| Server IP : 118.27.122.248 / Your IP : 216.73.217.142 Web Server : Apache System : Linux web0264.sh.tyo1 4.18.0-553.79.1.lve.el7h.x86_64 #1 SMP Wed Oct 15 16:34:46 UTC 2025 x86_64 User : c9415830 ( 11735) PHP Version : 8.4.17 Disable Function : NONE MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : ON | Sudo : OFF | Pkexec : OFF Directory : /opt/jp-secure/siteguardlite/ |
Upload File : |
#!/bin/sh
#
# dbupdate_waf -- script for updating databases.
# -- for SiteGuard Lite
# -- use wget command to retrieve latest-lite.zip
# -- get the latest pattern file from ${LATEST_URL} to ${databasedirectory}
# -- write update log to log/dbupdate_waf.log
#
# customized point
# - change log directory under /var/log/siteguard to rotate dbupdate logs too
# - added ${prefix} everywhere specified file path with relative path
# implicitly expected run on /opt/jp-secure/siteguardlite.
# Now you can run /opt/jp-secure/siteguardlite/dbupdate_waf on "/" or in cron.
#
export LANG=C
export PATH=$PATH:/usr/local/bin
PRODUCT=siteguardlite
prefix=/opt/jp-secure/siteguardlite
OS=`uname -s`
WGET_CMD=wget
LICENSE=`grep "^..*$" ${prefix}/conf/license.txt`
WGET_OPTION_INI="--timeout=60 --tries=1 --cache=off --ca-certificate=${prefix}/misc/ca-cert.crt"
WGET_OPTION="--timeout=60 --tries=1 --cache=off --ca-certificate=${prefix}/misc/ca-cert.crt"
UNZIP_CMD=unzip
UNZIP_OPTION=-qo
updatedirectory=${prefix}/update_waf
databasedirectory=${prefix}/databases_waf
tmpdirectory=${prefix}/tmp
latestfile=${updatedirectory}/latest-lite.zip
dlinifile=${tmpdirectory}/header.ini
logdir=/var/log/siteguard
logfile=$logdir/dbupdate_waf.log
errlogfile=$logdir/dbupdate_waf_err.log
resultfile=$logdir/dbupdate_waf_last_result.txt
notifydir=${prefix}/notify
notifyfaultdir=$notifydir/fault
mergeonly="no"
tty=false
### Read Configuration file###
for var in use_proxy http_proxy_host http_proxy_port use_proxyauth http_proxyauth_user http_proxyauth_pass sig_download_user sig_download_pass ; do
eval ${var}="\`perl -ne 'if(/^${var}=(.*)/){\$v=\$1; \$v =~ s/([^\w\.\-])/chr(0x25) . sprintf(\"%02x\", ord(\$1))/eg; print \$v;}' ${prefix}/conf/dbupdate.conf\`" # '
done
for var in notify_fault ; do
eval ${var}="\`perl -ne 'if(/^${var}=(.*)/){\$v=\$1; \$v =~ s/([^\w\.\-])/chr(0x25) . sprintf(\"%02x\", ord(\$1))/eg; print \$v;}' ${prefix}/conf/siteguardlite.ini\`" # '
done
if [ -r ${prefix}/conf/dbupdate_waf.conf ] ; then
. ${prefix}/conf/dbupdate_waf.conf
fi
### ADD URL conf file
if [ -r ${prefix}/conf/dbupdate_waf_url.conf ] ; then
. ${prefix}/conf/dbupdate_waf_url.conf
fi
HEADER_INI_URL=${LATEST_URL%/*}/header.ini
### ADD DONWLOAD ONLY
if [ -z ${downloadonly} ]; then
downloadonly="no"
fi
### ADD MERGE ONLY
if [ -z ${mergeonly} ]; then
mergeonly="no"
fi
if [ "${use_proxy}" = "yes" ] ; then
if [ "${use_proxyauth}" = "yes" ];then
export https_proxy="http://${http_proxyauth_user}:${http_proxyauth_pass}@${http_proxy_host}:${http_proxy_port}/"
else
export https_proxy="http://${http_proxy_host}:${http_proxy_port}/"
