Subversion Repositories ALCASAR

Rev

Rev 790 | Blame | Last modification | View Log

<?php
/*
 * firewall Eyes
 * Copyright (C) 2004 Creabilis
 * 
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or (at
 * your option) any later version.
 * 
 * This program is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * General Public License for more details.
 * 
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
 *
 */

// ***************** CONFIGURATION *********************
// activate authentication by IP
// $IPAuthentication=true|false;
$IPAuthentication=false;
// alowed clientIP
// one line by IP
// $allowedClientIP[]="127.0.0.1";
$allowedClientIP[]="127.0.0.1";

// logfiles to parse, default is first
// you can use file path like /etc/log/messages or nfs
// or http like http://www.host.com/messages
// or ftp like ftp://user:password@ftp.host.com/messages
// $logfiles[]="/var/log/messages";
//$logfiles[]="/var/log/messages";
//$logfiles[]="/var/log/messages.1";
//$logfiles[]="/var/log/messages.2";
//$logfiles[]="/var/log/messages.3";
//$logfiles[]="/var/log/messages.4";
$folder = "/var/log/firewall";
$dossier = opendir($folder);
$index=0;
while ($Fichier = readdir($dossier))    {
                $exclusion = stripos ($Fichier, '.gz');
                if ($Fichier != "." && $Fichier != ".." && $Fichier != " " && $exclusion == 0)  {
                        $index ++;
                        $logfiles[]=$folder . "/" . $Fichier;
                } # end if
        } # end while
closedir($dossier);
rsort($logfiles,SORT_STRING);
// automatic submit
// automatic reload log display just after changing a display option (search strings, resolving, ...)
// $automaticSubmit=true|false; 
$automaticSubmit=true;


// default number of lines to display
$configuration["displayedLines"]=50;

// resolv ip
$configuration["resolvIp"]=false;

// resolv service
$configuration["resolvService"]=true;

// read log file from the end
$configuration["readFromTheEnd"]=true;

// exact search
$configuration["exactSearch"]=false;

// automatic refresh page every x secondes 
//$configuration["automaticRefresh"]=false|true;
$configuration["automaticRefresh"]=false;

// refresh interval in seconds
$automaticRefreshInterval=10;

// column array
// syntax : name, index in regexp, width in pixels, type, toolname
// type can be ip or service or protocol, used for resolution
// to hide a column, just comment it with //
$logFields[]=Array("date","1","60",null,null);
$logFields[]=Array("heure","2","60",null,null);
$logFields[]=Array("intf","5","50",null,null);
$logFields[]=Array("source","6","150","ip","iptools");
$logFields[]=Array("destination","7","150","ip","iptools");
$logFields[]=Array("protocol","8","60","protocol",null);
$logFields[]=Array("src port","9","60",null,null);
$logFields[]=Array("dst port","10","80","service","srvtools");
$logFields[]=Array("r&egrave;gle","3","80",null,null);
$logFields[]=Array("action","4","80",null,null);

// ip tools
// types are command or url
// use %originalParameter% for values like ip address
// use %transformedParameter% for values like dns address
$tools["iptools"]["ping"]=              array("type"=>"command", "value"=>"ping -c 5 %p1%");
$tools["iptools"]["traceroute"]=array("type"=>"command", "value"=>"traceroute %p1%");
$tools["iptools"]["DNS lookup"]=        array("type"=>"command", "value"=>"host %p1%");
$tools["iptools"]["whois"]=             array("type"=>"command", "value"=>"whois %p1%","precompute"=>"extractdomain");
$tools["iptools"]["nmap"]=              array("type"=>"command", "value"=>"nmap %p1%");
$tools["iptools"]["HTTP Test"]= array("type"=>"url", "value"=>"http://%p1%");

// service tool
$tools["srvtools"]["ISS Port db"]=      array("type"=>"url", "value"=>"http://www.iss.net/security_center/advice/Exploits/Ports/%p1%/default.htm");
$tools["srvtools"]["IANA ports"]=       array("type"=>"url", "value"=>"http://www.iana.org/assignments/port-numbers");
$tools["srvtools"]["Google"]=   array("type"=>"url", "value"=>"http://www.google.com/search?hl=en&q=port+%p1%");

// regExp for detecting a firewall line
$detectLine="/RULE/S";

// regExp for line parsing
$LineRegExp="/(\w+\s+\d+)\s+(\S+)\s+\S+.*RULE (\S+).+-\s+(\S+).*IN=(\S+).*SRC=(\S+)\s+DST=(\S+).*PROTO=(\S+).*SPT=(\S+).*DPT=(\S+)/S";

//line sample :
//Sep 24 18:07:35 passerelle kernel: RULE 14 -- ACCEPT IN=eth1 OUT= MAC=00:04:e2:43:1c:c4:00:0b:cd:f9:f4:42:08:00 SRC=192.168.0.1 DST=172.31.0.253 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=11059 DF PROTO=TCP SPT=1537 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 

?>