function apache_permissions()
{
$unix = new unix();
$APACHE_SRC_ACCOUNT = $unix->APACHE_SRC_ACCOUNT();
$APACHE_SRC_GROUP = $unix->APACHE_SRC_GROUP();
$f[] = "/var/log/apache2";
$f[] = "/var/cache/apache2";
$f[] = "/var/cache/apache2/mod_pagespeed";
$f[] = "/etc/apache2/logs";
$f[] = "/var/lib/apache2/fastcgi";
$f[] = "/var/run/apache2";
$f[] = "/var/www";
while (list($index, $dir) = each($f)) {
echo "Starting......: " . date("H:i:s") . " [INIT]: apache2 apply permissions on `{$dir}`\n";
if (!is_dir($dir)) {
@mkdir($dir, 0755, true);
}
@chown($dir, $APACHE_SRC_ACCOUNT);
@chgrp($dir, $APACHE_SRC_GROUP);
$unix->chown_func($APACHE_SRC_ACCOUNT, $APACHE_SRC_GROUP, "{$dir}/*");
$unix->chmod_func(0755, $dir);
}
}
function lighttpd_chowndir()
{
$f = explode("\n", @file_get_contents("/etc/lighttpd/lighttpd.conf"));
while (list($num, $line) = each($f)) {
if (preg_match("#server\\.username.*?\"(.+?)\"#", $line, $re)) {
$username = $re[1];
continue;
}
if (preg_match("#server\\.groupname.*?\"(.+?)\"#", $line, $re)) {
$groupname = $re[1];
continue;
}
if ($groupname != null) {
if ($username != null) {
break;
}
}
}
if (is_file($_GET["chowndir"])) {
@chown($_GET["chowndir"], $username);
@chgrp($_GET["chowndir"], $groupname);
return;
}
$unix = new unix();
$unix->chown_func($username, $groupname, base64_decode($_GET["chowndir"]));
}
function sessions_clean()
{
$unix = new unix();
$sock = new sockets();
$TimeFile = "/etc/artica-postfix/pids/" . basename(__FILE__) . "." . __FUNCTION__ . ".time";
$APACHE_SRC_ACCOUNT = $unix->APACHE_SRC_ACCOUNT();
$APACHE_SRC_GROUP = $unix->APACHE_SRC_GROUP();
$CleanPHPSessionTime = $sock->GET_INFO("CleanPHPSessionTime");
if (!is_numeric($CleanPHPSessionTime)) {
$CleanPHPSessionTime = 2880;
}
if ($unix->file_time_min($TimeFile) < 60) {
return;
}
@unlink($TimeFile);
@file_put_contents($TimeFile, time());
if ($CleanPHPSessionTime > 5) {
if (is_dir("/var/lib/php5")) {
foreach (glob("/var/lib/php5/*") as $filename) {
$unix->chown_func($APACHE_SRC_ACCOUNT, $APACHE_SRC_GROUP, $filename);
$time = $unix->file_time_min($filename);
if ($time > 2880) {
$unix->_syslog("Clean: Remove PHP Session file " . basename($filename) . " {$time}Mn", basename(__FILE__));
@unlink($filename);
}
}
}
if (is_dir("/var/lib/php5-zarafa")) {
foreach (glob("/var/lib/php5-zarafa/*") as $filename) {
$time = $unix->file_time_min($filename);
if ($time > 2880) {
$unix->_syslog("Clean: Remove PHP Zarafa Session file " . basename($filename) . " {$time}Mn", basename(__FILE__));
@unlink($filename);
}
}
}
}
foreach (glob("/usr/share/artica-postfix/ressources/logs/jGrowl/*") as $filename) {
$time = $unix->file_time_min($filename);
if ($time > 360) {
@unlink($filename);
}
}
foreach (glob("/usr/share/artica-postfix/ressources/conf/*") as $filename) {
$time = $unix->file_time_min($filename);
if ($time > 360) {
@unlink($filename);
}
}
}
function SERVICE_START($nochecks = false, $nopid = false)
{
$unix = new unix();
$sock = new sockets();
$kill = $unix->find_program("kill");
if (!$nopid) {
$pidfile = "/etc/artica-postfix/pids/" . basename(__FILE__) . "." . __FUNCTION__ . ".pid";
$pid = @file_get_contents($pidfile);
if ($unix->process_exists($pid, basename(__FILE__))) {
$time = $unix->PROCCESS_TIME_MIN($pid);
echo "Starting......: " . date("H:i:s") . " MySQL this script is already executed PID: {$pid} since {$time}Mn\n";
if ($time < 5) {
if (!$GLOBALS["FORCE"]) {
return;
}
}
unix_system_kill_force($pid);
}
@file_put_contents($pidfile, getmypid());
}
if (is_file("/etc/artica-postfix/mysql.stop")) {
echo "Starting......: " . date("H:i:s") . " MySQL locked, exiting\n";
return;
}
$PID_NUM = PID_NUM();
if ($unix->process_exists($PID_NUM)) {
$timemin = $unix->PROCCESS_TIME_MIN($PID_NUM);
echo "Starting......: " . date("H:i:s") . " MySQL already running PID \"{$PID_NUM}\" since {$timemin}Mn\n";
return;
}
$mysql_install_db = $unix->find_program('mysql_install_db');
$mysqlbin = $unix->LOCATE_mysqld_bin();
$php5 = $unix->LOCATE_PHP5_BIN();
$nohup = $unix->find_program("nohup");
if (!is_file($mysqlbin)) {
echo "Starting......: " . date("H:i:s") . " MySQL is not installed, abort\n";
return;
}
$EnableMysqlFeatures = $sock->GET_INFO('EnableMysqlFeatures');
$MysqlBinAllAdresses = $sock->GET_INFO('MysqlBinAllAdresses');
$MySQLTMPMEMSIZE = $sock->GET_INFO('MySQLTMPMEMSIZE');
$MysqlTooManyConnections = $sock->GET_INFO("MysqlTooManyConnections");
$MysqlRemoveidbLogs = $sock->GET_INFO("MysqlRemoveidbLogs");
$innodb_force_recovery = $sock->GET_INFO("innodb_force_recovery");
if (!is_numeric($innodb_force_recovery)) {
$innodb_force_recovery = 0;
}
if (!is_numeric($MysqlRemoveidbLogs)) {
$MysqlRemoveidbLogs = 0;
}
if (!is_numeric($MysqlBinAllAdresses)) {
$MysqlBinAllAdresses = 0;
}
if (!is_numeric($MySQLTMPMEMSIZE)) {
$MySQLTMPMEMSIZE = 0;
}
if (!is_numeric($MysqlTooManyConnections)) {
$MysqlTooManyConnections = 0;
}
if (!is_numeric($EnableMysqlFeatures)) {
$EnableMysqlFeatures = 1;
}
$MySqlTmpDir = $sock->GET_INFO('MySQLTMPDIR');
$MySQLLOgErrorPath = $sock->GET_INFO('MySQLLOgErrorPath');
$datadir = $unix->MYSQL_DATA_DIR();
$EnableMysqlLog = $sock->GET_INFO("EnableMysqlLog");
if (!is_numeric($EnableMysqlLog)) {
$EnableMysqlLog = 0;
}
if ($datadir == null) {
$datadir = '/var/lib/mysql';
}
if ($MySqlTmpDir == '/tmp') {
$MySqlTmpDir = null;
}
if ($MySQLLOgErrorPath == null) {
$MySQLLOgErrorPath = $datadir . '/mysqld.err';
}
if ($MysqlTooManyConnections == 1) {
echo "Starting......: " . date("H:i:s") . " MySQL MysqlTooManyConnections=1, abort\n";
return;
}
if (isset($GLOBALS["RECOVERY"])) {
$innodb_force_recovery = $GLOBALS["RECOVERY"];
}
if (strlen($MySqlTmpDir) > 3) {
echo "Starting......: " . date("H:i:s") . " MySQL tempdir : {$MySqlTmpDir}\n";
shell_exec("{$php5} /usr/share/artica-postfix/exec.mysql.build.php --tmpfs");
$MySqlTmpDir = str_replace("//", "/", $MySqlTmpDir);
if (!is_dir($MySqlTmpDir)) {
@mkdir($MySqlTmpDir, 0755, true);
$unix->chown_func("mysql", "mysql", $MySqlTmpDir);
}
$MySqlTmpDirCMD = " --tmpdir={$MySqlTmpDir}";
}
if ($EnableMysqlFeatures == 0) {
echo "Starting......: " . date("H:i:s") . " MySQL is disabled by \"EnableMysqlFeatures\"...\n";
return;
}
$pid_file = "/var/run/mysqld/mysqld.pid";
$socket = "/var/run/mysqld/mysqld.sock";
$mysql_user = "******";
@mkdir("/var/run/mysqld", 0755, true);
@mkdir("/var/log/mysql", 0755, true);
@mkdir($datadir, 0755, true);
$dirs = $unix->dirdir("/var/lib/mysql");
while (list($num, $directory) = each($dirs)) {
echo "Starting......: " . date("H:i:s") . " MySQL, apply permissions on " . basename($directory) . "\n";
$unix->chown_func("mysql", "mysql", "{$directory}/*");
}
$bind_address = ' --bind-address=127.0.0.1';
$bind_address2 = "127.0.0.1";
if ($MysqlBinAllAdresses == 1) {
$bind_address2 = 'All (0.0.0.0)';
$bind_address = ' --bind-address=0.0.0.0';
}
echo "Starting......: " . date("H:i:s") . " MySQL Pid path.......:{$pid_file}\n";
echo "Starting......: " . date("H:i:s") . " datadir..............:{$datadir}\n";
echo "Starting......: " . date("H:i:s") . " Log error............:{$MySQLLOgErrorPath}\n";
echo "Starting......: " . date("H:i:s") . " socket...............:{$socket}\n";
echo "Starting......: " . date("H:i:s") . " user.................:{$mysql_user}\n";
echo "Starting......: " . date("H:i:s") . " LOGS ENABLED.........:{$EnableMysqlLog}\n";
echo "Starting......: " . date("H:i:s") . " Daemon...............:{$mysqlbin}\n";
echo "Starting......: " . date("H:i:s") . " Bind address.........:{$bind_address2}\n";
echo "Starting......: " . date("H:i:s") . " Temp Dir.............:{$MySqlTmpDir}\n";
echo "Starting......: " . date("H:i:s") . " innodb_force_recovery:{$innodb_force_recovery}\n";
mysql_admin_mysql(1, "Starting MySQL service...", null, __FILE__, __LINE__);
echo "Starting......: " . date("H:i:s") . " Settings permissions..\n";
@mkdir("/var/run/mysqld", 0755, true);
$unix->chown_func($mysql_user, $mysql_user, "/var/run/mysqld");
$unix->chown_func($mysql_user, $mysql_user, "/var/log/mysql");
$unix->chown_func($mysql_user, $mysql_user, $datadir);
$unix->chown_func($mysql_user, $mysql_user, "{$datadir}/*");
if ($unix->is_socket("/var/run/mysqld/mysqld.sock")) {
@unlink("/var/run/mysqld/mysqld.sock");
}
if (is_file('/var/run/mysqld/mysqld.err')) {
@unlink('/var/run/mysqld/mysqld.err');
}
if (is_file("/var/run/mysqld/mysqld.pid")) {
$unix->chown_func($mysql_user, $mysql_user, "/var/run/mysqld/mysqld.pid");
}
if ($MysqlRemoveidbLogs == 1) {
shell_exec('/bin/mv /var/lib/mysql/ib_logfile* /tmp/');
$sock->SET_INFO('MysqlRemoveidbLogs', '0');
}
$logpathstring = " --log-error={$MySQLLOgErrorPath}";
if ($EnableMysqlLog == 1) {
$logpathstring = " --log=/var/log/mysql.log --log-slow-queries=/var/log/mysql-slow-queries.log --log-error={$MySQLLOgErrorPath} --log-warnings";
}
$toTouch[] = "/var/log/mysql-slow-queries.log";
$toTouch[] = "/var/log/mysql.error";
$toTouch[] = "/var/log/mysql.log";
$toTouch[] = "/var/log/mysql.warn";
while (list($num, $filename) = each($toTouch)) {
if (!is_file($filename)) {
@file_put_contents($filename, "#\n");
}
$unix->chown_func($mysql_user, $mysql_user, $filename);
}
echo "Starting......: " . date("H:i:s") . " MySQL Checking : {$datadir}/mysql/host.frm\n";
if (!is_file("{$datadir}/mysql/host.frm")) {
if (is_file($mysql_install_db)) {
echo "Starting......: " . date("H:i:s") . " MySQL Installing default databases\n";
shell_exec("{$mysql_install_db} --datadir=\"{$datadir}\"");
}
} else {
echo "Starting......: " . date("H:i:s") . " MySQL Checking : {$datadir}/mysql/host.frm OK\n";
}
$cmd2 = array();
$MEMORY = $unix->MEM_TOTAL_INSTALLEE();
$AsCategoriesAppliance = intval(@file_get_contents("/etc/artica-postfix/settings/Daemons/AsCategoriesAppliance"));
if ($AsCategoriesAppliance == 1) {
$MEMORY = 620288;
}
if ($MEMORY < 624288) {
$GetStartedValues = GetStartedValues();
echo "Starting......: " . date("H:i:s") . " MySQL Warning memory did not respond to pre-requesites, tuning to lower memory\n";
if ($GetStartedValues["--key-buffer-size"]) {
$cmd2[] = "--key-buffer-size=8M";
}
if ($GetStartedValues["--max-allowed-packet"]) {
$cmd2[] = "--max-allowed-packet=4M";
}
if ($GetStartedValues["--table-cache"]) {
$cmd2[] = "--table-cache=4";
}
if ($GetStartedValues["--sort-buffer-size"]) {
$cmd2[] = "--sort-buffer-size=64k";
}
if ($GetStartedValues["--read-buffer-size"]) {
$cmd2[] = "--read-buffer-size=256k";
}
if ($GetStartedValues["--read-rnd-buffer-size"]) {
$cmd2[] = "--read-rnd-buffer-size=128k";
}
if ($GetStartedValues["--net-buffer-length"]) {
$cmd2[] = "--net-buffer-length=2k";
}
if ($GetStartedValues["--thread-stack"]) {
$cmd2[] = "--thread-stack=192k";
}
if ($GetStartedValues["--thread-cache-size"]) {
$cmd2[] = "--thread-cache-size=128";
}
if ($GetStartedValues["--thread-concurrency"]) {
$cmd2[] = "--thread-concurrency=10";
}
if ($GetStartedValues["--default-storage-engine"]) {
$cmd2[] = "--default-storage-engine=MyISAM";
}
if ($GetStartedValues["--default-tmp-storage-engine"]) {
$cmd2[] = "--default-tmp-storage-engine=MyISAM";
}
if ($GetStartedValues["--tmp-table-size"]) {
$cmd2[] = "--tmp-table-size=16M";
}
if ($GetStartedValues["--table-cache"]) {
$cmd2[] = "--table-cache=64";
}
if ($GetStartedValues["--query-cache-limit"]) {
$cmd2[] = "--query-cache-limit=4M";
}
if ($GetStartedValues["--query-cache-size"]) {
$cmd2[] = "--query-cache-size=32M";
}
if ($GetStartedValues["--max-connections"]) {
$cmd2[] = "--max-connections=50";
}
if (is_file("/etc/artica-postfix/WORDPRESS_APPLIANCE")) {
$cmd2[] = "--innodb=OFF";
}
echo "Starting......: " . date("H:i:s") . " MySQL " . count($cmd2) . " forced option(s)\n";
}
if (is_file($MySQLLOgErrorPath)) {
@unlink($MySQLLOgErrorPath);
}
$cmds[] = $mysqlbin;
if ($MEMORY < 624288) {
$cmds[] = "--no-defaults --user=mysql";
}
$cmds[] = "--pid-file=/var/run/mysqld/mysqld.pid";
$cmds[] = trim($logpathstring);
$cmds[] = trim($MySqlTmpDirCMD);
$cmds[] = "--socket={$socket}";
$cmds[] = "--datadir=\"{$datadir}\"";
if (count($cmd2) == 0) {
if ($innodb_force_recovery > 0) {
$cmds[] = "--innodb-force-recovery={$innodb_force_recovery}";
}
}
if (count($cmd2) > 0) {
$cmds[] = @implode(" ", $cmd2);
}
$cmds[] = ">/dev/null 2>&1 &";
if (is_file('/usr/sbin/aa-complain')) {
echo "Starting......: " . date("H:i:s") . " Mysql Adding mysql in apparamor complain mode...\n";
shell_exec("/usr/sbin/aa-complain {$mysqlbin} >/dev/null 2>&1");
}
$cmd = @implode(" ", $cmds);
while (list($num, $ligne) = each($cmds)) {
echo "Starting......: " . date("H:i:s") . " MySQL Option: {$ligne}\n";
}
echo "Starting......: " . date("H:i:s") . " MySQL Starting daemon, please wait\n";
writelogs("Starting MySQL {$cmd}", __FUNCTION__, __FILE__, __LINE__);
shell_exec($cmd);
$count = 0;
sleep(2);
for ($i = 0; $i < 6; $i++) {
$pid = PID_NUM();
if ($unix->process_exists($pid, $mysqlbin)) {
echo "Starting......: " . date("H:i:s") . " MySQL Checks daemon running...\n";
break;
}
echo "Starting......: " . date("H:i:s") . " MySQL Checks daemon, please wait ({$i}/6)\n";
sleep(1);
}
$pid = PID_NUM();
if (!$unix->process_exists($pid)) {
echo "Starting......: " . date("H:i:s") . " MySQL failed\n";
echo "Starting......: " . date("H:i:s") . " {$cmd}\n";
system_admin_events("Failed to start MySQL server", __FUNCTION__, __FILE__, __LINE__, "services");
$php5 = $unix->LOCATE_PHP5_BIN();
shell_exec("{$nohup} {$php5} /usr/share/artica-postfix/exec.mysql.build.php >/dev/null 2>&1 &");
} else {
for ($i = 0; $i < 4; $i++) {
echo "Starting......: " . date("H:i:s") . " MySQL Checks mysqld.sock waiting {$i}/3\n";
if ($unix->is_socket("/var/run/mysqld/mysqld.sock")) {
break;
}
sleep(1);
}
if (!$unix->is_socket("/var/run/mysqld/mysqld.sock")) {
mysql_admin_mysql(0, "Failed to start MySQL Server /var/run/mysqld/mysqld.sock no such socket after 4 seconds", null, __FILE__, __LINE__);
echo "Starting......: " . date("H:i:s") . " MySQL Checks mysqld.sock failed...\n";
}
mysql_admin_mysql(1, "Success to start MySQL Server with new pid {$pid}", null, __FILE__, __LINE__);
echo "Starting......: " . date("H:i:s") . " MySQL Success pid {$pid}\n";
$q = new mysql_squid_builder();
$q->MEMORY_TABLES_RESTORE();
}
}
function build()
{
$unix = new unix();
$sock = new sockets();
$ClamavStreamMaxLength = $sock->GET_INFO("ClamavStreamMaxLength");
$ClamavMaxRecursion = $sock->GET_INFO("ClamavMaxRecursion");
$ClamavMaxFiles = $sock->GET_INFO("ClamavMaxFiles");
$PhishingScanURLs = $sock->GET_INFO("PhishingScanURLs");
$ClamavMaxScanSize = $sock->GET_INFO("ClamavMaxScanSize");
$ClamavMaxFileSize = $sock->GET_INFO("ClamavMaxFileSize");
$ClamavTemporaryDirectory = $sock->GET_INFO("ClamavTemporaryDirectory");
if ($ClamavTemporaryDirectory == null) {
$ClamavTemporaryDirectory = "/home/clamav";
}
if (!is_numeric($ClamavStreamMaxLength)) {
$ClamavStreamMaxLength = 12;
}
if (!is_numeric($ClamavMaxRecursion)) {
$ClamavMaxRecursion = 5;
}
if (!is_numeric($ClamavMaxFiles)) {
$ClamavMaxFiles = 10000;
}
if (!is_numeric($PhishingScanURLs)) {
$PhishingScanURLs = 1;
}
if (!is_numeric($ClamavMaxScanSize)) {
$ClamavMaxScanSize = 15;
}
if (!is_numeric($ClamavMaxFileSize)) {
$ClamavMaxFileSize = 20;
}
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} MaxFileSize: {$ClamavMaxFileSize}M\n";
}
$dirs[] = "/var/clamav";
$dirs[] = "/var/run/clamav";
$dirs[] = "/var/lib/clamav";
$dirs[] = "/var/log/clamav";
$dirs[] = $ClamavTemporaryDirectory;
while (list($i, $directory) = each($dirs)) {
@mkdir($directory, 0755, true);
@chmod($directory, 0755);
@chown($directory, "clamav");
@chgrp($directory, "clamav");
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} Permissions on {$directory}\n";
}
$unix->chown_func("clamav", "clamav", $directory . "/*");
}
$PhishingScanURLs_text = "no";
if ($PhishingScanURLs == 1) {
$PhishingScanURLs_text = "yes";
}
$unix->SystemCreateUser("clamav", "clamav");
$f[] = "LocalSocket /var/run/clamav/clamav.sock";
$f[] = "FixStaleSocket true";
$f[] = "User clamav";
$f[] = "AllowSupplementaryGroups true";
$f[] = "ScanMail true";
$f[] = "ScanArchive true";
$f[] = "#ArchiveLimitMemoryUsage false (depreciated)";
$f[] = "ArchiveBlockEncrypted false";
$f[] = "MaxDirectoryRecursion 15";
$f[] = "FollowDirectorySymlinks false";
$f[] = "FollowFileSymlinks false";
$f[] = "ReadTimeout 180";
$f[] = "MaxThreads 12";
$f[] = "MaxConnectionQueueLength 15";
$f[] = "StreamMaxLength {$ClamavStreamMaxLength}M";
$f[] = "MaxFileSize {$ClamavMaxFileSize}M";
$f[] = "MaxScanSize {$ClamavMaxFileSize}M";
$f[] = "MaxFiles 10000";
$f[] = "MaxRecursion {$ClamavMaxRecursion}";
$f[] = "LogSyslog true";
$f[] = "LogFacility LOG_LOCAL6";
$f[] = "LogClean false";
$f[] = "LogVerbose false";
$f[] = "PidFile /var/run/clamav/clamd.pid";
$f[] = "TemporaryDirectory {$ClamavTemporaryDirectory}";
$f[] = "DatabaseDirectory /var/lib/clamav";
$f[] = "SelfCheck 3600";
$f[] = "Foreground false";
$f[] = "Debug false";
$f[] = "ScanPE true";
$f[] = "ScanOLE2 true";
$f[] = "ScanHTML true";
$f[] = "DetectBrokenExecutables false";
$f[] = "#MailFollowURLs false (depreciated)";
$f[] = "ExitOnOOM false";
$f[] = "LeaveTemporaryFiles false";
$f[] = "AlgorithmicDetection true";
$f[] = "ScanELF true";
$f[] = "IdleTimeout 30";
$f[] = "PhishingSignatures true";
$f[] = "PhishingScanURLs {$PhishingScanURLs_text}";
$f[] = "PhishingAlwaysBlockSSLMismatch false";
$f[] = "PhishingAlwaysBlockCloak false";
$f[] = "DetectPUA false";
$f[] = "ScanPartialMessages false";
$f[] = "HeuristicScanPrecedence false";
$f[] = "StructuredDataDetection false";
$f[] = "LogFile /var/log/clamav/clamd.log";
$f[] = "LogTime true";
$f[] = "LogFileUnlock false";
$f[] = "LogFileMaxSize 0";
$f[] = "TemporaryDirectory /var/clamav/tmp";
@file_put_contents("/etc/clamav/clamd.conf", @implode("\n", $f));
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} /etc/clamav/clamd.conf done\n";
}
}
function start($aspid = false, $nochecksquid = false)
{
$unix = new unix();
$sock = new sockets();
$Masterbin = $unix->find_program("ufdbguardd");
if (!is_file($Masterbin)) {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]}, ufdbguardd not installed\n";
}
return;
}
if (!$aspid) {
$pidfile = "/etc/artica-postfix/pids/" . basename(__FILE__) . "." . __FUNCTION__ . ".pid";
$pid = $unix->get_pid_from_file($pidfile);
if ($unix->process_exists($pid, basename(__FILE__))) {
$time = $unix->PROCCESS_TIME_MIN($pid);
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} Already Artica task running PID {$pid} since {$time}mn\n";
}
return;
}
@file_put_contents($pidfile, getmypid());
}
$pid = PID_NUM();
if ($unix->process_exists($pid)) {
$timepid = $unix->PROCCESS_TIME_MIN($pid);
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} Service already started {$pid} since {$timepid}Mn...\n";
}
if ($GLOBALS["MONIT"]) {
@file_put_contents($GLOBALS["PID_PATH"], $pid);
}
return;
}
$EnableUfdbGuard = intval($sock->EnableUfdbGuard());
$UseRemoteUfdbguardService = intval($sock->GET_INFO("UseRemoteUfdbguardService"));
if ($UseRemoteUfdbguardService == 1) {
$EnableUfdbGuard = 0;
}
$SquidUFDBUrgency = intval($sock->GET_INFO("SquidUFDBUrgency"));
if ($SquidUFDBUrgency == 1) {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} * * * * Your Web filtering is on Emergency mode ! * * * *\n";
}
stop();
return;
}
if ($EnableUfdbGuard == 0) {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} service disabled (see EnableUfdbGuard)\n";
}
stop();
return;
}
$php5 = $unix->LOCATE_PHP5_BIN();
$sysctl = $unix->find_program("sysctl");
$echo = $unix->find_program("echo");
$nohup = $unix->find_program("nohup");
$kill = $unix->find_program("kill");
$PossibleDirs[] = "/var/lib/ftpunivtlse1fr";
$PossibleDirs[] = "/var/lib/ufdbartica";
$PossibleDirs[] = "/var/lib/squidguard";
while (list($index, $Directory) = each($PossibleDirs)) {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} permissions on `{$Directory}`\n";
}
if (is_link($Directory)) {
$Directory = readlink($Directory);
}
$f = explode("/", $Directory);
while (list($index, $subdir) = each($f)) {
if ($subdir == null) {
continue;
}
$dir = $dir . "/{$subdir}";
@chmod($dir, 0755);
}
@chmod("{$Directory}", 0755);
$unix->chown_func("squid", "squid", "{$Directory}");
}
@mkdir(dirname($GLOBALS["PID_PATH"]), 0755, true);
@mkdir("/var/lib/squidguard/security", 0755, true);
$unix->chown_func("squid", "squid", dirname($GLOBALS["PID_PATH"]));
$chmod = $unix->find_program("chmod");
$chown = $unix->find_program("chown");
$php = $unix->LOCATE_PHP5_BIN();
@chmod($GLOBALS["PID_PATH"], 0755);
$unix->chown_func("squid", "squid", "/var/lib/squidguard/security/cacerts");
@chmod("/var/lib/squidguard/security/cacerts", 0755);
if (!is_file("/etc/squid3/ufdbGuard.conf")) {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} building settings\n";
}
shell_exec("{$php5} /usr/share/artica-postfix/exec.squidguard.php --build >/dev/null 2>&1");
}
$datas = unserialize(base64_decode($sock->GET_INFO("ufdbguardConfig")));
if (!isset($datas["listen_port"])) {
$datas["listen_port"] = 3977;
}
if (!isset($datas["tcpsockets"])) {
$datas["tcpsockets"] = 1;
}
$Threads = intval(@file_get_contents("/etc/artica-postfix/settings/Daemons/UfdbGuardThreads"));
