michel/smeserver-xt_geoip
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Initial commit - v1.3.1-18

Browse Source
This commit is contained in:
Mab 974
2023-02-06 23:04:43 +04:00
commit 26f1ecc659
62 changed files with 10622 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

603
source/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/xt_geoip.pm Normal file
View File

@@ -0,0 +1,603 @@
#!/usr/bin/perl -w
#-------------------------------------------
# Copyright (c) Michel Begue 2017
# Xt_GeoIP Administration panel
#-------------------------------------------
package esmith::FormMagick::Panel::xt_geoip;
use strict;
#use warnings;
use esmith::FormMagick;
use esmith::ConfigDB;
use esmith::util;
use esmith::cgi;
use File::Basename;
use Exporter;
use POSIX qw(strftime);
our @ISA = qw(esmith::FormMagick Exporter);
our @EXPORT = qw(
otherServices
do_otherServices
get_prop
get_value
get_badcountries
get_geoip
get_stat_license_key
get_reverse
print_service_table
get_stat_geoip
print_custom_button
generateStats
get_srv_name
get_srv_badcountries
remove_serv
modify_serv
srv_must_exist
get_date_update
change_settings
must_exist
);
our $VERSION = sprintf '%d.%03d', q$Revision: 1.1 $ =~ /: (\d+).(\d+)/;
our $db = esmith::ConfigDB->open || die "Couldn't open ConfigDB\n";
=pod
=head1 NAME
esmith::FormMagick::Panels::xt_geoip - Panel providing countries codes,
enable and update base actions.
=head1 SYNOPSYS
use esmith::FormMagick::Panel::xt_geoip;
my $panel = esmith::FormMagick::Panel::xt_geoip->new;
$panel->display();
=head1 DESCRIPTION
xt_geoip (xtables-addons geoip) install a base of IPs by country.
This panel provides a 'non-commandline' form to enter selected countries codes
for filtering, to enable-disable the fonctionnality and update the base of IPs.
=cut
# {{{ new
=head2 new()
Exactly as for esmith::FormMagick
=begin testing
$ENV{ESMITH_CONFIG_DB} = "10e-smith-base/configuration.conf"
use_ok('esmith::FormMagick::Panel::xt_geoip');
use vars qw($panel);
ok($panel = esmith::FormMagick::Panel::xt_geoip->new(), "Create panel object");
isa_ok($panel, 'esmith::FormMagick::Panel::xt_geoip');
=end testing
=cut
sub new
{
shift;
my $self = esmith::FormMagick->new();
$self->{calling_package} = (caller)[0];
bless $self;
# $self->debug(1);
return $self;
}
=head2 get_prop
=cut
sub get_prop
{
my $fm = shift if (ref($_[0]) );
my $item = shift;
my $prop = shift;
my $record = $db->get($item);
if ($record) {
return $record->prop($prop);
}
else {
return '';
}
}
=head2 get_value
=cut
sub get_value
{
my $fm = shift;
my $item = shift;
my $record = $db->get($item);
#return ($db->get("masq")->prop($item));
if ($record) {
return $record->value();
}
else {
return '';
}
}
=head2 get_badcountries
method to retrieve the value of "badcountries" for the form
=cut
sub get_badcountries
{
my $self = shift;
my $full = shift;
my $badc=$db->get_prop("masq", "BadCountries")||"";
return $badc unless $full ;
my $rev = (($db->get_prop("masq", "XTGeoipRev")||"disabled") eq "enabled") ? "!=" : "==";
return "$rev $badc ";
}
=head2 get_geoip
method to retrieve the value of geoip for the form
=cut
sub get_geoip
{
return $db->get_prop("masq", "GeoIP") || 'disabled';
}
=head2 get_reverse
method to retrieve the value of geoip for the form
=cut
sub get_reverse
{
my $fm = shift;
my $item = shift;
my $prop = shift;
$item = ($item eq 'masq') ? $item : $fm->cgi->param('name');
return $db->get_prop("$item", "$prop") || "disabled";
}
=head2 get_stat_geoip
method to retrieve the status of geoip (module and filtering) for the form
=cut
sub get_stat_geoip
{
my $fm = shift;
if ( system ( "/bin/test -f /lib/modules/`/bin/uname -r`/weak-updates/xtables-addons/xt_geoip.ko") != 0 ) {
return $fm->localise('ERROR_MISSING_MODULE');
} elsif ( system ( "/sbin/lsmod | grep 'xt_geoip' > /dev/null") != 0 ) {
return $fm->localise('ERROR_UNLOADED_MODULE');
} elsif ( get_geoip() eq 'enabled' && system ( "/sbin/iptables -L -n | grep 'XTGeoIP' > /dev/null") != 0 ) {
return $fm->localise('ERROR_FILTER_CHAIN_MISSING');
} else {
return '';
}
}
=head2 get_stat_license_key
method to retrieve the status of geoip license_key for the site
=cut
sub get_stat_license_key {
my $fm = shift;
if ((get_prop( 'geoip','status' ) || 'disabled') eq 'enabled' ) {
if ( (get_prop( 'geoip','LicenseKey' ) || '') ne '' ) {
return '';
}
}
return $fm->localise('ERROR_LICENSE_KEY');
}
=head2 get_date_update
=cut
sub get_date_update
{
my $file = "/usr/share/xt_geoip/LE/A1.iv4";
my $filetime = ( -e $file ) ? (stat($file))[9] : 0;
return strftime("%Y/%m/%d %H:%M", localtime( $filetime )) || '';
}
=head2 change_settings