fi
fi
USER_AUTH="--http-user=${sig_download_user} --http-password=${sig_download_pass}"
### Exec Local Update Command ###
if [ -r dbupdate-latest.local -a "X`basename $0`" != "Xdbupdate-latest.local" ] ; then
exec dbupdate-latest.local
fi
# Print messages to log
printlog(){
if [ -n "$logfile" ]; then
echo `date +"%b %d %H:%M:%S"` "$*" >>$logfile
fi
}
printErrlog(){
if [ -n "$errlogfile" ]; then
if [ ${OS} = 'SunOS' ]; then
echo -e `perl -e 'print time'`".000000"" ""$*" >>$errlogfile
else
echo -e `date +"%s.000000"`" ""$*" >>$errlogfile
fi
fi
}
printNotifyErrlog(){
notifyErrfile=$(printf "F_%sE%s%s.log" `date +"%Y%m%d%H%M%S000000"` "00000" $1)
echo -e `date +"[%Y-%m-%d %H:%M:%S]"`" ###ERROR### [$1]:""$2" >>$notifyfaultdir/$notifyErrfile
}
# Only print messages to stdout if it is a terminal
message(){
if $tty; then
echo "$*"
fi
}
logmessage(){
if $tty; then
echo "$*"
fi
printlog "$*"
}
error(){
if $tty; then
echo `basename $0`: "$2" >&2
fi
printlog error: "$2"
printErrlog error: "$2"
if [ "X${notify_fault}" = "Xyes" ]; then
printNotifyErrlog "$1" "$2"
fi
}
programinfo()
{
message "SiteGuard Lite"
message "Database Update"
message
}
usage(){
message "Usage:"
message
message "$0 [-f <configfile> |--configfile <configfile>] [<latest-lite.zip>] [--downloadonly] [--mergeonly]"
message
exit 1
}
parsecommandline() {
conffile=""
doupdate=true
while [ "$#" != 0 ]; do
case $1 in
-v)
tty=true
;;
-f)
shift
conffile=$1
;;
--configfile)
shift
conffile=$1
;;
--downloadonly)
downloadonly="yes"
;;
--mergeonly)
mergeonly="yes"
;;
--restart)
shift
service_restart=$1
;;
--help)
usage
;;
-*)
error "001000" "Invalid option $1"
usage
;;
*)
if $doupdate; then
latestfile=$1
doupdate=false
else
# We already got update directory
error "001001" "Too many arguments"
usage
fi
;;
esac
shift
done
}
programinfo
parsecommandline $*
cd $prefix || (echo "Cannot change to directory [$logdirectory]"; exit 1)
SGL_VERSION=`make show_webui_version`
VERSION=`(egrep '^Version=' ${prefix}/conf/waf/header.ini | sed -e 's/.*=//')`
# Set update directory given from command-line.
mkdir $updatedirectory >/dev/null 2>&1
if [ ! -w $updatedirectory ]; then
error "001002" "Update directory $updatedirectory not writable. Cannot fetch database updates."
exit 1
fi
mkdir $databasedirectory >/dev/null 2>&1
if [ ! -w $databasedirectory ]; then
error "001003" "Database directory not writable. Cannot update databases."
exit 1
fi
if [ "$updatedirectory" = "$databasedirectory" ]; then
error "001004" "Can't do update from database directory: $updatedirectory"
exit 1
fi
if [ "X${mergeonly}" = "Xno" ]; then
which $WGET_CMD >/dev/null 2>&1
result=$?
if [ $result -eq 1 ]; then
error "001005" "wget command not found."
exit 1
fi
if $doupdate; then
logmessage "Fetching update version from web site"
${WGET_CMD} ${WGET_OPTION_INI} --header="License-No: ${LICENSE}" --header="Version-No:${VERSION}" --header="SGL-Version:${SGL_VERSION}" ${USER_AUTH} ${HEADER_INI_URL} -O ${dlinifile} >$resultfile 2>&1
result=$?
