function purge() { $unix = new unix(); $pidfile = "/etc/artica-postfix/pids/" . basename(__FILE__) . "." . __FUNCTION__ . ".pid"; $pidTime = "/etc/artica-postfix/pids/exec.suricata-fw.php.purge.pid"; $pid = @file_get_contents($pidfile); if ($pid < 100) { $pid = null; } if ($unix->process_exists($pid, basename(__FILE__))) { echo "PID: {$pid} Already exists....\n"; die; } @file_put_contents($pidfile, getmypid()); $pidExec = $unix->file_time_min($pidTime); if ($pidExec < 15) { return; } @unlink($pidTime); @file_put_contents($pidTime, time()); $sock = new sockets(); $SuricataFirewallPurges = intval($sock->GET_INFO("SuricataFirewallPurges")); if ($SuricataFirewallPurges == 0) { $SuricataFirewallPurges = 24; } $q = new postgres_sql(); $sql = "SELECT COUNT(*) as tcount FROM suricata_firewall"; $ligne = pg_fetch_assoc($q->QUERY_SQL($sql)); $CountOfRules = intval($ligne["tcount"]); if ($CountOfRules == 0) { echo "No rules...\n"; return; } $time = strtotime("-{$SuricataFirewallPurges} hour"); $date = date("Y-m-d H:i:s", $time); echo "Remove rules before {$date}\n"; $sql = "DELETE FROM suricata_firewall WHERE zdate < '{$date}' "; $q->QUERY_SQL($sql); if (!$q->ok) { system_admin_mysql(0, "Purging MySQL error", $q->mysql_error, __FILE__, __LINE__); return; } $sql = "SELECT COUNT(*) as tcount FROM suricata_firewall"; $ligne = pg_fetch_assoc($q->QUERY_SQL($sql)); $CountOfRules2 = intval($ligne["tcount"]); $removed = $CountOfRules - $CountOfRules2; if ($removed == 0) { return; } system_admin_mysql(1, "Purging {$removed} IDS rules ( added before {$date} ) from firewall", null, __FILE__, __LINE__); xstart(true); shell_exec("/bin/suricata-fw.sh"); }
ufdb_on(); exit; } if ($argv[1] == "--ufdb-off") { ufdb_off(); exit; } if ($argv[1] == "--ufdb-off") { ufdb_off(); exit; } if ($argv[1] == "--ad-on") { ad_on(); exit; } xstart(); function build_progress($text, $pourc) { $echotext = $text; $echotext = str_replace("{reconfigure}", "Reconfigure", $echotext); echo "Starting......: " . date("H:i:s") . " {$pourc}% {$echotext}\n"; $cachefile = $GLOBALS["CACHEFILE"]; $array["POURC"] = $pourc; $array["TEXT"] = $text; @file_put_contents($cachefile, serialize($array)); @chmod($cachefile, 0755); sleep(1); } function ufdb_on() { $unix = new unix();
$GLOBALS["FORCE"] = true; } if (preg_match("#--reconfigure#", implode(" ", $argv), $re)) { $GLOBALS["RECONFIGURE"] = true; } $GLOBALS["AS_ROOT"] = true; include_once dirname(__FILE__) . '/ressources/class.ldap.inc'; include_once dirname(__FILE__) . '/ressources/class.squid.inc'; include_once dirname(__FILE__) . '/ressources/class.mysql.inc'; include_once dirname(__FILE__) . '/framework/class.unix.inc'; include_once dirname(__FILE__) . '/framework/frame.class.inc'; include_once dirname(__FILE__) . '/framework/class.settings.inc'; include_once dirname(__FILE__) . '/ressources/class.os.system.inc'; include_once dirname(__FILE__) . '/ressources/class.system.nics.inc'; include_once dirname(__FILE__) . "/ressources/class.influx.inc"; xstart($argv[1]); function build_progress($text, $pourc) { $GLOBALS["PROGRESS_FILE"] = "/usr/share/artica-postfix/ressources/logs/web/squid.statistics-{$GLOBALS["zMD5"]}.progress"; $array["POURC"] = $pourc; $array["TEXT"] = $text; echo "[{$pourc}]: {$text}\n"; @file_put_contents($GLOBALS["PROGRESS_FILE"], serialize($array)); @chmod($GLOBALS["PROGRESS_FILE"], 0755); } function xstart($md5) { $GLOBALS["zMD5"] = $md5; echo "***********************************\n"; echo "Report ID: {$md5}\n"; echo "***********************************\n";