Esempio n. 1
0
function ApplyConfig($smooth = false)
{
    if (function_exists("WriteToSyslogMail")) {
        WriteToSyslogMail("Invoke ApplyConfig function", basename(__FILE__));
    }
    $unix = new unix();
    $ulimit = $unix->find_program("ulimit");
    if (is_file($ulimit)) {
        shell_exec("{$ulimit} -HSd unlimited");
    } else {
        echo "Starting......: " . date("H:i:s") . " [SYS]: Squid ulimit no such binary...\n";
    }
    echo "Starting......: " . date("H:i:s") . " [SYS]: Squid apply kernel settings\n";
    build_progress("{reconfigure} Kernel values", 46);
    kernel_values();
    echo "Starting......: " . date("H:i:s") . " [SYS]: Squid apply Checks security limits\n";
    build_progress("{reconfigure} Security limits", 47);
    security_limit();
    echo "Starting......: " . date("H:i:s") . " [SYS]: Squid Checking Remote appliances...\n";
    build_progress("{reconfigure} checks remote appliances", 48);
    remote_appliance_restore_tables();
    echo "Starting......: " . date("H:i:s") . " [SYS]: Squid Checking Remote appliances done...\n";
    $nohup = $unix->find_program("nohup");
    $php5 = $unix->LOCATE_PHP5_BIN();
    $squidbin = $unix->find_program("squid");
    $SQUID_CONFIG_PATH = $unix->SQUID_CONFIG_PATH();
    echo "Starting......: " . date("H:i:s") . " [SYS]: Squid loading libraires...\n";
    $sock = new sockets();
    $squid = new squidbee();
    if (!is_file($squidbin)) {
        $squidbin = $unix->find_program("squid3");
    }
    echo "Starting......: " . date("H:i:s") . " [SYS]: Squid binary: `{$squidbin}`\n";
    echo "Starting......: " . date("H:i:s") . " [SYS]: Squid Conf..: `{$SQUID_CONFIG_PATH}`\n";
    echo "Starting......: " . date("H:i:s") . " [SYS]: Squid php...: `{$php5}`\n";
    echo "Starting......: " . date("H:i:s") . " [SYS]: Squid nohup.: `{$nohup}`\n";
    $DenySquidWriteConf = $sock->GET_INFO("DenySquidWriteConf");
    if (!is_numeric($DenySquidWriteConf)) {
        $DenySquidWriteConf = 0;
    }
    echo "Starting......: " . date("H:i:s") . " [SYS]: Squid Checking `DenySquidWriteConf` = {$DenySquidWriteConf}\n";
    @copy("/etc/artica-postfix/settings/Daemons/SquidNudityScanParams", "/etc/squid3/SquidNudityScanParams");
    echo "Starting......: " . date("H:i:s") . " [SYS]: Squid Checking `NudeBooster`\n";
    build_progress("{reconfigure} Nude booster", 49);
    NudeBooster();
    if (!is_dir("/usr/share/squid-langpack")) {
        echo "Starting......: " . date("H:i:s") . " [SYS]: Squid Checking Templates from MySQL\n";
        $unix->THREAD_COMMAND_SET("{$php5} " . __FILE__ . " --tpl-save");
    }
    $EnableRemoteStatisticsAppliance = 0;
    echo "Starting......: " . date("H:i:s") . " [SYS]: Squid Build blocked Websites list...\n";
    build_progress("{reconfigure} Whitelisted browsers", 50);
    acl_whitelisted_browsers();
    build_progress("{reconfigure} allowed browsers", 51);
    acl_allowed_browsers();
    echo "Starting......: " . date("H:i:s") . " Checking wrapzap\n";
    build_progress("{reconfigure} wrapzap", 52);
    wrapzap();
    build_progress("{reconfigure} Mime.conf", 53);
    mime_conf();
    build_progress("{reconfigure} Blocked websites", 54);
    $squid->BuildBlockedSites();
    build_progress("{reconfigure} FTP clients ACLs", 55);
    acl_clients_ftp();
    build_progress("{reconfigure} Dynamic rules caches", 56);
    echo "Starting......: " . date("H:i:s") . " [SYS]: Dynamic rules caches...\n";
    dyn_caches();
    build_progress("{reconfigure} Webfiltering whitelisted", 57);
    echo "Starting......: " . date("H:i:s") . " [SYS]: Squid Build url_rewrite_access deny...\n";
    urlrewriteaccessdeny();
