function fetch_blacklist() { global $config, $g; $url = $config['installedpackages']['dansguardianblacklist']['config'][0]['url']; if (is_url($url)) { conf_mount_rw(); print "file download start.."; unlink_if_exists("/usr/local/etc/dansguardian/lists/blacklist.tgz"); exec("/usr/bin/fetch -o /usr/local/etc/dansguardian/lists/blacklist.tgz " . escapeshellarg($url)); chdir("/usr/local/etc/dansguardian/lists"); if (is_dir("blacklists.old")) { exec('rm -rf /usr/local/etc/dansguardian/lists/blacklists.old'); } rename("blacklists", "blacklists.old"); exec('/usr/bin/tar -xvzf /usr/local/etc/dansguardian/lists/blacklist.tgz 2>&1', $output, $return); if (preg_match("/x\\W+(\\w+)/", $output[0], $matches)) { if ($matches[1] != "blacklists") { rename("./" . $matches[1], "blacklists"); } read_lists(); } else { file_notice("Dansguardian - Could not determine Blacklist extract dir. Categories not updated", ""); } } else { file_notice("Dansguardian - Blacklist url is invalid.", ""); } }
function fetch_blacklist($log_notice = true, $install_process = false) { global $config, $g; if (is_array($config['installedpackages']['dansguardianblacklist']) && is_array($config['installedpackages']['dansguardianblacklist']['config'])) { $url = $config['installedpackages']['dansguardianblacklist']['config'][0]['url']; $uw = "Found a previouns install, checking Blacklist config..."; } else { $uw = "Found a clean install, reading default access lists..."; } conf_mount_rw(); if ($install_process == true) { update_output_window($uw); } if (isset($url) && is_url($url)) { if ($log_notice == true) { print "file download start.."; unlink_if_exists("/usr/local/pkg/blacklist.tgz"); exec("/usr/bin/fetch -o /usr/local/pkg/blacklist.tgz " . escapeshellarg($url), $output, $return); } else { #install process if (file_exists("/usr/local/pkg/blacklist.tgz")) { update_output_window("Found previous blacklist database, skipping download..."); $return = 0; } else { update_output_window("Fetching blacklist"); download_file_with_progress_bar($url, "/usr/local/pkg/blacklist.tgz"); if (file_exists("/usr/local/pkg/blacklist.tgz")) { $return = 0; } } } if ($return == 0) { chdir(DANSGUARDIAN_DIR . "/etc/dansguardian/lists"); if (is_dir("blacklists.old")) { exec('rm -rf ' . DANSGUARDIAN_DIR . '/etc/dansguardian/lists/blacklists.old'); } rename("blacklists", "blacklists.old"); exec('/usr/bin/tar -xvzf /usr/local/pkg/blacklist.tgz 2>&1', $output, $return); if (preg_match("/x\\W+(\\w+)/", $output[1], $matches)) { if ($matches[1] != "blacklists") { rename("./" . $matches[1], "blacklists"); } read_lists($log_notice); } else { file_notice("Dansguardian - Could not determine Blacklist extract dir. Categories not updated", ""); } } else { file_notice("Dansguardian - Could not fetch blacklists from url", ""); } } else { if ($install_process == true) { read_lists(false, $uw); } elseif (!empty($url)) { file_notice("Dansguardian - Blacklist url is invalid.", ""); } } }
function crypt_data($val, $pass, $opt) { $file = tempnam("/tmp", "php-encrypt"); file_put_contents("{$file}.dec", $val); exec("/usr/bin/openssl enc {$opt} -aes-256-cbc -in {$file}.dec -out {$file}.enc -k " . escapeshellarg($pass)); if (file_exists("{$file}.enc")) { $result = file_get_contents("{$file}.enc"); } else { $result = ""; log_error("Failed to encrypt/decrypt data!"); } unlink_if_exists($file); unlink_if_exists("{$file}.dec"); unlink_if_exists("{$file}.enc"); return $result; }
$domain = htmlspecialchars($_POST['domain']); $domainparse = str_replace('.', '\\.', $domain); $pfb['dsupp'] =& $config['installedpackages']['pfblockerngdnsblsettings']['config'][0]['suppression']; // Collect existing suppression list $dnssupp_ex = collectsuppression(); // Query for domain in Unbound DNSBL file. $dnsbl_query = exec("/usr/bin/grep -Hm1 ' \"{$domain} 60 IN A' {$pfb['dnsbl_file']}.conf"); // Save new suppress domain to suppress list. if (empty($dnsbl_query)) { $savemsg = gettext("Domain: [ {$domain} ] does not exist in the Unbound Resolver DNSBL"); exec("/usr/local/sbin/unbound-control -c {$pfb['dnsbldir']}/unbound.conf flush {$domain}."); } else { // Remove domain from Unbound resolver pfb_dnsbl.conf file exec("{$pfb['sed']} -i '' '/ \"{$domain} 60 IN A/d' {$pfb['dnsbl_file']}.conf"); $cache_dumpfile = '/var/tmp/unbound_cache'; unlink_if_exists("{$cache_dumpfile}"); $chroot_cmd = "chroot -u unbound -g unbound / /usr/local/sbin/unbound-control -c {$g['unbound_chroot_path']}/unbound.conf"; exec("{$chroot_cmd} dump_cache > {$cache_dumpfile}"); exec("{$chroot_cmd} reload"); if (file_exists($cache_dumpfile) && filesize($cache_dumpfile) > 0) { exec("{$chroot_cmd} load_cache < {$cache_dumpfile}"); } exec("/usr/local/sbin/unbound-control -c {$pfb['dnsbldir']}/unbound.conf flush {$domain}"); if (!in_array($domain, $dnssupp_ex)) { $dnssupp_ex[] = $domain; $dnssupp_new = base64_encode(implode("\n", $dnssupp_ex)); $pfb['dsupp'] = "{$dnssupp_new}"; write_config("pfBlockerNG: Added {$domain} to DNSBL suppress list"); } $savemsg = gettext("Removed Domain: [ {$domain} ] from Unbound Resolver DNSBL. You may need to flush your browsers DNS Cache"); }
