github/vesta
1
0
Fork 0
mirror of https://github.com/serghey-rodin/vesta.git synced 2025-08-14 18:49:17 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Firewall with Fail2ban support

Browse source
This commit is contained in:
Serghey Rodin 2014-10-05 14:52:15 +03:00
commit 357eb42647
27 changed files with 936 additions and 50 deletions
Download patch file Download diff file Expand all files Collapse all files

66
web/add/firewall/banlist/index.php Normal file
View file

@ -0,0 +1,66 @@
<?php
// Init
error_reporting(NULL);
ob_start();
session_start();
$TAB = 'FIREWALL';
// Main include
include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
// Check user
if ($_SESSION['user'] != 'admin') {
header("Location: /list/user");
exit;
}
// Check POST request
if (!empty($_POST['ok'])) {
// Check empty fields
if (empty($_POST['v_chain'])) $errors[] = __('banlist');
if (empty($_POST['v_ip'])) $errors[] = __('ip address');
if (!empty($errors[0])) {
foreach ($errors as $i => $error) {
if ( $i == 0 ) {
$error_msg = $error;
} else {
$error_msg = $error_msg.", ".$error;
}
}
$_SESSION['error_msg'] = __('Field "%s" can not be blank.',$error_msg);
}
// Protect input
$v_chain = escapeshellarg($_POST['v_chain']);
$v_ip = escapeshellarg($_POST['v_ip']);
// Add firewall ban
if (empty($_SESSION['error_msg'])) {
exec (VESTA_CMD."v-add-firewall-ban ".$v_ip." ".$v_chain, $output, $return_var);
check_return_code($return_var,$output);
unset($output);
}
// Flush field values on success
if (empty($_SESSION['error_msg'])) {
$_SESSION['ok_msg'] = __('BANLIST_CREATED_OK');
unset($v_ip);
}
}
// Header
include($_SERVER['DOCUMENT_ROOT'].'/templates/header.html');
// Panel
top_panel($user,$TAB);
// Display body
include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/add_firewall_banlist.html');
// Flush session messages
unset($_SESSION['error_msg']);
unset($_SESSION['ok_msg']);
// Footer
include($_SERVER['DOCUMENT_ROOT'].'/templates/footer.html');

2
web/add/firewall/index.php
View file

@ -45,7 +45,7 @@ if (!empty($_POST['ok'])) {
// Add firewall rule
if (empty($_SESSION['error_msg'])) {
exec (VESTA_CMD."v-add-sys-firewall-rule ".$v_action." ".$v_protocol." ".$v_port." ".$v_ip." ".$v_comment, $output, $return_var);
exec (VESTA_CMD."v-add-firewall-rule ".$v_action." ".$v_ip." ".$v_port." ".$v_protocol." ".$v_comment, $output, $return_var);
check_return_code($return_var,$output);
unset($output);
}

36
web/bulk/firewall/banlist/index.php Normal file
View file

@ -0,0 +1,36 @@
<?php
// Init
error_reporting(NULL);
ob_start();
session_start();
// Main include
include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
// Check user
if ($_SESSION['user'] != 'admin') {
header("Location: /list/user");
exit;
}
if (!empty($_POST['ipchain'])) {
$ipchain = $_POST['ipchain'];
list($ip,$chain) = split(":",$ipchain);
$v_ip = escapeshellarg($ip);
$v_chain = escapeshellarg($chain);
}
$action = $_POST['action'];
switch ($action) {
case 'delete': $cmd='v-delete-firewall-ban';
break;
default: header("Location: /list/firewall/banlist/"); exit;
}
foreach ($ipchain as $value) {
exec (VESTA_CMD.$cmd." ".$v_ip." ".$v_chain, $output, $return_var);
}
header("Location: /list/firewall/banlist");

6
web/bulk/firewall/index.php
View file

@ -18,11 +18,11 @@ $rule = $_POST['rule'];
$action = $_POST['action'];
switch ($action) {
case 'delete': $cmd='v-delete-sys-firewall-rule';
case 'delete': $cmd='v-delete-firewall-rule';
break;
case 'suspend': $cmd='v-suspend-sys-firewall-rule';
case 'suspend': $cmd='v-suspend-firewall-rule';
break;
case 'unsuspend': $cmd='v-unsuspend-sys-firewall-rule';
case 'unsuspend': $cmd='v-unsuspend-firewall-rule';
break;
default: header("Location: /list/firewall/"); exit;
}

