QoS Graphen angepasst damit Bytes angezeigt werden

Guardian Konfiguration in die IDS CGI eingebaut

git-svn-id: http://svn.ipfire.org/svn/ipfire/trunk@766 ea5c0bd1-69bd-2848-81d8-4f18e57aeed8

diff --git a/config/cfgroot/graphs.pl b/config/cfgroot/graphs.pl
index 82b8d1dfca48bf9cf28854ba6aaeed8249186ed5..97c3a7a3e77878772729293433f2703edb2273cc 100644 (file)
--- a/config/cfgroot/graphs.pl
+++ b/config/cfgroot/graphs.pl
@@ -53,7 +53,7 @@ sub updatecpugraph {
         my $period    = $_[0];
 
         RRDs::graph ("$graphs/cpu-$period.png",
-        "--start", "-1$period", "-aPNG", "-i", "-z",
+        "--start", "-1$period", "-aPNG", "-i", "-z", "-W www.ipfire.org",
         "--alt-y-grid", "-w 600", "-h 100", "-l 0", "-u 100", "-r",
         "--color", "SHADEA".$color{"color19"},
         "--color", "SHADEB".$color{"color19"},
@@ -109,7 +109,7 @@ sub updateloadgraph {
 
         RRDs::graph ("$graphs/load-$period.png",
         "--start", "-1$period", "-aPNG",
-        "-w 600", "-h 100", "-i", "-z", "-l 0", "-r", "--alt-y-grid",
+        "-w 600", "-h 100", "-i", "-z", "-W www.ipfire.org", "-l 0", "-r", "--alt-y-grid",
         "-t Load Average",
         "--color", "SHADEA".$color{"color19"},
         "--color", "SHADEB".$color{"color19"},
@@ -133,7 +133,7 @@ sub updatememgraph {
         my $period    = $_[0];
 
         RRDs::graph ("$graphs/memory-$period.png",
-        "--start", "-1$period", "-aPNG", "-i", "-z",
+        "--start", "-1$period", "-aPNG", "-i", "-z", "-W www.ipfire.org",
         "--alt-y-grid", "-w 600", "-h 100", "-l 0", "-u 100", "-r",
         "--color", "SHADEA".$color{"color19"},
         "--color", "SHADEB".$color{"color19"},
@@ -185,7 +185,7 @@ sub updatememgraph {
         print "Error in RRD::graph for mem: $ERROR\n" if $ERROR;
 
         RRDs::graph ("$graphs/swap-$period.png",
-        "--start", "-1$period", "-aPNG", "-i", "-z",
+        "--start", "-1$period", "-aPNG", "-i", "-z", "-W www.ipfire.org",
         "--alt-y-grid", "-w 600", "-h 100", "-l 0", "-u 100", "-r",
         "--color", "SHADEA".$color{"color19"},
         "--color", "SHADEB".$color{"color19"},
@@ -220,7 +220,7 @@ sub updatediskgraph {
         my $disk    = $_[1];
 
         RRDs::graph ("$graphs/disk-$disk-$period.png",
-        "--start", "-1$period", "-aPNG", "-i", "-z",
+        "--start", "-1$period", "-aPNG", "-i", "-z", "-W www.ipfire.org",
         "--alt-y-grid", "-w 600", "-h 100", "-l 0", "-r",
         "--color", "SHADEA".$color{"color19"},
         "--color", "SHADEB".$color{"color19"},
@@ -249,7 +249,7 @@ sub updateifgraph {
   my $period    = $_[1];
 
   RRDs::graph ("$graphs/$interface-$period.png",
-  "--start", "-1$period", "-aPNG", "-i", "-z",
+  "--start", "-1$period", "-aPNG", "-i", "-z", "-W www.ipfire.org",
   "--alt-y-grid", "-w 600", "-h 100",
   "--color", "SHADEA".$color{"color19"},
   "--color", "SHADEB".$color{"color19"},
@@ -281,7 +281,7 @@ sub updatefwhitsgraph {
   my $period = $_[0];
 
   RRDs::graph ("$graphs/firewallhits-$period-area.png",
-  "--start", "-1$period", "-aPNG", "-i", "-z",
+  "--start", "-1$period", "-aPNG", "-i", "-z", "-W www.ipfire.org",
   "--alt-y-grid", "-w 600", "-h 100",
   "--color", "SHADEA".$color{"color19"},
   "--color", "SHADEB".$color{"color19"},
@@ -311,7 +311,7 @@ sub updatefwhitsgraph {
 sub updatelqgraph {
   my $period    = $_[0];
   RRDs::graph ("$graphs/lq-$period.png",
-  "--start", "-1$period", "-aPNG", "-i", "-z",
+  "--start", "-1$period", "-aPNG", "-i", "-z", "-W www.ipfire.org",
   "--alt-y-grid", "-w 600", "-h 100", "-l 0", "-r",
   "-t $Lang::tr{'linkq'} ($Lang::tr{'graph per'} $Lang::tr{$period})",
   "--lazy", 
@@ -358,7 +358,7 @@ sub updatehddgraph {
   my $period = $_[1];
 
