function pattern_save() { $q = new mysql(); $ipclass = new IP(); $tr = explode("\n", $_POST["pattern-save"]); $f = array(); while (list($num, $ligne) = each($tr)) { $ligne = trim($ligne); if ($ligne == null) { continue; } if (!$ipclass->isIPAddressOrRange($ligne)) { continue; } $f[] = "('{$_POST["routerid"]}','{$_POST["destination"]}','{$ligne}','{$_POST["service"]}')"; } if (count($f) > 0) { $sql = "INSERT IGNORE INTO `firehol_routers_exclude` (routerid,`destination`,`pattern`,`service`) VALUES " . @implode(",", $f); $q->QUERY_SQL($sql, "artica_backup"); if (!$q->ok) { echo $q->mysql_error; } } }
function BlockIPs() { $ipClass = new IP(); $unix = new unix(); $tmpdir = $unix->TEMP_DIR(); $curl = new ccurl("https://rules.emergingthreatspro.com/fwrules/emerging-Block-IPs.txt"); $targetpath = "{$tmpdir}/emerging-Block-IPs.txt"; if (!$curl->GetFile($targetpath)) { echo "{$targetpath} failed\n"; artica_update_event(0, "Unable to download emerging-Block-IPs.txt", $curl->errors, __FILE__, __LINE__); return; } $f = explode("\n", @file_get_contents($targetpath)); $proxyname = $unix->hostname_g(); $q = new postgres_sql(); $q->suricata_tables(); $tr = array(); while (list($num, $ligne) = each($f)) { $ligne = trim($ligne); if ($ligne == null) { continue; } if (strpos(" {$ligne}", "#") > 0) { continue; } if (!$ipClass->isIPAddressOrRange($ligne)) { continue; } $zdate = date("Y-m-d H:i:s"); $proto = "TCP"; $dest_port = 0; $src_ip = $ligne; $uduniq = md5("0,{$src_ip},{$dest_port},{$proto}"); if ($GLOBALS["VERBOSE"]) { echo "0,{$src_ip},{$dest_port},{$proto}\n"; } $tr[] = "('{$zdate}','{$uduniq}','0','{$src_ip}','{$dest_port}','{$proto}','{$proxyname}',1)"; } if (count($tr) > 0) { $q->QUERY_SQL("DELETE FROM suricata_firewall WHERE xauto=1"); } $content = @implode(",", $tr); $prefix = "INSERT INTO suricata_firewall (zdate,uduniq,signature,src_ip,dst_port,proto,proxyname,xauto) VALUES "; $q->QUERY_SQL("{$prefix} {$content} ON CONFLICT DO NOTHING"); if (!$q->ok) { echo $q->mysql_error . "\n"; return; } $php = $unix->LOCATE_PHP5_BIN(); shell_exec("{$php} /usr/share/artica-postfix/exec.suricata-fw.php --run"); }
function add_nocache_save() { $table = "denycache_websites"; $q = new mysql_squid_builder(); $q1 = new mysql_squid_builder(); $acl = new squid_acls(); $IP = new IP(); $sql = "CREATE TABLE IF NOT EXISTS `deny_cache_domains` (\n\t\t\t\t`items` VARCHAR(256) NOT NULL PRIMARY KEY\n\t\t\t\t) ENGINE=MYISAM;"; $q->QUERY_SQL($sql); $tr = explode("\n", $_POST["nocache"]); $q->QUERY_SQL("TRUNCATE TABLE deny_cache_domains", "artica_backup"); while (list($none, $www) = each($tr)) { $www = trim(strtolower($www)); if ($www == null) { continue; } if (!$IP->isIPAddressOrRange($www)) { if (substr($www, 0, 1) != "^") { $www = $acl->dstdomain_parse($www); } } $q->QUERY_SQL("INSERT IGNORE INTO deny_cache_domains (items) VALUES ('{$www}')", "artica_backup"); if (!$q->ok) { echo $q->mysql_error; return; } } }
include_once dirname(__FILE__) . "/ressources/class.maincf.multi.inc"; include_once dirname(__FILE__) . "/ressources/class.postfix.regex.inc"; $q = new mysql(); $ipClass = new IP(); echo "Starting......: " . date("H:i:s") . " Building rules....\n"; $sql = "SELECT ID,pattern FROM miltergreylist_acls WHERE `method`='whitelist' AND `type`='addr'"; $results = $q->QUERY_SQL($sql, "artica_backup"); while ($ligne = mysql_fetch_assoc($results)) { $ipaddr = trim($ligne["pattern"]); if ($ipaddr == null) { continue; } if ($ipaddr == "127.0.0.1/8") { $ipaddr = "127.0.0.0/8"; } if (!$ipClass->isIPAddressOrRange($ipaddr)) { continue; } $MAINARRAY[] = "{$ipaddr}\tOK rule id {$ligne["ID"]}"; } $sql = "SELECT ID,pattern FROM miltergreylist_acls WHERE `method`='blacklist' AND `type`='addr'"; $results = $q->QUERY_SQL($sql, "artica_backup"); while ($ligne = mysql_fetch_assoc($results)) { $ipaddr = $ligne["pattern"]; if (!$ipClass->isIPAddressOrRange($ipaddr)) { continue; } $MAINARRAY[] = "{$ipaddr}\tREJECT Go Away! rule id {$ligne["ID"]}"; } echo "Starting......: " . date("H:i:s") . " /etc/postfix/acls.cdir.cf " . count($MAINARRAY) . " items\n"; @file_put_contents("/etc/postfix/acls.cdir.cf", @implode("\n", $MAINARRAY) . "\n");
function xbuild() { $STATS_APPLIANCE = false; $InfluxListenInterface["127.0.0.1"] = true; $InfluxListenInterface[GetInfluxListenIP()] = true; $unix = new unix(); $php = $unix->LOCATE_PHP5_BIN(); if (is_file("/etc/artica-postfix/STATS_APPLIANCE")) { $STATS_APPLIANCE = true; } $SET_ALL = false; while (list($ipaddr, $array) = each($InfluxListenInterface)) { build_progress_restart("{starting} Listen {$ipaddr}", 55); if ($ipaddr == "0.0.0.0") { $ipaddr = "*"; $SET_ALL = true; } $IPADDRZ[] = $ipaddr; } if ($SET_ALL) { $IPADDRZ = array(); $IPADDRZ[] = "*"; } xBackup(); $PostgreSQLSharedBuffer = intval(@file_get_contents("/etc/artica-postfix/settings/Daemons/PostgreSQLSharedBuffer")); if ($PostgreSQLSharedBuffer == 0) { $PostgreSQLSharedBuffer = 32; } $PostgreSQLEffectiveCacheSize = intval(@file_get_contents("/etc/artica-postfix/settings/Daemons/PostgreSQLEffectiveCacheSize")); if ($PostgreSQLEffectiveCacheSize == 0) { $PostgreSQLEffectiveCacheSize = 256; } $PostgreSQLWorkMem = intval(@file_get_contents("/etc/artica-postfix/settings/Daemons/PostgreSQLWorkMem")); if ($PostgreSQLWorkMem == 0) { $PostgreSQLWorkMem = 4; } $f[] = "# -----------------------------"; $f[] = "# PostgreSQL configuration file"; $f[] = "# -----------------------------"; $f[] = "#"; $f[] = "# This file consists of lines of the form:"; $f[] = "#"; $f[] = "# name = value"; $f[] = "#"; $f[] = "# (The \"=\" is optional.) Whitespace may be used. Comments are introduced with"; $f[] = "# \"#\" anywhere on a line. The complete list of parameter names and allowed"; $f[] = "# values can be found in the PostgreSQL documentation."; $f[] = "#"; $f[] = "# The commented-out settings shown in this file represent the default values."; $f[] = "# Re-commenting a setting is NOT sufficient to revert it to the default value;"; $f[] = "# you need to reload the server."; $f[] = "#"; $f[] = "# This file is read on server startup and when the server receives a SIGHUP"; $f[] = "# signal. If you edit the file on a running system, you have to SIGHUP the"; $f[] = "# server for the changes to take effect, or use \"pg_ctl reload\". Some"; $f[] = "# parameters, which are marked below, require a server shutdown and restart to"; $f[] = "# take effect."; $f[] = "#"; $f[] = "# Any parameter can also be given as a command-line option to the server, e.g.,"; $f[] = "# \"postgres -c log_connections=on\". Some parameters can be changed at run time"; $f[] = "# with the \"SET\" SQL command."; $f[] = "#"; $f[] = "# Memory units: kB = kilobytes Time units: ms = milliseconds"; $f[] = "# MB = megabytes s = seconds"; $f[] = "# GB = gigabytes min = minutes"; $f[] = "# TB = terabytes h = hours"; $f[] = "# d = days"; $f[] = ""; $f[] = ""; $f[] = "#------------------------------------------------------------------------------"; $f[] = "# FILE LOCATIONS"; $f[] = "#------------------------------------------------------------------------------"; $f[] = ""; $f[] = "# The default values of these variables are driven from the -D command-line"; $f[] = "# option or PGDATA environment variable, represented here as ConfigDir."; $f[] = ""; $f[] = "data_directory = '/home/ArticaStatsDB'\t\t# use data in another directory"; $f[] = "hba_file = '/home/ArticaStatsDB/pg_hba.conf'\t# host-based authentication file"; $f[] = "#ident_file = '/home/ArticaStatsDB/pg_ident.conf'\t# ident configuration file"; $f[] = "#external_pid_file = '/var/run/ArticaStats/postgres.pid'\t\t\t# write an extra PID file"; $f[] = ""; $f[] = ""; $f[] = "#------------------------------------------------------------------------------"; $f[] = "# CONNECTIONS AND AUTHENTICATION"; $f[] = "#------------------------------------------------------------------------------"; $f[] = ""; $f[] = "# - Connection Settings -"; $f[] = ""; $f[] = "listen_addresses = '" . @implode(",", $IPADDRZ) . "'"; $f[] = "port = 5432"; $f[] = "max_connections = 100"; $f[] = "# Note: Increasing max_connections costs ~400 bytes of shared memory per"; $f[] = "# connection slot, plus lock space (see max_locks_per_transaction)."; $f[] = "#superuser_reserved_connections = 3\t# (change requires restart)"; $f[] = "unix_socket_directories = '/tmp,/var/run/ArticaStats'"; $f[] = "#unix_socket_group = ''\t\t\t# (change requires restart)"; $f[] = "unix_socket_permissions = 0777\t\t# begin with 0 to use octal notation"; $f[] = "#bonjour = off"; $f[] = "#bonjour_name = ''"; $f[] = ""; $f[] = "# - Security and Authentication -"; $f[] = ""; $f[] = "#authentication_timeout = 1min"; $f[] = "#ssl = off"; $f[] = "#ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL'"; $f[] = "#ssl_prefer_server_ciphers = on\t\t# (change requires restart)"; $f[] = "#ssl_ecdh_curve = 'prime256v1'\t\t# (change requires restart)"; $f[] = "#ssl_cert_file = 'server.crt'\t\t# (change requires restart)"; $f[] = "#ssl_key_file = 'server.key'\t\t# (change requires restart)"; $f[] = "#ssl_ca_file = ''\t\t\t# (change requires restart)"; $f[] = "#ssl_crl_file = ''\t\t\t# (change requires restart)"; $f[] = "#password_encryption = on"; $f[] = "#db_user_namespace = off"; $f[] = "#row_security = on"; $f[] = ""; $f[] = "# GSSAPI using Kerberos"; $f[] = "#krb_server_keyfile = ''"; $f[] = "#krb_caseins_users = off"; $f[] = ""; $f[] = "# - TCP Keepalives -"; $f[] = "# see \"man 7 tcp\" for details"; $f[] = ""; $f[] = "#tcp_keepalives_idle = 0\t\t# TCP_KEEPIDLE, in seconds;"; $f[] = "\t\t\t\t\t# 0 selects the system default"; $f[] = "#tcp_keepalives_interval = 0\t\t# TCP_KEEPINTVL, in seconds;"; $f[] = "\t\t\t\t\t# 0 selects the system default"; $f[] = "#tcp_keepalives_count = 0\t\t# TCP_KEEPCNT;"; $f[] = "\t\t\t\t\t# 0 selects the system default"; $f[] = ""; $f[] = ""; $f[] = "#------------------------------------------------------------------------------"; $f[] = "# RESOURCE USAGE (except WAL)"; $f[] = "#------------------------------------------------------------------------------"; $f[] = ""; $f[] = "# - Memory -"; $f[] = ""; $f[] = "shared_buffers = {$PostgreSQLSharedBuffer}MB"; $f[] = "effective_cache_size = {$PostgreSQLEffectiveCacheSize}MB"; $f[] = "\t\t\t\t\t# (change requires restart)"; $f[] = "#huge_pages = try\t\t\t# on, off, or try"; $f[] = "\t\t\t\t\t# (change requires restart)"; $f[] = "#temp_buffers = 8MB\t\t\t# min 800kB"; $f[] = "#max_prepared_transactions = 0\t\t# zero disables the feature"; $f[] = "\t\t\t\t\t# (change requires restart)"; $f[] = "# Note: Increasing max_prepared_transactions costs ~600 bytes of shared memory"; $f[] = "# per transaction slot, plus lock space (see max_locks_per_transaction)."; $f[] = "# It is not advisable to set max_prepared_transactions nonzero unless you"; $f[] = "# actively intend to use prepared transactions."; $f[] = "work_mem = {$PostgreSQLWorkMem}MB\t\t\t\t# min 64kB"; $f[] = "maintenance_work_mem = 64MB\t\t# min 1MB"; $f[] = "autovacuum_work_mem = -1\t\t# min 1MB, or -1 to use maintenance_work_mem"; $f[] = "#max_stack_depth = 2MB\t\t\t# min 100kB"; $f[] = "#dynamic_shared_memory_type = posix\t# the default is the first option"; $f[] = "\t\t\t\t\t# supported by the operating system:"; $f[] = "\t\t\t\t\t# posix"; $f[] = "\t\t\t\t\t# sysv"; $f[] = "\t\t\t\t\t# windows"; $f[] = "\t\t\t\t\t# mmap"; $f[] = "\t\t\t\t\t# use none to disable dynamic shared memory"; $f[] = ""; $f[] = "# - Disk -"; $f[] = ""; $f[] = "#temp_file_limit = -1\t\t\t# limits per-session temp file space"; $f[] = "\t\t\t\t\t# in kB, or -1 for no limit"; $f[] = ""; $f[] = "# - Kernel Resource Usage -"; $f[] = ""; $f[] = "#max_files_per_process = 1000\t\t# min 25"; $f[] = "\t\t\t\t\t# (change requires restart)"; $f[] = "#shared_preload_libraries = ''\t\t# (change requires restart)"; $f[] = ""; $f[] = "# - Cost-Based Vacuum Delay -"; $f[] = ""; $f[] = "#vacuum_cost_delay = 0\t\t\t# 0-100 milliseconds"; $f[] = "#vacuum_cost_page_hit = 1\t\t# 0-10000 credits"; $f[] = "#vacuum_cost_page_miss = 10\t\t# 0-10000 credits"; $f[] = "#vacuum_cost_page_dirty = 20\t\t# 0-10000 credits"; $f[] = "#vacuum_cost_limit = 200\t\t# 1-10000 credits"; $f[] = ""; $f[] = "# - Background Writer -"; $f[] = ""; $f[] = "#bgwriter_delay = 200ms\t\t\t# 10-10000ms between rounds"; $f[] = "#bgwriter_lru_maxpages = 100\t\t# 0-1000 max buffers written/round"; $f[] = "#bgwriter_lru_multiplier = 2.0\t\t# 0-10.0 multiplier on buffers scanned/round"; $f[] = ""; $f[] = "# - Asynchronous Behavior -"; $f[] = ""; $f[] = "#effective_io_concurrency = 1\t\t# 1-1000; 0 disables prefetching"; $f[] = "#max_worker_processes = 8"; $f[] = "#max_parallel_degree = 0\t\t# max number of worker processes per node"; $f[] = ""; $f[] = ""; $f[] = "#------------------------------------------------------------------------------"; $f[] = "# WRITE AHEAD LOG"; $f[] = "#------------------------------------------------------------------------------"; $f[] = ""; $f[] = "# - Settings -"; $f[] = ""; $f[] = "#wal_level = minimal\t\t\t# minimal, archive, hot_standby, or logical"; $f[] = "\t\t\t\t\t# (change requires restart)"; $f[] = "#fsync = on\t\t\t\t# turns forced synchronization on or off"; $f[] = "#synchronous_commit = on\t\t# synchronization level;"; $f[] = "\t\t\t\t\t# off, local, remote_write, or on"; $f[] = "#wal_sync_method = fsync\t\t# the default is the first option"; $f[] = "\t\t\t\t\t# supported by the operating system:"; $f[] = "\t\t\t\t\t# open_datasync"; $f[] = "\t\t\t\t\t# fdatasync (default on Linux)"; $f[] = "\t\t\t\t\t# fsync"; $f[] = "\t\t\t\t\t# fsync_writethrough"; $f[] = "\t\t\t\t\t# open_sync"; $f[] = "#full_page_writes = on\t\t\t# recover from partial page writes"; $f[] = "#wal_compression = off\t\t\t# enable compression of full-page writes"; $f[] = "#wal_log_hints = off\t\t\t# also do full page writes of non-critical updates"; $f[] = "\t\t\t\t\t# (change requires restart)"; $f[] = "#wal_buffers = -1\t\t\t# min 32kB, -1 sets based on shared_buffers"; $f[] = "\t\t\t\t\t# (change requires restart)"; $f[] = "#wal_writer_delay = 200ms\t\t# 1-10000 milliseconds"; $f[] = ""; $f[] = "#commit_delay = 0\t\t\t# range 0-100000, in microseconds"; $f[] = "#commit_siblings = 5\t\t\t# range 1-1000"; $f[] = ""; $f[] = "# - Checkpoints -"; $f[] = ""; $f[] = "#checkpoint_timeout = 5min\t\t# range 30s-1h"; $f[] = "#max_wal_size = 1GB"; $f[] = "#min_wal_size = 80MB"; $f[] = "#checkpoint_completion_target = 0.5\t# checkpoint target duration, 0.0 - 1.0"; $f[] = "#checkpoint_warning = 30s\t\t# 0 disables"; $f[] = ""; $f[] = "# - Archiving -"; $f[] = ""; $f[] = "#archive_mode = off\t\t# enables archiving; off, on, or always"; $f[] = "\t\t\t\t# (change requires restart)"; $f[] = "#archive_command = ''\t\t# command to use to archive a logfile segment"; $f[] = "\t\t\t\t# placeholders: %p = path of file to archive"; $f[] = "\t\t\t\t# %f = file name only"; $f[] = "\t\t\t\t# e.g. 