From: Michael Tremer Date: Wed, 28 Nov 2012 21:12:50 +0000 (+0100) Subject: Merge remote-tracking branch 'amarx/ipsec' into next X-Git-Url: http://git.ipfire.org/?p=people%2Fteissler%2Fipfire-2.x.git;a=commitdiff_plain;h=f4819f1f76c38963382b5f9bb052a8fc366432d5;hp=f7fc17c38a0338a0c09e03ee34edb7823d398483 Merge remote-tracking branch 'amarx/ipsec' into next --- diff --git a/config/cfgroot/general-functions.pl b/config/cfgroot/general-functions.pl index 605556718..c14f9903f 100644 --- a/config/cfgroot/general-functions.pl +++ b/config/cfgroot/general-functions.pl @@ -399,6 +399,85 @@ sub validipandmask return 0; } +sub checksubnets +{ + + my %ccdconfhash=(); + my @ccdconf=(); + my $ccdname=$_[0]; + my $ccdnet=$_[1]; + my $errormessage; + my ($ip,$cidr)=split(/\//,$ccdnet); + $cidr=&iporsubtocidr($cidr); + + + #get OVPN-Subnet (dynamic range) + my %ovpnconf=(); + &readhash("${General::swroot}/ovpn/settings", \%ovpnconf); + my ($ovpnip,$ovpncidr)= split (/\//,$ovpnconf{'DOVPN_SUBNET'}); + $ovpncidr=&iporsubtocidr($ovpncidr); + + #check if we try to use same network as ovpn server + if ("$ip/$cidr" eq "$ovpnip/$ovpncidr") { + $errormessage=$errormessage.$Lang::tr{'ccd err isovpnnet'}."
"; + return $errormessage; + } + + #check if we use a network-name/subnet that already exists + &readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash); + foreach my $key (keys %ccdconfhash) { + @ccdconf=split(/\//,$ccdconfhash{$key}[1]); + if ($ccdname eq $ccdconfhash{$key}[0]) + { + $errormessage=$errormessage.$Lang::tr{'ccd err nameexist'}."
"; + return $errormessage; + } + my ($newip,$newsub) = split(/\//,$ccdnet); + if (&IpInSubnet($newip,$ccdconf[0],&iporsubtodec($ccdconf[1]))) + { + $errormessage=$errormessage.$Lang::tr{'ccd err issubnet'}."
"; + return $errormessage; + } + + } + #check if we use a name which is already used by ovpn + + + + + + #check if we use a ipsec right network which is already defined + my %ipsecconf=(); + &General::readhasharray("${General::swroot}/vpn/config", \%ipsecconf); + foreach my $key (keys %ipsecconf){ + if ($ipsecconf{$key}[11] ne ''){ + #$errormessage="DRIN!"; + #return $errormessage; + + my ($ipsecip,$ipsecsub) = split (/\//, $ipsecconf{$key}[11]); + $ipsecsub=&iporsubtodec($ipsecsub); + + if ( &IpInSubnet ($ip,$ipsecip,$ipsecsub) ){ + $errormessage=$Lang::tr{'ccd err isipsecnet'}." Name: $ipsecconf{$key}[2]"; + return $errormessage; + } + } + } + + + #check if we use one of ipfire's networks (green,orange,blue) + my %ownnet=(); + &readhash("${General::swroot}/ethernet/settings", \%ownnet); + if (($ownnet{'GREEN_NETADDRESS'} ne '' && $ownnet{'GREEN_NETADDRESS'} ne '0.0.0.0') && &IpInSubnet($ownnet{'GREEN_NETADDRESS'},$ip,&iporsubtodec($cidr))){ $errormessage=$Lang::tr{'ccd err green'};return $errormessage;} + if (($ownnet{'ORANGE_NETADDRESS'} ne '' && $ownnet{'ORANGE_NETADDRESS'} ne '0.0.0.0') && &IpInSubnet($ownnet{'ORANGE_NETADDRESS'},$ip,&iporsubtodec($cidr))){ $errormessage=$Lang::tr{'ccd err orange'};return $errormessage;} + if (($ownnet{'BLUE_NETADDRESS'} ne '' && $ownnet{'BLUE_NETADDRESS'} ne '0.0.0.0') && &IpInSubnet($ownnet{'BLUE_NETADDRESS'},$ip,&iporsubtodec($cidr))){ $errormessage=$Lang::tr{'ccd err blue'};return $errormessage;} + if (($ownnet{'RED_NETADDRESS'} ne '' && $ownnet{'RED_NETADDRESS'} ne '0.0.0.0') && &IpInSubnet($ownnet{'RED_NETADDRESS'},$ip,&iporsubtodec($cidr))){ $errormessage=$Lang::tr{'ccd err red'};return $errormessage;} + + + +} + + sub validport { $_ = $_[0]; diff --git a/config/cron/crontab b/config/cron/crontab index 5cca1facc..ad90b07ca 100644 --- a/config/cron/crontab +++ b/config/cron/crontab @@ -11,7 +11,7 @@ HOME=/ */5 * * * * test -x /usr/local/bin/run-parts && /usr/local/bin/run-parts /etc/fcron.cyclic 01 * * * * test -x /usr/local/bin/run-parts && /usr/local/bin/run-parts /etc/fcron.hourly &nice(10),bootrun 25 1 * * * test -x /usr/local/bin/run-parts && /usr/local/bin/run-parts /etc/fcron.daily -&nice(10),bootrun 47 2 * * 0 test -x /usr/local/bin/run-parts && /usr/local/bin/run-parts /etc/fcron.weekly +&nice(10),bootrun 47 2 * * 1 test -x /usr/local/bin/run-parts && /usr/local/bin/run-parts /etc/fcron.weekly &nice(10),bootrun 52 3 1 * * test -x /usr/local/bin/run-parts && /usr/local/bin/run-parts /etc/fcron.monthly # Log rotation diff --git a/config/httpd/vhosts.d/ipfire-interface-ssl.conf b/config/httpd/vhosts.d/ipfire-interface-ssl.conf index 7b1083254..cc3cb1d90 100644 --- a/config/httpd/vhosts.d/ipfire-interface-ssl.conf +++ b/config/httpd/vhosts.d/ipfire-interface-ssl.conf @@ -85,4 +85,14 @@ Order deny,allow Allow from all + + Alias /proxy-reports/ /var/log/sarg/ + + AllowOverride None + Options None + AuthName "IPFire - Restricted" + AuthType Basic + AuthUserFile /var/ipfire/auth/users + Require user admin + diff --git a/config/rootfiles/common/daq b/config/rootfiles/common/daq index e68cee464..b23fd1913 100644 --- a/config/rootfiles/common/daq +++ b/config/rootfiles/common/daq @@ -20,8 +20,8 @@ usr/lib/daq #usr/lib/libdaq.a #usr/lib/libdaq.la #usr/lib/libdaq.so -#usr/lib/libdaq.so.1 -#usr/lib/libdaq.so.1.0.0 +usr/lib/libdaq.so.1 +usr/lib/libdaq.so.1.0.0 #usr/lib/libdaq_static.a #usr/lib/libdaq_static.la #usr/lib/libdaq_static_modules.a @@ -29,7 +29,5 @@ usr/lib/daq #usr/lib/libsfbpf.a #usr/lib/libsfbpf.la #usr/lib/libsfbpf.so -#usr/lib/libsfbpf.so.0 -#usr/lib/libsfbpf.so.0.0.1 -#usr/lib/libdaq.so.0 -#usr/lib/libdaq.so.0.0.1 +usr/lib/libsfbpf.so.0 +usr/lib/libsfbpf.so.0.0.1 diff --git a/config/rootfiles/core/65/filelists/daq b/config/rootfiles/core/65/filelists/daq new file mode 120000 index 000000000..d0e0956f2 --- /dev/null +++ b/config/rootfiles/core/65/filelists/daq @@ -0,0 +1 @@ +../../../common/daq \ No newline at end of file diff --git a/config/rootfiles/core/65/filelists/files b/config/rootfiles/core/65/filelists/files index f48177794..297f276bd 100644 --- a/config/rootfiles/core/65/filelists/files +++ b/config/rootfiles/core/65/filelists/files @@ -1,3 +1,4 @@ +etc/httpd/conf/vhosts.d/ipfire-interface-ssl.conf etc/system-release etc/issue srv/web/ipfire/cgi-bin/logs.cgi/calamaris.dat @@ -5,3 +6,4 @@ srv/web/ipfire/cgi-bin/ovpnmain.cgi usr/sbin/ovpn-ccd-convert var/ipfire/general-functions.pl var/ipfire/langs +var/spool/cron/root.orig diff --git a/config/rootfiles/core/65/update.sh b/config/rootfiles/core/65/update.sh index 85ab2e947..fca72115e 100644 --- a/config/rootfiles/core/65/update.sh +++ b/config/rootfiles/core/65/update.sh @@ -49,6 +49,12 @@ perl -e "require '/var/ipfire/lang.pl'; &Lang::BuildCacheLang" # Convert OpenVPN RW connections. /usr/sbin/ovpn-ccd-convert +# Re-read crontab. +fcrontab -z &>/dev/null + +# Reload apache configuration. +/etc/init.d/apache reload &>/dev/null + #Rebuild module dep's #arch=`uname -m` #if [ ${arch::3} == "arm" ]; then diff --git a/config/rootfiles/packages/sarg b/config/rootfiles/packages/sarg new file mode 100644 index 000000000..9a0672c78 --- /dev/null +++ b/config/rootfiles/packages/sarg @@ -0,0 +1,48 @@ +etc/fcron.daily/sarg-reports +etc/fcron.hourly/sarg-reports +etc/fcron.monthly/sarg-reports +etc/fcron.weekly/sarg-reports +etc/sarg +etc/sarg/css.tpl +etc/sarg/exclude_codes +etc/sarg/sarg.conf +#etc/sarg/sarg.conf.default +etc/sarg/user_limit_block +usr/bin/sarg +usr/sbin/update-sarg-reports +usr/share/locale/bg/LC_MESSAGES/sarg.mo +usr/share/locale/ca/LC_MESSAGES/sarg.mo +usr/share/locale/cs/LC_MESSAGES/sarg.mo +usr/share/locale/da/LC_MESSAGES/sarg.mo +usr/share/locale/de/LC_MESSAGES/sarg.mo +usr/share/locale/el/LC_MESSAGES/sarg.mo +usr/share/locale/es/LC_MESSAGES/sarg.mo +usr/share/locale/fr/LC_MESSAGES/sarg.mo +usr/share/locale/hu/LC_MESSAGES/sarg.mo +usr/share/locale/id/LC_MESSAGES/sarg.mo +usr/share/locale/it/LC_MESSAGES/sarg.mo +usr/share/locale/ja/LC_MESSAGES/sarg.mo +usr/share/locale/lv/LC_MESSAGES/sarg.mo +usr/share/locale/nl/LC_MESSAGES/sarg.mo +usr/share/locale/pl/LC_MESSAGES/sarg.mo +usr/share/locale/pt/LC_MESSAGES/sarg.mo +usr/share/locale/pt_BR/LC_MESSAGES/sarg.mo +usr/share/locale/ro/LC_MESSAGES/sarg.mo +usr/share/locale/ru/LC_MESSAGES/sarg.mo +usr/share/locale/sk/LC_MESSAGES/sarg.mo +usr/share/locale/sr/LC_MESSAGES/sarg.mo +usr/share/locale/tr/LC_MESSAGES/sarg.mo +usr/share/locale/uk/LC_MESSAGES/sarg.mo +usr/share/locale/zh_CN/LC_MESSAGES/sarg.mo +#usr/share/man/man1/sarg.1 +usr/share/sarg +usr/share/sarg/fonts +usr/share/sarg/fonts/DejaVuSans.ttf +usr/share/sarg/fonts/FreeSans.ttf +usr/share/sarg/fonts/README +usr/share/sarg/fonts/license +usr/share/sarg/images +usr/share/sarg/images/datetime.png +usr/share/sarg/images/graph.png +usr/share/sarg/images/sarg-squidguard-block.png +usr/share/sarg/images/sarg.png diff --git a/config/sarg/cron.daily b/config/sarg/cron.daily new file mode 100644 index 000000000..8ae1b1b19 --- /dev/null +++ b/config/sarg/cron.daily @@ -0,0 +1,5 @@ +#!/bin/bash + +/usr/sbin/update-sarg-reports daily >/dev/null 2>&1 + +exit 0 diff --git a/config/sarg/cron.hourly b/config/sarg/cron.hourly new file mode 100644 index 000000000..1e7b5ff30 --- /dev/null +++ b/config/sarg/cron.hourly @@ -0,0 +1,5 @@ +#!/bin/bash + +/usr/sbin/update-sarg-reports today >/dev/null 2>&1 + +exit 0 diff --git a/config/sarg/cron.monthly b/config/sarg/cron.monthly new file mode 100644 index 000000000..07b9efc4e --- /dev/null +++ b/config/sarg/cron.monthly @@ -0,0 +1,5 @@ +#!/bin/bash + +/usr/sbin/update-sarg-reports monthly >/dev/null 2>&1 + +exit 0 diff --git a/config/sarg/cron.weekly b/config/sarg/cron.weekly new file mode 100644 index 000000000..1f8287c85 --- /dev/null +++ b/config/sarg/cron.weekly @@ -0,0 +1,5 @@ +#!/bin/bash + +/usr/sbin/update-sarg-reports weekly >/dev/null 2>&1 + +exit 0 diff --git a/config/sarg/sarg.conf b/config/sarg/sarg.conf new file mode 100644 index 000000000..6331aaf53 --- /dev/null +++ b/config/sarg/sarg.conf @@ -0,0 +1,696 @@ +# sarg.conf +# +# TAG: access_log file +# Where is the access.log file +# sarg -l file +# +access_log /var/log/squid/access.log + +# TAG: graphs yes|no +# Use graphics where is possible. +# graph_days_bytes_bar_color blue|green|yellow|orange|brown|red +# +graphs yes +graph_days_bytes_bar_color orange + +# TAG: graph_font +# The full path to the TTF font file to use to create the graphs. It is required +# if graphs is set to yes. +# +graph_font /usr/share/sarg/fonts/DejaVuSans.ttf + +# TAG: title +# Especify the title for html page. +# +title "Squid User Access Reports" + +# TAG: font_face +# Especify the font for html page. +# +font_face Tahoma,Verdana,Arial + +# TAG: header_color +# Especify the header color +# +header_color darkblue + +# TAG: header_bgcolor +# Especify the header bgcolor +# +header_bgcolor blanchedalmond + +# TAG: font_size +# Especify the text font size +# +font_size 12px + +# TAG: header_font_size +# Especify the header font size +# +header_font_size 12px + +# TAG: title_font_size +# Especify the title font size +# +title_font_size 12px + +# TAG: background_color +# TAG: background_color +# Html page background color +# +# background_color white + +# TAG: text_color +# Html page text color +# +text_color #000000 + +# TAG: text_bgcolor +# Html page text background color +# +text_bgcolor lavender + +# TAG: title_color +# Html page title color +# +#title_color green + +# TAG: logo_image +# Html page logo. +# +#logo_image none + +# TAG: logo_text +# Html page logo text. +# +#logo_text "" + +# TAG: logo_text_color +# Html page logo texti color. +# +#logo_text_color #000000 + +# TAG: logo_image_size +# Html page logo image size. +# width height +# +#image_size 80 45 + +# TAG: background_image +# Html page background image +# +#background_image none + +# TAG: password +# User password file used by Squid authentication scheme +# If used, generate reports just for that users. +# +#password none + +# TAG: temporary_dir +# Temporary directory name for work files +# sarg -w dir +# +#temporary_dir /tmp + +# TAG: output_dir +# The reports will be saved in that directory +# sarg -o dir +# +output_dir /srv/web/ipfire/html/sarg + +# TAG: output_email +# Email address to send the reports. If you use this tag, no html reports will be generated. +# sarg -e email +# +#output_email none + +# TAG: resolve_ip yes/no +# Convert ip address to dns name +# sarg -n +resolve_ip no + +# TAG: user_ip yes/no +# Use Ip Address instead userid in reports. +# sarg -p +#user_ip no + +# TAG: topuser_sort_field field normal/reverse +# Sort field for the Topuser Report. +# Allowed fields: USER CONNECT BYTES TIME +# +#topuser_sort_field BYTES reverse + +# TAG: user_sort_field field normal/reverse +# Sort field for the User Report. +# Allowed fields: SITE CONNECT BYTES TIME +# +#user_sort_field BYTES reverse + +# TAG: exclude_users file +# users within the file will be excluded from reports. +# you can use indexonly to have only index.html file. +# +#exclude_users none + +# TAG: exclude_hosts file +# Hosts, domains or subnets will be excluded from reports. +# +# Eg.: 192.168.10.10 - exclude ip address only +# 192.168.10.0/24 - exclude full C class +# s1.acme.foo - exclude hostname only +# *.acme.foo - exclude full domain name +# +#exclude_hosts none + +# TAG: useragent_log file +# useragent.log file patch to generate useragent report. +# +#useragent_log /var/log/squid/user_agent.log + +# TAG: date_format +# Date format in reports: e (European=dd/mm/yy), u (American=mm/dd/yy), w (Weekly=yy.ww) +# +date_format e + +# TAG: per_user_limit file MB +# Saves userid on file if download exceed n MB. +# This option allow you to disable user access if user exceed a download limit. +# +#per_user_limit none + +# TAG: lastlog n +# How many reports files must be keept in reports directory. +# The oldest report file will be automatically removed. +# 0 - no limit. +# +#lastlog 0 + +# TAG: remove_temp_files yes +# Remove temporary files: geral, usuarios, top, periodo from root report directory. +# +#remove_temp_files yes + +# TAG: index yes|no|only +# Generate the main index.html. +# only - generate only the main index.html +# +#index yes + +# TAG: index_tree date|file +# How to generate the index. +# +#index_tree file + +# TAG: overwrite_report yes|no +# yes - if report date already exist then will be overwrited. +# no - if report date already exist then will be renamed to filename.n, filename.n+1 +# +overwrite_report yes + +# TAG: records_without_userid ignore|ip|everybody +# What can I do with records without user id (no authentication) in access.log file ? +# +# ignore - This record will be ignored. +# ip - Use ip address instead. (default) +# everybody - Use "everybody" instead. +# +#records_without_userid ip + +# TAG: use_comma no|yes +# Use comma instead point in reports. +# Eg.: use_comma yes => 23,450,110 +# use_comma no => 23.450.110 +# +#use_comma no + +# TAG: mail_utility +# Mail command to use to send reports via SMTP. Sarg calls it like this: +# mail_utility -s "SARG report, date" "output_email" <"mail_content" +# +# Therefore, it is possible to add more arguments to the command by specifying them +# here. +# +# If you need too, you can use a shell script to process the content of /dev/stdin +# (/dev/stdin is the mail_content passed by sarg to the script) and call whatever +# command you like. It is not limited to mailing the report via SMTP. +# +# Don't forget to quote the command if necessary (i.e. if the path contains +# characters that must be quoted). +# +#mail_utility mailx + +# TAG: topsites_num n +# How many sites in topsites report. +# +#topsites_num 100 + +# TAG: topsites_sort_order CONNECT|BYTES A|D +# Sort for topsites report, where A=Ascendent, D=Descendent +# +#topsites_sort_order CONNECT D + +# TAG: index_sort_order A/D +# Sort for index.html, where A=Ascendent, D=Descendent +# +#index_sort_order D + +# TAG: exclude_codes file +# Ignore records with these codes. Eg.: NONE/400 +# Write one code per line. Lines starting with a # are ignored. +# Only codes matching exactly one of the line is rejected. The +# comparison is not case sensitive. +# +#exclude_codes /usr/local/sarg/exclude_codes + +# TAG: replace_index string +# Replace "index.html" in the main index file with this string +# If null "index.html" is used +# +#replace_index + +# TAG: max_elapsed milliseconds +# If elapsed time is recorded in log is greater than max_elapsed use 0 for elapsed time. +# Use 0 for no checking +# +#max_elapsed 28800000 +# 8 Hours + +# TAG: report_type type +# What kind of reports to generate. +# topusers - users, sites, times, bytes, connects, links to accessed sites, etc +# topsites - site, connect and bytes report +# sites_users - users and sites report +# users_sites - accessed sites by the user report +# date_time - bytes used per day and hour report +# denied - denied sites with full URL report +# auth_failures - autentication failures report +# site_user_time_date - sites, dates, times and bytes report +# downloads - downloads per user report +# +# Eg.: report_type topsites denied +# +report_type topusers topsites sites_users users_sites date_time denied auth_failures site_user_time_date downloads + +# TAG: usertab filename +# You can change the "userid" or the "ip address" to be a real user name on the reports. +# If resolve_ip is active, the ip address is resolved before being looked up into this +# file. That is, if you want to map the ip address, be sure to set resolv_ip to no or +# the resolved name will be looked into the file instead of the ip address. Note that +# it can be used to resolve any ip address known to the dns and then map the unresolved +# ip addresses to a name found in the usertab file. +# Table syntax: +# userid name or ip address name +# Eg: +# SirIsaac Isaac Newton +# vinci Leonardo da Vinci +# 192.168.10.1 Karol Wojtyla +# +# Each line must be terminated with '\n' +# If usertab have value "ldap" (case ignoring), user names +# will be taken from LDAP server. This method as approaches for reception +# of usernames from Active Didectory +# +#usertab none + +# TAG: LDAPHost hostname +# FQDN or IP address of host with LDAP service or AD DC +# default is '127.0.0.1' +#LDAPHost 127.0.0.1 + +# TAG: LDAPPort port +# LDAP service port number +# default is '389' +#LDAPPort 389 + +# TAG: LDAPBindDN CN=username,OU=group,DC=mydomain,DC=com +# DN of LDAP user, who is authorized to read user's names from LDAP base +# default is empty line +#LDAPBindDN cn=proxy,dc=mydomain,dc=local + +# TAG: LDAPBindPW secret +# Password of DN, who is authorized to read user's names from LDAP base +# default is empty line +#LDAPBindPW secret + +# TAG: LDAPBaseSearch OU=users,DC=mydomain,DC=com +# LDAP search base +# default is empty line +#LDAPBaseSearch ou=users,dc=mydomain,dc=local + +# TAG: LDAPFilterSearch (uid=%s) +# User search filter by user's logins in LDAP +# First founded record will be used +# %s - will be changed to userlogins from access.log file +# filter string can have up to 5 '%s' tags +# default value is '(uid=%s)' +#LDAPFilterSearch (uid=%s) + +# TAG: LDAPTargetAttr attributename +# Name of the attribute containing a name of the user +# default value is 'cn' +#LDAPTargetAttr cn + +# TAG: long_url yes|no +# If yes, the full url is showed in report. +# If no, only the site will be showed +# +# YES option generate very big sort files and reports. +# +#long_url no + +# TAG: date_time_by bytes|elap +# Date/Time reports show the downloaded volume or the elapsed time or both. +# +#date_time_by bytes + +# TAG: charset name +# ISO 8859 is a full series of 10 standardized multilingual single-byte coded (8bit) +# graphic character sets for writing in alphabetic languages +# You can use the following charsets: +# Latin1 - West European +# Latin2 - East European +# Latin3 - South European +# Latin4 - North European +# Cyrillic +# Arabic +# Greek +# Hebrew +# Latin5 - Turkish +# Latin6 +# Windows-1251 +# Japan +# Koi8-r +# UTF-8 +# +#charset Latin1 + +# TAG: user_invalid_char "&/" +# Records that contain invalid characters in userid will be ignored by Sarg. +# +#user_invalid_char "&/" + +# TAG: privacy yes|no +# privacy_string "***.***.***.***" +# privacy_string_color blue +# In some countries the sysadm cannot see the visited sites by a restrictive law. +# Using privacy yes the visited url will be changes by privacy_string and the link +# will be removed from reports. +# +#privacy no +#privacy_string "***.***.***.***" +#privacy_string_color blue + +# TAG: include_users "user1:user2:...:usern" +# Reports will be generated only for listed users. +# +#include_users none + +# TAG: exclude_string "string1:string2:...:stringn" +# Records from access.log file that contain one of listed strings will be ignored. +# +#exclude_string none + +# TAG: show_successful_message yes|no +# Shows "Successful report generated on dir" at end of process. +# +#show_successful_message yes + +# TAG: show_read_statistics yes|no +# Shows some reading statistics. +# +show_read_statistics yes + +# TAG: topuser_fields +# Which fields must be in Topuser report. +# +#topuser_fields NUM DATE_TIME USERID CONNECT BYTES %BYTES IN-CACHE-OUT USED_TIME MILISEC %TIME TOTAL AVERAGE + +# TAG: user_report_fields +# Which fields must be in User report. +# +#user_report_fields CONNECT BYTES %BYTES IN-CACHE-OUT USED_TIME MILISEC %TIME TOTAL AVERAGE + +# TAG: bytes_in_sites_users_report yes|no +# Bytes field must be in Site & Users Report ? +# +#bytes_in_sites_users_report no + +# TAG: topuser_num n +# How many users in topsites report. 0 = no limit +# +#topuser_num 0 + +# TAG: datafile file +# Save the report results in a file to populate some database +# +#datafile none + +# TAG: datafile_delimiter ";" +# ascii character to use as a field separator in datafile +# +#datafile_delimiter ";" + +# TAG: datafile_fields all +# Which data fields must be in datafile +# user;date;time;url;connect;bytes;in_cache;out_cache;elapsed +# +#datafile_fields user;date;time;url;connect;bytes;in_cache;out_cache;elapsed + +# TAG: datafile_url ip|name +# Saves the URL as ip or name in datafile +# +#datafile_url ip + +# TAG: weekdays +# The weekdays to take into account ( Sunday->0, Saturday->6 ) +# Example: +#weekdays 1-3,5 +# Default: +#weekdays 0-6 + +# TAG: hours +# The hours to take into account +# Example: +#hours 7-12,14,16,18-20 +# Default: +#hours 0-23 + +# TAG: dansguardian_conf file +# DansGuardian.conf file path +# Generate reports from DansGuardian logs. +# Use 'none' to disable it. +# dansguardian_conf /usr/dansguardian/dansguardian.conf +# +#dansguardian_conf none + +# TAG: dansguardian_filter_out_date on|off +# This option replaces dansguardian_ignore_date whose name was not appropriate with respect to its action. +# Note the change of parameter value compared with the old option. +# 'off' use the record even if its date is outside of the range found in the input log file. +# 'on' use the record only if its date is in the range found in the input log file. +# +#dansguardian_filter_out_date on + +# TAG: squidguard_conf