From: ms Date: Thu, 12 Apr 2007 16:28:06 +0000 (+0000) Subject: Connections.cgi neu geschrieben. X-Git-Tag: v2.3-beta1~762 X-Git-Url: http://git.ipfire.org/?p=people%2Fpmueller%2Fipfire-2.x.git;a=commitdiff_plain;h=1465b12776a8ab342cf19f959d065781c1dabfc8 Connections.cgi neu geschrieben. URL-Filter aktualisiert. git-svn-id: http://svn.ipfire.org/svn/ipfire/trunk@495 ea5c0bd1-69bd-2848-81d8-4f18e57aeed8 --- diff --git a/config/urlfilter/autoupdate.pl b/config/urlfilter/autoupdate.pl index f9af67edfc..6d61f43741 100644 --- a/config/urlfilter/autoupdate.pl +++ b/config/urlfilter/autoupdate.pl @@ -1,7 +1,10 @@ #!/usr/bin/perl - # -# $Id: autoupdate.pl,v 1.0 2005/06/15 00:00:00 marco Exp $ +# This code is distributed under the terms of the GPL +# +# (c) 2004-2007 marco.s - http://www.urlfilter.net +# +# $Id: autoupdate.pl,v 1.1 2007/03/14 00:00:00 marco.s Exp $ # use strict; @@ -9,6 +12,7 @@ my $make_clean = 1; my $swroot = "/var/ipfire"; my $target = "$swroot/urlfilter/download"; +my $tempdb = "$target/blacklists"; my $dbdir = "$swroot/urlfilter/blacklists"; my $sourceurlfile = "$swroot/urlfilter/autoupdate/autoupdate.urls"; @@ -23,6 +27,7 @@ my $source_url; my $source_name; my @source_urllist; +my @categories; my $blacklist; my $category; @@ -72,24 +77,32 @@ unless ($blacklist_url eq '') if (-e $blacklist) { system("/bin/tar --no-same-owner -xzf $blacklist -C $target"); - if (-d "$target/blacklists") + if (-d "$target/BL") { system ("mv $target/BL $target/blacklists"); } + if (-d "$tempdb") { + undef(@categories); + &getblockcategory ($tempdb); + foreach (@categories) { $_ = substr($_,length($tempdb)+1); } + open(FILE, ">$target/update.conf"); flock FILE, 2; print FILE "logdir $target\n"; - print FILE "dbhome $target/blacklists\n\n"; - - foreach (<$target/blacklists/*>) - { - if ((-d $_) && ((-s "$_/domains") || (-s "$_/urls"))) - { - $category=substr($_,rindex($_,"/")+1); - print FILE "dest $category {\n"; - if (-s "$_/domains") { print FILE " domainlist $category/domains\n"; } - if (-s "$_/urls") { print FILE " urllist $category/urls\n"; } - print FILE "}\n\n"; + print FILE "dbhome $tempdb\n\n"; + + foreach $category (@categories) { + $blacklist = $category; + $category =~ s/\//_/g; + print FILE "dest $category {\n"; + if (-s "$tempdb/$blacklist/domains") { + print FILE " domainlist $blacklist\/domains\n"; } + if (-s "$tempdb/$blacklist/urls") { + print FILE " urllist $blacklist\/urls\n"; + } + print FILE "}\n\n"; + $category = $blacklist; } + print FILE "acl {\n"; print FILE " default {\n"; print FILE " pass none\n"; @@ -103,19 +116,7 @@ unless ($blacklist_url eq '') system("chown -R nobody.nobody $dbdir"); - foreach $category (<$dbdir/*>) - { - if (-d $category) - { - system("chmod 755 $category &> /dev/null"); - foreach $blacklist (<$category/*>) - { - if (-f $blacklist){ system("chmod 644 $blacklist &> /dev/null"); } - if (-d $blacklist){ system("chmod 755 $blacklist &> /dev/null"); } - } - system("chmod 666 $category/*.db &> /dev/null"); - } - } + &setpermissions ($dbdir); system("touch $updflagfile"); system("chown nobody.nobody $updflagfile"); @@ -172,3 +173,41 @@ sub readhash } # ------------------------------------------------------------------- + +sub getblockcategory +{ + foreach $category (<$_[0]/*>) + { + if (-d $category) + { + if ((-s "$category/domains") || (-s "$category/urls")) + { + unless ($category =~ /\bcustom\b/) { push(@categories,$category); } + } + &getblockcategory ($category); + } + } +} + +# ------------------------------------------------------------------- + +sub setpermissions +{ + my $bldir = $_[0]; + + foreach $category (<$bldir/*>) + { + if (-d $category){ + system("chmod 755 $category &> /dev/null"); + foreach $blacklist (<$category/*>) + { + if (-f $blacklist) { system("chmod 644 $blacklist &> /dev/null"); } + if (-d $blacklist) { system("chmod 755 $blacklist &> /dev/null"); } + } + system("chmod 666 $category/*.db &> /dev/null"); + &setpermissions ($category); + } + } +} + +# ------------------------------------------------------------------- diff --git a/config/urlfilter/autoupdate.urls b/config/urlfilter/autoupdate.urls index 33b62d5650..a42191902c 100644 --- a/config/urlfilter/autoupdate.urls +++ b/config/urlfilter/autoupdate.urls @@ -1,3 +1,3 @@ -squidGuard,http://ftp.teledanmark.no/pub/www/proxy/squidGuard/contrib/blacklists.tar.gz +Shalla Secure Services,http://squidguard.shalla.de/Downloads/shallalist.tar.gz MESD,http://squidguard.mesd.k12.or.us/blacklists.tgz Univ. Toulouse,ftp://ftp.univ-tlse1.fr/pub/reseau/cache/squidguard_contrib/blacklists.tar.gz diff --git a/config/urlfilter/prebuild.pl b/config/urlfilter/prebuild.pl index b95ca895d9..94138e1efc 100644 --- a/config/urlfilter/prebuild.pl +++ b/config/urlfilter/prebuild.pl @@ -4,8 +4,6 @@ # # (c) written from scratch # -# $Id: prebuild.pl,v 0.3 2005/04/16 00:00:00 marco Exp $ -# $dbdir="/var/ipfire/urlfilter/blacklists"; @@ -18,15 +16,27 @@ if (-e "$dbdir/custom/blocked/urls.db") { unlink("$dbdir/custom/blocked/urls. system("chown -R nobody.nobody $dbdir"); -foreach $category (<$dbdir/*>) +&setpermissions ($dbdir); + +# ------------------------------------------------------------------- + +sub setpermissions { - if (-d $category){ - system("chmod 755 $category &> /dev/null"); - foreach $blacklist (<$category/*>) - { - if (-f $blacklist){ system("chmod 644 $blacklist &> /dev/null"); } - if (-d $blacklist){ system("chmod 755 $blacklist &> /dev/null"); } + my $bldir = $_[0]; + + foreach $category (<$bldir/*>) + { + if (-d $category){ + system("chmod 755 $category &> /dev/null"); + foreach $blacklist (<$category/*>) + { + if (-f $blacklist) { system("chmod 644 $blacklist &> /dev/null"); } + if (-d $blacklist) { system("chmod 755 $blacklist &> /dev/null"); } + } + system("chmod 666 $category/*.db &> /dev/null"); + &setpermissions ($category); } - system("chmod 666 $category/*.db &> /dev/null"); } } + +# ------------------------------------------------------------------- diff --git a/config/urlfilter/squidGuard.conf b/config/urlfilter/squidGuard.conf index 0232eadb8c..4f43648777 100644 --- a/config/urlfilter/squidGuard.conf +++ b/config/urlfilter/squidGuard.conf @@ -1,5 +1,5 @@ logdir /var/log/squidGuard -dbhome /var/ipfire/urlfilter/blacklists +dbhome /var/ipcop/urlfilter/blacklists acl { default { diff --git a/doc/language_issues.de b/doc/language_issues.de index 33411491bd..94eff7c2d4 100644 --- a/doc/language_issues.de +++ b/doc/language_issues.de @@ -285,11 +285,9 @@ WARNING: translation string unused: upstream password WARNING: translation string unused: upstream proxy host:port WARNING: translation string unused: upstream username WARNING: translation string unused: uptime and users -WARNING: translation string unused: urlfilter background text WARNING: translation string unused: urlfilter update information WARNING: translation string unused: urlfilter update notification WARNING: translation string unused: urlfilter update results -WARNING: translation string unused: urlfilter upload background WARNING: translation string unused: use WARNING: translation string unused: used memory WARNING: translation string unused: used swap @@ -336,6 +334,7 @@ WARNING: untranslated string: traffics WARNING: untranslated string: trafficsum WARNING: untranslated string: trafficto WARNING: untranslated string: up +WARNING: untranslated string: urlfilter background image WARNING: untranslated string: urlfilter log WARNING: untranslated string: user log WARNING: untranslated string: user proxy logs diff --git a/doc/language_issues.en b/doc/language_issues.en index 2884baa773..33d290dbd8 100644 --- a/doc/language_issues.en +++ b/doc/language_issues.en @@ -290,11 +290,9 @@ WARNING: translation string unused: upstream password WARNING: translation string unused: upstream proxy host:port WARNING: translation string unused: upstream username WARNING: translation string unused: uptime and users -WARNING: translation string unused: urlfilter background text WARNING: translation string unused: urlfilter update information WARNING: translation string unused: urlfilter update notification WARNING: translation string unused: urlfilter update results -WARNING: translation string unused: urlfilter upload background WARNING: translation string unused: use WARNING: translation string unused: used memory WARNING: translation string unused: used swap @@ -324,6 +322,7 @@ WARNING: untranslated string: remove x509 WARNING: untranslated string: settingsc WARNING: untranslated string: smbrestart WARNING: untranslated string: up +WARNING: untranslated string: urlfilter background image WARNING: untranslated string: urlfilter log WARNING: untranslated string: user log WARNING: untranslated string: user proxy logs diff --git a/html/cgi-bin/connections.cgi b/html/cgi-bin/connections.cgi index b38ade0897..aeaf0db6e5 100644 --- a/html/cgi-bin/connections.cgi +++ b/html/cgi-bin/connections.cgi @@ -20,7 +20,7 @@ use Net::IPv4Addr qw( :all ); use strict; # enable only the following on debugging purpose -use warnings; +#use warnings; use CGI::Carp 'fatalsToBrowser'; require '/var/ipfire/general-functions.pl'; @@ -36,13 +36,13 @@ undef (@dummy); my %netsettings=(); &General::readhash("${General::swroot}/ethernet/settings", \%netsettings); -open (ACTIVE, "/proc/net/ip_conntrack") or die 'Unable to open ip_conntrack'; +open (ACTIVE, 'iptstate -1rbt |') or die 'Unable to open ip_conntrack'; my @active = ; close (ACTIVE); my @vpn = ('none'); -open (ACTIVE, "/proc/net/ipsec_eroute") and @vpn = ; -close (ACTIVE); +#open (ACTIVE, "/proc/net/ipsec_eroute") and @vpn = ; +#close (ACTIVE); my $aliasfile = "${General::swroot}/ethernet/aliases"; open(ALIASES, $aliasfile) or die 'Unable to open aliases file.'; @@ -212,197 +212,15 @@ our %entries = (); # will hold the lines analyzed correctly my $unknownlines = ''; # should be empty all the time... my $index = 0; # just a counter to make unique entryies in entries -foreach my $line (@active) { - my $protocol=''; - my $expires=''; - my $status=''; - my $orgsip=''; - my $orgdip=''; - my $orgsp=''; - my $orgdp=''; - my $exsip=''; - my $exdip=''; - my $exsp=''; - my $exdp=''; - my $marked=''; - my $use=''; - - chomp($line); - my @temp = split(' ',$line); - - if ($temp[0] eq 'icmp') { - $protocol = $temp[0]; - $status = $Lang::tr{'all'}; - $orgsip = substr $temp[3], 4; - $orgdip = substr $temp[4], 4; - $marked = $temp[8] eq '[UNREPLIED]' ? '[UNREPLIED]' : ' '; - } - if ($temp[0] eq 'udp') { - $protocol = $temp[0]; - $status = $Lang::tr{'all'}; - $orgsip = substr $temp[3], 4; - $orgdip = substr $temp[4], 4; - $marked = $temp[7] eq '[UNREPLIED]' ? '[UNREPLIED]' : defined ($temp[12]) ? $temp[11] : ' '; - } - if ($temp[0] eq 'tcp') { - $protocol = $temp[0]; - $status = $temp[3]; - $orgsip = substr $temp[4], 4; - $orgdip = substr $temp[5], 4; - $marked = $temp[8] eq '[UNREPLIED]' ? '[UNREPLIED]' : defined ($temp[13]) ? $temp[12] : ' '; - } - - # filter the line if we found a known proto - next if( !( - (($cgiparams{'SEE_PROTO'} eq $Lang::tr{'all'}) || ($protocol eq $cgiparams{'SEE_PROTO'} )) - && (($cgiparams{'SEE_STATE'} eq $Lang::tr{'all'}) || ($status eq $cgiparams{'SEE_STATE'} )) - && (($cgiparams{'SEE_MARK'} eq $Lang::tr{'all'}) || ($marked eq $cgiparams{'SEE_MARK'} )) - && (($cgiparams{'SEE_SRC'} eq "*.*.*.*") || ($orgsip eq $cgiparams{'SEE_SRC'} )) - && (($cgiparams{'SEE_DEST'} eq "*.*.*.*") || ($orgdip eq $cgiparams{'SEE_DEST'} )) - )); - - if ($temp[0] eq 'icmp') { - my $offset = 0; - $protocol = $temp[0] . " (" . $temp[1] . ")"; - $expires = $temp[2]; - $status = ' '; - if ($temp[8] eq '[UNREPLIED]' ) { - $offset = +1; - } - $orgsip = substr $temp[3], 4; - $orgdip = substr $temp[4], 4; - $orgsp = &General::GetIcmpDescription(substr( $temp[5], 5)) . "/" . substr( $temp[6], 5);; - $orgdp = 'id=' . substr( $temp[7], 3); - $exsip = substr $temp[8 + $offset], 4; - $exdip = substr $temp[9 + $offset], 4; - $exsp = &General::GetIcmpDescription(substr( $temp[10 + $offset], 5)). "/" . substr( $temp[11 + $offset], 5); - $exdp = 'id=' . substr( $temp[11 + $offset], 5); - $marked = $temp[8] eq '[UNREPLIED]' ? '[UNREPLIED]' : ' '; - $use = substr( $temp[13 + $offset], 4 ); - } - if ($temp[0] eq 'udp') { - my $offset = 0; - $marked = ''; - $protocol = $temp[0] . " (" . $temp[1] . ")"; - $expires = $temp[2]; - $status = ' '; - $orgsip = substr $temp[3], 4; - $orgdip = substr $temp[4], 4; - $orgsp = substr $temp[5], 6; - $orgdp = substr $temp[6], 6; - if ($temp[7] eq '[UNREPLIED]') { - $offset = 1; - $marked = $temp[7]; - $use = substr $temp[12], 4; - } else { - if ((substr $temp[11], 0, 3) eq 'use' ) { - $marked = ''; - $use = substr $temp[11], 4; - } else { - $marked = $temp[11]; - $use = substr $temp[12], 4; - } - } - $exsip = substr $temp[7 + $offset], 4; - $exdip = substr $temp[8 + $offset], 4; - $exsp = substr $temp[9 + $offset], 6; - $exdp = substr $temp[10 + $offset], 6; - } - if ($temp[0] eq 'tcp') { - my $offset = 0; - $protocol = $temp[0] . " (" . $temp[1] . ")"; - $expires = $temp[2]; - $status = $temp[3]; - $orgsip = substr $temp[4], 4; - $orgdip = substr $temp[5], 4; - $orgsp = substr $temp[6], 6; - $orgdp = substr $temp[7], 6; - if ($temp[8] eq '[UNREPLIED]') { - $marked = $temp[8]; - $offset = 1; - } else { - $marked = $temp[16]; - } - $exsip = substr $temp[10 + $offset], 4; - $exdip = substr $temp[11 + $offset], 4; - $exsp = substr $temp[12 + $offset], 6; - $exdp = substr $temp[13 + $offset], 6; - $use = substr $temp[18], 4; - } - if ($temp[0] eq 'unknown') { - my $offset = 0; - $protocol = "??? (" . $temp[1] . ")"; - $protocol = "esp (" . $temp[1] . ")" if ($temp[1] == 50); - $protocol = "ah (" . $temp[1] . ")" if ($temp[1] == 51); - $expires = $temp[2]; - $status = ' '; - $orgsip = substr $temp[3], 4; - $orgdip = substr $temp[4], 4; - $orgsp = ' '; - $orgdp = ' '; - $exsip = substr $temp[5], 4; - $exdip = substr $temp[6], 4; - $exsp = ' '; - $exdp = ' '; - $marked = ' '; - $use = ' '; - } - if ($temp[0] eq 'gre') { - my $offset = 0; - $protocol = $temp[0] . " (" . $temp[1] . ")"; - $expires = $temp[2]; - $orgsip = substr $temp[5], 4; - $orgdip = substr $temp[6], 4; - $orgsp = ' '; - $orgdp = ' '; - $exsip = substr $temp[11], 4; - $exdip = substr $temp[12], 4; - $exsp = ' '; - $exdp = ' '; - $marked = $temp[17]; - $use = $temp[18]; - } - # Only from this point, lines have the same known format/field - # The floating fields [UNREPLIED] [ASSURED] etc are ok. - - # Store the line in a hash array for sorting - if ( $protocol ) { # line is decoded ? - my @record = ( 'index', $index++, - 'protocol', $protocol, - 'expires', $expires, - 'status', $status, - 'orgsip', $orgsip, - 'orgdip', $orgdip, - 'orgsp', $orgsp, - 'orgdp', $orgdp, - 'exsip', $exsip, - 'exdip', $exdip, - 'exsp', $exsp, - 'exdp', $exdp, - 'marked', $marked, - 'use', $use); - my $record = {}; # create a reference to empty hash - %{$record} = @record; # populate that hash with @record - $entries{$record->{index}} = $record; # add this to a hash of hashes - } else { # it was not a known line - $unknownlines .= ""; - $unknownlines .= " unknown:$line>"; - } -} - -# Build listbox objects -my $menu_proto = &make_select ('SEE_PROTO', $cgiparams{'SEE_PROTO'}, @list_proto); -my $menu_state = &make_select ('SEE_STATE', $cgiparams{'SEE_STATE'}, @list_state); -my $menu_src = &make_select ('SEE_SRC', $cgiparams{'SEE_SRC'}, &get_known_ips('orgsip')); -my $menu_dest = &make_select ('SEE_DEST', $cgiparams{'SEE_DEST'}, &get_known_ips('orgdip')); -my $menu_mark = &make_select ('SEE_MARK', $cgiparams{'SEE_MARK'}, @list_mark); -my $menu_sort = &make_select ('SEE_SORT', $cgiparams{'SEE_SORT'}, @list_sort); - &Header::showhttpheaders(); &Header::openpage($Lang::tr{'connections'}, 1, ''); &Header::openbigbox('100%', 'left'); &Header::openbox('100%', 'left', $Lang::tr{'connection tracking'}); +# Build listbox objects +my $menu_proto = &make_select ('SEE_PROTO', $cgiparams{'SEE_PROTO'}, @list_proto); +my $menu_state = &make_select ('SEE_STATE', $cgiparams{'SEE_STATE'}, @list_state); + print < @@ -416,69 +234,109 @@ print <$Lang::tr{'OpenVPN'}
-

+
- + + + + + + - - - - - - + - - - + + - - - - + - + - + END ; -foreach my $entry (sort sort_entries keys %entries) { - my $orgsipcolour = &ipcolour( $entries{$entry}->{orgsip} ); - my $orgdipcolour = &ipcolour( $entries{$entry}->{orgdip} ); - my $exsipcolour = &ipcolour( $entries{$entry}->{exsip} ); - my $exdipcolour = &ipcolour( $entries{$entry}->{exdip} ); - print < - - - - - - - - - +my $i=0; +foreach my $line (@active) { + $i++; + if ($i < 3) { + next; + } + chomp($line); + my @temp = split(' ',$line); + + my ($sip, $sport) = split(':', $temp[0]); + my ($dip, $dport) = split(':', $temp[1]); + my $proto = $temp[2]; + my $state = $temp[3]; + my $ttl = $temp[4]; + + next if( !( + (($cgiparams{'SEE_PROTO'} eq $Lang::tr{'all'}) || ($proto eq $cgiparams{'SEE_PROTO'} )) + && (($cgiparams{'SEE_STATE'} eq $Lang::tr{'all'}) || ($state eq $cgiparams{'SEE_STATE'} )) + && (($cgiparams{'SEE_SRC'} eq "*.*.*.*") || ($sip eq $cgiparams{'SEE_SRC'} )) + && (($cgiparams{'SEE_DEST'} eq "*.*.*.*") || ($dip eq $cgiparams{'SEE_DEST'} )) + )); + + if (($proto eq 'udp') && ($ttl eq '')) { + $ttl = $state; + $state = ' '; + } + + my $sipcol = ipcolour($sip); + my $dipcol = ipcolour($dip); + + my $sserv = ''; + if ($sport < 1024) { + $sserv = uc(getservbyport($sport, lc($proto))); + if ($sserv ne '') { + $sserv = " ($sserv)"; + } + } + + my $dserv = ''; + if ($dport < 1024) { + $dserv = uc(getservbyport($dport, lc($proto))); + if ($dserv ne '') { + $dserv = " ($dserv)"; + } + } + + print < + + + + + + + + END ; } -print "$unknownlines
$Lang::tr{'protocol'}
$Lang::tr{'source ip and port'} $Lang::tr{'dest ip and port'} $Lang::tr{'protocol'}$Lang::tr{'connection'}

$Lang::tr{'status'}		 $Lang::tr{'expires'}

($Lang::tr{'seconds'})		$Lang::tr{'connection'}

$Lang::tr{'status'}		$Lang::tr{'original'}

$Lang::tr{'source ip and port'}		$Lang::tr{'original'}

$Lang::tr{'dest ip and port'}		$Lang::tr{'expected'}

$Lang::tr{'source ip and port'}		$Lang::tr{'expected'}

$Lang::tr{'dest ip and port'}		$Lang::tr{'marked'}
$menu_proto 
 $menu_proto $menu_state$menu_src$menu_dest$menu_mark 
$entries{$entry}->{protocol}$entries{$entry}->{expires}$entries{$entry}->{status} - - $entries{$entry}->{orgsip} - :$entries{$entry}->{orgsp} - - $entries{$entry}->{orgdip} - :$entries{$entry}->{orgdp} - - $entries{$entry}->{exsip} - :$entries{$entry}->{exsp} - - $entries{$entry}->{exdip} - :$entries{$entry}->{exdp}$entries{$entry}->{marked}
+ + $sip + + + + $sport$sserv + + + + $dip + + + + $dport$dserv + + $proto$state$ttl