'test ! -f /mnt/server/archivedir/%f && cp %p /mnt/server/archivedir/%f'"; $f[] = "#archive_timeout = 0\t\t# force a logfile segment switch after this"; $f[] = "\t\t\t\t# number of seconds; 0 disables"; $f[] = ""; $f[] = ""; $f[] = "#------------------------------------------------------------------------------"; $f[] = "# REPLICATION"; $f[] = "#------------------------------------------------------------------------------"; $f[] = ""; $f[] = "# - Sending Server(s) -"; $f[] = ""; $f[] = "# Set these on the master and on any standby that will send replication data."; $f[] = ""; $f[] = "#max_wal_senders = 0\t\t# max number of walsender processes"; $f[] = "\t\t\t\t# (change requires restart)"; $f[] = "#wal_keep_segments = 0\t\t# in logfile segments, 16MB each; 0 disables"; $f[] = "#wal_sender_timeout = 60s\t# in milliseconds; 0 disables"; $f[] = ""; $f[] = "#max_replication_slots = 0\t# max number of replication slots"; $f[] = "\t\t\t\t# (change requires restart)"; $f[] = "#track_commit_timestamp = off\t# collect timestamp of transaction commit"; $f[] = "\t\t\t\t# (change requires restart)"; $f[] = ""; $f[] = "# - Master Server -"; $f[] = ""; $f[] = "# These settings are ignored on a standby server."; $f[] = ""; $f[] = "#synchronous_standby_names = ''\t# standby servers that provide sync rep"; $f[] = "\t\t\t\t# comma-separated list of application_name"; $f[] = "\t\t\t\t# from standby(s); '*' = all"; $f[] = "#vacuum_defer_cleanup_age = 0\t# number of xacts by which cleanup is delayed"; $f[] = ""; $f[] = "# - Standby Servers -"; $f[] = ""; $f[] = "# These settings are ignored on a master server."; $f[] = ""; $f[] = "#hot_standby = off\t\t\t# \"on\" allows queries during recovery"; $f[] = "\t\t\t\t\t# (change requires restart)"; $f[] = "#max_standby_archive_delay = 30s\t# max delay before canceling queries"; $f[] = "\t\t\t\t\t# when reading WAL from archive;"; $f[] = "\t\t\t\t\t# -1 allows indefinite delay"; $f[] = "#max_standby_streaming_delay = 30s\t# max delay before canceling queries"; $f[] = "\t\t\t\t\t# when reading streaming WAL;"; $f[] = "\t\t\t\t\t# -1 allows indefinite delay"; $f[] = "#wal_receiver_status_interval = 10s\t# send replies at least this often"; $f[] = "\t\t\t\t\t# 0 disables"; $f[] = "#hot_standby_feedback = off\t\t# send info from standby to prevent"; $f[] = "\t\t\t\t\t# query conflicts"; $f[] = "#wal_receiver_timeout = 60s\t\t# time that receiver waits for"; $f[] = "\t\t\t\t\t# communication from master"; $f[] = "\t\t\t\t\t# in milliseconds; 0 disables"; $f[] = "#wal_retrieve_retry_interval = 5s\t# time to wait before retrying to"; $f[] = "\t\t\t\t\t# retrieve WAL after a failed attempt"; $f[] = ""; $f[] = ""; $f[] = "#------------------------------------------------------------------------------"; $f[] = "# QUERY TUNING"; $f[] = "#------------------------------------------------------------------------------"; $f[] = ""; $f[] = "# - Planner Method Configuration -"; $f[] = ""; $f[] = "#enable_bitmapscan = on"; $f[] = "#enable_hashagg = on"; $f[] = "#enable_hashjoin = on"; $f[] = "#enable_indexscan = on"; $f[] = "#enable_indexonlyscan = on"; $f[] = "#enable_material = on"; $f[] = "#enable_mergejoin = on"; $f[] = "#enable_nestloop = on"; $f[] = "#enable_seqscan = on"; $f[] = "#enable_sort = on"; $f[] = "#enable_tidscan = on"; $f[] = ""; $f[] = "# - Planner Cost Constants -"; $f[] = ""; $f[] = "#seq_page_cost = 1.0\t\t\t# measured on an arbitrary scale"; $f[] = "#random_page_cost = 4.0\t\t\t# same scale as above"; $f[] = "#cpu_tuple_cost = 0.01\t\t\t# same scale as above"; $f[] = "#cpu_index_tuple_cost = 0.005\t\t# same scale as above"; $f[] = "#cpu_operator_cost = 0.0025\t\t# same scale as above"; $f[] = "#parallel_tuple_cost = 0.1\t\t# same scale as above"; $f[] = "#parallel_setup_cost = 1000.0\t# same scale as above"; $f[] = ""; $f[] = "# - Genetic Query Optimizer -"; $f[] = ""; $f[] = "#geqo = on"; $f[] = "#geqo_threshold = 12"; $f[] = "#geqo_effort = 5\t\t\t# range 1-10"; $f[] = "#geqo_pool_size = 0\t\t\t# selects default based on effort"; $f[] = "#geqo_generations = 0\t\t\t# selects default based on effort"; $f[] = "#geqo_selection_bias = 2.0\t\t# range 1.5-2.0"; $f[] = "#geqo_seed = 0.0\t\t\t# range 0.0-1.0"; $f[] = ""; $f[] = "# - Other Planner Options -"; $f[] = ""; $f[] = "#default_statistics_target = 100\t# range 1-10000"; $f[] = "#constraint_exclusion = partition\t# on, off, or partition"; $f[] = "#cursor_tuple_fraction = 0.1\t\t# range 0.0-1.0"; $f[] = "#from_collapse_limit = 8"; $f[] = "#join_collapse_limit = 8\t\t# 1 disables collapsing of explicit"; $f[] = "\t\t\t\t\t# JOIN clauses"; $f[] = ""; $f[] = ""; $f[] = "#------------------------------------------------------------------------------"; $f[] = "# ERROR REPORTING AND LOGGING"; $f[] = "#------------------------------------------------------------------------------"; $f[] = ""; $f[] = "# - Where to Log -"; $f[] = ""; $f[] = "#log_destination = 'stderr'\t\t# Valid values are combinations of"; $f[] = "\t\t\t\t\t# stderr, csvlog, syslog, and eventlog,"; $f[] = "\t\t\t\t\t# depending on platform. csvlog"; $f[] = "\t\t\t\t\t# requires logging_collector to be on."; $f[] = ""; $f[] = "# This is used when logging to stderr:"; $f[] = "#logging_collector = off\t\t# Enable capturing of stderr and csvlog"; $f[] = "\t\t\t\t\t# into log files. Required to be on for"; $f[] = "\t\t\t\t\t# csvlogs."; $f[] = "\t\t\t\t\t# (change requires restart)"; $f[] = ""; $f[] = "# These are only used if logging_collector is on:"; $f[] = "#log_directory = 'pg_log'\t\t# directory where log files are written,"; $f[] = "\t\t\t\t\t# can be absolute or relative to PGDATA"; $f[] = "#log_filename = 'postgresql-%Y-%m-%d_%H%M%S.log'\t# log file name pattern,"; $f[] = "\t\t\t\t\t# can include strftime() escapes"; $f[] = "#log_file_mode = 0600\t\t\t# creation mode for log files,"; $f[] = "\t\t\t\t\t# begin with 0 to use octal notation"; $f[] = "#log_truncate_on_rotation = off\t\t# If on, an existing log file with the"; $f[] = "\t\t\t\t\t# same name as the new log file will be"; $f[] = "\t\t\t\t\t# truncated rather than appended to."; $f[] = "\t\t\t\t\t# But such truncation only occurs on"; $f[] = "\t\t\t\t\t# time-driven rotation, not on restarts"; $f[] = "\t\t\t\t\t# or size-driven rotation. Default is"; $f[] = "\t\t\t\t\t# off, meaning append to existing files"; $f[] = "\t\t\t\t\t# in all cases."; $f[] = "#log_rotation_age = 1d\t\t\t# Automatic rotation of logfiles will"; $f[] = "\t\t\t\t\t# happen after that time. 0 disables."; $f[] = "#log_rotation_size = 10MB\t\t# Automatic rotation of logfiles will"; $f[] = "\t\t\t\t\t# happen after that much log output."; $f[] = "\t\t\t\t\t# 0 disables."; $f[] = ""; $f[] = "# These are relevant when logging to syslog:"; $f[] = "#syslog_facility = 'LOCAL0'"; $f[] = "#syslog_ident = 'postgres'"; $f[] = ""; $f[] = "# This is only relevant when logging to eventlog (win32):"; $f[] = "#event_source = 'PostgreSQL'"; $f[] = ""; $f[] = "# - When to Log -"; $f[] = ""; $f[] = "#client_min_messages = notice\t\t# values in order of decreasing detail:"; $f[] = "\t\t\t\t\t# debug5"; $f[] = "\t\t\t\t\t# debug4"; $f[] = "\t\t\t\t\t# debug3"; $f[] = "\t\t\t\t\t# debug2"; $f[] = "\t\t\t\t\t# debug1"; $f[] = "\t\t\t\t\t# log"; $f[] = "\t\t\t\t\t# notice"; $f[] = "\t\t\t\t\t# warning"; $f[] = "\t\t\t\t\t# error"; $f[] = ""; $f[] = "#log_min_messages = warning\t\t# values in order of decreasing detail:"; $f[] = "\t\t\t\t\t# debug5"; $f[] = "\t\t\t\t\t# debug4"; $f[] = "\t\t\t\t\t# debug3"; $f[] = "\t\t\t\t\t# debug2"; $f[] = "\t\t\t\t\t# debug1"; $f[] = "\t\t\t\t\t# info"; $f[] = "\t\t\t\t\t# notice"; $f[] = "\t\t\t\t\t# warning"; $f[] = "\t\t\t\t\t# error"; $f[] = "\t\t\t\t\t# log"; $f[] = "\t\t\t\t\t# fatal"; $f[] = "\t\t\t\t\t# panic"; $f[] = ""; $f[] = "#log_min_error_statement = error\t# values in order of decreasing detail:"; $f[] = "\t\t\t\t\t# debug5"; $f[] = "\t\t\t\t\t# debug4"; $f[] = "\t\t\t\t\t# debug3"; $f[] = "\t\t\t\t\t# debug2"; $f[] = "\t\t\t\t\t# debug1"; $f[] = "\t\t\t\t\t# info"; $f[] = "\t\t\t\t\t# notice"; $f[] = "\t\t\t\t\t# warning"; $f[] = "\t\t\t\t\t# error"; $f[] = "\t\t\t\t\t# log"; $f[] = "\t\t\t\t\t# fatal"; $f[] = "\t\t\t\t\t# panic (effectively off)"; $f[] = ""; $f[] = "#log_min_duration_statement = -1\t# -1 is disabled, 0 logs all statements"; $f[] = "\t\t\t\t\t# and their durations, > 0 logs only"; $f[] = "\t\t\t\t\t# statements running at least this number"; $f[] = "\t\t\t\t\t# of milliseconds"; $f[] = ""; $f[] = ""; $f[] = "# - What to Log -"; $f[] = ""; $f[] = "#debug_print_parse = off"; $f[] = "#debug_print_rewritten = off"; $f[] = "#debug_print_plan = off"; $f[] = "#debug_pretty_print = on"; $f[] = "#log_checkpoints = off"; $f[] = "#log_connections = off"; $f[] = "#log_disconnections = off"; $f[] = "#log_duration = off"; $f[] = "#log_error_verbosity = default\t\t# terse, default, or verbose messages"; $f[] = "#log_hostname = off"; $f[] = "#log_line_prefix = ''\t\t\t# special values:"; $f[] = "\t\t\t\t\t# %a = application name"; $f[] = "\t\t\t\t\t# %u = user