WebSVN – ALCASAR – Diff – /web/acc/manager/htdocs/security.php


<?php
# $Id: security.php 2405 2017-08-28 18:20:43Z tom.houdayer $
 
//gestion de la langue
require('../lib/langues.php');
 
$language = 'en';
if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) {
	$langue = explode(',', $_SERVER['HTTP_ACCEPT_LANGUAGE']);
	$language = strtolower(substr(chop($langue[0]), 0, 2));
}
if ($language === 'fr') {
	$l_title = 'Sécurité';
} else {
	$l_title = 'Security';
}
 
$tab = (isset($_GET['tab'])) ? intval($_GET['tab']) : 1;
?>
<!DOCTYPE html>
<html>
<head>
	<meta charset="UTF-8">
	<title><?= $l_title ?></title>
	<link rel="stylesheet" href="/css/bootstrap.min.css">
	<script src="/js/jquery.min.js"></script>
	<script src="/js/bootstrap.min.js"></script>
	<style>
		body {
			background-color: #EFEFEF;
		}
	</style>
</head>
<body>
<br>
<div class="btn-group btn-group-justified" role="group" aria-label="Justified button group"> 
	<a href="security.php?tab=1" class="btn btn-default<?= (($tab === 1) ? ' active' : '') ?>" role="button"><?= $l_spoofing ?></a> 
	<a href="security.php?tab=2" class="btn btn-default<?= (($tab === 2) ? ' active' : '') ?>" role="button"><?= $l_virus ?></a>
	<a href="security.php?tab=3" class="btn btn-default<?= (($tab === 3) ? ' active' : '') ?>" role="button"><?= $l_fail2ban ?></a>  
</div>
<br>
 
 
<?php
if ($tab === 1) {
	$spoofs = [];
	$regex = '/^\[(?P<date>[0-9]{2}\/[0-9]{2}\/[0-9]{4}-[0-9]{2}:[0-9]{2}:[0-9]{2})\] : alcasar-watchdog : (?P<ip>(?:(?:[0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}(?:[0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])) is usurped \((?P<mac>(?:[0-9A-Fa-f]{2}[:-]){5}[0-9A-Fa-f]{2})\)\. Alcasar disconnect the user \((?P<user>.+)\)\.$/';
	$file = fopen('/var/Save/security/watchdog.log', 'r');
	if ($file) {
		while (!feof($file)) {
			$line = fgets($file);
 
			if (preg_match($regex, $line, $matches)) {
				$spoofs[] = (object) [
					'date' => DateTime::createFromFormat('d/m/Y-H:i:s', $matches['date'])->format('Y-m-d H:i:s'),
					'ip'   => $matches['ip'],
					'mac'  => $matches['mac'],
					'user' => $matches['user']
				];
			}
		}
		fclose($file);
	}
 
	$spoofs = array_reverse($spoofs);
?>
	<h3 style="text-align: center;"><?= $l_spoofing ?></h3>
	<div class="container">
		<table class="table table-striped table-hover">
			<thead>
				<tr><th>Date</th><th><?= $l_ipAddress ?></th><th>MAC</th><th><?= $l_user ?></th></tr>
			</thead>
			<tbody>
				<?php if (!empty($spoofs)): ?>
					<?php foreach ($spoofs as $spoof): ?>
						<tr><td><?= $spoof->date ?></td><td><?= $spoof->ip ?></td><td><?= $spoof->mac ?></td><td><?= $spoof->user ?></td></tr>
					<?php endforeach; ?>
				<?php else: ?>
					<tr><td colspan="4" style="text-align: center;"><?= $l_empty ?></td></tr>
				<?php endif; ?>
			</tbody>
		</table>
	</div>
<?php
} else if ($tab === 2) {
	$filePath = '/var/log/havp/access.log';
	$lines = file($filePath);
	if ($lines === false) {
		exit("Cannot open '$filePath'.");
	}
 
