[Phpida-cvs] ida/pages edit.php, NONE, 1.1 about.php, NONE, 1.1 logs.php, NONE, 1.1 main.php, NONE,
Status: Alpha
Brought to you by:
xqus
Menu
▾
▴
[Phpida-cvs] ida/pages edit.php, NONE, 1.1 about.php, NONE, 1.1 logs.php, NONE, 1.1 main.php, NONE, 1.1 .htaccess, NONE, 1.1 rules.php, NONE, 1.1
|
From: Audun L. <xq...@us...> - 2007-08-29 13:14:57
|
Update of /cvsroot/phpida/ida/pages In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv22197/pages Added Files: edit.php about.php logs.php main.php .htaccess rules.php Log Message: Initail revsiosion of the "new" Ida --- NEW FILE: main.php --- <?php /* * Created by Audun Larsen (aud...@lk...) * * Copyright 2006 Larsen Konsult * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ $eventsNeedsAtt = 0; $lastEvent = 0; $newEvents = array(); if ($handle = opendir('./data')) { while (false !== ($file = readdir($handle))) { if (substr($file,0,5) == 'event') { $timestamp = substr($file,strpos($file, '_')+1); $type = substr($file,0,strpos($file, '_')); if($timestamp > $lastEvent) { $lastEvent = $timestamp; } if($type == 'eventatt') { $eventsNeedsAtt++; } elseif($type == 'event') { $newEvents[$timestamp] = $file; } } } closedir($handle); } ?> <h2>Welcome to Munin</h2> <p> Welcome to Munin! </p> <p> <img src="gfx/log_high.png"> You have <strong><?php echo $eventsNeedsAtt; ?></strong> event(s) that needs your attention. <a href='index.php?p=logs'>[event log]</a> </p> <h3>New events</h3> <p> <?php while(list($eventTime, $eventFile)=each($newEvents)) { echo '<img src="gfx/event.png" align="absmiddle"> <a href="index.php?p=logs&file='.$eventFile.'">'.date('D. M dS Y H:i',$eventTime).'</a><br>'; } ?> </p> <h3>System overview</h3> <table border="0" cellspacing="0" cellpadding="2"> <tr> <th scope="row"> <img src="gfx/system.gif" alt="system"> System</th> <td><?php echo `uname`;?></td> </tr> <tr> <th scope="row"> <img src="gfx/uptime.gif" alt="system"> System uptime</th> <td><?php echo `uptime`;?></td> </tr> <tr> <th scope="row"> <img src="gfx/rules.gif" alt="system"> Active rules</th> <td></td> </tr> <tr> <th scope="row"> <img src="gfx/database.gif" alt="system"> Database size</th> <td></td> </tr> <tr> <th scope="row"> <img src="gfx/events.gif" alt="system"> Last event</th> <td><?php echo date('D. M dS Y H:i', $lastEvent); ?></td> </tr> </table> --- NEW FILE: rules.php --- <?php /* * Created by Audun Larsen (aud...@lk...) * * Copyright 2006 Larsen Konsult * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ if(isset($_GET['rebuild'])) { parseRules(); } ?> <h2>Browse rules</h2> <p>The rule database is built from the rule files in your rules folder. You can edit the rule files by clicking the filename in the menu to the left. Remember that you have to rebuild the rules in order for any changes to take effect.</p> <p><img src="gfx/database.gif"><a href="index.php?p=rules&rebuild=1">Rebuild rules</a></p> --- NEW FILE: .htaccess --- Deny From All --- NEW FILE: about.php --- <?php /* * Created on Sep 30, 2006 * Created by Audun Larsen (aud...@lk...) * * Copyright 2006 Larsen Konsult * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ ?> <h3>About Munin</h3> <p> Munin is a application level IDS/firewall for PHP based applications. It is written entirely in PHP.<br> Munin is written and copyrighted by <a href="http://munio.no">Munio IT, Audun Larsen</a>. All the icons used in this application are created by <a href="http://www.famfamfam.com/">Mark James</a>. </p> <h3>Munin License</h3> <p> Copyright 2006 - <?php echo date('Y'); ?> Munio IT, Audun Larsen (www.munio.no). All rights reserved. <br> <br>Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: <br> <br> 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. <br> <br>THIS SOFTWARE IS PROVIDED BY THE MUNIN PROJECT ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE MUNIN PROJECT OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. </p> --- NEW FILE: edit.php --- <?php /* * Created on Sep 28, 2006 * Created by Audun Larsen (aud...