function begin_install() { global $g, $savemsg; if (file_exists("/tmp/install_complete")) { return; } unlink_if_exists("/tmp/install_complete"); update_installer_status_win(sprintf(gettext("Beginning installation on disk %s."), $disk)); start_installation(); }
// Delete any leftover suricata PID files in /var/run unlink_if_exists("{$g['varrun_path']}/suricata_*.pid"); } // Hard kill any running Barnyard2 processes if (is_process_running("barnyard")) { killbyname("barnyard2"); sleep(2); // Delete any leftover barnyard2 PID files in /var/run unlink_if_exists("{$g['varrun_path']}/barnyard2_*.pid"); } // Set flag for post-install in progress $g['suricata_postinstall'] = true; // Mount file system read/write so we can modify some files conf_mount_rw(); // Remove any previously installed script since we rebuild it unlink_if_exists("{$rcdir}suricata.sh"); // Create the top-tier log directory safe_mkdir(SURICATALOGDIR); // Create the IP Rep and SID Mods lists directory safe_mkdir(SURICATA_SID_MODS_PATH); safe_mkdir(SURICATA_IPREP_PATH); // Make sure config variable is an array if (!is_array($config['installedpackages']['suricata']['config'][0])) { $config['installedpackages']['suricata']['config'][0] = array(); } // Download the latest GeoIP DB updates and create cron task if the feature is not disabled if ($config['installedpackages']['suricata']['config'][0]['autogeoipupdate'] != 'off') { log_error(gettext("[Suricata] Installing free GeoIP country database files...")); include "/usr/local/pkg/suricata/suricata_geoipupdate.php"; install_cron_job("/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/suricata/suricata_geoipupdate.php", TRUE, 0, 0, 8, "*", "*", "root"); }
defCmdT("last 1000 NTP log entries", "/usr/local/sbin/clog /var/log/ntpd.log 2>&1 | tail -n 1000"); defCmdT("last 1000 OpenVPN log entries", "/usr/local/sbin/clog /var/log/openvpn.log 2>&1 | tail -n 1000"); defCmdT("last 1000 Captive Portal auth log entries", "/usr/local/sbin/clog /var/log/portalauth.log 2>&1 | tail -n 1000"); defCmdT("last 1000 PPP log entries", "/usr/local/sbin/clog /var/log/poes.log 2>&1 | tail -n 1000"); defCmdT("last 1000 relayd log entries", "/usr/local/sbin/clog /var/log/relayd.log 2>&1 | tail -n 1000"); defCmdT("last 1000 resolver log entries", "/usr/local/sbin/clog /var/log/resolver.log 2>&1 | tail -n 1000"); defCmdT("last 1000 routing log entries", "/usr/local/sbin/clog /var/log/routing.log 2>&1 | tail -n 1000"); defCmdT("last 1000 wireless log entries", "/usr/local/sbin/clog /var/log/wireless.log 2>&1 | tail -n 1000"); if (file_exists("/tmp/PHP_errors.log")) { defCmdT("PHP Error Log", "/bin/cat /tmp/PHP_errors.log"); } defCmdT("System Message Buffer", "/sbin/dmesg -a"); defCmdT("System Message Buffer (Boot)", "/bin/cat /var/log/dmesg.boot"); defCmdT("sysctl values", "/sbin/sysctl -a"); defCmdT("Kernel Environment", "/bin/kenv"); defCmdT("Installed OS Packages", "/usr/sbin/pkg info"); exec("/bin/date", $dateOutput, $dateStatus); $currentDate = $dateOutput[0]; $pgtitle = array("{$g['product_name']}", "Status"); include "head.inc"; print_info_box(gettext("Make sure all sensitive information is removed! (Passwords, etc.) before posting " . "information from this page in public places (like mailing lists).") . '<br />' . gettext("Common password fields in config.xml have been automatically redacted.") . '<br />' . gettext("When the page has finished loading, the output will be stored in {$output_file}. It may be downloaded via scp or ") . "<a href=\"/exec.php?dlPath={$output_file}\">" . gettext("Diagnostics > Command Prompt.") . '</a>'); listCmds(); execCmds(); print gettext("Saving output to archive..."); if (is_dir($output_path)) { mwexec("/usr/bin/tar czpf " . escapeshellarg($output_file) . " -C " . escapeshellarg(dirname($output_path)) . " " . escapeshellarg(basename($output_path))); unlink_if_exists("{$output_path}/*"); @rmdir($output_path); } print gettext("Done."); include "foot.inc";
$input_errors[] = $vertical_bar_err_text; } } else { $final_address_details[] = sprintf(gettext("Entry added %s"), date('r')); } } } else { if ($_POST['type'] == "url" || $_POST['type'] == "url_ports") { $desc_fmt_err_found = false; /* item is a url type */ for ($x = 0; $x < $max_alias_addresses - 1; $x++) { $_POST['address' . $x] = trim($_POST['address' . $x]); if ($_POST['address' . $x]) { /* fetch down and add in */ $temp_filename = tempnam("{$g['tmp_path']}/", "alias_import"); unlink_if_exists($temp_filename); $verify_ssl = isset($config['system']['checkaliasesurlcert']); mkdir($temp_filename); download_file($_POST['address' . $x], $temp_filename . "/aliases", $verify_ssl); /* if the item is tar gzipped then extract */ if (stristr($_POST['address' . $x], ".tgz")) { process_alias_tgz($temp_filename); } else { if (stristr($_POST['address' . $x], ".zip")) { process_alias_unzip($temp_filename); } } if (!isset($alias['aliasurl'])) { $alias['aliasurl'] = array(); } $alias['aliasurl'][] = $_POST['address' . $x];
