/gestion/admin/network.php |
---|
0,0 → 1,181 |
<?php |
/* written by steweb57 */ |
# Choice of language |
$Language = 'en'; |
if(isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])){ |
$Langue = explode(",",$_SERVER['HTTP_ACCEPT_LANGUAGE']); |
$Language = strtolower(substr(chop($Langue[0]),0,2)); } |
if($Language == 'fr'){ |
$l_network_title = "Configuration réseau"; |
$l_network_title1 = "Gestion de la configuration réseau"; |
$l_eth0_legend = "Eth0 (Interface connectée à Internet)"; |
$l_eth1_legend = "Eth1 (Réseau de consultation)"; |
$l_internet_legend = "INTERNET"; |
$l_ip_adr = "Adresse IP"; |
$l_ip_mask = "Masque"; |
$l_ip_router = "Passerelle"; |
$l_ip_public = "Adresse IP public"; |
$l_ip_dns1 = "DNS1"; |
$l_ip_dns2 = "DNS2"; |
} else { |
$l_network_title = "Network configuration"; |
$l_network_title1 = "Network configuration managment"; |
$l_eth0_legend = "Eth0 (Internet connected interface)"; |
$l_eth1_legend = "Eth1 (Private network)"; |
$l_internet_legend = "INTERNET"; |
$l_ip_adr = "IP Address"; |
$l_ip_mask = "Mask"; |
$l_ip_router = "Router"; |
$l_ip_public = "Public IP address"; |
$l_ip_dns1 = "DNS1 :"; |
$l_ip_dns2 = "DNS2"; |
} |
/******************************************************************** |
* CONSTANTES AVEC CHEMINS DES FICHIERS DE CONFIGURATION * |
*********************************************************************/ |
define ("ALCASAR_CHILLI", "/etc/chilli/config"); |
define ("ALCASAR_ETH0", "/etc/sysconfig/network-scripts/default-ifcfg-eth0"); |
define ("ALCASAR_ETH1", "/etc/sysconfig/network-scripts/ifcfg-eth1"); |
/******************************************************************** |
* TEST DES FICHIERS DE CONFIGURATION * |
*********************************************************************/ |
//Test de présence et des droits en lecture des fichiers de configuration. |
if (!file_exists(ALCASAR_CHILLI)){ |
exit("Fichier de configuration ".ALCASAR_CHILLI." non présent"); |
} |
if (!file_exists(ALCASAR_ETH0)){ |
exit("Fichier de configuration ".ALCASAR_ETH0." non présent"); |
} |
if (!file_exists(ALCASAR_ETH0)){ |
exit("Fichier de configuration ".ALCASAR_ETH1." non présent"); |
} |
if (!is_readable(ALCASAR_ETH0)){ |
exit("Vous n'avez pas les droits de lecture sur le fichier ".ALCASAR_ETH0); |
} |
if (!is_readable(ALCASAR_ETH0)){ |
exit("Vous n'avez pas les droits de lecture sur le fichier ".ALCASAR_ETH1); |
} |
/******************************************************************** |
* Lecture du fichier ALCASAR_CHILLI * |
*********************************************************************/ |
//Lecture du fichier ALCASAR_ETH0 |
$ouvre=fopen(ALCASAR_CHILLI,"r"); |
if ($ouvre){ |
while (!feof ($ouvre)) |
{ |
$tampon = fgets($ouvre, 4096); |
if (strpos($tampon,"=")!==false){ |
$tmp = explode("=",$tampon); |
$chilli[$tmp[0]] = $tmp[1]; |
} |
} |
}else{ |
exit("Erreur d'ouverture du fichier ".ALCASAR_CHILLI); |
} |
fclose($ouvre); |
/******************************************************************** |
* Lecture du fichier ALCASAR_ETH0 * |
*********************************************************************/ |
//Lecture du fichier ALCASAR_ETH0 |
$ouvre=fopen(ALCASAR_ETH0,"r"); |
if ($ouvre){ |
while (!feof ($ouvre)) |
{ |
$tampon = fgets($ouvre, 4096); |
if (strpos($tampon,"=")!==false){ |
$tmp = explode("=",$tampon); |
$eth0[$tmp[0]] = $tmp[1]; |
} |
} |
}else{ |
exit("Erreur d'ouverture du fichier ".ALCASAR_ETH0); |
} |
fclose($ouvre); |
/******************************************************************** |
* Lecture du fichier ALCASAR_ETH1 * |
*********************************************************************/ |
//Lecture du fichier ALCASAR_ETH1 |
$ouvre=fopen(ALCASAR_ETH1,"r"); |
if ($ouvre){ |
while (!feof ($ouvre)) |
{ |
$tampon = fgets($ouvre, 4096); |
if (strpos($tampon,"=")!==false){ |
$tmp = explode("=",$tampon); |
$eth1[$tmp[0]] = $tmp[1]; |
} |
} |
}else{ |
exit("Erreur d'ouverture du fichier ".ALCASAR_ETH1); |
} |
fclose($ouvre); |
/******************************************************************** |
* Recherche IP public * |
*********************************************************************/ |
$IP_PUB = exec ("wget http://checkip.dyndns.org/ -O - -o /dev/null | cut -d: -f 2 | cut -d\< -f 1"); |
/************************ |
* TO DO * |
*************************/ |
//modification de la conf réseau, cmd : ifconfig eth0 ..... |
//synchro de la modification réseau dans les différentes couches d'alcasar |
//gestion du dhcp (affichage,modification, ajout @static) |
?><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> |
<html><!-- written by steweb57 --> |
<head> |
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> |
<title><?php echo $l_network_title; ?></title> |
<link rel="stylesheet" href="../css/style.css" type="text/css"> |
</head> |
<body> |
<table width="100%" border="0" cellspacing="0" cellpadding="0"> |
<tr><th><?php echo $l_network_title1; ?></th></tr> |
<tr bgcolor="#FFCC66"><td><img src="/images/pix.gif" width="1" height="2"></td></tr> |
</table> |
<TABLE width="100%" border=1 cellspacing=0 cellpadding=1> |
<tr><td valign="middle" align="left"> |
<fieldset> |
<legend><?php echo $l_eth0_legend; ?></legend> |
<table> |
<tr><td><?php echo $l_ip_adr." : </td><td>".$eth0["IPADDR"];?></td></tr> |
<tr><td><?php echo $l_ip_mask." : </td><td>".$eth0["NETMASK"];?></td></tr> |
<tr><td><?php echo $l_ip_router." : </td><td>".$eth0["GATEWAY"];?></td></tr> |
</table> |
</fieldset> |
<br /> |
<fieldset> |
<legend><?php echo $l_eth1_legend; ?></legend> |
<table> |
<tr><td><?php echo $l_ip_adr." : </td><td>".$eth1["IPADDR"];?></td></tr> |
<tr><td><?php echo $l_ip_mask." : </td><td>".$eth1["NETMASK"];?></td></tr> |
</table> |
</fieldset> |
<br /> |
<fieldset> |
<legend><?php echo $l_internet_legend; ?></legend> |
<table> |
<tr><td><?php echo $l_ip_public." : </td><td>".$IP_PUB;?></td></tr> |
<tr><td><?php echo $l_ip_dns1." : </td><td>".$eth0["DNS1"];?></td></tr> |
<tr><td><?php echo $l_ip_dns2." : </td><td>".$eth0["DNS2"];?></td></tr> |
</table> |
</fieldset> |
<br /> |
</td></tr> |
</table> |
</body> |
</html> |
/gestion/admin/ldap.php |
---|
0,0 → 1,334 |
<?php |
/* written by steweb57 */ |
/**************************************************************** |
* CONSTANTES AVEC CHEMINS DES FICHIERS DE CONFIGURATION * |
*****************************************************************/ |
define ("ALCASAR_RADIUS_SITE", "/etc/raddb/sites-available/alcasar"); |
define ("ALCASAR_RADIUS_MODULE_LDAP", "/etc/raddb/modules/ldap"); |
/******************************************************** |
* TEST DES FICHIERS DE CONFIGURATION * |
*********************************************************/ |
//Test de présence et des droits en lecture des fichiers de configuration. |
if (!file_exists(ALCASAR_RADIUS_SITE)){ |
exit("Fichier ".ALCASAR_RADIUS_SITE." non présent"); |
} |
if (!file_exists(ALCASAR_RADIUS_MODULE_LDAP)){ |
exit("Fichier ".ALCASAR_RADIUS_MODULE_LDAP." non présent"); |
} |
if (!is_readable(ALCASAR_RADIUS_SITE)){ |
exit("Vous n'avez pas les droits d'écriture sur le fichier ".ALCASAR_RADIUS_SITE); |
} |
if (!is_readable(ALCASAR_RADIUS_MODULE_LDAP)){ |
exit("Vous n'avez pas les droits d'écriture sur le fichier ".ALCASAR_RADIUS_MODULE_LDAP); |
} |
/******************************************************** |
* VARIABLES DE FORMULAIRE * |
*********************************************************/ |
if (isset($_GET['erreur'])&&(!($_GET['erreur']==""))) $erreur = $_GET['erreur']; else $erreur = false;//valeur de $erreur non controlée car ne sert qu'un afficher un msg. |
if (isset($_GET['update'])&&($_GET['update']=="ok")) $update = true; else $update = false; |
$message = ""; |
if ((bool)$erreur){ |
$message = "<div align=\"center\"><br />"; |
$message.="<strong><font color=\"red\">".$erreur."</font></strong><br />"; |
$message.="<br /></div>"; |
}else{ |
if ($update){ |
$message = "<div align=\"center\"><br />"; |
$message.="<strong><font color=\"red\">Mise à jour des paramètres ldap réalisé avec succès</font><br /></strong>"; |
$message.="<br /></div>"; |
} |
} |
/**************************************************************** |
* VARIABLES RESULTATS * |
*****************************************************************/ |
//Création des variables nécessaires |
//variables ldap |
$ldap = ""; |
$ldap_server = ""; //IP ou nom DNS du seveur LDAP (ou AD) |
//par défaut : server = "ldap.your.domain" |
$ldap_identity = ""; //nom d'utilisateur qui intérroge le ldap (vide = anonyme) |
//par défaut : # identity = "cn=admin,o=My Org,c=UA" |
$ldap_password = ""; //mot de passe de l'utilisateur intérrogeant le ldap |
//par défaut : # password = mypass |
$ldap_basedn = ""; //DN de base ou l'on recherchera les utilisateurs |
//par défaut : basedn = "o=My Org,c=UA" |
$ldap_filter = ""; //permet entre autre de déterminer l'attribut utilisé pour la recherche d'un utilisateur dans LDAP |
//attribut uid pour un ldap standard, samaccountname pour AD |
//par défaut : filter = "(uid=%{Stripped-User-Name:-%{User-Name}})" |
$ldap_base_filter = ""; // |
//par défaut : # base_filter = "(objectclass=radiusprofile)" |
/******************************************************** |
* Fichier ALCASAR_RADIUS_SITE * |
*********************************************************/ |
//variables pour le parcourt des fichiers |
//$ouvre : fichier ouvert |
//$tampon : ligne en cours |
// |
//Lecture du fichier /etc/raddb/sites-available/alcasar |
$continue = true; |
$ouvre=fopen(ALCASAR_RADIUS_SITE,"r"); |
if ($ouvre){ |
while (!feof ($ouvre)) |
{ |
$tampon = fgets($ouvre, 4096); |
if ((preg_match('`^([\s#]*ldap[\s]*)$`',$tampon))&&$continue){ |
//Récupération dans la section authorise de la ligne ldap |
//valeur : ldap = authentification ldap authorisée |
//valeur : #ldap = authentification ldap non authorisée |
//section authenticat utile ? |
//section post-auth non utilisée |
$ldap = trim($tampon); |
$continue = false;//arret de la boucle lorsque l'on trouve le premier élément "ldap" dans le fichier |
} |
} |
}else{ |
exit("Erreur d'ouverture du fichier /etc/raddb/sites-available/alcasar"); |
} |
fclose($ouvre); |
/**************************************************************** |
* Fichier ALCASAR_RADIUS_MODULE_LDAP * |
*****************************************************************/ |
//Lecture du fichier /etc/raddb/modules/ldap |
$ouvre=fopen(ALCASAR_RADIUS_MODULE_LDAP,"r"); |
if ($ouvre){ |
while (!feof ($ouvre)) |
{ |
$tampon = fgets($ouvre, 4096); |
if (preg_match('`^([\s#]*server(\s*)=)`',$tampon)){ |
//if (preg_match('`^((\s*)(#*)(\s*)server\b(\s*)=)`i',$tampon)){ |
//Récupération de la ligne contenant le paramettre ldap server |
$ldap_server = ltrim($tampon); |
} elseif (preg_match('`^([\s#]*identity(\s*)=)`',$tampon)){ |
//Récupération de la ligne contenant le paramettre ldap identity |
$ldap_identity = ltrim($tampon); |
} elseif (preg_match('`^([\s#]*password(\s*)=)`',$tampon)){ |
//Récupération de la ligne contenant le paramettre ldap password |
$ldap_password = ltrim($tampon); |
} elseif (preg_match('`^([\s#]*basedn(\s*)=)`',$tampon)){ |
//Récupération de la ligne contenant le paramettre ldap basedn |
$ldap_basedn = ltrim($tampon); |
} elseif (preg_match('`^([\s#]*filter(\s*)=)`',$tampon)){ |
//Récupération de la ligne contenant le paramettre ldap filter |
$ldap_filter = ltrim($tampon); |
} elseif (preg_match('`^([\s#]*base_filter(\s*)=)`',$tampon)){ |
//Récupération de la ligne contenant le paramettre ldap base_filter |
$ldap_base_filter = ltrim($tampon); |
} |
} |
}else{ |
exit("Erreur d'ouverture du fichier /etc/raddb/modules/ldap"); |
} |
fclose($ouvre); |
//mise en forme des parametres ldap récupérés |
//A FAIRE : test de contrôle des valeurs $tmp[O] pour être sur d'avoir les bonnes lignes du fichier de conf !!! |
//pas de test de la variable ldap car tester dans la comparaison du formulaire ci-dessous (si $ldap = "ldap" authentification LDAP activée, elle est désactivé). |
$tmp = explode("=",$ldap_server,2); |
$ldap_server = str_replace("\"","",$tmp[1]); //suppression des " dans la chaine |
$ldap_server = trim($ldap_server); //suppression des espaces avant et après la chaine |
$tmp = explode("=",$ldap_identity,2); |
$ldap_identity = str_replace("\"","",$tmp[1]); //suppression des " dans la chaine |
$ldap_identity = trim($ldap_identity); //suppression des espaces avant et après la chaine |
$tmp = explode("=",$ldap_password,2); |
$ldap_password = str_replace("\"","",$tmp[1]); //suppression des " dans la chaine |
$ldap_password = trim($ldap_password); //suppression des espaces avant et après la chaine |
$tmp = explode("=",$ldap_basedn,2); |
$ldap_basedn = str_replace("\"","",$tmp[1]); //suppression des " dans la chaine |
$ldap_basedn = trim($ldap_basedn); //suppression des espaces avant et après la chaine |
$tmp = explode("=",$ldap_filter,3); |
$ldap_filter = str_replace("\"","",$tmp[1]); //suppression des " dans la chaine |
$ldap_filter = trim($ldap_filter); //suppression des espaces avant et après la chaine |
$ldap_filter = str_replace("(","",$ldap_filter);//suppression du ( dans la chaine |
$tmp = explode("=",$ldap_base_filter,2); |
$ldap_base_filter = str_replace("\"","",$tmp[1]); //suppression des " dans la chaine |
$ldap_base_filter = trim($ldap_base_filter); //suppression des espaces avant et après la chaine |
# Choice of language |
$Language = 'en'; |
if(isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])){ |
$Langue = explode(",",$_SERVER['HTTP_ACCEPT_LANGUAGE']); |
$Language = strtolower(substr(chop($Langue[0]),0,2)); } |
if($Language == 'fr'){ |
$l_ldap_title = "Authentification externe : LDAP"; |
$l_ldap_legend = "Authentification LDAP"; |
$l_ldap_auth_enable_label = "Activer l'authentification LDAP:"; |
$l_ldap_YES = "OUI"; |
$l_ldap_NO = "NON"; |
$l_ldap_server_label = "Nom du serveur LDAP:"; |
$l_ldap_server_text = "Nom ou IP du serveur LDAP éventuel."; |
$l_ldap_base_dn_label = "DN de la base LDAP:"; |
$l_ldap_base_dn_text = "DN est le 'Distinguished Name', il situe les informations utilisateurs, exemple: 'o=Mon entreprise, c=FR'."; |
$l_ldap_filter_label = "Identifiant LDAP:"; |
$l_ldap_filter_text = "Clé utilisée pour la recherche d'un identifiant de connexion, exemple: 'uid', 'sn', etc. Pour un AD mettre 'sAMAccountName'."; |
$l_ldap_base_filter_label = "Filtre de l'utilisateur LDAP:"; |
$l_ldap_base_filter_text = "Sur option, vous pouvez en plus limiter les objets recherchés avec des filtres additionnels. Par exemple 'objectClass=posixGroup' aurait comme conséquence l'utilisation de '(&(uid=username)(objectClass=posixGroup))'"; |
$l_ldap_user_label = "Utilisateur LDAP dn:"; |
$l_ldap_user_text = "Laissez vide pour utiliser un accès invité. Si renseigné, il se connectera au serveur LDAP en tant qu'un utilisateur spécifié, exemple: 'uid=Utilisateur,ou=MonUnité,o=MaCompagnie,c=FR'. Requis pour les serveurs possédant un Active Directory."; |
$l_ldap_password_label = "Mot de passe LDAP:"; |
$l_ldap_password_text = "Laissez vide pour un accès invité. Sinon, indiquez le mot de passe de connexion. Requis pour les serveurs possédant un Active Directory."; |
$l_ldap_submit = "Enregistrer"; |
$l_ldap_reset = "Annuler"; |
} else { |
$l_ldap_title = "External authentication : LDAP"; |
