From patchwork Mon Apr 27 14:31:18 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Tim FitzGeorge <ipfr@tfitzgeorge.me.uk>
X-Patchwork-Id: 3005
Return-Path: <development-bounces@lists.ipfire.org>
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (P-384)
	 client-signature ECDSA (P-384))
	(Client CN "mail01.haj.ipfire.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
	by web04.haj.ipfire.org (Postfix) with ESMTPS id 499nKp4DYKz3xQy
	for <patchwork@web04.haj.ipfire.org>; Mon, 27 Apr 2020 14:32:14 +0000 (UTC)
Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (P-384)
	 client-signature ECDSA (P-384))
	(Client CN "mail02.haj.ipfire.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
	by mail01.ipfire.org (Postfix) with ESMTPS id 499nKn6LRkz32M;
	Mon, 27 Apr 2020 14:32:13 +0000 (UTC)
Received: from mail02.haj.ipfire.org (localhost [127.0.0.1])
	by mail02.haj.ipfire.org (Postfix) with ESMTP id 499nKn5SD5z30GQ;
	Mon, 27 Apr 2020 14:32:13 +0000 (UTC)
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature ECDSA (P-384)
 client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mail02.haj.ipfire.org (Postfix) with ESMTPS id 499nKl3vgvz30GQ
 for <development@lists.ipfire.org>; Mon, 27 Apr 2020 14:32:11 +0000 (UTC)
Received: from smtp.hosts.co.uk (smtp.hosts.co.uk [85.233.160.19])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384)
 (Client did not present a certificate)
 by mail01.ipfire.org (Postfix) with ESMTPS id 499nKl2HMZz33L
 for <development@lists.ipfire.org>; Mon, 27 Apr 2020 14:32:11 +0000 (UTC)
Received: from [95.149.142.196] (helo=aragorn.hosts.co.uk.tfitzgeorge.me.uk)
 by smtp.hosts.co.uk with esmtpa (Exim)
 (envelope-from <ipfr@tfitzgeorge.me.uk>)
 id 1jT4nq-0003Z9-6t; Mon, 27 Apr 2020 15:32:11 +0100
From: Tim FitzGeorge <ipfr@tfitzgeorge.me.uk>
To: development@lists.ipfire.org
Subject: [PATCH v2 3/8] ipblacklist: WUI Log page
Date: Mon, 27 Apr 2020 15:31:18 +0100
Message-Id: <20200427143123.6378-4-ipfr@tfitzgeorge.me.uk>
X-Mailer: git-send-email 2.16.4
In-Reply-To: <20200427143123.6378-1-ipfr@tfitzgeorge.me.uk>
References: <20200427143123.6378-1-ipfr@tfitzgeorge.me.uk>
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;
 d=lists.ipfire.org;
 s=202003rsa; t=1587997931;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:in-reply-to:in-reply-to:references:references;
 bh=wzQ1lkU2y5TWlOlfyRMgpRFBFvLg4xqgU1rCRWL5ux0=;
 b=CkUesP1nsahMK9id0qPp7X3LqhBxsRAcIML0L8CLyYqDwg4bVoKZng3PfE0O1adRpQD65o
 K6tIJxwyI51snwKYXqYii4U56KoFaeASZgtP5V7wIHF9tLIxIoNyeEDn5VFkNQJvWz5jUT
 TlXoXepAIzwESqODE3IVQ5qNtVFiRzM66zds1vt/D4+aJSg6Y+0szBPHDPz/opnA9UbSSi
 MAhYd5Uq4E580Z9Bgiw1D8UvRi0myWhnVnB0lpXHNUvzl1ecFFfEdRbGHB9gNeM4Q/MM6B
 LY1H6AP/8SuBBp06LotVUlJTlpLrzaKOFNJciFJibEzJgx4oXQGQLqizKRTu4A==
ARC-Seal: i=1; s=202003rsa; d=lists.ipfire.org; t=1587997931; a=rsa-sha256;
 cv=none;
 b=SfdoiSyTdr3aTwHT6FfSW2E0kWifZqF77jS3SNZ9Xl30dNTftgcGRuHGt0d+pjRN9zrJQL
 g5Rv+KBn6sfJwscVqBiFmGhJikEqKYkNW3tmkJfjKthQjl1RdD4V3apIzebn+GIbP/5VoI
 E8GkQkXQ5jcONqlqbF7XGsjoMzlnDp81RqJ4Pf/dbM/xCJD69StBF52+dRT6pRVBTmlvgd
 zhmmkvJmFs8XrM2ODK6O1RcaxAsaoeCUOD42BfRDxeqKm6md7+cxvJCpyH/9aES8c9TC19
