#!/bin/sh

##############################################################################
# this script will setup an initial configuration for squidwall
##############################################################################

SQUIDWALL="/etc/squidwall"
WEBSERVER="http://192.168.100.6"
PROXY="127.0.0.1:3128"
CLAMAV_TCP="127.0.0.1:3310"
CLAMAV_SOCKET="/var/lib/clamav/clamd.sock"

PROXY_USER="proxy"
WEB_GROUP="nobody"

# you can use some web
NETWORK="testing"


# control files
umask 007
test -d "$SQUIDWALL/control" || mkdir -p "$SQUIDWALL/control"

echo 0     > "$SQUIDWALL/control/cache"
echo 50000 > "$SQUIDWALL/control/maxsize"
echo 50    > "$SQUIDWALL/control/memcache"
echo 100   > "$SQUIDWALL/control/pfilter_max"
echo 25    > "$SQUIDWALL/control/pfilter_default"

echo "1,3 5,4" > "$SQUIDWALL/control/debug"
echo "$PROXY"  > "$SQUIDWALL/control/proxy"
echo "$CLAMAV_TCP" > "$SQUIDWALL/control/clamav_tcp"
echo "$CLAMAV_SOCKET" > "$SQUIDWALL/control/clamav_socket"

x="$WEBSERVER/inet/deny.php?network=$NETWORK"
echo "$x&reason=user&"  > "$SQUIDWALL/control/redir_baduser"
echo "$x&reason=host&"  > "$SQUIDWALL/control/redir_badhost"
echo "$x&reason=cont&"  > "$SQUIDWALL/control/redir_badcont"
echo "$x&reason=url&"   > "$SQUIDWALL/control/redir_badurl"
echo "$x&reason=virus&" > "$SQUIDWALL/control/redir_virusfound"
echo "$WEBSERVER/inet/img/t.png" > "$SQUIDWALL/control/redir_bannerfound"
echo "$WEBSERVER"      > "$SQUIDWALL/control/redir_safesite"
echo "$WEBSERVER/inet" > "$SQUIDWALL/control/redir_webinterface"

cat > "$SQUIDWALL/control/!" << EOF
##############################################################################
# You have to 'touch' this file, if squidwall should re-read the files of
# the control directory.
##############################################################################
EOF

# acl directories
test -d "$SQUIDWALL/hosts"   || mkdir -p "$SQUIDWALL/hosts"
test -d "$SQUIDWALL/users"   || mkdir -p "$SQUIDWALL/users"
test -d "$SQUIDWALL/globals" || mkdir -p "$SQUIDWALL/globals"

# create filters directories
for f in bcfilter cfilter crfilter pfilter \
  bfilter brfilter bfilter_url bfilter_dom bfilter_md5 bfilter_sha1 \
  ufilter urfilter ufilter_url ufilter_dom ufilter_md5 ufilter_sha1 \
  wfilter wrfilter wfilter_url wfilter_dom wfilter_md5 wfilter_sha1
do
  test -d "$SQUIDWALL/filters/$f" || mkdir -p "$SQUIDWALL/filters/$f"
  test -f "$SQUIDWALL/filters/$f/!" && continue
  cat > "$SQUIDWALL/filters/$f/!" << EOF
##############################################################################
# You have to 'touch' this file, if squidwall should re-read the filter
# definitions of this directory!
##############################################################################
EOF
done

# these need the special file '@'
for f in brfilter urfilter wrfilter bcfilter pfilter cfilter crfilter
do
  test -f "$SQUIDWALL/filters/$f/@" && continue
  cat > "$SQUIDWALL/filters/$f/@" << EOF
##############################################################################
# This file can be used for setting some flags to the POSIX regex(7)
# filtering definitions / expressions in this directory.
#
# '+OPTION' -> option will be enabled
# '-OPTION' -> this option will be explicitly disabled
#
# The following flags can be set:
#
# cflags for regcomp(3)
#  REG_EXTENDED
#  REG_ICASE
#  REG_NOSUB
#  REG_NEWLINE
#
# eflags for regexec(3)
#  REG_NOTBOL
#  REG_NOTEOL
#
# default: no flags are set, the default from the system will be used!
##############################################################################

+REG_EXTENDED
+REG_ICASE
EOF
done

# these two need the special file '@hdr'
for f in cfilter pfilter
do
  test -f "$SQUIDWALL/filters/$f/@hdr" && continue
  cat > "$SQUIDWALL/filters/$f/@hdr" << EOF
##############################################################################
# This file contains regular expressions.
#
# - the regex.7 expressions are applied against the HTTP headers
# - if an expression matches, the content filter will be activated for the
#   current website
# - most people just want to scan textfiles with their $f lists
##############################################################################

^Content-Type: text/.*
^Content-Type: message/.*
EOF
done

for d in users hosts globals
do
  test -f "$SQUIDWALL/$d/!" && continue
  cat > "$SQUIDWALL/$d/!" << EOF
##############################################################################
# This file contains the default filtering options for the acl's of this
# directory.
#
# You have to 'touch' this file, if squidwall should re-read this directory!
##############################################################################
#
# Here is a small overview of the filtering options:
#
# banner filtering
# 
# +b1 bfilter      - old style squidwall filter
# +b2 brfilter     - filtering of url's with regex.7 expressions
# +b3 bfilter_url  - like url filtering of squidguard
# +b4 bfilter_dom  - like domain filtering of squidguard
# +b5 bfilter_md5  - md5 hashes of forbidden hosts/ip's
# +b6 bfilter_sha1 - sha1 hashes of forbidden hosts/ip's
#
# url blacklist
# 
# +u1 ufilter      - old style squidwall filter
# +u2 urfilter     - filtering of url's with regex.7 expressions
# +u3 ufilter_url  - like url filtering of squidguard
# +u4 ufilter_dom  - like domain filtering of squidguard
# +u5 ufilter_md5  - md5 hashes of forbidden hosts/ip's
# +u6 ufilter_sha1 - sha1 hashes of forbidden hosts/ip's
#
# url whitelist
# 
# +w1 wfilter      - old style squidwall filter
# +w2 wrfilter     - filtering of url's with regex.7 expressions
# +w3 wfilter_url  - like url filtering of squidguard
# +w4 wfilter_dom  - like domain filtering of squidguard
# +w5 wfilter_md5  - md5 hashes of forbidden hosts/ip's
# +w6 wfilter_sha1 - sha1 hashes of forbidden hosts/ip's
#
# content filtering
# 
# +a  bcfilter     - filtering of banners, reg. expression on the hdr
# +c  cfilter      - filtering for bad words in the content
# +C  crfilter     - reg. expressions on the whole site
# +p  pfilter      - weighted filtering for bad phrases in the content
# +V  clamav       - scanning for viruses with clamav
########################################################################
EOF
done

# redirections
test -d "$SQUIDWALL/redirects" || mkdir -p "$SQUIDWALL/redirects"
test -L "$SQUIDWALL/redirects/help" || ln -s "http://www.mcmilk.de/wiki/Category:Squidwall" "$SQUIDWALL/redirects/help"
touch "$SQUIDWALL/redirects/!"

# permissions
# - proxy and webserver need them
chown -R $PROXY_USER.$WEB_GROUP $SQUIDWALL