if ($Threads == 0) {
$Threads = 64;
}
if ($Threads > 140) {
$Threads = 140;
}
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} pid path: {$GLOBALS["PID_PATH"]}\n";
}
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} Threads:{$Threads}\n";
}
killbyports();
@unlink($GLOBALS["PID_PATH"]);
shell_exec("{$php5} /usr/share/artica-postfix/exec.squidguard.php --dbmem >/dev/null");
shell_exec("{$php5} /usr/share/artica-postfix/exec.squidguard.php --notify-start >/dev/null");
shell_exec("{$php5} /usr/share/artica-postfix/exec.initslapd.php --ufdbguard >/dev/null");
system("/etc/init.d/ufdb-tail start");
if (!is_file("/etc/squid3/ufdbGuard.conf")) {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} /etc/squid3/ufdbGuard.conf no such file !!\n";
}
system("{$php} /usr/share/artica-postfix/exec.squidguard.php --build --force");
}
@mkdir("/etc/artica-postfix/pids", 0755, true);
shell_exec("{$chmod} 0755 /etc/squid3/ufdbGuard.conf");
shell_exec("{$chown} squid:squid /etc/squid3");
shell_exec("{$chown} squid:squid /etc/squid3/ufdbGuard.conf");
@unlink("/etc/artica-postfix/pids/UfdbGuardReload.time");
@file_put_contents("/etc/artica-postfix/pids/UfdbGuardReload.time", time());
squid_admin_mysql(1, "Starting the Web filtering Daemon...", "This is a notification in order to inform:\n" . basename(__FILE__) . " script start the Web filtering Dameon service", __FILE__, __LINE__);
$cmd = "{$Masterbin} -c /etc/squid3/ufdbGuard.conf -U squid -w {$Threads} -N >/dev/null 2>&1 &";
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} service\n";
}
system($cmd);
for ($i = 1; $i < 5; $i++) {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} waiting {$i}/5\n";
}
sleep(1);
$pid = PID_NUM();
if ($unix->process_exists($pid)) {
break;
}
}
@unlink("/var/log/squid/UFDB_SOCKET_ERROR");
$pid = PID_NUM();
if ($unix->process_exists($pid)) {
if (IsPortListen() == 0) {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} waiting (no listen port)\n";
}
continue;
}
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} Success PID {$pid}\n";
}
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} Checking configuration...\n";
}
if (!$nochecksquid) {
build_progress("{checking_configuration}", 50);
if (!ChecksConfig()) {
build_progress("{reconfiguring} {APP_SQUID}", 70);
squid_admin_mysql(1, "Web filtering is not linked with the proxy service [action=reconfigure]", null, __FILE__, __LINE__);
system("{$php5} /usr/share/artica-postfix/exec.squid.php --build --force");
}
}
@unlink("/var/log/squid/UFDB_SOCKET_ERROR");
return true;
}
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} Failed\n";
}
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} {$cmd}\n";
}
}
function start($aspid = false)
{
$unix = new unix();
$sock = new sockets();
$LOGBIN = "DHCP Server";
$binpath = $unix->DHCPD_BIN_PATH();
if (!is_file($binpath)) {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$LOGBIN}, not installed\n";
}
return;
}
if (!$aspid) {
$pidfile = "/etc/artica-postfix/pids/" . basename(__FILE__) . "." . __FUNCTION__ . ".pid";
$pid = $unix->get_pid_from_file($pidfile);
if ($unix->process_exists($pid, basename(__FILE__))) {
$time = $unix->PROCCESS_TIME_MIN($pid);
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$LOGBIN}, [START] Already Artica task running PID {$pid} since {$time}mn\n";
}
return false;
}
@file_put_contents($pidfile, getmypid());
}
$pid = PID_NUM();
if ($unix->process_exists($pid)) {
$timepid = $unix->PROCCESS_TIME_MIN($pid);
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$LOGBIN} Service already started {$pid} since {$timepid}Mn...\n";
}
return true;
}
$EnableDHCPServer = $sock->GET_INFO("EnableDHCPServer");
if (!is_numeric($EnableDHCPServer)) {
$EnableDHCPServer = 0;
}
$EnableChilli = $sock->GET_INFO("EnableChilli");
if (!is_numeric($EnableChilli)) {
$EnableChilli = 0;
}
if ($EnableChilli == 1) {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$LOGBIN} replaced by HotSpot feature...\n";
}
$EnableDHCPServer = 0;
}
if ($EnableDHCPServer == 0) {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$LOGBIN} service disabled\n";
}
build_progress("{starting_service} {failed}", 110);
return false;
}
build_progress("{starting_service}", 60);
@mkdir("/var/run/dhcp3-server", 0755, true);
@mkdir("/var/lib/dhcp3", 0755, true);
if (!is_file("/var/lib/dhcp3/dhcpd.other")) {
@file_put_contents("/var/lib/dhcp3/dhcpd.other", "#");
}
if (!is_file("/var/lib/dhcp3/dhcpd.leases")) {
@file_put_contents("/var/lib/dhcp3/dhcpd.leases", "#");
}
$unix->SystemCreateUser("dhcpd", "dhcpd");
$unix->chown_func("dhcpd", "dhcpd", "/var/run/dhcp3-server");
$unix->chown_func("dhcpd", "dhcpd", "/var/lib/dhcp3/dhcpd.leases");
$unix->chown_func("dhcpd", "dhcpd", "/var/lib/dhcp3/dhcpd.leases~");
$DHCP3ListenNIC = $sock->GET_INFO('DHCP3ListenNIC');
if ($DHCP3ListenNIC == null) {
$DHCP3ListenNIC = "eth0";
}
echo "Starting......: " . date("H:i:s") . " [INIT]: {$LOGBIN} Listen {$DHCP3ListenNIC}\n";
echo "Starting......: " . date("H:i:s") . " [INIT]: {$LOGBIN} building settings...\n";
BuildDHCP(true);
build_progress("{starting_service}", 75);
$CMD[] = "{$binpath} -q -pf " . PID_PATH();
$CMD[] = "-cf " . dhcp3Config();
$CMD[] = "-lf /var/lib/dhcp3/dhcpd.leases";
$cmd = @implode(" ", $CMD);
echo "Starting......: " . date("H:i:s") . " [INIT]: {$LOGBIN} service..\n";
if ($GLOBALS["VERBOSE"]) {
echo "{$cmd}\n";
}
shell_exec($cmd);
build_progress("{starting_service}", 80);
for ($i = 0; $i < 6; $i++) {
$pid = PID_NUM();
if ($unix->process_exists($pid)) {
break;
}
build_progress("{starting_service} waiting {$i}/6", 80);
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$LOGBIN} service waiting {$i}/6...\n";
}
sleep(1);
}
$pid = PID_NUM();
if ($unix->process_exists($pid)) {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$LOGBIN} service Success service started pid:{$pid}...\n";
}
build_progress("{starting_service} {success}", 100);
return true;
}
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$LOGBIN} service failed...\n";
}
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: `{$cmd}`\n";
}
build_progress("{starting_service} {failed}", 110);
return false;
}
function sessions_clean_parse($directory, $CleanPHPSessionTime, $APACHE_SRC_ACCOUNT = null, $APACHE_SRC_GROUP = null)
{
$CleanPHPSessionTime = $CleanPHPSessionTime - 1;
if (!is_dir($directory)) {
return;
}
if (!($handle = opendir($directory))) {
return;
}
$unix = new unix();
while (false !== ($fileZ = readdir($handle))) {
if ($fileZ == ".") {
continue;
}
if ($fileZ == "..") {
continue;
}
$filename = "{$directory}/{$fileZ}";
if (is_dir($filename)) {
continue;
}
$time = $unix->file_time_min($filename);
if ($time > $CleanPHPSessionTime) {
@unlink($filename);
continue;
}
if ($APACHE_SRC_ACCOUNT != null) {
$unix->chown_func($APACHE_SRC_ACCOUNT, $APACHE_SRC_GROUP, $filename);
}
}
}
function build()
{
$unix = new unix();
$DIRS[] = "/var/run/kav4proxy";
$DIRS[] = "/etc/opt/kaspersky";
$DIRS[] = "/tmp/Kav4proxy";
$DIRS[] = "/var/log/kaspersky/kav4proxy";
$DIRS[] = "/var/log/artica-postfix/ufdbguard-blocks";
$DIRS[] = "/opt/kaspersky/kav4proxy/share/notify";
while (list($none, $path) = each($DIRS)) {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} Permissions on {$path}\n";
}
@mkdir("{$path}", 0755, true);
$unix->chown_func("kluser", "klusers", $path);
}
$kav = new Kav4Proxy();
$conf = $kav->build_config();
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} Building /etc/opt/kaspersky/kav4proxy.conf done\n";
}
@file_put_contents("/etc/opt/kaspersky/kav4proxy.conf", $conf);
$kav->LoadTemplates();
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} " . count($kav->templates_data) . " templates\n";
}
while (list($templateName, $val) = each($kav->templates_data)) {
if (is_array($val)) {
echo "Warning {$templateName}: val is array\n";
}
if (strlen($val) < 100) {
echo "Warning {$templateName}: val lenght is not supported!\n";
}
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} building \"{$templateName}\" template\n";
}
@file_put_contents("/opt/kaspersky/kav4proxy/share/notify/{$templateName}", $val);
@chmod("/opt/kaspersky/kav4proxy/share/notify/{$templateName}", 0755);
@chown("/opt/kaspersky/kav4proxy/share/notify/{$templateName}", "kluser");
}
}
function CheckFilesAndSecurity()
{
$unix = new unix();
$sock = new sockets();
$StreamCacheCache = $sock->GET_INFO("StreamCacheCache");
if ($StreamCacheCache == null) {
$StreamCacheCache = "/home/squid/videocache";
}
$StreamCacheMainCache = $sock->GET_INFO("StreamCacheMainCache");
if ($StreamCacheMainCache == null) {
$StreamCacheMainCache = "/home/squid/streamcache";
}
$f[] = "/var/log/videocache";
$f[] = $StreamCacheCache;
$f[] = "/etc/streamsquidcache";
$f[] = "/var/spool/streamsquidcache";
$f[] = $StreamCacheMainCache;
$f[] = "/var/run/squid";
$f[] = "/usr/share/streamsquidcache";
while (list($num, $val) = each($f)) {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} checking \"{$val}\"\n";
}
if (!is_dir($val)) {
@mkdir($val, 0755, true);
}
$unix->chown_func("squid", "squid", "{$val}/*");
}
$MAINDIR = true;
for ($i = 0; $i < 10; $i++) {
$dir = "{$StreamCacheMainCache}/0{$i}";
if (!is_dir($dir)) {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} {$dir} no such directory\n";
}
$MAINDIR = false;
break;
}
}
if (!$MAINDIR) {
$masterbin = $unix->find_program("streamsquidcache");
shell_exec("{$masterbin} -f /etc/streamsquidcache/squid.conf -z");
}
}
function buildConfig()
{
$unix = new unix();
$sock = new sockets();
$phpcgi = $unix->LIGHTTPD_PHP5_CGI_BIN_PATH();
$chown = $unix->find_program("chown");
$perlbin = $unix->find_program("perl");
$nohup = $unix->find_program("nohup");
$php = $unix->LOCATE_PHP5_BIN();
$PHP_STANDARD_MODE = true;
$phpfpm = $unix->find_program('php5-fpm');
if (!is_file($phpfpm)) {
$phpfpm = $unix->find_program('php-fpm');
}
@mkdir("/usr/share/artica-postfix/framework", 0755, true);
@mkdir("/usr/share/artica-postfix/ressources/sock", 0755, true);
$LighttpdRunAsminimal = $sock->GET_INFO("LighttpdRunAsminimal");
$LighttpdArticaMaxProcs = $sock->GET_INFO("LighttpdArticaMaxProcs");
$LighttpdArticaMaxChildren = $sock->GET_INFO("LighttpdArticaMaxChildren");
$PHP_FCGI_MAX_REQUESTS = $sock->GET_INFO("PHP_FCGI_MAX_REQUESTS");
$SessionPathInMemory = $sock->GET_INFO("SessionPathInMemory");
if (!is_numeric($LighttpdRunAsminimal)) {
$LighttpdRunAsminimal = 0;
}
if (!is_numeric($LighttpdArticaMaxProcs)) {
$LighttpdArticaMaxProcs = 0;
}
if (!is_numeric($LighttpdArticaMaxChildren)) {
$LighttpdArticaMaxChildren = 0;
}
if (!is_numeric($PHP_FCGI_MAX_REQUESTS)) {
$PHP_FCGI_MAX_REQUESTS = 200;
}
if (!is_numeric($SessionPathInMemory)) {
$SessionPathInMemory = 0;
}
$EnableArticaApachePHPFPM = $sock->GET_INFO("EnableArticaApachePHPFPM");
if (!is_numeric($EnableArticaApachePHPFPM)) {
$EnableArticaApachePHPFPM = 0;
}
if (!is_file("/opt/artica/ssl/certs/lighttpd.pem")) {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} creating SSL certificate..\n";
}
exec("/usr/share/artica-postfix/bin/artica-install -lighttpd-cert 2>&1", $results);
while (list($pid, $line) = each($results)) {
$line = trim($line);
if ($line == null) {
continue;
}
if (preg_match("#Starting.*?lighttpd(.+)#", $line, $re)) {
$line = $re[1];
}
$line = str_replace(": ", "", $line);
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [ARTI]: {$GLOBALS["SERVICE_NAME"]} {$line}\n";
}
}
}
$results = array();
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Creating PHP configuration..\n";
}
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Executing artica-install --php-ini..\n";
}
exec("/usr/share/artica-postfix/bin/artica-install --php-ini 2>&1", $results);
while (list($pid, $line) = each($results)) {
$line = trim($line);
if ($line == null) {
continue;
}
if (preg_match("#Starting.*?lighttpd(.+)#", $line, $re)) {
$line = $re[1];
}
$line = str_replace(": ", "", $line);
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [ARTI]: {$GLOBALS["SERVICE_NAME"]} {$line}\n";
}
}
PHP_MYADMIN();
$PHP_FCGI_CHILDREN = 3;
$max_procs = 3;
if ($LighttpdArticaMaxProcs > 0) {
$max_procs = $LighttpdArticaMaxProcs;
}
if ($LighttpdArticaMaxChildren > 0) {
$PHP_FCGI_CHILDREN = $LighttpdArticaMaxChildren;
}
if (!$unix->ISMemoryHiger1G()) {
$PHP_FCGI_CHILDREN = 2;
$max_procs = 1;
}
$MEMORY = $unix->MEM_TOTAL_INSTALLEE();
if ($MEMORY < 624288) {
$LighttpdRunAsminimal = 1;
}
if ($LighttpdRunAsminimal == 1) {
$max_procs = 1;
$PHP_FCGI_CHILDREN = 2;
$PHP_FCGI_MAX_REQUESTS = 500;
}
$phpfpm = $unix->APACHE_LOCATE_PHP_FPM();
$EnablePHPFPM = $sock->GET_INFO("EnablePHPFPM");
if (!is_numeric($EnablePHPFPM)) {
$EnablePHPFPM = 0;
}
if (!is_file($phpfpm)) {
$EnablePHPFPM = 0;
}
if ($EnablePHPFPM == 0) {
$EnableArticaApachePHPFPM = 0;
}
if ($EnableArticaApachePHPFPM == 0) {
$EnablePHPFPM = 0;
}
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} EnableArticaApachePHPFPM = {$EnableArticaApachePHPFPM}\n";
}
if ($EnablePHPFPM == 1) {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Using PHP-FPM........: Yes\n";
}
} else {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Using PHP-FPM........: No\n";
}
}
$ArticaHttpsPort = 9000;
$NoLDAPInLighttpdd = 0;
$ArticaHttpUseSSL = 1;
$ArticaHttpsPort = $sock->GET_INFO("ArticaHttpsPort");
$ArticaHttpUseSSL = $sock->GET_INFO("ArticaHttpUseSSL");
if (!is_numeric($ArticaHttpUseSSL)) {
$ArticaHttpUseSSL = 1;
}
if (!is_numeric($ArticaHttpsPort)) {
$ArticaHttpsPort = "9000";
}
$ArticaHttpUseSSL = $sock->GET_INFO('ArticaHttpUseSSL');
if (!is_numeric($ArticaHttpUseSSL)) {
$ArticaHttpUseSSL = 1;
}
$NoLDAPInLighttpdd = $sock->GET_INFO('NoLDAPInLighttpdd');
if (!is_numeric($NoLDAPInLighttpdd)) {
$NoLDAPInLighttpdd = 0;
}
$LighttpdUseUnixSocket = $sock->GET_INFO('LighttpdUseUnixSocket');
if (!is_numeric($LighttpdUseUnixSocket)) {
$LighttpdUseUnixSocket = 0;
}
$lighttpdPhpPort = $sock->GET_INFO('lighttpdPhpPort');
if (!is_numeric($lighttpdPhpPort)) {
$lighttpdPhpPort = 1808;
}
$DenyMiniWebFromStandardPort = $sock->GET_INFO('DenyMiniWebFromStandardPort');
if (!is_numeric($DenyMiniWebFromStandardPort)) {
$DenyMiniWebFromStandardPort = 0;
}
$LighttpdArticaDisableSSLv2 = $sock->GET_INFO('LighttpdArticaDisableSSLv2');
if (!is_numeric($LighttpdArticaDisableSSLv2)) {
$LighttpdArticaDisableSSLv2 = 1;
}
$LighttpdArticaMaxProcs = $sock->GET_INFO('LighttpdArticaMaxProcs');
if (!is_numeric($LighttpdArticaMaxProcs)) {
$LighttpdArticaMaxProcs = 0;
}
$LighttpdArticaMaxChildren = $sock->GET_INFO('LighttpdArticaMaxChildren');
if (!is_numeric($LighttpdArticaMaxChildren)) {
$LighttpdArticaMaxChildren = 0;
}
$LighttpdRunAsminimal = $sock->GET_INFO('LighttpdRunAsminimal');
if (!is_numeric($LighttpdRunAsminimal)) {
$LighttpdRunAsminimal = 0;
}
$PHP_FCGI_MAX_REQUESTS = $sock->GET_INFO('PHP_FCGI_MAX_REQUESTS');
if (!is_numeric($PHP_FCGI_MAX_REQUESTS)) {
$PHP_FCGI_MAX_REQUESTS = 200;
}
$EnableArticaApachePHPFPM = $sock->GET_INFO("EnableArticaApachePHPFPM");
if (!is_numeric($EnableArticaApachePHPFPM)) {
$EnableArticaApachePHPFPM = 0;
}
if (!is_file($phpfpm)) {
$EnableArticaApachePHPFPM = 0;
}
$EnablePHPFPM = intval($sock->GET_INFO("EnablePHPFPM"));
if (!is_numeric($EnablePHPFPM)) {
$EnablePHPFPM = 0;
}
if ($EnablePHPFPM == 0) {
$EnableArticaApachePHPFPM = 0;
}
if ($EnableArticaApachePHPFPM == 0) {
$EnablePHPFPM = 0;
}
$PHP_STANDARD_MODE = true;
$LighttpdArticaListenIP = $sock->GET_INFO('LighttpdArticaListenIP');
$phpcgi_path = $unix->LIGHTTPD_PHP5_CGI_BIN_PATH();
$LIGHTTPD_GET_USER = LIGHTTPD_GET_USER();
$LIGHTTPD_CONF_PATH = LIGHTTPD_CONF_PATH();
if (preg_match("#^(.+?):(.+)#", $LIGHTTPD_GET_USER, $re)) {
$LIGHTTPD_USER = $re[1];
$LIGHTTPD_GROUP = $re[1];
}
$PHP_FCGI_CHILDREN = 1;
$max_procs = 2;
@mkdir("/var/log/lighttpd", 0755, true);
@mkdir("/usr/share/artica-postfix/ressources/logs", 0755, true);
if (!is_file("/var/log/lighttpd/access.log")) {
@touch("/var/log/lighttpd/access.log");
}
@chown("/var/log/lighttpd", $LIGHTTPD_USER);
@chgrp("/var/log/lighttpd", $LIGHTTPD_GROUP);
@chown("/var/log/lighttpd/access.log", $LIGHTTPD_USER);
@chgrp("/var/log/lighttpd/access.log", $LIGHTTPD_GROUP);
@chmod("/var/log/lighttpd/access.log", 0777);
$unix->chown_func($LIGHTTPD_USER, $LIGHTTPD_GROUP, "/var/log/lighttpd/*");
$unix->chown_func($LIGHTTPD_USER, $LIGHTTPD_GROUP, "/usr/share/artica-postfix/ressources/logs/*");
if ($LighttpdArticaMaxProcs > 0) {
$max_procs = $LighttpdArticaMaxProcs;
}
if ($LighttpdArticaMaxChildren > 0) {
$HP_FCGI_CHILDREN = $LighttpdArticaMaxChildren;
}
if ($LighttpdRunAsminimal == 1) {
$max_procs = 2;
$PHP_FCGI_CHILDREN = 2;
}
$mod_auth = isModule('mod_auth');
if (is_file('/proc/user_beancounters')) {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} VPS mode enabled, swith to socket mode for PHP\n";
}
$LighttpdUseUnixSocket = 1;
}
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} MAX Procs............: {$max_procs}\n";
}
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Php5 processes.......: {$PHP_FCGI_CHILDREN}\n";
}
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Max cnx/processes....: {$PHP_FCGI_MAX_REQUESTS}\n";
}
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} php-cgi path.........: {$phpcgi_path}\n";
}
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} chown path...........: {$chown}\n";
}
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} php path.............: {$php}\n";
}
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} php FPM Path.........: {$phpfpm}\n";
}
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} php FPM Enabled......: {$EnableArticaApachePHPFPM}\n";
}
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Perl Path............: {$perlbin}\n";
}
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Conf Path............: {$LIGHTTPD_CONF_PATH}\n";
}
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Pid Path.............: /var/run/lighttpd/lighttpd.pid\n";
}
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} SSL enabled..........: {$ArticaHttpUseSSL}\n";
}
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Disable SSLv2........: {$LighttpdArticaDisableSSLv2}\n";
}
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Listen Port..........: {$ArticaHttpsPort}\n";
}
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Run as...............: {$LIGHTTPD_USER} / {$LIGHTTPD_GROUP}\n";
}
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} No LDAP in Lighttpd..: {$NoLDAPInLighttpdd}\n";
}
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Mod auth installed...: {$mod_auth}\n";
}
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Use Unix socket......: {$LighttpdUseUnixSocket}\n";
}
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Sessions in Memory...: {$SessionPathInMemory}MB\n";
}
$MakeDirs[] = "/opt/artica/ssl/certs";
$MakeDirs[] = "/var/lib/php/session";
$MakeDirs[] = "/var/lighttpd/upload";
$MakeDirs[] = "/var/run/lighttpd";
$MakeDirs[] = "/var/log/lighttpd";
$MakeDirs[] = "/opt/artica/share/www/jpegPhoto";
$MakeDirs[] = dirname($LIGHTTPD_CONF_PATH);
while (list($pid, $dir) = each($MakeDirs)) {
if (!is_dir($dir)) {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} creating {$dir}\n";
}
}
@mkdir($dir, 0755, true);
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} permissions on {$dir}\n";
}
shell_exec("{$chown} {$LIGHTTPD_GET_USER} {$dir}");
}
$f[] = '#artica-postfix saved by artica lighttpd.conf (Artica Install binary) v3.0';
$f[] = '';
$f[] = 'server.modules = (';
$f[] = ' "mod_alias",';
$f[] = ' "mod_access",';
$f[] = ' "mod_accesslog",';
$f[] = ' "mod_compress",';
$f[] = ' "mod_fastcgi",';
$f[] = ' "mod_cgi",';
$f[] = ' "mod_status",';
if ($NoLDAPInLighttpdd == 1) {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} LDAP Mode is disabled\n";
}
}
if ($mod_auth) {
$f[] = ' "mod_auth"';
} else {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} mod_auth module does not exists (should be a security issue !!!)\n";
}
}
$f[] = ')';
$f[] = '';
$f[] = 'server.document-root = "/usr/share/artica-postfix"';
$f[] = 'server.username = "******"';
$f[] = 'server.groupname = "' . $LIGHTTPD_GROUP . '"';
$f[] = 'server.errorlog-use-syslog = "enable"';
//$f[]='server.errorlog = "/var/log/lighttpd/error.log"';
$f[] = 'index-file.names = ( "index.php","index.cgi")';
$f[] = '';
$f[] = 'mimetype.assign = (';
$f[] = ' ".pdf" => "application/pdf",';
$f[] = ' ".sig" => "application/pgp-signature",';
$f[] = ' ".spl" => "application/futuresplash",';
$f[] = ' ".class" => "application/octet-stream",';
$f[] = ' ".ps" => "application/postscript",';
$f[] = ' ".torrent" => "application/x-bittorrent",';
$f[] = ' ".dvi" => "application/x-dvi",';
$f[] = ' ".gz" => "application/x-gzip",';
$f[] = ' ".pac" => "application/x-ns-proxy-autoconfig",';
$f[] = ' ".swf" => "application/x-shockwave-flash",';
$f[] = ' ".tar.gz" => "application/x-tgz",';
$f[] = ' ".tgz" => "application/x-tgz",';
$f[] = ' ".tar" => "application/x-tar",';
$f[] = ' ".zip" => "application/zip",';
$f[] = ' ".mp3" => "audio/mpeg",';
$f[] = ' ".m3u" => "audio/x-mpegurl",';
$f[] = ' ".wma" => "audio/x-ms-wma",';