file +# path to squidGuard.conf file +# Generate reports from SquidGuard logs. +# Use 'none' to disable. +# You can use sarg -L filename to use an alternate squidGuard log. +# squidguard_conf /usr/local/squidGuard/squidGuard.conf +# +#squidguard_conf none + +# TAG: redirector_log file +# the location of the web proxy redirector log such as one created by squidGuard or Rejik. The option +# may be repeated up to 64 times to read multiple files. +# If this option is specified, it takes precedence over squidguard_conf. +# The command line option -L override this option. +# +#redirector_log /usr/local/squidGuard/var/logs/urls.log + +# TAG: redirector_filter_out_date on|off +# This option replaces squidguard_ignore_date and redirector_ignore_date whose names were not +# appropriate with respect to their action. +# Note the change of parameter value compared with the old options. +# 'off' use the record even if its date is outside of the range found in the input log file. +# 'on' use the record only if its date is in the range found in the input log file. +# +#redirector_filter_out_date on + +# TAG: redirector_log_format +# Format string for web proxy redirector logs. +# This option was named squidguard_log_format before sarg 2.3. +# REJIK #year#-#mon#-#day# #hour# #list#:#tmp# #ip# #user# #tmp#/#tmp#/#url#/#end# +# SQUIDGUARD #year#-#mon#-#day# #hour# #tmp#/#list#/#tmp#/#tmp#/#url#/#tmp# #ip#/#tmp# #user# #end# +#redirector_log_format #year#-#mon#-#day# #hour# #tmp#/#list#/#tmp#/#tmp#/#url#/#tmp# #ip#/#tmp# #user# #end# + +# TAG: show_sarg_info yes|no +# shows sarg information and site path on each report bottom +# +#show_sarg_info yes + +# TAG: show_sarg_logo yes|no +# shows sarg logo +# +#show_sarg_logo yes + +# TAG: parsed_output_log directory +# Saves the processed log in a sarg format after parsing the squid log file. +# This is a way to dump all of the data structures out, after parsing from +# the logs (presumably this data will be much smaller than the log files themselves), +# and pull them back in for later processing and merging with data from previous logs. +# +#parsed_output_log none + +# TAG: parsed_output_log_compress /bin/gzip|/usr/bin/bzip2|nocompress +# Command to run to compress sarg parsed output log. It may contain +# options (such as -f to overwrite existing target file). The name of +# the file to compresse is provided at the end of this +# command line. Don't forget to quote things appropriately. +# +#parsed_output_log_compress /bin/gzip + +# TAG: displayed_values bytes|abbreviation +# how the values will be displayed in reports. +# eg. bytes - 209.526 +# abbreviation - 210K +# +#displayed_values bytes + +# Report limits +# TAG: authfail_report_limit n +# TAG: denied_report_limit n +# TAG: siteusers_report_limit n +# TAG: squidguard_report_limit n +# TAG: user_report_limit n +# TAG: dansguardian_report_limit n +# TAG: download_report_limit n +# report limits (lines). +# '0' no limit +# +#authfail_report_limit 10 +#denied_report_limit 10 +#siteusers_report_limit 0 +#squidguard_report_limit 10 +#dansguardian_report_limit 10 +#user_report_limit 10 +#user_report_limit 50 + +# TAG: www_document_root dir +# Where is your Web DocumentRoot +# Sarg will create sarg-php directory with some PHP modules: +# - sarg-squidguard-block.php - add urls from user reports to squidGuard DB +# +#www_document_root /var/www/html + +# TAG: block_it module_url +# This tag allow you to pass urls from user reports to a cgi or php module, +# to be blocked by some Squid acl +# +# Eg.: block_it /sarg-php/sarg-block-it.php +# sarg-block-it is a php that will append a url to a flat file. +# You must change /var/www/html/sarg-php/sarg-block-it to point to your file +# in $filename variable, and chown to a httpd owner. +# +# sarg will pass http://module_url?url=url +# +#block_it none + +# TAG: external_css_file path +# Provide the path to an external css file to link into the HTML reports instead of +# the inline css written by sarg when this option is not set. +# +# In versions prior to 2.3, this used to be an absolute file name to +# a file to include verbatim in each HTML page but, as it takes a lot of +# space, version 2.3 switched to a link to an external css file. +# Therefore, this option must contain the HTTP server path on which a client +# browser may find the css file. +# +# Sarg use theses style classes: +# .logo logo class +# .info sarg information class, align=center +# .title_c title class, align=center +# .header_c header class, align:center +# .header_l header class, align:left +# .header_r header class, align:right +# .text text class, align:right +# .data table text class, align:right +# .data2 table text class, align:left +# .data3 table text class, align:center +# .link link class +# +# Sarg can be instructed to output the internal css it inline +# into the reports with this command: +# +# sarg --css +# +# You can redirect the output to a file of your choice and edit +# it to your liking. +# +#external_css_file none + +# TAG: user_authentication yes|no +# Allow user authentication in User Reports using .htaccess +# Parameters: +# AuthUserTemplateFile - The template to use to create the +# .htaccess file. In the template, %u is replaced by the +# user's ID for which the report is generated. The path of the +# template is relative to the directory containing sarg +# configuration file. +# +# user_authentication no +# AuthUserTemplateFile sarg_htaccess + +# TAG: download_suffix "suffix,suffix,...,suffix" +# file suffix to be considered as "download" in Download report. +# Use 'none' to disable. +# +download_suffix "zip,arj,bzip,gz,ace,doc,iso,adt,bin,cab,com,dot,drv$,lha,lzh,mdb,mso,ppt,rtf,src,shs,sys,exe,dll,mp3,avi,mpg,mpeg" + +# TAG: ulimit n +# The maximum number of open file descriptors to avoid "Too many open files" error message. +# You need to run sarg as root to use ulimit tag. +# If you run sarg with a low privilege user, set to 'none' to disable ulimit +# +#ulimit 20000 + +# TAG: ntlm_user_format username|domainname+username +# NTLM users format. +# +#ntlm_user_format domainname+username + +# TAG: realtime_refresh_time num sec +# How many time to auto refresh the realtime report +# 0 = disable +# +# realtime_refresh_time 3 + +# TAG: realtime_access_log_lines num +# How many last lines to get from access.log file +# +# realtime_access_log_lines 1000 + +# TAG: realtime_types: GET,PUT,CONNECT,ICP_QUERY,POST +# Which records must be in realtime report. +# +# realtime_types GET,PUT,CONNECT + +# TAG: realtime_unauthenticated_records: ignore|show +# What to do with unauthenticated records in realtime report. +# +# realtime_unauthenticated_records: show + +# TAG: byte_cost value no_cost_limit +# Cost per byte. +# Eg. byte_cost 0.01 100000000 +# per byte cost = 0.01 +# bytes with no cost = 100 Mb +# 0 = disable +# +# byte_cost 0.01 50000000 + +# TAG: squid24 on|off +# Compatilibity with squid version <= 2.4 when using emulate_http_log on +# +# squid24 off diff --git a/config/sarg/update-sarg-reports b/config/sarg/update-sarg-reports new file mode 100644 index 000000000..9f2ab4c8c --- /dev/null +++ b/config/sarg/update-sarg-reports @@ -0,0 +1,188 @@ +#!