LinuxMCE Forums
General => Developers => Topic started by: Govo on August 24, 2015, 10:38:21 pm
-
Hi Folks
Working on a little project for dansguardian and squid3, mostly dansguardian, but have ran into a problem, is there away for PHP to execute sudo command.
I need to execute /etc/init.d/dansguardian restart using PHP, I have seen the command in some php files in lmce-admin, but I just can't get it to work. do I need to include some files belonging to LMCE?
Once I get pass this part my project will rolling, here is a quick video of what I have achieved so far
https://www.dropbox.com/sh/b4kwchpa153e6sr/AADbS964eH9DpuBLFCEKSON6a?dl=0 (https://www.dropbox.com/sh/b4kwchpa153e6sr/AADbS964eH9DpuBLFCEKSON6a?dl=0)
I have made some changes since this video..etc added in a delete button to remove blocked sites.
Any help would be great,
Govo
-
sudo isn't allowed from php for everything.
Look at /etc/sudoers to understand what is possible, and what is not. In general, it makes sense to put a bash script into a well known place and use that for whatever is needed.
-
Ah spot on, done some research last night and got it to work, just need to figure out why the page returns an error of no response back from server.
other than that, the project goes. on.
I can now update blocked sites, added exceptional Ip address and allow exceptional file types such as .mp3 .zip.
Thanks for the advice Posde much appreciated
Gov.
-
yvw - thanks for working on LinuxMCE
-
fyi all, we're in the AgoControl section here. But just wanted to add that in LinuxMCE apache will permit script execution from the /usr/pluto/bin directory. Put your scripts there and they will be executable from php under apache.
J.
-
Hi Posde & Phenigma
Thanks for the replies.
The problem wasn't the PHP script, you had to allow access in the visudo ( Posde thanks for pointing me in right the direction ), according to a topic on the the internet the permission is
# Cmnd alias specification
Cmnd_Alias DANSGUARDIAN = /etc/init.d/dansguardian, /usr/sbin/dansguardian
# User privilege specification
root ALL=(ALL) ALL
www-data ALL=NOPASSWD: DANSGUARDIAN
# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL
%www-data ALL=NOPASSWD: DANSGUARDIAN
This allowed PHP to executed the command to restart DansGuardian.
You can see it working in this quick video, to get around the error of no response received from the server after submitting the command, I put in a 10 second delay, and then a finish button to bring you back home.
https://www.dropbox.com/s/mv2m300lhf0rjf8/videoclip2%20DansGuardian%20restart.mp4?dl=0 (https://www.dropbox.com/s/mv2m300lhf0rjf8/videoclip2%20DansGuardian%20restart.mp4?dl=0)
In order for the PHP scripts to work, visudo has to be edited with the above code, writes access given to the dansguardian LISTS folder.
I have written a PHP script to check if the database exists, if not, create the database and import the tables.
Here's a short video of it creating the database and then importing the sql file
https://www.dropbox.com/s/vh83kyopg86sxkl/databaseimportandcreate.mp4?dl=0 (https://www.dropbox.com/s/vh83kyopg86sxkl/databaseimportandcreate.mp4?dl=0)
I am working on this as a plugin, it has its own folder inside the /var/www/lmce-admin, this allows me to move it to any version of LMCE, the only cache is, DansGuardian and squid3 have to be installed first and some editing done to the IP-tables.
On that note, thanks for the replies I will keep you posted!
Gov.
-
Govo this *REALLY* awesome stuff! The current proxy/filter menu items are hidden if the lmce packages are not installed. Alblasco has been working on the firewall stuff and has some things prepared but I'm not sure how much. It'd be really great if you could get together with him in IRC and work out any remaining issues :)
I know next to nothing about iptables but let me know if I can help in the install/packaging department to bring this to everyone!
Thanks for working on LinuxMCE btw!!
J.
-
Hi phenigma
No problem at all, I will try and hook up in IRC, it would great if the LMCE users went this, I am offer this for free when I am finish.
What I got done to day is added in the categories to database and then allow them to be enabled through buttons, tomorrow I will finish this section off so that it updates the DSG. this was huge file to get in!
Check this short video clip.
https://www.dropbox.com/s/fdu4cakckxp5hrx/categories.mp4?dl=0 (https://www.dropbox.com/s/fdu4cakckxp5hrx/categories.mp4?dl=0)
I have also found away to disable filtering and enable it again, but it brings me back visudo to get the command to executed, I go at that tomorrow.
Time to call it night for now !