$l_ldap_legend = "LDAP authentication"; |
$l_ldap_auth_enable_label = "Use LDAP authentication :"; |
$l_ldap_YES = "YES"; |
$l_ldap_NO = "NO"; |
$l_ldap_server_label = "LDAP server name:"; |
$l_ldap_server_text = "This is the hostname or IP address of the LDAP server."; |
$l_ldap_base_dn_label = "LDAP base dn:"; |
$l_ldap_base_dn_text = "This is the 'Distinguished Name', locating the user information, e.g. 'o=My Company,c=US'."; |
$l_ldap_filter_label = "LDAP uid:"; |
$l_ldap_filter_text = "This is the key under which to search for a given login identity, e.g. 'uid', 'sn', etc.. For AD use 'sAMAccountName'."; |
$l_ldap_base_filter_label = "LDAP user filter:"; |
$l_ldap_base_filter_text = "Optionally you can further limit the searched objects with additional filters. For example 'objectClass=posixGroup' would result in the use of '(&(uid=username)(objectClass=posixGroup))'"; |
$l_ldap_user_label = "LDAP user dn:"; |
$l_ldap_user_text = "Leave blank to use anonymous binding. If filled uses the specified distinguished name on login attempts to find the correct user, e.g. 'uid=Username,ou=MyUnit,o=MyCompany,c=US'. Required for Active Directory Servers."; |
$l_ldap_password_label = "LDAP password:"; |
$l_ldap_password_text = "Leave blank to use anonymous binding. Else fill in the password for the above user. Required for Active Directory Servers."; |
$l_ldap_submit = "Save"; |
$l_ldap_reset = "Reset"; |
} |
/******************************** |
* TO DO * |
*********************************/ |
//internationnalisation à mettre en haut du fichier pour internationnaliser les erreurs de script! |
?> |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> |
<html><!-- written by steweb57 --> |
<head> |
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> |
<title><?php echo $l_ldap_title; ?></title> |
<link rel="stylesheet" href="/css/style.css" type="text/css"> |
<link rel="stylesheet" href="../css/ldap.css" type="text/css"> |
<script language="javascript"> |
function testLdapActif(){ |
//List des ID des éléments à désactiver |
var listToDisables = new Array("ldap_server","ldap_dn","ldap_filter","ldap_base_filter","ldap_user","ldap_password"); |
if (document.getElementById("auth_enable").value == "1"){ |
for (var i=0;i<listToDisables.length;i++){ |
document.getElementById(listToDisables[i]).style.backgroundColor ="#ffffff"; |
document.getElementById(listToDisables[i]).disabled = false; |
} |
} else { |
for (var i=0;i<listToDisables.length;i++){ |
document.getElementById(listToDisables[i]).style.backgroundColor ="#c0c0c0"; |
document.getElementById(listToDisables[i]).disabled = true; |
} |
} |
} |
</script> |
</head> |
<body onLoad="testLdapActif();"> |
<table width="100%" border=0 cellspacing=0 cellpadding=0> |
<tr><th><?php echo $l_ldap_legend; ?></th></tr> |
<tr bgcolor="#FFCC66"><td><img src="/images/pix.gif" width=1 height=2></td></tr> |
</table> |
<table width="100%" border=1 cellspacing=0 cellpadding=1> |
<tr><td valign="middle" align="left"> |
<form name="config_ldap" method="post" action="update_ldap.php"> |
<fieldset> |
<legend><?php echo $message; ?></legend> |
<dl> |
<dt> |
<label for="auth_enable"><?php echo $l_ldap_auth_enable_label; ?></label> |
</dt> |
<dd> |
<select id="auth_enable" name="auth_enable" onchange="testLdapActif();"> |
<?php if ($ldap == "ldap") { |
echo "<option value=\"1\" selected=\"selected\">$l_ldap_YES</option>"; |
echo "<option value=\"0\">$l_ldap_NO</option>"; |
}else{ |
echo "<option value=\"1\">$l_ldap_YES</option>"; |
echo "<option value=\"0\" selected=\"selected\">$l_ldap_NO</option>"; |
}?> |
</select> |
</dd> |
</dl> |
<dl> |
<dt> |
<label for="ldap_server"><?php echo $l_ldap_server_label; ?></label> |
<br /> |
<?php echo $l_ldap_server_text; ?></dt> |
<dd> |
<input id="ldap_server" size="40" name="ldap_server" value="<?php echo htmlspecialchars($ldap_server); ?>"/> |
</dd> |
</dl> |
<dl> |
<dt> |
<label for="ldap_dn"><?php echo $l_ldap_base_dn_label; ?></label> |
<br /> |
<?php echo $l_ldap_base_dn_text; ?></dt> |
<dd> |
<input id="ldap_dn" size="40" name="ldap_base_dn" value="<?php echo htmlspecialchars($ldap_basedn); ?>" /> |
</dd> |
</dl> |
<dl> |
<dt> |
<label for="ldap_filter"><?php echo $l_ldap_filter_label; ?></label> |
<br /> |
<?php echo $l_ldap_filter_text; ?></dt> |
<dd> |
<input id="ldap_filter" size="40" name="ldap_filter" value="<?php echo htmlspecialchars($ldap_filter); ?>" /> |
</dd> |
</dl> |
<dl> |
<dt> |
<label for="ldap_base_filter"><?php echo $l_ldap_base_filter_label; ?></label> |
<br /> |
<?php echo $l_ldap_base_filter_text; ?></dt> |
<dd> |
<input id="ldap_base_filter" size="40" name="ldap_base_filter" value="<?php echo htmlspecialchars($ldap_base_filter); ?>" /> |
</dd> |
</dl> |
<dl> |
<dt> |
<label for="ldap_user"><?php echo $l_ldap_user_label; ?></label> |
<br /> |
<?php echo $l_ldap_user_text; ?></dt> |
<dd> |
<input id="ldap_user" size="40" name="ldap_user" value="<?php echo htmlspecialchars($ldap_identity); ?>" /> |
</dd> |
</dl> |
<dl> |
<dt> |
<label for="ldap_password"><?php echo $l_ldap_password_label; ?></label> |
<br /> |
<?php echo $l_ldap_password_text; ?></dt> |
<dd> |
<input id="ldap_password" type="password" size="40" name="ldap_password" value="<?php echo htmlspecialchars($ldap_password);?>" /> |
</dd> |
</dl> |
<p> |
<input id="submit" type="submit" value="<?php echo $l_ldap_submit; ?>" name="submit" /> |
<input id="reset" type="reset" value="<?php echo $l_ldap_reset; ?>" name="reset" /> |
</p> |
</fieldset> |
</form> |
<br /> |
</td></tr> |
</table> |
</body> |
</html> |
/gestion/admin/auth_exceptions.php |
---|
0,0 → 1,221 |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> |
<HTML><!-- written by Rexy - 3abtux --> |
<HEAD> |
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"> |
<TITLE>Exceptions</TITLE> |
<link rel="stylesheet" href="/css/style.css" type="text/css"> |
</HEAD> |
<body> |
<? |
# Choice of language |
$Language = 'en'; |
if(isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])){ |
$Langue = explode(",",$_SERVER['HTTP_ACCEPT_LANGUAGE']); |
$Language = strtolower(substr(chop($Langue[0]),0,2)); } |
if($Language == 'fr'){ |
$l_trusted_sites = "Sites Internet de confiance"; |
$l_trusted_sites_explain1 = "Entrez ici les noms de site ou d'URLs Internet pouvant être joints sans authentification"; |
$l_trusted_sites_explain2 = "Entrez un noms par ligne"; |
$l_trusted_sites_list = "Liste de sites Internet de confiance"; |
$l_trusted_urls_list = "Liste d'URLs Internet de confiance"; |
$l_trusted_mac = "Équipements de confiance"; |
$l_trusted_mac_explain1 = "Entrez ici les adresses MAC des équipements autorisés à joindre Internet sans authentification"; |
$l_trusted_mac_explain2 = "Entrez une adresse MAC par ligne"; |
$l_trusted_mac_list = "Liste des adresses MAC de confiance"; |
$l_submit = "Enregistrer"; |
} |
else { |
$l_trusted_sites = "Trusted Internet sites"; |
$l_trusted_sites_explain1 = "Enter name of Internet sites or URLS that could be joined without authentication"; |
$l_trusted_sites_explain2 = "Enter one name per line"; |
$l_trusted_sites_list = "Trusted Internet sites list"; |
$l_trusted_urls_list = "Trusted Internet URLs list"; |
$l_trusted_mac = "Trusted Equipments"; |
$l_trusted_mac_explain1 = "Enter MAC address of equipments that could contact Internet without authentification"; |
$l_trusted_mac_explain2 = "Enter one Mac address per line"; |
$l_trusted_mac_list = "Trusted MAC addresses list"; |
$l_submit = "Submit"; |
} |
if (isset($_POST['choix'])){ |
switch ($_POST['choix']) |
{ |
case 'MAJ_UAMALLOWED' : |
$nb_domain=0; |
$tab_domains = explode ("\n", $_POST['trusted_domains']); |
$fichier=fopen("/etc/chilli/alcasar-uamdomain","w+"); |
fputs ($fichier, "HS_UAMDOMAINS=\""); |
foreach ($tab_domains as $domain ){ |
$tr_domain=trim($domain); |
$nb_domain++; |
if ($tr_domain != ""){ |
if ($nb_domain>1) fputs ($fichier, ",".$tr_domain); |
else fputs ($fichier, $tr_domain); |
} |
} |
fputs ($fichier, "\""); |
fclose($fichier); |
unset($_POST['trusted_domains']); |
unset($nb_domain); |
$nb_url=0; |
$tab_urls = explode ("\n", $_POST['trusted_urls']); |
$fichier=fopen("/etc/chilli/alcasar-uamallowed","w+"); |
fputs ($fichier, "HS_UAMALLOW=\""); |
foreach ($tab_urls as $url ){ |
$tr_url=trim($url); |
$nb_url++; |
if ($tr_url != ""){ |
if ($nb_url>1) fputs ($fichier, ",".$tr_url); |
else fputs ($fichier, $tr_url); |
} |
} |
fputs ($fichier, "\""); |
fclose($fichier); |
unset($_POST['trusted_urls']); |
unset($nb_url); |
exec ("sudo service chilli restart"); |
unset ($_POST['choix']); |
break; |
case 'MAJ_MACALLOWED' : |
$nb_mac=0; |
$tab_macs = explode ("\n", $_POST['trusted_macs']); |
$fichier=fopen("/etc/chilli/alcasar-macallowed","w+"); |
fputs ($fichier, "HS_MACALLOW=\""); |
foreach ($tab_macs as $macs ){ |
$tr_macs=trim($macs); |
$nb_mac++; |
if ($tr_macs != ""){ |
if ($nb_mac>1) fputs ($fichier, ",".$tr_macs); |
else fputs ($fichier, $tr_macs); |
} |
} |
fputs ($fichier, "\""); |
fclose($fichier); |
unset($_POST['trusted_macs']); |
unset($nb_mac); |
exec ("sudo service chilli restart"); |
unset ($_POST['choix']); |
break; |
} |
} |
?> |
<TABLE width="100%" border="0" cellspacing="0" cellpadding="0"> |
<tr><th><?php echo $l_trusted_sites ;?></th></tr> |
<tr bgcolor="#FFCC66"><td><img src="/images/pix.gif" width="1" height="2"></td></tr> |
</TABLE> |
<TABLE width="100%" border=0 cellspacing=0 cellpadding=1> |
<tr bgcolor="#666666"><td> |
<TABLE width="100%" border=0 cellspacing=0 cellpadding=2> |
<tr><td valign="middle" align="left"> |
<center><?php |
echo "$l_trusted_sites_explain1 <BR>"; |
echo "$l_trusted_sites_explain2" ; |
echo "<FORM action='$_SERVER[PHP_SELF]' method='POST'>";?> |
<TABLE cellspacing=2 cellpadding=3 border=1> |
<tr><td width=50% height=100% align=center> |
<H3><?php echo $l_trusted_sites_list ;?></H3> |
exemple1 : www.domain1.org<BR> |
exemple2 : domain2.net<BR> |
<?php |
echo "<textarea name='trusted_domains' rows=5 cols=40>"; |
$trusted_domains_file="/etc/chilli/alcasar-uamdomain"; |
$ouvre=fopen($trusted_domains_file,"r"); |
if ($ouvre) |
{ |
while (!feof ($ouvre)) |
{ |
$tampon = fgets($ouvre, 4096); |
$domains = substr($tampon,15,-1); |
$tab_domains = explode (",", $domains); |
foreach ($tab_domains as $domain ){ |
if ($domain != "\"") echo $domain."\n"; |
} |
} |
} |
else { |
echo "failed to open $trusted_domains_file"; |
} |
fclose($ouvre); |
echo "</textarea>"; |
?> |
</td> |
<td width=50% height=100% align=center> |
<H3><?php echo $l_trusted_urls_list ;?></H3> |
exemple1 : www.domain3.net/admin/index.htm<BR> |
exemple2 : domain4.org/~polux/index.html<BR> |
<?php |
echo "<textarea name='trusted_urls' rows=5 cols=40>"; |
$trusted_urls_file="/etc/chilli/alcasar-uamallowed"; |
$ouvre=fopen($trusted_urls_file,"r"); |
if ($ouvre) |
{ |
while (!feof ($ouvre)) |
{ |
$tampon = fgets($ouvre, 4096); |
$urls = substr($tampon,13,-1); |
$tab_urls = explode (",", $urls); |
foreach ($tab_urls as $url ){ |
if ($url != "\"") echo $url."\n"; |
} |
} |
} |
else { |
echo "failed to open $trusted_urls_file"; |
} |
fclose($ouvre); |
echo "</textarea>"; |
?> |
</td></tr> |
</TABLE> |
<input type='hidden' name='choix' value='MAJ_UAMALLOWED'> |
<input type='submit' value='<?php echo $l_submit ;?>'> |
</FORM> |
</td></tr> |
</TABLE> |
</TABLE> |
<TABLE width="100%" border="0" cellspacing="0" cellpadding="0"> |
<tr><th><?php echo $l_trusted_mac ;?></th></tr> |
<tr bgcolor="#FFCC66"><td><img src="/images/pix.gif" width="1" height="2"></td></tr> |
</TABLE> |
<TABLE width="100%" border=0 cellspacing=0 cellpadding=1> |
<tr bgcolor="#666666"><td> |
<TABLE width="100%" border=0 cellspacing=0 cellpadding=2> |
<tr><td valign="middle" align="left"> |
<center><?php |
echo "$l_trusted_mac_explain1 <BR>"; |
echo "$l_trusted_mac_explain2"; |
echo "<FORM action='$_SERVER[PHP_SELF]' method='POST'>";?> |
<TABLE cellspacing=2 cellpadding=3 border=1> |
<tr><td width=60% height=100% align=center> |
<H3><?php echo $l_trusted_mac_list ;?></H3> |
exemple : 12-2f-36-a4-df-43<BR> |
<?php |
echo "<textarea name='trusted_macs' rows=5 cols=40>"; |
$trusted_macs_file="/etc/chilli/alcasar-macallowed"; |
$ouvre=fopen($trusted_macs_file,"r"); |
if ($ouvre) |
{ |
while (!feof ($ouvre)) |
{ |
$tampon = fgets($ouvre, 4096); |
$macs = substr($tampon,13,-1); |
$tab_macs = explode (",", $macs); |
foreach ($tab_macs as $macs ){ |
if ($macs != "\"") echo $macs."\n"; |
} |
} |
} |
else { |
echo "failed to open $trusted_macs_file"; |
} |
fclose($ouvre); |
echo "</textarea>"; |
?> |
</td></tr> |
</TABLE> |
<input type='hidden' name='choix' value='MAJ_MACALLOWED'> |
<input type='submit' value='<?php echo $l_submit ;?>'> |
</FORM> |
</td></tr> |
</TABLE> |
</BODY> |
</HTML> |
/gestion/admin/web_filter2.php |
---|
0,0 → 1,96 |
<?php |
function echo_file ($filename) |
{ |
if (file_exists($filename)) |
{ |
if (filesize($filename) != 0) |
{ |
$pointeur=fopen($filename,"r"); |
$tampon = fread($pointeur, filesize($filename)); |
fclose($pointeur); |
echo $tampon; |
} |
} |
else |
{ |
echo "erreur d'ouverture du fichier $filename"; |
} |
} |
?> |
<TABLE width="100%" border=0 cellspacing=0 cellpadding=0> |
<tr><th> |
<? |
echo "$l_main_bl"; |
echo_file ("/var/www/html/VERSION-BL"); |
echo ")"; |
?> |
</th></tr> |
<tr bgcolor="#FFCC66"><td><img src="/images/pix.gif" width="1" height="2"></td></tr> |
</table> |
<TABLE width="100%" border=1 cellspacing=0 cellpadding=1> |
<tr><td valign="middle" align="left"> |
<BR><FORM action='/admin/web_filter.php' method=POST> |
<input type='hidden' name='choix' value='MAJ_bl'> |
<?php |
echo "<input type='submit' value='$l_download'>"; |
echo " ($l_warning)"; |
?> |
</FORM> |
</td></tr> |
</TABLE> |
<TABLE width="100%" border=0 cellspacing=0 cellpadding=0> |
<tr><th><?echo "$l_secondary_bl";?></th></tr> |
<tr bgcolor="#FFCC66"><td><img src="/images/pix.gif" width="1" height="2"></td></tr> |
</table> |
<TABLE width="100%" border=1 cellspacing=0 cellpadding=1> |
<tr><td valign="middle" align="left"> |
<FORM action='/admin/web_filter.php' method='POST'> |
<TABLE cellspacing=2 cellpadding=3 border=1> |
<tr><td width=50% height=100% align=center> |
<H3>Liste des noms de domaine interdits</H3> |
Entrez ici des noms de domaine inconnus de la liste noire principale<BR> |
et que vous désirez bloquer<BR> |
Entrez un nom de domaine par ligne (exemple : domaine.org) |
<textarea name='OSSI_bl_domains' rows=5 cols=40> |
<?php |
echo_file ("/etc/dansguardian/lists/blacklists/ossi/domains"); |
?> |
</textarea> |
</td><td width=50% height=100% align=center> |
<H3>Liste des noms de domaine réabilités</H3> |
Entrez ici des noms de domaine bloqués par la liste noire principale<BR> |
que vous désirez réhabiliter<BR> |
Entrez un nom de domaine par ligne (exemple : domaine2.org) |
<textarea name='OSSI_wl_domains' rows=5 cols=40> |
<?php |
echo_file ("/etc/dansguardian/lists/exceptionsitelist"); |
?> |
</textarea> |
</td></tr> |
<tr><td width=50% height=100% align=center> |
<H3>Liste des URLs interdites</H3> |
Entrez ici des URLs inconnues de la liste noire principale<BR> |
que vous désirez bloquer<BR> |
Entrez une URL par ligne (exemple : www.domaine.org/perso/index.htm) |
<textarea name='OSSI_bl_urls' rows=5 cols=40> |
<?php |
