HinzugefĆ¼gt:
authorms <ms@ea5c0bd1-69bd-2848-81d8-4f18e57aeed8>
Thu, 25 May 2006 21:10:48 +0000 (21:10 +0000)
committerms <ms@ea5c0bd1-69bd-2848-81d8-4f18e57aeed8>
Thu, 25 May 2006 21:10:48 +0000 (21:10 +0000)
  * Firewallhits

git-svn-id: http://svn.ipfire.org/svn/ipfire/trunk@142 ea5c0bd1-69bd-2848-81d8-4f18e57aeed8

config/cfgroot/header.pl
doc/packages-list.txt
html/cgi-bin/country.cgi
html/cgi-bin/fwhits.cgi [new file with mode: 0755]
lfs/fwhits [new file with mode: 0644]
make.sh
src/scripts/makegraphs

index f219de1..cdfe13e 100644 (file)
@@ -245,14 +245,19 @@ sub genmenu {
                                  'title' => "$tr{'sstraffic'}",
                                 'enabled' => 1,
                                  };
-
-    $subnetwork->{'06.openvpn'} = {
+    $subnetwork->{'06.fwhits'} = {
+                                 'caption' => 'Firewallhits',
+                                 'uri' => '/cgi-bin/fwhits.cgi',
+                                 'title' => "IPFire Firewallhits",
+                                'enabled' => 1,
+                                 };
+    $subnetwork->{'07.openvpn'} = {
                                  'caption' => 'OpenVPN',
                                  'uri' => '/cgi-bin/ovpnmain.cgi',
                                  'title' => "$tr{'virtual private networking'}",
                                 'enabled' => 1,
                                  };
-    $subnetwork->{'07.ipsec'} = {
+    $subnetwork->{'08.ipsec'} = {
                                  'caption' => 'IPSec,
                                  'uri' => '/cgi-bin/vpnmain.cgi',
                                  'title' => "$tr{'virtual private networking'}",
index c168918..408b3b1 100644 (file)
@@ -81,6 +81,7 @@
   * file-4.16
   * findutils-4.1.20
   * flex-2.5.4a
+  * fwhits
   * gawk-3.1.3
   * gcc-3.3.3
   * gd-2.0.20
index a85d5ac..1476739 100755 (executable)
@@ -18,7 +18,7 @@ my @flaglist=();
 my @flaglistfiles=();
 my $flag = '';
 
-require '/var/ipcop/general-functions.pl';
+require '/var/ipfire/general-functions.pl';
 require "${General::swroot}/lang.pl";
 require "${General::swroot}/header.pl";
 