name"; $f[] = "\t\t\t\t\t# %d = database name"; $f[] = "\t\t\t\t\t# %r = remote host and port"; $f[] = "\t\t\t\t\t# %h = remote host"; $f[] = "\t\t\t\t\t# %p = process ID"; $f[] = "\t\t\t\t\t# %t = timestamp without milliseconds"; $f[] = "\t\t\t\t\t# %m = timestamp with milliseconds"; $f[] = "\t\t\t\t\t# %n = timestamp with milliseconds (as a Unix epoch)"; $f[] = "\t\t\t\t\t# %i = command tag"; $f[] = "\t\t\t\t\t# %e = SQL state"; $f[] = "\t\t\t\t\t# %c = session ID"; $f[] = "\t\t\t\t\t# %l = session line number"; $f[] = "\t\t\t\t\t# %s = session start timestamp"; $f[] = "\t\t\t\t\t# %v = virtual transaction ID"; $f[] = "\t\t\t\t\t# %x = transaction ID (0 if none)"; $f[] = "\t\t\t\t\t# %q = stop here in non-session"; $f[] = "\t\t\t\t\t# processes"; $f[] = "\t\t\t\t\t# %% = '%'"; $f[] = "\t\t\t\t\t# e.g. '<%u%%%d> '"; $f[] = "#log_lock_waits = off\t\t\t# log lock waits >= deadlock_timeout"; $f[] = "#log_statement = 'none'\t\t\t# none, ddl, mod, all"; $f[] = "#log_replication_commands = off"; $f[] = "#log_temp_files = -1\t\t\t# log temporary files equal or larger"; $f[] = "\t\t\t\t\t# than the specified size in kilobytes;"; $f[] = "\t\t\t\t\t# -1 disables, 0 logs all temp files"; $f[] = "#log_timezone = 'GMT'"; $f[] = ""; $f[] = ""; $f[] = "# - Process Title -"; $f[] = ""; $f[] = "#cluster_name = ''\t\t\t# added to process titles if nonempty"; $f[] = "\t\t\t\t\t# (change requires restart)"; $f[] = "#update_process_title = on"; $f[] = ""; $f[] = ""; $f[] = "#------------------------------------------------------------------------------"; $f[] = "# RUNTIME STATISTICS"; $f[] = "#------------------------------------------------------------------------------"; $f[] = ""; $f[] = "# - Query/Index Statistics Collector -"; $f[] = ""; $f[] = "track_activities = on"; $f[] = "track_counts = on"; $f[] = "#track_io_timing = off"; $f[] = "#track_functions = none\t\t\t# none, pl, all"; $f[] = "#track_activity_query_size = 1024\t# (change requires restart)"; $f[] = "#stats_temp_directory = 'pg_stat_tmp'"; $f[] = ""; $f[] = ""; $f[] = "# - Statistics Monitoring -"; $f[] = ""; $f[] = "#log_parser_stats = off"; $f[] = "#log_planner_stats = off"; $f[] = "#log_executor_stats = off"; $f[] = "#log_statement_stats = off"; $f[] = ""; $f[] = ""; $f[] = "#------------------------------------------------------------------------------"; $f[] = "# AUTOVACUUM PARAMETERS"; $f[] = "#------------------------------------------------------------------------------"; $f[] = ""; $f[] = "autovacuum = on"; $f[] = "log_autovacuum_min_duration = -1"; $f[] = "autovacuum_max_workers = 3"; $f[] = "#autovacuum_naptime = 1min\t\t# time between autovacuum runs"; $f[] = "#autovacuum_vacuum_threshold = 50\t# min number of row updates before vacuum"; $f[] = "#autovacuum_analyze_threshold = 50\t# min number of row updates before analyze"; $f[] = "#autovacuum_vacuum_scale_factor = 0.2\t# fraction of table size before vacuum"; $f[] = "#autovacuum_analyze_scale_factor = 0.1\t# fraction of table size before analyze"; $f[] = "#autovacuum_freeze_max_age = 200000000\t# maximum XID age before forced vacuum"; $f[] = "#autovacuum_multixact_freeze_max_age = 400000000\t# maximum multixact age"; $f[] = "#autovacuum_vacuum_cost_delay = 20ms\t# default vacuum cost delay for"; $f[] = "#autovacuum_vacuum_cost_limit = -1\t# default vacuum cost limit for"; $f[] = ""; $f[] = ""; $f[] = "#------------------------------------------------------------------------------"; $f[] = "# CLIENT CONNECTION DEFAULTS"; $f[] = "#------------------------------------------------------------------------------"; $f[] = ""; $f[] = "# - Statement Behavior -"; $f[] = ""; $f[] = "#search_path = '\"\$user\", public'\t# schema names"; $f[] = "#default_tablespace = ''\t\t# a tablespace name, '' uses the default"; $f[] = "#temp_tablespaces = ''\t\t\t# a list of tablespace names, '' uses"; $f[] = "\t\t\t\t\t# only default tablespace"; $f[] = "#check_function_bodies = on"; $f[] = "#default_transaction_isolation = 'read committed'"; $f[] = "#default_transaction_read_only = off"; $f[] = "#default_transaction_deferrable = off"; $f[] = "#session_replication_role = 'origin'"; $f[] = "#statement_timeout = 0\t\t\t# in milliseconds, 0 is disabled"; $f[] = "#lock_timeout = 0\t\t\t# in milliseconds, 0 is disabled"; $f[] = "#vacuum_freeze_min_age = 50000000"; $f[] = "#vacuum_freeze_table_age = 150000000"; $f[] = "#vacuum_multixact_freeze_min_age = 5000000"; $f[] = "#vacuum_multixact_freeze_table_age = 150000000"; $f[] = "#bytea_output = 'hex'\t\t\t# hex, escape"; $f[] = "#xmlbinary = 'base64'"; $f[] = "#xmloption = 'content'"; $f[] = "#gin_fuzzy_search_limit = 0"; $f[] = "#gin_pending_list_limit = 4MB"; $f[] = ""; $f[] = "# - Locale and Formatting -"; $f[] = ""; $f[] = "#datestyle = 'iso, mdy'"; $f[] = "#intervalstyle = 'postgres'"; $f[] = "#timezone = 'GMT'"; $f[] = "#timezone_abbreviations = 'Default' # Select the set of available time zone"; $f[] = "\t\t\t\t\t# abbreviations. Currently, there are"; $f[] = "\t\t\t\t\t# Default"; $f[] = "\t\t\t\t\t# Australia (historical usage)"; $f[] = "\t\t\t\t\t# India"; $f[] = "\t\t\t\t\t# You can create your own file in"; $f[] = "\t\t\t\t\t# share/timezonesets/."; $f[] = "#extra_float_digits = 0\t\t\t# min -15, max 3"; $f[] = "#client_encoding = sql_ascii\t\t# actually, defaults to database"; $f[] = "\t\t\t\t\t# encoding"; $f[] = ""; $f[] = "# These settings are initialized by initdb, but they can be changed."; $f[] = "#lc_messages = 'C'\t\t\t# locale for system error message"; $f[] = "\t\t\t\t\t# strings"; $f[] = "#lc_monetary = 'C'\t\t\t# locale for monetary formatting"; $f[] = "#lc_numeric = 'C'\t\t\t# locale for number formatting"; $f[] = "#lc_time = 'C'\t\t\t\t# locale for time formatting"; $f[] = ""; $f[] = "# default configuration for text search"; $f[] = "#default_text_search_config = 'pg_catalog.simple'"; $f[] = ""; $f[] = "# - Other Defaults -"; $f[] = ""; $f[] = "dynamic_library_path = '/usr/local/ArticaStats/lib'"; $f[] = "#local_preload_libraries = ''"; $f[] = "#session_preload_libraries = ''"; $f[] = ""; $f[] = ""; $f[] = "#------------------------------------------------------------------------------"; $f[] = "# LOCK MANAGEMENT"; $f[] = "#------------------------------------------------------------------------------"; $f[] = ""; $f[] = "#deadlock_timeout = 1s"; $f[] = "#max_locks_per_transaction = 64\t\t# min 10"; $f[] = "\t\t\t\t\t# (change requires restart)"; $f[] = "# Note: Each lock table slot uses ~270 bytes of shared memory, and there are"; $f[] = "# max_locks_per_transaction * (max_connections + max_prepared_transactions)"; $f[] = "# lock table slots."; $f[] = "#max_pred_locks_per_transaction = 64\t# min 10"; $f[] = "\t\t\t\t\t# (change requires restart)"; $f[] = ""; $f[] = ""; $f[] = "#------------------------------------------------------------------------------"; $f[] = "# VERSION/PLATFORM COMPATIBILITY"; $f[] = "#------------------------------------------------------------------------------"; $f[] = ""; $f[] = "# - Previous PostgreSQL Versions -"; $f[] = ""; $f[] = "#array_nulls = on"; $f[] = "#backslash_quote = safe_encoding\t# on, off, or safe_encoding"; $f[] = "#default_with_oids = off"; $f[] = "#escape_string_warning = on"; $f[] = "#lo_compat_privileges = off"; $f[] = "#operator_precedence_warning = off"; $f[] = "#quote_all_identifiers = off"; $f[] = "#sql_inheritance = on"; $f[] = "#standard_conforming_strings = on"; $f[] = "#synchronize_seqscans = on"; $f[] = ""; $f[] = "# - Other Platforms and Clients -"; $f[] = ""; $f[] = "#transform_null_equals = off"; $f[] = ""; $f[] = ""; $f[] = "#------------------------------------------------------------------------------"; $f[] = "# ERROR HANDLING"; $f[] = "#------------------------------------------------------------------------------"; $f[] = ""; $f[] = "#exit_on_error = off\t\t\t# terminate session on any error?"; $f[] = "#restart_after_crash = on\t\t# reinitialize after backend