bugfix: fixed the immediate update of the dhcp server configuration.

bugfix: fixed name sessionsclean-fpm -> sessionclean-fpm
bugfix: fixed readme for usage php-fpm
bugfix: fixed perl scripts for hide utf-8 warnings
changed: all Eye subsystem perl daemons run from user eye

Readme.en.md

@@ -20,7 +20,8 @@ libnetwork-ipv4addr-perl libnet-openssh-perl libfile-tail-perl  \
 libcrypt-cbc-perl libcryptx-perl libdbd-pg-perl libfile-path-tiny-perl libexpect-perl libcrypt-des-perl
 
 #additional packages 
-apt install dnsmasq syslong-ng bind9 bind9-utils bind9-host
+apt install dnsmasq syslog-ng 
+apt install bind9 bind9-utils bind9-host
 
 2. Create user and group
 

Readme.ru.md

@@ -20,7 +20,8 @@ libnetwork-ipv4addr-perl libnet-openssh-perl libfile-tail-perl  \
 libcrypt-cbc-perl libcryptx-perl libdbd-pg-perl libfile-path-tiny-perl libexpect-perl libcrypt-des-perl
 
 #дополнительно
-apt install dnsmasq syslong-ng bind9 bind9-utils bind9-host
+apt install dnsmasq syslog-ng 
+apt install bind9 bind9-utils bind9-host
 
 2. Create user and group
 

docs/apache/000-default.conf

@@ -28,7 +28,7 @@ DocumentRoot /opt/Eye/html
     </IfModule>
 
     <FilesMatch ".+\.ph(ar|p|tml)$">
-#    SetHandler "proxy:unix:/run/php/php8.1-fpm-eye.sock|fcgi://127.0.0.1:9002"
+#    SetHandler "proxy:unix:/run/php/php8.2-fpm-eye.sock|fcgi://127.0.0.1:9002"
     SetHandler "proxy:fcgi://127.0.0.1:9002"
     </FilesMatch>
 

docs/cron/stat

@@ -1,10 +1,10 @@
 #under root
 
 #reconfigure nagios
-#16 * * * * root /etc/nagios/restart_nagios >/dev/null
+#16 * * * * root /opt/Eye/scripts/restart_nagios >/dev/null
 
 #refresh dnsmasq dhcp server config's
-#02 * * * * root /opt/Eye/scripts/update-dnsmasq
+02 * * * * root /opt/Eye/scripts/update-dnsmasq
 
 #maybe any user
 

docs/deprecated/flow-save

@@ -1,16 +0,0 @@
-#!/bin/bash -x
-
-YY=`date -d yesterday +%Y`
-MM=`date -d yesterday +%m`
-DD=`date -d yesterday +%d`
-
-SAVE_PATH=/mnt/md0/stat/${YY}/${MM}/${DD}/
-FLOW_DATA='/mnt/md0/stat/flow-data'
-
-[ ! -e "${SAVE_PATH}" ] && mkdir -p ${SAVE_PATH}
-
-find "${FLOW_DATA}" -name "nfcapd.${YY}${MM}${DD}*" -exec mv -f {} "${SAVE_PATH}" \;
-
-/sbin/service nfcapd restart >/dev/null
-
-exit 0

docs/deprecated/fprobe@.service

@@ -1,14 +0,0 @@
-[Unit]
-Description=NetFlow probe for %I
-After=syslog.target network-online.target nfcapd@%i.service
-
-[Service]
-Type=forking
-EnvironmentFile=/etc/fprobe/%i.conf
-ExecStart=/bin/bash -axc ". /etc/fprobe/%i.conf; /sbin/fprobe ${OPTIONS}"
-CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW
-RestartSec=30
-Restart=on-failure
-
-[Install]
-WantedBy=multi-user.target

docs/deprecated/iptraf-ng

@@ -1,9 +0,0 @@
-# Logrotate file for iptraf
-/var/log/iptraf-ng/*.log {
-	compress
-	delaycompress
-	missingok
-	notifempty
-	rotate 4
-	create 0600 root root
-}