   RRDs::graph ("$graphs/hddtemp-$disk-$period.png",
-  "--start", "-1$period", "-aPNG", "-i", "-z",
+  "--start", "-1$period", "-aPNG", "-i", "-z", "-W www.ipfire.org",
   "--alt-y-grid", "-w 600", "-h 100",
   "--color", "SHADEA".$color{"color19"},
   "--color", "SHADEB".$color{"color19"},
@@ -386,7 +386,7 @@ sub updatetempgraph
   my $count = "11";
   
   @args = ("$graphs/mbmon-$type-$period.png",
-    "--start", "-1$period", "-aPNG", "-i", "-z",
+    "--start", "-1$period", "-aPNG", "-i", "-z", "-W www.ipfire.org",
     "--alt-y-grid", "-w 600", "-h 100", "--alt-autoscale",
     "--color", "SHADEA".$color{"color19"},
     "--color", "SHADEB".$color{"color19"},
@@ -427,7 +427,7 @@ sub updatefangraph
   my $period = $_[0];
   my $count = "11";
 
-  @args = ("$graphs/mbmon-$type-$period.png", "--start", "-1$period", "-aPNG", "-i", "-z",
+  @args = ("$graphs/mbmon-$type-$period.png", "--start", "-1$period", "-aPNG", "-i", "-z", "-W www.ipfire.org",
     "--alt-y-grid", "-w 600", "-h 100", "--alt-autoscale",
     "--color", "SHADEA".$color{"color19"},
     "--color", "SHADEB".$color{"color19"},
@@ -468,7 +468,7 @@ sub updatevoltgraph
   my $period = $_[0];
   my $count = "11";
 
-  @args = ("$graphs/mbmon-$type-$period.png", "--start", "-1$period", "-aPNG", "-i", "-z",
+  @args = ("$graphs/mbmon-$type-$period.png", "--start", "-1$period", "-aPNG", "-i", "-z", "-W www.ipfire.org",
     "--alt-y-grid", "-w 600", "-h 100", "--alt-autoscale",
     "--color", "SHADEA".$color{"color19"},
     "--color", "SHADEB".$color{"color19"},
@@ -531,7 +531,7 @@ sub overviewgraph {
        my $count="1";
        my $color="#000000";
        my @command=("/srv/web/ipfire/html/graphs/qos-graph-$qossettings{'DEV'}-$period.png",
-               "--start", $periodstring, "-aPNG", "-i", "-z",
+               "--start", $periodstring, "-aPNG", "-i", "-z", "-W www.ipfire.org",
                "--alt-y-grid", "-w 600", "-h 150", "-r",
     "--color", "SHADEA".$color{"color19"},
     "--color", "SHADEB".$color{"color19"},
@@ -547,7 +547,7 @@ sub overviewgraph {
                if ( $classline[0] eq $qossettings{'DEV'} )
                {
                        $color=random_hex_color(6);
-                       push(@command, "DEF:$classline[1]=/var/log/rrd/class_$qossettings{'CLASSPRFX'}-$classline[1]_$qossettings{'DEV'}.rrd:bits:AVERAGE");
+                       push(@command, "DEF:$classline[1]=/var/log/rrd/class_$qossettings{'CLASSPRFX'}-$classline[1]_$qossettings{'DEV'}.rrd:bytes:AVERAGE");
 
                        if ($count eq "1") {
                                push(@command, "AREA:$classline[1]$color:Klasse $classline[1] - $classline[8]\\j");

