commit | author | age
|
cb1221
|
1 |
<?php |
TB |
2 |
|
|
3 |
/* |
|
4 |
Copyright (c) 2014, Till Brehm, ISPConfig UG |
|
5 |
All rights reserved. |
|
6 |
|
|
7 |
Redistribution and use in source and binary forms, with or without modification, |
|
8 |
are permitted provided that the following conditions are met: |
|
9 |
|
|
10 |
* Redistributions of source code must retain the above copyright notice, |
|
11 |
this list of conditions and the following disclaimer. |
|
12 |
* Redistributions in binary form must reproduce the above copyright notice, |
|
13 |
this list of conditions and the following disclaimer in the documentation |
|
14 |
and/or other materials provided with the distribution. |
|
15 |
* Neither the name of ISPConfig nor the names of its contributors |
|
16 |
may be used to endorse or promote products derived from this software without |
|
17 |
specific prior written permission. |
|
18 |
|
|
19 |
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND |
|
20 |
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED |
|
21 |
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. |
|
22 |
IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, |
|
23 |
INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, |
|
24 |
BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
|
25 |
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY |
|
26 |
OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING |
|
27 |
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, |
|
28 |
EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
|
29 |
*/ |
|
30 |
|
|
31 |
class ids { |
|
32 |
|
|
33 |
public function start() |
|
34 |
{ |
|
35 |
global $app, $conf; |
|
36 |
|
|
37 |
$security_config = $app->getconf->get_security_config('ids'); |
|
38 |
|
|
39 |
set_include_path( |
|
40 |
get_include_path() |
|
41 |
. PATH_SEPARATOR |
|
42 |
. ISPC_CLASS_PATH.'/' |
|
43 |
); |
|
44 |
|
|
45 |
require_once(ISPC_CLASS_PATH.'/IDS/Init.php'); |
|
46 |
require_once(ISPC_CLASS_PATH.'/IDS/Monitor.php'); |
|
47 |
require_once(ISPC_CLASS_PATH.'/IDS/Filter.php'); |
|
48 |
require_once(ISPC_CLASS_PATH.'/IDS/Filter/Storage.php'); |
|
49 |
require_once(ISPC_CLASS_PATH.'/IDS/Report.php'); |
|
50 |
require_once(ISPC_CLASS_PATH.'/IDS/Event.php'); |
|
51 |
require_once(ISPC_CLASS_PATH.'/IDS/Converter.php'); |
|
52 |
|
|
53 |
$ids_request = array( |
|
54 |
'GET' => $_GET, |
|
55 |
'POST' => $_POST, |
|
56 |
'COOKIE' => $_COOKIE |
|
57 |
); |
|
58 |
|
|
59 |
$ids_init = IDS\Init::init(ISPC_CLASS_PATH.'/IDS/Config/Config.ini.php'); |
|
60 |
|
|
61 |
$ids_init->config['General']['base_path'] = ISPC_CLASS_PATH.'/IDS/'; |
|
62 |
$ids_init->config['General']['tmp_path'] = '../../../temp'; |
|
63 |
$ids_init->config['General']['use_base_path'] = true; |
|
64 |
$ids_init->config['Caching']['caching'] = 'none'; |
|
65 |
$ids_init->config['Logging']['path'] = '../../../temp/ids.log'; |
|
66 |
|
|
67 |
$current_script_name = trim($_SERVER['SCRIPT_NAME']); |
|
68 |
|
|
69 |
// Get whitelist |
|
70 |
$whitelist_path = '/usr/local/ispconfig/security/ids.whitelist'; |
|
71 |