$f[] = ' ".wax" => "audio/x-ms-wax",';
$f[] = ' ".ogg" => "application/ogg",';
$f[] = ' ".wav" => "audio/x-wav",';
$f[] = ' ".gif" => "image/gif",';
$f[] = ' ".jar" => "application/x-java-archive",';
$f[] = ' ".jpg" => "image/jpeg",';
$f[] = ' ".jpeg" => "image/jpeg",';
$f[] = ' ".png" => "image/png",';
$f[] = ' ".xbm" => "image/x-xbitmap",';
$f[] = ' ".xpm" => "image/x-xpixmap",';
$f[] = ' ".xwd" => "image/x-xwindowdump",';
$f[] = ' ".css" => "text/css",';
$f[] = ' ".html" => "text/html",';
$f[] = ' ".htm" => "text/html",';
$f[] = ' ".js" => "text/javascript",';
$f[] = ' ".asc" => "text/plain",';
$f[] = ' ".c" => "text/plain",';
$f[] = ' ".cpp" => "text/plain",';
$f[] = ' ".log" => "text/plain",';
$f[] = ' ".conf" => "text/plain",';
$f[] = ' ".text" => "text/plain",';
$f[] = ' ".txt" => "text/plain",';
$f[] = ' ".dtd" => "text/xml",';
$f[] = ' ".xml" => "text/xml",';
$f[] = ' ".mpeg" => "video/mpeg",';
$f[] = ' ".mpg" => "video/mpeg",';
$f[] = ' ".mov" => "video/quicktime",';
$f[] = ' ".qt" => "video/quicktime",';
$f[] = ' ".avi" => "video/x-msvideo",';
$f[] = ' ".asf" => "video/x-ms-asf",';
$f[] = ' ".asx" => "video/x-ms-asf",';
$f[] = ' ".wmv" => "video/x-ms-wmv",';
$f[] = ' ".bz2" => "application/x-bzip",';
$f[] = ' ".tbz" => "application/x-bzip-compressed-tar",';
$f[] = ' ".tar.bz2" => "application/x-bzip-compressed-tar",';
$f[] = ' "" => "application/octet-stream",';
$f[] = ' )';
$f[] = '';
$f[] = '';
$f[] = 'accesslog.filename = "/var/log/lighttpd/access.log"';
$f[] = 'url.access-deny = ( "~", ".inc",".log",".ini" )';
$f[] = '';
$f[] = 'static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )';
$f[] = 'server.port = ' . $ArticaHttpsPort;
if ($LighttpdArticaListenIP != null) {
$unix = new unix();
$IPS = $unix->NETWORK_ALL_INTERFACES(true);
if (!isset($IPS[$LighttpdArticaListenIP])) {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} ERROR! Listen IP: {$LighttpdArticaListenIP} -> FALSE !!\n";
}
$LighttpdArticaListenIP = null;
}
}
if (strlen($LighttpdArticaListenIP) > 3) {
$f[] = 'server.bind = "' . $LighttpdArticaListenIP . '"';
}
$f[] = 'server.pid-file = "/var/run/lighttpd/lighttpd.pid"';
$f[] = 'server.max-fds = 2048';
$f[] = 'server.max-connections = 512';
$f[] = 'server.network-backend = "write"';
shell_exec("{$php} /usr/share/artica-postfix/exec.lighttpd.nets.php");
shell_exec("{$php} /usr/share/artica-postfix/exec.lighttpd.nets.php --phpmyadmin");
if (is_file('/etc/artica-postfix/lighttpd_nets')) {
$f[] = @file_get_contents("/etc/artica-postfix/lighttpd_nets");
}
$f[] = '';
if (is_file($phpfpm)) {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} PHP-FPM is installed\n";
}
if ($EnablePHPFPM == 1) {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} PHP-FPM is enabled\n";
}
$PHP_STANDARD_MODE = false;
$f[] = 'fastcgi.server = ( ".php" =>((';
$f[] = ' "socket" => "/var/run/php-fpm.sock",';
}
}
if ($PHP_STANDARD_MODE) {
$f[] = 'fastcgi.server = ( ".php" =>((';
$f[] = ' "bin-path" => "/usr/bin/php-cgi",';
if ($LighttpdUseUnixSocket == 1) {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Fast-cgi server unix socket mode\n";
}
$f[] = ' "socket" => "/var/run/lighttpd/php.socket" + var.PID,';
} else {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Fast-cgi server socket 127.0.0.1:{$lighttpdPhpPort}\n";
}
$f[] = ' "host" => "127.0.0.1","port" =>' . $lighttpdPhpPort . ',';
}
}
$f[] = ' "min-procs" => 1,';
$f[] = ' "max-procs" => 1,';
$f[] = ' "idle-timeout" => 10,';
$f[] = ' "bin-environment" => (';
$f[] = ' "PHP_FCGI_CHILDREN" => "' . $PHP_FCGI_CHILDREN . '",';
$f[] = ' "PHP_FCGI_MAX_REQUESTS" => "' . $PHP_FCGI_MAX_REQUESTS . '"';
$f[] = ' ),';
$f[] = ' "bin-copy-environment" => (';
$f[] = ' "PATH", "SHELL", "USER"';
$f[] = ' ),';
$f[] = ' "broken-scriptfilename" => "enable"';
$f[] = ' ))';
$f[] = ')';
if ($ArticaHttpUseSSL == 1) {
$f[] = 'ssl.engine = "enable"';
$f[] = 'ssl.pemfile = "/opt/artica/ssl/certs/lighttpd.pem"';
}
if ($LighttpdArticaDisableSSLv2 == 1) {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Disable SSLv2 and weak ssl cipher\n";
}
$f[] = 'ssl.use-sslv2 = "disable"';
$f[] = 'ssl.cipher-list = "TLSv1+HIGH !SSLv2 RC4+MEDIUM !aNULL !eNULL !3DES @STRENGTH"';
} else {
$f[] = 'ssl.use-sslv2 = "enable"';
$f[] = 'ssl.cipher-list = "TLSv1+HIGH RC4+MEDIUM !SSLv2 !3DES !aNULL @STRENGTH"';
}
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} No LDAP In lighttpd: {$NoLDAPInLighttpdd}\n";
}
if ($NoLDAPInLighttpdd == 0) {
if ($mod_auth) {
$f[] = 'status.status-url = "/server-status"';
$f[] = 'status.config-url = "/server-config"';
}
}
$f[] = 'server.upload-dirs = ( "/var/lighttpd/upload" )';
$f[] = ' server.follow-symlink = "enable"';
$f[] = 'alias.url +=("/monitorix" => "/var/www/monitorix/")';
$f[] = 'alias.url += ("/blocked_attachments"=> "/var/spool/artica-filter/bightml")';
$f[] = 'alias.url += ("/squid-rrd"=> "/opt/artica/share/www/squid/rrd")';
$f[] = 'alias.url += ("/artica-agent"=> "/usr/share/artica-postfix/ressources/artica-agent")';
if ($DenyMiniWebFromStandardPort == 1) {
$f[] = '$HTTP["url"] =~ "^/miniadm.*|/computers|/user-backup" { url.access-deny = ( "" )}';
}
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} checking AWSTATS...\n";
}
$AWSTATS_www_root = AWSTATS_www_root();
$f[] = '$HTTP["url"] =~ "^/prxy.*\\.php" { url.access-deny = ( "" )}';
if (is_dir($AWSTATS_www_root)) {
$f[] = 'alias.url += ( "/awstats" => "' . $AWSTATS_www_root . '" )';
}
if (is_file('/usr/share/poweradmin/index.php')) {
$f[] = 'alias.url += ( "/powerdns" => "/usr/share/poweradmin" )';
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Checking PowerAdmin\n";
}
shell_exec("{$nohup} {$php} /usr/share/artica-postfix/exec.pdns.php --poweradmin >/dev/null 2>&1 &");
}
//$perlbin
$f[] = 'alias.url += ( "/cgi-bin/" => "/usr/lib/cgi-bin/" )';
$f[] = '';
$f[] = 'cgi.assign= (';
$f[] = ' ".pl" => "' . $perlbin . '",';
$f[] = ' ".php" => "/usr/bin/php-cgi",';
$f[] = ' ".py" => "/usr/bin/python",';
$f[] = ' ".cgi" => "' . $perlbin . '",';
if (is_file("/usr/lib/mailman/bin/mailmanctl")) {
$f[] = '"/admin" => "",';
$f[] = '"/admindb" => "",';
$f[] = '"/confirm" => "",';
$f[] = '"/create" => "",';
$f[] = '"/edithtml" => "",';
$f[] = '"/listinfo" => "",';
$f[] = '"/options" => "",';
$f[] = '"/private" => "",';
$f[] = '"/rmlist" => "",';
$f[] = '"/roster" => "",';
$f[] = '"/subscribe" => ""';
}
$f[] = ')';
$f[] = '';
if ($mod_auth) {
$f[] = 'auth.debug = 2';
$f[] = '$HTTP["url"] =~ "^/cgi-bin/" {';
$f[] = 'auth.backend = "plain"';
$f[] = 'auth.backend.plain.userfile = "/etc/lighttpd/.lighttpdpassword" ';
$f[] = 'auth.require = ("/cgi-bin/" => (';
$f[] = ' "method" => "basic",';
$f[] = ' "realm" => "awstats Statistics",';
$f[] = ' "require" => "valid-user"';
$f[] = ' ))';
$f[] = '}';
$f[] = '';
$f[] = '$HTTP["url"] =~ "^/server-status" {';
$f[] = 'auth.backend = "plain"';
$f[] = 'auth.backend.plain.userfile = "/etc/lighttpd/.lighttpdpassword" ';
$f[] = 'auth.require = ("/server-status" => (';
$f[] = ' "method" => "basic",';
$f[] = ' "realm" => "Lighttpd config - status",';
$f[] = ' "require" => "valid-user"';
$f[] = ' ))';
$f[] = '}';
$f[] = '';
$f[] = '$HTTP["url"] =~ "^/server-config" {';
$f[] = 'auth.backend = "plain"';
$f[] = 'auth.backend.plain.userfile = "/etc/lighttpd/.lighttpdpassword" ';
$f[] = 'auth.require = ("/server-config" => (';
$f[] = ' "method" => "basic",';
$f[] = ' "realm" => "Lighttpd config - status",';
$f[] = ' "require" => "valid-user"';
$f[] = ' ))';
$f[] = '}';
$f[] = '';
$f[] = '$HTTP["url"] =~ "^/squid/" {';
$f[] = 'auth.backend = "plain"';
$f[] = 'auth.debug = 2';
$f[] = 'auth.backend.plain.userfile = "/etc/lighttpd/squid-users.passwd" ';
$f[] = 'auth.require = ("/squid/" => (';
$f[] = ' "method" => "basic",';
$f[] = ' "realm" => "Squid Statistics",';
$f[] = ' "require" => "valid-user"';
$f[] = ' ))';
$f[] = '}';
$f[] = '';
$f[] = '$HTTP["url"] =~ "^/cluebringer/" {';
$f[] = 'auth.backend = "plain"';
$f[] = 'auth.debug = 2';
$f[] = 'auth.backend.plain.userfile = "/etc/lighttpd/cluebringer.passwd" ';
$f[] = 'auth.require = ("/cluebringer/" => (';
$f[] = ' "method" => "basic",';
$f[] = ' "realm" => "ClueBringer (Policyd V2) administration",';
$f[] = ' "require" => "valid-user"';
$f[] = ' ))';
$f[] = '}';
$f[] = '';
}
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} writing {$LIGHTTPD_CONF_PATH}..\n";
}
@file_put_contents($LIGHTTPD_CONF_PATH, @implode("\n", $f));
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} {$LIGHTTPD_CONF_PATH} done\n";
}
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Check sessions...\n";
}
shell_exec("{$nohup} {$php} /usr/share/artica-postfix/exec.shm.php --SessionMem >/dev/null 2>&1 &");
shell_exec("{$nohup} {$php} /usr/share/artica-postfix/exec.shm.php --service-up >/dev/null 2>&1 &");
}
function start($aspid = false)
{
$unix = new unix();
$sock = new sockets();
$Masterbin = $unix->find_program("opendkim");
if (!is_file($Masterbin)) {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]}, opendkim not installed\n";
}
return;
}
if (!$aspid) {
$pidfile = "/etc/artica-postfix/pids/" . basename(__FILE__) . "." . __FUNCTION__ . ".pid";
$pid = $unix->get_pid_from_file($pidfile);
if ($unix->process_exists($pid, basename(__FILE__))) {
$time = $unix->PROCCESS_TIME_MIN($pid);
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} Already Artica task running PID {$pid} since {$time}mn\n";
}
return;
}
@file_put_contents($pidfile, getmypid());
}
$pid = PID_NUM();
if ($unix->process_exists($pid)) {
$timepid = $unix->PROCCESS_TIME_MIN($pid);
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} Service already started {$pid} since {$timepid}Mn...\n";
}
return;
}
$EnableDKFilter = intval($sock->GET_INFO("EnableDKFilter"));
if ($EnableDKFilter == 0) {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} service disabled (see EnableDKFilter)\n";
}
stop();
return;
}
$php5 = $unix->LOCATE_PHP5_BIN();
$sysctl = $unix->find_program("sysctl");
$echo = $unix->find_program("echo");
$nohup = $unix->find_program("nohup");
$kill = $unix->find_program("kill");
$chown = $unix->find_program("chown");
@unlink("/var/run/opendkim/opendkim.pid");
$f[] = $Masterbin;
$f[] = "-p //var/run/opendkim/opendkim.sock";
$f[] = "-x /etc/opendkim.conf";
$f[] = "-u postfix";
$f[] = "-P {$GLOBALS["PID_FILE"]}";
@unlink("/var/run/opendkim/opendkim.sock");
@mkdir("/var/run/opendkim", 0755, true);
$unix->chown_func("postfix", "postfix", "/var/run/opendkim");
$cmd = @implode(" ", $f);
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} service\n";
}
shell_exec($cmd);
for ($i = 1; $i < 5; $i++) {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} waiting {$i}/5\n";
}
sleep(1);
$pid = PID_NUM();
if ($unix->process_exists($pid)) {
break;
}
}
$pid = PID_NUM();
if ($unix->process_exists($pid)) {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} Success PID {$pid}\n";
}
$unix->chown_func("postfix", "postfix", "/var/run/opendkim/opendkim.sock");
shell_exec("{$chown} -R postfix:postfix /etc/mail/dkim >/dev/null 2>&1");
shell_exec("{$chown} -R postfix:postfix /etc/mail/dkim/keys >/dev/null 2>&1");
shell_exec("{$chown} -R postfix:postfix /var/run/opendkim >/dev/null 2>&1");
} else {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} Failed\n";
}
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} {$cmd}\n";
}
}
}
function apache_config()
{
$sock = new sockets();
$unix = new unix();
$EnablePHPFPM = 0;
@mkdir("/var/run/squid", 0755, true);
@mkdir("/var/run/squid", 0755, true);
$APACHE_SRC_ACCOUNT = "squid";
$APACHE_SRC_GROUP = "squid";
$APACHE_MODULES_PATH = $unix->APACHE_MODULES_PATH();
if (!isset($GLOBALS["HyperCacheStoragePath"])) {
$sock = new sockets();
$GLOBALS["HyperCacheStoragePath"] = $sock->GET_INFO("HyperCacheStoragePath");
if ($GLOBALS["HyperCacheStoragePath"] == null) {
$GLOBALS["HyperCacheStoragePath"] = "/home/artica/proxy-cache";
}
}
$SquidEnforceRules = intval($sock->GET_INFO("SquidEnforceRules"));
$HyperCacheHTTPListenPort = $sock->GET_INFO("HyperCacheHTTPListenPort");
$HyperCacheHTTPListenPortSSL = $sock->GET_INFO("HyperCacheHTTPListenPortSSL");
$HyperCacheHTTPListenPortSSLEnabled = intval($sock->GET_INFO("HyperCacheHTTPListenPortSSLEnabled"));
if (!is_numeric($HyperCacheHTTPListenPort)) {
$HyperCacheHTTPListenPort = 8700;
}
if (!is_numeric($HyperCacheHTTPListenPortSSL)) {
$HyperCacheHTTPListenPortSSL = 8900;
}
$HyperCacheListenAddr = $sock->GET_INFO("HyperCacheListenAddr");
$unix = new unix();
$NETWORK_ALL_INTERFACES = $unix->NETWORK_ALL_INTERFACES();
unset($NETWORK_ALL_INTERFACES["lo"]);
if ($HyperCacheListenAddr == null) {
$HyperCacheListenAddr = $unix->NETWORK_DEFAULT_LISTEN_ADDR();
$sock->SET_INFO("HyperCacheListenAddr", $HyperCacheListenAddr);
}
if ($unix->NETWORK_IS_LISTEN_ADDR_EXISTS($HyperCacheListenAddr)) {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} {$HyperCacheListenAddr} doesn't exists...\n";
}
$HyperCacheListenAddr = $unix->NETWORK_DEFAULT_LISTEN_ADDR();
$sock->SET_INFO("HyperCacheListenAddr", $HyperCacheListenAddr);
}
$ipaddr = $HyperCacheListenAddr;
$phpfpm = $unix->APACHE_LOCATE_PHP_FPM();
$php = $unix->LOCATE_PHP5_BIN();
$EnableArticaApachePHPFPM = $sock->GET_INFO("EnableArticaApachePHPFPM");
if (!is_numeric($EnableArticaApachePHPFPM)) {
$EnableArticaApachePHPFPM = 0;
}
if (!is_file($phpfpm)) {
$EnableArticaApachePHPFPM = 0;
}
$unix->chown_func($APACHE_SRC_ACCOUNT, $APACHE_SRC_GROUP, "/var/run/squid");
$apache_LOCATE_MIME_TYPES = $unix->apache_LOCATE_MIME_TYPES();
if ($EnableArticaApachePHPFPM == 1) {
if (!is_file("{$APACHE_MODULES_PATH}/mod_fastcgi.so")) {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} mod_fastcgi.so is required to use PHP5-FPM\n";
}
$EnableArticaApachePHPFPM = 0;
}
}
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Listen address: {$ipaddr}\n";
}
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Run as {$APACHE_SRC_ACCOUNT}:{$APACHE_SRC_GROUP}\n";
}
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} HTTP Port: {$HyperCacheHTTPListenPort} SSL Port: {$HyperCacheHTTPListenPortSSL}\n";
}
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} PHP-FPM: {$EnablePHPFPM}\n";
}
$q = new mysql_squid_builder();
$nice = EXEC_NICE();
$sql = "SELECT * FROM artica_caches_mirror WHERE enabled=1 AND `ToDelete`=0";
$results = $q->QUERY_SQL($sql);
$HyperCache = new HyperCache();
while ($ligne = mysql_fetch_assoc($results)) {
$t = time();
$sitename = $ligne["sitename"];
$sitename_path = $HyperCache->HyperCacheUriToHostname($sitename);
$workingdir = $GLOBALS["HyperCacheStoragePath"] . "/mirror/{$sitename_path}";
if (!is_dir($workingdir)) {
@mkdir($workingdir, 0755, true);
}
@chown("{$GLOBALS["HyperCacheStoragePath"]}/mirror", "squid");
@chgrp("{$GLOBALS["HyperCacheStoragePath"]}/mirror", "squid");
@chown("{$GLOBALS["HyperCacheStoragePath"]}/mirror/{$sitename_path}", "squid");
@chgrp("{$GLOBALS["HyperCacheStoragePath"]}/mirror/{$sitename_path}", "squid");
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} build folder for mirrored {$sitename_path}\n";
}
$mirrors[] = "";
$mirrors_aliases[] = "alias /{$sitename_path} {$workingdir}";
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: alias /{$sitename_path} {$workingdir}\n";
}
$mirrors[] = "";
$mirrors[] = "\t<Directory \"{$workingdir}\">";
$mirrors[] = "\t\tDirectorySlash On";
$mirrors[] = "\t\tDirectoryIndex index.html index-2.html";
$mirrors[] = "\t\tOptions All";
$mirrors[] = "\t\tOrder deny,allow";
$mirrors[] = "\t\tAllow from all";
$mirrors[] = "\t</Directory>";
$mirrors[] = "";
}
$mirrors_conf = @implode("\n", $mirrors);
$mirrors_aliases_conf = @implode("\n", $mirrors_aliases);
$f[] = "LockFile /var/run/squid/HyperCacheWebAccept.lock";
$f[] = "PidFile /var/run/squid/HyperCacheWeb.pid";
$f[] = "AcceptMutex flock";
$f[] = "DocumentRoot /usr/share/artica-postfix";
$f[] = "DirectoryIndex squidcache.php";
$f[] = "NameVirtualHost {$ipaddr}:{$HyperCacheHTTPListenPort}";
$f[] = $mirrors_aliases_conf;
if ($HyperCacheHTTPListenPortSSLEnabled == 1) {
$f[] = "SSLRandomSeed startup file:/dev/urandom 256";
$f[] = "SSLRandomSeed connect builtin";
$f[] = "SSLSessionCache shmcb:/var/run/squid/HyperCacheWebSSL(512000)";
$f[] = "SSLSessionCacheTimeout 300";
$f[] = "SSLSessionCacheTimeout 300";
$f[] = "NameVirtualHost {$ipaddr}:{$HyperCacheHTTPListenPortSSL}";
$f[] = "Listen {$ipaddr}:{$HyperCacheHTTPListenPortSSL}";
}
$f[] = "Listen {$ipaddr}:{$HyperCacheHTTPListenPort}";
$f[] = "<VirtualHost {$ipaddr}:{$HyperCacheHTTPListenPort}>";
$f[] = "\tServerName {$ipaddr}";
$f[] = "\tLoglevel debug";
$f[] = "\tLoglevel debug";
$f[] = "\tErrorLog /var/log/squid/HyperCache-error.log";
$f[] = "\tLogFormat \"%h %l %u %t \\\"%r\\\" %<s %b\" common";
$f[] = "\tCustomLog /var/log/squid/HyperCache-access.log common";
$f[] = "\tErrorDocument 400 /squidcache.php";
$f[] = "\tErrorDocument 401 /squidcache.php";
$f[] = "\tErrorDocument 403 /squidcache.php";
$f[] = "\tErrorDocument 404 /squidcache.php";
$f[] = "\tErrorDocument 500 /squidcache.php";
//$f[]="\tFallbackResource /squidcache.php";
$f[] = $mirrors_aliases_conf;
$f[] = $mirrors_conf;
$f[] = "</VirtualHost>";
if ($HyperCacheHTTPListenPortSSLEnabled == 1) {
$squid = new squidbee();
$data = $squid->SaveCertificate($ArticaSplashHotSpotCertificate, false, true, false);
if (preg_match("#ssl_certificate\\s+(.+?);\\s+ssl_certificate_key\\s+(.+?);#is", $data, $re)) {
$cert = $re[1];
$key = $re[2];
}
$f[] = "<VirtualHost {$ipaddr}:{$HyperCacheHTTPListenPortSSL}>";
$f[] = "\tFallbackResource /squidcache.php";
$f[] = "\tServerName {$ipaddr}";
$f[] = "\tDocumentRoot /usr/share/artica-postfix";
$f[] = "\tSSLEngine on";
$f[] = "\tSSLCertificateFile \"{$cert}\"";
$f[] = "\tSSLCertificateKeyFile \"{$key}\"";
$f[] = "\tSSLVerifyClient none";
$f[] = "\tServerSignature Off";
$f[] = $mirrors_conf;
$f[] = "</VirtualHost>";
}
$f[] = "<IfModule mpm_prefork_module>";
$f[] = "</IfModule>";
$f[] = "<IfModule mpm_worker_module>";
$f[] = "\tMinSpareThreads 25";
$f[] = "\tMaxSpareThreads 75 ";
$f[] = "\tThreadLimit 64";
$f[] = "\tThreadsPerChild 25";
$f[] = "</IfModule>";
$f[] = "<IfModule mpm_event_module>";
$f[] = "\tMinSpareThreads 25";
$f[] = "\tMaxSpareThreads 75 ";
$f[] = "\tThreadLimit 64";
$f[] = "\tThreadsPerChild 25";
$f[] = "</IfModule>";
$f[] = "AccessFileName .htaccess";
$f[] = "<Files ~ \"^\\.ht\">";
$f[] = "\tOrder allow,deny";
$f[] = "\tDeny from all";
$f[] = "\tSatisfy all";
$f[] = "</Files>";
$f[] = "DefaultType text/plain";
$f[] = "HostnameLookups Off";
$f[] = "User\t\t\t\t {$APACHE_SRC_ACCOUNT}";
$f[] = "Group\t\t\t\t {$APACHE_SRC_GROUP}";
$f[] = "Timeout 300";
$f[] = "KeepAlive Off";
$f[] = "KeepAliveTimeout 15";
$f[] = "StartServers 1";
$f[] = "MaxClients 50";
$f[] = "MinSpareServers 2";
$f[] = "MaxSpareServers 5";
$f[] = "MaxRequestsPerChild 5000";
$f[] = "MaxKeepAliveRequests 100";
$f[] = "ServerName " . $unix->hostname_g();
if ($HyperCacheHTTPListenPortSSLEnabled == 1) {
$f[] = "<IfModule mod_ssl.c>";
$f[] = "\tSSLRandomSeed connect builtin";
$f[] = "\tSSLRandomSeed connect file:/dev/urandom 512";
$f[] = "\tAddType application/x-x509-ca-cert .crt";
$f[] = "\tAddType application/x-pkcs7-crl .crl";
$f[] = "\tSSLPassPhraseDialog builtin";
$f[] = "\tSSLSessionCache shmcb:/var/run/squid/ssl_scache-articahtp(512000)";
$f[] = "\tSSLSessionCacheTimeout 300";
$f[] = "\tSSLSessionCacheTimeout 300";
$f[] = "\tSSLMutex sem";
$f[] = "\tSSLCipherSuite HIGH:MEDIUM:!ADH";
$f[] = "\tSSLProtocol all -SSLv2";
$f[] = "</IfModule>";
$f[] = "";
}
// $f[]="\tFallbackResource /squidcache.php";
$f[] = "AddType application/x-httpd-php .php";
$f[] = "php_value error_log \"/var/log/lighttpd/apache-hotspot-php.log\"";
$f[] = "<IfModule mod_fcgid.c>";
$f[] = "\tPHP_Fix_Pathinfo_Enable 1";
$f[] = "</IfModule>";
$f[] = "<IfModule mod_php5.c>";
$f[] = " <FilesMatch \"\\.ph(p3?|tml)\$\">";
$f[] = "\tSetHandler application/x-httpd-php";
$f[] = " </FilesMatch>";
$f[] = " <FilesMatch \"\\.phps\$\">";
$f[] = "\tSetHandler application/x-httpd-php-source";
$f[] = " </FilesMatch>";
$f[] = " <IfModule mod_userdir.c>";
$f[] = " <Directory /home/*/public_html>";
$f[] = " php_admin_value engine Off";
$f[] = " </Directory>";
$f[] = " </IfModule>";
$f[] = "</IfModule>";
$f[] = "<IfModule mod_mime.c>";
$f[] = "\tTypesConfig /etc/mime.types";
$f[] = "\tAddType application/x-compress .Z";
$f[] = "\tAddType application/x-gzip .gz .tgz";
$f[] = "\tAddType application/x-bzip2 .bz2";
$f[] = "\tAddType application/x-httpd-php .php .phtml";
$f[] = "\tAddType application/x-httpd-php-source .phps";
$f[] = "\tAddLanguage ca .ca";
$f[] = "\tAddLanguage cs .cz .cs";
$f[] = "\tAddLanguage da .dk";
$f[] = "\tAddLanguage de .de";
$f[] = "\tAddLanguage el .el";
$f[] = "\tAddLanguage en .en";
$f[] = "\tAddLanguage eo .eo";
$f[] = "\tRemoveType es";
$f[] = "\tAddLanguage es .es";
$f[] = "\tAddLanguage et .et";
$f[] = "\tAddLanguage fr .fr";
$f[] = "\tAddLanguage he .he";
$f[] = "\tAddLanguage hr .hr";
$f[] = "\tAddLanguage it .it";
$f[] = "\tAddLanguage ja .ja";
$f[] = "\tAddLanguage ko .ko";
$f[] = "\tAddLanguage ltz .ltz";
