WebSVN – ALCASAR – Blame – /web/acc/manager/htdocs/security.php

Rev	Author	Line No.	Line
1163	crox53	1	<?php
2292	tom.houday	2	# $Id: security.php 2864 2020-10-18 09:06:17Z rexy $
		3
		4	$language = 'en';
		5	if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) {
2811	rexy	6	$langue = explode(',', $_SERVER['HTTP_ACCEPT_LANGUAGE']);
		7	$language = strtolower(substr(chop($langue[0]), 0, 2));
2292	tom.houday	8	}
		9	if ($language === 'fr') {
2811	rexy	10	$l_title = 'Sécurité';
2810	rexy	11	$l_spoofing = "Adresse(s) MAC usurpée(s) (Watchdog)";
2841	rexy	12	$l_virus = "Virus bloqué(s) (CLAMAV)";
2810	rexy	13	$l_fail2ban = "Adresse(s) IP bloquée(s) (Fail2Ban)";
		14	$l_ipAddress="Adresse IP";
		15	$l_user = "L'utilisateur";
		16	$l_empty="Vide";
		17	$l_rule="Règle";
2292	tom.houday	18	} else {
2811	rexy	19	$l_title = 'Security';
		20	$l_spoofing = "MAC address spoofed (Watchdog)";
2841	rexy	21	$l_virus = "Virus blocked (CLAMAV)";
2810	rexy	22	$l_fail2ban = "IP address blocked (Fail2Ban)";
		23	$l_ipAddress="IP address";
		24	$l_user = "User";
		25	$l_empty="Empty";
		26	$l_rule="Rule";
2292	tom.houday	27	}
		28	$tab = (isset($_GET['tab'])) ? intval($_GET['tab']) : 1;
1163	crox53	29	?>
2818	rexy	30	<!DOCTYPE HTML>
2292	tom.houday	31	<html>
2818	rexy	32	<head>
		33	<meta charset="UTF-8">
		34	<title><?= $l_title ?></title>
		35	<link rel="stylesheet" href="/css/bootstrap.min.css">
		36	<script src="/js/jquery.min.js"></script>
		37	<script src="/js/bootstrap.min.js"></script>
		38	<link rel="stylesheet" href="/css/acc.css">
		39	</head>
		40	<body>
		41	<div class="panel">
		42	<div class="panel-header"><?= $l_title ?></div>
		43	<div class="panel-row">
		44	<div class="btn-group btn-group-justified" role="group" aria-label="Justified button group">
		45	<a href="security.php?tab=1" class="btn btn-default<?= (($tab === 1) ? ' active' : '') ?>" role="button"><?= $l_spoofing ?></a>
		46	<a href="security.php?tab=2" class="btn btn-default<?= (($tab === 2) ? ' active' : '') ?>" role="button"><?= $l_virus ?></a>
		47	<a href="security.php?tab=3" class="btn btn-default<?= (($tab === 3) ? ' active' : '') ?>" role="button"><?= $l_fail2ban ?></a>
		48	</div>
1410	richard	49	<?php
2292	tom.houday	50	if ($tab === 1) {
2405	tom.houday	51	$spoofs = [];
2455	tom.houday	52	$regex = '/^\[(?P<date>[0-9\/\-: ]+)\] : alcasar-watchdog : (?P<ip>(?:(?:[0-9]\|[1-9][0-9]\|1[0-9]{2}\|2[0-4][0-9]\|25[0-5])\.){3}(?:[0-9]\|[1-9][0-9]\|1[0-9]{2}\|2[0-4][0-9]\|25[0-5])) is usurped $(?P<mac>(?:[0-9A-Fa-f]{2}[:-]){5}[0-9A-Fa-f]{2})$\. Alcasar disconnect the user $(?P<user>.+)$\.$/';
2405	tom.houday	53	$file = fopen('/var/Save/security/watchdog.log', 'r');
		54	if ($file) {
		55	while (!feof($file)) {
		56	$line = fgets($file);
		57	if (preg_match($regex, $line, $matches)) {
2455	tom.houday	58	if (preg_match('/[0-9]{2}\/[0-9]{2}\/[0-9]{4}-[0-9]{2}:[0-9]{2}:[0-9]{2}/', $matches['date'], $matches_date)) {
		59	$matches['date'] = DateTime::createFromFormat('d/m/Y-H:i:s', $matches['date'])->format('Y-m-d H:i:s');
		60	}
2405	tom.houday	61	$spoofs[] = (object) [
2455	tom.houday	62	'date' => $matches['date'],
2405	tom.houday	63	'ip' => $matches['ip'],
		64	'mac' => $matches['mac'],
		65	'user' => $matches['user']
		66	];
		67	}
		68	}
		69	fclose($file);
1410	richard	70	}
2405	tom.houday	71	$spoofs = array_reverse($spoofs);
1410	richard	72	?>
2818	rexy	73	<h3><?= $l_spoofing ?></h3>
		74	<div class="container">
		75	<table class="table table-striped table-hover" border="1">
2527	fabien.rak	76	<tr>
2818	rexy	77	<th>
2527	fabien.rak	78	Date
		79	</th>
2818	rexy	80	<th>
2527	fabien.rak	81	<?= $l_ipAddress ?>
		82	</th>
2818	rexy	83	<th>
2527	fabien.rak	84	MAC
		85	</th>
2818	rexy	86	<th>
2527	fabien.rak	87	<?= $l_user ?>
		88	</th>
		89	</tr>