	$lines = array_reverse($lines);
?>
	<h3 style="text-align: center;"><?= $l_virus ?></h3>
	<div class="container">
		<table class="table table-striped table-hover">
			<tbody>
				<?php if (!empty($lines)): ?>
					<?php foreach ($lines as $line): ?>
						<tr><td><?= $line ?></td></tr>
					<?php endforeach; ?>
				<?php else: ?>
					<tr><td style="text-align: center;"><?= $l_empty ?></td></tr>
				<?php endif; ?>
			</tbody>
		</table>
	</div>
<?php
} else if ($tab === 3) {
	$bans = [];
	$regex = '/^(?P<date>[0-9]{4}-[0-9]{2}-[0-9]{2}\ [0-9]{2}:[0-9]{2}:[0-9]{2}),[0-9]{3} fail2ban\.actions\[[0-9]+\]: WARNING \[(?P<rule>[a-zA-Z0-9_-]+)\] (?P<type>Ban|Unban) (?P<ip>[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})$/';
	$file = fopen('/var/log/fail2ban.log', 'r');
	if ($file) {
		while (!feof($file)) {
			$line = fgets($file);
 
			if (preg_match($regex, $line, $matches)) {
				if ($matches['type'] === 'Ban') {
					$bans[] = (object) [
						'date_ban'   => $matches['date'],
						'date_unban' => null,
						'rule'       => $matches['rule'],
						'ip'         => $matches['ip']
					];
				} else if ($matches['type'] === 'Unban') {
					foreach (array_reverse($bans) as $ban) {
						if (($ban->ip === $matches['ip']) && ($ban->rule === $matches['rule']) && ($ban->date_unban === null)) {
							$ban->date_unban = $matches['date'];
							break;
						}
					}
				}
			}
		}
		fclose($file);
	}
 
	$bans = array_reverse($bans);
?>
	<h3 style="text-align: center;"><?= $l_fail2ban ?></h3>
	<div class="container">
		<table class="table table-striped table-hover">
			<thead>
				<tr><th>Date</th><th>Date Unban</th><th><?= $l_rule ?></th><th><?= $l_ipAddress ?></th></tr>
			</thead>
			<tbody>
				<?php if (!empty($bans)): ?>
					<?php foreach ($bans as $ban): ?>
						<tr><td><?= $ban->date_ban ?></td><td><?= $ban->date_unban ?></td><td><?= $ban->rule ?></td><td><?= $ban->ip ?></td></tr>
					<?php endforeach; ?>
				<?php else: ?>
					<tr><td colspan="4" style="text-align: center;"><?= $l_empty ?></td></tr>
				<?php endif; ?>
			</tbody>
		</table>
	</div>
<?php
} else {
	echo 'Unknown tab';
}
?>
</body>
</html>
 