diff --git a/html/cgi-bin/fwhits.cgi b/html/cgi-bin/fwhits.cgi
new file mode 100755 (executable)
index 0000000..3b209ee
--- /dev/null
@@ -0,0 +1,107 @@
+#!/usr/bin/perl
+#
+# This code is distributed under the terms of the GPL
+#
+
+use strict;
+
+# enable only the following on debugging purpose
+#use warnings;
+#use CGI::Carp 'fatalsToBrowser';
+
+require '/var/ipfire/general-functions.pl';
+require "${General::swroot}/lang.pl";
+require "${General::swroot}/header.pl";
+
+my %cgiparams=();
+my @cgigraphs=();
+my @graphs=();
+
+$ENV{'QUERY_STRING'} =~ s/&//g;
+@cgigraphs = split(/graph=/,$ENV{'QUERY_STRING'});
+$cgigraphs[1] = '' unless defined $cgigraphs[1];
+
+&Header::showhttpheaders();
+
+my $graphdir = "/home/httpd/html/graphs";
+
+my @LOCALCHECK=();
+my $errormessage="";
+
+&Header::openpage('firewall graphs', 1, ' <META HTTP-EQUIV="Refresh" CONTENT="300"> <META HTTP-EQUIV="Cache-Control" content="no-cache"> <META HTTP-EQUIV="Pragma" CONTENT="no-cache"> ');
+
+&Header::openbigbox('100%', 'left', '', $errormessage);
+print <<END;
+<table width="100%" align="center">
+       <tr>
+               <td align="left">
+                       <a href=/cgi-bin/fwhits.cgi?graph=line>show lines</a>
+                       &nbsp;
+                       <a href=/cgi-bin/fwhits.cgi?graph=area>show areas</a>
+               </td>
+       </tr>
+</table>
+END
+if ($cgigraphs[1] eq "line") {
+               &Header::openbox('100%', 'center', "daily firewallhits");
+               my $ftime = localtime((stat("$graphdir/firewallhits-day-line.png"))[9]);
+               print "<center><b>$Lang::tr{'the statistics were last updated at'}: $ftime</b></center><br />\n";
+               print "<img src='/graphs/firewallhits-day-line.png' border='0' />";
+               print "<br />\n";
+               &Header::closebox();
+
+               &Header::openbox('100%', 'center', "weekly firewallhits");
+               my $ftime = localtime((stat("$graphdir/firewallhits-week-line.png"))[9]);
+               print "<center><b>$Lang::tr{'the statistics were last updated at'}: $ftime</b></center><br />\n";
+               print "<img src='/graphs/firewallhits-week-line.png' border='0' />";
+               print "<br />\n";
+               &Header::closebox();
+
+               &Header::openbox('100%', 'center', "monthly firewallhits");
+               my $ftime = localtime((stat("$graphdir/firewallhits-month-line.png"))[9]);
+               print "<center><b>$Lang::tr{'the statistics were last updated at'}: $ftime</b></center><br />\n";
+               print "<img src='/graphs/firewallhits-month-line.png' border='0' />";
+               print "<br />\n";
+               &Header::closebox();
+
+               &Header::openbox('100%', 'center', "yearly firewallhits");
+               my $ftime = localtime((stat("$graphdir/firewallhits-year-line.png"))[9]);
+               print "<center><b>$Lang::tr{'the statistics were last updated at'}: $ftime</b></center><br />\n";
+               print "<img src='/graphs/firewallhits-year-line.png' border='0' />";
+               print "<br />\n";
+               &Header::closebox();
+}
+else
+{
+               &Header::openbox('100%', 'center', "daily firewallhits");
+               my $ftime = localtime((stat("$graphdir/firewallhits-day-area.png"))[9]);
+               print "<center><b>$Lang::tr{'the statistics were last updated at'}: $ftime</b></center><br />\n";
+               print "<img src='/graphs/firewallhits-day-area.png' border='0' />";
+               print "<br />\n";
+               &Header::closebox();
+
+               &Header::openbox('100%', 'center', "weekly firewallhits");
+               my $ftime = localtime((stat("$graphdir/firewallhits-week-area.png"))[9]);
+               print "<center><b>$Lang::tr{'the statistics were last updated at'}: $ftime</b></center><br />\n";
+               print "<img src='/graphs/firewallhits-week-area.png' border='0' />";
+               print "<br />\n";
+               &Header::closebox();
+
+               &Header::openbox('100%', 'center', "monthly firewallhits");
