function CleanCacheStores($aspid = false) { $unix = new unix(); $TimeFile = "/etc/artica-postfix/pids/" . basename(__FILE__) . "." . __FUNCTION__ . ".time"; $Pidfile = "/etc/artica-postfix/pids/" . basename(__FILE__) . "." . __FUNCTION__ . ".pid"; if (!$GLOBALS["FORCE"]) { $timefile = $unix->file_time_min($TimeFile); if ($timefile < 60) { return; } } if ($aspid) { $pid = $unix->get_pid_from_file($Pidfile); if ($unix->process_exists($pid, basename(__FILE__))) { return; } @file_put_contents($Pidfile, getmypid()); } @unlink($TimeFile); @file_put_contents($TimeFile, getmypid()); $users = new usersMenus(); if (!$users->SQUID_INSTALLED) { if ($GLOBALS["VERBOSE"]) { echo "Squid is not installed...\n"; } return; } $rm = $unix->find_program("rm"); $f = file("/etc/squid3/squid.conf"); while (list($index, $line) = each($f)) { if (preg_match("#^cache_dir\\s+(.*?)\\s+(.+?)\\s+#", $line, $re)) { if ($GLOBALS["VERBOSE"]) { echo "Found Cache `{$re[2]}`\n"; } $effective[$re[2]] = true; } } $dirs = $unix->dirdir("/var/cache"); while (list($directory, $line) = each($dirs)) { if (isset($effective[$directory])) { if ($GLOBALS["VERBOSE"]) { echo "Checking Directory {$directory} is used by squid...\n"; } continue; } $dirname = basename($directory); if ($GLOBALS["VERBOSE"]) { echo "Checking Directory [{$directory}] => {$dirname}\n"; } if (preg_match("#^squid.*#", $dirname)) { if ($GLOBALS["VERBOSE"]) { echo "Removing dir `{$dirname}`\n"; } system_admin_events("Old squid cache directory {$dirname} will be deleted", __FUNCTION__, __FILE__, __LINE__, "clean"); squid_admin_mysql(2, "Deleting Old squid cache directory {$dirname}", "Old squid cache directory {$dirname} will be deleted\nRemoving: `{$directory}`"); squid_admin_notifs("Old squid cache directory {$dirname} will be deleted\nRemoving: `{$directory}`", __FUNCTION__, __FILE__, __LINE__, "clean"); shell_exec("{$rm} -rf {$directory} >/dev/null 2>&1"); } } }
function start() { $pidtime = "/etc/artica-postfix/pids/" . basename(__FILE__) . "." . __FUNCTION__ . ".time"; $pidFile = "/etc/artica-postfix/pids/" . basename(__FILE__) . "." . __FUNCTION__ . ".pid"; $unix = new unix(); $pid = $unix->get_pid_from_file($pidFile); if ($unix->process_exists($pid)) { return; } @file_put_contents($pidFile, getmypid()); $time = $unix->file_time_min($pidtime); if ($time < 5) { return; } @file_put_contents($pidtime, time()); $free = $unix->find_program("free"); $echo = $unix->find_program("echo"); $sync = $unix->find_program("sync"); $swapoff = $unix->find_program("swapoff"); $swapon = $unix->find_program("swapon"); exec("{$free} 2>&1", $results); $used = 0; $total = 0; while (list($num, $ligne) = each($results)) { if (preg_match("#Swap:\\s+([0-9]+)\\s+([0-9]+)\\s+([0-9]+)#", $ligne, $re)) { $total = $re[1]; $used = $re[2]; } } if (!is_numeric($total)) { return; } if ($total == 0) { return; } if ($used == 0) { return; } if ($total == $used) { return; } $tot1 = $used / $total; $tot1 = $tot1 * 100; if ($GLOBALS["VERBOSE"]) { echo "Swap:{$used}/{$total} - {$tot1}\n"; } $perc = round($tot1); if ($GLOBALS["VERBOSE"]) { echo "Swap:{$used}/{$total} {$perc}%\n"; } $t = time(); $GLOBALS["ALL_SCORES"]++; @file_put_contents("/proc/sys/vm/drop_caches", "1"); shell_exec($sync); @file_put_contents("/proc/sys/vm/drop_caches", "2"); shell_exec($sync); @file_put_contents("/proc/sys/vm/drop_caches", "3"); shell_exec($sync); @file_put_contents("/proc/sys/vm/drop_caches", "0"); shell_exec("{$swapoff} -a && {$swapon} -a"); $usedTXT = FormatBytes($used); $distance = $unix->distanceOfTimeInWords($t, time(), true); squid_admin_mysql(0, "System swap exceed rule: {$perc}%", "Used {$usedTXT}\nSystem cache was flushed took {$distance}\nThis means you did have enough memory for this computer."); squid_admin_notifs("Swap exceed rule: {$perc}% {$usedTXT}\nSystem cache was flushed.", __FUNCTION__, __FILE__, __LINE__, "proxy"); }
function port1344_notavailable($buffer) { $EnableRemoteSyslogStatsAppliance = trim(@file_get_contents("/etc/artica-postfix/settings/Daemons/EnableRemoteSyslogStatsAppliance")); $DisableArticaProxyStatistics = trim(@file_get_contents("/etc/artica-postfix/settings/Daemons/DisableArticaProxyStatistics")); $EnableKavICAPRemote = trim(@file_get_contents("/etc/artica-postfix/settings/Daemons/EnableKavICAPRemote")); $kavicapserverEnabled = trim(@file_get_contents("/etc/artica-postfix/settings/Daemons/kavicapserverEnabled")); if (!is_numeric($DisableArticaProxyStatistics)) { $DisableArticaProxyStatistics = 0; } if (!is_numeric($EnableRemoteSyslogStatsAppliance)) { $EnableRemoteSyslogStatsAppliance = 0; } if (!is_numeric($EnableKavICAPRemote)) { $EnableKavICAPRemote = 0; } if (!is_numeric($kavicapserverEnabled)) { $kavicapserverEnabled = 0; } $Disabled = false; if (!is_file("/opt/kaspersky/kav4proxy/sbin/kav4proxy-kavicapserver")) { $Disabled = true; } if ($EnableRemoteSyslogStatsAppliance == 1) { $Disabled = true; } if ($EnableKavICAPRemote == 1) { $Disabled = true; } if ($kavicapserverEnabled == 0) { $Disabled = true; } events("Warning, Kaspersky ICAP server is down (port 1344). Disabled = {$Disabled}" . __LINE__); if ($Disabled) { squid_admin_mysql(2, "Kaspersky ICAP service down", "Squid-Cache claim\n{$buffer}\nBut it seems that the ICAP server is disabled...\nArtica will reconfigure the service"); squid_admin_notifs("Kaspersky ICAP service down!\nSquid-Cache claim\n{$buffer}\nBut it seems that the ICAP server is disabled...\nArtica will reconfigure the service", __FUNCTION__, __FILE__, __LINE__, "proxy"); shell_exec("{$GLOBALS["NOHUP"]} {$GLOBALS["PHP5"]} /usr/share/artica-postfix/exec.squid.php --build --force >/dev/null 2>&1 &"); return; } squid_admin_mysql(1, "Kaspersky ICAP service down", "Squid-Cache claim\n{$buffer}\nArtica will restart the Kaspersky ICAP server...\nArtica will reconfigure the service"); squid_admin_notifs("Kaspersky ICAP service down!\nSquid-Cache claim\n{$buffer}\nArtica will restart the Kaspersky ICAP server...\nArtica will reconfigure the service", __FUNCTION__, __FILE__, __LINE__, "proxy"); shell_exec("{$GLOBALS["NOHUP"]} /etc/init.d/artica-postfix restart kav4proxy >/dev/null 2>&1 &"); }
function test_smtp_watchdog() { squid_admin_notifs("This is an SMTP tests from the configuration file", __FUNCTION__, __FILE__, __LINE__, "proxy"); }
function Parseline($buffer) { $buffer = trim($buffer); $GLOBALS["COUNT-LINES"]++; if ($GLOBALS["COUNT-LINES"] > 5000) { $GLOBALS["TOTAL-LINES"] = $GLOBALS["TOTAL-LINES"] + $GLOBALS["COUNT-LINES"]; $distanceInSeconds = round(abs(time() - $GLOBALS["COUNT-LINES-TIME"])); $distanceInMinutes = round($distanceInSeconds / 60); events("{$GLOBALS["TOTAL-LINES"]} Parsed..."); if ($distanceInMinutes > 2) { events("{$GLOBALS["TOTAL-LINES"]} Check size..."); $GLOBALS["COUNT-LINES-TIME"] = time(); shell_exec($GLOBALS["CLEANCMD"]); $GLOBALS["COUNT-LINES"] = 0; } } if (strpos($buffer, '): operation="file_perm" pid=') > 0) { return; } $dust = new syslogger(); if (strpos($buffer, "]: [DEBUG]") > 0) { return; } if ($dust->MailDustbin($buffer)) { return; } //kernel dustbin if (strpos($buffer, "ext4_dx_add_entry: Directory index full") > 0) { return true; } if (strpos($buffer, "] ll header:") > 0) { return true; } if (strpos($buffer, "exec.squid.watchdog.php") > 0) { return true; } if (strpos($buffer, "using local addresses only for domain") > 0) { return true; } //squid dustbin if (strpos($buffer, "Load average increasing, re-enabling all cpus for irq balancing") > 0) { return true; } if (strpos($buffer, "artica-watchdog[") > 0) { return true; } if (strpos($buffer, "exec.syslog-engine.php") > 0) { return true; } if (strpos($buffer, "exec.postfix-logger.php") > 0) { return true; } if (strpos($buffer, "]: WARNING: ") > 0) { return true; } if (strpos($buffer, " epmd running") > 0) { return true; } if (strpos($buffer, "#]: Startup: Initializing") > 0) { return true; } if (strpos($buffer, "]: Reconfiguring Squid Cache") > 0) { return true; } if (strpos($buffer, "]: Closing HTTP port") > 0) { return true; } if (strpos($buffer, "]: Processing Configuration File:") > 0) { return true; } if (strpos($buffer, "]: Startup: Initialized") > 0) { return true; } if (strpos($buffer, "]: Warning: empty ACL") > 0) { return true; } if (strpos($buffer, "]: Accepting HTTP Socket connections") > 0) { return true; } if (strpos($buffer, " RELEASE ") > 0) { return true; } if (strpos($buffer, " SWAPOUT ") > 0) { return true; } if (strpos($buffer, "RELEASE -1 FFFFFFFF") > 0) { return true; } //Postfix dustbin if (preg_match("#Do you need to run.+?sa-update#", $buffer)) { amavis_sa_update($buffer); return; } if (strpos($buffer, " fcrontab[") > 0) { return true; } if (strpos($buffer, "exec.mailarchive.php") > 0) { return true; } if (strpos($buffer, "Orphan Comm::Connection: local=") > 0) { return true; } if (strpos($buffer, "class.mysql.squid.builder.php") > 0) { return true; } if (strpos($buffer, "Orphans since last started") > 0) { return true; } if (strpos($buffer, "general, No Profile configured! Allowing") > 0) { return true; } if (strpos($buffer, "general, KHSE: no threat detected in") > 0) { return true; } if (preg_match("#exec.dstat.top.php#", $buffer)) { return true; } if (preg_match("#artica-filter#", $buffer)) { return true; } if (preg_match("#postfix\\/#", $buffer)) { return true; } if (preg_match("#CRON\\[#", $buffer)) { return true; } if (preg_match("#: CACHEMGR:#", $buffer)) { return true; } if (preg_match("#exec\\.postfix-logger\\.php:#", $buffer)) { return true; } if (preg_match("#artica-install\\[#", $buffer)) { return true; } // monit dustbin if (preg_match("#monitor action done#", $buffer)) { return true; } if (preg_match("#monitor service.+?on user request#", $buffer)) { return true; } if (preg_match("#CRON\\[.+?\\(root\\).+CMD#", $buffer)) { return true; } if (preg_match("#winbindd\\[.+?winbindd_listen_fde_handler#", $buffer)) { return true; } if (strpos($buffer, "Other action already in progress -- please try again later") > 0) { return true; } if (strpos($buffer, "class.cronldap.inc") > 0) { return true; } if (strpos($buffer, "Awakened by User defined") > 0) { return true; } if (strpos($buffer, ": Checking summary") > 0) { return true; } //Zarafa dustbin if (strpos($buffer, ": End of session (logoff)") > 0) { return true; } if (strpos($buffer, " receives session ") > 0) { return true; } if (strpos($buffer, ": Disconnecting client") > 0) { return true; } if (strpos($buffer, " thread exiting") > 0) { return true; } if (strpos($buffer, ": Accepted connection from") > 0) { return true; } if (strpos($buffer, ": Not authorized for command: CAPA") > 0) { return true; } if (strpos($buffer, ": Starting worker process for") > 0) { return true; } // **************** peut être utilisé ??? if (strpos($buffer, "User supplied password using program zarafa-gateway") > 0) { return true; } if (strpos($buffer, "authenticated through User supplied password using program") > 0) { return true; } if (strpos($buffer, "authenticated through Pipe socket using program") > 0) { return true; } if (strpos($buffer, "conntrack-tools[") > 0) { return true; } if (strpos($buffer, "]: (root) CMD (") > 0) { return true; } if (strpos($buffer, "]: MemoryInstances") > 0) { return true; } if (strpos($buffer, "]: launch_all_status(") > 0) { return true; } if (strpos($buffer, "]: PROCESS IN MEMORY") > 0) { return true; } if (strpos($buffer, ">/dev/null 2>&1 &") > 0) { return true; } if (strpos($buffer, "executed...end") > 0) { return true; } if (strpos($buffer, "requests per minute") > 0) { return true; } if (strpos($buffer, "Ask all status to MONIT") > 0) { return true; } if (strpos($buffer, "exec.status.php[") > 0) { return true; } if (preg_match("#slapd.+?conn=[0-9]+\\s+fd=.