2818	rexy	90	<tbody>
		91	<?php if (!empty($spoofs)): ?>
2405	tom.houday	92	<?php foreach ($spoofs as $spoof): ?>
2818	rexy	93	<tr><td><?= $spoof->date ?></td><td><?= $spoof->ip ?></td><td><?= $spoof->mac ?></td><td><?= $spoof->user ?></td></tr>
2292	tom.houday	94	<?php endforeach; ?>
2818	rexy	95	<?php else: ?>
2405	tom.houday	96	<tr><td colspan="4" style="text-align: center;"><?= $l_empty ?></td></tr>
2818	rexy	97	<?php endif; ?>
		98	</tbody>
		99	</table>
		100	</div>
1410	richard	101	<?php
2292	tom.houday	102	} else if ($tab === 2) {
2841	rexy	103	$filePath = '/var/log/clamav/clamd.log';
2845	rexy	104	$pattern = "/\bfound\b/i";
		105	$lines = preg_grep ($pattern, file($filePath));
2292	tom.houday	106	if ($lines === false) {
		107	exit("Cannot open '$filePath'.");
		108	}
		109	$lines = array_reverse($lines);
1410	richard	110	?>
2818	rexy	111	<h3><?= $l_virus ?></h3>
2292	tom.houday	112	<div class="container">
		113	<table class="table table-striped table-hover">
		114	<tbody>
		115	<?php if (!empty($lines)): ?>
		116	<?php foreach ($lines as $line): ?>
		117	<tr><td><?= $line ?></td></tr>
		118	<?php endforeach; ?>
		119	<?php else: ?>
		120	<tr><td style="text-align: center;"><?= $l_empty ?></td></tr>
		121	<?php endif; ?>
		122	</tbody>
		123	</table>
		124	</div>
1410	richard	125	<?php
2292	tom.houday	126	} else if ($tab === 3) {
		127	$bans = [];
2864	rexy	128	$regex = '/^(?P<date>[0-9]{4}-[0-9]{2}-[0-9]{2}\ [0-9]{2}:[0-9]{2}:[0-9]{2}),[0-9]{3} fail2ban\.actions\[[0-9]+\]: NOTICE \[(?P<rule>[a-zA-Z0-9_-]+)\] (?P<type>Ban\|Unban) (?P<ip>[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})$/';
2292	tom.houday	129	$file = fopen('/var/log/fail2ban.log', 'r');
		130	if ($file) {
		131	while (!feof($file)) {
		132	$line = fgets($file);
1410	richard	133
2292	tom.houday	134	if (preg_match($regex, $line, $matches)) {
		135	if ($matches['type'] === 'Ban') {
		136	$bans[] = (object) [
		137	'date_ban' => $matches['date'],
		138	'date_unban' => null,
		139	'rule' => $matches['rule'],
		140	'ip' => $matches['ip']
		141	];
		142	} else if ($matches['type'] === 'Unban') {
		143	foreach (array_reverse($bans) as $ban) {
		144	if (($ban->ip === $matches['ip']) && ($ban->rule === $matches['rule']) && ($ban->date_unban === null)) {
		145	$ban->date_unban = $matches['date'];
		146	break;
		147	}
		148	}
		149	}
		150	}
1858	raphael.pi	151	}
2292	tom.houday	152	fclose($file);
1858	raphael.pi	153	}
2292	tom.houday	154	$bans = array_reverse($bans);
		155	?>
2818	rexy	156	<h3><?= $l_fail2ban ?></h3>
2527	fabien.rak	157	<div class="container" border="1">
2818	rexy	158	<table class="table table-striped table-hover" border="1">
2527	fabien.rak	159	<tr >
2818	rexy	160	<th>
2527	fabien.rak	161	Date
		162	</th>
2818	rexy	163	<th>
2527	fabien.rak	164	Date Unban
		165	</th>
2818	rexy	166	<th>
2527	fabien.rak	167	<?= $l_rule ?>
		168	</th>
2818	rexy	169	<th>
2527	fabien.rak	170	<?= $l_ipAddress ?>
		171	</th>
		172	</tr>
2292	tom.houday	173	<?php if (!empty($bans)): ?>
		174	<?php foreach ($bans as $ban): ?>
2527	fabien.rak	175	<tr>
		176	<td>
		177	<?= $ban->date_ban ?>
		178	</td>
		179	<td>
		180	<?= $ban->date_unban ?>
		181	</td>
		182	<td>
		183	<?= $ban->rule ?>
		184	</td>
		185	<td>
		186	<?= $ban->ip ?>
		187	</td>
		188	</tr>
2292	tom.houday	189	<?php endforeach; ?>
		190	<?php else: ?>
		191	<tr><td colspan="4" style="text-align: center;"><?= $l_empty ?></td></tr>
		192	<?php endif; ?>
		193	</table>
		194	</div>
		195	<?php
1410	richard	196	} else {
2292	tom.houday	197	echo 'Unknown tab';
1410	richard	198	}
		199	?>
2818	rexy	200	</div>
2527	fabien.rak	201	</div>
1163	crox53	202	</body>
2292	tom.houday	203	</html>

Subversion Repositories ALCASAR

(root)/web/acc/manager/htdocs/security.php – Rev 2864