@unlink("/var/lib/samba/group_mapping.ldb");
}
email_events("Samba: could not connect to ldap Invalid credentials", "samba claims:\n{$buffer}\nArtica will try to reconfigure password and restart Samba", 'system');
shell_exec("{$GLOBALS["nohup"]} {$GLOBALS["LOCATE_PHP5_BIN"]} /usr/share/artica-postfix/exec.samba.php --fix-etc-hosts >/dev/null 2>&1 &");
@unlink($file);
shell_exec("{$GLOBALS["nohup"]} /etc/init.d/artica-postfix restart samba >/dev/null 2>&1 &");
WriteFileCache($file);
}
return;
}
// -------------------------------------------------------------------------------------------------------------------------------------------------
if (preg_match("#failed due to\\s+\\[winbind client not authorized to use winbindd_pam_auth_crap\\.\\s+Ensure permissions on.+?are set correctly#", $buffer)) {
events("SQUID: winbindd_pam_auth_crap --> exec.kerbauth.php --winbindfix");
$file = "/etc/artica-postfix/croned.1/winbindd_pam_auth_crap";
if (IfFileTime($file, 5)) {
squid_admin_mysql(0, "NTLM: client not authorized to use winbindd_pam_auth_crap", $buffer, __FILE__, __LINE__);
shell_exec("{$GLOBALS["nohup"]} {$GLOBALS["LOCATE_PHP5_BIN"]} /usr/share/artica-postfix/exec.kerbauth.php --winbindfix");
@unlink($file);
WriteFileCache($file);
}
return;
}
// -------------------------------------------------------------------------------------------------------------------------------------------------
if (preg_match("#smbd\\[.+?:\\s+smbd_open_once_socket: open_socket_in: Address already in use#", $buffer)) {
events("SMBD: smbd_open_once_socket: open_socket_in: Address already in use");
$file = "/etc/artica-postfix/croned.1/smbd_open_once_socket.open_socket_in.Address.already.in.use";
if (IfFileTime($file, 10)) {
email_events("Samba: try to bind ipv6 and ipv4, fixed", "samba claims:\n{$buffer}\n\t\t\tArtica will do \"sysctl net.ipv6.bindv6only=1\" to fix this issue (see https://bugzilla.redhat.com/show_bug.cgi?id=726936)", 'system');
shell_exec("{$GLOBALS["sysctl"]} net.ipv6.bindv6only=1");
@unlink($file);
WriteFileCache($file);
}
return;
}
// -------------------------------------------------------------------------------------------------------------------------------------------------
if (preg_match("#winbindd.+?Could not receive trustdoms#", $buffer)) {
events("WINBIND: Could not receive trustdoms");
$file = "/etc/artica-postfix/croned.1/Could.not.receive.trustdoms";
if (IfFileTime($file, 5)) {
events("WINBIND: Could not receive trustdoms -> restart Winbind");
if (function_exists("WriteToSyslogMail")) {
WriteToSyslogMail("restart winbindd", basename(__FILE__));
}
email_events("Samba: Could not receive trustdoms", "samba claims:\n{$buffer}\nArtica will try to restart winbindd service", 'system');
shell_exec("{$GLOBALS["nohup"]} /etc/init.d/winbind restart >/dev/null 2>&1 &");
@unlink($file);
}
WriteFileCache($file);
return;
}
if (preg_match("#winbindd\\[.+?ADS uninitialized: No logon servers#", $buffer)) {
$file = "/etc/artica-postfix/croned.1/winbindd-No-logon-servers";
events("WINBINDD: ADS uninitialized: No logon servers");
if ($GLOBALS["EnableKerbAuth"] == 1) {
if (IfFileTime($file, 3)) {
squid_admin_mysql(0, "NTLM: No logon servers", $buffer, __FILE__, __LINE__);
events("WINBINDD: EnableKerbAuth:: exec.kerbauth.php --build (do nothing new patch 2012-05-04)");
//shell_exec("{$GLOBALS["nohup"]} {$GLOBALS["LOCATE_PHP5_BIN"]} /usr/share/artica-postfix/exec.kerbauth.php --build &");
WriteFileCache($file);
}
return;
}
}
if (preg_match("#lessfs\\[.+?send_backlog : failed to connect to the slave#", $buffer, $re)) {
$file = "/etc/artica-postfix/croned.1/lessfs.1";
if (IfFileTime($file, 5)) {
email_events("lessFS: Replication deduplication to connect to the slave ", "lessFS claims:\n{$buffer}\nPlease check communications with the slave", 'system');
WriteFileCache($file);
return;
}
}
if (preg_match("#lessfs\\[.+?send_backlog : invalid message size#", $buffer, $re)) {
$file = "/etc/artica-postfix/croned.1/lessfs.2";
if (IfFileTime($file, 5)) {
email_events("lessFS: Replication deduplication failed to replicate ", "lessFS claims:\n{$buffer}\nPlease check communications with the slave", 'system');
WriteFileCache($file);
return;
}
}
if (preg_match("#lessfs\\[.+?replication_worker : replication is disabled, disconnect#", $buffer, $re)) {
$file = "/etc/artica-postfix/croned.1/lessfs.2";
if (IfFileTime($file, 5)) {
email_events("lessFS: Replication deduplication failed: Slave is disabled ", "lessFS claims:\n{$buffer}\nPlease check communications with the slave", 'system');
WriteFileCache($file);
return;
}
}
if (preg_match("#lessfs\\[.+?Could not recover database : (.+?)#", $buffer, $re)) {
$file = "/etc/artica-postfix/croned.1/lessfs.3";
if (IfFileTime($file, 5)) {
email_events("lessFS: database {$re[1]} corrupted !!", "lessFS claims:\n{$buffer}\nArtica will try to repair it...", 'system');
shell_exec("lessfsck -o -f -t -c /etc/lessfs.cfg &");
}
}
if (preg_match("#automount\\[.+?mount.+?unknown filesystem type.+?ext4#", $buffer, $re)) {
$file = "/etc/artica-postfix/croned.1/automount.unknown.filesystem.type.ext4";
if (IfFileTime($file, 15)) {
email_events("automount: Failed to mount EXT4 !", "automount claims:\n{$buffer}\nYou should upgrade your system in order to obtain the last kernel that enables ext4", 'system');
WriteFileCache($file);
}
return;
}
if (preg_match("#automount\\[.+?mount.+?failed to mount\\s+(.+?)\\s+on\\s+(.+)\$#", $buffer, $re)) {
$mount_dir = $re[1];
$mount_dest = $re[2];
$md5 = md5("{$mount_dir}{$mount_dest}");
$file = "/etc/artica-postfix/croned.1/automount.{$md5}";
if (IfFileTime($file, 15)) {
email_events("automount: Failed to mount {$mount_dir} ", "automount claims:\n{$buffer}\nCheck your connexions settings on automount section", 'system');
WriteFileCache($file);