/bin/bash +############################################################################### +# # +# IPFire.org - An Open Source Firewall Solution # +# Copyright (C) 2012 Michael Tremer # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see . # +# # +############################################################################### + +export LC_ALL=C + +SARG_CONFIG="/etc/sarg/sarg.conf" +SQUID_LOG="/var/log/squid/access.log" +REPORTS_PATH="/var/log/sarg" + +function date_calc() { + local when + local range="false" + + case "${1}" in + month) + when="1 month ago" + range="true" + ;; + week) + when="1 week ago" + ;; + yesterday) + when="1 day ago" + ;; + today) + when="today" + ;; + *) + return 1 + ;; + esac + + if [ "${range}" = "true" ]; then + echo "$(date --date "${when}" +01/%m/%Y)-$(date --date "${when}" +31/%m/%Y)" + else + date --date "${when}" +%d/%m/%Y + fi + + return 0 +} + +function compile_report() { + local interval=${1} + + local date + case "${interval}" in + today) + date=$(date_calc today) + ;; + daily) + date=$(date_calc yesterday) + ;; + weekly) + date="$(date_calc week)-$(date_calc yesterday)" + ;; + monthly) + date="$(date_calc month)" + ;; + esac + [ -n "${date}" ] || return 1 + + # Determine max. number of archived log files to search. + local max_logs + case "${interval}" in + today|daily) + max_logs=3 + ;; + weekly) + max_logs=14 + ;; + monthly) + max_logs=40 + ;; + esac + + # Create reports_path, if not exists. + local reports_path="${REPORTS_PATH}/${interval}" + mkdir -p ${reports_path} + + # Remove already existant data on today's reports. + case "${interval}" in + today) + rm -rf ${reports_path}/* + ;; + esac + + # Run SARG. + get_logs ${max_logs} | sarg -f ${SARG_CONFIG} -l - -d ${date} -o ${reports_path} +} + +function get_logs() { + local max=${1} + + if [ -z "${max}" ]; then + max=10000 + fi + + local idx=0 + while [ ${idx} -le ${max} ]; do + file=$(search_log_file ${idx}) + + # If no log file could be opened, we are done. + [ -z "${file}" ] && break + + case "${file}" in + # Logs in plain text. + *.log) + cat ${file} + ;; + + # GZip compressed log files. + *.gz) + gzip -d < ${file} + ;; + + # XZ compressed log files. + *.xz) + xz -d < ${file} + ;; + + # Unhandled stuff. + *) + echo "Unhandled file type: ${file}" >&2 + ;; + esac + + idx=$(( ${idx} + 1 )) + done + + return 0 +} + +function search_log_file() { + local idx=${1} + + if [ "${idx}" = "0" ] && [ -e "${SQUID_LOG}" ]; then + echo "${SQUID_LOG}" + return 0 + fi + + local algo + for algo in gz xz; do + file="${SQUID_LOG}.${idx}.${algo}" + + if [ -e "${file}" ]; then + echo "${file}" + return 0 + fi + done + + return 1 +} + +# Main. + +case "${1}" in + today|daily|weekly|monthly) + compile_report ${1} + ;; + *) + echo "${0} - Squid proxy reports creation tool" + echo + echo "Usage: ${0} [interval]" + echo " interval: today, daily, weekly, monthly" + echo + exit 0 + ;; +esac + +exit 0 diff --git a/doc/language_issues.es b/doc/language_issues.es index 968e32179..eca067d53 100644 --- a/doc/language_issues.es +++ b/doc/language_issues.es @@ -514,6 +514,7 @@ WARNING: untranslated string: ccd err inuse WARNING: untranslated string: ccd err invalidname WARNING: untranslated string: ccd err invalidnet WARNING: untranslated string: ccd err irouteexist +WARNING: untranslated string: ccd err isipsecnet WARNING: untranslated string: ccd err isovpnnet WARNING: untranslated string: ccd err issubnet WARNING: untranslated string: ccd err name @@ -531,6 +532,7 @@ WARNING: untranslated string: ccd iroutehint WARNING: untranslated string: ccd modify WARNING: untranslated string: ccd name WARNING: untranslated string: ccd net +WARNING: untranslated string: ccd noaddnet WARNING: untranslated string: ccd none WARNING: untranslated string: ccd routes WARNING: untranslated string: ccd subnet @@ -582,9 +584,21 @@ WARNING: untranslated string: outgoing firewall reserved groupname WARNING: untranslated string: outgoing firewall view group WARNING: untranslated string: ovpn errmsg green already pushed WARNING: untranslated string: ovpn errmsg invalid ip or mask +WARNING: untranslated string: ovpn mtu-disc +WARNING: untranslated string: ovpn mtu-disc and mtu not 1500 +WARNING: untranslated string: ovpn mtu-disc maybe +WARNING: untranslated string: ovpn mtu-disc no +WARNING: untranslated string: ovpn mtu-disc off +WARNING: untranslated string: ovpn mtu-disc with mssfix or fragment +WARNING: untranslated string: ovpn mtu-disc yes WARNING: untranslated string: ovpn routes push WARNING: untranslated string: ovpn routes push options WARNING: untranslated string: pakfire ago +WARNING: untranslated string: proxy reports +WARNING: untranslated string: proxy reports daily +WARNING: untranslated string: proxy reports monthly +WARNING: untranslated string: proxy reports today +WARNING: untranslated string: proxy reports weekly WARNING: untranslated string: route config changed WARNING: untranslated string: routing config added WARNING: untranslated string: routing config changed diff --git a/doc/language_issues.fr b/doc/language_issues.fr index 1c37b1731..91beb6f7e 100644 --- a/doc/language_issues.fr +++ b/doc/language_issues.fr @@ -513,6 +513,7 @@ WARNING: untranslated string: ccd err inuse WARNING: untranslated string: ccd err invalidname WARNING: untranslated string: ccd err invalidnet WARNING: untranslated string: ccd err irouteexist +WARNING: untranslated string: ccd err isipsecnet WARNING: untranslated string: ccd err isovpnnet WARNING: untranslated string: ccd err issubnet WARNING: untranslated string: ccd err name @@ -530,6 +531,7 @@ WARNING: untranslated string: ccd iroutehint WARNING: untranslated string: ccd modify WARNING: untranslated string: ccd name WARNING: untranslated string: ccd net +WARNING: untranslated string: ccd noaddnet WARNING: untranslated string: ccd none WARNING: untranslated string: ccd routes WARNING: untranslated string: ccd subnet @@ -568,7 +570,19 @@ WARNING: untranslated string: openvpn subnet is used WARNING: untranslated string: other WARNING: untranslated string: our donors WARNING: untranslated string: outgoing firewall reserved groupname +WARNING: untranslated string: ovpn mtu-disc +WARNING: untranslated string: ovpn mtu-disc and mtu not 1500 +WARNING: untranslated string: ovpn mtu-disc maybe +WARNING: untranslated string: ovpn mtu-disc no +WARNING: untranslated string: ovpn mtu-disc off +WARNING: untranslated string: ovpn mtu-disc with mssfix or fragment +WARNING: untranslated string: ovpn mtu-disc yes WARNING: untranslated string: pakfire ago +WARNING: untranslated string: proxy reports +WARNING: untranslated string: proxy reports daily +WARNING: untranslated string: proxy reports monthly +WARNING: untranslated string: proxy reports today +WARNING: untranslated string: proxy reports weekly WARNING: untranslated string: route config changed WARNING: untranslated string: routing config added WARNING: untranslated string: routing config changed diff --git a/doc/language_issues.pl b/doc/language_issues.pl index 968e32179..eca067d53 100644 --- a/doc/language_issues.pl +++ b/doc/language_issues.pl @@ -514,6 +514,7 @@ WARNING: untranslated string: ccd err inuse WARNING: untranslated string: ccd err invalidname WARNING: untranslated string: ccd err invalidnet WARNING: untranslated string: ccd err irouteexist +WARNING: untranslated string: ccd err isipsecnet WARNING: untranslated string: ccd err isovpnnet WARNING: untranslated string: ccd err issubnet WARNING: untranslated string: ccd err name @@ -531,6 +532,7 @@ WARNING: untranslated string: ccd iroutehint WARNING: untranslated string: ccd modify WARNING: untranslated string: ccd name WARNING: untranslated string: ccd net +WARNING: untranslated string: ccd noaddnet WARNING: untranslated string: ccd none WARNING: untranslated string: ccd routes WARNING: untranslated string: ccd subnet @@ -582,9 +584,21 @@ WARNING: untranslated string: outgoing firewall reserved groupname WARNING: untranslated string: outgoing firewall view group WARNING: untranslated string: ovpn errmsg green already