crash?"; $f[] = ""; $f[] = ""; $f[] = "#------------------------------------------------------------------------------"; $f[] = "# CONFIG FILE INCLUDES"; $f[] = "#------------------------------------------------------------------------------"; $f[] = ""; $f[] = "# These options allow settings to be loaded from files other than the"; $f[] = "# default postgresql.conf."; $f[] = ""; $f[] = "#include_dir = 'conf.d'\t\t\t# include files ending in '.conf' from"; $f[] = "\t\t\t\t\t# directory 'conf.d'"; $f[] = "#include_if_exists = 'exists.conf'\t# include file only if it exists"; $f[] = "#include = 'special.conf'\t\t# include file"; $f[] = ""; $f[] = ""; $f[] = "#------------------------------------------------------------------------------"; $f[] = "# CUSTOMIZED OPTIONS"; $f[] = "#------------------------------------------------------------------------------"; $f[] = ""; $f[] = "# Add settings for extensions here"; build_progress_restart("{starting}", 60); @file_put_contents("/home/ArticaStatsDB/postgresql.conf", @implode("\n", $f) . "\n"); if ($GLOBALS["OUTPUT"]) { echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} /home/ArticaStatsDB/postgresql.conf done\n"; } $f = array(); $f[] = "@authcomment@"; $f[] = ""; $f[] = "# TYPE DATABASE USER ADDRESS METHOD"; $f[] = ""; $f[] = "local all all trust"; $f[] = "host all all 127.0.0.1/32 trust"; $q = new mysql_squid_builder(); $Ipclass = new IP(); $sql = "SELECT * FROM influxIPClients"; $results = $q->QUERY_SQL($sql); while ($ligne = mysql_fetch_assoc($results)) { $ipaddr = $ligne["ipaddr"]; $isServ = intval($ligne["isServ"]); if (!$Ipclass->isIPAddressOrRange($ipaddr)) { continue; } if (strpos($ipaddr, "/") == 0) { $ipaddr = "{$ipaddr}/32"; } if ($isServ == 1) { $f[] = "host all all {$ipaddr} trust"; } } build_progress_restart("{starting}", 65); @file_put_contents("/home/ArticaStatsDB/pg_hba.conf", @implode("\n", $f) . "\n"); if ($GLOBALS["OUTPUT"]) { echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} /home/ArticaStatsDB/pg_hba.conf done\n"; } }
function parse_rules() { $unix = new unix(); $sock = new sockets(); $q = new mysql_squid_builder(); $InfluxAdminPort = intval($sock->GET_INFO("InfluxAdminPort")); if ($InfluxAdminPort == 0) { $InfluxAdminPort = 8083; } $iptables = $unix->find_program("iptables"); $c = 0; $sql = "SELECT * FROM influxIPClients"; $results = $q->QUERY_SQL($sql); if (mysql_num_rows($results) == 0) { return null; } $f[] = "\t{$iptables} -I INPUT -p tcp --destination-port 8086 -j REJECT --reject-with tcp-reset -m comment --comment \"ArticaStatsAppliance\" || true"; $f[] = "\t{$iptables} -I INPUT -p tcp --destination-port {$InfluxAdminPort} -j REJECT --reject-with tcp-reset -m comment --comment \"ArticaStatsAppliance\" || true"; $f[] = "\t{$iptables} -I INPUT -s 127.0.0.1 -p tcp --destination-port 8086 -j ACCEPT -m comment --comment \"ArticaStatsAppliance\" || true"; $f[] = "\t{$iptables} -I INPUT -s 127.0.0.1 -p tcp --destination-port {$InfluxAdminPort} -j ACCEPT -m comment --comment \"ArticaStatsAppliance\" || true"; $NETWORK_ALL_INTERFACES = $unix->NETWORK_ALL_INTERFACES(); while (list($interface, $ligne) = each($NETWORK_ALL_INTERFACES)) { $IPADDR = $ligne["IPADDR"]; if ($interface == "lo") { continue; } $f[] = "\t{$iptables} -I INPUT -s {$IPADDR} -p tcp --destination-port 8086 -j ACCEPT -m comment --comment \"ArticaStatsAppliance\" || true"; $f[] = "\t{$iptables} -I INPUT -s {$IPADDR} -p tcp --destination-port {$InfluxAdminPort} -j ACCEPT -m comment --comment \"ArticaStatsAppliance\" || true"; } $Ipclass = new IP(); while ($ligne = mysql_fetch_assoc($results)) { $ipaddr = $ligne["ipaddr"]; $isServ = intval($ligne["isServ"]); if (!$Ipclass->isIPAddressOrRange($ipaddr)) { continue; } if ($isServ == 1) { $f[] = "\t{$iptables} -I INPUT -s {$ipaddr} -p tcp --destination-port 8086 -j ACCEPT -m comment --comment \"ArticaStatsAppliance\" || true"; } else { $f[] = "\t{$iptables} -I INPUT -s {$ipaddr} -p tcp --destination-port {$InfluxAdminPort} -j ACCEPT -m comment --comment \"ArticaStatsAppliance\" || true"; } } return @implode("\n", $f); }
function pattern_item($destination, $eth = null, $port = 0, $destinationProto = 0) { $nic = new system_nic(); $trace = @debug_backtrace(); $interface = null; $portText = null; if (isset($trace[1])) { $called = "in " . basename($trace[1]["file"]) . " function {$trace[1]["function"]}() line {$trace[1]["line"]}"; } if ($GLOBALS["VERBOSE"]) { echo "[" . __LINE__ . "]: Destination: {$destination} eth={$eth} port={$port} destinationProto={$destinationProto} - {$called}\n"; } if (is_numeric($eth)) { $eth = null; } if ($port > 0) { $portText = "--srcport {$port}"; if ($destinationProto == 1) { $portText = " --dport {$port}"; } } $pdest = "-s "; if ($eth != null) { if ($destinationProto == 0) { $interface = " -m physdev --physdev-in {$eth} "; } } if ($destinationProto == 1) { $pdest = "-d "; } if ($destination == "*") { $destination = "0.0.0.0/0"; } if (trim($destination) == null) { if ($GLOBALS["VERBOSE"]) { echo "[" . __LINE__ . "]: Destination: return *** {$interface}{$portText} ***\n"; } return "{$interface}{$portText}"; } if (preg_match("#[0-9\\.]+-[0-9\\.]+#", $destination)) { if ($destinationProto == 1) { if ($GLOBALS["VERBOSE"]) { echo "[" . __LINE__ . "]: Destination: return *** {$interface}-m iprange --dst-range '{$destination}'{$portText} ***\n"; } return "{$interface}-m iprange --dst-range '{$destination}'{$portText} "; } if ($GLOBALS["VERBOSE"]) { echo "[" . __LINE__ . "]: Destination: return *** {$interface}-m iprange --src-range '{$destination}'{$portText} ***\n"; } return "{$interface}-m iprange --src-range '{$destination}'{$portText} "; } $ipClass = new IP(); if ($ipClass->IsvalidMAC($destination)) { if ($GLOBALS["VERBOSE"]) { echo "[" . __LINE__ . "]: Destination: return *** {$interface}-m mac --mac-source {$destination}{$portText} ***\n"; } return "{$interface}-m mac --mac-source {$destination}{$portText} "; } if ($ipClass->isIPAddressOrRange($destination)) { return "{$interface}{$pdest}{$destination}{$portText} "; } }
function execute_autconfig() { $sock = new sockets(); build_progress("Execute....", 5); build_progress("Loading settings....", 5); $SquidAutoconfWizard = unserialize($sock->GET_INFO("SquidAutoconfWizard")); $DOMAIN = $SquidAutoconfWizard["DOMAIN"]; $LOCALNET = $SquidAutoconfWizard["LOCALNET"]; $PROXY = $SquidAutoconfWizard["PROXY"]; $PORT = $SquidAutoconfWizard["PORT"]; echo "DOMAIN.........: {$DOMAIN}\n"; echo "LOCALNET.......: {$LOCALNET}\n"; echo "PROXY..........: {$PROXY}:{$PORT}\n"; if ($DOMAIN == null) { build_progress("Missing domain....", 110); return; } if ($LOCALNET == null) { build_progress("Missing LOCALNET....", 110); return; } if ($PROXY == null) { build_progress("Missing PROXY....", 110); return; } if (!is_numeric($PORT)) { build_progress("Missing PROXY PORT....", 110); return; } build_progress("Creating wpad.{$DOMAIN}....", 10); $webserver = "wpad.{$DOMAIN}"; $sock->SET_INFO("EnableFreeWeb", 1); build_progress("Creating wpad.{$DOMAIN} (loading class)", 11); $free = new freeweb($webserver); $free->servername = $webserver; $free->groupware = "WPADDYN"; $free->Params["ServerAlias"]["wpad"] = true; $free->CreateSite(); build_progress("Building wpad.{$DOMAIN} and alias wpad", 15); build_progress("Creating wpad.{$DOMAIN} (saving configuration)", 12); build_progress("Creating wpad.{$DOMAIN} (reloading configuration)", 13); rebuild_vhost($webserver); build_progress("Creating wpad.{$DOMAIN} (reloading configuration {done})", 14); build_progress("Building first rule...", 15); $rulnename = mysql_escape_string2("Wizard - all to {$PROXY}:{$PORT}"); $sql = "INSERT IGNORE INTO `wpad_rules` (`rulename`,`enabled`,`zorder`,`dntlhstname`) VALUES ('{$rulnename}',1,0,1)"; $q = new mysql_squid_builder(); if (!$q->FIELD_EXISTS("wpad_rules", "zorder")) { $q->QUERY_SQL("ALTER TABLE `wpad_rules` ADD `zorder` smallint( 2 ) DEFAULT '0',ADD INDEX (`zorder`)"); } if (!$q->FIELD_EXISTS("wpad_sources_link", "zorder")) { $q->QUERY_SQL("ALTER TABLE `wpad_sources_link` ADD `zorder` smallint( 2 ) DEFAULT '0',ADD INDEX (`zorder`)"); } if (!