Sub to change settings as per user input in the panel
=cut
sub change_settings
{
my $self = shift;
my $q = $self->{'cgi'};
my $mq_bc = get_badcountries();
my $mq_gp = get_geoip();
my $masq = $db->get('masq') || "disabled";
my $mq_rv = $masq->prop('XTGeoipRev') || 'disabled';
my $mq_ot = $masq->prop('XTGeoipOther') || 'disabled';
my $n_mq_bc = $q->param("masq_badcountries");
my $n_mq_gp = $q->param("masq_geoip") || $mq_gp;
my $n_upd_gp = $q->param("update_geoip") || '';
my $n_mq_rv = $q->param("masq_reverse") || $mq_rv ;
my $n_mq_ot = $q->param("masq_others") || $mq_ot ;
if (($n_mq_bc eq $mq_bc) && ($n_mq_gp eq $mq_gp) && ($n_upd_gp eq 'NO') && ($n_mq_rv eq $mq_rv) && ($n_mq_ot eq $mq_ot)) {
return $self->success("NO_CHANGE")
}
$db->set_prop("masq", "BadCountries", $n_mq_bc);
$db->set_prop("masq", "GeoIP", $n_mq_gp);
$db->set_prop("masq", "XTGeoipRev", $n_mq_rv);
$db->set_prop("masq", "XTGeoipOther", $n_mq_ot);
my $eventloc = "xt_geoip-modify";
$eventloc = "xt_geoip-update" if $n_upd_gp eq 'YES';
unless ( system ( "/sbin/e-smith/signal-event", $eventloc ) == 0 )
{
$self->error("ERROR_UPDATING");
return undef;
}
return $self->success("SUCCESS");
}
=head2 valid_badcountries
subroutine to validate countries.
=cut
sub must_exist
{
my $self = shift;
my $q = $self->{cgi};
my $listerr = "";
my @mq_bcs = split /[,:]/, $q->param("masq_badcountries");
if (@mq_bcs) {
my $ctr = @mq_bcs;
return $self->localise('ERROR_COUNTRY_MAX: {$ctr}', {ctr=> "$ctr"}) if ($ctr > 50);
foreach my $bcs (@mq_bcs) {
my $file = "/usr/share/xt_geoip/LE/" . $bcs . ".iv4";
if (! -f $file) { $listerr .= $bcs . ","; }
}
return $self->localise('ERR_COUNTRY_NOT_EXIST: {$listerr}', {listerr=> "$listerr"}) if $listerr;
}
return 'OK';
}
#Subroutine to display buttons
sub print_custom_button
{
my ($fm,$desc,$url,$type) = @_;
my $q = $fm->{cgi};
$url="xt_geoip?page=0&page_stack=&Next=Next&type=".$type."&wherenext=".$url;
print " <tr>\n <td colspan='2'>\n";
print $q->p($q->a({href => $url, -class => "button-like"},$fm->localise($desc)));
print qq(</tr>\n);
return undef;
}
#Subroutine to list statistics
sub generateStats
{
my $self = shift;
my $q = $self->{cgi};
$self->turn_off_buttons();
# Untaint $name before use in system()
my $stats_type = $q->param ('type');
$stats_type =~ /(.+)/; $stats_type = $1;
if ($stats_type ne "ipt" && $stats_type ne "ssh" && $stats_type ne "f2b")
{
print $q->p($q->b($self->localise('INVALID_STATS_TYPE')." ".
$stats_type));
return '';
} else {
# my $now_string = $self->gen_locale_date_string();
my $file = "/var/lib/xt_geoip/extA_" . $stats_type . "_country.lst";
my $filetime = ( -e $file ) ? (stat($file))[9] : 0;
my $date_string = strftime("%Y/%m/%d %H:%M", localtime( $filetime )) || '';
print $q->h3($self->localise('STATS_GENERATED'), "[", $stats_type, "]", $date_string);
open( XTGEOIPSTATS, $file );
print "<pre>\n";
while (<XTGEOIPSTATS>)
{
print;
}
close XTGEOIPSTATS;
print "</pre>\n";
print $q->h3($self->localise('END_OF_STATS'));
#$self->wherenext('First');
return '';
}
}
sub get_srv_name
{
my ($self) = @_;
return $self->cgi->param('name');
}
sub get_srv_badcountries
{
my $self = shift;
my $name = $self->cgi->param('name');
my $full = shift;
my $badc=$db->get_prop($name, "BadCountries")||"";
return $badc unless $full ;
my $rev = (($db->get_prop($name, "XTGeoipRev")||"disabled") eq "enabled") ? "!=" : "==";
return "$rev $badc ";
}
sub print_service_table {
my $self = shift;
my $q = $self->{cgi};
my $servname = $self->localise('NAME');
my $port = $self->localise('PORT');
my $status = $self->localise('STATUS');
my $access = $self->localise('ACCESS');
my $servBC = $self->localise('BADCOUNTRIES');
my $modify = $self->localise('MODIFY');
my $remove = $self->localise('REMOVE');
my $action_h = $self->localise('ACTION');
my @services = split(/,/, $db->get_prop("masq", "XtServices"));
#my @services = ('imaps','pop3s','sshd','ftp','ssmtpd');
unless ( scalar @services )
{
print $q->Tr($q->td($self->localise('NO_SERVICES')));
return "";
}
print $q->start_table({-CLASS => "sme-border"}),"\n";
print $q->Tr (
esmith::cgi::genSmallCell($q, $servname,"header"),
esmith::cgi::genSmallCell($q, $port,"header"),
esmith::cgi::genSmallCell($q, $status,"header"),
esmith::cgi::genSmallCell($q, $access,"header"),
esmith::cgi::genSmallCell($q, $servBC,"header"),
esmith::cgi::genSmallCell($q, $action_h,"header", 2)),"\n";
my $scriptname = basename($0);
foreach my $servname (@services)
{
my $i = $db->get($servname);
next if not defined $i;
my $port = $i->prop('TCPPort');
my $status = $i->prop('status');
my $access = $i->prop('access');
my $servBC = $i->prop('BadCountries') || ' ';
