# file locations on IPFire systems.
my %module_file_locations = (
"HTTPD" => "/var/log/httpd/error_log",
- "OWNCLOUD" => "/var/owncloud/data/owncloud.log",
- "SNORT" => "/var/log/snort.alert",
+ "SNORT" => "/var/log/snort/alert",
"SSH" => "/var/log/messages",
);
&General::readhash("${General::swroot}/main/settings", \%mainsettings);
&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color);
-# Pakfire meta file for owncloud.
-# (File exists when the addon is installed.)
-my $owncloud_meta = "/opt/pakfire/db/installed/meta-owncloud";
-
-
# File declarations.
my $settingsfile = "${General::swroot}/guardian/settings";
my $ignoredfile = "${General::swroot}/guardian/ignored";
$settings{'GUARDIAN_LOGFILE'} = '/var/log/guardian/guardian.log';
$settings{'GUARDIAN_SNORT_PRIORITY_LEVEL'} = '3';
-# Default settings for owncloud if installed.
-if ( -e "$owncloud_meta") {
- $settings{'GUARDIAN_MONITOR_OWNCLOUD'} = 'off';
-}
-
my $errormessage = '';
&Header::showhttpheaders();
$errormessage = "$Lang::tr{'guardian invalid blocktime'}";
}
- # Check if the bloccount is valid.
+ # Check if the blockcount is valid.
unless(($settings{'GUARDIAN_BLOCKCOUNT'} =~ /^\d+$/) && ($settings{'GUARDIAN_BLOCKCOUNT'} ne "0")) {
$errormessage = "$Lang::tr{'guardian invalid blockcount'}";
}
# Generate the ID for the new entry.
#
- # Sort the keys by it's ID and store them in an array.
+ # Sort the keys by their ID and store them in an array.
my @keys = sort { $a <=> $b } keys %ignored;
# Reverse the key array.
&Header::closebox();
}
+ ### Java Script ###
+ print<<END;
+ <script>
+ var update_options = function() {
+
+ var logfacility = \$("#GUARDIAN_LOG_FACILITY").val();
+ var loglevel = \$("#GUARDIAN_LOGLEVEL").val();
+
+ if (logfacility === undefined)
+ return;
+
+ if (loglevel === undefined)
+ return;
+
+ // Show / Hide input for specifying the path to the logfile.
+ if (logfacility === "file") {
+ \$(".GUARDIAN_LOGFILE").show();
+ } else {
+ \$(".GUARDIAN_LOGFILE").hide();
+ }
+
+ // Show / Hide loglevel debug if the facility is set to syslog.
+ if (logfacility === "syslog") {
+ \$("#loglevel_debug").hide();
+ } else {
+ \$("#loglevel_debug").show();
+ }
+
+ // Show / Hide logfacility syslog if the loglevel is set to debug.
+ if (loglevel === "debug") {
+ \$("#logfacility_syslog").hide();
+ } else {
+ \$("#logfacility_syslog").show();
+ }
+ };
+
+ \$(document).ready(function() {
+ \$("#GUARDIAN_LOG_FACILITY").change(update_options);
+ \$("#GUARDIAN_LOGLEVEL").change(update_options);
+ update_options();
+
+ // Show / Hide snort priority level option, based if
+ // snort is enabled / disabled.
+ if (\$('input[name=GUARDIAN_MONITOR_SNORT]:checked').val() == 'on') {
+ \$('.GUARDIAN_SNORT_PRIORITY_LEVEL').show();
+ } else {
+ \$('.GUARDIAN_SNORT_PRIORITY_LEVEL').hide();
+ }
+
+ // Show/Hide snort priority level when GUARDIAN_MONITOR_SNORT get changed.