"; +print ""; &Header::closebox(); &Header::closebigbox(); @@ -491,15 +349,15 @@ sub ipcolour($) { my ($ip) = $_[0]; my $found = 0; foreach $line (@network) { - if ($network[$id] eq '') { - $id++; - } else { - if (!$found && ipv4_in_network( $network[$id] , $masklen[$id], $ip) ) { - $found = 1; - $colour = $colour[$id]; - } - $id++; - } + if ($network[$id] eq '') { + $id++; + } else { + if (!$found && ipv4_in_network( $network[$id] , $masklen[$id], $ip) ) { + $found = 1; + $colour = $colour[$id]; + } + $id++; + } } return $colour } diff --git a/html/cgi-bin/urlfilter.cgi b/html/cgi-bin/urlfilter.cgi index 3b3b9aac0f..538569b7b7 100644 --- a/html/cgi-bin/urlfilter.cgi +++ b/html/cgi-bin/urlfilter.cgi @@ -1,19 +1,17 @@ #!/usr/bin/perl # -# SmoothWall CGIs -# # This code is distributed under the terms of the GPL # -# (c) written from scratch +# (c) 2004-2007 marco.s - http://www.urlfilter.net # -# $Id: urlfilter.cgi,v 1.7 2006/05/08 00:00:00 marco Exp $ +# $Id: urlfilter.cgi,v 1.9.1 2007/03/22 00:00:00 marco.s Exp $ # use strict; # enable only the following on debugging purpose -#use warnings; -#use CGI::Carp 'fatalsToBrowser'; +use warnings; +use CGI::Carp 'fatalsToBrowser'; use File::Copy; use IO::Socket; @@ -22,6 +20,7 @@ require '/var/ipfire/general-functions.pl'; require "${General::swroot}/lang.pl"; require "${General::swroot}/header.pl"; +my $http_port='81'; my %netsettings=(); my %mainsettings=(); my %proxysettings=(); @@ -74,6 +73,7 @@ my @filtergroups=(); my @tclist=(); my @uqlist=(); my @source_urllist=(); +my @clients=(); my @temp=(); my $lastslashpos=0; @@ -147,10 +147,30 @@ if (($filtersettings{'ACTION'} eq $Lang::tr{'save'}) || ($filtersettings{'ACTION'} eq $Lang::tr{'urlfilter save and restart'}) || ($filtersettings{'ACTION'} eq $Lang::tr{'urlfilter upload file'}) || ($filtersettings{'ACTION'} eq $Lang::tr{'urlfilter remove file'}) || + ($filtersettings{'ACTION'} eq $Lang::tr{'urlfilter upload background'}) || ($filtersettings{'ACTION'} eq $Lang::tr{'urlfilter upload blacklist'}) || ($filtersettings{'ACTION'} eq $Lang::tr{'urlfilter backup'}) || ($filtersettings{'ACTION'} eq $Lang::tr{'urlfilter restore'})) -{ +{ + + @clients = split(/\n/,$filtersettings{'UNFILTERED_CLIENTS'}); + foreach (@clients) + { + s/^\s+//g; s/\s+$//g; s/\s+-\s+/-/g; s/\s+/ /g; s/\n//g; + if (/.*-.*-.*/) { $errormessage = $Lang::tr{'urlfilter invalid ip or mask error'}; } + @temp = split(/-/); + foreach (@temp) { unless ((&General::validipormask($_)) || (&General::validipandmask($_))) { $errormessage = $Lang::tr{'urlfilter invalid ip or mask error'}; } } + } + @clients = split(/\n/,$filtersettings{'BANNED_CLIENTS'}); + foreach (@clients) + { + s/^\s+//g; s/\s+$//g; s/\s+-\s+/-/g; s/\s+/ /g; s/\n//g; + if (/.*-.*-.*/) { $errormessage = $Lang::tr{'urlfilter invalid ip or mask error'}; } + @temp = split(/-/); + foreach (@temp) { unless ((&General::validipormask($_)) || (&General::validipandmask($_))) { $errormessage = $Lang::tr{'urlfilter invalid ip or mask error'}; } } + } + if ($errormessage) { goto ERROR; } + if (!($filtersettings{'CHILDREN'} =~ /^\d+$/) || ($filtersettings{'CHILDREN'} < 1)) { $errormessage = $Lang::tr{'urlfilter invalid num of children'}; @@ -186,6 +206,17 @@ if (($filtersettings{'ACTION'} eq $Lang::tr{'save'}) || } + if ($filtersettings{'ACTION'} eq $Lang::tr{'urlfilter upload background'}) + { + &Header::getcgihash(\%filtersettings, {'wantfile' => 1, 'filevar' => 'BACKGROUND'}); + + if (copy($filtersettings{'BACKGROUND'}, "/home/httpd/html/images/urlfilter/background.jpg") != 1) + { + $errormessage = $!; + goto ERROR; + } + } + if ($filtersettings{'ACTION'} eq $Lang::tr{'urlfilter upload blacklist'}) { &Header::getcgihash(\%filtersettings, {'wantfile' => 1, 'filevar' => 'UPDATEFILE'}); @@ -211,6 +242,11 @@ if (($filtersettings{'ACTION'} eq $Lang::tr{'save'}) || $errormessage = $Lang::tr{'urlfilter tar error'}; } else { + if (-d "${General::swroot}/urlfilter/update/BL") + { + system("mv ${General::swroot}/urlfilter/update/BL ${General::swroot}/urlfilter/update/blacklists"); + } + if (-d "${General::swroot}/urlfilter/update/category") { system("mv ${General::swroot}/urlfilter/update/category ${General::swroot}/urlfilter/update/blacklists"); @@ -310,7 +346,7 @@ if (($filtersettings{'ACTION'} eq $Lang::tr{'save'}) || if ($filtersettings{'ACTION'} eq $Lang::tr{'urlfilter save and restart'}) { - if (!(-e "${General::swroot}/proxy/enable")) + if ((!(-e "${General::swroot}/proxy/enable")) && (!(-e "${General::swroot}/proxy/enable_blue"))) { $errormessage = $Lang::tr{'urlfilter web proxy service required'}; goto ERROR; @@ -331,29 +367,10 @@ if (($filtersettings{'ACTION'} eq $Lang::tr{'save'}) || if (-e "$dbdir/custom/blocked/domains.db") { unlink("$dbdir/custom/blocked/domains.db"); } if (-e "$dbdir/custom/blocked/urls.db") { unlink("$dbdir/custom/blocked/urls.db"); } - foreach (<$dbdir/*>) - { - if (-d $_){ system("chmod 644 $_/*"); } - if (-d $_){ system("chmod 666 $_/*.db"); } - } - if (-d "$dbdir/custom/allowed") - { - system("chmod 755 $dbdir/custom/allowed"); - system("chmod 644 $dbdir/custom/allowed/*"); - } - if (-d "$dbdir/custom/blocked") - { - system("chmod 755 $dbdir/custom/blocked"); - system("chmod 644 $dbdir/custom/blocked/*"); - } + &setpermissions ($dbdir); system('/usr/local/bin/restartsquid'); } - -ERROR: - - if ($errormessage) { $filtersettings{'VALID'} = 'no'; } - } if ($tcsettings{'ACTION'} eq $Lang::tr{'urlfilter set time constraints'}) { $tcsettings{'TCMODE'} = 'on'} @@ -384,6 +401,16 @@ if (($tcsettings{'MODE'} eq 'TIMECONSTRAINT') && ($tcsettings{'ACTION'} eq $Lang if (!$errormessage) { + # transform to pre1.8 client definitions + @clients = split(/\n/,$tcsettings{'SRC'}); + undef $tcsettings{'SRC'}; + foreach(@clients) + { + s/^\s+//g; s/\s+$//g; s/\s+-\s+/-/g; s/\s+/ /g; s/\n//g; + $tcsettings{'SRC'} .= "$_ "; + } + $tcsettings{'SRC'} =~ s/\s+$//; + if ($tcsettings{'DST'} =~ /^any/) { $tcsettings{'DST'} = 'any'; } if ($tcsettings{'ENABLERULE'} eq 'on') { $tcsettings{'ACTIVE'} = $tcsettings{'ENABLERULE'}; } else { $tcsettings{'ACTIVE'} = 'off'} @@ -418,6 +445,38 @@ if (($tcsettings{'MODE'} eq 'TIMECONSTRAINT') && ($tcsettings{'ACTION'} eq $Lang } } +if (($tcsettings{'MODE'} eq 'TIMECONSTRAINT') && ($tcsettings{'ACTION'} eq $Lang::tr{'urlfilter copy rule'}) && (!