my $servRev = (( $i->prop('XTGeoipRev')|| 'disabled') eq 'disabled' )? '==': '!=';
my $params = $self->build_serv_cgi_params($servname, $i->props());
my $href = "$scriptname?$params&action=modify&wherenext=";
my $actionModify = '&nbsp;';
$actionModify .= $q->a({href => "${href}SrvModify"},$modify)
. '&nbsp;';
my $actionRemove = '&nbsp;';
$actionRemove .= $q->a({href => "${href}SrvRemove"}, $remove)
. '&nbsp';
my $color = 'red';
my $deco= "none";
if ($servRev eq '!=' ) { $color = 'green'; }
if ($status eq 'disabled' || $access ne 'public') { $color = 'grey'; $deco= "line-through"; }
print $q->Tr (
esmith::cgi::genSmallCell($q, $servname,"normal"),
esmith::cgi::genSmallCell($q, $port,"normal"),
esmith::cgi::genSmallCell($q, $status,"normal"),
esmith::cgi::genSmallCell($q, $access,"normal"),
esmith::cgi::genSmallCell($q, "<font color='$color' style='text-decoration: $deco'>" . "$servRev $servBC" . "</font>","normal"),
esmith::cgi::genSmallCell($q, $actionModify,"normal"),
esmith::cgi::genSmallCell($q, $actionRemove,"normal"));
}
print $q->end_table,"\n";
return "";
}
sub build_serv_cgi_params {
my ($self, $servname, %oldprops) = @_;
my %props = (
page => 0,
page_stack => "",
name => $servname,
);
return $self->props_to_query_string(\%props);
}
sub remove_serv {
my ($self) = @_;
my $name = $self->cgi->param('name');
if (my $serv = $db->get($name)) {
my $servBC = $serv->prop('BadCountries') || '';
if ($servBC ne '') {
my $tps = $db->set_prop_and_delete($name, "BadCountries");
$tps = $db->get_prop_and_delete($name, "XTGeoipRev");
# Untaint $name before use in system()
# $name =~ /(.+)/; $name = $1;
if (system ("/sbin/e-smith/signal-event", "xt_geoip-service") == 0)
{
return $self->success("SUCCESSFULLY_DELETED_SERVICE");
} else {
return $self->error("ERROR_WHILE_DELETING_SERVICE");
}
} else {
return $self->success('NO_CHANGE');
}
} else {
$self->error('CANT_FIND_SERV');
}
$self->wherenext('First');
}
sub modify_serv {
my ($self) = @_;
my $name = $self->cgi->param('name');
if (my $serv = $db->get($name)) {
my $servBC = $serv->prop('BadCountries') || '';
my $servRev = $serv->prop('XTGeoipRev') || 'disabled';
my $q = $self->{'cgi'};
my $n_servBC = $q->param("masq_srv_badcountries");
my $n_servRev = $q->param("masq_srv_reverse") || $servRev;
if ($n_servBC eq $servBC && $n_servRev eq $servRev ) {
return $self->success("NO_CHANGE")
}
$db->set_prop($name, "BadCountries", $n_servBC);
$db->set_prop($name, "XTGeoipRev", $n_servRev);
if (system ( "/sbin/e-smith/signal-event", "xt_geoip-service" ) == 0 )
{
return $self->success("SUCCESS");
} else {
return $self->error("ERROR_UPDATING");
}
} else {
$self->error('CANT_FIND_SERV');
}
$self->wherenext('First');
}
sub srv_must_exist
{
my $self = shift;
my $q = $self->{cgi};
my $listerr = "";
my @mq_bcs = split /[,:]/, $q->param("masq_srv_badcountries");
if (@mq_bcs) {
my $ctr = @mq_bcs;
return $self->localise('ERROR_COUNTRY_MAX: {$ctr}', {ctr=> "$ctr"}) if ($ctr > 50);
foreach my $bcs (@mq_bcs) {
my $file = "/usr/share/xt_geoip/LE/" . $bcs . ".iv4";
if (! -f $file) { $listerr .= $bcs . ","; }
}
return $self->localise('ERR_COUNTRY_NOT_EXIST: {$listerr}', {listerr=> "$listerr"}) if $listerr;
}
return 'OK';
}
#Subroutine to list counries codes
sub generateCodes
{
my $self = shift;
my $q = $self->{cgi};
$self->turn_off_buttons();
my $file = "/usr/share/xt_geoip/geoip_countries_list.txt";
unless ( -e $file ) {
print $q->p($q->b($self->localise('INVALID_CODES_LIST')));
return '';
}
print $q->h3($self->localise('COUNTRY_LIST'));
open( XTGEOIPCODES, $file );
print "<pre>\n";
while (<XTGEOIPCODES>)
{
print;
}
close XTGEOIPCODES;
print "</pre>\n";
print $q->h3($self->localise('END_OF_CODES'));
return '';
}
#Subroutine to list other services codes
sub otherServices
{
my ($self, $choice) = @_;
my %serv_ok = map { $_ => 1} split(/,/, $db->get_prop("masq", "XtServices"));
# unless $choice eq 'all';
my @serv_others = ();
for ($db->get_all_by_prop(type => 'service'))
{
next unless $_->prop('TCPPort');
# if ( $_->prop('TCPPort')) {
# push @serv_others, $_->key unless exists( $serv_ok{$_->key});
push @serv_others, $_->key unless $choice eq 'sel' and not exists( $serv_ok{$_->key});
# }
}
return \@serv_others;
}
#Subroutine to update list services codes
sub do_otherServices
{
my $self = shift;
my $q = $self->{'cgi'};
my @selected = $q->param('SelectedServices');
my $serv1 = ($db->get_prop("masq", "XtServices")) || '';
my $serv2 = join( ',', @selected);
$self->wherenext('First');
return $self->success("NO_CHANGE") if ( $serv1 eq $serv2);
$db->set_prop("masq", "XtServices", $serv2);
return $self->success("SUCCESS");
}
1;