+               my $ftime = localtime((stat("$graphdir/firewallhits-month-area.png"))[9]);
+               print "<center><b>$Lang::tr{'the statistics were last updated at'}: $ftime</b></center><br />\n";
+               print "<img src='/graphs/firewallhits-month-area.png' border='0' />";
+               print "<br />\n";
+               &Header::closebox();
+
+               &Header::openbox('100%', 'center', "yearly firewallhits");
+               my $ftime = localtime((stat("$graphdir/firewallhits-year-area.png"))[9]);
+               print "<center><b>$Lang::tr{'the statistics were last updated at'}: $ftime</b></center><br />\n";
+               print "<img src='/graphs/firewallhits-year-area.png' border='0' />";
+               print "<br />\n";
+               &Header::closebox();
+}
+
+
+&Header::closebigbox();
+&Header::closepage();
diff --git a/lfs/fwhits b/lfs/fwhits
new file mode 100644 (file)
index 0000000..c7d5ae6
--- /dev/null
@@ -0,0 +1,79 @@
+###############################################################################
+# This file is part of the IPCop Firewall.                                    #
+#                                                                             #
+# IPCop is free software; you can redistribute it and/or modify               #
+# it under the terms of the GNU General Public License as published by        #
+# the Free Software Foundation; either version 2 of the License, or           #
+# (at your option) any later version.                                         #
+#                                                                             #
+# IPCop is distributed in the hope that it will be useful,                    #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
+# GNU General Public License for more details.                                #
+#                                                                             #
+# You should have received a copy of the GNU General Public License           #
+# along with IPCop; if not, write to the Free Software                        #
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307 USA    #
+#                                                                             #
+# Makefiles are based on LFSMake, which is                                    #
+# Copyright (C) 2002 Rod Roard <rod@sunsetsystems.com>                        #
+#                                                                             #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+
+THISAPP    = fwhits
+DL_FILE    = logtailfwhits
+DL_FROM    = $(URL_IPFIRE)
+TARGET     = $(DIR_INFO)/$(THISAPP)
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+
+objects = $(DL_FILE)
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_MD5 = c548cb78ecd652e8175414c35f14ec4f
+
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
+
+md5 : $(subst %,%_MD5,$(objects))
+
+#dist: 
+#      make-packages.sh fwhits $(THISAPP)-ipfire-beta-1
+
+###############################################################################
+# Downloading, checking, md5sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+       @$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+       @$(LOAD)
+
+$(subst %,%_MD5,$(objects)) :
+       @$(MD5)
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
+       @$(PREBUILD)
+       cp $(DIR_DL)/logtailfwhits /usr/local/bin/
+       chmod 755 /usr/local/bin/logtailfwhits
+       chown root.root /usr/local/bin/logtailfwhits
+       # logtailfwhits /var/log/snort/alert /var/log/snort/fwhits.alert.offset
+       # logtailfwhits /var/log/messages /var/log/fwhits.messages.offset
+       @$(POSTBUILD)
\ No newline at end of file
diff --git a/make.sh b/make.sh
index b8132b7..09b8150 100644 (file)
--- a/make.sh
+++ b/make.sh
@@ -634,6 +634,7 @@ buildipcop() {
   ipcopmake Archive-Tar
   ipcopmake Archive-Zip
   ipcopmake GeoIP
+  ipcopmake fwhits
   ipcopmake noip_updater
   ipcopmake ntp
   ipcopmake oinkmaster
index 0239252..0639f2e 100644 (file)
@@ -390,6 +390,122 @@ sub updateifdata {
        print "Error in RRD::update for $interface: $ERROR\n" if $ERROR;
 }
 