$errormessage)) +{ + $id = 0; + foreach $line (@tclist) + { + $id++; + if ($tcsettings{'ID'} eq $id) + { + chomp($line); + @temp = split(/\,/,$line); + $tcsettings{'DEFINITION'} = $temp[0]; + $tcsettings{'MON'} = $temp[1]; + $tcsettings{'TUE'} = $temp[2]; + $tcsettings{'WED'} = $temp[3]; + $tcsettings{'THU'} = $temp[4]; + $tcsettings{'FRI'} = $temp[5]; + $tcsettings{'SAT'} = $temp[6]; + $tcsettings{'SUN'} = $temp[7]; + $tcsettings{'FROM_HOUR'} = $temp[8]; + $tcsettings{'FROM_MINUTE'} = $temp[9]; + $tcsettings{'TO_HOUR'} = $temp[10]; + $tcsettings{'TO_MINUTE'} = $temp[11]; + $tcsettings{'SRC'} = $temp[12]; + $tcsettings{'DST'} = $temp[13]; + $tcsettings{'ACCESS'} = $temp[14]; + $tcsettings{'ENABLERULE'} = $temp[15]; + $tcsettings{'COMMENT'} = $temp[16]; + } + } + $tcsettings{'TCMODE'}='on'; +} + if (($tcsettings{'MODE'} eq 'TIMECONSTRAINT') && ($tcsettings{'ACTION'} eq $Lang::tr{'remove'})) { $id = 0; @@ -439,7 +498,7 @@ if (($tcsettings{'MODE'} eq 'TIMECONSTRAINT') && ($tcsettings{'ACTION'} eq $Lang { $errormessage = $Lang::tr{'urlfilter not enabled'}; } - if (!(-e "${General::swroot}/proxy/enable")) + if ((!(-e "${General::swroot}/proxy/enable")) && (!(-e "${General::swroot}/proxy/enable_blue"))) { $errormessage = $Lang::tr{'urlfilter web proxy service required'}; } @@ -470,11 +529,6 @@ if (($tcsettings{'MODE'} eq 'TIMECONSTRAINT') && ($tcsettings{'ACTION'} eq $Lang $tcsettings{'TCMODE'}='on'; } -if (!$errormessage) { - $tcsettings{'ENABLERULE'}='on'; - $tcsettings{'TO_HOUR'}='24'; -} - if (($tcsettings{'MODE'} eq 'TIMECONSTRAINT') && ($tcsettings{'ACTION'} eq $Lang::tr{'edit'}) && (!$errormessage)) { $id = 0; @@ -507,6 +561,11 @@ if (($tcsettings{'MODE'} eq 'TIMECONSTRAINT') && ($tcsettings{'ACTION'} eq $Lang $tcsettings{'TCMODE'}='on'; } +if ((!$errormessage) && (!($tcsettings{'ACTION'} eq $Lang::tr{'urlfilter copy rule'})) && (!($tcsettings{'ACTION'} eq $Lang::tr{'edit'}))) { + $tcsettings{'ENABLERULE'}='on'; + $tcsettings{'TO_HOUR'}='24'; +} + if ($uqsettings{'ACTION'} eq $Lang::tr{'urlfilter set user quota'}) { $uqsettings{'UQMODE'} = 'on'} if (($uqsettings{'MODE'} eq 'USERQUOTA') && ($uqsettings{'ACTION'} eq $Lang::tr{'add'})) @@ -642,7 +701,7 @@ if (($uqsettings{'MODE'} eq 'USERQUOTA') && ($uqsettings{'ACTION'} eq $Lang::tr{ { $errormessage = $Lang::tr{'urlfilter not enabled'}; } - if (!(-e "${General::swroot}/proxy/enable")) + if ((!(-e "${General::swroot}/proxy/enable")) && (!(-e "${General::swroot}/proxy/enable_blue"))) { $errormessage = $Lang::tr{'urlfilter web proxy service required'}; } @@ -969,6 +1028,10 @@ if (-e "${General::swroot}/urlfilter/settings") { &General::readhash("${General: &readcustomlists; +ERROR: + +if ($errormessage) { $filtersettings{'VALID'} = 'no'; } + $checked{'ENABLE_CUSTOM_BLACKLIST'}{'off'} = ''; $checked{'ENABLE_CUSTOM_BLACKLIST'}{'on'} = ''; $checked{'ENABLE_CUSTOM_BLACKLIST'}{$filtersettings{'ENABLE_CUSTOM_BLACKLIST'}} = "checked='checked'"; @@ -1313,10 +1376,46 @@ print <  - $Lang::tr{'urlfilter unfiltered clients'}: * - - $Lang::tr{'urlfilter banned clients'}: * - + $Lang::tr{'urlfilter unfiltered clients'} * + $Lang::tr{'urlfilter banned clients'} * + + + +
@@ -1367,6 +1466,17 @@ print <  + + + + + + + + + + +
$Lang::tr{'urlfilter background image'}

$Lang::tr{'urlfilter background text'}:
 
@@ -1411,7 +1521,7 @@ print <$Lang::tr{'this field may be blank'} +
  -
@@ -1795,10 +1905,28 @@ print <  - + + - + + + + + + + @@ -1838,6 +1973,7 @@ print <  +
  - +  
    
$Lang::tr{'remark'} *         
    
@@ -1890,7 +2026,7 @@ print <$Lang::tr{'urlfilter time space'} $Lang::tr{'urlfilter src'} $Lang::tr{'urlfilter dst'} -   +   END ; @@ -1959,6 +2095,15 @@ print <
+ + + + +
+ + + +
@@ -1978,7 +2123,7 @@ END print <$temp[16] - + END @@ -2004,6 +2149,8 @@ print <$Lang::tr{'click to enable'}     $Lang::tr{ $Lang::tr{'edit'} +     $Lang::tr{ + $Lang::tr{'urlfilter copy rule'}     $Lang::tr{ $Lang::tr{'remove'} @@ -2385,6 +2532,26 @@ print "\n"; sub savesettings { + # transform to pre1.8 client definitions + @clients = split(/\n/,$filtersettings{'UNFILTERED_CLIENTS'}); + undef $filtersettings{'UNFILTERED_CLIENTS'}; + foreach(@clients) + { + s/^\s+//g; s/\s+$//g; s/\s+-\s+/-/g; s/\s+/ /g; s/\n//g; + $filtersettings{'UNFILTERED_CLIENTS'} .= "$_ "; + } + $filtersettings{'UNFILTERED_CLIENTS'} =~ s/\s+$//; + + # transform to pre1.8 client definitions + @clients = split(/\n/,$filtersettings{'BANNED_CLIENTS'}); + undef $filtersettings{'BANNED_CLIENTS'}; + foreach(@clients) + { + s/^\s+//g; s/\s+$//g; s/\s+-\s+/-/g; s/\s+/ /g; s/\n//g; + $filtersettings{'BANNED_CLIENTS'} .= "$_ "; + } + $filtersettings{'BANNED_CLIENTS'} =~ s/\s+$//; + &writeconfigfile; delete $filtersettings{'CUSTOM_BLACK_DOMAINS'}; @@ -2403,20 +2570,15 @@ sub savesettings sub readblockcategories { undef(@categories); - foreach $blacklist (<$dbdir/*>) { - if (-d $blacklist) { - $lastslashpos = rindex($blacklist,"/"); - if ($lastslashpos > -1) { - $section = substr($blacklist,$lastslashpos+1); - } else { - $section = $blacklist; - } - if (!($section eq 'custom')) { push(@categories,$section) }; - } - } + + &getblockcategory ($dbdir); + + foreach (@categories) { $_ = substr($_,length($dbdir)+1); } @filtergroups = @categories; + foreach (@filtergroups) { + s/\//_SLASH_/g; tr/a-z/A-Z/; $_ = "FILTER_".$_; } @@ -2424,6 +2586,23 @@ sub readblockcategories # ------------------------------------------------------------------- +sub getblockcategory +{ + foreach $category (<$_[0]/*>) + { + if (-d $category) + { + if ((-e "$category/domains") || (-e "$category/urls")) + { + unless ($category =~ /\bcustom\b/) { push(@categories,$category); } + } + &getblockcategory ($category); + } + } +} + +# ------------------------------------------------------------------- + sub readcustomlists { if (-e "$dbdir/custom/blocked/domains") { @@ -2488,7 +2667,7 @@ sub aggregatedconstraints foreach (@new) { @tmp2 = split(/\,/); - if ($tmp2[15] eq 'on') + if (($tmp1[15] eq 'on') && ($tmp2[15] eq 'on')) { if (($tmp1[0] eq $tmp2[0]) && ($tmp1[12] eq $tmp2[12]) && ($tmp1[13] eq $tmp2[13]) && ($tmp1[14] eq $tmp2[14])) { @@ -2530,10 +2709,31 @@ sub aggregatedconstraints # ------------------------------------------------------------------- +sub setpermissions +{ + my $bldir = $_[0]; + + foreach $category (<$bldir/*>) + { + if (-d $category){ + system("chmod 755 $category &> /dev/null"); + foreach $blacklist (<$category/*>) + { + if (-f $blacklist) { system("chmod 644 $blacklist &> /dev/null"); } + if (-d $blacklist) { system("chmod 755 $blacklist &> /dev/null"); } + } + system("chmod 666 $category/*.db &> /dev/null"); + &setpermissions ($category); + } + } +} + +# ------------------------------------------------------------------- + sub writeconfigfile { my $executables = "\\.