$q->FIELD_EXISTS("wpad_rules", "dntlhstname")) { $q->QUERY_SQL("ALTER TABLE `wpad_rules` ADD `dntlhstname` smallint( 1 ) DEFAULT '0'"); } if (!$q->FIELD_EXISTS("wpad_destination_rules", "rulename")) { $q->QUERY_SQL("ALTER TABLE `wpad_destination_rules` ADD `rulename` VARCHAR(255) NOT NULL, ADD INDEX (`rulename`)"); build_progress("Building first rule...MySQL error", 110); if (!$q->ok) { echo $q->mysql_error . "\n"; } return; } $q->QUERY_SQL($sql); if (!$q->ok) { echo $q->mysql_error . "\n"; build_progress("Building first rule...MySQL error", 110); return; } $MAIN_RULE_ID = intval($q->last_id); if ($MAIN_RULE_ID == 0) { build_progress("Building first rule...MAIN_RULE_ID = 0!", 110); return; } $zmd5 = md5("{$MAIN_RULE_ID}{$PROXY}{$PORT}"); build_progress("Add destination {$PROXY}:{$PORT}", 20); $q->QUERY_SQL("INSERT IGNORE INTO wpad_destination (zmd5,aclid,proxyserver,proxyport,zorder)\n\t\t\tVALUES ('{$zmd5}','{$MAIN_RULE_ID}','{$PROXY}','{$PORT}',0)"); if (!$q->ok) { echo $q->mysql_error . "\n"; build_progress("Add destination {$PROXY}:{$PORT} MySQL error", 110); return; } build_progress("Creating Proxy object `Everyone`", 25); $ligne = mysql_fetch_array($q->QUERY_SQL("SELECT ID FROM webfilters_sqgroups WHERE `GroupType`='all'")); $SourceGroupID = intval($ligne["ID"]); if ($SourceGroupID == 0) { $sql = "INSERT IGNORE INTO webfilters_sqgroups (GroupName,GroupType,enabled,`acltpl`,`params`) VALUES ('Everyone','all','1','','');"; $q->QUERY_SQL($sql); if (!$q->ok) { echo $q->mysql_error . "\n"; build_progress("Creating Proxy object `Everyone` MySQL error", 110); return; } $SourceGroupID = intval($q->last_id); } if ($SourceGroupID == 0) { build_progress("Creating Proxy object `Everyone` SourceGroupID = 0!", 110); return; } build_progress("Creating Proxy object `WPAD - Local networks`", 25); $ligne = mysql_fetch_array($q->QUERY_SQL("SELECT ID FROM webfilters_sqgroups WHERE `GroupName`='WPAD - Local networks'")); $NetWorkGroupID = intval($ligne["ID"]); if ($NetWorkGroupID == 0) { $sql = "INSERT IGNORE INTO webfilters_sqgroups (GroupName,GroupType,enabled,`acltpl`,`params`) \n\t\t\t\tVALUES ('WPAD - Local networks','src','1','','');"; $q->QUERY_SQL($sql); if (!$q->ok) { echo $q->mysql_error . "\n"; build_progress("Creating Proxy object `WPAD - Local networks` MySQL error", 110); return; } $NetWorkGroupID = intval($q->last_id); } if ($NetWorkGroupID == 0) { build_progress("Creating Proxy object `WPAD - Local networks` NetWorkGroupID = 0!", 110); return; } $IP = new IP(); $LOCALNET_ARRAY = array(); if (strpos($LOCALNET, ",") > 0) { $LOCALNET_ARRAY_TEMP = explode(",", $LOCALNET); while (list($none, $line) = each($LOCALNET_ARRAY_TEMP)) { $line = trim($line); if (!$IP->isIPAddressOrRange($line)) { continue; } $LOCALNET_ARRAY[] = "('{$line}','{$NetWorkGroupID}','1','')"; } } else { if ($IP->isIPAddressOrRange(trim($LOCALNET))) { $LOCALNET_ARRAY[] = "('{$LOCALNET}','{$NetWorkGroupID}','1','')"; } } build_progress("Filling Proxy object `WPAD - Local networks`", 30); $q->QUERY_SQL("DELETE FROM webfilters_sqitems WHERE gpid={$NetWorkGroupID}"); if (!$q->ok) { echo $q->mysql_error . "\n"; build_progress("Filling Proxy object `WPAD - Local networks` MySQL error", 110); return; } $sql = "INSERT INTO webfilters_sqitems (pattern,gpid,enabled,other)\n\tVALUES " . @implode(",", $LOCALNET_ARRAY); $q->QUERY_SQL($sql); if (!$q->ok) { echo $q->mysql_error . "\n"; build_progress("Filling Proxy object `WPAD - Local networks` MySQL error", 110); return; } build_progress("Linking Everyone - {$SourceGroupID} - to rule {$MAIN_RULE_ID}", 30); $zmd5 = md5("{$MAIN_RULE_ID}{$SourceGroupID}"); $q->QUERY_SQL("INSERT INTO wpad_sources_link (zmd5,aclid,negation,gpid,zorder) VALUES ('{$zmd5}','{$MAIN_RULE_ID}','0','{$SourceGroupID}',1)"); if (!$q->ok) { echo $q->mysql_error . "\n"; build_progress("MySQL error", 110); return; } $zmd5 = md5("{$MAIN_RULE_ID}{$NetWorkGroupID}"); build_progress("Linking WPAD - Local networks - {$NetWorkGroupID} - to rule {$MAIN_RULE_ID}", 50); $q->QUERY_SQL("INSERT INTO wpad_white_link (zmd5,aclid,negation,gpid,zorder) VALUES ('{$zmd5}','{$MAIN_RULE_ID}','0','{$NetWorkGroupID}',1)"); if (!$q->ok) { echo $q->mysql_error . "\n"; build_progress("MySQL error", 110); return; } build_progress("{success}", 100); }
function item_import() { $page = CurrentPageName(); $tpl = new templates(); $ID = $_POST["item-id"]; $gpid = $_POST["ID"]; $q = new mysql_squid_builder(); $ligne = mysql_fetch_array($q->QUERY_SQL("SELECT GroupType FROM webfilters_sqgroups WHERE ID='{$gpid}'")); $GroupType = $ligne["GroupType"]; $t = array(); $sqladd = "INSERT IGNORE INTO webfilters_sqitems (pattern,gpid,enabled,other) VALUES "; $Patterns = array(); $f = explode("\n", $_POST["item-import"]); $ipClass = new IP(); while (list($num, $pattern) = each($f)) { if (trim($pattern) == null) { continue; } if ($GroupType == "url_regex_extensions") { if (preg_match("#\\.(.+?)\$#", $pattern, $re)) { $pattern = $re[1]; } } if ($GroupType == "dstdomain") { if (preg_match("#\\/\\/#", $pattern)) { $URLAR = parse_url($pattern); if (isset($URLAR["host"])) { $pattern = $URLAR["host"]; } } if (preg_match("#^www.(.*)#", $pattern, $re)) { $pattern = $re[1]; } if (preg_match("#(.*?)\\/#", $pattern, $re)) { $pattern = $re[1]; } } if ($GroupType == "arp") { $pattern = trim(strtoupper($pattern)); $pattern = str_replace("-", ":", $pattern); } if ($GroupType == "dst") { if (!$ipClass->isIPAddressOrRange($pattern)) { continue; } } if ($GroupType == "src") { if (!$ipClass->isIPAddressOrRange($pattern)) { continue; } } $ligne = mysql_fetch_array($q->QUERY_SQL("SELECT ID FROM webfilters_sqitems WHERE gpid='{$gpid}' AND pattern='{$pattern}'")); if (trim($ligne["ID"]) > 0) { continue; } $Patterns[$pattern] = true; } if (count($Patterns) > 0) { while (list($a, $b) = each($Patterns)) { $t[] = "('{$a}','{$gpid}','1','')"; } } if (count($t) > 0) { $sql = $sqladd . @implode(",", $t); $q->QUERY_SQL($sql); if (!$q->ok) { echo $q->mysql_error . "\n***\n{$sql}\n****\n"; return; } } }
function apache_firewall() { $q = new mysql(); $unix = new unix(); $APACHE_SRC_ACCOUNT = $unix->APACHE_SRC_ACCOUNT(); $APACHE_SRC_GROUP = $unix->APACHE_SRC_GROUP(); if ($q->COUNT_ROWS("iptables_webint", "artica_backup") == 0) { return null; } $f[] = "Order Allow,Deny"; $ipClass = new IP(); $c = 0; $results = $q->QUERY_SQL("SELECT * FROM iptables_webint", "artica_backup"); while ($ligne = mysql_fetch_assoc($results)) { $pattern = $ligne["pattern"]; if (!$ipClass->isIPAddressOrRange($pattern)) { continue; } $f[] = "\tAllow from {$pattern}"; $c++; } if (count($c) > 0) { $f[] = "\tAllow from 127.0.0.1"; return @implode("\n", $f); } }
function firewall_rules($type = 0) { if (isset($GLOBALS["FWRLS"][$type])) { return $GLOBALS["FWRLS"][$type]; } $Ipclass = new IP(); $q = new mysql_squid_builder(); $f = array(); $array[100] = "garbage"; $array[0] = "global"; $array[1] = "known-users"; $array[2] = "unknown-users"; $results = $q->QUERY_SQL("SELECT * FROM hotspot_networks WHERE hotspoted={$type} AND direction=0 ORDER BY zorder"); $Count = mysql_num_rows($results); if ($GLOBALS["OUTPUT"]) { echo "Configuring...: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]}: Checking \"{$array[$type]}\" {$Count} rule(s)\n"; } if ($Count == 0) { if ($type == 1) { return "FirewallRule allow to 0.0.0.0/0"; } return; } while ($ligne = mysql_fetch_assoc($results)) { $hotspoted = $ligne["hotspoted"]; $proto = $ligne["proto"]; $port = $ligne["port"]; if ($port == 0) { $port = null; } $pattern = $ligne["pattern"]; $action = $ligne["action"]; $s = array(); $s[] = $action; if ($proto != null) { $s[] = $proto; } if ($port != null) { $s[] = "port {$port}"; } if (!$Ipclass->isIPAddressOrRange($pattern)) { if ($GLOBALS["OUTPUT"]) { echo "Configuring...: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]}: resolving \"{$pattern}\"\n"; } $pattern = gethostbyname($pattern); } if (!$Ipclass->isIPAddressOrRange($pattern)) { if ($GLOBALS["OUTPUT"]) { echo "Configuring...: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]}: unable to resolve {$ligne["pattern"]}\n"; } continue; } $s[] = "to {$pattern}"; $f[] = "\tFirewallRule " . @implode(" ", $s); } if ($type == 1) { if (count($f) == 0) { $f[] = "\tFirewallRule allow to 0.0.0.0/0"; } } if ($type == 0) { if (count($f) == 0) { $f[] = "\tFirewallRule drop to 0.0.0.0/0"; } } $GLOBALS["FWRLS"][$type] = @implode("\n", $f); return $GLOBALS["FWRLS"][$type]; }