+ \$('input[name=GUARDIAN_MONITOR_SNORT]').change(function() {
+ \$('.GUARDIAN_SNORT_PRIORITY_LEVEL').toggle();
+ });
+ });
+ </script>
+END
+
+
# Draw current guardian state.
&Header::openbox('100%', 'center', $Lang::tr{'guardian'});
<tr>
<td colspan='2' class='base' bgcolor='$color{'color20'}'><b>$Lang::tr{'guardian common settings'}</b></td>
</tr>
+
<tr>
- <td width='20%' class='base'>$Lang::tr{'guardian enabled'}:</td>
+ <td width='25%' class='base'>$Lang::tr{'guardian enabled'}:</td>
<td><input type='checkbox' name='GUARDIAN_ENABLED' $checked{'GUARDIAN_ENABLED'}{'on'} /></td>
</tr>
+
<tr>
<td colspan='2'><br></td>
</tr>
+
<tr>
- <td width='20%' class='base'>$Lang::tr{'guardian watch snort alertfile'}</td>
+ <td width='25%' class='base'>$Lang::tr{'guardian watch snort alertfile'}</td>
<td align='left'>on <input type='radio' name='GUARDIAN_MONITOR_SNORT' value='on' $checked{'GUARDIAN_MONITOR_SNORT'}{'on'} /> /
<input type='radio' name='GUARDIAN_MONITOR_SNORT' value='off' $checked{'GUARDIAN_MONITOR_SNORT'}{'off'} /> off</td>
</tr>
+
<tr>
- <td width='20%' class='base'>$Lang::tr{'guardian block ssh brute-force'}</td>
+ <td width='25%' class='base'>$Lang::tr{'guardian block ssh brute-force'}</td>
<td align='left'>on <input type='radio' name='GUARDIAN_MONITOR_SSH' value='on' $checked{'GUARDIAN_MONITOR_SSH'}{'on'} /> /
<input type='radio' name='GUARDIAN_MONITOR_SSH' value='off' $checked{'GUARDIAN_MONITOR_SSH'}{'off'} /> off</td>
</tr>
+
<tr>
- <td width='20%' class='base'>$Lang::tr{'guardian block httpd brute-force'}</td>
+ <td width='25%' class='base'>$Lang::tr{'guardian block httpd brute-force'}</td>
<td align='left'>on <input type='radio' name='GUARDIAN_MONITOR_HTTPD' value='on' $checked{'GUARDIAN_MONITOR_HTTPD'}{'on'} /> /
<input type='radio' name='GUARDIAN_MONITOR_HTTPD' value='off' $checked{'GUARDIAN_MONITOR_HTTPD'}{'off'} /> off</td>
</tr>
-END
- # Display owncloud checkbox when the addon is installed.
- if ( -e "$owncloud_meta" ) {
- print"<tr>\n";
- print"<td width='20%' class='base'>$Lang::tr{'guardian block owncloud brute-force'}</td>\n";
- print"<td align='left'>on <input type='radio' name='GUARDIAN_MONITOR_OWNCLOUD' value='on' $checked{'GUARDIAN_MONITOR_OWNCLOUD'}{'on'} /> /\n";
- print"<input type='radio' name='GUARDIAN_MONITOR_OWNCLOUD' value='off' $checked{'GUARDIAN_MONITOR_OWNCLOUD'}{'off'} /> off</td>\n";
- print"</tr>\n";
- }
- print <<END;
+
<tr>
<td colspan='2'><br></td>
</tr>
+
<tr>
<td align='left' width='20%'>$Lang::tr{'guardian logfacility'}:</td>
- <td><select name='GUARDIAN_LOG_FACILITY'>
- <option value='syslog' $selected{'GUARDIAN_LOG_FACILITY'}{'syslog'}>syslog</option>
- <option value='file' $selected{'GUARDIAN_LOG_FACILITY'}{'file'}>file</option>
- <option value='console' $selected{'GUARDIAN_LOG_FACILITY'}{'console'}>console</option>
+ <td width='25%'><select id='GUARDIAN_LOG_FACILITY' name='GUARDIAN_LOG_FACILITY'>
+ <option id='logfacility_syslog' value='syslog' $selected{'GUARDIAN_LOG_FACILITY'}{'syslog'}>$Lang::tr{'guardian logtarget_syslog'}</option>
+ <option id='logfacility_file' value='file' $selected{'GUARDIAN_LOG_FACILITY'}{'file'}>$Lang::tr{'guardian logtarget_file'}</option>
+ <option id='logfacility_console' value='console' $selected{'GUARDIAN_LOG_FACILITY'}{'console'}>$Lang::tr{'guardian logtarget_console'}</option>
+ </select></td>
+
+ <td align='left' width='20%'>$Lang::tr{'guardian loglevel'}:</td>
+ <td width='25%'><select id='GUARDIAN_LOGLEVEL' name='GUARDIAN_LOGLEVEL'>
