#!/bin/bash # # Squidmanage v0.5 Matt Keadle (c) 02-14-2002 # Released under the terms of the GPL. ################################################################################ # Check for root if ! [ $(whoami) = 'root' ] ; then echo "You must be root to run this program"; exit 1; fi # Check for dialog if type -p dialog; then DIALOG="$(type -p dialog) --backtitle SquidManage_v0.05 --aspect 75"; else echo "dialog not found!"; exit 1; fi ############### Variables: ##################################################### TMP="/tmp/smout.$$" TMP2="/tmp/smout2.$$" blockdomainlocal="/etc/squid/denied_domains.acl" blockdomainlocalbackup="/etc/squid/denied_domains.backup" blockdomainglobal="/etc/squid/blacklist_porn.acl" blockfiles="/etc/squid/filetypes.acl" blockfilesbackup="/etc/squid/filetypes.acl.backup" blocksubnets="/etc/squid/student_domains.acl" blocksubnetsbackup="/etc/squid/student_domains.acl.backup" accesslog="/var/log/squid/access.log" cachedir="/var/cache/squid" domainchange="NO" filechange="NO" aclchange="NO" ## Begin helper functions: ################################################################################ squidstatus(){ if [ ! -f /var/run/squid.pid ] then $DIALOG --msgbox\ "Squid does not appear to be currently running!"\ 6 75 2> $TMP return 1 else $DIALOG --msgbox\ "Squid proxy server is currently running with\ process ID: $(cat /var/run/squid.pid)"\ 6 75 2> $TMP return 1 fi } squidstart(){ if [ -f /var/run/squid.pid ] then $DIALOG --msgbox\ "Squid proxy server is already running!\ Current process ID: $(cat /var/run/squid.pid)"\ 6 75 2> $TMP return 1 else /etc/init.d/squid start domainchange="NO" filechange="NO" aclchange="NO" fi } squidstop(){ /etc/init.d/squid stop domainchange="NO" filechange="NO" aclchange="NO" } cacherebuild(){ if [ -f /var/run/squid.pid ] then echo "YES" > $TMP2 else echo "NO" > $TMP2 fi $DIALOG --yesno\ "In order to clear and rebuild the web cache, Squid\ must be completely stopped. Are you sure you want\ to proceed?\n\n\ Squid currently running? $(cat $TMP2)\n\ Squid will be restarted? $(cat $TMP2)"\ 16 75 || return 1 squidstop rm -rf ${cachedir}/* squid -z [ $(cat $TMP2) = "YES" ] && squidstart } squidrestart(){ if [ -f /var/run/squid.pid ] then squid -k reconfigure echo "Squid restarted successfully" domainchange="NO" filechange="NO" aclchange="NO" if [ "$1" = "QUIT" ] then rm -f $TMP exit 0 fi else $DIALOG --msgbox\ "Squid not currently running! Nothing to restart!"\ 6 75 2> $TMP return 1 fi } blockdomainadd(){ if ! $DIALOG --ok-label "Add" --inputbox\ "Enter a new domain to block access to. Do not enter a\ leading subdomain, such as \"www\", but DO enter a an\ initial period UNLESS you are entering an IP address.\ For example, to block the domain www.sex.com, you would\ enter: .sex.com\n\ \n\n"\ 16 75 2> $TMP then return 1 fi if [ ! -z $(cat $TMP) ] then mv -f $blockdomainlocal $blockdomainlocalbackup cp $blockdomainlocalbackup $TMP2 echo "$(cat $TMP)" >> $TMP2 cat $TMP2 | sort | uniq > $blockdomainlocal domainchange="YES" else $DIALOG --msgbox "You didn't type anything!" 6 75 2> $TMP return 1 fi } blockdomaindel(){ if ! $DIALOG --ok-label "Remove" --inputbox\ "Enter a domain to remove from the block list. BE VERY\ CAREFUL WITH THIS! If you only enter a single word, EVERY\ domain which contains that word will be removed. Enter in\ the domain name EXACTLY as it appears in a search. It is\ recommended by the program author that you do not use this\ feature at all at the moment.