Called by fcron hourly to look for scheduled messages. StatusMail.pm declares an object which is used to create the mail messages.

Signed-off-by: Tim FitzGeorge ipfr@tfitzgeorge.me.uk --- src/statusmail/StatusMail.pm | 530 +++++++++++++++++++++++++++++++++++++++++++ src/statusmail/statusmail.pl | 422 ++++++++++++++++++++++++++++++++++ 2 files changed, 952 insertions(+) create mode 100644 src/statusmail/StatusMail.pm create mode 100755 src/statusmail/statusmail.pl

diff --git a/src/statusmail/StatusMail.pm b/src/statusmail/StatusMail.pm new file mode 100644 index 000000000..fb37c3663 --- /dev/null +++ b/src/statusmail/StatusMail.pm @@ -0,0 +1,530 @@ +#!/usr/bin/perl + +############################################################################ +# # +# Send log and status emails for IPFire # +# # +# This is free software; you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation; either version 3 of the License, or # +# (at your option) any later version. # +# # +# This is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with IPFire; if not, write to the Free Software # +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # +# # +# Copyright (C) 2018 - 2019 The IPFire Team # +# # +############################################################################ + +use strict; +use warnings; + +use lib "/usr/lib/statusmail"; + +package StatusMail; + +use base qw/EncryptedMail/; + +############################################################################ +# Constants +############################################################################ + +use constant { SEC => 0, + MIN => 1, + HOUR => 2, + MDAY => 3, + MON => 4, + YEAR => 5, + WDAY => 6, + YDAY => 7, + ISDST => 8, + MONSTR => 9 }; + +use constant MONTHS => qw( Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec ); + +use constant LOGNAME => '/var/log/messages'; + +############################################################################ +# Configuration variables +############################################################################ + +my @monthnames = ('Jan', 'Feb', 'Mar', 'Apr', 'May', 'Jun', 'Jul', 'Aug', + 'Sep', 'Oct', 'Nov', 'Dec'); +my %months; + +############################################################################ +# Variables +############################################################################ + +my %address_lookup_cache; + +############################################################################ +# Function prototypes +############################################################################ + +sub calculate_period( $$ ); +sub get_period_start(); +sub get_period_end(); +sub get_number_weeks(); +sub cache( $;$ ); +sub lookup_ip_address( $$ ); +sub set_host_name( $$$ ); +sub split_string( $$$ ); + +############################################################################ +# Initialisation code +############################################################################ + + +foreach (my $monindex = 0 ; $monindex < MONTHS ; $monindex++) +{ + $months{(MONTHS)[$monindex]} = $monindex; +} + +#------------------------------------------------------------------------------ +# sub new +# +# Class constructor +#------------------------------------------------------------------------------ + +sub new +{ + my $invocant = shift; + + my $class = ref($invocant) || $invocant; + + my $self = $class->SUPER::new( @_ ); + + $self->{last_time} = 0; + $self->{last_mon} = 0; + $self->{last_day} = 0; + $self->{last_hour} = 0; + + bless( $self, $class ); + + return $self; +} + +#------------------------------------------------------------------------------ +# sub calculate_period( value, unit ) +# +# Calculates the limits of the period covered by the message +# +# Parameters: +# value Number of units +# unit Unit of time +#------------------------------------------------------------------------------ + +sub calculate_period( $$ ) +{ + my ( $self, $value, $unit ) = @_; + + use Time::Local; + + my $start_time = 0; + my @start_time = (); + my $end_time = 0; + my @end_time = (); + my $weeks_covered = 0; + + @end_time = localtime(); + + $end_time[SEC] = 0; + $end_time[MIN] = 0; + + $end_time = timelocal( @end_time ); + + if ($unit eq 'months') + { + # Go back the specified number of months + + @start_time = @end_time; + + $start_time[MON] -= $value; + if ($start_time[MON] < 0 ) + { + $start_time[MON] += 12; + $start_time[YEAR]--; + } + + $start_time = timelocal( @start_time ); + } + else + { + my $hours = $value; + + # Go back the specified number of hours, days or weeks + + $hours *= 24 if ($unit eq 'days'); + $hours *= 24 * 7 if ($unit eq 'weeks'); + + $start_time = timelocal( @end_time ) - ($hours * 3600); + @start_time = localtime( $start_time ); + } + + # Adjust end to end of previous hour rather than start of current hour + + $end_time--; + @end_time = localtime( $end_time ); + + # Add the alphabetic month to the end of the time lists + + push @start_time, $monthnames[ $start_time[MON] ]; + push @end_time, $monthnames[ $end_time[MON] ]; + + # Calculate how many archive files have to be read + + my $week_start = $start_time - ($start_time[WDAY] * 86400) - ($start_time[HOUR] * 3600) + 3600; + $weeks_covered = int( (time() - $week_start) / (86400 * 7) ); + + $self->{'start_time_array'} = @start_time; + $self->{'start_time'} = $start_time; + $self->{'end_time_array'} = @end_time; + $self->{'end_time'} = $end_time; + $self->{'weeks_covered'} = $weeks_covered; + $self->{'period'} = "$value$unit"; + $self->{'period'} =~ s/s$//; + $self->{'total_days'} = ($end_time - $start_time) / 86400; +} + + +#------------------------------------------------------------------------------ +# sub get_period() +# +# Returns the period covered by a report. +#------------------------------------------------------------------------------ + +sub get_period() +{ + my $self = shift; + + return $self->{'period'}; +} + + +#------------------------------------------------------------------------------ +# sub get_period_start() +# +# Returns the start of the period covered by a report. +#------------------------------------------------------------------------------ + +sub get_period_start() +{ + my $self = shift; + + return wantarray ? @{$self->{'start_time_array'}} : $self->{'start_time'}; +} + + +#------------------------------------------------------------------------------ +# sub get_period_end() +# +# Returns the end of the period covered by a report. +#------------------------------------------------------------------------------ + +sub get_period_end() +{ + my $self = shift; + + return wantarray ? @{$self->{'end_time_array'}} : $self->{'end_time'}; +} + + +#------------------------------------------------------------------------------ +# sub get_number_weeks() +# +# Returns the number of complete weeks covered by a report. +#------------------------------------------------------------------------------ + +sub get_number_weeks() +{ + my $self = shift; + + return $self->{'weeks_covered'}; +} + + +#------------------------------------------------------------------------------ +# sub cache( name [, item] ) +# +# Either caches an item or returns the cached item. +# +# Parameters: +# Name name of item +# Item item to be cached (optional) +# +# Returns: +# Cached item if no item specified, undef otherwise +#------------------------------------------------------------------------------ + +my %cache; + +sub cache( $;$ ) +{ + my ($self, $name, $item) = @_; + + if ($item) + { + $cache{$name} = $item; + } + else + { + return $cache{$name}; + } + + return undef; +} + + +#------------------------------------------------------------------------------ +# sub clear_cache() +# +# Clears any cached values. +#------------------------------------------------------------------------------ + +sub clear_cache() +{ + %cache = (); +} + + +#------------------------------------------------------------------------------ +# sub get_message_log_line() +# +# Gets the next line from the message log. +# Will cache log entries if the period covered is short. +#------------------------------------------------------------------------------ + +sub get_message_log_line +{ + my $self = shift; + my $line; + + if (exists $self->{logindex}) + { + # Reading from the cache + + if ($self->{logindex} < @{ $self->{logcache} }) + { + return $self->{logcache}[$self->{logindex}++]; + } + else + { + # End of cache - reset to start again on next call + + $self->{logindex} = 0; + return undef; + } + } + + $self->{logfile} = $self->{'weeks_covered'} if (not exists $self->{logfile} or $self->{logfile} < 0); + + LINE: + while (1) + { + if (not exists $self->{fh} or (exists $self->{fh} and eof $self->{fh})) + { + # Reading from a file and need to open a file + + FILE: + while ($self->{logfile} >= 0) + { + my $name = $self->{logfile} < 1 ? LOGNAME : LOGNAME . '.' . $self->{logfile}; + $self->{logfile}--; + + if (-r $name) + { + # Not compressed + + open $self->{fh}, '<', $name or die "Can't open $name: $!"; + $self->{year} = (localtime( (stat(_))[9] ))[YEAR]; + last FILE; + } + elsif (-r "$name.gz") + { + # Compressed + + open $self->{fh}, "gzip -dc $name.gz |" or next; + $self->{year} = (localtime( (stat(_))[9] ))[YEAR]; + last FILE; + } + + # Not found - go back for next file + } + + if ($self->{logfile} < -1) + { + # No further files - reset to start again on next call + + delete $self->{fh}; + return undef; + } + } + + if (exists $self->{fh}) + { + # Reading from a file + + $line = readline $self->{fh}; + + if (eof $self->{fh}) + { + if ($self->{logfile} < 0) + { + # No further files - reset to start again on next call + + delete $self->{fh}; + return undef; + } + # Go back for next file + + close $self->{fh}; + next LINE; + } + + my ($mon, $day, $hour) = unpack 'Lsxs', $line; + + if ($mon != $self->{last_mon} or $day != $self->{last_day} or $hour != $self->{last_hour}) + { + # Hour, day or month changed. Convert to unix time so we can work out + # whether the message time falls between the limits we're interested in. + # This is complicated by the lack of a year in the logged information, + # so assume the current year, and adjust if necessary. + + my @time; + + $time[YEAR] = $self->{year}; + + ($time[MON], $time[MDAY], $time[HOUR], $time[MIN], $time[SEC]) = split /[\s:]+/, $line; + $time[MON] = $months{$time[MON]}; + + $self->{time} = timelocal( @time ); + + if ($self->{time} > time()) + { + # We can't have times in the future, so this must be the previous year. + + $self->{year}--; + $time[YEAR]--; + $self->{time} = timelocal( @time ); + $self->{last_time} = $self->{time}; + } + elsif ($self->{time} < $self->{last_time}) + { + # Time should be increasing, so we must have gone over a year boundary. + + $self->{year}++; + $time[YEAR]++; + $self->{time} = timelocal( @time ); + $self->{last_time} = $self->{time}; + } + + ($self->{last_mon}, $self->{last_day}, $self->{last_hour}) = ($mon, $day, $hour); + } + + # Check to see if we're within the specified limits. + # Note that the minutes and seconds may be incorrect, but since we only deal + # in hour boundaries this doesn't matter. + + next LINE if ($self->{time} < $self->{start_time}); + + if ($self->{time} > $self->{end_time}) + { + # After end time - reset to start again on next call + + close $self->{fh}; + delete $self->{fh}; + $self->{logfile} = $self->{'weeks_covered'}; + + return undef; + } + + # Cache the entry if the time covered is less than two days + + push @{$self->{logcache}}, $line if ($self->{'total_days'} <= 2); + + return $line; + } + } + + return $line; +} + + +#------------------------------------------------------------------------------ +# sub lookup_ip_address( string ) +# +# Converts an IP Address to a URL +#------------------------------------------------------------------------------ + +sub lookup_ip_address( $$ ) +{ + my ($self, $address) = @_; + + use Socket; + + return $address_lookup_cache{$address} if (exists $address_lookup_cache{$address}); + + my $name = gethostbyaddr( inet_aton( $address ), AF_INET ) || ""; + + $address_lookup_cache{$address} = $name; + + return $name; +} + + +#------------------------------------------------------------------------------ +# sub set_host_name( address, name ) +# +# Records the mapping from an IP address to a name +#------------------------------------------------------------------------------ + +sub set_host_name( $$$ ) +{ + my ($self, $address, $name) = @_; + + return unless ($address and $name); + return if ($address eq $name); + + if (exists $address_lookup_cache{$address}) + { + $address_lookup_cache{$address} = "" if ($address_lookup_cache{$address} ne $name); + } + else + { + $address_lookup_cache{$address} = $name; + } +} + + +#------------------------------------------------------------------------------ +# sub spilt_string( string, size ) +# +# Splits a string into multiple lf separated lines +#------------------------------------------------------------------------------ + +sub split_string( $$$ ) +{ + my ($self, $string, $size) = @_; + + my $out = ''; + + while (length $string > $size) + { + $string =~ s/(.{$size,}?)\s+//; + last unless ($1); + $out .= $1 . "\n"; + } + + $out .= $string; + + return $out; +} + +1; diff --git a/src/statusmail/statusmail.pl b/src/statusmail/statusmail.pl new file mode 100755 index 000000000..4ced65880 --- /dev/null +++ b/src/statusmail/statusmail.pl @@ -0,0 +1,422 @@ +#!/usr/bin/perl + +############################################################################ +# # +# Send log and status emails for IPFire # +# # +# This is free software; you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation; either version 3 of the License, or # +# (at your option) any later version. # +# # +# This is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with IPFire; if not, write to the Free Software # +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # +# # +# Copyright (C) 2018 - 2019 The IPFire Team # +# # +############################################################################ +# Main script for statusmail. # +# # +# Usually called by fcron when it will check to see if any schedules are # +# due in which case the schedule will be executed. If the schedule # +# produces any output it is sent as an email to the recipients given in # +# the schedule. Emails are always signed using GPG and will be encrypted # +# if an encryption keys is available for the user. # +# # +# Can also be run with the name of a schedule as an argument in which case # +# the schedule is executed immediately regrardless of whether it is due or # +# not. # +# # +# If run from a terminal additional debugging will be turned on and log # +# messages will be output to the terminal. # +############################################################################ + +use strict; +use warnings; + +use Sys::Syslog qw(:standard :macros); + +use lib "/usr/lib/statusmail"; + +require "/var/ipfire/general-functions.pl"; +require "${General::swroot}/lang.pl"; + +use StatusMail; + +############################################################################ +# Configuration variables +# +# These variables give the locations of various files used by this script +############################################################################ + +my $lib_dir = "/usr/lib/statusmail"; +my $plugin_dir = "$lib_dir/plugins"; +my $stylesheet = "$lib_dir/stylesheet.css"; +my $mainsettings = "${General::swroot}/main/settings"; +my $mailsettings = "${General::swroot}/dma/mail.conf"; +my $contactsettings = "${General::swroot}/statusmail/contact_settings"; +my $schedulesettings = "${General::swroot}/statusmail/schedule_settings"; +my $debug = 0; + +############################################################################ +# Function prototypes +############################################################################ + +# Used by plugins + +sub add_mail_item( % ); + +# Local functions + +sub send_email( $ ); +sub execute_schedule( $$ ); +sub abort( $ ); +sub log_message( $$ ); +sub debug( $$ ); + +############################################################################ +# Variables +############################################################################ + +my %mainsettings = (); +my %sections = (); +my $contacts = {}; +my $schedules = {}; +my %mailsettings = (); + + +############################################################################ +# Main function +############################################################################ + +openlog( "statusmail", "nofatal", LOG_USER); +log_message LOG_INFO, "Starting log and status email processing"; + +# Check for existence of settings files + +exit unless (-r $contactsettings); +exit unless (-e $mailsettings); +exit unless (-r $schedulesettings); + +# Read settings + +General::readhash($mailsettings, %mailsettings); +General::readhash($mainsettings, %mainsettings); + +unless ($mailsettings{'USEMAIL'} eq 'on') +{ + log_message LOG_WARNING, "Email disabled"; + exit; +}; + +eval qx|/bin/cat $contactsettings| if (-r $contactsettings); +eval qx|/bin/cat $schedulesettings| if (-r $schedulesettings); + +# Scan for plugins + +opendir DIR, $plugin_dir or abort "Can't open Plug-in directory $plugin_dir: $!"; + +foreach my $file (readdir DIR) +{ + next unless ($file =~ m/.pm$/); + + debug 1, "Initialising plugin $file"; + + require "$plugin_dir/$file"; +} + +# Check command line parameters + +if (@ARGV) +{ + # Command line parameters provided - try to execute the named schedule. + + my ($schedule) = $ARGV[0]; + + if (exists $$schedules{$schedule}) + { + execute_schedule( $schedule, $$schedules{$schedule} ); + } + else + { + print "Schedule '$schedule' not found\n"; + } + + closelog; + exit; +} + +# Look for a due schedule + +my (undef, undef, $hour, $mday, undef, undef, $wday, undef, undef) = localtime; + +$hour = 1 << $hour; +$wday = 1 << $wday; +$mday = 1 << $mday; + +foreach my $schedule (keys %$schedules) +{ + next unless ($$schedules{$schedule}{'enable'} eq 'on'); # Must be enabled + + next unless ($$schedules{$schedule}{'mday'} & $mday or # Must be due today + $$schedules{$schedule}{'wday'} & $wday); + + next unless ($$schedules{$schedule}{'hours'} & $hour); # Must be due this hour + + debug 1, "Schedule $schedule due"; + + execute_schedule( $schedule, $$schedules{$schedule} ); +} + +closelog; + +exit; + +#------------------------------------------------------------------------------ +# sub execute_schedule( name, schedule ) +# +# Executes the specified schedule as long as at least one of the contacts is +# enabled. +# +# Parameters: +# name name of Schedule +# schedule reference of Schedule hash to be executed +#------------------------------------------------------------------------------ + +sub execute_schedule( $$ ) +{ + my ($name, $schedule) = @_; + my @contacts; + my $status = 0; + + # Check that at least one of the contacts is enabled + + foreach my $contact (split '|', $$schedule{'email'}) + { + push @contacts, $contact if (exists $$contacts{$contact} and $$contacts{$contact}{'enable'} eq 'on'); + } + + if (not @contacts) + { + debug 1, "No enabled contacts"; + return; + } + + log_message LOG_INFO, "Executing status mail schedule $name"; + + # Look for a theme stylesheet + + my $theme_stylesheet = "$lib_dir/$mainsettings{'THEME'}.css"; + $stylesheet = $theme_stylesheet if (-r $theme_stylesheet); + + # Create message + + my $message = new StatusMail( 'format' => $$schedule{'format'}, + 'subject' => $$schedule{'subject'}, + 'to' => [ @contacts ], + 'sender' => $mailsettings{'SENDER'}, + 'max_lines_per_item' => $$schedule{'lines'}, + 'stylesheet' => $stylesheet ); + + if (not $message) + { + log_message LOG_WARNING, "Failed to create message object: $!"; + return; + } + + $message->calculate_period( $$schedule{'period-value'}, $$schedule{'period-unit'} ); + + $message->add_text( "$Lang::tr{'statusmail period from'} " . localtime( $message->get_period_start ) . + " $Lang::tr{'statusmail period to'} " . localtime( $message->get_period_end ) . "\n" ); + + # Loop through the various log items + + foreach my $section ( sort keys %sections ) + { + debug 3, "Section $section"; + $message->add_section( $section ); + + foreach my $subsection ( sort keys %{ $sections{$section} } ) + { + debug 3, "Subsection $subsection"; + $message->add_subsection( $subsection ); + + foreach my $item ( sort keys %{ $sections{$section}{$subsection} } ) + { + debug 3, "Item $item"; + + # Is the item enabled? + + my $key = $sections{$section}{$subsection}{$item}{'ident'}; + + next unless (exists $$schedule{"enable_$key"} and $$schedule{"enable_$key"} eq 'on'); + next unless ($sections{$section}{$subsection}{$item}{'format'} eq 'both' or + $sections{$section}{$subsection}{$item}{'format'} eq $$schedule{'format'}); + + # Yes. Call the function to get it's content - with option if necessary + + debug 2, "Process item $section :: $subsection :: $item"; + + $message->add_title( $item ); + + my $function = $sections{$section}{$subsection}{$item}{'function'}; + + if (exists $$schedule{"value_$key"}) + { + $status += &$function( $message, $$schedule{"value_$key"} ); + } + else + { + $status += &$function( $message ); + } + } + + $message->clear_cache; + } + } + + # End the Message + + if ($status > 0) + { + debug 1, "Send mail message"; + $message->send; + } +} + + +#------------------------------------------------------------------------------ +# sub add_mail_item( params ) +# +# Adds a possible status item to the section and subsection specified. This +# function is called from the BEGIN block of the plugin. +# +# Any errors cause the item to be ignored without raising an error. +# +# Parameters: +# params hash containing details of the item to be added: +# section name of the section containing this item +# subsection name of the subsection containing this item +# item name of the item +# function function called to add item to message +# format available formats for the item 'html', 'text' or 'both' +# option hash specifying option parameter (optional) +# +# option can specify either a selection or an integer. For a selection it +# contains: +# type must be 'option' +# values array of strings representing the possible options +# +# For an integer option contains: +# type must be 'integer' +# min minimum valid value of parameter +# max maximum valid value of parameter +#------------------------------------------------------------------------------ + +sub add_mail_item( % ) +{ + my %params = @_; + + # Check for all required parameters + + return unless (exists $params{'section'} and + exists $params{'subsection'} and + exists $params{'item'} and + exists $params{'function'} ); + + # Check the option + + if ($params{'option'}) + { + return unless (ref $params{'option'} eq 'HASH'); + + if ($params{'option'}{'type'} eq 'select') + { + return unless (ref $params{'option'}{'values'} eq 'ARRAY' and @{ $params{'option'}{'values'} } > 1); + } + elsif ($params{'option'}{'type'} eq 'integer') + { + return unless (exists $params{'option'}{'min'} and + exists $params{'option'}{'max'} and + $params{'option'}{'min'} < $params{'option'}{'max'}); + } + else + { + return; + } + } + + $params{'format'} = 'both' unless (exists $params{'format'}); + + # Record that the option exists + + $sections{$params{'section'}}{$params{'subsection'}}{$params{'item'}} = { 'function' => $params{'function'}, + 'format' => $params{'format'}, + 'ident' => $params{'ident'} }; +} + + +#------------------------------------------------------------------------------ +# sub abort( message ) +# +# Aborts the update run, printing out an error message. +# +# Parameters: +# message Message to be printed +#------------------------------------------------------------------------------ + +sub abort( $ ) +{ +my ($message) = @_; + + log_message( LOG_ERR, $message ); + croak $message; +} + + +#------------------------------------------------------------------------------ +# sub log_message( level, message ) +# +# Logs a message to the system log. If the script is run from the terminal +# then the message is also printed locally. +# +# Parameters: +# level Severity of message +# message Message to be logged +#------------------------------------------------------------------------------ + +sub log_message( $$ ) +{ + my ($level, $message) = @_; + + print "($level) $message\n" if (-t STDIN); + syslog( $level, $message ); +} + + +#------------------------------------------------------------------------------ +# sub debug( level, message ) +# +# Optionally logs a debug message +# +# Parameters: +# level Debug level +# message Message to be logged +#------------------------------------------------------------------------------ + +sub debug( $$ ) +{ + my ($level, $message) = @_; + + if (($level <= $debug) or + ($level == 1 and -t STDIN)) + { + log_message LOG_DEBUG, $message; + } +}

