From: Stefan Schantl <stefan.schantl@ipfire.org>
Date: Sun, 19 Oct 2014 11:57:30 +0000 (+0200)
Subject: guardian.cgi: Add options to enable/disable some built-in functions from guardian.
X-Git-Tag: v2.19-core104~8^2~45
X-Git-Url: http://git.ipfire.org/?p=ipfire-2.x.git;a=commitdiff_plain;h=26fcd31e1f68e279c6882e9d1998f3079cc4be19

guardian.cgi: Add options to enable/disable some built-in functions from guardian.

This commit allows to enable or disable the monitoring of the snort alertfile
and to switch off the blocking of SSH and HTTPD Brute-force attempts.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
---

diff --git a/html/cgi-bin/guardian.cgi b/html/cgi-bin/guardian.cgi
index b36bf50836..e6bd57b1b1 100644
--- a/html/cgi-bin/guardian.cgi
+++ b/html/cgi-bin/guardian.cgi
@@ -58,6 +58,10 @@ our %mainsettings = ();
 our %settings = ();
 
 $settings{'GUARDIAN_ENABLED'} = 'off';
+$settings{'GUARDIAN_ENABLE_SNORT'} = 'on';
+$settings{'GUARDIAN_ENABLE_SSH'} = 'on';
+$settings{'GUARDIAN_ENABLE_HTTPD'} = 'on';
+$settings{'GUARDIAN_BLOCKINTERFACES'} ='default';
 $settings{'GUARDIAN_BLOCKTIME'} = '86400';
 $settings{'GUARDIAN_LOGFILE'} = '/var/log/guardian/guardian.log';
 $settings{'GUARDIAN_SNORT_ALERTFILE'} = '/var/log/snort/alert';
@@ -234,6 +238,15 @@ sub showMainBox() {
 	$checked{'GUARDIAN_ENABLED'}{'on'} = '';
 	$checked{'GUARDIAN_ENABLED'}{'off'} = '';
 	$checked{'GUARDIAN_ENABLED'}{$settings{'GUARDIAN_ENABLED'}} = 'checked';
+	$checked{'GUARDIAN_ENABLE_SNORT'}{'off'} = '';
+	$checked{'GUARDIAN_ENABLE_SNORT'}{'on'} = '';
+	$checked{'GUARDIAN_ENABLE_SNORT'}{$settings{'GUARDIAN_ENABLE_SNORT'}} = "checked='checked'";
+	$checked{'GUARDIAN_ENABLE_SSH'}{'off'} = '';
+	$checked{'GUARDIAN_ENABLE_SSH'}{'on'} = '';
+	$checked{'GUARDIAN_ENABLE_SSH'}{$settings{'GUARDIAN_ENABLE_SSH'}} = "checked='checked'";
+	$checked{'GUARDIAN_ENABLE_HTTPD'}{'off'} = '';
+	$checked{'GUARDIAN_ENABLE_HTTPD'}{'on'} = '';
+	$checked{'GUARDIAN_ENABLE_HTTPD'}{$settings{'GUARDIAN_ENABLE_HTTPD'}} = "checked='checked'";
 
 	&Header::openpage($Lang::tr{'guardian configuration'}, 1, '');
 	&Header::openbigbox('100%', 'left', '', $errormessage);
@@ -306,6 +319,27 @@ END
 				<td width='20%' class='base'>$Lang::tr{'guardian enabled'}:</td>
 				<td><input type='checkbox' name='GUARDIAN_ENABLED' $checked{'GUARDIAN_ENABLED'}{'on'} /></td>
 			</tr>
+			<tr>
+				<td colspan='2'><br></td>
+			</tr>
+			<tr>
+				<td width='20%' class='base'>Monitor Snort Alerts:</td>
+				<td align='left'>on <input type='radio' name='GUARDIAN_ENABLE_SNORT' value='on' $checked{'GUARDIAN_ENABLE_SNORT'}{'on'} /> /
+				<input type='radio' name='GUARDIAN_ENABLE_SNORT' value='off' $checked{'GUARDIAN_ENABLE_SNORT'}{'off'} /> off</td>
+			</tr>
+			<tr>
+				<td width='20%' class='base'>Block SSH-Bruteforcing:</td>
+				<td align='left'>on <input type='radio' name='GUARDIAN_ENABLE_SSH' value='on' $checked{'GUARDIAN_ENABLE_SSH'}{'on'} /> /
+				<input type='radio' name='GUARDIAN_ENABLE_SSH' value='off' $checked{'GUARDIAN_ENABLE_SSH'}{'off'} /> off</td>
+			</tr>
+			<tr>
+				<td width='20%' class='base'>Block WUI-Bruteforcing:</td>
+				<td align='left'>on <input type='radio' name='GUARDIAN_ENABLE_HTTPD' value='on' $checked{'GUARDIAN_ENABLE_HTTPD'}{'on'} /> /
+				<input type='radio' name='GUARDIAN_ENABLE_HTTPD' value='off' $checked{'GUARDIAN_ENABLE_HTTPD'}{'off'} /> off</td>
+			</tr>
+			<tr>
+				<td colspan='2'><br></td>
+			</tr>
 			<tr>
 				<td width='20%' class='base'>$Lang::tr{'guardian blocktime'}:</td>
 				<td><input type='text' name='GUARDIAN_BLOCKTIME' value='$settings{'GUARDIAN_BLOCKTIME'}' size='10' /></td>
@@ -564,13 +598,16 @@ sub BuildConfiguration() {
 	# Open configfile for writing.
 	open(FILE, ">$configfile");
 
-	print FILE "Interface		$red_interface\n";
-	print FILE "HostGatewayByte	$HostGatewayByte\n";
-	print FILE "LogFile		$settings{'GUARDIAN_LOGFILE'}\n";
-	print FILE "AlertFile		$settings{'GUARDIAN_SNORT_ALERTFILE'}\n";
-	print FILE "IgnoreFile		$ignorefile\n";
-	print FILE "TargetFile		$targetfile\n";
-	print FILE "TimeLimit		$settings{'GUARDIAN_BLOCKTIME'}\n";
+	print FILE "Interface			$red_interface\n";
+	print FILE "EnableSnortMonitoring	$settings{'GUARDIAN_ENABLE_SNORT'}\n";
+	print FILE "EnableSSHMonitoring		$settings{'GUARDIAN_ENABLE_SSH'}\n";
+	print FILE "EnableHTTPDMonitoring	$settings{'GUARDIAN_ENABLE_HTTPD'}\n";
+	print FILE "HostGatewayByte		$HostGatewayByte\n";
+	print FILE "LogFile			$settings{'GUARDIAN_LOGFILE'}\n";
+	print FILE "AlertFile			$settings{'GUARDIAN_SNORT_ALERTFILE'}\n";
+	print FILE "IgnoreFile			$ignorefile\n";
+	print FILE "TargetFile			$targetfile\n";
+	print FILE "TimeLimit			$settings{'GUARDIAN_BLOCKTIME'}\n";
 
 	close(FILE);