@lk...) * * Copyright 2006 Larsen Konsult * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ if(!get_magic_quotes_gpc()) { if(isset($_GET['save'])) { if(file_exists('./rules/'.$_GET['file']) && is_writeable('./rules/'.$_GET['file'])) { if(substr($_POST['content'],0,1)=='$') { $firstLineFeed=strpos($_POST['content'],"\n"); $infoLine=substr($_POST['content'],0,$firstLineFeed); $_POST['content']=substr($_POST['content'],$firstLineFeed+1); $infoParams=explode(';',substr($infoLine,1)); foreach($infoParams as $infoParam) { list($key, $val) = explode(':', $infoParam); if($key != '') { $fileInfo[$key]=$val; } } } if(isset($fileInfo['rev'])) { $fileRev = $fileInfo['rev'] + 0.01; } else { $fileRev = 0.1; } //print_r($fileInfo); $fp=fopen('./rules/'.$_GET['file'],'w'); fwrite($fp, '$rev:'.$fileRev.";changed:".date('r')."\n"); fwrite($fp, $_POST['content']); fclose($fp); muninAddLog("Saved rules: ".$_GET['file'], $type = "system", $risk = "info"); } else { echo "Oh.. I can't save to this file.."; muninAddLog("Failed to save: ".$_GET['file'], $type = "system", $risk = "medium"); } } echo '<h2>Edit ruleset: '.htmlentities($_GET['file']).'</h2>'; echo '<form action="index.php?p=edit&file='.htmlentities($_GET['file']).'&save=1" method="post">'; echo '<textarea name="content" rows=40 cols=130 WRAP=OFF>'; if(file_exists('./rules/'.$_GET['file'])) { echo htmlentities(file_get_contents('./rules/'.$_GET['file'])); } echo '</textarea><br>'; echo '<input type="submit" value="Save">'; echo '</form>'; } else { echo "Please turn magic_quotes_gpc Off to use this editor."; } ?> --- NEW FILE: logs.php --- <?php /* * Created by Audun Larsen (aud...@lk...) * * Copyright 2006 Larsen Konsult * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ ?> <?php if(!isset($_GET['file'])) { /** * Delete events */ if(isset($_GET['rm'])) { if(file_exists('./data/'.$_GET['rm'])) { unlink('./data/'.$_GET['rm']); } } echo "<h2>Events</h2>"; echo "<p>The list below shows the unmarked and marked as <i>needs attention</i> events.<br>To show all events, press <a href='index.php?p=logs&showall=1'>here.</a></p>"; echo "<p>"; if ($handle = opendir('./data')) { while (false !== ($file = readdir($handle))) { if (substr($file,0,5) == 'event') { $timestamp = substr($file,strpos($file, '_')+1); $type = substr($file,0,strpos($file, '_')); if($type != 'eventok' || isset($_GET['showall'])) { echo '<img src="gfx/'.$type.'.png" align="absmiddle"> <a href="index.php?p=logs&file='.$file.'">'.date('D. M dS Y H:i',$timestamp).'</a><br>'; } } } closedir($handle); } echo "</p>"; } else { if(file_exists('./data/'.$_GET['file'])) { $timestamp = substr($_GET['file'],strpos($_GET['file'], '_')+1); $type = substr($_GET['file'],0,strpos($_GET['file'], '_')); /** * Mark the file */ if(isset($_GET['mark'])) { switch($_GET['mark']) { case 'ok': rename('./data/'.$_GET['file'], './data/eventok_'.$timestamp); $_GET['file'] = 'eventok_'.$timestamp; echo "<p>Event maked as: Reviewed OK</p>"; break; case 'att': rename('./data/'.$_GET['file'], './data/eventatt_'.$timestamp); $_GET['file'] = 'eventatt_'.$timestamp; echo "<p>Event maked as: Needs attention</p>"; break; } } echo "<h2>Event: ".date('D. M dS Y H:i',$timestamp)."</h2>"; echo "<p><a href='index.php?p=logs'>Back to event list</a> | Mark as: <img src='gfx/eventok.png' align='absmiddle'> <a href='index.php?p=logs&file=".$_GET['file']."&mark=ok'>Reviewed OK</a> <img src='gfx/eventatt.png' align='absmiddle'> <a href='index.php?p=logs&file=".$_GET['file']."&mark=att'>Needs attention</a> | <a href=\"index.php?p=logs&rm=".$_GET['file']."\" onclick=\"return confirm('Are you sure you want to delete this event?')\"><img src='gfx/delete.png' border=0></a></p>"; echo "<pre>"; echo htmlentities(file_get_contents('./data/'.$_GET['file'])); echo "</pre>"; } } ?> |