exit; } if ($_POST['apply']) { write_config(); $retval = 0; /* Setup pf rules since the user may have changed the optimization value */ $retval = filter_configure(); $savemsg = get_std_save_message($retval); if (stristr($retval, "error") != true) { $savemsg = get_std_save_message($retval); } else { $savemsg = $retval; } /* reset rrd queues */ unlink_if_exists("/var/db/rrd/*queuedrops.rrd"); unlink_if_exists("/var/db/rrd/*queues.rrd"); enable_rrd_graphing(); clear_subsystem_dirty('shaper'); } $pgtitle = array(gettext("Firewall"), gettext("Traffic Shaper"), gettext("Wizards")); $shortcut_section = "trafficshaper"; $wizards = array(gettext("Multiple Lan/Wan") => "traffic_shaper_wizard_multi_all.xml", gettext("Dedicated Links") => "traffic_shaper_wizard_dedicated.xml"); include "head.inc"; if ($input_errors) { print_input_errors($input_errors); } $tab_array = array(); $tab_array[] = array(gettext("By Interface"), false, "firewall_shaper.php"); $tab_array[] = array(gettext("By Queue"), false, "firewall_shaper_queues.php"); $tab_array[] = array(gettext("Limiter"), false, "firewall_shaper_vinterface.php"); $tab_array[] = array(gettext("Wizards"), true, "firewall_shaper_wizards.php");
@copy("{$tmpfname}/{$emergingthreats_filename_md5}", "{$suricatadir}{$emergingthreats_filename_md5}"); } if ($pkg_interface != "console") { update_status(gettext("Extraction of {$et_name} rules completed...")); update_output_window(gettext("Installation of {$et_name} rules completed...")); } error_log(gettext("\tInstallation of {$et_name} rules completed.\n"), 3, SURICATA_RULES_UPD_LOGFILE); rmdir_recursive("{$tmpfname}/emerging"); } } /* Untar Snort rules file to tmp */ if ($snortdownload == 'on') { if (file_exists("{$tmpfname}/{$snort_filename}")) { /* Remove the old Snort rules files */ $vrt_prefix = VRT_FILE_PREFIX; unlink_if_exists("{$suricatadir}rules/{$vrt_prefix}*.rules"); if ($pkg_interface != "console") { update_status(gettext("Extracting Snort VRT rules...")); update_output_window(gettext("Installing Sourcefire VRT rules...")); } error_log(gettext("\tExtracting and installing Snort VRT rules...\n"), 3, SURICATA_RULES_UPD_LOGFILE); /* extract snort.org rules and add prefix to all snort.org files */ safe_mkdir("{$tmpfname}/snortrules"); exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$tmpfname}/snortrules rules/"); $files = glob("{$tmpfname}/snortrules/rules/*.rules"); foreach ($files as $file) { $newfile = basename($file); @copy($file, "{$suricatadir}rules/" . VRT_FILE_PREFIX . "{$newfile}"); } /* IP lists */ $files = glob("{$tmpfname}/snortrules/rules/*.txt");
} } elseif ($openappid_detectors == 'on') { /**************************************************************************************/ /* Only updated OpenAppID detectors, so do not need to rebuild all interface rules. */ /* Restart snort if running, and not in post-install, so as to pick up the detectors. */ /**************************************************************************************/ if (!$g['snort_postinstall'] && is_service_running("snort") && count($config['installedpackages']['snortglobal']['rule']) > 0) { if ($pkg_interface != "console") { update_status(gettext('Restarting Snort to activate the new OpenAppID detectors...')); update_output_window(gettext("Please wait ... restarting Snort will take some time...")); } error_log(gettext("\tRestarting Snort to activate the new OpenAppID detectors...\n"), 3, SNORT_RULES_UPD_LOGFILE); touch("{$g['varrun_path']}/snort_pkg_starting.lck"); snort_restart_all_interfaces(TRUE); sleep(2); unlink_if_exists("{$g['varrun_path']}/snort_pkg_starting.lck"); if ($pkg_interface != "console") { update_output_window(gettext("Snort has restarted with your new set of OpenAppID detectors...")); } log_error(gettext("[Snort] Snort has restarted with your new set of OpenAppID detectors...")); error_log(gettext("\tSnort has restarted with your new set of OpenAppID detectors.\n"), 3, SNORT_RULES_UPD_LOGFILE); } else { if ($pkg_interface != "console") { update_output_window(gettext("The rules update task is complete...")); } } } /* remove $tmpfname files */ if (is_dir("{$tmpfname}")) { rmdir_recursive($tmpfname); }
