WebSVN – ALCASAR – Blame – /web/acc/manager/htdocs/security.php

Rev	Author	Line No.	Line
1163	crox53	1	<?php
2292	tom.houday	2	# $Id: security.php 2845 2020-07-04 17:54:03Z rexy $
		3
		4	$language = 'en';
		5	if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) {
2811	rexy	6	$langue = explode(',', $_SERVER['HTTP_ACCEPT_LANGUAGE']);
		7	$language = strtolower(substr(chop($langue[0]), 0, 2));
2292	tom.houday	8	}
		9	if ($language === 'fr') {
2811	rexy	10	$l_title = 'Sécurité';
2810	rexy	11	$l_spoofing = "Adresse(s) MAC usurpée(s) (Watchdog)";
2841	rexy	12	$l_virus = "Virus bloqué(s) (CLAMAV)";
2810	rexy	13	$l_fail2ban = "Adresse(s) IP bloquée(s) (Fail2Ban)";
		14	$l_ipAddress="Adresse IP";
		15	$l_user = "L'utilisateur";
		16	$l_empty="Vide";
		17	$l_rule="Règle";
2292	tom.houday	18	} else {
2811	rexy	19	$l_title = 'Security';
		20	$l_spoofing = "MAC address spoofed (Watchdog)";
2841	rexy	21	$l_virus = "Virus blocked (CLAMAV)";
2810	rexy	22	$l_fail2ban = "IP address blocked (Fail2Ban)";
		23	$l_ipAddress="IP address";
		24	$l_user = "User";
		25	$l_empty="Empty";
		26	$l_rule="Rule";
2292	tom.houday	27	}
		28	$tab = (isset($_GET['tab'])) ? intval($_GET['tab']) : 1;
1163	crox53	29	?>
2818	rexy	30	<!DOCTYPE HTML>
2292	tom.houday	31	<html>
2818	rexy	32	<head>
		33	<meta charset="UTF-8">
		34	<title><?= $l_title ?></title>
		35	<link rel="stylesheet" href="/css/bootstrap.min.css">
		36	<script src="/js/jquery.min.js"></script>
		37	<script src="/js/bootstrap.min.js"></script>
		38	<link rel="stylesheet" href="/css/acc.css">
		39	</head>
		40	<body>
		41	<div class="panel">
		42	<div class="panel-header"><?= $l_title ?></div>
		43	<div class="panel-row">
		44	<div class="btn-group btn-group-justified" role="group" aria-label="Justified button group">
		45	<a href="security.php?tab=1" class="btn btn-default<?= (($tab === 1) ? ' active' : '') ?>" role="button"><?= $l_spoofing ?></a>
		46	<a href="security.php?tab=2" class="btn btn-default<?= (($tab === 2) ? ' active' : '') ?>" role="button"><?= $l_virus ?></a>
		47	<a href="security.php?tab=3" class="btn btn-default<?= (($tab === 3) ? ' active' : '') ?>" role="button"><?= $l_fail2ban ?></a>
		48	</div>
1410	richard	49	<?php
2292	tom.houday	50	if ($tab === 1) {
2405	tom.houday	51	$spoofs = [];
2455	tom.houday	52	$regex = '/^\[(?P<date>[0-9\/\-: ]+)\] : alcasar-watchdog : (?P<ip>(?:(?:[0-9]\|[1-9][0-9]\|1[0-9]{2}\|2[0-4][0-9]\|25[0-5])\.){3}(?:[0-9]\|[1-9][0-9]\|1[0-9]{2}\|2[0-4][0-9]\|25[0-5])) is usurped $(?P<mac>(?:[0-9A-Fa-f]{2}[:-]){5}[0-9A-Fa-f]{2})$\. Alcasar disconnect the user $(?P<user>.+)$\.$/';
2405	tom.houday	53	$file = fopen('/var/Save/security/watchdog.log', 'r');
		54	if ($file) {
		55	while (!feof($file)) {
		56	$line = fgets($file);
		57
		58	if (preg_match($regex, $line, $matches)) {
2455	tom.houday	59	if (preg_match('/[0-9]{2}\/[0-9]{2}\/[0-9]{4}-[0-9]{2}:[0-9]{2}:[0-9]{2}/', $matches['date'], $matches_date)) {
		60	$matches['date'] = DateTime::createFromFormat('d/m/Y-H:i:s', $matches['date'])->format('Y-m-d H:i:s');
		61	}
2405	tom.houday	62	$spoofs[] = (object) [
2455	tom.houday	63	'date' => $matches['date'],
2405	tom.houday	64	'ip' => $matches['ip'],
		65	'mac' => $matches['mac'],
		66	'user' => $matches['user']
		67	];
		68	}
		69	}
		70	fclose($file);
1410	richard	71	}
2405	tom.houday	72	$spoofs = array_reverse($spoofs);
1410	richard	73	?>
2818	rexy	74	<h3><?= $l_spoofing ?></h3>
		75	<div class="container">
		76	<table class="table table-striped table-hover" border="1">
2527	fabien.rak	77	<tr>
2818	rexy	78	<th>
2527	fabien.rak	79	Date
		80	</th>
2818	rexy	81	<th>
2527	fabien.rak	82	<?= $l_ipAddress ?>
		83	</th>
2818	rexy	84	<th>
2527	fabien.rak	85	MAC
		86	</th>
2818	rexy	87	<th>
2527	fabien.rak	88	<?= $l_user ?>
		89	</th>
