Subversion Repositories ALCASAR

Rev

Rev 2845 | Rev 2865 | Go to most recent revision | Details | Compare with Previous | Last modification | View Log

Rev Author Line No. Line
1163 crox53 1
<?php
2292 tom.houday 2
# $Id: security.php 2864 2020-10-18 09:06:17Z rexy $
3
 
4
$language = 'en';
5
if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) {
2811 rexy 6
    $langue = explode(',', $_SERVER['HTTP_ACCEPT_LANGUAGE']);
7
    $language = strtolower(substr(chop($langue[0]), 0, 2));
2292 tom.houday 8
}
9
if ($language === 'fr') {
2811 rexy 10
    $l_title = 'Sécurité';
2810 rexy 11
    $l_spoofing = "Adresse(s) MAC usurpée(s) (Watchdog)";
2841 rexy 12
    $l_virus = "Virus bloqué(s) (CLAMAV)";
2810 rexy 13
    $l_fail2ban = "Adresse(s) IP bloquée(s) (Fail2Ban)";
14
    $l_ipAddress="Adresse IP";
15
    $l_user = "L'utilisateur";
16
    $l_empty="Vide";
17
    $l_rule="Règle";
2292 tom.houday 18
} else {
2811 rexy 19
    $l_title = 'Security';
20
    $l_spoofing = "MAC address spoofed (Watchdog)";
2841 rexy 21
    $l_virus = "Virus blocked (CLAMAV)";
2810 rexy 22
    $l_fail2ban = "IP address blocked (Fail2Ban)";
23
    $l_ipAddress="IP address";
24
    $l_user = "User";
25
    $l_empty="Empty";
26
    $l_rule="Rule";
2292 tom.houday 27
}
28
$tab = (isset($_GET['tab'])) ? intval($_GET['tab']) : 1;
1163 crox53 29
?>
2818 rexy 30
<!DOCTYPE HTML>
2292 tom.houday 31
<html>
2818 rexy 32
	<head>
33
		<meta charset="UTF-8">
34
		<title><?= $l_title ?></title>
35
		<link rel="stylesheet" href="/css/bootstrap.min.css">
36
		<script src="/js/jquery.min.js"></script>
37
		<script src="/js/bootstrap.min.js"></script>
38
		<link rel="stylesheet" href="/css/acc.css">
39
	</head>
40
	<body>
41
		<div class="panel">
42
			<div class="panel-header"><?= $l_title ?></div>
43
			<div class="panel-row">
44
				<div class="btn-group btn-group-justified" role="group" aria-label="Justified button group"> 
45
					<a href="security.php?tab=1" class="btn btn-default<?= (($tab === 1) ? ' active' : '') ?>" role="button"><?= $l_spoofing ?></a>
46
					<a href="security.php?tab=2" class="btn btn-default<?= (($tab === 2) ? ' active' : '') ?>" role="button"><?= $l_virus ?></a>
47
					<a href="security.php?tab=3" class="btn btn-default<?= (($tab === 3) ? ' active' : '') ?>" role="button"><?= $l_fail2ban ?></a>
48
				</div>
1410 richard 49
<?php
2292 tom.houday 50
if ($tab === 1) {
2405 tom.houday 51
	$spoofs = [];
2455 tom.houday 52
	$regex = '/^\[(?P<date>[0-9\/\-: ]+)\] : alcasar-watchdog : (?P<ip>(?:(?:[0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}(?:[0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])) is usurped \((?P<mac>(?:[0-9A-Fa-f]{2}[:-]){5}[0-9A-Fa-f]{2})\)\. Alcasar disconnect the user \((?P<user>.+)\)\.$/';
2405 tom.houday 53
	$file = fopen('/var/Save/security/watchdog.log', 'r');
54
	if ($file) {
55
		while (!feof($file)) {
56
			$line = fgets($file);
57
			if (preg_match($regex, $line, $matches)) {
2455 tom.houday 58
				if (preg_match('/[0-9]{2}\/[0-9]{2}\/[0-9]{4}-[0-9]{2}:[0-9]{2}:[0-9]{2}/', $matches['date'], $matches_date)) {
59
					$matches['date'] = DateTime::createFromFormat('d/m/Y-H:i:s', $matches['date'])->format('Y-m-d H:i:s');
60
				}
2405 tom.houday 61
				$spoofs[] = (object) [
2455 tom.houday 62
					'date' => $matches['date'],
2405 tom.houday 63
					'ip'   => $matches['ip'],
64
					'mac'  => $matches['mac'],
65
					'user' => $matches['user']
66
				];
67
			}
68
		}
69
		fclose($file);
1410 richard 70
	}
2405 tom.houday 71
	$spoofs = array_reverse($spoofs);
1410 richard 72
?>
2818 rexy 73
			<h3><?= $l_spoofing ?></h3>
74
			<div class="container">
75
				<table class="table table-striped table-hover" border="1">
2527 fabien.rak 76
				<tr>
2818 rexy 77
					<th>
2527 fabien.rak 78
						Date
79
					</th>
2818 rexy 80
					<th>
2527 fabien.rak 81
						<?= $l_ipAddress ?>	
82
					</th>
2818 rexy 83
					<th>
2527 fabien.rak 84
						MAC
85
					</th>
2818 rexy 86
					<th>
2527 fabien.rak 87
						<?= $l_user ?>
88
					</th>
89
				</tr>
2818 rexy 90
				<tbody>
91
					<?php if (!empty($spoofs)): ?>
2405 tom.houday 92
					<?php foreach ($spoofs as $spoof): ?>
2818 rexy 93
					<tr><td><?= $spoof->date ?></td><td><?= $spoof->ip ?></td><td><?= $spoof->mac ?></td><td><?= $spoof->user ?></td></tr>
2292 tom.houday 94
					<?php endforeach; ?>
2818 rexy 95
					<?php else: ?>
2405 tom.houday 96
					<tr><td colspan="4" style="text-align: center;"><?= $l_empty ?></td></tr>
2818 rexy 97
					<?php endif; ?>
98
				</tbody>
99
				</table>
100
			</div>
1410 richard 101
<?php
2292 tom.houday 102
} else if ($tab === 2) {
2841 rexy 103
	$filePath = '/var/log/clamav/clamd.log';
2845 rexy 104
	$pattern = "/\bfound\b/i";
105
	$lines = preg_grep ($pattern, file($filePath));
2292 tom.houday 106
	if ($lines === false) {
107
		exit("Cannot open '$filePath'.");
108
	}
109
	$lines = array_reverse($lines);
1410 richard 110
?>
2818 rexy 111
	<h3><?= $l_virus ?></h3>
2292 tom.houday 112
	<div class="container">
113
		<table class="table table-striped table-hover">
114
			<tbody>
115
				<?php if (!empty($lines)): ?>
116
					<?php foreach ($lines as $line): ?>
117
						<tr><td><?= $line ?></td></tr>
118
					<?php endforeach; ?>
119
				<?php else: ?>
120
					<tr><td style="text-align: center;"><?= $l_empty ?></td></tr>
121
				<?php endif; ?>
122
			</tbody>
123
		</table>
124
	</div>
1410 richard 125
<?php
2292 tom.houday 126
} else if ($tab === 3) {
127
	$bans = [];
2864 rexy 128
	$regex = '/^(?P<date>[0-9]{4}-[0-9]{2}-[0-9]{2}\ [0-9]{2}:[0-9]{2}:[0-9]{2}),[0-9]{3} fail2ban\.actions\[[0-9]+\]: NOTICE \[(?P<rule>[a-zA-Z0-9_-]+)\] (?P<type>Ban|Unban) (?P<ip>[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})$/';
2292 tom.houday 129
	$file = fopen('/var/log/fail2ban.log', 'r');
130
	if ($file) {
131
		while (!feof($file)) {
132
			$line = fgets($file);
1410 richard 133
 
