Subversion Repositories ALCASAR

<?php

# $Id: security.php 2864 2020-10-18 09:06:17Z rexy $

$language = 'en';

if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) {

    $langue = explode(',', $_SERVER['HTTP_ACCEPT_LANGUAGE']);

    $language = strtolower(substr(chop($langue[0]), 0, 2));

}

if ($language === 'fr') {

    $l_title = 'Sécurité';

    $l_spoofing = "Adresse(s) MAC usurpée(s) (Watchdog)";

    $l_virus = "Virus bloqué(s) (CLAMAV)";

    $l_fail2ban = "Adresse(s) IP bloquée(s) (Fail2Ban)";

    $l_ipAddress="Adresse IP";

    $l_user = "L'utilisateur";

    $l_empty="Vide";

    $l_rule="Règle";

} else {

    $l_title = 'Security';

    $l_spoofing = "MAC address spoofed (Watchdog)";

    $l_virus = "Virus blocked (CLAMAV)";

    $l_fail2ban = "IP address blocked (Fail2Ban)";

    $l_ipAddress="IP address";

    $l_user = "User";

    $l_empty="Empty";

    $l_rule="Rule";

}

$tab = (isset($_GET['tab'])) ? intval($_GET['tab']) : 1;

?>

<!DOCTYPE HTML>

<html>

	<head>

		<meta charset="UTF-8">

		<title><?= $l_title ?></title>

		<link rel="stylesheet" href="/css/bootstrap.min.css">

		<script src="/js/jquery.min.js"></script>

		<script src="/js/bootstrap.min.js"></script>

		<link rel="stylesheet" href="/css/acc.css">

	</head>

	<body>

		<div class="panel">

			<div class="panel-header"><?= $l_title ?></div>

			<div class="panel-row">

				<div class="btn-group btn-group-justified" role="group" aria-label="Justified button group"> 

					<a href="security.php?tab=1" class="btn btn-default<?= (($tab === 1) ? ' active' : '') ?>" role="button"><?= $l_spoofing ?></a>

					<a href="security.php?tab=2" class="btn btn-default<?= (($tab === 2) ? ' active' : '') ?>" role="button"><?= $l_virus ?></a>

					<a href="security.php?tab=3" class="btn btn-default<?= (($tab === 3) ? ' active' : '') ?>" role="button"><?= $l_fail2ban ?></a>

				</div>

<?php

if ($tab === 1) {

	$spoofs = [];

	$regex = '/^\[(?P<date>[0-9\/\-: ]+)\] : alcasar-watchdog : (?P<ip>(?:(?:[0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}(?:[0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])) is usurped \((?P<mac>(?:[0-9A-Fa-f]{2}[:-]){5}[0-9A-Fa-f]{2})\)\. Alcasar disconnect the user \((?P<user>.+)\)\.$/';

	$file = fopen('/var/Save/security/watchdog.log', 'r');

	if ($file) {

		while (!feof($file)) {

			$line = fgets($file);

			if (preg_match($regex, $line, $matches)) {

				if (preg_match('/[0-9]{2}\/[0-9]{2}\/[0-9]{4}-[0-9]{2}:[0-9]{2}:[0-9]{2}/', $matches['date'], $matches_date)) {

					$matches['date'] = DateTime::createFromFormat('d/m/Y-H:i:s', $matches['date'])->format('Y-m-d H:i:s');

				}

				$spoofs[] = (object) [

					'date' => $matches['date'],

					'ip'   => $matches['ip'],

					'mac'  => $matches['mac'],

					'user' => $matches['user']

				];

			}

		}

		fclose($file);

	}

	$spoofs = array_reverse($spoofs);

?>

			<h3><?= $l_spoofing ?></h3>

			<div class="container">

				<table class="table table-striped table-hover" border="1">

				<tr>

					<th>

						Date

					</th>

					<th>

						<?= $l_ipAddress ?>	

					</th>

					<th>

						MAC

					</th>

					<th>

						<?= $l_user ?>

					</th>

				</tr>

				<tbody>

					<?php if (!empty($spoofs)): ?>

					<?php foreach ($spoofs as $spoof): ?>

					<tr><td><?= $spoof->date ?></td><td><?= $spoof->ip ?></td><td><?= $spoof->mac ?></td><td><?= $spoof->user ?></td></tr>

					<?php endforeach; ?>

					<?php else: ?>

					<tr><td colspan="4" style="text-align: center;"><?= $l_empty ?></td></tr>

					<?php endif; ?>

				</tbody>

				</table>

			</div>

<?php

} else if ($tab === 2) {

	$filePath = '/var/log/clamav/clamd.log';

	$pattern = "/\bfound\b/i";

	$lines = preg_grep ($pattern, file($filePath));

	if ($lines === false) {

		exit("Cannot open '$filePath'.");

	}

	$lines = array_reverse($lines);

?>

	<h3><?= $l_virus ?></h3>

	<div class="container">

		<table class="table table-striped table-hover">

			<tbody>

				<?php if (!empty($lines)): ?>

					<?php foreach ($lines as $line): ?>

						<tr><td><?= $line ?></td></tr>

					<?php endforeach; ?>

				<?php else: ?>

					<tr><td style="text-align: center;"><?= $l_empty ?></td></tr>

				<?php endif; ?>

			</tbody>

		</table>

	</div>

<?php

} else if ($tab === 3) {

	$bans = [];

	$regex = '/^(?P<date>[0-9]{4}-[0-9]{2}-[0-9]{2}\ [0-9]{2}:[0-9]{2}:[0-9]{2}),[0-9]{3} fail2ban\.actions\[[0-9]+\]: NOTICE \[(?P<rule>[a-zA-Z0-9_-]+)\] (?P<type>Ban|Unban) (?P<ip>[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})$/';

	$file = fopen('/var/log/fail2ban.log', 'r');

	if ($file) {

		while (!feof($file)) {

			$line = fgets($file);

			if (preg_match($regex, $line, $matches)) {

				if ($matches['type'] === 'Ban') {

					$bans[] = (object) [

						'date_ban'   => $matches['date'],

						'date_unban' => null,

						'rule'       => $matches['rule'],

						'ip'         => $matches['ip']

					];

				} else if ($matches['type'] === 'Unban') {

					foreach (array_reverse($bans) as $ban) {

						if (($ban->ip === $matches['ip']) && ($ban->rule === $matches['rule']) && ($ban->date_unban === null)) {

							$ban->date_unban = $matches['date'];

							break;

						}

					}

				}

			}

		}

		fclose($file);

	}

	$bans = array_reverse($bans);

?>

	<h3><?= $l_fail2ban ?></h3>

	<div class="container" border="1">

		<table  class="table table-striped table-hover" border="1">

				<tr >

					<th>

						Date

					</th>

					<th>

						Date Unban

					</th>

					<th>

						<?= $l_rule ?>

					</th>

					<th>

						<?= $l_ipAddress ?>

					</th>

				</tr>

				<?php if (!empty($bans)): ?>

					<?php foreach ($bans as $ban): ?>

						<tr>

							<td>

								<?= $ban->date_ban ?>

							</td>

							<td>

								<?= $ban->date_unban ?>

							</td>

							<td>

								<?= $ban->rule ?>

							</td>

							<td>

								<?= $ban->ip ?>

							</td>

						</tr>

					<?php endforeach; ?>

				<?php else: ?>

					<tr><td colspan="4" style="text-align: center;"><?= $l_empty ?></td></tr>

				<?php endif; ?>

		</table>

	</div>

<?php

} else {

	echo 'Unknown tab';

}

?>

	</div>

</div>

</body>

</html>