}
return;
}
if (preg_match("#modprobe: WARNING: Error inserting\\s+(.+?)\\s+\\(.+?\\):\\s+No such device#", $buffer, $re)) {
email_events("kernel: missing {$re[1]} module", "modprobe claims:\n{$buffer}\nTry to find the right package that store {$re[2]} file", 'VPN');
return;
}
if (preg_match("#pptp_callmgr.+?Could not open control connection to\\s+([0-9\\.]+)#", $buffer, $re)) {
vpn_msql_events("VPN connexion failed to {$re[1]}, unable to create connection tunnel", $buffer, "{$re[1]}");
email_events("VPN connexion failed to {$re[1]}, unable to create connection tunnel ", "{$buffer}", 'VPN');
return;
}
if (preg_match("#pppd\\[.+?Can.+?t open options file.+?ppp\\/peers\\/(.+?):\\s+No such file or directory#", $buffer, $re)) {
email_events("VPN connexion failed for {$re[1]} connection,No such file", "pptp clients claims {$buffer}\\artica will try to rebuild connections", "VPN");
vpn_msql_events("VPN (PPTPD) failed for {$re[1]} connection,No such file", $buffer, "{vpn_server}");
shell_exec(LOCATE_PHP5_BIN2() . " /usr/share/artica-postfix/exec.pptpd.php --clients &");
return;
}
if (preg_match("#pppd\\[.+?peer refused to authenticate: terminating link#", $buffer, $re)) {
vpn_msql_events("VPN (PPTPD) authentification failed from remote host", $buffer, "{vpn_server}");
return;
}
if (preg_match("#pppd\\[.+?peer refused to authenticate#", $buffer, $re)) {
vpn_msql_events("VPN (PPTPD) failed peer refused to authenticate", $buffer, "{vpn_server}");
return;
}
if (preg_match("#pppd\\[.+?MS-CHAP authentication failed: E=691 Authentication failure#", $buffer, $re)) {
vpn_msql_events("VPN (CLIENT) failed server refused to authenticate (Authentication failure)", $buffer, "{vpn_server}");
return;
}
if (preg_match("#pppd\\[.+?MPPE required but not available#", $buffer, $re)) {
vpn_msql_events("VPN (PPTPD) authentification failed MPPE required", $buffer, "{vpn_server}");
return;
}
if (preg_match("#pptpd\\[.+?CTRL: Client\\s+(.+?)\\s+control connection finished#", $buffer, $re)) {
vpn_msql_events("VPN (PPTPD) connection closed for {$re[1]}", $buffer, "{vpn_server}");
return;
}
if (preg_match("#pppd\\[.+?pptpd-logwtmp\\.so ip-up ppp[0-9]+\\s+(.+?)\\s+([0-9\\.]+)#", $buffer, $re)) {
vpn_msql_events("VPN (PPTPD) connection open for {$re[1]} ({$re[2]})", "{$buffer}", '{vpn_server}');
return;
}
if (preg_match("#slapd\\[(.+?)\\]:.+?OpenLDAP: slapd\\s+([0-9\\.]+)#", $buffer, $re)) {
$file = "/etc/artica-postfix/croned.1/openldap-started";
events("OpenLDAP service version {$re[2]} successfully started PID {$re[1]}", "{$buffer}", 'system');
return;
}
if (preg_match("#monit\\[.+?Sendmail error:\\s+(.+)#", $buffer, $re)) {
$file = "/etc/artica-postfix/croned.1/monit-sendmail-failed-" . md5($re[1]);
if (IfFileTime($file, 10)) {
events("MONIT -> SENDMAIL FAILED");
//email_events("Monit is unable to send notifications","Monit claim \"$buffer\"\ntry to analyze why postfix send this error:\n{$re[1]}",'system');
WriteFileCache($file);
return;
}
}
if (strpos($buffer, "pam_ldap: ldap_simple_bind Can't contact LDAP server") > 0) {
$file = "/etc/artica-postfix/croned.1/ldap-failed";
if (IfFileTime($file, 10)) {
events("pam_ldap -> LDAP FAILED");
email_events("LDAP server is unavailable", "System claim \"{$buffer}\" artica will try to restart LDAP server ", 'system');
WriteFileCache($file);
shell_exec("{$GLOBALS["nohup"]} /etc/init.d/slapd restart --framework=" . basename(__FILE__) . " >/dev/null 2>&1 &");
return;
}
}
if (preg_match("#net:\\s+failed to bind to server.+?Error:\\s+Can.?t\\s+contact LDAP server#", $buffer)) {
$file = "/etc/artica-postfix/croned.1/ldap-failed";
if (IfFileTime($file, 10)) {
events("NET -> LDAP FAILED");
email_events("LDAP server is unavailable", "System claim \"{$buffer}\" artica will try to restart LDAP server ", 'system');
WriteFileCache($file);
shell_exec("{$GLOBALS["nohup"]} /etc/init.d/slapd restart --framework=" . basename(__FILE__) . " >/dev/null 2>&1 &");
return;
}
}
if (preg_match("#winbindd\\[.+?failed to bind to server\\s+(.+?)\\s+with dn.+?Error: Can.+?contact LDAP server#", $buffer, $re)) {
$file = "/etc/artica-postfix/croned.1/ldap-failed";
if (IfFileTime($file, 10)) {
events("winbindd -> LDAP FAILED");
email_events("LDAP server is unavailable", "Samba claim \"{$buffer}\" artica will try to restart LDAP server ", 'system');
WriteFileCache($file);
shell_exec("{$GLOBALS["nohup"]} /etc/init.d/slapd restart --framework=" . basename(__FILE__) . " >/dev/null 2>&1 &");
return;
}
}
if (preg_match("#smbd\\[.+?User\\s+(.+?)with invalid SID\\s+(.+?)\\s+in passdb#", $buffer, $re)) {
events("SAMBA Invalid SID for {$re[1]}");
$md5 = md5("{$re[1]}{$re[2]}");
$file = "/etc/artica-postfix/croned.1/samba.invalid.sid.{$md5}";
if (IfFileTime($file)) {
$unix = new unix();
$localsid = $unix->GET_LOCAL_SID();
$cmd = LOCATE_PHP5_BIN2() . " /usr/share/artica-postfix/exec.samba.synchronize.php";
$GLOBALS["CLASS_UNIX"]->THREAD_COMMAND_SET($cmd);
email_events("Samba invalid SID for {$re[1]}", "Samba claim \"{$buffer}\"\nUser:{$re[1]} with sid {$re[2]} has this server has the SID {$localsid}\nArtica will re-sync accounts", 'system');
WriteFileCache($file);
}
return true;
}
if (preg_match("#smbd\\[.+?sid\\s+(.+?)\\s+does not belong to our domain#", $buffer, $re)) {
events("SAMBA Invalid global SID for {$re[1]}");
$md5 = md5("{$re[1]}");
$file = "/etc/artica-postfix/croned.1/samba.invalid.sid.{$md5}";
if (IfFileTime($file)) {
$unix = new unix();
$localsid = $unix->GET_LOCAL_SID();
email_events("Samba global invalid SID for {$re[1]}", "Samba claim \"{$buffer}\"\n{$re[1]} has this server has the real SID {$localsid}\nTry to rebuild the configuration trough artica web Interface", 'system');
WriteFileCache($file);
}
return true;
}
if (preg_match("#NetBIOS name\\s+(.+?)\\s+is too long. Truncating to (.+?)#", $buffer, $re)) {