\n\ \n\n"\ 16 75 2> $TMP then return 1 fi $DIALOG --msgbox\ "This feature will not be implemented untill further notice."\ 16 75 2> $TMP #domainchange="YES" } blockdomainsearch(){ if ! $DIALOG --exit-label "Return" --ok-label "Search" --inputbox\ "Enter a domain or keyword to search for. If searching\ for a domain, do not use a proceeding \"www.\". To list\ all blocked domains just press ENTER. Regular expressions\ are not allowed at this time, though they may be added in\ a future release.\n\ \n\n"\ 16 75 2> $TMP then return 1 fi grep -hi "$(cat $TMP)" $blockdomainlocal $blockdomainglobal > $TMP2 cat $TMP2 | wc -l > $TMP $DIALOG --title "total matches: $(cat $TMP)" --textbox $TMP2 21 75 } blockfileadd(){ if ! $DIALOG --ok-label "Add" --inputbox\ "Enter a new file extension to block at the proxy level.\ It is not necessary to include the proceeding \".\". For\ example, to add the extension .abc to the list, you only\ need to enter: abc\n\ \n\n"\ 16 75 2> $TMP then return 1 fi if [ ! -z $(cat $TMP) ] then grep -i "\\\\\.($(cat $TMP))\\\$" $blockfiles > $TMP2 if [ ! -z $(cat $TMP2) ] then $DIALOG --msgbox\ "The $(cat $TMP) extension is already in the\ restricted list!"\ 6 75 2> $TMP return 1 else echo "\.($(cat $TMP))$" >> $blockfiles cat $blockfiles | sort > $TMP mv -f $TMP $blockfiles $DIALOG --msgbox\ "The $(cat $TMP) extension has been added to the restricted\ list"\ 6 75 2> $TMP return 1 fi else $DIALOG --msgbox\ "You didn't type anything!"\ 6 75 2> $TMP return 1 fi filechange="YES" } blockfiledel(){ if ! $DIALOG --ok-label "Remove" --inputbox\ "Enter the file extension you would like to remove from\ those that are restricted. Do not include the proceeding\ \".\". For example, to remove the extension .abc from the\ list, you only enter: abc\n\ \n\n"\ 16 75 2> $TMP then return 1 fi if [ ! -z $(cat $TMP) ] then grep -i "\\\\\.($(cat $TMP))\\\$" $blockfiles > $TMP2 if [ -z $(cat $TMP2) ] then $DIALOG --msgbox\ "Cannot find $(cat $TMP) in the list of restricted extensions"\ 6 75 2> $TMP else sed -i -e "/$(cat $TMP)/d" $blockfiles $DIALOG --msgbox\ "The $(cat $TMP) extension has been removed from the restricted\ list"\ 6 75 2> $TMP fi else $DIALOG --msgbox "You didn't type anything!" 6 75 2> $TMP return 1 fi filechange="YES" } blockfilelist(){ rm -f $TMP2 while read EXTENSION do echo $EXTENSION | tr -d [\\\\\(\)\$]2 >> $TMP2 done < $blockfiles $DIALOG --title "Restricted file extensions" --textbox $TMP2 21 75 } blocksubnetadd(){ if ! $DIALOG --ok-label "Add" --inputbox\ "Enter a new subnet to add to the restricted subnet list.\ It should be entered in the form of NETID/BITMASK. For\ example: 192.168.1.0/24\n\ \n\n"\ 16 75 2> $TMP then return 1 fi if [ ! -z $(cat $TMP) ] then cat $TMP >> $blocksubnets cat $blocksubnets | sort > $TMP mv -f $TMP $blocksubnets aclchange="YES" else $DIALOG --msgbox "You didn't type anything!" 6 75 2> $TMP return 1 fi } blocksubnetdel(){ if ! $DIALOG --ok-label "Remove" --exit-label "Return" --inputbox\ "Enter a subnet to delete from the restricted subnet list.\ You only need to enter the netid without the bitmask. For\ example, to remove the entry 192.168.1.0/24 you would only\ enter: 192.168.1.0\n\ \n\n"\ 16 75 2> $TMP then return 1 fi if [ ! -z $(cat $TMP) ] then cat $blocksubnets > $TMP2 sed "/$(cat $TMP)/d" $TMP2 > $blocksubnets aclchange="YES" else $DIALOG --msgbox "You didn't type anything!" 