$f[] = "\tAddLanguage nl .nl";
$f[] = "\tAddLanguage nn .nn";
$f[] = "\tAddLanguage no .no";
$f[] = "\tAddLanguage pl .po";
$f[] = "\tAddLanguage pt .pt";
$f[] = "\tAddLanguage pt-BR .pt-br";
$f[] = "\tAddLanguage ru .ru";
$f[] = "\tAddLanguage sv .sv";
$f[] = "\tRemoveType tr";
$f[] = "\tAddLanguage tr .tr";
$f[] = "\tAddLanguage zh-CN .zh-cn";
$f[] = "\tAddLanguage zh-TW .zh-tw";
$f[] = "\tAddCharset us-ascii .ascii .us-ascii";
$f[] = "\tAddCharset ISO-8859-1 .iso8859-1 .latin1";
$f[] = "\tAddCharset ISO-8859-2 .iso8859-2 .latin2 .cen";
$f[] = "\tAddCharset ISO-8859-3 .iso8859-3 .latin3";
$f[] = "\tAddCharset ISO-8859-4 .iso8859-4 .latin4";
$f[] = "\tAddCharset ISO-8859-5 .iso8859-5 .cyr .iso-ru";
$f[] = "\tAddCharset ISO-8859-6 .iso8859-6 .arb .arabic";
$f[] = "\tAddCharset ISO-8859-7 .iso8859-7 .grk .greek";
$f[] = "\tAddCharset ISO-8859-8 .iso8859-8 .heb .hebrew";
$f[] = "\tAddCharset ISO-8859-9 .iso8859-9 .latin5 .trk";
$f[] = "\tAddCharset ISO-8859-10 .iso8859-10 .latin6";
$f[] = "\tAddCharset ISO-8859-13 .iso8859-13";
$f[] = "\tAddCharset ISO-8859-14 .iso8859-14 .latin8";
$f[] = "\tAddCharset ISO-8859-15 .iso8859-15 .latin9";
$f[] = "\tAddCharset ISO-8859-16 .iso8859-16 .latin10";
$f[] = "\tAddCharset ISO-2022-JP .iso2022-jp .jis";
$f[] = "\tAddCharset ISO-2022-KR .iso2022-kr .kis";
$f[] = "\tAddCharset ISO-2022-CN .iso2022-cn .cis";
$f[] = "\tAddCharset Big5 .Big5 .big5 .b5";
$f[] = "\tAddCharset cn-Big5 .cn-big5";
$f[] = "\t# For russian, more than one charset is used (depends on client, mostly):";
$f[] = "\tAddCharset WINDOWS-1251 .cp-1251 .win-1251";
$f[] = "\tAddCharset CP866 .cp866";
$f[] = "\tAddCharset KOI8 .koi8";
$f[] = "\tAddCharset KOI8-E .koi8-e";
$f[] = "\tAddCharset KOI8-r .koi8-r .koi8-ru";
$f[] = "\tAddCharset KOI8-U .koi8-u";
$f[] = "\tAddCharset KOI8-ru .koi8-uk .ua";
$f[] = "\tAddCharset ISO-10646-UCS-2 .ucs2";
$f[] = "\tAddCharset ISO-10646-UCS-4 .ucs4";
$f[] = "\tAddCharset UTF-7 .utf7";
$f[] = "\tAddCharset UTF-8 .utf8";
$f[] = "\tAddCharset UTF-16 .utf16";
$f[] = "\tAddCharset UTF-16BE .utf16be";
$f[] = "\tAddCharset UTF-16LE .utf16le";
$f[] = "\tAddCharset UTF-32 .utf32";
$f[] = "\tAddCharset UTF-32BE .utf32be";
$f[] = "\tAddCharset UTF-32LE .utf32le";
$f[] = "\tAddCharset euc-cn .euc-cn";
$f[] = "\tAddCharset euc-gb .euc-gb";
$f[] = "\tAddCharset euc-jp .euc-jp";
$f[] = "\tAddCharset euc-kr .euc-kr";
$f[] = "\tAddCharset EUC-TW .euc-tw";
$f[] = "\tAddCharset gb2312 .gb2312 .gb";
$f[] = "\tAddCharset iso-10646-ucs-2 .ucs-2 .iso-10646-ucs-2";
$f[] = "\tAddCharset iso-10646-ucs-4 .ucs-4 .iso-10646-ucs-4";
$f[] = "\tAddCharset shift_jis .shift_jis .sjis";
$f[] = "\tAddType text/html .shtml";
$f[] = "\tAddOutputFilter INCLUDES .shtml";
$f[] = "</IfModule>";
$f[] = $mirrors_conf;
$f[] = "<Directory \"/usr/share/artica-postfix\">";
$f[] = "FallbackResource /squidcache.php";
$f[] = "\tDirectorySlash On";
$f[] = "\tDirectoryIndex squidcache.php";
$f[] = "\t\t<Files \"squidcache.php\">";
$f[] = "\t\t\tOrder allow,deny";
$f[] = "\t\t\tallow from all";
$f[] = "\t\t</Files>";
/* $f[]="\tErrorDocument 400 /hotspot.php";
$f[]="\tErrorDocument 401 /hotspot.php";
$f[]="\tErrorDocument 403 /hotspot.php";
$f[]="\tErrorDocument 404 /hotspot.php";
$f[]="\tErrorDocument 500 /hotspot.php";
*/
$f[] = "\tOptions -Indexes";
$f[] = ParseArticaDirectory();
@chmod("/usr/share/artica-postfix/squidcache.php", 0755);
@chown("/usr/share/artica-postfix/squidcache.php", "squid");
if ($HyperCacheHTTPListenPortSSLEnabled == 1) {
$f[] = "\tSSLOptions +StdEnvVars";
}
$f[] = "\tAllowOverride All";
$f[] = "\tOrder allow,deny";
$f[] = "\tAllow from all";
$f[] = "</Directory>";
if ($EnableArticaApachePHPFPM == 1) {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Activate PHP5-FPM\n";
}
shell_exec("{$php} /usr/share/artica-postfix/exec.initslapd.php --phppfm");
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Restarting PHP5-FPM\n";
}
shell_exec("/etc/init.d/php5-fpm restart");
$f[] = "\tAlias /php5.fastcgi /var/run/squid/php5.fastcgi";
$f[] = "\tAddHandler php-script .php";
$f[] = "\tFastCGIExternalServer /var/run/squid/php5.fastcgi -socket /var/run/php-fpm.sock -idle-timeout 610";
$f[] = "\tAction php-script /php5.fastcgi virtual";
$f[] = "\t<Directory /var/run/squid>";
$f[] = "\t\t<Files php5.fastcgi>";
$f[] = "\t\tOrder deny,allow";
$f[] = "\t\tAllow from all";
$f[] = "\t\t</Files>";
$f[] = "\t</Directory>";
} else {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} PHP5-FPM is disabled\n";
}
}
if ($EnableArticaApachePHPFPM == 0) {
$array["php5_module"] = "libphp5.so";
}
$array["dumpio_module"] = "mod_dumpio.so";
$array["actions_module"] = "mod_actions.so";
$array["expires_module"] = "mod_expires.so";
$array["rewrite_module"] = "mod_rewrite.so";
$array["dir_module"] = "mod_dir.so";
$array["mime_module"] = "mod_mime.so";
$array["alias_module"] = "mod_alias.so";
$array["auth_basic_module"] = "mod_auth_basic.so";
$array["authz_host_module"] = "mod_authz_host.so";
$array["autoindex_module"] = "mod_autoindex.so";
$array["negotiation_module"] = "mod_negotiation.so";
if ($HyperCacheHTTPListenPortSSLEnabled == 1) {
$array["ssl_module"] = "mod_ssl.so";
}
$array["headers_module"] = "mod_headers.so";
//$array["ldap_module"]="mod_ldap.so";
if ($EnableArticaApachePHPFPM == 1) {
$array["fastcgi_module"] = "mod_fastcgi.so";
}
if (is_dir("/etc/apache2")) {
if (!is_file("/etc/apache2/mime.types")) {
if ($apache_LOCATE_MIME_TYPES != "/etc/apache2/mime.types") {
@copy($apache_LOCATE_MIME_TYPES, "/etc/apache2/mime.types");
}
}
}
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Mime types path.......: {$apache_LOCATE_MIME_TYPES}\n";
}
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Modules path..........: {$APACHE_MODULES_PATH}\n";
}
while (list($module, $lib) = each($array)) {
if (is_file("{$APACHE_MODULES_PATH}/{$lib}")) {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} include module \"{$module}\"\n";
}
$f[] = "LoadModule {$module} {$APACHE_MODULES_PATH}/{$lib}";
} else {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} skip module \"{$module}\"\n";
}
}
}
@file_put_contents("/etc/artica-postfix/HyperCacheHTTPD.conf", @implode("\n", $f));
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} /etc/artica-postfix/HyperCacheHTTPD.conf done\n";
}
}
function copytocache()
{
$unix = new unix();
$path = $_GET["copytocache"];
if (!is_file($path)) {
echo "<articadatascgi>No such file</articadatascgi>";
writelogs("{$path} -> No such file");
return;
}
$basename = basename($path);
writelogs("COPY {$path} -> /usr/share/artica-postfix/ressources/logs/{$basename}");
if (is_file("/usr/share/artica-postfix/ressources/logs/{$basename}")) {
@unlink("/usr/share/artica-postfix/ressources/logs/{$basename}");
}
if (!copy($path, "/usr/share/artica-postfix/ressources/logs/{$basename}")) {
echo "<articadatascgi>Copy failed</articadatascgi>";
return;
}
$APACHE = $unix->APACHE_SRC_ACCOUNT();
$APACHE_GROUP = $unix->APACHE_SRC_GROUP();
$unix->chown_func($APACHE, $APACHE_GROUP, "/usr/share/artica-postfix/ressources/logs/{$basename}");
$unix->chmod_func(0755, "/usr/share/artica-postfix/ressources/logs/{$basename}");
}
function build()
{
$unix = new unix();
$sock = new sockets();
$users = new usersMenus();
$APACHE_MODULES_PATH = $users->APACHE_MODULES_PATH;
if ($GLOBALS["OUTPUT"]) {
echo "Configuring...: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Apache modules in \"{$APACHE_MODULES_PATH}\"\n";
}
$ZarafaApachePort = $sock->GET_INFO("ZarafaApachePort");
$ZarafaApacheSSL = $sock->GET_INFO("ZarafaApacheSSL");
$LighttpdArticaDisableSSLv2 = $sock->GET_INFO("LighttpdArticaDisableSSLv2");
$ZarafaWebNTLM = $sock->GET_INFO("ZarafaWebNTLM");
$ZarafaApacheServerName = $sock->GET_INFO("ZarafaApacheServerName");
if (!is_numeric($ZarafaWebNTLM)) {
$ZarafaWebNTLM = 0;
}
if (!is_numeric($LighttpdArticaDisableSSLv2)) {
$LighttpdArticaDisableSSLv2 = 0;
}
if (!is_numeric($ZarafaApacheSSL)) {
$ZarafaApacheSSL = 0;
}
if (!is_numeric($ZarafaApachePort)) {
$ZarafaApachePort = 9010;
}
$ZarafaApachePHPFPMEnable = $sock->GET_INFO("ZarafaApachePHPFPMEnable");
if (!is_numeric($ZarafaApachePHPFPMEnable)) {
$ZarafaApachePHPFPMEnable = 0;
}
if ($ZarafaApacheServerName == null) {
$ZarafaApacheServerName = $unix->hostname_g();
}
if (!is_dir('/usr/share/php/mapi')) {
if (is_dir('/usr/local/share/php/mapi')) {
@mkdir("/usr/share/php", 0755, true);
shell_exec('/bin/ln -s /usr/local/share/php/mapi /usr/share/php/mapi');
}
}
$username = $unix->APACHE_SRC_ACCOUNT();
$group = $unix->APACHE_SRC_GROUP();
if ($GLOBALS["OUTPUT"]) {
echo "Configuring...: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} logs access: /var/log/apache-zarafa/access.log\n";
}
if ($GLOBALS["OUTPUT"]) {
echo "Configuring...: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} logs error : /var/log/apache-zarafa/error.log\n";
}
@unlink("/var/log/apache-zarafa/access.log");
@unlink("/var/log/apache-zarafa/error.log");
@touch("/var/log/apache-zarafa/access.log");
@touch("/var/log/apache-zarafa/access.log");
@mkdir("/var/run/apache2", 0755, true);
@mkdir("/var/run/artica-apache", 0755, true);
@mkdir('/var/run/zarafa-web', 0755, true);
@mkdir('/var/log/apache-zarafa', 0755, true);
@mkdir('/var/lib/zarafa-webaccess/tmp', 0755, true);
$unix->chown_func($username, $group, "/var/log/apache-zarafa/access.log");
$unix->chown_func($username, $group, "/var/log/apache-zarafa/error.log");
$unix->chown_func($username, $group, "/var/run/apache2");
$unix->chown_func($username, $group, "/var/run/artica-apache");
$unix->chown_func($username, $group, "/var/run/zarafa-web");
$unix->chown_func($username, $group, "/var/log/apache-zarafa");
$unix->chown_func($username, $group, "/var/lib/zarafa-webaccess");
$unix->chmod_func(0777, "/var/lib/zarafa-webaccess/tmp");
$unix->chown_func($username, $group, "/usr/share/zarafa-webaccess/plugins/*");
if ($ZarafaApacheSSL == 1) {
if (is_file("{$APACHE_MODULES_PATH}/mod_ssl.so")) {
if (!is_file("/etc/ssl/certs/zarafa/apache.crt.nopass.cert")) {
shell_exec("/usr/share/artica-postfix/bin/artica-install --zarafa-apache-certificates");
}
$f[] = "LoadModule ssl_module /usr/lib/apache2/modules/mod_ssl.so";
$f[] = "SSLEngine on";
$f[] = "SSLCertificateFile /etc/ssl/certs/zarafa/apache.crt.nopass.cert";
$f[] = "SSLCertificateKeyFile /etc/ssl/certs/zarafa/apache-ca.key.nopass.key";
if ($LighttpdArticaDisableSSLv2 == 1) {
$f[] = "SSLProtocol -ALL +SSLv3 +TLSv1";
$f[] = "SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM";
}
$f[] = "SSLRandomSeed connect builtin";
$f[] = "SSLRandomSeed startup file:/dev/urandom 256";
$f[] = "SSLRandomSeed connect file:/dev/urandom 256";
$f[] = "AddType application/x-x509-ca-cert .crt";
$f[] = "AddType application/x-pkcs7-crl .crl";
$f[] = "SSLPassPhraseDialog builtin";
$f[] = "SSLSessionCache shmcb:/var/run/apache2/ssl_scache-zarafa(512000)";
$f[] = "SSLSessionCacheTimeout 300";
$f[] = "SSLVerifyClient none";
$f[] = "ServerSignature Off";
}
}
$SET_MODULES = SET_MODULES();
$FreeWebPerformances = unserialize(base64_decode($sock->GET_INFO("ZarafaApachePerformances")));
if (!is_numeric($FreeWebPerformances["Timeout"])) {
$FreeWebPerformances["Timeout"] = 300;
}
if (!is_numeric($FreeWebPerformances["KeepAlive"])) {
$FreeWebPerformances["KeepAlive"] = 0;
}
if (!is_numeric($FreeWebPerformances["MaxKeepAliveRequests"])) {
$FreeWebPerformances["MaxKeepAliveRequests"] = 100;
}
if (!is_numeric($FreeWebPerformances["KeepAliveTimeout"])) {
$FreeWebPerformances["KeepAliveTimeout"] = 15;
}
if (!is_numeric($FreeWebPerformances["MinSpareServers"])) {
$FreeWebPerformances["MinSpareServers"] = 5;
}
if (!is_numeric($FreeWebPerformances["MaxSpareServers"])) {
$FreeWebPerformances["MaxSpareServers"] = 10;
}
if (!is_numeric($FreeWebPerformances["StartServers"])) {
$FreeWebPerformances["StartServers"] = 5;
}
if (!is_numeric($FreeWebPerformances["MaxClients"])) {
$FreeWebPerformances["MaxClients"] = 50;
}
if (!is_numeric($FreeWebPerformances["MaxRequestsPerChild"])) {
$FreeWebPerformances["MaxRequestsPerChild"] = 10000;
}
$f[] = "Timeout {$FreeWebPerformances["Timeout"]}";
$f[] = "KeepAlive {$FreeWebPerformances["KeepAlive"]}";
$f[] = "KeepAliveTimeout {$FreeWebPerformances["KeepAliveTimeout"]}";
$f[] = "StartServers {$FreeWebPerformances["StartServers"]}";
$f[] = "MaxClients {$FreeWebPerformances["MaxClients"]}";
$f[] = "MinSpareServers {$FreeWebPerformances["MinSpareServers"]}";
$f[] = "MaxSpareServers {$FreeWebPerformances["MaxSpareServers"]}";
$f[] = "MaxRequestsPerChild {$FreeWebPerformances["MaxRequestsPerChild"]}";
$f[] = "MaxKeepAliveRequests {$FreeWebPerformances["MaxKeepAliveRequests"]}";
$f[] = "ServerLimit\t\t {$FreeWebPerformances["MaxClients"]}";
$f[] = "AcceptMutex \t\t flock";
$ZarafaApacheWebMailType = $sock->GET_INFO("ZarafaApacheWebMailType");
//$ZarafaApacheWebMailTypeA["APP_ZARAFA"]="{APP_ZARAFA}";
//$ZarafaApacheWebMailTypeA["APP_ZARAFA_WEBAPP"]="{APP_ZARAFA_WEBAPP}";
if ($ZarafaApacheWebMailType == null) {
$ZarafaApacheWebMailType = "APP_ZARAFA";
}
$f[] = $SET_MODULES;
$f[] = "<IfModule !mpm_netware_module>";
$f[] = " <IfModule !mpm_winnt_module>";
$f[] = " User {$username}";
$f[] = " Group {$group}";
$f[] = " </IfModule>";
$f[] = "</IfModule>";
$f[] = "ServerAdmin you@example.com";
$f[] = "ServerName {$ZarafaApacheServerName}";
if ($ZarafaApacheWebMailType == "APP_ZARAFA_WEBAPP") {
if (!is_dir("/usr/share/zarafa-webapp")) {
$ZarafaApacheWebMailType = "APP_ZARAFA";
}
}
if ($ZarafaApacheWebMailType == "APP_ZARAFA") {
$DocumentRoot = "/usr/share/zarafa-webaccess";
}
if ($ZarafaApacheWebMailType == "APP_ZARAFA_WEBAPP") {
$free = new freeweb();
$free->InstallZarafaConfigWebAPP("/usr/share/zarafa-webapp");
$DocumentRoot = "/usr/share/zarafa-webapp";
}
if ($GLOBALS["OUTPUT"]) {
echo "Configuring...: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} WebMail \"{$ZarafaApacheWebMailType}\"\n";
}
$f[] = "ServerRoot \"{$DocumentRoot}\"";
$f[] = "Listen {$ZarafaApachePort}";
$f[] = "User {$username}";
$f[] = "Group {$group}";
$f[] = "PidFile /var/run/zarafa-web/httpd.pid";
$f[] = "DocumentRoot \"{$DocumentRoot}\"";
$f[] = "<Directory {$DocumentRoot}/>";
if ($ZarafaWebNTLM == 1) {
$ldap = new clladp();
$f[] = " AuthName \"Zarafa logon..\"";
$f[] = " AuthType Basic";
$f[] = " AuthLDAPURL ldap://{$ldap->ldap_host}:{$ldap->ldap_port}/dc=organizations,{$ldap->suffix}?uid";
$f[] = " AuthLDAPBindDN cn={$ldap->ldap_admin},{$ldap->suffix}";
$f[] = " AuthLDAPBindPassword {$ldap->ldap_password}";
$f[] = " AuthLDAPGroupAttribute memberUid";
$f[] = " AuthBasicProvider ldap";
$f[] = " AuthzLDAPAuthoritative off";
$f[] = " require valid-user";
}
if ($ZarafaApachePHPFPMEnable == 0) {
$f[] = " php_value magic_quotes_gpc 0";
$f[] = " php_value register_globals 0";
$f[] = " php_value magic_quotes_runtime 0";
$f[] = " php_value post_max_size 31M";
$f[] = " php_value include_path \".:/usr/share/php:/usr/share/php5:/usr/local/share/php\"";
$f[] = " php_value upload_max_filesize 30M";
$f[] = " php_value short_open_tag 1";
$f[] = " php_flag log_errors on";
$f[] = " php_value safe_mode 0";
$f[] = " php_flag log_errors on";
$f[] = " php_value error_log \"/var/log/apache-zarafa/php.log\"";
}
$f[] = " DirectoryIndex index.php";
$f[] = " Options -Indexes +FollowSymLinks";
$f[] = " AllowOverride Options";
$f[] = " Order allow,deny";
$f[] = " Allow from all";
$f[] = "</Directory>";
if ($ZarafaApachePHPFPMEnable == 1) {
$php = $unix->LOCATE_PHP5_BIN();
if (!$unix->is_socket("/var/run/php-fpm-zarafa.sock")) {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: /var/run/php-fpm-zarafa.sock no such socket\n";
}
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Activate PHP5-FPM\n";
}
shell_exec("{$php} /usr/share/artica-postfix/exec.initslapd.php --phppfm");
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Restarting PHP5-FPM\n";
}
shell_exec("/etc/init.d/php5-fpm restart");
}
$f[] = "\tAlias /php5.fastcgi /var/run/artica-apache/php5.fastcgi";
$f[] = "\tAddHandler php-script .php";
$f[] = "\tFastCGIExternalServer /var/run/artica-apache/php5.fastcgi -socket /var/run/php-fpm-zarafa.sock -idle-timeout 610";
$f[] = "\tAction php-script /php5.fastcgi virtual";
$f[] = "\t<Directory /var/run/artica-apache>";
$f[] = "\t\t<Files php5.fastcgi>";
$f[] = "\t\tOrder deny,allow";
$f[] = "\t\tAllow from all";
$f[] = "\t\t</Files>";
$f[] = "\t</Directory>";
} else {
if ($GLOBALS["OUTPUT"]) {
echo "Configuring...: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} PHP5-FPM is disabled\n";
}
}
$f[] = "<IfModule dir_module>";
$f[] = " DirectoryIndex index.php";
$f[] = "</IfModule>";
$f[] = "";
$f[] = "";
$f[] = "<FilesMatch \"^\\.ht\">";
$f[] = " Order allow,deny";
$f[] = " Deny from all";
$f[] = " Satisfy All";
$f[] = "</FilesMatch>";
$f[] = "<IfModule mod_php5.c>";
$f[] = " <FilesMatch \"\\.ph(p3?|tml)\$\">";
$f[] = "\tSetHandler application/x-httpd-php";
$f[] = " </FilesMatch>";
$f[] = " <FilesMatch \"\\.phps\$\">";
$f[] = "\tSetHandler application/x-httpd-php-source";
$f[] = " </FilesMatch>";
$f[] = " # To re-enable php in user directories comment the following lines";
$f[] = " # (from <IfModule ...> to </IfModule>.) Do NOT set it to On as it";
$f[] = " # prevents .htaccess files from disabling it.";
$f[] = " <IfModule mod_userdir.c>";
$f[] = " <Directory /home/*/public_html>";
$f[] = " php_admin_value engine Off";
$f[] = " </Directory>";
$f[] = " </IfModule>";
$f[] = "</IfModule>";
$f[] = "";
$f[] = "";
$f[] = "ErrorLog \"/var/log/apache-zarafa/error.log\"";
$f[] = "LogLevel warn";
$f[] = "";
$f[] = "<IfModule log_config_module>";
$f[] = " LogFormat \"%h %l %u %t \\\"%r\\\" %>s %b \\\"%{Referer}i\\\" \\\"%{User-Agent}i\\\" %V\\\" combinedv";
$f[] = " LogFormat \"%h %l %u %t \\\"%r\\\" %>s %b\" common";
$f[] = "";
$f[] = " <IfModule logio_module>";
$f[] = " LogFormat \"%h %l %u %t \\\"%r\\\" %>s %b \\\"%{Referer}i\\\" \\\"%{User-Agent}i\\\" %I %O\" combinedio";
$f[] = " </IfModule>";
$f[] = "";
$f[] = " CustomLog \"/var/log/apache-zarafa/access.log\" combinedv";
$f[] = "</IfModule>";
$f[] = "";
$f[] = "<IfModule alias_module>";
$f[] = " ScriptAlias /cgi-bin/ \"/usr/local/apache-groupware/data/cgi-bin/\"";
$f[] = " Alias /images /usr/share/obm2/resources";
$f[] = "";
$f[] = "</IfModule>";
$f[] = "";
$f[] = "<IfModule cgid_module>";
$f[] = "";
$f[] = "</IfModule>";
$f[] = "";
$f[] = "";
$f[] = "<Directory \"/usr/local/apache-groupware/data/cgi-bin\">";
$f[] = " AllowOverride None";
$f[] = " Options None";
$f[] = " Order allow,deny";
$f[] = " Allow from all";
$f[] = "</Directory>";
$f[] = "";
$f[] = "";
$f[] = "DefaultType text/plain";
$f[] = "";
$f[] = "<IfModule mime_module>";
$f[] = " ";
$f[] = " TypesConfig /etc/mime.types";
$f[] = " #AddType application/x-gzip .tgz";
$f[] = " AddType application/x-compress .Z";
$f[] = " AddType application/x-gzip .gz .tgz";
$f[] = " AddType application/x-httpd-php .php .phtml";
$f[] = " #AddHandler cgi-script .cgi";
$f[] = " #AddHandler type-map var";
$f[] = " #AddType text/html .shtml";
$f[] = " #AddOutputFilter INCLUDES .shtml";
$f[] = "</IfModule>";
@file_put_contents('/etc/zarafa/httpd.conf', @implode("\n", $f) . "\n");
if ($GLOBALS["OUTPUT"]) {
echo "Configuring...: " . date("H:i:s") . " /etc/zarafa/httpd.conf done\n";
}
}
function start_prepare()
{
if ($GLOBALS["CRASHED"]) {
return;
}
buil_init_squid_cache_log();
initd_squid();
$reconfigure = false;
$unix = new unix();
$sock = new sockets();
$NtpdateAD = $sock->GET_INFO("NtpdateAD");
$php = $unix->LOCATE_PHP5_BIN();
$nohup = $unix->find_program("nohup");
if (!is_file("/etc/squid3/malwares.acl")) {
@file_put_contents("/etc/squid3/malwares.acl", "\n");
}
if (!is_file("/etc/squid3/squid-block.acl")) {
@file_put_contents("/etc/squid3/squid-block.acl", "\n");
}
$EXPLODED = explode("\n", @file_get_contents("/etc/squid3/squid.conf"));
while (list($index, $val) = each($EXPLODED)) {
if (preg_match("#INSERT YOUR OWN RULE#", $val)) {
if ($GLOBALS["OUTPUT"]) {
echo "Preparing.....: " . date("H:i:s") . " squid must be reconfigured...\n";
}
$reconfigure = true;
}
}
if ($reconfigure) {
if ($GLOBALS["OUTPUT"]) {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " Rebuild configuration\n";
}
system("{$php} /usr/share/artica-postfix/exec.squid.php --build --withoutloading");
} else {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " Rebuild configuration\n";
}
exec("{$php} /usr/share/artica-postfix/exec.squid.php --build --withoutloading 2>&1", $GLOBALS["LOGS"]);
}
}
if ($NtpdateAD == 1) {
shell_exec("{$nohup} {$php} /usr/share/artica-postfix/exec.kerbauth.php --ntpdate >/dev/null 2>&1 &");
}
$unix->CreateUnixUser("squid", "squid");
if (!is_file("/etc/squid3/squid.conf")) {
if ($GLOBALS["OUTPUT"]) {
echo "Preparing.....: " . date("H:i:s") . " Warning /etc/squid3/squid.conf no such file\n";
}
if ($GLOBALS["OUTPUT"]) {
echo "Preparing.....: " . date("H:i:s") . " Ask to build it and die\n";
}
shell_exec("{$php} /usr/share/artica-postfix/exec.squid.php --build --force --withoutloading");
die;
}
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " initd-squid\n";
}
