#!/bin/sh # # Copyright (C) 2020 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as # published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. blacklist_url='ftp://ftp.univ-tlse1.fr/pub/reseau/cache/squidguard_contrib/blacklists.tar.gz' data_dir="/opt/vyatta/etc/config/url-filtering" archive="${data_dir}/squidguard/archive" db_dir="${data_dir}/squidguard/db" conf_file="/etc/squidguard/squidGuard.conf" tmp_conf_file="/tmp/sg_update_db.conf" #$1-category #$2-type #$3-list create_sg_db () { FILE=$db_dir/$1/$2 if test -f "$FILE"; then rm -f ${tmp_conf_file} printf "dbhome $db_dir\ndest $1 {\n $3 $1/$2\n}\nacl {\n default {\n pass any\n }\n}" >> ${tmp_conf_file} /usr/bin/squidGuard -b -c ${tmp_conf_file} -C $FILE rm -f ${tmp_conf_file} fi } while [ $# -gt 0 ] do case $1 in --update-blacklist) update="yes" ;; --auto-update-blacklist) auto="yes" ;; --vrf) vrf="yes" ;; (-*) echo "$0: error - unrecognized option $1" 1>&2; exit 1;; (*) break;; esac shift done if [ ! -d ${db_dir} ]; then mkdir -p ${db_dir} getent passwd proxy 2> /dev/null if [ $? -ne 0 ]; then echo "proxy system user does not exist" exit 1 fi getent group proxy 2> /dev/null if [ $? -ne 0 ]; then echo "proxy system group does not exist" exit 1 fi chown proxy:proxy ${db_dir} fi free_space=$(expr $(df ${db_dir} | grep -v Filesystem | awk '{print $4}') \* 1024) mb_size="100" required_space=$(expr $mb_size \* 1024 \* 1024) # 100 MB if [ ${free_space} -le ${required_space} ]; then echo "Error: not enough disk space, required ${mb_size} MiB" exit 1 fi if [[ -n $update ]] && [[ $update -eq "yes" ]]; then tmp_blacklists='/tmp/blacklists.gz' if [[ -n $vrf ]] && [[ $vrf -eq "yes" ]]; then sudo ip vrf exec $1 curl -o $tmp_blacklists $blacklist_url else curl -o $tmp_blacklists $blacklist_url fi if [ $? -ne 0 ]; then echo "Unable to download [$blacklist_url]!" exit 1 fi echo "Uncompressing blacklist..." tar --directory /tmp -xf $tmp_blacklists if [ $? -ne 0 ]; then echo "Unable to uncompress [$blacklist_url]!" fi if [ ! -d ${archive} ]; then mkdir -p ${archive} fi rm -rf ${archive}/* count_before=$(find ${db_dir} -type f \( -name domains -o -name urls \) | xargs wc -l | tail -n 1 | awk '{print $1}') mv ${db_dir}/* ${archive} 2> /dev/null mv /tmp/blacklists/* ${db_dir} if [ $? -ne 0 ]; then echo "Unable to install [$blacklist_url]" exit 1 fi mv ${archive}/local-* ${db_dir} 2> /dev/null rm -rf /tmp/blacklists $tmp_blacklists 2> /dev/null count_after=$(find ${db_dir} -type f \( -name domains -o -name urls \) | xargs wc -l | tail -n 1 | awk '{print $1}') # fix permissions chown -R proxy:proxy ${db_dir} #create db category_list=(`find $db_dir -type d -exec basename {} \; `) for category in ${category_list[@]} do create_sg_db $category "domains" "domainlist" create_sg_db $category "urls" "urllist" create_sg_db $category "expressions" "expressionlist" done chown -R proxy:proxy ${db_dir} chmod 755 ${db_dir} logger --priority WARNING "webproxy blacklist entries updated (${count_before}/${count_after})" else echo "SquidGuard blacklist updater" echo "" echo "Usage:" echo "--update-blacklist Download latest version of the SquidGuard blacklist" echo "--auto-update-blacklist Automatically update" echo "" exit 1 fi