if (!$input_errors) { // We have specified a new location for thebrig's installation, and it's valid, and we don't already have // a jail at the old location. Call thebrig_populate, which will move all the web stuff and create the // directory tree // Also add startup command when thebrig completly installed thebrig_populate($pconfig['rootfolder'], $config['thebrig']['rootfolder']); $config['thebrig']['rootfolder'] = $pconfig['rootfolder']; // Store the newly specified folder in the XML config $config['thebrig']['template'] = $pconfig['template']; $config['thebrig']['basejail']['folder'] = $pconfig['basejail']; $langfile = file("ext/thebrig/lang.inc"); $version_1 = preg_split("/VERSION_NBR, 'v/", $langfile[1]); $config['thebrig']['version'] = 0 + substr($version_1[1], 0, 3); write_config(); // Write the config to disk unlink_if_exists("/tmp/thebrig.tmp"); // Whatever we did, we did it successfully $retval = 0; $savemsg = get_std_save_message($retval); } // end of no input errors } // end of POST // Display the page title, based on the constants defined in lang.inc $pgtitle = array(_THEBRIG_EXTN, _THEBRIG_TITLE, _THEBRIG_BASIC_CONFIG, _THEBRIG_VERSION_NBR); // Uses the global fbegin include include "fbegin.inc"; // This will evaluate if there were any input errors from prior to the user clicking "save" if ($input_errors) { print_input_errors($input_errors); } elseif ($savemsg) {
} } return FALSE; } if (isset($_POST['upload'])) { if ($_FILES["iprep_fileup"]["error"] == UPLOAD_ERR_OK) { $tmp_name = $_FILES["iprep_fileup"]["tmp_name"]; $name = $_FILES["iprep_fileup"]["name"]; move_uploaded_file($tmp_name, "{$iprep_path}{$name}"); } else { $input_errors[] = gettext("Failed to upload file {$_FILES["iprep_fileup"]["name"]}"); } } if (isset($_POST['iplist_delete']) && isset($_POST['iplist_fname'])) { if (!snort_is_iplist_active($_POST['iplist_fname'])) { unlink_if_exists("{$iprep_path}{$_POST['iplist_fname']}"); } else { $input_errors[] = gettext("This IP List is currently assigned as a Whitelist or Blackist for an interface and cannot be deleted."); } } if (isset($_POST['iplist_edit']) && isset($_POST['iplist_fname'])) { $file = $iprep_path . basename($_POST['iplist_fname']); $data = file_get_contents($file); if ($data !== FALSE) { $iplist_data = htmlspecialchars($data); $iplist_edit_style = "display: table-row-group;"; $iplist_name = basename($_POST['iplist_fname']); unset($data); } else { $input_errors[] = gettext("An error occurred reading the file."); }
$a_nat[$id]['ips_policy_enable'] = 'off'; unset($a_nat[$id]['ips_policy']); } $enabled_items = ""; if (is_array($_POST['toenable'])) { $enabled_items = implode("||", $_POST['toenable']); } else { $enabled_items = $_POST['toenable']; } $a_nat[$id]['rulesets'] = $enabled_items; if ($_POST['autoflowbits'] == "on") { $a_nat[$id]['autoflowbitrules'] = 'on'; } else { $a_nat[$id]['autoflowbitrules'] = 'off'; if (file_exists("{$snortdir}/snort_{$snort_uuid}_{$if_real}/rules/{$flowbit_rules_file}")) { unlink_if_exists("{$snortdir}/snort_{$snort_uuid}_{$if_real}/rules/{$flowbit_rules_file}"); } } write_config("Snort pkg: save enabled rule categories for {$a_nat[$id]['interface']}."); /*************************************************/ /* Update the snort conf file and rebuild the */ /* rules for this interface. */ /*************************************************/ $rebuild_rules = true; conf_mount_rw(); snort_generate_conf($a_nat[$id]); conf_mount_ro(); $rebuild_rules = false; /* Soft-restart Snort to live-load new rules */ snort_reload_config($a_nat[$id]); $pconfig = $_POST;
require_once "/etc/inc/filter.inc"; require_once "/etc/inc/config.inc"; $hour = date('H'); $pfbdir = '/usr/local/pkg/pfblocker'; $updates = 0; $cron = array('01hour' => 1, '04hours' => 4, '12hours' => 12, 'EveryDay' => 23); if ($config['installedpackages']['pfblockerlists']['config'] != "") { foreach ($config['installedpackages']['pfblockerlists']['config'] as $list) { if (is_array($list['row'])) { foreach ($list['row'] as $row) { if ($row['url'] != "" && $hour > 0) { $md5_url = md5($row['url']); $update_hour = array_key_exists($list['cron'], $cron) ? $cron[$list['cron']] : 25; if ($row['url'] && $hour % $update_hour == 0) { print $update_hour . " " . $pfbdir . '/' . $md5_url . '.txt' . "\n"; unlink_if_exists($pfbdir . '/' . $md5_url . '.txt'); $updates++; } } } } } } if ($updates > 0) { include "/usr/local/pkg/pfblocker.inc"; sync_package_pfblocker("cron"); } } function pfblocker_get_countries() { $files = array("Africa" => "/usr/local/pkg/Africa_cidr.txt", "Asia" => "/usr/local/pkg/Asia_cidr.txt", "Europe" => "/usr/local/pkg/Europe_cidr.txt", "North America" => "/usr/local/pkg/North_America_cidr.txt", "Oceania" => "/usr/local/pkg/Oceania_cidr.txt", "South America" => "/usr/local/pkg/South_America_cidr.txt");