echo_file ("/etc/dansguardian/lists/blacklists/ossi/urls"); |
?> |
</textarea> |
</td><td width=50% height=100% align=center> |
<H3>Liste des URLs réabilités</H3> |
Entrez ici des URLs bloquées par la liste noire principale<BR> |
que vous désirez réhabiliter<BR> |
Entrez une URL par ligne (exemple : www.domaine2.org/perso/index.htm) |
<textarea name='OSSI_wl_urls' rows=5 cols=40> |
<?php |
echo_file ("/etc/dansguardian/lists/exceptionurllist"); |
?> |
</textarea> |
</td></tr> |
</TABLE> |
<input type='hidden' name='choix' value='MAJ_OSSI'> |
<input type='submit' value='Enregistrer les modifications'> |
</FORM> |
</td></tr> |
</TABLE> |
/gestion/admin/filter_exceptions.php |
---|
0,0 → 1,115 |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> |
<HTML><!-- written by Rexy --> |
<HEAD> |
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"> |
<TITLE>ALCASAR Filter Exceptions</TITLE> |
<link rel="stylesheet" href="/css/style.css" type="text/css"> |
</HEAD> |
<body> |
<? |
# Choice of language |
$Language = 'en'; |
if(isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])){ |
$Langue = explode(",",$_SERVER['HTTP_ACCEPT_LANGUAGE']); |
$Language = strtolower(substr(chop($Langue[0]),0,2)); } |
if($Language == 'fr'){ |
$l_exception_IP = "Exception au filtrage"; |
$l_exception_txt="Entrez ici les adresses IP des stations du réseau de consultation ne subissant pas de filtrage<BR>Entrez une adresse IP par ligne"; |
$l_submit = "Enregistrer"; |
} |
else { |
$l_exception_IP = "Network filtering exceptions"; |
$l_exception_txt="Put here the stations IP address that won't be filtered<BR>Put one IP per row"; |
$l_submit = "Submit"; |
} |
if (isset($_POST['choix'])){ |
switch ($_POST['choix']) |
{ |
case 'IP_exceptions' : |
// réencodage iso + format unix + rc fin de ligne (ouf...) |
$ip_list = str_replace("\r\n", "\n", utf8_decode($_POST['exception_list'])); |
if ($ip_list[strlen($ip_list)-1] != "\n") { $ip_list[strlen($ip_list)]="\n";} ; |
unset($_POST['exception_list']); |
$pointeur = fopen("/etc/dansguardian/dansguardian.conf", "r"); |
$result = false; |
if ($pointeur) |
{ |
while (!feof($pointeur)) |
{ |
$ligne = fgets($pointeur); |
if (preg_match("/^reportinglevel = 3/", $ligne, $r)) |
{ |
$result = true; |
break; |
} |
} |
} |
fclose($pointeur); |
if ($result) |
{ |
$fichier=fopen("/etc/dansguardian/lists/exceptioniplist", "w+"); |
fputs($fichier,$ip_list); |
fclose($fichier); |
exec ("sudo /usr/local/sbin/alcasar-bl.sh -reload"); |
} |
$pointeur = fopen("/usr/local/bin/alcasar-iptables.sh", "r"); |
$result = False ; |
if ($pointeur) |
{ |
while (!feof($pointeur)) |
{ |
$ligne = fgets($pointeur); |
if (preg_match('/^FILTERING="yes"/', $ligne, $r)) |
{ |
$result = True ; |
break; |
} |
} |
} |
fclose($pointeur); |
if ($result) |
{ |
$fichier=fopen("/usr/local/etc/alcasar-filter-exceptions", "w+"); |
fputs($fichier, $ip_list); |
fclose($fichier); |
exec ("sudo /usr/local/sbin/alcasar-nf.sh -on"); |
} |
break; |
} |
} |
?> |
<TABLE width="100%" border="0" cellspacing="0" cellpadding="0"> |
<tr><th><?php echo $l_exception_IP ;?></th></tr> |
<tr bgcolor="#FFCC66"><td><img src="/images/pix.gif" width="1" height="2"></td></tr> |
</TABLE> |
<TABLE width="100%" border=1 cellspacing=0 cellpadding=1> |
<tr><td valign="middle" align="left"> |
<TABLE width=70% border=0> |
<?php |
echo "<form action='$_SERVER[PHP_SELF]' method='POST'>"; |
echo " $l_exception_txt"; |
echo "<BR><textarea name='exception_list' rows=5 cols=40>"; |
$filename="/usr/local/etc/alcasar-filter-exceptions"; |
if (file_exists($filename)) |
{ |
if (filesize($filename) != 0) |
{ |
$pointeur=fopen($filename,"r"); |
$tampon = fread($pointeur, filesize($filename)); |
fclose($pointeur); |
echo $tampon; |
} |
} |
else |
{ |
echo "erreur d'ouverture du fichier $filename"; |
} |
echo "</textarea><BR>"; |
?> |
<input type='hidden' name='choix' value='IP_exceptions'> |
<input type='submit' value='Enregistrer les modifications'></CENTER> |
</FORM> |
</td></tr> |
</TABLE> |
</BODY> |
</HTML> |
/gestion/admin/net_filter.php |
---|
0,0 → 1,131 |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> |
<HTML><!-- written by Rexy --> |
<HEAD> |
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"> |
<TITLE>Network Filter</TITLE> |
<link rel="stylesheet" href="/css/style.css" type="text/css"> |
</HEAD> |
<body> |
<TABLE width="100%" border=0 cellspacing=0 cellpadding=0> |
<? |
$services_list="/usr/local/etc/alcasar-services"; |
# Choice of language |
$Language = 'en'; |
if(isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])){ |
$Langue = explode(",",$_SERVER['HTTP_ACCEPT_LANGUAGE']); |
$Language = strtolower(substr(chop($Langue[0]),0,2)); } |
if($Language == 'fr'){ |
$l_title = "Filtrage réseau"; |
$l_netfilter_on="Le filtrage réseau est actuellement activé"; |
$l_netfilter_off="Le filtrage réseau est actuellement désactivé"; |
$l_switch_on="Activer le filtrage réseau"; |
$l_switch_off="Désactiver le filtrage réseau"; |
$l_comment_on="(choisissez les protocoles que vous voulez autoriser)"; |
$l_comment_off="(les usagers authentifiés peuvent exploiter tous les protocoles réseau)"; |
$l_protocols="Protocoles autorisés"; |
$l_error_open_file="Erreur d'ouverture du fichier"; |
$l_proto_port="Protocole / port"; |
$l_enabled="Autorisé"; |
$l_save_modif="Enregistrer les modifications"; |
} |
else { |
$l_title = "Network Filter"; |
$l_netfilter_on="Actually, the network filter is enable"; |
$l_netfilter_off="Actually, the network filter is disable"; |
$l_switch_on="Switch the Network Filter on"; |
$l_switch_off="Switch the Network Filter off"; |
$l_comment_on="(choose the authorized network protocols)"; |
$l_comment_off="(all the network protocols are allowed for authenticated users)"; |
$l_protocols="Authorize protocols"; |
$l_error_open_file="Error opening the file"; |
$l_proto_port="Protocol / port"; |
$l_enabled="Enable"; |
$l_save_modif="Save modifications"; |
} |
echo " |
<tr><th>$l_title</th></tr> |
<tr bgcolor=\"#FFCC66\"><td><img src=\"/images/pix.gif\" width=1 height=2></td></tr> |
</TABLE>"; |
if (isset($_POST['choix'])){$choix=$_POST['choix'];} else {$choix="";} |
switch ($choix) |
{ |
case 'NF_On' : |
exec ("sudo /usr/local/sbin/alcasar-nf.sh -on"); |
break; |
case 'NF_Off' : |
exec ("sudo /usr/local/sbin/alcasar-nf.sh -off"); |
break; |
case 'change' : |
$tab=file($services_list); |
if ($tab) |
{ |
//on active|désactive les protocoles |
$pointeur=fopen($services_list,"w+"); |
foreach ($tab as $ligne) |
{ |
$proto_f=explode(" ", $ligne); |
$name_svc1=trim($proto_f[0],"#"); |
$actif = False; |
foreach ($_POST as $key => $value) |
{ |
if (strstr($key,'chk-')) |
{ |
$name_svc2 = str_replace('chk-','',$key); |
if ($name_svc1 == $name_svc2) |
{ |
$actif = True; |
break; |
} |
} |
} |
if (! $actif) |
{ |
$line="#$name_svc1 $proto_f[1]"; |
} |
else { $line="$name_svc1 $proto_f[1]";} |
fputs($pointeur,$line); |
} |
fclose($pointeur); |
} |
else {echo "$l_error_open_file $services_list";} |
exec ("sudo /usr/local/sbin/alcasar-nf.sh -on"); |
break; |
} |
echo "<TABLE width=\"100%\" border=1 cellspacing=0 cellpadding=1>"; |
echo "<tr><td valign=\"middle\" align=\"left\">"; |
$pointeur = fopen("/usr/local/bin/alcasar-iptables.sh", "r"); |
$result = False ; |
if ($pointeur) |
{ |
while (!feof($pointeur)) |
{ |
$ligne = fgets($pointeur); |
if (preg_match('/^FILTERING="yes"/', $ligne, $r)) |
{ |
$result = True ; |
break; |
} |
} |
} |
fclose($pointeur); |
if ($result) |
{ |
echo "<CENTER><H3>$l_netfilter_on</H3>$l_comment_on</CENTER>"; |
echo "<FORM action='$_SERVER[PHP_SELF]' method=POST>"; |
echo "<input type=hidden name='choix' value=\"NF_Off\">"; |
echo "<input type=submit value=\"$l_switch_off\">"; |
} |
else |
{ |
echo "<CENTER><H3>$l_netfilter_off</H3>$l_comment_off</CENTER>"; |
echo "<FORM action='$_SERVER[PHP_SELF]' method=POST>"; |
echo "<input type=hidden name='choix' value=\"NF_On\">"; |
echo "<input type=submit value=\"$l_switch_on\">"; |
} |
echo "</FORM>"; |
echo "</td></tr>"; |
echo "</TABLE>"; |
if ($result) require ('net_filter2.php'); |
?> |
</BODY> |
</HTML> |
/gestion/admin/net_filter2.php |
---|
0,0 → 1,42 |
<TABLE width="100%" border=0 cellspacing=0 cellpadding=0> |
<tr><th><?echo "$l_protocols";?></th></tr> |
<tr bgcolor="#FFCC66"><td><img src="/images/pix.gif" width="1" height="2"></td></tr> |
</table> |
<table width="100%" border=1 cellspacing=0 cellpadding=1> |
<tr><td valign="middle" align="left"> |
<form action='net_filter.php' method='POST'> |
<table cellspacing=2 cellpadding=3 border=1> |
<? |
echo "<tr><th>$l_proto_port<th>$l_enabled</tr>"; |
// On ouvre le fichier de filtrage de protocoles |
$pointeur=fopen($services_list,"r"); |
if ($pointeur) |
{ |
while (!feof ($pointeur)) |
{ |
$ligne=fgets($pointeur, 4096); |
if ($ligne) |
{ |
$proto=explode(" ", $ligne); |
$name_svc=trim($proto[0],"#"); |
echo "<tr><td>$name_svc / $proto[1]"; |
echo "<td><input type='checkbox' name='chk-$name_svc'"; |
// si la ligne est commentée -> protocole non autorisé |
if (preg_match('/^#/',$ligne, $r)) { |
echo ">";} |
else { |
echo "checked>";} |
} |
} |
} |
else { |
echo "$l_error_open_file $services_list"; |
} |
fclose($pointeur); |
?> |
</td></tr></table> |
<input type='hidden' name='choix' value='change'> |
<input type='submit' value='<?echo"$l_save_modif";?>'> |
</form> |
</td></tr> |
</table> |
/gestion/admin/web_filter.php |
---|
0,0 → 1,117 |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> |
<HTML><!-- written by Rexy --> |
<HEAD> |
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"> |
<TITLE>ALCASAR WEB filtering</TITLE> |
<link rel="stylesheet" href="/css/style.css" type="text/css"> |
</HEAD> |
<body> |
<TABLE width="100%" border=0 cellspacing=0 cellpadding=0> |
<? |
# Choice of language |
$Language = 'en'; |
if(isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])){ |
$Langue = explode(",",$_SERVER['HTTP_ACCEPT_LANGUAGE']); |
$Language = strtolower(substr(chop($Langue[0]),0,2)); } |
if($Language == 'fr'){ |
$l_title = "Filtrage WEB"; |
$l_webfilter_on="Le filtrage WEB est actuellement activé"; |
$l_webfilter_off="Le filtrage WEB est actuellement désactivé"; |
$l_switch_on="Activer le filtrage WEB"; |
$l_switch_off="Désactiver le filtrage WEB"; |
$l_comment_on="(la consultation WEB est filtrée selon les critères définis ci-dessous)"; |
$l_comment_off="(la consultation WEB est autorisée sans restriction)"; |
$l_main_bl="Liste noire principale (version actuelle : "; |
$l_download="Télécharger la dernière version"; |
$l_warning="<B>Attention</B> : ce téléchargement dure plusieurs minutes."; |
$l_secondary_bl="Liste noire et liste blanche secondaires"; |
} |
else { |
$l_title = "WEB Filter"; |
$l_webfilter_on="Actually, the WEB filter is on"; |
$l_webfilter_off="Actually, the WEB filter is off"; |
$l_switch_on="Switch the WebFilter on"; |
$l_switch_off="Switch the WebFilter off"; |
$l_comment_on="(The WEB consultation is filtered as defined below)"; |
$l_comment_off="(The WEB consultation is allowed without any restriction)"; |
$l_main_bl="Main blacklist (current version : "; |
$l_download="Download the last version"; |
$l_warning="<B>Be carefull</B> : this download is estimate to fiew minutes."; |
$l_secondary_bl="Secondary blacklist and whitelist"; |
} |
echo " |
<tr><th>$l_title</th></tr> |
<tr bgcolor=\"#FFCC66\"><td><img src=\"/images/pix.gif\" width=1 height=2></td></tr> |
</TABLE>"; |
if (isset($_POST['choix'])){ $choix=$_POST['choix']; } else { $choix=""; } |
switch ($choix) |
{ |
case 'BL_On' : |
exec ("sudo /usr/local/sbin/alcasar-bl.sh -on"); |
break; |
case 'BL_Off' : |
exec ("sudo /usr/local/sbin/alcasar-bl.sh -off"); |
break; |
case 'MAJ_bl' : |
exec ("sudo /usr/local/sbin/alcasar-bl.sh -download"); |
break; |
case 'MAJ_OSSI' : |
$fichier=fopen("/etc/dansguardian/lists/blacklists/ossi/domains","w+"); |
fputs($fichier, $_POST['OSSI_bl_domains']); |
fclose($fichier); |
unset($_POST['OSSI_bl_domains']); |
$fichier=fopen("/etc/dansguardian/lists/exceptionsitelist","w+"); |
fputs($fichier, $_POST['OSSI_wl_domains']); |
fclose($fichier); |
unset($_POST['OSSI_wl_domains']); |
$fichier=fopen("/etc/dansguardian/lists/blacklists/ossi/urls","w+"); |
fputs($fichier, $_POST['OSSI_bl_urls']); |
fclose($fichier); |
unset($_POST['OSSI_bl_urls']); |
$fichier=fopen("/etc/dansguardian/lists/exceptionurllist","w+"); |
fputs($fichier, $_POST['OSSI_wl_urls']); |
fclose($fichier); |
unset($_POST['OSSI_wl_urls']); |
exec ("sudo /usr/local/sbin/alcasar-bl.sh -reload"); |
break; |
} |
?> |
<TABLE width="100%" border=1 cellspacing=0 cellpadding=1> |
<tr><td valign="middle" align="left"> |
<?php |
$pointeur = fopen("/etc/dansguardian/dansguardian.conf", "r"); |
$result = false; |
if ($pointeur) |
{ |
while (!feof($pointeur)) |
{ |
$ligne = fgets($pointeur); |
if (preg_match("/^reportinglevel = 3/", $ligne, $r)) |
{ |
$result = true; |
break; |
} |
} |
} |
fclose($pointeur); |
if ($result) |
{ |
echo "<CENTER><H3>$l_webfilter_on</H3>$l_comment_on</CENTER>"; |
echo "<FORM action='$_SERVER[PHP_SELF]' method=POST>"; |
echo "<input type=hidden name='choix' value=\"BL_Off\">"; |
echo "<input type=submit value=\"$l_switch_off\">"; |
} |
else |
{ |
echo "<CENTER><H3>$l_webfilter_off</H3>$l_comment_off</CENTER>"; |
echo "<FORM action='$_SERVER[PHP_SELF]' method=POST>"; |
echo "<input type=hidden name='choix' value=\"BL_On\">"; |
echo "<input type=submit value=\"$l_switch_on\">"; |
} |
echo "</FORM>"; |
echo "</td></tr>"; |
echo "</TABLE>"; |
if ($result) require ('web_filter2.php'); |
?> |
</BODY> |
</HTML> |
/gestion/admin/services.php |
---|
0,0 → 1,190 |
<?php |
//------------------------------- |
// Fonctions |
//------------------------------- |
// Fonction de test de connectivité internet |
function internetTest(){ |
$host = "www.google.fr"; |
$port = "80"; |
//var $num; //non utilisé |
//var $error; //non utilisé |
if (! $sock = @fsockopen($host, $port, $num, $error, 5)) { |
return false; |
} else { |
fclose($sock); |
return true; |
} |
} |
// Fonction de test du filtrage |
function filtrageTest($file, $search_regex){ |
$pointeur = fopen($file,"r"); |
$result = false; |
if ($pointeur) |
{ |
while (!feof($pointeur)) |
{ |
$ligne = fgets($pointeur); |
if (preg_match($search_regex, $ligne, $r)) |
{ |
$result = true; |
break; |
} |
} |
} |
fclose($pointeur); |
return $result; |
} |
//fonction pour faire une action (start,stop,restart) sur un service |
function serviceExec($service, $action){ |
if (($action == "start")||($action == "stop")||($action == "restart")){ |
exec("sudo /sbin/service $service $action",$retval, $retstatus); |
return $retstatus; |
} else { |
return false; |
} |
} |
//fonction définissant le status d'un service |
//(en fonction de la présence d'un mot clé dans la valeur de status) |
function checkServiceStatus($service, $strMatch){ |
$response = false; |
exec("sudo /sbin/service $service status",$retval); |
foreach( $retval as $val ) { |
if (strpos($val,$strMatch)){ |
$response = true; |
break; |
} |
} |
return $response; |
} |
//------------------------------- |
// Les actions sur un service |
//------------------------------- |
//sécurité sur les actions à réaliser |
$autorizeService = array("radiusd","chilli","dansguardian","mysqld","squid","named","sshd"); |
