Пример #1
0
function build()
{
    $unix = new unix();
    $sock = new sockets();
    $ClamavStreamMaxLength = $sock->GET_INFO("ClamavStreamMaxLength");
    $ClamavMaxRecursion = $sock->GET_INFO("ClamavMaxRecursion");
    $ClamavMaxFiles = $sock->GET_INFO("ClamavMaxFiles");
    $PhishingScanURLs = $sock->GET_INFO("PhishingScanURLs");
    $ClamavMaxScanSize = $sock->GET_INFO("ClamavMaxScanSize");
    $ClamavMaxFileSize = $sock->GET_INFO("ClamavMaxFileSize");
    $ClamavTemporaryDirectory = $sock->GET_INFO("ClamavTemporaryDirectory");
    if ($ClamavTemporaryDirectory == null) {
        $ClamavTemporaryDirectory = "/home/clamav";
    }
    if (!is_numeric($ClamavStreamMaxLength)) {
        $ClamavStreamMaxLength = 12;
    }
    if (!is_numeric($ClamavMaxRecursion)) {
        $ClamavMaxRecursion = 5;
    }
    if (!is_numeric($ClamavMaxFiles)) {
        $ClamavMaxFiles = 10000;
    }
    if (!is_numeric($PhishingScanURLs)) {
        $PhishingScanURLs = 1;
    }
    if (!is_numeric($ClamavMaxScanSize)) {
        $ClamavMaxScanSize = 15;
    }
    if (!is_numeric($ClamavMaxFileSize)) {
        $ClamavMaxFileSize = 20;
    }
    if ($GLOBALS["OUTPUT"]) {
        echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} MaxFileSize: {$ClamavMaxFileSize}M\n";
    }
    $dirs[] = "/var/clamav";
    $dirs[] = "/var/run/clamav";
    $dirs[] = "/var/lib/clamav";
    $dirs[] = "/var/log/clamav";
    $dirs[] = $ClamavTemporaryDirectory;
    while (list($i, $directory) = each($dirs)) {
        @mkdir($directory, 0755, true);
        @chmod($directory, 0755);
        @chown($directory, "clamav");
        @chgrp($directory, "clamav");
        if ($GLOBALS["OUTPUT"]) {
            echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} Permissions on {$directory}\n";
        }
        $unix->chown_func("clamav", "clamav", $directory . "/*");
    }
    $PhishingScanURLs_text = "no";
    if ($PhishingScanURLs == 1) {
        $PhishingScanURLs_text = "yes";
    }
    $unix->SystemCreateUser("clamav", "clamav");
    $f[] = "LocalSocket /var/run/clamav/clamav.sock";
    $f[] = "FixStaleSocket true";
    $f[] = "User clamav";
    $f[] = "AllowSupplementaryGroups true";
    $f[] = "ScanMail true";
    $f[] = "ScanArchive true";
    $f[] = "#ArchiveLimitMemoryUsage false (depreciated)";
    $f[] = "ArchiveBlockEncrypted false";
    $f[] = "MaxDirectoryRecursion 15";
    $f[] = "FollowDirectorySymlinks false";
    $f[] = "FollowFileSymlinks false";
    $f[] = "ReadTimeout 180";
    $f[] = "MaxThreads 12";
    $f[] = "MaxConnectionQueueLength 15";
    $f[] = "StreamMaxLength {$ClamavStreamMaxLength}M";
    $f[] = "MaxFileSize {$ClamavMaxFileSize}M";
    $f[] = "MaxScanSize {$ClamavMaxFileSize}M";
    $f[] = "MaxFiles 10000";
    $f[] = "MaxRecursion {$ClamavMaxRecursion}";
    $f[] = "LogSyslog true";
    $f[] = "LogFacility LOG_LOCAL6";
    $f[] = "LogClean false";
    $f[] = "LogVerbose false";
    $f[] = "PidFile /var/run/clamav/clamd.pid";
    $f[] = "TemporaryDirectory {$ClamavTemporaryDirectory}";
    $f[] = "DatabaseDirectory /var/lib/clamav";
    $f[] = "SelfCheck 3600";
    $f[] = "Foreground false";
    $f[] = "Debug false";
    $f[] = "ScanPE true";
    $f[] = "ScanOLE2 true";
    $f[] = "ScanHTML true";
    $f[] = "DetectBrokenExecutables false";
    $f[] = "#MailFollowURLs false (depreciated)";
    $f[] = "ExitOnOOM false";
    $f[] = "LeaveTemporaryFiles false";
    $f[] = "AlgorithmicDetection true";
    $f[] = "ScanELF true";
    $f[] = "IdleTimeout 30";
    $f[] = "PhishingSignatures true";
    $f[] = "PhishingScanURLs {$PhishingScanURLs_text}";
    $f[] = "PhishingAlwaysBlockSSLMismatch false";
    $f[] = "PhishingAlwaysBlockCloak false";
    $f[] = "DetectPUA false";
    $f[] = "ScanPartialMessages false";
    $f[] = "HeuristicScanPrecedence false";
    $f[] = "StructuredDataDetection false";
    $f[] = "LogFile /var/log/clamav/clamd.log";
    $f[] = "LogTime true";
    $f[] = "LogFileUnlock false";
    $f[] = "LogFileMaxSize 0";
    $f[] = "TemporaryDirectory /var/clamav/tmp";
    @file_put_contents("/etc/clamav/clamd.conf", @implode("\n", $f));
    if ($GLOBALS["OUTPUT"]) {
        echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} /etc/clamav/clamd.conf done\n";
    }
}
Пример #2
0
function build()
{
    $sock = new sockets();
    $EnableRemoteStatisticsAppliance = $sock->GET_INFO("EnableRemoteStatisticsAppliance");
    if (!is_numeric($EnableRemoteStatisticsAppliance)) {
        $EnableRemoteStatisticsAppliance = 0;
    }
    if ($EnableRemoteStatisticsAppliance == 1) {
        return;
    }
    send_email_events("Order to rebuild filters configuration", @implode("\nParams:", $argv), "proxy");
    $funtion = __FUNCTION__;
    if (!isset($GLOBALS["VERBOSE"])) {
        $GLOBALS["VERBOSE"] = false;
    }
    if ($GLOBALS["VERBOSE"]) {
        echo "{$funtion}::" . __LINE__ . " Loading libraries\n";
    }
    $users = new usersMenus();
    $sock = new sockets();
    $unix = new unix();
    $php5 = $unix->LOCATE_PHP5_BIN();
    $chown = $unix->find_program("chown");
    $chmod = $unix->find_program("chmod");
    $squidbin = $unix->find_program("squid3");
    $nohup = $unix->find_program("nohup");
    $unix->SystemCreateUser("squid", "squid");
    @mkdir("/var/tmp", 0775, true);
    $EnableWebProxyStatsAppliance = $sock->GET_INFO("EnableWebProxyStatsAppliance");
    $EnableRemoteStatisticsAppliance = $sock->GET_INFO("EnableRemoteStatisticsAppliance");
    if (!is_numeric($EnableWebProxyStatsAppliance)) {
        $EnableWebProxyStatsAppliance = 0;
    }
    if (!is_numeric($EnableRemoteStatisticsAppliance)) {
        $EnableRemoteStatisticsAppliance = 0;
    }
    $UseRemoteUfdbguardService = $sock->GET_INFO('UseRemoteUfdbguardService');
    if (!is_file($squidbin)) {
        $squidbin = $unix->find_program("squid");
    }
    $EnableUfdbGuard = intval($sock->EnableUfdbGuard());
    $SQUIDEnable = $sock->GET_INFO("SQUIDEnable");
    if (!is_numeric($SQUIDEnable)) {
        $SQUIDEnable = 1;
    }
    if (!is_numeric($UseRemoteUfdbguardService)) {
        $UseRemoteUfdbguardService = 0;
    }
    if ($GLOBALS["VERBOSE"]) {
        echo "DEBUG::{$funtion}:: EnableWebProxyStatsAppliance={$EnableWebProxyStatsAppliance}\n";
    }
    if ($GLOBALS["VERBOSE"]) {
        echo "DEBUG::{$funtion}:: EnableRemoteStatisticsAppliance={$EnableRemoteStatisticsAppliance}\n";
    }
    if ($GLOBALS["VERBOSE"]) {
        echo "DEBUG::{$funtion}:: EnableUfdbGuard={$EnableUfdbGuard}\n";
    }
    if ($GLOBALS["VERBOSE"]) {
        echo "DEBUG::{$funtion}:: SQUIDEnable={$SQUIDEnable}\n";
    }
    if ($GLOBALS["VERBOSE"]) {
        echo "DEBUG::{$funtion}:: UseRemoteUfdbguardService={$UseRemoteUfdbguardService}\n";
    }
    $GLOBALS["SQUIDBIN"] = $squidbin;
    if ($EnableWebProxyStatsAppliance == 0) {
        $installed = false;
        if ($users->SQUIDGUARD_INSTALLED) {
            $installed = true;
            echo "Starting......: " . date("H:i:s") . " SquidGuard is installed\n";
        }
        if ($users->APP_UFDBGUARD_INSTALLED) {
            $installed = true;
            echo "Starting......: " . date("H:i:s") . " Webfiltering service is installed\n";
        }
        if ($users->DANSGUARDIAN_INSTALLED) {
            $installed = true;
            echo "Starting......: " . date("H:i:s") . " Dansguardian is installed\n";
        }
        if (!$installed) {
            if ($GLOBALS["VERBOSE"]) {
                echo "No one installed...\n";
                shell_exec("{$nohup} " . LOCATE_PHP5_BIN2() . " " . dirname(__FILE__) . "/exec.usrmactranslation.php >/dev/null 2>&1 &");
                return false;
            }
        }
    }
    if ($EnableUfdbGuard == 0) {
        if ($GLOBALS["VERBOSE"]) {
            echo "UfDbguard is disabled ( see EnableUfdbGuard ) in line: " . __LINE__ . "\n";
        }
        return;
    }
    if ($SQUIDEnable == 0) {
        if ($GLOBALS["VERBOSE"]) {
            echo "UfDbguard is disabled ( see SQUIDEnable ) in line: " . __LINE__ . "\n";
        }
        return;
    }
    if ($UseRemoteUfdbguardService == 1) {
        if ($GLOBALS["VERBOSE"]) {
            echo "UfDbguard is disabled ( see UseRemoteUfdbguardService ) in line: " . __LINE__ . "\n";
        }
        return;
    }
    if ($GLOBALS["VERBOSE"]) {
