diff --git a/config/cfgroot/header.pl b/config/cfgroot/header.pl index f219de155..cdfe13e33 100644 --- a/config/cfgroot/header.pl +++ b/config/cfgroot/header.pl @@ -245,14 +245,19 @@ sub genmenu { 'title' => "$tr{'sstraffic'}", 'enabled' => 1, }; - - $subnetwork->{'06.openvpn'} = { + $subnetwork->{'06.fwhits'} = { + 'caption' => 'Firewallhits', + 'uri' => '/cgi-bin/fwhits.cgi', + 'title' => "IPFire Firewallhits", + 'enabled' => 1, + }; + $subnetwork->{'07.openvpn'} = { 'caption' => 'OpenVPN', 'uri' => '/cgi-bin/ovpnmain.cgi', 'title' => "$tr{'virtual private networking'}", 'enabled' => 1, }; - $subnetwork->{'07.ipsec'} = { + $subnetwork->{'08.ipsec'} = { 'caption' => 'IPSec, 'uri' => '/cgi-bin/vpnmain.cgi', 'title' => "$tr{'virtual private networking'}", diff --git a/doc/packages-list.txt b/doc/packages-list.txt index c1689185c..408b3b10a 100644 --- a/doc/packages-list.txt +++ b/doc/packages-list.txt @@ -81,6 +81,7 @@ * file-4.16 * findutils-4.1.20 * flex-2.5.4a + * fwhits * gawk-3.1.3 * gcc-3.3.3 * gd-2.0.20 diff --git a/html/cgi-bin/country.cgi b/html/cgi-bin/country.cgi index a85d5ac44..1476739c2 100755 --- a/html/cgi-bin/country.cgi +++ b/html/cgi-bin/country.cgi @@ -18,7 +18,7 @@ my @flaglist=(); my @flaglistfiles=(); my $flag = ''; -require '/var/ipcop/general-functions.pl'; +require '/var/ipfire/general-functions.pl'; require "${General::swroot}/lang.pl"; require "${General::swroot}/header.pl"; diff --git a/html/cgi-bin/fwhits.cgi b/html/cgi-bin/fwhits.cgi new file mode 100755 index 000000000..3b209ee47 --- /dev/null +++ b/html/cgi-bin/fwhits.cgi @@ -0,0 +1,107 @@ +#!/usr/bin/perl +# +# This code is distributed under the terms of the GPL +# + +use strict; + +# enable only the following on debugging purpose +#use warnings; +#use CGI::Carp 'fatalsToBrowser'; + +require '/var/ipfire/general-functions.pl'; +require "${General::swroot}/lang.pl"; +require "${General::swroot}/header.pl"; + +my %cgiparams=(); +my @cgigraphs=(); +my @graphs=(); + +$ENV{'QUERY_STRING'} =~ s/&//g; +@cgigraphs = split(/graph=/,$ENV{'QUERY_STRING'}); +$cgigraphs[1] = '' unless defined $cgigraphs[1]; + +&Header::showhttpheaders(); + +my $graphdir = "/home/httpd/html/graphs"; + +my @LOCALCHECK=(); +my $errormessage=""; + +&Header::openpage('firewall graphs', 1, ' '); + +&Header::openbigbox('100%', 'left', '', $errormessage); +print < + + + show lines +   + show areas + + + +END +if ($cgigraphs[1] eq "line") { + &Header::openbox('100%', 'center', "daily firewallhits"); + my $ftime = localtime((stat("$graphdir/firewallhits-day-line.png"))[9]); + print "
$Lang::tr{'the statistics were last updated at'}: $ftime

\n"; + print ""; + print "
\n"; + &Header::closebox(); + + &Header::openbox('100%', 'center', "weekly firewallhits"); + my $ftime = localtime((stat("$graphdir/firewallhits-week-line.png"))[9]); + print "
$Lang::tr{'the statistics were last updated at'}: $ftime

\n"; + print ""; + print "
\n"; + &Header::closebox(); + + &Header::openbox('100%', 'center', "monthly firewallhits"); + my $ftime = localtime((stat("$graphdir/firewallhits-month-line.png"))[9]); + print "
$Lang::tr{'the statistics were last updated at'}: $ftime

\n"; + print ""; + print "
\n"; + &Header::closebox(); + + &Header::openbox('100%', 'center', "yearly firewallhits"); + my $ftime = localtime((stat("$graphdir/firewallhits-year-line.png"))[9]); + print "
$Lang::tr{'the statistics were last updated at'}: $ftime

\n"; + print ""; + print "
\n"; + &Header::closebox(); +} +else +{ + &Header::openbox('100%', 'center', "daily firewallhits"); + my $ftime = localtime((stat("$graphdir/firewallhits-day-area.png"))[9]); + print "
$Lang::tr{'the statistics were last updated at'}: $ftime