\(ade|adp|asx|bas|bat|chm|com|cmd|cpl|crt|dll|eml|exe|hiv|hlp|hta|inc|inf|ins|isp|jse|jtd|lnk|msc|msh|msi|msp|mst|nws|ocx|oft|ops|pcd|pif|plx|reg|scr|sct|sha|shb|shm|shs|sys|tlb|tsp|url|vbe|vbs|vxd|wsc|wsf|wsh\)\$"; - my $audiovideo = "\\.\(aiff|asf|avi|dif|divx|mov|movie|mp3|mpe?g?|mpv2|ogg|ra?m|snd|qt|wav|wmf|wmv\)\$"; + my $audiovideo = "\\.\(aiff|asf|avi|dif|divx|mov|movie|mp3|mpe?g?|mpv2|ogg|ra?m|snd|qt|wav|wma|wmf|wmv\)\$"; my $archives = "\\.\(bin|bz2|cab|cdr|dmg|gz|hqx|rar|smi|sit|sea|tar|tgz|zip\)\$"; my $ident = " anonymous"; @@ -2583,9 +2783,9 @@ sub writeconfigfile if ($filtersettings{'SHOW_URL'} eq 'on') { $redirect .= "&url=%u"; } if ($filtersettings{'SHOW_IP'} eq 'on') { $redirect .= "&ip=%a"; } $redirect =~ s/^&/?/; - $redirect = "http:\/\/$netsettings{'GREEN_ADDRESS'}:81\/redirect.cgi".$redirect; + $redirect = "http:\/\/$netsettings{'GREEN_ADDRESS'}:$http_port\/redirect.cgi".$redirect; } else { - $redirect="http:\/\/$netsettings{'GREEN_ADDRESS'}:81\/redirect.cgi"; + $redirect="http:\/\/$netsettings{'GREEN_ADDRESS'}:$http_port\/redirect.cgi"; } } else { $redirect=$filtersettings{'REDIRECT_PAGE'}; } @@ -2630,6 +2830,8 @@ sub writeconfigfile $defaultrule .= "any"; } + $defaultrule =~ s/\//_/g; + open(FILE, ">${General::swroot}/urlfilter/squidGuard.conf") or die "Unable to write squidGuard.conf file"; flock(FILE, 2); @@ -2648,14 +2850,14 @@ sub writeconfigfile if ((($filtersettings{'ENABLE_REWRITE'} eq 'on') && (@repositoryfiles)) || ($filtersettings{'ENABLE_SAFESEARCH'} eq 'on')) { - print FILE "rewrite rew-rule-0 {\n"; + print FILE "rewrite rew-rule-1 {\n"; if (($filtersettings{'ENABLE_REWRITE'} eq 'on') && (@repositoryfiles)) { print FILE " # rewrite localfiles\n"; foreach (@repositoryfiles) { - print FILE " s@.*/$_\$\@http://$netsettings{'GREEN_ADDRESS'}:81/repository/$_\@i\n"; + print FILE " s@.*/$_\$\@http://$netsettings{'GREEN_ADDRESS'}:$http_port/repository/$_\@i\n"; } } @@ -2672,13 +2874,13 @@ sub writeconfigfile print FILE "}\n\n"; if ((!($filtersettings{'UNFILTERED_CLIENTS'} eq '')) && ($filtersettings{'ENABLE_SAFESEARCH'} eq 'on')) { - print FILE "rewrite rew-rule-1 {\n"; + print FILE "rewrite rew-rule-2 {\n"; if (($filtersettings{'ENABLE_REWRITE'} eq 'on') && (@repositoryfiles)) { print FILE " # rewrite localfiles\n"; foreach (@repositoryfiles) { - print FILE " s@.*/$_\$\@http://$netsettings{'GREEN_ADDRESS'}:81/repository/$_\@i\n"; + print FILE " s@.*/$_\$\@http://$netsettings{'GREEN_ADDRESS'}:$http_port/repository/$_\@i\n"; } } else { print FILE " # rewrite nothing\n"; @@ -2687,6 +2889,26 @@ sub writeconfigfile } } + if (!($filtersettings{'UNFILTERED_CLIENTS'} eq '')) { + print FILE "src unfiltered {\n"; + print FILE " ip $filtersettings{'UNFILTERED_CLIENTS'}\n"; + print FILE "}\n\n"; + } + if (!($filtersettings{'BANNED_CLIENTS'} eq '')) { + print FILE "src banned {\n"; + print FILE " ip $filtersettings{'BANNED_CLIENTS'}\n"; + if ($filtersettings{'ENABLE_LOG'} eq 'on') + { + if ($filtersettings{'ENABLE_CATEGORY_LOG'} eq 'on') + { + print FILE " logfile ".$ident." banned.log\n"; + } else { + print FILE " logfile ".$ident." urlfilter.log\n"; + } + } + print FILE "}\n\n"; + } + if (-e $uqfile) { open(UQ, $uqfile); @@ -2733,7 +2955,30 @@ sub writeconfigfile { $idx++; print FILE "src network-$idx {\n"; - print FILE " ip $tc[12]\n"; + @clients = split(/ /,$tc[12]); + @temp = split(/-/,$clients[0]); + if ( (&General::validipormask($temp[0])) || (&General::validipandmask($temp[0]))) + { + print FILE " ip $tc[12]\n"; + } else { + print FILE " user"; + @clients = split(/ /,$tc[12]); + foreach $line (@clients) + { + $line =~ s/(^\w+)\\(\w+$)/$1%5c$2/; + print FILE " $line"; + } + print FILE "\n"; + } + if (($filtersettings{'ENABLE_LOG'} eq 'on') && ($tc[14] eq 'block') && ($tc[13] eq 'any')) + { + if ($filtersettings{'ENABLE_CATEGORY_LOG'} eq 'on') + { + print FILE " logfile ".$ident." timeconst.log\n"; + } else { + print FILE " logfile ".$ident." urlfilter.log\n"; + } + } print FILE "}\n\n"; } } @@ -2753,31 +2998,22 @@ sub writeconfigfile } } - if (!($filtersettings{'UNFILTERED_CLIENTS'} eq '')) { - print FILE "src unfiltered {\n"; - print FILE " ip $filtersettings{'UNFILTERED_CLIENTS'}\n"; - print FILE "}\n\n"; - } - if (!($filtersettings{'BANNED_CLIENTS'} eq '')) { - print FILE "src banned {\n"; - print FILE " ip $filtersettings{'BANNED_CLIENTS'}\n"; - print FILE "}\n\n"; - } - foreach $category (@categories) { + $blacklist = $category; + $category =~ s/\//_/g; print FILE "dest $category {\n"; - if (-e "$dbdir/$category/domains") { - print FILE " domainlist $category\/domains\n"; + if (-e "$dbdir/$blacklist/domains") { + print FILE " domainlist $blacklist\/domains\n"; } - if (-e "$dbdir/$category/urls") { - print FILE " urllist $category\/urls\n"; + if (-e "$dbdir/$blacklist/urls") { + print FILE " urllist $blacklist\/urls\n"; } - if ((-e "$dbdir/$category/expressions") && ($filtersettings{'ENABLE_EXPR_LISTS'} eq 'on')) { - print FILE " expressionlist $category\/expressions\n"; + if ((-e "$dbdir/$blacklist/expressions") && ($filtersettings{'ENABLE_EXPR_LISTS'} eq 'on')) { + print FILE " expressionlist $blacklist\/expressions\n"; } - if (($category eq 'ads') && ($filtersettings{'ENABLE_EMPTY_ADS'} eq 'on')) + if ((($category eq 'ads') || ($category eq 'adv')) && ($filtersettings{'ENABLE_EMPTY_ADS'} eq 'on')) { - print FILE " redirect http:\/\/$netsettings{'GREEN_ADDRESS'}:81\/images/urlfilter/1x1.gif\n"; + print FILE " redirect http:\/\/$netsettings{'GREEN_ADDRESS'}:$http_port\/images/urlfilter/1x1.gif\n"; } if ($filtersettings{'ENABLE_LOG'} eq 'on') { @@ -2789,6 +3025,7 @@ sub writeconfigfile } } print FILE "}\n\n"; + $category = $blacklist; } print FILE "dest files {\n"; @@ -2842,7 +3079,7 @@ sub writeconfigfile print FILE " pass all\n"; if ($filtersettings{'ENABLE_SAFESEARCH'} eq 'on') { - print FILE " rewrite rew-rule-1\n"; + print FILE " rewrite rew-rule-2\n"; } print FILE " }\n\n"; } @@ -2894,6 +3131,7 @@ sub writeconfigfile chomp; @tc = split(/\,/); @ec = split(/\|/,$tc[13]); + foreach (@ec) { s/\//_/g; } if ($tc[15] eq 'on') { $idx++; @@ -2939,12 +3177,17 @@ sub writeconfigfile print FILE $tcrule unless ((@ec == 1) && ($ec[0] eq 'any')); } else { $tcrule = $defaultrule; - foreach (@ec) + if ((@ec == 1) && ($ec[0] eq 'any')) { - $tcrule =~ s/!