docs/deprecated/nf_capd

@@ -1,37 +0,0 @@
-#!/bin/sh
-
-SCRIPTPATH=$( cd "$(dirname "$0")" ; pwd -P )
-
-if [ ! -e "${SCRIPTPATH}/config" ]; then
-    echo "Config file not found!"
-    exit 120
-    fi
-
-. ${SCRIPTPATH}/config
-
-exit_ifrun
-create_lock
-
-#YY=`date -d yesterday +%Y`
-#MM=`date -d yesterday +%m`
-#DD=`date -d yesterday +%d`
-YY=2019
-MM=04
-DD=24
-
-SAVE_PATH=/mnt/md0/stat/${YY}/${MM}/${DD}/
-FLOW_DATA='/mnt/md0/stat/flow-data'
-
-[ ! -e "${SAVE_PATH}" ] && mkdir -p ${SAVE_PATH}
-
-DATA=`ls ${FLOW_DATA}/nfcapd.* 2>/dev/null | grep -v nfcapd.current`
-[ -z "${DATA}" ] && exit 6
-
-for i in $DATA; do
-/bin/nfdump -N -r ${i} -q -o 'fmt:%ts;%pr;%sa;%da;%sp;%dp;%ipkt;%ibyt;%in;%out' | /opt/Eye/scripts/parse_flow.pl 25
-[ $? -eq 0 ] && mv -f $i ${SAVE_PATH}
-done
-
-remove_lock
-
-exit 0

docs/deprecated/nfcapd-1.6@.service

@@ -1,20 +0,0 @@
-[Unit]
-Description=Traffic collector nfcapd 1.6 for %I
-After=syslog.target network-online.target
-
-[Service]
-Type=forking
-EnvironmentFile=/etc/nfcapd/%i.conf
-ExecStart=/usr/bin/nfcapd -D -P /run/nfcapd.%i.pid -z -w -t 600 -p ${LISTEN_PORT} -S 1 -l ${DATA_DIR} -x ${EXT}
-CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SETPCAP
-PermissionsStartOnly=true
-User=tcpdump
-Group=tcpdump
-RuntimeDirectory=nfcapd
-RuntimeDirectoryMode=0770
-PIDFile=/run/nfcapd.%i.pid
-RestartSec=30
-Restart=on-failure
-
-[Install]
-WantedBy=multi-user.target

docs/deprecated/nfcapd-1.7@.service

@@ -1,20 +0,0 @@
-[Unit]
-Description=Traffic collector nfcapd 1.7 for %I
-After=syslog.target network-online.target
-
-[Service]
-Type=forking
-EnvironmentFile=/etc/nfcapd/%i.conf
-ExecStart=/usr/bin/nfcapd -w ${DATA_DIR} -z -D -S 1 -t 600 -P /run/nfcapd/nfcapd.%i.pid -p ${LISTEN_PORT} -x ${EXT}
-CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SETPCAP
-PermissionsStartOnly=true
-User=tcpdump
-Group=tcpdump
-RuntimeDirectory=nfcapd
-RuntimeDirectoryMode=0770
-PIDFile=/run/nfcapd/nfcapd.%i.pid
-RestartSec=30
-Restart=on-failure
-
-[Install]
-WantedBy=multi-user.target

docs/deprecated/nfcapd/office.conf

@@ -1,3 +0,0 @@
-LISTEN_PORT=7818
-DATA_DIR="/var/spool/flow-tools"
-EXT="/opt/Eye/scripts/nf_calc %d/%f 60"

docs/nginx/Eye

@@ -17,7 +17,7 @@ server {
 
 	location ~ \.php$ {
 		include snippets/fastcgi-php.conf;
-#		fastcgi_pass unix:/run/php/php8.1-fpm.sock;
+#		fastcgi_pass unix:/run/php/php8.2-fpm.sock;
 		fastcgi_pass 127.0.0.1:9002;
 	}
 

docs/php-fpm/readme.txt

@@ -5,7 +5,7 @@ a2enmod mpm_event
 apt install php-fpm libapache2-mod-fcgid
 
 a2enconf php8.2-fpm
-a2enmod proxy
+a2enmod proxy proxy_fcgi setenvif
 
 mkdir -p /var/log/php-fpm/
 

docs/sudoers.d/apache

@@ -1,6 +0,0 @@
-apache        ALL=(root)      NOPASSWD: /opt/Eye/scripts/sync_mikrotik.pl
-apache        ALL=(root)      NOPASSWD: /opt/Eye/scripts/update-dnsmasq
-apache        ALL=(root)      NOPASSWD: /opt/Eye/scripts/update-named
-apache        ALL=(root)      NOPASSWD: /opt/Eye/scripts/fetch_new_arp.pl
-apache        ALL=(root)      NOPASSWD: /opt/Eye/scripts/restart_nagios
-apache        ALL=(root)      NOPASSWD: /opt/Eye/scripts/dnsmasq-hook.sh

