src/op_mode/webproxy_update_blacklist.sh


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104

#!/bin/sh
#
# Copyright (C) 2020 VyOS maintainers and contributors
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2 or later as
# published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.

blacklist_url='ftp://ftp.univ-tlse1.fr/pub/reseau/cache/squidguard_contrib/blacklists.tar.gz'
data_dir="/opt/vyatta/etc/config/url-filtering"
archive="${data_dir}/squidguard/archive"
db_dir="${data_dir}/squidguard/db"

while [ $# -gt 0 ]
do
    case $1 in
    --update-blacklist)
        update="yes"
        ;;
    --auto-update-blacklist)
        auto="yes"
        ;;
    (-*) echo "$0: error - unrecognized option $1" 1>&2; exit 1;;
    (*) break;;
    esac
    shift
done

if [ ! -d ${db_dir} ]; then
    mkdir -p ${db_dir}
    getent passwd proxy 2> /dev/null
    if [ $? -ne 0 ]; then
        echo "proxy system user does not exist"
        exit 1
    fi
    getent group proxy 2> /dev/null
    if [ $? -ne 0 ]; then
        echo "proxy system group does not exist"
        exit 1
    fi
    chown proxy:proxy ${db_dir}
fi

free_space=$(expr $(df ${db_dir} | grep -v Filesystem | awk '{print $4}') \* 1024)
mb_size="100"
required_space=$(expr $mb_size \* 1024 \* 1024) # 100 MB
if [ ${free_space} -le ${required_space} ]; then
    echo "Error: not enough disk space, required  ${mb_size} MiB"
    exit 1
fi

if [[ -n $update ]] && [[ $update -eq "yes" ]]; then
    tmp_blacklists='/tmp/blacklists.gz'
    curl -o $tmp_blacklists $blacklist_url
    if [ $? -ne 0 ]; then
        echo "Unable to download [$blacklist_url]!"
        exit 1
    fi
    echo "Uncompressing blacklist..."
    tar --directory /tmp -xf $tmp_blacklists
    if [ $? -ne 0 ]; then
        echo "Unable to uncompress [$blacklist_url]!"
    fi

    if [ ! -d ${archive} ]; then
        mkdir -p ${archive}
    fi

    rm -rf ${archive}/*
    count_before=$(find ${db_dir} -type f \( -name domains -o -name urls \) | xargs wc -l | tail -n 1 | awk '{print $1}')
    mv ${db_dir}/* ${archive} 2> /dev/null
    mv /tmp/blacklists/* ${db_dir}
    if [ $? -ne 0 ]; then
        echo "Unable to install [$blacklist_url]"
        exit 1
    fi
    mv ${archive}/local-* ${db_dir} 2> /dev/null
    rm -rf /tmp/blacklists $tmp_blacklists 2> /dev/null
    count_after=$(find ${db_dir} -type f \( -name domains -o -name urls \) | xargs wc -l | tail -n 1 | awk '{print $1}')

    # fix permissions
    chown -R proxy:proxy ${db_dir}
    chmod 2770 ${db_dir}

    logger --priority WARNING "webproxy blacklist entries updated (${count_before}/${count_after})"

else
    echo "SquidGuard blacklist updater"
    echo ""
    echo "Usage:"
    echo "--update-blacklist            Download latest version of the SquidGuard blacklist"
    echo "--auto-update-blacklist       Automatically update"
    echo ""
    exit 1
fi