 BxD0RxX5JakHIDP7VTq5ab5KBi7ej3ac2QurVS6egscm5re0hjD7R2zxSkQvLQ==
ARC-Authentication-Results: i=1; mail01.ipfire.org; dkim=none; dmarc=none;
 spf=pass (mail01.ipfire.org: domain of ipfr@tfitzgeorge.me.uk designates
 85.233.160.19 as permitted sender) smtp.mailfrom=ipfr@tfitzgeorge.me.uk
Authentication-Results: mail01.ipfire.org; dkim=none; dmarc=none;
 spf=pass (mail01.ipfire.org: domain of ipfr@tfitzgeorge.me.uk designates
 85.233.160.19 as permitted sender) smtp.mailfrom=ipfr@tfitzgeorge.me.uk
X-Rspamd-Queue-Id: 499nKl2HMZz33L
X-Spamd-Result: default: False [-3.27 / 11.00]; RCVD_TLS_LAST(0.00)[];
 RCVD_VIA_SMTP_AUTH(0.00)[];
 RECEIVED_SPAMHAUS_PBL(0.00)[95.149.142.196:received];
 FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[];
 RWL_MAILSPIKE_GOOD(0.00)[85.233.160.19:from];
 R_SPF_ALLOW(-0.20)[+ip4:85.233.160.0/27];
 MIME_GOOD(-0.10)[text/plain];
 DMARC_NA(0.00)[tfitzgeorge.me.uk]; ARC_NA(0.00)[];
 ARC_SIGNED(0.00)[i=1]; TO_MATCH_ENVRCPT_SOME(0.00)[];
 MX_GOOD(-0.01)[]; RCPT_COUNT_TWO(0.00)[2];
 MID_CONTAINS_FROM(1.00)[]; NEURAL_HAM(-0.94)[-0.942];
 IP_REPUTATION_SPAM(0.01)[asn: 8622(0.00), country: GB(0.01), ip:
 85.233.160.19(0.00)]; FROM_EQ_ENVFROM(0.00)[];
 R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+];
 ASN(0.00)[asn:8622, ipnet:85.233.160.0/19, country:GB];
 RCVD_COUNT_TWO(0.00)[2]; BAYES_HAM(-2.93)[99.68%];
 RCVD_IN_DNSWL_LOW(-0.10)[85.233.160.19:from]
X-Rspamd-Server: mail01.haj.ipfire.org
X-BeenThere: development@lists.ipfire.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IPFire development talk <development.lists.ipfire.org>
List-Unsubscribe: <https://lists.ipfire.org/mailman/options/development>,
 <mailto:development-request@lists.ipfire.org?subject=unsubscribe>
List-Archive: <http://lists.ipfire.org/pipermail/development/>
List-Post: <mailto:development@lists.ipfire.org>
List-Help: <mailto:development-request@lists.ipfire.org?subject=help>
List-Subscribe: <https://lists.ipfire.org/mailman/listinfo/development>,
 <mailto:development-request@lists.ipfire.org?subject=subscribe>
Errors-To: development-bounces@lists.ipfire.org
Sender: "Development" <development-bounces@lists.ipfire.org>

Signed-off-by: Tim FitzGeorge <ipfr@tfitzgeorge.me.uk>
---
 html/cgi-bin/logs.cgi/ipblacklists.dat | 363 +++++++++++++++++++++++++++++++++
 1 file changed, 363 insertions(+)
 create mode 100755 html/cgi-bin/logs.cgi/ipblacklists.dat

diff --git a/html/cgi-bin/logs.cgi/ipblacklists.dat b/html/cgi-bin/logs.cgi/ipblacklists.dat
new file mode 100755
index 000000000..9b8db7062
--- /dev/null
+++ b/html/cgi-bin/logs.cgi/ipblacklists.dat
@@ -0,0 +1,363 @@
+#!/usr/bin/perl
+#
+# SmoothWall CGIs
+#
+# This code is distributed under the terms of the GPL
+#
+# JC HERITIER
+# page inspired from the initial firewalllog.dat
+#
+# Modified for IPFire by Christian Schmidt
+#	                    and Michael Tremer (www.ipfire.org)
+
+use strict;
+use Getopt::Std;
+
+# enable only the following on debugging purpose
+#use warnings;
+#use CGI::Carp 'fatalsToBrowser';
+
+require '/var/ipfire/general-functions.pl';
