diff --git a/www/c-icap/src/etc/inc/plugins.inc.d/cicap.inc b/www/c-icap/src/etc/inc/plugins.inc.d/cicap.inc index 305408d15..d2528499d 100644 --- a/www/c-icap/src/etc/inc/plugins.inc.d/cicap.inc +++ b/www/c-icap/src/etc/inc/plugins.inc.d/cicap.inc @@ -26,6 +26,15 @@ POSSIBILITY OF SUCH DAMAGE. */ +function cicap_syslog() +{ + return [ + 'cicap' => [ + 'facility' => ['c-icap'] + ] + ]; +} + function cicap_services() { global $config; diff --git a/www/c-icap/src/opnsense/mvc/app/models/OPNsense/CICAP/Menu/Menu.xml b/www/c-icap/src/opnsense/mvc/app/models/OPNsense/CICAP/Menu/Menu.xml index 326a689d0..f408f8109 100644 --- a/www/c-icap/src/opnsense/mvc/app/models/OPNsense/CICAP/Menu/Menu.xml +++ b/www/c-icap/src/opnsense/mvc/app/models/OPNsense/CICAP/Menu/Menu.xml @@ -2,7 +2,7 @@ - + diff --git a/www/c-icap/src/opnsense/scripts/OPNsense/CICAP/setup.sh b/www/c-icap/src/opnsense/scripts/OPNsense/CICAP/setup.sh index 8e29386a1..b5b219563 100755 --- a/www/c-icap/src/opnsense/scripts/OPNsense/CICAP/setup.sh +++ b/www/c-icap/src/opnsense/scripts/OPNsense/CICAP/setup.sh @@ -4,11 +4,5 @@ mkdir -p /var/run/c-icap chown -R c_icap:c_icap /var/run/c-icap chmod 750 /var/run/c-icap -mkdir -p /var/log/c-icap -chown -R c_icap:c_icap /var/log/c-icap -chmod 750 /var/log/c-icap -(cd /var/log && ln -s c-icap cicap) -chown -R c_icap:c_icap /var/log/cicap - mkdir -p /tmp/c-icap/templates/virus_scan/en chmod -R 755 /tmp/c-icap/ diff --git a/www/c-icap/src/opnsense/service/templates/OPNsense/CICAP/+TARGETS b/www/c-icap/src/opnsense/service/templates/OPNsense/CICAP/+TARGETS index 4be92f826..07687be79 100644 --- a/www/c-icap/src/opnsense/service/templates/OPNsense/CICAP/+TARGETS +++ b/www/c-icap/src/opnsense/service/templates/OPNsense/CICAP/+TARGETS @@ -1,6 +1,5 @@ c_icap:/etc/rc.conf.d/c_icap c-icap.conf:/usr/local/etc/c-icap/c-icap.conf -newsyslog.conf:/etc/newsyslog.conf.d/c-icap virus_scan.conf:/usr/local/etc/c-icap/virus_scan.conf VIRUS_FOUND:/tmp/c-icap/templates/virus_scan/en/VIRUS_FOUND VIR_MODE_HEAD:/tmp/c-icap/templates/virus_scan/en/VIR_MODE_HEAD diff --git a/www/c-icap/src/opnsense/service/templates/OPNsense/CICAP/c-icap.conf b/www/c-icap/src/opnsense/service/templates/OPNsense/CICAP/c-icap.conf index 27b16b44e..8f25c2638 100644 --- a/www/c-icap/src/opnsense/service/templates/OPNsense/CICAP/c-icap.conf +++ b/www/c-icap/src/opnsense/service/templates/OPNsense/CICAP/c-icap.conf @@ -46,7 +46,11 @@ ServerName {{ system.hostname }} {% if helpers.exists('OPNsense.proxy.forward.icap.SendUsername') and OPNsense.proxy.forward.icap.SendUsername == '1' %} RemoteProxyUsers on acl AUTH auth * -acl localserver srvip 127.0.0.1 +{% if not helpers.empty('OPNsense.cicap.general.listenaddress') %} +acl localserver srvip {{ OPNsense.cicap.general.listenaddress }} +{% else %} +acl localserver srvip ::1 +{% endif %} icap_access allow AUTH localserver {% else %} RemoteProxyUsers off @@ -62,7 +66,11 @@ RemoteProxyUserHeader {{OPNsense.proxy.forward.icap.UsernameHeader}} {% else %} RemoteProxyUsers on acl AUTH auth * -acl localserver srvip 127.0.0.1 +{% if not helpers.empty('OPNsense.cicap.general.listenaddress') %} +acl localserver srvip {{ OPNsense.cicap.general.listenaddress }} +{% else %} +acl localserver srvip ::1 +{% endif %} icap_access allow AUTH localserver RemoteProxyUserHeaderEncoded on RemoteProxyUserHeader X-Authenticated-User @@ -77,9 +85,11 @@ ServicesDir /usr/local/lib/c_icap TemplateDir /tmp/c-icap/templates/ TemplateDefaultLanguage en LoadMagicFile /usr/local/etc/c-icap/c-icap.magic -ServerLog /var/log/c-icap/server.log -{% if helpers.exists('OPNsense.cicap.general.enable_accesslog') and OPNsense.cicap.general.enable_accesslog == '1' %} -AccessLog /var/log/c-icap/access.log +Module logger sys_logger.so +Logger sys_logger +sys_logger.Prefix "c-icap" +{% if helpers.exists('OPNsense.cicap.general.enable_accesslog') and OPNsense.cicap.general.enable_accesslog == '0' %} +sys_logger.access !localserver {% endif %} Service echo srv_echo.so Include virus_scan.conf diff --git a/www/c-icap/src/opnsense/service/templates/OPNsense/CICAP/newsyslog.conf b/www/c-icap/src/opnsense/service/templates/OPNsense/CICAP/newsyslog.conf deleted file mode 100644 index 1edd4401f..000000000 --- a/www/c-icap/src/opnsense/service/templates/OPNsense/CICAP/newsyslog.conf +++ /dev/null @@ -1,7 +0,0 @@ -# logfilename [owner:group] mode count size when flags [/pid_file] [sig_num] -{% if helpers.exists('OPNsense.cicap.general.enabled') and OPNsense.cicap.general.enabled|default("0") == "1" %} -{% if helpers.exists('OPNsense.cicap.general.enable_accesslog') and OPNsense.cicap.general.enable_accesslog == '1' %} -/var/log/c-icap/access.log c_icap:c_icap 644 7 * @T00 ZB /var/run/c-icap/c-icap.pid -{% endif %} -/var/log/c-icap/server.log c_icap:c_icap 644 7 * @T00 ZB /var/run/c-icap/c-icap.pid -{% endif %} diff --git a/www/c-icap/src/opnsense/service/templates/Syslog/local/cicap.conf b/www/c-icap/src/opnsense/service/templates/Syslog/local/cicap.conf new file mode 100644 index 000000000..53a9a536d --- /dev/null +++ b/www/c-icap/src/opnsense/service/templates/Syslog/local/cicap.conf @@ -0,0 +1,6 @@ +################################################################### +# Local syslog-ng configuration filter definition [cicap]. +################################################################### +filter f_local_cicap { + program("c-icap"); +}; \ No newline at end of file