mirror of
https://github.com/librenms/librenms.git
synced 2024-10-07 16:52:45 +00:00
607a567090
* Don't check file permissions on every request, handle failures Improve error page visually * only print minimal mkdir * invert file_exists check, whoops * docblock * revert accidental changes * rename variable * Change database errors to use the new layout * Add support url to the default layout * Replaced \n for && in fix for user perms * fix web output
235 lines
7.9 KiB
PHP
235 lines
7.9 KiB
PHP
<?php
|
|
/**
|
|
* Checks.php
|
|
*
|
|
* Pre-flight checks at various stages of booting
|
|
*
|
|
* This program is free software: you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License as published by
|
|
* the Free Software Foundation, either version 3 of the License, or
|
|
* (at your option) any later version.
|
|
*
|
|
* This program is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.See the
|
|
* GNU General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License
|
|
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
*
|
|
* @package LibreNMS
|
|
* @link http://librenms.org
|
|
* @copyright 2018 Tony Murray
|
|
* @author Tony Murray <murraytony@gmail.com>
|
|
*/
|
|
|
|
namespace App;
|
|
|
|
use App\Models\Device;
|
|
use App\Models\Notification;
|
|
use Auth;
|
|
use Cache;
|
|
use Carbon\Carbon;
|
|
use LibreNMS\Config;
|
|
use Symfony\Component\HttpFoundation\Response as SymfonyResponse;
|
|
use Toastr;
|
|
|
|
class Checks
|
|
{
|
|
public static function preBoot()
|
|
{
|
|
// check php extensions
|
|
if ($missing = self::missingPhpExtensions()) {
|
|
self::printMessage(
|
|
"Missing PHP extensions. Please install and enable them on your LibreNMS server.",
|
|
$missing,
|
|
true
|
|
);
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Pre-boot dependency check
|
|
*/
|
|
public static function postAutoload()
|
|
{
|
|
if (!class_exists(\Illuminate\Foundation\Application::class)) {
|
|
self::printMessage(
|
|
'Error: Missing dependencies! Run the following command to fix:',
|
|
'./scripts/composer_wrapper.php install --no-dev',
|
|
true
|
|
);
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Post boot Toast messages
|
|
*/
|
|
public static function postAuth()
|
|
{
|
|
// limit popup messages frequency
|
|
if (Cache::get('checks_popup_timeout') || !Auth::check()) {
|
|
return;
|
|
}
|
|
|
|
Cache::put('checks_popup_timeout', true, Config::get('checks_popup_timer', 5));
|
|
|
|
$user = Auth::user();
|
|
|
|
if ($user->isAdmin()) {
|
|
$notifications = Notification::isUnread($user)->where('severity', '>', 1)->get();
|
|
foreach ($notifications as $notification) {
|
|
Toastr::error("<a href='notifications/'>$notification->body</a>", $notification->title);
|
|
}
|
|
|
|
if (Device::isUp()->where('last_polled', '<=', Carbon::now()->subMinutes(15))->exists()) {
|
|
Toastr::warning('<a href="poll-log/filter=unpolled/">It appears as though you have some devices that haven\'t completed polling within the last 15 minutes, you may want to check that out :)</a>', 'Devices unpolled');
|
|
}
|
|
|
|
// Directory access checks
|
|
$rrd_dir = Config::get('rrd_dir');
|
|
if (!is_dir($rrd_dir)) {
|
|
Toastr::error("RRD Directory is missing ($rrd_dir). Graphing may fail. <a href=" . url('validate') . ">Validate your install</a>");
|
|
}
|
|
|
|
$temp_dir = Config::get('temp_dir');
|
|
if (!is_dir($temp_dir)) {
|
|
Toastr::error("Temp Directory is missing ($temp_dir). Graphing may fail. <a href=" . url('validate') . ">Validate your install</a>");
|
|
} elseif (!is_writable($temp_dir)) {
|
|
Toastr::error("Temp Directory is not writable ($temp_dir). Graphing may fail. <a href='" . url('validate') . "'>Validate your install</a>");
|
|
}
|
|
}
|
|
}
|
|
|
|
private static function printMessage($title, $content, $exit = false)
|
|
{
|
|
$content = (array)$content;
|
|
|
|
if (PHP_SAPI == 'cli') {
|
|
$format = "%s\n\n%s\n\n";
