function checkPhar() { global $thissvc, $v; // Check to see if we should restart if (pharChanged()) { // Something changed. fwLog("Change detected.\n"); // Generic boilerplate security code. $g = new \Sysadmin\GPG(); $dir = dirname(\Phar::running(false)); if (!$dir) { // This should never be run outside of a phar, but, who knows... $dir == __DIR__; } $sigfile = $dir . "/../module.sig"; $sig = $g->checkSig($sigfile); if (!isset($sig['config']['hash']) || $sig['config']['hash'] !== "sha256") { fwLog("Invalid sig file.. Hash is not sha256 - check {$sigfile}"); // We don't use SLEEP as PHP is easily confused. sigSleep(10); continue; } $v->updateSig($sig); try { $v->checkFile("hooks/firewall"); fwLog("Valid update! Restarting..."); Lock::unLock($thissvc); // Wait 1/2 a second to give incron a chance to catch up usleep(500000); // Restart me. fclose(fopen("/var/spool/asterisk/incron/firewall.firewall", "a")); exit; } catch (\Exception $e) { fwLog("Firewall tampered. Not restarting! " . $e->getMessage()); } } }
// Startup stats global $startup; error_reporting(E_ALL); $thisphar = \Phar::running(false); if (!$thisphar) { throw new \Exception("Not in a phar."); } // Record the startup stats so we can check if we've been modified, so we // know when to restart. $startup = array("filename" => $thisphar, "starthash" => hash_file('sha256', $thisphar)); // Save the mtime (modified timestamp) of the phar. $s = stat($thisphar); $startup['mtime'] = $s['mtime']; // Create the Validator object require '/usr/lib/sysadmin/includes.php'; $g = new \Sysadmin\GPG(); $sigfile = \Sysadmin\FreePBX::Config()->get('AMPWEBROOT') . "/admin/modules/firewall/module.sig"; $sig = $g->checkSig($sigfile); if (!isset($sig['config']['hash']) || $sig['config']['hash'] !== "sha256") { throw new \Exception("Invalid sig file.. Hash is not sha256 - check {$sigfile}"); } require 'validator.php'; $v = new \FreePBX\modules\Firewall\Validator($sig); // Global // Grab the driver for this machine $v->secureInclude('Driver.class.php'); $d = new \FreePBX\modules\Firewall\Driver(); $driver = $d->getDriver(); // End of 'common' functions. We can now return to the caller. return; // 'Check myself' function