shell_exec("{$php} /usr/share/artica-postfix/exec.initd-squid.php >/dev/null 2>&1");
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " Watchdog config\n";
}
shell_exec("{$php} /usr/share/artica-postfix/exec.squid.php --watchdog-config >/dev/null 2>&1");
exec("{$php} /usr/share/artica-postfix/exec.squid.transparent.php", $GLOBALS["LOGS"]);
if (!is_file("/etc/init.d/tproxy start")) {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " Building transparent method\n";
}
exec("{$php} /usr/share/artica-postfix/exec.squid.transparent.php", $GLOBALS["LOGS"]);
} else {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " Starting transparent method\n";
}
exec("/etc/init.d/tproxy start", $GLOBALS["LOGS"]);
}
$directories_squid[] = "/var/squid";
$directories_squid[] = "/var/squid/cache";
$directories_squid[] = "/usr/share/squid3/icons";
$directories_squid[] = "/var/log/squid";
$directories_squid[] = "/etc/squid3";
$directories_squid[] = "/var/lib/squidguard";
$directories_squid[] = "/var/run/squid";
$directories_squid[] = "/lib/squid3";
$directories_chmod[] = "/var/logs";
$directories_chmod[] = "/var/log";
$directories_chmod[] = "/var";
$directories_chmod_owned[] = "/home/squid";
$filesOblig[] = "/etc/squid3/url_rewrite_program.deny.db";
$filesOblig[] = "/var/run/squid/squid.pid";
while (list($num, $directory) = each($directories_squid)) {
if ($GLOBALS["OUTPUT"]) {
echo "Preparing.....: " . date("H:i:s") . " {$directory}\n";
}
if (!is_dir($directory)) {
@mkdir($directory, 0755, true);
}
@chmod($directory, 0755);
$unix->chmod_func(0755, "{$directory}/*");
$unix->chown_func("squid", "squid", "{$directory}/*");
}
while (list($num, $directory) = each($directories_chmod)) {
if ($GLOBALS["OUTPUT"]) {
echo "Preparing.....: " . date("H:i:s") . " {$directory}\n";
}
if (!is_dir($directory)) {
@mkdir($directory, 0755, true);
}
@chmod($directory, 0755);
}
while (list($num, $directory) = each($directories_chmod)) {
if ($GLOBALS["OUTPUT"]) {
echo "Preparing.....: " . date("H:i:s") . " {$directory}\n";
}
if (!is_dir($directory)) {
@mkdir($directory, 0755, true);
}
$unix->chmod_func(0755, "{$directory}");
$unix->chown_func("squid", "squid", "{$directory}");
}
while (list($num, $filepath) = each($filesOblig)) {
if ($GLOBALS["OUTPUT"]) {
echo "Preparing.....: " . date("H:i:s") . " {$filepath}\n";
}
if (!is_file($filepath)) {
@touch("{$filepath}");
}
@chmod($filepath, 0755);
@chown($filepath, "squid");
@chgrp($filepath, "squid");
}
$articafiles[] = "exec.logfile_daemon.php";
$articafiles[] = "external_acl_squid_ldap.php";
$articafiles[] = "external_acl_dynamic.php";
$articafiles[] = "external_acl_quota.php";
$articafiles[] = "external_acl_basic_auth.php";
$articafiles[] = "external_acl_squid.php";
while (list($num, $filename) = each($articafiles)) {
$filepath = "/usr/share/artica-postfix/{$filename}";
if ($GLOBALS["OUTPUT"]) {
echo "Preparing.....: " . date("H:i:s") . " {$filepath}\n";
}
@chmod($filepath, 0755);
@chown($filepath, "squid");
@chgrp($filepath, "squid");
}
$squid_locate_pinger = $unix->squid_locate_pinger();
$setcap = $unix->find_program("setcap");
if (is_file($squid_locate_pinger)) {
@chmod($squid_locate_pinger, 0755);
@chown($squid_locate_pinger, "squid");
@chgrp($squid_locate_pinger, "squid");
if (is_file("{$setcap}")) {
shell_exec("{$setcap} cap_net_raw=pe {$squid_locate_pinger}");
} else {
if ($GLOBALS["OUTPUT"]) {
echo "Preparing.....: " . date("H:i:s") . " WARNING! setcap, no such binary!!\n";
}
$unix->DEBIAN_INSTALL_PACKAGE("libcap2-bin");
}
}
}
function CheckArticaFolderSecurity($username, $groupname)
{
$unix = new unix();
$artica_path = "/usr/share/artica-postfix";
$GLOBALS["LogFileDeamonLogDir"] = @file_get_contents("/etc/artica-postfix/settings/Daemons/LogFileDeamonLogDir");
if ($GLOBALS["LogFileDeamonLogDir"] == null) {
$GLOBALS["LogFileDeamonLogDir"] = "/home/artica/squid/realtime-events";
}
if (is_file("/usr/local/ArticaStats/bin/postgres")) {
$GLOBALS["LogFileDeamonLogDir"] = @file_get_contents("/etc/artica-postfix/settings/Daemons/LogFileDeamonLogPostGresDir");
if ($GLOBALS["LogFileDeamonLogDir"] == null) {
$GLOBALS["LogFileDeamonLogDir"] = "/home/artica/squid-postgres/realtime-events";
}
}
$fSquidDirs[] = "/var/log/squid/squid_admin_mysql";
$fSquidDirs[] = "/usr/share/squid3";
$fSquidDirs[] = $GLOBALS["LogFileDeamonLogDir"];
while (list($num, $directory) = each($fSquidDirs)) {
if (!is_dir($directory)) {
@mkdir($directory, 0755, true);
}
@chown($directory, "squid");
@chgrp($directory, "squid");
}
$squidfiles = $unix->SquidPHPFiles();
$files = $unix->DirFiles($artica_path);
while (list($filename, $line) = each($files)) {
if (is_numeric($filename)) {
@unlink("{$artica_path}/{$filename}");
continue;
}
if (isset($squidfiles[$filename])) {
@chmod("{$artica_path}/{$filename}", 0755);
@chgrp("{$artica_path}/{$filename}", "squid");
@chown("{$artica_path}/{$filename}", "squid");
continue;
}
$unix->chown_func($username, $groupname, "{$artica_path}/{$filename}");
$unix->chmod_func(0755, "{$artica_path}/{$filename}");
}
$unix->chmod_func(0755, "/var/log/squid/access.log");
$unix->chmod_func(0777, "/var/log/squid/QUOTADB.db");
}
function parse_tables_primaires($nopid = false)
{
$unix = new unix();
$unix->chown_func("squid", "squid", "/var/log/squid/mysql-rttime");
$TimePID = "/etc/artica-postfix/pids/" . basename(__FILE__) . ".pid";
$TimeExec = "/etc/artica-postfix/pids/" . basename(__FILE__) . ".time";
if (!$nopid) {
$pid = @file_get_contents($TimePID);
if ($unix->process_exists($pid)) {
$timePid = $unix->PROCCESS_TIME_MIN($pid);
if ($timePid > 5) {
$kill = $unix->find_program("kill");
unix_system_kill_force($pid);
} else {
if ($GLOBALS["VERBOSE"]) {
echo "Already running PID {$pid} since {$timePid}mn";
}
die;
}
}
@file_put_contents($TimePID, getmypid());
}
if (!($handle = opendir("/var/log/squid/mysql-rttime"))) {
return;
}
$q = new mysql_squid_builder();
$q->TablePrimaireHour(date("YmdH"));
$countDeFiles = 0;
while (false !== ($filename = readdir($handle))) {
if ($filename == ".") {
continue;
}
if ($filename == "..") {
continue;
}
$filepath = "/var/log/squid/mysql-rttime/{$filename}";
events("parse_tables_primaires():: Scanning {$filepath}");
if (!preg_match("#^squidhour_([0-9]+)\\.#", $filename, $re)) {
events("parse_tables_primaires():: Failed {$filepath} -> not match #^squidhour_([0-9]+)\\.");
@unlink($filepath);
continue;
}
$xtime = $re[1];
$q->TablePrimaireHour($xtime);
$content = unserialize(@file_get_contents($filepath));
$contentSize = filesize($filepath) / 1024;
$ArraySize = count($content);
events("parse_tables_primaires():: squidhour_{$xtime} Inserting " . count($content) . " element(s)");
if (count($content) == 0) {
ToSyslog("parse_tables_primaires():: squidhour_{$xtime}: {$filepath} no row has been written");
@unlink($filepath);
continue;
}
$sql = "INSERT IGNORE INTO `squidhour_{$xtime}` (`sitename`,`uri`,`TYPE`,`REASON`,`CLIENT`,`hostname`,`zDate`,`zMD5`,`uid`,`QuerySize`,`cached`,`MAC`,`category`) \n\t\tVALUES " . @implode(",", $content);
$q->QUERY_SQL($sql);
if (!$q->ok) {
if ($GLOBALS["VERBOSE"]) {
echo "\n\n ********************************************************************* \n\n{$q->mysql_error}\n*********************************************************************\n\n";
}
events("parse_tables_primaires(): Fatal: MySQL error:");
if (preg_match("#Table 'squidlogs\\.(.+?)' doesn't exist#", $q->mysql_error, $re)) {
if ($GLOBALS["VERBOSE"]) {
echo "Creating table: {$re[1]}\n";
$q->TablePrimaireHour(null, false, $re[1]);
$q->QUERY_SQL($sql);
}
}
}
if (!$q->ok) {
events("parse_tables_primaires(): Fatal: MySQL error:");
events("{$sql}");
continue;
}
if ($GLOBALS["VERBOSE"]) {
echo $filepath . " ({$contentSize} KB) done with {$ArraySize} elements...\n";
}
@unlink($filepath);
$countDeFiles++;
}
if ($GLOBALS["VERBOSE"]) {
echo "{$countDeFiles} Files parsed done\n";
}
parse_tables_cache_primaires();
}
function CoherenceOffiels()
{
if (!ifMustBeExecuted()) {
WriteMyLogs("No make sense to execute this script...", __FUNCTION__, __FILE__, __LINE__);
if ($GLOBALS["VERBOSE"]) {
echo "No make sense to execute this script...\n";
}
die;
}
$workdir = "/var/lib/ftpunivtlse1fr";
$unix = new unix();
$BASE_URI = "ftp://ftp.univ-tlse1.fr/pub/reseau/cache/squidguard_contrib";
$q = new mysql_squid_builder();
$table = $q->TLSE_CONVERTION(true);
$ARRAYSUM_REMOTE = GET_MD5S_REMOTE();
while (list($database, $articacat) = each($table)) {
$directory = str_replace("/", "_", $articacat);
$targetdir = $workdir . "/{$database}";
if ($GLOBALS["VERBOSE"]) {
echo __FUNCTION__ . ":: Checking {$targetdir}/domains\n";
}
if (!is_file("{$targetdir}/domains")) {
ufdbguard_admin_events("{$database} is not in disk... download it..", __FUNCTION__, __FILE__, __LINE__, "Toulouse DB");
update_remote_file($BASE_URI, "{$database}.tar.gz", $ARRAYSUM_REMOTE["{$database}.tar.gz"]);
}
}
reset($table);
while (list($database, $articacat) = each($table)) {
$directory = str_replace("/", "_", $articacat);
$targetdir = $workdir . "/{$directory}";
$sourcedir = $workdir . "/{$database}";
@chmod($sourcedir, 0755);
$unix->chown_func("squid", "squid", $sourcedir);
if (!is_dir($targetdir)) {
if ($GLOBALS["VERBOSE"]) {
echo __FUNCTION__ . ":: Checking {$targetdir} no such directory make symbolic to {$sourcedir}\n";
}
shell_exec("ln -sf {$sourcedir} {$targetdir}");
}
}
if (count($GLOBALS["squid_admin_mysql"])) {
squid_admin_mysql(2, count($GLOBALS["squid_admin_mysql"]) . " Toulouse Databases updated", @implode("\n", $GLOBALS["squid_admin_mysql"]));
unset($GLOBALS["squid_admin_mysql"]);
}
}
function apache_config()
{
$sock = new sockets();
$unix = new unix();
$EnablePHPFPM = 0;
$APACHE_SRC_ACCOUNT = $unix->APACHE_SRC_ACCOUNT();
$APACHE_SRC_GROUP = $unix->APACHE_SRC_GROUP();
if (preg_match("#APACHE_RUN_GROUP#", $APACHE_SRC_GROUP)) {
$APACHE_SRC_GROUP = "www-data";
}
$LogFilePath = "/var/log/artica-wifidog/access.log";
$directories[] = "/var/run/apache2";
$directories[] = "/var/run/artica-apache";
$directories[] = "/var/log/artica-wifidog";
$directories[] = "/home/artica/hotspot/sessions";
$directories[] = "/home/artica/hotspot/caches";
while (list($index, $maindir) = each($directories)) {
@mkdir($maindir, 0755, true);
@chown($maindir, $APACHE_SRC_ACCOUNT);
@chgrp($maindir, $APACHE_SRC_GROUP);
}
$ErrorLog = dirname($LogFilePath) . "/error.log";
if (!is_file($LogFilePath)) {
@touch($LogFilePath);
}
@chown($LogFilePath, $APACHE_SRC_ACCOUNT);
@chgrp($LogFilePath, $APACHE_SRC_GROUP);
if (!is_file($ErrorLog)) {
@touch($ErrorLog);
}
@chown($ErrorLog, $APACHE_SRC_ACCOUNT);
@chgrp($ErrorLog, $APACHE_SRC_GROUP);
$APACHE_MODULES_PATH = $unix->APACHE_MODULES_PATH();
$HotSpotMaxClients = intval(@file_get_contents("/etc/artica-postfix/settings/Daemons/HotSpotMaxClients"));
$HotSpotStartServers = intval(@file_get_contents("/etc/artica-postfix/settings/Daemons/HotSpotStartServers"));
$HotSpotForceDDOSDisable = intval(@file_get_contents("/etc/artica-postfix/settings/Daemons/HotSpotForceDDOSDisable"));
if ($HotSpotMaxClients == 0) {
$HotSpotMaxClients = 20;
}
if ($HotSpotStartServers == 0) {
$HotSpotStartServers = 5;
}
$EnableArticaHotSpot = $sock->GET_INFO("EnableArticaHotSpot");
$SquidHotSpotPort = $sock->GET_INFO("SquidHotSpotPort");
$ArticaHotSpotPort = $sock->GET_INFO("ArticaHotSpotPort");
$ArticaSSLHotSpotPort = $sock->GET_INFO("ArticaSSLHotSpotPort");
$ArticaSplashHotSpotPort = $sock->GET_INFO("ArticaSplashHotSpotPort");
$ArticaSplashHotSpotPortSSL = $sock->GET_INFO("ArticaSplashHotSpotPortSSL");
if (!is_numeric($ArticaHotSpotPort)) {
$ArticaHotSpotPort = 0;
}
if (!is_numeric($ArticaSplashHotSpotPort)) {
$ArticaSplashHotSpotPort = 16080;
}
if (!is_numeric($ArticaSplashHotSpotPortSSL)) {
$ArticaSplashHotSpotPortSSL = 16443;
}
$ArticaHotSpotInterface = $sock->GET_INFO("ArticaHotSpotInterface");
$HospotHTTPServerName = trim($sock->GET_INFO("HospotHTTPServerName"));
$HotSpotErrorRedirect = $sock->GET_INFO("HotSpotErrorRedirect");
if ($HotSpotErrorRedirect == null) {
$HotSpotErrorRedirect = "http://www.msftncsi.com";
}
$Params = unserialize($sock->GET_INFO("HotSpotEvasive"));
$ApacheEvasiveInstalled = intval($sock->GET_INFO("ApacheEvasiveInstalled"));
if (!is_numeric($Params["DOSEnable"])) {
$Params["DOSEnable"] = 1;
}
if (!is_numeric($Params["DOSHashTableSize"])) {
$Params["DOSHashTableSize"] = 1024;
}
if (!is_numeric($Params["DOSPageCount"])) {
$Params["DOSPageCount"] = 3;
}
if (!is_numeric($Params["DOSSiteCount"])) {
$Params["DOSSiteCount"] = 20;
}
if (!is_numeric($Params["DOSPageInterval"])) {
$Params["DOSPageInterval"] = 1;
}
if (!is_numeric($Params["DOSSiteInterval"])) {
$Params["DOSSiteInterval"] = 10;
}
if (!is_numeric($Params["DOSBlockingPeriod"])) {
$Params["DOSBlockingPeriod"] = 5;
}
$unix = new unix();
$NETWORK_ALL_INTERFACES = $unix->NETWORK_ALL_INTERFACES();
$ipaddr = $NETWORK_ALL_INTERFACES[$ArticaHotSpotInterface]["IPADDR"];
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} HotSpot run as {$ArticaHotSpotInterface} ( {$ipaddr} )\n";
}
if ($ipaddr == "0.0.0.0") {
$ipaddr = "*";
}
if ($ipaddr == null) {
$ipaddr = "*";
}
$GLOBALS["HOSTPOT_WEB_INTERFACE"] = $ipaddr;
$phpfpm = $unix->APACHE_LOCATE_PHP_FPM();
$php = $unix->LOCATE_PHP5_BIN();
$EnableArticaApachePHPFPM = $sock->GET_INFO("EnableArticaApachePHPFPM");
if (!is_numeric($EnableArticaApachePHPFPM)) {
$EnableArticaApachePHPFPM = 0;
}
if (!is_file($phpfpm)) {
$EnableArticaApachePHPFPM = 0;
}
$unix->chown_func($APACHE_SRC_ACCOUNT, $APACHE_SRC_GROUP, "/var/run/artica-apache");
$apache_LOCATE_MIME_TYPES = $unix->apache_LOCATE_MIME_TYPES();
if ($EnableArticaApachePHPFPM == 1) {
if (!is_file("{$APACHE_MODULES_PATH}/mod_fastcgi.so")) {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} mod_fastcgi.so is required to use PHP5-FPM\n";
}
$EnableArticaApachePHPFPM = 0;
}
}
if ($APACHE_SRC_ACCOUNT == null) {
$APACHE_SRC_ACCOUNT = "www-data";
$APACHE_SRC_GROUP = "www-data";
$unix->CreateUnixUser($APACHE_SRC_ACCOUNT, $APACHE_SRC_GROUP, "Apache username");
}
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Run as....: {$APACHE_SRC_ACCOUNT}:{$APACHE_SRC_GROUP}\n";
}
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} HTTP Port.: {$ArticaSplashHotSpotPort} SSL Port: {$ArticaSplashHotSpotPortSSL}\n";
}
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} PHP-FPM...: {$EnablePHPFPM}\n";
}
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} MaxClients: {$HotSpotMaxClients}\n";
}
$f[] = "Group {$APACHE_SRC_GROUP}";
$f[] = "User {$APACHE_SRC_ACCOUNT}";
$f[] = "LockFile /var/run/apache2/hotspot-artica-accept.lock";
$f[] = "PidFile /var/run/artica-apache/hotspot-apache.pid";
$f[] = "AcceptMutex flock";
$f[] = "SSLRandomSeed startup file:/dev/urandom 256";
$f[] = "SSLRandomSeed connect builtin";
$f[] = "SSLSessionCache shmcb:/var/run/apache2/ssl_scache-hotspot(512000)";
$f[] = "SSLSessionCacheTimeout 300";
$f[] = "SSLSessionCacheTimeout 300";
$f[] = "DocumentRoot /usr/share/artica-postfix";
$f[] = "DirectoryIndex hotspot.html";
$f[] = "ErrorDocument 400 /hotspot.html";
$f[] = "ErrorDocument 401 /hotspot.html";
$f[] = "ErrorDocument 403 /hotspot.html";
$f[] = "ErrorDocument 404 /hotspot.html";
$f[] = "ErrorDocument 500 /hotspot.html";
$NameVirtualHost = $ipaddr;
if ($HospotHTTPServerName != null) {
$NameVirtualHost = $HospotHTTPServerName;
}
$f[] = "NameVirtualHost {$NameVirtualHost}:{$ArticaSplashHotSpotPort}";
$f[] = "NameVirtualHost {$NameVirtualHost}:{$ArticaSplashHotSpotPortSSL}";
$f[] = "Listen {$NameVirtualHost}:{$ArticaSplashHotSpotPort}";
$f[] = "Listen {$NameVirtualHost}:{$ArticaSplashHotSpotPortSSL}";
$ddos_config = null;
if ($HotSpotForceDDOSDisable == 1) {
$Params["DOSEnable"] = 0;
}
if ($Params["DOSEnable"] == 1) {
//$ddos[]="<IfModule mod_evasive20.c>";
$ddos[] = "\tDOSHashTableSize {$Params["DOSHashTableSize"]}";
$ddos[] = "\tDOSPageCount {$Params["DOSPageCount"]}";
$ddos[] = "\tDOSSiteCount {$Params["DOSSiteCount"]}";
$ddos[] = "\tDOSPageInterval {$Params["DOSPageInterval"]}";
$ddos[] = "\tDOSSiteInterval {$Params["DOSSiteInterval"]}";
$ddos[] = "\tDOSBlockingPeriod {$Params["DOSBlockingPeriod"]}";
$ddos[] = "\tDOSLogDir \"/var/log/artica-wifidog\"";
$ddos[] = "\tDOSSystemCommand \"/bin/echo `date '+%F %T'` HOTSPOT %s >> /var/log/artica-wifidog/dos_evasive_attacks.log\"";
$ddos_config = @implode("\n", $ddos);
//$ddos[]="</IfModule>";
}
$f[] = "<VirtualHost {$NameVirtualHost}:{$ArticaSplashHotSpotPort}>";
$f[] = "\tServerName {$NameVirtualHost}";
$f[] = "\tDocumentRoot /usr/share/artica-postfix";
$f[] = "{$ddos_config}";
$f[] = "\tErrorDocument 400 /hotspot.html";
$f[] = "\tErrorDocument 401 /hotspot.html";
$f[] = "\tErrorDocument 403 /hotspot.html";
$f[] = "\tErrorDocument 404 /hotspot.html";
$f[] = "\tErrorDocument 500 /hotspot.html";
$f[] = "\tFallbackResource /hotspot.html";
$f[] = "</VirtualHost>";
$f[] = "<VirtualHost {$NameVirtualHost}:{$ArticaSplashHotSpotPortSSL}>";
$f[] = "\tServerName {$NameVirtualHost}";
$f[] = "\tDocumentRoot /usr/share/artica-postfix";
$f[] = "\tSSLEngine on";
$squid = new squidbee();
$ArticaSplashHotSpotCertificate = $sock->GET_INFO("ArticaSplashHotSpotCertificate");
$data = $squid->SaveCertificate($ArticaSplashHotSpotCertificate, false, true, false);
if ($ArticaSplashHotSpotCertificate != null) {
$apache = new apache_certificate($ArticaSplashHotSpotCertificate);
$f[] = $apache->build();
} else {
if (preg_match("#ssl_certificate\\s+(.+?);\\s+ssl_certificate_key\\s+(.+?);#is", $data, $re)) {
$cert = $re[1];
$key = $re[2];
$f[] = "\tSSLCertificateFile \"{$cert}\"";
$f[] = "\tSSLCertificateKeyFile \"{$key}\"";
}
}
$f[] = "\tSSLVerifyClient none";
$f[] = "\tServerSignature Off";
$f[] = "{$ddos_config}";
$f[] = "\tErrorDocument 400 /hotspot.html";
$f[] = "\tErrorDocument 401 /hotspot.html";
$f[] = "\tErrorDocument 403 /hotspot.html";
$f[] = "\tErrorDocument 404 /hotspot.html";
$f[] = "\tErrorDocument 500 /hotspot.html";
$f[] = "\tFallbackResource /hotspot.html";
$f[] = "</VirtualHost>";
$f[] = "AccessFileName .htaccess";
$f[] = "<Files ~ \"^\\.ht\">";
$f[] = "\tOrder allow,deny";
$f[] = "\tDeny from all";
$f[] = "\tSatisfy all";
$f[] = "</Files>";
$f[] = "DefaultType text/plain";
$f[] = "HostnameLookups Off";
$f[] = "User\t\t\t\t {$APACHE_SRC_ACCOUNT}";
$f[] = "Group\t\t\t\t {$APACHE_SRC_GROUP}";
$f[] = "Timeout 300";
$f[] = "KeepAlive Off";
$f[] = "KeepAliveTimeout 3";
if ($HotSpotStartServers >= $HotSpotMaxClients) {
$HotSpotMaxClients = $HotSpotMaxClients + $HotSpotStartServers;
}
if ($HotSpotMaxClients > 1024) {
$HotSpotMaxClients = 1024;
}
$ServerLimit = $HotSpotMaxClients + 100;
if ($ServerLimit > 2000) {
$ServerLimit = 2000;
}
$f[] = "StartServers {$HotSpotStartServers}";
$f[] = "MaxClients {$HotSpotMaxClients}";
$f[] = "ServerLimit\t\t {$ServerLimit}";
$MinSpareServers = $HotSpotStartServers + 5;
$MaxSpareServers = $MinSpareServers + 1;
$f[] = "MinSpareServers {$MinSpareServers}";
$f[] = "MaxSpareServers {$MaxSpareServers}";
$f[] = "MaxRequestsPerChild 800";
$f[] = "MaxKeepAliveRequests 100";
$f[] = "ServerName " . $unix->hostname_g();
$f[] = "<IfModule mod_ssl.c>";
$f[] = "\tSSLRandomSeed connect builtin";
$f[] = "\tSSLRandomSeed connect file:/dev/urandom 512";
$f[] = "\tAddType application/x-x509-ca-cert .crt";
$f[] = "\tAddType application/x-pkcs7-crl .crl";
$f[] = "\tSSLPassPhraseDialog builtin";
$f[] = "\tSSLSessionCache shmcb:/var/run/apache2/ssl_scache-articahtp(512000)";
$f[] = "\tSSLSessionCacheTimeout 300";
$f[] = "\tSSLSessionCacheTimeout 300";
$f[] = "\tSSLMutex sem";
$f[] = "\tSSLCipherSuite HIGH:MEDIUM:!ADH";
$f[] = "\tSSLProtocol all -SSLv2";
$f[] = "</IfModule>";
$f[] = "";
$f[] = "AddType application/x-httpd-php .php";
$f[] = "php_value error_log \"/var/log/artica-wifidog/access.log\"";
$f[] = "php_value session.save_path \"/home/artica/hotspot/sessions\"";
$f[] = "<IfModule mod_fcgid.c>";
$f[] = "\tPHP_Fix_Pathinfo_Enable 1";
$f[] = "</IfModule>";
$f[] = "<IfModule mod_php5.c>";
$f[] = " <FilesMatch \"\\.ph(p3?|tml)\$\">";
$f[] = "\tSetHandler application/x-httpd-php";
$f[] = " </FilesMatch>";
$f[] = " <FilesMatch \"\\.phps\$\">";
$f[] = "\tSetHandler application/x-httpd-php-source";
$f[] = " </FilesMatch>";
$f[] = " <IfModule mod_userdir.c>";
$f[] = " <Directory /home/*/public_html>";
$f[] = " php_admin_value engine Off";
$f[] = " </Directory>";
$f[] = " </IfModule>";
$f[] = "</IfModule>";
$f[] = "<IfModule mod_mime.c>";
$f[] = "\tTypesConfig /etc/mime.types";
$f[] = "\tAddType application/x-compress .Z";
$f[] = "\tAddType application/x-gzip .gz .tgz";
$f[] = "\tAddType application/x-bzip2 .bz2";
$f[] = "\tAddType application/x-httpd-php .php .phtml";
$f[] = "\tAddType application/x-httpd-php-source .phps";
$f[] = "\tAddLanguage ca .ca";
$f[] = "\tAddLanguage cs .cz .cs";
$f[] = "\tAddLanguage da .dk";
$f[] = "\tAddLanguage de .de";
$f[] = "\tAddLanguage el .el";
$f[] = "\tAddLanguage en .en";
$f[] = "\tAddLanguage eo .eo";
$f[] = "\tRemoveType es";
$f[] = "\tAddLanguage es .es";
$f[] = "\tAddLanguage et .et";
$f[] = "\tAddLanguage fr .fr";
$f[] = "\tAddLanguage he .he";
$f[] = "\tAddLanguage hr .hr";