561
source/root/usr/share/smanager/lib/SrvMngr/Controller/Xt_geoip.pm Normal file
View File

@@ -0,0 +1,561 @@
package SrvMngr::Controller::Xt_geoip;
#----------------------------------------------------------------------
# heading : Security
# description : GeoIP IP filtering
# navigation : 5000 5610
# name : xt_geoip, method : get, url : /xt_geoip, ctlact : Xt_geoip#main
# name : xt_geoipd, method : post, url : /xt_geoip, ctlact : Xt_geoip#do_display
# name : xt_geoipc, method : get, url : /xt_geoipb, ctlact : Xt_geoip#do_display
# name : xt_geoipu, method : post, url : /xt_geoipb, ctlact : Xt_geoip#do_action
#
# routes : end
#----------------------------------------------------------------------
use strict;
use warnings;
use Mojo::Base 'Mojolicious::Controller';
use POSIX qw(strftime);
use Locale::gettext;
use SrvMngr::I18N;
use SrvMngr qw( theme_list init_session );
our $cdb = esmith::ConfigDB->open() or die "Couldn't open ConfigDB\n";
sub main {
my $c = shift;
$c->app->log->info($c->log_req);
my $title = $c->render_to_string(inline =>($c->l('xtg_FORM_TITLE')));
my %xtg_datas = ();
$xtg_datas{'choice'} = '';
$c->stash( title => $title, xtg_datas => \%xtg_datas);
$c->render('xt_geoip');
};
sub do_display {
my $c = shift;
$c->app->log->info($c->log_req);
my $title = $c->render_to_string(inline =>($c->l('xtg_FORM_TITLE')));
my $choice = $c->param('Choice');
my $result;
my %xtg_datas = ();
$xtg_datas{'choice'} = $choice;
if ( $choice eq 'LCOD' ) {
$result = $c->generateCodes();
# $c->stash( title => $title, modul => $result, xtg_datas => \%xtg_datas );
# return $c->render('xt_geoip_lst');
};
if ( $choice eq 'LF2B' ) {
$result = $c->generateStats( 'f2b' );
# $result = $c->render_to_string(inline => generateStats($c, 'f2b'));
# $c->stash( title => $title, modul => $result, xtg_datas => \%xtg_datas );
# return $c->render('xt_geoip_lst');
};
if ( $choice eq 'LSSH' ) {
$result = $c->generateStats( 'ssh' );
# $result = $c->render_to_string(inline => generateStats($c, 'ssh'));
# $c->stash( title => $title, modul => $result, xtg_datas => \%xtg_datas );
# return $c->render('xt_geoip_lst');
};
if ( $choice eq 'LIPT' ) {
$result = $c->generateStats( 'ipt' );
# $c->stash( title => $title, modul => $result, xtg_datas => \%xtg_datas );
# return $c->render('xt_geoip_lst');
};
if ( $choice eq 'LSRV' ) {
# $c->stash( title => $title, xtg_datas => \%xtg_datas );
# return $c->render('xt_geoip_lsrv');
}
if ( $choice eq 'UPDT' ) {
# $c->stash( title => $title, xtg_datas => \%xtg_datas );
# return $c->render('xt_geoip_updt');
}
if ( $choice eq 'UPDS' ) {
$xtg_datas{name} = $c->param('Name');
# $c->stash( title => $title, xtg_datas => \%xtg_datas );
# return $c->render('xt_geoip_upds');
}
if ( $choice eq 'REMS' ) {
$xtg_datas{name} = $c->param('Name');
# $c->stash( title => $title, xtg_datas => \%xtg_datas );
# return $c->render('xt_geoip_rems');
}
$c->stash( title => $title, modul => $result, xtg_datas => \%xtg_datas );
return $c->render( 'xt_geoip_lst' ) if ( $choice ~~ [ 'LCOD', 'LF2B', 'LSSH', 'LIPT' ] );
return $c->render( 'xt_geoip'.'_'.lc($choice) ) if ( $choice ~~ [ 'UPDT', 'UPDS', 'REMS', 'LSRV' ] );
$c->redirect_to('/xt_geoip');
};
sub do_action {
my $c = shift;
$c->app->log->info($c->log_req);
my $rt = $c->current_route;
my $title = $c->render_to_string(inline =>($c->l('xtg_FORM_TITLE')));
my %xtg_datas = ();
my $choice = $c->param('Choice');
$xtg_datas{'choice'} = $choice;
my ($res, $result) = '';
if ( $choice eq 'LSRV' ) {
#$result .= 'Blocked for testing ! Avoid updates for now ';
$res = '';
if ( ! $result ) {
$res = $c->do_otherServices();
$result .= $res unless $res eq 'OK';
if ( ! $result ) {
$result = $c->l('xtg_SERVICE_SUCCESS');
}
}
}
if ( $choice eq 'UPDT' ) {
$res = $c->must_exist();
$result .= $res unless $res eq 'OK';
#$result .= 'Blocked for testing ! Avoid updates for now ';
$res = '';
if ( ! $result ) {
$res = $c->change_settings();
$result .= $res unless $res eq 'OK';
if ( ! $result ) {
$result = $c->l('xtg_SUCCESS');
}
}
}
if ( $choice eq 'REMS' ) {
#$result .= 'Blocked for testing ! Avoid updates for now ';
my $name = $c->param('Name');
$xtg_datas{name} = $name;
$res = '';
if ( ! $result ) {
$res = $c->remove_serv();
$result .= $res unless $res eq 'OK';
if ( ! $result ) {
$result = $c->l('xtg_SUCCESSFULLY_DELETED_SERVICE');
}
}
}
if ( $choice eq 'UPDS' ) {
#$result .= 'Blocked for testing ! Avoid updates for now ';
my $name = $c->param('Name');
$xtg_datas{name} = $name;
$res = '';
if ( ! $result ) {
$res = $c->modify_serv();
$result .= $res unless $res eq 'OK';
if ( ! $result ) {
$result = $c->l('xtg_SERVICE_SUCCESS');
}
}
}
# common parts
if ($res ne 'OK') {
$c->stash( error => $result );
$c->stash( title => $title, xtg_datas => \%xtg_datas );
return $c->render( 'xt_geoip'.'_'.lc($choice) );
}
my $message = "xt_geoip updates $choice DONE";
$c->app->log->info($message);
$c->flash( success => $result );
## $c->flash( error => 'No changes applied !!' );
#return to 'xt_geoip' route !!!
$c->redirect_to('/xt_geoip');
};
sub get_badcountries {
my $c = shift;
my $full = shift;
my $badc = $cdb->get_prop("masq", "BadCountries") || "";
return $badc unless $full ;
my $rev = (($cdb->get_prop("masq", "XTGeoipRev")||"disabled") eq "enabled") ? "!=" : "==";
return "$rev $badc ";
}
sub get_geoip {
return $cdb->get_prop("masq", "GeoIP") || 'disabled';
}
sub get_reverse {
my $c = shift;
my $item = shift;
my $prop = shift;
$item = ($item eq 'masq') ? $item : $c->param('Name');
return $cdb->get_prop("$item", "$prop") || "disabled";
}
sub get_stat_geoip {
my $c = shift;
if ( system ( "/bin/test -f /lib/modules/`/bin/uname -r`/weak-updates/xtables-addons/xt_geoip.ko") != 0 ) {
return $c->l('xtg_ERROR_MISSING_MODULE');
} elsif ( system ( "/sbin/lsmod | grep 'xt_geoip' > /dev/null") != 0 ) {
return $c->l('xtg_ERROR_UNLOADED_MODULE');
} elsif ( get_geoip() eq 'enabled' && system ( "/sbin/iptables -L -n | grep 'XTGeoIP' > /dev/null") != 0 ) {
return $c->l('xtg_ERROR_FILTER_CHAIN_MISSING');
} else {
return '';
}
}
sub get_stat_license_key {
my $c = shift;
if (($cdb->get_prop( 'geoip','status' ) || 'disabled') eq 'enabled' ) {
if ( ($cdb->get_prop( 'geoip','LicenseKey' ) || '') ne '' ) {
return '';
}
}
