From 1ad7c634c754abd71f079e44cd038fb2326cd89f Mon Sep 17 00:00:00 2001 From: Andy Binder Date: Mon, 5 May 2025 16:52:33 +0200 Subject: [PATCH] www/c-icap: move to syslog (#4674) --- .../src/etc/inc/plugins.inc.d/cicap.inc | 9 +++++++++ .../app/models/OPNsense/CICAP/Menu/Menu.xml | 2 +- .../opnsense/scripts/OPNsense/CICAP/setup.sh | 6 ------ .../service/templates/OPNsense/CICAP/+TARGETS | 1 - .../templates/OPNsense/CICAP/c-icap.conf | 20 ++++++++++++++----- .../templates/OPNsense/CICAP/newsyslog.conf | 7 ------- .../service/templates/Syslog/local/cicap.conf | 6 ++++++ 7 files changed, 31 insertions(+), 20 deletions(-) delete mode 100644 www/c-icap/src/opnsense/service/templates/OPNsense/CICAP/newsyslog.conf create mode 100644 www/c-icap/src/opnsense/service/templates/Syslog/local/cicap.conf diff --git a/www/c-icap/src/etc/inc/plugins.inc.d/cicap.inc b/www/c-icap/src/etc/inc/plugins.inc.d/cicap.inc index 305408d15..d2528499d 100644 --- a/www/c-icap/src/etc/inc/plugins.inc.d/cicap.inc +++ b/www/c-icap/src/etc/inc/plugins.inc.d/cicap.inc @@ -26,6 +26,15 @@ POSSIBILITY OF SUCH DAMAGE. */ +function cicap_syslog() +{ + return [ + 'cicap' => [ + 'facility' => ['c-icap'] + ] + ]; +} + function cicap_services() { global $config; diff --git a/www/c-icap/src/opnsense/mvc/app/models/OPNsense/CICAP/Menu/Menu.xml b/www/c-icap/src/opnsense/mvc/app/models/OPNsense/CICAP/Menu/Menu.xml index 326a689d0..f408f8109 100644 --- a/www/c-icap/src/opnsense/mvc/app/models/OPNsense/CICAP/Menu/Menu.xml +++ b/www/c-icap/src/opnsense/mvc/app/models/OPNsense/CICAP/Menu/Menu.xml @@ -2,7 +2,7 @@ - + diff --git a/www/c-icap/src/opnsense/scripts/OPNsense/CICAP/setup.sh b/www/c-icap/src/opnsense/scripts/OPNsense/CICAP/setup.sh index 8e29386a1..b5b219563 100755 --- a/www/c-icap/src/opnsense/scripts/OPNsense/CICAP/setup.sh +++ b/www/c-icap/src/opnsense/scripts/OPNsense/CICAP/setup.sh @@ -4,11 +4,5 @@ mkdir -p /var/run/c-icap chown -R c_icap:c_icap /var/run/c-icap chmod 750 /var/run/c-icap -mkdir -p /var/log/c-icap -chown -R c_icap:c_icap /var/log/c-icap -chmod 750 /var/log/c-icap -(cd /var/log && ln -s c-icap cicap) -chown -R c_icap:c_icap /var/log/cicap - mkdir -p /tmp/c-icap/templates/virus_scan/en chmod -R 755 /tmp/c-icap/ diff --git a/www/c-icap/src/opnsense/service/templates/OPNsense/CICAP/+TARGETS b/www/c-icap/src/opnsense/service/templates/OPNsense/CICAP/+TARGETS index 4be92f826..07687be79 100644 --- a/www/c-icap/src/opnsense/service/templates/OPNsense/CICAP/+TARGETS +++ b/www/c-icap/src/opnsense/service/templates/OPNsense/CICAP/+TARGETS @@ -1,6 +1,5 @@ c_icap:/etc/rc.conf.d/c_icap c-icap.conf:/usr/local/etc/c-icap/c-icap.conf -newsyslog.conf:/etc/newsyslog.conf.d/c-icap virus_scan.conf:/usr/local/etc/c-icap/virus_scan.conf VIRUS_FOUND:/tmp/c-icap/templates/virus_scan/en/VIRUS_FOUND VIR_MODE_HEAD:/tmp/c-icap/templates/virus_scan/en/VIR_MODE_HEAD diff --git a/www/c-icap/src/opnsense/service/templates/OPNsense/CICAP/c-icap.conf b/www/c-icap/src/opnsense/service/templates/OPNsense/CICAP/c-icap.conf index 27b16b44e..8f25c2638 100644 --- a/www/c-icap/src/opnsense/service/templates/OPNsense/CICAP/c-icap.conf +++ b/www/c-icap/src/opnsense/service/templates/OPNsense/CICAP/c-icap.conf @@ -46,7 +46,11 @@ ServerName {{ system.hostname }} {% if helpers.exists('OPNsense.proxy.forward.icap.SendUsername') and OPNsense.proxy.forward.icap.SendUsername == '1' %} RemoteProxyUsers on acl AUTH auth * -acl localserver srvip 127.0.0.1 +{% if not helpers.empty('OPNsense.cicap.general.listenaddress') %} +acl localserver srvip {{ OPNsense.cicap.general.listenaddress }} +{% else %} +acl localserver srvip ::1 +{% endif %} icap_access allow AUTH localserver {% else %} RemoteProxyUsers off @@ -62,7 +66,11 @@ RemoteProxyUserHeader {{OPNsense.proxy.forward.icap.UsernameHeader}} {% else %} RemoteProxyUsers on acl AUTH auth * -acl localserver srvip 127.0.0.1 +{% if not helpers.empty('OPNsense.cicap.general.listenaddress') %} +acl localserver srvip {{ OPNsense.cicap.general.listenaddress }} +{% else %} +acl localserver srvip ::1 +{% endif %} icap_access allow AUTH localserver RemoteProxyUserHeaderEncoded on RemoteProxyUserHeader X-Authenticated-User @@ -77,9 +85,11 @@ ServicesDir /usr/local/lib/c_icap TemplateDir /tmp/c-icap/templates/ TemplateDefaultLanguage en LoadMagicFile /usr/local/etc/c-icap/c-icap.magic -ServerLog /var/log/c-icap/server.log -{% if helpers.exists('OPNsense.cicap.general.enable_accesslog') and OPNsense.cicap.general.enable_accesslog == '1' %} -AccessLog /var/log/c-icap/access.log +Module logger sys_logger.so +Logger sys_logger +sys_logger.Prefix "c-icap" +{% if helpers.exists('OPNsense.cicap.general.enable_accesslog') and OPNsense.cicap.general.enable_accesslog == '0' %} +sys_logger.access !localserver {% endif %} Service echo srv_echo.so Include virus_scan.conf diff --git a/www/c-icap/src/opnsense/service/templates/OPNsense/CICAP/newsyslog.conf b/www/c-icap/src/opnsense/service/templates/OPNsense/CICAP/newsyslog.conf deleted file mode 100644 index 1edd4401f..000000000 --- a/www/c-icap/src/opnsense/service/templates/OPNsense/CICAP/newsyslog.conf +++ /dev/null @@ -1,7 +0,0 @@ -# logfilename [owner:group] mode count size when flags [/pid_file] [sig_num] -{% if helpers.exists('OPNsense.cicap.general.enabled') and OPNsense.cicap.general.enabled|default("0") == "1" %} -{% if helpers.exists('OPNsense.cicap.general.enable_accesslog') and OPNsense.cicap.general.enable_accesslog == '1' %} -/var/log/c-icap/access.log c_icap:c_icap 644 7 * @T00 ZB /var/run/c-icap/c-icap.pid -{% endif %} -/var/log/c-icap/server.log c_icap:c_icap 644 7 * @T00 ZB /var/run/c-icap/c-icap.pid -{% endif %} diff --git a/www/c-icap/src/opnsense/service/templates/Syslog/local/cicap.conf b/www/c-icap/src/opnsense/service/templates/Syslog/local/cicap.conf new file mode 100644 index 000000000..53a9a536d --- /dev/null +++ b/www/c-icap/src/opnsense/service/templates/Syslog/local/cicap.conf @@ -0,0 +1,6 @@ +################################################################### +# Local syslog-ng configuration filter definition [cicap]. +################################################################### +filter f_local_cicap { + program("c-icap"); +}; \ No newline at end of file