find_alias_reference(array('nat', 'outbound', 'rule'), array('destination', 'address'), $alias_name, $is_alias_referenced, $referenced_by); find_alias_reference(array('nat', 'outbound', 'rule'), array('dstport'), $alias_name, $is_alias_referenced, $referenced_by); find_alias_reference(array('nat', 'outbound', 'rule'), array('target'), $alias_name, $is_alias_referenced, $referenced_by); // Alias in an alias find_alias_reference(array('aliases', 'alias'), array('address'), $alias_name, $is_alias_referenced, $referenced_by); // Load Balancer find_alias_reference(array('load_balancer', 'lbpool'), array('port'), $alias_name, $is_alias_referenced, $referenced_by); find_alias_reference(array('load_balancer', 'virtual_server'), array('port'), $alias_name, $is_alias_referenced, $referenced_by); // Static routes find_alias_reference(array('staticroutes', 'route'), array('network'), $alias_name, $is_alias_referenced, $referenced_by); if ($is_alias_referenced == true) { $savemsg = sprintf(gettext("Cannot delete alias. Currently in use by %s"), htmlspecialchars($referenced_by)); } else { if (preg_match("/urltable/i", $a_aliases[$_GET['id']]['type'])) { // this is a URL table type alias, delete its file as well unlink_if_exists("/var/db/aliastables/" . $a_aliases[$_GET['id']]['name'] . ".txt"); } unset($a_aliases[$_GET['id']]); if (write_config()) { filter_configure(); mark_subsystem_dirty('aliases'); } header("Location: firewall_aliases.php?tab=" . $tab); exit; } } } function find_alias_reference($section, $field, $origname, &$is_alias_referenced, &$referenced_by) { global $config; if (!$origname || $is_alias_referenced) {
if (file_exists("{$suricata_rules_upd_log}")) { unlink_if_exists("{$suricata_rules_upd_log}"); } } if ($_POST['update']) { // Go see if new updates for rule sets are available header("Location: /suricata/suricata_download_rules.php"); exit; } if ($_POST['force']) { // Mount file system R/W since we need to remove files conf_mount_rw(); // Remove the existing MD5 signature files to force a download unlink_if_exists("{$suricatadir}{$emergingthreats_filename}.md5"); unlink_if_exists("{$suricatadir}{$snort_community_rules_filename}.md5"); unlink_if_exists("{$suricatadir}{$snort_rules_file}.md5"); // Revert file system to R/O. conf_mount_ro(); // Go download the updates header("Location: /suricata/suricata_download_rules.php"); exit; } /* check for logfile */ if (file_exists("{$suricata_rules_upd_log}")) { $suricata_rules_upd_log_chk = 'yes'; } else { $suricata_rules_upd_log_chk = 'no'; } if ($_POST['view'] && $suricata_rules_upd_log_chk == 'yes') { $contents = @file_get_contents($suricata_rules_upd_log); if (empty($contents)) {
delete_package($pkgtodo['name'] . '-' . $pkgtodo['version'], $pkg_id); delete_package_xml($pkgtodo['name']); install_package($pkgtodo['name']); $pkg_id++; } } update_status("All packages reinstalled."); $static_output .= "\n\nAll packages reinstalled."; start_service(htmlspecialchars($_GET['pkg'])); update_output_window($static_output); break; default: $status = install_package(htmlspecialchars($_GET['id'])); if ($status == -1) { update_status("Installation of " . htmlspecialchars($_GET['id']) . " FAILED!"); $static_output .= "\n\nInstallation halted."; } else { update_status("Installation of " . $_GET['id'] . " completed."); $static_output .= "\n\nInstallation completed. Please check to make sure that the package is configured from the respective menu then start the package."; } update_output_window($static_output); } // Delete all temporary package tarballs and staging areas. unlink_if_exists("/tmp/apkg_*"); rmdir_recursive("/var/tmp/instmp*"); /* read only fs */ conf_mount_ro(); // close log if ($fd_log) { fclose($fd_log); }
} elseif ($_GET) { if (!isset($_GET['newver']) && !isset($_GET['rmver']) && !isset($_GET['getcfg']) && !isset($_GET['diff'])) { header("Location: diag_confbak.php"); return; } conf_mount_rw(); $confvers = unserialize(file_get_contents($g['cf_conf_path'] . '/backup/backup.cache')); if ($_GET['newver'] != "") { if (config_restore($g['conf_path'] . '/backup/config-' . $_GET['newver'] . '.xml') == 0) { $savemsg = sprintf(gettext('Successfully reverted to timestamp %1$s with description "%2$s".'), date(gettext("n/j/y H:i:s"), $_GET['newver']), htmlspecialchars($confvers[$_GET['newver']]['description'])); } else { $savemsg = gettext("Unable to revert to the selected configuration."); } } if ($_GET['rmver'] != "") { unlink_if_exists($g['conf_path'] . '/backup/config-' . $_GET['rmver'] . '.xml'); $savemsg = sprintf(gettext('Deleted backup with timestamp %1$s and description "%2$s".'), date(gettext("n/j/y H:i:s"), $_GET['rmver']), htmlspecialchars($confvers[$_GET['rmver']]['description'])); } conf_mount_ro(); } if ($_GET['getcfg'] != "") { $file = $g['conf_path'] . '/backup/config-' . $_GET['getcfg'] . '.xml'; $exp_name = urlencode("config-{$config['system']['hostname']}.{$config['system']['domain']}-{$_GET['getcfg']}.xml"); $exp_data = file_get_contents($file); $exp_size = strlen($exp_data); header("Content-Type: application/octet-stream"); header("Content-Disposition: attachment; filename={$exp_name}"); header("Content-Length: {$exp_size}"); echo $exp_data; exit; }