return $c->l('xtg_ERROR_LICENSE_KEY');
}
sub get_date_update {
my $file = "/usr/share/xt_geoip/LE/A1.iv4";
my $filetime = ( -e $file ) ? (stat($file))[9] : 0;
return strftime("%Y/%m/%d %H:%M", localtime( $filetime )) || '';
}
sub get_srv_name {
my ($c) = @_;
return $c->param('Name');
}
sub get_services_table {
my $c = shift;
my $choice = shift || 'sel';
my @services;
my @serv_rec;
if ( $choice ne 'all' ) {
@services = split(/,/, $cdb->get_prop("masq", "XtServices"));
for ( @services ) {
my $rec = $cdb->get( $_ );
push @serv_rec, $rec if ( $rec && $rec->prop('TCPPort') );
}
} else {
for ($cdb->get_all_by_prop(type => 'service')) {
push @serv_rec, $_ if ( $_->prop('TCPPort') );
}
}
return \@serv_rec;
}
sub get_srv_badcountries {
my ( $c, $name, $full ) = @_;
my $badc = $cdb->get_prop($name, "BadCountries")||"";
return $badc unless $full ;
my $rev = (($cdb->get_prop($name, "XTGeoipRev")||"disabled") eq "enabled") ? "!=" : "==";
return "$rev $badc ";
}
#Subroutine to list statistics
sub generateStats {
my $c = shift;
my $stats_type = shift;
my $out = '';
# Untaint $name before use in system()
$stats_type =~ /(.+)/; $stats_type = $1;
if ($stats_type ne "ipt" and $stats_type ne "ssh" and $stats_type ne "f2b") {
$out .= sprintf("<h3>%s %s </h3>", $c->l('xtg_INVALID_STATS_TYPE'), $stats_type);
return $out;
}
# my $now_string = $c->gen_locale_date_string();
my $file = "/var/lib/xt_geoip/extA_" . $stats_type . "_country.lst";
my $filetime = ( -e $file ) ? (stat($file))[9] : 0;
my $date_string = strftime("%Y/%m/%d %H:%M", localtime( $filetime )) || '';
$out .= sprintf("<h3>%s %s %s</h3>", $c->l('xtg_STATS_GENERATED'), $stats_type, $date_string);
open( Xt_GEOIPSTATS, $file );
$out .= sprintf "<pre>";
while (<Xt_GEOIPSTATS>)
{
$out .= sprintf("%s", $_);
}
close Xt_GEOIPSTATS;
$out .= sprintf "</pre>";
$out .= sprintf("<h3>%s</h3>", $c->l('xtg_END_OF_STATS'));
return $out;
}
#Subroutine to list counries codes
sub generateCodes {
my $c = shift;
my $out = '';
# my $now_string = $c->gen_locale_date_string();
my $file = "/usr/share/xt_geoip/geoip_countries_list.txt";
unless ( -e $file ) {
$out .= "<br>" . $c->l('xtg_INVALID_CODES_LIST');
return $out;
}
my $filetime = ( -e $file ) ? (stat($file))[9] : 0;
my $date_string = strftime("%Y/%m/%d %H:%M", localtime( $filetime )) || '';
$out .= sprintf("<h3>%s %s </h3>", $c->l('xtg_COUNTRY_LIST'), $date_string);
open( Xt_GEOIPCODES, $file );
$out .= sprintf "<pre>";
while (<Xt_GEOIPCODES>) {
$out .= sprintf("%s", $_);
}
close Xt_GEOIPCODES;
$out .= sprintf "</pre>";
$out .= sprintf("<h3>%s</h3>", $c->l('xtg_END_OF_CODES'));
return $out;
}
#Subroutine to list other services codes
sub otherServices {
my ($c, $choice) = @_;
my %serv_ok = map { $_ => 1} split(/,/, $cdb->get_prop("masq", "XtServices"));
# unless $choice eq 'all';
my @serv_others = ();
for ($cdb->get_all_by_prop(type => 'service')) {
next unless $_->prop('TCPPort');
# if ( $_->prop('TCPPort')) {
# push @serv_others, $_->key unless exists( $serv_ok{$_->key});
push @serv_others, $_->key unless $choice eq 'sel' and not exists( $serv_ok{$_->key});
# }
}
return \@serv_others;
}
#Subroutine to update list services codes
sub do_otherServices {
my $c = shift;
my $serv1 = ($cdb->get_prop("masq", "XtServices")) || '';
my $serv2 = join( ',', @{$c->every_param('Selectedservices')} );
$cdb->set_prop("masq", "XtServices", $serv2) if ( $serv1 ne $serv2);
return 'OK';
}
sub change_settings {
my $c = shift;
my $mq_bc = get_badcountries();
my $mq_gp = get_geoip();
my $masq = $cdb->get('masq') || "disabled";
my $mq_rv = $masq->prop('XTGeoipRev') || 'disabled';
my $mq_ot = $masq->prop('XTGeoipOther') || 'disabled';
my $n_mq_bc = $c->param("Masq_badcountries");
my $n_mq_gp = $c->param("Masq_geoip") || $mq_gp;
my $n_upd_gp = $c->param("Update_geoip") || '';
my $n_mq_rv = $c->param("Masq_reverse") || $mq_rv ;
my $n_mq_ot = $c->param("Masq_others") || $mq_ot ;
if (($n_mq_bc eq $mq_bc) && ($n_mq_gp eq $mq_gp) && ($n_upd_gp eq 'NO') && ($n_mq_rv eq $mq_rv) && ($n_mq_ot eq $mq_ot)) {
return 'OK'
}
$cdb->set_prop("masq", "BadCountries", $n_mq_bc);
$cdb->set_prop("masq", "GeoIP", $n_mq_gp);
$cdb->set_prop("masq", "XTGeoipRev", $n_mq_rv);
$cdb->set_prop("masq", "XTGeoipOther", $n_mq_ot);
my $eventloc = "xt_geoip-modify";
$eventloc = "xt_geoip-update" if $n_upd_gp eq 'YES';
unless ( system ( "/sbin/e-smith/signal-event", $eventloc ) == 0 ) {
return $c->l("xtg_ERROR_UPDATING");
}
return 'OK';
}
=head2 valid_badcountries
subroutine to validate countries.
=cut
sub must_exist {
my $c = shift;
my $listerr = "";
my @mq_bcs = split /[,:]/, $c->param("Masq_badcountries");
if (@mq_bcs) {
my $ctr = @mq_bcs;
return $c->l('xtg_ERROR_COUNTRY_MAX', $ctr) if ($ctr > 50);
foreach my $bcs (@mq_bcs) {
my $file = "/usr/share/xt_geoip/LE/" . $bcs . ".iv4";
if (! -f $file) { $listerr .= $bcs . ","; }
}
return $c->l('xtg_ERROR_COUNTRY_NOT_EXIST', $listerr) if $listerr;
}
return 'OK';
}
sub remove_serv {
my ( $c ) = @_;
my $name = $c->param('Name');
# Untaint $name before use in system()
$name =~ /(.+)/; $name = $1;
if (my $serv = $cdb->get($name)) {
my $servBC = $serv->prop('BadCountries') || '';
if ($servBC ne '') {
my $tps = $cdb->get_prop_and_delete($name, "BadCountries");
$tps = $cdb->get_prop_and_delete($name, "XTGeoipRev");
unless (system ("/sbin/e-smith/signal-event", "xt_geoip-service") == 0) {
return $c->l("xtg_ERROR_WHILE_DELETING_SERVICE").' '.$name;
}
return 'OK';
}
} else {
return $c->l('xtg_CANT_FIND_SERV');
}
}
sub modify_serv {
my ($c) = @_;
my $name = $c->param('Name');
# Untaint $name before use in system()
$name =~ /(.+)/; $name = $1;
if (my $serv = $cdb->get($name)) {
my $servBC = $serv->prop('BadCountries') || '';
my $servRev = $serv->prop('XTGeoipRev') || 'disabled';
my $n_servBC = $c->param("Masq_srv_badcountries");
my $n_servRev = $c->param("Masq_srv_reverse") || $servRev;
if ($n_servBC eq $servBC && $n_servRev eq $servRev ) {
return 'OK';
}
$cdb->set_prop($name, "BadCountries", $n_servBC);
$cdb->set_prop($name, "XTGeoipRev", $n_servRev);
unless (system ( "/sbin/e-smith/signal-event", "xt_geoip-service" ) == 0 ) {
return $c->l("xtg_ERROR_UPDATING").' '.$name;
}
return 'OK';
} else {
return $c->l('xtg_CANT_FIND_SERV');
}
}
1;