docs/syslog-ng/eye.conf

@@ -6,7 +6,7 @@
 source s_remote { udp(port(514)); };
 
 destination d_socket {
-pipe("/run/syslog-ng.socket" template("$UNIXTIME|$SOURCEIP|$MSGHDR $MESSAGE\n") template-escape(yes) flags(no-multi-line));
+pipe("/run/syslog-ng.socket" template("$UNIXTIME|$SOURCEIP|$MSGHDR $MESSAGE\n") template-escape(yes) flags(no-multi-line) perm(0600) owner("eye") group("eye"));
 };
 
 destination d_all { file("/var/log/remote/$R_YEAR/$R_MONTH/$R_YEAR-$R_MONTH-$R_DAY.log" flags(no-multi-line)); };

docs/systemd/dhcp-log.service

@@ -1,11 +1,16 @@
 [Unit]
-Description=Write dhcp events to Rstat
+Description=Write dhcp events to Eye
 After=network.target mariadb.service dnsmasq.service dhcpd.service
 
 [Service]
 Type=forking
+User=eye
+Group=eye
+RuntimeDirectory=eye
+RuntimeDirectoryMode=0700
+RuntimeDirectoryPreserve=yes
 ExecStart=/opt/Eye/scripts/dhcp-log.pl --start
-PIDFile=/run/dhcp-log.pid
+PIDFile=/run/eye/dhcp-log.pid
 RestartSec=30
 Restart=on-failure
 

docs/systemd/eye-statd.service

@@ -1,9 +1,15 @@
 [Unit]
-Description=EYE netflow collector
+Description=Eye netflow collector
 After=network.target
 
 [Service]
+User=eye
+Group=eye
+RuntimeDirectory=eye
+RuntimeDirectoryMode=0700
+RuntimeDirectoryPreserve=yes
 ExecStart=/opt/Eye/scripts/eye-statd.pl
+PIDFile=/run/eye/eye-statd.pid
 Restart=on-failure
 RestartSec=1
 

docs/systemd/stat-sync.service

@@ -1,5 +1,5 @@
 [Unit]
-Description=Urgent sync access lists at mikrotik
+Description=Urgent sync access changes from Eye
 After=network.target mariadb.service
 
 [Service]
@@ -7,7 +7,10 @@ Type=forking
 User=eye
 Group=eye
 ExecStart=/opt/Eye/scripts/stat-sync.pl --start
-PIDFile=/run/stat-sync.pid
+PIDFile=/run/eye/stat-sync.pid
+RuntimeDirectory=eye
+RuntimeDirectoryMode=0700
+RuntimeDirectoryPreserve=yes
 RestartSec=30
 Restart=on-failure
 

docs/systemd/syslog-ng.service

@@ -1,14 +0,0 @@
-[Unit]
-Description=System Logger Daemon
-Documentation=man:syslog-ng(8)
-
-[Service]
-Type=notify
-ExecStart=/usr/sbin/syslog-ng -F -p /run/syslogd-ng.pid
-ExecReload=/bin/kill -HUP $MAINPID
-StandardOutput=null
-RestartSec=30
-Restart=on-failure
-
-[Install]
-WantedBy=multi-user.target

docs/systemd/syslog-stat.service

@@ -1,12 +1,17 @@
 [Unit]
-Description=Write syslog to Rstat
+Description=Write syslog to Eye
 After=network.target mariadb.service syslog-ng.service
 PartOf=syslog-ng.service
 
 [Service]
 Type=forking
+User=eye
+Group=eye
 ExecStart=/opt/Eye/scripts/syslog-stat.pl --start
-PIDFile=/run/syslog-stat.pid
+RuntimeDirectory=eye
+RuntimeDirectoryMode=0700
+RuntimeDirectoryPreserve=yes
+PIDFile=/run/eye/syslog-stat.pid
 RestartSec=30
 Restart=on-failure
 

scripts/check_dhcp_pool.pl

@@ -6,6 +6,8 @@
 
 use utf8;
 use open ":encoding(utf8)";
+use Encode;
+no warnings 'utf8';
 use English;
 use base;
 use FindBin '$Bin';

scripts/dhcp-log.pl

@@ -6,6 +6,8 @@
 
 use utf8;
 use open ":encoding(utf8)";
+use Encode;
+no warnings 'utf8';
 use English;
 use base;
 use FindBin '$Bin';
@@ -24,11 +26,15 @@ use Net::Netmask;
 use Text::Iconv;
 use File::Tail;
 