+ <option id='loglevel_off' value='off' $selected{'GUARDIAN_LOGLEVEL'}{'off'}>$Lang::tr{'guardian loglevel_off'}</option>
+ <option id='loglevel_info' value='info' $selected{'GUARDIAN_LOGLEVEL'}{'info'}>$Lang::tr{'guardian loglevel_info'}</option>
+ <option id='loglevel_debug' value='debug' $selected{'GUARDIAN_LOGLEVEL'}{'debug'}>$Lang::tr{'guardian loglevel_debug'}</option>
</select></td>
</tr>
- <tr>
+
+ <tr class="GUARDIAN_LOGFILE">
<td colspan='2'><br></td>
</tr>
- <tr>
- <td align='left' width='20%'>$Lang::tr{'guardian loglevel'}:</td>
- <td><select name='GUARDIAN_LOGLEVEL'>
- <option value='off' $selected{'GUARDIAN_LOGLEVEL'}{'off'}>off</option>
- <option value='info' $selected{'GUARDIAN_LOGLEVEL'}{'info'}>info</option>
- <option value='debug' $selected{'GUARDIAN_LOGLEVEL'}{'debug'}>debug</option>
- </select></td>
+
+ <tr class="GUARDIAN_LOGFILE">
+ <td width='25%' class='base'>$Lang::tr{'guardian logfile'}:</td>
+ <td><input type='text' name='GUARDIAN_LOGFILE' value='$settings{'GUARDIAN_LOGFILE'}' size='30' /></td>
</tr>
- <tr>
+
+ <tr class="GUARDIAN_SNORT_PRIORITY_LEVEL">
<td colspan='2'><br></td>
</tr>
- <tr>
+
+ <tr class="GUARDIAN_SNORT_PRIORITY_LEVEL">
<td align='left' width='20%'>$Lang::tr{'guardian priority level'}:</td>
<td><select name='GUARDIAN_SNORT_PRIORITY_LEVEL'>
- <option value='1' $selected{'GUARDIAN_SNORT_PRIORITY_LEVEL'}{'1'}>1</option>
- <option value='2' $selected{'GUARDIAN_SNORT_PRIORITY_LEVEL'}{'2'}>2</option>
- <option value='3' $selected{'GUARDIAN_SNORT_PRIORITY_LEVEL'}{'3'}>3</option>
- <option value='4' $selected{'GUARDIAN_SNORT_PRIORITY_LEVEL'}{'4'}>4</option>
+ <option value='1' $selected{'GUARDIAN_SNORT_PRIORITY_LEVEL'}{'1'}>$Lang::tr{'guardian priolevel_high'}</option>
+ <option value='2' $selected{'GUARDIAN_SNORT_PRIORITY_LEVEL'}{'2'}>$Lang::tr{'guardian priolevel_medium'}</option>
+ <option value='3' $selected{'GUARDIAN_SNORT_PRIORITY_LEVEL'}{'3'}>$Lang::tr{'guardian priolevel_low'}</option>
+ <option value='4' $selected{'GUARDIAN_SNORT_PRIORITY_LEVEL'}{'4'}>$Lang::tr{'guardian priolevel_very_low'}</option>
</select></td>
+
+ <td width='25%' class='base'>$Lang::tr{'guardian blockcount'}:</td>
+ <td><input type='text' name='GUARDIAN_BLOCKCOUNT' value='$settings{'GUARDIAN_BLOCKCOUNT'}' size='5' /></td>
</tr>
+
<tr>
<td colspan='2'><br></td>
</tr>
+
<tr>
- <td width='20%' class='base'>$Lang::tr{'guardian firewallaction'}:</td>
+ <td width='25%' class='base'>$Lang::tr{'guardian firewallaction'}:</td>
<td><select name='GUARDIAN_FIREWALL_ACTION'>
<option value='DROP' $selected{'GUARDIAN_FIREWALL_ACTION'}{'DROP'}>Drop</option>
<option value='REJECT' $selected{'GUARDIAN_FIREWALL_ACTION'}{'REJECT'}>Reject</option>
</select></td>
- </tr>
- <tr>
- <td colspan='2'><br></td>
- </tr>
- <tr>
- <td width='20%' class='base'>$Lang::tr{'guardian blockcount'}:</td>
- <td><input type='text' name='GUARDIAN_BLOCKCOUNT' value='$settings{'GUARDIAN_BLOCKCOUNT'}' size='5' /></td>
- </tr>
- <tr>
- <td width='20%' class='base'>$Lang::tr{'guardian blocktime'}:</td>
+
+ <td width='25%' class='base'>$Lang::tr{'guardian blocktime'}:</td>
<td><input type='text' name='GUARDIAN_BLOCKTIME' value='$settings{'GUARDIAN_BLOCKTIME'}' size='10' /></td>
</tr>
- <tr>
- <td width='20%' class='base'>$Lang::tr{'guardian logfile'}:</td>
- <td><input type='text' name='GUARDIAN_LOGFILE' value='$settings{'GUARDIAN_LOGFILE'}' size='30' /></td>
- </tr>
+
</table>
END
<td class='base' colspan='3' bgcolor='$color{'color20'}'></td>
</tr>
END
- # Check if some hosts have been add to be ignored.