$autorizeAction = array("start","stop","restart"); |
if (isset($_GET['service'])&&(in_array($_GET['service'], $autorizeService))) { |
if (isset($_GET['action'])&&(in_array($_GET['action'], $autorizeAction))) { |
$execStatus = serviceExec($_GET['service'], $_GET['action']); |
// execStatus non exploité |
} |
} |
//------------------------------- |
//recherche du status des services |
//------------------------------- |
$serviceStatus = array(); |
$serviceStatus['radiusd'] = checkServiceStatus("radiusd","pid"); |
$serviceStatus['chilli'] = checkServiceStatus("chilli","pid"); |
$serviceStatus['dansguardian'] = checkServiceStatus("dansguardian","pid"); |
$serviceStatus['mysqld'] = checkServiceStatus("mysqld","OK"); |
$serviceStatus['squid'] = checkServiceStatus("squid","pid"); |
$serviceStatus['named'] = checkServiceStatus("named","up"); |
$serviceStatus['sshd'] = checkServiceStatus("sshd","pid"); |
?> |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> |
<html> |
<!-- written by steweb57 --> |
<head> |
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"> |
<title>Services</title> |
<link rel="stylesheet" href="/css/style.css" type="text/css"> |
</head> |
<body> |
<?php |
# choice of language |
$Language = "en"; |
if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])){ |
$Langue = explode(",",$_SERVER['HTTP_ACCEPT_LANGUAGE']); |
$Language = strtolower(substr(chop($Langue[0]),0,2));} |
if ($Language == 'fr'){ |
$l_service = "Services"; |
$l_service_internet = "Lien Internet"; |
$l_netfilter="Filtrage réseau"; |
$l_webfilter="Filtrage WEB"; |
$l_enable = "actif"; |
$l_disable = "inactif"; |
$l_service_title = "Nom du services"; |
$l_service_start = "Démarrer"; |
$l_service_stop = "Arrêter"; |
$l_service_restart = "Redémarrer"; |
$l_service_status = "Status"; |
$l_service_action = "Actions"; |
$l_service_status_img_ok = "Démarré"; |
$l_service_status_img_ko = "Arrêté"; |
} |
else { |
$l_service = "Services"; |
$l_service_internet = "Internet connexion"; |
$l_netfilter = "Network filter"; |
$l_webfilter="WEB filter"; |
$l_enable = "enable"; |
$l_disable = "disable"; |
$l_service_title = "Name of service"; |
$l_service_start = "Start"; |
$l_service_stop = "Stop"; |
$l_service_restart = "Restart"; |
$l_service_status = "Status"; |
$l_service_action = "Actions"; |
$l_service_status_img_ok = "Started"; |
$l_service_status_img_ko = "Stopped"; |
} |
?> |
<table width="100%" border="0" cellspacing="0" cellpadding="0"> |
<tr><th><?php echo $l_service;?></th></tr> |
<tr bgcolor="#FFCC66"><td><img src="/images/pix.gif" width="1" height="2"></td> </tr> |
</table> |
<TABLE width="100%" border=1 cellspacing=0 cellpadding=1> |
<tr><td valign="middle" align="left"> |
<?php |
if (InternetTest()){ |
echo "<h1><img src='/images/state_ok.gif'> $l_service_internet : <font color='green'>$l_enable</font></h1>"; |
} else { |
echo "<h1><img src='/images/state_error.gif'> $l_service_internet : <font color='red'>$l_disable</font></h1>"; |
} |
if (filtrageTest("/usr/local/bin/alcasar-iptables.sh", "/^FILTERING=\"yes\"/")){ |
echo "<h1><img src='/images/state_ok.gif'> $l_netfilter : <font color='green'>$l_enable</font></h1>"; |
} else { |
echo "<h1><img src='/images/state_error.gif'> $l_netfilter : <font color='red'>$l_disable</font></h1>"; |
} |
if (filtrageTest("/etc/dansguardian/dansguardian.conf","/^reportinglevel = 3/")){ |
echo "<h1><img src='/images/state_ok.gif'> $l_webfilter : <font color='green'>$l_enable</font></h1>"; |
} else { |
echo "<h1><img src='/images/state_error.gif'> $l_webfilter : <font color='red'>$l_disable</font></h1>"; |
} |
?> |
</td></tr> |
</table> |
<table width="100%" border=0 cellspacing=0 cellpadding=0> |
<tr><th><?php echo $l_service_status;?></th><th><?php echo $l_service_title;?></th><th colspan="3"><?php echo $l_service_action;?></th></tr> |
<tr bgcolor="#FFCC66"><td><img src="/images/pix.gif" width="1" height="2"></td><td><img src="/images/pix.gif" width="1" height="2"></td><td><img src="/images/pix.gif" width="1" height="2"></td></tr> |
</table> |
<TABLE width="100%" border=1 cellspacing=0 cellpadding=0> |
<TR align="center"> |
<?php foreach( $serviceStatus as $serviceName => $statusOK ) { ?> |
<tr> |
<?php if ($statusOK) { ?> |
<td><img src="/images/state_ok.gif" width="15" height="15" alt="<?php echo $l_service_status_img_ok; ?>"></td> |
<td><?php echo $serviceName ;?></td> |
<td width="30" align="center">---</td> |
<td width="30" align="center"><a href="services.php?action=stop&service=<?php echo $serviceName;?>"><?php echo $l_service_stop;?></a></td> |
<td width="30" align="center"><a href="services.php?action=restart&service=<?php echo $serviceName;?>"><?php echo $l_service_restart;?></a></td> |
<?php } else { ?> |
<td><img src="/images/state_error.gif" width="15" height="15" alt="<?php echo $l_service_status_img_ko ?>"></td> |
<td><?php echo $serviceName ;?></td> |
<td width="30" align="center"><a href="services.php?action=start&service=<?php echo $serviceName;?>"><?php echo $l_service_start;?></a></td> |
<td width="30" align="center">---</td> |
<td width="30" align="center">---</td> |
<?php } ?> |
</tr> |
<?php } ?> |
</td></tr></table> |
</table> |
</body> |
</html> |
/gestion/admin/activity.php |
---|
0,0 → 1,115 |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> |
<HTML><!-- written by Rexy --> |
<head> |
<META HTTP-EQUIV="Refresh" CONTENT="30"> |
<meta http-equiv="Content-Type" content="text/html; charset=$config[general_charset]"> |
<title>État du réseau</title> |
<link rel="stylesheet" href="/css/style.css"> |
</head> |
<body> |
<TABLE width="100%" border="0" cellspacing="0" cellpadding="0"> |
<? |
# Choice of language |
$Language = 'en'; |
if(isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])){ |
$Langue = explode(",",$_SERVER['HTTP_ACCEPT_LANGUAGE']); |
$Language = strtolower(substr(chop($Langue[0]),0,2)); } |
if($Language == 'fr'){ |
$l_activity = "Activité sur le réseau de consultation"; |
$l_ip_adr = "Adresse IP"; |
$l_mac_adr = "Adresse MAC"; |
$l_user = "Usager"; |
$l_mac_allowed = "@MAC autorisée"; |
$l_action = "Action"; |
$l_dissociate = "Dissocier"; |
$l_disconnect = "Déconnecter"; |
$l_refresh = "Cette page est rafraichie toutes les 30 secondes"; |
} |
else { |
$l_activity = "Activity on the consultation LAN"; |
$l_ip_adr = "IP Adress"; |
$l_mac_adr = "MAC Adress"; |
$l_user = "User"; |
$l_mac_allowed = "@MAC allowed"; |
$l_action = "Action"; |
$l_dissociate = "Dissociate"; |
$l_disconnect = "Disconnect"; |
$l_refresh = "This frame is refreshed every 30'"; |
} |
echo " |
<tr><th>$l_activity</th></tr> |
<tr bgcolor=\"#FFCC66\"><td><img src=\"/images/pix.gif\" width=\"1\" |
height=\"2\"></td></tr> |
</TABLE>"; |
if (isset($_POST['action'])){ |
switch ($_POST['action']){ |
case 'user_unconnect' : |
exec ("sudo /usr/local/sbin/alcasar-logout.sh $_POST[user]"); |
unset ($_POST['user']); |
unset ($_POST['choix']); |
break; |
case 'mac_unconnect' : |
exec ("sudo /usr/sbin/chilli_query logout $_POST[mac_addr]"); |
unset ($_POST['mac_addr']); |
unset ($_POST['choix']); |
break; |
} |
} |
?> |
<TABLE width="100%" border=1 cellspacing=0 cellpadding=1> |
<tr><td valign="middle" align="left"> |
<center> |
<? echo "$l_refresh";?> |
<table border=1 width="80%" bordercolordark="#ffffe0" bordercolorlight="#000000" width="100%" cellpadding=2 cellspacing=0 bgcolor="#ffffe0" valign=top> |
<tr bgcolor="#d0ddb0"> |
<? echo " |
<th>#</th> |
<th>$l_ip_adr</th> |
<th>$l_mac_adr</th> |
<th>$l_user</th> |
<th>$l_action</th> |
</tr>"; |
$output = array(); $nb_ligne = 0; |
exec ('sudo /usr/sbin/chilli_query list|sort -k5 -r', $output); |
while (list(,$ligne) = each($output)){ |
$detail = explode (" ", $ligne); |
$nb_ligne ++; |
echo "<FORM action='activity.php' method=POST>"; |
echo "<TR>"; |
echo "<TD>"; echo $nb_ligne; echo "</TD>"; |
echo "<TD>"; echo $detail[1]; echo "</TD>"; |
echo "<TD>"; echo $detail[0]; echo "</TD>"; |
echo "<TD>"; |
# station authorisée |
if ($detail[4] == "1"){ |
# par @MAC |
if ($detail[5] == "-"){ |
echo "$l_mac_allowed</TD><TD> ";} |
# par usager authentifié |
else { |
echo "<a href=\"/manager/htdocs/user_admin.php?login=$detail[5]\" title=\"Editer l'utilisateur $detail[5]\">$detail[5]</a>"; |
echo "</TD>"; |
echo "<TD>"; |
echo "<INPUT type='hidden' name='action' value='mac_unconnect'>"; |
echo "<INPUT type='hidden' name='user' value='$detail[5]'>"; |
echo "<INPUT type='hidden' name='mac_addr' value='$detail[0]'>"; |
echo "<INPUT type=submit value='$l_disconnect'>"; |
} |
} |
# station sans usager connecté |
else { |
echo " "; |
echo "</TD>"; |
echo "<TD>"; |
echo "<INPUT type='hidden' name='action' value='mac_unconnect'>"; |
echo "<INPUT type='hidden' name='mac_addr' value='$detail[0]'>"; |
echo "<INPUT type='submit' value='$l_dissociate'>"; |
} |
echo "</TD></TR></FORM>"; |
} |
?> |
</td></tr> |
</table> |
</td></tr> |
</table> |
</html> |
/gestion/admin/logo.php |
---|
0,0 → 1,66 |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> |
<HTML><!-- Written by Rexy --> |
<HEAD> |
<TITLE>Modif logo organisme</TITLE> |
<link rel="stylesheet" href="/css/style.css" type="text/css"> |
<SCRIPT language="javascript" type="text/javascript"> |
function rafraichissement(cadre1, val1) |
{ |
eval(cadre1+".location='"+val1+"'"); |
} |
</SCRIPT> |
</HEAD> |
<body> |
<?php |
if(isset($_FILES['logo'])) |
{ |
unset($result); |
$taille_max = 100000; |
$destination = '/var/www/html/images/organisme.png'; |
$extension = strstr($_FILES['logo']['name'], '.'); |
if ($extension != '.png') |
{ |
$result = 'Veuillez sélectionner un fichier de type png !'; |
} |
elseif (file_exists($_FILES['logo']['tmp_name']) and filesize($_FILES['logo']['tmp_name']) > $taille_max) |
{ |
$result = 'La taille du fichier doit être inférieur à 100Ko !'; |
} |
if (!isset($result)) |
{ |
move_uploaded_file($_FILES['logo']['tmp_name'], $destination); |
} |
} |
?> |
<TABLE width="100%" border="0" cellspacing="0" cellpadding="0"> |
<tr><th>Personnalisation du logo d'organisme</th></tr> |
<tr bgcolor="#FFCC66"><td><img src="/images/pix.gif" width="1" |
height="2"></td></tr> |
</TABLE> |
<TABLE width="100%" border=0 cellspacing=0 cellpadding=1> |
<tr bgcolor="#666666"><td> |
<TABLE width="100%" border=0 cellspacing=0 cellpadding=2> |
<tr><td valign="middle" align="left"> |
<CENTER><H3>Logo actuel : <img src="/images/organisme.png" width="90"><BR> |
Vous pouvez sélectionnez un nouveau logo :</H3></CENTER> |
<FORM action="logo.php" method=POST ENCTYPE="multipart/form-data"> |
<input type="file" name="logo"> |
<input type="hidden" name="MAX_FILE_SIZE" value="100000"> |
<input type="submit" value="Envoyer"> |
</FORM> |
<?php |
if (isset($result)) |
{ |
echo '<H3>'; echo $result; echo '</H3><BR>'; |
} |
?> |
<CENTER>Attention</CENTER> |
- le logo que vous choisissez doit être un fichier au format libre 'PNG'.<BR> |
- la taille de ce fichier doit être inférieure à 100Ko<BR> |
- rafraîchissez les pages du navigateur pour voir le résultat<BR> |
</TD></TR> |
</TABLE> |
</td></tr> |
</TABLE> |
</BODY> |
</HTML> |
/gestion/admin/update_ldap.php |
---|
0,0 → 1,240 |
<?php |
/* written by steweb57 */ |
/******************************************************************** |
* CONSTANTES AVEC CHEMINS DES FICHIERS DE CONFIGURATION * |
*********************************************************************/ |
define ("ALCASAR_RADIUS_SITE", "/etc/raddb/sites-available/alcasar"); |
define ("ALCASAR_RADIUS_MODULE_LDAP", "/etc/raddb/modules/ldap"); |
/******************************************************************** |
* FONCTION ERREUR * |
*********************************************************************/ |
function erreur($er){ |
header('Location:ldap.php?erreur=$er'); |
exit(); |
} |
/******************************************************************** |
* VARIABLES DE FORMULAIRE * |
*********************************************************************/ |
//variables pour le parcourt des fichiers |
// - $ouvre : fichier ouvert |
// - $tampon : ligne en cours |
//autres variables utilisées |
// - $fichier : fichier temporaire utilisé pour la mise à jours des fichiers de configuration |
// - les variables contennant les données de formulaire |
//Récupération des variables de formulaire |
if (isset($_POST['auth_enable'])) $auth_enable = $_POST['auth_enable']; else erreur('Erreur de variable auth_enable'); |
if ($auth_enable == "1"){ //test $auth_enable |
if (isset($_POST['ldap_server'])) $ldap_server = $_POST['ldap_server']; else erreur('Erreur de variable ldap_server'); |
if (isset($_POST['ldap_base_dn'])) $ldap_base_dn = $_POST['ldap_base_dn']; else erreur('Erreur de variable ldap_base_dn'); |
if (isset($_POST['ldap_filter'])) $ldap_filter = $_POST['ldap_filter']; else erreur('Erreur de variable ldap_filter'); |
if (isset($_POST['ldap_base_filter'])) $ldap_base_filter = $_POST['ldap_base_filter']; else erreur('Erreur de variable ldap_base_filter'); |
if (isset($_POST['ldap_user'])) $ldap_user = $_POST['ldap_user']; else erreur('Erreur de variable ldap_user'); |
if (isset($_POST['ldap_password'])) $ldap_password = $_POST['ldap_password']; else erreur('Erreur de variable ldap_password'); |
} //test $auth_enable |
/******************************************************************** |
* TEST DES FICHIERS DE CONFIGURATION * |
*********************************************************************/ |
//Test de présence et des droits en modification des fichiers de configuration. |
if (!file_exists(ALCASAR_RADIUS_SITE)){ |
exit("Fichier de configuration du virtual-host 'alcasar' de freeradius non présent"); |
} |
if (!file_exists(ALCASAR_RADIUS_MODULE_LDAP)){ |
exit("Fichier de configuration du module ldap pour freeradius non présent"); |
} |
if (!is_writable(ALCASAR_RADIUS_SITE)){ |
exit("Vous n'avez pas les droits d'écriture sur le fichier /etc/raddb/sites-available/alcasar"); |
} |
if (!is_writable(ALCASAR_RADIUS_MODULE_LDAP)){ |
exit("Vous n'avez pas les droits d'écriture sur le fichier /etc/raddb/modules/ldap"); |
} |
/******************************************************************** |
* VARIABLES TEMPORAIRES * |
*********************************************************************/ |
//création des nouveaux fichiers de configuration |
//Initialisation de $fichier |
$fichier = ""; |
//variables de test pour la section autorize |
$section_autorize = false; // indique si on est dans la section autorize |
$num_section_autorize = 0; // indique si on se situe dans une sous section (pouvant avoir un parametre ldap ???) |
$nb_ldap = 0; // indique si le paramtre ldap n'est pas saisie deux fois (y compris les commentaires) |
//variables de test pour la section authenticate |
$section_authenticate = false; // indique si on est dans la section authenticate |
$section_authenticate_section_ldap = false; // indique si on se situe dans la sous section Auth-Type LDAP |
$section_authenticate_section_ldap_1 = false; // indique si Auth-Type LDAP déjà configuré |
$section_authenticate_section_ldap_2 = false; // indique si parametre ldap de Auth-Type LDAP déjà configuré |
$section_authenticate_section_ldap_3 = false; // indique si la fin de Auth-Type LDAP déjà configuré |
$num_section_authenticate = 0; |
