Hinzugefügt:

* Firewallhits


git-svn-id: http://svn.ipfire.org/svn/ipfire/trunk@142 ea5c0bd1-69bd-2848-81d8-4f18e57aeed8

config/cfgroot/header.pl

@@ -245,14 +245,19 @@ sub genmenu {
 			     	  'title' => "$tr{'sstraffic'}",
 			         'enabled' => 1,
 			   	  };
-
+    $subnetwork->{'06.fwhits'} = {
-    $subnetwork->{'06.openvpn'} = {
+				  'caption' => 'Firewallhits',
+			     	  'uri' => '/cgi-bin/fwhits.cgi',
+			     	  'title' => "IPFire Firewallhits",
+			         'enabled' => 1,
+			   	  };
+    $subnetwork->{'07.openvpn'} = {
 				  'caption' => 'OpenVPN',
 			     	  'uri' => '/cgi-bin/ovpnmain.cgi',
 			     	  'title' => "$tr{'virtual private networking'}",
 			         'enabled' => 1,
 			   	  };
-    $subnetwork->{'07.ipsec'} = {
+    $subnetwork->{'08.ipsec'} = {
 				  'caption' => 'IPSec,
 			     	  'uri' => '/cgi-bin/vpnmain.cgi',
 			     	  'title' => "$tr{'virtual private networking'}",

doc/packages-list.txt

@@ -81,6 +81,7 @@
   * file-4.16
   * findutils-4.1.20
   * flex-2.5.4a
+  * fwhits
   * gawk-3.1.3
   * gcc-3.3.3
   * gd-2.0.20

html/cgi-bin/country.cgi

@@ -18,7 +18,7 @@ my @flaglist=();
 my @flaglistfiles=();
 my $flag = '';
 
-require '/var/ipcop/general-functions.pl';
+require '/var/ipfire/general-functions.pl';
 require "${General::swroot}/lang.pl";
 require "${General::swroot}/header.pl";
 

