//#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@>
int wrtaliases(std::string & response)
{
int error = 0;
unsigned int i = 0;
std::string cmdprefix = "/var/smoothwall";
std::string varfile = cmdprefix + "/portfw/aliases";
std::vector<std::string> argv;
FILE * varhandle;
error = chkaliases(argv);
if (!(varhandle = fopen(varfile.c_str(), "w")))
{
response = "Abort, could not create or open (" + varfile + ") file";
return errrpt(response);
}
while ( i < argv.size() )
{
fputs((char*) argv[i++].c_str(), varhandle);
}
fclose(varhandle);
error += simplesecuresysteml("/bin/chown","nobody:nobody",varfile.c_str(),NULL);
response = "Successfully updated aliases file.";
if (error) response = "Abort while attempting to update aliases file.";
return errrpt(response);
}
int start_dnsproxy(std::vector<std::string> & parameters, std::string & response)
{
FILE *resolvfile = NULL;
int error = 0;
if (!(resolvfile = fopen("/etc/resolv.conf.dnsmasq", "w")))
{
response = "Couldn't write to /etc/resolv.conf.dnsmasq";
error = 1;
goto EXIT;
}
for (std::vector<std::string>::iterator i = parameters.begin();
i != parameters.end(); i++)
{
if ((*i).find_first_not_of(IP_NUMBERS) != std::string::npos)
syslog(LOG_ERR, "Invalid DNS server IP %s", (*i).c_str());
fputs("nameserver ", resolvfile);
fputs((*i).c_str(), resolvfile);
fputs("\n", resolvfile);
}
fclose(resolvfile);
error = simplesecuresysteml("/usr/bin/dnsmasq", "-r", "/etc/resolv.conf.dnsmasq", NULL);
if (error)
response = "DNS Proxy Start failure";
else
response = "DNS Proxy Start Successful";
EXIT:
return error;
}
//#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@>
int ifaliasdown(std::vector<std::string> & parameters, std::string & response)
{
std::vector<std::string> argc;
int error = 0;
unsigned int i = 0;
response = "Taking alias interfaces down";
error = errrpt(response);
error = get_alias(argc);
if (error)
{
response = "Abort reading current aliases on the interface.";
return errrpt(response);
}
while (i < argc.size())
{
errrpt("pulling down (" + argc[i] + ")");
error += simplesecuresysteml("/sbin/ifconfig",argc[i++].c_str(),"down",NULL);
}
response = "Successfully brought down alias interfaces.";
if (error) response = "Abort while bringing down alias interfaces";
return errrpt(response);
}
int killunknownprocess( const char * processname )
{
int trys = 0;
trys = 0;
while (!simplesecuresysteml("/usr/bin/killall", processname, NULL))
{
sleep(1);
if (trys++ > 3)
{
int error = simplesecuresysteml("/usr/bin/killall", "-9", processname, NULL);
sleep(2);
return( error );
}
}
return 0;
}
int set_updown(std::vector<std::string> & parameters, std::string & response)
{
int error = 0;
const std::string & choice = parameters[0];
if (choice == "UP")
error = simplesecuresysteml("/usr/bin/smoothwall/ppp-on", NULL);
else
error = simplesecuresysteml("/usr/bin/smoothwall/ppp-off", NULL);
if (error)
response = std::string(choice == "UP" ? "ppp-on" : "ppp-off") + " failed";
else
response = std::string(choice == "UP" ? "updown started" : "updown stopped");
return error;
}
int signalunknownprocess( const char * processname, int signal )
{
int trys = 0;
trys = 0;
char signal_text[ 255 ];
snprintf( signal_text, sizeof( signal_text ), "-%d", signal );
return (simplesecuresysteml("/usr/bin/killall", signal_text, processname, NULL));
}
int cycle_networking(std::vector<std::string> & parameters, std::string & response)
{
int error = 0;
error = simplesecuresysteml("/etc/rc.d/rc.netaddress.down", NULL);
if (error)
{
response = "Unable to take down networking";
return error;
}
error = simplesecuresysteml("/etc/rc.d/rc.netaddress.up", NULL);
if (error)
{
response = "Unable to bring up networking";
return error;
}
return error;
}