+?closed#", $buffer)) { return true; } if (strpos($buffer, "msmtp: ") > 0) { return true; } if (strpos($buffer, "*system*awstats") > 0) { return true; } if (strpos($buffer, "extra modules loaded after daemonizing/chrooting") > 0) { return; } if (strpos($buffer, "/etc/cron.d/awstats") > 0) { return; } if (strpos($buffer, "emailrelay:") > 0) { return; } if (strpos($buffer, "pptpd-logwtmp.so loaded") > 0) { return; } if (strpos($buffer, "Reinitializing monit daemon") > 0) { return; } if (strpos($buffer, "Monit reloaded") > 0) { return; } if (strpos($buffer, "Tarticaldap.logon") > 0) { return; } if (strpos($buffer, "pulseaudio[") > 0) { return; } if (strpos($buffer, "exec: /usr/bin/php5") > 0) { return; } if (strpos($buffer, "Found decoder for ") > 0) { return; } if (strpos($buffer, "Internal decoder for ") > 0) { return; } if (strpos($buffer, "Loaded Icons") > 0) { return; } if (strpos($buffer, "CP ConfReq") > 0) { return; } if (strpos($buffer, "CP ConfAck") > 0) { return; } if (strpos($buffer, "CP EchoReq") > 0) { return; } if (strpos($buffer, "/usr/sbin/cron") > 0) { return; } if (strpos($buffer, "no IPv6 routers present") > 0) { return; } if (strpos($buffer, "AM.PDP-SOCK") > 0) { return; } if (strpos($buffer, "disconnect from unknown") > 0) { return; } //amavis - Mail Dutdsbin //LDAP Dustbin if (strpos($buffer, "SEARCH RESULT tag=") > 0) { return; } if (strpos($buffer, 'SRCH base="cn=') > 0) { return; } if (strpos($buffer, 'ACCEPT from IP=') > 0) { return; } if (strpos($buffer, 'closed (connection lost)') > 0) { return; } //automount dustbin if (strpos($buffer, "handle_packet: type") > 0) { return; } if (strpos($buffer, "dev_ioctl_send_fail: token") > 0) { return; } if (strpos($buffer, "lookup_mount: lookup(ldap)") > 0) { return; } if (strpos($buffer, "handle_packet_missing_indirect: token") > 0) { return; } if (strpos($buffer, "getuser_func: called with context") > 0) { return; } if (strpos($buffer, "attempting to mount entry /automounts") > 0) { return; } if (strpos($buffer, "lookup_one: lookup(ldap)") > 0) { return; } if (strpos($buffer, "do_bind: lookup(ldap):") > 0) { return; } if (strpos($buffer, "sun_mount: parse") > 0) { return; } if (strpos($buffer, "]: failed to mount /") > 0) { return; } if (strpos($buffer, "]: do_mount:") > 0) { return; } if (strpos($buffer, "]: parse_mount: parse") > 0) { return; } if (strpos($buffer, "mount_mount: mount(generic):") > 0) { return; } if (strpos($buffer, ">> Error connecting to") > 0) { return; } if (strpos($buffer, ">> Refer to the mount") > 0) { return; } if (strpos($buffer, "getpass_func: context (nil)") > 0) { return; } //ROOT Dustbin if (strpos($buffer, "(root) CMD") > 0) { return; } if (strpos($buffer, "RELOAD (/etc/cron") > 0) { return; } //Cyrus DUSTBIN //pdns dustbin if (strpos($buffer, "question for '") > 0) { return; } if (strpos($buffer, "answer to question '") > 0) { return; } if (strpos($buffer, "failed (res=3)") > 0) { return; } if (preg_match("#pdns_recursor\\[[0-9]+\\]: \\[[0-9]+\\]\\s+#", $buffer)) { return; } //roundcube dustbin if (strpos($buffer, "IMAP Error: Empty password") > 0) { return; } //monit dustbin if (strpos($buffer, "Monit has not changed") > 0) { return; } if (strpos($buffer, ": synchronized to ") > 0) { return; } if (strpos($buffer, "monit HTTP server stopped") > 0) { return; } if (strpos($buffer, "Shutting down monit HTTP server") > 0) { return; } if (strpos($buffer, "Starting monit HTTP server at") > 0) { return; } if (strpos($buffer, "Reinitializing monit - Control") > 0) { return; } //squid dustbin: if (strpos($buffer, "Unlinkd pipe opened on FD") > 0) { return; } if (strpos($buffer, "Beginning Validation Procedure") > 0) { return; } //EMAILRELAY DUSTBIN if (strpos($buffer, "emailrelay: info: failing file") > 0) { return; } if (strpos($buffer, "emailrelay: info: no more messages to send") > 0) { return; } if (strpos($buffer, "emailrelay: warning: cannot do tls") > 0) { return; } if (strpos($buffer, "]: monit daemon at") > 0) { return; } if (strpos($buffer, "artica-ldap[") > 0) { return; } if (strpos($buffer, "want to change spamassassin settings but not installed") > 0) { return; } //SAMBA DUSTBIN if (strpos($buffer, "smb_register_idmap") > 0) { return; } if (strpos($buffer, "could not find idmap alloc module ad") > 0) { return; } if (strpos($buffer, "Idmap module nss already registered") > 0) { return; } if (strpos($buffer, "'winbindd' process PID changed to") > 0) { return; } if (strpos($buffer, "idmap_alloc module tdb already registered") > 0) { return; } if (strpos($buffer, "ad_idmap_cached_connection_internal") > 0) { return; } if (strpos($buffer, "idmap_ad_unixids_to_sids") > 0) { return; } if (strpos($buffer, "libads/kerberos.c:") > 0) { return; } if (strpos($buffer, "initialize_winbindd_cache") > 0) { return; } if (strpos($buffer, "winbindd/winbindd_group.c") > 0) { return; } if (strpos($buffer, "winbindd/winbindd_util.c") > 0) { return; } if (strpos($buffer, "smb_register_idmap_alloc") > 0) { return; } if (strpos($buffer, "Idmap module passdb already registered") > 0) { return; } if (strpos($buffer, "Cleaning up brl and lock database after unclean shutdown") > 0) { return; } if (strpos($buffer, "winbindd_sig_term_handler") > 0) { return; } if (strpos($buffer, "wins_registration_timeout") > 0) { return; } if (strpos($buffer, ": netbios connect:") > 0) { return; } if (strpos($buffer, "cleanup_timeout_fn") > 0) { return; } if (strpos($buffer, "struct wbint_Gid2Sid") > 0) { return; } if (strpos($buffer, ": doing parameter") > 0) { return; } if (strpos($buffer, "param/loadparm.c") > 0) { return; } if (strpos($buffer, ": wins_registration_timeout:") > 0) { return; } if (strpos($buffer, "src: struct server_id") > 0) { return; } if (strpos($buffer, "dest: struct server_id") > 0) { return; } if (strpos($buffer, "messages: struct messaging_rec") > 0) { return; } if (strpos($buffer, "ndr/ndr.c") > 0) { return; } if (strpos($buffer, "smbd/reply.c") > 0) { return; } if (strpos($buffer, "lib/smbldap.c") > 0) { return; } if (strpos($buffer, "srvsvc_NetShare") > 0) { return; } if (strpos($buffer, "]: Global parameter") > 0) { return; } if (strpos($buffer, "STYPE_IPC_HIDDEN") > 0) { return; } if (strpos($buffer, "STYPE_DISKTREE") > 0) { return; } if (strpos($buffer, ": NTLMSSP_") > 0) { return; } if (strpos($buffer, "MSG_SMB_UNLOCK") > 0) { return; } if (strpos($buffer, ": messages: ARRAY(") > 0) { return; } if (strpos($buffer, "struct messaging_array") > 0) { return; } if (strpos($buffer, ": msg_version :") > 0) { return; } if (strpos($buffer, ": num_messages :") > 0) { return; } if (strpos($buffer, ": sid :") > 0) { return; } if (strpos($buffer, ": sid :") > 0) { return; } if (strpos($buffer, ": id :") > 0) { return; } if (strpos($buffer, ": dom_name :") > 0) { return; } if (strpos($buffer, ": msg_version :") > 0) { return; } if (strpos($buffer, ": buf :") > 0) { return; } if (strpos($buffer, ": result :") > 0) { return; } if (strpos($buffer, ": gid :") > 0) { return; } if (strpos($buffer, "server_unc") > 0) { return; } if (strpos($buffer, "union ntlmssp_AvValue") > 0) { return; } if (strpos($buffer, "MsvAvNbDomainName") > 0) { return; } if (strpos($buffer, "NegotiateFlags") > 0) { return; } if (strpos($buffer, "AvDnsComputerName") > 0) { return; } if (strpos($buffer, "Version: struct VERSION") > 0) { return; } if (strpos($buffer, "array: ARRAY(") > 0) { return; } if (strpos($buffer, "info_ctr") > 0) { return; } if (strpos($buffer, "init_sam_from_ldap: Entry found") > 0) { return; } //Snort dustbin //pdns_recursor[23651]: stats: 600 questions, 665 cache entries, 29 negative entries, 0% cache hits" // check_ntlm_password: Authentication for user [root] -> [root] FAILED with error NT_STATUS_WRONG_PASSWORD if (strpos($buffer, "]: last message repeated") > 0) { return; } //pdns dustbin if (strpos($buffer, "Looking for CNAME") > 0) { return; } if (strpos($buffer, "No CNAME cache hit of") > 0) { return; } if (strpos($buffer, "Found cache hit") > 0) { return; } if (strpos($buffer, ": Resolved '") > 0) { return; } if (strpos($buffer, ": Trying IP") > 0) { return; } if (strpos($buffer, ".: Got 1 answers") > 0) { return; } if (strpos($buffer, ": accept answer") > 0) { return; } if (strpos($buffer, ": determining status") > 0) { return; } if (strpos($buffer, ": got negative caching") > 0) { return; } if (strpos($buffer, ": No cache hit for") > 0) { return; } if (strpos($buffer, ": Checking if we have NS") > 0) { return; } if (strpos($buffer, ": no valid/useful NS") > 0) { return; } if (strpos($buffer, ": NS (with ip, or non-glue)") > 0) { return; } if (strpos($buffer, ": We have NS in cache") > 0) { return; } if (strpos($buffer, ".: Nameservers:") > 0) { return; } if (strpos($buffer, ": Trying to resolve NS") > 0) { return; } if (strpos($buffer, ".: got NS record") > 0) { return; } if (strpos($buffer, ".: status=") > 0) { return; } if (strpos($buffer, ".: Starting additional") > 0) { return; } if (strpos($buffer, ".: Done with additional") > 0) { return; } if (strpos($buffer, ".: Found cache CNAME hit") > 0) { return; } if (strpos($buffer, ".: answer is in") > 0) { return; } if (strpos($buffer, "is negatively cached via") > 0) { return; } if (strpos($buffer, ".: within bailiwick") > 0) { return; } if (strpos($buffer, "]: Query: '") > 0) { return; } if (strpos($buffer, "bdb_equality_candidates:") > 0) { return; } if (strpos($buffer, "Cache consultations done") > 0) { return; } if (strpos($buffer, ".: Entire record") > 0) { return; } if (strpos($buffer, "got upwards/level NS record") > 0) { return; } if (strpos($buffer, "), rcode=0, in") > 0) { return; } if (strpos($buffer, "] ns1.") > 0) { return; } if (strpos($buffer, "error resolving, possible error: Connection refused") > 0) { return; } if (strpos($buffer, "Failed to resolve via any of the") > 0) { return; } if (strpos($buffer, "failed (res=-1)") > 0) { return; } if (strpos($buffer, "question answered from packet cache from") > 0) { return; } if (strpos($buffer, ": timeout resolving") > 0) { return; } if (strpos($buffer, ": query throttled") > 0) { return; } if (strpos($buffer, "]: Invalid query packet") > 0) { return; } if (strpos($buffer, 'BIND dn="cn=') > 0) { return; } if (strpos($buffer, 'RESULT tag=') > 0) { return; } if (strpos($buffer, 'SRCH base="') > 0) { return; } if (strpos($buffer, 'SRCH attr=') > 0) { return; } if (strpos($buffer, 'MOD attr=') > 0) { return; } if (strpos($buffer, 'MOD dn=') > 0) { return; } if (strpos($buffer, ' UNBIND') > 0) { return; } if (strpos($buffer, ": connection_input: conn=") > 0) { return; } if (strpos($buffer, "attr=dNSTTL aRecord nSRecord cNAMERecord") > 0) { return; } if (strpos($buffer, ": monit HTTP server started") > 0) { return; } if (strpos($buffer, "Awakened by the") > 0) { return; } //nginx if (preg_match("#nginx:.*?notice.+?gracefully shutting down#", $buffer)) { squid_admin_mysql(1, "Reverse Proxy service gracefully shutting down", $buffer, __FILE__, __LINE__); return; } if (preg_match("#nginx:.+?start worker processes#", $buffer)) { squid_admin_mysql(2, "Reverse Proxy service starting", $buffer, __FILE__, __LINE__); return; } if (preg_match("#nginx:.*?:\\s+reconfiguring#", $buffer)) { squid_admin_mysql(1, "Reverse Proxy service was reconfigured", $buffer, __FILE__, __LINE__); return; } if (preg_match("#wifidog.*?Failed to open HTML message file#", $buffer)) { squid_admin_mysql(1, "Creating HTML message for the Hotspot", null, __FILE__, __LINE__); shell_exec2("{$GLOBALS["LOCATE_PHP5_BIN"]} {$GLOBALS["BASE_ROOT"]}/hostpot.php --templates >/dev/null 2>&1"); shell_exec2("{$GLOBALS["nohup"]} {$GLOBALS["LOCATE_PHP5_BIN"]} {$GLOBALS["BASE_ROOT"]}/exec.wifidog.php --restart"); return; } if (preg_match("#wifidog\\[.*?Removing Firewall rules#", $buffer, $re)) { squid_admin_mysql(1, "HotSpot is stopped", null, __FILE__, __LINE__); return; } //Crash kernel if (preg_match("#nf_queue: full at [0-9]+ entries,\\s+dropping packets#", $buffer, $re)) { $file = "/etc/artica-postfix/croned.1/nf_queue.full"; if (IfFileTime($file, 5)) { system_admin_events("Fatal! nf_queue is full\n{$buffer}\nYou should consider increase your hardware memory and CPU\nor disable Network application detection", __FUNCTION__, __FILE__, __LINE__, "system"); if ($GLOBALS["SQUID_INSTALLED"]) { squid_admin_mysql(0, "Fatal! nf_queue is full", "{$buffer}\nYou should consider increase your hardware memory and CPU\nor disable Network application detection", __FILE__, __LINE__); } } return; } if (preg_match("#glibc detected.*?\\/(.+?):\\s+(.+?):#", $buffer, $re)) { system_admin_events("Fatal! Crash {$re[1]} {$re[2]} [action=Run Sync]\n{$buffer}", __FUNCTION__, __FILE__, __LINE__, "system"); if ($GLOBALS["SQUID_INSTALLED"]) { squid_admin_mysql(0, "Fatal! Crash {$re[1]} {$re[2]} [action=Run Sync]", $buffer, __FILE__, __LINE__); } shell_exec("{$GLOBALS["nohup"]} {$GLOBALS["SYNC_BIN"]} >/dev/null 2>&1 &"); return; } if (preg_match("#kernel:\\[.*?general protection fault:\\s+[0-9]+\\s+\\[\\#([0-9]+)\\]\\s+SMP#", $buffer, $re)) { if ($GLOBALS["SQUID_INSTALLED"]) { squid_admin_mysql(0, "Kernel crash !! general protection fault on SMP processor", $buffer, __FILE__, __LINE__); } system_admin_events("Kernel crash !! general protection fault on SMP Processor\n{$buffer}", __FUNCTION__, __FILE__, __LINE__, "system"); return; } if (preg_match("#kernel:.*?squid\\[.*?segfault at.*?error.*?in squid#", $buffer)) { squid_admin_mysql(0, "Fatal, proxy service was crashed !!!", "Here it is the report\n{$buffer}\nService is automatically started\n", __FILE__, __LINE__); shell_exec(trim("{$GLOBALS["nohup"]} {$GLOBALS["LOCATE_PHP5_BIN"]} /usr/share/artica-postfix/exec.squid.watchdog.php --start --crashed --cache-logs >/dev/null 2>&1 &")); return; } if (preg_match("#class\\.sockets\\.inc.*?Fatal ERROR 500#", $buffer)) { shell_exec(trim("{$GLOBALS["nohup"]} {$GLOBALS["LOCATE_PHP5_BIN"]} /usr/share/artica-postfix/exec.framework.php --restart >/dev/null 2>&1 &")); return; } if (strpos($buffer, "rdpproxy:") > 0) { if (!isset($GLOBALS["CLASS_RDPPROXY_MONITOR"])) { $GLOBALS["CLASS_RDPPROXY_MONITOR"] = new rdpproxy_monitor(); } $GLOBALS["CLASS_RDPPROXY_MONITOR"]->parse($buffer); return; } if (strpos($buffer, "C-ICAP") > 0) { if ($GLOBALS["CLASS_C_ICAP_MONITOR"]->parse($buffer)) { return; } } //UCARP if (preg_match("#ucarp\\[.