function pattern_save() { $q = new mysql_meta(); $ipclass = new IP(); $tr = explode("\n", $_POST["pattern-save"]); $f = array(); while (list($num, $ligne) = each($tr)) { $ligne = trim($ligne); if ($ligne == null) { continue; } if (!$ipclass->isIPAddressOrRange($ligne)) { echo "{$ligne} Not a range or IP address\n"; continue; } $f[] = "('{$_POST["groupid"]}','{$_POST["destport"]}','{$_POST["include"]}','{$ligne}')"; } if (count($f) > 0) { $sql = "INSERT IGNORE INTO `proxy_ports_wbl` (`groupid`,`destport`,`include`,`pattern`) VALUES " . @implode(",", $f); $q->QUERY_SQL($sql); if (!$q->ok) { echo $q->mysql_error; return; } } }
function InSquid($reconfigure_squid = false) { $unix = new unix(); $sock = new sockets(); $ipClass = new IP(); $q = new mysql_squid_builder(); $acls = new squid_acls(); $acls->clean_dstdomains(); build_progress_squidr("{checking} {whitelist}", 30); $sql = "CREATE TABLE IF NOT EXISTS `privoxy_whitelist` (\n\t\t\t\t`items` VARCHAR(256) NOT NULL PRIMARY KEY\n\t\t\t\t) ENGINE=MYISAM;"; $q->QUERY_SQL($sql); $results = $q->QUERY_SQL("SELECT * FROM privoxy_whitelist"); $ACLS = array(); $ACLS["IPS"] = array(); $ACLS["DOMS"] = array(); while ($ligne = mysql_fetch_assoc($results)) { $items = trim(strtolower($ligne["items"])); if ($ipClass->isIPAddressOrRange($items)) { $ACLS["IPS"][$items] = $items; } $ACLS["DOMS"][$items] = $items; } $ipacls = array(); $ACLS["DOMS"]["apple.com"] = "apple.com"; $ACLS["DOMS"]["windowsupdate.com"] = "windowsupdate.com"; $ACLS["DOMS"]["googleapis.com"] = "googleapis.com"; $ACLS["DOMS"]["mozilla.net"] = "mozilla.net"; $ACLS["DOMS"]["teamviewer.com"] = "teamviewer.com"; $ACLS["DOMS"]["microsoft.com"] = "microsoft.com"; $ACLS["DOMS"]["artica.fr"] = "artica.fr"; if (count($ACLS["IPS"]) > 0) { while (list($num, $line) = each($ACLS["IPS"])) { $ipacls[] = $line; } } if (count($ACLS["DOMS"]) > 0) { while (list($num, $line) = each($ACLS["DOMS"])) { $domacls[] = $line; } } if (count($domacls) > 0) { $domacls = $acls->clean_dstdomains($domacls); } $PrivoxyPort = intval($sock->GET_INFO("PrivoxyPort")); $f = explode("\n", @file_get_contents("/etc/squid3/squid.conf")); $privoxyInSquid = false; while (list($num, $line) = each($f)) { if (preg_match("#include.*?privoxy\\.conf#", $line)) { $privoxyInSquid = true; break; } } $InSquid[] = "acl AntiAdsPost method POST"; if (count($domacls) > 0) { @file_put_contents("/etc/squid3/AntiAdsDenyWeb.acl", @implode("\n", $domacls)); $InSquid[] = "acl AntiAdsDenyWeb dstdomain \"/etc/squid3/AntiAdsDenyWeb.acl\""; } if (count($ipacls) > 0) { @file_put_contents("/etc/squid3/AntiAdsDenyIP.acl", @implode("\n", $ipacls)); $InSquid[] = "acl AntiAdsDenyIP dst \"/etc/squid3/AntiAdsDenyIP.acl\""; } $InSquid[] = "cache_peer 127.0.0.1 parent {$PrivoxyPort} 7 no-query no-digest no-netdb-exchange name=AntiAds"; $InSquid[] = "always_direct allow FTP"; if (count($ipacls) > 0) { $InSquid[] = "cache_peer_access AntiAds deny AntiAdsDenyIP"; } if (count($domacls) > 0) { $InSquid[] = "cache_peer_access AntiAds deny AntiAdsDenyWeb"; } $InSquid[] = "cache_peer_access AntiAds deny AntiAdsPost"; $InSquid[] = "cache_peer_access AntiAds allow all"; @file_put_contents("/etc/squid3/privoxy.conf", @implode("\n", $InSquid)); if ($GLOBALS["OUTPUT"]) { echo "Configuring...: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} /etc/squid3/privoxy.conf done\n"; } build_progress_squidr("{reconfiguring}", 50); if ($privoxyInSquid == false) { $php = $unix->LOCATE_PHP5_BIN(); if ($GLOBALS["OUTPUT"]) { echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} Reconfiguring Squid-cache\n"; } shell_exec("{$php} /usr/share/artica-postfix/exec.squid.php --build --force"); } if ($reconfigure_squid) { build_progress_squidr("{reloading}", 90); $squidbin = $unix->LOCATE_SQUID_BIN(); system("{$squidbin} -f /etc/squid3/squid.conf -k reconfigure"); } build_progress_squidr("{done}", 100); }
function firewall_rules($type = 0) { if (isset($GLOBALS["FWRLS"][$type])) { return $GLOBALS["FWRLS"][$type]; } $HotSpotWhiteWhatsApp = intval(@file_get_contents("/etc/artica-postfix/settings/Daemons/HotSpotWhiteWhatsApp")); $Ipclass = new IP(); $q = new mysql_squid_builder(); $f = array(); $array[100] = "garbage"; $array[0] = "global"; $array[1] = "known-users"; $array[2] = "unknown-users"; if ($type == 1) { if ($HotSpotWhiteWhatsApp == 1) { $f[] = "FirewallRule allow tcp port 5222"; $f[] = "FirewallRule allow tcp port 5223"; $f[] = "FirewallRule allow tcp port 5228"; } } //-------------------------------------------------------------------------- $sql = "SELECT * FROM `hotspot_whitelist`"; $results = $q->QUERY_SQL($sql); while ($ligne = mysql_fetch_assoc($results)) { $f[] = "\tFirewallRule allow to {$ligne["ipaddr"]}"; } //-------------------------------------------------------------------------- $results = $q->QUERY_SQL("SELECT * FROM hotspot_networks WHERE hotspoted={$type} AND direction=0 ORDER BY zorder"); $Count = mysql_num_rows($results); if ($GLOBALS["OUTPUT"]) { echo "Configuring...: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]}: Checking \"{$array[$type]}\" {$Count} rule(s)\n"; } if ($Count == 0) { $f[] = "# Type {$type} No rule set"; if ($type == 1) { $f[] = "FirewallRule allow to 0.0.0.0/0"; } return @implode("\n", $f); } while ($ligne = mysql_fetch_assoc($results)) { $hotspoted = $ligne["hotspoted"]; $proto = $ligne["proto"]; $port = $ligne["port"]; if ($port == 0) { $port = null; } $pattern = $ligne["pattern"]; $action = $ligne["action"]; $s = array(); $s[] = $action; if ($proto != null) { $s[] = $proto; } if ($port != null) { $s[] = "port {$port}"; } $f[] = "# Type {$type} to {$pattern}/{$proto} port:{$port} action={$action} "; if (!$Ipclass->isIPAddressOrRange($pattern)) { $f[] = "# ! {$pattern} isIPAddressOrRange -> false -> try to resolve"; if ($GLOBALS["OUTPUT"]) { echo "Configuring...: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]}: resolving \"{$pattern}\"\n"; } $pattern = gethostbyname($pattern); } if (!$Ipclass->isIPAddressOrRange($pattern)) { $f[] = "# ! {$pattern} isIPAddressOrRange -> false"; if ($GLOBALS["OUTPUT"]) { echo "Configuring...: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]}: unable to resolve {$ligne["pattern"]}\n"; } continue; } $s[] = "to {$pattern}"; $f[] = "\tFirewallRule " . @implode(" ", $s); } if ($type == 1) { if (count($f) == 0) { $f[] = "\tFirewallRule allow to 0.0.0.0/0"; } } if ($type == 0) { if (count($f) == 0) { $f[] = "\tFirewallRule drop to 0.0.0.0/0"; } } $GLOBALS["FWRLS"][$type] = @implode("\n", $f); return $GLOBALS["FWRLS"][$type]; }