    echo "Starting......: " . date("H:i:s") . " [SYS]:Squid building main configuration done\n";
    if ($GLOBALS["NOAPPLY"]) {
        $DenySquidWriteConf = 0;
    }
    if ($DenySquidWriteConf == 0) {
        @mkdir("/tmp", 0755, true);
        $squid->CURRENT_PROGRESS = 79;
        $squid->MAX_PROGRESS = 79;
        $conf = $squid->BuildSquidConf();
        $conf = str_replace("\n\n", "\n", $conf);
        build_progress("{writing_configuration}", 79);
        @file_put_contents("/tmp/squid.conf", $conf);
        echo "Starting......: " . date("H:i:s") . " [SYS]: Squid Check validity of the configuration file with /tmp/squid.conf...\n";
        $GLOBALS["SQUID_PATTERN_ERROR"] = array();
        CheckConfig("/tmp/squid.conf");
        if (count($GLOBALS["SQUID_PATTERN_ERROR"]) > 0) {
            echo "Starting......: " . date("H:i:s") . " [SYS]: Some errors are detected and cleaned\n";
            squid_admin_mysql(1, "Some errors has been detected in settings", "Please check theses values:\n" . @implode("\n", $GLOBALS["SQUID_PATTERN_ERROR"]));
            $conf = @file_get_contents("/tmp/squid.conf");
        }
        exec("{$squidbin} -f /tmp/squid.conf -k parse 2>&1", $results);
        while (list($index, $ligne) = each($results)) {
            if (strpos($ligne, "| WARNING:") > 0) {
                continue;
            }
            if (preg_match("#ERROR: Failed#", $ligne)) {
                build_progress("{operation_failed} !!!", 110);
                echo "Starting......: " . date("H:i:s") . " [SYS]: Squid `{$ligne}`, aborting configuration, keep the old one...\n";
                echo "<div style='font-size:16px;font-weight:bold;color:#E71010'>{$ligne}</div>";
                $sock->TOP_NOTIFY("{$ligne}", "error");
                return;
            }
            if (preg_match("#Segmentation fault#", $ligne)) {
                build_progress("{operation_failed} Segmentation fault !!!", 110);
                echo "Starting......: " . date("H:i:s") . " [SYS]: Squid `{$ligne}`, aborting configuration, keep the old one...\n";
                echo "<div style='font-size:16px;font-weight:bold;color:#E71010'>{$ligne}</div>";
                $sock->TOP_NOTIFY("{$ligne}", "error");
                return;
            }
            if (preg_match("#(unrecognized|FATAL|Bungled)#", $ligne)) {
                build_progress("{operation_failed} Bungled !!!", 110);
                echo "Starting......: " . date("H:i:s") . " [SYS]: Squid `{$ligne}`, aborting configuration, keep the old one...\n";
                echo "<div style='font-size:16px;font-weight:bold;color:#E71010'>{$ligne}</div>";
                if (preg_match("#line ([0-9]+):#", $ligne, $ri)) {
                    $Buggedline = $ri[1];
                    $tt = explode("\n", @file_get_contents("/tmp/squid.conf"));
                    echo "<HR>";
                    for ($i = $Buggedline - 2; $i < $Buggedline + 2; $i++) {
                        $lineNumber = $i + 1;
                        $colorbugged = "black";
                        if (trim($tt[$i]) == null) {
                            continue;
                        }
                        if ($lineNumber == $Buggedline) {
                            $colorbugged = "#E71010";
                        }
                        echo "<div style='font-size:12px;font-weight:bold;color:{$colorbugged}'>[line:{$lineNumber}]: {$tt[$i]}</div>";
                    }
                }
                echo "<HR>";
                $sock->TOP_NOTIFY("{$ligne}", "error");
                return;
            }
            if (preg_match("#strtokFile:\\s+(.+?)\\s+not found#", $ligne, $re)) {