/******************************************************************** |
* Fichier ALCASAR_RADIUS_SITE * |
*********************************************************************/ |
//Lecture du fichier /etc/raddb/sites-available/alcasar et création d'une nouvelle version du fichier. |
$continue = true; |
$ouvre=fopen(ALCASAR_RADIUS_SITE,"r"); |
while (!feof ($ouvre)) |
{ |
$tampon = fgets($ouvre, 4096); |
if ((!$section_autorize) && (preg_match('`^([\s]*authorize[\s]*{[\s]*)$`',$tampon))){ //test si on est dans la section authorize |
$section_autorize = true; |
} |
if ((!$section_authenticate) && (preg_match('`^([\s]*authenticate[\s]*{[\s]*)$`',$tampon))){ //on est dans la section authenticate |
$section_authenticate = true; |
} |
/******************************************************************** |
* SECTION AUTHORIZE * |
*********************************************************************/ |
if ($section_autorize){ //on est dans la section authorize |
if ((preg_match('`^([\s[:alnum:]-_]*{[\s]*)$`',$tampon)) && (!preg_match('`^([\s]*authorize[\s]*{[\s]*)$`',$tampon))){ //on trouve des sous sections non commentées |
$num_section_autorize = $num_section_autorize + 1; |
$fichier = $fichier.$tampon; |
} elseif ((preg_match('`^([\s#]*ldap[\s]*)$`',$tampon))&&($num_section_autorize == 0)){ // conf du parametre ldap uniquement si l'on n'est pas dans une sous section! |
//Récupération dans la section authorise de la ligne ldap |
//valeur : ldap = authentification ldap authorisée |
//valeur : #ldap = authentification ldap non authorisée |
if (($auth_enable == "1") && ($nb_ldap ==0)){ |
$fichier = $fichier."ldap\n"; |
}else{ |
$fichier = $fichier."# ldap\n"; |
} |
$nb_ldap = $nb_ldap + 1;//calcule si le parametre ldap n'est pas présent plusieurs fois. |
} elseif (preg_match('`^([\s]*}[\s]*)$`',$tampon)){ //une section se termine |
if ($num_section_autorize == 0){ // fin de la section authorize |
$section_autorize = false; |
} else { // on referme une sous section |
$num_section_autorize = $num_section_autorize - 1; |
} |
$fichier = $fichier.$tampon; |
} else { |
$fichier = $fichier.$tampon; |
} |
//fin de section authorize |
} elseif (($section_authenticate)){ //on est dans la section authenticate |
/******************************************************************** |
* SECTION AUTHENTICATE * |
*********************************************************************/ |
// pas de test de sous-section! |
//on recherhe la section ldap |
## Auth-Type LDAP { |
# ldap |
## } |
if (preg_match('`^([\s#]*Auth-Type[\s]*LDAP[\s]{[\s]*)$`',$tampon)) { // test si on est dans la sous section Auth-Type LDAP (commentée ou non !) |
$section_authenticate_section_ldap = true; |
if (($auth_enable == "1") && (!$section_authenticate_section_ldap_1)){ |
$fichier = $fichier."Auth-Type LDAP { \n"; |
} else { |
$fichier = $fichier."# Auth-Type LDAP { \n"; |
} |
$section_authenticate_section_ldap_1 = true; // Auth-Type LDAP { est traité, les prochaines occurences trouvées seront tous mis en commentaire |
} else { |
if ($section_authenticate_section_ldap){ // on est dans la section Auth-Type LDAP |
if (preg_match('`^([\s#]*ldap[\s]*)$`',$tampon)){ //parametre ldap |
if (($auth_enable == "1") && (!$section_authenticate_section_ldap_2)){ |
$fichier = $fichier."ldap\n"; |
} else { |
$fichier = $fichier."# ldap\n"; |
} |
$section_authenticate_section_ldap_2 = true; // le parametre ldap est traité, les prochaines occurences trouvées seront tous mis en commentaire |
} elseif (preg_match('`^([\s#]*}[\s]*)$`',$tampon)){ //fin de section Auth-Type LDAP (le premier #} ou } trouvé dans la section Auth-Type LDAP indique la fin de la section) |
if (($auth_enable == "1") && (!$section_authenticate_section_ldap_3)){ |
$fichier = $fichier."}\n"; |
} else { |
$fichier = $fichier."# }\n"; |
} |
$section_authenticate_section_ldap_3 = true; // } de fin de section Auth-Type LDAP est traité, les prochaines occurences trouvées seront tous mis en commentaire //!inutile |
$section_authenticate_section_ldap = false; //inutile de continuer de parcourir la section Auth-Type LDAP |
$section_authenticate = false; //inutile de continuer de parcourir la section authenticate |
} else { |
$fichier = $fichier.$tampon; // on écrit tous les autres valeurs ou commentaires présents dans la section Auth-Type LDAP du fichier |
} |
} else { |
$fichier = $fichier.$tampon; // on écrit tous les autres valeurs ou commentaires présents dans la section authenticate du fichier |
} |
} |
//fin de section authenticate |
} else { //on est ni dans la section authorize ni dans la section authenticate |
$fichier = $fichier.$tampon; |
} |
} |
fclose($ouvre); |
//Sauvegarde du /etc/raddb/sites-available/alcasar |
$ouvre=fopen(ALCASAR_RADIUS_SITE,"w+"); |
fwrite($ouvre, $fichier); |
fclose($ouvre); |
/******************************************************************** |
* Fichier ALCASAR_RADIUS_MODULE_LDAP * |
*********************************************************************/ |
// TO DO : faire le controle des doublons comme sur le fichiers précédent ! |
//on ne modifie ALCASAR_RADIUS_MODULE_LDAP uniquement si l'authentification ldap est active |
if ($auth_enable == "1"){ //test $auth_enable |
//Ré-Initialisation de $fichier |
$fichier = ""; |
//Lecture du fichier /etc/raddb/modules/ldap et création d'une nouvelle version du fichier. |
$ouvre=fopen(ALCASAR_RADIUS_MODULE_LDAP,"r"); |
while (!feof ($ouvre)) |
{ |
$tampon = fgets($ouvre, 4096); |
if (preg_match('`^([\s#]*server(\s*)=)`',$tampon)){ |
//Mise a jour du paramettre ldap server |
$fichier = $fichier."server = \"".$ldap_server."\"\n"; |
} elseif (preg_match('`^([\s#]*identity(\s*)=)`',$tampon)){ |
//Mise a jour du paramettre ldap identity |
$fichier = $fichier."identity = \"".$ldap_user."\"\n"; |
} elseif (preg_match('`^([\s#]*password(\s*)=)`',$tampon)){ |
//Mise a jour du paramettre ldap password |
$fichier = $fichier."password = ".$ldap_password."\n"; |
} elseif (preg_match('`^([\s#]*basedn(\s*)=)`',$tampon)){ |
//Mise a jour du paramettre ldap basedn |
$fichier = $fichier."basedn = \"".$ldap_base_dn."\"\n"; |
} elseif (preg_match('`^([\s#]*filter(\s*)=)`',$tampon)){ |
//Mise a jour du paramettre ldap filter |
$fichier = $fichier."filter = \"(".$ldap_filter."=%{Stripped-User-Name:-%{User-Name}})\"\n"; |
} elseif (preg_match('`^([\s#]*base_filter(\s*)=)`',$tampon)){ |
//Mise a jour du paramettre ldap base_filter |
$fichier = $fichier."base_filter = \"".$ldap_base_filter."\"\n"; |
} else { |
//On ne fait rien |
$fichier = $fichier.$tampon; |
} |
} |
fclose($ouvre); |
//sauvegarde du fichier /etc/raddb/modules/ldap |
$ouvre=fopen(ALCASAR_RADIUS_MODULE_LDAP,"w+"); |
fwrite($ouvre, $fichier); |
fclose($ouvre); |
} //test $auth_enable |
/******************************************************************** |
* Redémarage du service radius * |
*********************************************************************/ |
exec ("sudo service radiusd restart"); |
/******************************************************************** |
* Redirection vers la page de configuration LDAP * |
*********************************************************************/ |
header('Location:ldap.php?update=ok'); |
exit(); |
?> |
/gestion/admin/firewallEyes/gpl.txt |
---|
0,0 → 1,342 |
GNU GENERAL PUBLIC LICENSE |
Version 2, June 1991 |
Copyright (C) 1989, 1991 Free Software Foundation, Inc. |
59 Temple Place, Suite 330, Boston, MA 02111-1307 USA |
Everyone is permitted to copy and distribute verbatim copies |
of this license document, but changing it is not allowed. |
Preamble |
The licenses for most software are designed to take away your |
freedom to share and change it. By contrast, the GNU General Public |
License is intended to guarantee your freedom to share and change free |
software--to make sure the software is free for all its users. This |
General Public License applies to most of the Free Software |
Foundation's software and to any other program whose authors commit to |
using it. (Some other Free Software Foundation software is covered by |
the GNU Library General Public License instead.) You can apply it to |
your programs, too. |
When we speak of free software, we are referring to freedom, not |
price. Our General Public Licenses are designed to make sure that you |
have the freedom to distribute copies of free software (and charge for |
this service if you wish), that you receive source code or can get it |
if you want it, that you can change the software or use pieces of it |
in new free programs; and that you know you can do these things. |
To protect your rights, we need to make restrictions that forbid |
anyone to deny you these rights or to ask you to surrender the rights. |
These restrictions translate to certain responsibilities for you if you |
distribute copies of the software, or if you modify it. |
For example, if you distribute copies of such a program, whether |
gratis or for a fee, you must give the recipients all the rights that |
you have. You must make sure that they, too, receive or can get the |
source code. And you must show them these terms so they know their |
rights. |
We protect your rights with two steps: (1) copyright the software, and |
(2) offer you this license which gives you legal permission to copy, |
distribute and/or modify the software. |
Also, for each author's protection and ours, we want to make certain |
that everyone understands that there is no warranty for this free |
software. If the software is modified by someone else and passed on, we |
want its recipients to know that what they have is not the original, so |
that any problems introduced by others will not reflect on the original |
authors' reputations. |
Finally, any free program is threatened constantly by software |
patents. We wish to avoid the danger that redistributors of a free |
program will individually obtain patent licenses, in effect making the |
program proprietary. To prevent this, we have made it clear that any |
patent must be licensed for everyone's free use or not licensed at all. |
The precise terms and conditions for copying, distribution and |
modification follow. |
GNU GENERAL PUBLIC LICENSE |
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION |
0. This License applies to any program or other work which contains |
a notice placed by the copyright holder saying it may be distributed |
under the terms of this General Public License. The "Program", below, |
refers to any such program or work, and a "work based on the Program" |
means either the Program or any derivative work under copyright law: |
that is to say, a work containing the Program or a portion of it, |
either verbatim or with modifications and/or translated into another |
language. (Hereinafter, translation is included without limitation in |
the term "modification".) Each licensee is addressed as "you". |
Activities other than copying, distribution and modification are not |
covered by this License; they are outside its scope. The act of |
running the Program is not restricted, and the output from the Program |
is covered only if its contents constitute a work based on the |
Program (independent of having been made by running the Program). |
Whether that is true depends on what the Program does. |
1. You may copy and distribute verbatim copies of the Program's |
source code as you receive it, in any medium, provided that you |
conspicuously and appropriately publish on each copy an appropriate |
copyright notice and disclaimer of warranty; keep intact all the |
notices that refer to this License and to the absence of any warranty; |
and give any other recipients of the Program a copy of this License |
along with the Program. |
You may charge a fee for the physical act of transferring a copy, and |
you may at your option offer warranty protection in exchange for a fee. |
2. You may modify your copy or copies of the Program or any portion |
of it, thus forming a work based on the Program, and copy and |
distribute such modifications or work under the terms of Section 1 |
above, provided that you also meet all of these conditions: |
a) You must cause the modified files to carry prominent notices |
stating that you changed the files and the date of any change. |
b) You must cause any work that you distribute or publish, that in |
whole or in part contains or is derived from the Program or any |
part thereof, to be licensed as a whole at no charge to all third |
parties under the terms of this License. |
c) If the modified program normally reads commands interactively |
when run, you must cause it, when started running for such |
interactive use in the most ordinary way, to print or display an |
announcement including an appropriate copyright notice and a |
notice that there is no warranty (or else, saying that you provide |
a warranty) and that users may redistribute the program under |
these conditions, and telling the user how to view a copy of this |
License. (Exception: if the Program itself is interactive but |
does not normally print such an announcement, your work based on |
the Program is not required to print an announcement.) |
These requirements apply to the modified work as a whole. If |
identifiable sections of that work are not derived from the Program, |
and can be reasonably considered independent and separate works in |
themselves, then this License, and its terms, do not apply to those |
sections when you distribute them as separate works. But when you |
distribute the same sections as part of a whole which is a work based |
on the Program, the distribution of the whole must be on the terms of |
this License, whose permissions for other licensees extend to the |
entire whole, and thus to each and every part regardless of who wrote it. |
Thus, it is not the intent of this section to claim rights or contest |
your rights to work written entirely by you; rather, the intent is to |
exercise the right to control the distribution of derivative or |
collective works based on the Program. |
In addition, mere aggregation of another work not based on the Program |
with the Program (or with a work based on the Program) on a volume of |
a storage or distribution medium does not bring the other work under |
the scope of this License. |
3. You may copy and distribute the Program (or a work based on it, |
under Section 2) in object code or executable form under the terms of |
Sections 1 and 2 above provided that you also do one of the following: |
a) Accompany it with the complete corresponding machine-readable |
source code, which must be distributed under the terms of Sections |
1 and 2 above on a medium customarily used for software interchange; or, |
b) Accompany it with a written offer, valid for at least three |
years, to give any third party, for a charge no more than your |
cost of physically performing source distribution, a complete |
machine-readable copy of the corresponding source code, to be |
distributed under the terms of Sections 1 and 2 above on a medium |
customarily used for software interchange; or, |
c) Accompany it with the information you received as to the offer |
to distribute corresponding source code. (This alternative is |
allowed only for noncommercial distribution and only if you |