|
|
$message = implode(PHP_EOL, $content);
|
|
} else {
|
|
$format = "<h3 style='color: firebrick;'>%s</h3><p>%s</p>";
|
|
$message = '';
|
|
foreach ($content as $line) {
|
|
$message .= "<p style='margin:0.5em'>$line</p>\n";
|
|
}
|
|
}
|
|
|
|
printf($format, $title, $message);
|
|
|
|
if ($exit) {
|
|
exit(1);
|
|
}
|
|
}
|
|
|
|
private static function missingPhpExtensions()
|
|
{
|
|
// allow mysqli, but prefer mysqlnd
|
|
if (!extension_loaded('mysqlnd') && !extension_loaded('mysqli')) {
|
|
return ['mysqlnd'];
|
|
}
|
|
|
|
$required_modules = ['mbstring', 'pcre', 'curl', 'session', 'xml', 'gd'];
|
|
|
|
return array_filter($required_modules, function ($module) {
|
|
return !extension_loaded($module);
|
|
});
|
|
}
|
|
|
|
/**
|
|
* Check exception for errors related to not being able to write to the filesystem
|
|
*
|
|
* @param \Exception $e
|
|
* @return bool|SymfonyResponse
|
|
*/
|
|
public static function filePermissionsException($e)
|
|
{
|
|
if ($e instanceof \ErrorException) {
|
|
// cannot write to storage directory
|
|
if (starts_with($e->getMessage(), 'file_put_contents(') && str_contains($e->getMessage(), '/storage/')) {
|
|
return self::filePermissionsResponse();
|
|
}
|
|
}
|
|
|
|
if ($e instanceof \Exception) {
|
|
// cannot write to bootstrap directory
|
|
if ($e->getMessage() == 'The bootstrap/cache directory must be present and writable.') {
|
|
return self::filePermissionsResponse();
|
|
}
|
|
}
|
|
|
|
if ($e instanceof \UnexpectedValueException) {
|
|
// monolog cannot init log file
|
|
if (str_contains($e->getFile(), 'Monolog/Handler/StreamHandler.php')) {
|
|
return self::filePermissionsResponse();
|
|
}
|
|
}
|
|
|
|
return false;
|
|
}
|
|
|
|
/**
|
|
* Generate a semi generic list of commands for the user to run to fix file permissions
|
|
* and render it to a nice html response
|
|
*
|
|
* @return SymfonyResponse
|
|
*/
|
|
private static function filePermissionsResponse()
|
|
{
|
|
$user = config('librenms.user');
|
|
$group = config('librenms.group');
|
|
$install_dir = base_path();
|
|
$commands = [];
|
|
$dirs = [
|
|
base_path('bootstrap/cache'),
|
|
base_path('storage'),
|
|
Config::get('log_dir', base_path('logs')),
|
|
Config::get('rrd_dir', base_path('rrd')),
|
|
];
|
|
|
|
// check if folders are missing
|
|
$mkdirs = [
|
|
base_path('bootstrap/cache'),
|
|
base_path('storage/framework/sessions'),
|
|
base_path('storage/framework/views'),
|
|
base_path('storage/framework/cache'),
|
|
Config::get('log_dir', base_path('logs')),
|
|
Config::get('rrd_dir', base_path('rrd')),
|
|
];
|
|
|
|
$mk_dirs = array_filter($mkdirs, function ($file) {
|
|
return !file_exists($file);
|
|
});
|
|
|
|
if (!empty($mk_dirs)) {
|
|
$commands[] = 'sudo mkdir -p ' . implode(' ', $mk_dirs);
|
|
}
|
|
|
|
// always print chwon/setfacl/chmod commands
|
|
$commands[] = "sudo chown -R $user:$group $install_dir";
|
|
$commands[] = 'sudo setfacl -d -m g::rwx ' . implode(' ', $dirs);
|
|
$commands[] = 'sudo chmod -R ug=rwX ' . implode(' ', $dirs);
|
|
|
|
// check if webserver is in the librenms group
|
|
$current_groups = explode(' ', trim(exec('groups')));
|
|
if (!in_array($group, $current_groups)) {
|
|
$current_user = trim(exec('whoami'));
|
|
$commands[] = "usermod -a -G $group $current_user";
|
|
}
|
|
|
|
// selinux:
|
|
$commands[] = '<h4>If using SELinux you may also need:</h4>';
|
|
foreach ($dirs as $dir) {
|
|
$commands[] = "semanage fcontext -a -t httpd_sys_rw_content_t '$dir(/.*)?'";
|
|
}
|
|
$commands[] = "restorecon -RFv $install_dir";
|
|
|
|
// use pre-compiled template because we probably can't compile it.
|
|
$template = file_get_contents(base_path('resources/views/errors/static/file_permissions.html'));
|
|
$content = str_replace('!!!!CONTENT!!!!', '<p>' . implode('</p><p>', $commands) . '</p>', $template);
|
|
|
|
return SymfonyResponse::create($content);
|
|
}
|
|
}
|