*?Switching to state:\\s+BACKUP#", $buffer)) { if (!is_file("/usr/share/ucarp/Master")) { foreach (glob("/usr/share/ucarp/vip-*-down.sh") as $filename) { $tt[] = $filename; shell_exec("{$GLOBALS["nohup"]} {$filename} >/dev/null 2>&1 &"); } squid_admin_mysql(0, "FailOver: Slave switch to backup mode", "Executed\n" . @implode("\n", $tt), __FILE__, __LINE__); } else { squid_admin_mysql(0, "FailOver: Master shutdown connections transfered to slave", "\n", __FILE__, __LINE__); } return; } if (preg_match("#ucarp\\[.*?Switching to state:\\s+MASTER#", $buffer)) { if (!is_file("/usr/share/ucarp/Master")) { squid_admin_mysql(0, "FailOver: Slave switch to Master mode and accept connections", "\n", __FILE__, __LINE__); } else { squid_admin_mysql(0, "FailOver: Master return back and accept connections", "\n", __FILE__, __LINE__); } return; } // SHOREWALL if (preg_match("#Shorewall:(.+?)2(.+?):(.+?):IN=(.*?)\\s+OUT=(.*?)\\s+MAC=(.*?)\\s+SRC=(.*?)\\s+DST=(.*?)\\s+.*?PROTO=(.*?)\\s+.*?DPT=([0-9]+)#", $buffer, $re)) { $ZONE_FROM = $re[1]; $ZONE_TO = $re[2]; $ACTION = $re[2]; $NIC_IN = $re[4]; $NIC_OUT = $re[5]; $MAC_SRC = strtolower($re[6]); $IP_SRC = $re[7]; $IP_DST = $re[8]; $PROTO = $re[9]; $PORT = $re[10]; $DATE = date("Y-m-d H:i:s"); $currentHour = date("YmdH"); if (!isset($GLOBALS["MYSQL_SHOREWALL"])) { $GLOBALS["MYSQL_SHOREWALL"] = new mysql_shorewall(); } if (!isset($GLOBALS["MYSQL_SHOREWALL_T"][date("YmdH")])) { $GLOBALS["MYSQL_SHOREWALL"]->BuildHourTable(); } $sql = "INSERT IGNORE INTO `FWH_{$currentHour}` (`ZDATE`,`ZONE_FROM`,`ZONE_TO`,`ACTION`,`NIC_IN`,`NIC_OUT`,`MAC_SRC`,`IP_SRC`,`IP_DST`,`PROTO`,`PORT`) VALUES\n\t('{$DATE}','{$ZONE_FROM}','{$ZONE_TO}','{$ACTION}','{$NIC_IN}','{$NIC_OUT}','{$MAC_SRC}','{$IP_SRC}','{$IP_DST}','{$PROTO}','{$PORT}')"; $GLOBALS["MYSQL_SHOREWALL"]->QUERY_SQL($sql); if (count($GLOBALS["MYSQL_SHOREWALL_T"]) > 10) { unset($GLOBALS["MYSQL_SHOREWALL_T"]); } return; } if (preg_match("#kernel:.*?:\\s+(.+?):\\s+link down#", $buffer, $re)) { system_admin_events("{$re[1]}: Network Interface Down\n{$buffer}", __FUNCTION__, __FILE__, __LINE__, "network"); squid_admin_mysql(0, "{$re[1]}: Network Interface Down", $buffer, __FILE__, __LINE__); return; } if (preg_match("#kernel:.*?\\]\\s+ADDRCONF.*?:\\s+(.+?):\\s+link is not ready#", $buffer, $re)) { system_admin_events("{$re[1]}: Network Interface not ready\n{$buffer}", __FUNCTION__, __FILE__, __LINE__, "network"); squid_admin_mysql(0, "{$re[1]}: Network Interface not ready", $buffer, __FILE__, __LINE__); return; } if (preg_match("#kernel:.*?\\]\\s+ADDRCONF.*?:\\s+(.+?):\\s+link becomes ready#", $buffer, $re)) { system_admin_events("{$re[1]}: Network Interface becomes ready\n{$buffer}", __FUNCTION__, __FILE__, __LINE__, "network"); squid_admin_mysql(0, "{$re[1]}: Network Interface becomes ready", $buffer, __FILE__, __LINE__); return; } if (preg_match("#kernel:.*?:\\s+(.+?):\\s+link up#", $buffer, $re)) { system_admin_events("{$re[1]}: Network Interface Up\n{$buffer}", __FUNCTION__, __FILE__, __LINE__, "network"); squid_admin_mysql(2, "{$re[1]}: Network Interface Up", $buffer, __FILE__, __LINE__); return; } if (preg_match("#FATAL ERROR: unable to open remote file .*?framework\\.sock#", $buffer, $re)) { $file = "/etc/artica-postfix/croned.1/lighttpd.framework.sock.error"; if (IfFileTime($file, 1)) { system_admin_events("Framework issue, restarting framework service\n{$buffer}", __FUNCTION__, __FILE__, __LINE__, "artica"); $cmd = "{$GLOBALS["nohup"]} /etc/init.d/artica-framework restart >/dev/null 2>&1 &"; shell_exec($cmd); } return; } if (preg_match("#lighttpd\\[.*?connect failed: No such file or directory on unix:\\/var\\/run\\/php-fpm\\.sock#", $buffer, $re)) { $file = "/etc/artica-postfix/croned.1/lighttpd.phpfpm.sock.error"; if (IfFileTime($file, 1)) { system_admin_events("PHP-FPM issue, starting PHP-FPM service\n{$buffer}", __FUNCTION__, __FILE__, __LINE__, "artica"); $cmd = "{$GLOBALS["nohup"]} /etc/init.d/php5-fpm start >/dev/null 2>&1 &"; shell_exec($cmd); } return; } // LIGTTPD if (preg_match("#lighttpd.*?connections\\.c.*?SSL.*?error.*?Broken pipe#", $buffer, $re)) { $file = "/etc/artica-postfix/croned.1/lighttpd.connections.Broken.pipe"; if (IfFileTime($file, 2)) { shell_exec("{$GLOBALS["nohup"]} /etc/init.d/artica-webconsole restart >/dev/null 2>&1 &"); } return; } if (dhcpd($buffer)) { return; } if (preg_match("#squid.*?\\[[0-9]+\\]:#", $buffer)) { squid_parser($buffer); return; } if (preg_match("#\\(squid-.*?\\):#", $buffer)) { squid_parser($buffer); return; } if (preg_match("#nss_wins.*?\\[[0-9]+\\]:#", $buffer)) { nss_parser($buffer); return; } if (preg_match("#haproxy.*?\\[[0-9]+\\]:#", $buffer)) { haproxy_parser($buffer); return; } if (preg_match("#kernel.*?\\[#", $buffer)) { Kernel_parser($buffer); return; } if (preg_match("#coova-chilli.+?net\\.c.*?Cannot assign requested address.*?ioctl.*?SIOCSIFFLAGS#", $buffer, $re)) { $file = "/etc/artica-postfix/croned.1/coova-chilli.SIOCSIFFLAGS"; if (IfFileTime($file, 5)) { events("HotSpot Failed to bin address, disable hotSpot system!"); system_admin_events("HotSpot Failed to bin address, disable hotSpot system!", __FUNCTION__, __FILE__, __LINE__, "system"); @file_put_contents("/etc/artica-postfix/settings/Daemons/EnableChilli", 0); ToSyslog("kernel: [ Artica-Net] Start Network [artica-ifup] (" . basename(__FILE__) . "/" . __LINE__ . ")"); $cmd = "{$GLOBALS["nohup"]} /etc/init.d/artica-ifup start >/dev/null 2>&1 &"; shell_exec($cmd); $cmd = "{$GLOBALS["nohup"]} /etc/init.d/chilli stop >/dev/null 2>&1 &"; shell_exec($cmd); WriteFileCache($file); return; } events("{$buffer} = > TIMEOUT ... "); return; } if (preg_match("#'apache' total mem amount of ([0-9]+)([a-zA-Z])+\\s+matches resource limit#", $buffer, $re)) { $file = "/etc/artica-postfix/croned.1/apache.matches.resource.limit"; if (IfFileTime($file, 5)) { $unit = strtolower($re[2]); if ($unit == "kb") { $size = $re[1]; $size = round($size / 1024, 2); $cmd = "{$GLOBALS["nohup"]} /etc/init.d/artica-postfix restart apachesrc >/dev/null 2>&1 &"; events("{$size}M {$buffer} = {$cmd} ... "); shell_exec($cmd); WriteFileCache($file); return; } events("{$buffer} = > TIMEOUT ... "); return; } } if (preg_match("#connect failed: No such file or directory on unix:\\/var\\/run\\/php-fpm\\.sock#", $buffer)) { $file = "/etc/artica-postfix/croned.1/lighttpd.php-fpm.sock.No.such.file.directory.0"; if (IfFileTime($file, 1)) { $cmd = "{$GLOBALS["nohup"]} {$GLOBALS["LOCATE_PHP5_BIN"]} /usr/share/artica-postfix/exec.initslapd.php --phppfm-fix >/dev/null 2>&1 &"; events("{$buffer} = {$cmd} ... "); shell_exec($cmd); WriteFileCache($file); return; } events("{$buffer} = > TIMEOUT ... "); return; } if (preg_match("#lighttpd.*?mod_fastcgi.*?connect failed:\\s+No such file or directory on unix:\\/var\\/run\\/php-fpm\\.sock#", $buffer)) { $file = "/etc/artica-postfix/croned.1/lighttpd.php-fpm.sock.No.such.file.directory"; if (IfFileTime($file, 1)) { $cmd = "{$GLOBALS["nohup"]} {$GLOBALS["LOCATE_PHP5_BIN"]} /usr/share/artica-postfix/exec.initslapd.php --phppfm-fix >/dev/null 2>&1 &"; events("{$buffer} = {$cmd} ... "); shell_exec($cmd); WriteFileCache($file); return; } events("{$buffer} = > TIMEOUT ... "); return; } if (preg_match("#haarp.*?munmap_chunk.*?invalid pointer#", $buffer)) { $GLOBALS["HAARP_FATAL"]++; if (haarp_remove()) { return; } $file = "/etc/artica-postfix/croned.1/haarp.invalid.pointer"; events("invalid pointer haarp:" . __LINE__); squid_admin_mysql(1, "Haarp issue: {$GLOBALS["HAARP_FATAL"]}/5 invalid pointer", "Proxy service have issues with haarp,\n{$buffer}\n the service will be restarted", __FILE__, __LINE__); if (IfFileTime($file, 3)) { squid_admin_notifs("Warning, Haarp issues.\nProxy service have issues with haarp,\n{$buffer}\n the service will be restarted"); shell_exec("{$GLOBALS["nohup"]} /etc/init.d/haarp start >/dev/null 2>&1 &"); WriteFileCache($file); } return; } if (preg_match("#kernel:\\s+\\[.*?haarp.*?general protection.*?libmysqlclient\\.#", $buffer)) { $GLOBALS["HAARP_FATAL"]++; if (haarp_remove()) { return; } $file = "/etc/artica-postfix/croned.1/haarp.general.protection"; events("general protection haarp:" . __LINE__); squid_admin_mysql(1, "Haarp issue: {$GLOBALS["HAARP_FATAL"]}/5 general protection libmysqlclient", "Proxy service have issues with haarp,\n{$buffer}\n the service will be restarted", __FILE__, __LINE__); if (IfFileTime($file, 1)) { squid_admin_notifs("Warning, Haarp issues.\nProxy service have issues with haarp,\n{$buffer}\n the service will be restarted"); shell_exec("{$GLOBALS["nohup"]} /etc/init.d/haarp start >/dev/null 2>&1 &"); WriteFileCache($file); } return; } if (preg_match("#monit\\[.+?APP_UFDBGUARD.+?start:#", $buffer)) { return; } if (preg_match("#monit\\[.+?system statistic error.+?cannot get real memory buffers amount#", $buffer)) { $file = "/etc/artica-postfix/croned.1/squid.Failed.to.make.swap.directory"; if (IfFileTime($file, 10)) { email_events("Watchdog failed, cannot get real memory buffers amount", "monit claim \"{$buffer}\" Artica will install the latest monit version....", 'system'); shell_exec("{$GLOBALS["nohup"]} /usr/share/artica-postfix/bin/artica-make APP_MONIT >/dev/null 2>&1 &"); WriteFileCache($file); } return; } if (preg_match("#squid\\.monitrc:.*?syntax error#", $buffer)) { $cmd = "{$GLOBALS["nohup"]} {$GLOBALS["LOCATE_PHP5_BIN"]} /usr/share/artica-postfix/exec.squid.php --watchdog-config >/dev/null 2>&1 &"; events("{$buffer} Monit = {$cmd} ... "); shell_exec($cmd); return; } if (preg_match("#artica-cron\\[.+?: Could not add job : serial queue is full#", $buffer)) { $cmd = "{$GLOBALS["nohup"]} /etc/init.d/artica-postfix restart fcron >/dev/null 2>&1 &"; events("{$buffer} fcron CMD = {$cmd} ... "); shell_exec($cmd); return; } if (preg_match("#cron\\[.+?Fork error : could not exec.+?Cannot allocate memory#", $buffer)) { if ($GLOBALS["NOOUTOFMEMORYREBOOT"] != 1) { $uptime = $GLOBALS["CLASS_UNIX"]->uptime(); exec("{$GLOBALS["PS_BIN"]} aux 2>&1", $resultsa); email_events("Memory full: System will be rebooted after running after {$uptime}", "System claim \"{$buffer}\" the operating system will be rebooted ({$reboot}).", 'proxy'); if ($GLOBALS["SQUID_INSTALLED"]) { squid_admin_mysql(0, "Memory full: System will be rebooted after running after {$uptime}", "System claim \"{$buffer}\" the operating system will be rebooted\n" . @implode("\n", $resultsa), __FILE__, __LINE__); } UcarpDown(); shell_exec("{$GLOBALS["SHUTDOWN_BIN"]} -rF now"); return; } } if (preg_match("#monit: Error reading pid from file '(.+?)\\/ufdbguardd.pid'#", $buffer, $re)) { $cmd = "{$GLOBALS["nohup"]} {$GLOBALS["LOCATE_PHP5_BIN"]} " . dirname(__FILE__) . "/exec.squidguard.php --ufdbguard-start >/dev/null 2>&1 &"; events("{$buffer} Monit CMD = {$cmd} ... "); shell_exec($cmd); return; } if (preg_match("#Cannot open.*?\\/var\\/log\\/squid\\/store\\.log.*?No space left on device#is", $buffer, $re)) { $file = "/etc/artica-postfix/croned.1/varlogfull"; if (IfFileTime($file, 5)) { $results[] = "\n\n-------------- SPACE AVAILABLE -------------\n\n"; exec("{$GLOBALS["DF_BIN"]} -h 2>&1", $results); $results[] = "\n\n-------------- INODES AVAILABLE -------------\n\n"; exec("{$GLOBALS["DF_BIN"]} -i 2>&1", $results); squid_admin_mysql(0, "Fatal: no space left on log partition", "A specific procedure as been executed to make more free space.\nHere it is the current status\n" . @implode("\n", $results), __FILE__, __LINE__); $cmd = "{$GLOBALS["nohup"]} {$GLOBALS["LOCATE_PHP5_BIN"]} " . dirname(__FILE__) . "/exec.varlog-urgency.php --squid >/dev/null 2>&1 &"; shell_exec($cmd); WriteFileCache($file); } } if (preg_match("#\\(squid-.+?Failed to make swap directory\\s+(.+?):\\s+\\(13\\)\\s+Permission denied#i", $buffer, $re)) { $file = "/etc/artica-postfix/croned.1/squid.Failed.to.make.swap.directory"; if (IfFileTime($file, 10)) { $cmd = "{$GLOBALS["nohup"]} {$GLOBALS["LOCATE_PHP5_BIN"]} " . dirname(__FILE__) . "/exec.squid.php --reconfigure-squid >/dev/null 2>&1 &"; events("--> Repair squid dir '{$re[1]}'... {$cmd}"); @mkdir($re[1], 0755, true); @chmod($re[1], 0755); @chown($re[1], "squid"); @chgrp($re[1], "squid"); shell_exec($cmd); WriteFileCache($file); } return; } if (strpos($buffer, "DETECTED IN") > 0) { if (preg_match("#KHSE: THREAT\\s+(.+?)\\s+DETECTED IN\\s+(.+)#", $buffer, $re)) { $user = "******"; $local_ip = "unknown"; $rulename = "Antivirus KSE"; $category = "KSE_THREAT"; $public_ip = "unknown"; $virus = $re[1]; $uri = $re[2]; if (preg_match("#(|http|https|ftp|ftps)://(.+)#", $uri, $re)) { $www = $re[2]; } if (preg_match("#^www\\.(.