From: Stefan Schantl <stefan.schantl@ipfire.org>
Date: Wed, 24 Feb 2016 11:12:11 +0000 (+0100)
Subject: guardian.cgi: Adjust code for generating the config file.
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=52958991040571d3154345612c6adc38b31973bb;p=people%2Fms%2Fipfire-2.x.git

guardian.cgi: Adjust code for generating the config file.

The config file format and values have been changed, so the
code to do the generation has to be adjusted.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
---

diff --git a/html/cgi-bin/guardian.cgi b/html/cgi-bin/guardian.cgi
index 2a6b9db6f1..836eabe1ae 100644
--- a/html/cgi-bin/guardian.cgi
+++ b/html/cgi-bin/guardian.cgi
@@ -47,6 +47,15 @@ my @guardian=();
 # Path to the guardian.ignore file.
 my $ignorefile ='/var/ipfire/guardian/guardian.ignore';
 
+# Hash which contains the supported modules and the
+# file locations on IPFire systems.
+my %module_file_locations = (
+	"HTTPD" => "/var/log/httpd/error_log",
+	"OWNCLOUD" => "/var/owncloud/data/owncloud.log",
+	"SNORT" => "/var/log/snort.alert",
+	"SSH" => "/var/log/messages",
+);
+
 our %netsettings = ();
 &General::readhash("${General::swroot}/ethernet/settings", \%netsettings);
 
@@ -68,11 +77,12 @@ $settings{'GUARDIAN_MONITOR_SNORT'} = 'on';
 $settings{'GUARDIAN_MONITOR_SSH'} = 'on';
 $settings{'GUARDIAN_MONITOR_HTTPD'} = 'on';
 $settings{'GUARDIAN_MONITOR_OWNCLOUD'} = '';
+$settings{'GUARDIAN_LOG_FACILITY'} = 'syslog';
 $settings{'GUARDIAN_LOGLEVEL'} = 'info';
 $settings{'GUARDIAN_BLOCKCOUNT'} = '3';
 $settings{'GUARDIAN_BLOCKTIME'} = '86400';
 $settings{'GUARDIAN_LOGFILE'} = '/var/log/guardian/guardian.log';
-$settings{'GUARDIAN_PRIORITY_LEVEL'} = '3';
+$settings{'GUARDIAN_SNORT_PRIORITY_LEVEL'} = '3';
 
 # Default settings for owncloud if installed.
 if ( -e "$owncloud_meta") {
@@ -292,8 +302,9 @@ sub showMainBox() {
 	$checked{'GUARDIAN_MONITOR_OWNCLOUD'}{'on'} = '';
 	$checked{'GUARDIAN_MONITOR_OWNCLOUD'}{$settings{'GUARDIAN_MONITOR_OWNCLOUD'}} = "checked='checked'";
 
+	$selected{'GUARDIAN_LOG_FACILITY'}{$settings{'GUARDIAN_LOG_FACILITY'}} = 'selected';
 	$selected{'GUARDIAN_LOGLEVEL'}{$settings{'GUARDIAN_LOGLEVEL'}} = 'selected';
-	$selected{'GUARDIAN_PRIORITY_LEVEL'}{$settings{'GUARDIAN_PRIORITY_LEVEL'}} = 'selected';
+	$selected{'GUARDIAN_SNORT_PRIORITY_LEVEL'}{$settings{'GUARDIAN_SNORT_PRIORITY_LEVEL'}} = 'selected';
 
 	&Header::openpage($Lang::tr{'guardian configuration'}, 1, '');
 	&Header::openbigbox('100%', 'left', '', $errormessage);
@@ -395,6 +406,17 @@ END
 				print"</tr>\n";
 			}
 	print <<END;
+			<tr>
+				<td colspan='2'><br></td>
+			</tr>
+			<tr>
+				<td align='left' width='20%'>$Lang::tr{'guardian logfacility'}:</td>
+				<td><select name='GUARDIAN_LOG_FACILITY'>
+					<option value='syslog' $selected{'GUARDIAN_LOG_FACILITY'}{'syslog'}>syslog</option>
+					<option value='file' $selected{'GUARDIAN_LOG_FACILITY'}{'file'}>file</option>
+					<option value='console' $selected{'GUARDIAN_LOG_FACILITY'}{'console'}>console</option>
+				</select></td>
+			</tr>
 			<tr>
 				<td colspan='2'><br></td>
 			</tr>
@@ -411,11 +433,11 @@ END
 			</tr>
 			<tr>
 				<td align='left' width='20%'>$Lang::tr{'guardian priority level'}:</td>
-				<td><select name='GUARDIAN_PRIORITY_LEVEL'>
-					<option value='1' $selected{'GUARDIAN_PRIORITY_LEVEL'}{'1'}>1</option>
-					<option value='2' $selected{'GUARDIAN_PRIORITY_LEVEL'}{'2'}>2</option>
-					<option value='3' $selected{'GUARDIAN_PRIORITY_LEVEL'}{'3'}>3</option>
-					<option value='4' $selected{'GUARDIAN_PRIORITY_LEVEL'}{'4'}>4</option>
+				<td><select name='GUARDIAN_SNORT_PRIORITY_LEVEL'>
+					<option value='1' $selected{'GUARDIAN_SNORT_PRIORITY_LEVEL'}{'1'}>1</option>
+					<option value='2' $selected{'GUARDIAN_SNORT_PRIORITY_LEVEL'}{'2'}>2</option>
+					<option value='3' $selected{'GUARDIAN_SNORT_PRIORITY_LEVEL'}{'3'}>3</option>
+					<option value='4' $selected{'GUARDIAN_SNORT_PRIORITY_LEVEL'}{'4'}>4</option>
 				</select></td>
 			</tr>
 			<tr>
@@ -670,28 +692,57 @@ sub BuildConfiguration() {
 