                $filename = trim($re[1]);
                echo "Starting......: " . date("H:i:s") . " [SYS]: Squid missing {$filename}, create an empty one\n";
                @mkdir(dirname($filename), 0755, true);
                @file_put_contents($filename, "");
                @chown($filename, "squid");
                @chgrp($filename, "squid");
                continue;
            }
            if (preg_match("#Processing:\\s+#", $ligne)) {
                continue;
            }
            if (preg_match("#Warning: empty ACL#", $ligne)) {
                continue;
            }
            if (preg_match("#searching predictable#", $ligne)) {
                continue;
            }
            if (preg_match("#is a subnetwork of#", $ligne)) {
                continue;
            }
            if (preg_match("#You should probably#", $ligne)) {
                continue;
            }
            if (preg_match("#Startup:\\s+#", $ligne)) {
                continue;
            }
            echo "Starting......: " . date("H:i:s") . " [SYS]: {$ligne}\n";
        }
        @file_put_contents("/etc/artica-postfix/settings/Daemons/GlobalSquidConf", $conf);
        echo "Starting......: " . date("H:i:s") . " [SYS]: Squid Check validity OK...\n";
        if ($GLOBALS["NOAPPLY"]) {
            echo "Starting......: " . date("H:i:s") . " [SYS]: WARNING \"NOAPPLY\" Artica is denied to apply settings...\n";
            return true;
        }
        echo "Starting......: " . date("H:i:s") . " [SYS]: Squid Writing configuration file \"{$SQUID_CONFIG_PATH}\" " . strlen($conf) . " bytes...\n";
        @file_put_contents($SQUID_CONFIG_PATH, $conf);
        @mkdir("/etc/squid3", 0755, true);
        if ($SQUID_CONFIG_PATH != "/etc/squid3/squid.conf") {
            @file_put_contents("/etc/squid3/squid.conf", $conf);
        }
        $sock->TOP_NOTIFY("{squid_parameters_was_saved}", "info");
        $cmd = $unix->LOCATE_PHP5_BIN() . " " . __FILE__ . " --templates --noreload";
        $unix->THREAD_COMMAND_SET($cmd);
    }
    build_progress("{checking}: squidclamav", 79);
    if (!$smooth) {
        squidclamav();
    }
    build_progress("{checking}: wrapzap", 79);
    if (!$smooth) {
        wrapzap();
    }
    build_progress("{checking}: Cerificates", 79);
    if (!$smooth) {
        certificate_generate();
    }
    $cmd = $nohup . " " . $unix->LOCATE_PHP5_BIN() . " " . __FILE__ . " --cache-infos --force >/dev/null 2>&1 &";
    if ($GLOBALS["VERBOSE"]) {
        echo "{$cmd}\n";
    }
    shell_exec($cmd);
    shell_exec("{$nohup} {$php5} /usr/share/artica-postfix/exec.syslog-engine.php --rsylogd >/dev/null 2>&1 &");
    shell_exec("{$nohup} {$php5} /usr/share/artica-postfix/exec.squid.watchdog.php --init >/dev/null 2>&1 &");
    if (!$smooth) {
        build_progress("{checking}: Check Files And Security", 79);
        CheckFilesAndSecurity();
    }
    return true;
}
Esempio n. 2
0
function ApplyConfig()
{
    $unix = new unix();
    $squid = new squidbee();
    writelogs("->BuildBlockedSites", __FUNCTION__, __FILE__, __LINE__);
    $squid->BuildBlockedSites();
    acl_clients_ftp();
    acl_whitelisted_browsers();
    acl_allowed_browsers();
    $SQUID_CONFIG_PATH = $unix->SQUID_CONFIG_PATH();
    if (!is_file($SQUID_CONFIG_PATH)) {
        writelogs("Unable to stat squid configuration file \"{$SQUID_CONFIG_PATH}\"", __FUNCTION__, __FILE__, __LINE__);
        return;
    }
    echo "Starting......: Squid building main configuration done\n";
    $squid = new squidbee();
    $conf = $squid->BuildSquidConf();
    @file_put_contents("/etc/artica-postfix/settings/Daemons/GlobalSquidConf", $conf);
    @file_put_contents($SQUID_CONFIG_PATH, $conf);