		90	</tr>
2818	rexy	91	<tbody>
		92	<?php if (!empty($spoofs)): ?>
2405	tom.houday	93	<?php foreach ($spoofs as $spoof): ?>
2818	rexy	94	<tr><td><?= $spoof->date ?></td><td><?= $spoof->ip ?></td><td><?= $spoof->mac ?></td><td><?= $spoof->user ?></td></tr>
2292	tom.houday	95	<?php endforeach; ?>
2818	rexy	96	<?php else: ?>
2405	tom.houday	97	<tr><td colspan="4" style="text-align: center;"><?= $l_empty ?></td></tr>
2818	rexy	98	<?php endif; ?>
		99	</tbody>
		100	</table>
		101	</div>
1410	richard	102	<?php
2292	tom.houday	103	} else if ($tab === 2) {
2841	rexy	104	$filePath = '/var/log/clamav/clamd.log';
2845	rexy	105	$pattern = "/\bfound\b/i";
		106	$lines = preg_grep ($pattern, file($filePath));
2292	tom.houday	107	if ($lines === false) {
		108	exit("Cannot open '$filePath'.");
		109	}
		110	$lines = array_reverse($lines);
1410	richard	111	?>
2818	rexy	112	<h3><?= $l_virus ?></h3>
2292	tom.houday	113	<div class="container">
		114	<table class="table table-striped table-hover">
		115	<tbody>
		116	<?php if (!empty($lines)): ?>
		117	<?php foreach ($lines as $line): ?>
		118	<tr><td><?= $line ?></td></tr>
		119	<?php endforeach; ?>
		120	<?php else: ?>
		121	<tr><td style="text-align: center;"><?= $l_empty ?></td></tr>
		122	<?php endif; ?>
		123	</tbody>
		124	</table>
		125	</div>
1410	richard	126	<?php
2292	tom.houday	127	} else if ($tab === 3) {
		128	$bans = [];
		129	$regex = '/^(?P<date>[0-9]{4}-[0-9]{2}-[0-9]{2}\ [0-9]{2}:[0-9]{2}:[0-9]{2}),[0-9]{3} fail2ban\.actions\[[0-9]+\]: WARNING \[(?P<rule>[a-zA-Z0-9_-]+)\] (?P<type>Ban\|Unban) (?P<ip>[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})$/';
		130	$file = fopen('/var/log/fail2ban.log', 'r');
		131	if ($file) {
		132	while (!feof($file)) {
		133	$line = fgets($file);
1410	richard	134
2292	tom.houday	135	if (preg_match($regex, $line, $matches)) {
		136	if ($matches['type'] === 'Ban') {
		137	$bans[] = (object) [
		138	'date_ban' => $matches['date'],
		139	'date_unban' => null,
		140	'rule' => $matches['rule'],
		141	'ip' => $matches['ip']
		142	];
		143	} else if ($matches['type'] === 'Unban') {
		144	foreach (array_reverse($bans) as $ban) {
		145	if (($ban->ip === $matches['ip']) && ($ban->rule === $matches['rule']) && ($ban->date_unban === null)) {
		146	$ban->date_unban = $matches['date'];
		147	break;
		148	}
		149	}
		150	}
		151	}
1858	raphael.pi	152	}
2292	tom.houday	153	fclose($file);
1858	raphael.pi	154	}
2292	tom.houday	155	$bans = array_reverse($bans);
		156	?>
2818	rexy	157	<h3><?= $l_fail2ban ?></h3>
2527	fabien.rak	158	<div class="container" border="1">
2818	rexy	159	<table class="table table-striped table-hover" border="1">
2527	fabien.rak	160	<tr >
2818	rexy	161	<th>
2527	fabien.rak	162	Date
		163	</th>
2818	rexy	164	<th>
2527	fabien.rak	165	Date Unban
		166	</th>
2818	rexy	167	<th>
2527	fabien.rak	168	<?= $l_rule ?>
		169	</th>
2818	rexy	170	<th>
2527	fabien.rak	171	<?= $l_ipAddress ?>
		172	</th>
		173	</tr>
2292	tom.houday	174	<?php if (!empty($bans)): ?>
		175	<?php foreach ($bans as $ban): ?>
2527	fabien.rak	176	<tr>
		177	<td>
		178	<?= $ban->date_ban ?>
		179	</td>
		180	<td>
		181	<?= $ban->date_unban ?>
		182	</td>
		183	<td>
		184	<?= $ban->rule ?>
		185	</td>
		186	<td>
		187	<?= $ban->ip ?>
		188	</td>
		189	</tr>
2292	tom.houday	190	<?php endforeach; ?>
		191	<?php else: ?>
		192	<tr><td colspan="4" style="text-align: center;"><?= $l_empty ?></td></tr>
		193	<?php endif; ?>
		194	</table>
		195	</div>
		196	<?php
1410	richard	197	} else {
2292	tom.houday	198	echo 'Unknown tab';
1410	richard	199	}
		200	?>
2818	rexy	201	</div>
2527	fabien.rak	202	</div>
1163	crox53	203	</body>
2292	tom.houday	204	</html>

Subversion Repositories ALCASAR

(root)/web/acc/manager/htdocs/security.php @ 2864 – Rev 2845