        echo "FIX_1_CATEGORY_CHECKED()\n";
    }
    FIX_1_CATEGORY_CHECKED();
    if ($EnableRemoteStatisticsAppliance == 1) {
        if ($GLOBALS["VERBOSE"]) {
            echo "Use the Web statistics appliance to get configuration file...\n";
        }
        shell_exec("{$nohup} " . LOCATE_PHP5_BIN2() . " " . dirname(__FILE__) . "/exec.usrmactranslation.php >/dev/null 2>&1 &");
        ufdbguard_remote();
        return;
    }
    if ($GLOBALS["VERBOSE"]) {
        echo "{$funtion}::" . __LINE__ . "Loading compile_dansguardian()\n";
    }
    $dans = new compile_dansguardian();
    if ($GLOBALS["VERBOSE"]) {
        echo "{$funtion}::" . __LINE__ . "Loading compile_dansguardian::->build()\n";
    }
    $dans->build();
    echo "Starting......: " . date("H:i:s") . " Dansguardian compile done...\n";
    if (function_exists('WriteToSyslogMail')) {
        WriteToSyslogMail("build() -> reconfigure UfdbGuardd", basename(__FILE__));
    }
    build_ufdbguard_config();
    ufdbguard_schedule();
    if ($EnableWebProxyStatsAppliance == 1) {
        echo "Starting......: " . date("H:i:s") . " This server is a Squid Appliance, compress databases and notify proxies\n";
        CompressCategories();
        notify_remote_proxys();
    }
    shell_exec("{$php5} /usr/share/artica-postfix/exec.initslapd.php --ufdbguard");
    CheckPermissions();
    ufdbguard_admin_events("Service will be rebuiled and restarted", __FUNCTION__, __FILE__, __LINE__, "config");
    shell_exec("{$nohup} " . LOCATE_PHP5_BIN2() . " " . dirname(__FILE__) . "/exec.usrmactranslation.php >/dev/null 2>&1 &");
    if (!$GLOBALS["RESTART"]) {
        if (is_file("/etc/init.d/ufdb")) {
            echo "Starting......: " . date("H:i:s") . " Checking watchdog\n";
            ufdbguard_watchdog();
            echo "Starting......: " . date("H:i:s") . " Webfiltering service reloading service\n";
            build_ufdbguard_HUP();
        }
    }
    if ($GLOBALS["RESTART"]) {
        if (is_file("/etc/init.d/ufdb")) {
            echo "Starting......: " . date("H:i:s") . " Restarting\n";
            shell_exec("/etc/init.d/ufdb restart");
        }
    }
    if ($users->DANSGUARDIAN_INSTALLED) {
        echo "Starting......: " . date("H:i:s") . " Dansguardian reloading service\n";
        shell_exec("/usr/share/artica-postfix/bin/artica-install --reload-dansguardian --withoutconfig");
    }
}
Пример #3
0
function start($aspid = false)
{
    $unix = new unix();
    $sock = new sockets();
    $LOGBIN = "DHCP Server";
    $binpath = $unix->DHCPD_BIN_PATH();
    if (!is_file($binpath)) {
        if ($GLOBALS["OUTPUT"]) {
            echo "Starting......: " . date("H:i:s") . " [INIT]: {$LOGBIN}, not installed\n";
        }
        return;
    }
    if (!$aspid) {
        $pidfile = "/etc/artica-postfix/pids/" . basename(__FILE__) . "." . __FUNCTION__ . ".pid";
        $pid = $unix->get_pid_from_file($pidfile);
        if ($unix->process_exists($pid, basename(__FILE__))) {
            $time = $unix->PROCCESS_TIME_MIN($pid);
            if ($GLOBALS["OUTPUT"]) {
                echo "Starting......: " . date("H:i:s") . " [INIT]: {$LOGBIN}, [START] Already Artica task running PID {$pid} since {$time}mn\n";
            }
            return false;
        }
        @file_put_contents($pidfile, getmypid());
    }
    $pid = PID_NUM();
    if ($unix->process_exists($pid)) {
        $timepid = $unix->PROCCESS_TIME_MIN($pid);
        if ($GLOBALS["OUTPUT"]) {
            echo "Starting......: " . date("H:i:s") . " [INIT]: {$LOGBIN} Service already started {$pid} since {$timepid}Mn...\n";
        }
        return true;
    }
    $EnableDHCPServer = $sock->GET_INFO("EnableDHCPServer");
    if (!is_numeric($EnableDHCPServer)) {
        $EnableDHCPServer = 0;
    }
    $EnableChilli = $sock->GET_INFO("EnableChilli");
    if (!is_numeric($EnableChilli)) {
        $EnableChilli = 0;
    }
    if ($EnableChilli == 1) {
        if ($GLOBALS["OUTPUT"]) {
            echo "Starting......: " . date("H:i:s") . " [INIT]: {$LOGBIN} replaced by HotSpot feature...\n";
        }
        $EnableDHCPServer = 0;
    }
    if ($EnableDHCPServer == 0) {
        if ($GLOBALS["OUTPUT"]) {