CGI script for statusmail WUI and icon for 'Execute now'.

Signed-off-by: Tim FitzGeorge ipfr@tfitzgeorge.me.uk --- html/cgi-bin/statusmail.cgi | 1687 +++++++++++++++++++++++++++++++++++++++++++ html/html/images/play.png | Bin 0 -> 182 bytes 2 files changed, 1687 insertions(+) create mode 100755 html/cgi-bin/statusmail.cgi create mode 100644 html/html/images/play.png

diff --git a/html/cgi-bin/statusmail.cgi b/html/cgi-bin/statusmail.cgi new file mode 100755 index 000000000..52b72d0ac --- /dev/null +++ b/html/cgi-bin/statusmail.cgi @@ -0,0 +1,1687 @@ +#!/usr/bin/perl + +############################################################################### +# # +# IPFire.org - A linux based firewall # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see http://www.gnu.org/licenses/. # +# # +# Copyright (C) 2019 # +# # +############################################################################### + +# Enable the following only for debugging +use strict; +use warnings; +use CGI qw/:standard/; +use CGI::Carp 'fatalsToBrowser'; + +use IPC::Open3; +use Data::Dumper; + +require '/var/ipfire/general-functions.pl'; +require "${General::swroot}/lang.pl"; +require "${General::swroot}/header.pl"; + +############################################################################### +# Function prototypes +############################################################################### + +# Used by plugins + +sub add_mail_item( % ); +sub get_period_start(); +sub get_period_end(); +sub get_weeks_covered(); +sub cache( $;$ ); + +# Local functions + +sub show_encryption_keys(); +sub show_contacts(); +sub show_schedules(); +sub show_signing_key(); +sub check_key( $ ); +sub get_keys(); +sub check_schedule( % ); +sub toggle_on_off( $ ); +sub export_signing_key(); + +############################################################################### +# Configuration variables +############################################################################### + +my $contactsettings = "${General::swroot}/statusmail/contact_settings"; +my $schedulesettings = "${General::swroot}/statusmail/schedule_settings"; +my $generate_signature = "/usr/lib/statusmail/generate_signature.sh"; +my $mailsettings = "${General::swroot}/dma/mail.conf"; +my $mainsettings = "${General::swroot}/main/settings"; +my $plugin_dir = '/usr/lib/statusmail/plugins'; +my $gpg = "/usr/bin/gpg --homedir ${General::swroot}/statusmail/keys"; +my $execute = '/usr/local/bin/statusmail.pl'; +my $tmpdir = '/var/tmp'; +my $statusmailctrl = '/usr/local/bin/statusmailctrl'; + +############################################################################### +# Initialize variables and hashes +############################################################################### + +my %mainsettings = (); +my %cgiparams = (); +my $errormessage = ''; +my $current_contact = ''; +my $current_key = ''; +my $current_schedule = ''; +my $save_contacts = 0; +my $save_schedules = 0; +my %items; +my %colour; +my $contacts; +my $schedules; +my %keys; +my %mailsettings; +my $sign_key; +my $signing_fingerprint = ''; +my $signing_keyid = ''; +my $encryption_key = ''; +my $show_signing_key = 0; +my $show_encryption_keys = 0; +my $show_contacts = 0; +my @debug; + +############################################################################### +# Main code +############################################################################### + +# Read CGI parameters +my $a = new CGI; + +Header::getcgihash( %cgiparams ); + +# Read settings + +General::readhash( $mainsettings, %mainsettings ); +General::readhash( $mailsettings, %mailsettings ) if (-e $mailsettings); +General::readhash( "/srv/web/ipfire/html/themes/" . $mainsettings{'THEME'} . "/include/colors.txt", %colour ); + +if (-r $contactsettings) +{ + eval qx|/bin/cat $contactsettings|; +} +else +{ + # No settings file - set up defaults + + $contacts = {}; +} + +if (-r $schedulesettings) +{ + eval qx|/bin/cat $schedulesettings|; +} +else +{ + # No settings file - set up defaults + + $schedules = {}; +} + +# Get key information + +get_keys(); + +# Get the email signing key + +$sign_key = `$gpg --armour --export IPFire`; + +$sign_key =~ s/^\s+//; +$sign_key =~ s/\s+$//; + +$errormessage .= "<p>$Lang::tr{'statusmail no signing key'}</p>" if ($sign_key =~ m/nothing exported/ or not $sign_key); + +# Scan for plugins + +opendir DIR, $plugin_dir or die "Can't open Plug-in directory $plugin_dir: $!"; + +foreach my $file (readdir DIR) +{ + next unless ($file =~ m/.pm$/); + + require "$plugin_dir/$file"; +} + +############################################################################### +# ACTIONS +############################################################################### + +# ACTIONS for Installed PGP Keys + +$show_signing_key = $cgiparams{'show signing key'} || 0; +$show_encryption_keys = $cgiparams{'show encryption keys'} || 0; +$show_contacts = $cgiparams{'show contacts'} || 0; + +$show_signing_key = 1 if (exists $cgiparams{'SIGN_ACTION'}); +$show_encryption_keys = 1 if (exists $cgiparams{'KEY_ACTION'}); +$show_contacts = 1 if (exists $cgiparams{'CONTACT_ACTION'}); +$show_signing_key = 1 if ($sign_key =~ m/nothing exported/ or not $sign_key); + +if ($cgiparams{'KEY_ACTION'} eq $Lang::tr{'statusmail import'}) +{ + my $upload = $a->param("UPLOAD"); + $encryption_key = ''; + + binmode $upload; + + foreach my $line ( <$upload> ) + { + $encryption_key .= $line; + } + + check_key( $encryption_key ); + get_keys(); + + $show_contacts = 1; +} +elsif ($cgiparams{'KEY_ACTION'} eq $Lang::tr{'add'}) +{ + check_key( $cgiparams{'key'} ); + + get_keys(); +} +elsif ($cgiparams{'KEY_ACTION'} eq 'remove key') +{ + my $key = $cgiparams{'KEY'}; + $key =~ s/\s+//g; + + my @output = `$gpg --batch --yes --delete-key $key 2>&1`; + + if ($?) + { + $errormessage .= join '<br>', "<p>$Lang::tr{'statusmail key remove failed'} $?", @output; + $errormessage .= "</p>\n"; + } + + get_keys(); +} +elsif ($cgiparams{'KEY_ACTION'} eq $Lang::tr{'statusmail show'}) +{ + $show_encryption_keys = 1; +} +elsif ($cgiparams{'KEY_ACTION'} eq $Lang::tr{'statusmail hide'}) +{ + $show_encryption_keys = 0; +} + +# ACTIONS for Signing Certificate + +elsif ($cgiparams{'SIGN_ACTION'} eq $Lang::tr{'statusmail generate'}) +{ + system( "$generate_signature &>$tmpdir/statusmail_log &" ); +} +elsif ($cgiparams{'SIGN_ACTION'} eq $Lang::tr{'export'}) +{ + export_signing_key(); +} +elsif ($cgiparams{'SIGN_ACTION'} eq $Lang::tr{'statusmail show'}) +{ + $show_signing_key = 1; +} +elsif ($cgiparams{'SIGN_ACTION'} eq $Lang::tr{'statusmail hide'}) +{ + $show_signing_key = 0; +} + +# ACTIONS for Contacts + +elsif ($cgiparams{'CONTACT_ACTION'} eq $Lang::tr{'add'} or $cgiparams{'CONTACT_ACTION'} eq $Lang::tr{'update'}) +{ + if (not $cgiparams{'name'}) + { + $errormessage .= "<p>$Lang::tr{'statusmail no contact name'}</p>"; + } + + if (not General::validemail( $cgiparams{'address'} )) + { + $errormessage .= "<p>$Lang::tr{'statusmail email invalid'}</p>"; + } + + if (not $errormessage) + { + my $enable = $$contacts{$cgiparams{'name'}}{'enable'}; + + $$contacts{$cgiparams{'name'}} = { 'email' => $cgiparams{'address'}, + 'keyid' => '', + 'fingerprint' => '', + 'enable' => $enable }; + $save_contacts = 1; + } +} +elsif ($cgiparams{'CONTACT_ACTION'} eq 'edit contact') +{ + $current_contact = $cgiparams{'KEY'}; +} +elsif ($cgiparams{'CONTACT_ACTION'} eq 'remove contact') +{ + my $key = $cgiparams{'KEY'}; + + delete $$contacts{$key}; + $save_contacts = 1; +} +elsif ($cgiparams{'CONTACT_ACTION'} eq 'toggle contact') +{ + my $key = $cgiparams{'KEY'}; + + toggle_on_off( $$contacts{$key}{'enable'} ); + $save_contacts = 1; +} +elsif ($cgiparams{'CONTACT_ACTION'} eq $Lang::tr{'statusmail show'}) +{ + $show_contacts = 1; +} +elsif ($cgiparams{'CONTACT_ACTION'} eq $Lang::tr{'statusmail hide'}) +{ + $show_contacts = 0; +} + +# ACTIONS for Schedules + +elsif ($cgiparams{'SCHEDULE_ACTION'} eq $Lang::tr{'add'} or $cgiparams{'SCHEDULE_ACTION'} eq $Lang::tr{'update'}) +{ + check_schedule( %cgiparams ); +} +elsif ($cgiparams{'SCHEDULE_ACTION'} eq 'edit schedule') +{ + $current_schedule = $cgiparams{'KEY'}; +} +elsif ($cgiparams{'SCHEDULE_ACTION'} eq 'execute schedule') +{ + system( "$execute '$cgiparams{'KEY'}' &" ); +} +elsif ($cgiparams{'SCHEDULE_ACTION'} eq 'remove schedule') +{ + my $key = $cgiparams{'KEY'}; + + delete $$schedules{$key}; + $save_schedules = 1; +} +elsif ($cgiparams{'SCHEDULE_ACTION'} eq 'toggle schedule') +{ + my $key = $cgiparams{'KEY'}; + + toggle_on_off( $$schedules{$key}{'enable'} ); + + # Check to see if the service needs to be enabled or disabled + + if ($$schedules{$key}{'enable'} eq 'on' and not -e '/etc/fcron.hourly/statusmail') + { + system( "$statusmailctrl enable >/dev/null" ); + } + elsif (-e '/etc/fcron.hourly/statusmail') + { + my $do_disable = 1; + + foreach my $name (keys %$schedules ) + { + if ($$schedules{$name}{'enable'} eq 'on') + { + $do_disable = 0; + last; + } + } + + if ($do_disable) + { + system( "$statusmailctrl disable >/dev/null" ); + } + } + + $save_schedules = 1; +} + +############################################################################### +# Start of HTTP/HTML output +############################################################################### + +# Show Headers +Header::showhttpheaders(); + +############################################################################### +# Page contents +############################################################################### + +Header::openpage($Lang::tr{'statusmail status emails'}, 1, ''); + +# Display error if email is not enabled + +if ($mailsettings{'USEMAIL'} ne 'on') +{ + $errormessage = "<p>$Lang::tr{'statusmail email not enabled'}</p>"; +} + +if ($errormessage) +{ + Header::openbox( '100%', 'left', $Lang::tr{'error messages'} ); + print "<font class='base'>$errormessage</font>\n"; + Header::closebox(); +} + +# Check for key generation in progress + +my $return = `pidof generate_signature.sh -x`; + +chomp($return); + +if ($return) +{ + Header::openbox( 'Working', 1, "<meta http-equiv='refresh' content='5;'>$Lang::tr{'statusmail working'}" ); + + print <<END; + <table width='100%'> + <tr> + <td align='center'> + <img src='/images/indicator.gif' alt='$Lang::tr{'aktiv'}' />&nbsp; + <td> + </tr> + <tr> + <td align='center'> + <form method='post' action='$ENV{'SCRIPT_NAME'}'> + <input type='image' alt='$Lang::tr{'reload'}' title='$Lang::tr{'reload'}' src='/images/view-refresh.png' /> + </form> + </td> + </tr> + <tr><td align='left'><pre> +END +; + my @output = `tail -20 $tmpdir/statusmail_log`; + foreach (@output) + { + print "$_"; + } + print <<END; + </pre> + </table> +END +; + + unlink "$tmpdir/statusmail_log"; + + Header::closebox(); + Header::closebigbox(); + Header::closepage(); + exit; +} + +# Show main bulk of page + +if ($mailsettings{'USEMAIL'} eq 'on') +{ + show_signing_key(); + + unless ($sign_key =~ m/nothing exported/ or not $sign_key) + { + show_encryption_keys(); + show_contacts(); + show_schedules(); + } +} + +foreach my $line (@debug) +{ + print "$line<br>\n"; +} + +# End of page + +Header::closebigbox(); +Header::closepage(); + +# Save settings if necessary + +if ($save_contacts) +{ + open OUT, '>', $contactsettings or die "Can't open contact settings file $contactsettings: $!"; + print OUT Data::Dumper->Dump( [$contacts], ['contacts'] ); + close OUT; +} + +if ($save_schedules) +{ + open OUT, '>', $schedulesettings or die "Can't open schedule settings file $schedulesettings: $!"; + print OUT Data::Dumper->Dump( [$schedules], ['schedules'] ); + close OUT; +} + +############################################################################### +# Subroutines +############################################################################### + +#------------------------------------------------------------------------------ +# sub show_signing_key() +# +# Outputs the 'Signing Key' section of the page. +# +# A new signing key can be generated and exported. +#------------------------------------------------------------------------------ + +sub show_signing_key() +{ + Header::openbox('100%', 'left', $Lang::tr{'statusmail signing key'}); + + # Javascript to copy key to clipboard + + print <<END +<script> + function copy_clipboard() { + /* Get the text field */ + var copyText = document.getElementById( "key_out" ); + + /* Select the text field */ + copyText.select(); + + /* Copy the text inside the text field */ + document.execCommand( "copy" ); + + /* Alert the copied text */ + alert( "$Lang::tr{'statusmail copied to clipboard'}" ); + } +</script> +END +; + + # Hide/Show button + + my $button = $show_signing_key ? $Lang::tr{"statusmail hide"} : $Lang::tr{"statusmail show"}; + + print <<END +<form method='post' action='$ENV{'SCRIPT_NAME'}'> + <table width='100%'> + <tr> + <td align='right'> + <input type='submit' name='SIGN_ACTION' value='$button'> + <input type='hidden' name='show signing key' value='$show_signing_key'> + <input type='hidden' name='show encryption keys' value='$show_encryption_keys'> + <input type='hidden' name='show contacts' value='$show_contacts'> + </td> + </tr> + </table> +</form> +END +; + + # Key information and export/generate buttons + + if ($show_signing_key) + { + my $disabled = ''; + $disabled = ' disabled' if ($sign_key =~ m/nothing exported/ or not $sign_key); + + print <<END +<form method='post' action='$ENV{'SCRIPT_NAME'}'> +<table width='100%' cellspacing='1'> + <tr> + <td width='15%'>$Lang::tr{'statusmail signing key'}</td> + <td> + <textarea name='sign key' rows='5' cols='90' readonly id='key_out'>$sign_key</textarea> + </td> + </tr> + <tr> + <td width='15%'>$Lang::tr{'statusmail fingerprint'}</td> + <td>$signing_fingerprint</td> + </tr> + <tr> + <td width='15%'>$Lang::tr{'statusmail keyid'}</td> + <td>$signing_keyid</td> + </tr> +</table> +<br><hr> +<form method='post' action='$ENV{'SCRIPT_NAME'}'> +<table width='100%'> + <tr> + <td align='right'> + <input type='submit' name='SIGN_ACTION' value='$Lang::tr{"export"}'$disabled> + <button onclick='copy_clipboard()'$disabled>$Lang::tr{'statusmail copy to clipboard'}</button> + <input type='submit' name='SIGN_ACTION' value='$Lang::tr{"statusmail generate"}'> + </td> + </tr> +</table> +</form> +END +; + } + + Header::closebox(); +} + +#------------------------------------------------------------------------------ +# sub show_encryption_keys() +# +# Outputs the 'Installed PGP Keys' section of the page. +# +# User keys can be imported or deleted. +#------------------------------------------------------------------------------ + +sub show_encryption_keys() +{ + Header::openbox('100%', 'left', $Lang::tr{'statusmail keys'}); + + # Hide/show button + + my $button = $show_encryption_keys ? $Lang::tr{"statusmail hide"} : $Lang::tr{"statusmail show"}; + + print <<END +<form method='post' action='$ENV{'SCRIPT_NAME'}'> + <table width='100%'> + <tr> + <td align='right'> + <input type='submit' name='KEY_ACTION' value='$button'> + <input type='hidden' name='show signing key' value='$show_signing_key'> + <input type='hidden' name='show encryption keys' value='$show_encryption_keys'> + <input type='hidden' name='show contacts' value='$show_contacts'> + </td> + </tr> + </table> +</form> +END +; + + if ($show_encryption_keys) + { + # Selected key details and Import/Add buttons + + print <<END + <script> + function enable_file_import() { + /* Get the text field */ + var importButton = document.getElementById( "file-import" ); + + /* Select the text field */ + importButton.removeAttribute( 'disabled' ); + } + </script> + <form method='post' enctype='multipart/form-data' action='$ENV{'SCRIPT_NAME'}'> + <table width='100%' cellspacing='1'> + <tr> + <td width='15%'>$Lang::tr{'statusmail key'}</td> + <td> + <textarea name='key' rows='5' cols='90' id='cert_in' contenteditable="true"> +$encryption_key + </textarea> + </td> + </tr> + </table> + <br><hr> + <table width='100%'> + <tr> + <td align='right'> + <input type="file" size='50' name="UPLOAD" onchange='enable_file_import()'/> + <input type='hidden' name='FILE' /> + <input type='submit' name='KEY_ACTION' value='$Lang::tr{'import'}' id='file-import' disabled /> + <input type='submit' name='KEY_ACTION' value='$Lang::tr{"add"}' /> + </td> + </tr> + </table> + </form> + <hr> + <table width='100%' class='tbl'> + <tr> + <th width='20%'>$Lang::tr{'statusmail contact name'}</th> + <th width='20%'>$Lang::tr{'statusmail email'}</th> + <th width='15%'>$Lang::tr{'statusmail keyid'}</th> + <th width='25%'>$Lang::tr{'statusmail fingerprint'}</th> + <th width='10%'>$Lang::tr{'statusmail key expires'}</th> + <th>$Lang::tr{'statusmail action'}</th> + </tr> +END +; + + # List installed keys + + my $row = 0; + foreach my $fingerprint (sort keys %keys) + { + my $show_fingerprint = $fingerprint; + $show_fingerprint =~ s/((?:\w{4}\s){4}(?:\w{4}))\s(.