function build() { $sock = new sockets(); $unix = new unix(); $EnableArticaHotSpot = $sock->GET_INFO("EnableArticaHotSpot"); $SquidHotSpotPort = $sock->GET_INFO("SquidHotSpotPort"); $ArticaHotSpotPort = $sock->GET_INFO("ArticaHotSpotPort"); $ArticaSSLHotSpotPort = $sock->GET_INFO("ArticaSSLHotSpotPort"); $ArticaSplashHotSpotPort = $sock->GET_INFO("ArticaSplashHotSpotPort"); $ArticaSplashHotSpotPortSSL = $sock->GET_INFO("ArticaSplashHotSpotPortSSL"); $ArticaHotSpotInterface = $sock->GET_INFO("ArticaHotSpotInterface"); $EnableArticaHotSpotCAS = $sock->GET_INFO("EnableArticaHotSpotCAS"); if (!is_numeric($EnableArticaHotSpotCAS)) { $EnableArticaHotSpotCAS = 0; } $HospotHTTPServerName = trim($sock->GET_INFO("HospotHTTPServerName")); if ($ArticaHotSpotPort == 0) { $ArticaHotSpotPort = rand(38000, 64000); $sock->SET_INFO("ArticaHotSpotPort", $ArticaHotSpotPort); } if ($ArticaSSLHotSpotPort == 0) { $ArticaSSLHotSpotPort = rand(38500, 64000); $sock->SET_INFO("ArticaSSLHotSpotPort", $ArticaSSLHotSpotPort); } if ($ArticaHotSpotInterface == null) { $ArticaHotSpotInterface = "eth0"; } if (!is_numeric($ArticaSplashHotSpotPort)) { $ArticaSplashHotSpotPort = 16080; } if (!is_numeric($ArticaSplashHotSpotPortSSL)) { $ArticaSplashHotSpotPortSSL = 16443; } $unix = new unix(); $NETWORK_ALL_INTERFACES = $unix->NETWORK_ALL_INTERFACES(); $ipaddr = $NETWORK_ALL_INTERFACES[$ArticaHotSpotInterface]["IPADDR"]; $GLOBALS["HOSTPOT_WEB_INTERFACE"] = $ipaddr; $time = time(); $suffixTables = "-m comment --comment \"ArticaHotSpot-{$time}\""; $q = new mysql_squid_builder(); $ipClass = new IP(); $iptables = $unix->find_program("iptables"); defaults_ports(); $f[] = ebtables_rules(); if ($GLOBALS["EBTABLES"]) { $GLOBALS["MARKHTTP"] = null; $GLOBALS["MARKHTTPS"] = null; } if (!$GLOBALS["EBTABLES"]) { $f[] = "{$iptables} -t mangle -N internet -m comment --comment ArticaHotSpot-{$time}"; $f[] = "{$iptables} -t mangle -N internssl -m comment --comment ArticaHotSpot-{$time}"; $f[] = "{$iptables} -t mangle -A internet -j MARK --set-mark 99 -m comment --comment ArticaHotSpot-{$time}"; $f[] = "{$iptables} -t mangle -A internssl -j MARK --set-mark 98 -m comment --comment ArticaHotSpot-{$time}"; } if ($GLOBALS["OUTPUT"]) { echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} C.A.S : {$EnableArticaHotSpotCAS}\n"; } $Squid_http_address = "127.0.0.1:{$ArticaHotSpotPort}"; $webserver_http_address = "{$ipaddr}:{$ArticaSplashHotSpotPort}"; $c = 0; if ($EnableArticaHotSpotCAS == 1) { $ArticaHotSpotCASHost = $sock->GET_INFO("ArticaHotSpotCASHost"); $ArticaHotSpotCASPort = $sock->GET_INFO("ArticaHotSpotCASPort"); $f[] = whitelist_destination($ArticaHotSpotCASHost); } $sql = "SELECT * FROM `hotspot_whitelist`"; $results = $q->QUERY_SQL($sql); if (!$q->ok) { if ($GLOBALS["OUTPUT"]) { echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} {$q->mysql_error}\n"; } return; } $Total = mysql_num_rows($results); if ($GLOBALS["OUTPUT"]) { echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} {$Total} whitelisted websites\n"; } while ($ligne = mysql_fetch_assoc($results)) { $f[] = whitelist_webserver($ligne["ipaddr"], $ligne["port"], $ligne["ssl"]); } $sql = "SELECT * FROM `hotspot_networks` WHERE hotspoted=0"; $results = $q->QUERY_SQL($sql); if (!$q->ok) { if ($GLOBALS["OUTPUT"]) { echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} {$q->mysql_error}\n"; } return; } $Total = mysql_num_rows($results); if ($GLOBALS["OUTPUT"]) { echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} {$Total} whitelisted\n"; } while ($ligne = mysql_fetch_assoc($results)) { $pattern = $ligne["pattern"]; if ($ipClass->IsvalidMAC($pattern)) { $c++; $f[] = redirect_mac_to_proxy($pattern); continue; } if ($ipClass->isIPAddressOrRange($pattern)) { $c++; if ($GLOBALS["OUTPUT"]) { echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Whitelist IP: {$pattern} {$ArticaHotSpotPort}/{$ArticaSSLHotSpotPort}\n"; } $f[] = redirect_ip_to_proxy($pattern); continue; } if ($GLOBALS["OUTPUT"]) { echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Unkown `{$pattern}`\n"; } } $sql = "SELECT * FROM `hotspot_networks` WHERE hotspoted=1"; $results = $q->QUERY_SQL($sql); if (!$q->ok) { if ($GLOBALS["OUTPUT"]) { echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} {$q->mysql_error}\n"; } return; } $Total = mysql_num_rows($results); if ($GLOBALS["OUTPUT"]) { echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} {$Total} hotspoted\n"; } while ($ligne = mysql_fetch_assoc($results)) { $pattern = $ligne["pattern"]; $restrict_web = $ligne["restrict_web"]; if ($ipClass->IsvalidMAC($pattern)) { $c++; if ($GLOBALS["OUTPUT"]) { echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} hostpot MAC: {$pattern} {$ipaddr}:{$ArticaSplashHotSpotPort}/{$ipaddr}:{$ArticaSplashHotSpotPortSSL}\n"; } $f[] = redirect_mac_to_splash($pattern, $restrict_web); continue; } if ($ipClass->isIPAddressOrRange($pattern)) { $c++; if ($GLOBALS["OUTPUT"]) { echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} hostpot IP: {$pattern} {$ipaddr}:{$ArticaSplashHotSpotPort} - {$ipaddr}:{$ArticaSplashHotSpotPortSSL}\n"; } $f[] = redirect_ip_to_splash($pattern, $restrict_web); continue; } if ($GLOBALS["OUTPUT"]) { echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Unkown `{$pattern}`\n"; } } if ($GLOBALS["OUTPUT"]) { echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} {$c} rule(s)\n"; } if ($c == 0) { $f[] = redirect_ip_to_splash("0.0.0.0/0"); } $f[] = "{$iptables} -t nat -A POSTROUTING -j MASQUERADE {$suffixTables}"; @file_put_contents("/etc/artica-postfix/hotspot.conf", @implode("\n", $f)); }
function item_add() { $addr = $_POST["addr"]; $ip = new IP(); if (!$ip->isIPAddressOrRange($addr)) { echo "Wrong Network Address or range \"{$addr}\""; return; } $q = new mysql(); $sql = "INSERT IGNORE INTO pdns_restricts (`address`) VALUES('{$addr}')"; $q->QUERY_SQL($sql, "artica_backup"); if (!$q->ok) { echo $q->mysql_error; return; } $sock = new sockets(); $sock->getFrameWork("pdns.php?reconfigure=yes"); }
function TrustedNetworks() { $ipClass = new IP(); $q = new mysql(); $sql = "SELECT * FROM postfix_whitelist_con"; $results = $q->QUERY_SQL($sql, "artica_backup"); if (!$q->ok) { echo "{$q->mysql_error}\n"; } while ($ligne = mysql_fetch_array($results, MYSQL_ASSOC)) { if ($ipClass->isIPAddressOrRange($ligne["ipaddr"])) { $f[] = "trusted_networks {$ligne["ipaddr"]}"; } $hostname = trim(strtolower($ligne["hostname"])); if (strlen($hostname) < 3) { continue; } if ($hostname == null) { continue; } if (!$ipClass->isIPAddressOrRange($ligne["ipaddr"])) { $f[] = "whitelist_from_rcvd *@* {$hostname}"; } } $sql = "SELECT ID,pattern FROM miltergreylist_acls WHERE `method`='whitelist' AND `type`='addr'"; $results = $q->QUERY_SQL($sql, "artica_backup"); while ($ligne = mysql_fetch_assoc($results)) { $ipaddr = trim($ligne["pattern"]); if ($ipaddr == null) { continue; } if ($ipaddr == "127.0.0.1/8") { $ipaddr = "127.0.0.0/8"; } if (!$ipClass->isIPAddressOrRange($ipaddr)) { continue; } $f[] = "trusted_networks {$ipaddr}"; } $sql = "SELECT ID,pattern FROM miltergreylist_acls WHERE `method`='whitelist' AND `type`='from'"; $results = $q->QUERY_SQL($sql, "artica_backup"); while ($ligne = mysql_fetch_assoc($results)) { $from = trim($ligne["pattern"]); if ($from == null) { continue; } if ($ipClass->isIPAddressOrRange($from)) { continue; } $from = str_replace(".*", "*", $from); $f[] = "whitelist_from {$from}"; } $ldap = new clladp(); $nets = $ldap->load_mynetworks(); if (!is_array($nets)) { $f[] = "trusted_networks 127.0.0.0/8"; } while (list($num, $network) = each($nets)) { $cleaned[$network] = $network; } unset($nets); while (list($network, $network2) = each($cleaned)) { $nets[] = $network; } while (list($a, $b) = each($nets)) { $f[] = "trusted_networks {$b}"; } $sql = "SELECT * FROM postfix_global_whitelist WHERE enabled=1 AND score=0 ORDER BY sender"; $q = new mysql(); $results = $q->QUERY_SQL($sql, "artica_backup"); while ($ligne = @mysql_fetch_array($results, MYSQL_ASSOC)) { $f[] = "whitelist_from {$ligne["sender"]}"; } $count = count($f); echo "Starting......: " . date("H:i:s") . " spamassassin Whitelisted ({$count} rows) done\n"; $user = new usersMenus(); $init_pre = dirname($user->spamassassin_conf_path) . "/trusted_nets.pre"; $final = @implode("\n", $f) . "\n"; @file_put_contents($init_pre, $final); }
function pattern_save() { $q = new mysql_squid_builder(); $ipclass = new IP(); $tr = explode("\n", $_POST["pattern-save"]); $f = array(); while (list($num, $ligne) = each($tr)) { $ligne = trim($ligne); if ($ligne == null) { continue; } if (!$ipclass->isIPAddressOrRange($ligne)) { continue; } $f[] = "('{$_POST["portid"]}','{$_POST["include"]}','{$ligne}')"; } if (count($f) > 0) { $sql = "INSERT IGNORE INTO `proxy_ports_wbl` (portid,`include`,`pattern`) VALUES " . @implode(",", $f); $q->QUERY_SQL($sql); if (!$q->ok) { echo $q->mysql_error; } } }