            echo "Starting......: " . date("H:i:s") . " [INIT]: {$LOGBIN} service disabled\n";
        }
        build_progress("{starting_service} {failed}", 110);
        return false;
    }
    build_progress("{starting_service}", 60);
    @mkdir("/var/run/dhcp3-server", 0755, true);
    @mkdir("/var/lib/dhcp3", 0755, true);
    if (!is_file("/var/lib/dhcp3/dhcpd.other")) {
        @file_put_contents("/var/lib/dhcp3/dhcpd.other", "#");
    }
    if (!is_file("/var/lib/dhcp3/dhcpd.leases")) {
        @file_put_contents("/var/lib/dhcp3/dhcpd.leases", "#");
    }
    $unix->SystemCreateUser("dhcpd", "dhcpd");
    $unix->chown_func("dhcpd", "dhcpd", "/var/run/dhcp3-server");
    $unix->chown_func("dhcpd", "dhcpd", "/var/lib/dhcp3/dhcpd.leases");
    $unix->chown_func("dhcpd", "dhcpd", "/var/lib/dhcp3/dhcpd.leases~");
    $DHCP3ListenNIC = $sock->GET_INFO('DHCP3ListenNIC');
    if ($DHCP3ListenNIC == null) {
        $DHCP3ListenNIC = "eth0";
    }
    echo "Starting......: " . date("H:i:s") . " [INIT]: {$LOGBIN} Listen {$DHCP3ListenNIC}\n";
    echo "Starting......: " . date("H:i:s") . " [INIT]: {$LOGBIN} building settings...\n";
    BuildDHCP(true);
    build_progress("{starting_service}", 75);
    $CMD[] = "{$binpath} -q -pf " . PID_PATH();
    $CMD[] = "-cf " . dhcp3Config();
    $CMD[] = "-lf /var/lib/dhcp3/dhcpd.leases";
    $cmd = @implode(" ", $CMD);
    echo "Starting......: " . date("H:i:s") . " [INIT]: {$LOGBIN} service..\n";
    if ($GLOBALS["VERBOSE"]) {
        echo "{$cmd}\n";
    }
    shell_exec($cmd);
    build_progress("{starting_service}", 80);
    for ($i = 0; $i < 6; $i++) {
        $pid = PID_NUM();
        if ($unix->process_exists($pid)) {
            break;
        }
        build_progress("{starting_service}  waiting {$i}/6", 80);
        if ($GLOBALS["OUTPUT"]) {
            echo "Starting......: " . date("H:i:s") . " [INIT]: {$LOGBIN} service waiting {$i}/6...\n";
        }
        sleep(1);
    }
    $pid = PID_NUM();
    if ($unix->process_exists($pid)) {
        if ($GLOBALS["OUTPUT"]) {
            echo "Starting......: " . date("H:i:s") . " [INIT]: {$LOGBIN} service Success service started pid:{$pid}...\n";
        }
        build_progress("{starting_service}  {success}", 100);
        return true;
    }
    if ($GLOBALS["OUTPUT"]) {
        echo "Starting......: " . date("H:i:s") . " [INIT]: {$LOGBIN} service failed...\n";
    }
    if ($GLOBALS["OUTPUT"]) {
        echo "Starting......: " . date("H:i:s") . " [INIT]: `{$cmd}`\n";
    }
    build_progress("{starting_service}  {failed}", 110);
    return false;
}
Пример #4
0
function build()
{
    $unix = new unix();
    $sock = new sockets();
    $php5 = $unix->LOCATE_PHP5_BIN();
    $sysctl = $unix->find_program("sysctl");
    $EnableChilli = $sock->GET_INFO("EnableChilli");
    if (!is_numeric($EnableChilli)) {
        $EnableChilli = 0;
    }
    $KernelSendRedirects = $sock->GET_INFO("KernelSendRedirects");
    if (!is_numeric($KernelSendRedirects)) {
        $KernelSendRedirects = 1;
    }
    $save = false;
    $ChilliConf = unserialize(base64_decode($sock->GET_INFO("ChilliConf")));
    $ChilliConf = GetInterfaceArray($ChilliConf);
    $php = $unix->LOCATE_PHP5_BIN();
    if (!isset($ChilliConf["HS_UAMFREEWEB"])) {
        if ($GLOBALS["OUTPUT"]) {
            echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} FreeWeb Login page is not set...\n";
        }
    }
    if (!is_file("/var/www/c2/index.php")) {
        if ($GLOBALS["OUTPUT"]) {
            echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} Installing CakePHP\n";
        }
        shell_exec("/usr/share/artica-postfix/bin/artica-make APP_CAKEPHP >/dev/null 2>&1");
    } else {
        if ($GLOBALS["OUTPUT"]) {
            echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} CakePHP done\n";
        }
    }
    if (!is_file("/var/www/c2/yfi_cake/setup/coova_json/login.php")) {
        if ($GLOBALS["OUTPUT"]) {
            echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} `/var/www/c2/yfi_cake/setup/coova_json/login.php no such file Installing YFI CakePHP\n";
        }