+ # Check if some hosts have been added to be ignored.
if (keys (%ignored)) {
my $col = "";
- # Loop through all entries of the hash..
+ # Loop through all entries of the hash.
while( (my $key) = each %ignored) {
# Assign data array positions to some nice variable names.
my $address = $ignored{$key}[0];
&Header::closebox();
}
-# Function to list currently bocked addresses from guardian and unblock them or add custom entries to block.
+# Function to list currently blocked addresses from guardian and unblock them or add custom entries to block.
sub showBlockedBox() {
&Header::openbox('100%', 'center', $Lang::tr{'guardian blocked hosts'});
</tr>
END
- # Lauch function to get the currently blocked hosts.
+ # Launch function to get the currently blocked hosts.
my @blocked_hosts = &GetBlockedHosts();
my $id = 0;
END
}
- # If the loop only has been runs once the id still is "0", which means there are no
+ # If the loop only has been run once the id still is "0", which means there are no
# additional entries (blocked hosts) in the iptables chain.
if ($id == 0) {
# Create new, empty array.
my @hosts;
- # Lauch helper to get chains from iptables.
+ # Launch helper to get chains from iptables.
system('/usr/local/bin/getipstat');
# Open temporary file which contains the chains and rules.
- open (FILE, '/srv/web/ipfire/html/iptables.txt');
+ open (FILE, '/var/tmp/iptables.txt');
# Loop through the entire file.
while (<FILE>) {
next if ($line =~ /^Chain/);
next if ($line =~ /^ pkts/);
- # Generate array, based on the line content (seperator is a single or multiple space's)
+ # Generate array, based on the line content (separator is a single or multiple space)
my @comps = split(/\s{1,}/, $line);
my ($lead, $pkts, $bytes, $target, $prot, $opt, $in, $out, $source, $destination) = @comps;
close(FILE);
# Remove recently created temporary files of the "getipstat" binary.
- system(rm -f "/srv/web/ipfire/html/iptables.txt");
- system(rm -f "/srv/web/ipfire/html/iptablesmangle.txt");
- system(rm -f "/srv/web/ipfire/html/iptablesnat.txt");
+ system("rm -f /var/tmp/iptables.txt");
+ system("rm -f /var/tmp/iptablesmangle.txt");
+ system("rm -f /var/tmp/iptablesnat.txt");
# Convert entries, sort them, write back and store the sorted entries into new array.
my @sorted = map { $_->[0] }
my $configfile = "${General::swroot}/guardian/guardian.conf";
- # Create the configfile if not exist yet.
+ # Create the configfile if none exists yet.
unless (-e "$configfile") { system("touch $configfile"); }
# Open configfile for writing.
close(FILE);
+ # Generate ignore file.
+ &GenerateIgnoreFile();
+
# Check if guardian should be started or stopped.
if($settings{'GUARDIAN_ENABLED'} eq 'on') {
if($pid > 0) {
projects / ipfire-2.x.git / blobdiff