6 75 2> $TMP return 1 fi } blocksubnetlist(){ $DIALOG --title "$blocksubnets" --textbox $blocksubnets 21 75 } accesslogmonitor(){ # clear # /bin/bash -c 'tail -f $accesslog | awk '{print $3 " - " $7}'' # return 1 $DIALOG --title "$accesslog" --tailbox $accesslog 21 75 return 1 } ## Begin submenu definitions: ################################################################################ ############### Squid process submenu: ######################################### squidsub(){ if ! $DIALOG --menu\ "Squid process management" 16 75 6\ "S " " Current status"\ "U " " Start Squid"\ "D " " Stop Squid"\ "R " " Restart Squid"\ "C " " Clear and rebuild cache"\ 2> $TMP then mainmenu fi case $(cat $TMP) in "S ") squidstatus ;; "U ") squidstart ;; "D ") squidstop ;; "R ") squidrestart ;; "C ") cacherebuild ;; esac squidsub } ############### Blocked domains submenu: ####################################### bdomainsub(){ if ! $DIALOG --menu\ "Blocked domain management" 16 75 6\ "A " " Add a restricted domain"\ "R " " Remove a restricted domain"\ "S " " Search blocked domains by keyword"\ 2> $TMP then mainmenu fi case $(cat $TMP) in "A ") blockdomainadd ;; "R ") blockdomaindel ;; "S ") blockdomainsearch ;; esac bdomainsub } ############### Blocked filetype submenu: ###################################### bfilesub(){ if ! $DIALOG --menu\ "Blocked filetype management" 16 75 6\ "A " " Add a restricted filetype"\ "R " " Remove a restricted filetype"\ "L " " List restricted filetypes"\ 2> $TMP then mainmenu fi case $(cat $TMP) in "A ") blockfileadd ;; "R ") blockfiledel ;; "L ") blockfilelist ;; esac bfilesub } ############### Access control submenu: ######################################## aclsub(){ if ! $DIALOG --menu\ "Subnet access control management" 16 75 6\ "A " " Add a restricted subnet"\ "R " " Remove a restricted subnet"\ "L " " List restricted subnets"\ 2> $TMP then mainmenu fi case $(cat $TMP) in "A ") blocksubnetadd ;; "R ") blocksubnetdel ;; "L ") blocksubnetlist ;; esac aclsub } ############### Log monitor submenu: ########################################### monitorsub(){ if ! $DIALOG --menu\ "Squid activity monitoring" 16 75 6\ "A " "Watch $accesslog"\ 2> $TMP then mainmenu fi case $(cat $TMP) in "A ") accesslogmonitor ;; esac monitorsub } ############### Main menu: ##################################################### mainmenu(){ if ! $DIALOG --menu\ "Main Menu" 16 75 6\ "S " " Squid process management"\ "B " " Blocked domains"\ "F " " Blocked filetypes"\ "A " " Access control lists"\ "M " " Realtime monitor"\ 2> $TMP then postprocess fi case $(cat $TMP) in "S ") squidsub ;; "B ") bdomainsub ;; "F ") bfilesub ;; "A ") aclsub ;; "M ") monitorsub ;; esac } ############### Postprocess checking: ########################################## postprocess(){ if [ "$domainchange" != "NO" ] || [ "$filechange" != "NO" ] || [ "$aclchange" != "NO" ]; then $DIALOG --yesno\ "Changes have been made that will not take immediate effect:\ \n\n Change in blocked domains: $domainchange\ \n Change in blocked filetypes: $filechange\ \n Change in restricted subnets: $aclchange\ \n\nDo you want to run 'squid -k reconfigure' now to active these changes?"\ 18 75 || exit 0 squidrestart QUIT else rm -f $TMP exit 0 fi } ############### Main: ########################################################## rm -f $TMP mainmenu exit $? ############### SquidManage END ################################################