+require "${General::swroot}/geoip-functions.pl";
+require "${General::swroot}/lang.pl";
+require "${General::swroot}/header.pl";
+
+use POSIX();
+
+my %cgiparams=();
+my $errormessage = '';
+
+my @shortmonths = ( 'Jan', 'Feb', 'Mar', 'Apr', 'May', 'Jun', 'Jul', 'Aug',
+	'Sep', 'Oct', 'Nov', 'Dec' );
+my @longmonths = ( $Lang::tr{'january'}, $Lang::tr{'february'}, $Lang::tr{'march'},
+	$Lang::tr{'april'}, $Lang::tr{'may'}, $Lang::tr{'june'}, $Lang::tr{'july'}, $Lang::tr{'august'},
+	$Lang::tr{'september'}, $Lang::tr{'october'}, $Lang::tr{'november'},
+	$Lang::tr{'december'} );
+
+my @now = localtime();
+my $dow = $now[6];
+my $doy = $now[7];
+my $tdoy = $now[7];
+my $year = $now[5]+1900;
+
+$cgiparams{'DAY'} = $now[3];
+$cgiparams{'MONTH'} = $now[4];
+$cgiparams{'ACTION'} = '';
+
+&Header::getcgihash(\%cgiparams);
+
+my $start = -1;
+if ($ENV{'QUERY_STRING'} && $cgiparams{'ACTION'} ne $Lang::tr{'update'})
+{
+	my @temp = split(',',$ENV{'QUERY_STRING'});
+	$start = $temp[0];
+	$cgiparams{'MONTH'} = $temp[1];
+	$cgiparams{'DAY'} = $temp[2];
+}
+
+if (!($cgiparams{'MONTH'} =~ /^(0|1|2|3|4|5|6|7|8|9|10|11)$/) ||
+    !($cgiparams{'DAY'} =~ /^(1|2|3|4|5|6|7|8|9|10|11|12|13|14|15|16|17|18|19|20|21|22|23|24|25|26|27|28|29|30|31)$/))
+{
+	$cgiparams{'DAY'} = $now[3];
+	$cgiparams{'MONTH'} = $now[4];
+}
+elsif($cgiparams{'ACTION'} eq '>>')
+{
+	my @temp_then=();
+	my @temp_now = localtime(time);
+	$temp_now[4] = $cgiparams{'MONTH'};
+	$temp_now[3] = $cgiparams{'DAY'};
+	@temp_then = localtime(POSIX::mktime(@temp_now) + 86400);
+	## Retrieve the same time on the next day -
+	## 86400 seconds in a day
+	$cgiparams{'MONTH'} = $temp_then[4];
+	$cgiparams{'DAY'} = $temp_then[3];
+}
+elsif($cgiparams{'ACTION'} eq '<<')
+{
+	my @temp_then=();
+	my @temp_now = localtime(time);
+	$temp_now[4] = $cgiparams{'MONTH'};
+	$temp_now[3] = $cgiparams{'DAY'};
+	@temp_then = localtime(POSIX::mktime(@temp_now) - 86400);
+	## Retrieve the same time on the previous day -
+	## 86400 seconds in a day
+	$cgiparams{'MONTH'} = $temp_then[4];
+	$cgiparams{'DAY'} = $temp_then[3];
+}
+
+if (($cgiparams{'DAY'} ne $now[3]) || ($cgiparams{'MONTH'} ne $now[4]))
+{
+	my @then = ();
+	if ( (  $cgiparams{'MONTH'} eq $now[4]) && ($cgiparams{'DAY'} > $now[3]) ||
+	     ( $cgiparams{'MONTH'} > $now[4] ) ) {
+		@then = localtime(POSIX::mktime( 0, 0, 0, $cgiparams{'DAY'}, $cgiparams{'MONTH'}, $year - 1901 ));
+	} else {
+		@then = localtime(POSIX::mktime( 0, 0, 0, $cgiparams{'DAY'}, $cgiparams{'MONTH'}, $year - 1900 ));
+	}
+	$tdoy = $then[7];
+	my $lastleap=($year-1)%4;
+	if ($tdoy>$doy) {
+		if ($lastleap == 0 && $tdoy < 60) {
+			$doy=$tdoy+366;
+		} else {
+			$doy=$doy+365;
+		}
+	}
+}
+
+my $datediff=0;
+my $dowd=0;
+my $multifile=0;
+if ($tdoy ne $doy) {
+	$datediff=int(($doy-$tdoy)/7);
+	$dowd=($doy-$tdoy)%7;
+	if (($dow-$dowd)<1) {
+		$datediff=$datediff+1;
+	}
+	if (($dow-$dowd)==0) {
+		$multifile=1;
+	}
+}
+
+my $monthstr = $shortmonths[$cgiparams{'MONTH'}];
+my $longmonthstr = $longmonths[$cgiparams{'MONTH'}];
+my $day = $cgiparams{'DAY'};
+my $daystr='';
+if ($day <= 9) {