        shell_exec("/usr/share/artica-postfix/bin/artica-make APP_CAKEPHP >/dev/null 2>&1");
    } else {
        if ($GLOBALS["OUTPUT"]) {
            echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} YFI CakePHP done\n";
        }
    }
    if (!is_dir("/usr/share/coova_json")) {
        if ($GLOBALS["OUTPUT"]) {
            echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} `/usr/share/coova_json` no such directory Installing Coova JSon\n";
        }
        shell_exec("/usr/share/artica-postfix/bin/artica-make APP_CAKEPHP >/dev/null 2>&1");
    } else {
        if ($GLOBALS["OUTPUT"]) {
            echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} Coova JSon done\n";
        }
    }
    $unix->SystemCreateUser("chilli", "chilli");
    $f[] = "include /etc/chilli/main.conf";
    $f[] = "include /etc/chilli/hs.conf";
    $f[] = "include /etc/chilli/local.conf";
    $f[] = "ipup=/etc/chilli/up.sh";
    $f[] = "ipdown=/etc/chilli/down.sh";
    if ($GLOBALS["OUTPUT"]) {
        echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} Chilli: `/etc/chilli.conf` done\n";
    }
    file_put_contents("/etc/chilli.conf", @implode("\n", $f));
    if (!is_numeric($ChilliConf["EnableSSLRedirection"])) {
        $ChilliConf["EnableSSLRedirection"] = 0;
    }
    if ($GLOBALS["OUTPUT"]) {
        echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} Building main configuration: {$ChilliConf["HS_LANIF"]} -> {$ChilliConf["HS_WANIF"]}\n";
    }
    if ($GLOBALS["OUTPUT"]) {
        echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} Listen.....: {$ChilliConf["HS_UAMLISTEN"]}\n";
    }
    if ($GLOBALS["OUTPUT"]) {
        echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} DHCP.......: {$ChilliConf["HS_DYNIP"]}/{$ChilliConf["HS_DYNIP_MASK"]} ({$ChilliConf["HS_NETWORK"]})\n";
    }
    if ($GLOBALS["OUTPUT"]) {
        echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} Proxy Port.: {$ChilliConf["SQUID_HTTP_PORT"]}\n";
    }
    $ldap = new clladp();
    if (!is_numeric($ChilliConf["ENABLE_DHCP_RELAY"])) {
        $ChilliConf["ENABLE_DHCP_RELAY"] = 0;
    }
    $t[] = "# -*- mode: shell-script; -*-";
    $t[] = "#";
    $t[] = "#   Coova-Chilli Default Configurations. ";
    $t[] = "#   To customize, copy this file to /etc/chilli/config";
    $t[] = "#   and edit to your liking. This is included in shell scripts";
    $t[] = "#   that configure chilli and related programs before file 'config'. ";
    $t[] = "";
    $t[] = "";
    $t[] = "###";
    $t[] = "#   Local Network Configurations";
    $t[] = "# ";
    $t[] = "";
    if ($ChilliConf["HS_WANIF"] != null) {
        $t[] = "HS_WANIF={$ChilliConf["HS_WANIF"]}            # WAN Interface toward the Internet";
    }
    $t[] = "HS_LANIF={$ChilliConf["HS_LANIF"]}\t\t   # Subscriber Interface for client devices";
    $t[] = "HS_NETWORK={$ChilliConf["HS_NETWORK"]}\t   # HotSpot Network (must include HS_UAMLISTEN)";
    $t[] = "HS_NETMASK={$ChilliConf["HS_NETMASK"]}   # HotSpot Network Netmask";
    $t[] = "HS_UAMLISTEN={$ChilliConf["HS_UAMLISTEN"]}   # HotSpot IP Address (on subscriber network)";
    $t[] = "HS_UAMPORT=3990            # HotSpot UAM Port (on subscriber network)";
    $t[] = "HS_UAMUIPORT=4990          # HotSpot UAM 'UI' Port (on subscriber network, for embedded portal)";
    $t[] = "HS_NATANYIP=off";
    //$t[]="HS_STATIP=off";
    //$t[]="HS_STATIP_MASK=";
    $t[] = "";
    if ($ChilliConf["HS_DYNIP"] != null) {
        $t[] = "HS_DYNIP={$ChilliConf["HS_DYNIP"]}";
    }
    if ($ChilliConf["HS_DYNIP_MASK"] != null) {
        $t[] = "HS_DYNIP_MASK={$ChilliConf["HS_DYNIP_MASK"]}";
    }
    if ($ChilliConf["HS_DNS_DOMAIN"] != null) {
        $t[] = "HS_DNS_DOMAIN={$ChilliConf["HS_DNS_DOMAIN"]}";
    }
    //$t[]="HS_STATIP={$ChilliConf["HS_STATIP"]}";
    //$t[]="HS_STATIP_MASK={$ChilliConf["HS_STATIP_MASK"]}";
    $t[] = "# DNS Servers";
    $t[] = "HS_DNS1={$ChilliConf["HS_UAMLISTEN"]}";
    $t[] = "HS_DNS2={$ChilliConf["HS_UAMLISTEN"]}";
    DefaultSplash($ChilliConf);
    if (!isset($ChilliConf["SQUID_HTTP_PORT"])) {
        $ChilliConf["SQUID_HTTP_PORT"] = rand(45000, 65400);
        $save = true;
    }