-my $pf = '/run/dhcp-log.pid';
+my $mute_time=300;
 
 my $log_file='/var/log/dhcp.log';
 
-my $mute_time=300;
+my $proc_name = $MY_NAME;
+$proc_name =~ s/\.[^.]+$//;
+my $pid_file = '/run/eye/'.$proc_name;
+
+my $pf = $pid_file.'.pid';
 
 my $daemon = Proc::Daemon->new(
         pid_file => $pf,
@@ -393,7 +399,7 @@ if (!$pid) {
 }
 
 sub usage {
-    print "usage: dhcp-log.pl (start|stop|status|restart)\n";
+    print "usage: $MY_NAME (start|stop|status|restart)\n";
     exit(0);
 }
 

scripts/eye-statd.pl

@@ -2,6 +2,8 @@
 
 use utf8;
 use open ":encoding(utf8)";
+use Encode;
+no warnings 'utf8';
 use English;
 use base;
 use FindBin '$Bin';
@@ -20,7 +22,11 @@ use eyelib::database;
 use eyelib::snmp;
 use Socket qw(AF_INET6 inet_ntop);
 use IO::Socket;
-use threads;
+
+my $proc_name = $MY_NAME;
+$proc_name =~ s/\.[^.]+$//;
+
+my $pid_file = '/run/eye/'.$proc_name;
 
 my @router_ref = ();
 my @interfaces = ();
@@ -62,6 +68,14 @@ $SIG{TERM} = \&TERM;
 $SIG{INT} = \&TERM;
 $SIG{HUP} = \&INIT;
 
+
+if (IsNotRun($pid_file)) {
+    Add_PID($pid_file);
+    } else {
+    print "Daemon $MY_NAME already running!\n";
+    exit 100;
+    }
+
 sub REAPER {
 	wait;
 	$saving = 0;
@@ -72,6 +86,7 @@ sub TERM {
 	print "SIGTERM received\n";
 	flush_traffic(1);
 	while (wait() != -1) {}
+        if (IsMyPID($pid_file)) { Remove_PID($pid_file); }
 	exit 0;
 }
 
@@ -811,3 +826,6 @@ $saving = 0;
 
 exit;
 }
+
+if (IsMyPID($pid_file)) { Remove_PID($pid_file); }
+exit;

scripts/fetch_new_arp.pl

@@ -3,9 +3,10 @@
 #
 # Copyright (C) Roman Dmitiriev, rnd@rajven.ru
 #
-
 use utf8;
 use open ":encoding(utf8)";
+use Encode;
+no warnings 'utf8';
 use English;
 use base;
 use FindBin '$Bin';

scripts/garbage.pl

@@ -6,6 +6,8 @@
 
 use utf8;
 use open ":encoding(utf8)";
+use Encode;
+no warnings 'utf8';
 use English;
 use base;
 use FindBin '$Bin';

scripts/gen_nagios_config.pl

@@ -2,6 +2,9 @@
 
 use utf8;
 use open ":encoding(utf8)";
+use Encode;
+no warnings 'utf8';
+use English;
 use FindBin '$Bin';
 use lib "/opt/Eye/scripts";
 use DBI;

scripts/hmonitor.pl

@@ -4,9 +4,12 @@
 # Copyright (C) Roman Dmitiriev, rnd@rajven.ru
 #
 
-use FindBin '$Bin';
 use utf8;
 use open ":encoding(utf8)";
+use Encode;
+no warnings 'utf8';
+use English;
+use FindBin '$Bin';
 use lib "/opt/Eye/scripts";
 use strict;
 use Time::Local;

scripts/print-dnsmasq.pl

@@ -6,6 +6,8 @@
 
 use utf8;
 use open ":encoding(utf8)";
+use Encode;
+no warnings 'utf8';
 use English;
 use base;
 use FindBin '$Bin';

scripts/stat-sync.pl

@@ -6,6 +6,8 @@
 
 use utf8;
 use open ":encoding(utf8)";
+use Encode;
+no warnings 'utf8';
 use English;
 use base;
 use FindBin '$Bin';
@@ -23,7 +25,7 @@ use Cwd;
 use Net::Netmask;
 use DateTime;
 
