Subversion Repositories ALCASAR

Rev

Go to most recent revision | Details | Last modification | View Log

Rev Author Line No. Line
592 stephane 1
<?php
2
/*
3
 * firewall Eyes
4
 * Copyright (C) 2004 Creabilis
5
 * 
6
 * This program is free software; you can redistribute it and/or modify
7
 * it under the terms of the GNU General Public License as published by
8
 * the Free Software Foundation; either version 2 of the License, or (at
9
 * your option) any later version.
10
 * 
11
 * This program is distributed in the hope that it will be useful, but
12
 * WITHOUT ANY WARRANTY; without even the implied warranty of
13
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
14
 * General Public License for more details.
15
 * 
16
 * You should have received a copy of the GNU General Public License
17
 * along with this program; if not, write to the Free Software
18
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
19
 *
20
 */
21
 
22
// ***************** CONFIGURATION *********************
23
// activate authentication by IP
24
// $IPAuthentication=true|false;
25
$IPAuthentication=false;
26
// alowed clientIP
27
// one line by IP
28
// $allowedClientIP[]="127.0.0.1";
29
$allowedClientIP[]="127.0.0.1";
30
 
31
// logfiles to parse, default is first
32
// you can use file path like /etc/log/messages or nfs
33
// or http like http://www.host.com/messages
34
// or ftp like ftp://user:password@ftp.host.com/messages
35
// $logfiles[]="/var/log/messages";
36
//$logfiles[]="/var/log/messages";
37
//$logfiles[]="/var/log/messages.1";
38
//$logfiles[]="/var/log/messages.2";
39
//$logfiles[]="/var/log/messages.3";
40
//$logfiles[]="/var/log/messages.4";
41
$folder = "/var/log/firewall";
42
$dossier = opendir($folder);
43
$index=0;
44
while ($Fichier = readdir($dossier))	{
45
		$exclusion = stripos ($Fichier, '.gz');
46
		if ($Fichier != "." && $Fichier != ".." && $exclusion == 0)	{
47
			$index ++;
48
			$logfiles[]=$folder . "/" . $Fichier;
49
		} # end if
50
	} # end while
51
closedir($dossier);
52
 
53
// automatic submit
54
// automatic reload log display just after changing a display option (search strings, resolving, ...)
55
// $automaticSubmit=true|false; 
56
$automaticSubmit=true;
57
 
58
 
59
// default number of lines to display
60
$configuration["displayedLines"]=50;
61
 
62
// resolv ip
63
$configuration["resolvIp"]=false;
64
 
65
// resolv service
66
$configuration["resolvService"]=true;
67
 
68
// read log file from the end
69
$configuration["readFromTheEnd"]=true;
70
 
71
// exact search
72
$configuration["exactSearch"]=false;
73
 
74
// automatic refresh page every x secondes 
75
//$configuration["automaticRefresh"]=false|true;
76
$configuration["automaticRefresh"]=false;
77
 
78
// refresh interval in seconds
79
$automaticRefreshInterval=10;
80
 
81
// column array
82
// syntax : name, index in regexp, width in pixels, type, toolname
83
// type can be ip or service or protocol, used for resolution
84
// to hide a column, just comment it with //
85
$logFields[]=Array("date","1","60",null,null);
86
$logFields[]=Array("heure","2","60",null,null);
87
$logFields[]=Array("intf","5","50",null,null);
88
$logFields[]=Array("source","6","150","ip","iptools");
89
$logFields[]=Array("destination","7","150","ip","iptools");
90
$logFields[]=Array("protocol","8","60","protocol",null);
91
$logFields[]=Array("src port","9","60",null,null);
92
$logFields[]=Array("dst port","10","80","service","srvtools");
93
$logFields[]=Array("r&egrave;gle","3","80",null,null);
94
$logFields[]=Array("action","4","80",null,null);
95
 
96
// ip tools
97
// types are command or url
98
// use %originalParameter% for values like ip address
99
// use %transformedParameter% for values like dns address
100
$tools["iptools"]["ping"]=		array("type"=>"command", "value"=>"ping -c 5 %p1%");
101
$tools["iptools"]["traceroute"]=array("type"=>"command", "value"=>"traceroute %p1%");
102
$tools["iptools"]["DNS lookup"]=	array("type"=>"command", "value"=>"host %p1%");
103
$tools["iptools"]["whois"]=		array("type"=>"command", "value"=>"whois %p1%","precompute"=>"extractdomain");
104
$tools["iptools"]["nmap"]=		array("type"=>"command", "value"=>"nmap %p1%");
105
$tools["iptools"]["HTTP Test"]=	array("type"=>"url", "value"=>"http://%p1%");
106
 
107
// service tool
108
$tools["srvtools"]["ISS Port db"]=	array("type"=>"url", "value"=>"http://www.iss.net/security_center/advice/Exploits/Ports/%p1%/default.htm");
109
$tools["srvtools"]["IANA ports"]=	array("type"=>"url", "value"=>"http://www.iana.org/assignments/port-numbers");
110
$tools["srvtools"]["Google"]=	array("type"=>"url", "value"=>"http://www.google.com/search?hl=en&q=port+%p1%");
111
 
112
// regExp for detecting a firewall line
113
$detectLine="/RULE/S";
114
 
115
// regExp for line parsing
116
$LineRegExp="/(\w+\s+\d+)\s+(\S+)\s+\S+.*RULE (\S+).+-\s+(\S+).*IN=(\S+).*SRC=(\S+)\s+DST=(\S+).*PROTO=(\S+).*SPT=(\S+).*DPT=(\S+)/S";
117
 
118
//line sample :
119
//Sep 24 18:07:35 passerelle kernel: RULE 14 -- ACCEPT IN=eth1 OUT= MAC=00:04:e2:43:1c:c4:00:0b:cd:f9:f4:42:08:00 SRC=192.168.0.1 DST=172.31.0.253 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=11059 DF PROTO=TCP SPT=1537 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 
120
 
121
?>