    if ($squid->EnableKerbAuth) {
        shell_exec($unix->LOCATE_PHP5_BIN() . " " . dirname(__FILE__) . "/exec.kerbauth.php --build");
    }
    squidclamav();
    wrapzap();
    certificate_generate();
    SQUID_TEMPLATES();
    CheckFilesAndSecurity();
}
Esempio n. 3
0
function ApplyConfig($smooth = false)
{
    if (function_exists("WriteToSyslogMail")) {
        WriteToSyslogMail("Invoke ApplyConfig function", basename(__FILE__));
    }
    $unix = new unix();
    $ulimit = $unix->find_program("ulimit");
    if (is_file($ulimit)) {
        shell_exec("{$ulimit} -HSd unlimited");
    } else {
        echo "Starting......: " . date("H:i:s") . " [SYS]: Squid ulimit no such binary...\n";
    }
    echo "Starting......: " . date("H:i:s") . " [SYS]: Squid apply kernel settings\n";
    build_progress("{reconfigure} Kernel values", 46);
    kernel_values();
    echo "Starting......: " . date("H:i:s") . " [SYS]: Squid apply Checks security limits\n";
    build_progress("{reconfigure} Security limits", 47);
    security_limit();
    echo "Starting......: " . date("H:i:s") . " [SYS]: Squid Checking Remote appliances...\n";
    build_progress("{reconfigure} checks remote appliances", 48);
    remote_appliance_restore_tables();
    echo "Starting......: " . date("H:i:s") . " [SYS]: Squid Checking Remote appliances done...\n";
    $nohup = $unix->find_program("nohup");
    $php5 = $unix->LOCATE_PHP5_BIN();
    $squidbin = $unix->find_program("squid");
    $SQUID_CONFIG_PATH = $unix->SQUID_CONFIG_PATH();
    echo "Starting......: " . date("H:i:s") . " [SYS]: Squid loading libraires...\n";
    $sock = new sockets();
    $squid = new squidbee();
    if (!is_file($squidbin)) {
        $squidbin = $unix->find_program("squid3");
    }
    echo "Starting......: " . date("H:i:s") . " [SYS]: Squid binary: `{$squidbin}`\n";
    echo "Starting......: " . date("H:i:s") . " [SYS]: Squid Conf..: `{$SQUID_CONFIG_PATH}`\n";
    echo "Starting......: " . date("H:i:s") . " [SYS]: Squid php...: `{$php5}`\n";
    echo "Starting......: " . date("H:i:s") . " [SYS]: Squid nohup.: `{$nohup}`\n";
    $DenySquidWriteConf = $sock->GET_INFO("DenySquidWriteConf");
    if (!is_numeric($DenySquidWriteConf)) {
        $DenySquidWriteConf = 0;
    }
    echo "Starting......: " . date("H:i:s") . " [SYS]: Squid Checking `DenySquidWriteConf` = {$DenySquidWriteConf}\n";
    @copy("/etc/artica-postfix/settings/Daemons/SquidNudityScanParams", "/etc/squid3/SquidNudityScanParams");
    echo "Starting......: " . date("H:i:s") . " [SYS]: Squid Checking `NudeBooster`\n";
    build_progress("{reconfigure} Nude booster", 49);
    NudeBooster();
    if (!is_dir("/usr/share/squid-langpack")) {
        echo "Starting......: " . date("H:i:s") . " [SYS]: Squid Checking Templates from MySQL\n";
        $unix->THREAD_COMMAND_SET("{$php5} " . __FILE__ . " --tpl-save");
    }
    $EnableRemoteStatisticsAppliance = 0;
    echo "Starting......: " . date("H:i:s") . " [SYS]: Squid Build blocked Websites list...\n";
    if (!is_dir("/etc/squid3/artica-meta")) {
        @mkdir("/etc/squid3/artica-meta", 0755, true);
    }
    if (!is_file("/etc/squid3/artica-meta/whitelist-net.db")) {
        @touch("/etc/squid3/artica-meta/whitelist-net.db");
    }
    if (!is_file("/etc/squid3/artica-meta/whitelist-domains.db")) {
        @touch("/etc/squid3/artica-meta/whitelist-domains.db");
    }
    build_progress("{reconfigure} Whitelisted browsers", 50);
    acl_whitelisted_browsers();
    build_progress("{reconfigure} allowed browsers", 51);
    acl_allowed_browsers();
    echo "Starting......: " . date("H:i:s") . " Checking wrapzap\n";