Rev 2292	Rev 2405
1	`<?php`	1	`<?php`
2	`# $Id: security.php 2292 2017-06-20 14:09:37Z tom.houdayer $`	2	`# $Id: security.php 2405 2017-08-28 18:20:43Z tom.houdayer $`
3		3
4	`//gestion de la langue`	4	`//gestion de la langue`
5	`require('../lib/langues.php');`	5	`require('../lib/langues.php');`
6		6
7	`$language = 'en';`	7	`$language = 'en';`
8	`if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) {`	8	`if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) {`
9	`$langue = explode(',', $_SERVER['HTTP_ACCEPT_LANGUAGE']);`	9	`$langue = explode(',', $_SERVER['HTTP_ACCEPT_LANGUAGE']);`
10	`$language = strtolower(substr(chop($langue[0]), 0, 2));`	10	`$language = strtolower(substr(chop($langue[0]), 0, 2));`
11	`}`	11	`}`
12	`if ($language === 'fr') {`	12	`if ($language === 'fr') {`
13	`$l_title = 'Sécurité';`	13	`$l_title = 'Sécurité';`
14	`} else {`	14	`} else {`
15	`$l_title = 'Security';`	15	`$l_title = 'Security';`
16	`}`	16	`}`
17		17
18	`$tab = (isset($_GET['tab'])) ? intval($_GET['tab']) : 1;`	18	`$tab = (isset($_GET['tab'])) ? intval($_GET['tab']) : 1;`
19	`?>`	19	`?>`
20	`<!DOCTYPE html>`	20	`<!DOCTYPE html>`
21	`<html>`	21	`<html>`
22	`<head>`	22	`<head>`
23	`<meta charset="UTF-8">`	23	`<meta charset="UTF-8">`
24	`<title><?= $l_title ?></title>`	24	`<title><?= $l_title ?></title>`
25	`<link rel="stylesheet" href="/css/bootstrap.min.css">`	25	`<link rel="stylesheet" href="/css/bootstrap.min.css">`
26	`<script src="/js/jquery.min.js"></script>`	26	`<script src="/js/jquery.min.js"></script>`
27	`<script src="/js/bootstrap.min.js"></script>`	27	`<script src="/js/bootstrap.min.js"></script>`
28	`<style>`	28	`<style>`
29	`body {`	29	`body {`
30	`background-color: #EFEFEF;`	30	`background-color: #EFEFEF;`
31	`}`	31	`}`
32	`</style>`	32	`</style>`
33	`</head>`	33	`</head>`
34	`<body>`	34	`<body>`
35	`<br>`	35	`<br>`
36	`<div class="btn-group btn-group-justified" role="group" aria-label="Justified button group">`	36	`<div class="btn-group btn-group-justified" role="group" aria-label="Justified button group">`
37	`<a href="security.php?tab=1" class="btn btn-default<?= (($tab === 1) ? ' active' : '') ?>" role="button"><?= $l_spoofing ?></a>`	37	`<a href="security.php?tab=1" class="btn btn-default<?= (($tab === 1) ? ' active' : '') ?>" role="button"><?= $l_spoofing ?></a>`
38	`<a href="security.php?tab=2" class="btn btn-default<?= (($tab === 2) ? ' active' : '') ?>" role="button"><?= $l_virus ?></a>`	38	`<a href="security.php?tab=2" class="btn btn-default<?= (($tab === 2) ? ' active' : '') ?>" role="button"><?= $l_virus ?></a>`
39	`<a href="security.php?tab=3" class="btn btn-default<?= (($tab === 3) ? ' active' : '') ?>" role="button"><?= $l_fail2ban ?></a>`	39	`<a href="security.php?tab=3" class="btn btn-default<?= (($tab === 3) ? ' active' : '') ?>" role="button"><?= $l_fail2ban ?></a>`
40	`</div>`	40	`</div>`
41	`<br>`	41	`<br>`
42		42
43		43
44	`<?php`	44	`<?php`
45	`if ($tab === 1) {`	45	`if ($tab === 1) {`
-		46	`$spoofs = [];`
46	`$filePath = '/var/Save/security/watchdog.log';`	47	`$regex = '/^\[(?P<date>[0-9]{2}\/[0-9]{2}\/[0-9]{4}-[0-9]{2}:[0-9]{2}:[0-9]{2})\] : alcasar-watchdog : (?P<ip>(?:(?:[0-9]\|[1-9][0-9]\|1[0-9]{2}\|2[0-4][0-9]\|25[0-5])\.){3}(?:[0-9]\|[1-9][0-9]\|1[0-9]{2}\|2[0-4][0-9]\|25[0-5])) is usurped \((?P<mac>(?:[0-9A-Fa-f]{2}[:-]){5}[0-9A-Fa-f]{2})\)\. Alcasar disconnect the user \((?P<user>.+)\)\.$/';`
-		48	`$file = fopen('/var/Save/security/watchdog.log', 'r');`