html/cgi-bin/fwhits.cgi

@@ -0,0 +1,107 @@
+#!/usr/bin/perl
+#
+# This code is distributed under the terms of the GPL
+#
+
+use strict;
+
+# enable only the following on debugging purpose
+#use warnings;
+#use CGI::Carp 'fatalsToBrowser';
+
+require '/var/ipfire/general-functions.pl';
+require "${General::swroot}/lang.pl";
+require "${General::swroot}/header.pl";
+
+my %cgiparams=();
+my @cgigraphs=();
+my @graphs=();
+
+$ENV{'QUERY_STRING'} =~ s/&//g;
+@cgigraphs = split(/graph=/,$ENV{'QUERY_STRING'});
+$cgigraphs[1] = '' unless defined $cgigraphs[1];
+
+&Header::showhttpheaders();
+
+my $graphdir = "/home/httpd/html/graphs";
+
+my @LOCALCHECK=();
+my $errormessage="";
+
+&Header::openpage('firewall graphs', 1, ' <META HTTP-EQUIV="Refresh" CONTENT="300"> <META HTTP-EQUIV="Cache-Control" content="no-cache"> <META HTTP-EQUIV="Pragma" CONTENT="no-cache"> ');
+
+&Header::openbigbox('100%', 'left', '', $errormessage);
+print <<END;
+<table width="100%" align="center">
+	<tr>
+		<td align="left">
+			<a href=/cgi-bin/fwhits.cgi?graph=line>show lines</a>
+			&nbsp;
+			<a href=/cgi-bin/fwhits.cgi?graph=area>show areas</a>
+		</td>
+	</tr>
+</table>
+END
+if ($cgigraphs[1] eq "line") {
+	        &Header::openbox('100%', 'center', "daily firewallhits");
+		my $ftime = localtime((stat("$graphdir/firewallhits-day-line.png"))[9]);
+		print "<center><b>$Lang::tr{'the statistics were last updated at'}: $ftime</b></center><br />\n";
+		print "<img src='/graphs/firewallhits-day-line.png' border='0' />";
+		print "<br />\n";
+	        &Header::closebox();
+
+	        &Header::openbox('100%', 'center', "weekly firewallhits");
+		my $ftime = localtime((stat("$graphdir/firewallhits-week-line.png"))[9]);
+		print "<center><b>$Lang::tr{'the statistics were last updated at'}: $ftime</b></center><br />\n";
+		print "<img src='/graphs/firewallhits-week-line.png' border='0' />";
+		print "<br />\n";
+	        &Header::closebox();
+
+	        &Header::openbox('100%', 'center', "monthly firewallhits");
+		my $ftime = localtime((stat("$graphdir/firewallhits-month-line.png"))[9]);
+		print "<center><b>$Lang::tr{'the statistics were last updated at'}: $ftime</b></center><br />\n";
+		print "<img src='/graphs/firewallhits-month-line.png' border='0' />";
+		print "<br />\n";
+	        &Header::closebox();
+
+	        &Header::openbox('100%', 'center', "yearly firewallhits");
+		my $ftime = localtime((stat("$graphdir/firewallhits-year-line.png"))[9]);
+		print "<center><b>$Lang::tr{'the statistics were last updated at'}: $ftime</b></center><br />\n";
+		print "<img src='/graphs/firewallhits-year-line.png' border='0' />";
+		print "<br />\n";
+	        &Header::closebox();
+}
+else
+{
+	        &Header::openbox('100%', 'center', "daily firewallhits");
+		my $ftime = localtime((stat("$graphdir/firewallhits-day-area.png"))[9]);
+		print "<center><b>$Lang::tr{'the statistics were last updated at'}: $ftime</b></center><br />\n";
+		print "<img src='/graphs/firewallhits-day-area.png' border='0' />";
+		print "<br />\n";
+	        &Header::closebox();
+
+	        &Header::openbox('100%', 'center', "weekly firewallhits");
+		my $ftime = localtime((stat("$graphdir/firewallhits-week-area.png"))[9]);
+		print "<center><b>$Lang::tr{'the statistics were last updated at'}: $ftime</b></center><br />\n";
+		print "<img src='/graphs/firewallhits-week-area.png' border='0' />";
+		print "<br />\n";
+	        &Header::closebox();
+
+	        &Header::openbox('100%', 'center', "monthly firewallhits");
+		my $ftime = localtime((stat("$graphdir/firewallhits-month-area.png"))[9]);
+		print "<center><b>$Lang::tr{'the statistics were last updated at'}: $ftime</b></center><br />\n";
+		print "<img src='/graphs/firewallhits-month-area.png' border='0' />";
+		print "<br />\n";
+	        &Header::closebox();
+
+	        &Header::openbox('100%', 'center', "yearly firewallhits");
+		my $ftime = localtime((stat("$graphdir/firewallhits-year-area.png"))[9]);
+		print "<center><b>$Lang::tr{'the statistics were last updated at'}: $ftime</b></center><br />\n";
+		print "<img src='/graphs/firewallhits-year-area.png' border='0' />";
+		print "<br />\n";
+	        &Header::closebox();
+}
+
+
+&Header::closebigbox();
+&Header::closepage();