$f[] = "\tAddLanguage it .it";
$f[] = "\tAddLanguage ja .ja";
$f[] = "\tAddLanguage ko .ko";
$f[] = "\tAddLanguage ltz .ltz";
$f[] = "\tAddLanguage nl .nl";
$f[] = "\tAddLanguage nn .nn";
$f[] = "\tAddLanguage no .no";
$f[] = "\tAddLanguage pl .po";
$f[] = "\tAddLanguage pt .pt";
$f[] = "\tAddLanguage pt-BR .pt-br";
$f[] = "\tAddLanguage ru .ru";
$f[] = "\tAddLanguage sv .sv";
$f[] = "\tRemoveType tr";
$f[] = "\tAddLanguage tr .tr";
$f[] = "\tAddLanguage zh-CN .zh-cn";
$f[] = "\tAddLanguage zh-TW .zh-tw";
$f[] = "\tAddCharset us-ascii .ascii .us-ascii";
$f[] = "\tAddCharset ISO-8859-1 .iso8859-1 .latin1";
$f[] = "\tAddCharset ISO-8859-2 .iso8859-2 .latin2 .cen";
$f[] = "\tAddCharset ISO-8859-3 .iso8859-3 .latin3";
$f[] = "\tAddCharset ISO-8859-4 .iso8859-4 .latin4";
$f[] = "\tAddCharset ISO-8859-5 .iso8859-5 .cyr .iso-ru";
$f[] = "\tAddCharset ISO-8859-6 .iso8859-6 .arb .arabic";
$f[] = "\tAddCharset ISO-8859-7 .iso8859-7 .grk .greek";
$f[] = "\tAddCharset ISO-8859-8 .iso8859-8 .heb .hebrew";
$f[] = "\tAddCharset ISO-8859-9 .iso8859-9 .latin5 .trk";
$f[] = "\tAddCharset ISO-8859-10 .iso8859-10 .latin6";
$f[] = "\tAddCharset ISO-8859-13 .iso8859-13";
$f[] = "\tAddCharset ISO-8859-14 .iso8859-14 .latin8";
$f[] = "\tAddCharset ISO-8859-15 .iso8859-15 .latin9";
$f[] = "\tAddCharset ISO-8859-16 .iso8859-16 .latin10";
$f[] = "\tAddCharset ISO-2022-JP .iso2022-jp .jis";
$f[] = "\tAddCharset ISO-2022-KR .iso2022-kr .kis";
$f[] = "\tAddCharset ISO-2022-CN .iso2022-cn .cis";
$f[] = "\tAddCharset Big5 .Big5 .big5 .b5";
$f[] = "\tAddCharset cn-Big5 .cn-big5";
$f[] = "\t# For russian, more than one charset is used (depends on client, mostly):";
$f[] = "\tAddCharset WINDOWS-1251 .cp-1251 .win-1251";
$f[] = "\tAddCharset CP866 .cp866";
$f[] = "\tAddCharset KOI8 .koi8";
$f[] = "\tAddCharset KOI8-E .koi8-e";
$f[] = "\tAddCharset KOI8-r .koi8-r .koi8-ru";
$f[] = "\tAddCharset KOI8-U .koi8-u";
$f[] = "\tAddCharset KOI8-ru .koi8-uk .ua";
$f[] = "\tAddCharset ISO-10646-UCS-2 .ucs2";
$f[] = "\tAddCharset ISO-10646-UCS-4 .ucs4";
$f[] = "\tAddCharset UTF-7 .utf7";
$f[] = "\tAddCharset UTF-8 .utf8";
$f[] = "\tAddCharset UTF-16 .utf16";
$f[] = "\tAddCharset UTF-16BE .utf16be";
$f[] = "\tAddCharset UTF-16LE .utf16le";
$f[] = "\tAddCharset UTF-32 .utf32";
$f[] = "\tAddCharset UTF-32BE .utf32be";
$f[] = "\tAddCharset UTF-32LE .utf32le";
$f[] = "\tAddCharset euc-cn .euc-cn";
$f[] = "\tAddCharset euc-gb .euc-gb";
$f[] = "\tAddCharset euc-jp .euc-jp";
$f[] = "\tAddCharset euc-kr .euc-kr";
$f[] = "\tAddCharset EUC-TW .euc-tw";
$f[] = "\tAddCharset gb2312 .gb2312 .gb";
$f[] = "\tAddCharset iso-10646-ucs-2 .ucs-2 .iso-10646-ucs-2";
$f[] = "\tAddCharset iso-10646-ucs-4 .ucs-4 .iso-10646-ucs-4";
$f[] = "\tAddCharset shift_jis .shift_jis .sjis";
$f[] = "\tAddType text/html .shtml";
$f[] = "\tAddOutputFilter INCLUDES .shtml";
$f[] = "</IfModule>";
$f[] = "Alias /index.php /hotspot.html";
$f[] = "Alias /index.html /hotspot.html";
$f[] = "Alias /Microsoft-Server-ActiveSync /hotspot-none.html";
$f[] = "<Directory \"/usr/share/artica-postfix\">";
$f[] = "\tDirectorySlash On";
$f[] = "\tDirectoryIndex hostpot.php";
$f[] = "\t\t<Files \"hostpot.php\">";
$f[] = "\t\t\tOrder allow,deny";
$f[] = "\t\t\tallow from all";
$f[] = "\t\t</Files>";
$f[] = "\t\t<Files \"hostpot.html\">";
$f[] = "\t\t\tOrder allow,deny";
$f[] = "\t\t\tallow from all";
$f[] = "\t\t</Files>";
$f[] = "\t\t<FilesMatch \"!(hostpot)\\.(html|php)\$\">";
$f[] = "\t\t\tOrder allow,deny";
$f[] = "\t\t\tdeny from all";
$f[] = "\t\t</FilesMatch>";
$f[] = "\tErrorDocument 400 /hotspot.html";
$f[] = "\tErrorDocument 401 /hotspot.html";
$f[] = "\tErrorDocument 403 /hotspot.html";
$f[] = "\tErrorDocument 404 /hotspot.html";
$f[] = "\tErrorDocument 500 /hotspot.html";
$f[] = "\tFallbackResource /hotspot.html";
$f[] = "\tOptions -Indexes";
$f[] = "\tSSLOptions +StdEnvVars";
$f[] = "\tAllowOverride All";
$f[] = "\tOrder allow,deny";
$f[] = "\tAllow from all";
$f[] = "</Directory>";
if ($EnableArticaApachePHPFPM == 1) {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Activate PHP5-FPM\n";
}
shell_exec("{$php} /usr/share/artica-postfix/exec.initslapd.php --phppfm");
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Restarting PHP5-FPM\n";
}
shell_exec("/etc/init.d/php5-fpm restart");
$f[] = "\tAlias /php5.fastcgi /var/run/artica-apache/php5.fastcgi";
$f[] = "\tAddHandler php-script .php";
$f[] = "\tFastCGIExternalServer /var/run/artica-apache/php5.fastcgi -socket /var/run/php-fpm.sock -idle-timeout 610";
$f[] = "\tAction php-script /php5.fastcgi virtual";
$f[] = "\t<Directory /var/run/artica-apache>";
$f[] = "\t\t<Files php5.fastcgi>";
$f[] = "\t\tOrder deny,allow";
$f[] = "\t\tAllow from all";
$f[] = "\t\t</Files>";
$f[] = "\t</Directory>";
} else {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} PHP5-FPM is disabled\n";
}
}
$f[] = "Loglevel debug";
$f[] = "ErrorLog {$ErrorLog}";
$f[] = "LogFormat \"%h %l %u %t \\\"%r\\\" %<s %b\" common";
$f[] = "CustomLog {$LogFilePath} common";
if ($EnableArticaApachePHPFPM == 0) {
$array["php5_module"] = "libphp5.so";
}
$array["actions_module"] = "mod_actions.so";
$array["expires_module"] = "mod_expires.so";
$array["rewrite_module"] = "mod_rewrite.so";
$array["dir_module"] = "mod_dir.so";
$array["mime_module"] = "mod_mime.so";
$array["alias_module"] = "mod_alias.so";
$array["auth_basic_module"] = "mod_auth_basic.so";
$array["authz_host_module"] = "mod_authz_host.so";
$array["autoindex_module"] = "mod_autoindex.so";
$array["negotiation_module"] = "mod_negotiation.so";
$array["ssl_module"] = "mod_ssl.so";
$array["headers_module"] = "mod_headers.so";
$array["ldap_module"] = "mod_ldap.so";
if ($Params["DOSEnable"] == 1) {
$array["evasive20_module"] = "mod_evasive20.so";
}
if ($EnableArticaApachePHPFPM == 1) {
$array["fastcgi_module"] = "mod_fastcgi.so";
}
if (is_dir("/etc/apache2")) {
if (!is_file("/etc/apache2/mime.types")) {
if ($apache_LOCATE_MIME_TYPES != "/etc/apache2/mime.types") {
@copy($apache_LOCATE_MIME_TYPES, "/etc/apache2/mime.types");
}
}
}
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Mime types path.......: {$apache_LOCATE_MIME_TYPES}\n";
}
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Modules path..........: {$APACHE_MODULES_PATH}\n";
}
while (list($module, $lib) = each($array)) {
if (is_file("{$APACHE_MODULES_PATH}/{$lib}")) {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} include module \"{$module}\"\n";
}
$f[] = "LoadModule {$module} {$APACHE_MODULES_PATH}/{$lib}";
} else {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} skip module \"{$module}\"\n";
}
}
}
build_error_page();
@file_put_contents("/etc/artica-postfix/hotspot-httpd.conf", @implode("\n", $f) . "\n");
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} /etc/artica-postfix/hotspot-httpd.conf done\n";
}
}
function build()
{
$unix = new unix();
$sock = new sockets();
$ClamavStreamMaxLength = $sock->GET_INFO("ClamavStreamMaxLength");
$ClamavMaxRecursion = $sock->GET_INFO("ClamavMaxRecursion");
$ClamavMaxFiles = $sock->GET_INFO("ClamavMaxFiles");
$PhishingScanURLs = $sock->GET_INFO("PhishingScanURLs");
$ClamavMaxScanSize = $sock->GET_INFO("ClamavMaxScanSize");
$ClamavMaxFileSize = $sock->GET_INFO("ClamavMaxFileSize");
$ClamavTemporaryDirectory = $sock->GET_INFO("ClamavTemporaryDirectory");
if ($ClamavTemporaryDirectory == null) {
$ClamavTemporaryDirectory = "/home/clamav";
}
if (!is_numeric($ClamavStreamMaxLength)) {
$ClamavStreamMaxLength = 12;
}
if (!is_numeric($ClamavMaxRecursion)) {
$ClamavMaxRecursion = 5;
}
if (!is_numeric($ClamavMaxFiles)) {
$ClamavMaxFiles = 10000;
}
if (!is_numeric($PhishingScanURLs)) {
$PhishingScanURLs = 1;
}
if (!is_numeric($ClamavMaxScanSize)) {
$ClamavMaxScanSize = 15;
}
if (!is_numeric($ClamavMaxFileSize)) {
$ClamavMaxFileSize = 20;
}
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} MaxFileSize: {$ClamavMaxFileSize}M\n";
}
$ClamUser = $unix->ClamUser();
$ClamavTemporaryDirectory2 = dirname($ClamavTemporaryDirectory);
$dirs[] = "/var/clamav";
$dirs[] = "/var/run/clamav";
$dirs[] = "/var/lib/clamav";
$dirs[] = "/var/log/clamav";
$dirs[] = $ClamavTemporaryDirectory;
$dirs[] = "/var/spool/postfix/var/run/clamav";
while (list($i, $directory) = each($dirs)) {
@mkdir($directory, 0755, true);
@chmod($directory, 0755);
@chown($directory, $ClamUser);
@chgrp($directory, $ClamUser);
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} Permissions on {$directory}\n";
}
$unix->chown_func($ClamUser, $ClamUser, $directory . "/*");
}
$f[] = "MilterSocket /var/spool/postfix/var/run/clamav/clamav-milter.ctl";
$f[] = "MilterSocketGroup postfix";
$f[] = "MilterSocketMode 777";
$f[] = "FixStaleSocket yes";
$f[] = "User postfix";
$f[] = "AllowSupplementaryGroups yes";
$f[] = "ReadTimeout 300";
$f[] = "Foreground yes";
$f[] = "PidFile /var/spool/postfix/var/run/clamav/clamav-milter.pid";
$f[] = "TemporaryDirectory {$ClamavTemporaryDirectory}";
$f[] = "ClamdSocket unix:/var/run/clamav/clamav.sock";
$f[] = "";
$f[] = "#LocalNet local";
$f[] = "#LocalNet 192.168.0.0/24";
$f[] = "#LocalNet 1111:2222:3333::/48";
$f[] = "#Whitelist /etc/whitelisted_addresses";
$f[] = "#SkipAuthenticated ^(tom|dick|henry)\$";
$f[] = "MaxFileSize {$ClamavMaxFileSize}M";
$f[] = "";
$f[] = "";
$f[] = "##";
$f[] = "## Actions";
$f[] = "##";
$f[] = "";
$f[] = "# The following group of options controls the delievery process under";
$f[] = "# different circumstances.";
$f[] = "# The following actions are available:";
$f[] = "# - Accept";
$f[] = "# The message is accepted for delievery";
$f[] = "# - Reject";
$f[] = "# Immediately refuse delievery (a 5xx error is returned to the peer)";
$f[] = "# - Defer";
$f[] = "# Return a temporary failure message (4xx) to the peer";
$f[] = "# - Blackhole (not available for OnFail)";
$f[] = "# Like Accept but the message is sent to oblivion";
$f[] = "# - Quarantine (not available for OnFail)";
$f[] = "# Like Accept but message is quarantined instead of being delivered";
$f[] = "#";
$f[] = "# NOTE: In Sendmail the quarantine queue can be examined via mailq -qQ";
$f[] = "# For Postfix this causes the message to be placed on hold";
$f[] = "# ";
$f[] = "# Action to be performed on clean messages (mostly useful for testing)";
$f[] = "# Default: Accept";
$f[] = "OnClean Accept";
$f[] = "OnInfected Reject";
$f[] = "OnFail Accept";
$f[] = "RejectMsg rejected %v";
$f[] = "AddHeader Add";
$f[] = "#ReportHostname my.mail.server.name";
$f[] = "#VirusAction /usr/local/bin/my_infected_message_handler";
$f[] = "LogSyslog yes";
$f[] = "LogFacility LOG_MAIL";
$f[] = "LogVerbose no";
$f[] = "#LogRotate yes";
$f[] = "#LogInfected Basic";
$f[] = "#LogClean Basic";
$f[] = "#SupportMultipleRecipients yes";
$f[] = "";
@file_put_contents("/etc/clamav/clamav-milter.conf", @implode("\n", $f));
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} /etc/clamav/clamav-milter.conf done\n";
}
$main = new main_cf();
$postfix_hash = $main->BuildMilters(true);
$postconf = $unix->find_program("postconf");
while (list($key, $value) = each($postfix_hash)) {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} adding Postfix parameter: {$key} for {$value}\n";
}
shell_exec("{$postconf} -e \"{$key}={$value}\"");
}
}
function extract_tgz($uuid)
{
$unix = new unix();
$workingdir = "/usr/share/artica-postfix/ressources/conf/meta/hosts/uploaded/{$uuid}";
if (is_file("{$workingdir}/status.tgz")) {
$tar = $unix->find_program("tar");
shell_exec("{$tar} -xf {$workingdir}/status.tgz -C {$workingdir}/");
@unlink("{$workingdir}/status.tgz");
}
$unix->chown_func($unix->APACHE_SRC_ACCOUNT(), $unix->APACHE_SRC_GROUP(), "{$workingdir}/*");
if (is_file("{$workingdir}/squid_admin_mysql.db")) {
$q = new mysql_meta();
if (!$q->TABLE_EXISTS("squid_admin_mysql")) {
$q->CheckTables();
}
$data = trim(@file_get_contents("{$workingdir}/squid_admin_mysql.db"));
if ($data != null) {
$q->QUERY_SQL(@file_get_contents("{$workingdir}/squid_admin_mysql.db"));
if (!$q->ok) {
meta_admin_mysql(0, "Failed to import {$workingdir}/squid_admin_mysql.db", $q->mysql_error, __FILE__, __LINE__);
} else {
@unlink("{$workingdir}/squid_admin_mysql.db");
}
} else {
@unlink("{$workingdir}/squid_admin_mysql.db");
}
} else {
if ($GLOBALS["VERBOSE"]) {
echo "{$workingdir}/squid_admin_mysql.db ( no such file )\n";
}
}
if (is_file("{$workingdir}/network_hosts.db")) {
__network_hosts($uuid, "{$workingdir}/network_hosts.db");
} else {
if ($GLOBALS["VERBOSE"]) {
echo "{$workingdir}/network_hosts.db ( no such file )\n";
}
}
global_status_ini($uuid);
}
function execute_hourly()
{
$unix = new unix();
$pidFile = "/etc/artica-postfix/pids/" . basename(__FILE__) . "." . __FUNCTION__ . ".pid";
$pid = @file_get_contents($pidFile);
if ($unix->process_exists($pid, basename(__FILE__))) {
sargevents("execute_hourly(): {$pid} already running");
if ($GLOBALS["VERBOSE"]) {
echo " {$pid} already running\n";
}
die;
}
@file_put_contents($pidFile, getmypid());
$pidTime = "/etc/artica-postfix/pids/" . basename(__FILE__) . "." . __FUNCTION__ . ".time";
if ($GLOBALS["VERBOSE"]) {
echo "Time: {$pidTime}";
}
$pidTimeEx = $unix->file_time_min($pidTime);
if ($GLOBALS["VERBOSE"]) {
echo " {$pidTimeEx} mn";
}
if (!$GLOBALS["FORCE"]) {
if ($pidTimeEx < 60) {
sargevents("{$pidTime} = {$pidTimeEx}Mn require 60mn");
return;
}
}
@unlink($pidTime);
@file_put_contents($pidTime, time());
sarg_admin_events("Executing hourly task...", __FUNCTION__, __FILE__, __LINE__);
$t = time();
buildconf();
$unix = new unix();
$t = time();
$TODAY = date("d/m/Y");
$sock = new sockets();
$date = new DateTime();
$date->sub(new DateInterval('P1D'));
$YESTERDAY = $date->format("d/m/Y");
$LASTHOUR = date("H", time() - 3600);
$HOUR = date("H", time());
$nice = $unix->EXEC_NICE();
$sarg_bin = $unix->find_program("sarg");
$results[] = "Today: {$TODAY}";
$results[] = "Last Hour: {$LASTHOUR}";
$results[] = "Current Hour: {$LASTHOUR}";
$SargOutputDir = $sock->GET_INFO("SargOutputDir");
if ($SargOutputDir == null) {
$SargOutputDir = "/var/www/html/squid-reports";
}
$lighttpd_user = $unix->APACHE_SRC_ACCOUNT();
$results[] = "Output directory: {$SargOutputDir}\n";
$results[] = "Web service user: {$lighttpd_user}\n";
$results[] = "Sarg binary: {$sarg_bin}";
$results[] = "Nice command: {$nice}";
@mkdir("{$SargOutputDir}/daily", 0755, true);
$unix->chown_func($lighttpd_user, $lighttpd_user, "{$SargOutputDir}/*");
@mkdir("{$SargOutputDir}/hourly", 0755);
$squid = new squidbee();
if ($squid->is_auth()) {
$usersauth = true;
}
if ($usersauth) {
events("User authentification enabled");
$u = " -i ";
} else {
events("User authentification disabled");
}
$cmds[] = "{$nice}{$sarg_bin} {$u}-f /etc/squid3/sarg.conf";
$cmds[] = "-l /var/log/squid/access.log -o \"{$SargOutputDir}/hourly\" -z -d {$TODAY}-{$TODAY}";
$cmds[] = "-t \"{$LASTHOUR}:00-{$HOUR}:00\"";
buildconf();
$cmline = @implode(" ", $cmds);
sargevents("execute_hourly(): {$cmline}");
exec("{$cmline} 2>&1", $results);
$took = $unix->distanceOfTimeInWords($t, time());
sargevents("Hourly {$LASTHOUR}:00-{$HOUR}:00 report generated took: {$took}");
sarg_admin_events("Hourly {$LASTHOUR}:00-{$HOUR}:00 report generated took: {$took}\n" . @implode("\n", $results), __FUNCTION__, __FILE__, __LINE__, "sarg");
build_index_page();
$unix->chown_func($lighttpd_user, $lighttpd_user, "{$SargOutputDir}/*");
}
function CheckFilesAndSecurity()
{
$unix = new unix();
$f[] = "/etc/ziproxy";
while (list($num, $val) = each($f)) {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} checking \"{$val}\"\n";
}
if (!is_dir($val)) {
@mkdir($val, 0755, true);
}
$unix->chown_func("squid", "squid", "{$val}/*");
}
}
function MultiplesInstances_start($hostname, $ou)
{
$hostname = trim($hostname);
if ($hostname == null) {
if ($GLOBALS["VERBOSE"]) {
echo "{$GLOBALS["deflog_start"]} milter-greylist (" . __FUNCTION__ . ") return -> hostname is null\n";
}
return;
}
$unix = new unix();
echo "{$GLOBALS["deflog_start"]} milter-greylist hostname:{$hostname} OU:({$ou}) line: " . __LINE__ . "\n";
$main = new maincf_multi($hostname, $ou);
$array_filters = unserialize(base64_decode($main->GET_BIGDATA("PluginsEnabled")));
if ($array_filters["APP_MILTERGREYLIST"] == 0) {
$enabled = false;
}
$pid = MultiplesInstancesPID($hostname);
if ($unix->process_exists($pid)) {
echo "{$GLOBALS["deflog_start"]} milter-greylist {$hostname} already running PID {$pid}\n";
return;
}
echo "{$GLOBALS["deflog_start"]} milter-greylist hostname \"{$hostname}\" line: " . __LINE__ . "\n";
$bin_path = $unix->find_program("milter-greylist");
@mkdir("/var/spool/postfix/var/run/milter-greylist/{$hostname}", 0755, true);
@mkdir("/var/milter-greylist/{$hostname}", 666, true);
if (!is_file("/var/milter-greylist/{$hostname}/greylist.db")) {
@file_put_contents("/var/milter-greylist/{$hostname}/greylist.db", " ");
}
shell_exec("/bin/chmod 644 /var/milter-greylist/{$hostname}/greylist.db");
if (!is_file("/etc/milter-greylist/{$hostname}/greylist.conf")) {
echo "{$GLOBALS["deflog_start"]} milter-greylist {$hostname} /etc/milter-greylist/{$hostname}/greylist.conf does not exists\n";
MultiplesInstances($hostname, $ou);
return;
}
$cmdline = "{$bin_path} -P /var/spool/postfix/var/run/milter-greylist/{$hostname}/greylist.pid";
$cmdline = $cmdline . " -p /var/spool/postfix/var/run/milter-greylist/{$hostname}/greylist.sock";
$cmdline = $cmdline . " -d /var/milter-greylist/{$hostname}/greylist.db";
$cmdline = $cmdline . " -f /etc/milter-greylist/{$hostname}/greylist.conf";
if ($GLOBALS["VERBOSE"]) {
echo "{$GLOBALS["deflog_start"]} milter-greylist {$cmdline}\n";
}
system($cmdline);
for ($i = 0; $i < 20; $i++) {
$pid = MultiplesInstancesPID($hostname);
if ($unix->process_exists($pid)) {
echo "{$GLOBALS["deflog_start"]} milter-greylist {$hostname} started PID {$pid}\n";
break;
}
sleep(1);
}
$pid = MultiplesInstancesPID($hostname);
if ($unix->process_exists($pid)) {
$main->ConfigureMilters();
}
for ($i = 0; $i < 10; $i++) {
if (is_file("/var/spool/postfix/var/run/milter-greylist/{$hostname}/greylist.sock")) {
break;
}
echo "{$GLOBALS["deflog_start"]} milter-greylist waiting greylist.sock ({$i}/10)\n";
sleep(1);
}
@chown("/var/spool/postfix/var/run/milter-greylist", "postfix");
@chgrp("/var/spool/postfix/var/run/milter-greylist", "postfix");
@chown("/var/spool/postfix/var/run/milter-greylist/{$hostname}/greylist.sock", "postfix");
@chmod("/var/spool/postfix/var/run/milter-greylist/{$hostname}/greylist.sock", 0777);
@chmod("/var/spool/postfix/var/run/milter-greylist", 0755);
$unix->chown_func("postfix", "postfix", "/var/spool/postfix/var/run/milter-greylist/*");
$unix->chown_func("postfix", "postfix", "/var/spool/postfix/var/run/milter-greylist/{$hostname}");
$unix->chown_func("postfix", "postfix", "/var/spool/postfix/var/run/milter-greylist/{$hostname}/greylist.sock");
}
function build()
{
$unix = new unix();
@mkdir("/var/run/lighttpd", 0755, true);
@mkdir("/var/log/lighttpd", 0755, true);
$username = $unix->LIGHTTPD_USER();
$sock = new sockets();
$phpcgi = $unix->LIGHTTPD_PHP5_CGI_BIN_PATH();
$chown = $unix->find_program("chown");
$perlbin = $unix->find_program("perl");
$nohup = $unix->find_program("nohup");
$php = $unix->LOCATE_PHP5_BIN();
$PHP_STANDARD_MODE = true;
$SquidGuardApachePort = intval($sock->GET_INFO("SquidGuardApachePort"));
$SquidGuardApacheSSLPort = intval($sock->GET_INFO("SquidGuardApacheSSLPort"));
if ($SquidGuardApachePort == 0) {
$SquidGuardApachePort = 9020;
}
if ($SquidGuardApacheSSLPort == 0) {
$SquidGuardApacheSSLPort = 9025;
}
$SquidGuardWebSSLCertificate = $sock->GET_INFO("SquidGuardWebSSLCertificate");
@mkdir("/home/squid/error_page_sessions", 0755, true);
@mkdir("/home/squid/error_page_cache", 0755, true);
if ($username == null) {
$username = "******";
$unix->CreateUnixUser($username, $username, "lighttpd username");
}
if (preg_match("#^(.+?):(.+)#", $username, $re)) {
$username = $re[1];
$username = $re[1];
}
$SquidGuardStorageDir = $sock->GET_INFO("SquidGuardStorageDir");
@unlink("/var/log/lighttpd/squidguard-lighttpd-error.log");
@unlink("/var/log/lighttpd/squidguard-lighttpd.log");
if (!is_file("/var/log/lighttpd/squidguard-lighttpd.log")) {
@file_put_contents("/var/log/lighttpd/squidguard-lighttpd.log", "#");
}
if (!is_file("/var/log/lighttpd/squidguard-lighttpd-error.log")) {
@file_put_contents("/var/log/artica-postfix/lighttpd-error.log", "#");
}
$unix->chown_func($username, $username, "/var/log/lighttpd/squidguard-lighttpd.log");
$unix->chown_func($username, $username, "/var/log/lighttpd/squidguard-lighttpd-error.log");
$unix->chown_func($username, $username, "/home/squid/error_page_sessions");
$unix->chown_func($username, $username, "/home/squid/error_page_cache");
$unix->chown_func($username, $username, "/usr/share/artica-postfix/bin/install/squid/adzap/zaps/*");
@chmod("/var/log/lighttpd/squidguard-lighttpd-error.log", 0777);
@chmod("/var/log/lighttpd/squidguard-lighttpd.log", 0777);
if ($SquidGuardStorageDir == null) {
$SquidGuardStorageDir = "/home/artica/cache";
}
@mkdir($SquidGuardStorageDir, 0755, true);
$unix->chown_func($username, $username, $SquidGuardStorageDir);