69
source/root/usr/share/smanager/lib/SrvMngr/I18N/Modules/Xt_geoip/xt_geoip_en.lex Normal file
View File

@@ -0,0 +1,69 @@
'xtg_FORM_TITLE' => 'XTABLES-ADDONS Administration<br>GeoIP',
'xtg_ERROR_UPDATING' => 'There was an error while updating xt_geoip.',
'xtg_SUCCESS' => 'Successful change... Now IP filtering takes into account the countries entered.',
'xtg_SERVICE_SUCCESS' => 'Successful change... Now IP filtering takes into account the new services list.',
'xtg_XT_GEOIP_STATUS_DESCRIPTION' => ' <ul><li>IP filtering can be enabled or disabled with the appropriate button</li>
<li>Codes of the countries to be banished can be entered in the corresponding field</li>
<li>An immediate update of the table can be requested here</li></ul>
<p><i>Be careful not to ban the IP addresses needed to run your server !</i></p> ',
'xtg_NO_CHANGE' => 'No change... no update !',
'xtg_LABEL_GEOIP_STATUS' => 'Current GEOIP filtering : ',
'xtg_LABEL_GEOIP' => 'GEOIP filtering desired : ',
'xtg_DESC_GEOIP' => 'Should filtering by country of origin be activated ?',
'xtg_ERROR_STATUS_GEOIP' => ' <font color="red">GEOIP filtering is <b>inactive</b></font> (iptables) ',
'xtg_LABEL_BADCOUNTRIES_STATUS' => 'Current list of banished country codes : ',
'xtg_ERROR_COUNTRY_NOT_EXIST' => 'Country code(s) does not exist on the server: [_1]',
'xtg_LABEL_BADCOUNTRIES' => 'New country codes to be used :',
'xtg_DESC_BADCOUNTRIES' => 'List of country codes (uppercase et comma-separated).',
'xtg_LABEL_DATE_UPDATE_STATUS' => 'Last update of GeoIP table :',
'xtg_LABEL_UPDATE' => 'Force the update of GeoIP table :',
'xtg_DESC_UPDATE' => 'GeoIP table is updated every week, but you can ...',
'xtg_IPT_LIST_DESCRIPTION' => '<ul><li>Click here to see the statistics of the prevented connections</li></ul> ',
'xtg_IPT_LIST' => 'Filtered',
'xtg_SSH_LIST_DESCRIPTION' => '<ul><li>Click here to see the statistics of SSH errors for non blocked access</li></ul> ',
'xtg_SSH_LIST' => 'SSH errors',
'xtg_F2B_LIST_DESCRIPTION' => '<ul><li>Click here to see the statistics of the connections banned by fail2ban</li></ul> ',
'xtg_F2B_LIST' => 'F2b banned',
'xtg_STATS_GENERATED' => 'Statistics generated',
'xtg_END_OF_STATS' => 'End of Statistics',
'xtg_INVALID_STATS_TYPE' => 'Invalid type of statistics',
'xtg_STATS_DESCRIPTION' => '<HR class="sme-copyrightbar"> <h3>Statistics for Xt_GeoIP</h3><ul>
<li>For 3 periods : Day, Week and Month</li>
<li>Banned Ips by country sorted by number</li>
<li>Ssh errors by country sorted by number</li>
<li>Fail2ban banned IPs by country sorted by number</li>
</ul><p><i>XX means Country not found !</i></p> ',
'xtg_COUNTRY_LIST_DESCRIPTION' => '<ul><li>Click here to see a <b>list of available country codes</b></li></ul> ',
'xtg_LABEL_COUNTRY_LIST' => 'Country codes : ',
'xtg_COUNTRY_LIST' => 'Country codes',
'xtg_CNTRY_LIST' => 'List',
'xtg_END_OF_CODES' => 'End of code list',
'xtg_SERVICE_DESCRIPTION' => 'Per service filtering for Xtables GeoIP',
'xtg_SERVICE_DESCRIPTION2' => '<ul><li>If you want different filtering based on services</li></ul>',
'xtg_LABEL_SERVICE' => 'Service name : ',
'xtg_PER_SERVICE_GEOIP' => 'Services',
'xtg_ADD_SERVICE' => 'Add or modify a per service filtering',
'xtg_ADD_DESC' => 'You are choosing a particular country filtering for this service',
'xtg_REMOVE_SERVICE' => 'Delete a per service filtering',
'xtg_REMOVE_DESC' => 'You are deleting a filtering by service. The general filtering will then apply.',
'xtg_SERV_NOT_BAN' => 'Unfiltered service.',
'xtg_NO_SERVICES' => 'No services.',
'xtg_LABEL_SERV_BADCOUNTRIES_STATUS' => 'List of rejected country codes for the service : ',
'xtg_SUCCESSFULLY_DELETED_SERVICE' => 'Per service filtering successfully deleted... New filtering taken into account.',
'xtg_BADCOUNTRIES' => 'Blacklist',
'xtg_ERROR_COUNTRY_MAX' => 'Too many countries chosen: [_1]',
'xtg_LABEL_REVERSE_MATCH' => 'Reject if',
'xtg_DESC_REVERSE_MATCH' => 'The following option allow to chose if you want reject visitors from the country list (==) which is the default behaviour, or if you want to only let them in (!=).',
'xtg_LABEL_OTHERS' => 'General filter only for services without rules',
'xtg_DESC_OTHERS' => 'Choose if you want to have the general filter to apply to all incoming connections or if you do not want to filter ports already defined with a specific service rule. This would allow you to have a service less restricted than the general rule if you enable this.',
'xtg_SERVICE_LIST_DESCRIPTION' => '<ul><li>Click here to select <b>new </b>services among an <b>available services list</b></li></ul> ',
'xtg_LABEL_SERVICE_LIST' => 'Service codes : ',
'xtg_SERV_LIST' => 'List',
'xtg_DESC_AVAILABLE_SERVICES' => ' <h2> New Services selection</h2>
<ul><li>Select here among the other services not yet managed individually.
</li><li>You may select one or more elements. Generally <b>enabled and public</b> ones.</li></ul> ',
'xtg_LABEL_AVAILABLE_SERVICES' => 'Available Services',
'xtg_ERROR_LICENSE_KEY' => 'GEOIP license key unavailable. Downloading is <b>inactive</b>',
'xtg_ERROR_MISSING_MODULE' => 'Module xt_geoip is missing. GeoIP based filtering is <b>inactive</b>',
'xtg_ERROR_UNLOADED_MODULE' => 'Module xt_geoip not loaded. GeoIP based filtering is <b>inactive</b>',
'xtg_ERROR_FILTER_CHAIN_MISSING' => 'Filtering chain XTGeoIP is not in use. GeoIP based filtering is <b>inactive</b>',

14
source/root/usr/share/smanager/themes/default/templates/partials/_xtg_lcodes.html.ep Normal file
View File

@@ -0,0 +1,14 @@
<div>
<HR class='sme-copyrightbar'>
%= form_for '/xt_geoip' => (method => 'POST') => begin
%= $c->render_to_string(inline => l('xtg_COUNTRY_LIST_DESCRIPTION'));
%= submit_button l 'xtg_CNTRY_LIST', class => 'action'
%= hidden_field 'Choice' => 'LCOD'
% end
</div>
<!-- button_to l('xtg_CNTRY_LIST') => "/xt_geoip" => (class => 'action') -->