pushed WARNING: untranslated string: ovpn errmsg invalid ip or mask +WARNING: untranslated string: ovpn mtu-disc +WARNING: untranslated string: ovpn mtu-disc and mtu not 1500 +WARNING: untranslated string: ovpn mtu-disc maybe +WARNING: untranslated string: ovpn mtu-disc no +WARNING: untranslated string: ovpn mtu-disc off +WARNING: untranslated string: ovpn mtu-disc with mssfix or fragment +WARNING: untranslated string: ovpn mtu-disc yes WARNING: untranslated string: ovpn routes push WARNING: untranslated string: ovpn routes push options WARNING: untranslated string: pakfire ago +WARNING: untranslated string: proxy reports +WARNING: untranslated string: proxy reports daily +WARNING: untranslated string: proxy reports monthly +WARNING: untranslated string: proxy reports today +WARNING: untranslated string: proxy reports weekly WARNING: untranslated string: route config changed WARNING: untranslated string: routing config added WARNING: untranslated string: routing config changed diff --git a/doc/language_issues.ru b/doc/language_issues.ru index c1c87ee97..e36449a2f 100644 --- a/doc/language_issues.ru +++ b/doc/language_issues.ru @@ -505,6 +505,7 @@ WARNING: untranslated string: ccd err inuse WARNING: untranslated string: ccd err invalidname WARNING: untranslated string: ccd err invalidnet WARNING: untranslated string: ccd err irouteexist +WARNING: untranslated string: ccd err isipsecnet WARNING: untranslated string: ccd err isovpnnet WARNING: untranslated string: ccd err issubnet WARNING: untranslated string: ccd err name @@ -522,6 +523,7 @@ WARNING: untranslated string: ccd iroutehint WARNING: untranslated string: ccd modify WARNING: untranslated string: ccd name WARNING: untranslated string: ccd net +WARNING: untranslated string: ccd noaddnet WARNING: untranslated string: ccd none WARNING: untranslated string: ccd routes WARNING: untranslated string: ccd subnet @@ -550,6 +552,18 @@ WARNING: untranslated string: other WARNING: untranslated string: our donors WARNING: untranslated string: outgoing firewall reserved groupname WARNING: untranslated string: outgoing traffic in bytes per second +WARNING: untranslated string: ovpn mtu-disc +WARNING: untranslated string: ovpn mtu-disc and mtu not 1500 +WARNING: untranslated string: ovpn mtu-disc maybe +WARNING: untranslated string: ovpn mtu-disc no +WARNING: untranslated string: ovpn mtu-disc off +WARNING: untranslated string: ovpn mtu-disc with mssfix or fragment +WARNING: untranslated string: ovpn mtu-disc yes +WARNING: untranslated string: proxy reports +WARNING: untranslated string: proxy reports daily +WARNING: untranslated string: proxy reports monthly +WARNING: untranslated string: proxy reports today +WARNING: untranslated string: proxy reports weekly WARNING: untranslated string: route config changed WARNING: untranslated string: routing config added WARNING: untranslated string: routing config changed diff --git a/doc/language_missings b/doc/language_missings index a6a29fbe2..83fbf90ce 100644 --- a/doc/language_missings +++ b/doc/language_missings @@ -26,6 +26,7 @@ < ccd err invalidnet < ccd err iroute < ccd err irouteexist +< ccd err isipsecnet < ccd err isovpnnet < ccd err issubnet < ccd err name @@ -45,6 +46,7 @@ < ccd modify < ccd name < ccd net +< ccd noaddnet < ccd none < ccd routes < ccd subnet @@ -83,6 +85,18 @@ < openvpn subnet is used < other < our donors +< ovpn mtu-disc +< ovpn mtu-disc and mtu not 1500 +< ovpn mtu-disc maybe +< ovpn mtu-disc no +< ovpn mtu-disc off +< ovpn mtu-disc with mssfix or fragment +< ovpn mtu-disc yes +< proxy reports +< proxy reports daily +< proxy reports monthly +< proxy reports today +< proxy reports weekly < server restart < snort working < static routes @@ -134,6 +148,7 @@ < ccd err invalidnet < ccd err iroute < ccd err irouteexist +< ccd err isipsecnet < ccd err isovpnnet < ccd err issubnet < ccd err name @@ -153,6 +168,7 @@ < ccd modify < ccd name < ccd net +< ccd noaddnet < ccd none < ccd routes < ccd subnet @@ -204,8 +220,20 @@ < outgoing firewall view group < ovpn errmsg green already pushed < ovpn errmsg invalid ip or mask +< ovpn mtu-disc +< ovpn mtu-disc and mtu not 1500 +< ovpn mtu-disc maybe +< ovpn mtu-disc no +< ovpn mtu-disc off +< ovpn mtu-disc with mssfix or fragment +< ovpn mtu-disc yes < ovpn routes push < ovpn routes push options +< proxy reports +< proxy reports daily +< proxy reports monthly +< proxy reports today +< proxy reports weekly < server restart < Set time on boot < static routes @@ -233,6 +261,7 @@ < ccd err invalidnet < ccd err iroute < ccd err irouteexist +< ccd err isipsecnet < ccd err isovpnnet < ccd err issubnet < ccd err name @@ -252,6 +281,7 @@ < ccd modify < ccd name < ccd net +< ccd noaddnet < ccd none < ccd routes < ccd subnet @@ -281,8 +311,20 @@ < our donors < ovpn errmsg green already pushed < ovpn errmsg invalid ip or mask +< ovpn mtu-disc +< ovpn mtu-disc and mtu not 1500 +< ovpn mtu-disc maybe +< ovpn mtu-disc no +< ovpn mtu-disc off +< ovpn mtu-disc with mssfix or fragment +< ovpn mtu-disc yes < ovpn routes push < ovpn routes push options +< proxy reports +< proxy reports daily +< proxy reports monthly +< proxy reports today +< proxy reports weekly < server restart < static routes < visit us at @@ -309,6 +351,7 @@ < ccd err invalidnet < ccd err iroute < ccd err irouteexist +< ccd err isipsecnet < ccd err isovpnnet < ccd err issubnet < ccd err name @@ -328,6 +371,7 @@ < ccd modify < ccd name < ccd net +< ccd noaddnet < ccd none < ccd routes < ccd subnet @@ -363,6 +407,18 @@ < other < our donors < outgoing traffic in bytes per second +< ovpn mtu-disc +< ovpn mtu-disc and mtu not 1500 +< ovpn mtu-disc maybe +< ovpn mtu-disc no +< ovpn mtu-disc off +< ovpn mtu-disc with mssfix or fragment +< ovpn mtu-disc yes +< proxy reports +< proxy reports daily +< proxy reports monthly +< proxy reports today +< proxy reports weekly < server restart < static routes < visit us at diff --git a/html/cgi-bin/logs.cgi/calamaris.dat b/html/cgi-bin/logs.cgi/calamaris.dat index 4ee60c21d..07fdf8a88 100644 --- a/html/cgi-bin/logs.cgi/calamaris.dat +++ b/html/cgi-bin/logs.cgi/calamaris.dat @@ -24,6 +24,7 @@ my $unique=time; my $squidlogdir = "/var/log/squid"; my $reportdir = "${General::swroot}/proxy/calamaris/reports"; +my $sargdir = "/var/log/sarg"; unless (-e $reportdir) { mkdir($reportdir) } @@ -241,6 +242,86 @@ if ($errormessage) { &Header::closebox(); } +# Link sarg reports. +if (-e $sargdir) { + &Header::openbox('100%', 'left', "$Lang::tr{'proxy reports'}:"); + + print < + +END + + # Today. + if (-e "$sargdir/today") { + print < + $Lang::tr{'proxy reports today'} + +END + } else { + print < + $Lang::tr{'proxy reports today'} + +END + } + + # Daily. + if (-e "$sargdir/daily") { + print < + $Lang::tr{'proxy reports daily'} + +END + } else { + print < + $Lang::tr{'proxy reports daily'} + +END + } + + # Weekly. + if (-e "$sargdir/weekly") { + print < + $Lang::tr{'proxy reports weekly'} + +END + } else { + print < + $Lang::tr{'proxy reports weekly'} + +END + } + + # Monthly. + if (-e "$sargdir/monthly") { + print < + $Lang::tr{'proxy reports monthly'} + +END + } else { + print < + $Lang::tr{'proxy reports monthly'} + +END + } + + print < + + +

+END + + &Header::closebox(); +} + + &Header::openbox('100%', 'left', "$Lang::tr{'settings'}:"); print <"; - } - - #check if we use a name/subnet that already exists - &General::readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash); - foreach my $key (keys %ccdconfhash) { - @ccdconf=split(/\//,$ccdconfhash{$key}[1]); - if ($ccdname eq $ccdconfhash{$key}[0]) {$errormessage=$errormessage.$Lang::tr{'ccd err nameexist'}."