received the program in object code or executable form with such |
an offer, in accord with Subsection b above.) |
The source code for a work means the preferred form of the work for |
making modifications to it. For an executable work, complete source |
code means all the source code for all modules it contains, plus any |
associated interface definition files, plus the scripts used to |
control compilation and installation of the executable. However, as a |
special exception, the source code distributed need not include |
anything that is normally distributed (in either source or binary |
form) with the major components (compiler, kernel, and so on) of the |
operating system on which the executable runs, unless that component |
itself accompanies the executable. |
If distribution of executable or object code is made by offering |
access to copy from a designated place, then offering equivalent |
access to copy the source code from the same place counts as |
distribution of the source code, even though third parties are not |
compelled to copy the source along with the object code. |
4. You may not copy, modify, sublicense, or distribute the Program |
except as expressly provided under this License. Any attempt |
otherwise to copy, modify, sublicense or distribute the Program is |
void, and will automatically terminate your rights under this License. |
However, parties who have received copies, or rights, from you under |
this License will not have their licenses terminated so long as such |
parties remain in full compliance. |
5. You are not required to accept this License, since you have not |
signed it. However, nothing else grants you permission to modify or |
distribute the Program or its derivative works. These actions are |
prohibited by law if you do not accept this License. Therefore, by |
modifying or distributing the Program (or any work based on the |
Program), you indicate your acceptance of this License to do so, and |
all its terms and conditions for copying, distributing or modifying |
the Program or works based on it. |
6. Each time you redistribute the Program (or any work based on the |
Program), the recipient automatically receives a license from the |
original licensor to copy, distribute or modify the Program subject to |
these terms and conditions. You may not impose any further |
restrictions on the recipients' exercise of the rights granted herein. |
You are not responsible for enforcing compliance by third parties to |
this License. |
7. If, as a consequence of a court judgment or allegation of patent |
infringement or for any other reason (not limited to patent issues), |
conditions are imposed on you (whether by court order, agreement or |
otherwise) that contradict the conditions of this License, they do not |
excuse you from the conditions of this License. If you cannot |
distribute so as to satisfy simultaneously your obligations under this |
License and any other pertinent obligations, then as a consequence you |
may not distribute the Program at all. For example, if a patent |
license would not permit royalty-free redistribution of the Program by |
all those who receive copies directly or indirectly through you, then |
the only way you could satisfy both it and this License would be to |
refrain entirely from distribution of the Program. |
If any portion of this section is held invalid or unenforceable under |
any particular circumstance, the balance of the section is intended to |
apply and the section as a whole is intended to apply in other |
circumstances. |
It is not the purpose of this section to induce you to infringe any |
patents or other property right claims or to contest validity of any |
such claims; this section has the sole purpose of protecting the |
integrity of the free software distribution system, which is |
implemented by public license practices. Many people have made |
generous contributions to the wide range of software distributed |
through that system in reliance on consistent application of that |
system; it is up to the author/donor to decide if he or she is willing |
to distribute software through any other system and a licensee cannot |
impose that choice. |
This section is intended to make thoroughly clear what is believed to |
be a consequence of the rest of this License. |
8. If the distribution and/or use of the Program is restricted in |
certain countries either by patents or by copyrighted interfaces, the |
original copyright holder who places the Program under this License |
may add an explicit geographical distribution limitation excluding |
those countries, so that distribution is permitted only in or among |
countries not thus excluded. In such case, this License incorporates |
the limitation as if written in the body of this License. |
9. The Free Software Foundation may publish revised and/or new versions |
of the General Public License from time to time. Such new versions will |
be similar in spirit to the present version, but may differ in detail to |
address new problems or concerns. |
Each version is given a distinguishing version number. If the Program |
specifies a version number of this License which applies to it and "any |
later version", you have the option of following the terms and conditions |
either of that version or of any later version published by the Free |
Software Foundation. If the Program does not specify a version number of |
this License, you may choose any version ever published by the Free Software |
Foundation. |
10. If you wish to incorporate parts of the Program into other free |
programs whose distribution conditions are different, write to the author |
to ask for permission. For software which is copyrighted by the Free |
Software Foundation, write to the Free Software Foundation; we sometimes |
make exceptions for this. Our decision will be guided by the two goals |
of preserving the free status of all derivatives of our free software and |
of promoting the sharing and reuse of software generally. |
NO WARRANTY |
11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY |
FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN |
OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES |
PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED |
OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF |
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS |
TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE |
PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, |
REPAIR OR CORRECTION. |
12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING |
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR |
REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, |
INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING |
OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED |
TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY |
YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER |
PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE |
POSSIBILITY OF SUCH DAMAGES. |
END OF TERMS AND CONDITIONS |
How to Apply These Terms to Your New Programs |
If you develop a new program, and you want it to be of the greatest |
possible use to the public, the best way to achieve this is to make it |
free software which everyone can redistribute and change under these terms. |
To do so, attach the following notices to the program. It is safest |
to attach them to the start of each source file to most effectively |
convey the exclusion of warranty; and each file should have at least |
the "copyright" line and a pointer to where the full notice is found. |
<one line to give the program's name and a brief idea of what it does.> |
Copyright (C) <year> <name of author> |
This program is free software; you can redistribute it and/or modify |
it under the terms of the GNU General Public License as published by |
the Free Software Foundation; either version 2 of the License, or |
(at your option) any later version. |
This program is distributed in the hope that it will be useful, |
but WITHOUT ANY WARRANTY; without even the implied warranty of |
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
GNU General Public License for more details. |
You should have received a copy of the GNU General Public License |
along with this program; if not, write to the Free Software |
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA |
Also add information on how to contact you by electronic and paper mail. |
If the program is interactive, make it output a short notice like this |
when it starts in an interactive mode: |
Gnomovision version 69, Copyright (C) year name of author |
Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. |
This is free software, and you are welcome to redistribute it |
under certain conditions; type `show c' for details. |
The hypothetical commands `show w' and `show c' should show the appropriate |
parts of the General Public License. Of course, the commands you use may |
be called something other than `show w' and `show c'; they could even be |
mouse-clicks or menu items--whatever suits your program. |
You should also get your employer (if you work as a programmer) or your |
school, if any, to sign a "copyright disclaimer" for the program, if |
necessary. Here is a sample; alter the names: |
Yoyodyne, Inc., hereby disclaims all copyright interest in the program |
`Gnomovision' (which makes passes at compilers) written by James Hacker. |
<signature of Ty Coon>, 1 April 1989 |
Ty Coon, President of Vice |
This General Public License does not permit incorporating your program into |
proprietary programs. If your program is a subroutine library, you may |
consider it more useful to permit linking proprietary applications with the |
library. If this is what you want to do, use the GNU Library General |
Public License instead of this License. |
Property changes: |
Added: svn:eol-style |
+native |
\ No newline at end of property |
/gestion/admin/firewallEyes/info.php |
---|
0,0 → 1,161 |
<?php |
/* |
* firewall Eyes |
* Copyright (C) 2004 Creabilis |
* |
* This program is free software; you can redistribute it and/or modify |
* it under the terms of the GNU General Public License as published by |
* the Free Software Foundation; either version 2 of the License, or (at |
* your option) any later version. |
* |
* This program is distributed in the hope that it will be useful, but |
* WITHOUT ANY WARRANTY; without even the implied warranty of |
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
* General Public License for more details. |
* |
* You should have received a copy of the GNU General Public License |
* along with this program; if not, write to the Free Software |
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
* |
*/ |
include("configuration.php"); |
include("include.php"); |
// authentification check |
authenticationCheck(); |
// Date in the past |
header("Expires: Mon, 26 Jul 2009 00:00:00 GMT"); |
// always modified |
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); |
// HTTP/1.1 |
header("Cache-Control: no-store, no-cache, must-revalidate"); |
header("Cache-Control: post-check=0, pre-check=0", false); |
// HTTP/1.0 |
header("Pragma: no-cache"); |
set_time_limit (120); |
// GET INPUT |
$type=stripslashes($_GET["type"]); |
$p1=stripslashes($_GET["p1"]); |
$tool=stripslashes($_GET["tool"]); |
$toolsArray=$tools[$type]; |
$maxWidth=0; |
for($i=0; $i<count($logFields); $i++) { |
$maxWidth+=$logFields[$i][2]; |
} |
?> |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> |
<html> |
<head> |
<title>informations</title> |
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> |
<link href="log.css" rel="stylesheet" type="text/css"/> |
</head> |
<body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0" bgcolor="#FFFFFF"> |
<div align="left" style="padding-left:18px"> |
<table border="0" cellpadding="0" cellspacing="0" width="<?=$maxWidth?>"> |
<tr> |
<td class="toolBox"> |
<form method="GET" action="info.php"> |
<br/> |
<b>Informations on </b> |
<input type="text" name="p1" class="inputText" maxlength="100" value="<?=htmlentities(stripslashes($p1))?>"> |
<input type="hidden" name="type" value="<?=htmlentities(stripslashes($type))?>"> |
<br/><br/> |
<?php |
foreach($toolsArray as $toolName=>$toolInfos) { |
?> |
<input class="toolbutton" type="submit" name="tool" value="<?=htmlentities($toolName)?>"> |
<?php |
} |
?> |
</form> |
</td> |
</tr> |
</table> |
<?php |
flush(); |
if($tool) { |
if($toolsArray[$tool]["type"]=="command") { |
$myCommand=$toolsArray[$tool]["value"]; |
$myparam=$p1; |
if($toolsArray[$tool]["precompute"]=="extractdomain") { |
if (preg_match("/\d+\.\d+\.\d+\.\d+/", $p1)) { // it's an ip address |
$myparam=$p1; |
} else { |
$myparam=substr(strstr($p1,"."),1); // remove first part of canonical name |
} |
} |
$myCommand=str_replace("%p1%",$myparam,$myCommand); |
} |
if($toolsArray[$tool]["type"]=="url") { |
$myCommand=$toolsArray[$tool]["value"]; |
$myCommand=str_replace("%p1%",urlencode($p1),$myCommand); |
} |
?> |
<br/> |
<table border="0" cellpadding="0" cellspacing="0" width="<?=$maxWidth?>"> |
<tr> |
<td class="toolCommandBoxHeader"> |
<?php |
if($toolsArray[$tool]["type"]=="url") { |
?> |
<a style="color: #FFFFFF" href="<?=$myCommand?>" target="q"><?=$myCommand?></a> |
<?php |
} else { |
echo($myCommand); |
} |
?> |
</td> |
</tr> |
</table> |
<?php |
flush(); |
?> |
<table border="0" cellpadding="0" cellspacing="0" width="<?=$maxWidth?>"> |
<tr> |
<td class="toolCommandBox"> |
<?php |
if($toolsArray[$tool]["type"]=="command") { |
echo("<pre>"); |
passthru(escapeshellcmd($myCommand)); |
echo("</pre>"); |
} |
if($toolsArray[$tool]["type"]=="url") { |
?> |
<iframe name="window_recherche_affaire_resultat" src="<?=$myCommand?>" width="<?=$maxWidth+5?>" height="750" FRAMEBORDER=0> |
Your browser doesn't support iframe, unable to get url. |
</iframe> |
<?php |
} |
?> |
</td> |
</tr> |
</table> |
<?php |
} |
?> |
<br> |
<table border="0" cellpadding="0" cellspacing="0" width="<?=$maxWidth?>" class="footer"> |
<tr> |
<td align="center"> |
<A HREF="http://www.creabilis.com" target="creabilis">Firewall Eyes</A> - <A HREF="http://www.gnu.org/licenses/gpl.html">GPL</A> - Creabilis © 2004 - Web site : <A HREF="http://firewalleyes.creabilis.com">http://firewalleyes.creabilis.com</A> |
</td> |
</tr> |
</table> |
</div> |
</body> |
</html> |
/gestion/admin/firewallEyes/images/info.gif |
---|
Cannot display: file marked as a binary type. |
svn:mime-type = application/octet-stream |
Property changes: |
Added: svn:mime-type |
+application/octet-stream |
\ No newline at end of property |
/gestion/admin/firewallEyes/images/dst-port.gif |
---|
Cannot display: file marked as a binary type. |
svn:mime-type = application/octet-stream |
Property changes: |
Added: svn:mime-type |
+application/octet-stream |
\ No newline at end of property |
/gestion/admin/firewallEyes/images/port-dst.gif |
---|
Cannot display: file marked as a binary type. |
svn:mime-type = application/octet-stream |
Property changes: |
Added: svn:mime-type |
+application/octet-stream |
\ No newline at end of property |
/gestion/admin/firewallEyes/images/header-background.jpg |
---|