lfs/fwhits

@@ -0,0 +1,79 @@
+###############################################################################
+# This file is part of the IPCop Firewall.                                    #
+#                                                                             #
+# IPCop is free software; you can redistribute it and/or modify               #
+# it under the terms of the GNU General Public License as published by        #
+# the Free Software Foundation; either version 2 of the License, or           #
+# (at your option) any later version.                                         #
+#                                                                             #
+# IPCop is distributed in the hope that it will be useful,                    #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
+# GNU General Public License for more details.                                #
+#                                                                             #
+# You should have received a copy of the GNU General Public License           #
+# along with IPCop; if not, write to the Free Software                        #
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307 USA    #
+#                                                                             #
+# Makefiles are based on LFSMake, which is                                    #
+# Copyright (C) 2002 Rod Roard <rod@sunsetsystems.com>                        #
+#                                                                             #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+
+THISAPP    = fwhits
+DL_FILE    = logtailfwhits
+DL_FROM    = $(URL_IPFIRE)
+TARGET     = $(DIR_INFO)/$(THISAPP)
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+
+objects = $(DL_FILE)
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_MD5 = c548cb78ecd652e8175414c35f14ec4f
+
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
+
+md5 : $(subst %,%_MD5,$(objects))
+
+#dist: 
+#	make-packages.sh fwhits $(THISAPP)-ipfire-beta-1
+
+###############################################################################
+# Downloading, checking, md5sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+	@$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+	@$(LOAD)
+
+$(subst %,%_MD5,$(objects)) :
+	@$(MD5)
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
+	@$(PREBUILD)
+	cp $(DIR_DL)/logtailfwhits /usr/local/bin/
+	chmod 755 /usr/local/bin/logtailfwhits
+	chown root.root /usr/local/bin/logtailfwhits
+	# logtailfwhits /var/log/snort/alert /var/log/snort/fwhits.alert.offset
+	# logtailfwhits /var/log/messages /var/log/fwhits.messages.offset
+	@$(POSTBUILD)

make.sh

@@ -634,6 +634,7 @@ buildipcop() {
   ipcopmake Archive-Tar
   ipcopmake Archive-Zip
   ipcopmake GeoIP
+  ipcopmake fwhits
   ipcopmake noip_updater
   ipcopmake ntp
   ipcopmake oinkmaster

src/scripts/makegraphs

@@ -390,6 +390,122 @@ sub updateifdata {
 	print "Error in RRD::update for $interface: $ERROR\n" if $ERROR;
 }
 