+)/$1<br>$2/; + + if ($row % 2) + { + print "<tr bgcolor='$colour{'color20'}'>"; + } + else + { + print "<tr bgcolor='$colour{'color22'}'>"; + } + + my $name = Header::escape( $keys{$fingerprint}{'userid'} ); + my $email = Header::escape( $keys{$fingerprint}{'email'} ); + + print <<END + <td align='center'>$name</td> + <td align='center'>$email</td> + <td align='center'>$keys{$fingerprint}{'keyid'}</td> + <td align='center'>$show_fingerprint</td> + <td align='center'>$keys{$fingerprint}{'expires'}</td> + <td align='center'> + <form method='post' action='$ENV{'SCRIPT_NAME'}'> + <input type='hidden' name='KEY_ACTION' value='remove key' /> + <input type='image' name='$Lang::tr{'remove'}' src='/images/delete.gif' alt='$Lang::tr{'remove'}' title='$Lang::tr{'remove'}' /> + <input type='hidden' name='KEY' value='$fingerprint' /> + </form> + </td> + </tr> +END +; + $row++; + } + + print <<END +</table> +END +; + } + Header::closebox(); +} + + +#------------------------------------------------------------------------------ +# sub show_contacts() +# +# Outputs the 'Contacts' part of the page. +# +# New contacts can be added and existing ones enabled/disabled or deleted. +#------------------------------------------------------------------------------ + +sub show_contacts() +{ + my $button = $Lang::tr{'add'}; + my $current_address = ''; + my $name = ''; + my $keyid = ''; + my $enable = 0; + + Header::openbox('100%', 'left', $Lang::tr{'statusmail contacts'}); + + # Hide/Show button + + my $button = $show_contacts ? $Lang::tr{"statusmail hide"} : $Lang::tr{"statusmail show"}; + + print <<END +<form method='post' action='$ENV{'SCRIPT_NAME'}'> + <table width='100%'> + <tr> + <td align='right'> + <input type='submit' name='CONTACT_ACTION' value='$button'> + <input type='hidden' name='show signing key' value='$show_signing_key'> + <input type='hidden' name='show encryption keys' value='$show_encryption_keys'> + <input type='hidden' name='show contacts' value='$show_contacts'> + </td> + </tr> + </table> +</form> +END +; + + if ($show_contacts) + { + # Selected contact details and Import/Add buttons + + if ($current_contact) + { + $button = $Lang::tr{'update'}; + + if (exists $$contacts{$current_contact}) + { + $name = Header::escape( $current_contact ); + $current_address = Header::escape( $$contacts{$current_contact}{'email'} ); + $keyid = $$contacts{$current_contact}{'keyid'}; + } + } + + print <<END + <form method='post' action='$ENV{'SCRIPT_NAME'}'> + <table width='100%' cellspacing='1'> + <tr> + <td width='15%'>$Lang::tr{'statusmail contact name'}</td> + <td> + <input type='text' name='name' value='$name'> + </td> + <td>$Lang::tr{'statusmail email'}</td> + <td> + <input type='email' name='address' value='$current_address'> + </td> + </tr> + <tr> + <td>$Lang::tr{'statusmail keyid'}</td> + <td colspan='3'> + <select name='keys'> +END +; + + foreach my $key (sort keys %keys) + { + my $select = ''; + $select = ' selected' if ($keys{$key}{keyid} eq $keyid); + print "<option value='$keys{$key}{keyid}'$select>$keys{$key}{keyid}</option>\n"; + } + + print <<END + </select> + </td> + </tr> + </table> + <br><hr> + <table width='100%'> + <tr> + <td align='right'><input type='submit' name='CONTACT_ACTION' value='$button'></td> + </tr> + </table> + </form> + <hr> + <table width='100%' class='tbl'> + <tr> + <th width='25%'>$Lang::tr{'statusmail contact name'}</th> + <th width='40%'>$Lang::tr{'statusmail email'}</th> + <th width='25%'>$Lang::tr{'statusmail key'}</th> + <th colspan='3'>$Lang::tr{'statusmail action'}</th> + </tr> +END +; + + # List contacts + + my $row = 0; + foreach my $contact (sort keys %$contacts) + { + my $col = ''; + my $gif; + my $gdesc; + + if ($current_contact eq $contact) + { + print "<tr bgcolor='${Header::colouryellow}'>"; + } + elsif ($row % 2) + { + print "<tr bgcolor='$colour{'color20'}'>"; + } + else + { + print "<tr bgcolor='$colour{'color22'}'>"; + } + + if ($$contacts{$contact}{'enable'} eq 'on') + { + $gif = 'on.gif'; + $gdesc = $Lang::tr{'click to disable'}; + } + else + { + $gif = 'off.gif'; + $gdesc = $Lang::tr{'click to enable'}; + } + + $name = Header::escape( $contact ); + my $address = Header::escape( $$contacts{$contact}{'email'} ); + + print <<END + <td align='center'>$name</td> + <td align='center'>$address</td> + <td align='center'>$$contacts{$contact}{'keyid'}</td> + + <td align='center'> + <form method='post' action='$ENV{'SCRIPT_NAME'}'> + <input type='hidden' name='CONTACT_ACTION' value='toggle contact' /> + <input type='image' name='$Lang::tr{'remove'}' src='/images/$gif' alt='$gdesc' title='$gdesc' /> + <input type='hidden' name='KEY' value='$contact' /> + </form> + </td> + + <td align='center'> + <form method='post' action='$ENV{'SCRIPT_NAME'}'> + <input type='hidden' name='CONTACT_ACTION' value='edit contact' /> + <input type='image' name='$Lang::tr{'edit'}' src='/images/edit.gif' alt='$Lang::tr{'edit'}' title='$Lang::tr{'edit'}' /> + <input type='hidden' name='KEY' value='$contact' /> + </form> + </td> + + <td align='center'> + <form method='post' action='$ENV{'SCRIPT_NAME'}'> + <input type='hidden' name='CONTACT_ACTION' value='remove contact' /> + <input type='image' name='$Lang::tr{'remove'}' src='/images/delete.gif' alt='$Lang::tr{'remove'}' title='$Lang::tr{'remove'}' /> + <input type='hidden' name='KEY' value='$contact' /> + </form> + </td> + </tr> +END +; + $row++; + } + + print <<END +</table> +END +; + } + + Header::closebox(); +} + + +#------------------------------------------------------------------------------ +# sub show_schedules() +# +# Outputs the 'Schedules' part of the page. +#------------------------------------------------------------------------------ + +sub show_schedules() +{ + my $button = $Lang::tr{'add'}; + my $enable = 0; + my %schedule = ( 'subject' => '', + 'email' => '', + 'format' => 'HTML', + 'mday' => 0, + 'wday' => 0, + 'hours' => 0, + 'enable' => 0 ); + + Header::openbox('100%', 'left', $Lang::tr{'statusmail schedules'}); + + if ($current_schedule) + { + $button = $Lang::tr{'update'}; + + foreach my $field ( keys %{ $$schedules{$current_schedule} } ) + { + $schedule{$field} = $$schedules{$current_schedule}{$field}; + } + } + + my $name = Header::escape( $current_schedule ); + my $subject = Header::escape( $schedule{'subject'} ); + + # Selected schedule - email information + + print <<END + <form method='post' action='$ENV{'SCRIPT_NAME'}'> + <table width='100%' cellspacing='1'> + <tr> + <td width='15%'>$Lang::tr{'statusmail schedule name'}</td> + <td colspan='3'> + <input type='text' name='name' value='$name' size='80'> + </td> + </tr> + <tr> + <td>$Lang::tr{'statusmail email subject'}</td> + <td colspan='3'> + <input type='text' name='subject' value='$subject' size='80'> + </td> + </tr> + <tr> + <td>$Lang::tr{'statusmail email to'}</td> + <td> + <select name='emails' size='3' multiple> +END +; + + foreach my $contact (sort keys %$contacts) + { + my $select = ''; + $select = ' selected' if ($schedule{'email'} =~ m/$contact/); + $name = Header::escape( $contact ); + + print "<option value='$name'$select>$name</option>\n"; + } + + my $select_html = $schedule{'format'} ne 'text' ? ' selected' : ''; + my $select_text = $schedule{'format'} eq 'text' ? ' selected' : ''; + my $select_hours = $schedule{'period-unit'} eq 'hours' ? ' selected' : ''; + my $select_days = $schedule{'period-unit'} eq 'days' ? ' selected' : ''; + my $select_weeks = $schedule{'period-unit'} eq 'weeks' ? ' selected' : ''; + my $select_months = $schedule{'period-unit'} eq 'months' ? ' selected' : ''; + + print <<END + </select> + </td> + <td width='20%'>$Lang::tr{'statusmail email format'}</td> + <td width='20%'> + <select name='format' onchange='change_visibility(this)'> + <option value='html'$select_html>HTML</option> + <option value='text'$select_text>Text</option> + </select> + </td> + </tr> + <tr> + <tr> + <td width='20%'>$Lang::tr{'statusmail period covered'}:</td> + <td> + <input type='number' name='period-value' min='1' max='365' value='$schedule{'period-value'}' pattern='type\d+'> + <select name='period-unit' size='1'> + <option value='hours'$select_hours>$Lang::tr{'hours'}</option> + <option value='days'$select_days>$Lang::tr{'days'}</option> + <option value='weeks'$select_weeks>$Lang::tr{'weeks'}</option> + <option value='months'$select_months>$Lang::tr{'months'}</option> + </select> + </td> + <td>$Lang::tr{'statusmail lines per item'}</td> + <td> + <input type='number' name='lines' min='1' max='1000' value='$schedule{'lines'}' pattern='\d+'> + </td> + </tr> + </table> + <br> + <table width='100%' cellspacing='1'> + <tr> + <td colspan='31'>$Lang::tr{'statusmail day of month'}:</td> + </tr> + <tr> +END +; + + # Selected schedule - frequency information + + foreach my $day (1..31) + { + print "<td align='center'>$day</td>\n"; + } + + print "</tr><tr>\n"; + + foreach my $day (1..31) + { + my $checked = ($schedule{'mday'} & (1 << $day)) ? ' checked' : ''; + print "<td align='center'><input type='checkbox' name='mday_$day'$checked></td>\n"; + } + + print <<END + </tr> + <tr><td colspan='31'>&nbsp;</td></tr> + <tr> + <td colspan='31'>$Lang::tr{'statusmail day of week'}:</td> + </tr> + <tr> +END +; + + foreach my $day ('sunday', 'monday', 'tuesday', 'wednesday', 'thursday', 'friday', 'saturday') + { + my $wday = "statusmail $day"; + print "<td align='center'>$Lang::tr{$wday}</td>\n"; + } + + print "</tr><tr>\n"; + + foreach my $day (0..6) + { + my $checked = ($schedule{'wday'} & (1 << $day)) ? ' checked' : ''; + print "<td align='center'><input type='checkbox' name='wday_$day'$checked></td>\n"; + } + + print <<END + </tr> + <tr><td colspan='31'>&nbsp;</td></tr> + <tr> + <td colspan='31'>$Lang::tr{'statusmail hour of day'}:</td> + </tr> +END +; + + foreach my $hour (0..23) + { + print "<td align='center'>$hour</td>\n"; + } + + print "</tr><tr>\n"; + + foreach my $hour (0..23) + { + my $checked = ($schedule{'hours'} & (1 << $hour)) ? ' checked' : ''; + print "<td align='center'><input type='checkbox' name='hour_$hour'$checked></td>\n"; + } + + # Javascript to show/hide HTML only items + + print <<END + </tr> + </table> + <br><hr> + + <script> + function change_visibility(self) + { + var format = self.value; + + var x = document.getElementsByClassName( "html" ); + for ( y = 0 ; y < x.length ; y++ ) + { + if (format == 'html') + { + x[y].removeAttribute( "hidden" ); + } + else + { + x[y].setAttribute( "hidden", "on" ); + } + } + + var x = document.getElementsByClassName( "text" ); + for ( y = 0 ; y < x.length ; y++ ) + { + if (format == 'html') + { + x[y].removeAttribute( "hidden" ); + } + else + { + x[y].setAttribute( "hidden", "on" ); + } + } + } + </script> + + <table width='100%'> +END +; + + # List items + + foreach my $section (sort keys %items) + { + print "<tr style='height:3em'><td colspan='4'><h3>$section</h3></td></tr>\n"; + + foreach my $subsection (sort keys %{ $items{$section} } ) + { + print "<tr style='height:2em'><td colspan='4'><h4 style='padding-left: 20px'>$subsection</h4></td></tr>\n"; + + foreach my $item (sort keys %{ $items{$section}{$subsection} } ) + { + my $name = $items{$section}{$subsection}{$item}{'ident'}; + my $class = $items{$section}{$subsection}{$item}{'format'}; + my $hidden = ''; + my $checked = ''; + + if (($class eq 'html' and $schedule{'format'} eq 'text') or + ($class eq 'text' and $schedule{'format'} eq 'html')) + { + $hidden = ' hidden'; + } + + $checked = ' checked' if ($schedule{"enable_${name}"} eq 'on'); + + print "<tr class='$class'$hidden><td><span style='padding-left: 40px; line-height: 2.2'>$item</span></td>\n"; + print "<td><input type='checkbox' name='enable_${name}'$checked></td>\n"; + + if (exists $items{$section}{$subsection}{$item}{'option'}) + { + my $key = "value_$name"; + + print "<td>$items{$section}{$subsection}{$item}{'option'}{'name'}</td>\n"; + + if ($items{$section}{$subsection}{$item}{'option'}{'type'} eq 'integer') + { + my $min = $items{$section}{$subsection}{$item}{'option'}{'min'}; + my $max = $items{$section}{$subsection}{$item}{'option'}{'max'}; + my $value = $min; + + $value = $schedule{"value_$name"} if (exists $schedule{"value_$name"}); + + print "<td><input type='number' name='$key' min='$min' max='$max' value='$value' pattern='\\d+'></td>\n"; + } + else + { + print "<td><select name='value_$name'>\n"; + + my $current = $items{$section}{$subsection}{$item}{'option'}{'values'}[0]; + + $current = $schedule{"value_$name"} if (exists $schedule{"value_$name"}); + + foreach my $option (@{ $items{$section}{$subsection}{$item}{'option'}{'values'} }) + { + my ($name, $value) = split /:/, $option; + $value ||= $name; + + my $select = ''; + $select = ' selected' if ($current eq $value); + + print "<option