events("SAMBA NetBIOS name {$re[1]} is too long");
$file = "/etc/artica-postfix/croned.1/NetBIOSNameTooLong";
if (IfFileTime($file)) {
email_events("Samba NetBIOS name {$re[1]} is too long", "Samba claim \"{$buffer}\" \nYou should change your server hostname", 'system');
WriteFileCache($file);
}
return true;
}
if (preg_match('#net:\\s+WARNING:\\s+Ignoring invalid value.+?Bad Pasword#', $buffer, $re)) {
events("SAMBA unknown parameter Bad Pasword");
$file = "/etc/artica-postfix/croned.1/SambaBadPasword";
if (IfFileTime($file)) {
email_events("Samba unknown parameter \"Bad Pasword\"", "Samba claim \"{$buffer}\" Artica will reconfigure samba", 'system');
shell_exec(LOCATE_PHP5_BIN2() . " /usr/share/artica-postfix/exec.samba.php --reconfigure &");
WriteFileCache($file);
}
return true;
}
if (preg_match('#smbd\\[.+Ignoring unknown parameter\\s+"hide_unwriteable_files"#', $buffer, $re)) {
events("SAMBA unknown parameter hide_unwriteable_files");
$file = "/etc/artica-postfix/croned.1/hide_unwriteable_files";
if (IfFileTime($file)) {
email_events("Samba unknown parameter hide_unwriteable_files", "Samba claim \"{$buffer}\" Artica will correct the configuration file", 'system');
shell_exec(LOCATE_PHP5_BIN2() . " /usr/share/artica-postfix/exec.samba.php --fix-HideUnwriteableFiles &");
WriteFileCache($file);
}
return true;
}
if (preg_match('#load_usershare_shares: directory\\s+(.+?)\\s+is not owned by root or does not have the sticky bit#', $buffer, $re)) {
events("SAMBA load_usershare_shares {$re[1]}");
$file = "/etc/artica-postfix/croned.1/load_usershare_shares";
if (IfFileTime($file)) {
email_events("Samba load_usershare_shares permissions issues", "Samba claim \"{$buffer}\" Artica will correct the filesystem directory", 'system');
shell_exec("chmod 1775 {$re['1']}/ &");
shell_exec("chmod chmod +t {$re['1']}/ &");
WriteFileCache($file);
}
return true;
}
if (preg_match("#amavis\\[.+?:\\s+\\(.+?\\)TROUBLE\\s+in child_init_hook:#", $buffer, $re)) {
events("AMAVIS TROUBLE in child_init_hook");
$file = "/etc/artica-postfix/croned.1/amavis." . md5("AMAVIS:TROUBLE in child_init_hook");
if (IfFileTime($file)) {
email_events("Amavis child error", "Amavis claim \"{$buffer}\" the amavis daemon will be restarted", 'postfix');
shell_exec('/etc/init.d/amavis restart &');
WriteFileCache($file);
}
return true;
}
if (preg_match("#amavis\\[.+?:\\s+\\(.+?\\)_DIE:\\s+Suicide in child_init_hook#", $buffer, $re)) {
events("AMAVIS TROUBLE in child_init_hook");
$file = "/etc/artica-postfix/croned.1/amavis." . md5("AMAVIS:TROUBLE in child_init_hook");
if (IfFileTime($file)) {
email_events("Amavis child error", "Amavis claim \"{$buffer}\" the amavis daemon will be restarted", 'postfix');
shell_exec('/etc/init.d/amavis restart &');
WriteFileCache($file);
}
return true;
}
if (preg_match("#smbd_audit:\\s+(.+?)\\|(.+?)\\|(.+?)\\|(.+?)\\|(.+?)\\|(.+?)\\|(.+?)\\|(.+?)\$#", $buffer, $re)) {
events("{$re[5]}/{$re[8]} in xapian queue");
WriteXapian("{$re[5]}/{$re[8]}");
return true;
}
if (preg_match("#dansguardian.+?:\\s+Error connecting to proxy#", $buffer, $re)) {
$file = "/etc/artica-postfix/croned.1/squid.tostart.error";
if (IfFileTime($file, 2)) {
events("Squid not available...! Artica will start squid");
email_events("Proxy error", "DansGuardian claim \"{$buffer}\", Artica will start squid ", 'system');
$GLOBALS["CLASS_UNIX"]->RECONFIGURE_SQUID();
$GLOBALS["CLASS_UNIX"]->THREAD_COMMAND_SET('/etc/init.d/artica-postfix start dansguardian');
WriteFileCache($file);
return;
} else {
events("Proxy error, but take action after 10mn");
return;
}
}
if (preg_match("#zarafa-server.+?INNODB engine is disabled#", $buffer)) {
$file = "/etc/artica-postfix/croned.1/zarafa.INNODB.engine";
if (IfFileTime($file, 2)) {
events("Zarafa innodb errr");
WriteFileCache($file);
return;
} else {
events("Zarafa innodb err, but take action after 10mn");
return;
}
}
if (preg_match("#zarafa-spooler\\[.+?Unable to open admin session.*?Error ([0-9a-zA-Z]+)#", $buffer, $re)) {
$file = "/etc/artica-postfix/croned.1/zarafa.Unable.to.open.admin.session";
events("Unable to open admin session `{$re[1]}` line:" . __LINE__);
if (IfFileTime($file, 3)) {
$restartZarafa = false;
if (preg_match("#0x80040115#", $buffer)) {
events("{$re[1]}: Restart required...");
$restartZarafa = true;
$restartaction = "\nServer will be restarted...\n";
} else {
events("{$re[1]}: Restart NOT required...");
}
email_events("zarafa Spooler service error connecting to zarafa server ({$re[1]})", "Zarafa claim \"{$buffer}\"{$restartaction} ", 'system');
WriteFileCache($file);
if ($restartZarafa) {
events("\"{$GLOBALS["nohup"]} /etc/init.d/zarafa-server restart >/dev/null 2>&1 &\" line:" . __LINE__);
shell_exec("{$GLOBALS["nohup"]} /etc/init.d/zarafa-server restart >/dev/null 2>&1 &");
}
}
return;
}
if (preg_match("#(.+?)\\[.+?segfault at.+?error.+?in.+?\\[#", $buffer, $re)) {
$file = "/etc/artica-postfix/croned.1/segfault.{$re[1]}";
if (IfFileTime($file, 10)) {
events("{$re[1]}: segfault");
email_events("{$re[1]}: segfault", "Kernel claim \"{$buffer}\" ", 'system');
WriteFileCache($file);
return;
}
}
if (preg_match("#kernel:.+?Out of memory:\\s+kill\\s+process\\s+#", $buffer, $re)) {
$file = "/etc/artica-postfix/croned.1/kernel.Out.of.memory";
if (!is_numeric($GLOBALS["NOOUTOFMEMORYREBOOT"])) {
$GLOBALS["NOOUTOFMEMORYREBOOT"] = 0;
}
if (IfFileTime($file, 1)) {
if ($GLOBALS["NOOUTOFMEMORYREBOOT"] != 1) {
events("Out of memory -> REBOOT !!!");
$uptime = $GLOBALS["CLASS_UNIX"]->uptime();
email_events("Out of memory: reboot action performed Uptime:{$uptime}", "Kernel claim \"{$buffer}\" the server will be rebooted", 'system');
WriteFileCache($file);
if ($GLOBALS["SQUID_INSTALLED"]) {