diff --git a/html/cgi-bin/ids.cgi b/html/cgi-bin/ids.cgi
index a0b31e537473a0ac5ff9c48ea4ef483388252d19..4e40e58352c43e86b9380e34c3c80d333a3eb39f 100644 (file)
--- a/html/cgi-bin/ids.cgi
+++ b/html/cgi-bin/ids.cgi
@@ -44,7 +44,16 @@ $snortsettings{'ENABLE_SNORT_GREEN'} = 'off';
 $snortsettings{'ENABLE_SNORT_BLUE'} = 'off';
 $snortsettings{'ENABLE_SNORT_ORANGE'} = 'off';
 $snortsettings{'ENABLE_GUARDIAN'} = 'off';
+$snortsettings{'GUARDIAN_INTERFACE'} = `cat /var/ipfire/red/iface`;
+$snortsettings{'GUARDIAN_HOSTGATEWAYBYTE'} = '1';
+$snortsettings{'GUARDIAN_LOGFILE'} = '/var/log/guardian/guardian.log';
+$snortsettings{'GUARDIAN_ALERTFILE'} = '/var/log/snort/alert';
+$snortsettings{'GUARDIAN_IGNOREFILE'} = '/var/ipfire/guardian/guardian.ignore';
+$snortsettings{'GUARDIAN_TARGETFILE'} = '/var/ipfire/guardian/guardian.target';
+$snortsettings{'GUARDIAN_TIMELIMIT'} = '86400';
+$snortsettings{'GUARDIAN_IGNOREFILE_CONTENT'} = `cat $snortsettings{'GUARDIAN_IGNOREFILE'}`;
 $snortsettings{'ACTION'} = '';
+$snortsettings{'ACTION2'} = '';
 $snortsettings{'RULES'} = '';
 $snortsettings{'OINKCODE'} = '';
 $snortsettings{'INSTALLDATE'} = '';
@@ -248,7 +257,7 @@ if ($snortsettings{'RULES'} eq 'subscripted') {
        $url="http://www.snort.org/pub-bin/downloads.cgi/Download/comm_rules/Community-Rules-CURRENT.tar.gz";
 }
 
-if ($snortsettings{'ACTION'} eq $Lang::tr{'save'})
+if ($snortsettings{'ACTION'} eq $Lang::tr{'save'} && $snortsettings{'ACTION2'} eq "snort" )
 {
        $errormessage = $Lang::tr{'invalid input for oink code'} unless (
            ($snortsettings{'OINKCODE'} =~ /^[a-z0-9]+$/)  ||
@@ -288,6 +297,23 @@ if ($snortsettings{'ACTION'} eq $Lang::tr{'save'})
 
                system('/usr/local/bin/snortctrl restart >/dev/null');
 
+} elsif ($snortsettings{'ACTION'} eq $Lang::tr{'save'} && $snortsettings{'ACTION2'} eq "guardian" ){
+                       open(IGNOREFILE, ">$snortsettings{'GUARDIAN_IGNOREFILE'}") or die "Unable to write guardian ignore file $snortsettings{'GUARDIAN_IGNOREFILE'}";
+                               print IGNOREFILE $snortsettings{'GUARDIAN_IGNOREFILE_CONTENT'};
+                       close(IGNOREFILE);
+                       open(GUARDIAN, ">/var/ipfire/guardian/guardian.conf") or die "Unable to write guardian conf /var/ipfire/guardian/guardian.conf";
+                               print GUARDIAN <<END
+Interface   $snortsettings{'GUARDIAN_INTERFACE'}
+HostGatewayByte   $snortsettings{'GUARDIAN_HOSTGATEWAYBYTE'}
+LogFile   $snortsettings{'GUARDIAN_LOGFILE'}
+AlertFile   $snortsettings{'GUARDIAN_ALERTFILE'}
+IgnoreFile   $snortsettings{'GUARDIAN_IGNOREFILE'}
+TargetFile   $snortsettings{'GUARDIAN_TARGETFILE'}
+TimeLimit   $snortsettings{'GUARDIAN_TIMELIMIT'}
+END
+;
+                       close(GUARDIAN);
+               system('/usr/local/bin/snortctrl restart >/dev/null');
 } else {
         # INSTALLMD5 is not in the form, so not retrieved by getcgihash
        &General::readhash("${General::swroot}/snort/settings", \%snortsettings);
@@ -438,11 +464,7 @@ print <<END
 <hr />
 <table width='100%'>
 <tr>
-       <td width='55%'>&nbsp;</td>
-       <td width='40%' align='center'><input type='submit' name='ACTION' value='$Lang::tr{'save'}' /></td>
-       <td width='5%'>
-               &nbsp; <!-- space for future online help link -->
-       </td>
+       <td align='center'><input type='hidden' name='ACTION2' value='snort' /><input type='submit' name='ACTION' value='$Lang::tr{'save'}' /></td>
 </tr>
 </table>
 </form>
@@ -454,6 +476,28 @@ if ($results ne '') {
 }
 