65
source/root/usr/share/smanager/themes/default/templates/partials/_xtg_services.html.ep Normal file
View File

@@ -0,0 +1,65 @@
<div>
<HR class='sme-copyrightbar'>
%= form_for '/xt_geoip' => (method => 'POST') => begin
<h2>
%= l('xtg_SERVICE_DESCRIPTION')
</h2>
%= $c->render_to_string(inline => l('xtg_SERVICE_DESCRIPTION2'));
% my @services = @{$c->get_services_table('sel')};
% if (scalar @services == 0) {
%=l 'xtg_NO_SERVICES'
% } else {
<table class="sme-border"><tbody>
<tr><th class='sme-border'>
%=l 'NAME'
</th><th class='sme-border'>
%=l 'PORT'
</th><th class='sme-border'>
%=l 'STATUS'
</th><th class='sme-border'>
%=l 'ACCESS'
</th><th class='sme-border'>
%=l 'xtg_BADCOUNTRIES'
</th><th class='sme-border' colspan='2'>
%=l 'ACTION'
</th>
</tr>
% foreach my $sv (@services) {
% my $svBC = $sv->prop('BadCountries') || ' ';
% my $svRev = (( $sv->prop('Xt_geoipRev')|| 'disabled') eq 'disabled' )? '==': '!=';
% my $color = 'red';
% my $deco= "none";
% if ($svRev eq '!=' ) { $color = 'green'; }
% if ($sv->prop('status') eq 'disabled' || $sv->prop('access') ne 'public') { $color = 'grey'; $deco= "line-through"; }
% my $BC = "<font color='$color' style='text-decoration: $deco'>"."$svRev $svBC"."</font>";
<tr>
%= t td => (class => 'sme-border') => $sv->key
%= t td => (class => 'sme-border') => $sv->prop('TCPPort')
%= t td => (class => 'sme-border') => $sv->prop('status')
%= t td => (class => 'sme-border') => $sv->prop('access')
%= t td => (class => 'sme-border') => $c->render_to_string(inline => $BC)
% my $actionModify = "<a href='xt_geoipb?Choice=UPDS&Name=" . $sv->key . "'>" . l('MODIFY') . "</a>";
% my $actionRemove = "<a href='xt_geoipb?Choice=REMS&Name=" . $sv->key . "'>" . l('REMOVE') . "</a>";
<td class='sme-border'><%= $c->render_to_string(inline => $actionModify) %></td>
<td class='sme-border'><%= $c->render_to_string(inline => $actionRemove) %></td>
</tr>
% }
</tbody></table>
% }
%= $c->render_to_string(inline => l('xtg_SERVICE_LIST_DESCRIPTION'));
%= submit_button l 'xtg_SERV_LIST', class => 'action'
%= hidden_field 'Choice' => 'LSRV'
% end
</div>

33
source/root/usr/share/smanager/themes/default/templates/partials/_xtg_stats.html.ep Normal file
View File

@@ -0,0 +1,33 @@
<div>
<h3>
%= $c->render_to_string(inline => l('xtg_STATS_DESCRIPTION'));
</h3>
%= form_for '/xt_geoip' => (method => 'POST') => begin
%= $c->render_to_string(inline => l('xtg_IPT_LIST_DESCRIPTION'));
%= submit_button l 'xtg_IPT_LIST', class => 'action'
%= hidden_field 'Choice' => 'LIPT'
% end
%= form_for '/xt_geoip' => (method => 'POST') => begin
%= $c->render_to_string(inline => l('xtg_SSH_LIST_DESCRIPTION'));
%= submit_button l 'xtg_SSH_LIST', class => 'action'
%= hidden_field 'Choice' => 'LSSH'
% end
%= form_for '/xt_geoip' => (method => 'POST') => begin
%= $c->render_to_string(inline => l('xtg_F2B_LIST_DESCRIPTION'));
%= submit_button l 'xtg_F2B_LIST', class => 'action'
%= hidden_field 'Choice' => 'LF2B'
% end
</div>

74
source/root/usr/share/smanager/themes/default/templates/xt_geoip.html.ep Normal file
View File

@@ -0,0 +1,74 @@
% layout 'default', title => "Smanager - xt_geoip";
% content_for 'module' => begin
<div id="module" class="module xt_geoip-panel">
%if ($config->{debug} == 1) {
<p>
%= dumper $c->current_route
%= dumper $xtg_datas
</p>
%}
% if ( stash 'error' ) {
<br><div class=sme-error>
%= $c->render_to_string(inline => stash 'error')
</div>
%}
<h1><%= $title %></h1>
<br>
%= $c->render_to_string(inline => l('xtg_XT_GEOIP_STATUS_DESCRIPTION'));
<br>
%= form_for '/xt_geoip' => (method => 'POST') => begin
<p><span class=label>
%=l 'xtg_LABEL_GEOIP_STATUS'
</span><span class=input>
%= $c->get_geoip()
</span></p>
<p><span class=label>
%=l 'xtg_LABEL_BADCOUNTRIES_STATUS'
</span><span class=input>
%= $c->get_badcountries(1)
</span></p>
<p><span class=label>
%=l 'xtg_LABEL_DATE_UPDATE_STATUS'
</span><span class=input>
%= $c->get_date_update()
</span></p>
% if ( my $st_geoip = $c->get_stat_geoip() ) {
<div class=sme-error>
%= $c->render_to_string(inline => $st_geoip);
</div>
%}
% if ( my $st_lice_k = $c->get_stat_license_key() ) {
<div class=sme-error>
%= $c->render_to_string(inline => $st_lice_k);
</div>
%}
%= hidden_field 'Choice' => 'UPDT'
<div class='center'>
%= submit_button l('NEXT'), class => 'action'
</div>
%end
%= include 'partials/_xtg_lcodes'
%= include 'partials/_xtg_services'
%= include 'partials/_xtg_stats'
</div>
%end

44
source/root/usr/share/smanager/themes/default/templates/xt_geoip_lsrv.html.ep Normal file
View File

@@ -0,0 +1,44 @@
% layout 'default', title => "Smanager - xt_geoip";
% content_for 'module' => begin
<div id="module" class="module xt_geoip-panel">
%if ($config->{debug} == 1) {
<p>
%= dumper $c->current_route
%= dumper $xtg_datas
</p>
%}
% if ( stash 'error' ) {
<br><div class=sme-error>
%= $c->render_to_string(inline => stash 'error')
</div>
%}
<h1><%= $title %></h1>
<br>
%= $c->render_to_string(inline => l('xtg_DESC_AVAILABLE_SERVICES'));
<br>
%= form_for '/xt_geoipb' => (method => 'POST') => begin
<p><span class=label>
%=l 'xtg_LABEL_AVAILABLE_SERVICES'
</span><span class=data>
% param 'Selectedservices' => $c->otherServices('sel') unless param 'Selectedservices';
%= select_field 'Selectedservices' => $c->otherServices('all'), class => 'input', multiple => "1"
</span></p>
%= hidden_field 'Choice' => 'LSRV'
<div class='center'>
%= submit_button l('NEXT'), class => 'action'
</div>
%end
</div>
%end

