From 6b69c0b62cbf7f4f44b44551fac82d0f01f1347d Mon Sep 17 00:00:00 2001 From: Bill Marquette Date: Fri, 3 Jun 2011 17:30:47 -0500 Subject: Add work in progress package for IMSpector 0.9 AMD64 only at this time until it's ready --- config/imspector-wip/imspector.inc | 286 ++++++++++++++++++++++ config/imspector-wip/imspector.xml | 222 +++++++++++++++++ config/imspector-wip/services_imspector_logs.php | 295 +++++++++++++++++++++++ 3 files changed, 803 insertions(+) create mode 100644 config/imspector-wip/imspector.inc create mode 100644 config/imspector-wip/imspector.xml create mode 100644 config/imspector-wip/services_imspector_logs.php (limited to 'config') diff --git a/config/imspector-wip/imspector.inc b/config/imspector-wip/imspector.inc new file mode 100644 index 00000000..b760bc3b --- /dev/null +++ b/config/imspector-wip/imspector.inc @@ -0,0 +1,286 @@ +. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ + + require_once("config.inc"); + require_once("functions.inc"); + + /* IMSpector */ + + define('IMSPECTOR_RCFILE', '/usr/local/etc/rc.d/imspector.sh'); + define('IMSPECTOR_ETC', '/usr/local/etc/imspector'); + define('IMSPECTOR_CONFIG', IMSPECTOR_ETC . '/imspector.conf'); + + function imspector_notice ($msg) { syslog(LOG_NOTICE, "imspector: {$msg}"); } + function imspector_warn ($msg) { syslog(LOG_WARNING, "imspector: {$msg}"); } + + function imspector_action ($action) { + if (file_exists(IMSPECTOR_RCFILE)) + mwexec(IMSPECTOR_RCFILE.' '.$action); + } + + function imspector_running () { + if((int)exec('pgrep imspector | wc -l') > 0) + return true; + return false; + } + + function write_imspector_config($file, $text) { + $conf = fopen($file, 'w'); + if(!$conf) { + imspector_warn("Could not open {$file} for writing."); + exit; + } + fwrite($conf, $text); + fclose($conf); + } + + function imspector_pf_rdr($iface, $port) { + return "rdr pass on {$iface} inet proto tcp from any to any port = {$port} -> 127.0.0.1 port 16667\n"; + } + + function imspector_pf_rule($iface, $port) { + return "pass in quick on {$iface} inet proto tcp from any to any port {$port} keep state\n"; + } + + function imspector_proto_to_port ($proto) + { + switch ($proto) { + case 'msn': + return 1863; + case 'icq': + return 5190; + case 'yahoo': + return 5050; + case 'irc': + return 6667; + default: + return null; + } + } + + function validate_form_imspector($post, $input_errors) { + if($post['iface_array']) + foreach($post['iface_array'] as $iface) + if($iface == 'wan') + $input_errors[] = 'It is a security risk to specify WAN in the \'Interface\' field'; + } + + function deinstall_package_imspector() { + imspector_action('stop'); + + @unlink(IMSPECTOR_RCFILE); + @unlink(IMSPECTOR_CONFIG); + @unlink(IMSPECTOR_ETC . '/badwords_custom.txt'); + @unlink(IMSPECTOR_ETC . '/acl_blacklist.txt'); + @unlink(IMSPECTOR_ETC . '/acl_whitelist.txt'); + + //exec('pkg_delete imspector-0.4'); + } + + function imspector_generate_rules($type) { + + $rules = ""; + switch ($type) { + case 'rdr': + case 'nat': + $rules = "# IMSpector rdr anchor\n"; + $rules .= "rdr-anchor \"imspector\"\n"; + break; + case 'rule': + $rules = "# IMSpector \n"; + $rules .