31
web/delete/firewall/banlist/index.php Normal file
View file

@ -0,0 +1,31 @@
<?php
// Init
error_reporting(NULL);
ob_start();
session_start();
// Main include
include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
// Check user
if ($_SESSION['user'] != 'admin') {
header("Location: /list/user");
exit;
}
if ((!empty($_GET['ip'])) && (!empty($_GET['chain']))) {
$v_ip = escapeshellarg($_GET['ip']);
$v_chain = escapeshellarg($_GET['chain']);
exec (VESTA_CMD."v-delete-firewall-ban ".$v_ip." ".$v_chain, $output, $return_var);
}
check_return_code($return_var,$output);
unset($output);
$back = $_SESSION['back'];
if (!empty($back)) {
header("Location: ".$back);
exit;
}
header("Location: /list/firewall/banlist/");
exit;

2
web/delete/firewall/index.php
View file

@ -15,7 +15,7 @@ if ($_SESSION['user'] != 'admin') {
if (!empty($_GET['rule'])) {
$v_rule = escapeshellarg($_GET['rule']);
exec (VESTA_CMD."v-delete-sys-firewall-rule ".$v_rule, $output, $return_var);
exec (VESTA_CMD."v-delete-firewall-rule ".$v_rule, $output, $return_var);
}
check_return_code($return_var,$output);
unset($output);

4
web/edit/firewall/index.php
View file

@ -22,7 +22,7 @@ if (empty($_GET['rule'])) {
// List rule
$v_rule = escapeshellarg($_GET['rule']);
exec (VESTA_CMD."v-list-sys-firewall-rule ".$v_rule." 'json'", $output, $return_var);
exec (VESTA_CMD."v-list-firewall-rule ".$v_rule." 'json'", $output, $return_var);
check_return_code($return_var,$output);
$data = json_decode(implode('', $output), true);
unset($output);
@ -56,7 +56,7 @@ if (!empty($_POST['save'])) {
$v_comment = escapeshellarg($_POST['v_comment']);
// Change Status
exec (VESTA_CMD."v-change-sys-firewall-rule ".$v_rule." ".$v_action." ".$v_protocol." ".$v_port." ".$v_ip." ".$v_comment, $output, $return_var);
exec (VESTA_CMD."v-change-firewall-rule ".$v_rule." ".$v_action." ".$v_ip." ".$v_port." ".$v_protocol."".$v_comment, $output, $return_var);
check_return_code($return_var,$output);
unset($output);

33
web/list/firewall/banlist/index.php Normal file
View file

@ -0,0 +1,33 @@
<?php
session_start();
$TAB = 'FIREWALL';
// Main include
include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
// Check user
if ($_SESSION['user'] != 'admin') {
header("Location: /list/user");
exit;
}
// Header
include($_SERVER['DOCUMENT_ROOT'].'/templates/header.html');
// Panel
top_panel($user,$TAB);
// Data
exec (VESTA_CMD."v-list-firewall-ban json", $output, $return_var);
$data = json_decode(implode('', $output), true);
$data = array_reverse($data, true);
unset($output);
include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_firewall_banlist.html');
// Back uri
$_SESSION['back'] = $_SERVER['REQUEST_URI'];
// Footer
include($_SERVER['DOCUMENT_ROOT'].'/templates/footer.html');

2
web/list/firewall/index.php
View file

@ -19,7 +19,7 @@ include($_SERVER['DOCUMENT_ROOT'].'/templates/header.html');
top_panel($user,$TAB);
// Data
exec (VESTA_CMD."v-list-sys-firewall json", $output, $return_var);
exec (VESTA_CMD."v-list-firewall json", $output, $return_var);
$data = json_decode(implode('', $output), true);
$data = array_reverse($data, true);
unset($output);

28
web/suspend/firewall/index.php Normal file
View file

@ -0,0 +1,28 @@
<?php
// Init
error_reporting(NULL);
ob_start();
session_start();
include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
// Check user
if ($_SESSION['user'] != 'admin') {
header("Location: /list/user");
exit;
}
if (!empty($_GET['rule'])) {
$v_rule = escapeshellarg($_GET['rule']);
exec (VESTA_CMD."v-suspend-firewall-rule ".$v_rule, $output, $return_var);
}
check_return_code($return_var,$output);
unset($output);
$back=getenv("HTTP_REFERER");
if (!empty($back)) {
header("Location: ".$back);
exit;
}
header("Location: /list/firewall/");
exit;