Cannot display: file marked as a binary type. |
svn:mime-type = image/jpeg |
Property changes: |
Added: svn:mime-type |
+image/jpeg |
\ No newline at end of property |
/gestion/admin/firewallEyes/images/source.gif |
---|
Cannot display: file marked as a binary type. |
svn:mime-type = application/octet-stream |
Property changes: |
Added: svn:mime-type |
+application/octet-stream |
\ No newline at end of property |
/gestion/admin/firewallEyes/images/destination.gif |
---|
Cannot display: file marked as a binary type. |
svn:mime-type = application/octet-stream |
Property changes: |
Added: svn:mime-type |
+application/octet-stream |
\ No newline at end of property |
/gestion/admin/firewallEyes/images/commandHeaderBkg.jpg |
---|
Cannot display: file marked as a binary type. |
svn:mime-type = image/jpeg |
Property changes: |
Added: svn:mime-type |
+image/jpeg |
\ No newline at end of property |
/gestion/admin/firewallEyes/images/firewallEyes.jpg |
---|
Cannot display: file marked as a binary type. |
svn:mime-type = image/jpeg |
Property changes: |
Added: svn:mime-type |
+image/jpeg |
\ No newline at end of property |
/gestion/admin/firewallEyes/images/logo-firewallEyes.gif |
---|
Cannot display: file marked as a binary type. |
svn:mime-type = application/octet-stream |
Property changes: |
Added: svn:mime-type |
+application/octet-stream |
\ No newline at end of property |
/gestion/admin/firewallEyes/images/src-port.gif |
---|
Cannot display: file marked as a binary type. |
svn:mime-type = application/octet-stream |
Property changes: |
Added: svn:mime-type |
+application/octet-stream |
\ No newline at end of property |
/gestion/admin/firewallEyes/images/port-src.gif |
---|
Cannot display: file marked as a binary type. |
svn:mime-type = application/octet-stream |
Property changes: |
Added: svn:mime-type |
+application/octet-stream |
\ No newline at end of property |
/gestion/admin/firewallEyes/images/buttonBkg.jpg |
---|
Cannot display: file marked as a binary type. |
svn:mime-type = image/jpeg |
Property changes: |
Added: svn:mime-type |
+image/jpeg |
\ No newline at end of property |
/gestion/admin/firewallEyes/messages |
---|
0,0 → 1,21 |
Sep 24 04:03:01 firewall kernel: RULE 5 -- ACCEPT IN=eth1 OUT=eth2 SRC=192.168.0.5 DST=64.246.30.37 LEN=48 TOS=0x00 PREC=0x00 TTL=124 ID=33597 DF PROTO=TCP SPT=3247 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 |
Sep 24 04:03:02 firewall kernel: RULE 6 -- DENY IN=eth1 OUT=eth1 SRC=172.50.230.95 DST=192.168.14.5 LEN=48 TOS=0x00 PREC=0x00 TTL=126 ID=18765 PROTO=TCP SPT=2277 DPT=25 LEN=28 |
Sep 24 04:03:02 firewall kernel: RULE 7 -- DENY IN=eth1 OUT=eth1 SRC=172.79.3.1 DST=192.168.0.12 LEN=48 TOS=0x00 PREC=0x00 TTL=126 ID=18764 PROTO=TCP SPT=3767 DPT=443 LEN=28 |
Sep 24 04:03:05 firewall kernel: RULE 2 -- ACCEPT IN=eth1 OUT=eth2 SRC=192.168.0.55 DST=10.10.5.4 LEN=48 TOS=0x00 PREC=0x00 TTL=122 ID=45067 DF PROTO=TCP SPT=1549 DPT=8080 WINDOW=8192 RES=0x00 SYN URGP=0 |
Sep 24 04:03:05 firewall kernel: RULE 8 -- ACCEPT IN=eth1 OUT=eth1 SRC=192.79.1.1 DST=172.48.3.1 LEN=48 TOS=0x00 PREC=0x00 TTL=126 ID=18775 PROTO=TCP SPT=1793 DPT=80 LEN=28 |
Sep 24 04:03:05 firewall kernel: RULE 2 -- REJECT IN=eth1 OUT=eth1 SRC=192.169.230.95 DST=192.168.31.51 LEN=48 TOS=0x00 PREC=0x00 TTL=126 ID=18774 PROTO=UDP SPT=1179 DPT=137 LEN=28 |
Sep 24 04:03:07 firewall kernel: RULE 9 -- ACCEPT IN=eth1 OUT=eth1 SRC=172.79.1.78 DST=10.10.6.4 LEN=48 TOS=0x00 PREC=0x00 TTL=126 ID=18775 PROTO=TCP SPT=9957 DPT=80 LEN=28 |
Sep 24 04:03:08 firewall kernel: RULE 16 -- DENY IN=eth1 OUT=eth2 SRC=192.168.6.162 DST=64.4.23.188 LEN=48 TOS=0x00 PREC=0x00 TTL=124 ID=33598 DF PROTO=TCP SPT=3247 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 |
Sep 24 04:03:08 firewall kernel: RULE 16 -- ACCEPT IN=eth1 OUT=eth1 SRC=192.169.230.95 DST=192.168.31.51 LEN=48 TOS=0x00 PREC=0x00 TTL=126 ID=18780 PROTO=UDP SPT=7453 DPT=137 LEN=28 |
Sep 24 04:03:08 firewall kernel: RULE 11 -- REJECT IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:10:b5:4f:4b:60:08:00 SRC=172.38.45.78 DST=10.10.5.7 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=18808 PROTO=TCP SPT=2487 DPT=21 LEN=28 |
Sep 24 04:03:11 firewall kernel: RULE 13 -- DENY IN=eth1 OUT=eth1 SRC=192.169.0.5 DST=192.168.0.50 LEN=48 TOS=0x00 PREC=0x00 TTL=126 ID=18791 PROTO=UDP SPT=2813 DPT=137 LEN=28 |
Sep 24 04:03:11 firewall kernel: RULE 17 -- DENY IN=eth1 OUT=eth1 SRC=192.169.230.95 DST=192.168.1.51 LEN=48 TOS=0x00 PREC=0x00 TTL=126 ID=18790 PROTO=UDP SPT=2779 DPT=137 LEN=28 |
Sep 24 04:03:14 firewall kernel: RULE 16 -- ACCEPT IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:10:b5:4f:4b:60:08:00 SRC=192.169.230.95 DST=10.0.12.5 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=18796 PROTO=UDP SPT=4476 DPT=137 LEN=28 |
Sep 24 04:03:14 firewall kernel: RULE 11 -- REJECT IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:10:b5:4f:4b:60:08:00 SRC=172.38.45.78 DST=10.10.5.7 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=18808 PROTO=TCP SPT=2487 DPT=21 LEN=28 |
Sep 24 04:03:14 firewall kernel: RULE 16 -- DENY IN=eth1 OUT=eth1 SRC=10.10.45.7 DST=192.168.1.51 LEN=48 TOS=0x00 PREC=0x00 TTL=126 ID=18795 PROTO=UDP SPT=2781 DPT=123 LEN=28 |
Sep 24 04:03:14 firewall kernel: RULE 14 -- ACCEPT IN=eth1 OUT=eth1 SRC=192.168.1.5 DST=192.168.0.51 LEN=48 TOS=0x00 PREC=0x00 TTL=126 ID=18794 PROTO=UDP SPT=33660 DPT=53 LEN=28 |
Sep 24 04:03:17 firewall kernel: RULE 5 -- ACCEPT IN=eth1 OUT=eth2 SRC=192.168.1.5 DST=64.246.30.37 LEN=48 TOS=0x00 PREC=0x00 TTL=124 ID=33597 DF PROTO=TCP SPT=3247 DPT=80 WINDOW=64242 RES=0x00 SYN URGP=0 |
Sep 24 04:03:17 firewall kernel: RULE 5 -- ACCEPT IN=eth1 OUT=eth2 SRC=192.168.2.5 DST=192.168.1.78 LEN=48 TOS=0x00 PREC=0x00 TTL=124 ID=33597 DF PROTO=TCP SPT=3657 DPT=80 WINDOW=64242 RES=0x00 SYN URGP=0 |
Sep 24 04:03:17 firewall kernel: RULE 11 -- REJECT IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:10:b5:4f:4b:60:08:00 SRC=172.38.45.78 DST=10.10.5.7 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=18808 PROTO=TCP SPT=2487 DPT=21 LEN=28 |
Sep 24 04:03:17 firewall kernel: RULE 3 -- ACCEPT IN=eth1 OUT=eth1 SRC=10.10.45.7 DST=192.168.0.8 LEN=48 TOS=0x00 PREC=0x00 TTL=126 ID=18806 PROTO=TCP SPT=2267 DPT=110 LEN=28 |
Sep 24 04:03:20 firewall kernel: RULE 5 -- ACCEPT IN=eth1 OUT=eth2 SRC=192.168.0.5 DST=64.246.30.37 LEN=48 TOS=0x00 PREC=0x00 TTL=124 ID=33597 DF PROTO=TCP SPT=1842 DPT=80 WINDOW=64248 RES=0x00 SYN URGP=0 |
/gestion/admin/firewallEyes/log.css |
---|
0,0 → 1,147 |
.tabCell { |
font-family: Arial, Helvetica, sans-serif; |
font-size: 11px; |
white-space: nowrap; |
float: left; |
overflow: hidden; |
border-left: 0px solid #9EB2E2; |
padding-top: 3px; |
padding-bottom: 3px; |
margin: 0px; |
text-align: left; |
} |
.header { |
font-family: Arial, Helvetica, sans-serif; |
font-size: 11px; |
background-color: #EEF1F9; |
border-top: 1px solid #9EB2E2; |
border-bottom: 1px solid #9EB2E2; |
color: #0C1E6C; |
font-weight: bold; |
text-align: center; |
} |
.footer { |
font-family: Arial, Helvetica, sans-serif; |
font-size: 9px; |
background-color: #F4F8FB; |
border: 1px solid #9EB2E2; |
color: #0C1E6C; |
padding: 2px; |
} |
a { |
color: #0C1E6C; |
text-decoration:none; |
} |
a:hover { |
color: #800000; |
text-decoration:underline; |
} |
.ACCEPT { |
color: #006633; |
border-right: 1px solid #9EB2E2; |
border-left: 1px solid #9EB2E2; |
} |
.DROP { |
color: #800000; |
border-right: 1px solid #9EB2E2; |
border-left: 1px solid #9EB2E2; |
} |
.REJECT { |
color: #804040; |
border-right: 1px solid #9EB2E2; |
border-left: 1px solid #9EB2E2; |
} |
.ACCOUNTING { |
color: #000000; |
border-right: 1px solid #9EB2E2; |
border-left: 1px solid #9EB2E2; |
} |
.line1 { |
background-color: #FFFFFF; |
} |
.line2 { |
background-color: #F4F8FB; |
} |
.inputBlock { |
padding: 0px; |
margin: 0px; |
border: none; |
font-family: Arial, Helvetica, sans-serif; |
font-size: 11px; |
white-space: nowrap; |
float: left; |
overflow: hidden; |
border-left: 1px solid #9EB2E2; |
padding: 2px; |
} |
.inputText { |
font-family: Arial, Helvetica, sans-serif; |
font-size: 9px; |
color: #0C1E6C; |
border:1px solid #9EB2E2; |
padding: 2px; |
} |
.button { |
font-family: Arial, Helvetica, sans-serif; |
font-size: 10px; |
font-weight: bold; |
color: #0C1E6C; |
background-color: #FFFFFF; |
width: 80px; |
height: 25px; |
background-image: url(images/buttonBkg.jpg); |
background-repeat: no-repeat; |
text-align: left; |
padding-left: 18pt; |
} |
.toolbutton { |
font-family: Arial, Helvetica, sans-serif; |
font-size: 10px; |
font-weight: bold; |
color: #0C1E6C; |
background-color: #FFFFFF; |
width: 100px; |
height: 25px; |
background-image: url(images/buttonBkg.jpg); |
background-repeat: no-repeat; |
text-align: left; |
padding-left: 18pt; |
} |
.toolBox { |
font-family: Arial, Helvetica, sans-serif; |
font-size: 11px; |
font-weight: bold; |
background-color: #EEF1F9; |
border: 1px solid #9EB2E2; |
color: #0C1E6C; |
text-align: left; |
padding-left: 2pt; |
} |
.toolCommandBoxHeader { |
font-family: Arial, Helvetica, sans-serif; |
font-size: 11px; |
font-weight: bold; |
background-image: url(images/commandHeaderBkg.jpg); |
border: 1px solid #9EB2E2; |
color: #FFFFFF; |
text-align: center; |
} |
.toolCommandBox { |
font-family: Arial, Helvetica, sans-serif; |
font-size: 11px; |
background-color: #F4F7FF; |
border: 1px solid #9EB2E2; |
color: #0C1E6C; |
text-align: left; |
padding-left: 2pt; |
} |
.topbox { |
color: #FFFFFF; |
font-family: Arial, Helvetica, sans-serif; |
font-size: 11px; |
border: none; |
padding: 2px; |
margin: 0px; |
} |
/gestion/admin/firewallEyes/include.php |
---|
0,0 → 1,139 |
<?php |
/* |
* firewall Eyes |
* Copyright (C) 2004 Creabilis |
* |
* This program is free software; you can redistribute it and/or modify |
* it under the terms of the GNU General Public License as published by |
* the Free Software Foundation; either version 2 of the License, or (at |
* your option) any later version. |
* |
* This program is distributed in the hope that it will be useful, but |
* WITHOUT ANY WARRANTY; without even the implied warranty of |
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
* General Public License for more details. |
* |
* You should have received a copy of the GNU General Public License |
* along with this program; if not, write to the Free Software |
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
* |
*/ |
// **************************************************************************** |
// return the regexp index for $columnName |
// **************************************************************************** |
function authenticationCheck() { |
global $IPAuthentication,$allowedClientIP; |
if ($IPAuthentication) { |
if(!in_array($_SERVER["REMOTE_ADDR"],$allowedClientIP)) { |
exit(); |
} |
} |
} |
// **************************************************************************** |
// return the regexp index for $columnName |
// **************************************************************************** |
function getIndexForColumn($columnName,$logFields) { |
for($i=0; $i<count($logFields); $i++) { |
if($logFields[$i][0]==$columnName) { |
Return $logFields[$i][1]; |
} |
} |
} |
// **************************************************************************** |
// return true if all criteria matches |
// **************************************************************************** |
function criteriaMatches($criteria,$logFields,$infoTab,$exactSearch) { |
$returnValue=true; |
for($i=0; $i<count($logFields); $i++) { |
$currentColumn=$logFields[$i][0]; |
$currentData=$infoTab[$logFields[$i][1]]; |
if($currentCriteria=$criteria[$currentColumn]) { // if criteria exists |
// test |
if(!searchString ($currentData,$currentCriteria,$exactSearch)) { |
Return false; |
} |
} |
} |
Return $returnValue; |
} |
// **************************************************************************** |
// return true strings founded |
// **************************************************************************** |
function searchString($haystack, $searchedWords,$exactSearch) { |
if($searchedWords[0]=="!") { |
$negate=true; |
$searchedWords=substr($searchedWords,1); |
} |
$returnValue=false; |
$wordTab=preg_split ("/[\s,]+/", $searchedWords); |
if($wordTab) { |
for($i=0; $i<count($wordTab); $i++) { |
if($currentWord=$wordTab[$i]) { |
// test |
if(($exactSearch ? $haystack==$currentWord : stristr ($haystack,$currentWord))) { |
$returnValue=true; |
break; |
} |
} |
} |
} |
if($negate) { |
Return (!$returnValue); |
} else { |
Return $returnValue; |
} |
} |
// **************************************************************************** |
// change lines to resolved items |
// **************************************************************************** |
function resolvAll() { |
global $logFields,$infoTab,$resolvIp,$resolvService,$indexForProtocol,$infoTabOriginal; |
for($i=0; $i<count($logFields); $i++) |
{ |
if($resolvIp) { |
if($logFields[$i][3]=="ip" && !strstr($infoTab[$logFields[$i][1]],"255")) { |
$infoTab[$logFields[$i][1]]=gethostbyaddr($infoTab[$logFields[$i][1]]); |
} |
} |
if($resolvService) { |
if($logFields[$i][3]=="service") { |
$currentProtocolIndex=$indexForProtocol; |
$service=getservbyport($infoTab[$logFields[$i][1]],strtolower($infoTab[$currentProtocolIndex])); |
if($service) { |
$infoTabOriginal[$logFields[$i][1]]=$infoTab[$logFields[$i][1]]; |
$infoTab[$logFields[$i][1]]=$service; |
} |
} |
} |
} |
} |
// **************************************************************************** |
// fgetrs : read line and put pointer at the begining |
// **************************************************************************** |
function fgetrs($fileHandle) { |
while (ftell($fileHandle)>=0) { |
$char = fgetc($fileHandle); |
if (ftell($fileHandle)==1) { |
fseek ($fileHandle,-1,SEEK_CUR); |
return $char.$line; |
} |
if ($char == "\n" || ftell($fileHandle)==1) { |
fseek ($fileHandle,-2,SEEK_CUR); |
return $line; |
} |
else { |
fseek ($fileHandle,-2,SEEK_CUR); |
$line = $char . $line; |
} |
} |
return $line; |
} |
?> |
/gestion/admin/firewallEyes/index.html |
---|
0,0 → 1,17 |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN" "http://www.w3.org/TR/html4/frameset.dtd"> |
<html> |
<head> |
<title>firewall Eyes - Creabilis</title> |
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> |
</head> |
<frameset rows="115,*" frameborder="NO" border="0" framespacing="0"> |
<frame src="header.php" name="topFrame" scrolling="yes"> |
<frame src="logs.php" name="mainFrame"> |
</frameset> |
<noframes> |
<body> |
Your browser doesn't support frames. Unable to get it working. |
</body> |
</noframes> |
</html> |
/gestion/admin/firewallEyes/logs.php |
---|
0,0 → 1,148 |
<?php |
/* |
* firewall Eyes |
* Copyright (C) 2004 Creabilis |
* |
* This program is free software; you can redistribute it and/or modify |
* it under the terms of the GNU General Public License as published by |
* the Free Software Foundation; either version 2 of the License, or (at |
* your option) any later version. |
* |
* This program is distributed in the hope that it will be useful, but |
* WITHOUT ANY WARRANTY; without even the implied warranty of |
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