$savemsg .= <<<EOF \t\t\t\t\t\t\t<br /> \t\t\t\t\t\t<form action="reboot.php" method="post"> \t\t\t\t\t\t\tWould you like to reboot? \t\t\t\t\t\t\t<input name="Submit" type="submit" class="formbtn" value=" Yes " /> \t\t\t\t\t\t\t<input name="Submit" type="submit" class="formbtn" value=" No " /> \t\t\t\t\t\t</form> EOF; } else { $savemsg = "Unable to revert to the selected configuration."; } print_info_box($savemsg); } else { log_error("There was an error when restoring the AutoConfigBackup item"); } unlink_if_exists("/tmp/config_restore.xml"); conf_mount_ro(); } if ($_REQUEST['download']) { // Phone home and obtain backups $curl_session = curl_init(); curl_setopt($curl_session, CURLOPT_URL, $get_url); curl_setopt($curl_session, CURLOPT_HTTPHEADER, array("Authorization: Basic " . base64_encode("{$username}:{$password}"))); curl_setopt($curl_session, CURLOPT_POST, 3); curl_setopt($curl_session, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($curl_session, CURLOPT_RETURNTRANSFER, 1); curl_setopt($curl_session, CURLOPT_POSTFIELDS, "action=restore" . "&hostname=" . urlencode($hostname) . "&revision=" . urlencode($_REQUEST['download'])); curl_setopt($curl_session, CURLOPT_USERAGENT, $g['product_name'] . '/' . rtrim(file_get_contents("/etc/version"))); // Proxy curl_setopt_array($curl_session, configure_proxy()); $data = curl_exec($curl_session);
function pfb_update_check($header, $list_url, $pfbfolder, $pfborig, $pflex, $format) { global $config, $pfb; $log = "[ {$header} ]\n"; pfb_logger("{$log}", 1); $pfb['cron_update'] = FALSE; // Determine if previous download fails have exceeded threshold. if ($pfb['restore'] == 'on') { if ($pfb['skipfeed'] != 0) { // Call function to get all previous download fails pfb_failures(); if ($pfb['failed'][$header] >= $pfb['skipfeed']) { $log = " Max daily download failure attempts exceeded. Clear widget 'failed downloads' to reset.\n\n"; pfb_logger("{$log}", 1); unlink_if_exists("{$pfbfolder}/{$header}.fail"); return; } } // Attempt download, when a previous 'fail' file marker is found. if (file_exists("{$pfbfolder}/{$header}.fail")) { $log = "\t\t\tPrevious download failed.\tRe-attempt download\n"; pfb_logger("{$log}", 1); $pfb['update_cron'] = TRUE; unlink_if_exists("{$pfbfolder}/{$header}.txt"); return; } } else { unlink_if_exists("{$pfbfolder}/{$header}.fail"); } // Check if List file doesn't exist or Format is 'whois'. if (!file_exists("{$pfbfolder}/{$header}.txt") || $format == 'whois') { $log = "\t\t\t\t\t\t\tUpdate found\n"; pfb_logger("{$log}", 1); $pfb['update_cron'] = TRUE; return; } $host = @parse_url($list_url); $local_file = "{$pfborig}/{$header}.orig"; // Compare previously downloaded file timestamp with remote timestamp if (file_exists($local_file)) { if ($format == 'rsync') { $log = "\t\t\t\t( rsync )\t\tUpdate found\n"; pfb_logger("{$log}", 1); $pfb['update_cron'] = TRUE; unlink_if_exists("{$pfbfolder}/{$header}.txt"); return; } // Determine if URL is Remote or Local if (in_array($host['host'], array('127.0.0.1', $pfb['iplocal'], ''))) { clearstatcache(); $remote_tds = gmdate('D, d M Y H:i:s T', @filemtime($list_url)); } else { // Download URL headers and compare previously downloaded file with remote timestamp if ($ch = curl_init($list_url)) { curl_setopt_array($ch, $pfb['curl_defaults']); // Load curl default settings curl_setopt($ch, CURLOPT_NOBODY, true); // Exclude the body from the output curl_setopt($ch, CURLOPT_TIMEOUT, 60); // Allow downgrade of cURL settings if user configured if ($pflex == 'Flex') { curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false); curl_setopt($ch, CURLOPT_SSL_CIPHER_LIST, 'TLSv1.2, TLSv1, SSLv3'); } // Try up to 3 times to download the file before giving up for ($retries = 1; $retries <= 3; $retries++) { if (curl_exec($ch)) { $remote_stamp_raw = curl_getinfo($ch, CURLINFO_FILETIME); break; // Break on success } sleep(3); } if ($remote_stamp_raw != -1) { $remote_tds = gmdate('D, d M Y H:i:s T', $remote_stamp_raw); } } else { $remote_stamp_raw = -1; } curl_close($ch); } // If remote timestamp not found, Attempt md5 comparison if ($remote_stamp_raw == -1) { // Collect md5 checksums $remote_md5 = @md5_file($list_url); $local_md5 = @md5_file($local_file); if ($remote_md5 != $local_md5) { $log = "\t\t\t\t( md5 changed )\t\tUpdate found\n"; pfb_logger("{$log}", 1); $pfb['update_cron'] = TRUE; unlink_if_exists("{$pfbfolder}/{$header}.txt"); return; } else { $log = "\t( No remote timestamp/md5 unchanged )\t\tUpdate not required\n"; pfb_logger("{$log}", 1); return; } } else { $log = " Remote timestamp: {$remote_tds}\n"; pfb_logger("{$log}", 1); clearstatcache(); $local_tds = gmdate('D, d M Y H:i:s T', @filemtime($local_file)); $log = " Local timestamp: {$local_tds}\t"; pfb_logger("{$log}", 1); if ("{$remote_tds}" != "{$local_tds}") { $pfb['cron_update'] = TRUE; } else { $log = "Update not required\n"; pfb_logger("{$log}", 1); $pfb['cron_update'] = FALSE; } } } else { $pfb['cron_update'] = TRUE; } if ($pfb['cron_update']) { // Trigger CRON process if updates are found. $pfb['update_cron'] = TRUE; $log = "Update found\n"; pfb_logger("{$log}", 1); unlink_if_exists("{$pfbfolder}/{$header}.txt"); } return; }