+)#", $www, $re)) { $www = $re[1]; } if (strpos($www, "/") > 0) { $tb = explode("/", $www); $www = $tb[0]; } $date = time(); $table = date('Ymd') . "_blocked"; $md5 = md5("{$date},{$local_ip},{$rulename},{$category},{$www},{$public_ip}"); $sql = "('{$local_ip}','{$www}','{$category}','{$rulename}','{$public_ip}','THREAT {$virus} DETECTED','Security issue','unknown')"; if (!is_dir("{$GLOBALS["ARTICALOGDIR"]}/ufdbguard-queue")) { @mkdir("{$GLOBALS["ARTICALOGDIR"]}/ufdbguard-queue", 0755, true); } @file_put_contents("{$GLOBALS["ARTICALOGDIR"]}/ufdbguard-queue/{$md5}.sql", $sql); eventsAuth("[KHSE]: blocked THREAT {$virus} DETECTED IN {$uri}"); return; } } $auth = new auth_tail(); if ($auth->ParseLog($buffer)) { return; } $auth = null; // ---------------------- DANSGUARDIAN --------------------------------- if (strpos($buffer, "dansguardian[") > 0) { if (preg_match("#dansguardian\\[.+?:\\s+[0-9\\.]+\\s+[0-9:]+\\s+(.+?)\\s+([0-9\\.]+)\\s+(.+?)\\s+\\*([A-Z]+)\\*\\s+(.+?):\\s+(.+?)\\s+([A-Z]+)\\s+[0-9]+\\s+[0-9]+\\s+(.+?)\\s+([0-9]+)#", $buffer, $re)) { $array["userid"] = trim($re[1]); $array["ipaddr"] = $re[2]; $array["uri"] = $re[3]; $array["EVENT"] = $re[4]; $array["WHY"] = trim($re[5]); $array["EXPLAIN"] = $re[6]; $array["BLOCKTYPE"] = $re[8]; $array["RULEID"] = $re[9]; $array["TIME"] = date('Y-m-d H:i:s'); eventsAuth("[Dansguardian]: blocked {$array["uri"]} {$array["BLOCKTYPE"]} {$array["RULEID"]}"); @file_put_contents("{$GLOBALS["ARTICALOGDIR"]}/dansguardian-stats4/" . md5(serialize($array)), serialize($array)); } return; } // Samba/Winbind ********************************************************************************************************************************************** if (preg_match("#winbindd\\[.+?Connection to LDAP server failed for the\\s+[0-9]+\\s+try#", $buffer, $re)) { $file = "/etc/artica-postfix/croned.1/samba." . md5("winbindd\\[.+?Connection to LDAP server failed for the\\s+[0-9]+\\s+try") . ".error"; system_admin_events("winbindd connection to LDAP failed, update password...", __FUNCTION__, __FILE__, __LINE__, "samba"); if (IfFileTime($file, 5)) { system_admin_events("winbindd connection to LDAP failed, update password...", __FUNCTION__, __FILE__, __LINE__, "samba"); shell_exec("{$GLOBALS["nohup"]} /usr/share/artica-postfix/exec.samba.php --smbpasswd >/dev/null 2>&1 &"); } return true; } if (preg_match("#net:\\s+ads_keytab_add_entry: unable to determine machine account's dns name in AD#", $buffer, $re)) { $file = "/etc/artica-postfix/croned.1/samba." . md5("net:\\s+ads_keytab_add_entry: unable to determine machine account's dns name in AD") . ".error"; if (IfFileTime($file, 10)) { email_events("Active Directory: Unable to determine machine account's dns name in AD", "System claims:\n{$buffer}\nThere is link problem with your Active Directory", 'system'); WriteFileCache($file); } return true; } if (preg_match("#winbindd\\[.*?Could not fetch our SID - did we join#", $buffer, $re)) { $file = "/etc/artica-postfix/croned.1/ntlm.samba.could.not.fetch.our.SID.join.error"; if (IfFileTime($file, 3)) { squid_admin_mysql(0, "NTLM: not joinded", $buffer, __FILE__, __LINE__); $cmd = "{$GLOBALS["LOCATE_PHP5_BIN"]} " . dirname(__FILE__) . "/exec.kerbauth.php --join"; events("Active Directory: NTLM:: not joinded -> {$cmd}"); shell_exec("{$GLOBALS["nohup"]} {$cmd} >/dev/null 2>&1 &"); WriteFileCache($file); } else { events("Active Directory: NTLM: not joinded -> WAIT"); } return; } if (preg_match("#\\(ntlm_auth\\): could not obtain winbind domain name\\!#", $buffer, $re)) { $file = "/etc/artica-postfix/croned.1/ntlm.samba.could.not.obtain.winbind.domain.name.error"; if (IfFileTime($file, 3)) { squid_admin_mysql(0, "NTLM: could not obtain winbind domain name", $buffer, __FILE__, __LINE__); $cmd = "{$GLOBALS["LOCATE_PHP5_BIN"]} " . dirname(__FILE__) . "/exec.kerbauth.php --join"; events("Active Directory: NTLM:: could not obtain winbind domain name -> {$cmd}"); shell_exec("{$GLOBALS["nohup"]} {$cmd} >/dev/null 2>&1 &"); WriteFileCache($file); } else { events("Active Directory: NTLM:: could not obtain winbind domain name -> WAIT"); } return; } if (preg_match("#smbd\\[.+?:.+?PANIC\\s+\\(pid.+?:\\s+internal error#", $buffer, $re)) { email_events("Samba: SMBD daemon has crashed", "Samba claims:\n{$buffer}\nArtica cannot do something, please try to re-install samba...", 'samba'); return; } if (preg_match("#kerberos_kinit_password\\s+(.+?)\\s+failed:\\s+Preauthentication failed#i", $buffer, $re)) { $file = "/etc/artica-postfix/croned.1/samba." . md5("kerberos_kinit_password+Preauthentication failed") . ".error"; if (IfFileTime($file, 2)) { squid_admin_mysql(0, "NTLM: Preauthentication failed", $buffer, __FILE__, __LINE__); $cmd = "{$GLOBALS["LOCATE_PHP5_BIN"]} " . dirname(__FILE__) . "/exec.kerbauth.php --ping --force"; email_events("Active Directory: Preauthentication failed", "System claims:\n{$buffer}\nThere is link problem with your Active Directory\nArtica will try to relink the system by executing {$cmd} --verbose\nbut you should try to investigate if this server is able to resolve the Active Directory server", 'system'); events("Active Directory: Preauthentication failed -> {$cmd}"); shell_exec("{$GLOBALS["nohup"]} {$cmd} >/dev/null 2>&1 &"); $cmd = "{$GLOBALS["LOCATE_PHP5_BIN"]} " . dirname(__FILE__) . "/exec.kerbauth.php --join"; events("Active Directory: Preauthentication failed -> {$cmd}"); shell_exec("{$GLOBALS["nohup"]} {$cmd} >/dev/null 2>&1 &"); @unlink($file); WriteFileCache($file); } return true; } // ********************************************************************************************************************************************** if (preg_match("#dnsmasq.+? failed to read\\s+(.+?):\\s+Permission denied#", $buffer, $re)) { if (!isset($GLOBALS["aa-complain"])) { $GLOBALS["aa-complain"] = $GLOBALS["CLASS_UNIX"]->find_program("aa-complain"); } if (!isset($GLOBALS["dnsmasq_bin"])) { $GLOBALS["dnsmasq_bin"] = $GLOBALS["CLASS_UNIX"]->find_program("dnsmasq"); } $targetedfile = $re[1]; $file = "/etc/artica-postfix/croned.1/dnsmasq." . md5($targetedfile) . ".Permission.denied"; events("dnsmasq {$targetedfile} -> Permission denied"); if (IfFileTime($file, 10)) { events("dnsmasq {$targetedfile} -> chmod 755"); if (is_file($GLOBALS["aa-complain"])) { events("dnsmasq {$GLOBALS["aa-complain"]} -> {$GLOBALS["dnsmasq_bin"]}"); shell_exec("{$GLOBALS["aa-complain"]} {$GLOBALS["dnsmasq_bin"]}"); } email_events("dnsmasq: Permission denied on {$targetedfile}", "dnmasq claims:\n{$buffer}\nArtica will change permission of this file to 0755 in order to fix this issue and put it into aa-complain mode", 'system'); shell_exec("/bin/chmod 755 \"{$targetedfile}\""); shell_exec(trim("{$GLOBALS["nohup"]} /etc/init.d/dnsmasq restart >/dev/null 2>&1 &")); @unlink($file); WriteFileCache($file); } return; } if (preg_match("#pam_ldap: error trying to bind \\(Invalid credentials\\)#", $buffer, $re)) { $file = "/etc/artica-postfix/croned.1/pam_ldap.Invalid.credentials"; if (IfFileTime($file, 10)) { email_events("pam_ldap: system unable to contact the LDAP server", "system claims:\n{$buffer}\nArtica will reconfigure nss-ldap system\nSome systems request rebooting\nto be sure, reboot your server", 'system'); shell_exec(trim("{$GLOBALS["nohup"]} /usr/share/artica-postfix/bin/artica-install --nsswitch >/dev/null 2>&1 &")); @unlink($file); WriteFileCache($file); } return; } if (preg_match("#net:\\s+failed to bind to server.+?Error: Invalid credentials#", $buffer, $re)) { $file = "/etc/artica-postfix/croned.1/net.Invalid.credentials"; if (IfFileTime($file, 10)) { email_events("Samba/net: system unable to contact the LDAP server", "Samba/net claims:\n{$buffer}\nArtica will reconfigure samba system\n", 'system'); shell_exec(trim("{$GLOBALS["nohup"]} {$GLOBALS["LOCATE_PHP5_BIN"]} /usr/share/artica-postfix/exec.samba.php --build >/dev/null 2>&1 &")); @unlink($file); WriteFileCache($file); } return; } if (preg_match("#pdns.+?:\\s+\\[LdapBackend\\] Unable to search LDAP directory: Starting LDAP search: Can't contact LDAP server#", $buffer, $re)) { events("--> PDNS LDAP FAILED"); $file = "/etc/artica-postfix/croned.1/pdns.Can.t.contact.LDAP.server"; if (IfFileTime($file, 10)) { email_events("PowerDNS: DNS server is unable to contact the LDAP server", "PDNS claims:\n{$buffer}\nArtica will restart PowerDNS service", 'system'); shell_exec(trim("{$GLOBALS["nohup"]} /etc/init.d/pdns restart >/dev/null 2>&1 &")); @unlink($file); WriteFileCache($file); } return; } if (preg_match("#pdns_recursor\\[.*?Failed to update \\. records, RCODE=([0-9]+)#", $buffer, $re)) { events("--> Failed to update \\. records, RCODE={$re[1]}"); $file = "/etc/artica-postfix/croned.1/pdns.failed.to.update.record.{$re[1]}"; if (IfFileTime($file, 2)) { shell_exec(trim("{$GLOBALS["LOCATE_PHP5_BIN"]} /usr/share/artica-postfix/exec.initslapd.php --pdns-recursor >/dev/null 2>&1")); shell_exec(trim("{$GLOBALS["nohup"]} /etc/init.d/pdns-recursor restart >/dev/null 2>&1 &")); } return; } if (preg_match("#pdns(?:\\[\\d{1,5}\\])?: Not authoritative for '.*',.*sending servfail to\\s+(.+?)\\s+\\(recursion was desired\\)#", $buffer, $re)) { events("--> PDNS Hack {$re[2]}"); if ($GLOBALS["PDNS_HACK"] == 1) { $GLOBALS["PDNS_HACK_DB"][$re[2]] = $GLOBALS["PDNS_HACK_DB"][$re[2]] + 1; if ($GLOBALS["PDNS_HACK_DB"][$re[2]] > $GLOBALS["PDNS_HACK_MAX"]) { events("--> PDNS Hack {$re[2]} will be banned"); @file_put_contents("{$GLOBALS["ARTICALOGDIR"]}/pdns-hack-queue/" . time(), $re[2]); unset($GLOBALS["PDNS_HACK_DB"][$re[2]]); } } return; } if (preg_match("#auditd\\[.+?Unable to set audit pid, exiting#", $buffer)) { $file = "/etc/artica-postfix/croned.1/Unable.to.set.audit.pid"; if (IfFileTime($file, 10)) { email_events("Auditd: cannot start", "auditd claims:\n{$buffer}\nIt seems that Auditd cannot start, if you run this computer on an OpenVZ VPS server, be sure that your Administrator has enabled audtid capability\n\t\t\tTake a look here http://bugzilla.openvz.org/show_bug.cgi?id=1157\n\t\t\t\nthis notification is not a good information.\nthe Auditd feature is now disabled\n", 'system'); @unlink($file); @file_put_contents("/etc/artica-postfix/settings/Daemons/EnableAuditd", "0"); shell_exec(trim("{$GLOBALS["nohup"]} /etc/init.d/artica-postfix stop auditd >/dev/null 2>&1 &")); WriteFileCache($file); return; } } if (preg_match("#snort\\[[0-9]+\\]:\\s+\\[.+?\\]\\s+(.+?)\\s+\\[Classification: (.+?)\\]\\s+\\[Priority:\\s+([0-9]+)\\]:\\/s+\\{(.+?)\\}\\s+(.+?):([0-9]+)\\s+->\\s+(.+?):([0-9]+)#", $buffer, $re)) { $md5 = md5($buffer); $filename = "{$GLOBALS["ARTICALOGDIR"]}/snort-queue/" . time() . ".{$md5}.snort"; @file_put_contents($filename, serialize($re)); return; } if (preg_match("#snort\\[.+?:\\s+Can.+?t acquire.+?cooked-mode frame doesn.+?t have room for sll header#", $buffer, $re)) { $file = "/etc/artica-postfix/croned.1/snort.cant.bind"; if (IfFileTime($file, 10)) { email_events("SNORT: Fatal error: could not acquire the network", "snort claims:\n{$buffer}\nIt seems that snort is unable to hook your Interface Card, perhaps your server running in a Xen environnement or any virtual system\nthis notification is not a good information.\nYou should remove the IDS feature from Artica or remove SNORT package\nYour system cannot support IDS system.\nsee http://seclists.org/snort/2011/q2/52\nhttp://support.citrix.com/article/CTX116204", 'system'); @unlink($file); WriteFileCache($file); return; } } if (preg_match("#.+?roundcube-(.+?): FAILED login for (.+?) from ([0-9\\.]+)#", $buffer, $re)) { Roundcubehack($re[1], $re[2], $re[3]); return; } if (preg_match("#net:\\s+failed to bind to server ldap.+?localhost#", $buffer)) { events("--> exec.samba.php --fix-etc-hosts"); shell_exec("{$GLOBALS["nohup"]} {$GLOBALS["LOCATE_PHP5_BIN"]} /usr/share/artica-postfix/exec.samba.php --fix-etc-hosts >/dev/null 2>&1 &"); $file = "/etc/artica-postfix/croned.1/net-ldap-bind"; if (IfFileTime($file, 5)) { shell_exec("{$GLOBALS["nohup"]} /etc/init.d/slapd restart --framework=" . basename(__FILE__) . " >/dev/null 2>&1 &"); WriteFileCache($file); return; } } if (preg_match("#(winbindd|smbd)\\[.+?failed to bind to server.+?Invalid credentials#", $buffer)) { events("SAMBA: Invalid credentials"); $file = "/etc/artica-postfix/croned.1/samba-ldap-credentials"; if (IfFileTime($file, 5)) { if (is_file("/var/lib/samba/winbindd_idmap.tdb")) { @unlink("/var/lib/samba/winbindd_idmap.tdb"); } if (is_file("/var/lib/samba/group_mapping.ldb")) { @unlink("/var/lib/samba/group_mapping.ldb"); } email_events("Samba: could not connect to ldap Invalid credentials", "samba claims:\n{$buffer}\nArtica will try to reconfigure password and restart Samba", 'system'); shell_exec("{$GLOBALS["nohup"]} {$GLOBALS["LOCATE_PHP5_BIN"]} /usr/share/artica-postfix/exec.samba.php --fix-etc-hosts >/dev/null 2>&1 &"); @unlink($file); shell_exec("{$GLOBALS["nohup"]} /etc/init.d/artica-postfix restart samba >/dev/null 2>&1 &"); WriteFileCache($file); } return; } // ------------------------------------------------------------------------------------------------------------------------------------------------- if (preg_match("#failed due to\\s+\\[winbind client not authorized to use winbindd_pam_auth_crap\\.