$_ //; - print FILE "$_ " if ($_ eq 'any'); + print FILE "any"; + } else { + foreach (@ec) + { + $tcrule = "$_ ".$tcrule unless (index($defaultrule,"!".$_." ") ge 0); + $tcrule =~ s/!$_ //; + } + print FILE $tcrule; } - print FILE $tcrule unless ((@ec == 1) && ($ec[0] eq 'any')); } } @@ -2968,7 +3211,7 @@ sub writeconfigfile } if ((($filtersettings{'ENABLE_REWRITE'} eq 'on') && (@repositoryfiles)) || ($filtersettings{'ENABLE_SAFESEARCH'} eq 'on')) { - print FILE " rewrite rew-rule-0\n"; + print FILE " rewrite rew-rule-1\n"; } print FILE " redirect $redirect\n"; print FILE " }\n"; diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl index 0460a745ee..12dae3cce6 100644 --- a/langs/de/cgi-bin/de.pl +++ b/langs/de/cgi-bin/de.pl @@ -1400,8 +1400,6 @@ 'updxlrtr source checkup schedule' => 'Zeitplanung der Quellenprüfung', 'updxlrtr unknown' => 'Unbekannt', 'updxlrtr update accelerator' => 'Update-Accelerator', -'updxlrtr update information' => 'Eine aktualisierte Version steht zum Download bereit. Besuchen Sie http://www.advproxy.net/update-accelerator für weitere Informationen.', -'updxlrtr update notification' => 'Update-Benachrichtigung!', 'updxlrtr web proxy service required' => 'Der Web-Proxy muss aktiviert sein um den Update-Accelerator zu verwenden', 'updxlrtr week' => 'einer Woche', 'updxlrtr weekly' => 'wöchentlich', @@ -1472,6 +1470,7 @@ 'urlfilter constraint definition' => 'Definition', 'urlfilter constraint outside' => 'ausserhalb', 'urlfilter constraint within' => 'innerhalb', +'urlfilter copy rule' => 'Kopieren', 'urlfilter current files' => 'Aktuelle Dateien in der lokalen Dateiablage', 'urlfilter custom blacklist' => 'Angepasste Blacklist', 'urlfilter custom expression list' => 'Angepasste Ausdrucksliste', @@ -1516,6 +1515,7 @@ 'urlfilter install information' => 'Die neue Blacklist wird automatisch in vorgefertigte Datenbanken übersetzt. Abhängig von der Größe der Blacklist kann dies einige Minuten dauern.', 'urlfilter invalid content' => 'Datei ist keine squidGuard-kompatible Blacklist', 'urlfilter invalid import file' => 'Datei ist keine gültige URL-Filter Blacklist-Editor Datei', +'urlfilter invalid ip or mask error' => 'Ungültige IP-Adresse oder Subnetzmaske', 'urlfilter invalid num of children' => 'Ungültige Anzahl Filterprozesse', 'urlfilter invalid restore file' => 'Datei ist keine gültige URL-Filter Sicherungsdatei', 'urlfilter invalid user error' => 'Ungültiger Benutzername', diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index 18b9e762f0..1e74bbec42 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -1420,8 +1420,6 @@ 'updxlrtr source checkup schedule' => 'Source checkup schedule', 'updxlrtr unknown' => 'Unknown', 'updxlrtr update accelerator' => 'Update Accelerator', -'updxlrtr update information' => 'There is an updated version available for download. Visit http://www.advproxy.net for more information.', -'updxlrtr update notification' => 'Update notification!', 'updxlrtr web proxy service required' => 'Web proxy service must be enabled to use Update Accelerator', 'updxlrtr week' => 'one week', 'updxlrtr weekly' => 'weekly', @@ -1493,6 +1491,7 @@ 'urlfilter constraint definition' => 'Definition', 'urlfilter constraint outside' => 'outside', 'urlfilter constraint within' => 'within', +'urlfilter copy rule' => 'Copy', 'urlfilter current files' => 'Current files in local repository', 'urlfilter custom blacklist' => 'Custom blacklist', 'urlfilter custom expression list' => 'Custom expression list', @@ -1537,6 +1536,7 @@ 'urlfilter install information' => 'The new blacklist will be automatically compiled to prebuilt databases. Depending on the size of the blacklist, this may take several minutes.', 'urlfilter invalid content' => 'File is not a squidGuard compatible blacklist', 'urlfilter invalid import file' => 'File is not a valid URL filter blacklist editor file', +'urlfilter invalid ip or mask error' => 'Invalid IP address or network mask', 'urlfilter invalid num of children' => 'Invalid number of filter processes', 'urlfilter invalid restore file' => 'File is not a valid URL filter backup file', 'urlfilter invalid user error' => 'Invalid username', diff --git a/src/misc-progs/tripwirectrl.c b/src/misc-progs/tripwirectrl.c index 628e419a13..ab06a4a54e 100644 --- a/src/misc-progs/tripwirectrl.c +++ b/src/misc-progs/tripwirectrl.c @@ -32,55 +32,62 @@ int main(int argc, char *argv[]) if (strcmp(argv[1], "generatereport")==0) { - safe_system("/usr/sbin/tripwire --check --cfgfile /var/ipfire/tripwire/tw.cfg --polfile /var/ipfire/tripwire/tw.pol"); + safe_system("/usr/sbin/tripwire --check --cfgfile /var/ipfire/tripwire/tw.cfg --polfile /var/ipfire/tripwire/tw.pol >/dev/null 2>&1"); + return 0; + } + + if (strcmp(argv[1], "deletereport")==0) + { + sprintf(command, "rm -f /var/ipfire/tripwire/report/%s", argv[2]); + safe_system(command); return 0; } if (strcmp(argv[1], "updatedatabase")==0) { - snprintf(command, BUFFER_SIZE-1, "/usr/sbin/tripwire --update --accept-all --cfgfile /var/ipfire/tripwire/tw.cfg --polfile /var/ipfire/tripwire/tw.pol --local-passphrase %s --twrfile %s", argv[2], argv[3]); + snprintf(command, BUFFER_SIZE-1, "/usr/sbin/tripwire --update --accept-all --cfgfile /var/ipfire/tripwire/tw.cfg --polfile /var/ipfire/tripwire/tw.pol --local-passphrase %s --twrfile %s >/dev/null 2>&1", argv[2], argv[3]); safe_system(command); return 0; } if (strcmp(argv[1], "keys")==0) { - printf("\nGenerating Site-Key"); - snprintf(command, BUFFER_SIZE-1, "rm -rf /var/ipfire/tripwire/site.key && /usr/sbin/twadmin --generate-keys --site-keyfile /var/ipfire/tripwire/site.key --site-passphrase %s && chmod 640 /var/ipfire/tripwire/site.key", argv[2]); + printf("Generating Site Key
