From 28548bf4b4d13c2729722900a81d3a9cfe59d435 Mon Sep 17 00:00:00 2001 From: latham Date: Fri, 1 Jul 2011 16:13:16 +0000 Subject: [PATCH] Add IPTables to monitoring data and monitoring interface --- interface/web/monitor/lib/lang/en.lng | 1 + interface/web/monitor/lib/module.conf.php | 5 +++ interface/web/monitor/show_data.php | 7 ++++ interface/web/monitor/tools.inc.php | 22 ++++++++++++ server/lib/classes/monitor_tools.inc.php | 34 +++++++++++++++++++ .../monitor_core_module.inc.php | 29 +++++++++++++++- 6 files changed, 97 insertions(+), 1 deletion(-) diff --git a/interface/web/monitor/lib/lang/en.lng b/interface/web/monitor/lib/lang/en.lng index bf93a95794..8f2cf4670d 100644 --- a/interface/web/monitor/lib/lang/en.lng +++ b/interface/web/monitor/lib/lang/en.lng @@ -139,6 +139,7 @@ $wb['monitor_title_mailq_txt'] = 'Mail Queue'; $wb['monitor_title_raidstate_txt'] = 'RAID Status'; $wb['monitor_title_rkhunterlog_txt'] = 'RKHunter Log'; $wb['monitor_title_fail2ban_txt'] = 'Fail2Ban Log'; +$wb['monitor_title_iptables_txt'] = 'IPTables Rules'; $wb['monitor_title_beancounter_txt'] = 'OpenVz VE BeanCounter'; $wb['monitor_updates_nosupport_txt'] = 'Your distribution is not supported for this monitoring'; $wb['monitor_beancounter_nosupport_txt'] = 'This server is not a OpenVz VE and has no beancounter information'; diff --git a/interface/web/monitor/lib/module.conf.php b/interface/web/monitor/lib/module.conf.php index 08b9bc986a..598368758f 100644 --- a/interface/web/monitor/lib/module.conf.php +++ b/interface/web/monitor/lib/module.conf.php @@ -180,6 +180,11 @@ $items[] = array( 'title' => "Show fail2ban-Log", 'link' => 'monitor/show_data.php?type=fail2ban', 'html_id' => 'fai2ban'); +$items[] = array( 'title' => "Show IPTables", + 'target' => 'content', + 'link' => 'monitor/show_data.php?type=iptables', + 'html_id' => 'iptables'); + $module["nav"][] = array( 'title' => 'Logfiles', 'open' => 1, 'items' => $items); diff --git a/interface/web/monitor/show_data.php b/interface/web/monitor/show_data.php index b43d9c8e3a..daf18ca916 100644 --- a/interface/web/monitor/show_data.php +++ b/interface/web/monitor/show_data.php @@ -124,6 +124,13 @@ switch($dataType) { $title = $app->lng("monitor_title_fail2ban_txt") . ' (' . $monTransSrv . ' : ' . $_SESSION['monitor']['server_name'] . ')'; $description = ''; break; + case 'iptables': + $template = 'templates/show_data.htm'; + $output .= showIPTables(); + $time = getDataTime('iptables_rules'); + $title = $app->lng("monitor_title_iptables_txt") . ' (' . $monTransSrv . ' : ' . $_SESSION['monitor']['server_name'] . ')'; + $description = ''; + break; default: $template = ''; break; diff --git a/interface/web/monitor/tools.inc.php b/interface/web/monitor/tools.inc.php index 4d0e8127c6..46ccaada4d 100644 --- a/interface/web/monitor/tools.inc.php +++ b/interface/web/monitor/tools.inc.php @@ -450,6 +450,28 @@ function showFail2ban() { return $html; } +function showIPTables() { + global $app; + $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'iptables_rules' and server_id = " . $_SESSION['monitor']['server_id'] . " order by created desc"); + if(isset($record['data'])) { + $html = + '
+
'; + $data = unserialize($record['data']); + if ($data == '') { + $html .= '

Problem, there are no rules listed for the server

'; + } + else { + $html = nl2br($data['output']); + } + $html .= '
'; + } else { + $html = '

There is no data available at the moment.

'; + } + return $html; +} + + function showMailq() { global $app; diff --git a/server/lib/classes/monitor_tools.inc.php b/server/lib/classes/monitor_tools.inc.php index 3d178805a2..02ffadd581 100644 --- a/server/lib/classes/monitor_tools.inc.php +++ b/server/lib/classes/monitor_tools.inc.php @@ -1127,6 +1127,40 @@ class monitor_tools { return $res; } + public function monitorIPTables() { + global $conf; + + /* the id of the server as int */ + $server_id = intval($conf['server_id']); + + /** The type of the data */ + $type = 'iptables_rules'; + + /* This monitoring is only available if fail2ban is installed */ + system('which iptables', $retval); // Debian, Ubuntu, Fedora + if ($retval === 0) { + /* Get the data of the log */ + $data['output'] = shell_exec('iptables -S'); + + /* + * At this moment, there is no state (maybe later) + */ + $state = 'no_state'; + } else { + $state = 'no_state'; + $data = ''; + } + + /* + * Return the Result + */ + $res['server_id'] = $server_id; + $res['type'] = $type; + $res['data'] = $data; + $res['state'] = $state; + return $res; + } + public function monitorSysLog() { global $app; global $conf; diff --git a/server/mods-available/monitor_core_module.inc.php b/server/mods-available/monitor_core_module.inc.php index 4294e542cd..ec85bed32a 100644 --- a/server/mods-available/monitor_core_module.inc.php +++ b/server/mods-available/monitor_core_module.inc.php @@ -112,6 +112,7 @@ class monitor_core_module { $this->_monitorRaid(); $this->_monitorRkHunter(); $this->_monitorFail2ban(); + $this->_monitorIPTables(); $this->_monitorSysLog(); } @@ -509,12 +510,38 @@ class monitor_core_module { } private function _monitorFail2ban() { + global $app; + + /* + * First we get the Monitoring-data from the tools + */ + $res = $this->_tools->monitorFail2ban(); + + /* + * Insert the data into the database + */ + $sql = 'INSERT INTO monitor_data (server_id, type, created, data, state) ' . + 'VALUES (' . + $res['server_id'] . ', ' . + "'" . $app->dbmaster->quote($res['type']) . "', " . + 'UNIX_TIMESTAMP(), ' . + "'" . $app->dbmaster->quote(serialize($res['data'])) . "', " . + "'" . $res['state'] . "'" . + ')'; + $app->dbmaster->query($sql); + + /* The new data is written, now we can delete the old one */ + $this->_delOldRecords($res['type'], $res['server_id']); + } + + + private function _monitorIPTables() { global $app; /* * First we get the Monitoring-data from the tools */ - $res = $this->_tools->monitorFail2ban(); + $res = $this->_tools->monitorIPTables(); /* * Insert the data into the database -- GitLab