]>
Commit | Line | Data |
---|---|---|
cd1a2927 MT |
1 | #!/usr/bin/perl |
2 | # | |
3 | # SmoothWall CGIs | |
4 | # | |
5 | # This code is distributed under the terms of the GPL | |
6 | # | |
7 | # (c) The SmoothWall Team | |
8 | # | |
9 | # Copyright (C) 18-03-2002 Mark Wormgoor <mark@wormgoor.com> | |
10 | # - Added links to Snort database and ipinfo.cgi | |
11 | # | |
12 | # $Id: ids.dat,v 1.6.2.16 2005/06/14 08:25:30 eoberlander Exp $ | |
13 | # | |
14 | ||
15 | use strict; | |
16 | ||
17 | # enable only the following on debugging purpose | |
18 | #use warnings; | |
19 | #use CGI::Carp 'fatalsToBrowser'; | |
20 | ||
986e08d9 | 21 | require '/var/ipfire/general-functions.pl'; |
cd1a2927 MT |
22 | require "${General::swroot}/lang.pl"; |
23 | require "${General::swroot}/header.pl"; | |
24 | ||
f2fdd0c1 CS |
25 | my %color = (); |
26 | my %mainsettings = (); | |
27 | &General::readhash("${General::swroot}/main/settings", \%mainsettings); | |
28 | &General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color); | |
29 | ||
cd1a2927 MT |
30 | use POSIX(); |
31 | ||
32 | #workaround to suppress a warning when a variable is used only once | |
33 | my @dummy = ( ${Header::table1colour}, ${Header::table2colour} ); | |
34 | undef (@dummy); | |
35 | ||
36 | my %cgiparams=(); | |
37 | my %logsettings=(); | |
38 | my @log=(); | |
39 | my $errormessage = ''; | |
40 | ||
41 | my @shortmonths = ( 'Jan', 'Feb', 'Mar', 'Apr', 'May', 'Jun', 'Jul', 'Aug', | |
42 | 'Sep', 'Oct', 'Nov', 'Dec' ); | |
43 | my @longmonths = ( $Lang::tr{'january'}, $Lang::tr{'february'}, $Lang::tr{'march'}, | |
44 | $Lang::tr{'april'}, $Lang::tr{'may'}, $Lang::tr{'june'}, $Lang::tr{'july'}, $Lang::tr{'august'}, | |
45 | $Lang::tr{'september'}, $Lang::tr{'october'}, $Lang::tr{'november'}, | |
46 | $Lang::tr{'december'} ); | |
47 | ||
48 | my @now = localtime(time); | |
49 | my $dow = $now[6]; | |
50 | my $doy = $now[7]; | |
51 | my $tdoy = $now[7]; | |
52 | my $year = $now[5]+1900; | |
53 | ||
54 | $cgiparams{'DAY'} = $now[3]; | |
55 | $cgiparams{'MONTH'} = $now[4]; | |
56 | $cgiparams{'ACTION'} = ''; | |
57 | ||
58 | &Header::getcgihash(\%cgiparams); | |
59 | $logsettings{'LOGVIEW_REVERSE'} = 'off'; | |
60 | &General::readhash("${General::swroot}/logging/settings", \%logsettings); | |
61 | ${Header::viewsize} = defined ($logsettings{'LOGVIEW_VIEWSIZE'}) ? $logsettings{'LOGVIEW_VIEWSIZE'} : 150; | |
62 | $Header::viewsize /= 5; # each ids is displayed on 5 lines | |
63 | ||
64 | $now[4] = $cgiparams{'MONTH'}+1; | |
65 | if($now[4] < 10) { | |
66 | $now[4] = "0$now[4]"; } | |
67 | ||
68 | my $start = -1; | |
69 | if ($ENV{'QUERY_STRING'} && $cgiparams{'ACTION'} ne $Lang::tr{'update'}) | |
70 | { | |
71 | my @temp = split(',',$ ENV{'QUERY_STRING'}); | |
72 | $start = $temp[0]; | |
73 | $cgiparams{'MONTH'} = $temp[1]; | |
74 | $cgiparams{'DAY'} = $temp[2]; | |
75 | } | |
76 | ||
77 | if (!($cgiparams{'MONTH'} =~ /^(0|1|2|3|4|5|6|7|8|9|10|11)$/) || | |
78 | !($cgiparams{'DAY'} =~ /^(1|2|3|4|5|6|7|8|9|10|11|12|13|14|15|16|17|18|19|20|21|22|23|24|25|26|27|28|29|30|31)$/)) | |
79 | { | |
80 | $cgiparams{'DAY'} = $now[3]; | |
81 | $cgiparams{'MONTH'} = $now[4]; | |
82 | } | |
83 | elsif($cgiparams{'ACTION'} eq '>>') | |
84 | { | |
85 | my @temp_then=(); | |
86 | my @temp_now = localtime(time); | |