 	my $configfile = "${General::swroot}/guardian/guardian.conf";
 
-	# We set this to 1 (enabled) to prevent guardian from blocking the ISP gateway.
-	my $HostGatewayByte = "1";
-
 	# Open configfile for writing.
 	open(FILE, ">$configfile");
 
-	print FILE "EnableSnortMonitoring\t\t$settings{'GUARDIAN_ENABLE_SNORT'}\n";
-	print FILE "EnableSSHMonitoring\t\t$settings{'GUARDIAN_ENABLE_SSH'}\n";
-	print FILE "EnableHTTPDMonitoring\t\t$settings{'GUARDIAN_ENABLE_HTTPD'}\n";
+	# Config file header.
+	print FILE "# Autogenerated configuration file.\n";
+	print FILE "# All user modifications will be overwritten.\n\n";
 
-	# Check if owncloud settings should be written.
-	if (exists $settings{'GUARDIAN_ENABLE_OWNCLOUD'}) {
-		print FILE "EnableOwncloudMonitoring\t$settings{'GUARDIAN_ENABLE_OWNCLOUD'}\n";
+	# Settings for the logging mechanism.
+	print FILE "# Log settings.\n";
+	print FILE "LogFacility = $settings{'GUARDIAN_LOG_FACILITY'}\n";
+
+	if ($settings{'GUARDIAN_LOG_FACILITY'} eq "file") {
+		print FILE "LogFile = $settings{'GUARDIAN_LOGFILE'}\n";
 	}
 
-	print FILE "LogLevel\t\t\t$settings{'GUARDIAN_LOGLEVEL'}\n";
-	print FILE "BlockCount\t\t\t$settings{'GUARDIAN_BLOCKCOUNT'}\n";
-	print FILE "HostGatewayByte\t\t\t$HostGatewayByte\n";
-	print FILE "LogFile\t\t\t\t$settings{'GUARDIAN_LOGFILE'}\n";
-	print FILE "IgnoreFile\t\t\t$ignorefile\n";
-	print FILE "TimeLimit\t\t\t$settings{'GUARDIAN_BLOCKTIME'}\n";
-	print FILE "PriorityLevel\t\t\t$settings{'GUARDIAN_PRIORITY_LEVEL'}\n";
+	print FILE "LogLevel = $settings{'GUARDIAN_LOGLEVEL'}\n\n";
+
+	# IPFire related static settings.
+	print FILE "# IPFire related settings.\n";
+	print FILE "FirewallEngine = IPtables\n";
+	print FILE "SocketOwner = nobody:nobody\n";
+	print FILE "IgnoreFile = $ignorefile\n\n";
+
+	# Configured block values.
+	print FILE "# Configured block values.\n";
+	print FILE "BlockCount = $settings{'GUARDIAN_BLOCKCOUNT'}\n";
+	print FILE "BlockTime = $settings{'GUARDIAN_BLOCKTIME'}\n\n";
+
+	# Enabled modules.
+	# Loop through whole settings hash.
+	print FILE "# Enabled modules.\n";
+	foreach my $option (keys %settings) {
+		# Search for enabled modules.
+		if ($option =~ /GUARDIAN_MONITOR_(.*)/) {
+			# Skip if module is not enabled.
+			next unless($settings{$option} eq "on");
+
+			# Skip module if no file location is available.
+			next unless(exists($module_file_locations{$1}));
+
+			# Add enabled module and defined path to the config file.
+			print FILE "Monitor_$1 = $module_file_locations{$1}\n";
+		}
+	}
+
+	# Module settings.
+	print FILE "\n# Module settings.\n";
+	# Check if SNORT is enabled and add snort priority.
+	if ($settings{'GUARDIAN_MONITOR_SNORT'} eq "on") {
+		print FILE "SnortPriorityLevel = $settings{'GUARDIAN_SNORT_PRIORITY_LEVEL'}\n";
+	}
 
 	close(FILE);