\\s+Ensure permissions on.+?are set correctly#", $buffer)) { events("SQUID: winbindd_pam_auth_crap --> exec.kerbauth.php --winbindfix"); $file = "/etc/artica-postfix/croned.1/winbindd_pam_auth_crap"; if (IfFileTime($file, 5)) { squid_admin_mysql(0, "NTLM: client not authorized to use winbindd_pam_auth_crap", $buffer, __FILE__, __LINE__); shell_exec("{$GLOBALS["nohup"]} {$GLOBALS["LOCATE_PHP5_BIN"]} /usr/share/artica-postfix/exec.kerbauth.php --winbindfix"); @unlink($file); WriteFileCache($file); } return; } // ------------------------------------------------------------------------------------------------------------------------------------------------- if (preg_match("#smbd\\[.+?:\\s+smbd_open_once_socket: open_socket_in: Address already in use#", $buffer)) { events("SMBD: smbd_open_once_socket: open_socket_in: Address already in use"); $file = "/etc/artica-postfix/croned.1/smbd_open_once_socket.open_socket_in.Address.already.in.use"; if (IfFileTime($file, 10)) { email_events("Samba: try to bind ipv6 and ipv4, fixed", "samba claims:\n{$buffer}\n\t\t\tArtica will do \"sysctl net.ipv6.bindv6only=1\" to fix this issue (see https://bugzilla.redhat.com/show_bug.cgi?id=726936)", 'system'); shell_exec("{$GLOBALS["sysctl"]} net.ipv6.bindv6only=1"); @unlink($file); WriteFileCache($file); } return; } // ------------------------------------------------------------------------------------------------------------------------------------------------- if (preg_match("#winbindd.+?Could not receive trustdoms#", $buffer)) { events("WINBIND: Could not receive trustdoms"); $file = "/etc/artica-postfix/croned.1/Could.not.receive.trustdoms"; if (IfFileTime($file, 5)) { events("WINBIND: Could not receive trustdoms -> restart Winbind"); if (function_exists("WriteToSyslogMail")) { WriteToSyslogMail("restart winbindd", basename(__FILE__)); } email_events("Samba: Could not receive trustdoms", "samba claims:\n{$buffer}\nArtica will try to restart winbindd service", 'system'); shell_exec("{$GLOBALS["nohup"]} /etc/init.d/winbind restart >/dev/null 2>&1 &"); @unlink($file); } WriteFileCache($file); return; } if (preg_match("#winbindd\\[.+?ADS uninitialized: No logon servers#", $buffer)) { $file = "/etc/artica-postfix/croned.1/winbindd-No-logon-servers"; events("WINBINDD: ADS uninitialized: No logon servers"); if ($GLOBALS["EnableKerbAuth"] == 1) { if (IfFileTime($file, 3)) { squid_admin_mysql(0, "NTLM: No logon servers", $buffer, __FILE__, __LINE__); events("WINBINDD: EnableKerbAuth:: exec.kerbauth.php --build (do nothing new patch 2012-05-04)"); //shell_exec("{$GLOBALS["nohup"]} {$GLOBALS["LOCATE_PHP5_BIN"]} /usr/share/artica-postfix/exec.kerbauth.php --build &"); WriteFileCache($file); } return; } } if (preg_match("#lessfs\\[.+?send_backlog : failed to connect to the slave#", $buffer, $re)) { $file = "/etc/artica-postfix/croned.1/lessfs.1"; if (IfFileTime($file, 5)) { email_events("lessFS: Replication deduplication to connect to the slave ", "lessFS claims:\n{$buffer}\nPlease check communications with the slave", 'system'); WriteFileCache($file); return; } } if (preg_match("#lessfs\\[.+?send_backlog : invalid message size#", $buffer, $re)) { $file = "/etc/artica-postfix/croned.1/lessfs.2"; if (IfFileTime($file, 5)) { email_events("lessFS: Replication deduplication failed to replicate ", "lessFS claims:\n{$buffer}\nPlease check communications with the slave", 'system'); WriteFileCache($file); return; } } if (preg_match("#lessfs\\[.+?replication_worker : replication is disabled, disconnect#", $buffer, $re)) { $file = "/etc/artica-postfix/croned.1/lessfs.2"; if (IfFileTime($file, 5)) { email_events("lessFS: Replication deduplication failed: Slave is disabled ", "lessFS claims:\n{$buffer}\nPlease check communications with the slave", 'system'); WriteFileCache($file); return; } } if (preg_match("#lessfs\\[.+?Could not recover database : (.+?)#", $buffer, $re)) { $file = "/etc/artica-postfix/croned.1/lessfs.3"; if (IfFileTime($file, 5)) { email_events("lessFS: database {$re[1]} corrupted !!", "lessFS claims:\n{$buffer}\nArtica will try to repair it...", 'system'); shell_exec("lessfsck -o -f -t -c /etc/lessfs.cfg &"); } } if (preg_match("#automount\\[.+?mount.+?unknown filesystem type.+?ext4#", $buffer, $re)) { $file = "/etc/artica-postfix/croned.1/automount.unknown.filesystem.type.ext4"; if (IfFileTime($file, 15)) { email_events("automount: Failed to mount EXT4 !", "automount claims:\n{$buffer}\nYou should upgrade your system in order to obtain the last kernel that enables ext4", 'system'); WriteFileCache($file); } return; } if (preg_match("#automount\\[.+?mount.+?failed to mount\\s+(.+?)\\s+on\\s+(.+)\$#", $buffer, $re)) { $mount_dir = $re[1]; $mount_dest = $re[2]; $md5 = md5("{$mount_dir}{$mount_dest}"); $file = "/etc/artica-postfix/croned.1/automount.{$md5}"; if (IfFileTime($file, 15)) { email_events("automount: Failed to mount {$mount_dir} ", "automount claims:\n{$buffer}\nCheck your connexions settings on automount section", 'system'); WriteFileCache($file); } return; } if (preg_match("#modprobe: WARNING: Error inserting\\s+(.+?)\\s+\\(.+?\\):\\s+No such device#", $buffer, $re)) { email_events("kernel: missing {$re[1]} module", "modprobe claims:\n{$buffer}\nTry to find the right package that store {$re[2]} file", 'VPN'); return; } if (preg_match("#pptp_callmgr.+?Could not open control connection to\\s+([0-9\\.]+)#", $buffer, $re)) { vpn_msql_events("VPN connexion failed to {$re[1]}, unable to create connection tunnel", $buffer, "{$re[1]}"); email_events("VPN connexion failed to {$re[1]}, unable to create connection tunnel ", "{$buffer}", 'VPN'); return; } if (preg_match("#pppd\\[.+?Can.+?t open options file.+?ppp\\/peers\\/(.+?):\\s+No such file or directory#", $buffer, $re)) { email_events("VPN connexion failed for {$re[1]} connection,No such file", "pptp clients claims {$buffer}\\artica will try to rebuild connections", "VPN"); vpn_msql_events("VPN (PPTPD) failed for {$re[1]} connection,No such file", $buffer, "{vpn_server}"); shell_exec(LOCATE_PHP5_BIN2() . " /usr/share/artica-postfix/exec.pptpd.php --clients &"); return; } if (preg_match("#pppd\\[.+?peer refused to authenticate: terminating link#", $buffer, $re)) { vpn_msql_events("VPN (PPTPD) authentification failed from remote host", $buffer, "{vpn_server}"); return; } if (preg_match("#pppd\\[.+?peer refused to authenticate#", $buffer, $re)) { vpn_msql_events("VPN (PPTPD) failed peer refused to authenticate", $buffer, "{vpn_server}"); return; } if (preg_match("#pppd\\[.+?MS-CHAP authentication failed: E=691 Authentication failure#", $buffer, $re)) { vpn_msql_events("VPN (CLIENT) failed server refused to authenticate (Authentication failure)", $buffer, "{vpn_server}"); return; } if (preg_match("#pppd\\[.+?MPPE required but not available#", $buffer, $re)) { vpn_msql_events("VPN (PPTPD) authentification failed MPPE required", $buffer, "{vpn_server}"); return; } if (preg_match("#pptpd\\[.+?CTRL: Client\\s+(.+?)\\s+control connection finished#", $buffer, $re)) { vpn_msql_events("VPN (PPTPD) connection closed for {$re[1]}", $buffer, "{vpn_server}"); return; } if (preg_match("#pppd\\[.+?pptpd-logwtmp\\.so ip-up ppp[0-9]+\\s+(.+?)\\s+([0-9\\.]+)#", $buffer, $re)) { vpn_msql_events("VPN (PPTPD) connection open for {$re[1]} ({$re[2]})", "{$buffer}", '{vpn_server}'); return; } if (preg_match("#slapd\\[(.+?)\\]:.+?OpenLDAP: slapd\\s+([0-9\\.]+)#", $buffer, $re)) { $file = "/etc/artica-postfix/croned.1/openldap-started"; events("OpenLDAP service version {$re[2]} successfully started PID {$re[1]}", "{$buffer}", 'system'); return; } if (preg_match("#monit\\[.+?Sendmail error:\\s+(.+)#", $buffer, $re)) { $file = "/etc/artica-postfix/croned.1/monit-sendmail-failed-" . md5($re[1]); if (IfFileTime($file, 10)) { events("MONIT -> SENDMAIL FAILED"); //email_events("Monit is unable to send notifications","Monit claim \"$buffer\"\ntry to analyze why postfix send this error:\n{$re[1]}",'system'); WriteFileCache($file); return; } } if (strpos($buffer, "pam_ldap: ldap_simple_bind Can't contact LDAP server") > 0) { $file = "/etc/artica-postfix/croned.1/ldap-failed"; if (IfFileTime($file, 10)) { events("pam_ldap -> LDAP FAILED"); email_events("LDAP server is unavailable", "System claim \"{$buffer}\" artica will try to restart LDAP server ", 'system'); WriteFileCache($file); shell_exec("{$GLOBALS["nohup"]} /etc/init.d/slapd restart --framework=" . basename(__FILE__) . " >/dev/null 2>&1 &"); return; } } if (preg_match("#net:\\s+failed to bind to server.+?Error:\\s+Can.?t\\s+contact LDAP server#", $buffer)) { $file = "/etc/artica-postfix/croned.1/ldap-failed"; if (IfFileTime($file, 10)) { events("NET -> LDAP FAILED"); email_events("LDAP server is unavailable", "System claim \"{$buffer}\" artica will try to restart LDAP server ", 'system'); WriteFileCache($file); shell_exec("{$GLOBALS["nohup"]} /etc/init.d/slapd restart --framework=" . basename(__FILE__) . " >/dev/null 2>&1 &"); return; } } if (preg_match("#winbindd\\[.+?failed to bind to server\\s+(.+?)\\s+with dn.+?Error: Can.+?contact LDAP server#", $buffer, $re)) { $file = "/etc/artica-postfix/croned.1/ldap-failed"; if (IfFileTime($file, 10)) { events("winbindd -> LDAP FAILED"); email_events("LDAP server is unavailable", "Samba claim \"{$buffer}\" artica will try to restart LDAP server ", 'system'); WriteFileCache($file); shell_exec("{$GLOBALS["nohup"]} /etc/init.d/slapd restart --framework=" . basename(__FILE__) . " >/dev/null 2>&1 &"); return; } } if (preg_match("#smbd\\[.+?User\\s+(.+?)with invalid SID\\s+(.+?)\\s+in passdb#", $buffer, $re)) { events("SAMBA Invalid SID for {$re[1]}"); $md5 = md5("{$re[1]}{$re[2]}"); $file = "/etc/artica-postfix/croned.1/samba.invalid.sid.{$md5}"; if (IfFileTime($file)) { $unix = new unix(); $localsid = $unix->GET_LOCAL_SID(); $cmd = LOCATE_PHP5_BIN2() . " /usr/share/artica-postfix/exec.samba.synchronize.php"; $GLOBALS["CLASS_UNIX"]->THREAD_COMMAND_SET($cmd); email_events("Samba invalid SID for {$re[1]}", "Samba claim \"{$buffer}\"\nUser:{$re[1]} with sid {$re[2]} has this server has the SID {$localsid}\nArtica will re-sync accounts", 'system'); WriteFileCache($file); } return true; } if (preg_match("#smbd\\[.+?sid\\s+(.+?)\\s+does not belong to our domain#", $buffer, $re)) { events("SAMBA Invalid global SID for {$re[1]}"); $md5 = md5("{$re[1]}"); $file = "/etc/artica-postfix/croned.1/samba.invalid.sid.{$md5}"; if (IfFileTime($file)) { $unix = new unix(); $localsid = $unix->GET_LOCAL_SID(); email_events("Samba global invalid SID for {$re[1]}", "Samba claim \"{$buffer}\"\n{$re[1]} has this server has the real SID {$localsid}\nTry to rebuild the configuration trough artica web Interface", 'system'); WriteFileCache($file); } return true; } if (preg_match("#NetBIOS name\\s+(.+?)\\s+is too long. Truncating to (.+?)#", $buffer, $re)) { events("SAMBA NetBIOS name {$re[1]} is too long"); $file = "/etc/artica-postfix/croned.1/NetBIOSNameTooLong"; if (IfFileTime($file)) { email_events("Samba NetBIOS name {$re[1]} is too long", "Samba claim \"{$buffer}\" \nYou should change your server hostname", 'system'); WriteFileCache($file); } return true; } if (preg_match('#net:\\s+WARNING:\\s+Ignoring invalid value.+?Bad Pasword#', $buffer, $re)) { events("SAMBA unknown parameter Bad Pasword"); $file = "/etc/artica-postfix/croned.1/SambaBadPasword"; if (IfFileTime($file)) { email_events("Samba unknown parameter \"Bad Pasword\"", "Samba claim \"{$buffer}\" Artica will reconfigure samba", 'system'); shell_exec(LOCATE_PHP5_BIN2() . " /usr/share/artica-postfix/exec.samba.php --reconfigure &"); WriteFileCache($file); } return true; } if (preg_match('#smbd\\[.+Ignoring unknown parameter\\s+"hide_unwriteable_files"#', $buffer, $re)) { events("SAMBA unknown parameter hide_unwriteable_files"); $file = "/etc/artica-postfix/croned.1/hide_unwriteable_files"; if (IfFileTime($file)) { email_events("Samba unknown parameter hide_unwriteable_files", "Samba claim \"{$buffer}\" Artica will correct the configuration file", 'system'); shell_exec(LOCATE_PHP5_BIN2() . " /usr/share/artica-postfix/exec.samba.php --fix-HideUnwriteableFiles &"); WriteFileCache($file); } return true; } if (preg_match('#load_usershare_shares: directory\\s+(.+?)\\s+is not owned by root or does not have the sticky bit#', $buffer, $re)) { events("SAMBA load_usershare_shares {$re[1]}"); $file = "/etc/artica-postfix/croned.1/load_usershare_shares"; if (IfFileTime($file)) { email_events("Samba load_usershare_shares permissions issues", "Samba claim \"{$buffer}\" Artica will correct the filesystem directory", 'system'); shell_exec("chmod 1775 {$re['1']}/ &"); shell_exec("chmod chmod +t {$re['1']}/ &"); WriteFileCache($file); } return true; } if (preg_match("#amavis\\[.