87 | $temp_now[4] = $cgiparams{'MONTH'}; | |
88 | $temp_now[3] = $cgiparams{'DAY'}; | |
89 | @temp_then = localtime(POSIX::mktime(@temp_now) + 86400); | |
90 | ## Retrieve the same time on the next day + | |
91 | ## 86400 seconds in a day | |
92 | $cgiparams{'MONTH'} = $temp_then[4]; | |
93 | $cgiparams{'DAY'} = $temp_then[3]; | |
94 | } | |
95 | elsif($cgiparams{'ACTION'} eq '<<') | |
96 | { | |
97 | my @temp_then=(); | |
98 | my @temp_now = localtime(time); | |
99 | $temp_now[4] = $cgiparams{'MONTH'}; | |
100 | $temp_now[3] = $cgiparams{'DAY'}; | |
101 | @temp_then = localtime(POSIX::mktime(@temp_now) - 86400); | |
102 | ## Retrieve the same time on the previous day - | |
103 | ## 86400 seconds in a day | |
104 | $cgiparams{'MONTH'} = $temp_then[4]; | |
105 | $cgiparams{'DAY'} = $temp_then[3]; | |
106 | } | |
107 | ||
108 | ||
109 | if (($cgiparams{'DAY'} ne $now[3]) || ($cgiparams{'MONTH'} ne $now[4])) | |
110 | { | |
111 | my @then = (); | |
112 | if ( ( $cgiparams{'MONTH'} eq $now[4]) && ($cgiparams{'DAY'} > $now[3]) || | |
113 | ( $cgiparams{'MONTH'} > $now[4] ) ) { | |
114 | @then = localtime(POSIX::mktime( 0, 0, 0, $cgiparams{'DAY'}, $cgiparams{'MONTH'}, $year - 1901 )); | |
115 | } else { | |
116 | @then = localtime(POSIX::mktime( 0, 0, 0, $cgiparams{'DAY'}, $cgiparams{'MONTH'}, $year - 1900 )); | |
117 | } | |
118 | $tdoy = $then[7]; | |
119 | my $lastleap=($year-1)%4; | |
120 | if ($tdoy>$doy) { | |
121 | if ($lastleap == 0 && $tdoy < 60) { | |
122 | $doy=$doy+366; | |
123 | } else { | |
124 | $doy=$doy+365; | |
125 | } | |
126 | } | |
127 | } | |
128 | my $datediff=0; | |
129 | my $dowd=0; | |
130 | my $multifile=0; | |
131 | if ($tdoy ne $doy) { | |
132 | $datediff=int(($doy-$tdoy)/7); | |
133 | $dowd=($doy-$tdoy)%7; | |
134 | if (($dow-$dowd)<1) { | |
135 | $datediff=$datediff+1; | |
136 | } | |
137 | if (($dow-$dowd)==0) { | |
138 | $multifile=1; | |
139 | } | |
140 | } | |
141 | ||
142 | my $longmonthstr = $longmonths[$cgiparams{'MONTH'}]; | |
143 | my $monthnum = $cgiparams{'MONTH'} + 1; | |
144 | my $monthstr = $monthnum <= 9 ? "0$monthnum" : "$monthnum"; | |
145 | my $daystr = $cgiparams{'DAY'} <= 9 ? "0$cgiparams{'DAY'}" : "$cgiparams{'DAY'}"; | |
146 | ||
147 | my $lines = 0; | |
148 | my ($title,$classification,$priority,$date,$time,$srcip,$srcport,$destip,$destport, $sid, @refs); | |
149 | ||
150 | &processevent; | |
151 | ||
152 | if ($multifile) { | |
153 | $datediff=$datediff-1; | |
154 | &processevent; | |
155 | } | |
156 | ||
157 | if ($cgiparams{'ACTION'} eq $Lang::tr{'export'}) | |
158 | { | |
159 | print "Content-type: text/plain\n\n"; | |
78331e30 | 160 | print "IPFire IDS snort log\r\n"; |
cd1a2927 MT |
161 | print "Date: $cgiparams{'DAY'} $longmonths[$cgiparams{'MONTH'}]\r\n"; |
162 | print "\r\n"; | |
163 | ||
164 | if ($logsettings{'LOGVIEW_REVERSE'} eq 'on') { @log = reverse @log; } | |
165 | ||
166 | foreach $_ (@log) | |
167 | { | |
168 | my ($datetime,$title,$priority,$classification,$srcip,$srcport,$destip,$destport,$sid,$refs) = split(/\|/); | |
169 | $refs =~ s/,$//; | |
170 | print "Date: $datetime\n"; | |
171 | print "Name: $title\n"; | |
172 | print "Priority: $priority\n"; | |
173 | print "Type: $classification\n"; | |
174 | print "IP Info: "; | |
175 | print "$srcip"; | |
176 | if ($srcport != "n/a") { | |