value='$value'$select>$name</option>\n"; + } + + print "</select></td>\n"; + } + } + else + { + print "<td>&nbsp;</td>\n"; + print "<td>&nbsp;</td>\n"; + } + print "</tr>\n"; + } + } + } + + # Add/Update button + + print <<END + </table> + <hr> + <table width='100%'> + <tr> + <td align='right'><input type='submit' name='SCHEDULE_ACTION' value='$button'></td> + </tr> + </table> + </form> + <hr> + <table width='100%' class='tbl'> + <tr> + <th width='90%'>$Lang::tr{'statusmail schedule name'}</th> + <th colspan='4'>$Lang::tr{'statusmail action'}</th> + </tr> +END +; + + # List schedules + + my $row = 0; + foreach my $schedule (sort keys %$schedules) + { + my $col = ''; + my $gif; + my $gdesc; + $name = Header::escape( $schedule ); + + if ($current_contact eq $schedule) + { + print "<tr bgcolor='${Header::colouryellow}'>"; + } + elsif ($row % 2) + { + print "<tr bgcolor='$colour{'color20'}'>"; + } + else + { + print "<tr bgcolor='$colour{'color22'}'>"; + } + + if ($$schedules{$schedule}{'enable'} eq 'on') + { + $gif = 'on.gif'; + $gdesc = $Lang::tr{'click to disable'}; + } + else + { + $gif = 'off.gif'; + $gdesc = $Lang::tr{'click to enable'}; + } + + print <<END + <td>$name</td> + + <td align='center'> + <form method='post' action='$ENV{'SCRIPT_NAME'}'> + <input type='hidden' name='SCHEDULE_ACTION' value='toggle schedule' /> + <input type='image' name='$Lang::tr{'remove'}' src='/images/$gif' alt='$gdesc' title='$gdesc' /> + <input type='hidden' name='KEY' value='$schedule' /> + </form> + </td> + + <td align='center'> + <form method='post' action='$ENV{'SCRIPT_NAME'}'> + <input type='hidden' name='SCHEDULE_ACTION' value='execute schedule' /> + <input type='image' name='$Lang::tr{'remove'}' src='/images/play.png' '$Lang::tr{'statusmail execute'}' title='$Lang::tr{'statusmail execute'}' /> + <input type='hidden' name='KEY' value='$schedule' /> + </form> + </td> + + <td align='center'> + <form method='post' action='$ENV{'SCRIPT_NAME'}'> + <input type='hidden' name='SCHEDULE_ACTION' value='edit schedule' /> + <input type='image' name='$Lang::tr{'edit'}' src='/images/edit.gif' alt='$Lang::tr{'edit'}' title='$Lang::tr{'edit'}' /> + <input type='hidden' name='KEY' value='$schedule' /> + </form> + </td> + + <td align='center'> + <form method='post' action='$ENV{'SCRIPT_NAME'}'> + <input type='hidden' name='SCHEDULE_ACTION' value='remove schedule' /> + <input type='image' name='$Lang::tr{'remove'}' src='/images/delete.gif' alt='$Lang::tr{'remove'}' title='$Lang::tr{'remove'}' /> + <input type='hidden' name='KEY' value='$schedule' /> + </form> + </td> + </tr> +END +; + $row++; + } + + print <<END +</table> +END +; + Header::closebox(); +} + + +#------------------------------------------------------------------------------ +# sub check_key( key ) +# +# Checks an imported PGP key to see if it looks correct and then tries +# to import it into the the keyring. +#------------------------------------------------------------------------------ + +sub check_key( $ ) +{ + my ($key) = @_; + + # Remove leading and trailing whitespace + + $key =~ s/^\s+//g; + $key =~ s/\s+$//g; + + # Check it looks like a key + + if ($key !~ m/^-----BEGIN PGP PUBLIC KEY BLOCK-----[A-Za-z\d /=|+\n\r-]+-----END PGP PUBLIC KEY BLOCK-----$/) + { + $errormessage .= "<p>$Lang::tr{'statusmail invalid key'}</p>"; + + return; + } + + # Looks OK - try to import it + + my ($in, $out, $err); + + my $childpid = open3( $in, $out, $err, "$gpg --import" ); + + print $in $key; + + close $in; + + waitpid( $childpid, 0); + + if ($?) + { + $errormessage .= join '<br>', "<p>$Lang::tr{'statusmail import key failed'}", <$out>, "</p>\n"; + } +} + + +#------------------------------------------------------------------------------ +# sub get_keys() +# +# Reads the PGP keyring and extracts information on suitable email encryption +# keys. If a key is found that corresponds to a user not in the contacts list +# the user is added to the contacts. If a key is found for a user in the list +# that does not have a referenced key, the key is added to the contact. +#------------------------------------------------------------------------------ + +sub get_keys() +{ + %keys = (); + + my @keys = `$gpg --fingerprint --fingerprint --with-colons`; + + my $keyid = ''; + my $userid = ''; + my $email = ''; + my $expires = 0; + my $fingerprint = ''; + my $use = ''; + + # Iterate through the list of keys + + foreach my $line (@keys) + { + my @fields = split /:/, $line; + + if ($fields[0] eq 'pub') + { + $keyid = ''; + $userid = ''; + $email = ''; + $expires = 0; + $fingerprint = ''; + $use = ''; + } + + # 0 1 2 3 4 5 6 7 8 9 10 + # type, validity, length, algorithm, keyid, creation date, expiry date, ??, trust, userid, sig class, + # 11 12 13 14 15 16 17 18 19 + # capabilities, issuer, flag, serial, hash algorithm, curve, compliance, updated, origin + + if (($fields[0] eq 'pub' or $fields[0] eq 'sub')) + { + # Key that can be used for encryption + + $userid = $fields[9] if ($fields[9]); + $expires = $fields[6]; + $keyid = $fields[4]; + $use = $fields[11]; + } + elsif ($fields[0] eq 'uid') + { + # User id + + $userid = $fields[9]; + } + elsif ($fields[0] eq 'fpr') + { + # Fingerprint + + $fingerprint = $fields[9]; + $fingerprint =~ s/\w{4}\K(?=.)/ /sg; # Adds a space after every fourth character + } + + if ($keyid and $userid and $expires and $fingerprint and $use =~ m/e/) + { + # We've got all the information for one key + + if ($userid =~ m/@/) + { + ($userid, $email) = $userid =~ m/^(.*?)\s+<(.*)>/; + } + + $keys{$fingerprint} = { 'keyid' => $keyid, + 'userid' => $userid, + 'email' => $email, + 'expires' => $expires, + 'fingerprint' => $fingerprint }; + + if (exists $$contacts{$userid} and ($$contacts{$userid}{'email'} eq $email or not $$contacts{$userid}{'email'})) + { + # Update existing contact + + $$contacts{$userid}{'email'} = $email; + $$contacts{$userid}{'keyid'} = $keyid; + $$contacts{$userid}{'fingerprint'} = $fingerprint; + + $save_contacts = 1; + } + elsif (not exists $$contacts{$userid}) + { + # New contact + + $$contacts{$userid}{'email'} = $email; + $$contacts{$userid}{'keyid'} = $keyid; + $$contacts{$userid}{'fingerprint'} = $fingerprint; + $$contacts{$userid}{'enable'} = 0; + + $save_contacts = 1; + } + + $fingerprint = ''; + $keyid = ''; + } + elsif ($keyid and $userid =~ m/IPFire/ and $fingerprint and $use =~ m/s/) + { + # The signing key + + $signing_fingerprint = $fingerprint; + $signing_keyid = $keyid; + + $fingerprint = ''; + $keyid = ''; + } + } + + # Check for contacts which no longer have a key defined + + foreach my $contact (keys %$contacts) + { + if ($$contacts{$contact}{'fingerprint'} and not exists $keys{$$contacts{$contact}{'fingerprint'}}) + { + $$contacts{$contact}{'fingerprint'} = ''; + $$contacts{$contact}{'keyid'} = ''; + + $save_contacts = 1; + } + } +} + + +#------------------------------------------------------------------------------ +# sub check_schedule( params ) +# +# Checks a schedule is valid +#------------------------------------------------------------------------------ + +sub check_schedule( % ) +{ + my %params = @_; + + my $mdays = 0; + my $wdays = 0; + my $hours = 0; + my $enable = $$schedules{$params{'name'}}{'enable'}; + + # Check required fields are set + + $errormessage .= "<p>$Lang::tr{'statusmail no schedule name'}</p>" if (not $params{'name'}); + $errormessage .= "<p>$Lang::tr{'statusmail no email subject'}</p>" if (not $params{'subject'}); + $errormessage .= "<p>$Lang::tr{'statusmail no email addresses'}</p>" if (not $params{'emails'}); + $errormessage .= "<p>$Lang::tr{'statusmail no period covered'}</p>" if (not $params{'period-value'}); + $errormessage .= "<p>$Lang::tr{'statusmail no lines per item'}</p>" if (not $params{'lines'}); + + # Convert time/date buttons to bitmap + + foreach my $mday (1..31) + { + $mdays |= 1 << $mday if (exists $params{"mday_$mday"}); + } + + foreach my $wday (0..6) + { + $wdays |= 1 << $wday if (exists $params{"wday_$wday"}); + } + + foreach my $hour (0..24) + { + $hours |= 1 << $hour if (exists $params{"hour_$hour"}); + } + + # Check schedule is OK + + $errormessage .= "<p>$Lang::tr{'statusmail no schedule date'}" if (not ($mdays+$wdays)); + $errormessage .= "<p>$Lang::tr{'statusmail no schedule time'}" if (not $hours); + $errormessage .= "<p>$Lang::tr{'statusmail excessive period'}" if (($params{'period-unit'} eq 'hours' and $params{'period-value'} > (365 * 24)) or + ($params{'period-unit'} eq 'days' and $params{'period-value'} > 365) or + ($params{'period-unit'} eq 'weeks' and $params{'period-value'} > 52) or + ($params{'period-unit'} eq 'months' and $params{'period-value'} > 12)); + + $$schedules{$params{'name'}} = { 'subject' => $params{'subject'}, + 'email' => $params{'emails'}, + 'format' => $params{'format'}, + 'period-value' => $params{'period-value'}, + 'period-unit' => $params{'period-unit'}, + 'lines' => $params{'lines'}, + 'mday' => $mdays, + 'wday' => $wdays, + 'hours' => $hours, + 'enable' => $enable }; + + # Check individual items + + foreach my $section (sort keys %items) + { + foreach my $subsection (sort keys %{ $items{$section} } ) + { + foreach my $item (sort keys %{ $items{$section}{$subsection} } ) + { + my $name = $items{$section}{$subsection}{$item}{'ident'}; + my $format = $items{$section}{$subsection}{$item}{'format'}; + + if (($format eq 'html' and $params{'format'} eq 'text') or + ($format eq 'text' and $params{'format'} eq 'html')) + { + $$schedules{$params{'name'}}{"enable_${name}"} = 'off'; + } + else + { + my $state = 'off'; + + $state = 'on' if (exists($params{"enable_${name}"})); + $$schedules{$params{'name'}}{"enable_${name}"} = $state; + } + + if ($items{$section}{$subsection}{$item}{'option'}) + { + $$schedules{$params{'name'}}{"value_${name}"} = $params{"value_${name}"}; + } + } + } + } + + $save_schedules = 1 unless ($errormessage); +} + + +#------------------------------------------------------------------------------ +# sub add_mail_item( params ) +# +# Adds a possible status item to the section and subsection specified. This +# is called by plugins during the BEGIN phase. +# +# In the event of an error in specifying the parameters the item will be +# ignored with no error being raised. +# +# Parameters: +# params hash containing details of the item to be added: +# section name of the section containing this item +# subsection name of the subsection containing this item +# item name of the item +# function function called to add item to message +# format available formats for the item 'html', 'text' or 'both' +# option hash specifying option parameter (optional) +# +# option can specify either a selection or an integer. For a selection it +# contains: +# type must be 'option' +# values array of strings representing the possible options +# +# For an integer option contains: +# type must be 'integer' +# min minimum valid value of parameter +# max maximum valid value of parameter +# +# The function is sanity checked but otherwise ignored by this script. +#------------------------------------------------------------------------------ + +sub add_mail_item( %) +{ + my %params = @_; + + # Check we've got all the expected parameters + + return unless (exists $params{'section'} and + exists $params{'subsection'} and + exists $params{'item'} and + exists $params{'function'}); + + if ($params{'format'}) + { + $params{'format'} = lc $params{'format'}; + + return unless ($params{'format'} eq 'html' or + $params{'format'} eq 'text' or + $params{'format'} eq 'both'); + } + else + { + $params{'format'} = 'both'; + } + + $items{$params{'section'}}{$params{'subsection'}}{$params{'item'}} = { 'format' => $params{'format'}, + 'ident' => $params{'ident'} }; + + # Check the option parameter, if it exists + + if ($params{'option'}) + { + return unless (ref $params{'option'} eq 'HASH'); + return unless ($params{'option'}{'name'}); + + if ($params{'option'}{'type'} eq 'select') + { + return unless (ref $params{'option'}{'values'} eq 'ARRAY' and @{ $params{'option'}{'values'} } > 1); + + $items{$params{'section'}}{$params{'subsection'}}{$params{'item'}}{'option'}{'type'} = $params{'option'}{'type'}; + $items{$params{'section'}}{$params{'subsection'}}{$params{'item'}}{'option'}{'values'} = $params{'option'}{'values'}; + $items{$params{'section'}}{$params{'subsection'}}{$params{'item'}}{'option'}{'name'} = $params{'option'}{'name'}; + } + elsif ($params{'option'}{'type'} eq 'integer') + { + return unless (exists $params{'option'}{'min'} and exists $params{'option'}{'max'} and $params{'option'}{'min'} < $params{'option'}{'max'}); + + $items{$params{'section'}}{$params{'subsection'}}{$params{'item'}}{'option'}{'type'} = $params{'option'}{'type'}; + $items{$params{'section'}}{$params{'subsection'}}{$params{'item'}}{'option'}{'min'} = $params{'option'}{'min'}; + $items{$params{'section'}}{$params{'subsection'}}{$params{'item'}}{'option'}{'max'} = $params{'option'}{'max'}; + $items{$params{'section'}}{$params{'subsection'}}{$params{'item'}}{'option'}{'name'} = $params{'option'}{'name'}; + } + } +} + + +#------------------------------------------------------------------------------ +# sub toggle_on_off( string ) +# +# Toggles between 'on' and 'off'. +#------------------------------------------------------------------------------ + +sub toggle_on_off( $ ) +{ + $_[0] = $_[0] eq 'on' ? 'off' : 'on'; +} + + +#------------------------------------------------------------------------------ +# sub export_signing_key() +# +# Exports the signing key to a file on the WUI client computer +#------------------------------------------------------------------------------ + +sub export_signing_key() +{ + # Print headers + print "Content-Disposition: attachment; filename=$mainsettings{HOSTNAME}.asc\n"; + print "Content-Type: application/octet-stream\n"; + print "Content-Length: " . length( $sign_key ) . "\n"; + print "\n"; + + # Deliver content + print $sign_key; + + exit( 0 ); +} + + +#------------------------------------------------------------------------------ +# These functions are referenced by plugins but will not actually be called. +# +# The script to send mail messages makes use of theses functions. +#------------------------------------------------------------------------------ + + +sub get_period_start() +{ +} + +sub get_period_end() +{ +} + +sub get_weeks_covered() +{ +} + +sub cache( $;$ ) +{ +} diff --git a/html/html/images/play.png b/html/html/images/play.png new file mode 100644 index 0000000000000000000000000000000000000000..d5ecf1236d92c50c912353239f6e5826b6328cb5 GIT binary patch literal 182 zcmeAS@N?(olHy`uVBq!ia0vp^A|TAc3?z4jzqJQa5&=FTuD%_g|NsAg;J|_Q_V%D4 zkh*Q#wt>{>{9Xp6I7)*2g8%<#0IK=_U)=Sl1W?S?)5S4F;&Sf=Pc8-p9%cv8S%3Z? z?+RM7&8cXP^Ykr&OKK;G9qPU2d`3`o(uxm74$s;7)m1`Uws2hf_|rG6bxq|?tBpT7 Y??<uh6nMM)0MI}NPgg&ebxsLQ04gg**#H0l