-		49	`if ($file) {`
-		50	`while (!feof($file)) {`
47	`$lines = file($filePath);`	51	`$line = fgets($file);`
-		52
-		53	`if (preg_match($regex, $line, $matches)) {`
48	`if ($lines === false) {`	54	`$spoofs[] = (object) [`
-		55	`'date' => DateTime::createFromFormat('d/m/Y-H:i:s', $matches['date'])->format('Y-m-d H:i:s'),`
-		56	`'ip' => $matches['ip'],`
49	`exit("Cannot open '$filePath'.");`	57	`'mac' => $matches['mac'],`
-		58	`'user' => $matches['user']`
-		59	`];`
-		60	`}`
-		61	`}`
-		62	`fclose($file);`
50	`}`	63	`}`
51		64
52	`$lines = array_reverse($lines);`	65	`$spoofs = array_reverse($spoofs);`
53	`?>`	66	`?>`
54	`<h3 style="text-align: center;"><?= $l_spoofing ?></h3>`	67	`<h3 style="text-align: center;"><?= $l_spoofing ?></h3>`
55	`<div class="container">`	68	`<div class="container">`
56	`<table class="table table-striped table-hover">`	69	`<table class="table table-striped table-hover">`
-		70	`<thead>`
-		71	`<tr><th>Date</th><th><?= $l_ipAddress ?></th><th>MAC</th><th><?= $l_user ?></th></tr>`
-		72	`</thead>`
57	`<tbody>`	73	`<tbody>`
58	`<?php if (!empty($lines)): ?>`	74	`<?php if (!empty($spoofs)): ?>`
59	`<?php foreach ($lines as $line): ?>`	75	`<?php foreach ($spoofs as $spoof): ?>`
60	`<tr><td><?= $line ?></td></tr>`	76	`<tr><td><?= $spoof->date ?></td><td><?= $spoof->ip ?></td><td><?= $spoof->mac ?></td><td><?= $spoof->user ?></td></tr>`
61	`<?php endforeach; ?>`	77	`<?php endforeach; ?>`
62	`<?php else: ?>`	78	`<?php else: ?>`
63	`<tr><td style="text-align: center;"><?= $l_empty ?></td></tr>`	79	`<tr><td colspan="4" style="text-align: center;"><?= $l_empty ?></td></tr>`
64	`<?php endif; ?>`	80	`<?php endif; ?>`
65	`</tbody>`	81	`</tbody>`
66	`</table>`	82	`</table>`
67	`</div>`	83	`</div>`
68	`<?php`	84	`<?php`
69	`} else if ($tab === 2) {`	85	`} else if ($tab === 2) {`
70	`$filePath = '/var/log/havp/access.log';`	86	`$filePath = '/var/log/havp/access.log';`
71	`$lines = file($filePath);`	87	`$lines = file($filePath);`
72	`if ($lines === false) {`	88	`if ($lines === false) {`
73	`exit("Cannot open '$filePath'.");`	89	`exit("Cannot open '$filePath'.");`
74	`}`	90	`}`
75		91
76	`$lines = array_reverse($lines);`	92	`$lines = array_reverse($lines);`
77	`?>`	93	`?>`
78	`<h3 style="text-align: center;"><?= $l_virus ?></h3>`	94	`<h3 style="text-align: center;"><?= $l_virus ?></h3>`
79	`<div class="container">`	95	`<div class="container">`
80	`<table class="table table-striped table-hover">`	96	`<table class="table table-striped table-hover">`
81	`<tbody>`	97	`<tbody>`
82	`<?php if (!empty($lines)): ?>`	98	`<?php if (!empty($lines)): ?>`
83	`<?php foreach ($lines as $line): ?>`	99	`<?php foreach ($lines as $line): ?>`
84	`<tr><td><?= $line ?></td></tr>`	100	`<tr><td><?= $line ?></td></tr>`
85	`<?php endforeach; ?>`	101	`<?php endforeach; ?>`
86	`<?php else: ?>`	102	`<?php else: ?>`
87	`<tr><td style="text-align: center;"><?= $l_empty ?></td></tr>`	103	`<tr><td style="text-align: center;"><?= $l_empty ?></td></tr>`
88	`<?php endif; ?>`	104	`<?php endif; ?>`
89	`</tbody>`	105	`</tbody>`
90	`</table>`	106	`</table>`
91	`</div>`	107	`</div>`
92	`<?php`	108	`<?php`
93	`} else if ($tab === 3) {`	109	`} else if ($tab === 3) {`
94	`$bans = [];`	110	`$bans = [];`