";} - my ($newip,$newsub) = split(/\//,$ccdnet); - if (&General::IpInSubnet($newip,$ccdconf[0],&General::iporsubtodec($ccdconf[1]))) {$errormessage=$errormessage.$Lang::tr{'ccd err issubnet'}."
";} - - } - #check if we use one of ipfire's networks (green,orange,blue) - my %ownnet=(); - &General::readhash("${General::swroot}/ethernet/settings", \%ownnet); - if (($ownnet{'GREEN_NETADDRESS'} ne '' && $ownnet{'GREEN_NETADDRESS'} ne '0.0.0.0') && &General::IpInSubnet($ownnet{'GREEN_NETADDRESS'},$ccdip,&General::iporsubtodec($subcidr))){ $errormessage=$Lang::tr{'ccd err green'};} - if (($ownnet{'ORANGE_NETADDRESS'} ne '' && $ownnet{'ORANGE_NETADDRESS'} ne '0.0.0.0') && &General::IpInSubnet($ownnet{'ORANGE_NETADDRESS'},$ccdip,&General::iporsubtodec($subcidr))){ $errormessage=$Lang::tr{'ccd err orange'};} - if (($ownnet{'BLUE_NETADDRESS'} ne '' && $ownnet{'BLUE_NETADDRESS'} ne '0.0.0.0') && &General::IpInSubnet($ownnet{'BLUE_NETADDRESS'},$ccdip,&General::iporsubtodec($subcidr))){ $errormessage=$Lang::tr{'ccd err blue'};} - if (($ownnet{'RED_NETADDRESS'} ne '' && $ownnet{'RED_NETADDRESS'} ne '0.0.0.0') && &General::IpInSubnet($ownnet{'RED_NETADDRESS'},$ccdip,&General::iporsubtodec($subcidr))){ $errormessage=$Lang::tr{'ccd err red'};} - if (!$errormessage) { my %ccdconfhash=(); @@ -631,7 +613,7 @@ sub getccdadresses my %ccdhash=(); &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%ccdhash); $iprange[0]=$ip1.".".$ip2.".".$ip3.".".2; - for (my $i=0;$i<=$count-1;$i++) { + for (my $i=1;$i<=$count;$i++) { my $tmpip=$iprange[$i-1]; my $stepper=$i*4; $iprange[$i]= &General::getnextip($tmpip,4); @@ -2584,7 +2566,7 @@ END } if ($cgiparams{'ACTION'} eq $Lang::tr{'ccd add'}) { - &addccdnet($cgiparams{'ccdname'},$cgiparams{'ccdsubnet'},$cgiparams{'DOVPN_SUBNET'}); + &addccdnet($cgiparams{'ccdname'},$cgiparams{'ccdsubnet'}); } if ($errormessage) { &Header::openbox('100%', 'LEFT', $Lang::tr{'error messages'}); @@ -2651,7 +2633,7 @@ END &General::readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash); my @ccdconf=(); my $count=0; - foreach my $key (keys %ccdconfhash) { + foreach my $key (sort { uc($ccdconfhash{$a}[0]) cmp uc($ccdconfhash{$b}[0]) } keys %ccdconfhash) { @ccdconf=($ccdconfhash{$key}[0],$ccdconfhash{$key}[1]); $count++; my $ccdhosts = &hostsinnet($ccdconf[0]); @@ -3295,7 +3277,7 @@ if ($confighash{$cgiparams{'KEY'}}) { $cgiparams{'COMPLZO'} = $confighash{$cgiparams{'KEY'}}[30]; $cgiparams{'MTU'} = $confighash{$cgiparams{'KEY'}}[31]; $cgiparams{'CHECK1'} = $confighash{$cgiparams{'KEY'}}[32]; - my $name=$cgiparams{'CHECK1'} ; + $name=$cgiparams{'CHECK1'} ; $cgiparams{$name} = $confighash{$cgiparams{'KEY'}}[33]; $cgiparams{'RG'} = $confighash{$cgiparams{'KEY'}}[34]; $cgiparams{'CCD_DNS1'} = $confighash{$cgiparams{'KEY'}}[35]; @@ -3979,7 +3961,7 @@ if ($cgiparams{'TYPE'} eq 'net') { $confighash{$key}[30] = $cgiparams{'COMPLZO'}; $confighash{$key}[31] = $cgiparams{'MTU'}; $confighash{$key}[32] = $cgiparams{'CHECK1'}; - my $name=$cgiparams{'CHECK1'}; + $name=$cgiparams{'CHECK1'}; $confighash{$key}[33] = $cgiparams{$name}; $confighash{$key}[34] = $cgiparams{'RG'}; $confighash{$key}[35] = $cgiparams{'CCD_DNS1'}; @@ -3994,7 +3976,9 @@ if ($cgiparams{'TYPE'} eq 'net') { my ($ccdip,$ccdsub)=split "/",$cgiparams{$name}; my ($a,$b,$c,$d) = split (/\./,$ccdip); - if ( -e "${General::swroot}/ovpn/ccd/$confighash{$key}[2]"){unlink "${General::swroot}/ovpn/ccd/$cgiparams{'CERT_NAME'}";} + if ( -e "${General::swroot}/ovpn/ccd/$confighash{$key}[2]"){ + unlink "${General::swroot}/ovpn/ccd/$cgiparams{'CERT_NAME'}"; + } open ( CCDRWCONF,'>',"${General::swroot}/ovpn/ccd/$confighash{$key}[2]") or die "Unable to create clientconfigfile $!"; print CCDRWCONF "# OpenVPN Clientconfig from CCD extension by Copymaster#\n\n"; if($cgiparams{'CHECK1'} eq 'dynamic'){ @@ -4300,7 +4284,7 @@ if ($cgiparams{'TYPE'} eq 'host') { if (! -z "${General::swroot}/ovpn/ccd.conf"){ print""; - foreach my $key (keys %ccdconfhash) { + foreach my $key (sort { uc($ccdconfhash{$a}[0]) cmp uc($ccdconfhash{$b}[0]) } keys %ccdconfhash) { $count++; @ccdconf=($ccdconfhash{$key}[0],$ccdconfhash{$key}[1]); if ($count % 2){print"";}else{print"";} @@ -4466,6 +4450,7 @@ END my $helpblue=0; my $helporange=0; my $other=0; + my $none=0; my @temp=(); our @current = (); @@ -4473,7 +4458,20 @@ END @current = ; close (FILE); &General::readhasharray ("${General::swroot}/ovpn/ccdroute2", \%ccdroute2hash); - print""; + #check for "none" + foreach my $key (keys %ccdroute2hash) { + if($ccdroute2hash{$key}[0] eq $cgiparams{'NAME'}){ + if ($ccdroute2hash{$key}[1] eq ''){ + $none=1; + last; + } + } + } + if ($none ne '1'){ + print""; + }else{ + print""; + } #check if static routes are defined for client foreach my $line (@current) { chomp($line); diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl index 1c32fb628..05e1d8531 100644 --- a/langs/de/cgi-bin/de.pl +++ b/langs/de/cgi-bin/de.pl @@ -469,6 +469,7 @@ 'ccd err invalidnet' => 'Ungültige IP-Addresse. Format: 192.168.0.0/24 oder 192.168.0.0/255.255.255.0.', 'ccd err iroute' => 'Netzadresse für Route ungültig.', 'ccd err irouteexist' => 'Diese Route wird bereits verwendet.', +'ccd err isipsecnet' => 'Diese Subnetzadresse wird bereits für ein IPsec-Netzwerk verwendet.', 'ccd err isovpnnet' => 'Subnetzadresse wird für bereits für den OpenVPN-Server verwendet!', 'ccd err issubnet' => 'Subnetzadresse wird bereits verwendet.', 'ccd err name' => 'Es muss ein Name angegeben werden.', @@ -1389,12 +1390,12 @@ 'ovpn errmsg invalid ip or mask' => 'Ungültige Netzwerk-Adresse oder Subnetzmaske', 'ovpn log' => 'OVPN-Log', 'ovpn mtu-disc' => 'Path MTU Discovery', +'ovpn mtu-disc and mtu not 1500' => 'Path MTU Discovery benötigt eine MTU von 1500.', 'ovpn mtu-disc maybe' => 'Optional', 'ovpn mtu-disc no' => 'Niemals', 'ovpn mtu-disc off' => 'Deaktiviert', -'ovpn mtu-disc yes' => 'Forciert', -'ovpn mtu-disc and mtu not 1500' => 'Path MTU Discovery benötigt eine MTU von 1500.', 'ovpn mtu-disc with mssfix or fragment' => 'Path MTU Discovery kann nicht gemeinsam mit mssfix oder fragment verwendet werden.', +'ovpn mtu-disc yes' => 'Forciert', 'ovpn on blue' => 'OpenVPN auf BLAU', 'ovpn on orange' => 'OpenVPN auf ORANGE', 'ovpn on red' => 'OpenVPN auf ROT', @@ -1513,6 +1514,11 @@ 'proxy no proxy local' => 'Lokalen Proxy auf blauen/grünen Netzwerken verhindern', 'proxy port' => 'Proxy-Port', 'proxy reconfigure' => 'Speichern und Laden', +'proxy reports' => 'Proxyberichte', +'proxy reports daily' => 'Tägliche Berichte', +'proxy reports monthly' => 'Monatliche Berichte', +'proxy reports today' => 'Heute', +'proxy reports weekly' => 'Wöchentliche Berichte', 'psk' => 'PSK', 'pulse' => 'Puls', 'pulse dial' => 'Pulswahl:', diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index 0a3875050..f0fa2c21f 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -488,6 +488,7 @@ 'ccd err invalidnet' => 'Invalid IP address. Format: 192.168.0.0/24 or 192.168.0.0/255.255.255.0.', 'ccd err iroute' => 'Network address for route is invalid.', 'ccd err irouteexist' => 'This route is already in use.', +'ccd err isipsecnet' => 'The given subnet address already used by an IPsec