diff options
Diffstat (limited to 'config/arpwatch')
| -rw-r--r-- | config/arpwatch/arpwatch.xml | 144 | ||||
| -rwxr-xr-x | config/arpwatch/arpwatch_reports.php | 127 | ||||
| -rw-r--r-- | config/arpwatch/sm.php | 42 |
3 files changed, 313 insertions, 0 deletions
diff --git a/config/arpwatch/arpwatch.xml b/config/arpwatch/arpwatch.xml new file mode 100644 index 00000000..a40422d4 --- /dev/null +++ b/config/arpwatch/arpwatch.xml @@ -0,0 +1,144 @@ +<?xml version="1.0" encoding="utf-8" ?> +<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> +<packagegui> + <copyright> + <![CDATA[ +/* ========================================================================== +/* + arpwatch.xml + part of pfSense (https://www.pfsense.org) + Copyright (C) 2007-2014 Electric Sheep Fencing LP + All rights reserved. + + */ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ +/* ========================================================================== */ + ]]> + </copyright> + <description>ARP Monitoring Daemon</description> + <requirements>None</requirements> + <faq>Currently there are no FAQ items provided.</faq> + <name>arpwatch</name> + <version>2.1.a14 pkg v1.1.1</version> + <title>arpwatch: Settings</title> + <aftersaveredirect>pkg_edit.php?xml=arpwatch.xml&id=0</aftersaveredirect> + <menu> + <name>arpwatch</name> + <tooltiptext>Modify arpwatch settings.</tooltiptext> + <section>Services</section> + <configfile>arpwatch.xml</configfile> + <url>/pkg_edit.php?xml=arpwatch.xml&id=0</url> + </menu> + <service> + <name>arpwatch</name> + <rcfile>arpwatch.sh</rcfile> + <executable>arpwatch</executable> + </service> + <tabs> + <tab> + <text>Settings</text> + <url>/pkg_edit.php?xml=arpwatch.xml&id=0</url> + <active/> + </tab> + <tab> + <text>Reports</text> + <url>/arpwatch_reports.php</url> + </tab> + </tabs> + <configpath>installedpackages->package->$packagename->configuration->settings</configpath> + <additional_files_needed> + <prefix>/usr/local/www/</prefix> + <chmod>a+rx</chmod> + <item>https://packages.pfsense.org/packages/config/arpwatch/arpwatch_reports.php</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/sbin/</prefix> + <chmod>a+rx</chmod> + <item>https://packages.pfsense.org/packages/config/arpwatch/sm.php</item> + </additional_files_needed> + <fields> + <field> + <fielddescr>Listening Interface</fielddescr> + <fieldname>interface</fieldname> + <description>Choose the desired listening interface here.</description> + <type>interfaces_selection</type> + </field> + <field> + <fielddescr>Enable E-mail Notifications</fielddescr> + <fieldname>enable_email</fieldname> + <type>checkbox</type> + <description>Sends an E-mail notification for each new station and ARP change as they are seen <strong>instead of</strong> local reports.<br/>NOTE: Only works on pfSense 2.1 or later. <br/>NOTE 2: Disables local reports which rely on arpwatch debug mode, which does not work with e-mail notifications.<br/>Configure SMTP and address settings in System > Advanced on the Notifications tab</description> + </field> + </fields> + <custom_php_global_functions> + <![CDATA[ + function sync_package_arpwatch() { + global $config; + $pf_version=substr(trim(file_get_contents("/etc/version")),0,3); + conf_mount_rw(); + config_lock(); + $log_file = "/var/log/arp.dat"; + if($_POST['interface'] != "") { + $int = $_POST['interface']; + } else { + $int = $config['installedpackages']['arpwatch']['config'][0]['interface']; + } + $mail = ""; + $debug = ""; + if(($pf_version > 2.0) && (isset($_POST['enable_email']) || ($config['installedpackages']['arpwatch']['config'][0]['enable_email'] == "on"))) { + if (!empty($config['notifications']['smtp']['notifyemailaddress'])) + $mail = " -m \"{$config['notifications']['smtp']['notifyemailaddress']}\""; + } else { + $debug = "-d"; + } + $int = convert_friendly_interface_to_real_interface_name($int); + $start = "touch {$log_file}\n"; + $start .