$LighttpdUseUnixSocket = $sock->GET_INFO('LighttpdUseUnixSocket');
if (!is_numeric($LighttpdUseUnixSocket)) {
$LighttpdUseUnixSocket = 0;
}
$lighttpdPhpPort = $sock->GET_INFO('lighttpdPhpPort');
if (!is_numeric($lighttpdPhpPort)) {
$lighttpdPhpPort = 1808;
}
$LighttpdArticaMaxProcs = $sock->GET_INFO('LighttpdArticaMaxProcs');
if (!is_numeric($LighttpdArticaMaxProcs)) {
$LighttpdArticaMaxProcs = 0;
}
$LighttpdArticaMaxChildren = $sock->GET_INFO('LighttpdArticaMaxChildren');
if (!is_numeric($LighttpdArticaMaxChildren)) {
$LighttpdArticaMaxChildren = 0;
}
$LighttpdRunAsminimal = $sock->GET_INFO('LighttpdRunAsminimal');
if (!is_numeric($LighttpdRunAsminimal)) {
$LighttpdRunAsminimal = 0;
}
$PHP_FCGI_MAX_REQUESTS = $sock->GET_INFO('PHP_FCGI_MAX_REQUESTS');
if (!is_numeric($PHP_FCGI_MAX_REQUESTS)) {
$PHP_FCGI_MAX_REQUESTS = 200;
}
$EnablePHPFPM = $sock->GET_INFO('EnablePHPFPM');
if (!is_numeric($EnablePHPFPM)) {
$EnablePHPFPM = 0;
}
$EnableArticaApachePHPFPM = $sock->GET_INFO("EnableArticaApachePHPFPM");
if (!is_numeric($EnableArticaApachePHPFPM)) {
$EnableArticaApachePHPFPM = 0;
}
if ($EnableArticaApachePHPFPM == 0) {
$EnablePHPFPM = 0;
}
$PHP_STANDARD_MODE = true;
$phpcgi_path = $unix->LIGHTTPD_PHP5_CGI_BIN_PATH();
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} Run as: {$username}\n";
}
$PHP_FCGI_CHILDREN = 1;
$max_procs = 2;
if ($LighttpdArticaMaxProcs > 0) {
$max_procs = $LighttpdArticaMaxProcs;
}
if ($LighttpdArticaMaxChildren > 0) {
$HP_FCGI_CHILDREN = $LighttpdArticaMaxChildren;
}
if ($LighttpdRunAsminimal == 1) {
$max_procs = 2;
$PHP_FCGI_CHILDREN = 2;
}
$f[] = "#artica-postfix saved by artica lighttpd.conf";
$f[] = "";
$f[] = "server.modules = (";
$f[] = " \"mod_alias\",";
$f[] = " \"mod_access\",";
$f[] = " \"mod_accesslog\",";
$f[] = " \"mod_compress\",";
$f[] = " \"mod_fastcgi\",";
$f[] = " \"mod_cgi\",";
$f[] = "\t \"mod_status\"";
$f[] = ")";
$f[] = "";
$f[] = "server.document-root = \"/usr/share/artica-postfix\"";
$f[] = "server.username = \"{$username}\"";
$f[] = "server.groupname = \"{$username}\"";
$f[] = "server.errorlog = \"/var/log/lighttpd/squidguard-lighttpd-error.log\"";
$f[] = "index-file.names = ( \"exec.squidguard.php\")";
$f[] = "";
$f[] = "mimetype.assign = (";
$f[] = " \".pdf\" => \"application/pdf\",";
$f[] = " \".sig\" => \"application/pgp-signature\",";
$f[] = " \".spl\" => \"application/futuresplash\",";
$f[] = " \".class\" => \"application/octet-stream\",";
$f[] = " \".ps\" => \"application/postscript\",";
$f[] = " \".torrent\" => \"application/x-bittorrent\",";
$f[] = " \".dvi\" => \"application/x-dvi\",";
$f[] = " \".gz\" => \"application/x-gzip\",";
$f[] = " \".pac\" => \"application/x-ns-proxy-autoconfig\",";
$f[] = " \".swf\" => \"application/x-shockwave-flash\",";
$f[] = " \".tar.gz\" => \"application/x-tgz\",";
$f[] = " \".tgz\" => \"application/x-tgz\",";
$f[] = " \".tar\" => \"application/x-tar\",";
$f[] = " \".zip\" => \"application/zip\",";
$f[] = " \".mp3\" => \"audio/mpeg\",";
$f[] = " \".m3u\" => \"audio/x-mpegurl\",";
$f[] = " \".wma\" => \"audio/x-ms-wma\",";
$f[] = " \".wax\" => \"audio/x-ms-wax\",";
$f[] = " \".ogg\" => \"application/ogg\",";
$f[] = " \".wav\" => \"audio/x-wav\",";
$f[] = " \".gif\" => \"image/gif\",";
$f[] = " \".jar\" => \"application/x-java-archive\",";
$f[] = " \".jpg\" => \"image/jpeg\",";
$f[] = " \".jpeg\" => \"image/jpeg\",";
$f[] = " \".png\" => \"image/png\",";
$f[] = " \".xbm\" => \"image/x-xbitmap\",";
$f[] = " \".xpm\" => \"image/x-xpixmap\",";
$f[] = " \".xwd\" => \"image/x-xwindowdump\",";
$f[] = " \".css\" => \"text/css\",";
$f[] = " \".html\" => \"text/html\",";
$f[] = " \".htm\" => \"text/html\",";
$f[] = " \".js\" => \"text/javascript\",";
$f[] = " \".asc\" => \"text/plain\",";
$f[] = " \".c\" => \"text/plain\",";
$f[] = " \".cpp\" => \"text/plain\",";
$f[] = " \".log\" => \"text/plain\",";
$f[] = " \".conf\" => \"text/plain\",";
$f[] = " \".text\" => \"text/plain\",";
$f[] = " \".txt\" => \"text/plain\",";
$f[] = " \".dtd\" => \"text/xml\",";
$f[] = " \".xml\" => \"text/xml\",";
$f[] = " \".mpeg\" => \"video/mpeg\",";
$f[] = " \".mpg\" => \"video/mpeg\",";
$f[] = " \".mov\" => \"video/quicktime\",";
$f[] = " \".qt\" => \"video/quicktime\",";
$f[] = " \".avi\" => \"video/x-msvideo\",";
$f[] = " \".asf\" => \"video/x-ms-asf\",";
$f[] = " \".asx\" => \"video/x-ms-asf\",";
$f[] = " \".wmv\" => \"video/x-ms-wmv\",";
$f[] = " \".bz2\" => \"application/x-bzip\",";
$f[] = " \".tbz\" => \"application/x-bzip-compressed-tar\",";
$f[] = " \".tar.bz2\" => \"application/x-bzip-compressed-tar\",";
$f[] = " \"\" => \"application/octet-stream\",";
$f[] = " )";
$f[] = "";
$f[] = "";
$f[] = "accesslog.filename = \"/var/log/lighttpd/squidguard-lighttpd.log\"";
$f[] = "url.access-deny = ( \"~\", \".inc\",\".log\",\".ini\",\"ressources\",\"computers\",\"user-backup\",\"logon.php\",\"index.php\")";
$f[] = "";
$f[] = "static-file.exclude-extensions = ( \".php\", \".pl\", \".fcgi\" )";
$f[] = "server.port = {$SquidGuardApachePort}";
$f[] = "#server.bind = \"127.0.0.1\"";
$f[] = "server.error-handler-404 = \"/exec.squidguard.php\"";
$f[] = "#server.error-handler-404 = \"/error-handler.php\"";
$f[] = "server.pid-file = \"/var/run/lighttpd/squidguard-lighttpd.pid\"";
$f[] = "server.max-fds \t\t = 2048";
$f[] = "server.network-backend = \"write\"";
$f[] = "server.follow-symlink = \"enable\"";
$f[] = "";
$f[] = '';
$f[] = "\$SERVER[\"socket\"]== \":{$SquidGuardApacheSSLPort}\" {";
$f[] = "\tssl.engine = \"enable\"";
$cert = new lighttpd_certificate($SquidGuardWebSSLCertificate);
$f[] = $cert->build();
$f[] = "ssl.cipher-list=\"ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM:+SSLv3\"";
$f[] = "}";
if (!is_file("/opt/artica/ssl/certs/lighttpd.pem")) {
@chmod("/usr/share/artica-postfix/bin/artica-install", 0755);
shell_exec("/usr/share/artica-postfix/bin/artica-install -lighttpd-cert");
}
//
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} Listen on: {$SquidGuardApachePort}\n";
}
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} Listen on: {$SquidGuardApacheSSLPort} SSL\n";
}
$phpfpm = $unix->find_program('php5-fpm');
if (!is_file($phpfpm)) {
$phpfpm = $unix->find_program('php-fpm');
}
if (is_file($phpfpm)) {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} PHP-FPM is installed\n";
}
if ($EnablePHPFPM == 1) {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} PHP-FPM is enabled\n";
}
$PHP_STANDARD_MODE = false;
$f[] = 'fastcgi.server = ( ".php" =>((';
$f[] = ' "socket" => "/var/run/php-fpm.sock",';
}
}
if ($PHP_STANDARD_MODE) {
$f[] = 'fastcgi.server = ( ".php" =>((';
$f[] = ' "bin-path" => "/usr/bin/php-cgi",';
if ($LighttpdUseUnixSocket == 1) {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} Fast-cgi server unix socket mode\n";
}
$f[] = ' "socket" => "/var/run/lighttpd/php.socket" + var.PID,';
} else {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} Fast-cgi server socket 127.0.0.1:{$lighttpdPhpPort}\n";
}
$f[] = ' "host" => "127.0.0.1","port" =>' . $lighttpdPhpPort . ',';
}
}
$f[] = ' "max-procs" => ' . $max_procs . ',';
$f[] = ' "idle-timeout" => 10,';
$f[] = ' "bin-environment" => (';
$f[] = ' "PHP_FCGI_CHILDREN" => "' . $PHP_FCGI_CHILDREN . '",';
$f[] = ' "PHP_FCGI_MAX_REQUESTS" => "' . $PHP_FCGI_MAX_REQUESTS . '"';
$f[] = ' ),';
$f[] = ' "bin-copy-environment" => (';
$f[] = ' "PATH", "SHELL", "USER"';
$f[] = ' ),';
$f[] = ' "broken-scriptfilename" => "enable"';
$f[] = ' ))';
$f[] = ')';
$f[] = "alias.url += ( \"/css/\" => \"/usr/share/artica-postfix/css/\" )";
$f[] = "alias.url += ( \"/img/\" => \"/usr/share/artica-postfix/img/\" )";
$f[] = "alias.url += ( \"/js/\" => \"/usr/share/artica-postfix/js/\" )";
$f[] = "alias.url += ( \"/zaps/\" => \"/usr/share/artica-postfix/bin/install/squid/adzap/zaps/\" )";
$f[] = "";
$f[] = "cgi.assign= (";
$f[] = "\t\".pl\" => \"/usr/bin/perl\",";
$f[] = "\t\".php\" => \"/usr/bin/php-cgi\",";
$f[] = "\t\".py\" => \"/usr/bin/python\",";
$f[] = "\t\".cgi\" => \"/usr/bin/perl\",";
$f[] = ")";
@file_put_contents("/etc/artica-postfix/squidguard-lighttpd.conf", @implode("\n", $f));
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} squidguard-lighttpd.conf done.\n";
}
}
function start($aspid = false)
{
$unix = new unix();
$sock = new sockets();
$Masterbin = $unix->find_program("freshclam");
if (!is_file($Masterbin)) {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]}, clamd not installed\n";
}
return;
}
if (!$aspid) {
$pidfile = "/etc/artica-postfix/pids/" . basename(__FILE__) . "." . __FUNCTION__ . ".pid";
$pid = $unix->get_pid_from_file($pidfile);
if ($unix->process_exists($pid, basename(__FILE__))) {
$time = $unix->PROCCESS_TIME_MIN($pid);
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} Already Artica task running PID {$pid} since {$time}mn\n";
}
return;
}
@file_put_contents($pidfile, getmypid());
}
$pid = PID_NUM();
if ($unix->process_exists($pid)) {
$timepid = $unix->PROCCESS_TIME_MIN($pid);
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} Service already started {$pid} since {$timepid}Mn...\n";
}
return;
}
$EnableFreshClam = $sock->GET_INFO("EnableFreshClam");
if (!is_numeric($EnableFreshClam)) {
$EnableFreshClam = 0;
}
if ($EnableFreshClam == 0) {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} service disabled (see EnableFreshClam/EnableClamavDaemon)\n";
}
build_progress(110, "{starting} {APP_FRESHCLAM} {disabled}");
return;
}
$php5 = $unix->LOCATE_PHP5_BIN();
$nohup = $unix->find_program("nohup");
$aa_complain = $unix->find_program('aa-complain');
if (is_file($aa_complain)) {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} add {$Masterbin} Profile to AppArmor..\n";
}
shell_exec("{$aa_complain} {$Masterbin} >/dev/null 2>&1");
}
$ClamUser = $unix->ClamUser();
@chmod("/usr/share/artica-postfix/ressources/logs/web", 0777);
@mkdir("/var/clamav", 0755, true);
@mkdir("/var/run/clamav", 0755, true);
@mkdir("/var/lib/clamav", 0755, true);
@mkdir("/var/log/clamav", 0755, true);
$unix->chown_func("{$ClamUser}", "{$ClamUser}", "/var/clamav");
$unix->chown_func("{$ClamUser}", "{$ClamUser}", "/var/run/clamav");
$unix->chown_func("{$ClamUser}", "{$ClamUser}", "/var/lib/clamav");
$unix->chown_func("{$ClamUser}", "{$ClamUser}", "/var/log/clamav");
if (is_file("/var/log/clamav/freshclam.log")) {
$unix->chown_func("{$ClamUser}", "{$ClamUser}", "/var/log/clamav/freshclam.log");
}
build_progress(71, "{starting} {APP_FRESHCLAM}");
build();
build_progress(72, "{starting} {APP_FRESHCLAM}");
$cmd = "{$nohup} {$Masterbin} --daemon --config-file=/etc/clamav/freshclam.conf --pid=/var/run/clamav/freshclam.pid --user={$ClamUser} --log=/var/log/clamav/freshclam.log --on-update-execute=/usr/share/artica-postfix/exec.freshclam.updated.php >/dev/null 2>&1 &";
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} service\n";
}
shell_exec($cmd);
for ($i = 1; $i < 5; $i++) {
build_progress(72 + $i, "{starting} {APP_FRESHCLAM}");
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} waiting {$i}/5\n";
}
sleep(1);
$pid = PID_NUM();
if ($unix->process_exists($pid)) {
break;
}
}
build_progress(80, "{starting} {APP_FRESHCLAM}");
$pid = PID_NUM();
if ($unix->process_exists($pid)) {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} Success PID {$pid}\n";
}
return true;
} else {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} Failed\n";
}
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} {$cmd}\n";
}
build_progress(110, "{starting} {APP_FRESHCLAM} {failed}");
return false;
}
$pid = PID_NUM();
if (!$unix->process_exists($pid)) {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} Failed..\n";
}
build_progress(110, "{starting} {APP_FRESHCLAM} {failed}");
}
}
function apache_config()
{
$sock = new sockets();
$unix = new unix();
$EnablePHPFPM = 0;
$ipaddr = null;
@mkdir("/var/run/apache2", 0755, true);
@mkdir("/var/run/sarg-apache", 0755, true);
@mkdir("/var/log/apache2", 0755, true);
@mkdir(dirname($GLOBALS["APACHE_PID_PATH"]), 0755, true);
$APACHE_SRC_ACCOUNT = $unix->APACHE_SRC_ACCOUNT();
$APACHE_SRC_GROUP = $unix->APACHE_SRC_GROUP();
$APACHE_MODULES_PATH = $unix->APACHE_MODULES_PATH();
$SargOutputDir = $sock->GET_INFO("SargOutputDir");
if ($SargOutputDir == null) {
$SargOutputDir = "/var/www/html/squid-reports";
}
$SargWebPort = intval($sock->GET_INFO("SargWebPort"));
if ($SargWebPort == 0) {
$SargWebPort = rand(55600, 59000);
$sock->SET_INFO("SargWebPort", $SargWebPort);
}
if (is_link($SargOutputDir)) {
$SargOutputDir = @readlink($SargOutputDir);
}
@mkdir($SargOutputDir, 0755, true);
if (!is_file("{$SargOutputDir}/index.html")) {
$php = $unix->LOCATE_PHP5_BIN();
shell_exec("{$php} /usr/share/artica-postfix/exec.sarg.php --exec --force >/dev/null 2>&1 &");
}
if ($ipaddr == null) {
$ipaddr = "*";
}
$phpfpm = $unix->APACHE_LOCATE_PHP_FPM();
$php = $unix->LOCATE_PHP5_BIN();
$EnableArticaApachePHPFPM = $sock->GET_INFO("EnableArticaApachePHPFPM");
if (!is_numeric($EnableArticaApachePHPFPM)) {
$EnableArticaApachePHPFPM = 0;
}
if (!is_file($phpfpm)) {
$EnableArticaApachePHPFPM = 0;
}
$logfile = "/var/log/apache2/apache-sarg-access.log";
$ErrorLog = "/var/log/apache2/apache-sarg-error.log";
$unix->chown_func($APACHE_SRC_ACCOUNT, $APACHE_SRC_GROUP, "/var/run/sarg-apache");
$apache_LOCATE_MIME_TYPES = $unix->apache_LOCATE_MIME_TYPES();
if ($EnableArticaApachePHPFPM == 1) {
if (!is_file("{$APACHE_MODULES_PATH}/mod_fastcgi.so")) {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} mod_fastcgi.so is required to use PHP5-FPM\n";
}
$EnableArticaApachePHPFPM = 0;
}
}
if ($APACHE_SRC_ACCOUNT == null) {
$APACHE_SRC_ACCOUNT = "www-data";
$APACHE_SRC_GROUP = "www-data";
$unix->CreateUnixUser($APACHE_SRC_ACCOUNT, $APACHE_SRC_GROUP, "Apache username");
}
@unlink($ErrorLog);
@unlink($logfile);
if (!is_file("{$logfile}")) {
@touch("{$logfile}");
}
if (!is_file("{$ErrorLog}")) {
@touch("{$ErrorLog}");
}
$unix->chown_func($APACHE_SRC_ACCOUNT, $APACHE_SRC_GROUP, $ErrorLog);
$unix->chown_func($APACHE_SRC_ACCOUNT, $APACHE_SRC_GROUP, $logfile);
$unix->chown_func($APACHE_SRC_ACCOUNT, $APACHE_SRC_GROUP, "/var/run/sarg-apache");
$unix->chown_func($APACHE_SRC_ACCOUNT, $APACHE_SRC_GROUP, "/var/log/apache2");
$unix->chown_func($APACHE_SRC_ACCOUNT, $APACHE_SRC_GROUP, dirname($GLOBALS["APACHE_PID_PATH"]));
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Run as {$APACHE_SRC_ACCOUNT}:{$APACHE_SRC_GROUP}\n";
}
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} HTTP Port: {$ArticaSplashHotSpotPort} SSL Port: {$ArticaSplashHotSpotPortSSL}\n";
}
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} PHP-FPM: {$EnablePHPFPM}\n";
}
$f[] = "LockFile /var/run/apache2/sarg-artica-accept.lock";
$f[] = "PidFile {$GLOBALS["APACHE_PID_PATH"]}";
$f[] = "AcceptMutex flock";
$f[] = "DocumentRoot {$SargOutputDir}";
$f[] = "DirectoryIndex index.html";
$f[] = "ErrorDocument 400 /index.html";
$f[] = "ErrorDocument 401 /index.html";
$f[] = "ErrorDocument 403 /index.html";
$f[] = "ErrorDocument 404 /index.html";
$f[] = "ErrorDocument 500 /index.html";
$f[] = "NameVirtualHost {$ipaddr}:{$SargWebPort}";
$f[] = "Listen {$ipaddr}:{$SargWebPort}";
$f[] = "<VirtualHost {$ipaddr}:{$SargWebPort}>";
$f[] = "\tServerName {$ipaddr}";
$f[] = "\tDocumentRoot {$SargOutputDir}";
$f[] = "</VirtualHost>";
$f[] = "<IfModule mpm_prefork_module>";
$f[] = "</IfModule>";
$f[] = "<IfModule mpm_worker_module>";
$f[] = "\tMinSpareThreads 25";
$f[] = "\tMaxSpareThreads 75 ";
$f[] = "\tThreadLimit 64";
$f[] = "\tThreadsPerChild 25";
$f[] = "</IfModule>";
$f[] = "<IfModule mpm_event_module>";
$f[] = "\tMinSpareThreads 25";
$f[] = "\tMaxSpareThreads 75 ";
$f[] = "\tThreadLimit 64";
$f[] = "\tThreadsPerChild 25";
$f[] = "</IfModule>";
$f[] = "AccessFileName .htaccess";
$f[] = "<Files ~ \"^\\.ht\">";
$f[] = "\tOrder allow,deny";
$f[] = "\tDeny from all";
$f[] = "\tSatisfy all";
$f[] = "</Files>";
$f[] = "DefaultType text/plain";
$f[] = "HostnameLookups Off";
$f[] = "User\t\t\t\t {$APACHE_SRC_ACCOUNT}";
$f[] = "Group\t\t\t\t {$APACHE_SRC_GROUP}";
$f[] = "Timeout 300";
$f[] = "KeepAlive Off";
$f[] = "KeepAliveTimeout 15";
$f[] = "StartServers 1";
$f[] = "MaxClients 50";
$f[] = "MinSpareServers 2";
$f[] = "MaxSpareServers 5";
$f[] = "MaxRequestsPerChild 5000";
$f[] = "MaxKeepAliveRequests 100";
$f[] = "ServerName " . $unix->hostname_g();
$f[] = "<IfModule mod_mime.c>";
$f[] = "\tTypesConfig /etc/mime.types";
$f[] = "\tAddType application/x-compress .Z";
$f[] = "\tAddType application/x-gzip .gz .tgz";
$f[] = "\tAddType application/x-bzip2 .bz2";
$f[] = "\tAddType application/x-httpd-php .php .phtml";
$f[] = "\tAddType application/x-httpd-php-source .phps";
$f[] = "\tAddLanguage ca .ca";
$f[] = "\tAddLanguage cs .cz .cs";
$f[] = "\tAddLanguage da .dk";
$f[] = "\tAddLanguage de .de";
$f[] = "\tAddLanguage el .el";
$f[] = "\tAddLanguage en .en";
$f[] = "\tAddLanguage eo .eo";
$f[] = "\tRemoveType es";
$f[] = "\tAddLanguage es .es";
$f[] = "\tAddLanguage et .et";
$f[] = "\tAddLanguage fr .fr";
$f[] = "\tAddLanguage he .he";
$f[] = "\tAddLanguage hr .hr";
$f[] = "\tAddLanguage it .it";
$f[] = "\tAddLanguage ja .ja";
$f[] = "\tAddLanguage ko .ko";
$f[] = "\tAddLanguage ltz .ltz";
$f[] = "\tAddLanguage nl .nl";
$f[] = "\tAddLanguage nn .nn";
$f[] = "\tAddLanguage no .no";
$f[] = "\tAddLanguage pl .po";
$f[] = "\tAddLanguage pt .pt";
$f[] = "\tAddLanguage pt-BR .pt-br";
$f[] = "\tAddLanguage ru .ru";
$f[] = "\tAddLanguage sv .sv";
$f[] = "\tRemoveType tr";
$f[] = "\tAddLanguage tr .tr";
$f[] = "\tAddLanguage zh-CN .zh-cn";
$f[] = "\tAddLanguage zh-TW .zh-tw";
$f[] = "\tAddCharset us-ascii .ascii .us-ascii";
$f[] = "\tAddCharset ISO-8859-1 .iso8859-1 .latin1";
$f[] = "\tAddCharset ISO-8859-2 .iso8859-2 .latin2 .cen";
$f[] = "\tAddCharset ISO-8859-3 .iso8859-3 .latin3";
$f[] = "\tAddCharset ISO-8859-4 .iso8859-4 .latin4";
$f[] = "\tAddCharset ISO-8859-5 .iso8859-5 .cyr .iso-ru";
$f[] = "\tAddCharset ISO-8859-6 .iso8859-6 .arb .arabic";
$f[] = "\tAddCharset ISO-8859-7 .iso8859-7 .grk .greek";
$f[] = "\tAddCharset ISO-8859-8 .iso8859-8 .heb .hebrew";
$f[] = "\tAddCharset ISO-8859-9 .iso8859-9 .latin5 .trk";
$f[] = "\tAddCharset ISO-8859-10 .iso8859-10 .latin6";
$f[] = "\tAddCharset ISO-8859-13 .iso8859-13";
$f[] = "\tAddCharset ISO-8859-14 .iso8859-14 .latin8";
$f[] = "\tAddCharset ISO-8859-15 .iso8859-15 .latin9";
$f[] = "\tAddCharset ISO-8859-16 .iso8859-16 .latin10";
$f[] = "\tAddCharset ISO-2022-JP .iso2022-jp .jis";
$f[] = "\tAddCharset ISO-2022-KR .iso2022-kr .kis";
$f[] = "\tAddCharset ISO-2022-CN .iso2022-cn .cis";
$f[] = "\tAddCharset Big5 .Big5 .big5 .b5";
$f[] = "\tAddCharset cn-Big5 .cn-big5";
$f[] = "\t# For russian, more than one charset is used (depends on client, mostly):";
$f[] = "\tAddCharset WINDOWS-1251 .cp-1251 .win-1251";
$f[] = "\tAddCharset CP866 .cp866";
$f[] = "\tAddCharset KOI8 .koi8";
$f[] = "\tAddCharset KOI8-E .koi8-e";
$f[] = "\tAddCharset KOI8-r .koi8-r .koi8-ru";
$f[] = "\tAddCharset KOI8-U .koi8-u";
$f[] = "\tAddCharset KOI8-ru .koi8-uk .ua";
$f[] = "\tAddCharset ISO-10646-UCS-2 .ucs2";
$f[] = "\tAddCharset ISO-10646-UCS-4 .ucs4";
$f[] = "\tAddCharset UTF-7 .utf7";
$f[] = "\tAddCharset UTF-8 .utf8";
$f[] = "\tAddCharset UTF-16 .utf16";
$f[] = "\tAddCharset UTF-16BE .utf16be";
$f[] = "\tAddCharset UTF-16LE .utf16le";
$f[] = "\tAddCharset UTF-32 .utf32";
$f[] = "\tAddCharset UTF-32BE .utf32be";
$f[] = "\tAddCharset UTF-32LE .utf32le";
$f[] = "\tAddCharset euc-cn .euc-cn";
$f[] = "\tAddCharset euc-gb .euc-gb";
$f[] = "\tAddCharset euc-jp .euc-jp";
$f[] = "\tAddCharset euc-kr .euc-kr";
$f[] = "\tAddCharset EUC-TW .euc-tw";
$f[] = "\tAddCharset gb2312 .gb2312 .gb";
$f[] = "\tAddCharset iso-10646-ucs-2 .ucs-2 .iso-10646-ucs-2";
$f[] = "\tAddCharset iso-10646-ucs-4 .ucs-4 .iso-10646-ucs-4";
$f[] = "\tAddCharset shift_jis .shift_jis .sjis";
$f[] = "\tAddType text/html .shtml";
$f[] = "\tAddOutputFilter INCLUDES .shtml";
$f[] = "</IfModule>";
//$f[]="Alias /index.php /usr/share/artica-postfix/hotspot.php";
//$f[]="Alias /index.html /usr/share/artica-postfix/hotspot.php";
$f[] = "<Directory \"{$SargOutputDir}\">";
$f[] = "\tDirectorySlash On";
$f[] = "\tDirectoryIndex index.html";
$f[] = "\t\t<Files \"hostpot.php\">";
$f[] = "\t\t\tOrder allow,deny";
$f[] = "\t\t\tallow from all";
$f[] = "\t\t</Files>";
$f[] = "\tErrorDocument 400 /index.html";
$f[] = "\tErrorDocument 401 /index.html";
$f[] = "\tErrorDocument 403 /index.html";
$f[] = "\tErrorDocument 404 /index.html";
$f[] = "\tErrorDocument 500 /index.html";
$f[] = "\tOptions -Indexes";
$f[] = "\tAllowOverride All";
$f[] = "\tOrder allow,deny";
$f[] = "\tAllow from all";
$f[] = "</Directory>";
$f[] = "Loglevel debug";
$f[] = "ErrorLog {$ErrorLog}";
$f[] = "LogFormat \"%h %l %u %t \\\"%r\\\" %<s %b\" common";
$f[] = "CustomLog {$logfile} common";
$array["actions_module"] = "mod_actions.so";
$array["expires_module"] = "mod_expires.so";
$array["rewrite_module"] = "mod_rewrite.so";
$array["dir_module"] = "mod_dir.so";
$array["mime_module"] = "mod_mime.so";
$array["alias_module"] = "mod_alias.so";