squid_admin_mysql(0, "Memory full: System will be rebooted after running after {$uptime}", "System claim \"{$buffer}\" the operating system will be rebooted", __FILE__, __LINE__);
}
UcarpDown();
shell_exec("{$GLOBALS["SHUTDOWN_BIN"]} -rF now");
return;
} else {
email_events("Out of memory: your system hang !", "Kernel claim \"{$buffer}\" I suggest rebooting the system", 'system');
WriteFileCache($file);
}
}
}
if (preg_match("#kernel:\\s+\\[.+?Out of memory\\s+\\(oom_kill_allocating_task#", $buffer, $re)) {
$file = "/etc/artica-postfix/croned.1/kernel.Out.of.memory";
if (!is_numeric($GLOBALS["NOOUTOFMEMORYREBOOT"])) {
$GLOBALS["NOOUTOFMEMORYREBOOT"] = 0;
}
if (IfFileTime($file, 1)) {
if ($GLOBALS["NOOUTOFMEMORYREBOOT"] != 1) {
events("Out of memory -> REBOOT !!!");
$uptime = $GLOBALS["CLASS_UNIX"]->uptime();
email_events("Out of memory: reboot action performed uptime:{$uptime}", "Kernel claim \"{$buffer}\" the server will be rebooted", 'system');
WriteFileCache($file);
if ($GLOBALS["SQUID_INSTALLED"]) {
squid_admin_mysql(0, "Memory full: System will be rebooted after running after {$uptime}", "System claim \"{$buffer}\" the operating system will be rebooted", __FILE__, __LINE__);
}
UcarpDown();
shell_exec("{$GLOBALS["SHUTDOWN_BIN"]} -rF now");
return;
} else {
email_events("Out of memory: your system hang !", "Kernel claim \"{$buffer}\" I suggest rebooting the system", 'system');
WriteFileCache($file);
}
}
}
if (preg_match("#kernel:.+?ata.+?status:\\s+{\\s+DRDY#", $buffer, $re)) {
if ($GLOBALS["NODRYREBOOT"] == 1) {
events("Hard Disk problem: -> reboot banned");
return;
}
$file = "/etc/artica-postfix/croned.1/kernel.DRDY";
if (IfFileTime($file, 5)) {
events("DRDY -> REBOOT !!!");
exec("/bin/dmesg 2>&1", $results);
$array["buffer"] = $buffer;
$array["dmsg"] = $results;
@mkdir("/etc/artica-postfix/reboot", 644, true);
@file_put_contents("/etc/artica-postfix/reboot/" . time(), serialize($array));
email_events("Hard Disk issue: reboot action performed", "Kernel claim \"{$buffer}\" the server will be rebooted\n" . @implode("\n", $results), 'system');
if ($GLOBALS["SQUID_INSTALLED"]) {
squid_admin_mysql(0, "Memory full: System will be rebooted after running after {$uptime}", "System claim \"{$buffer}\" the operating system will be rebooted", __FILE__, __LINE__);
}
UcarpDown();
shell_exec("{$GLOBALS["SHUTDOWN_BIN"]} -rF now");
return;
}
}
if (preg_match("#winbindd\\[.+?resolve_name: unknown name switch type lmhost#", $buffer, $re)) {
$file = "/etc/artica-postfix/croned.1/winbindd.lmhost.failed";
if (IfFileTime($file, 10)) {
events("winbindd -> lmhost failed");
WriteFileCache($file);
$GLOBALS["CLASS_UNIX"]->THREAD_COMMAND_SET("{$GLOBALS["LOCATE_PHP5_BIN"]} /usr/share/artica-postfix/exec.samba.php --fix-lmhost");
return;
}
}
if (preg_match("#nmbd\\[.+?become_logon_server_success: Samba is now a logon server for workgroup (.+?)\\s+on subnet\\s+([A-Z0-9\\._-]+)#", $buffer, $re)) {
email_events("Samba (file sharing) started domain {$re[1]}/{$re[2]}", "Samba notice: \"{$buffer}\"", 'system');
return;
}
if (preg_match("#zarafa-server.+?Unable to connect to database.+?MySQL server on.+?([0-9\\.]+)#", $buffer)) {
$file = "/etc/artica-postfix/croned.1/zarafa.MYSQL.CONNECT";
if (IfFileTime($file, 2)) {
events("Zarafa Mysql Error errr");
email_events("MailBox server unable connect to database", "Zarafa server claim \"{$buffer}\" ", 'mailbox');
WriteFileCache($file);
return;
} else {
events("MailBox server unable connect to database but take action after 10mn");
return;
}
}
if (preg_match("#winbindd:\\s+Exceeding\\s+[0-9]+\\s+client\\s+connections.+?no idle connection found#", $buffer)) {
$file = "/etc/artica-postfix/croned.1/Winbindd.connect.error";
if (IfFileTime($file, 2)) {
events("winbindd Error connections");
email_events("Winbindd exceeding connections", "Samba server claim \"{$buffer}\" \nArtica will restart samba", 'system');
shell_exec('/etc/init.d/artica-postfix restart samba &');
WriteFileCache($file);
return;
} else {
events("Winbindd exceeding connections take action after 10mn");
return;
}
}
// -------------------------------------------------------------------- MONIT
if (preg_match("#'(.+?)'\\s+total mem amount of\\s+([0-9]+).+?matches resource limit#", $buffer, $re)) {
$file = "/etc/artica-postfix/croned.1/mem.globalmem.monit";
if (IfFileTime($file, 10)) {
$processname = $re[1];
if (preg_match("#mysqlmulti([0-9]+)#", $processname, $ri)) {
$tt = unserialize(@file_get_contents("/etc/artica-postfix/mysql_multi_names.cache"));
$instancenem = $tt[$ri[1]];
$re[1] = "Mysql Instance {$ri[1]} ({$instancenem})";
}
events("{$re[1]} limit memory exceed");
shell_exec("{$GLOBALS["nohup"]} {$GLOBALS["LOCATE_PHP5_BIN"]} " . dirname(__FILE__) . "/exec.watchdog.php --mem >/dev/null 2>&1 &");
system_admin_events("{$re[1]}: memory limit", "Monitor claim \"{$buffer}\"\n" . @implode("\n", $psarr), __FUNCTION__, __FILE__, __LINE__, "watchdog");
WriteFileCache($file);
return;
} else {
events("{$re[1]} limit memory exceed, but take action after 10mn");
return;
}
}
if (preg_match("#monit\\[.+?'(.+?)'\\s+trying to restart#", $buffer, $re)) {
$file = "/etc/artica-postfix/croned.1/restart.{$re[1]}.monit";
if (IfFileTime($file, 5)) {
events("{$re[1]} was restarted");
$processname = $re[1];
if (preg_match("#mysqlmulti([0-9]+)#", $processname, $ri)) {
$tt = unserialize(@file_get_contents("/etc/artica-postfix/mysql_multi_names.cache"));
$instancenem = $tt[$ri[1]];
$re[1] = "Mysql Instance {$ri[1]} ({$instancenem})";
}
WriteFileCache($file);
return;
} else {
events("{$re[1]}: stopped, try to restart, but take action after 10mn");
return;
}
}
if (preg_match("#monit\\[.+?mem usage of\\s+([0-9\\.]+)%\\s+matches resource limit#", $buffer, $re)) {
$file = "/etc/artica-postfix/croned.1/mem.usage.monit";
if (IfFileTime($file, 15)) {
events("{$re[1]}% limit memory exceed");