    build_progress("{reconfigure} wrapzap", 52);
    wrapzap();
    build_progress("{reconfigure} Mime.conf", 53);
    mime_conf();
    build_progress("{reconfigure} Blocked websites", 54);
    $squid->BuildBlockedSites();
    build_progress("{reconfigure} FTP clients ACLs", 55);
    acl_clients_ftp();
    build_progress("{checking_wccp_mode}", 55);
    system("{$php5} /usr/share/artica-postfix/exec.squid.wccp.php --squid");
    build_progress("{reconfigure} Dynamic rules caches", 56);
    echo "Starting......: " . date("H:i:s") . " [SYS]: Dynamic rules caches...\n";
    dyn_caches();
    build_progress("{reconfigure} Webfiltering whitelisted", 57);
    echo "Starting......: " . date("H:i:s") . " [SYS]: Squid Build url_rewrite_access deny...\n";
    urlrewriteaccessdeny();
    echo "Starting......: " . date("H:i:s") . " [SYS]:Squid building main configuration done\n";
    build_progress("{reconfigure} Check files and security", 58);
    CheckFilesAndSecurity();
    $tar = $unix->find_program("tar");
    if ($GLOBALS["NOAPPLY"]) {
        $DenySquidWriteConf = 0;
    }
    if ($DenySquidWriteConf == 0) {
        @mkdir("/tmp", 0755, true);
        $squid->CURRENT_PROGRESS = 79;
        $squid->MAX_PROGRESS = 79;
        $conf = $squid->BuildSquidConf();
        $conf = str_replace("\n\n", "\n", $conf);
        build_progress("{writing_configuration}", 79);
        @file_put_contents("/tmp/squid.conf", $conf);
        echo "Starting......: " . date("H:i:s") . " [SYS]: Squid Check validity of the configuration file with /tmp/squid.conf...\n";
        $GLOBALS["SQUID_PATTERN_ERROR"] = array();
        $squid_checks = new squid_checks("/tmp/squid.conf");
        if (!$squid_checks->squid_parse()) {
            build_progress("{checking}: {failed}", 110);
            return;
        }
        echo "Starting......: " . date("H:i:s") . " [SYS]: Squid Check validity OK...\n";
        if ($GLOBALS["NOAPPLY"]) {
            echo "Starting......: " . date("H:i:s") . " [SYS]: WARNING \"NOAPPLY\" Artica is denied to apply settings...\n";
            return true;
        }
        echo "Starting......: " . date("H:i:s") . " [SYS]: Squid Writing configuration file \"{$SQUID_CONFIG_PATH}\" " . strlen($conf) . " bytes...\n";
        @file_put_contents($SQUID_CONFIG_PATH, $conf);
        @mkdir("/etc/squid3", 0755, true);
        if ($SQUID_CONFIG_PATH != "/etc/squid3/squid.conf") {
            @file_put_contents("/etc/squid3/squid.conf", $conf);
        }
        $sock->TOP_NOTIFY("{squid_parameters_was_saved}", "info");
        $cmd = $unix->LOCATE_PHP5_BIN() . " " . __FILE__ . " --templates --noreload";
        $unix->THREAD_COMMAND_SET($cmd);
    }
    build_progress("{checking}: squidclamav", 79);
    if (!$smooth) {
        squidclamav();
    }
    build_progress("{checking}: wrapzap", 79);
    if (!$smooth) {
        wrapzap();
    }
    build_progress("{checking}: Cerificates", 79);
    if (!$smooth) {
        certificate_generate();
    }
    $cmd = $nohup . " " . $unix->LOCATE_PHP5_BIN() . " " . __FILE__ . " --cache-infos --force >/dev/null 2>&1 &";
    if ($GLOBALS["VERBOSE"]) {
        echo "{$cmd}\n";
    }
    shell_exec($cmd);
    shell_exec("{$nohup} {$php5} /usr/share/artica-postfix/exec.syslog-engine.php --rsylogd >/dev/null 2>&1 &");
    if (!$smooth) {
        build_progress("{checking}: Check Files And Security", 79);
        CheckFilesAndSecurity();
    }
    if (is_file("/root/squid-good.tgz")) {
        @unlink("/root/squid-good.tgz");
    }
    chdir("/etc/squid3");
    shell_exec("cd /etc/squid3");
    shell_exec("tar -czf /root/squid-good.tgz *");
    chdir("/root");
    shell_exec("cd /root");
    return true;
}