+?:\\s+\\(.+?\\)TROUBLE\\s+in child_init_hook:#", $buffer, $re)) { events("AMAVIS TROUBLE in child_init_hook"); $file = "/etc/artica-postfix/croned.1/amavis." . md5("AMAVIS:TROUBLE in child_init_hook"); if (IfFileTime($file)) { email_events("Amavis child error", "Amavis claim \"{$buffer}\" the amavis daemon will be restarted", 'postfix'); shell_exec('/etc/init.d/amavis restart &'); WriteFileCache($file); } return true; } if (preg_match("#amavis\\[.+?:\\s+\\(.+?\\)_DIE:\\s+Suicide in child_init_hook#", $buffer, $re)) { events("AMAVIS TROUBLE in child_init_hook"); $file = "/etc/artica-postfix/croned.1/amavis." . md5("AMAVIS:TROUBLE in child_init_hook"); if (IfFileTime($file)) { email_events("Amavis child error", "Amavis claim \"{$buffer}\" the amavis daemon will be restarted", 'postfix'); shell_exec('/etc/init.d/amavis restart &'); WriteFileCache($file); } return true; } if (preg_match("#smbd_audit:\\s+(.+?)\\|(.+?)\\|(.+?)\\|(.+?)\\|(.+?)\\|(.+?)\\|(.+?)\\|(.+?)\$#", $buffer, $re)) { events("{$re[5]}/{$re[8]} in xapian queue"); WriteXapian("{$re[5]}/{$re[8]}"); return true; } if (preg_match("#dansguardian.+?:\\s+Error connecting to proxy#", $buffer, $re)) { $file = "/etc/artica-postfix/croned.1/squid.tostart.error"; if (IfFileTime($file, 2)) { events("Squid not available...! Artica will start squid"); email_events("Proxy error", "DansGuardian claim \"{$buffer}\", Artica will start squid ", 'system'); $GLOBALS["CLASS_UNIX"]->RECONFIGURE_SQUID(); $GLOBALS["CLASS_UNIX"]->THREAD_COMMAND_SET('/etc/init.d/artica-postfix start dansguardian'); WriteFileCache($file); return; } else { events("Proxy error, but take action after 10mn"); return; } } if (preg_match("#zarafa-server.+?INNODB engine is disabled#", $buffer)) { $file = "/etc/artica-postfix/croned.1/zarafa.INNODB.engine"; if (IfFileTime($file, 2)) { events("Zarafa innodb errr"); WriteFileCache($file); return; } else { events("Zarafa innodb err, but take action after 10mn"); return; } } if (preg_match("#zarafa-spooler\\[.+?Unable to open admin session.*?Error ([0-9a-zA-Z]+)#", $buffer, $re)) { $file = "/etc/artica-postfix/croned.1/zarafa.Unable.to.open.admin.session"; events("Unable to open admin session `{$re[1]}` line:" . __LINE__); if (IfFileTime($file, 3)) { $restartZarafa = false; if (preg_match("#0x80040115#", $buffer)) { events("{$re[1]}: Restart required..."); $restartZarafa = true; $restartaction = "\nServer will be restarted...\n"; } else { events("{$re[1]}: Restart NOT required..."); } email_events("zarafa Spooler service error connecting to zarafa server ({$re[1]})", "Zarafa claim \"{$buffer}\"{$restartaction} ", 'system'); WriteFileCache($file); if ($restartZarafa) { events("\"{$GLOBALS["nohup"]} /etc/init.d/zarafa-server restart >/dev/null 2>&1 &\" line:" . __LINE__); shell_exec("{$GLOBALS["nohup"]} /etc/init.d/zarafa-server restart >/dev/null 2>&1 &"); } } return; } if (preg_match("#(.+?)\\[.+?segfault at.+?error.+?in.+?\\[#", $buffer, $re)) { $file = "/etc/artica-postfix/croned.1/segfault.{$re[1]}"; if (IfFileTime($file, 10)) { events("{$re[1]}: segfault"); email_events("{$re[1]}: segfault", "Kernel claim \"{$buffer}\" ", 'system'); WriteFileCache($file); return; } } if (preg_match("#kernel:.+?Out of memory:\\s+kill\\s+process\\s+#", $buffer, $re)) { $file = "/etc/artica-postfix/croned.1/kernel.Out.of.memory"; if (!is_numeric($GLOBALS["NOOUTOFMEMORYREBOOT"])) { $GLOBALS["NOOUTOFMEMORYREBOOT"] = 0; } if (IfFileTime($file, 1)) { if ($GLOBALS["NOOUTOFMEMORYREBOOT"] != 1) { events("Out of memory -> REBOOT !!!"); $uptime = $GLOBALS["CLASS_UNIX"]->uptime(); email_events("Out of memory: reboot action performed Uptime:{$uptime}", "Kernel claim \"{$buffer}\" the server will be rebooted", 'system'); WriteFileCache($file); if ($GLOBALS["SQUID_INSTALLED"]) { squid_admin_mysql(0, "Memory full: System will be rebooted after running after {$uptime}", "System claim \"{$buffer}\" the operating system will be rebooted", __FILE__, __LINE__); } UcarpDown(); shell_exec("{$GLOBALS["SHUTDOWN_BIN"]} -rF now"); return; } else { email_events("Out of memory: your system hang !", "Kernel claim \"{$buffer}\" I suggest rebooting the system", 'system'); WriteFileCache($file); } } } if (preg_match("#kernel:\\s+\\[.+?Out of memory\\s+\\(oom_kill_allocating_task#", $buffer, $re)) { $file = "/etc/artica-postfix/croned.1/kernel.Out.of.memory"; if (!is_numeric($GLOBALS["NOOUTOFMEMORYREBOOT"])) { $GLOBALS["NOOUTOFMEMORYREBOOT"] = 0; } if (IfFileTime($file, 1)) { if ($GLOBALS["NOOUTOFMEMORYREBOOT"] != 1) { events("Out of memory -> REBOOT !!!"); $uptime = $GLOBALS["CLASS_UNIX"]->uptime(); email_events("Out of memory: reboot action performed uptime:{$uptime}", "Kernel claim \"{$buffer}\" the server will be rebooted", 'system'); WriteFileCache($file); if ($GLOBALS["SQUID_INSTALLED"]) { squid_admin_mysql(0, "Memory full: System will be rebooted after running after {$uptime}", "System claim \"{$buffer}\" the operating system will be rebooted", __FILE__, __LINE__); } UcarpDown(); shell_exec("{$GLOBALS["SHUTDOWN_BIN"]} -rF now"); return; } else { email_events("Out of memory: your system hang !", "Kernel claim \"{$buffer}\" I suggest rebooting the system", 'system'); WriteFileCache($file); } } } if (preg_match("#kernel:.+?ata.+?status:\\s+{\\s+DRDY#", $buffer, $re)) { if ($GLOBALS["NODRYREBOOT"] == 1) { events("Hard Disk problem: -> reboot banned"); return; } $file = "/etc/artica-postfix/croned.1/kernel.DRDY"; if (IfFileTime($file, 5)) { events("DRDY -> REBOOT !!!"); exec("/bin/dmesg 2>&1", $results); $array["buffer"] = $buffer; $array["dmsg"] = $results; @mkdir("/etc/artica-postfix/reboot", 644, true); @file_put_contents("/etc/artica-postfix/reboot/" . time(), serialize($array)); email_events("Hard Disk issue: reboot action performed", "Kernel claim \"{$buffer}\" the server will be rebooted\n" . @implode("\n", $results), 'system'); if ($GLOBALS["SQUID_INSTALLED"]) { squid_admin_mysql(0, "Memory full: System will be rebooted after running after {$uptime}", "System claim \"{$buffer}\" the operating system will be rebooted", __FILE__, __LINE__); } UcarpDown(); shell_exec("{$GLOBALS["SHUTDOWN_BIN"]} -rF now"); return; } } if (preg_match("#winbindd\\[.+?resolve_name: unknown name switch type lmhost#", $buffer, $re)) { $file = "/etc/artica-postfix/croned.1/winbindd.lmhost.failed"; if (IfFileTime($file, 10)) { events("winbindd -> lmhost failed"); WriteFileCache($file); $GLOBALS["CLASS_UNIX"]->THREAD_COMMAND_SET("{$GLOBALS["LOCATE_PHP5_BIN"]} /usr/share/artica-postfix/exec.samba.php --fix-lmhost"); return; } } if (preg_match("#nmbd\\[.+?become_logon_server_success: Samba is now a logon server for workgroup (.+?)\\s+on subnet\\s+([A-Z0-9\\._-]+)#", $buffer, $re)) { email_events("Samba (file sharing) started domain {$re[1]}/{$re[2]}", "Samba notice: \"{$buffer}\"", 'system'); return; } if (preg_match("#zarafa-server.+?Unable to connect to database.+?MySQL server on.+?([0-9\\.]+)#", $buffer)) { $file = "/etc/artica-postfix/croned.1/zarafa.MYSQL.CONNECT"; if (IfFileTime($file, 2)) { events("Zarafa Mysql Error errr"); email_events("MailBox server unable connect to database", "Zarafa server claim \"{$buffer}\" ", 'mailbox'); WriteFileCache($file); return; } else { events("MailBox server unable connect to database but take action after 10mn"); return; } } if (preg_match("#winbindd:\\s+Exceeding\\s+[0-9]+\\s+client\\s+connections.+?no idle connection found#", $buffer)) { $file = "/etc/artica-postfix/croned.1/Winbindd.connect.error"; if (IfFileTime($file, 2)) { events("winbindd Error connections"); email_events("Winbindd exceeding connections", "Samba server claim \"{$buffer}\" \nArtica will restart samba", 'system'); shell_exec('/etc/init.d/artica-postfix restart samba &'); WriteFileCache($file); return; } else { events("Winbindd exceeding connections take action after 10mn"); return; } } // -------------------------------------------------------------------- MONIT if (preg_match("#'(.+?)'\\s+total mem amount of\\s+([0-9]+).+?matches resource limit#", $buffer, $re)) { $file = "/etc/artica-postfix/croned.1/mem.globalmem.monit"; if (IfFileTime($file, 10)) { $processname = $re[1]; if (preg_match("#mysqlmulti([0-9]+)#", $processname, $ri)) { $tt = unserialize(@file_get_contents("/etc/artica-postfix/mysql_multi_names.cache")); $instancenem = $tt[$ri[1]]; $re[1] = "Mysql Instance {$ri[1]} ({$instancenem})"; } events("{$re[1]} limit memory exceed"); shell_exec("{$GLOBALS["nohup"]} {$GLOBALS["LOCATE_PHP5_BIN"]} " . dirname(__FILE__) . "/exec.watchdog.php --mem >/dev/null 2>&1 &"); system_admin_events("{$re[1]}: memory limit", "Monitor claim \"{$buffer}\"\n" . @implode("\n", $psarr), __FUNCTION__, __FILE__, __LINE__, "watchdog"); WriteFileCache($file); return; } else { events("{$re[1]} limit memory exceed, but take action after 10mn"); return; } } if (preg_match("#monit\\[.+?'(.+?)'\\s+trying to restart#", $buffer, $re)) { $file = "/etc/artica-postfix/croned.1/restart.{$re[1]}.monit"; if (IfFileTime($file, 5)) { events("{$re[1]} was restarted"); $processname = $re[1]; if (preg_match("#mysqlmulti([0-9]+)#", $processname, $ri)) { $tt = unserialize(@file_get_contents("/etc/artica-postfix/mysql_multi_names.cache")); $instancenem = $tt[$ri[1]]; $re[1] = "Mysql Instance {$ri[1]} ({$instancenem})"; } WriteFileCache($file); return; } else { events("{$re[1]}: stopped, try to restart, but take action after 10mn"); return; } } if (preg_match("#monit\\[.+?mem usage of\\s+([0-9\\.]+)%\\s+matches resource limit#", $buffer, $re)) { $file = "/etc/artica-postfix/croned.1/mem.usage.monit"; if (IfFileTime($file, 15)) { events("{$re[1]}% limit memory exceed"); shell_exec("{$GLOBALS["nohup"]} {$GLOBALS["LOCATE_PHP5_BIN"]} " . dirname(__FILE__) . "/exec.watchdog.php --mem >/dev/null 2>&1 &"); system_admin_events("{$re[1]}% memory limit\nMonitor claim \"{$buffer}\"\n", __FUNCTION__, __FILE__, __LINE__, "watchdog"); WriteFileCache($file); return; } else { events("{$re[1]}% limit memory exceed, but take action after 15mn"); return; } } if (preg_match("#monit\\[.+?'(.+?)'\\s+process is not running#", $buffer, $re)) { $file = "/etc/artica-postfix/croned.1/restart.{$re[1]}.monit"; if (IfFileTime($file, 5)) { events("{$re[1]} was stopped"); $processname = $re[1]; if (preg_match("#mysqlmulti([0-9]+)#", $processname, $ri)) { $tt = unserialize(@file_get_contents("/etc/artica-postfix/mysql_multi_names.cache")); $instancenem = $tt[$ri[1]]; $re[1] = "Mysql Instance {$ri[1]} ({$instancenem})"; } WriteFileCache($file); return; } else { events("{$re[1]}: stopped, but take action after 10mn"); return; } } if (preg_match("#pdns\\[.+?:\\s+binding UDP socket to.+?Address already in use#", $buffer, $re)) { $file = "/etc/artica-postfix/croned.1/restart.pdns.bind.error"; if (IfFileTime($file, 5)) { events("PowerDNS: Unable to bind UDP socket"); email_events("PowerDNS: Unable to bind UDP socket", "Artica will restart PowerDNS", 'system'); $GLOBALS["CLASS_UNIX"]->THREAD_COMMAND_SET('/etc/init.d/artica-postfix restart pdns'); WriteFileCache($file); return; } else { events("PowerDNS: Unable to bind UDP socket: but take action after 10mn"); return; } } //pdns_recursor[5011]: Failed to update . records, RCODE=2 if (preg_match("#pdns_recursor\\[.+?:\\s+Failed to update \\. records, RCODE=2#", $buffer, $re)) { $file = "/etc/artica-postfix/croned.1/restart.pdns.RCODE2.error"; if (IfFileTime($file, 5)) { events("PowerDNS: Unable to query Public DNS"); //email_events("PowerDNS: Unable to query Public DNS","PowerDNS claim: $buffer,It seems that your Public DNS are not available or network is down",'system'); WriteFileCache($file); return; } else { events("PowerDNS: Unable to query Public DNS: but take action after 10mn"); return; } } if (preg_match("#cpu system usage of ([0-9\\.]+)% matches#", $buffer, $re)) { $file = "/etc/artica-postfix/croned.1/cpu.system.monit"; if (IfFileTime($file, 15)) { events("cpu exceed"); system_admin_events("CPU warning {$re[1]}%\nMonitor claim \"{$buffer}\"", __FUNCTION__, __FILE__, __LINE__, "watchdog"); shell_exec("{$GLOBALS["nohup"]} {$GLOBALS["LOCATE_PHP5_BIN"]} " . dirname(__FILE__) . "/exec.watchdog.php --cpu >/dev/null 2>&1 &"); WriteFileCache($file); return; } else { events("cpu exceed, but take action after 10mn"); return; } } if (preg_match("#monit.+?loadavg.+?of\\s+([0-9\\.]+)\\s+matches resource limit#", $buffer, $re)) { $file = "/etc/artica-postfix/croned.1/load.system.monit"; if (IfFileTime($file, 15)) { events("Load exceed"); system_admin_events("Load warning {$re[1]}\nMonitor claim \"{$buffer}\"", __FUNCTION__, __FILE__, __LINE__, "watchdog"); shell_exec("{$GLOBALS["nohup"]} {$GLOBALS["LOCATE_PHP5_BIN"]} " . dirname(__FILE__) . "/exec.watchdog.php --loadavg >/dev/null 2>&1 &"); WriteFileCache($file); return; } else { events("Load exceed, but take action after 15mn"); return; } } if (preg_match("#monit.