= "anchor \"miniupnpd\"\n"; + break; + } + + return $rules; + } + + function sync_package_imspector() { + global $config; + global $input_errors; + + config_lock(); + + $imspector_config = $config['installedpackages']['imspector']['config'][0]; + + /* remove existing rules */ + exec('/sbin/pfctl -a imspector -Fr'); + exec('/sbin/pfctl -a imspector -Fn'); + + $ifaces_active = ''; + + if($imspector_config['enable'] && $imspector_config['proto_array']) + $proto_array = explode(',', $imspector_config['proto_array']); + + if($imspector_config['enable'] && $imspector_config['iface_array']) + $iface_array = explode(',', $imspector_config['iface_array']); + + if($iface_array && $proto_array) { + foreach($iface_array as $iface) { + $if = convert_friendly_interface_to_real_interface_name($iface); + /* above function returns iface if fail */ + if($if!=$iface) { + $addr = find_interface_ip($if); + /* non enabled interfaces are displayed in list on imspector settings page */ + /* check that the interface has an ip address before adding parameters */ + if($addr) { + foreach($proto_array as $proto) { + if(imspector_proto_to_port($proto)) { + /* we can use rdr pass to auto create the filter rule */ + $pf_rules .= imspector_pf_rdr($if,imspector_proto_to_port($proto)); + } + } + if(!$ifaces_active) + $ifaces_active = "{$iface}"; + else + $ifaces_active .= ", {$iface}"; + } else { + imspector_warn("Interface {$iface} has no ip address, ignoring"); + } + } else { + imspector_warn("Could not resolve real interface for {$iface}"); + } + } + + if($pf_rules) { + exec("echo \"{$pf_rules}\" | /sbin/pfctl -a imspector -f -"); + + conf_mount_rw(); + + /* generate configuration files */ + + $conf['plugin_dir'] = '/usr/local/lib/imspector'; + + foreach($proto_array as $proto) + $conf[$proto . '_protocol'] = 'on'; + + if($imspector_config['log_file']) { + @mkdir('/var/imspector'); + $conf['file_logging_dir'] = '/var/imspector'; + } + + if($imspector_config['log_mysql']) { + $conf['mysql_server'] = $imspector_config['mysql_server']; + $conf['mysql_database'] = $imspector_config['mysql_database']; + $conf['mysql_username'] = $imspector_config['mysql_username']; + $conf['mysql_password'] = $imspector_config['mysql_password']; + } + + if($imspector_config['filter_badwords']) { + if(!empty($imspector_config["badwords_list"])) { + $conf['badwords_filename'] = IMSPECTOR_ETC . '/badwords_custom.txt'; + write_imspector_config(IMSPECTOR_ETC . '/badwords_custom.txt', + str_replace("\r", '', base64_decode($imspector_config["badwords_list"]))); + } else + $conf['badwords_filename'] = IMSPECTOR_ETC . '/badwords.txt'; + } + + if($imspector_config['block_files']) + $conf['block_files'] = 'on'; + + if($imspector_config['block_unlisted']) + $conf['block_unlisted'] = 'on'; + + if(!empty($imspector_config['acl_whitelist'])) { + $conf['whitelist_filename'] = IMSPECTOR_ETC . '/acl_whitelist.txt'; + write_imspector_config(IMSPECTOR_ETC . '/acl_whitelist.txt', + str_replace("\r", '', base64_decode($imspector_config["acl_whitelist"]))); + } + + if(!empty($imspector_config['acl_blacklist'])) { + $conf['blacklist_filename'] = IMSPECTOR_ETC . '/acl_blacklist.txt'; + write_imspector_config(IMSPECTOR_ETC . '/acl_blacklist.txt', + str_replace("\r", '', base64_decode($imspector_config["acl_blacklist"]))); + } + + $conftext = ''; + foreach($conf as $var => $key) + $conftext .= "{$var}={$key}\n"; + write_imspector_config(IMSPECTOR_CONFIG, $conftext); + + /* generate rc file start and stop */ + $stop = << 'imspector.sh', + 'start' => $start, + 'stop' => $stop + ) + ); + + conf_mount_ro(); + + /* if imspector not running start it */ + if(!imspector_running()) { + imspector_notice("Starting service on interface: {$ifaces_active}"); + imspector_action('start'); + } + /* or restart imspector if settings were changed */ + elseif($_POST['iface_array']) { + imspector_notice("Restarting service on interface: {$ifaces_active}"); + imspector_action('restart'); + } + } + } + + if(!