shell_exec("{$GLOBALS["nohup"]} {$GLOBALS["LOCATE_PHP5_BIN"]} " . dirname(__FILE__) . "/exec.watchdog.php --mem >/dev/null 2>&1 &");
system_admin_events("{$re[1]}% memory limit\nMonitor claim \"{$buffer}\"\n", __FUNCTION__, __FILE__, __LINE__, "watchdog");
WriteFileCache($file);
return;
} else {
events("{$re[1]}% limit memory exceed, but take action after 15mn");
return;
}
}
if (preg_match("#monit\\[.+?'(.+?)'\\s+process is not running#", $buffer, $re)) {
$file = "/etc/artica-postfix/croned.1/restart.{$re[1]}.monit";
if (IfFileTime($file, 5)) {
events("{$re[1]} was stopped");
$processname = $re[1];
if (preg_match("#mysqlmulti([0-9]+)#", $processname, $ri)) {
$tt = unserialize(@file_get_contents("/etc/artica-postfix/mysql_multi_names.cache"));
$instancenem = $tt[$ri[1]];
$re[1] = "Mysql Instance {$ri[1]} ({$instancenem})";
}
WriteFileCache($file);
return;
} else {
events("{$re[1]}: stopped, but take action after 10mn");
return;
}
}
if (preg_match("#pdns\\[.+?:\\s+binding UDP socket to.+?Address already in use#", $buffer, $re)) {
$file = "/etc/artica-postfix/croned.1/restart.pdns.bind.error";
if (IfFileTime($file, 5)) {
events("PowerDNS: Unable to bind UDP socket");
email_events("PowerDNS: Unable to bind UDP socket", "Artica will restart PowerDNS", 'system');
$GLOBALS["CLASS_UNIX"]->THREAD_COMMAND_SET('/etc/init.d/artica-postfix restart pdns');
WriteFileCache($file);
return;
} else {
events("PowerDNS: Unable to bind UDP socket: but take action after 10mn");
return;
}
}
//pdns_recursor[5011]: Failed to update . records, RCODE=2
if (preg_match("#pdns_recursor\\[.+?:\\s+Failed to update \\. records, RCODE=2#", $buffer, $re)) {
$file = "/etc/artica-postfix/croned.1/restart.pdns.RCODE2.error";
if (IfFileTime($file, 5)) {
events("PowerDNS: Unable to query Public DNS");
//email_events("PowerDNS: Unable to query Public DNS","PowerDNS claim: $buffer,It seems that your Public DNS are not available or network is down",'system');
WriteFileCache($file);
return;
} else {
events("PowerDNS: Unable to query Public DNS: but take action after 10mn");
return;
}
}
if (preg_match("#cpu system usage of ([0-9\\.]+)% matches#", $buffer, $re)) {
$file = "/etc/artica-postfix/croned.1/cpu.system.monit";
if (IfFileTime($file, 15)) {
events("cpu exceed");
system_admin_events("CPU warning {$re[1]}%\nMonitor claim \"{$buffer}\"", __FUNCTION__, __FILE__, __LINE__, "watchdog");
shell_exec("{$GLOBALS["nohup"]} {$GLOBALS["LOCATE_PHP5_BIN"]} " . dirname(__FILE__) . "/exec.watchdog.php --cpu >/dev/null 2>&1 &");
WriteFileCache($file);
return;
} else {
events("cpu exceed, but take action after 10mn");
return;
}
}
if (preg_match("#monit.+?loadavg.+?of\\s+([0-9\\.]+)\\s+matches resource limit#", $buffer, $re)) {
$file = "/etc/artica-postfix/croned.1/load.system.monit";
if (IfFileTime($file, 15)) {
events("Load exceed");
system_admin_events("Load warning {$re[1]}\nMonitor claim \"{$buffer}\"", __FUNCTION__, __FILE__, __LINE__, "watchdog");
shell_exec("{$GLOBALS["nohup"]} {$GLOBALS["LOCATE_PHP5_BIN"]} " . dirname(__FILE__) . "/exec.watchdog.php --loadavg >/dev/null 2>&1 &");
WriteFileCache($file);
return;
} else {
events("Load exceed, but take action after 15mn");
return;
}
}
if (preg_match("#monit.+?'(.+)'\\s+start:#", $buffer, $re)) {
$file = "/etc/artica-postfix/croned.1/monit.start.{$re[1]}";
if (IfFileTime($file, 5)) {
events("{$re[1]} start");
WriteFileCache($file);
return;
} else {
events("{$re[1]} start, but take action after 10mn");
return;
}
}
if (preg_match("#monit\\[.+?:\\s+'(.+?)'\\s+process is running with pid\\s+([0-9]+)#", $buffer, $re)) {
$file = "/etc/artica-postfix/croned.1/monit.run.{$re[1]}";
if (IfFileTime($file, 5)) {
events("{$re[1]} running");
WriteFileCache($file);
return;
} else {
events("{$re[1]} running, but take action after 10mn");
return;
}
}
if (preg_match("#nmbd.+?:\\s+Cannot sync browser lists#", $buffer, $re)) {
$file = "/etc/artica-postfix/croned.1/samba.CannotSyncBrowserLists.error";
if (IfFileTime($file)) {
events("Samba cannot sync browser list, remove /var/lib/samba/wins.dat");
@unlink("/var/lib/samba/wins.dat");
WriteFileCache($file);
} else {
events("Samba error:{$buffer}, but take action after 10mn");
return;
}
}
if (preg_match("#freshclam.+?:\\s+Database updated \\(([0-9]+)\\s+signatures\\) from .+?#", $buffer, $re)) {
email_events("ClamAV Database Updated {$re[1]} signatures", "{$buffer}", 'update');
shell_exec("{$GLOBALS["nohup"]} {$GLOBALS["LOCATE_PHP5_BIN"]} " . basename(__FILE__) . "/exec.clamavsig.php >/dev/null 2>&1 &");
return;
}
if (preg_match("#freshclam\\[.+?:\\s+Database updated\\s+\\(#", $buffer, $re)) {
shell_exec("{$GLOBALS["nohup"]} {$GLOBALS["LOCATE_PHP5_BIN"]} " . basename(__FILE__) . "/exec.clamavsig.php >/dev/null 2>&1 &");
}
if (preg_match("#freshclam.+?Can.+?t\\s+connect to port\\s+([0-9]+)\\s+of\\s+host\\s+(.+?)\\s+#", $buffer, $re)) {
$host = $re[2] . ":" . $re[1];
$file = "/etc/artica-postfix/croned.1/freshclam.error." . md5($host);
if (IfFileTime($file)) {
email_events("Unable to update ClamAV Databases from {$host}", "freshclam claim {$buffer}\nCheck is this server hav access to Internet\nCheck your proxy configuration", 'update');
WriteFileCache($file);
return;
} else {
events("KAV4PROXY error:{$buffer}, but take action after 10mn");
return;
}
}
if (preg_match("#KASERROR.+?NOLOGID.+?Can.+?find user mailflt3#", $buffer)) {
$file = "/etc/artica-postfix/croned.1/KASERROR.NOLOGID.mailflt3";
if (IfFileTime($file)) {
$GLOBALS["CLASS_UNIX"]->THREAD_COMMAND_SET('/usr/share/artica-postfix/bin/artica-install --mailflt3');
WriteFileCache($file);
return;
} else {
events("KASERROR error:{$buffer}, but take action after 10mn");
return;
}
}
if (preg_match("#lmtp.+?status=deferred.+?lmtp\\]:.+?(No such file or directory|Too many levels of symbolic links)#", $buffer, $re)) {