* General Public License for more details. |
* |
* You should have received a copy of the GNU General Public License |
* along with this program; if not, write to the Free Software |
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
* |
*/ |
include("configuration.php"); |
include("include.php"); |
// authentification check |
authenticationCheck(); |
// Date in the past |
header("Expires: Mon, 26 Jul 2004 00:00:00 GMT"); |
// always modified |
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); |
// HTTP/1.1 |
header("Cache-Control: no-store, no-cache, must-revalidate"); |
header("Cache-Control: post-check=0, pre-check=0", false); |
// HTTP/1.0 |
header("Pragma: no-cache"); |
set_time_limit (300); |
// GET INPUT |
// log file, get input or first logfile |
$logfile=($_GET["logfile2display"] ? $logfiles[$_GET["logfile2display"]] : $logfiles[0]); |
$displayedLines=($_GET["displayedLines"] ? $_GET["displayedLines"] : $configuration["displayedLines"]); |
$configurationVars=Array("resolvIp","resolvService","readFromTheEnd","exactSearch","automaticRefresh"); |
foreach($configurationVars as $confVarName) { |
${$confVarName}=($_GET["searchAction"] ? $_GET[$confVarName] : $configuration[$confVarName]); |
} |
// init |
$lineCount=0; |
$indexForAction=getIndexForColumn("action",$logFields); |
$indexForProtocol=getIndexForColumn("protocol",$logFields); |
// get inputs |
$criteria=$_GET["criteria"]; |
$maxWidth=0; |
for($i=0; $i<count($logFields); $i++) { |
$maxWidth+=$logFields[$i][2]; |
} |
?> |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> |
<html> |
<head> |
<title>Creabilis fw-Eyes</title> |
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> |
<link href="log.css" rel="stylesheet" type="text/css"/> |
<?php if ($automaticRefresh) {?> |
<meta http-equiv="refresh" content="<?=$automaticRefreshInterval?>"> |
<?php } ?> |
</head> |
<body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0" bgcolor="#FFFFFF"> |
<div align="left" style="padding-left:18px"> |
<?php |
if(!file_exists ($logfile)) { |
die("Le fichier n'existe pas : $logfile"); |
} |
if(!is_readable ($logfile)) { |
die("Ne peut pas lire le fichier : $logfile"); |
} |
$fd = fopen ($logfile, "r"); |
if ($readFromTheEnd){ |
// to the end |
fseek($fd,0,SEEK_END); |
} |
while (($readFromTheEnd ? ftell($fd)>0 : !feof ($fd))) { |
$line = ($readFromTheEnd ? fgetrs($fd) : fgets($fd, 1024)); |
if(preg_match($detectLine, $line)) { // it's a firewall line |
if(preg_match($LineRegExp, $line, $infoTab)) { |
// resolv dns/services |
$infoTabOriginal=null; |
resolvAll(); |
// Apply search array |
if(criteriaMatches($criteria,$logFields,$infoTab,$exactSearch)) { |
$lineCount++; |
$nb=($nb==1 ? 2 : 1); // for alternate display |
// line display |
?> |
<table class="<?=$infoTab[$indexForAction]?>" border="0" cellpadding="0" cellspacing="0" width="<?=$maxWidth?>"> |
<tr class="line<?=$nb?>"> |
<?php |
for($i=0; $i<count($logFields); $i++) |
{ |
?> |
<td title="<?=($infoTabOriginal[$logFields[$i][1]] ? $infoTabOriginal[$logFields[$i][1]]." - " : "")?><?=$infoTab[$logFields[$i][1]]?>"> |
<span class="tabCell" style="width: <?=$logFields[$i][2]?>px" > |
<?php |
if($logFields[$i][4]) { |
?> |
<a href="info.php?type=<?=urlencode($logFields[$i][4])?>&p1=<?=urlencode($infoTab[$logFields[$i][1]])?>" title="informations"><img src="images/<?=str_replace(" ","-",($logFields[$i][0]))?>.gif" width="15" height="15" border="0" align="absmiddle"></a> |
<?php |
} |
?> |
<?=$infoTab[$logFields[$i][1]]?> |
</span> |
</td> |
<?php |
}?></tr> |
</table> |
<?php |
flush(); |
} |
} |
} |
if($lineCount>=$displayedLines) break; |
} |
// close file |
fclose ($fd); |
?> |
<table border="0" cellpadding="0" cellspacing="0" width="<?=$maxWidth+2?>" class="footer"> |
<tr> |
<td align="center"> |
<A HREF="http://www.creabilis.com" target="creabilis">Firewall Eyes</A> - <A HREF="http://www.gnu.org/licenses/gpl.html">GPL</A> - Creabilis © 2004 - Web site : <A HREF="http://firewalleyes.creabilis.com">http://firewalleyes.creabilis.com</A> |
</td> |
</tr> |
</table> |
</div> |
</body> |
</html> |
/gestion/admin/firewallEyes/readme.txt |
---|
0,0 → 1,2 |
Latest documentation and installation instructions on : |
http://firewalleyes.creabilis.com |
Property changes: |
Added: svn:eol-style |
+native |
\ No newline at end of property |
/gestion/admin/firewallEyes/configuration.php |
---|
0,0 → 1,121 |
<?php |
/* |
* firewall Eyes |
* Copyright (C) 2004 Creabilis |
* |
* This program is free software; you can redistribute it and/or modify |
* it under the terms of the GNU General Public License as published by |
* the Free Software Foundation; either version 2 of the License, or (at |
* your option) any later version. |
* |
* This program is distributed in the hope that it will be useful, but |
* WITHOUT ANY WARRANTY; without even the implied warranty of |
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
* General Public License for more details. |
* |
* You should have received a copy of the GNU General Public License |
* along with this program; if not, write to the Free Software |
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
* |
*/ |
// ***************** CONFIGURATION ********************* |
// activate authentication by IP |
// $IPAuthentication=true|false; |
$IPAuthentication=false; |
// alowed clientIP |
// one line by IP |
// $allowedClientIP[]="127.0.0.1"; |
$allowedClientIP[]="127.0.0.1"; |
// logfiles to parse, default is first |
// you can use file path like /etc/log/messages or nfs |
// or http like http://www.host.com/messages |
// or ftp like ftp://user:password@ftp.host.com/messages |
// $logfiles[]="/var/log/messages"; |
//$logfiles[]="/var/log/messages"; |
//$logfiles[]="/var/log/messages.1"; |
//$logfiles[]="/var/log/messages.2"; |
//$logfiles[]="/var/log/messages.3"; |
//$logfiles[]="/var/log/messages.4"; |
$folder = "/var/log/firewall"; |
$dossier = opendir($folder); |
$index=0; |
while ($Fichier = readdir($dossier)) { |
$exclusion = stripos ($Fichier, '.gz'); |
if ($Fichier != "." && $Fichier != ".." && $exclusion == 0) { |
$index ++; |
$logfiles[]=$folder . "/" . $Fichier; |
} # end if |
} # end while |
closedir($dossier); |
// automatic submit |
// automatic reload log display just after changing a display option (search strings, resolving, ...) |
// $automaticSubmit=true|false; |
$automaticSubmit=true; |
// default number of lines to display |
$configuration["displayedLines"]=50; |
// resolv ip |
$configuration["resolvIp"]=false; |
// resolv service |
$configuration["resolvService"]=true; |
// read log file from the end |
$configuration["readFromTheEnd"]=true; |
// exact search |
$configuration["exactSearch"]=false; |
// automatic refresh page every x secondes |
//$configuration["automaticRefresh"]=false|true; |
$configuration["automaticRefresh"]=false; |
// refresh interval in seconds |
$automaticRefreshInterval=10; |
// column array |
// syntax : name, index in regexp, width in pixels, type, toolname |
// type can be ip or service or protocol, used for resolution |
// to hide a column, just comment it with // |
$logFields[]=Array("date","1","60",null,null); |
$logFields[]=Array("heure","2","60",null,null); |
$logFields[]=Array("intf","5","50",null,null); |
$logFields[]=Array("source","6","150","ip","iptools"); |
$logFields[]=Array("destination","7","150","ip","iptools"); |
$logFields[]=Array("protocol","8","60","protocol",null); |
$logFields[]=Array("src port","9","60",null,null); |
$logFields[]=Array("dst port","10","80","service","srvtools"); |
$logFields[]=Array("règle","3","80",null,null); |
$logFields[]=Array("action","4","80",null,null); |
// ip tools |
// types are command or url |
// use %originalParameter% for values like ip address |
// use %transformedParameter% for values like dns address |
$tools["iptools"]["ping"]= array("type"=>"command", "value"=>"ping -c 5 %p1%"); |
$tools["iptools"]["traceroute"]=array("type"=>"command", "value"=>"traceroute %p1%"); |
$tools["iptools"]["DNS lookup"]= array("type"=>"command", "value"=>"host %p1%"); |
$tools["iptools"]["whois"]= array("type"=>"command", "value"=>"whois %p1%","precompute"=>"extractdomain"); |
$tools["iptools"]["nmap"]= array("type"=>"command", "value"=>"nmap %p1%"); |
$tools["iptools"]["HTTP Test"]= array("type"=>"url", "value"=>"http://%p1%"); |
// service tool |
$tools["srvtools"]["ISS Port db"]= array("type"=>"url", "value"=>"http://www.iss.net/security_center/advice/Exploits/Ports/%p1%/default.htm"); |
$tools["srvtools"]["IANA ports"]= array("type"=>"url", "value"=>"http://www.iana.org/assignments/port-numbers"); |
$tools["srvtools"]["Google"]= array("type"=>"url", "value"=>"http://www.google.com/search?hl=en&q=port+%p1%"); |
// regExp for detecting a firewall line |
$detectLine="/RULE/S"; |
// regExp for line parsing |
$LineRegExp="/(\w+\s+\d+)\s+(\S+)\s+\S+.*RULE (\S+).+-\s+(\S+).*IN=(\S+).*SRC=(\S+)\s+DST=(\S+).*PROTO=(\S+).*SPT=(\S+).*DPT=(\S+)/S"; |
//line sample : |
//Sep 24 18:07:35 passerelle kernel: RULE 14 -- ACCEPT IN=eth1 OUT= MAC=00:04:e2:43:1c:c4:00:0b:cd:f9:f4:42:08:00 SRC=192.168.0.1 DST=172.31.0.253 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=11059 DF PROTO=TCP SPT=1537 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 |
?> |
/gestion/admin/firewallEyes/header.php |
---|
0,0 → 1,154 |
<?php |
/* |
* firewall Eyes |
* Copyright (C) 2004 Creabilis |
* |
* This program is free software; you can redistribute it and/or modify |
* it under the terms of the GNU General Public License as published by |
* the Free Software Foundation; either version 2 of the License, or (at |
* your option) any later version. |
* |
* This program is distributed in the hope that it will be useful, but |
* WITHOUT ANY WARRANTY; without even the implied warranty of |
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
* General Public License for more details. |
* |
* You should have received a copy of the GNU General Public License |
* along with this program; if not, write to the Free Software |
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
* |
*/ |
include("configuration.php"); |
include("include.php"); |
// authentification check |
authenticationCheck(); |
// Date in the past |
header("Expires: Mon, 26 Jul 2004 00:00:00 GMT"); |
// always modified |
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); |
// HTTP/1.1 |
header("Cache-Control: no-store, no-cache, must-revalidate"); |
header("Cache-Control: post-check=0, pre-check=0", false); |
// HTTP/1.0 |
header("Pragma: no-cache"); |
set_time_limit (300); |
// TODO: |
// predifined filters : all accept, all dropped/rejected |
//line example : |
//Sep 24 18:07:35 passerelle kernel: RULE 14 -- ACCEPT IN=eth1 OUT= MAC=00:04:e2:43:1c:c4:00:0b:cd:f9:f4:42:08:00 SRC=172.31.200.189 DST=172.31.1.253 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=11059 DF PROTO=TCP SPT=1537 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0 |
$logfile=$configuration["logfile"]; |
$displayedLines=($_GET["displayedLines"] ? $_GET["displayedLines"] : $configuration["displayedLines"]); |
$configurationVars=Array("resolvIp","resolvService","readFromTheEnd","exactSearch","automaticRefresh"); |
foreach($configurationVars as $confVarName) { |
${$confVarName}=($_GET["searchAction"] ? $_GET[$confVarName] : $configuration[$confVarName]); |
} |
// init |
$lineCount=0; |
$indexForAction=getIndexForColumn("action",$logFields); |
$indexForProtocol=getIndexForColumn("protocol",$logFields); |
// get inputs |
$criteria=$_GET["criteria"]; |
$maxWidth=0; |
for($i=0; $i<count($logFields); $i++) { |
$maxWidth+=$logFields[$i][2]; |
} |
?> |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> |
<html> |
<head> |
<title>Creabilis fw-Eyes</title> |
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> |
<link href="log.css" rel="stylesheet" type="text/css"/> |
<script> |
function myrefresh() { |
<?php if ($automaticSubmit) {?> |
document.forms["search"].submit() |
<?php } ?> |
} |
</script> |
</head> |
<body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0" bgcolor="#FFFFFF"> |
<table width="100%" height="100" border="0" cellpadding="0" cellspacing="0" background="images/header-background.jpg"> |
<tr> |
<td valign="bottom" align="left" style="padding-left:19px"> |
<form method="GET" action="logs.php" style="margin: 0px;padding: 0px;" name="search" target="mainFrame"> |
<INPUT type="hidden" name="searchAction" value="1"> |
<div class="topbox" > |
</div> |
<table border="0" cellpadding="0" cellspacing="0" width="<?=$maxWidth?>"> |
<tr> |
<td rowspan="2" valign="top"><img src="images/logo-firewallEyes.gif" width="58" height="38" align="top"><img src="images/firewallEyes.jpg" width="199" height="48" align="top"></td> |
<td align="right" class="topbox"> lignes affichées |
<input name="displayedLines" type="text" class="inputText" style="width:30 px;" size="3" maxlength="6" value="<?=htmlentities(stripslashes($displayedLines))?>" onChange="myrefresh()"> |
fichier log <select name="logfile2display" class="inputText" onChange="myrefresh()"> |
<?php |
foreach($logfiles as $currentIndex=>$currentLogfile) { |
?> |
<option value="<?=htmlspecialchars($currentIndex)?>"> |
<?=htmlspecialchars($currentLogfile)?> |
</option> |
<?php |
} |
?> |
</select> <input type="checkbox" name="readFromTheEnd" id="readFromTheEnd" value="1" <?= ($readFromTheEnd ? "checked" : "")?> onClick="myrefresh()"> |
<label for="readFromTheEnd"> lecture depuis la fin </label></td> |
</tr> |
<tr> |
<td colspan="<?=count($logFields)?>" align="left" class="topbox"> |
<input type="checkbox" name="automaticRefresh" id="automaticRefresh" value="1" <?= ($automaticRefresh ? "checked" : "")?> onClick="myrefresh()"> |
<label for="automaticRefresh">raffraichissement auto </label> |
<input type="checkbox" name="resolvIp" id="resolvIp" value="1" <?= ($resolvIp ? "checked" : "")?> onClick="myrefresh()"> |
<label for="resolvIp">resolv IP </label> |
<input type="checkbox" name="resolvService" id="resolvService" value="1" <?= ($resolvService ? "checked" : "")?> onClick="myrefresh()"> |
<label for="resolvService">resolv services </label> |
<input type="checkbox" name="exactSearch" id="exactSearch" value="1" <?= ($exactSearch ? "checked" : "")?> onClick="myrefresh()"> |
<label for="exactSearch">recherche exacte </label> |
<input class="button" type="submit" value="Afficher"> |
<!-- <input class="button" type="button" value="reset" onClick="top.window.location='index.html'">--> |
</td> |
</tr> |
</table> |
<table border="0" cellpadding="0" cellspacing="0" width="<?=$maxWidth?>"> |
<tr> |
<?php |
// tab header |
for($i=0; $i<count($logFields); $i++) { |
?><td class="header"><span style="width: <?=$logFields[$i][2]?>px" class="header"> <?=$logFields[$i][0]?></span> |
</td><?php |
}?> |
</tr> |
<tr> |
<?php |
// search form |
for($i=0; $i<count($logFields); $i++) { |
?><td><span style="width: <?=$logFields[$i][2]?>px"><input type="text" name="criteria[<?=htmlentities($logFields[$i][0])?>]" value="<?=htmlentities(stripslashes($criteria[$logFields[$i][0]]))?>" style="width: <?=$logFields[$i][2]?>px" class="inputText" onChange="myrefresh()"></span> |
</td> |
<?php |
}?> |
</tr> |
</table> |
</form> |
</td> |
</tr> |
</table> |
</body> |
</html> |