if (isset($id) && isset($a_nat[$id])) { $a_nat[$id] = $natent; write_config("Snort pkg: saved modified preprocessor settings for {$a_nat[$id]['interface']}."); } /*************************************************/ /* Update the snort.conf file and rebuild the */ /* rules for this interface. */ /*************************************************/ $rebuild_rules = true; conf_mount_rw(); snort_generate_conf($natent); conf_mount_ro(); $rebuild_rules = false; /* If 'preproc_auto_rule_disable' is off, then clear log file */ if ($natent['preproc_auto_rule_disable'] == 'off') { unlink_if_exists("{$snortlogdir}/{$disabled_rules_log}"); } /*******************************************************/ /* Signal Snort to reload Host Attribute Table if one */ /* is configured and saved. */ /*******************************************************/ if ($natent['host_attribute_table'] == "on" && !empty($natent['host_attribute_data'])) { snort_reload_config($natent, "SIGURG"); } /* Sync to configured CARP slaves if any are enabled */ snort_sync_on_changes(); // We have saved changes, so clear "dirty" flag clear_subsystem_dirty('snort_preprocessors'); /* after click go to this page */ header('Expires: Sat, 26 Jul 1997 05:00:00 GMT'); header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
} $a_out =& $config['nat']['advancedoutbound']['rule']; if ($_POST['apply']) { write_config(); $retval = 0; config_lock(); $retval |= filter_configure(); config_unlock(); if (stristr($retval, "error") != true) { $savemsg = get_std_save_message($retval); } else { $savemsg = $retval; } if ($retval == 0) { unlink_if_exists($d_natconfdirty_path); unlink_if_exists($d_filterconfdirty_path); } } if (isset($_POST['save']) && $_POST['save'] == "Save") { /* mutually exclusive settings - if user wants advanced NAT, we don't generate automatic rules */ switch ($_POST['advancedoripsec']) { case "ipsecpassthru": $config['nat']['ipsecpassthru']['enable'] = true; unset($config['nat']['advancedoutbound']['enable']); if (count($config['nat']['advancedoutbound']['rule']) == 0) { unset($config['nat']['advancedoutbound']['rule']); } break; case "advancedoutboundnat": $was_enabled = isset($config['nat']['advancedoutbound']['enable']); $config['nat']['advancedoutbound']['enable'] = true;
if (is_service_running("suricata")) { log_error(gettext("[Suricata] Suricata STOP for all interfaces...")); } killbyname("suricata"); sleep(1); // Delete any leftover suricata PID files in /var/run unlink_if_exists("{$g['varrun_path']}/suricata_*.pid"); /* Make sure all active Barnyard2 processes are terminated */ /* Log a message only if a running process is detected */ if (is_service_running("barnyard2")) { log_error(gettext("[Suricata] Barnyard2 STOP for all interfaces...")); } killbyname("barnyard2"); sleep(1); // Delete any leftover barnyard2 PID files in /var/run unlink_if_exists("{$g['varrun_path']}/barnyard2_*.pid"); /* Remove the Suricata cron jobs. */ install_cron_job("suricata_check_for_rule_updates.php", false); install_cron_job("suricata_check_cron_misc.inc", false); install_cron_job("{$suri_pf_table}", false); /* See if we are to keep Suricata log files on uninstall */ if ($config['installedpackages']['suricata']['config'][0]['clearlogs'] == 'on') { log_error(gettext("[Suricata] Clearing all Suricata-related log files...")); @unlink("{$suricata_rules_upd_log}"); mwexec("/bin/rm -rf {$suricatalogdir}"); } // Mount filesystem read-write to remove our files conf_mount_rw(); /* Remove the Suricata GUI app directories */ mwexec("/bin/rm -rf /usr/local/pkg/suricata"); mwexec("/bin/rm -rf /usr/local/www/suricata");
if ($firmwareupdate) { mwexec_bg("{$upgrade_script}"); } else { mwexec_bg("{$upgrade_script} -i {$pkgname}"); } $start_polling = true; break; } } $uptodatemsg = gettext("Up to date."); $confirmlabel = gettext("Confirm Update"); $sysmessage = gettext("Status"); // $completed just means that we are refreshing the page to update any new menu items // that were installed if ($completed) { unlink_if_exists($logfilename . ".json"); // If this was a firmware update and a reboot was initiated, display the "Rebooting" message // and start the countdown timer if ($firmwareupdate && $reboot_needed) { ?> <script> //<![CDATA[ events.push(function() { time = "<?php echo $guitimeout; ?> "; startCountdown(); }); //]]> </script>