literal 0 HcmV?d00001

Language file updates. Note that the french language strings have been checked by a native speaker.

Signed-off-by: Tim FitzGeorge ipfr@tfitzgeorge.me.uk --- langs/en/cgi-bin/en.pl | 94 ++++++++++++++++++++++++++++++++++++++++++++++++++ langs/fr/cgi-bin/fr.pl | 92 ++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 186 insertions(+)

diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index af0d514af..dba0be3eb 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -1353,6 +1353,7 @@ 'hosts config changed' => 'Hosts config changed', 'hour' => 'Hour', 'hour-graph' => 'Hour', +'hours-graph' => 'Hours', 'hours' => 'Hours', 'hours2' => 'Hours', 'ibod for dual isdn only' => 'iBOD can only be used with Dual ISDN.', @@ -2266,6 +2267,99 @@ 'status' => 'Status', 'status information' => 'Status information', 'status ovpn' => 'OpenVPN', +'statusmail action' => 'Action', +'statusmail addon' => 'Addons', +'statusmail addon updates available' => 'Addon updates available', +'statusmail contact name' => 'Name', +'statusmail contacts' => 'Contacts', +'statusmail copied to clipboard' => 'Copied key to clipboard', +'statusmail copy to clipboard' => 'Copy to clipboard', +'statusmail core' => 'Core', +'statusmail core update available' => 'Core update available', +'statusmail day of month' => 'Days of month', +'statusmail day of week' => 'Days of Week', +'statusmail detail' => 'Level of detail', +'statusmail disk access' => 'Disk access', +'statusmail disk temperature' => 'Disk temperature', +'statusmail email' => 'Email address', +'statusmail email format' => 'Email format', +'statusmail email invalid' => 'Invalid email address', +'statusmail email not enabled' => 'Not available: emails not enabled', +'statusmail email subject' => 'Email subject', +'statusmail email to' => 'Send email to', +'statusmail error' => 'Error', +'statusmail errors' => 'Errors', +'statusmail event' => 'Event', +'statusmail events' => 'Events', +'statusmail executable' => 'Executable', +'statusmail execute' => 'Execute schedule now', +'statusmail fingerprint' => 'Fingerprint', +'statusmail firewall min count' => 'Minimum count', +'statusmail firewall reason' => 'Reason', +'statusmail friday' => 'Fri', +'statusmail full' => 'Full', +'statusmail generate' => 'Generate', +'statusmail hardware' => 'Hardware', +'statusmail hide' => 'Hide', +'statusmail hour of day' => 'Hours', +'statusmail ips alert' => 'Alert', +'statusmail ips alerts' => 'Alerts', +'statusmail ips min priority' => 'Minimum priority', +'statusmail import' => 'Import', +'statusmail import key failed' => 'Failed to import PGP key', +'statusmail invalid key' => 'Invalid PGP Key format', +'statusmail kernel edac messages' => 'EDAC Messages', +'statusmail kernel errors' => 'Kernel errors', +'statusmail kernel FP Assists' => 'Floating-point assists', +'statusmail kernel general protection fault' => 'General Protection Faults', +'statusmail kernel out of memory' => 'Out of Memory Killer', +'statusmail kernel raid errors' => 'RAID errors', +'statusmail kernel segmentation fault' => 'Segmentation faults', +'statusmail kernel SYN flood' => 'SYN Flood', +'statusmail kernel trap int3' => 'Trap INT3', +'statusmail kernel unaligned' => 'Unaligned errors', +'statusmail key' => 'Encryption Key', +'statusmail key expires' => 'Expires', +'statusmail keyid' => 'Encryption Key ID', +'statusmail key remove failed' => 'Failed to remove signing key', +'statusmail keys' => 'Installed Encryption Key', +'statusmail lines per item' => 'Lines per item', +'statusmail logins' => 'Logins', +'statusmail max free percent' => 'Maximum percentage free', +'statusmail message' => 'Message', +'statusmail monday' => 'Mon', +'statusmail no contact name' => 'No Contact name specified', +'statusmail no email addresses' => 'No email addresses specified', +'statusmail no email subject' => 'No email subject specified', +'statusmail no lines per item' => 'No lines per item specified', +'statusmail no period covered' => 'No period covered specified', +'statusmail no schedule date' => 'No scheduled days to send message', +'statusmail no schedule name' => 'No schedule name specified', +'statusmail no schedule time' => 'No scheduled time to send message', +'statusmail no signing key' => 'Please generate a signing key', +'statusmail paste from clipboard' => 'Paste from clipboard', +'statusmail period covered' => 'Period covered', +'statusmail period from' => 'From', +'statusmail period' => 'Period', +'statusmail period to' => 'to', +'statusmail saturday' => 'Sat', +'statusmail schedule name' => 'Name', +'statusmail schedules' => 'Schedules', +'statusmail show' => 'Show', +'statusmail signatures' => 'Signatures: ', +'statusmail signing key' => 'Signing Key', +'statusmail statistics' => 'Statistics', +'statusmail status emails' => 'Status Emails', +'statusmail summary' => 'Summary', +'statusmail sunday' => 'Sun', +'statusmail system ps any' => 'any', +'statusmail system ps process status' => 'Process Status', +'statusmail thursday' => 'Thu', +'statusmail tuesday' => 'Tue', +'statusmail update' => 'Updates', +'statusmail urlfilter min count' => 'Minimum count', +'statusmail wednesday' => 'Wed', +'statusmail working' => 'Generating signing key', 'std classes' => 'Standardclasses', 'stop' => 'Stop', 'stop ovpn server' => 'Stop OpenVPN Server', diff --git a/langs/fr/cgi-bin/fr.pl b/langs/fr/cgi-bin/fr.pl index b4ecf32fa..a1fae24c3 100644 --- a/langs/fr/cgi-bin/fr.pl +++ b/langs/fr/cgi-bin/fr.pl @@ -1344,6 +1344,7 @@ 'hosts config changed' => 'configuration de l'hôte changée', 'hour' => 'Heure', 'hour-graph' => 'Heure', +'hour-graph' => 'Heures', 'hours' => 'heure(s)', 'hours2' => 'Heures', 'ibod for dual isdn only' => 'iBOD peut seulement être utilisé avec un double ISDN.', @@ -2230,6 +2231,97 @@ 'status' => 'Statut', 'status information' => 'Etat matériel', 'status ovpn' => 'Statut / configuration OpenVPN :', +'statusmail action' => 'Action :', +'statusmail addon' => 'Addons', +'statusmail addon updates available' => 'Ajout de mises à jour disponibles', +'statusmail blocklist update' => 'Mises à jour', +'statusmail contact name' => 'Nom du contact :', +'statusmail contacts' => 'Liste de contacts', +'statusmail copied to clipboard' => 'Clé copiée dans le presse-papier', +'statusmail copy to clipboard' => 'Copier dans le presse-papier', +'statusmail core' => 'Noyau', +'statusmail core update available' => 'Mise à jour du noyau disponible', +'statusmail day of month' => 'Jours du mois ', +'statusmail day of week' => 'Jours de la semaine ', +'statusmail detail' => 'Niveau de détail', +'statusmail disk access' => 'Accès disque', +'statusmail disk temperature' => 'Température du disque', +'statusmail email' => 'Adresse électronique :', +'statusmail email format' => 'Format de l'email :', +'statusmail email invalid' => 'Adresse email invalide', +'statusmail email not enabled' => 'Non disponible : Les emails ne sont pas activés', +'statusmail email subject' => 'Sujet de l'email :', +'statusmail email to' => 'Envoyer un email à :', +'statusmail error' => 'Erreur', +'statusmail errors' => 'Erreurs', +'statusmail event' => 'Evènement', +'statusmail events' => 'Evènements', +'statusmail executable' => 'Exécutable', +'statusmail execute' => 'Exécuter le profil maintenant', +'statusmail fingerprint' => 'Empreinte digitale :', +'statusmail firewall min count' => 'Quantité minimum', +'statusmail firewall reason' => 'Raison', +'statusmail friday' => 'Ven', +'statusmail full' => 'Plein', +'statusmail generate' => 'Générer', +'statusmail hardware' => 'Matériel', +'statusmail hour of day' => 'Heures ', +'statusmail ips alert' => 'Alerte', +'statusmail ips alerts' => 'Alertes', +'statusmail ips min priority' => 'Priorité minimale', +'statusmail ips update' => 'Mises à jour', +'statusmail import' => 'Importer', +'statusmail import key failed' => "Échec de l'importation de la clé PGP", +'statusmail invalid key' => 'Format de clé PGP non valide', +'statusmail kernel edac messages' => 'Messages EDAC', +'statusmail kernel errors' => 'Erreurs du noyau', +'statusmail kernel FP Assists' => 'Aides en virgule flottante', +'statusmail kernel general protection fault' => 'Erreur de protection générale', +'statusmail kernel out of memory' => 'Tueur de mémoire insuffisante', +'statusmail kernel raid errors' => 'Erreurs RAID', +'statusmail kernel segmentation fault' => 'Erreurs de segmentation', +'statusmail kernel SYN flood' => 'SYN Flood', +'statusmail kernel trap int3' => 'Piège INT3', +'statusmail kernel unaligned' => 'Erreurs non alignées', +'statusmail key' => 'Clé de cryptage :', +'statusmail key expires' => 'Expire :', +'statusmail keyid' => 'ID de clé de cryptage :', +'statusmail key remove failed' => 'Échec de la suppression de la clé de signature', +'statusmail keys' => 'Clé de cryptage installée', +'statusmail lines per item' => 'Nombre de lignes maximum par élément :', +'statusmail logins' => 'Connexions', +'statusmail max free percent' => 'Pourcentage libre maximum', +'statusmail message' => 'Message', +'statusmail monday' => 'Lun', +'statusmail no contact name' => 'Aucun nom de contact spécifié', +'statusmail no email addresses' => 'Aucune adresse email spécifiée', +'statusmail no email subject' => "Aucun sujet d'email spécifié", +'statusmail no lines per item' => 'Aucun nombre de ligne par élément spécifié', +'statusmail no period covered' => 'Aucune période de référence spécifiée', +'statusmail no schedule date' => 'Aucun jour programmé pour envoyer un message', +'statusmail no schedule name' => 'Aucun nom de configuration spécifié', +'statusmail no schedule time' => 'Aucune heure programmée pour envoyer un message', +'statusmail no signing key' => "Veuillez générer une clé de signature", +'statusmail paste from clipboard' => 'Coller du presse-papier', +'statusmail period covered' => 'Période couverte par l'email ', +'statusmail period' => 'Période', +'statusmail saturday' => 'Sam', +'statusmail schedule name' => 'Nom de la planification :', +'statusmail schedules' => 'Paramètres de planification', +'statusmail signatures' => 'Signatures : ', +'statusmail signing key' => 'Clé de signature :', +'statusmail statistics' => 'Statistiques', +'statusmail status emails' => 'Emails d'état', +'statusmail summary' => 'Résumé', +'statusmail sunday' => 'Dim', +'statusmail system ps any' => 'tout', +'statusmail system ps process status' => 'Statut du processus', +'statusmail thursday' => 'Jeu', +'statusmail tuesday' => 'Mar', +'statusmail update' => 'Mises à jour', +'statusmail urlfilter min count' => 'Quantité minimum', +'statusmail wednesday' => 'Mer', +'statusmail working' => 'Génération de clé de signature', 'std classes' => 'Classes standards', 'stop' => 'Arrêter', 'stop ovpn server' => 'Arrêter serveur OpenVPN',