+sub updatefwhitsgraph {
+       my $interval = $_[0];
+
+       RRDs::graph ("$graphs/firewallhits-$interval-area.png",
+               "--start", "-1$interval", "-aPNG", "-i", "-z",
+               "--alt-y-grid", "-w 500", "-h 200",
+               "--color", "SHADEA#EAE9EE",
+               "--color", "SHADEB#EAE9EE",
+               "--color", "BACK#EAE9EE",
+               "-t firewall hits over the last $interval",
+               "DEF:amount=$rrdlog/firewallhits.rrd:amount:AVERAGE",
+               "AREA:amount#6464FF:firewallhits",
+               "GPRINT:amount:MAX:   Max\\: %2.2lf %S",
+               "GPRINT:amount:AVERAGE: Avg\\: %2.2lf %S",
+               "GPRINT:amount:LAST: Current\\: %2.2lf %Shits/5 min\\n",
+               "DEF:portamount=$rrdlog/firewallhits.rrd:portamount:AVERAGE",
+               "AREA:portamount#FF6464:portscans",
+               "GPRINT:portamount:MAX:      Max\\: %2.2lf %S",
+               "GPRINT:portamount:AVERAGE: Avg\\: %2.2lf %S",
+               "GPRINT:portamount:LAST: Current\\: %2.2lf %Shits/5 min");
+       $ERROR = RRDs::error;
+       print "Error in RRD::graph for Firewallhits: $ERROR\n" if $ERROR;
+
+       RRDs::graph ("$graphs/firewallhits-$interval-line.png",
+               "--start", "-1$interval", "-aPNG", "-i", "-z",
+               "--alt-y-grid", "-w 500", "-h 200",
+               "--color", "SHADEA#EAE9EE",
+               "--color", "SHADEB#EAE9EE",
+               "--color", "BACK#EAE9EE",
+               "-t firewall hits over the last $interval",
+               "DEF:amount=$rrdlog/firewallhits.rrd:amount:AVERAGE",
+               "LINE2:amount#6464FF:firewallhits",
+               "GPRINT:amount:MAX:   Max\\: %2.2lf %S",
+               "GPRINT:amount:AVERAGE: Avg\\: %2.2lf %S",
+               "GPRINT:amount:LAST: Current\\: %2.2lf %Shits/5 min\\n",
+               "DEF:portamount=$rrdlog/firewallhits.rrd:portamount:AVERAGE",
+               "LINE2:portamount#FF6464:portscans",
+               "GPRINT:portamount:MAX:      Max\\: %2.2lf %S",
+               "GPRINT:portamount:AVERAGE: Avg\\: %2.2lf %S",
+               "GPRINT:portamount:LAST: Current\\: %2.2lf %Shits/5 min");
+       $ERROR = RRDs::error;
+       print "Error in RRD::graph for Firewallhits: $ERROR\n" if $ERROR;
+}
+
+sub updatefwhitsdata {
+       my $portamount=0;
+       my $alertaktuell=0;
+       my $aktuell=0;
+       my $portaktuell=0;
+       my $skip=0;
+
+       if (! -e "$rrdlog/firewallhits.rrd")
+       {
+               RRDs::create ("$rrdlog/firewallhits.rrd", "--step=300",
+                       "DS:amount:GAUGE:600:0:U",
+                       "DS:portamount:GAUGE:600:0:U",
+                       "RRA:AVERAGE:0.5:1:576",
+                       "RRA:AVERAGE:0.5:6:672",
+                       "RRA:AVERAGE:0.5:24:732",
+                       "RRA:AVERAGE:0.5:144:1460");
+               $ERROR = RRDs::error;
+               print "Error in RRD::create for cpu: $ERROR\n" if $ERROR;
+       }
+
+       system("logtailfwhits /var/log/messages /var/log/fwhits.messages.offset >/tmp/messages.fwhits");
+       if (!(open (FILE,'/tmp/messages.fwhits'))) {
+           $skip=1;
+       }
+       $aktuell = 0;
+       if (!$skip) {
+               while (<FILE>) {
+                       if (/kernel:.*(IN=.*)$/) {
+                               $aktuell++;
+                       }
+               }
+               close (FILE);
+       }
+
+       system("logtailfwhits /var/log/snort/alert /var/log/snort/fwhits.alert.offset >/tmp/snort.fwhits");
+       if (!(open (FILE,'/tmp/snort.fwhits'))) {
+           $skip=1;
+       }
+       $alertaktuell = 0;
+       if (!$skip) {
+               while (<FILE>) {
+                       if (/scan.*$/) {
+                               $alertaktuell++;
+                       }
+               }
+               close (FILE);
+       }
+
+       if (!(open (FILE,'/tmp/messages.fwhits'))) {
+           $skip=1;
+       }
+       $portaktuell = 0;
+       if (!$skip) {
+               while (<FILE>) {
+                       if (/kernel:.*(Scan.*)$/) {
+                               $portaktuell++;
+                       }
+               }
+               close (FILE);
+       }
+
+       system("rm /tmp/messages.fwhits");
+       system("rm /tmp/snort.fwhits");
+
+       $portamount = $portaktuell + $alertaktuell;
+       chomp($portamount);
+       RRDs::update ("$rrdlog/firewallhits.rrd",
+               "N:$aktuell:$portamount");
+       $ERROR = RRDs::error;
+       print "Error in RRD::update for Firewallhits: $ERROR\n" if $ERROR;
+}
+
 ## Update ipac logs
 system ('/usr/sbin/fetchipac');
 sleep 8;
@@ -444,6 +560,15 @@ updatediskgraph ("week");
 updatediskgraph ("month");
 updatediskgraph ("year");
 
+###
+### Firewallhits
+###
+updatefwhitsdata();
+updatefwhitsgraph ("day");
+updatefwhitsgraph ("week");
+updatefwhitsgraph ("month");
+updatefwhitsgraph ("year");
+
 ###
 ### Network Graphs
 ###