Cheers Gov
-
Hi Folks
First, I would like to say to Alblasco well done on working on the web-filter and proxy, I had a look at your php scripts and to be honest, they are way to complicated for my PHP skills, but great work tough, I really need to understand global php verbs.!
I have done great progress in my own project, have fully understood how to execute sudo commands in PHP, Phenigma, /usr/pluto/bin is the correct place for .sh files, thanks for the advice.
On that Note..let me get to were it is.
I can now disable & enable categories .ie blacklist folder, I can disable and enable the filtering on & off for the system at the click of button, great for when you are web designing and stuff.
So the project is going so good, with a click of a button I can
Blocked & delete websites
Add & delete exception IP address
Add & delete exceptional file types
Add & delete allowed websites
Enabled & disable Categories .ie blacklist
Check out the this short video clip to see it in action. https://www.dropbox.com/s/scxmtf8datd2t1m/enable%20and%20disable%20filters%20%20plus%20categories.mp4?dl=0 (https://www.dropbox.com/s/scxmtf8datd2t1m/enable%20and%20disable%20filters%20%20plus%20categories.mp4?dl=0)
In the video I didn't update DansGurdian on the categories section as some of the blacklist files are missing, and in return DansGurdian won't restart as it cannot include the files.
I have updated the blacklist folder from the below url this even and after extracting more files and folders are missing.
http://urlblacklist.com/cgi-bin/commercialdownload.pl?type=download&file=bigblacklist
When testing this morning I was only missing the below list , but after updating some of them are back and some of them are gone.
Adult
childcare
forums
Publicite
redirector
ringtones
Violence
virus Infected
So if anyone has a full list/backup please zip it and give me a link to download them so I can fully test it, I would be great full.
To do
Allow time access
Import MD IP address to the exception IP address from the pluto_main database.
Create an Android app for access to the site, for now the browser works well
Add login and password box.
Overall its going good and thanks for reading ...!
Gov
-
Hi Folks
Just given a quick update.
In the video I didn't update DansGurdian on the categories section as some of the blacklist files are missing, and in return DansGurdian won't restart as it cannot include the files.
I have updated the blacklist folder from the below url this even and after extracting more files and folders are missing.
http://urlblacklist.com/cgi-bin/commercialdownload.pl?type=download&file=bigblacklist
Update, I have put in check to see if the folder exist, if the folder doesn't highlight in RED warning else give a green tick that every is OK to enable
see screen shot here https://www.dropbox.com/s/3dolzlwtweh6520/category%20warning%20.png?dl=0 (https://www.dropbox.com/s/3dolzlwtweh6520/category%20warning%20.png?dl=0)
Update 2
I have now added in a new section to add categories to the database, so if you are updating from http://urlblacklist.com ensure to check their live list taken from the category description file in the last build of the blacklist, if you missing some just add the name of the one missing, it will create it and save it as disabled by default.
screen shot here https://www.dropbox.com/s/5er1oao9k8sv4rc/addcategory.png?dl=0 (https://www.dropbox.com/s/5er1oao9k8sv4rc/addcategory.png?dl=0)
Update 3
Import MD IP address to the exception IP address from the pluto_main database.
I have now got this to import MD IP address on first setup.
Cheers
Gov!
-
Sneak preview of DansGuardian config file, https://www.dropbox.com/s/ve728b7qvlfyefs/dnsg%20config%20file.mp4?dl=0 (https://www.dropbox.com/s/ve728b7qvlfyefs/dnsg%20config%20file.mp4?dl=0)
You will be able to update the configuration file in a nice rich PHP format, instead of having use VI OR Nano the terminal.
Cheers
Gov!
-
Hi Folks
I need a big help Please :)
I have hit a brick wall with this project. I have spent 10 hours googling and try difference access types but have failed to understand why the exception IP List does not execute.
Basically, the Exception IP file updates with the correct IP address and DNG restarts no errors, but if you visit the blocked website you have no access even if you are in the exception list.
These are the options I have tried
sudo apt-get remove dansguardian --purge
reinstalled
sudo apt-get install dansguardian
Edited nano /etc/dansguardian/dansguardian.conf
Restarted, added a domain to block via nano under sudo, restarted, domain blocked, edit the exception ip list via nano under sudo, restarted website allow.
On clean install it works, but if I run my php scripts it creates the file perfectly, but DNG does execute it.
So I decided to add www-data to sudo group as the files are owned by root and then made a change using chown www-data:root /etc/dansguardian/lists/exceptioniplist
restart, website still blocked. everything else works fine so far.
So I purge again for 100 hundred time, this time I told the dansguardian.conf to pull from /var/www/lmce-admin/dansguardian/exceptioniplist. restarted still blocked.