    if (!is_numeric($ChilliConf["SQUID_HTTP_PORT"])) {
        $ChilliConf["SQUID_HTTP_PORT"] = rand(45000, 65400);
        $save = true;
    }
    if (!isset($ChilliConf["SQUID_HTTPS_PORT"])) {
        $ChilliConf["SQUID_HTTPS_PORT"] = rand(45000, 65400);
        $save = true;
    }
    if (!is_numeric($ChilliConf["SQUID_HTTPS_PORT"])) {
        $ChilliConf["SQUID_HTTPS_PORT"] = rand(45000, 65400);
        $save = true;
    }
    if ($GLOBALS["OUTPUT"]) {
        echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} Building DNSMasq settings\n";
    }
    dnsmasq_config();
    if ($ChilliConf["EnableSSLRedirection"] == 1) {
        if ($GLOBALS["OUTPUT"]) {
            echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} SSL redirection is Active\n";
        }
        $t[] = "HS_UAMUISSL=on";
        $t[] = "HS_REDIRSSL=on";
        include_once dirname(__FILE__) . "/ressources/class.squid.inc";
        $squid = new squidbee();
        $t[] = $squid->SaveCertificate($ChilliConf["certificate_center"], false, false, true);
    } else {
        if ($GLOBALS["OUTPUT"]) {
            echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} SSL redirection is inactive\n";
        }
    }
    $ChilliConf["uamallowed"][$ChilliConf["HS_UAMFREEWEB"]] = true;
    $ChilliConf["uamallowed"]["127.0.0.1"] = true;
    $ChilliConf["uamallowed"][$ChilliConf["HS_WANIF_IP"]] = true;
    $ip = new IP();
    if ($ip->isIPAddress($ChilliConf["HS_DNS1"])) {
        $ChilliConf["uamallowed"][$ChilliConf["HS_DNS1"]] = true;
    }
    if ($ip->isIPAddress($ChilliConf["HS_DNS2"])) {
        $ChilliConf["uamallowed"][$ChilliConf["HS_DNS2"]] = true;
    }
    if ($ChilliConf["AD_SERVER"] != null) {
        $ChilliConf["uamallowed"][$ChilliConf["AD_SERVER"]] = true;
    }
    while (list($num, $ligne) = each($ChilliConf["uamallowed"])) {
        if (trim($num) == null) {
            continue;
        }
        if (is_numeric($num)) {
            continue;
        }
        $HS_UAMALLOW[] = $num;
    }
    if ($save) {
        if ($GLOBALS["OUTPUT"]) {
            echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} Saving new configuration file...\n";
        }
        $NewArray = base64_encode(serialize($ChilliConf));
        $sock->SaveConfigFile($NewArray, "ChilliConf");
    }
    $RADIUS_IP = "127.0.0.1";
    if ($ChilliConf["RADIUS_IP"] != null) {
        $RADIUS_IP = $ChilliConf["RADIUS_IP"];
    }
    if (!is_numeric($ChilliConf["HS_LAN_ACCESS"])) {
        $ChilliConf["HS_LAN_ACCESS"] = 1;
    }
    $t[] = "HS_NASID=nas01";
    $t[] = "HS_RADIUS={$RADIUS_IP}";
    //$t[]="HS_RADIUS2=$RADIUS_IP";
    $t[] = "HS_UAMALLOW=" . @implode(",", $HS_UAMALLOW);
    //$t[]="HS_ACCTUPDATE";
    $t[] = "HS_RADSECRET={$ldap->ldap_password}";
    $t[] = "HS_UAMSECRET={$ldap->ldap_password}";
    $t[] = "HS_UAMALIASNAME=chilli";
    $t[] = "HS_NASIP={$RADIUS_IP}";
    if ($ChilliConf["HS_LAN_ACCESS"] == 1) {
        $t[] = "HS_LAN_ACCESS=on";
    } else {
        $t[] = "HS_LAN_ACCESS=off";
    }
    if ($ChilliConf["ENABLE_DHCP_RELAY"] == 1) {
        if ($ChilliConf["HS_DHCPRELAYAGENT"] != null) {
            if ($ChilliConf["HS_DHCPGATEWAY"] != null) {
                $t[] = "HS_DHCPRELAYAGENT={$ChilliConf["HS_DHCPRELAYAGENT"]}";
                $t[] = "HS_DHCPGATEWAY={$ChilliConf["HS_DHCPGATEWAY"]}";
            }
        }
    }
    if (is_numeric($ChilliConf["HS_UAMFREEWEB"])) {
        $ChilliConf["HS_UAMFREEWEB"] = null;
    }
    $t[] = "";
    //$t[]="HS_LAYER3=on";
    $t[] = "";
    $t[] = "# Put entire domains in the walled-garden with DNS inspection";
    $t[] = "# HS_UAMDOMAINS=\".paypal.com,.paypalobjects.com\"";
    $t[] = "HS_UAMSERVER={$ChilliConf["HS_UAMFREEWEB"]}";
    $t[] = "# HS_UAMSERVICE=";
    $t[] = "HS_UAMFORMAT=\"http://\$HS_UAMSERVER/hs_land.php\"";
    $t[] = "HS_UAMHOMEPAGE=\"http://{$ChilliConf["HS_UAMFREEWEB"]}/splash.php\"";
    $t[] = "HS_CONUP=\"" . __FILE__ . "\"";
    $t[] = "HS_CONDOWN=\"" . dirname(__FILE__) . "/exec.chilli.condown.php\"";
    $t[] = "";
    $t[] = "";
    $t[] = "###";
    $t[] = "#   Features not activated per-default (default to off)";