+?'(.+)'\\s+start:#", $buffer, $re)) { $file = "/etc/artica-postfix/croned.1/monit.start.{$re[1]}"; if (IfFileTime($file, 5)) { events("{$re[1]} start"); WriteFileCache($file); return; } else { events("{$re[1]} start, but take action after 10mn"); return; } } if (preg_match("#monit\\[.+?:\\s+'(.+?)'\\s+process is running with pid\\s+([0-9]+)#", $buffer, $re)) { $file = "/etc/artica-postfix/croned.1/monit.run.{$re[1]}"; if (IfFileTime($file, 5)) { events("{$re[1]} running"); WriteFileCache($file); return; } else { events("{$re[1]} running, but take action after 10mn"); return; } } if (preg_match("#nmbd.+?:\\s+Cannot sync browser lists#", $buffer, $re)) { $file = "/etc/artica-postfix/croned.1/samba.CannotSyncBrowserLists.error"; if (IfFileTime($file)) { events("Samba cannot sync browser list, remove /var/lib/samba/wins.dat"); @unlink("/var/lib/samba/wins.dat"); WriteFileCache($file); } else { events("Samba error:{$buffer}, but take action after 10mn"); return; } } if (preg_match("#freshclam.+?:\\s+Database updated \\(([0-9]+)\\s+signatures\\) from .+?#", $buffer, $re)) { email_events("ClamAV Database Updated {$re[1]} signatures", "{$buffer}", 'update'); shell_exec("{$GLOBALS["nohup"]} {$GLOBALS["LOCATE_PHP5_BIN"]} " . basename(__FILE__) . "/exec.clamavsig.php >/dev/null 2>&1 &"); return; } if (preg_match("#freshclam\\[.+?:\\s+Database updated\\s+\\(#", $buffer, $re)) { shell_exec("{$GLOBALS["nohup"]} {$GLOBALS["LOCATE_PHP5_BIN"]} " . basename(__FILE__) . "/exec.clamavsig.php >/dev/null 2>&1 &"); } if (preg_match("#freshclam.+?Can.+?t\\s+connect to port\\s+([0-9]+)\\s+of\\s+host\\s+(.+?)\\s+#", $buffer, $re)) { $host = $re[2] . ":" . $re[1]; $file = "/etc/artica-postfix/croned.1/freshclam.error." . md5($host); if (IfFileTime($file)) { email_events("Unable to update ClamAV Databases from {$host}", "freshclam claim {$buffer}\nCheck is this server hav access to Internet\nCheck your proxy configuration", 'update'); WriteFileCache($file); return; } else { events("KAV4PROXY error:{$buffer}, but take action after 10mn"); return; } } if (preg_match("#KASERROR.+?NOLOGID.+?Can.+?find user mailflt3#", $buffer)) { $file = "/etc/artica-postfix/croned.1/KASERROR.NOLOGID.mailflt3"; if (IfFileTime($file)) { $GLOBALS["CLASS_UNIX"]->THREAD_COMMAND_SET('/usr/share/artica-postfix/bin/artica-install --mailflt3'); WriteFileCache($file); return; } else { events("KASERROR error:{$buffer}, but take action after 10mn"); return; } } if (preg_match("#lmtp.+?status=deferred.+?lmtp\\]:.+?(No such file or directory|Too many levels of symbolic links)#", $buffer, $re)) { $file = "/etc/artica-postfix/croned.1/cyrus.lmtp.failed"; if (IfFileTime($file)) { email_events("cyrus-imapd socket error", "Postfix claim \"{$buffer}\", Artica will restart cyrus", 'system'); $GLOBALS["CLASS_UNIX"]->THREAD_COMMAND_SET('/usr/share/artica-postfix/bin/artica-install --cyrus-checkconfig'); $GLOBALS["CLASS_UNIX"]->THREAD_COMMAND_SET('/etc/init.d/cyrus-imapd restart'); $GLOBALS["CLASS_UNIX"]->THREAD_COMMAND_SET("{$GLOBALS["LOCATE_PHP5_BIN"]} /usr/share/artica-postfix/exec.postfix.main.cf.php --imap-sockets"); cyrus_socket_error($buffer, $re[1] . "lmtp"); WriteFileCache($file); return; } else { events("CYRUS error:{$buffer}, but take action after 10mn"); return; } } if (preg_match("#rsyncd\\[.+?:\\s+recv.+?\\[(.+?)\\].+?([0-9]+)\$#", $buffer, $re)) { $file = md5($buffer); @mkdir('{$GLOBALS["ARTICALOGDIR"]}/rsync', null, true); $f["IP"] = $re[1]; $f["DATE"] = date('Y-m-d H:00:00'); $f["SIZE"] = $re[2]; @file_put_contents("{$GLOBALS["ARTICALOGDIR"]}/rsync/{$file}", serialize($f)); } if (preg_match("#kavmilter.+?Can.+?t load keys: No active key#", $buffer, $re)) { $file = "/etc/artica-postfix/croned.1/kavmilter.key.failed"; if (IfFileTime($file)) { email_events("Kaspersky Antivirus Mail license error", "KavMilter claim \"{$buffer}\"", 'system'); WriteFileCache($file); return; } else { events("Kaspersky Antivirus Mail license error:{$buffer}, but take action after 10mn"); return; } } if (preg_match("#kavmd.+?Can.+?t load keys:.+?#", $buffer, $re)) { $file = "/etc/artica-postfix/croned.1/kavmd.key.failed"; if (IfFileTime($file)) { email_events("Kaspersky Antivirus Mail license error", "Kaspersky Antivirus Mail claim \"{$buffer}\"", 'system'); WriteFileCache($file); return; } else { events("Kaspersky Antivirus Mail license error:{$buffer}, but take action after 10mn"); return; } } if (preg_match("#kavmd.+?ERROR Engine problem#", $buffer, $re)) { $file = "/etc/artica-postfix/croned.1/kavmd.engine.failed"; if (IfFileTime($file)) { email_events("Kaspersky Antivirus Mail Engine error", "Kaspersky Antivirus Mail claim \"{$buffer}\"", 'system'); WriteFileCache($file); return; } else { events("Kaspersky Antivirus Mail Engine error:{$buffer}, but take action after 10mn"); return; } } if (preg_match("#kavmilter.+?WARNING.+?Your AV signatures are older than#", $buffer, $re)) { $file = "/etc/artica-postfix/croned.1/kavmilter.upd.failed"; if (IfFileTime($file)) { email_events("Kaspersky Antivirus Mail AV signatures are older", "KavMilter claim \"{$buffer}\"", 'system'); WriteFileCache($file); return; } else { events("Kaspersky Antivirus update license error:{$buffer}, but take action after 10mn"); return; } } if (preg_match("#dansguardian.+?Error compiling regexp#", $buffer, $re)) { $file = "/etc/artica-postfix/croned.1/dansguardian.compiling.regexp"; if (IfFileTime($file)) { email_events("Dansguardian failed to start", "Dansguardian claim \"{$buffer}\"", 'system'); WriteFileCache($file); return; } else { events("Dansguardian failed to start:{$buffer}, but take action after 10mn"); return; } } if (preg_match("#kavmilter.+?Invalid value specified for SendmailPath#", $buffer, $re)) { $file = "/etc/artica-postfix/croned.1/kavmilter.SendmailPath.Invalid"; if (IfFileTime($file)) { events("Check SendmailPath for kavmilter"); $GLOBALS["CLASS_UNIX"]->THREAD_COMMAND_SET("{$GLOBALS["LOCATE_PHP5_BIN"]} /usr/share/artica-postfix/exec.kavmilter.php --SendmailPath"); WriteFileCache($file); return; } else { events("Check SendmailPath for kavmilter:{$buffer}, but take action after 10mn"); return; } } if (preg_match("#KAVMilter Error.+?Group.+?Default.+?has error#", $buffer, $re)) { $file = "/etc/artica-postfix/croned.1/kavmilter.Default.error"; if (IfFileTime($file)) { events("Check Group default for kavmilter"); $GLOBALS["CLASS_UNIX"]->THREAD_COMMAND_SET("{$GLOBALS["LOCATE_PHP5_BIN"]} /usr/share/artica-postfix/exec.kavmilter.php --default-group"); WriteFileCache($file); return; } else { events("Check Group default for kavmilter:{$buffer}, but take action after 10mn"); return; } } if (preg_match("#kavmilter.+?Message INFECTED from (.+?)\\(remote:\\[(.+?)\\).+?with\\s+(.+?)\$#", $buffer, $re)) { events("KAVMILTER INFECTION <{$re[1]}> {$re[2]}"); infected_queue("kavmilter", trim($re[1]), trim($re[2]), trim($re[3])); return; } if (preg_match("#pdns\\[.+?\\[LdapBackend.+?Ldap connection to server failed#", $buffer, $re)) { $file = "/etc/artica-postfix/croned.1/pdns.ldap.error"; if (IfFileTime($file)) { events("PDNS LDAP FAILED"); email_events("PowerDNS ldap connection failed", "PowerDNS claim \"{$buffer}\"", 'system'); WriteFileCache($file); return; } else { events("PDNS FAILED:{$buffer}, but take action after 10mn"); return; } } if (preg_match("#master.+?cannot find executable for service.+?sieve#", $buffer, $re)) { $file = "/etc/artica-postfix/croned.1/cyrus.sieve.error"; if (IfFileTime($file)) { events("Check sieve path"); $GLOBALS["CLASS_UNIX"]->THREAD_COMMAND_SET("/usr/share/artica-postfix/bin/artica-install --reconfigure-cyrus"); WriteFileCache($file); return; } else { events("Check sieve path error :{$buffer}, but take action after 10mn"); return; } } if (preg_match("#smbd\\[.+?write_data: write failure in writing to client 0.0.0.0. Error Connection reset by peer#", $buffer, $re)) { $file = "/etc/artica-postfix/croned.1/samba.Error.Connection.reset.by.peer.error"; if (IfFileTime($file)) { events("Check sieve Error Connection reset by peer"); $text[] = "Your MS Windows computers should not have access to the server cause network generic errors"; $text[] = "- Check these parameters:"; $text[] = "- Check if Apparmor or SeLinux are disabled on the server."; $text[] = "- Check your hard drives by this command-line: hdparm -tT /dev/sda(0-9)"; $text[] = "- Check that 137|138|139|445 ports is open from workstation to this server"; $text[] = "- Check network switch or hub connection between this server and your workstations."; $text[] = "- Try to add this registry key [HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Disk]\n\t\"TimeOutValue\"=dword:0000003c"; email_events("Samba network error", "Samba claim \"{$buffer}\"\n" . implode("\n", $text), 'system'); WriteFileCache($file); return; } else { events("Check sieve Error Connection reset by peer :{$buffer}, but take action after 10mn"); return; } } $mem = round(memory_get_usage() / 1024 / 1000, 2); events_not_filtered("Not Filtered:\"{$buffer}\" (line " . __LINE__ . ") memory: {$mem}MB"); }
$kill = $unix->find_program("kill"); $pid = @file_get_contents($EXEC_PID_FILE); if ($unix->process_exists($pid, basename(__FILE__))) { $TimePid = $unix->PROCCESS_TIME_MIN($pid); if ($TimePid > 30) { posix_kill(intval($pid), 9); } else { if (!$GLOBALS["FORCE"]) { print "Starting......: " . date("H:i:s") . " Checking (L." . __LINE__ . ") Squid Already executed pid {$pid} since {$TimePid}mn ...\n"; die; } } } echo "Starting......: " . date("H:i:s") . " [SERV]: is connected to remote appliance ? `{$EnableRemoteStatisticsAppliance}`\n"; if ($EnableRemoteStatisticsAppliance == 1) { squid_admin_notifs("Start to rebuilding Proxy settings", "MAIN", __FILE__, __LINE__); $r = new squid_stats_appliance(); echo "Starting......: " . date("H:i:s") . " [SERV]: ################################\n"; echo "Starting......: " . date("H:i:s") . " [SERV]: # This server is connected to: #\n"; echo "Starting......: " . date("H:i:s") . " [SERV]: # {$r->URI} #\n"; echo "Starting......: " . date("H:i:s") . " [SERV]: ################################\n"; remote_appliance_restore_tables(); } build_progress("{reconfigure}", 5); squid_reconfigure_build_tool(); build_progress("{reconfigure}", 10); squid_pactester(); build_progress("{reconfigure}", 15); $childpid = posix_getpid(); $sock = new sockets(); $squid_user = SquidUser();
function CleanMysqlDatabase($PURGE_ALL = false) { $filter = null; $users = new usersMenus(); $unix = new unix(); $pidfile = "/etc/artica-postfix/pids/" . basename(__FILE__) . "." . __FUNCTION__ . ".pid"; $timefile = "/etc/artica-postfix/pids/logrotate." . __FUNCTION__ . ".time"; $pid = @file_get_contents("{$pidfile}"); if ($unix->process_exists($pid, basename(__FILE__))) { system_admin_events("Already executed PID {$pid}", __FUNCTION__, __FILE__, __LINE__, "logrotate"); die; } @file_put_contents($pidfile, getmypid()); $time = $unix->file_time_min($timefile); if (!$PURGE_ALL) { if (!$GLOBALS["FORCE"]) { if ($time < 15) { events("No less than 15mn or delete {$timefile} file to force..."); system_admin_events("No less than 15mn or delete {$timefile} file", __FUNCTION__, __FILE__, __LINE__, "logrotate"); return; } } } @unlink($timefile); @file_put_contents($timefile, time()); $sock = new sockets(); $MySQLSyslogType = $sock->GET_INFO("MySQLSyslogType"); $EnableSyslogDB = $sock->GET_INFO("EnableSyslogDB"); if (!is_numeric($EnableSyslogDB)) { $EnableSyslogDB = 0; } if (!is_numeric($MySQLSyslogType)) { $MySQLSyslogType = 1; } if ($MySQLSyslogType == 0) { $MySQLSyslogType = 4; } $LogRotatePath = $sock->GET_INFO("LogRotatePath"); if ($LogRotatePath == null) { $LogRotatePath = "/home/logrotate"; } $TuningParameters = unserialize(base64_decode($sock->GET_INFO("MySQLSyslogParams"))); if ($EnableSyslogDB == 1) { if ($MySQLSyslogType == 2) { events("Is a client of remote MySQL server , aborting"); if ($GLOBALS["VERBOSE"]) { echo "Is a client of remote MySQL server , aborting\n"; } return; } } $LogRotateCompress = 1; $LogRotatePath = $sock->GET_INFO("LogRotatePath"); $SystemLogsPath = $sock->GET_INFO("SystemLogsPath"); $BackupMaxDays = $sock->GET_INFO("BackupMaxDays"); $BackupMaxDaysDir = $sock->GET_INFO("BackupMaxDaysDir"); $BackupSquidLogsUseNas = $sock->GET_INFO("BackupSquidLogsUseNas"); if ($SystemLogsPath == null) { $SystemLogsPath = "/var/log"; } $MySQLSyslogType = $sock->GET_INFO("MySQLSyslogType"); $EnableSyslogDB = $sock->GET_INFO("EnableSyslogDB"); if (!is_numeric($EnableSyslogDB)) { $EnableSyslogDB = 0; } if (!is_numeric($MySQLSyslogType)) { $MySQLSyslogType = 1; } if (!is_numeric($BackupSquidLogsUseNas)) { $BackupSquidLogsUseNas = 0; } if ($EnableSyslogDB == 1) { if ($MySQLSyslogType != 1) { return; } } if (!is_numeric($BackupMaxDays)) { $BackupMaxDays = 30; } if ($LogRotatePath == null) { $LogRotatePath = "/home/logrotate"; } if ($BackupMaxDaysDir == null) { $BackupMaxDaysDir = "/home/logrotate_backup"; } $mount = new mount("/var/log/artica-postfix/logrotate.debug"); if ($BackupSquidLogsUseNas == 1) { $BackupSquidLogsNASIpaddr = $sock->GET_INFO("BackupSquidLogsNASIpaddr"); $BackupSquidLogsNASFolder = $sock->GET_INFO("BackupSquidLogsNASFolder"); $BackupSquidLogsNASUser = $sock->GET_INFO("BackupSquidLogsNASUser"); $BackupSquidLogsNASPassword = $sock->GET_INFO("BackupSquidLogsNASPassword"); $BackupSquidLogsNASRetry = $sock->GET_INFO("BackupSquidLogsNASRetry"); if (!is_numeric($BackupSquidLogsNASRetry)) { $BackupSquidLogsNASRetry = 0; } $mountPoint = "/mnt/BackupSquidLogsUseNas"; if (!