-my $pf = '/run/stat-sync.pid';
+my $pf = '/run/eye/stat-sync.pid';
 
 my $daemon = Proc::Daemon->new(
         pid_file => $pf,
@@ -104,7 +106,7 @@ if (!$pid) {
         	    do_sql($hdb,"UPDATE User_auth SET dhcp_changed=0");
                     log_info("Found changed dhcp variables in records: ".$changed->{'c_count'});
                     my $dhcp_exec=get_option($hdb,38);
-	            my %result=do_exec_ref($dhcp_exec);
+	            my %result=do_exec_ref('/usr/bin/sudo '.$dhcp_exec);
 	            if ($result{status} ne 0) { log_error("Error sync dhcp config"); }
 	        }
             #acl & dhcp changed records 

scripts/sync_mikrotik.pl

@@ -6,6 +6,8 @@
 
 use utf8;
 use open ":encoding(utf8)";
+use Encode;
+no warnings 'utf8';
 use English;
 use base;
 use FindBin '$Bin';

scripts/syslog-stat.pl

@@ -6,6 +6,8 @@
 
 use utf8;
 use open ":encoding(utf8)";
+use Encode;
+no warnings 'utf8';
 use English;
 use base;
 use FindBin '$Bin';
@@ -26,7 +28,7 @@ use Proc::Daemon;
 use Cwd;
 
 
-my $pf = '/run/syslog-stat.pid';
+my $pf = '/run/eye/syslog-stat.pid';
 my $socket_path='/run/syslog-ng.socket';
 
 my $daemon = Proc::Daemon->new(

scripts/updates/2-7-4/after_sql.pl

@@ -5,6 +5,9 @@
 #
 
 use utf8;
+use Encode;
+no warnings 'utf8';
+use open ':encoding(utf-8)';
 use FindBin '$Bin';
 use lib "/opt/Eye/scripts";
 use eyelib::config;
@@ -28,13 +31,13 @@ if ($this_release eq $config_ref{version}) { print "Already updated!\n"; exit; }
 
 if ($upgrade_from ne $config_ref{version}) { print "Illegal version. Needed $upgrade_from!\n"; exit; }
 
-print 'Current version: '.$config_ref{version}.' upgrade to: '.$this_release."\n";
+print 'Apply patch for version: '.$config_ref{version}.' upgrade to: '.$this_release."\n";
 
 my @authlist_ref = get_records_sql($dbh,"SELECT * FROM User_auth WHERE `created_by` IS NULL" );
 
 my $total = scalar @authlist_ref;
 
-print "Fill field created_by\n";
+print "Stage 1: Fill field created_by\n";
 
 my $i = 0;
 foreach my $row (@authlist_ref) {
@@ -52,6 +55,6 @@ update_record($dbh,'User_auth',$new,'id='.$row->{id});
 print "\r::Progress: [$percent%] ";
 }
 
-print "Done!";
+print "Done!\n";
 
 exit;

scripts/updates/upgrade.pl

@@ -5,6 +5,10 @@
 #
 
 use utf8;
+use Encode;
+no warnings 'utf8';
+use open ':encoding(utf-8)';
+
 use FindBin '$Bin';
 use lib "/opt/Eye/scripts";
 use eyelib::config;
@@ -62,7 +66,7 @@ for (my $i=$old_version_index; $i < scalar @old_releases; $i++) {
             next if (!$patch or ! -e $patch);
             open(my $pipe, "-|", "perl $patch") or die "Error in apply upgrade script $patch! Ошибка: $!";
             while (my $line = <$pipe>) { 
-                if ($line =~ /::/) { print "\r"; $line =~s/:://; }
+                if ($line =~ /::/) { print "\r"; $line =~s/\:\://; }
                 print $line; 
                 }
             close($pipe);
@@ -91,7 +95,7 @@ for (my $i=$old_version_index; $i < scalar @old_releases; $i++) {
             next if (!$patch or ! -e $patch);
             open(my $pipe, "-|", "perl $patch") or die "Error in apply upgrade script $patch! Ошибка: $!";
             while (my $line = <$pipe>) {
-                if ($line =~ /::/) { print "\r"; $line =~s/:://; }
+                if ($line =~ /::/) { print "\r"; $line =~s/\:\://; }
                 print $line; 
                 }
             close($pipe);
@@ -101,6 +105,6 @@ for (my $i=$old_version_index; $i < scalar @old_releases; $i++) {
     do_sql($dbh,'UPDATE version SET `version`="'.$old_releases[$i].'"');
 }
 
-print "Done!";
+print "Done!\n";
 
 exit;

scripts/utils/set_port_descr.pl

@@ -6,6 +6,8 @@
 
 use utf8;
 use open ":encoding(utf8)";
+use Encode;
+no warnings 'utf8';
 use English;
 use base;
 use FindBin '$Bin';