function purge()
{
$unix = new unix();
$pidfile = "/etc/artica-postfix/pids/" . basename(__FILE__) . "." . __FUNCTION__ . ".pid";
$pidTime = "/etc/artica-postfix/pids/exec.suricata-fw.php.purge.pid";
$pid = @file_get_contents($pidfile);
if ($pid < 100) {
$pid = null;
}
if ($unix->process_exists($pid, basename(__FILE__))) {
echo "PID: {$pid} Already exists....\n";
die;
}
@file_put_contents($pidfile, getmypid());
$pidExec = $unix->file_time_min($pidTime);
if ($pidExec < 15) {
return;
}
@unlink($pidTime);
@file_put_contents($pidTime, time());
$sock = new sockets();
$SuricataFirewallPurges = intval($sock->GET_INFO("SuricataFirewallPurges"));
if ($SuricataFirewallPurges == 0) {
$SuricataFirewallPurges = 24;
}
$q = new postgres_sql();
$sql = "SELECT COUNT(*) as tcount FROM suricata_firewall";
$ligne = pg_fetch_assoc($q->QUERY_SQL($sql));
$CountOfRules = intval($ligne["tcount"]);
if ($CountOfRules == 0) {
echo "No rules...\n";
return;
}
$time = strtotime("-{$SuricataFirewallPurges} hour");
$date = date("Y-m-d H:i:s", $time);
echo "Remove rules before {$date}\n";
$sql = "DELETE FROM suricata_firewall WHERE zdate < '{$date}' ";
$q->QUERY_SQL($sql);
if (!$q->ok) {
system_admin_mysql(0, "Purging MySQL error", $q->mysql_error, __FILE__, __LINE__);
return;
}
$sql = "SELECT COUNT(*) as tcount FROM suricata_firewall";
$ligne = pg_fetch_assoc($q->QUERY_SQL($sql));
$CountOfRules2 = intval($ligne["tcount"]);
$removed = $CountOfRules - $CountOfRules2;
if ($removed == 0) {
return;
}
system_admin_mysql(1, "Purging {$removed} IDS rules ( added before {$date} ) from firewall", null, __FILE__, __LINE__);
xstart(true);
shell_exec("/bin/suricata-fw.sh");
}
ufdb_on();
exit;
}
if ($argv[1] == "--ufdb-off") {
ufdb_off();
exit;
}
if ($argv[1] == "--ufdb-off") {
ufdb_off();
exit;
}
if ($argv[1] == "--ad-on") {
ad_on();
exit;
}
xstart();
function build_progress($text, $pourc)
{
$echotext = $text;
$echotext = str_replace("{reconfigure}", "Reconfigure", $echotext);
echo "Starting......: " . date("H:i:s") . " {$pourc}% {$echotext}\n";
$cachefile = $GLOBALS["CACHEFILE"];
$array["POURC"] = $pourc;
$array["TEXT"] = $text;
@file_put_contents($cachefile, serialize($array));
@chmod($cachefile, 0755);
sleep(1);
}
function ufdb_on()
{
$unix = new unix();
$GLOBALS["FORCE"] = true;
}
if (preg_match("#--reconfigure#", implode(" ", $argv), $re)) {
$GLOBALS["RECONFIGURE"] = true;
}
$GLOBALS["AS_ROOT"] = true;
include_once dirname(__FILE__) . '/ressources/class.ldap.inc';
include_once dirname(__FILE__) . '/ressources/class.squid.inc';
include_once dirname(__FILE__) . '/ressources/class.mysql.inc';
include_once dirname(__FILE__) . '/framework/class.unix.inc';
include_once dirname(__FILE__) . '/framework/frame.class.inc';
include_once dirname(__FILE__) . '/framework/class.settings.inc';
include_once dirname(__FILE__) . '/ressources/class.os.system.inc';
include_once dirname(__FILE__) . '/ressources/class.system.nics.inc';
include_once dirname(__FILE__) . "/ressources/class.influx.inc";
xstart($argv[1]);
function build_progress($text, $pourc)
{
$GLOBALS["PROGRESS_FILE"] = "/usr/share/artica-postfix/ressources/logs/web/squid.statistics-{$GLOBALS["zMD5"]}.progress";
$array["POURC"] = $pourc;
$array["TEXT"] = $text;
echo "[{$pourc}]: {$text}\n";
@file_put_contents($GLOBALS["PROGRESS_FILE"], serialize($array));
@chmod($GLOBALS["PROGRESS_FILE"], 0755);
}
function xstart($md5)
{
$GLOBALS["zMD5"] = $md5;
echo "***********************************\n";
echo "Report ID: {$md5}\n";
echo "***********************************\n";