+	$daystr = " $day"; }
+else {
+	$daystr = $day;
+}
+
+my %lists;
+my %directions;
+my %sources = ();
+my %settings = ();
+&General::readhash("${General::swroot}/ipblacklist/settings", \%settings);
+eval qx|/bin/cat /var/ipfire/ipblacklist/sources|;
+
+foreach my $blacklist (keys %sources)
+{
+	$lists{$blacklist} = {} if ($settings{$blacklist} eq 'on');
+}
+
+my $skip=0;
+my $filestr='';
+if ($datediff==0) {
+	$filestr="/var/log/messages";
+} else {
+	$filestr="/var/log/messages.$datediff";
+	$filestr = "$filestr.gz" if -f "$filestr.gz";
+}
+
+if (!(open (FILE,($filestr =~ /.gz$/ ? "gzip -dc $filestr |" : $filestr)))) {
+	$errormessage = "$Lang::tr{'date not in logs'}: $filestr $Lang::tr{'could not be opened'}";
+	$skip=1;
+	# Note: This is in case the log does not exist for that date
+}
+
+my $lines = 0;
+my $directions = 0;
+
+if (!$skip)
+{
+	while (<FILE>)
+	{
+		if (/^${monthstr} ${daystr} ..:..:.. [\w\-]+ kernel:.*BLKLST_(\w+)\s*IN=(\w*)/)
+		{
+			my $list = $1;
+
+			if ($2 =~ m/ppp|red/)
+			{
+				$lists{$list}{in}++;
+				$directions{in}++;
+			}
+			else
+			{
+				$lists{$list}{out}++;
+				$directions{out}++;
+			}
+
+			$lines++;
+		}
+
+	}
+	close (FILE);
+}
+
+if ($multifile) {
+	$datediff=$datediff-1;
+	if ($datediff==0) {
+		$filestr="/var/log/messages";
+	} else {
+		$filestr="/var/log/messages.$datediff";
+		$filestr = "$filestr.gz" if -f "$filestr.gz";
+	}
+	if (!(open (FILE,($filestr =~ /.gz$/ ? "gzip -dc $filestr |" : $filestr)))) {
+		$errormessage="$Lang::tr{'date not in logs'}: $filestr $Lang::tr{'could not be opened'}";
+		$skip=1;
+	}
+	if (!$skip) {
+		while (<FILE>) {
+			if (/^${monthstr} ${daystr} ..:..:.. [\w\-]+ kernel:.*BLKLST_(\w+)\s*IN=(\w+)/)
+			{
+				my $list = $1;
+
+				if ($2 =~ m/ppp|red/)
+				{
+					$lists{$list}{in}++;
+					$directions{in}++;
+				}
+				else
+				{
+					$lists{$list}{out}++;
+					$directions{out}++;
+				}
+
+				$lines++;
+			}
+		}
+		close (FILE);
+	}
+}
+
+my $MODNAME="fwlogs";
+
+&Header::showhttpheaders();
+&Header::openpage($Lang::tr{'ipblacklist logs'}, 1, '');
+&Header::openbigbox('100%', 'left', '', $errormessage);
+
+
+if ($errormessage) {
+	&Header::openbox('100%', 'left', $Lang::tr{'error messages'});
+	print "<font class='base'>$errormessage&nbsp;</font>\n";
+	&Header::closebox();
+}
+
+&Header::openbox('100%', 'left', "$Lang::tr{'settings'}");
+
+print <<END
+<form method='post' action='$ENV{'SCRIPT_NAME'}'>
+<table width='100%'>
+<tr>
+	<td width='10%' class='base'>$Lang::tr{'month'}:&nbsp;</td>
+	<td width='10%'>
+	<select name='MONTH'>
+END
+;
+my $month;
+for ($month = 0; $month < 12; $month++)
+{
+	print "\t<option ";
+	if ($month == $cgiparams{'MONTH'}) {
+		print "selected='selected' ";
+	}
+	print "value='$month'>$longmonths[$month]</option>\n";
+}
+print <<END
+	</select>
+	</td>
+	<td width='10%' class='base' align='right'>&nbsp;$Lang::tr{'day'}:&nbsp;</td>
+	<td width='40%'>
+	<select name='DAY'>
+END
+;
+for ($day = 1; $day <= 31; $day++)
+{
+	print "\t<option ";
+	if ($day == $cgiparams{'DAY'}) {
+		print "selected='selected' ";
+	}