$iface_array || !$proto_array || !$pf_rules) { + /* no parameters user does not want imspector running */ + /* lets stop the service and remove the rc file */ + + if(file_exists(IMSPECTOR_RCFILE)) { + if(!$imspector_config['enable']) + imspector_notice('Stopping service: imspector disabled'); + else + imspector_notice('Stopping service: no interfaces and/or protocols selected'); + + imspector_action('stop'); + + conf_mount_rw(); + unlink(IMSPECTOR_RCFILE); + unlink(IMSPECTOR_CONFIG); + @unlink(IMSPECTOR_ETC . '/badwords_custom.txt'); + @unlink(IMSPECTOR_ETC . '/acl_blacklist.txt'); + @unlink(IMSPECTOR_ETC . '/acl_whitelist.txt'); + conf_mount_ro(); + } + } + + config_unlock(); + } +?> diff --git a/config/imspector-wip/imspector.xml b/config/imspector-wip/imspector.xml new file mode 100644 index 00000000..b8eb535d --- /dev/null +++ b/config/imspector-wip/imspector.xml @@ -0,0 +1,222 @@ + + + + + + . + All rights reserved. + */ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ +/* ========================================================================== */ + ]]> + + Describe your package here + Describe your package requirements here + Currently there are no FAQ items provided. + imspector + 0.9 + Services: IMSpector + Change + /services_imspector_logs.php + /usr/local/pkg/imspector.inc + + IMSpector + Set IMSpector settings such as protocols to listen on. +
Services
+ /services_imspector_logs.php + + + imspector + imspector.sh + imspector + + + + IMSpector Log Viewer + /services_imspector_logs.php + + + IMSpector Settings + /pkg_edit.php?xml=imspector.xml&id=0 + + + + + /usr/local/pkg/ + 0755 + http://www.pfsense.org/packages/config/imspector/imspector.inc + + + /usr/local/www/ + 0755 + http://www.pfsense.org/packages/config/imspector/services_imspector_logs.php + + + + Enable IMSpector + enable + checkbox + + + Interfaces (generally LAN) + iface_array + You can use the CTRL or COMMAND key to select multiple interfaces. + interfaces_selection + 3 + + lan + true + + + Listen on protocols + proto_array + You can use the CTRL or COMMAND key to select multiple protocols. + select + 4 + + true + + + + + + + + + Enable file logging + log_file + Log files stored in /var/imspector. + checkbox + + + Enable mySQL logging + log_mysql + Make sure to specify your MySQL credentials below. + checkbox + + + mySQL server + mysql_server + input + + + mySQL database + mysql_database + input + + + mySQL username + mysql_username + input + + + mySQL password + mysql_password + password + + + Enable bad word filtering + filter_badwords + Replace characters of matched bad word with *. + checkbox + + + Bad words list + badwords_list + + Place one word or phrase to match per line.