$file = "/etc/artica-postfix/croned.1/cyrus.lmtp.failed";
if (IfFileTime($file)) {
email_events("cyrus-imapd socket error", "Postfix claim \"{$buffer}\", Artica will restart cyrus", 'system');
$GLOBALS["CLASS_UNIX"]->THREAD_COMMAND_SET('/usr/share/artica-postfix/bin/artica-install --cyrus-checkconfig');
$GLOBALS["CLASS_UNIX"]->THREAD_COMMAND_SET('/etc/init.d/cyrus-imapd restart');
$GLOBALS["CLASS_UNIX"]->THREAD_COMMAND_SET("{$GLOBALS["LOCATE_PHP5_BIN"]} /usr/share/artica-postfix/exec.postfix.main.cf.php --imap-sockets");
cyrus_socket_error($buffer, $re[1] . "lmtp");
WriteFileCache($file);
return;
} else {
events("CYRUS error:{$buffer}, but take action after 10mn");
return;
}
}
if (preg_match("#rsyncd\\[.+?:\\s+recv.+?\\[(.+?)\\].+?([0-9]+)\$#", $buffer, $re)) {
$file = md5($buffer);
@mkdir('{$GLOBALS["ARTICALOGDIR"]}/rsync', null, true);
$f["IP"] = $re[1];
$f["DATE"] = date('Y-m-d H:00:00');
$f["SIZE"] = $re[2];
@file_put_contents("{$GLOBALS["ARTICALOGDIR"]}/rsync/{$file}", serialize($f));
}
if (preg_match("#kavmilter.+?Can.+?t load keys: No active key#", $buffer, $re)) {
$file = "/etc/artica-postfix/croned.1/kavmilter.key.failed";
if (IfFileTime($file)) {
email_events("Kaspersky Antivirus Mail license error", "KavMilter claim \"{$buffer}\"", 'system');
WriteFileCache($file);
return;
} else {
events("Kaspersky Antivirus Mail license error:{$buffer}, but take action after 10mn");
return;
}
}
if (preg_match("#kavmd.+?Can.+?t load keys:.+?#", $buffer, $re)) {
$file = "/etc/artica-postfix/croned.1/kavmd.key.failed";
if (IfFileTime($file)) {
email_events("Kaspersky Antivirus Mail license error", "Kaspersky Antivirus Mail claim \"{$buffer}\"", 'system');
WriteFileCache($file);
return;
} else {
events("Kaspersky Antivirus Mail license error:{$buffer}, but take action after 10mn");
return;
}
}
if (preg_match("#kavmd.+?ERROR Engine problem#", $buffer, $re)) {
$file = "/etc/artica-postfix/croned.1/kavmd.engine.failed";
if (IfFileTime($file)) {
email_events("Kaspersky Antivirus Mail Engine error", "Kaspersky Antivirus Mail claim \"{$buffer}\"", 'system');
WriteFileCache($file);
return;
} else {
events("Kaspersky Antivirus Mail Engine error:{$buffer}, but take action after 10mn");
return;
}
}
if (preg_match("#kavmilter.+?WARNING.+?Your AV signatures are older than#", $buffer, $re)) {
$file = "/etc/artica-postfix/croned.1/kavmilter.upd.failed";
if (IfFileTime($file)) {
email_events("Kaspersky Antivirus Mail AV signatures are older", "KavMilter claim \"{$buffer}\"", 'system');
WriteFileCache($file);
return;
} else {
events("Kaspersky Antivirus update license error:{$buffer}, but take action after 10mn");
return;
}
}
if (preg_match("#dansguardian.+?Error compiling regexp#", $buffer, $re)) {
$file = "/etc/artica-postfix/croned.1/dansguardian.compiling.regexp";
if (IfFileTime($file)) {
email_events("Dansguardian failed to start", "Dansguardian claim \"{$buffer}\"", 'system');
WriteFileCache($file);
return;
} else {
events("Dansguardian failed to start:{$buffer}, but take action after 10mn");
return;
}
}
if (preg_match("#kavmilter.+?Invalid value specified for SendmailPath#", $buffer, $re)) {
$file = "/etc/artica-postfix/croned.1/kavmilter.SendmailPath.Invalid";
if (IfFileTime($file)) {
events("Check SendmailPath for kavmilter");
$GLOBALS["CLASS_UNIX"]->THREAD_COMMAND_SET("{$GLOBALS["LOCATE_PHP5_BIN"]} /usr/share/artica-postfix/exec.kavmilter.php --SendmailPath");
WriteFileCache($file);
return;
} else {
events("Check SendmailPath for kavmilter:{$buffer}, but take action after 10mn");
return;
}
}
if (preg_match("#KAVMilter Error.+?Group.+?Default.+?has error#", $buffer, $re)) {
$file = "/etc/artica-postfix/croned.1/kavmilter.Default.error";
if (IfFileTime($file)) {
events("Check Group default for kavmilter");
$GLOBALS["CLASS_UNIX"]->THREAD_COMMAND_SET("{$GLOBALS["LOCATE_PHP5_BIN"]} /usr/share/artica-postfix/exec.kavmilter.php --default-group");
WriteFileCache($file);
return;
} else {
events("Check Group default for kavmilter:{$buffer}, but take action after 10mn");
return;
}
}
if (preg_match("#kavmilter.+?Message INFECTED from (.+?)\\(remote:\\[(.+?)\\).+?with\\s+(.+?)\$#", $buffer, $re)) {
events("KAVMILTER INFECTION <{$re[1]}> {$re[2]}");
infected_queue("kavmilter", trim($re[1]), trim($re[2]), trim($re[3]));
return;
}
if (preg_match("#pdns\\[.+?\\[LdapBackend.+?Ldap connection to server failed#", $buffer, $re)) {
$file = "/etc/artica-postfix/croned.1/pdns.ldap.error";
if (IfFileTime($file)) {
events("PDNS LDAP FAILED");
email_events("PowerDNS ldap connection failed", "PowerDNS claim \"{$buffer}\"", 'system');
WriteFileCache($file);
return;
} else {
events("PDNS FAILED:{$buffer}, but take action after 10mn");
return;
}
}
if (preg_match("#master.+?cannot find executable for service.+?sieve#", $buffer, $re)) {
$file = "/etc/artica-postfix/croned.1/cyrus.sieve.error";
if (IfFileTime($file)) {
events("Check sieve path");
$GLOBALS["CLASS_UNIX"]->THREAD_COMMAND_SET("/usr/share/artica-postfix/bin/artica-install --reconfigure-cyrus");
WriteFileCache($file);
return;
} else {
events("Check sieve path error :{$buffer}, but take action after 10mn");
return;
}
}
if (preg_match("#smbd\\[.+?write_data: write failure in writing to client 0.0.0.0. Error Connection reset by peer#", $buffer, $re)) {
$file = "/etc/artica-postfix/croned.1/samba.Error.Connection.reset.by.peer.error";
if (IfFileTime($file)) {
events("Check sieve Error Connection reset by peer");
$text[] = "Your MS Windows computers should not have access to the server cause network generic errors";
$text[] = "- Check these parameters:";
$text[] = "- Check if Apparmor or SeLinux are disabled on the server.";
$text[] = "- Check your hard drives by this command-line: hdparm -tT /dev/sda(0-9)";