+sub updatefwhitsgraph {
+	my $interval = $_[0];
+
+	RRDs::graph ("$graphs/firewallhits-$interval-area.png",
+		"--start", "-1$interval", "-aPNG", "-i", "-z",
+		"--alt-y-grid", "-w 500", "-h 200",
+		"--color", "SHADEA#EAE9EE",
+		"--color", "SHADEB#EAE9EE",
+		"--color", "BACK#EAE9EE",
+		"-t firewall hits over the last $interval",
+		"DEF:amount=$rrdlog/firewallhits.rrd:amount:AVERAGE",
+		"AREA:amount#6464FF:firewallhits",
+		"GPRINT:amount:MAX:   Max\\: %2.2lf %S",
+		"GPRINT:amount:AVERAGE: Avg\\: %2.2lf %S",
+		"GPRINT:amount:LAST: Current\\: %2.2lf %Shits/5 min\\n",
+		"DEF:portamount=$rrdlog/firewallhits.rrd:portamount:AVERAGE",
+		"AREA:portamount#FF6464:portscans",
+		"GPRINT:portamount:MAX:      Max\\: %2.2lf %S",
+		"GPRINT:portamount:AVERAGE: Avg\\: %2.2lf %S",
+		"GPRINT:portamount:LAST: Current\\: %2.2lf %Shits/5 min");
+	$ERROR = RRDs::error;
+	print "Error in RRD::graph for Firewallhits: $ERROR\n" if $ERROR;
+
+	RRDs::graph ("$graphs/firewallhits-$interval-line.png",
+		"--start", "-1$interval", "-aPNG", "-i", "-z",
+		"--alt-y-grid", "-w 500", "-h 200",
+		"--color", "SHADEA#EAE9EE",
+		"--color", "SHADEB#EAE9EE",
+		"--color", "BACK#EAE9EE",
+		"-t firewall hits over the last $interval",
+		"DEF:amount=$rrdlog/firewallhits.rrd:amount:AVERAGE",
+		"LINE2:amount#6464FF:firewallhits",
+		"GPRINT:amount:MAX:   Max\\: %2.2lf %S",
+		"GPRINT:amount:AVERAGE: Avg\\: %2.2lf %S",
+		"GPRINT:amount:LAST: Current\\: %2.2lf %Shits/5 min\\n",
+		"DEF:portamount=$rrdlog/firewallhits.rrd:portamount:AVERAGE",
+		"LINE2:portamount#FF6464:portscans",
+		"GPRINT:portamount:MAX:      Max\\: %2.2lf %S",
+		"GPRINT:portamount:AVERAGE: Avg\\: %2.2lf %S",
+		"GPRINT:portamount:LAST: Current\\: %2.2lf %Shits/5 min");
+	$ERROR = RRDs::error;
+	print "Error in RRD::graph for Firewallhits: $ERROR\n" if $ERROR;
+}
+
+sub updatefwhitsdata {
+	my $portamount=0;
+	my $alertaktuell=0;
+	my $aktuell=0;
+	my $portaktuell=0;
+	my $skip=0;
+
+	if (! -e "$rrdlog/firewallhits.rrd")
+	{
+		RRDs::create ("$rrdlog/firewallhits.rrd", "--step=300",
+			"DS:amount:GAUGE:600:0:U",
+			"DS:portamount:GAUGE:600:0:U",
+			"RRA:AVERAGE:0.5:1:576",
+			"RRA:AVERAGE:0.5:6:672",
+			"RRA:AVERAGE:0.5:24:732",
+			"RRA:AVERAGE:0.5:144:1460");
+		$ERROR = RRDs::error;
+		print "Error in RRD::create for cpu: $ERROR\n" if $ERROR;
+	}
+
+	system("logtailfwhits /var/log/messages /var/log/fwhits.messages.offset >/tmp/messages.fwhits");
+	if (!(open (FILE,'/tmp/messages.fwhits'))) {
+           $skip=1;
+	}
+	$aktuell = 0;
+	if (!$skip) {
+		while (<FILE>) {
+	 		if (/kernel:.*(IN=.*)$/) {
+				$aktuell++;
+			}
+		}
+		close (FILE);
+	}
+
+	system("logtailfwhits /var/log/snort/alert /var/log/snort/fwhits.alert.offset >/tmp/snort.fwhits");
+	if (!(open (FILE,'/tmp/snort.fwhits'))) {
+           $skip=1;
+	}
+	$alertaktuell = 0;
+	if (!$skip) {
+		while (<FILE>) {
+	 		if (/scan.*$/) {
+				$alertaktuell++;
+			}
+		}
+		close (FILE);
+	}
+
+	if (!(open (FILE,'/tmp/messages.fwhits'))) {
+           $skip=1;
+	}
+	$portaktuell = 0;
+	if (!$skip) {
+		while (<FILE>) {
+	 		if (/kernel:.*(Scan.*)$/) {
+				$portaktuell++;
+			}
+		}
+		close (FILE);
+	}
+
+	system("rm /tmp/messages.fwhits");
+	system("rm /tmp/snort.fwhits");
+
+	$portamount = $portaktuell + $alertaktuell;
+	chomp($portamount);
+	RRDs::update ("$rrdlog/firewallhits.rrd",
+		"N:$aktuell:$portamount");
+	$ERROR = RRDs::error;
+	print "Error in RRD::update for Firewallhits: $ERROR\n" if $ERROR;
+}
+
 ## Update ipac logs
 system ('/usr/sbin/fetchipac');
 sleep 8;
@@ -444,6 +560,15 @@ updatediskgraph ("week");
 updatediskgraph ("month");
 updatediskgraph ("year");
 
+###
+### Firewallhits
+###
+updatefwhitsdata();
+updatefwhitsgraph ("day");
+updatefwhitsgraph ("week");
+updatefwhitsgraph ("month");
+updatefwhitsgraph ("year");
+
 ###
 ### Network Graphs
 ###