<br /> + If left blank the default list in /usr/local/etc/imspector/badwords.txt will be used. + + textarea + base64 + 5 + 40 + + + Block file transfers + block_files + Block file transfers on supported protocols. + checkbox + + + Block non ACL defined + block_unlisted + Overide the default of allowing user's not defined the whitelist or blacklist ACLs. + checkbox + + + ACL whitelist + acl_whitelist + + Example (allow specifc access): localuser: remoteuser1 remoteuser2<br /> + Example (allow full access): localuser: + + textarea + base64 + 5 + 40 + + + ACL blacklist + acl_blacklist + + Example (block specifc access): localuser: remoteuser1 remoteuser2<br /> + Example (block all access): localuser: + + textarea + base64 + 5 + 40 + + + + validate_form_imspector($_POST, &$input_errors); + + + sync_package_imspector(); + + + deinstall_package_imspector(); + + imspector_generate_rules + diff --git a/config/imspector-wip/services_imspector_logs.php b/config/imspector-wip/services_imspector_logs.php new file mode 100644 index 00000000..fce9b892 --- /dev/null +++ b/config/imspector-wip/services_imspector_logs.php @@ -0,0 +1,295 @@ +. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +require("guiconfig.inc"); + +/* variables */ +$log_dir = '/var/imspector'; +$imspector_config = $config['installedpackages']['imspector']['config'][0]; + +$border_color = '#c0c0c0'; +$default_bgcolor = '#eeeeee'; + +$list_protocol_color = '#000000'; +$list_local_color = '#000000'; +$list_remote_color = '#000000'; +$list_convo_color = '#000000'; + +$list_protocol_bgcolor = '#cccccc'; +$list_local_bgcolor = '#dddddd'; +$list_remote_bgcolor = '#eeeeee'; +$list_end_bgcolor = '#bbbbbb'; + +$convo_title_color = 'black'; +$convo_local_color = 'blue'; +$convo_remote_color = 'red'; + +$convo_title_bgcolor = '#cccccc'; +$convo_local_bgcolor = '#dddddd'; +$convo_remote_bgcolor = '#eeeeee'; + +/* functions */ + +function convert_dir_list ($topdir) { + if (!is_dir($topdir)) return; + if ($dh = opendir($topdir)) { + while (($file = readdir($dh)) !== false) { + if(!preg_match('/^\./', $file) == 0) continue; + if (is_dir("$topdir/$file")) { + $list .= convert_dir_list("$topdir/$file"); + } else { + $list .= "$topdir/$file\n"; + } + } + closedir($dh); + } + return $list; +} + +/* ajax response */ +if ($_POST['mode'] == "render") { + + /* user list */ + print(str_replace(array($log_dir,'/'),array('','|'),convert_dir_list($log_dir))); + print("--END--\n"); + + /* log files */ + if ($_POST['section'] != "none") { + $section = explode('|',$_POST['section']); + $protocol = $section[0]; + $localuser = $section[1]; + $remoteuser = $section[2]; + $conversation = $section[3]; + + /* conversation title */ + print(implode(', ', $section)."\n"); + print("--END--\n"); + + /* conversation content */ + $filename = $log_dir.'/'.implode('/', $section); + if($fd = fopen($filename, 'r')) { + print("\n"); + while (!feof($fd)) { + $line = fgets($fd); + if(feof($fd)) continue; + $new_format = '([^,]*),([^,]*),([^,]*),([^,]*),([^,]*),([^,]*),(.*)'; + $old_format = '([^,]*),([^,]*),([^,]*),([^,]*),([^,]*),(.*)'; + preg_match("/${new_format}|${old_format}/", $line, $matches); + $address = $matches[1]; + $timestamp = $matches[2]; + $direction = $matches[3]; + $type = $matches[4]; + $filtered = $matches[5]; + if(count($matches) == 8) { + $category = $matches[6]; + $data = $matches[7]; + } else { + $category = ""; + $data = $matches[6]; + } + + if($direction == '0') { + $bgcolor = $convo_remote_bgcolor; + $user = "<$remoteuser>"; + } + if($direction == '1') { + $bgcolor = $convo_local_bgcolor; + $user = "<$localuser>"; + } + + $time = strftime("%H:%M:%S", $timestamp); + + print("\n + \n + \n + \n"); + } + print("
[$time]$user$category$data