$text[] = "- Check that 137|138|139|445 ports is open from workstation to this server";
$text[] = "- Check network switch or hub connection between this server and your workstations.";
$text[] = "- Try to add this registry key [HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Disk]\n\t\"TimeOutValue\"=dword:0000003c";
email_events("Samba network error", "Samba claim \"{$buffer}\"\n" . implode("\n", $text), 'system');
WriteFileCache($file);
return;
} else {
events("Check sieve Error Connection reset by peer :{$buffer}, but take action after 10mn");
return;
}
}
$mem = round(memory_get_usage() / 1024 / 1000, 2);
events_not_filtered("Not Filtered:\"{$buffer}\" (line " . __LINE__ . ") memory: {$mem}MB");
}
function quarantine_process($file)
{
if (!is_numeric($GLOBALS["ArticaMetaEnabled"])) {
$sock = new sockets();
$ArticaMetaEnabled = $sock->GET_INFO("ArticaMetaEnabled");
if ($ArticaMetaEnabled == null) {
$ArticaMetaEnabled = 0;
}
$GLOBALS["ArticaMetaEnabled"] = $ArticaMetaEnabled;
$meta = new artica_meta();
$GLOBALS["UUID"] = $meta->uuid;
$GLOBALS["SERIAL"] = $meta->serial;
}
$fullmessagesdir = "/opt/artica/share/www/original_messages";
$target_file = $file . ".eml";
$decompress = true;
if (preg_match("#\\.gz\$#", $file)) {
events("gunzip compressed, decompressing {$file} to {$target_file}");
@mkdir("/tmp/amavis-quar");
$cmd = "/bin/gunzip -d -c \"{$file}\" >{$target_file} 2>&1";
$values = system($cmd);
if (!is_file($target_file)) {
events("Failed decompress {$file} \"{$values}\"");
return false;
}
} else {
$target_file = $file;
$decompress = false;
}
$ldap = new clladp();
$q = new mysql();
events("Unpack {$target_file} " . @filesize($target_file) . " bytes");
$mm = new demime($target_file);
if (!$mm->unpack()) {
events("Failed unpack with error \"{$mm->error}\"");
@unlink($target_file);
return false;
}
$message_html = $mm->ExportToHtml($target_file);
if (strlen($message_html) == 0) {
if ($decompress) {
@unlink($target_file);
}
return false;
}
if (count($mm->mailto_array) == 0) {
events("No recipients Aborting");
if ($decompress) {
@unlink($target_file);
}
return true;
}
$filesize = filesize($target_file);
events("Message with " . count($mm->mailto_array) . " recipients html file:" . strlen($message_html) . " bytes");
if (preg_match("#(.+?)@(.+)#", $mm->mailfrom, $re)) {
$domain_from = $re[2];
}
$message_html = addslashes($message_html);
$filename = basename($target_file);
$newmessageid = md5($mm->message_id . $recipient);
$sqlfilesize = @filesize($target_file);
if ($sqlfilesize == 0) {
events("error \"{$target_file}\" filesize=0!!!");
WriteToSyslogMail("message-id=<{$mm->message_id}> from=<{$mm->mailfrom}> to=<{$impled_rctp}> size={$filesize} filesize error", __FILE__, true);
return false;
}
$BinMessg = addslashes(fread(fopen($target_file, "r"), $sqlfilesize));
if (strlen($BinMessg) == 0) {
events("error \"{$target_file}\" BinMessg=0!!!");
WriteToSyslogMail("message-id=<{$mm->message_id}> from=<{$mm->mailfrom}> to=<{$impled_rctp}> size={$filesize} filesize error", __FILE__, true);
return false;
}
if (count($mm->mailto_array) == 0) {
WriteToSyslogMail("message-id=<{$mm->message_id}> from=<{$mm->mailfrom}> size={$filesize} recipient error", __FILE__, true);
return false;
}
reset($mm->mailto_array);
while (list($num, $recipient) = each($mm->mailto_array)) {
if (preg_match("#(.+?)@(.+)#", $recipient, $re)) {
$recipient_domain = $re[2];
}
$ou = $mm->GetOuFromEmail($recipient);
if ($ou == null) {
events("Failed to get organization name from \"{$recipient_domain}\"");
}
$sql = "INSERT IGNORE INTO quarantine (\n\t\t\t\tMessageID,\n\t\t\t\tzDate,\n\t\t\t\tmailfrom,\n\t\t\t\tmailfrom_domain,\n\t\t\t\tsubject,\n\t\t\t\tMessageBody,\n\t\t\t\torganization,\n\t\t\t\tmailto,\n\t\t\t\toriginal_messageid,\n\t\t\t\tmessage_size,BinMessg,filename,filesize\n\t\t\t\t)\n\t\t\tVALUES(\n\t\t\t\t'{$newmessageid}',\n\t\t\t\t'{$mm->message_date}',\n\t\t\t\t'{$mm->mailfrom}',\n\t\t\t\t'{$domain_from}',\n\t\t\t\t'{$mm->subject}',\n\t\t\t\t'{$message_html}',\n\t\t\t\t'{$ou}',\n\t\t\t\t'{$recipient}',\n\t\t\t\t'{$mm->message_id}',\n\t\t\t\t'{$filesize}','{$BinMessg}','{$filename}','{$sqlfilesize}')";
if (!$q->QUERY_SQL($sql, "artica_backup")) {
events($q->mysql_error);
file_put_contents("/var/log/artica-postfix/mysql-error." . md5($sql) . ".err", "{$sql}\n\n{$q->mysql_error}");
events("error saved into /var/log/artica-postfix/mysql-error." . md5($sql) . ".err");
if ($decompress) {
@unlink($target_file);
}
return false;
} else {
if ($GLOBALS["ArticaMetaEnabled"] == 1) {
if ($GLOBALS["SERIAL"] != null) {
$md5 = md5("{$newmessageid}{$mm->message_date}");
$sqlmeta = "('{$GLOBALS["UUID"]}','{$GLOBALS["SERIAL"]}','{$newmessageid}','{$mm->message_date}',";
$sqlmeta = $sqlmeta . "'{$mm->mailfrom}','{$domain_from}','{$recipient}','{$mm->subject}','{$ou}','{$mm->message_id}',";
$sqlmeta = $sqlmeta . "'{$filesize}','{$sqlfilesize}')";
@file_put_contents("/var/log/artica-postfix/artica-meta-msgs/{$md5}.quar", $sqlmeta);
}
}
WriteToSyslogMail("{$mm->message_id}: <{$mm->mailfrom}> to: <{$recipient}> size={$filesize} bytes (saved into quarantine area)", __FILE__);
events("time={$mm->message_date} message-id=<{$mm->message_id}> from=<{$mm->mailfrom}> to=<{$recipient}> size={$filesize}");
}
}
if ($decompress) {
@unlink($target_file);
}
return true;
}
function ApplyConfig($smooth = false)
{
if (function_exists("WriteToSyslogMail")) {
WriteToSyslogMail("Invoke ApplyConfig function", basename(__FILE__));
}
$unix = new unix();
$ulimit = $unix->find_program("ulimit");
if (is_file($ulimit)) {
shell_exec("{$ulimit} -HSd unlimited");
} else {
echo "Starting......: " . date("H:i:s") . " [SYS]: Squid ulimit no such binary...\n";
}
echo "Starting......: " . date("H:i:s") . " [SYS]: Squid apply kernel settings\n";