So I cp -r /etc/dansguardian/lists/exceptioniplist /var/www/lmce-admin/dansguardian restarted and it worked.
It seems to be a permission error, if you cp the from /etc/ the permissions are copied across to the /var allowing the file to be execute.
I have even tried adding it to the sudoers
%sudo ALL=NOPASSWD: /etc/dansguardian/lists/*
%www-data ALL=(root) NOPASSWD: /etc/dansguardian/lists/*
Still no Joy.
Maybe I am doing something,,,, Any help would be great as the wife is doing her nut in with no access to certain sites.
Once this has the correct file permissions then I can move on.
So Please Please help!
Cheers
Gov!
-
Did you compares the rights and ownership information of the files that worked and that do not work?
-
Hi Posde
Current file permissions shows http://pastebin.com/HEz97MuQ (http://pastebin.com/HEz97MuQ) and when changed to www-data for /etc/dansguardian/lists shown here http://pastebin.com/cFvWFDT0
the files get the same write permissions as root, if change www-data for /etc/dansguardian/lists/* all files have the same write permissions.
Even if you change it back to chown root:root /etc/dansguardian/lists/* and edit the file via nano and restart, the list does not execute.
Because you have made changes you can't undo unless you --purge it from the system.
It's head wrecking, checking the file permissions on the files that worked, under Bitvise SSH, I see they have a group ID 0 & owner ID 0 and are set to 644.
I cannot understand why DNG won't allow this file to be executed when written by www-data, www-data is in the same group as root, them only difference I see is the owner ID is 33 not 0
But as stated above, if you change it back it still doesn't work, crazy tough that the bannedsitelist executes without any issues.
Please advise if I am checking the commands right
compgen -u (shows list of users)
compgen -g (shows list of groups)
ls -la (shows current owner of directory and file permissions)
getent group www-data (returns the below in bold)
www-data:x:33:gov,root
Is there something I am missing ???
Cheers
Gov!
-
Did you check the syslog files or other files, if DansGuardian actually tells you what's wrong?
-
Hi Posde
Nothing out of normal shown in the DansGuardian log, expect the site is denied. see log here http://pastebin.com/nXTWtJgp (http://pastebin.com/nXTWtJgp)
Here's a 4 minute video to review if you have the time. nothing better then a video to explain stuff.
https://www.dropbox.com/s/jkh3b710hmqhl69/Exception%20IP%20error.mp4?dl=0 (https://www.dropbox.com/s/jkh3b710hmqhl69/Exception%20IP%20error.mp4?dl=0)
Basically I have purged the DansGuardian and reinstalled it.
I change the /etc/DansGuardian/Lists to chown www-data:root /etc/dansguardian/lists/*
Edited bannedsitelist via nano and added grabone.ie as a blocked site.
Restarted DansGuardian visited the site and its blocked.
Edited the exceptioniplist via nano, added my IP restarted, revisited the site and site was allowed.
I then go to my scripts to update DansGuardian to remove the IP, revisit the site and its blocked.
I enter my IP, update DansGuardian, revisit the site and it's still blocked.
As you can see I in the video, when I edited under nano it works, and when I execute my php scripts it doesn't.
I see you are on the IRC ...are you availabe to chat.
Cheers
Gov!
-
Hi Guy's.
Back at it again this time with success, last time the exceptioniplist just wouldn't work if you updated the file with an ip address and reload the system, never less to say it was line of code in the php script that was causing the problem and when the file wrote, it wrote as Converted DOS-Formatted, so simple option was to remove the normal jazz and just write out the ip address. and she's now allowing exceptional ip's.
I have made some changes to the script as it didn't want to work with 8.10, the changes are, instead of restarting Dan's, I now have it reloading, which is a lot quicker, created a new bash script to reload Dan's and copy the files from /var/www/lmce-admin/dansguardian/files to /etc/dansguardian/lists/.
Now showing the command on reload * Reloading DansGuardian configuration...... Reloading DansGuardian configuration files. ...done.
so you can now see it loading instead of waiting 10 seconds for it to restart
Still a working process, but it's working.
Cheers
Gov
-
Just posting a quick update .I now have an App working for this project.
Can anyone confirm the blacklist work? For DansGuardian.
Thanks in advance .
Gov
-
Will do !
-
Govo: You are not posting in a LinuxMCE forum, you are posting in the AgoControl forums.
I suggest you start a new thread in the LinuxMCE users/developers forum and describe what the add-on is and does so that people are more informed. The current thread should be considered dead imho. ;)
Great stuff btw!
J.
-
This topic is closed !