int smoothinfo_generate(std::vector<std::string> & parameters, std::string & response)
{
int error = 0;
response = "smoothinfo: generating report...";
error = simplesecuresysteml("/usr/bin/smoothwall/smoothinfo.pl", NULL);
if (!error)
response = "smoothinfo: report generated successfully.";
else
response = "smoothinfo: unable to generate report";
return 0;
}
int smoothinfo_getchains(std::vector<std::string> & parameters, std::string & response)
{
int error = 0;
response = "smoothinfo: listing iptables chains...";
error = simplesecuresysteml("/usr/bin/smoothwall/getchains.pl", NULL);
if (!error)
response = "smoothinfo: list created successfully.";
else
response = "smoothinfo: unable to create list!";
return 0;
}
int uninstall_autoupdate(std::vector<std::string> & parameters, std::string & response)
{
int error = 0;
response = "Uninstalling snort rules auto update";
error = simplesecuresysteml("/var/smoothwall/mods/guardian/modfiles/autoupduninst.sh", NULL, NULL);
if (error)
response = "Uninstallation of snort rules auto updater failed!";
else
response = "Uninstallation of snort rules auto updater successful!";
return error;
}
int create_sidmap(std::vector<std::string> & parameters, std::string & response)
{
int error = 0;
response = "Creating SID msg map";
error = simplesecuresysteml("/usr/local/sbin/make-sidmap.pl", NULL, NULL);
if (error)
response = "Creation of SID msg map Failed!";
else
response = "Creation of SID msg map Successful";
return error;
}
//#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@>
int edit_crontab(std::vector<std::string> & parameters, std::string & response)
{
std::string cmdprefix = "/var/smoothwall";
std::string write2crontab = cmdprefix + "/timed_files/write2crontab.pl";
int error = 0;
response = "Editing crontab";
errrpt(response);
response = "Edit crontab successful";
error = simplesecuresysteml(write2crontab.c_str(), NULL, NULL);
if (error) response = "Edit crontab failed!";
return errrpt(response);
}
int set_traffic(std::vector<std::string> & parameters, std::string & response)
{
int error = 0;
struct stat sb;
if ((stat("/var/smoothwall/traffic/settings", &sb) == 0) && sb.st_mode & S_IRUSR)
{
error = simplesecuresysteml("/usr/bin/smoothwall/trafficloader.pl", NULL);
response = "Traffic restarted";
if (error)
response += stringprintf(" but with error return %d", error);
}
else
{
response = "No traffic settings file found!";
error = 1;
}
return error;
}
int start_guardian(std::vector<std::string> & parameters, std::string & response)
{
int error = 0;
std::vector<std::string>ipb;
ConfigVAR settings("/var/smoothwall/snort/settings");
if (settings["ENABLE_GUARD"] == "on")
{
response = "Guardian Process started";
error = simplesecuresysteml("/usr/local/sbin/guardian.pl", NULL, NULL);
error = ipbatch(ipb);
if (error)
response = "Guardian Start Failed!";
else
response = "Guardian Start Successful";
}
return error;
}
int shutdown_command(std::vector<std::string> & parameters, std::string & response, char action)
{
/* the parameter given to this function should be a time */
/* to wait before shutting down */
int time_hours = -1;
int time_to_wait = -1;
if (parameters.size() >= 1)
{
const char * position = parameters[ 0 ].c_str();
while (*position)
{
if (((*position) < '0' || (*position) > '9') && ((*position) != ':'))
{
response = "Invalid time identifier";
return 1;
}
else if ((*position) == ':')
time_hours = 1;
position++;
}
}
if (parameters.size() >= 1) time_to_wait = safeatoi(parameters[ 0 ]);
char shutdown_time[ 255 ];
if (time_hours == 1){
snprintf(shutdown_time, sizeof(shutdown_time) - 1, "%s", parameters[ 0 ].c_str());
} else if (time_to_wait > 0){
snprintf(shutdown_time, sizeof(shutdown_time) - 1, "+%d", time_to_wait);
} else {