build_progress("{reconfigure} Kernel values", 46);
kernel_values();
echo "Starting......: " . date("H:i:s") . " [SYS]: Squid apply Checks security limits\n";
build_progress("{reconfigure} Security limits", 47);
security_limit();
echo "Starting......: " . date("H:i:s") . " [SYS]: Squid Checking Remote appliances...\n";
build_progress("{reconfigure} checks remote appliances", 48);
remote_appliance_restore_tables();
echo "Starting......: " . date("H:i:s") . " [SYS]: Squid Checking Remote appliances done...\n";
$nohup = $unix->find_program("nohup");
$php5 = $unix->LOCATE_PHP5_BIN();
$squidbin = $unix->find_program("squid");
$SQUID_CONFIG_PATH = $unix->SQUID_CONFIG_PATH();
echo "Starting......: " . date("H:i:s") . " [SYS]: Squid loading libraires...\n";
$sock = new sockets();
$squid = new squidbee();
if (!is_file($squidbin)) {
$squidbin = $unix->find_program("squid3");
}
echo "Starting......: " . date("H:i:s") . " [SYS]: Squid binary: `{$squidbin}`\n";
echo "Starting......: " . date("H:i:s") . " [SYS]: Squid Conf..: `{$SQUID_CONFIG_PATH}`\n";
echo "Starting......: " . date("H:i:s") . " [SYS]: Squid php...: `{$php5}`\n";
echo "Starting......: " . date("H:i:s") . " [SYS]: Squid nohup.: `{$nohup}`\n";
$DenySquidWriteConf = $sock->GET_INFO("DenySquidWriteConf");
if (!is_numeric($DenySquidWriteConf)) {
$DenySquidWriteConf = 0;
}
echo "Starting......: " . date("H:i:s") . " [SYS]: Squid Checking `DenySquidWriteConf` = {$DenySquidWriteConf}\n";
@copy("/etc/artica-postfix/settings/Daemons/SquidNudityScanParams", "/etc/squid3/SquidNudityScanParams");
echo "Starting......: " . date("H:i:s") . " [SYS]: Squid Checking `NudeBooster`\n";
build_progress("{reconfigure} Nude booster", 49);
NudeBooster();
if (!is_dir("/usr/share/squid-langpack")) {
echo "Starting......: " . date("H:i:s") . " [SYS]: Squid Checking Templates from MySQL\n";
$unix->THREAD_COMMAND_SET("{$php5} " . __FILE__ . " --tpl-save");
}
$EnableRemoteStatisticsAppliance = 0;
echo "Starting......: " . date("H:i:s") . " [SYS]: Squid Build blocked Websites list...\n";
if (!is_dir("/etc/squid3/artica-meta")) {
@mkdir("/etc/squid3/artica-meta", 0755, true);
}
if (!is_file("/etc/squid3/artica-meta/whitelist-net.db")) {
@touch("/etc/squid3/artica-meta/whitelist-net.db");
}
if (!is_file("/etc/squid3/artica-meta/whitelist-domains.db")) {
@touch("/etc/squid3/artica-meta/whitelist-domains.db");
}
build_progress("{reconfigure} Whitelisted browsers", 50);
acl_whitelisted_browsers();
build_progress("{reconfigure} allowed browsers", 51);
acl_allowed_browsers();
echo "Starting......: " . date("H:i:s") . " Checking wrapzap\n";
build_progress("{reconfigure} wrapzap", 52);
wrapzap();
build_progress("{reconfigure} Mime.conf", 53);
mime_conf();
build_progress("{reconfigure} Blocked websites", 54);
$squid->BuildBlockedSites();
build_progress("{reconfigure} FTP clients ACLs", 55);
acl_clients_ftp();
build_progress("{checking_wccp_mode}", 55);
system("{$php5} /usr/share/artica-postfix/exec.squid.wccp.php --squid");
build_progress("{reconfigure} Dynamic rules caches", 56);
echo "Starting......: " . date("H:i:s") . " [SYS]: Dynamic rules caches...\n";
dyn_caches();
build_progress("{reconfigure} Webfiltering whitelisted", 57);
echo "Starting......: " . date("H:i:s") . " [SYS]: Squid Build url_rewrite_access deny...\n";
urlrewriteaccessdeny();
echo "Starting......: " . date("H:i:s") . " [SYS]:Squid building main configuration done\n";
build_progress("{reconfigure} Check files and security", 58);
CheckFilesAndSecurity();
$tar = $unix->find_program("tar");
if ($GLOBALS["NOAPPLY"]) {
$DenySquidWriteConf = 0;
}
if ($DenySquidWriteConf == 0) {
@mkdir("/tmp", 0755, true);
$squid->CURRENT_PROGRESS = 79;
$squid->MAX_PROGRESS = 79;
$conf = $squid->BuildSquidConf();
$conf = str_replace("\n\n", "\n", $conf);
build_progress("{writing_configuration}", 79);
@file_put_contents("/tmp/squid.conf", $conf);
echo "Starting......: " . date("H:i:s") . " [SYS]: Squid Check validity of the configuration file with /tmp/squid.conf...\n";
$GLOBALS["SQUID_PATTERN_ERROR"] = array();
$squid_checks = new squid_checks("/tmp/squid.conf");
if (!$squid_checks->squid_parse()) {
build_progress("{checking}: {failed}", 110);
return;
}
echo "Starting......: " . date("H:i:s") . " [SYS]: Squid Check validity OK...\n";
if ($GLOBALS["NOAPPLY"]) {
echo "Starting......: " . date("H:i:s") . " [SYS]: WARNING \"NOAPPLY\" Artica is denied to apply settings...\n";
return true;
}
echo "Starting......: " . date("H:i:s") . " [SYS]: Squid Writing configuration file \"{$SQUID_CONFIG_PATH}\" " . strlen($conf) . " bytes...\n";
@file_put_contents($SQUID_CONFIG_PATH, $conf);
@mkdir("/etc/squid3", 0755, true);
if ($SQUID_CONFIG_PATH != "/etc/squid3/squid.conf") {
@file_put_contents("/etc/squid3/squid.conf", $conf);
}
$sock->TOP_NOTIFY("{squid_parameters_was_saved}", "info");
$cmd = $unix->LOCATE_PHP5_BIN() . " " . __FILE__ . " --templates --noreload";
$unix->THREAD_COMMAND_SET($cmd);
}
build_progress("{checking}: squidclamav", 79);
if (!$smooth) {
squidclamav();
}
build_progress("{checking}: wrapzap", 79);
if (!$smooth) {
wrapzap();
}
build_progress("{checking}: Cerificates", 79);
if (!$smooth) {
certificate_generate();
}
$cmd = $nohup . " " . $unix->LOCATE_PHP5_BIN() . " " . __FILE__ . " --cache-infos --force >/dev/null 2>&1 &";
if ($GLOBALS["VERBOSE"]) {
echo "{$cmd}\n";
}
shell_exec($cmd);
shell_exec("{$nohup} {$php5} /usr/share/artica-postfix/exec.syslog-engine.php --rsylogd >/dev/null 2>&1 &");
if (!$smooth) {
build_progress("{checking}: Check Files And Security", 79);
CheckFilesAndSecurity();
}
if (is_file("/root/squid-good.tgz")) {
@unlink("/root/squid-good.tgz");
}
chdir("/etc/squid3");
shell_exec("cd /etc/squid3");
shell_exec("tar -czf /root/squid-good.tgz *");
chdir("/root");
shell_exec("cd /root");
return true;
}