 &Header::closebox();
+
+####################### Added for guardian control ####################################
+if ( -e "/var/ipfire/guardian/guardian.conf" ) {
+       &Header::openbox('100%', 'LEFT', $Lang::tr{'guardian configuration'});
+print <<END
+<form method='post' action='$ENV{'SCRIPT_NAME'}'><table width='100%'>
+<tr><td align='left' width='40%'>$Lang::tr{'guardian interface'}</td><td align='left'><input type='text' name='INTERFACE' value='$snortsettings{'GUARDIAN_INTERFACE'}' size="30" /></td></tr>
+<tr><td align='left' width='40%'>$Lang::tr{'guardian timelimit'}</td><td align='left'><input type='text' name='TIMELIMIT' value='$snortsettings{'GUARDIAN_TIMELIMIT'}' size="30" /></td></tr>
+<tr><td align='left' width='40%'>$Lang::tr{'guardian logfile'}</td><td align='left'><input type='text' name='LOGFILE' value='$snortsettings{'GUARDIAN_LOGFILE'}' size="30" /></td></tr>
+<tr><td align='left' width='40%'>$Lang::tr{'guardian alertfile'}</td><td align='left'><input type='text' name='ALERTFILE' value='$snortsettings{'GUARDIAN_ALERTFILE'}' size="30" /></td></tr>
+<tr><td align='left' width='40%'>$Lang::tr{'guardian ignorefile'}</td><td align='left'><textarea name='IGNOREFILE_CONTENT' cols='32' rows='6' wrap='off'></textarea></td></tr>
+<tr><td align='center' colspan='2'><input type='hidden' name='ACTION2' value='guardian' /><input type='submit' name='ACTION' value='$Lang::tr{'save'}' /></td></tr>
+</table>
+</form>
+END
+;
+       &Header::closebox();
+}
+
+
+
+
 ####################### Added for snort rules control #################################
 if ( -e "${General::swroot}/snort/enable" || -e "${General::swroot}/snort/enable_green" || -e "${General::swroot}/snort/enable_blue" || -e "${General::swroot}/snort/enable_orange" ) {
        &Header::openbox('100%', 'LEFT', $Lang::tr{'intrusion detection system rules'});

diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl
index 15e562c1752e6701dc9b853a0f1c54659e21555c..6ea5211456c2dbf2bae5aee170ec44677c47150a 100644 (file)
--- a/langs/de/cgi-bin/de.pl
+++ b/langs/de/cgi-bin/de.pl
@@ -773,6 +773,12 @@
 'green' => 'GRÜN',
 'green interface' => 'Grünes Interface',
 'guaranteed bandwith' => 'Garantierte Bandbreite',
+'guardian alertfile' => 'Alertfile',
+'guardian configuration' => 'Guardian Konfiguration',
+'guardian ignorefile' => 'Ignorefile',
+'guardian interface' => 'Interface',
+'guardian logfile' => 'Logfile',
+'guardian timelimit' => 'Timelimit',
 'guest ok' => 'Gastzugang gewähren',
 'gui settings' => 'Benutzeroberfläche',
 'gz with key' => 'Nur ein verschlüsseltes Archiv kann auf dieser Maschine wiederhergestellt werden.',
@@ -951,7 +957,7 @@
 'legend' => 'Legende',
 'length' => 'Länge',
 'line' => 'Leitung',
-'linkq' => 'Verbindungsqualität',
+'linkq' => 'Antwortzeit',
 'load printer' => 'Load Printer',
 'loaded modules' => 'Geladene Module:',
 'local hard disk' => 'Festplatte',

diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl
index 04e42bbfc5f1380688b2509da51b7d4cf08c1635..9728d9b1bb0d79199bb3803492154d4800c6651e 100644 (file)
--- a/langs/en/cgi-bin/en.pl
+++ b/langs/en/cgi-bin/en.pl
@@ -799,6 +799,12 @@
 'green' => 'GREEN',
 'green interface' => 'Green Interface',
 'guaranteed bandwith' => 'Guaranteed bandwith',
+'guardian alertfile' => 'Alertfile',
+'guardian configuration' => 'Guardian Configuration',
+'guardian ignorefile' => 'Ignorefile',
+'guardian interface' => 'Interface',
+'guardian logfile' => 'Logfile',
+'guardian timelimit' => 'Timelimit',
 'guest ok' => 'allow guests to access',
 'gui settings' => 'GUI Settings',
 'gz with key' => 'Only an encrypted archive can be restored on this machine.',

diff --git a/lfs/guardian b/lfs/guardian
index 30ddca00047bf9e96c14477861b3a769d9edb697..f0dacd0fde0f1885682110430692c41f98e5df33 100644 (file)
--- a/lfs/guardian
+++ b/lfs/guardian
@@ -62,8 +62,10 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
        @$(PREBUILD)
        -mkdir -p /var/ipfire/guardian /var/log/guardian
        touch /var/log/guardian/guardian.log
+       touch /var/ipfire/guardian/guardian.ignore
        install -v -m 644 $(DIR_SRC)/config/guardian/guardian.conf /var/ipfire/guardian/
        install -v -m 755 $(DIR_SRC)/config/guardian/guardian.pl /usr/local/bin/
        install -v -m 755 $(DIR_SRC)/config/guardian/guardian_block.sh /usr/local/bin/
        install -v -m 755 $(DIR_SRC)/config/guardian/guardian_unblock.sh /usr/local/bin/
+       chown nobody.nobody /var/ipfire/guardian/{guardian.conf,guardian.ignore}
        @$(POSTBUILD)