snprintf(shutdown_time, sizeof(shutdown_time) - 1, "now");
}
unlink("/var/state/smoothd/shutdown");
simplesecuresysteml("/sbin/shutdown", "-c", NULL);
if (action != 'c')
{
pid_t child;
child = fork();
char command[ 255 ];
FILE * output = NULL;
switch (child)
{
case -1:
syslog(LOG_ERR, "Unable to create subprocess for shutdown sequence");
return 1;
case 0:
syslog(LOG_ERR, "Spawning child process\n");
switch (fork())
{
case -1:
syslog(LOG_ERR, "Unable to create subprocess for shutdown sequence (2)");
_exit(1);
case 0:
snprintf(command, sizeof(command) - 1, "-%c", action);
output = fopen("/var/state/smoothd/shutdown", "w");
if (output)
{
if (time_hours == 1)
fprintf(output, "%s", shutdown_time);
else
{
char tstr[ 256 ];
time_t t;
time(&t);
t += (time_to_wait*60);
strftime(tstr, 256, "%H:%M", localtime(&t));
fprintf(output, "%s", tstr);
}
fclose(output);
}
syslog(LOG_ERR, "Scheduling Shutdown \"shutdown -%c %s\"", action, shutdown_time);
simplesecuresysteml("/sbin/shutdown", command, shutdown_time, NULL);
_exit(1);
default:
_exit(0);
}
default:
waitpid(child, NULL, 0);
}
}
response = "Shutdown Scheduled";
return 0;
}
//#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@>
int ifaliasup(std::vector<std::string> & parameters, std::string & response)
{
int error = 0;
error = wrtaliases (response);
if (error) return errrpt(response);
std::vector<std::string> argv;
std::string cmdprefix = "/var/smoothwall";
std::string varfile = cmdprefix + "/portfw/snort.var";
std::string localipfile = "/var/smoothwall/red/local-ipaddress";
std::string aliasfile = cmdprefix + "/portfw/aliases";
ConfigCSV aliases(aliasfile);
ConfigSTR localip(localipfile);
std::string::size_type n;
char home_net[5000] = "";
char * hnptr = home_net;
FILE * varhandle;
if (localip.str() == "")
{
response = "Abort, could not open red local IP file (" + localipfile + ")";
return errrpt (response);
}
if (localip.str().find_first_not_of(IP_NUMBERS) != std::string::npos)
{
response = "Abort, bad local IP: " + localip.str();
return errrpt (response);
}
std::string homenet = "var HOME_NET [" + localip.str();
response = "Bringing alias interfaces up";
error = errrpt(response);
hnptr += sprintf(hnptr, "%s,", homenet.c_str());
for (int line = aliases.first(); line == 0; line = aliases.next())
{
std::string f_color = aliases[0];
std::string f_ifalias = aliases[1];
std::string f_ip = aliases[3];
std::string f_net = aliases[4];
std::string f_bcst = aliases[5];
if ((n = f_ifalias.find_first_of(":")) != std::string::npos && aliases[7] == "on")
{
// Add the alias to HOME_NET if it is enabled and we have room (with
// 255 aliases maximum should be less than 4878 plus 28 chars at finish)
if ((n = f_color.find("RED")) != std::string::npos)
hnptr += sprintf(hnptr, "%s,", f_ip.c_str());
errrpt("bringing up alias (" + f_ifalias + ")");
if (f_ifalias.find_first_of("p") != std::string::npos)
error += simplesecuresysteml("/sbin/ifconfig",f_ifalias.c_str(),f_ip.c_str(),
"netmask",f_net.c_str(),"up",NULL);
else
error += simplesecuresysteml("/sbin/ifconfig",f_ifalias.c_str(),f_ip.c_str(),
"netmask",f_net.c_str(),"broadcast",f_bcst.c_str(),"up",NULL);
}
}
// backup one space to overwrite the trailing comma
hnptr += sprintf(--hnptr, "]\n");
if (!(varhandle = fopen(varfile.c_str(), "w")))
{
response = "Abort, could not create or open (" + varfile + ") file";
return errrpt(response);
}
fputs((char*) home_net, varhandle);
fclose(varhandle);
errrpt("NOTE: snort should be restarted manually to update its HOME_NET value");
errrpt("NOTE: /etc/snort.conf can be further customized for each scenario");
response = "Successfully brought up alias interfaces.";
if (error) response = "Abort while bringing up alias interfaces";
return errrpt(response);
}