    $t[] = "# HS_RADCONF=off\t   # Get some configurations from RADIUS or a URL ('on' and 'url' respectively)";
    $t[] = "HS_ANYIP=on\t\t   # Allow any IP address on subscriber LAN";
    $t[] = "HS_MACAUTH=on\t\t   # To turn on MAC Authentication";
    $t[] = "# HS_MACAUTHDENY=on\t   # Put client in 'drop' state on MAC Auth Access-Reject";
    $t[] = "# HS_MACAUTHMODE=local\t   # To allow MAC Authentication based on macallowed, not RADIUS";
    $t[] = "# HS_MACALLOW=\"...\"      # List of MAC addresses to authenticate (comma seperated)";
    $t[] = "# HS_USELOCALUSERS=on      # To use the /etc/chilli/localusers file";
    $t[] = "# HS_OPENIDAUTH=on\t   # To inform the RADIUS server to allow OpenID Auth";
    $t[] = "# HS_WPAGUESTS=on\t   # To inform the RADIUS server to allow WPA Guests";
    $t[] = "# HS_DNSPARANOIA=on\t   # To drop DNS packets containing something other";
    $t[] = "# HS_OPENIDAUTH=on\t   # To inform the RADIUS server to allow OpenID Auth";
    $t[] = "# HS_USE_MAP=on\t\t   # Short hand for allowing the required google";
    $t[] = "###";
    $t[] = "#   Other feature settings and their defaults";
    $t[] = "# HS_DEFSESSIONTIMEOUT=0   # Default session-timeout if not defined by RADIUS (0 for unlimited)";
    $t[] = "# HS_DEFIDLETIMEOUT=0\t   # Default idle-timeout if not defined by RADIUS (0 for unlimited)";
    $t[] = "# HS_DEFBANDWIDTHMAXDOWN=0   # Default WISPr-Bandwidth-Max-Down if not defined by RADIUS (0 for unlimited)";
    $t[] = "# HS_DEFBANDWIDTHMAXUP=0\t   # Default WISPr-Bandwidth-Max-Up if not defined by RADIUS (0 for unlimited)";
    $t[] = "";
    $t[] = "# HS_RADCONF=on\t\t   # gather the ChilliSpot-Config attributes in";
    $t[] = "#\t\t\t   # Administrative-User login";
    $t[] = "# HS_RADCONF_SERVER=rad01.coova.org\t\t # RADIUS Server";
    $t[] = "# HS_RADCONF_SECRET=coova-anonymous\t\t # RADIUS Shared Secret ";
    $t[] = "# HS_RADCONF_AUTHPORT=1812\t\t\t # Auth port";
    $t[] = "# HS_RADCONF_USER=chillispot\t\t\t # Username";
    $t[] = "# HS_RADCONF_PWD=chillispot\t\t\t # Password";
    $ALLOWPORTS["80"] = true;
    $ALLOWPORTS["443"] = true;
    $ALLOWPORTS["22"] = true;
    $ALLOWPORTS["2812"] = true;
    $ALLOWPORTS["53"] = true;
    $ALLOWPORTS["3990"] = true;
    $ALLOWPORTS["22"] = true;
    $ALLOWPORTS["9000"] = true;
    $ALLOWPORTS["389"] = true;
    $ALLOWPORTS["53"] = true;
    $ALLOWPORTS["1553"] = true;
    $ALLOWPORTS["137"] = true;
    $ALLOWPORTS["138"] = true;
    $ALLOWPORTS["139"] = true;
    $ALLOWPORTS["445"] = true;
    $ALLOWPORTS["80"] = true;
    $ALLOWPORTS["443"] = true;
    $ALLOWPORTS["1812"] = true;
    $ALLOWPORTS["3306"] = true;
    $ALLOWPORTS["47980"] = true;
    while (list($index, $line) = each($ALLOWPORTS)) {
        $PPORT[] = $index;
    }
    $t[] = "HS_TCP_PORTS=\"" . @implode(" ", $PPORT) . "\"";
    $t[] = "";
    $t[] = "###";
    $t[] = "#   Standard configurations";
    $t[] = "#";
    $t[] = "HS_MODE=hotspot";
    $t[] = "HS_TYPE=chillispot";
    $t[] = "# HS_RADAUTH=1812";
    $t[] = "# HS_RADACCT=1813";
    $t[] = "# HS_ADMUSR=chillispot";
    $t[] = "# HS_ADMPWD=chillispot";
    $t[] = "";
    $t[] = "";
    if ($ChilliConf["HS_PROVIDER"] == null) {
        $ChilliConf["HS_PROVIDER"] = "Artica";
    }
    if ($ChilliConf["HS_PROVIDER_LINK"] == null) {
        $ChilliConf["HS_PROVIDER_LINK"] = "http://www.articatech.net";
    }
    if ($ChilliConf["HS_LOC_NAME"] == null) {
        $ChilliConf["HS_LOC_NAME"] = "Artica HotSpot";
    }
    if ($ChilliConf["HS_LOC_NETWORK"] == null) {
        $ChilliConf["HS_LOC_NETWORK"] = "HotSpot Network";
    }
    $t[] = "HS_PROVIDER={$ChilliConf["HS_PROVIDER"]}";
    $t[] = "HS_PROVIDER_LINK={$ChilliConf["HS_PROVIDER_LINK"]}/";
    //$t[]="HS_LOC_NAME=\"{$ChilliConf["HS_LOC_NAME"]}\"	   # WISPr Location Name and used in portal";
    //$t[]="HS_LOC_NETWORK=\"{$ChilliConf["HS_LOC_NETWORK"]}\"	   # Network name";
    $t[] = "# HS_LOC_AC=408\t\t\t   # Phone area code";
    $t[] = "# HS_LOC_CC=1\t\t\t   # Phone country code";
    $t[] = "# HS_LOC_ISOCC=US\t\t   # ISO Country code";
    $t[] = "";
    $t[] = "# Embedded miniportal";
    $t[] = "# HS_REG_MODE=\"tos\" # or self, other";