2292 tom.houday 134
			if (preg_match($regex, $line, $matches)) {
135
				if ($matches['type'] === 'Ban') {
136
					$bans[] = (object) [
137
						'date_ban'   => $matches['date'],
138
						'date_unban' => null,
139
						'rule'       => $matches['rule'],
140
						'ip'         => $matches['ip']
141
					];
142
				} else if ($matches['type'] === 'Unban') {
143
					foreach (array_reverse($bans) as $ban) {
144
						if (($ban->ip === $matches['ip']) && ($ban->rule === $matches['rule']) && ($ban->date_unban === null)) {
145
							$ban->date_unban = $matches['date'];
146
							break;
147
						}
148
					}
149
				}
150
			}
1858 raphael.pi 151
		}
2292 tom.houday 152
		fclose($file);
1858 raphael.pi 153
	}
2292 tom.houday 154
	$bans = array_reverse($bans);
155
?>
2818 rexy 156
	<h3><?= $l_fail2ban ?></h3>
2527 fabien.rak 157
	<div class="container" border="1">
2818 rexy 158
		<table  class="table table-striped table-hover" border="1">
2527 fabien.rak 159
				<tr >
2818 rexy 160
					<th>
2527 fabien.rak 161
						Date
162
					</th>
2818 rexy 163
					<th>
2527 fabien.rak 164
						Date Unban
165
					</th>
2818 rexy 166
					<th>
2527 fabien.rak 167
						<?= $l_rule ?>
168
					</th>
2818 rexy 169
					<th>
2527 fabien.rak 170
						<?= $l_ipAddress ?>
171
					</th>
172
				</tr>
2292 tom.houday 173
				<?php if (!empty($bans)): ?>
174
					<?php foreach ($bans as $ban): ?>
2527 fabien.rak 175
						<tr>
176
							<td>
177
								<?= $ban->date_ban ?>
178
							</td>
179
							<td>
180
								<?= $ban->date_unban ?>
181
							</td>
182
							<td>
183
								<?= $ban->rule ?>
184
							</td>
185
							<td>
186
								<?= $ban->ip ?>
187
							</td>
188
						</tr>
2292 tom.houday 189
					<?php endforeach; ?>
190
				<?php else: ?>
191
					<tr><td colspan="4" style="text-align: center;"><?= $l_empty ?></td></tr>
192
				<?php endif; ?>
193
		</table>
194
	</div>
195
<?php
1410 richard 196
} else {
2292 tom.houday 197
	echo 'Unknown tab';
1410 richard 198
}
199
?>
2818 rexy 200
	</div>
2527 fabien.rak 201
</div>
1163 crox53 202
</body>
2292 tom.houday 203
</html>