network.', 'ccd err isovpnnet' => 'Subnet address already in use for OpenVPN Server.', 'ccd err issubnet' => 'Subnet address already in use.', 'ccd err name' => 'Please choose a name.', @@ -1416,12 +1417,12 @@ 'ovpn errmsg invalid ip or mask' => 'Invalid network-address or subnetmask', 'ovpn log' => 'OVPN-Log', 'ovpn mtu-disc' => 'Path MTU Discovery', +'ovpn mtu-disc and mtu not 1500' => 'Path MTU Discovery requires a MTU of 1500.', 'ovpn mtu-disc maybe' => 'Optionally', 'ovpn mtu-disc no' => 'Never', 'ovpn mtu-disc off' => 'Disabled', -'ovpn mtu-disc yes' => 'Forced', -'ovpn mtu-disc and mtu not 1500' => 'Path MTU Discovery requires a MTU of 1500.', 'ovpn mtu-disc with mssfix or fragment' => 'Path MTU Discovery cannot be used with mssfix or fragment.', +'ovpn mtu-disc yes' => 'Forced', 'ovpn on blue' => 'OpenVPN on BLUE', 'ovpn on orange' => 'OpenVPN on ORANGE', 'ovpn on red' => 'OpenVPN on RED', @@ -1540,6 +1541,11 @@ 'proxy no proxy local' => 'Disallow local proxying on BLUE/GREEN networks', 'proxy port' => 'Proxy Port', 'proxy reconfigure' => 'Save and Reload', +'proxy reports' => 'Proxy Reports', +'proxy reports daily' => 'Daily reports', +'proxy reports monthly' => 'Monthly reports', +'proxy reports today' => 'Today', +'proxy reports weekly' => 'Weekly reports', 'psk' => 'PSK', 'pulse' => 'Pulse', 'pulse dial' => 'Pulse dial:', diff --git a/lfs/sarg b/lfs/sarg new file mode 100644 index 000000000..c8794fe7e --- /dev/null +++ b/lfs/sarg @@ -0,0 +1,100 @@ +############################################################################### +# # +# IPFire.org - An Open Source Firewall Solution # +# Copyright (C) 2012 Michael Tremer # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see . # +# # +############################################################################### + +############################################################################### +# Definitions +############################################################################### + +include Config + +VER = 2.3.3 + +THISAPP = sarg-$(VER) +DL_FILE = $(THISAPP).tar.gz +DL_FROM = $(URL_IPFIRE) +DIR_APP = $(DIR_SRC)/$(THISAPP) +TARGET = $(DIR_INFO)/$(THISAPP) +PROG = sarg +PAK_VER = 1 + +DEPS = "" + +############################################################################### +# Top-level Rules +############################################################################### + +objects = $(DL_FILE) + +$(DL_FILE) = $(DL_FROM)/$(DL_FILE) + +$(DL_FILE)_MD5 = 09dba9a960d500acd7f17802de62512c + +install : $(TARGET) + +check : $(patsubst %,$(DIR_CHK)/%,$(objects)) + +download :$(patsubst %,$(DIR_DL)/%,$(objects)) + +md5 : $(subst %,%_MD5,$(objects)) + +dist: + @$(PAK) + +############################################################################### +# Downloading, checking, md5sum +############################################################################### + +$(patsubst %,$(DIR_CHK)/%,$(objects)) : + @$(CHECK) + +$(patsubst %,$(DIR_DL)/%,$(objects)) : + @$(LOAD) + +$(subst %,%_MD5,$(objects)) : + @$(MD5) + +############################################################################### +# Installation Details +############################################################################### + +$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) + @$(PREBUILD) + @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) + cd $(DIR_APP) && ./configure \ + --prefix=/usr \ + --sysconfdir=/etc/sarg + cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE) + cd $(DIR_APP) && make $(EXTRA_INSTALL) install + + # Install configuration file. + cp -v $(DIR_SRC)/config/sarg/sarg.conf /etc/sarg/sarg.conf + + # Install helper script. + install -m 755 $(DIR_SRC)/config/sarg/update-sarg-reports \ + /usr/sbin/update-sarg-reports + + # Install cron job. + for i in hourly daily weekly monthly; do \ + install -m 754 -v $(DIR_SRC)/config/sarg/cron.$${i} \ + /etc/fcron.$${i}/sarg-reports; \ + done + + @rm -rf $(DIR_APP) + @$(POSTBUILD) diff --git a/make.sh b/make.sh index 5d142ef1d..1165c092a 100755 --- a/make.sh +++ b/make.sh @@ -774,6 +774,7 @@ buildipfire() { ipfiremake telnet ipfiremake stress ipfiremake libstatgrab + ipfiremake sarg echo Build on $HOSTNAME > $BASEDIR/build/var/ipfire/firebuild cat /proc/version >> $BASEDIR/build/var/ipfire/firebuild echo >> $BASEDIR/build/var/ipfire/firebuild diff --git a/src/paks/sarg/install.sh b/src/paks/sarg/install.sh new file mode 100644 index 000000000..d3b17a974 --- /dev/null +++ b/src/paks/sarg/install.sh @@ -0,0 +1,34 @@ +#!/bin/bash +############################################################################ +# # +# This file is part of the IPFire Firewall. # +# # +# IPFire is free software; you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation; either version 2 of the License, or # +# (at your option) any later version. # +# # +# IPFire is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with IPFire; if not, write to the Free Software # +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # +# # +# Copyright (C) 2007 IPFire-Team . # +# # +############################################################################ +# +. /opt/pakfire/lib/functions.sh +extract_files +restore_backup ${NAME} + +# Create data directory. +[ -d "/var/log/sarg" ] || mkdir /var/log/sarg + +# Create initial report. +/usr/sbin/update-sarg-reports today >/dev/null 2>&1 + +exit 0 diff --git a/src/paks/sarg/uninstall.sh b/src/paks/sarg/uninstall.sh new file mode 100644 index 000000000..66f4344eb --- /dev/null +++ b/src/paks/sarg/uninstall.sh @@ -0,0 +1,26 @@ +#!/bin/bash +############################################################################ +# # +# This file is part of the IPFire Firewall. # +# # +# IPFire is free software; you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation; either version 2 of the License, or # +# (at your option) any later version. # +# # +# IPFire is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with IPFire; if not, write to the Free Software # +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # +# # +# Copyright (C) 2007 IPFire-Team . # +# # +############################################################################ +# +. /opt/pakfire/lib/functions.sh +make_backup ${NAME} +remove_files diff --git a/src/paks/sarg/update.sh b/src/paks/sarg/update.sh new file mode 100644 index 000000000..89c40d0d7 --- /dev/null +++ b/src/paks/sarg/update.sh @@ -0,0 +1,26 @@ +#!/bin/bash +############################################################################ +# # +# This file is part of the IPFire Firewall. # +# # +# IPFire is free software; you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation; either version 2 of the License, or # +# (at your option) any later version. # +# # +# IPFire is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with IPFire; if not, write to the Free Software # +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # +# # +# Copyright (C) 2007 IPFire-Team . # +# # +############################################################################ +# +. /opt/pakfire/lib/functions.sh +./uninstall.sh +./install.sh
$Lang::tr{'ccd name'}$Lang::tr{'network'}$Lang::tr{'ccd clientip'}