177 | print ":$srcport"; | |
178 | } | |
179 | print " -> "; | |
180 | print "$destip"; | |
181 | if ($destport != "n/a") { | |
182 | print ":$destport"; | |
183 | } | |
184 | print "\n"; | |
185 | print "SID: $sid\n"; | |
186 | print "Refs: $refs\n\n"; | |
187 | } | |
188 | ||
189 | exit; | |
190 | } | |
191 | ||
192 | &Header::showhttpheaders(); | |
193 | ||
194 | &Header::openpage($Lang::tr{'ids log viewer'}, 1, ''); | |
195 | ||
196 | &Header::openbigbox('100%', 'left', '', $errormessage); | |
197 | ||
198 | if ($errormessage) { | |
199 | &Header::openbox('100%', 'left', $Lang::tr{'error messages'}); | |
200 | print "<font class='base'>$errormessage </font>\n"; | |
201 | &Header::closebox(); | |
202 | } | |
203 | ||
204 | &Header::openbox('100%', 'left', "$Lang::tr{'settings'}:"); | |
205 | ||
206 | print <<END | |
207 | <form method='post' action="$ENV{'SCRIPT_NAME'}"> | |
208 | <table width='100%'> | |
209 | <tr> | |
210 | <td width='10%' class='base'>$Lang::tr{'month'}: </td> | |
211 | <td width='10%'> | |
212 | <select name='MONTH'> | |
213 | END | |
214 | ; | |
215 | for (my $month = 0; $month < 12; $month++) | |
216 | { | |
217 | print "\t<option "; | |
218 | if ($month == $cgiparams{'MONTH'}) { | |
219 | print 'selected="selected" '; } | |
220 | print "value='$month'>$longmonths[$month]</option>\n"; | |
221 | } | |
222 | print <<END | |
223 | </select> | |
224 | </td> | |
225 | <td width='10%' class='base' align='right'> $Lang::tr{'day'}: </td> | |
226 | <td width='40%'> | |
227 | <select name='DAY'> | |
228 | END | |
229 | ; | |
230 | for (my $day = 1; $day <= 31; $day++) | |
231 | { | |
232 | print "\t<option "; | |
233 | if ($day == $cgiparams{'DAY'}) { | |
234 | print 'selected="selected" '; } | |
235 | print "value='$day'>$day</option>\n"; | |
236 | } | |
237 | print <<END | |
238 | </select> | |
239 | </td> | |
240 | <td width='5%' align='center'><input type='submit' name='ACTION' title='$Lang::tr{'day before'}' value='<<' /></td> | |
241 | <td width='5%' align='center'><input type='submit' name='ACTION' title='$Lang::tr{'day after'}' value='>>' /></td> | |
242 | <td width='10%' align='center'><input type='submit' name='ACTION' value='$Lang::tr{'update'}' /></td> | |
243 | <td width='10%' align='center'><input type='submit' name='ACTION' value='$Lang::tr{'export'}' /></td> | |
244 | </tr> | |
245 | </table> | |
246 | </form> | |
247 | END | |
248 | ; | |
249 | ||
250 | &Header::closebox(); | |
251 | ||
252 | &Header::openbox('100%', 'left', $Lang::tr{'log'}); | |
253 | print "<p><b>$Lang::tr{'snort hits'} $longmonthstr $daystr: $lines</b></p>"; | |
254 | ||
255 | if ($start == -1) { | |
256 | $start = $lines - ${Header::viewsize}; } | |
257 | if ($start >= $lines - ${Header::viewsize}) { $start = $lines - ${Header::viewsize}; }; | |
258 | if ($start < 0) { $start = 0; } | |
259 | ||
260 | my $prev = $start - ${Header::viewsize}; | |
261 | my $next = $start + ${Header::viewsize}; | |
262 | ||
263 | if ($prev < 0) { $prev = 0; } | |
264 | if ($next >= $lines) { $next = -1 } | |
265 | if ($start == 0) { $prev = -1; } | |
266 | my @slice = splice(@log, $start, ${Header::viewsize}); | |
267 | ||
268 | if ($logsettings{'LOGVIEW_REVERSE'} eq 'on') { @slice = reverse @slice; } | |
269 | ||
270 | if ($lines != 0) { | |
271 | ||
