| 592 |
stephane |
1 |
<?php
|
|
|
2 |
/*
|
|
|
3 |
* firewall Eyes
|
|
|
4 |
* Copyright (C) 2004 Creabilis
|
|
|
5 |
*
|
|
|
6 |
* This program is free software; you can redistribute it and/or modify
|
|
|
7 |
* it under the terms of the GNU General Public License as published by
|
|
|
8 |
* the Free Software Foundation; either version 2 of the License, or (at
|
|
|
9 |
* your option) any later version.
|
|
|
10 |
*
|
|
|
11 |
* This program is distributed in the hope that it will be useful, but
|
|
|
12 |
* WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
13 |
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
|
14 |
* General Public License for more details.
|
|
|
15 |
*
|
|
|
16 |
* You should have received a copy of the GNU General Public License
|
|
|
17 |
* along with this program; if not, write to the Free Software
|
|
|
18 |
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
|
|
19 |
*
|
|
|
20 |
*/
|
|
|
21 |
|
|
|
22 |
// ***************** CONFIGURATION *********************
|
|
|
23 |
// activate authentication by IP
|
|
|
24 |
// $IPAuthentication=true|false;
|
|
|
25 |
$IPAuthentication=false;
|
|
|
26 |
// alowed clientIP
|
|
|
27 |
// one line by IP
|
|
|
28 |
// $allowedClientIP[]="127.0.0.1";
|
|
|
29 |
$allowedClientIP[]="127.0.0.1";
|
|
|
30 |
|
|
|
31 |
// logfiles to parse, default is first
|
|
|
32 |
// you can use file path like /etc/log/messages or nfs
|
|
|
33 |
// or http like http://www.host.com/messages
|
|
|
34 |
// or ftp like ftp://user:password@ftp.host.com/messages
|
|
|
35 |
// $logfiles[]="/var/log/messages";
|
|
|
36 |
//$logfiles[]="/var/log/messages";
|
|
|
37 |
//$logfiles[]="/var/log/messages.1";
|
|
|
38 |
//$logfiles[]="/var/log/messages.2";
|
|
|
39 |
//$logfiles[]="/var/log/messages.3";
|
|
|
40 |
//$logfiles[]="/var/log/messages.4";
|
|
|
41 |
$folder = "/var/log/firewall";
|
|
|
42 |
$dossier = opendir($folder);
|
|
|
43 |
$index=0;
|
|
|
44 |
while ($Fichier = readdir($dossier)) {
|
|
|
45 |
$exclusion = stripos ($Fichier, '.gz');
|
|
|
46 |
if ($Fichier != "." && $Fichier != ".." && $exclusion == 0) {
|
|
|
47 |
$index ++;
|
|
|
48 |
$logfiles[]=$folder . "/" . $Fichier;
|
|
|
49 |
} # end if
|
|
|
50 |
} # end while
|
|
|
51 |
closedir($dossier);
|
|
|
52 |
|
|
|
53 |
// automatic submit
|
|
|
54 |
// automatic reload log display just after changing a display option (search strings, resolving, ...)