"); + snprintf(command, BUFFER_SIZE-1, "rm -rf /var/ipfire/tripwire/site.key && /usr/sbin/twadmin --generate-keys --site-keyfile /var/ipfire/tripwire/site.key --site-passphrase %s && chmod 640 /var/ipfire/tripwire/site.key >/dev/null 2>&1", argv[2]); safe_system(command); - printf("\nGenerating Local-Key"); - snprintf(command, BUFFER_SIZE-1, "rm -rf /var/ipfire/tripwire/local.key && /usr/sbin/twadmin --generate-keys --local-keyfile /var/ipfire/tripwire/local.key --local-passphrase %s && chmod 640 /var/ipfire/tripwire/local.key", argv[3]); + printf("Generating Local Key
"); + snprintf(command, BUFFER_SIZE-1, "rm -rf /var/ipfire/tripwire/local.key && /usr/sbin/twadmin --generate-keys --local-keyfile /var/ipfire/tripwire/local.key --local-passphrase %s && chmod 640 /var/ipfire/tripwire/local.key >/dev/null 2>&1", argv[3]); safe_system(command); - printf("\nGenerating Config File"); - snprintf(command, BUFFER_SIZE-1, "rm -rf /var/ipfire/tripwire/tw.cfg && /usr/sbin/twadmin --create-cfgfile --cfgfile /var/ipfire/tripwire/tw.cfg --site-keyfile /var/ipfire/tripwire/site.key --site-passphrase %s /var/ipfire/tripwire/twcfg.txt && chmod 640 /var/ipfire/tripwire/tw.cfg", argv[2]); + printf("Generating Config File
"); + snprintf(command, BUFFER_SIZE-1, "rm -rf /var/ipfire/tripwire/tw.cfg && /usr/sbin/twadmin --create-cfgfile --cfgfile /var/ipfire/tripwire/tw.cfg --site-keyfile /var/ipfire/tripwire/site.key --site-passphrase %s /var/ipfire/tripwire/twcfg.txt && chmod 640 /var/ipfire/tripwire/tw.cfg >/dev/null 2>&1", argv[2]); safe_system(command); - printf("\nGenerating Policy File"); - snprintf(command, BUFFER_SIZE-1, "rm -rf /var/ipfire/tripwire/tw.pol && /usr/sbin/twadmin --create-polfile --cfgfile /var/ipfire/tripwire/tw.cfg --site-keyfile /var/ipfire/tripwire/site.key --site-passphrase %s /var/ipfire/tripwire/twpol.txt && chmod 640 /var/ipfire/tripwire/tw.pol", argv[2]); + printf("Generating Policy File
"); + snprintf(command, BUFFER_SIZE-1, "rm -rf /var/ipfire/tripwire/tw.pol && /usr/sbin/twadmin --create-polfile --cfgfile /var/ipfire/tripwire/tw.cfg --site-keyfile /var/ipfire/tripwire/site.key --site-passphrase %s /var/ipfire/tripwire/twpol.txt && chmod 640 /var/ipfire/tripwire/tw.pol >/dev/null 2>&1", argv[2]); safe_system(command); - printf("\nInitialising - This may take a while depending on your Policy"); - snprintf(command, BUFFER_SIZE-1, "/usr/sbin/tripwire --init --cfgfile /var/ipfire/tripwire/tw.cfg --polfile /var/ipfire/tripwire/tw.pol --local-passphrase %s", argv[3]); + printf("Initialising - This may take a while depending on your Policy
"); + snprintf(command, BUFFER_SIZE-1, "/usr/sbin/tripwire --init --cfgfile /var/ipfire/tripwire/tw.cfg --polfile /var/ipfire/tripwire/tw.pol --local-passphrase %s >/dev/null 2>&1", argv[3]); safe_system(command); return 0; } if (strcmp(argv[1], "generatepolicy")==0) { - printf("\nGenerating Policy File"); - snprintf(command, BUFFER_SIZE-1, "/usr/sbin/twadmin --create-polfile --site-keyfile /var/ipfire/tripwire/site.key --site-passphrase %s --polfile /var/ipfire/tripwire/tw.pol --cfgfile /var/ipfire/tripwire/tw.cfg /var/ipfire/tripwire/twpol.txt", argv[2]); + printf("Generating Policy File
"); + snprintf(command, BUFFER_SIZE-1, "/usr/sbin/twadmin --create-polfile --site-keyfile /var/ipfire/tripwire/site.key --site-passphrase %s --polfile /var/ipfire/tripwire/tw.pol --cfgfile /var/ipfire/tripwire/tw.cfg /var/ipfire/tripwire/twpol.txt >/dev/null 2>&1", argv[2]); safe_system(command); - printf("\nInitialising - This may take a while depending on your Policy"); - snprintf(command, BUFFER_SIZE-1, "/usr/sbin/tripwire --init -c /var/ipfire/tripwire/tw.cfg -p /var/ipfire/tripwire/tw.cfg --local-passphrase %s", argv[3]); + printf("Initialising - This may take a while depending on your Policy
"); + snprintf(command, BUFFER_SIZE-1, "/usr/sbin/tripwire --init --cfgfile /var/ipfire/tripwire/tw.cfg --polfile /var/ipfire/tripwire/tw.cfg --local-passphrase %s >/dev/null 2>&1", argv[3]); safe_system(command); return 0; } if (strcmp(argv[1], "resetpolicy")==0) { - printf("\nGenerating Policy File"); - snprintf(command, BUFFER_SIZE-1, "/usr/sbin/twadmin --create-polfile --site-keyfile /var/ipfire/tripwire/site.key --site-passphrase %s --polfile /var/ipfire/tripwire/tw.pol --cfgfile /var/ipfire/tripwire/tw.cfg /var/ipfire/tripwire/twpol.default", argv[2]); + printf("Generating Policy File
"); + snprintf(command, BUFFER_SIZE-1, "/usr/sbin/twadmin --create-polfile --site-keyfile /var/ipfire/tripwire/site.key --site-passphrase %s --polfile /var/ipfire/tripwire/tw.pol --cfgfile /var/ipfire/tripwire/tw.cfg /var/ipfire/tripwire/twpol.default >/dev/null 2>&1", argv[2]); safe_system(command); - printf("\nInitialising - This may take a while depending on your Policy"); - snprintf(command, BUFFER_SIZE-1, "/usr/sbin/tripwire --init -c /var/ipfire/tripwire/tw.cfg -p /var/ipfire/tripwire/tw.cfg --local-passphrase %s", argv[3]); + printf("Initialising - This may take a while depending on your Policy"); + snprintf(command, BUFFER_SIZE-1, "/usr/sbin/tripwire --init --cfgfile /var/ipfire/tripwire/tw.cfg --polfile /var/ipfire/tripwire/tw.cfg --local-passphrase %s >/dev/null 2>&1", argv[3]); safe_system(command); return 0; } @@ -97,4 +104,4 @@ int main(int argc, char *argv[]) return 0; } return 0; -} \ No newline at end of file +} diff --git a/src/scripts/scanhd b/src/scripts/scanhd index fbee30a55a..f7f50d391d 100644 --- a/src/scripts/scanhd +++ b/src/scripts/scanhd @@ -2,7 +2,7 @@ case "$1" in ide) - /sbin/kudzu -qps -c HD | egrep "desc|device" | awk -F': ' '{print $2}' | sed -e '/"$/a\\' -e "s/$/\;/g" | tr "\n" "XX" | sed -e "s/XX/\n/g" -e "s/\;X/\;/g" > /var/ipfire/extrahd/scan + /sbin/kudzu -qps -c HD | egrep "desc|device:" | awk -F': ' '{print $2}' | sed -e '/"$/a\\' -e "s/$/\;/g" | tr "\n" "XX" | sed -e "s/XX/\n/g" -e "s/\;X/\;/g" > /var/ipfire/extrahd/scan ;; partitions) cat /proc/partitions | awk '{print $4 ";" $3 ";"}' | grep -v name | grep -v "^;;$" > /var/ipfire/extrahd/partitions