if(is_file('/usr/local/ispconfig/security/ids.whitelist.custom')) $whitelist_path = '/usr/local/ispconfig/security/ids.whitelist.custom'; |
|
72 |
if(!is_file($whitelist_path)) $whitelist_path = realpath(ISPC_ROOT_PATH.'/../security/ids.whitelist'); |
|
73 |
|
|
74 |
$whitelist_lines = file($whitelist_path); |
|
75 |
if(is_array($whitelist_lines)) { |
|
76 |
foreach($whitelist_lines as $line) { |
|
77 |
$line = trim($line); |
|
78 |
if(substr($line,0,1) != '#') { |
|
79 |
list($user,$path,$varname) = explode(':',$line); |
|
80 |
if($current_script_name == $path) { |
|
81 |
if($user = 'any' |
|
82 |
|| ($user == 'user' && ($_SESSION['s']['user']['typ'] == 'user' || $_SESSION['s']['user']['typ'] == 'admin')) |
|
83 |
|| ($user == 'admin' && $_SESSION['s']['user']['typ'] == 'admin')) { |
|
84 |
$ids_init->config['General']['exceptions'][] = $varname; |
|
85 |
|
|
86 |
} |
|
87 |
} |
|
88 |
} |
|
89 |
} |
|
90 |
} |
|
91 |
|
|
92 |
// Get HTML fields |
|
93 |
$htmlfield_path = '/usr/local/ispconfig/security/ids.htmlfield'; |
|
94 |
if(is_file('/usr/local/ispconfig/security/ids.htmlfield.custom')) $htmlfield_path = '/usr/local/ispconfig/security/ids.htmlfield.custom'; |
|
95 |
if(!is_file($htmlfield_path)) $htmlfield_path = realpath(ISPC_ROOT_PATH.'/../security/ids.htmlfield'); |
|
96 |
|
|
97 |
$htmlfield_lines = file($htmlfield_path); |
|
98 |
if(is_array($htmlfield_lines)) { |
|
99 |
foreach($htmlfield_lines as $line) { |
|
100 |
$line = trim($line); |
|
101 |
if(substr($line,0,1) != '#') { |
|
102 |
list($user,$path,$varname) = explode(':',$line); |
|
103 |
if($current_script_name == $path) { |
|
104 |
if($user = 'any' |
|
105 |
|| ($user == 'user' && ($_SESSION['s']['user']['typ'] == 'user' || $_SESSION['s']['user']['typ'] == 'admin')) |
|
106 |
|| ($user == 'admin' && $_SESSION['s']['user']['typ'] == 'admin')) { |
|
107 |
$ids_init->config['General']['html'][] = $varname; |
|
108 |
} |
|
109 |
} |
|
110 |
} |
|
111 |
} |
|
112 |
} |
|
113 |
|
|
114 |
$ids = new IDS\Monitor($ids_init); |
|
115 |
$ids_result = $ids->run($ids_request); |
|
116 |
|
|
117 |
if (!$ids_result->isEmpty()) { |
|
118 |
|
|
119 |
$impact = $ids_result->getImpact(); |
|
120 |
|
|
121 |
if($impact >= $security_config['ids_log_level']) { |
|
122 |
$ids_log = ISPC_ROOT_PATH.'/temp/ids.log'; |
|
123 |
if(!is_file($ids_log)) touch($ids_log); |
|
124 |
|
|
125 |
$user = isset($_SESSION['s']['user']['typ'])?$_SESSION['s']['user']['typ']:'any'; |
|
126 |
|
|
127 |
$log_lines = ''; |
|
128 |
foreach ($ids_result->getEvents() as $event) { |
|
129 |
$log_lines .= $user.':'.$current_script_name.':'.$event->getName()."\n"; |
|
130 |
} |
|
131 |
file_put_contents($ids_log,$log_lines,FILE_APPEND); |
|
132 |
|
|
133 |
} |
|
134 |
|
|
135 |
if($impact >= $security_config['ids_warn_level']) { |
|
136 |
$app->log("PHP IDS Alert.".$ids_result, 2); |
|
137 |
} |
|
138 |
|
|
139 |
if($impact >= $security_config['ids_block_level']) { |
|
140 |
$app->error("Possible attack detected. This action has been logged.",'', true, 2); |
|
141 |
} |
|
142 |
|
|
143 |
} |
|
144 |
} |
|
145 |
|
|
146 |
} |
|
147 |
|
|
148 |
?> |