95	`$regex = '/^(?P<date>[0-9]{4}-[0-9]{2}-[0-9]{2}\ [0-9]{2}:[0-9]{2}:[0-9]{2}),[0-9]{3} fail2ban\.actions\[[0-9]+\]: WARNING \[(?P<rule>[a-zA-Z0-9_-]+)\] (?P<type>Ban\|Unban) (?P<ip>[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})$/';`	111	`$regex = '/^(?P<date>[0-9]{4}-[0-9]{2}-[0-9]{2}\ [0-9]{2}:[0-9]{2}:[0-9]{2}),[0-9]{3} fail2ban\.actions\[[0-9]+\]: WARNING \[(?P<rule>[a-zA-Z0-9_-]+)\] (?P<type>Ban\|Unban) (?P<ip>[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})$/';`
96	`$file = fopen('/var/log/fail2ban.log', 'r');`	112	`$file = fopen('/var/log/fail2ban.log', 'r');`
97	`if ($file) {`	113	`if ($file) {`
98	`while (!feof($file)) {`	114	`while (!feof($file)) {`
99	`$line = fgets($file);`	115	`$line = fgets($file);`
100		116
101	`if (preg_match($regex, $line, $matches)) {`	117	`if (preg_match($regex, $line, $matches)) {`
102	`if ($matches['type'] === 'Ban') {`	118	`if ($matches['type'] === 'Ban') {`
103	`$bans[] = (object) [`	119	`$bans[] = (object) [`
104	`'date_ban' => $matches['date'],`	120	`'date_ban' => $matches['date'],`
105	`'date_unban' => null,`	121	`'date_unban' => null,`
106	`'rule' => $matches['rule'],`	122	`'rule' => $matches['rule'],`
107	`'ip' => $matches['ip']`	123	`'ip' => $matches['ip']`
108	`];`	124	`];`
109	`} else if ($matches['type'] === 'Unban') {`	125	`} else if ($matches['type'] === 'Unban') {`
110	`foreach (array_reverse($bans) as $ban) {`	126	`foreach (array_reverse($bans) as $ban) {`
111	`if (($ban->ip === $matches['ip']) && ($ban->rule === $matches['rule']) && ($ban->date_unban === null)) {`	127	`if (($ban->ip === $matches['ip']) && ($ban->rule === $matches['rule']) && ($ban->date_unban === null)) {`
112	`$ban->date_unban = $matches['date'];`	128	`$ban->date_unban = $matches['date'];`
113	`break;`	129	`break;`
114	`}`	130	`}`
115	`}`	131	`}`
116	`}`	132	`}`
117	`}`	133	`}`
118	`}`	134	`}`
119	`fclose($file);`	135	`fclose($file);`
120	`}`	136	`}`
121		137
122	`$bans = array_reverse($bans);`	138	`$bans = array_reverse($bans);`
123	`?>`	139	`?>`
124	`<h3 style="text-align: center;"><?= $l_fail2ban ?></h3>`	140	`<h3 style="text-align: center;"><?= $l_fail2ban ?></h3>`
125	`<div class="container">`	141	`<div class="container">`
126	`<table class="table table-striped table-hover">`	142	`<table class="table table-striped table-hover">`
127	`<thead>`	143	`<thead>`
128	`<tr><th>Date</th><th>Date Unban</th><th><?= $l_rule ?></th><th><?= $l_ipAddress ?></th></tr>`	144	`<tr><th>Date</th><th>Date Unban</th><th><?= $l_rule ?></th><th><?= $l_ipAddress ?></th></tr>`
129	`</thead>`	145	`</thead>`
130	`<tbody>`	146	`<tbody>`
131	`<?php if (!empty($bans)): ?>`	147	`<?php if (!empty($bans)): ?>`
132	`<?php foreach ($bans as $ban): ?>`	148	`<?php foreach ($bans as $ban): ?>`
133	`<tr><td><?= $ban->date_ban ?></td><td><?= $ban->date_unban ?></td><td><?= $ban->rule ?></td><td><?= $ban->ip ?></td></tr>`	149	`<tr><td><?= $ban->date_ban ?></td><td><?= $ban->date_unban ?></td><td><?= $ban->rule ?></td><td><?= $ban->ip ?></td></tr>`
134	`<?php endforeach; ?>`	150	`<?php endforeach; ?>`
135	`<?php else: ?>`	151	`<?php else: ?>`
136	`<tr><td colspan="4" style="text-align: center;"><?= $l_empty ?></td></tr>`	152	`<tr><td colspan="4" style="text-align: center;"><?= $l_empty ?></td></tr>`
137	`<?php endif; ?>`	153	`<?php endif; ?>`
138	`</tbody>`	154	`</tbody>`
139	`</table>`	155	`</table>`
140	`</div>`	156	`</div>`
141	`<?php`	157	`<?php`
142	`} else {`	158	`} else {`
143	`echo 'Unknown tab';`	159	`echo 'Unknown tab';`
144	`}`	160	`}`
145	`?>`	161	`?>`
146	`</body>`	162	`</body>`
147	`</html>`	163	`</html>`
148		164

Subversion Repositories ALCASAR

(root)/web/acc/manager/htdocs/security.php – Rev 2292 → 2405