93
web/templates/admin/add_firewall_banlist.html Normal file
View file

@ -0,0 +1,93 @@
<?php
$back = $_SESSION['back'];
if (empty($back)) {
$back = "location.href='/list/firewall/banlist/'";
} else {
$back = "location.href='".$back."'";
}
?>
<table class="submenu">
<tr>
<td style="padding: 20px 10px;" ><a class="name"><b><?php print __('Adding IP Address to Banlist');?></b></a>
<?php
if (!empty($_SESSION['error_msg'])) {
echo "<span class=\"vst-error\"> → ".$_SESSION['error_msg']."</span>";
} else {
if (!empty($_SESSION['ok_msg'])) {
echo "<span class=\"vst-ok\"> → ".$_SESSION['ok_msg']."</span>";
}
}
?>
</td>
</tr>
</table>
</div>
<form id="vstobjects" name="v_add_ip" method="post">
<script type="text/javascript">
function elementHideShow(elementToHideOrShow) {
var el = document.getElementById(elementToHideOrShow);
if (el.style.display == "block") {
el.style.display = "none";
} else {
el.style.display = "block";
}
}
</script>
<table class="data mode-add">
<tr class="data-add">
<td class="data-dotted">
<table class="data-col1">
<tr><td></td></tr>
</table>
</td>
<td class="data-dotted">
<table class="data-col2" width="600px">
<tr>
<td class="vst-text step-top">
<?php print __('Banlist') ?>
</td>
</tr>
<tr>
<td>
<select class="vst-list" name="v_chain">
<option value="SSH" <?php if ((!empty($v_chain)) && ( $v_chain == "'SSH'" )) echo 'selected'?>><?php print __('SSH') ?></option>
<option value="FTP" <?php if ((!empty($v_chain)) && ( $v_chain == "'FTP'" )) echo 'selected'?>><?php print __('FTP') ?></option>
<option value="MAIL" <?php if ((!empty($v_chain)) && ( $v_chain == "'MAIL'" )) echo 'selected'?>><?php print __('MAIL') ?></option>
<option value="DNS" <?php if ((!empty($v_chain)) && ( $v_chain == "'DNS'" )) echo 'selected'?>><?php print __('DNS') ?></option>
<option value="HTTP" <?php if ((!empty($v_chain)) && ( $v_chain == "'HTTP'" )) echo 'selected'?>><?php print __('HTTP') ?></option>
<option value="HTTPS" <?php if ((!empty($v_chain)) && ( $v_chain == "'HTTPS'" )) echo 'selected'?>><?php print __('HTPS') ?></option>
<option value="POP3" <?php if ((!empty($v_chain)) && ( $v_chain == "'POP3'" )) echo 'selected'?>><?php print __('POP3') ?></option>
<option value="IMAP" <?php if ((!empty($v_chain)) && ( $v_chain == "'IMAP'" )) echo 'selected'?>><?php print __('IMAP') ?></option>
<option value="MYSQL" <?php if ((!empty($v_chain)) && ( $v_chain == "'MYSQL'" )) echo 'selected'?>><?php print __('MYSQL') ?></option>
<option value="POSTGRES" <?php if ((!empty($v_chain)) && ( $v_chain == "'POSTGRES'" )) echo 'selected'?>><?php print __('POSTGRES') ?></option>
<option value="VESTA" <?php if ((!empty($v_chain)) && ( $v_chain == "'VESTA'" )) echo 'selected'?>><?php print __('VESTA') ?></option>
</select>
</td>
</tr>
<tr>
<td class="vst-text input-label">
<?php print __('IP Address');?> <span class="optional">(<?php print __('CDIR format is supported');?>)</span>
</td>
</tr>
<tr>
<td>
<input type="text" size="20" class="vst-input" name="v_ip" <?php if (!empty($v_ip)) echo "value=".$v_ip; ?>>
</td>
</tr>
</table>
<table class="data-col2">
<tr>
<td class="step-top" width="116px">
<input type="submit" name="ok" value="<?php print __('Add');?>" class="button">
</td>
<td class="step-top">
<input type="button" class="button" value="<?php print __('Back');?>" onclick="<?php echo $back ?>">
</td>
</tr>
</table>
</td>
</tr>
</table>
</from>

21
web/templates/admin/list_firewall.html
View file

@ -19,6 +19,11 @@
</select>
<input type="submit" name="ok" value="" class="submenu-button-select">
</div>
<?php if(!empty($_SESSION['FIREWALL_EXTENSION'])) { ?>
<div class="submenu-select-block">
<a class="submenu-select-link" href="/list/firewall/banlist/">[ <?php print __('list fail2ban');?> ]</a>
</div>
<?php } ?>
<?php display_error_block(); ?>
</td>
</tr>
@ -37,10 +42,10 @@
} else {
$status = 'active';
$spnd_action = 'suspend' ;
$spnd_confirmation = 'UNSUSPEND_RULE_CONFIRMATION' ;
$spnd_confirmation = 'SUSPEND_RULE_CONFIRMATION' ;
}
?>
<tr class="data-row">
<tr class="data-row <? if($status == 'suspended') echo 'suspended';?>">
<td class="data-dotted">
<table class="data-col1">
<tr><td><input type="checkbox" class="ch-toggle" name="rule[]" value="<?php echo $data[$key]['RULE']?>" > </td></tr>
@ -58,7 +63,17 @@
</div>
</span>
</a>
<a href="/edit/firewall/?rule=<?php echo $data[$key]['RULE'] ?>" class="data-controls">
<a id="<?php echo $spnd_action ?>_link_<?php echo $i ?>" class="data-controls do_<?php echo $spnd_action ?>">
<span class="do_<?php echo $spnd_action ?>">
<img src="/images/suspend.png" width="7px" height="8px">
<?php echo __($spnd_action); ?>
<input type="hidden" name="<?php echo $spnd_action ?>_url" value="/<?php echo $spnd_action ?>/firewall/?rule=<?php echo $data[$key]['RULE'] ?>" />
<div id="<?php echo $spnd_action ?>_dialog_<?php echo $i ?>" class="confirmation-text-suspention hidden" title="<?php print __('Confirmation');?>">
<p class="counter-value"><?php print __($spnd_confirmation,$key);?></p>
</div>
</span>
</a>
<a href="/edit/firewall/?rule=<?php echo $key ?>" class="data-controls">
<span>
<img src="/images/edit.png" width="8px" height="8px">
<?php print __('edit');?>