\n"); + fclose($fd); + } + } + exit; +} +/* defaults to this page but if no settings are present, redirect to setup page */ +if(!$imspector_config["enable"] || !$imspector_config["iface_array"] || !$imspector_config["proto_array"]) + Header("Location: /pkg_edit.php?xml=imspector.xml&id=0"); + +$pgtitle = "Services: IMSpector Log Viewer"; +include("head.inc"); +/* put your custom HTML head content here */ +/* using some of the $pfSenseHead function calls */ +//$pfSenseHead->addMeta(""); +//echo $pfSenseHead->getHTML(); +?> + + + +
+ + +
+ + +var section = 'none'; +var moveit = 1; +var the_timeout; + +function xmlhttpPost() +{ + var xmlHttpReq = false; + var self = this; + + if (window.XMLHttpRequest) + self.xmlHttpReq = new XMLHttpRequest(); + else if (window.ActiveXObject) + self.xmlHttpReq = new ActiveXObject("Microsoft.XMLHTTP"); + + self.xmlHttpReq.open('POST', 'services_imspector_logs.php', true); + self.xmlHttpReq.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded'); + + self.xmlHttpReq.onreadystatechange = function() { + if (self.xmlHttpReq && self.xmlHttpReq.readyState == 4) + updatepage(self.xmlHttpReq.responseText); + } + + document.getElementById('im_status').style.display = "inline"; + self.xmlHttpReq.send("mode=render§ion=" + section); +} + +function updatepage(str) +{ + /* update the list of conversations ( if we need to ) */ + var parts = str.split("--END--\\n"); + var lines = parts[0].split("\\n"); + + for (var line = 0 ; line < lines.length ; line ++) { + var a = lines[line].split("|"); + + if (!a[1] || !a[2] || !a[3]) continue; + + /* create titling information if needed */ + if (!document.getElementById(a[1])) { + document.getElementById('im_convos').innerHTML += + "
" + a[1] + "
" + + "
"; + } + if (!document.getElementById(a[1] + "_" + a[2])) { + var imageref = ""; + if (a[0]) imageref = "" + a[1] + ""; + document.getElementById(a[1]).innerHTML += + "
" + imageref + a[2] + "
" + + "
"; + } + if (!document.getElementById(a[1] + "_" + a[2] + "_" + a[3])) { + document.getElementById(a[1] + "_" + a[2]).innerHTML += + "
" + a[3] + "
" + + "
"; + } + if (!document.getElementById(a[1] + "_" + a[2] + "_" + a[3] + "_" + a[4])) { + document.getElementById(a[1] + "_" + a[2] + "_" + a[3]).innerHTML += + "
»" + a[4] + "
"; + } + } + + /* determine the title of this conversation */ + var details = parts[1].split(","); + var title = details[0] + " conversation between " + details[ 1 ] + + " and " + details[2] + ""; + if (!details[1]) title = " "; + if (!parts[2]) parts[2] = " "; + + document.getElementById('im_status').style.display = "none"; + var bottom = parseInt(document.getElementById('im_content').scrollTop); + var bottom2 = parseInt(document.getElementById('im_content').style.height); + var absheight = parseInt( bottom + bottom2 ); + if (absheight == document.getElementById('im_content').scrollHeight) { + moveit = 1; + } else { + moveit = 0; + } + document.getElementById('im_content').innerHTML = parts[2]; + if (moveit == 1) { + document.getElementById('im_content').scrollTop = 0; + document.getElementById('im_content').scrollTop = document.getElementById('im_content').scrollHeight; + } + document.getElementById('im_content_title').innerHTML = title; + the_timeout = setTimeout( "xmlhttpPost();", 5000 ); +} + +function setsection(value) +{ + section = value; + clearTimeout(the_timeout); + xmlhttpPost(); + document.getElementById('im_content').scrollTop = 0; + document.getElementById('im_content').scrollTop = document.getElementById('im_content').scrollHeight; +} + +EOD; +print($zz); +?> + + + + + +
+
 
+ + + + + +
+
+ 		+
+
+
+
+ + + +
+ + + -- cgit v1.2.3