\n"; + print ""; + print "
\n"; + &Header::closebox(); + + &Header::openbox('100%', 'center', "weekly firewallhits"); + my $ftime = localtime((stat("$graphdir/firewallhits-week-area.png"))[9]); + print "
$Lang::tr{'the statistics were last updated at'}: $ftime

\n"; + print ""; + print "
\n"; + &Header::closebox(); + + &Header::openbox('100%', 'center', "monthly firewallhits"); + my $ftime = localtime((stat("$graphdir/firewallhits-month-area.png"))[9]); + print "
$Lang::tr{'the statistics were last updated at'}: $ftime

\n"; + print ""; + print "
\n"; + &Header::closebox(); + + &Header::openbox('100%', 'center', "yearly firewallhits"); + my $ftime = localtime((stat("$graphdir/firewallhits-year-area.png"))[9]); + print "
$Lang::tr{'the statistics were last updated at'}: $ftime

\n"; + print ""; + print "
\n"; + &Header::closebox(); +} + + +&Header::closebigbox(); +&Header::closepage(); diff --git a/lfs/fwhits b/lfs/fwhits new file mode 100644 index 000000000..c7d5ae637 --- /dev/null +++ b/lfs/fwhits @@ -0,0 +1,79 @@ +############################################################################### +# This file is part of the IPCop Firewall. # +# # +# IPCop is free software; you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation; either version 2 of the License, or # +# (at your option) any later version. # +# # +# IPCop is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with IPCop; if not, write to the Free Software # +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # +# # +# Makefiles are based on LFSMake, which is # +# Copyright (C) 2002 Rod Roard # +# # +############################################################################### + +############################################################################### +# Definitions +############################################################################### + +include Config + +THISAPP = fwhits +DL_FILE = logtailfwhits +DL_FROM = $(URL_IPFIRE) +TARGET = $(DIR_INFO)/$(THISAPP) + +############################################################################### +# Top-level Rules +############################################################################### + +objects = $(DL_FILE) + +$(DL_FILE) = $(DL_FROM)/$(DL_FILE) + +$(DL_FILE)_MD5 = c548cb78ecd652e8175414c35f14ec4f + +install : $(TARGET) + +check : $(patsubst %,$(DIR_CHK)/%,$(objects)) + +download :$(patsubst %,$(DIR_DL)/%,$(objects)) + +md5 : $(subst %,%_MD5,$(objects)) + +#dist: +# make-packages.sh fwhits $(THISAPP)-ipfire-beta-1 + +############################################################################### +# Downloading, checking, md5sum +############################################################################### + +$(patsubst %,$(DIR_CHK)/%,$(objects)) : + @$(CHECK) + +$(patsubst %,$(DIR_DL)/%,$(objects)) : + @$(LOAD) + +$(subst %,%_MD5,$(objects)) : + @$(MD5) + +############################################################################### +# Installation Details +############################################################################### + +$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) + @$(PREBUILD) + cp $(DIR_DL)/logtailfwhits /usr/local/bin/ + chmod 755 /usr/local/bin/logtailfwhits + chown root.root /usr/local/bin/logtailfwhits + # logtailfwhits /var/log/snort/alert /var/log/snort/fwhits.alert.offset + # logtailfwhits /var/log/messages /var/log/fwhits.messages.offset + @$(POSTBUILD) \ No newline at end of file diff --git a/make.sh b/make.sh index b8132b774..09b815089 100644 --- a/make.sh +++ b/make.sh @@ -634,6 +634,7 @@ buildipcop() { ipcopmake Archive-Tar ipcopmake Archive-Zip ipcopmake GeoIP + ipcopmake fwhits ipcopmake noip_updater ipcopmake ntp ipcopmake oinkmaster diff --git a/src/scripts/makegraphs b/src/scripts/makegraphs index 023925245..0639f2eba 100644 --- a/src/scripts/makegraphs +++ b/src/scripts/makegraphs @@ -390,6 +390,122 @@ sub updateifdata { print "Error in RRD::update for $interface: $ERROR\n" if $ERROR; } +sub updatefwhitsgraph { + my $interval = $_[0]; + + RRDs::graph ("$graphs/firewallhits-$interval-area.png", + "--start", "-1$interval", "-aPNG", "-i", "-z", + "--alt-y-grid", "-w 500", "-h 200", + "--color", "SHADEA#EAE9EE", + "--color", "SHADEB#EAE9EE", + "--color", "BACK#EAE9EE", + "-t firewall hits over the last $interval", + "DEF:amount=$rrdlog/firewallhits.rrd:amount:AVERAGE", + "AREA:amount#6464FF:firewallhits", + "GPRINT:amount:MAX: Max\\: %2.2lf %S", + "GPRINT:amount:AVERAGE: Avg\\: %2.2lf %S", + "GPRINT:amount:LAST: Current\\: %2.2lf %Shits/5 min\\n", + "DEF:portamount=$rrdlog/firewallhits.rrd:portamount:AVERAGE", + "AREA:portamount#FF6464:portscans", + "GPRINT:portamount:MAX: Max\\: %2.2lf %S", + "GPRINT:portamount:AVERAGE: Avg\\: %2.2lf %S", + "GPRINT:portamount:LAST: Current\\: %2.2lf %Shits/5 min"); + $ERROR = RRDs::error; + print "Error in RRD::graph for Firewallhits: $ERROR\n" if $ERROR; + + RRDs::graph ("$graphs/firewallhits-$interval-line.png", + "--start", "-1$interval", "-aPNG", "-i", "-z", + "--alt-y-grid", "-w 500", "-h 200", + "--color", "SHADEA#EAE9EE", + "--color", "SHADEB#EAE9EE", + "--color", "BACK#EAE9EE", + "-t firewall hits over the last $interval", + "DEF:amount=$rrdlog/firewallhits.rrd:amount:AVERAGE", + "LINE2:amount#6464FF:firewallhits", + "GPRINT:amount:MAX: Max\\: %2.2lf %S", + "GPRINT:amount:AVERAGE: Avg\\: %2.2lf %S", + "GPRINT:amount:LAST: Current\\: %2.2lf %Shits/5 min\\n", + "DEF:portamount=$rrdlog/firewallhits.rrd:portamount:AVERAGE", + "LINE2:portamount#FF6464:portscans", + "GPRINT:portamount:MAX: Max\\: %2.2lf %S", + "GPRINT:portamount:AVERAGE: Avg\\: %2.2lf %S", + "GPRINT:portamount:LAST: Current\\: %2.2lf %Shits/5 min"); + $ERROR = RRDs::error; + print "Error in RRD::graph for Firewallhits: $ERROR\n" if $ERROR; +} + +sub updatefwhitsdata { + my $portamount=0; + my $alertaktuell=0; + my $aktuell=0; + my $portaktuell=0; + my $skip=0; + + if (! -e "$rrdlog/firewallhits.rrd") + { + RRDs::create ("$rrdlog/firewallhits.rrd", "--step=300", + "DS:amount:GAUGE:600:0:U", + "DS:portamount:GAUGE:600:0:U", + "RRA:AVERAGE:0.5:1:576", + "RRA:AVERAGE:0.5:6:672", + "RRA:AVERAGE:0.5:24:732", + "RRA:AVERAGE:0.5:144:1460"); + $ERROR = RRDs::error; + print "Error in RRD::create for cpu: $ERROR\n" if $ERROR; + } + + system("logtailfwhits /var/log/messages /var/log/fwhits.messages.offset >/tmp/messages.fwhits"); + if (!(open (FILE,'/tmp/messages.fwhits'))) { + $skip=1; + } + $aktuell = 0; + if (!$skip) { + while () { + if (/kernel:.*(IN=.*)$/) { + $aktuell++; + } + } + close (FILE); + } + + system("logtailfwhits /var/log/snort/alert /var/log/snort/fwhits.alert.offset >/tmp/snort.fwhits"); + if (!(open (FILE,'/tmp/snort.fwhits'))) { + $skip=1; + } + $alertaktuell = 0; + if (!$skip) { + while () { + if (/scan.*$/) { + $alertaktuell++; + } + } + close (FILE); + } + + if (!(open (FILE,'/tmp/messages.fwhits'))) { + $skip=1; + } + $portaktuell = 0; + if (!$skip) { + while () { + if (/kernel:.*(Scan.*)$/) { + $portaktuell++; + } + } + close (FILE); + } + + system("rm /tmp/messages.fwhits"); + system("rm /tmp/snort.fwhits"); + + $portamount = $portaktuell + $alertaktuell; + chomp($portamount); + RRDs::update ("$rrdlog/firewallhits.rrd", + "N:$aktuell:$portamount"); + $ERROR = RRDs::error; + print "Error in RRD::update for Firewallhits: $ERROR\n" if $ERROR; +} + ## Update ipac logs system ('/usr/sbin/fetchipac'); sleep 8; @@ -444,6 +560,15 @@ updatediskgraph ("week"); updatediskgraph ("month"); updatediskgraph ("year"); +### +### Firewallhits +### +updatefwhitsdata(); +updatefwhitsgraph ("day"); +updatefwhitsgraph ("week"); +updatefwhitsgraph ("month"); +updatefwhitsgraph ("year"); + ### ### Network Graphs ###