272 | &oldernewer(); | |
273 | ||
274 | $lines = 0; | |
275 | ||
276 | print <<END | |
277 | <table width='100%'> | |
278 | END | |
279 | ; | |
280 | ||
281 | foreach $_ (@slice) | |
282 | { | |
283 | if ($lines % 2) { | |
f2fdd0c1 | 284 | print "<tr bgcolor='$color{'color20'}'><td>\n"; } |
cd1a2927 | 285 | else { |
f2fdd0c1 | 286 | print "<tr bgcolor='$color{'color22'}'><td>\n"; } |
cd1a2927 MT |
287 | my ($datetime,$title,$priority,$classification,$srcip,$srcport,$destip,$destport,$sid,$refs) = split(/\|/); |
288 | print <<END | |
289 | <table width='100%'> | |
290 | <tr> | |
291 | <td width='15%'><b>$Lang::tr{'date'}:</b></td><td width='25%'>$datetime</td> | |
292 | <td width='10%'><b>$Lang::tr{'name'}:</b></td><td width='50%'>$title</td> | |
293 | </tr> | |
294 | <tr><td><b>$Lang::tr{'priority'}:</b></td><td>$priority</td> | |
295 | <td><b>$Lang::tr{'type'}:</b></td><td>$classification</td> | |
296 | </tr> | |
297 | <tr><td><b>$Lang::tr{'ipinfo'}:</b></td> | |
298 | <td colspan='3'> | |
299 | END | |
300 | ; | |
301 | if ($srcip ne "n/a") { | |
302 | print "<a href='/cgi-bin/ipinfo.cgi?ip=$srcip'>$srcip</a>"; | |
303 | } else { | |
304 | print "$srcip"; | |
305 | } | |
306 | print ":$srcport -> "; | |
307 | if ($destip ne "n/a") { | |
308 | print "<a href='/cgi-bin/ipinfo.cgi?ip=$destip'>$destip</a>"; | |
309 | } else { | |
310 | print "$destip"; | |
311 | } | |
312 | print ":$destport"; | |
313 | print <<END | |
314 | </td> | |
315 | </tr> | |
316 | <tr><td valign='top'><b>$Lang::tr{'references'}:</b></td><td valign='top'> | |
317 | END | |
318 | ; | |
319 | foreach my $ref (split(/,/,$refs)) { | |
320 | if ($ref =~ m/url (.*)/) { | |
321 | print "<a href='http://$1'>$1</a><br />"; | |
322 | } elsif ($ref =~ m/cve (.*)/) { | |
323 | print "<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=$1'>$1</a><br />"; | |
324 | } elsif ($ref =~ m/nessus (.*)/) { | |
325 | print "<a href='http://cgi.nessus.org/plugins/dump.php3?id=$1'>Nessus $1</a><br />"; | |
326 | } elsif ($ref =~ m/bugtraq (.*)/) { | |
327 | print "<a href='http://www.securityfocus.com/bid/$1'>Bugtraq $1</a><br />"; | |
328 | } else { | |
329 | print "$ref<br />"; | |
330 | } | |
331 | } | |
332 | print $Lang::tr{'none found'} unless $refs =~ /,/; | |
333 | print <<END | |
334 | <td valign='top'><b>SID:</b></td> | |
335 | <td valign='top'> | |
336 | END | |
337 | ; | |
338 | if ($sid ne "n/a") { | |
9cc46b56 | 339 | print "<a href='https://www.snort.org/rule_docs/$sid' "; |
cd1a2927 MT |
340 | print "target='_blank'>$sid</a></td>\n"; |
341 | } else { | |
342 | print $sid; | |
343 | } | |
344 | print <<END | |
345 | </tr> | |
346 | </table> | |
347 | </td></tr> | |
348 | END | |
349 | ; | |
350 | $lines++; | |
351 | } | |
352 | ||
353 | print "</table>"; | |
354 | ||
355 | } | |
356 | ||
357 | &oldernewer(); | |
358 | ||
359 | &Header::closebox(); | |
360 | ||
361 | &Header::closebigbox(); | |
362 | ||
363 | &Header::closepage(); | |
364 | ||
365 | sub processevent | |
366 | { | |
367 | our ($title,$classification,$priority,$date,$time,$srcip,$srcport,$destip,$destport, $sid, @refs); | |
368 | ||
369 | my $filestr=''; | |
370 | if ($datediff==0) { | |
371 | $filestr="/var/log/snort/alert"; | |
372 | } else { | |
373 | $filestr="/var/log/snort/alert.$datediff"; | |