Intrusion Prevention System plugin works with Suricata, but not Snort

Signed-off-by: Tim FitzGeorge ipfr@tfitzgeorge.me.uk --- .../services_intrusion_prevention_system.pm | 239 ++++++++++++++++++ src/statusmail/plugins/services_urlfilter.pm | 275 +++++++++++++++++++++ 2 files changed, 514 insertions(+) create mode 100644 src/statusmail/plugins/services_intrusion_prevention_system.pm create mode 100644 src/statusmail/plugins/services_urlfilter.pm

diff --git a/src/statusmail/plugins/services_intrusion_prevention_system.pm b/src/statusmail/plugins/services_intrusion_prevention_system.pm new file mode 100644 index 000000000..4ca174d4e --- /dev/null +++ b/src/statusmail/plugins/services_intrusion_prevention_system.pm @@ -0,0 +1,239 @@ +#!/usr/bin/perl + +############################################################################ +# # +# Send log and status emails for IPFire # +# # +# This is free software; you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation; either version 3 of the License, or # +# (at your option) any later version. # +# # +# This is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with IPFire; if not, write to the Free Software # +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # +# # +# Copyright (C) 2018 - 2019 The IPFire Team # +# # +############################################################################ + +use strict; +use warnings; + +require "${General::swroot}/lang.pl"; + +package Services_Intrusion_Prevention_System; + +use Time::Local; + +############################################################################ +# Function prototypes +############################################################################ + +sub get_log( $ ); + +############################################################################ +# Constants +############################################################################ + +use constant { SEC => 0, + MIN => 1, + HOUR => 2, + MDAY => 3, + MON => 4, + YEAR => 5, + WDAY => 6, + YDAY => 7, + ISDST => 8, + MONSTR => 9 }; + +############################################################################ +# BEGIN Block +# +# Register the log items available in this file +############################################################################ + +sub BEGIN +{ + main::add_mail_item( 'ident' => 'services-ips-alerts', + 'section' => $Lang::tr{'services'}, + 'subsection' => $Lang::tr{'intrusion prevention system'}, + 'item' => $Lang::tr{'statusmail ips alerts'}, + 'function' => &alerts, + 'option' => { 'type' => 'integer', + 'name' => $Lang::tr{'statusmail ips min priority'}, + 'min' => 1, + 'max' => 4 } ); +} + +############################################################################ +# Code +############################################################################ + +#------------------------------------------------------------------------------ +# sub get_log +# +# +#------------------------------------------------------------------------------ + +sub get_log( $ ) +{ + my ($this) = @_; + +# There's only one data item, so don't use the cache +# my $data = $this->cache( 'ips-alerts' ); +# return $data if (defined $data); + + my $name = '/var/log/suricata/fast.log'; + + my %info; + my $last_mon = 0; + my $last_day = 0; + my $last_hour = 0; + my $last_time = 0; + my $time = 0; + my $now = time(); + my $year = 0; + my $start_time = $this->get_period_start; + my $end_time = $this->get_period_end; + my @stats; + + for (my $filenum = $this->get_number_weeks ; $filenum >= 0 ; $filenum--) + { + my $filename = $filenum < 1 ? $name : "$name.$filenum"; + + if (-r "$filename.gz") + { + @stats = stat( _ ); + next if ($stats[9] < $start_time); + + open IN, "gzip -dc $filename.gz |" or next; + } + elsif (-r $filename) + { + @stats = stat( _ ); + open IN, '<', $filename or next; + } + else + { + next; + } + + foreach my $line (<IN>) + { + chomp $line; + + # Alerts have the format: + # + # mm/dd/yyyy-hh:mm:ss.uuuuuu [Action] [**] [gid:sid:prio] message [**] [Classification: type] [Priority: prio] {protocol} src-ip:src-port -> dest-ip:dest-port + + $line =~ s/^\s+//; + $line =~ s/\s+$//; + + next unless ($line); + + my ($mon, $day, $year, $hour, $min, $sec, $gid, $sid, $message, $prio, $src, $dest) = + $line =~ m|(\d+)/(\d+)/(\d+)-(\d+):(\d+):(\d+).\d+\s+[\w+]\s+[**]\s+[(\d+):(\d+):\d+]\s*(.*)\s+[**].*[Priority:\s(\d+)].*?\s+(\d+.\d+.\d+.\d+(?::\d+)?) -> (\d+.\d+.\d+.\d+(?::\d+)?)|; + + $sid = "$gid-$sid"; + + if ($mon != $last_mon or $day != $last_day or $hour != $last_hour) + { + # Hour, day or month changed. Convert to unix time so we can work out + # whether the message time falls between the limits we're interested in. + + my @time; + + $time[YEAR] = $year; + + ($time[MON], $time[MDAY], $time[HOUR], $time[MIN], $time[SEC]) = ($mon - 1, $day, $hour, $min, $sec); + + $time = timelocal( @time ); + + ($last_mon, $last_day, $last_hour) = ($mon, $day, $hour); + } + + # Check to see if we're within the specified limits. + # Note that the minutes and seconds may be incorrect, but since we only deal + # in hour boundaries this doesn't matter. + + next if ($time < $start_time); + last if ($time > $end_time); + + my $timestr = "$mon/$day $hour:$min:$sec"; + + $info{total}++; + + if (exists $info{by_sid}{$sid}) + { + $info{by_sid}{$sid}{count}++; + $info{by_sid}{$sid}{last} = $timestr; + } + else + { + $info{by_sid}{$sid}{count} = 1; + $info{by_sid}{$sid}{priority} = $prio; + $info{by_sid}{$sid}{message} = $message; + $info{by_sid}{$sid}{first} = $timestr; + $info{by_sid}{$sid}{last} = $timestr; + } + } + + close IN; + } + +# $this->cache( 'ids-alerts', %info ); + + return %info; + +} + + +#------------------------------------------------------------------------------ + +sub alerts( $$ ) +{ + my ($self, $min_priority) = @_; + my @table; + + use Sort::Naturally; + + push @table, ['|', '|', '<', '|', '|', '|', '|']; + push @table, [ 'SID', $Lang::tr{'priority'}, $Lang::tr{'name'}, $Lang::tr{'count'}, $Lang::tr{'percentage'}, $Lang::tr{'first'}, $Lang::tr{'last'} ]; + + my $stats = get_log( $self ); + + foreach my $sid (sort { $$stats{by_sid}{$a}{priority} <=> $$stats{by_sid}{$b}{priority} || + $$stats{by_sid}{$b}{count} <=> $$stats{by_sid}{$a}{count}} keys %{ $$stats{by_sid} } ) + { + my $message = $$stats{by_sid}{$sid}{message}; + my $priority = $$stats{by_sid}{$sid}{priority}; + my $count = $$stats{by_sid}{$sid}{count}; + my $first = $$stats{by_sid}{$sid}{first}; + my $last = $$stats{by_sid}{$sid}{last}; + my $percent = int( 100 * $count / $$stats{total} + 0.5); + + last if ($priority > $min_priority); + + $message = $self->split_string( $message, 40 ); + + push @table, [ $sid, $priority, $message, $count, $percent, $first, $last ]; + } + + if (@table > 2) + { + $self->add_table( @table ); + + return 1; + } + + return 0; +} + + +1; diff --git a/src/statusmail/plugins/services_urlfilter.pm b/src/statusmail/plugins/services_urlfilter.pm new file mode 100644 index 000000000..620dc1e20 --- /dev/null +++ b/src/statusmail/plugins/services_urlfilter.pm @@ -0,0 +1,275 @@ +#!/usr/bin/perl + +############################################################################ +# # +# Send log and status emails for IPFire # +# # +# This is free software; you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation; either version 3 of the License, or # +# (at your option) any later version. # +# # +# This is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with IPFire; if not, write to the Free Software # +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # +# # +# Copyright (C) 2018 - 2019 The IPFire Team # +# # +############################################################################ + +require "${General::swroot}/lang.pl"; + +use strict; +use warnings; + +package Services_Urlfilter; + +use Time::Local; + +############################################################################ +# BEGIN Block +# +# Register the log items available in this file +############################################################################ + +sub BEGIN +{ + main::add_mail_item( 'ident' => 'services-urlfilter-client', + 'section' => $Lang::tr{'services'}, + 'subsection' => $Lang::tr{'urlfilter url filter'}, + 'item' => $Lang::tr{'urlfilter client'}, + 'function' => &clients, + 'option' => { 'type' => 'integer', + 'name' => $Lang::tr{'statusmail urlfilter min count'}, + 'min' => 1, + 'max' => 1000 } ); + + main::add_mail_item( 'ident' => 'services-urlfilter-destination', + 'section' => $Lang::tr{'services'}, + 'subsection' => $Lang::tr{'urlfilter url filter'}, + 'item' => $Lang::tr{'destination'}, + 'function' => &destinations, + 'option' => { 'type' => 'integer', + 'name' => $Lang::tr{'statusmail urlfilter min count'}, + 'min' => 1, + 'max' => 1000 } ); +} + +############################################################################ +# Constants +############################################################################ + +use constant { SEC => 0, + MIN => 1, + HOUR => 2, + MDAY => 3, + MON => 4, + YEAR => 5, + WDAY => 6, + YDAY => 7, + ISDST => 8, + MONSTR => 9 }; + + +############################################################################ +# Functions +############################################################################ + +sub get_log( $ ); + +#------------------------------------------------------------------------------ +# sub get_log( this ) +# +# Gets messages from the log files that relate to the URL filter. The data is +# cached sot hat a second call does not process the logs again. +# +# Parameters: +# this message object +#------------------------------------------------------------------------------ + +sub get_log( $ ) +{ + my ($this) = @_; + + my $data = $this->cache( 'urlfilter' ); + return $data if (defined $data); + + my %info; + my $weeks = $this->get_number_weeks; + my @start_time = $this->get_period_start;; + my @end_time = $this->get_period_end; + + # Iterate over the log files + + foreach my $name (glob '/var/log/squidGuard/*.log') + { + next if ($name =~ m/squidGuard.log/); + + # Iterate over old versions of the file + + for (my $filenum = $weeks ; $filenum >= 0 ; $filenum--) + { + my $filename = $filenum < 1 ? $name : "$name.$filenum"; + + if (-r "$filename.gz") + { + open IN, "gzip -dc $filename.gz |" or next; + } + elsif (-r $filename) + { + open IN, '<', $filename or next; + } + else + { + next; + } + + # Scan the file + + foreach my $line (<IN>) + { + my ($year, $mon, $day, $hour) = split /[\s:-]+/, $line; + + # Check to see if we're within the specified limits. + # Note that the minutes and seconds may be incorrect, but since we only deal + # in hour boundaries this doesn't matter. + + next if (($year < ($start_time[YEAR]+1900)) or + ($year == ($start_time[YEAR]+1900) and $mon < ($start_time[MON]+1)) or + ($year == ($start_time[YEAR]+1900) and $mon == ($start_time[MON]+1) and $day < $start_time[MDAY]) or + ($year == ($start_time[YEAR]+1900) and $mon == ($start_time[MON]+1) and $day == $start_time[MDAY] and $hour < $start_time[HOUR])); + + last if (($year > ($end_time[YEAR]+1900)) or + ($year == ($end_time[YEAR]+1900) and $mon > ($end_time[MON]+1)) or + ($year == ($end_time[YEAR]+1900) and $mon == ($end_time[MON]+1) and $day > $end_time[MDAY]) or + ($year == ($end_time[YEAR]+1900) and $mon == ($end_time[MON]+1) and $day == $end_time[MDAY] and $hour > $end_time[HOUR])); + + # Is it an entry we're interested in? + + next unless ($line =~ m/Request/); + + # Process the entry + + if (my ($date, $time, $pid, $type, $destination, $client) = split / /, $line) + { + $destination =~ s#^http://%7C%5Ehttps://##; + $destination =~ s//.*$//; + $destination =~ s/:\d+$//; + my $site = substr( $destination, 0, 69 ); + $site .= "..." if (length( $destination ) > 69); + + my @category = split ///, $type; + + my ($address, $name) = split "/", $client; + + $this->set_host_name( $address, $name ) unless ($address eq $name); + + $info{'client'}{$address}++; + $info{'destination'}{"$site||$category[1]"}++; + $info{'count'}++; + } + } + + close IN; + } + } + + $this->cache( 'urlfilter', %info ); + + return %info; +} + + +#------------------------------------------------------------------------------ +# sub clients( this, min_count ) +# +# Output information on the systems trying to access forbidden destinations. +# +# Parameters: +# this message object +# min_count don't output information on clients accessing less than this +# number of destinations +#------------------------------------------------------------------------------ + +sub clients( $$ ) +{ + my ($self, $min_count) = @_; + my @table; + + use Sort::Naturally; + + push @table, [ $Lang::tr{'urlfilter client'}, $Lang::tr{'count'} ]; + + my $stats = get_log( $self ); + + foreach my $client (sort { $$stats{'client'}{$b} <=> $$stats{'client'}{$a} } keys %{ $$stats{'client'} } ) + { + my $count = $$stats{'client'}{$client}; + last if ($count < $min_count); + + my $host = $self->lookup_ip_address( $client ); + + $client .= "\n$host" if ($host); + + push @table, [ $client, $count ]; + } + + if (@table > 1) + { + $self->add_table( @table ); + + return 1; + } + + return 0; +} + + +#------------------------------------------------------------------------------ +# sub destinations( this, min_count ) +# +# Output information on the forbidden destinations being accessed. +# +# Parameters: +# this message object +# min_count don't output information on destinations accessed less than this +# number of times. +#------------------------------------------------------------------------------ + +sub destinations( $$ ) +{ + my ($self, $min_count) = @_; + my @table; + + use Sort::Naturally; + + push @table, [ $Lang::tr{'destination'}, $Lang::tr{'urlfilter category'}, $Lang::tr{'count'} ]; + + my $stats = get_log( $self ); + + foreach my $key (sort { $$stats{'destination'}{$b} <=> $$stats{'destination'}{$a} } keys %{ $$stats{'destination'} } ) + { + my $count = $$stats{'destination'}{$key}; + last if ($count < $min_count); + + my ($destination, $category) = split /||/, $key; + + push @table, [ $destination, $category, $count ]; + } + + if (@table > 1) + { + $self->add_table( @table ); + + return 1; + } + + return 0; +} + +1;

Note that the graphs plugin requires a change to the existing graphs.pl to allow for arbitary time periods.

Signed-off-by: Tim FitzGeorge ipfr@tfitzgeorge.me.uk --- src/statusmail/plugins/graphs.pm | 697 +++++++++++++++++++++++++ src/statusmail/plugins/hardware_media_space.pm | 154 ++++++ src/statusmail/plugins/network_firewall.pm | 357 +++++++++++++ 3 files changed, 1208 insertions(+) create mode 100644 src/statusmail/plugins/graphs.pm create mode 100644 src/statusmail/plugins/hardware_media_space.pm create mode 100644 src/statusmail/plugins/network_firewall.pm