// System Sounds if ($_POST['disablebeep'] == "yes") { $config['system']['disablebeep'] = true; } else { unset($config['system']['disablebeep']); } if (!$input_errors) { write_config(); pfSenseHeader("system_advanced_notifications.php"); return; } } if (isset($_POST['test-growl'])) { // Send test message via growl if ($config['notifications']['growl']['ipaddress'] && ($config['notifications']['growl']['password'] = $_POST['password'])) { unlink_if_exists($g['vardb_path'] . "/growlnotices_lastmsg.txt"); register_via_growl(); notify_via_growl(sprintf(gettext("This is a test message from %s. It is safe to ignore this message."), $g['product_name']), true); } } if (isset($_POST['test-smtp'])) { // Send test message via smtp if (file_exists("/var/db/notices_lastmsg.txt")) { unlink("/var/db/notices_lastmsg.txt"); } $savemsg = notify_via_smtp(sprintf(gettext("This is a test message from %s.\t It is safe to ignore this message."), $g['product_name']), true); } } $pgtitle = array(gettext("System"), gettext("Advanced"), gettext("Notifications")); include "head.inc"; if ($input_errors) {
$d_haproxyconfdirty_path = $g['varrun_path'] . "/haproxy.conf.dirty"; if (!is_array($config['installedpackages']['haproxy']['ha_pools']['item'])) { $config['installedpackages']['haproxy']['ha_pools']['item'] = array(); } if (!is_array($config['installedpackages']['haproxy']['ha_backends']['item'])) { $config['installedpackages']['haproxy']['ha_backends']['item'] = array(); } $a_pools =& $config['installedpackages']['haproxy']['ha_pools']['item']; $a_backends =& $config['installedpackages']['haproxy']['ha_backends']['item']; if ($_POST) { $pconfig = $_POST; if ($_POST['apply']) { $retval = 0; $retval = haproxy_configure(); $savemsg = get_std_save_message($retval); unlink_if_exists($d_haproxyconfdirty_path); } } if ($_GET['act'] == "del") { if (isset($a_pools[$_GET['id']])) { unset($a_pools[$_GET['id']]); write_config(); touch($d_haproxyconfdirty_path); } header("Location: haproxy_pools.php"); exit; } $pf_version = substr(trim(file_get_contents("/etc/version")), 0, 3); if ($pf_version < 2.0) { $one_two = true; }
##|*DESCR=Allow access to the 'Hidden: Detailed Status' page. ##|*MATCH=status.php* ##|-PRIV /* Execute a command, with a title, and generate an HTML table * showing the results. */ /* include all configuration functions */ require_once "guiconfig.inc"; require_once "functions.inc"; $output_path = "/tmp/status_output/"; $output_file = "/tmp/status_output.tgz"; if (is_dir($output_path)) { unlink_if_exists("{$output_path}/*"); @rmdir($output_path); } unlink_if_exists($output_file); mkdir($output_path); function doCmdT($title, $command) { global $output_path, $output_file; /* Fixup output directory */ $rubbish = array('|', '-', '/', '.', ' '); /* fixes the <a> tag to be W3C compliant */ echo "\n<a name=\"" . str_replace($rubbish, '', $title) . "\" id=\"" . str_replace($rubbish, '', $title) . "\"></a>\n"; print '<div class="panel panel-default">'; print '<div class="panel-heading">' . $title . '</div>'; print '<div class="panel-body">'; print '<pre>'; if ($command == "dumpconfigxml") { $ofd = @fopen("{$output_path}/config-sanitized.xml", "w"); $fd = @fopen("/conf/config.xml", "r");
$pconfig['txkey'] = $i; } $i++; } if (!isset($wepkey['txkey'])) { $pconfig['txkey'] = 1; } } } } if ($_POST['apply']) { unset($input_errors); if (!is_subsystem_dirty('interfaces')) { $input_errors[] = gettext("You have already applied your settings!"); } else { unlink_if_exists("{$g['tmp_path']}/config.cache"); clear_subsystem_dirty('interfaces'); if (file_exists("{$g['tmp_path']}/.interfaces.apply")) { $toapplylist = unserialize(file_get_contents("{$g['tmp_path']}/.interfaces.apply")); foreach ($toapplylist as $ifapply => $ifcfgo) { if (isset($config['interfaces'][$ifapply]['enable'])) { interface_bring_down($ifapply, false, $ifcfgo); interface_configure($ifapply, true); } else { interface_bring_down($ifapply, true, $ifcfgo); if (isset($config['dhcpd'][$ifapply]['enable']) || isset($config['dhcpdv6'][$ifapply]['enable'])) { services_dhcpd_configure(); } } } }
flush(); usleep(500); } } if ($graphcmdreturn != 0 || !$data) { log_error(sprintf(gettext('Failed to create graph with error code %1$s, the error is: %2$s'), $graphcmdreturn, $graphcmdoutput)); if (strstr($curdatabase, "queues")) { log_error(sprintf(gettext("failed to create graph from %s%s, removing database"), $rrddbpath, $curdatabase)); unlink_if_exists($rrddbpath . $curif . $queues); flush(); usleep(500); enable_rrd_graphing(); } if (strstr($curdatabase, "queuesdrop")) { log_error(sprintf(gettext("failed to create graph from %s%s, removing database"), $rrddbpath, $curdatabase)); unlink_if_exists($rrddbpath . $curdatabase); flush(); usleep(500); enable_rrd_graphing(); } header("Content-type: image/png"); header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); header("Cache-Control: no-cache, no-store, must-revalidate"); header("Pragma: no-cache"); $input_errors[] = gettext("There has been an error in rendering the graph. Please check your system logs."); print_input_errors($input_errors); } else { $file = "{$rrdtmppath}{$curdatabase}-{$curgraph}.png"; if (file_exists("{$file}")) { header("Content-type: image/png");