88
web/templates/admin/list_firewall_banlist.html Normal file
View file

@ -0,0 +1,88 @@
<table class="submenu">
<tr>
<td class="wrapper">
<div class="submenu-button-block">
<button class="submenu-button-main" onclick="location.href='/add/firewall/banlist/'"> <?php print __('Ban IP Address');?> </button>
</div>
<div class="submenu-search-block">
<form action="/search/" method="get">
<input type="text" name="q" class="submenu-search-field">
<input type="submit" value="<?php print __('Search');?>" class="submenu-button-search">
</form>
</div>
<div class="submenu-select-block">
<form action="/bulk/firewall/banlist/" method="post" id="objects">
<a class="submenu-select-link" href='javascript:checkedAll("objects");'> <?php print __('toggle all');?> </a>
<select class="submenu-select-dropdown" name="action">
<option value=""><?php print __('apply to selected');?></option>
<option value="delete"><?php print __('delete');?></option>
</select>
<input type="submit" name="ok" value="" class="submenu-button-select">
</div>
<?php display_error_block(); ?>
</td>
</tr>
</table>
</div>
<div id="vstobjects">
<table class="data" style="background: #ebe9dc;">
<tr>
<td style="padding: 10px 4px">
<a class="name" style="color: #555; font-size: 10pt;"><b><?php print __('Listing');?> Fail2ban</b></a>
</td>
</tr>
</table>
<table class="data">
<?php
foreach ($data as $key => $value) {
++$i;
list($ip,$chain) = split(":",$key);
?>
<tr class="data-row">
<td class="data-dotted">
<table class="data-col1">
<tr><td><input type="checkbox" class="ch-toggle" name="ipchain[]" value="<?php echo $key ?>"</td></tr>
<tr><td></td></tr>
</table>
</td>
<td class="data-dotted">
<a id="delete_link_<?php echo $i ?>" class="data-controls do_delete">
<span class="do_delete">
<img src="/images/delete.png" width="7px" height="7px">
<?php print __('delete');?>
<input type="hidden" name="delete_url" value="/delete/firewall/banlist/?ip=<?php echo $ip ?>&chain=<?php echo $chain ?>"/>
<div id="delete_dialog_<?php echo $i ?>" class="confirmation-text-delete hidden" title="<?php print __('Confirmation');?>">
<p class="counter-value"><?php print __('DELETE_IP_CONFIRMATION',$ip);?></p>
</div>
</span>
</a>
<table class="data-col5">
<tr>
<td class="log" width="119px"><?php echo $data[$key]['TIME'] ?></td>
<td class="log" width="119px"><?php echo $data[$key]['DATE']?></td>
<td class="log" width="232px"><?php echo $chain ?></td>
<td class="log" ><?php echo $ip ?></td>
</tr>
</table>
</td>
</tr>
<?php
}
?>
</table>
</form>
<div class="data-count">
<?php
if ( $i == 0) {
echo __('There is no currently banned IP addresses');
}
if ( $i == 1) {
echo __('1 IP address');
}
if ( $i > 1) {
echo __('%s IP addresses',$i);
}
?>
</div>
</div>

28
web/unsuspend/firewall/index.php Normal file
View file

@ -0,0 +1,28 @@
<?php
// Init
error_reporting(NULL);
ob_start();
session_start();
include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
// Check user
if ($_SESSION['user'] != 'admin') {
header("Location: /list/user");
exit;
}
if (!empty($_GET['rule'])) {
$v_rule = escapeshellarg($_GET['rule']);
exec (VESTA_CMD."v-unsuspend-firewall-rule ".$v_rule, $output, $return_var);
}
check_return_code($return_var,$output);
unset($output);
$back=getenv("HTTP_REFERER");
if (!empty($back)) {
header("Location: ".$back);
exit;
}
header("Location: /list/firewall/");
exit;