diff --git a/src/statusmail/plugins/graphs.pm b/src/statusmail/plugins/graphs.pm new file mode 100644 index 000000000..5b72c6e1a --- /dev/null +++ b/src/statusmail/plugins/graphs.pm @@ -0,0 +1,697 @@ +#!/usr/bin/perl + +############################################################################ +# # +# Send log and status emails for IPFire # +# # +# This is free software; you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation; either version 3 of the License, or # +# (at your option) any later version. # +# # +# This is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with IPFire; if not, write to the Free Software # +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # +# # +# Copyright (C) 2018 - 2019 The IPFire Team # +# # +############################################################################ + +use strict; +use warnings; + +require "${General::swroot}/lang.pl"; +require "${General::swroot}/graphs.pl"; + +package Graphs; + +############################################################################ +# Function prototypes +############################################################################ + +sub add_graph( $$$$@ ); + +############################################################################ +# BEGIN Block +# +# Register the graphs available in this file. +# +# Note that some graphs are only available under certain circumstances, so +# it's necessary to check the circumstances apply. +############################################################################ + +sub BEGIN +{ + my %netsettings; + my %mainsettings; + + &General::readhash("${General::swroot}/ethernet/settings", %netsettings); + &General::readhash("${General::swroot}/main/settings", %mainsettings); + + my $config_type = $netsettings{'CONFIG_TYPE'}; + + my %common_options = ( 'section' => $Lang::tr{'graph'}, + 'format' => 'html' ); + + #---------------------------------------------------------------------------- + # Network + + if ($netsettings{'RED_TYPE'} ne 'PPPOE') + { + if ($netsettings{'RED_DEV'} ne $netsettings{'GREEN_DEV'}) + { + if ($netsettings{'RED_DEV'} eq 'red0') + { + main::add_mail_item( %common_options, + 'ident' => 'graph-network-red0', + 'subsection' => $Lang::tr{'interfaces'}, + 'item' => 'red0', + 'function' => &red0 ); + } + else + { + main::add_mail_item( %common_options, + 'ident' => 'graph-network-ppp0', + 'subsection' => $Lang::tr{'interfaces'}, + 'item' => 'ppp0', + 'function' => &ppp0 ); + } + } + } + else + { + main::add_mail_item( %common_options, + 'ident' => 'graph-network-ppp0', + 'subsection' => $Lang::tr{'interfaces'}, + 'item' => 'ppp0', + 'function' => &ppp0 ); + } + + main::add_mail_item( %common_options, + 'ident' => 'graph-network-green0', + 'subsection' => $Lang::tr{'interfaces'}, + 'item' => 'green0', + 'function' => &green0 ); + + if ($config_type == 3 or $config_type == 4) + { + # BLUE + main::add_mail_item( %common_options, + 'ident' => 'graph-network-blue0', + 'subsection' => $Lang::tr{'interfaces'}, + 'item' => 'blue0', + 'function' => &blue0 ); + } + + if ($config_type == 2 or $config_type == 4) + { + # ORANGE + main::add_mail_item( %common_options, + 'ident' => 'graph-network-orange0', + 'subsection' => $Lang::tr{'interfaces'}, + 'item' => 'orange0', + 'function' => &orange0 ); + } + + + if (-e "/var/log/rrd/collectd/localhost/interface/if_octets-ipsec0.rrd") + { + main::add_mail_item( %common_options, + 'ident' => 'graph-network-ipsec0', + 'subsection' => $Lang::tr{'network'}, + 'item' => 'ipsec0', + 'function' => &ipsec0 ); + } + + if (-e "/var/log/rrd/collectd/localhost/interface/if_octets-tun0.rrd") + { + main::add_mail_item( %common_options, + 'ident' => 'graph-network-tun0', + 'subsection' => $Lang::tr{'network'}, + 'item' => 'tun0', + 'function' => &tun0 ); + } + + main::add_mail_item( %common_options, + 'ident' => 'graph-network-fwhits', + 'subsection' => $Lang::tr{'network'}, + 'item' => $Lang::tr{'firewallhits'}, + 'function' => &fw_hits ); + + #---------------------------------------------------------------------------- + # System + + main::add_mail_item( %common_options, + 'ident' => 'graph-system-cpu-usage', + 'subsection' => $Lang::tr{'system'}, + 'item' => "CPU $Lang::tr{'graph'}", + 'function' => &cpu_usage ); + + main::add_mail_item( %common_options, + 'ident' => 'graph-system-cpu-load', + 'subsection' => $Lang::tr{'system'}, + 'item' => "Load $Lang::tr{'graph'}", + 'function' => &cpu_load ); + + if ( -e "$mainsettings{'RRDLOG'}/collectd/localhost/cpufreq/cpufreq-0.rrd") + { + main::add_mail_item( %common_options, + 'ident' => 'graph-system-cpu-frequency', + 'subsection' => $Lang::tr{'system'}, + 'item' => "CPU $Lang::tr{'frequency'}", + 'function' => &cpu_freq ); + } + + main::add_mail_item( %common_options, + 'ident' => 'graph-system-entropy', + 'subsection' => $Lang::tr{'system'}, + 'item' => $Lang::tr{'entropy'}, + 'function' => &entropy ); + + #---------------------------------------------------------------------------- + # Hardware + + main::add_mail_item( %common_options, + 'ident' => 'graph-hardware-cpu-load', + 'subsection' => $Lang::tr{'hardware graphs'}, + 'item' => "Load $Lang::tr{'graph'}", + 'function' => &cpu_load ); + + if ( `ls $mainsettings{'RRDLOG'}/collectd/localhost/thermal-thermal_zone* 2>/dev/null` ) + { + main::add_mail_item( %common_options, + 'ident' => 'graph-hardware-acpi-zone-temp', + 'subsection' => $Lang::tr{'hardware graphs'}, + 'item' => "ACPI Thermal-Zone Temp", + 'function' => &therm ); + } + + if ( `ls $mainsettings{'RRDLOG'}/collectd/localhost/sensors-*/temperature-* 2>/dev/null` ) + { + main::add_mail_item( %common_options, + 'ident' => 'graph-hardware-temp', + 'subsection' => $Lang::tr{'hardware graphs'}, + 'item' => "hwtemp", + 'function' => &hwtemp ); + } + + if ( `ls $mainsettings{'RRDLOG'}/collectd/localhost/sensors-*/fanspeed-* 2>/dev/null` ) + { + main::add_mail_item( %common_options, + 'ident' => 'graph-hardware-fan', + 'subsection' => $Lang::tr{'hardware graphs'}, + 'item' => "hwfan", + 'function' => &hwfan ); + } + + if ( `ls $mainsettings{'RRDLOG'}/collectd/localhost/sensors-*/voltage-* 2>/dev/null` ) + { + main::add_mail_item( %common_options, + 'ident' => 'graph-hardware-volt', + 'subsection' => $Lang::tr{'hardware graphs'}, + 'item' => "hwvolt", + 'function' => &hwvolt ); + } + + #---------------------------------------------------------------------------- + # Memory + + main::add_mail_item( %common_options, + 'ident' => 'graph-memory-memory', + 'subsection' => $Lang::tr{'memory'}, + 'item' => $Lang::tr{'memory'}, + 'function' => &memory ); + + main::add_mail_item( %common_options, + 'ident' => 'graph-memory-swap', + 'subsection' => $Lang::tr{'memory'}, + 'item' => $Lang::tr{'swap'}, + 'function' => &swap ); + + #---------------------------------------------------------------------------- + # Disks + + foreach my $path (glob '/var/log/rrd/collectd/localhost/disk*') + { + my ($name) = $path =~ m/disk-(\w+)/; + + main::add_mail_item( %common_options, + 'ident' => "graph-disk-access-$name", + 'subsection' => $Lang::tr{'statusmail disk access'}, + 'item' => $name, + 'function' => sub { my ($this) = @_; diskaccess( $this, $name ); } ); + + main::add_mail_item( %common_options, + 'ident' => "graph-disk-temp-$name", + 'subsection' => $Lang::tr{'statusmail disk temperature'}, + 'item' => $name, + 'function' => sub { my ($this) = @_; disktemp( $this, $name ); } ); + } + +# Other graphs that aren't available. +# updatepinggraph( host, period ) : netother.cgi +# updateprocessescpugraph( period ) +# updateprocessesmemorygraph( period ) +# updateqosgraph( device, period ) red0 | ppp0 | imq0 : qos.cgi +# updatevpngraph( interface, period ) : netovpnrw.cgi +# updatevpnn2ngraph( interface, period ) : netovpnsrv.cgi +# updatewirelessgraph( interface, period ) +} + +############################################################################ +# Code +############################################################################ + +#------------------------------------------------------------------------------ +# sub add_graph( object, function, name, alternate[, params...] ) +# +# Adds a graph to the mail message. This runs a sub-process to capture the +# output from running the standard WUI's graphing function, which is sent to +# stdout. +# +# Parameters: +# this message object +# function function producing graph +# name name of graph file +# alternate alternate text for image +# params parameters to be passed to graph function +#------------------------------------------------------------------------------ + +sub add_graph( $$$$@ ) +{ + my ($this, $function, $name, $alternate, @params) = @_; + + my $from_child; + + my $pid = open( $from_child, "-|" ); + + if ($pid) + { # parent + binmode $from_child; + + $this->add_image( fh => $from_child, + alt => $alternate, + type => 'image/png', + name => $name ); + + waitpid( $pid, 0 ); + close $from_child; + } + else + { # child + binmode( STDOUT ); + + my $period = $this->get_period(); + + &$function( @params, $period ); + + exit; + } +} + + +#------------------------------------------------------------------------------ +# sub ppp0( this ) +# +# Adds a graph of the ppp0 interface throughput +# +# Parameters: +# this message object +#------------------------------------------------------------------------------ + +sub ppp0( $ ) +{ + my ($this) = @_; + + add_graph( $this, &Graphs::updateifgraph, 'ppp0_if.png', 'ppp0 interface throughput', 'ppp0' ); + + return 1; +} + + +#------------------------------------------------------------------------------ +# sub red0( this ) +# +# Adds a graph of the red0 interface throughput +# +# Parameters: +# this message object +#------------------------------------------------------------------------------ + +sub red0( $ ) +{ + my ($this) = @_; + + add_graph( $this, &Graphs::updateifgraph, 'red0_if.png', 'red0 interface throughput', 'red0' ); + + return 1; +} + + +#------------------------------------------------------------------------------ +# sub green0( this ) +# +# Adds a graph of the green0 interface throughput +# +# Parameters: +# this message object +#------------------------------------------------------------------------------ + +sub green0( $ ) +{ + my ($this) = @_; + + add_graph( $this, &Graphs::updateifgraph, 'green0_if.png', 'green0 interface throughput', 'green0' ); + + return 1; +} + + +#------------------------------------------------------------------------------ +# sub blue0( this ) +# +# Adds a graph of the blue0 interface throughput +# +# Parameters: +# this message object +#------------------------------------------------------------------------------ + +sub blue0( $ ) +{ + my ($this) = @_; + + add_graph( $this, &Graphs::updateifgraph, 'blue0_if.png', 'blue0 interface throughput', 'blue0' ); + + return 1; +} + + +#------------------------------------------------------------------------------ +# sub orange0( this ) +# +# Adds a graph of the orange0 interface throughput +# +# Parameters: +# this message object +#------------------------------------------------------------------------------ + +sub orange0( $ ) +{ + my ($this) = @_; + + add_graph( $this, &Graphs::updateifgraph, 'orange0_if.png', 'orange0 interface throughput', 'orange0' ); + + return 1; +} + + +#------------------------------------------------------------------------------ +# sub ipsec0( this ) +# +# Adds a graph of the ipsec0 interface +# +# Parameters: +# this message object +#------------------------------------------------------------------------------ + +sub ipsec0( $ ) +{ + my ($this) = @_; + + add_graph( $this, &Graphs::updateifgraph, 'ipsec0_if.png', 'ipsec0 interface throughput', 'ipsec0' ); + + return 1; +} + + +#------------------------------------------------------------------------------ +# sub tun0( this ) +# +# Adds a graph of the tun0 interface +# +# Parameters: +# this message object +#------------------------------------------------------------------------------ + +sub tun0( $ ) +{ + my ($this) = @_; + + add_graph( $this, &Graphs::updateifgraph, 'tun0_if.png', 'tun0 interface throughput', 'tun0' ); + + return 1; +} + + +#------------------------------------------------------------------------------ +# sub cpu_usage( this ) +# +# Adds a graph of the CPU usage +# +# Parameters: +# this message object +#------------------------------------------------------------------------------ + +sub cpu_usage( $ ) +{ + my ($this) = @_; + + add_graph( $this, &Graphs::updatecpugraph, 'cpu_usage.png', "CPU $Lang::tr{'graph'}" ); + + return 1; +} + + +#------------------------------------------------------------------------------ +# sub cpu_freq( this ) +# +# Adds a graph of the CPU frequency +# +# Parameters: +# this message object +#------------------------------------------------------------------------------ + +sub cpu_freq( $ ) +{ + my ($this) = @_; + + add_graph( $this, &Graphs::updatecpufreqgraph, 'cpu_freq.png', "CPU $Lang::tr{'frequency'}" ); + + return 1; +} + + +#------------------------------------------------------------------------------ +# sub cpu_load( this ) +# +# Adds a graph of the CPU load +# +# Parameters: +# this message object +#------------------------------------------------------------------------------ + +sub cpu_load( $$ ) +{ + my ($this) = @_; + + add_graph( $this, &Graphs::updateloadgraph,, 'cpu_load.png', "Load $Lang::tr{'graph'}" ); + + return 1; +} + + +#------------------------------------------------------------------------------ +# sub fw_hits( this ) +# +# Adds a graph of the Firewall hits +# +# Parameters: +# this message object +#------------------------------------------------------------------------------ + +sub fw_hits( $ ) +{ + my ($this) = @_; + + add_graph( $this, &Graphs::updatefwhitsgraph, 'fw_hits.png', $Lang::tr{'firewallhits'} ); + + return 1; +} + + +#------------------------------------------------------------------------------ +# sub therm( this ) +# +# Adds a graph of the ACPI Thermal zone temperatures +# +# Parameters: +# this message object +#------------------------------------------------------------------------------ + +sub therm( $ ) +{ + my ($this) = @_; + + add_graph( $this, &Graphs::updatethermaltempgraph, 'therm.png', "ACPI Thermal-Zone Temp" ); + + return 1; +} + + +#------------------------------------------------------------------------------ +# sub hwtemp( this ) +# +# Adds a graph of the Hardware Temperatures +# +# Parameters: +# this message object +#------------------------------------------------------------------------------ + +sub hwtemp( $ ) +{ + my ($this) = @_; + + add_graph( $this, &Graphs::updatehwtempgraph, 'hw_temp.png', 'hwtemp' ); + + return 1; +} + + +#------------------------------------------------------------------------------ +# sub hwfan( this ) +# +# Adds a graph of the Fan Speeds +# +# Parameters: +# this message object +#------------------------------------------------------------------------------ + +sub hwfan( $ ) +{ + my ($this) = @_; + + add_graph( $this, &Graphs::updatehwfangraph, 'hw_fan.png', 'hwfan' ); + + return 1; +} + + +#------------------------------------------------------------------------------ +# sub hwvolt( this ) +# +# Adds a graph of the Hardware voltages +# +# Parameters: +# this message object +#------------------------------------------------------------------------------ + +sub hwvolt( $ ) +{ + my ($this) = @_; + + add_graph( $this, &Graphs::updatehwvoltgraph, 'hw_volt.png', 'hw volt' ); + + return 1; +} + + +#------------------------------------------------------------------------------ +# sub entropy( this ) +# +# Adds a graph of the Entropy +# +# Parameters: +# this message object +#------------------------------------------------------------------------------ + +sub entropy( $ ) +{ + my ($this) = @_; + + add_graph( $this, &Graphs::updateentropygraph, 'entropy.png', $Lang::tr{'entropy'} ); + + return 1; +} + + +#------------------------------------------------------------------------------ +# sub memory( this ) +# +# Adds a graph of the memory usage +# +# Parameters: +# this message object +#------------------------------------------------------------------------------ + +sub memory( $ ) +{ + my ($this) = @_; + + add_graph( $this, &Graphs::updatememorygraph, 'memory.png', $Lang::tr{'memory'} ); + + return 1; +} + + +#------------------------------------------------------------------------------ +# sub swap( this ) +# +# Adds a graph of the swapfile usage +# +# Parameters: +# this message object +#------------------------------------------------------------------------------ + +sub swap( $ ) +{ + my ($this) = @_; + + add_graph( $this, &Graphs::updateswapgraph, 'swap.png', $Lang::tr{'swap'} ); + + return 1; +} + + +#------------------------------------------------------------------------------ +# sub diskaccess( this, name ) +# +# Adds a graph of the disk access rate +# +# Parameters: +# this message object +# name disk name +#------------------------------------------------------------------------------ + +sub diskaccess( $$ ) +{ + my ($this, $name) = @_; + + add_graph( $this, &Graphs::updatediskgraph, "disk_access_$name.png", $name, $name ); + + return 1; +} + + +#------------------------------------------------------------------------------ +# sub updatehddgraph( this, name ) +# +# Adds a graph of the disk temperature +# +# Parameters: +# this message object +# name disk name +#------------------------------------------------------------------------------ + +sub disktemp( $$ ) +{ + my ($this, $name) = @_; + + add_graph( $this, &Graphs::updatehddgraph, "disk_temp_$name.png", $name, $name ); + + return 1; +} diff --git a/src/statusmail/plugins/hardware_media_space.pm b/src/statusmail/plugins/hardware_media_space.pm new file mode 100644 index 000000000..ce3db2def --- /dev/null +++ b/src/statusmail/plugins/hardware_media_space.pm @@ -0,0 +1,154 @@ +#!/usr/bin/perl + +############################################################################ +# # +# Send log and status emails for IPFire # +# # +# This is free software; you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation; either version 3 of the License, or # +# (at your option) any later version. # +# # +# This is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with IPFire; if not, write to the Free Software # +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # +# # +# Copyright (C) 2018 - 2019 The IPFire Team # +# # +############################################################################ + +use strict; +use warnings; + +require "${General::swroot}/lang.pl"; + +package Hardware_Media_Space; + +############################################################################ +# Function prototypes +############################################################################ + +sub space( $$ ); +sub inodes( $$ ); + +############################################################################ +# BEGIN Block +# +# Register the log items available in this file +############################################################################ + +sub BEGIN +{ + main::add_mail_item( 'ident' => 'hardware-media-space', + 'section' => $Lang::tr{'statusmail hardware'}, + 'subsection' => $Lang::tr{'media'}, + 'item' => $Lang::tr{'disk usage'}, + 'function' => &space, + 'option' => { 'type' => 'integer', + 'name' => $Lang::tr{'statusmail max free percent'}, + 'min' => 0, + 'max' => 100 } ); + + main::add_mail_item( 'ident' => 'hardware-media-inodes', + 'section' => $Lang::tr{'statusmail hardware'}, + 'subsection' => $Lang::tr{'media'}, + 'item' => 'inodes', + 'function' => &inodes, + 'option' => { 'type' => 'integer', + 'name' => $Lang::tr{'statusmail max free percent'}, + 'min' => 0, + 'max' => 100 } ); +} + +############################################################################ +# Code +############################################################################ + +#------------------------------------------------------------------------------ +# sub space( this, min_percent ) +# +# Adds the disk usage in terms of space used. +# +# Parameters: +# this message object +# min_percent Only display information if this amount of space or less is +# free +#------------------------------------------------------------------------------ + +sub space( $$ ) +{ + my $message = shift; + my $min_percent = 100 - shift; + my @lines; + + # Get the process information + + foreach my $line (`df -BM`) + { + my @fields = split /\s+/, $line, 6; + if ($fields[4] =~ m/\d+%/) + { + my ($percent) = $fields[4] =~ m/(\d+)%/; + next if ($percent <= $min_percent); + } + push @lines, [ @fields ]; + } + + if (@lines > 1) + { + $message->add_table( @lines ); + + return 1; + } + + return 0; +} + + +#------------------------------------------------------------------------------ +# sub inodes( this, min_percent ) +# +# Adds the disk usage in terms of inodes used. +# +# Parameters: +# this message object +# min_percent Only display information if this number of inodes or less is +# free +#------------------------------------------------------------------------------ + +sub inodes( $$ ) +{ + my $message = shift; + my $min_percent = 100 - shift; + my @lines; + + # Get the process information + + foreach my $line (`df -i`) + { + my @fields = split /\s+/, $line, 6; + next if ($fields[1] == 0); + if ($fields[4] =~ m/\d+%/) + { + my ($percent) = $fields[4] =~ m/(\d+)%/; + next if ($percent <= $min_percent); + } + push @lines, [ @fields ]; + } + + if (@lines > 1) + { + $message->add_table( @lines ); + + return 1; + } + + return 0; +} + +1; diff --git a/src/statusmail/plugins/network_firewall.pm b/src/statusmail/plugins/network_firewall.pm new file mode 100644 index 000000000..1abe4e482 --- /dev/null +++ b/src/statusmail/plugins/network_firewall.pm @@ -0,0 +1,357 @@ +#!/usr/bin/perl + +############################################################################ +# # +# Send log and status emails for IPFire # +# # +# This is free software; you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation; either version 3 of the License, or # +# (at your option) any later version. # +# # +# This is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with IPFire; if not, write to the Free Software # +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # +# # +# Copyright (C) 2018 - 2019 The IPFire Team # +# # +############################################################################ + +require "${General::swroot}/lang.pl"; + +use strict; +use warnings; + +package Network_Firewall; + +use Time::Local; + +require "${General::swroot}/geoip-functions.pl"; + +############################################################################ +# BEGIN Block +# +# Register the log items available in this file +############################################################################ + +sub BEGIN +{ + main::add_mail_item( 'ident' => 'network-firewall-ipaddresses', + 'section' => $Lang::tr{'network'}, + 'subsection' => $Lang::tr{'firewall'}, + 'item' => $Lang::tr{'ip address'}, + 'function' => &addresses, + 'option' => { 'type' => 'integer', + 'name' => $Lang::tr{'statusmail firewall min count'}, + 'min' => 1, + 'max' => 1000 } ); + + main::add_mail_item( 'ident' => 'network-firewall-ports', + 'section' => $Lang::tr{'network'}, + 'subsection' => $Lang::tr{'firewall'}, + 'item' => $Lang::tr{port}, + 'function' => &ports, + 'option' => { 'type' => 'integer', + 'name' => $Lang::tr{'statusmail firewall min count'}, + 'min' => 1, + 'max' => 1000 } ); + + main::add_mail_item( 'ident' => 'network-firewall-countries', + 'section' => $Lang::tr{'network'}, + 'subsection' => $Lang::tr{'firewall'}, + 'item' => $Lang::tr{country}, + 'function' => &countries, + 'option' => { 'type' => 'integer', + 'name' => $Lang::tr{'statusmail firewall min count'}, + 'min' => 1, + 'max' => 1000 } ); + + main::add_mail_item( 'ident' => 'network-firewall-reason', + 'section' => $Lang::tr{'network'}, + 'subsection' => $Lang::tr{'firewall'}, + 'item' => $Lang::tr{'statusmail firewall reason'}, + 'function' => &reasons, + 'option' => { 'type' => 'integer', + 'name' => $Lang::tr{'statusmail firewall min count'}, + 'min' => 1, + 'max' => 1000 } ); +} + + +############################################################################ +# Functions +############################################################################ + +sub get_log( $ ); +sub addresses( $$ ); + +#------------------------------------------------------------------------------ +# sub get_log( this ) +# +# Gets information on blocked packets from the system log and caches it. +# +# Parameters: +# this message object +# +# Returns: +# reference to hash of information +#------------------------------------------------------------------------------ + +sub get_log( $ ) +{ + my ($this, $name) = @_; + + my $data = $this->cache( 'network-firewall' ); + + return $data if (defined $data); + + my %info; + my $line; + + while ($line = $this->get_message_log_line) + { + next unless ($line); + next unless ($line =~ m/kernel: DROP/); + + my ($time, $rule, $interface, $src_addrs, $dst_port) = + $line =~ m/(\w+\s+\d+\s+\d+:\d+:\d+).*DROP_(\w+?)\s*IN=(\w+).*SRC=(\d+.\d+.\d+.\d+).*(?:DPT=(\d*))/; +# mmm dd hh:mm:dd ipfire kernel: DROP_SPAMHAUS_EDROPIN=ppp0 OUT= MAC= SRC=999.999.999.999 DST=888.888.888.888 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=35549 PROTO=TCP SPT=47851 DPT=28672 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0xd2 + + next unless ($src_addrs); + + my $country = GeoIP::lookup( $src_addrs ) || $src_addrs; + + $info{'by_address'}{$src_addrs}{'count'}++; + $info{'by_address'}{$src_addrs}{'first'} = $time unless ($info{'by_address'}{$src_addrs}{'first'}); + $info{'by_address'}{$src_addrs}{'last'} = $time; + + if ($dst_port) + { + $info{'by_port'}{$dst_port}{'count'}++ ; + $info{'by_port'}{$dst_port}{'first'} = $time unless ($info{'by_port'}{$dst_port}{'first'}); + $info{'by_port'}{$dst_port}{'last'} = $time; + } + + if ($country) + { + $info{'by_country'}{$country}{'count'}++; + $info{'by_country'}{$country}{'first'} = $time unless ($info{'by_country'}{$country}{'first'}); + $info{'by_country'}{$country}{'last'} = $time; + } + + $info{'by_rule'}{$rule}{'count'}++; + $info{'by_rule'}{$rule}{'first'} = $time unless ($info{'by_rule'}{$rule}{'first'}); + $info{'by_rule'}{$rule}{'last'} = $time; + + $info{'total'}++; + }; + + $this->cache( 'network-firewall', %info ); + + return %info; +} + + +#------------------------------------------------------------------------------ +# sub addresses( this, min_count ) +# +# Output information on blocked addresses. +# +# Parameters: +# this message object +# min_count only output blocked addresses occurring at least this number of +# times +#------------------------------------------------------------------------------ + +sub addresses( $$ ) +{ + my ($self, $min_count) = @_; + my @table; + + use Sort::Naturally; + + push @table, ['|', '|', '|', '|', '|', '|']; + push @table, [ $Lang::tr{'ip address'}, $Lang::tr{'country'}, $Lang::tr{'count'}, $Lang::tr{'percentage'}, $Lang::tr{'first'}, $Lang::tr{'last'} ]; + + my $stats = get_log( $self ); + + foreach my $address (sort { $$stats{'by_address'}{$b}{'count'} <=> $$stats{'by_address'}{$a}{'count'} || + ncmp( $b, $a ) } keys %{ $$stats{'by_address'} } ) + { + my $count = $$stats{'by_address'}{$address}{'count'}; + my $country = GeoIP::lookup( $address ); + my $first = $$stats{'by_address'}{$address}{'first'}; + my $last = $$stats{'by_address'}{$address}{'last'}; + my $percent = int( 100 * $count / $$stats{'total'} + 0.5); + + last if ($count < $min_count); + + my $name = $self->lookup_ip_address( $address ); + + $address = "$address\n$name" if ($name); + + if ($country) + { + $country = GeoIP::get_full_country_name( $country) || $address; + } + else + { + $country = $Lang::tr{'unknown'}; + } + + push @table, [ $address, $country, $count, $percent, $first, $last ]; + + last if (@table > $self->get_max_lines_per_item + 2) + } + + if (@table > 2) + { + $self->add_table( @table ); + + return 1; + } + + return 0; +} + + +#------------------------------------------------------------------------------ +# sub ports( this, min_count ) +# +# Output information on blocked ports. +# +# Parameters: +# this message object +# min_count only output blocked ports occurring at least this number of +# times +#------------------------------------------------------------------------------ + +sub ports( $$ ) +{ + my ($self, $min_count) = @_; + my @table; + + push @table, ['|', '|', '|', '|', '|']; + push @table, [ $Lang::tr{'port'}, $Lang::tr{'count'}, $Lang::tr{'percentage'}, $Lang::tr{'first'}, $Lang::tr{'last'} ]; + + my $stats = get_log( $self ); + + foreach my $port (sort { $$stats{'by_port'}{$b}{'count'} <=> $$stats{'by_port'}{$a}{'count'} || + ncmp( $b, $a ) } keys %{ $$stats{'by_port'} } ) + { + my $count = $$stats{'by_port'}{$port}{'count'}; + my $first = $$stats{'by_port'}{$port}{'first'}; + my $last = $$stats{'by_port'}{$port}{'last'}; + my $percent = int( 100 * $count / $$stats{'total'} + 0.5); + + last if ($count < $min_count); + + push @table, [ $port, $count, $percent, $first, $last ]; + } + + if (@table > 2) + { + $self->add_table( @table ); + + return 1; + } + + return 0; +} + + +#------------------------------------------------------------------------------ +# sub countries( this, min_count ) +# +# Output information on blocked countries. +# +# Parameters: +# this message object +# min_count only output blocked countries occurring at least this number of +# times +#------------------------------------------------------------------------------ + +sub countries( $$ ) +{ + my ($self, $min_count) = @_; + my @table; + + push @table, ['<', '|', '|', '|', '|']; + push @table, [ $Lang::tr{'country'}, $Lang::tr{'count'}, $Lang::tr{'percentage'}, $Lang::tr{'first'}, $Lang::tr{'last'} ]; + + my $stats = get_log( $self ); + + foreach my $country (sort { $$stats{'by_country'}{$b}{'count'} <=> $$stats{'by_country'}{$a}{'count'} } keys %{ $$stats{'by_country'} } ) + { + my $count = $$stats{'by_country'}{$country}{'count'}; + my $first = $$stats{'by_country'}{$country}{'first'}; + my $last = $$stats{'by_country'}{$country}{'last'}; + my $percent = int( 100 * $count / $$stats{'total'} + 0.5); + + last if ($count < $min_count); + + my $full_country = GeoIP::get_full_country_name( $country) || $country; + + push @table, [ $full_country, $count, $percent, $first, $last ]; + } + + if (@table > 2) + { + $self->add_table( @table ); + + return 1; + } + + return 0; +} + + +#------------------------------------------------------------------------------ +# sub reasons( this, min_count ) +# +# Output information on blocked reasons (the IPtable blocking the packet). +# +# Parameters: +# this message object +# min_count only output blocked reasons occurring at least this number of +# times +#------------------------------------------------------------------------------ + +sub reasons( $$ ) +{ + my ($self, $min_count) = @_; + my @table; + + push @table, ['<', '|', '|', '|', '|']; + push @table, [ $Lang::tr{'statusmail firewall reason'}, $Lang::tr{'count'}, $Lang::tr{'percentage'}, $Lang::tr{'first'}, $Lang::tr{'last'} ]; + + my $stats = get_log( $self ); + + foreach my $reason (sort { $$stats{'by_rule'}{$b}{'count'} <=> $$stats{'by_rule'}{$a}{'count'} } keys %{ $$stats{'by_rule'} } ) + { + my $count = $$stats{'by_rule'}{$reason}{'count'}; + my $first = $$stats{'by_rule'}{$reason}{'first'}; + my $last = $$stats{'by_rule'}{$reason}{'last'}; + my $percent = int( 100 * $count / $$stats{'total'} + 0.5); + + last if ($count < $min_count); + + push @table, [ $reason, $count, $percent, $first, $last ]; + } + + if (@table > 2) + { + $self->add_table( @table ); + + return 1; + } + + return 0; +} + +1;

