Dansguardian package for 2.0
-
I recently upgraded to pfSense 2.1 and am having trouble with the DansGuardian package.
I noticed that the "Denied Access" page was not rendering the correct html from the Report File text box under the Report and Log tab.
It appears the DansGuardian package 2.12.0.3 v.0.1.8 on my system is writing the Report File html to this location:
/usr/local/share/dansguardian/languages/ukenglish/template.htmlBut on pfSense 2.1, the DansGuardian package is using this location for the Access Denied html:
/usr/pbi/dansguardian-amd64/share/dansguardian/languages/ukenglish/template.htmlbryan.paradis recommended that I create a symlink to the file managed by the web gui:
https://forum.pfsense.org/index.php/topic,73058.msg398551.html#msg398551It seems to me that a reinstall of Dans Guardian will overwrite the symlink. I also have concerns that changes to my ACLs may not be working correctly, but I have not completed extensive testing yet.
Is this issue something you are already aware of, or could it be unique to my system? The system is a Netgate 7451 upgraded to 2.1-RELEASE (amd64) using the web interface for Firmware Update.
-
Hey marcelloc,
Looks like here you pass the dansguardian_dir to $dg_dir when creating dansguardianfx.conf.
#dansguardian.inc $dg_dir=DANSGUARDIAN_DIR; include("/usr/local/pkg/dansguardianfx.conf.template"); file_put_contents($dansguardian_dir."/dansguardianf".$count.".conf", $dgf, LOCK_EX);
#dansguardian.conf.template languagedir = '{$dg_dir}/share/dansguardian/languages' # language to use from languagedir. language = '{$reportlanguage}'
This will reference the pbi directory but in the php code below as you can see it isn't referencing the dansguardian_dir thus not referencing the pbi folder which is being set as the path in the conf file.
#log report if ($dansguardian_log['report_file']=="" && file_exists("/usr/local/share/dansguardian/languages/".$reportlanguage."/template.html")){ $report_file=file_get_contents("/usr/local/share/dansguardian/languages/".$reportlanguage."/template.html"); $report_file=preg_replace('/<.*(html|head)>/','',$report_file); $config['installedpackages']['dansguardianlog']['config'][0]['report_file']=base64_encode($report_file); $dansguardian_log['report_file']=base64_encode($report_file); $load_samples++;
And
#dansguardian.inc #Create report template if (is_dir("/usr/local/share/dansguardian/languages/".$reportlanguage)) file_put_contents("/usr/local/share/dansguardian/languages/".$reportlanguage."/template.html",dg_text_area_decode($dansguardian_log['report_file']),LOCK_EX);
dansguardian_dir needs to be appended to the front of the paths
Lines 927-928
if (is_dir(DANSGUARDIAN_DIR."/usr/local/share/dansguardian/languages/".$reportlanguage)) file_put_contents(DANSGUARDIAN_DIR."/usr/local/share/dansguardian/languages/".$reportlanguage."/template.html",dg_text_area_decode($dansguardian_log['report_file']),LOCK_EX);
Lines 694-695
#dansguardian.inc if ($dansguardian_log['report_file']=="" && file_exists(DANSGUARDIAN_DIR."/usr/local/share/dansguardian/languages/".$reportlanguage."/template.html")){ $report_file=file_get_contents(DANSGUARDIAN_DIR."/usr/local/share/dansguardian/languages/".$reportlanguage."/template.html");
Update: Nevermind looks like they are already symlinked on a fresh install I am not sure why sgirard had a problem in the first place :-X Though I suppose it could be cleaned up considering you are setting the path based on what pfversion is running already?
[2.1-RELEASE][root@pfsense.localdomain]/usr/local/share/dansguardian/languages/ukenglish(15): ls -la total 3 drwxr-xr-x 2 root wheel 512 Feb 25 06:45 . drwxr-xr-x 29 root wheel 1024 Feb 25 06:45 .. lrwxr-xr-x 1 root wheel 87 Feb 25 06:45 fancydmtemplate.html -> /usr/pbi/dansguardian-amd64/share/dansguardian/languages/ukenglish/fancydmtemplate.html lrwxr-xr-x 1 root wheel 75 Feb 25 06:45 messages -> /usr/pbi/dansguardian-amd64/share/dansguardian/languages/ukenglish/messages lrwxr-xr-x 1 root wheel 80 Feb 25 06:45 template.html -> /usr/pbi/dansguardian-amd64/share/dansguardian/languages/ukenglish/template.html
-
Hi there.
Is there any way to put timeframe in DG?
I need to block access for certain users to certain sites. For example, users in DG group "office" are not allowed to access social nets and web-videos at working hours. Outside working hours they can.
Can I do that in DG itself or need to use FW rules or Squidguard along with it?
Thanks.
-
https://forum.pfsense.org/index.php?topic=67066.0
-
Hola Marcelo!
Just saw that there is a new version on DG for download in the package manager. Can you please provide a changelog? Has the missing CLAMAV issue been corrected in this new package?
Thanks!
F.
-
Hola Marcelo!
Just saw that there is a new version on DG for download in the package manager. Can you please provide a changelog? Has the missing CLAMAV issue been corrected in this new package?
Thanks!
F.
There were a bunch of pbi's that were updated.. I think these are the lastest freebsd ports and not from the developers
https://github.com/pfsense/pfsense-packages/commit/62559c79ad7d5033b285ca0dc65bccf0f88f72bd
-
Ha… so likely CLAMD is still not in that package :( Bummer.
Thanks for the info!
Hola Marcelo!
Just saw that there is a new version on DG for download in the package manager. Can you please provide a changelog? Has the missing CLAMAV issue been corrected in this new package?
Thanks!
F.
There were a bunch of pbi's that were updated.. I think these are the lastest freebsd ports and not from the developers
https://github.com/pfsense/pfsense-packages/commit/62559c79ad7d5033b285ca0dc65bccf0f88f72bd
-
Can someone please explain why DG is not being compiled with CLAMAV support yet again?
-
Marcelo is probably busy right now work.. He does this on his own time..
-
The "core team" now compile the packages. DG has been compiled without ClamAV support for almost 3 months now. See this post https://forum.pfsense.org/index.php?topic=75005.msg417411#msg417411
The "core team" are not contactable. I am not sure how/who to escalate too.
This experience has been very disappointing.
-
if you really need ClamAV, use Squid 3-Dev. Works for me using i386 firmware..
I've read the link you sent but still dont get this statement: The "core team" now compile the packages.
try https://lists.pfsense.org/mailman/listinfo/dev if you want to send an email to the pfsense developers or post a bug on redmine.pfsense.org