374 | $filestr = "$filestr.gz" if -f "$filestr.gz"; | |
375 | } | |
376 | if (!(open (LOG,($filestr =~ /.gz$/ ? "gzip -dc $filestr |" : $filestr)))) { | |
377 | $errormessage="$errormessage$Lang::tr{'date not in logs'}: $filestr $Lang::tr{'could not be opened'}"; | |
378 | } else { | |
379 | my $line = 0; | |
380 | ||
381 | while(<LOG>) { | |
382 | $line++; | |
383 | if ($_ =~ m/\[\*\*\]/) { | |
384 | unless ($line == 1 || $date ne "$monthstr/$daystr") { | |
385 | &append; | |
386 | $line = 1; | |
387 | } | |
388 | ($title,$classification,$priority,$date,$time,$srcip,$srcport,$destip,$destport, $sid) = ("n/a","n/a","n/a","n/a","n/a","n/a","n/a","n/a","n/a", "n/a"); | |
389 | @refs = (); | |
390 | $_ =~ m/:([0-9]{1,4})\] (.*) \[\*\*\]/; | |
391 | $title = &Header::cleanhtml($2,"y"); | |
392 | } | |
393 | if ($_ =~ m/Classification: (.*)\] \[Priority: (\d)\]/) { | |
394 | $classification = &Header::cleanhtml($1,"y"); | |
395 | $priority = $2; | |
396 | } | |
397 | if ($_ =~ m/([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3}) \-\> ([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})/) { | |
398 | $srcip = $1 . "." . $2 . "." . $3 . "." . $4; | |
399 | $destip = $5 . "." . $6 . "." . $7 . "." . $8; | |
400 | } | |
401 | if ($_ =~ m/([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\:([0-9]{1,6}) \-\> ([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\:([0-9]{1,6})/) { | |
402 | $srcip = $1 . "." . $2 . "." . $3 . "." . $4; | |
403 | $srcport = $5; | |
404 | $destip = $6 . "." . $7 . "." . $8 . "." . $9; | |
405 | $destport = $10; | |
406 | } | |
407 | ||
408 | if ($_ =~ m/^([0-9\/]{3,5})\-([0-9\:]{5,8})\.([0-9]{1,14})/) { | |
409 | ($date,$time) = ($1,$2); | |
410 | } | |
411 | if ($_ =~ m/\[Xref \=\>.*\]/) { | |
412 | $_ =~ s/\]\[Xref \=\> /, /g; | |
413 | $_ =~ m/\[Xref \=\> (.*)\]/; | |
414 | push(@refs, $1); | |
415 | } | |
416 | if ($_ =~ m/\[1:([0-9]+):[0-9]+\]/) { | |
417 | $sid = $1; | |
418 | } | |
419 | } | |
420 | $line++; | |
421 | unless ($line == 1 || $date ne "$monthstr/$daystr") { &append; } | |
422 | close(LOG); | |
423 | } | |
424 | } | |
425 | ||
426 | sub append | |
427 | { | |
428 | our ($title,$classification,$priority,$date,$time,$srcip,$srcport,$destip,$destport, $sid, @refs); | |
429 | ||
430 | $log[$lines] = "$date $time|$title|$priority|$classification|$srcip|$srcport|$destip|$destport|$sid|"; | |
431 | foreach $_ (@refs) { | |
432 | $log[$lines] = "$log[$lines]$_,"; } | |
433 | $lines++; | |
434 | } | |
435 | ||
436 | sub oldernewer | |
437 | { | |
438 | print <<END | |
439 | <table width='100%'> | |
440 | <tr> | |
441 | END | |
442 | ; | |
443 | ||
444 | print "<td align='center' width='50%'>"; | |
445 | if ($prev != -1) { | |
446 | print "<a href='/cgi-bin/logs.cgi/ids.dat?$prev,$cgiparams{'MONTH'},$cgiparams{'DAY'}'>$Lang::tr{'older'}</a>"; } | |
447 | else { | |
448 | print "$Lang::tr{'older'}"; } | |
449 | print "</td>\n"; | |
450 | ||
451 | print "<td align='center' width='50%'>"; | |
452 | if ($next != -1) { | |
453 | print "<a href='/cgi-bin/logs.cgi/ids.dat?$next,$cgiparams{'MONTH'},$cgiparams{'DAY'}'>$Lang::tr{'newer'}</a>"; } | |
454 | else { | |
455 | print "$Lang::tr{'newer'}"; } | |
456 | print "</td>\n"; | |
457 | ||
458 | print <<END | |
459 | </tr> | |
460 | </table> | |
461 | END | |
462 | ; | |
463 | } |