+	print "value='$day'>$day</option>\n";
+}
+
+print <<END
+</select>
+</td>
+<td width='5%'  align='center'><input type='submit' name='ACTION' title='$Lang::tr{'day before'}' value='&lt;&lt;' /></td>
+<td width='5%'  align='center'><input type='submit' name='ACTION' title='$Lang::tr{'day after'}' value='&gt;&gt;' /></td>
+<td width='20%' align='right'><input type='submit' name='ACTION' value='$Lang::tr{'update'}' /></td>
+</tr>
+</table>
+</form>
+END
+;
+
+&Header::closebox();
+
+&Header::openbox('100%', 'left', $Lang::tr{'firewall log'});
+print "<p><b>$Lang::tr{'ipblacklist hits'} $longmonthstr $daystr: $lines</b></p>";
+
+my %color = ();
+my %mainsettings = ();
+&General::readhash("${General::swroot}/main/settings", \%mainsettings);
+&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color);
+
+my @lists = sort keys (%lists);
+
+print <<END
+<table width='100%' class='tbl'>
+<tr>
+<th align='center' class='boldbase' rowspan='2'></th>
+<th align='left'   class='boldbase' rowspan='2'><b>$Lang::tr{'ipblacklist id'}</b></th>
+<th align='left'   class='boldbase' rowspan='2'><b>$Lang::tr{'ipblacklist category'}</b></th>
+<th align='center' class='boldbase' colspan='2'><b>$Lang::tr{'ipblacklist input'}</b></th>
+<th align='center' class='boldbase' colspan='2'><b>$Lang::tr{'ipblacklist output'}</b></th>
+</tr>
+<tr>
+<th align='center' class='boldbase'>$Lang::tr{'count'}</th>
+<th align='center' class='boldbase'>$Lang::tr{'percentage'}</th>
+<th align='center' class='boldbase'>$Lang::tr{'count'}</th>
+<th align='center' class='boldbase'>$Lang::tr{'percentage'}</th>
+</tr>
+END
+;
+
+$lines = 0;
+my $lists = join ',', @lists;
+
+foreach my $list (@lists)
+{
+	my $col = ($lines++ % 2) ? "bgcolor='$color{'color20'}'" : "bgcolor='$color{'color22'}'";
+	my $category = exists( $sources{$list}) ? $Lang::tr{"ipblacklist category $sources{$list}{'category'}"} : '&nbsp;';
+
+	print "<tr>";
+
+	print "<td align='center' $col><form method='post' action='showrequestfromblacklist.dat'><input type='hidden' name='MONTH' value='$cgiparams{'MONTH'}'> <input type='hidden' name='DAY' value='$cgiparams{'DAY'}'> <input type='hidden' name='blacklist' value='$list'><input type='hidden' name='blacklists' value='$lists'> <input type='submit' value='$Lang::tr{'details'}'></form></td>";
+
+	if (exists($sources{$list}) and $sources{$list}{'info'})
+	{
+		print "<td $col><a href='$sources{$list}{info}' target='_blank'>$list</a></td>";
+	}
+	else
+	{
+		print "<td $col>$list</td>";
+	}
+
+	print "<td $col>$category</td>";
+
+	foreach my $direction ('in', 'out')
+	{
+		my $count   = $lists{$list}{$direction} || 0;
+		my $percent = $directions{$direction} > 0 ? $count * 100 / $directions{$direction} : 0;
+		$percent = sprintf("%.f", $percent);
+		print "<td align='center' class='boldbase' $col>$count</th>";
+		print "<td align='center' class='boldbase' $col>$percent%</th>";
+	}
+
+	print "</tr>";
+}
+print <<END
+</table>
+END
+;
+
+&Header::closebox();
+&Header::closebigbox();
+&Header::closepage();
+
+sub checkversion {
+	#Automatic Updates is disabled
+	return "0","0";
+}