= "/usr/local/sbin/arpwatch {$debug} -f {$log_file} {$mail} -i {$int} > /var/log/arpwatch.reports 2>&1 &"; + $stop = "/usr/bin/killall arpwatch"; + write_rcfile(array( + "file" => "arpwatch.sh", + "start" => $start, + "stop" => $stop + ) + ); + restart_service("arpwatch"); + conf_mount_ro(); + config_unlock(); + } + ]]> + </custom_php_global_functions> + <custom_add_php_command> + <![CDATA[ + sync_package_arpwatch(); + ]]> + </custom_add_php_command> + <custom_php_install_command> + <![CDATA[ + unlink_if_exists("/usr/local/etc/rc.d/arpwatch.sh"); + @link("/usr/sbin/sm.php", "/usr/sbin/sendmail"); + ]]> + </custom_php_install_command> +</packagegui> diff --git a/config/arpwatch/arpwatch_reports.php b/config/arpwatch/arpwatch_reports.php new file mode 100755 index 00000000..9b3b1c6c --- /dev/null +++ b/config/arpwatch/arpwatch_reports.php @@ -0,0 +1,127 @@ +#!/usr/local/bin/php +<?php +/* + $Id$ + + arpwatch_reports.php + Copyright (C) 2005 Colin Smith + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +require_once("guiconfig.inc"); +require_once("service-utils.inc"); + +$logfile = "/var/log/arp.dat"; + +if ($_POST['clear']) { + stop_service("arpwatch"); + unlink_if_exists($logfile); + touch($logfile); + start_service("arpwatch"); +} + +if(file_exists($logfile)) { + $rawrep = file($logfile); + foreach($rawrep as $line) { + $todo = preg_split('/\s/', $line); + $rawmac = explode(":", trim($todo[0])); + foreach($rawmac as $set) $mac[] = str_pad($set, 2, "0", STR_PAD_LEFT); + $newmac = implode(":", $mac); + $report[$todo[1]][] = array( + "mac" => $newmac, + "timestamp" => trim($todo[2]), + "hostname" => trim($todo[3]) ? trim($todo[3]) : "Unknown" + ); + unset($mac); + } +} +$pgtitle = "arpwatch: Reports"; +include("head.inc"); + +?> + +<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> +<?php include("fbegin.inc"); ?> +<table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td> +<?php + $tab_array = array(); + $tab_array[] = array("Settings", false, "pkg_edit.php?xml=arpwatch.xml&id=0"); + $tab_array[] = array("Reports", true, "arpwatch_reports.php"); + display_top_tabs($tab_array); +?> + </td> + </tr> + <tr> + <td> + <div id="mainarea"> + <table class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="0"> + <tr> + <td colspan="4" class="listtopic">arp.dat entries</td> + </tr> + <tr> + <td width="15%" class="listhdrr">IP</td> + <td width="25%" class="listhdrr">Timestamp</td> + <td width="15%" class="listhdrr">MAC</td> + <td width="45%" class="listhdrr">Hostname</td> + </tr> + <?php + if($report) + foreach($report as $ip => $rawentries) { + $printip = true; + $entries = $rawentries; + sort($entries); + foreach($entries as $entry) { + echo '<tr>'; + if($printip) { + echo '<td class="listlr">' . $ip . '</td>'; + $stampclass = "listr"; + $printip = false; + } else { + $stampclass = "listlr"; + echo '<td></td>'; + } + echo '<td class="' . $stampclass . '">' . + date("D M j G:i:s", $entry['timestamp']) . + '</td>'; + echo '<td class="listr">' . $entry['mac'] . '</td>'; + echo '<td class="listr">' . $entry['hostname'] . '</td>'; + echo '</tr>'; + } + } + ?> + <tr> + <td> + <br> + <form action="arpwatch_reports.php" method="post"> + <input name="clear" type="submit" class="formbtn" value="Clear log"> + </form> + </td> + </tr> + </table> + </div> + </td> + </tr> +</table> diff --git a/config/arpwatch/sm.php b/config/arpwatch/sm.php new file mode 100644 index 00000000..2e1cc4a0 --- /dev/null +++ b/config/arpwatch/sm.php @@ -0,0 +1,42 @@ +#!/usr/local/bin/php -q +<?php +require_once("config.inc"); +require_once("globals.inc"); +require_once("notices.inc"); + +$pf_version=substr(trim(file_get_contents("/etc/version")),0,3); +if (($pf_version < 2.1)) { + $error = "Sending e-mail on this version of pfSense is not supported. Please use pfSense 2.1 or later"; + log_error($error); + echo "{$error}\n"; + return; +} + +$options = getopt("s::"); + +$message = ""; + +if($options['s'] <> "") { + $subject = $options['s']; +} + + +$in = file("php://stdin"); +foreach($in as $line){ + $line = trim($line); + if ( (substr($line, 0, 6) == "From: ") + || (substr($line, 0, 6) == "Date: ") + || (substr($line, 0, 4) == "To: ")) + continue; + if (empty($subject) && (substr($line, 0, 9) == "Subject: ")) { + $subject = substr($line, 9); + continue; + } + $message .= "$line\n"; +} + +if (!empty($subject)) + send_smtp_message($message, $subject); +else + send_smtp_message($message); +?>
\ No newline at end of file |