Signed-off-by: Tim FitzGeorge ipfr@tfitzgeorge.me.uk --- config/rootfiles/packages/apcupsd | 1 + lfs/apcupsd | 2 +- lfs/statusmail | 2 +- src/statusmail/plugins/services_ups_apc.pm | 115 +++++++++++++++++++++++++++++ 4 files changed, 118 insertions(+), 2 deletions(-) create mode 100644 src/statusmail/plugins/services_ups_apc.pm

diff --git a/config/rootfiles/packages/apcupsd b/config/rootfiles/packages/apcupsd index b58ed2b47..bbd510884 100644 --- a/config/rootfiles/packages/apcupsd +++ b/config/rootfiles/packages/apcupsd @@ -33,3 +33,4 @@ srv/web/ipfire/cgi-bin/upsstats.cgi #usr/share/man/man8/apcupsd.8 etc/rc.d/init.d/apcupsd var/ipfire/menu.d/EX-apcupsd.menu +usr/lib/statusmail/plugins/services_ups_apc.pm diff --git a/lfs/apcupsd b/lfs/apcupsd index e9766bb57..c03ef6657 100644 --- a/lfs/apcupsd +++ b/lfs/apcupsd @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = apcupsd -PAK_VER = 6 +PAK_VER = 7

DEPS = ""

diff --git a/lfs/statusmail b/lfs/statusmail index 8ddf2df36..c57c3adab 100644 --- a/lfs/statusmail +++ b/lfs/statusmail @@ -65,7 +65,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) install -v -m 0644 $(DIR_APP)/statusmail/plugins/services_urlfilter.pm /usr/lib/statusmail/plugins/ install -v -m 0644 $(DIR_APP)/statusmail/plugins/services_intrusion_prevention_system.pm /usr/lib/statusmail/plugins/ # install -v -m 0644 $(DIR_APP)/statusmail/plugins/services_clamav.pm /usr/lib/statusmail/plugins/ -# install -v -m 0644 $(DIR_APP)/statusmail/plugins/services_ups_apc.pm /usr/lib/statusmail/plugins/ + install -v -m 0644 $(DIR_APP)/statusmail/plugins/services_ups_apc.pm /usr/lib/statusmail/plugins/

@rm -rf $(DIR_APP) @$(POSTBUILD) diff --git a/src/statusmail/plugins/services_ups_apc.pm b/src/statusmail/plugins/services_ups_apc.pm new file mode 100644 index 000000000..62483ec35 --- /dev/null +++ b/src/statusmail/plugins/services_ups_apc.pm @@ -0,0 +1,115 @@ +#!/usr/bin/perl + +############################################################################ +# # +# Send log and status emails for IPFire # +# # +# This is free software; you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation; either version 3 of the License, or # +# (at your option) any later version. # +# # +# This is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with IPFire; if not, write to the Free Software # +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # +# # +# Copyright (C) 2018 - 2019 The IPFire Team # +# # +############################################################################ + +use strict; +use warnings; + +require "${General::swroot}/lang.pl"; + +package Services_Apcups; + +############################################################################ +# BEGIN Block +# +# Register the log items available in this file +############################################################################ + +sub BEGIN +{ + main::add_mail_item( 'ident' => 'services-apcupsd-events', + 'section' => $Lang::tr{'services'}, + 'subsection' => 'APC UPS', + 'item' => $Lang::tr{'statusmail events'}, + 'function' => &events ); +} + +############################################################################ +# Code +############################################################################ + +#--------------------------------------------------------------------------- +# sub events( this ) +# +# Output apcupsd events +# +# Parameters: +# this message object +#--------------------------------------------------------------------------- + +sub events( $ ) +{ + my ($this) = @_; + my $line; + my @table; + + push @table, [$Lang::tr{'time'}, $Lang::tr{'statusmail event'}]; + + while ($line = $this->get_message_log_line) + { + next unless ($line); + next unless ($line =~ m/^(\w+\s+\d+ \d+:\d+:\d+) \S+ apcupsd[\d+]: (.*)/); + + push @table, [$1, $2]; + } + + if (@table > 1) + { + $this->add_table( @table ); + + return 1; + } + + return 0; +} + +# Known apcupsd messages +# At the moment none of them are ignored +# +# apcupsd exiting, signal %u +# apcupsd shutdown succeeded +# apcupsd error shutdown completed +# Ignoring --kill-on-powerfail since it is unsafe on Simple Signaling UPSes +# Could not open events file %s: %s +# apcupsd " APCUPSD_RELEASE " (" ADATE ") " APCUPSD_HOST " startup succeeded +# Power failure. +# Running on UPS batteries. +# Battery power exhausted. +# Reached run time limit on batteries. +# Battery charge below low limit. +# Reached remaining time percentage limit on batteries. +# Initiating system shutdown! +# Power is back. UPS running on mains. +# Users requested to logoff. +# Battery failure. Emergency. +# UPS battery must be replaced. +# Remote shutdown requested. +# Communications with UPS lost. +# Communications with UPS restored. +# UPS Self Test switch to battery. +# UPS Self Test completed. +# Mains returned. No longer on UPS batteries. +# Battery disconnected. +# Battery reattached. + +1;