|
|
|
55 |
// $automaticSubmit=true|false;
|
|
|
56 |
$automaticSubmit=true;
|
|
|
57 |
|
|
|
58 |
|
|
|
59 |
// default number of lines to display
|
|
|
60 |
$configuration["displayedLines"]=50;
|
|
|
61 |
|
|
|
62 |
// resolv ip
|
|
|
63 |
$configuration["resolvIp"]=false;
|
|
|
64 |
|
|
|
65 |
// resolv service
|
|
|
66 |
$configuration["resolvService"]=true;
|
|
|
67 |
|
|
|
68 |
// read log file from the end
|
|
|
69 |
$configuration["readFromTheEnd"]=true;
|
|
|
70 |
|
|
|
71 |
// exact search
|
|
|
72 |
$configuration["exactSearch"]=false;
|
|
|
73 |
|
|
|
74 |
// automatic refresh page every x secondes
|
|
|
75 |
//$configuration["automaticRefresh"]=false|true;
|
|
|
76 |
$configuration["automaticRefresh"]=false;
|
|
|
77 |
|
|
|
78 |
// refresh interval in seconds
|
|
|
79 |
$automaticRefreshInterval=10;
|
|
|
80 |
|
|
|
81 |
// column array
|
|
|
82 |
// syntax : name, index in regexp, width in pixels, type, toolname
|
|
|
83 |
// type can be ip or service or protocol, used for resolution
|
|
|
84 |
// to hide a column, just comment it with //
|
|
|
85 |
$logFields[]=Array("date","1","60",null,null);
|
|
|
86 |
$logFields[]=Array("heure","2","60",null,null);
|
|
|
87 |
$logFields[]=Array("intf","5","50",null,null);
|
|
|
88 |
$logFields[]=Array("source","6","150","ip","iptools");
|
|
|
89 |
$logFields[]=Array("destination","7","150","ip","iptools");
|
|
|
90 |
$logFields[]=Array("protocol","8","60","protocol",null);
|
|
|
91 |
$logFields[]=Array("src port","9","60",null,null);
|
|
|
92 |
$logFields[]=Array("dst port","10","80","service","srvtools");
|
|
|
93 |
$logFields[]=Array("règle","3","80",null,null);
|
|
|
94 |
$logFields[]=Array("action","4","80",null,null);
|
|
|
95 |
|
|
|
96 |
// ip tools
|
|
|
97 |
// types are command or url
|
|
|
98 |
// use %originalParameter% for values like ip address
|
|
|
99 |
// use %transformedParameter% for values like dns address
|
|
|
100 |
$tools["iptools"]["ping"]= array("type"=>"command", "value"=>"ping -c 5 %p1%");
|
|
|
101 |
$tools["iptools"]["traceroute"]=array("type"=>"command", "value"=>"traceroute %p1%");
|
|
|
102 |
$tools["iptools"]["DNS lookup"]= array("type"=>"command", "value"=>"host %p1%");
|
|
|
103 |
$tools["iptools"]["whois"]= array("type"=>"command", "value"=>"whois %p1%","precompute"=>"extractdomain");
|
|
|
104 |
$tools["iptools"]["nmap"]= array("type"=>"command", "value"=>"nmap %p1%");
|
|
|
105 |
$tools["iptools"]["HTTP Test"]= array("type"=>"url", "value"=>"http://%p1%");
|
|
|
106 |
|
|
|
107 |
// service tool
|
|
|
108 |
$tools["srvtools"]["ISS Port db"]= array("type"=>"url", "value"=>"http://www.iss.net/security_center/advice/Exploits/Ports/%p1%/default.htm");
|
|
|
109 |
$tools["srvtools"]["IANA ports"]= array("type"=>"url", "value"=>"http://www.iana.org/assignments/port-numbers");
|
|
|
110 |
$tools["srvtools"]["Google"]= array("type"=>"url", "value"=>"http://www.google.com/search?hl=en&q=port+%p1%");
|
|
|
111 |
|
|
|
112 |
// regExp for detecting a firewall line
|
|
|
113 |
$detectLine="/RULE/S";
|
|
|
114 |
|
|
|
115 |
// regExp for line parsing
|
|
|
116 |
$LineRegExp="/(\w+\s+\d+)\s+(\S+)\s+\S+.*RULE (\S+).+-\s+(\S+).*IN=(\S+).*SRC=(\S+)\s+DST=(\S+).*PROTO=(\S+).*SPT=(\S+).*DPT=(\S+)/S";
|
|
|
117 |
|
|
|
118 |
//line sample :
|
|
|
119 |
//Sep 24 18:07:35 passerelle kernel: RULE 14 -- ACCEPT IN=eth1 OUT= MAC=00:04:e2:43:1c:c4:00:0b:cd:f9:f4:42:08:00 SRC=192.168.0.1 DST=172.31.0.253 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=11059 DF PROTO=TCP SPT=1537 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0
|
|
|
120 |
|
|
|
121 |
?>
|