$mount->smb_mount($mountPoint, $BackupSquidLogsNASIpaddr, $BackupSquidLogsNASUser, $BackupSquidLogsNASPassword, $BackupSquidLogsNASFolder)) { events("Unable to connect to NAS storage system (1): {$BackupSquidLogsNASUser}@{$BackupSquidLogsNASIpaddr}"); if ($BackupSquidLogsNASRetry == 0) { return; } sleep(3); $mount = new mount("/var/log/artica-postfix/logrotate.debug"); if (!$mount->smb_mount($mountPoint, $BackupSquidLogsNASIpaddr, $BackupSquidLogsNASUser, $BackupSquidLogsNASPassword, $BackupSquidLogsNASFolder)) { events("Unable to connect to NAS storage system (2): {$BackupSquidLogsNASUser}@{$BackupSquidLogsNASIpaddr}"); return; } } $BackupMaxDaysDir = "{$mountPoint}/artica-backup-syslog/{$users->hostname}"; } @mkdir("{$BackupMaxDaysDir}", 0755, true); if (!is_dir($BackupMaxDaysDir)) { if ($GLOBALS["VERBOSE"]) { echo "Fatal {$BackupMaxDaysDir} permission denied\n"; } events("Fatal {$BackupMaxDaysDir} permission denied"); squid_admin_notifs("SYSLOG: FATAL {$BackupMaxDaysDir} permission denied", __FUNCTION__, __FILE__, __LINE__); system_admin_events($q->mysql_error, __FUNCTION__, __FILE__, __LINE__, "logrotate"); if ($BackupSquidLogsUseNas == 1) { $mount->umount($mountPoint); } return false; } $t = time(); @file_put_contents("{$BackupMaxDaysDir}/{$t}", time()); if (!is_file("{$BackupMaxDaysDir}/{$t}")) { events("Fatal {$BackupMaxDaysDir} permission denied"); if ($GLOBALS["VERBOSE"]) { echo "Fatal {$BackupMaxDaysDir} permission denied\n"; } squid_admin_notifs("SYSLOG: FATAL {$BackupMaxDaysDir} permission denied", __FUNCTION__, __FILE__, __LINE__); system_admin_events($q->mysql_error, __FUNCTION__, __FILE__, __LINE__, "logrotate"); if ($BackupSquidLogsUseNas == 1) { $mount->umount($mountPoint); } return false; } @unlink("{$BackupMaxDaysDir}/{$t}"); if ($BackupSquidLogsUseNas == 1) { if (is_dir("/home/logrotate_backup")) { $files = $unix->DirFiles("/home/logrotate_backup"); events("Scanning the old storage systems.. " . count($files) . " file(s)"); while (list($basename, $none) = each($files)) { $filepath = "/home/logrotate_backup/{$basename}"; if ($GLOBALS["VERBOSE"]) { echo "Checking \"{$filepath}\"\n"; } $size = @filesize($filepath); if ($size < 20) { events("Removing {$filepath}"); @unlink($filepath); continue; } if (!@copy($filepath, "{$BackupMaxDaysDir}/{$basename}")) { events("copy Failed {$filepath} to \"{$BackupMaxDaysDir}/{$basename}\" permission denied..."); continue; } events("Move {$filepath} to {$BackupSquidLogsNASIpaddr} success..."); @unlink($filepath); } } } if ($PURGE_ALL == false) { $filter = "WHERE filetime<DATE_SUB(NOW(),INTERVAL {$BackupMaxDays} DAY)"; } if ($EnableSyslogDB == 1) { $q = new mysql_storelogs(); $sql = "SELECT `filename`,`hostname`,`storeid` FROM `files_info` {$filter}"; if ($GLOBALS["VERBOSE"]) { echo "{$sql}\n"; } $results = $q->QUERY_SQL($sql); if (!$q->ok) { system_admin_events($q->mysql_error, __FUNCTION__, __FILE__, __LINE__); return; } $Count = mysql_num_rows($results); $c = 0; while ($ligne = mysql_fetch_assoc($results)) { $c++; if ($GLOBALS["VERBOSE"]) { echo "{$c}/{$Count} ******** {$ligne["filename"]} {$ligne["storeid"]} *********\n"; } if (!$q->ExtractFile("{$BackupMaxDaysDir}/{$ligne["hostname"]}.{$ligne["filename"]}", $ligne["storeid"])) { if ($GLOBALS["VERBOSE"]) { echo "{$c}/{$Count} ******** {$ligne["filename"]} ExtractFile() = FALSE !!! *********\n"; } continue; } if ($GLOBALS["VERBOSE"]) { echo "{$c}/{$Count} DelteItem({$ligne["storeid"]}) *********\n"; } $q->DelteItem($ligne["storeid"]); if ($GLOBALS["VERBOSE"]) { echo "********* EVENTS NOW --->\n"; } $q->events("{$ligne["filename"]} saved into {$BackupMaxDaysDir}"); if ($GLOBALS["VERBOSE"]) { echo "\n\n###### {$c}/{$Count} Continue to Next ##########\n"; } } $sql = "SELECT `filename`,`hostname`,`storeid` FROM `accesslogs` {$filter}"; if ($GLOBALS["VERBOSE"]) { echo "{$sql}\n"; } $results = $q->QUERY_SQL($sql); if (!$q->ok) { system_admin_events($q->mysql_error, __FUNCTION__, __FILE__, __LINE__); return; } $Count = mysql_num_rows($results); $c = 0; while ($ligne = mysql_fetch_assoc($results)) { $c++; if (!$q->ExtractAccessFile("{$BackupMaxDaysDir}/{$ligne["hostname"]}.{$ligne["filename"]}", $ligne["storeid"])) { continue; } $q->DelteAccessItem($ligne["storeid"]); $q->events("{$ligne["filename"]} saved into {$BackupMaxDaysDir}"); } if ($BackupSquidLogsUseNas == 1) { $mount->umount($mountPoint); } return; } $q = new mysql_syslog(); $sql = "SELECT `filename`,`taskid`,`filesize`,`filetime` FROM `store` {$filter}"; $results = $q->QUERY_SQL($sql); if ($GLOBALS["VERBOSE"]) { echo "{$sql} ({$q->mysql_error}) " . mysql_num_rows($results) . " file(s)\n"; } if (!$q->ok) { system_admin_events($q->mysql_error, __FUNCTION__, __FILE__, __LINE__); return; } while ($ligne = mysql_fetch_assoc($results)) { if ($GLOBALS["VERBOSE"]) { echo "Processing {$ligne["filename"]}\n"; } if (!ExtractFileFromDatabase($ligne["filename"], $BackupMaxDaysDir)) { events("Unable to extract {$ligne["filename"]} to {$BackupMaxDaysDir}"); squid_admin_notifs("SYSLOG: Unable to extract {$ligne["filename"]} to {$BackupMaxDaysDir}", __FUNCTION__, __FILE__, __LINE__); if ($BackupSquidLogsUseNas == 1) { $mount->umount($mountPoint); } return false; } else { events("Success extracting {$ligne["filename"]} to {$BackupMaxDaysDir}"); } } if ($BackupSquidLogsUseNas == 1) { $mount->umount($mountPoint); } }
function rebuildcaches() { $logFile = "/usr/share/artica-postfix/ressources/logs/web/rebuild-cache.txt"; $pidfile = "/etc/artica-postfix/pids/" . basename(__FILE__) . "." . __FUNCTION__ . ".pid"; $pid = @file_get_contents($pidfile); if ($pid < 100) { $pid = null; } $unix = new unix(); $sock = new sockets(); if ($unix->process_exists($pid, basename(__FILE__))) { ouputz("Already process exists {$pid}, aborting", __LINE__); die; } $mypid = getmypid(); @file_put_contents($pidfile, $mypid); @unlink($logFile); ouputz("Please wait, rebuild caches....", __LINE__); $t = time(); ouputz("Listing caches....", __LINE__); $array = ListCaches(); $mv = $unix->find_program("mv"); $rm = $unix->find_program("rm"); $php5 = $unix->LOCATE_PHP5_BIN(); ouputz(count($array) . " caches to delete...", __LINE__); if (count($array) == 0) { ouputz("Fatal, unable to list available caches...", __LINE__); squid_admin_mysql(0, "Fatal, unable to list available caches", null, __FILE__, __LINE__); @unlink("/etc/artica-postfix/squid.lock"); die; } $t = time(); @unlink("/etc/artica-postfix/squid.lock"); @file_put_contents("/etc/artica-postfix/squid.lock", time()); $squidbin = $unix->LOCATE_SQUID_BIN(); if (!is_file($squidbin)) { ouputz("squid, no such binary file", __LINE__); @unlink("/etc/artica-postfix/squid.lock"); return; } squid_admin_mysql(1, "Stopping Proxy service in order to rebuild caches", null, __FILE__, __LINE__); ouputz("Stopping squid, please wait...", __LINE__); if (function_exists("debug_backtrace")) { $trace = debug_backtrace(); if (isset($trace[1])) { $sourcefunction = $trace[1]["function"]; $sourceline = $trace[1]["line"]; $executed = "Executed by {$sourcefunction}() line {$sourceline}\nusing argv:{$GLOBALS["ARGVS"]}\n"; } } squid_admin_notifs("Asking to Stop Squid for rebuilding caches\n" . @implode("\n", $GLOBALS["LOGS"]) . "\n{$executed}", __FUNCTION__, __FILE__, __LINE__, "proxy"); shell_exec("/etc/init.d/squid stop --force --script=" . basename(__FILE__)); if ($GLOBALS["REPORT"]) { while (list($cache_dir, $ligne) = each($array)) { $DIRARRAY = $unix->DIR_STATUS($cache_dir); $size = $array["SIZE"]; $used = $array["USED"]; $pourc = $array["POURC"]; $mounted = $array["MOUNTED"]; $logs[] = "{$cache_dir} size: {$size}, used:{$used} {$pourc}% mounted on {$mounted}"; } squid_admin_mysql(2, "Report on caches status", @implode("\n", $logs), __FILE__, __LINE__); } while (list($cache_dir, $ligne) = each($array)) { if (preg_match("#MemBooster#", $cache_dir)) { squid_admin_mysql(1, "Removing cache {$cache_dir}", null, __FILE__, __LINE__); ouputz("Removing {$cache_dir} content...", __LINE__); squid_admin_mysql(2, "Removing cache {$cache_dir} done", null, __FILE__, __LINE__); shell_exec("{$rm} -rf {$cache_dir}/*"); continue; } $DISK_STATUS = $unix->DF_SATUS_K($cache_dir); $DIRECTORY_SIZE = $unix->DIRSIZE_BYTES($cache_dir) / 1024 / 1024; $AIVA = $DISK_STATUS["AIVA"] * 1024; if ($AIVA < 10) { ouputz("Removing {$cache_dir} '{$DIRECTORY_SIZE}'M Available {$AIVA}M", __LINE__); shell_exec("{$rm} -rf {$cache_dir}"); ouputz("re-create {$cache_dir}", __LINE__); squid_admin_mysql(2, "Re-create {$cache_dir}", null, __FILE__, __LINE__); @mkdir($cache_dir, 0755, true); @chown($cache_dir, "squid"); @chgrp($cache_dir, "squid"); continue; } $DIRECTORY_SIZE_NEC = $DIRECTORY_SIZE * 2; if ($AIVA < $DIRECTORY_SIZE_NEC) { ouputz("Removing {$cache_dir} '{$DIRECTORY_SIZE}'M Available {$AIVA}M", __LINE__); shell_exec("{$rm} -rf {$cache_dir}"); ouputz("re-create {$cache_dir}", __LINE__); squid_admin_mysql(2, "Re-create {$cache_dir}", null, __FILE__, __LINE__); @mkdir($cache_dir, 0755, true); @chown($cache_dir, "squid"); @chgrp($cache_dir, "squid"); continue; } $cachesRename[] = "{$cache_dir}-delete-{$t}"; ouputz("Moving {$cache_dir} to {$cache_dir}-delete-{$t}...", __LINE__); exec("{$mv} {$cache_dir} {$cache_dir}-delete-{$t} 2>&1", $results); $results = array(); while (list($num, $ll) = each($results)) { ouputz("{$ligne}", __LINE__); } ouputz("re-create {$cache_dir}", __LINE__); squid_admin_mysql(2, "Re-create {$cache_dir}", null, __FILE__, __LINE__); @mkdir($cache_dir, 0755, true); @chown($cache_dir, "squid"); @chgrp($cache_dir, "squid"); } $su = $unix->find_program("su"); $results = array(); ouputz("Building new caches {$su} -c \"{$squidbin} -z\" squid", __LINE__); exec("{$su} -c \"{$squidbin} -z\" squid 2>&1", $results); while (list($num, $ligne) = each($results)) { ouputz("{$ligne}", __LINE__); } ouputz("Remove lock file...", __LINE__); @unlink("/etc/artica-postfix/squid.lock"); ouputz("Starting squid, please wait...", __LINE__); if (function_exists("debug_backtrace")) { $trace = debug_backtrace(); if (isset($trace[1])) { $sourcefunction = $trace[1]["function"]; $sourceline = $trace[1]["line"]; $executed = "Executed by {$sourcefunction}() line {$sourceline}\nusing argv:{$GLOBALS["ARGVS"]}\n"; } } squid_admin_notifs("Asking to start squid after rebuilding caches...\n{$executed}", __FUNCTION__, __FILE__, __LINE__, "proxy"); squid_admin_mysql(2, "Starting Proxy Service", null, __FILE__, __LINE__); shell_exec("{$php5} /usr/share/artica-postfix/exec.squid.watchdog.php --start"); for ($i = 0; $i < 60; $i++) { $array = $unix->squid_get_cache_infos(); if (count($array) > 0) { break; } ouputz("Waiting {$i}s/60 to Squid-cache be ready...", __LINE__); sleep(1); } ouputz("Done... Squid-cache seems to be ready...", __LINE__); squid_admin_mysql(2, "Reloading {$squidbin} cache", null, __FILE__, __LINE__); ouputz("Reloading {$squidbin} cache", __LINE__); $results = array(); squid_watchdog_events("Reconfiguring Proxy parameters..."); if (function_exists("debug_backtrace")) { $trace = debug_backtrace(); if (isset($trace[1])) { $file = basename($trace[1]["file"]); $function = $trace[1]["function"]; $line = $trace[1]["line"]; $called = "Called by {$function}() from line {$line}"; } } $cmd = "/etc/init.d/squid reload --script=" . basename(__FILE__) . " >/dev/null"; shell_exec($cmd); $NICE = $unix->EXEC_NICE(); $nohup = $unix->find_program("nohup"); ouputz("Refresh caches information, please wait...", __LINE__); shell_exec("{$php5} /usr/share/artica-postfix/exec.squid.php --cache-infos --force"); if (is_array($cachesRename)) { reset($cachesRename); while (list($index, $cache_dir) = each($cachesRename)) { $cmd = "{$nohup} {$NICE} {$rm} -rf {$cache_dir} >/dev/null 2>&1 &"; squid_admin_mysql(2, "Ask to delete old cache dir {$cache_dir} done", "{$called}", __FILE__, __LINE__); ouputz("Deleting {$cache_dir} {$cmd}", __LINE__); shell_exec($cmd); } } $took = $unix->distanceOfTimeInWords($t, time()); squid_admin_mysql(2, "All Proxy caches was rebuilded took: {$took}", "{$called}", __FILE__, __LINE__); $sock->TOP_NOTIFY("All Proxy caches was rebuilded took: {$took}", "info"); }