    $t[] = "# HS_RAD_PROTO=\"pap\" # or mschapv2, chap";
    $t[] = "# HS_USE_MAP=on\n";
    echo "Starting......: " . date("H:i:s") . " [INIT]: Chilli: `/etc/chilli/config` done\n";
    echo "Starting......: " . date("H:i:s") . " [INIT]: Chilli: flush /etc/init.d..\n";
    chilli_init_d();
    file_put_contents("/etc/chilli/config", @implode("\n", $t));
    coova_web();
    shell_exec("{$php5} " . dirname(__FILE__) . "/exec.freeradius.php --build");
    if ($GLOBALS["RELOAD"]) {
        $kill = $unix->find_program("kill");
        shell_exec("/etc/init.d/chilli reconfigure");
        $pid = PID_NUM();
        if ($unix->process_exists($pid)) {
            shell_exec("{$kill} -HUP {$pid} 2>&1");
        } else {
            start();
        }
    }
}
Пример #5
0
function CheckPermissions()
{
    $unix = new unix();
    $unix->SystemCreateUser("mail", "mail");
    $unix->SystemCreateUser("postfix", "mail");
    $unix->SystemCreateUser("cyrus", "cyrus");
    $POSTFIX_QUEUE_DIRECTORY = $unix->POSTCONF_GET("queue_directory");
    $dirs[] = "/var/lib/cyrus";
    $dirs[] = "/var/lib/cyrus/db";
    $dirs[] = "/var/lib/cyrus/socket";
    $dirs[] = "/var/lib/cyrus/proc";
    $dirs[] = "/var/run/cyrus/socket";
    $dirs[] = "/var/spool/postfix/var/run/cyrus/socket";
    $ln = $unix->find_program("ln");
    $dirs[] = "{$POSTFIX_QUEUE_DIRECTORY}/var/run/cyrus";
    while (list($num, $directory) = each($dirs)) {
        if (!is_dir($directory)) {
            @mkdir($directory, 0755, true);
        }
        $unix->chmod_func(0755, "{$directory}");
        $unix->chown_func("cyrus", "mail", "{$directory}");
    }
    $unix->chown_func("cyrus", "cyrus", "/var/lib/cyrus");
    if (!is_file("/var/lib/cyrus/user_deny.db")) {
        @touch("/var/lib/cyrus/user_deny.db");
        $unix->chown_func("cyrus", "mail", "/var/lib/cyrus/user_deny.db");
    }
}
Пример #6
0
function memboost()
{
    $workdir = "/var/lib/c_icap/temporary";
    $sock = new sockets();
    $unix = new unix();
    $users = new usersMenus();
    if (!$users->CORP_LICENSE) {
        $umount = $unix->find_program("umount");
        echo "Starting......: " . date("H:i:s") . "c-icap MemBoost license inactive...\n";
        $mountedM = tmpfs_mounted_size();
        if ($mountedM > 1) {
            shell_exec("{$umount} -l {$workdir}");
        }
        return;
    }
    echo "Starting......: " . date("H:i:s") . "c-icap MemBoost `{$workdir}`\n";
    $umount = $unix->find_program("umount");
    $mount = $unix->find_program("mount");
    $rm = $unix->find_program("rm");
    $idbin = $unix->find_program("id");
    $CiCAPMemBoost = $sock->GET_INFO("CiCAPMemBoost");
    if (!is_numeric($CiCAPMemBoost)) {
        $CiCAPMemBoost = 0;
    }
    if ($GLOBALS["VERBOSE"]) {
        echo "Starting......: " . date("H:i:s") . "c-icap MemBoost -> {$CiCAPMemBoost} Mb\n";
    }
    $mountedM = tmpfs_mounted_size();
    if ($GLOBALS["VERBOSE"]) {
        echo "Starting......: " . date("H:i:s") . "c-icap mounted -> {$mountedM} Mb\n";
    }
    if ($CiCAPMemBoost < 2) {
        if ($mountedM > 1) {
            shell_exec("{$umount} -l {$workdir}");
        }
        return;
    }
    if ($CiCAPMemBoost == $mountedM) {
        return;
    }
    $unix->SystemCreateUser("clamav", "clamav");
    exec("{$idbin} clamav 2>&1", $results);
    if (!preg_match("#uid=([0-9]+).*?gid=([0-9]+)#", @implode("", $results), $re)) {
        echo "Starting......: " . date("H:i:s") . "c-icap MemBoost clamav no such user...\n";
        return;
    }
    shell_exec("{$umount} -l {$workdir}");
    $uid = $re[1];
    $gid = $re[2];
    recursive_remove_directory("{$workdir}");
    @mkdir($workdir, 0755);
    echo "Starting......: " . date("H:i:s") . "c-icap MemBoost clamav ({$uid}/{$gid})\n";
    shell_exec("{$mount} -t tmpfs -o size={$CiCAPMemBoost}M,noauto,user,exec,uid={$uid},gid={$gid} tmpfs {$workdir}");
    $mountedM = tmpfs_mounted_size();
    if ($mountedM > 1) {
        echo "Starting......: " . date("H:i:s") . "c-icap MemBoost mounted with {$mountedM}M\n";
    } else {
        echo "Starting......: " . date("H:i:s") . "c-icap MemBoost mounted failed\n";
    }
}