$array["auth_basic_module"] = "mod_auth_basic.so";
$array["authz_host_module"] = "mod_authz_host.so";
$array["autoindex_module"] = "mod_autoindex.so";
$array["negotiation_module"] = "mod_negotiation.so";
$array["headers_module"] = "mod_headers.so";
//$array["ldap_module"]="mod_ldap.so";
if (is_dir("/etc/apache2")) {
if (!is_file("/etc/apache2/mime.types")) {
if ($apache_LOCATE_MIME_TYPES != "/etc/apache2/mime.types") {
@copy($apache_LOCATE_MIME_TYPES, "/etc/apache2/mime.types");
}
}
}
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Mime types path.......: {$apache_LOCATE_MIME_TYPES}\n";
}
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Modules path..........: {$APACHE_MODULES_PATH}\n";
}
while (list($module, $lib) = each($array)) {
if (is_file("{$APACHE_MODULES_PATH}/{$lib}")) {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} include module \"{$module}\"\n";
}
$f[] = "LoadModule {$module} {$APACHE_MODULES_PATH}/{$lib}";
} else {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} skip module \"{$module}\"\n";
}
}
}
@file_put_contents($GLOBALS["APACHE_CONFIG_PATH"], @implode("\n", $f));
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} {$GLOBALS["APACHE_CONFIG_PATH"]} done\n";
}
}
function build($OnlySingle = false)
{
if (isset($GLOBALS[__FILE__ . __FUNCTION__])) {
return;
}
$GLOBALS[__FILE__ . __FUNCTION__] = true;
$unix = new unix();
$php5 = $unix->LOCATE_PHP5_BIN();
shell_exec("/etc/init.d/mysql start");
build_progress("{building_main_settings}", 10);
if ($unix->SQUID_GET_LISTEN_PORT() == 80) {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: Squid listen 80, ports conflicts, change it\n";
}
shell_exec("{$php5} /usr/share/artica-postfix/exec.squid.php --build --force");
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: Restarting Squid-cache..\n";
}
shell_exec("/etc/init.d/squid restart --script=" . basename(__FILE__));
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: done...\n";
}
}
if ($unix->SQUID_GET_LISTEN_SSL_PORT() == 443) {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: Squid listen 443, ports conflicts, change it\n";
}
shell_exec("{$php5} /usr/share/artica-postfix/exec.squid.php --build --force");
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: Restarting Squid-cache..\n";
}
shell_exec("/etc/init.d/squid restart --script=" . basename(__FILE__));
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: done...\n";
}
}
$reconfigured = false;
if ($unix->APACHE_GET_LISTEN_PORT() == 80) {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: Apache listen 80, ports conflicts, change it\n";
}
shell_exec("{$php5} /usr/share/artica-postfix/exec.freeweb.php --build --force");
shell_exec("{$php5} /usr/share/artica-postfix/exec.freeweb.php --stop --force");
shell_exec("{$php5} /usr/share/artica-postfix/exec.freeweb.php --start --force");
$reconfigured = true;
}
if (!$reconfigured) {
if ($unix->APACHE_GET_LISTEN_PORT() == 443) {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: Apache listen 443, ports conflicts, change it\n";
}
shell_exec("{$php5} /usr/share/artica-postfix/exec.freeweb.php --build --force");
}
}
$APACHE_USER = $unix->APACHE_SRC_ACCOUNT();
$APACHE_SRC_GROUP = $unix->APACHE_SRC_GROUP();
$NginxProxyStorePath = "/home/nginx";
@mkdir("/etc/nginx/sites-enabled", 0755, true);
@mkdir("/etc/nginx/local-sites", 0755, true);
@mkdir("/etc/nginx/local-sslsites", 0755, true);
@mkdir($NginxProxyStorePath, 0755, true);
@mkdir($NginxProxyStorePath . "/tmp", 0755, true);
@mkdir($NginxProxyStorePath . "/disk", 0755, true);
@mkdir("/var/lib/nginx/fastcgi", 0755, true);
@mkdir("/home/nginx/tmp", 0755, true);
$Tempdir = $unix->TEMP_DIR() . "/nginx";
@mkdir($Tempdir, 0755, true);
$unix->chown_func($APACHE_USER, $APACHE_SRC_GROUP, $NginxProxyStorePath);
$unix->chown_func($APACHE_USER, $APACHE_SRC_GROUP, "/etc/nginx/sites-enabled");
$unix->chown_func($APACHE_USER, $APACHE_SRC_GROUP, $NginxProxyStorePath . "/tmp");
$unix->chown_func($APACHE_USER, $APACHE_SRC_GROUP, $NginxProxyStorePath . "/disk");
$unix->chown_func($APACHE_USER, $APACHE_SRC_GROUP, "/var/lib/nginx/fastcgi");
$unix->chown_func($APACHE_USER, $APACHE_SRC_GROUP, $Tempdir);
nginx_ulimit();
$workers = $unix->CPU_NUMBER();
build_progress("Building configuration", 15);
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: Running {$APACHE_USER}:{$APACHE_SRC_GROUP}..\n";
}
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: Running {$workers} worker(s)..\n";
}
if (is_file("/etc/nginx/sites-enabled/default")) {
@unlink("/etc/nginx/sites-enabled/default");
}
if (is_link("/etc/nginx/sites-enabled/default")) {
@unlink("/etc/nginx/sites-enabled/default");
}
if (is_link("/etc/nginx/conf.d/example_ssl.conf")) {
@unlink("/etc/nginx/conf.d/example_ssl.conf");
}
$limit = 4096 * $workers;
if ($limit > 65535) {
$limit = 65535;
}
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: Nginx, Running limit of {$limit} open files\n";
}
$L = explode("\n", @file_get_contents("/etc/security/limits.conf"));
$FOUNDL = false;
$T = array();
while (list($index, $line) = each($L)) {
$line = trim($line);
if (trim($line) == null) {
continue;
}
if (substr($line, 0, 1) == "#") {
continue;
}
if (preg_match("#^{$APACHE_USER}#", $line)) {
continue;
}
$T[] = $line;
}
if (!$FOUNDL) {
$T[] = "{$APACHE_USER} soft nofile {$limit}";
$T[] = "{$APACHE_USER} hard nofile {$limit}";
}
@file_put_contents("/etc/security/limits.conf", @implode("\n", $T) . "\n");
$L = array();
$T = array();
$MEMORY = $unix->MEM_TOTAL_INSTALLEE();
$server_names_hash_bucket_size = 128;
$worker_connections = 8192;
if ($MEMORY < 624288) {
$server_names_hash_bucket_size = 64;
$worker_connections = 1024;
$workers = 4;
}
$mail_protocols = mail_protocols();
//
$f[] = "# Builded on " . date("Y-m-d H:i:s");
$f[] = "user {$APACHE_USER};";
$f[] = "worker_processes {$workers};";
$nginx_version = nginx_version();
preg_match("#^([0-9])+\\.([0-9]+)\\.#", $nginx_version, $re);
$re[1] = intval($re[1]);
$re[2] = intval($re[2]);
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: Nginx, Major {$re[1]} Minor:{$re[2]}\n";
}
$syslog = false;
$f[] = "worker_rlimit_nofile 16384;";
$f[] = "timer_resolution 1ms;";
$f[] = "";
if ($re[1] > 0) {
if ($re[2] > 6) {
$f[] = "error_log syslog:server=127.0.0.1,facility=daemon info;";
$syslog = true;
}
}
$syslog = false;
if (!$syslog) {
$f[] = "error_log /var/log/nginx/error.log warn;";
}
$f[] = "pid /var/run/nginx.pid;";
$f[] = "";
$f[] = "";
$f[] = "events {";
$f[] = " worker_connections {$worker_connections};";
$f[] = " multi_accept on;";
$f[] = " use epoll;";
$f[] = "\t accept_mutex_delay 1ms;";
$f[] = "}";
$upstream = new nginx_upstream();
$upstreams_servers = $upstream->build();
$f[] = "";
$f[] = "";
$f[] = "http {";
$f[] = "\tinclude /etc/nginx/mime.types;";
$f[] = "\tlog_format awc_log";
$f[] = "\t\t'[\$server_name] \$remote_addr - \$remote_user [\$time_local] \$request '";
$f[] = "\t\t'\"\$status\" \$body_bytes_sent \"\$http_referer\" '";
$f[] = "\t\t'\"\$http_user_agent\" \"\$http_x_forwarded_for\" [\$upstream_cache_status]';";
$f[] = "";
$f[] = "\tlimit_conn_zone \$binary_remote_addr zone=LimitCnx:10m;";
$q = new mysql_squid_builder();
$results = $q->QUERY_SQL("SELECT LimitReqs,servername FROM reverse_www WHERE LimitReqs > 0");
while ($ligne = mysql_fetch_array($results, MYSQL_ASSOC)) {
$servername = $ligne["servername"];
$ZoneName = str_replace(".", "", $servername);
$ZoneName = str_replace("-", "", $servername);
$ZoneName = str_replace("_", "", $servername);
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: Nginx, limit {$servername}/{$servername} {$ligne["LimitReqs"]}r/s\n";
}
$f[] = "\tlimit_req_zone \$binary_remote_addr zone={$ZoneName}:10m rate={$ligne["LimitReqs"]}r/s;";
}
$nginxClass = new nginx();
if ($nginxClass->IsSubstitutions()) {
//$f[]="\tsubs_filter_types text/html text/css text/xml;";
}
@mkdir($Tempdir, 0775, true);
@mkdir("/home/nginx/tmp", 0755, true);
$f[] = "\tlimit_conn_log_level info;";
$f[] = "\tclient_body_temp_path {$Tempdir} 1 2;";
$f[] = "\tclient_header_timeout 5s;";
$f[] = "\tclient_body_timeout 5s;";
$f[] = "\tsend_timeout 10m;";
$f[] = "\tconnection_pool_size 128k;";
$f[] = "\tclient_header_buffer_size 16k;";
$f[] = "\tlarge_client_header_buffers 1024 128k;";
$f[] = "\trequest_pool_size 128k;";
$f[] = "\tkeepalive_requests 1000;";
$f[] = "\tkeepalive_timeout 10;";
$f[] = "\tclient_max_body_size 10g;";
$f[] = "\tclient_body_buffer_size 1m;";
$f[] = "\tclient_body_in_single_buffer on;";
$f[] = "\topen_file_cache max=10000 inactive=300s;";
$f[] = "\treset_timedout_connection on;";
$f[] = "\ttypes_hash_max_size 8192;";
$f[] = "\tserver_names_hash_bucket_size 128;";
$f[] = "\tserver_names_hash_max_size 512;";
$f[] = "\tvariables_hash_max_size 512;";
$f[] = "\tvariables_hash_bucket_size 128;";
$f[] = "\tfastcgi_buffers 8 16k;";
$f[] = "\tfastcgi_buffer_size 32k;";
$f[] = "\tfastcgi_connect_timeout 300;";
$f[] = "\tfastcgi_send_timeout 300;";
$f[] = "\tfastcgi_read_timeout 300;";
$f[] = "map \$scheme \$server_https {";
$f[] = "default off;";
$f[] = "https on;";
$f[] = "}\t";
$f[] = "\tgzip on;";
$f[] = "\tgzip_disable msie6;";
$f[] = "\tgzip_static on;";
$f[] = "\tgzip_min_length 1100;";
$f[] = "\tgzip_buffers 16 8k;";
$f[] = "\tgzip_comp_level 9;";
$f[] = "\tgzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;";
$f[] = "\tgzip_vary on;";
$f[] = "\tgzip_proxied any;";
$f[] = "\toutput_buffers 1000 128k;";
$f[] = "\tpostpone_output 1460;";
$f[] = "\tsendfile on;";
$f[] = "\tsendfile_max_chunk 256k;";
$f[] = "\ttcp_nopush on;";
$f[] = "\ttcp_nodelay on;";
$f[] = "\tserver_tokens off;";
$dns = new resolv_conf();
$sock = new sockets();
if ($sock->dnsmasq_enabled()) {
$resolver[] = "127.0.0.1";
}
if ($dns->MainArray["DNS1"] != null) {
$resolver[] = $dns->MainArray["DNS1"];
}
if ($dns->MainArray["DNS2"] != null) {
$resolver[] = $dns->MainArray["DNS2"];
}
if ($dns->MainArray["DNS3"] != null) {
$resolver[] = $dns->MainArray["DNS3"];
}
$f[] = "\tresolver " . @implode(" ", $resolver) . ";";
$f[] = "\tignore_invalid_headers on;";
$f[] = "\tindex index.html;";
$f[] = "\tadd_header X-CDN \"Served by myself\";";
$q = new mysql_squid_builder();
$sql = "SELECT * FROM nginx_caches ORDER BY directory";
$results = $q->QUERY_SQL($sql);
while ($ligne = mysql_fetch_array($results, MYSQL_ASSOC)) {
$directory = $ligne["directory"];
@mkdir($directory, 0755, true);
$unix->chown_func("www-data", "www-data", $directory);
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: Nginx, cache `{$directory}`\n";
}
$f[] = "\tproxy_cache_path {$directory} levels={$ligne["levels"]} keys_zone={$ligne["keys_zone"]}:{$ligne["keys_zone_size"]}m max_size={$ligne["max_size"]}G inactive={$ligne["inactive"]} loader_files={$ligne["loader_files"]} loader_sleep={$ligne["loader_sleep"]} loader_threshold={$ligne["loader_threshold"]};";
}
$f[] = "\tproxy_temp_path {$NginxProxyStorePath}/tmp/ 1 2;";
$f[] = "\tproxy_cache_valid 404 10m;";
$f[] = "\tproxy_cache_valid 400 501 502 503 504 1m;";
$f[] = "\tproxy_cache_valid any 4320m;";
$f[] = "\tproxy_cache_use_stale updating invalid_header error timeout http_404 http_500 http_502 http_503 http_504;";
$f[] = "\tproxy_next_upstream error timeout invalid_header http_404 http_500 http_502 http_503 http_504;";
$f[] = "\tproxy_redirect off;";
$f[] = "\tproxy_set_header Host \$http_host;";
$f[] = "\tproxy_set_header Server Apache;";
$f[] = "\tproxy_set_header Connection Close;";
$f[] = "\tproxy_pass_header Set-Cookie;";
$f[] = "\tproxy_pass_header User-Agent;";
$f[] = "\tproxy_set_header X-Accel-Buffering on;";
$f[] = "\tproxy_hide_header X-CDN;";
$f[] = "\tproxy_hide_header X-Server;";
$f[] = "\tproxy_intercept_errors off;";
$f[] = "\tproxy_ignore_client_abort on;";
$f[] = "\tproxy_connect_timeout 60s;";
$f[] = "\tproxy_send_timeout 60s;";
$f[] = "\tproxy_read_timeout 150s;";
$f[] = "\tproxy_buffer_size 64k;";
$f[] = "\tproxy_buffers 16384 128k;";
$f[] = "\tproxy_busy_buffers_size 256k;";
$f[] = "\tproxy_temp_file_write_size 128k;";
$f[] = "\tproxy_headers_hash_bucket_size 128;";
$f[] = "\tproxy_cache_min_uses 0;";
$f[] = "";
$f[] = "{$upstreams_servers}";
$f[] = "\tinclude /etc/nginx/sites-enabled/*.conf;";
$f[] = "\tinclude /etc/nginx/local-sites/*.conf;";
$f[] = "\tinclude /etc/nginx/conf.d/*.conf;";
$f[] = "\t}";
$f[] = $mail_protocols;
$f[] = "";
@copy("/etc/nginx/nginx.conf", "/etc/nginx/nginx.bak");
@file_put_contents("/etc/nginx/nginx.conf", @implode("\n", $f));
if (!$OnlySingle) {
if ($GLOBALS["VERBOSE"]) {
echo __FUNCTION__ . "." . __LINE__ . ": OK...\n";
}
build_progress("Building default configuration", 10);
build_default(true);
build_localhosts();
if ($GLOBALS["VERBOSE"]) {
echo __FUNCTION__ . "." . __LINE__ . ": OK...\n";
}
} else {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: Nginx, Only single defined\n";
}
}
if ($GLOBALS["RECONFIGURE"]) {
$pid = PID_NUM();
if (is_numeric($pid)) {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: Nginx, reload pid {$pid}\n";
}
$kill = $unix->find_program("kill");
unix_system_HUP($pid);
} else {
start(true);
}
}
build_progress("Building configuration done", 10);
}
function TemplatesInMysql($aspid = false)
{
$unix = new unix();
$pidpath = "/etc/artica-postfix/pids/" . basename(__FILE__) . "." . __FUNCTION__ . ".pid";
$pidtime = "/etc/artica-postfix/pids/" . basename(__FILE__) . "." . __FUNCTION__ . ".time";
if (!$aspid) {
$pid = $unix->get_pid_from_file($pidpath);
if ($unix->process_exists($pid)) {
return;
}
}
@file_put_contents($pidpath, getmypid());
EventsWatchdog("writing /etc/artica-postfix/SQUID_TEMPLATE_DONE");
@file_put_contents("/etc/artica-postfix/SQUID_TEMPLATE_DONE", time());
@file_put_contents("/etc/artica-postfix/SQUID_TEMPLATE_DONEv2", time());
$sock = new sockets();
$SquidTemplateSimple = $sock->GET_INFO("SquidTemplateSimple");
if (!is_numeric($SquidTemplateSimple)) {
$SquidTemplateSimple = 1;
}
if ($SquidTemplateSimple == 1) {
$unix = new unix();
$php = $unix->LOCATE_PHP5_BIN();
$nohup = $unix->find_program("nohup");
$by = "--FUNC-" . __FUNCTION__ . "-L-" . __LINE__;
shell_exec("{$nohup} {$php} /usr/share/artica-postfix/exec.squid.templates.php {$by} >/dev/null 2>&1 &");
return;
}
$TimeExec = $unix->file_time_min($pidtime);
if (!$GLOBALS["FORCE"]) {
if ($TimeExec < 240) {
return;
}
}
$users = new usersMenus();
$sock = new sockets();
$EnableRemoteStatisticsAppliance = $sock->GET_INFO("EnableRemoteStatisticsAppliance");
$EnableWebProxyStatsAppliance = $sock->GET_INFO("EnableWebProxyStatsAppliance");
if (!is_numeric($EnableWebProxyStatsAppliance)) {
$EnableWebProxyStatsAppliance = 0;
}
if (!is_numeric($EnableRemoteStatisticsAppliance)) {
$EnableRemoteStatisticsAppliance = 0;
}
$UnlockWebStats = $sock->GET_INFO("UnlockWebStats");
if (!is_numeric($UnlockWebStats)) {
$UnlockWebStats = 0;
}
if ($UnlockWebStats == 1) {
$EnableRemoteStatisticsAppliance = 0;
}
if ($EnableRemoteStatisticsAppliance == 1) {
if (!$users->CORP_LICENSE) {
if (!is_file("/etc/artica-postfix/SQUID_TEMPLATE_DONE")) {
DefaultTemplatesInArtica();
return;
}
}
EventsWatchdog("Using the Web statistics appliance to get template files");
if ($GLOBALS["VERBOSE"]) {
echo "Use the Web statistics appliance to get template files...\n";
}
TemplatesInMysql_remote();
return;
}
@mkdir("/etc/artica-postfix", 0755, true);
$base = "/usr/share/squid-langpack";
@mkdir($base, 0755, true);
if (!is_dir("{$base}/templates")) {
@mkdir("{$base}/templates", 0755, true);
}
$headerTemp = @file_get_contents(dirname(__FILE__) . "/ressources/databases/squid.default.header.db");
$q = new mysql_squid_builder();
if (!$q->BD_CONNECT(true)) {
squid_admin_mysql(2, "Error, unable to connect to MySQL", __FILE__, __LINE__);
if (!$users->CORP_LICENSE) {
DefaultTemplatesInArtica();
}
return;
}
$sql = "CREATE TABLE IF NOT EXISTS `squidtpls` (\n\t\t\t `zmd5` CHAR(32) NOT NULL,\n\t\t\t `template_name` varchar(128) NOT NULL,\n\t\t\t `template_body` LONGTEXT NOT NULL,\n\t\t\t `template_header` LONGTEXT NOT NULL,\n\t\t\t `template_title` varchar(255) NOT NULL,\n\t\t\t `template_time` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,\n\t\t\t `template_link` smallint(1) NOT NULL,\n\t\t\t `template_uri` varchar(255) NOT NULL,\n\t\t\t `lang` varchar(5) NOT NULL,\n\t\t\t PRIMARY KEY (`zmd5`),\n\t\t\t KEY `template_name` (`template_name`,`lang`),\n\t\t\t KEY `template_title` (`template_title`),\n\t\t\t KEY `template_time` (`template_time`),\n\t\t\t KEY `template_link` (`template_link`),\n\t\t\t FULLTEXT KEY `template_body` (`template_body`)\n\t\t\t) ENGINE = MYISAM;";
$q->QUERY_SQL($sql);
if ($q->COUNT_ROWS("squidtpls") == 0) {
if (!is_file("/etc/artica-postfix/SQUID_TEMPLATE_DONE")) {
squid_admin_mysql(2, "Ask to build default templates squidtpls=0", null, __FILE__, __LINE__);
DefaultTemplatesInArtica();
}
}
if (!$users->CORP_LICENSE) {
if (!is_file("/etc/artica-postfix/SQUID_TEMPLATE_DONE")) {
squid_admin_mysql(2, "Ask to build default templates - no license -", null, __FILE__, __LINE__);
DefaultTemplatesInArtica();
return;
}
}
$sql = "SELECT * FROM squidtpls";
$results = $q->QUERY_SQL($sql);
if (!$q->ok) {
squid_admin_mysql(1, "MySQL Error on templates", $q->mysql_error, __FILE__, __LINE__);
ufdbguard_admin_events("Fatal,{$q->mysql_error}", __FUNCTION__, __FILE__, __LINE__, "proxy");
return;
}
$c = 0;
while ($ligne = mysql_fetch_assoc($results)) {
$ligne["template_header"] = stripslashes($ligne["template_header"]);
$ligne["template_title"] = stripslashes($ligne["template_title"]);
$ligne["template_body"] = stripslashes($ligne["template_body"]);
$template_name = $ligne["template_name"];
if ($ligne["template_link"] == 1) {
continue;
}
$header = trim($ligne["template_header"]);
if ($header == null) {
$header = $headerTemp;
}
if ($GLOBALS["VERBOSE"]) {
echo "Template: `{$template_name}`: {$ligne["template_title"]}\n";
}
if (!preg_match("#^ERR_.+#", $ligne["template_name"])) {
$ligne["template_name"] = "ERR_" . $ligne["template_name"];
}
$filename2 = null;
$ligne["template_body"] = utf8_encode($ligne["template_body"]);
$ligne["template_title"] = utf8_encode($ligne["template_title"]);
$filename = "{$base}/{$ligne["lang"]}/{$ligne["template_name"]}";
if ($ligne["lang"] == "en") {
$filename2 = "/usr/share/squid-langpack/templates/{$ligne["template_name"]}";
}
$newheader = str_replace("{TITLE}", $ligne["template_title"], $header);
$templateDatas = "{$newheader}{$ligne["template_body"]}</body></html>";
if ($GLOBALS["VERBOSE"]) {
echo "Template: `{$template_name}`: Path `{$filename}`\n";
}
if ($ligne["emptytpl"] == 1) {
$templateDatas = "<html><head></head><body></body></html>";
}
if ($GLOBALS["VERBOSE"]) {
echo "Template: `{$template_name}`: {$ligne["lang"]}\n";
}
if (is_numeric($ligne["lang"])) {
$ligne["lang"] = "en";
}
@mkdir(dirname($filename), 0755, true);
@file_put_contents($filename, $templateDatas);
if ($filename2 != null) {
@file_put_contents($filename2, $templateDatas);
$unix->chown_func("squid", "squid", "{$filename2}");
}
@file_put_contents("{$base}/{$ligne["lang"]}/{$ligne["template_name"]}", $templateDatas);
$unix->chown_func("squid", "squid", "{$base}/{$ligne["lang"]}/{$ligne["template_name"]}");
$unix->chown_func("squid", "squid", "{$filename}");
$c++;
if ($ligne["lang"] == "en") {
if ($GLOBALS["VERBOSE"]) {
echo "Writing {$base}/{$ligne["template_name"]}\n";
}
@file_put_contents("{$base}/{$ligne["template_name"]}", $templateDatas);
$unix->chown_func("squid:squid", null, "{$base}/templates/{$ligne["template_name"]}");
} else {
if (!IfTemplateExistsinEn($template_name)) {
@mkdir("{$base}/en", 0755, true);
@file_put_contents("{$base}/en/{$ligne["template_name"]}", $templateDatas);
$unix->chown_func("squid:squid", null, "{$base}/en/{$ligne["template_name"]}");
}
}
}
$sql = "SELECT * FROM squidtpls WHERE emptytpl=1";
$results = $q->QUERY_SQL($sql);
while ($ligne = mysql_fetch_assoc($results)) {
if (is_numeric($ligne["lang"])) {
$ligne["lang"] = "en";
}
if (!preg_match("#^ERR_.+#", $ligne["template_name"])) {
$ligne["template_name"] = "ERR_" . $ligne["template_name"];
}
$filename = "{$base}/{$ligne["lang"]}/{$ligne["template_name"]}";
$templateDatas = "<html><head></head><body></body></html>";
@mkdir(dirname($filename), 0755, true);
@file_put_contents($filename, $templateDatas);
@file_put_contents("{$base}/{$ligne["lang"]}/{$ligne["template_name"]}", $templateDatas);
$unix->chown_func("squid", "squid", "{$base}/{$ligne["lang"]}/{$ligne["template_name"]}");
$unix->chown_func("squid", "squid", "{$filename}");
}
$unix = new unix();
$tar = $unix->find_program("tar");
$unix->chown_func("squid", "squid", "{$base}/*");
chdir($base);
shell_exec("{$tar} -czf " . dirname(__FILE__) . "/ressources/databases/squid-lang-pack.tgz *");
if ($EnableWebProxyStatsAppliance == 1) {
if ($GLOBALS["VERBOSE"]) {
echo "-> notify_remote_proxys()\n";
}
notify_remote_proxys("SQUID_LANG_PACK");
if ($GLOBALS["VERBOSE"]) {
echo "This is a statistics appliance, aborting next step\n";
}
return;
}
squid_admin_mysql(2, "{$c} web pages templates saved", "no information", __FILE__, __LINE__);
Reload_Squid();
}