if egrep "[Ff]ailed:? " $resultfile >/dev/null 2>&1 ; then
result_str=`perl -ne 'print "$1\n" if/[Ff]ailed:? (.*)$/' $resultfile | head -n1`
else
result_str=`cat $resultfile | tail -1`
fi
if [ $result != 0 ]; then
error "001011" "Get Version failed. Error code: $result msg: $result_str"
echo $result_str
exit 1
fi
touch "${dlinifile}.tmp"
if cmp -s $dlinifile ${prefix}/conf/waf/header.ini; then
logmessage "It is the latest version."
exit 0
fi
logmessage "Fetching update from web site to $updatedirectory"
${WGET_CMD} ${WGET_OPTION} --header="License-No: ${LICENSE}" --header="Version-No:${VERSION}" --header="SGL-Version:${SGL_VERSION}" ${USER_AUTH} ${LATEST_URL} -O ${latestfile} >>$resultfile 2>&1
result=$?
if egrep "[Ff]ailed:? " $resultfile >/dev/null 2>&1 ; then
result_str=`perl -ne 'print "$1\n" if/[Ff]ailed:? (.*)$/' $resultfile | head -n1`
else
result_str=`cat $resultfile | tail -1`
fi
if [ $result != 0 ]; then
error "001006" "Database update failed. Error code: $result msg: $result_str"
echo $result_str
exit 1
fi
logmessage "Updated database files in $updatedirectory from web site."
fi
logmessage "Extracting ${latestfile}"
if ${UNZIP_CMD} -qo ${latestfile} -d "${updatedirectory}" >>$logfile 2>&1 ; then
logmessage "Databases in $updatedirectory are valid."
else
error "001007" "Database validation failed. "
exit 1
fi
# ADD MODIFY WHEN WGET ONLY is yes, finish
if [ -n ${downloadonly} ]; then
if [ "X${downloadonly}" = "Xyes" ]; then
logmessage "Database Update file was acquired.(download only)"
exit 0
fi
fi
fi
# ADD MODIFY WHEN MERGE ONLY is yes , header.ini file exists check
if [ "X${mergeonly}" = "Xyes" ]; then
if [ ! -e $updatedirectory/header.ini]; then
error "001008" "Database Update file is not exists. [$updatedirectory/header.ini]"
exit 1
fi
fi
if cmp -s $updatedirectory/header.ini ${prefix}/conf/waf/header.ini; then
logmessage "Database file not changed."
exit 0
fi
for f in $updatedirectory/*; do \
if [ -f "$f" ] && [ "$f" != "$updatedirectory/latest-lite.zip" ]; then
if ! cp "$f" "$databasedirectory/" ; then
error "001009" "Database update failed. [cp $f $databasedirectory]"
exit 1
fi
fi
done
cp $databasedirectory/sig_official_base.txt ${prefix}/conf/waf/
cp $databasedirectory/sig_official_date.txt ${prefix}/conf/waf/
cp $databasedirectory/sig_official_comment.*.txt ${prefix}/conf/waf/
# ADD MODIFY header.ini copy
cp $databasedirectory/header.ini ${prefix}/conf/waf/
if [ "X$add_monitor" != "Xyes" ]; then
add_monitor="no"
fi
if ! ( ./waf_sig_merge.pl --use-dbsettings=${use_dbsettings} --add-monitor=${add_monitor} ${prefix}/conf/waf/sig_official.txt ${prefix}/conf/waf/sig_official_base.txt > ${prefix}/conf/waf/sig_official_new.txt && cp ${prefix}/conf/waf/sig_official_new.txt ${prefix}/conf/waf/sig_official.txt ) ; then
error "001010" "sig_merge failed."
exit 1
fi
if [ "X${service_restart}" = "Xyes" ] && egrep '^http_service=yes' ${prefix}/conf/${PRODUCT}.ini >/dev/null; then
make reconfig >> $logfile 2>&1
fi
logmessage "Databases updated successfully."
#MODIFY $databasedirectory/header.ini -> ${prefix}/conf/waf/header.ini
#logmessage `grep Version= $databasedirectory/header.ini 2>&1`
logmessage `grep Version= ${prefix}/conf/waf/header.ini 2>&1`
exit 0