36
source/root/usr/share/smanager/themes/default/templates/xt_geoip_lst.html.ep Normal file
View File

@@ -0,0 +1,36 @@
% layout 'default', title => "Smanager - xt_geoip - List";
% content_for 'module' => begin
<div id="module" class="module xt_geoip-panel">
%if ($config->{debug} == 1) {
<p>
%= dumper $c->current_route
%= dumper $xtg_datas
</p>
%}
% if ( stash 'error' ) {
<br><div class=sme-error>
%= $c->render_to_string(inline => stash 'error')
</div>
%}
<h1><%= $title %></h1>
%= form_for '/xt_geoip' => (method => 'GET') => begin
<br>
%= $c->render_to_string(inline => stash 'modul');
<br>
<div class='center'>
%= submit_button l('NEXT'), class => 'action'
</div>
%end
</div>
%end

53
source/root/usr/share/smanager/themes/default/templates/xt_geoip_rems.html.ep Normal file
View File

@@ -0,0 +1,53 @@
% layout 'default', title => "Smanager - xt_geoip";
% content_for 'module' => begin
<div id="module" class="module xt_geoip-panel">
%if ($config->{debug} == 1) {
<p>
%= dumper $c->current_route
%= dumper $xtg_datas
</p>
%}
% if ( stash 'error' ) {
<br><div class=sme-error>
%= $c->render_to_string(inline => stash 'error')
</div>
%}
<h1><%= $title %></h1>
<h2>
%= l 'xtg_REMOVE_SERVICE'
</h2><br>
%= $c->render_to_string(inline => l('xtg_REMOVE_DESC'));
%= form_for '/xt_geoipb' => (method => 'POST') => begin
<p><span class=label>
%=l 'xtg_LABEL_SERVICE'
</span><span class=data>
%= $xtg_datas->{name}
</span></p>
<p><span class=label>
%=l 'xtg_LABEL_SERV_BADCOUNTRIES_STATUS'
</span><span class=data>
%= $c->get_srv_badcountries( $xtg_datas->{name}, 0 )
</span></p>
<div class='center'>
%= submit_button l('REMOVE'), class => 'action'
</div>
%= hidden_field 'Choice' => 'REMS'
%= hidden_field 'Name' => $xtg_datas->{name}
%end
</div>
%end

77
source/root/usr/share/smanager/themes/default/templates/xt_geoip_upds.html.ep Normal file
View File

@@ -0,0 +1,77 @@
% layout 'default', title => "Smanager - xt_geoip";
% content_for 'module' => begin
<div id="module" class="module xt_geoip-panel">
%if ($config->{debug} == 1) {
<p>
%= dumper $c->current_route
%= dumper $xtg_datas
</p>
%}
% if ( stash 'error' ) {
<br><div class=sme-error>
%= $c->render_to_string(inline => stash 'error')
</div>
%}
<h1><%= $title %></h1>
<h2>
%= l 'xtg_ADD_SERVICE'
</h2><br>
%= $c->render_to_string(inline => l('xtg_ADD_DESC'));
%= form_for '/xt_geoipb' => (method => 'POST') => begin
<p><span class=label>
%=l 'xtg_LABEL_SERVICE'
</span><span class=data>
%= $xtg_datas->{name}
</span></p>
<p><span class=label>
%=l 'xtg_LABEL_BADCOUNTRIES_STATUS'
</span><span class=data>
%= $c->get_badcountries( 0 )
</span></p>
<p>
%=l 'xtg_DESC_REVERSE_MATCH'
<br><span class=label>
%=l 'xtg_LABEL_REVERSE_MATCH'
</span><span class=data>
% param 'Masq_srv_reverse' => $c->get_reverse('','Xt_geoipRev') unless param 'Masq_srv_reverse';
%= select_field 'Masq_srv_reverse' => [['!=' => 'enabled'], ['==' => 'disabled']], class => 'input'
</span></p>
<p>
%=l 'xtg_DESC_BADCOUNTRIES'
<br><span class=label>
%=l 'xtg_LABEL_BADCOUNTRIES'
</span><span class=data>
% param 'Masq_srv_badcountries' => $c->get_srv_badcountries($xtg_datas->{name}, 0) unless param 'Masq_srv_badcountries';
%= text_field 'Masq_srv_badcountries', size => '64', class => 'input'
</span></p>
<p><span class=label>
%=l 'xtg_LABEL_SERV_BADCOUNTRIES_STATUS'
</span><span class=data>
%= $c->get_srv_badcountries( $xtg_datas->{name}, 1 )
</span></p>
<div class='center'>
%= submit_button l('SAVE'), class => 'action'
</div>
%= hidden_field 'Choice' => 'UPDS'
%= hidden_field 'Name' => $xtg_datas->{name}
%end
</div>
%end

83
source/root/usr/share/smanager/themes/default/templates/xt_geoip_updt.html.ep Normal file
View File

@@ -0,0 +1,83 @@
% layout 'default', title => "Smanager - xt_geoip";
% content_for 'module' => begin
<div id="module" class="module xt_geoip-panel">
%if ($config->{debug} == 1) {
<p>
%= dumper $c->current_route
%= dumper $xtg_datas
</p>
%}
% if ( stash 'error' ) {
<br><div class=sme-error>
%= $c->render_to_string(inline => stash 'error')
</div>
%}
<h1><%= $title %></h1>
%= form_for '/xt_geoipb' => (method => 'POST') => begin
<p>
%=l 'xtg_DESC_GEOIP'
<br><span class=label>
%=l 'xtg_LABEL_GEOIP'
</span><span class=data>
% param 'Masq_geoip' => $c->get_geoip() unless param 'Masq_geoip';
%= select_field 'Masq_geoip' => [[ (l 'YES') => 'enabled'], [ (l 'NO') => 'disabled']], class => 'input'
</span></p>
<p>
%=l 'xtg_DESC_REVERSE_MATCH'
<br><span class=label>
%=l 'xtg_LABEL_REVERSE_MATCH'
</span><span class=data>
% param 'Masq_reverse' => $c->get_reverse('masq','Xt_geoipRev') unless param 'Masq_reverse';
%= select_field 'Masq_reverse' => [[ '!=' => 'enabled'], [ '==' => 'disabled']], class => 'input'
</span></p>
<p>
%=l 'xtg_DESC_BADCOUNTRIES'
<br><span class=label>
%=l 'xtg_LABEL_BADCOUNTRIES'
</span><span class=data>
% param 'Masq_badcountries' => $c->get_badcountries() unless param 'Masq_badcountries';
%= text_field 'Masq_badcountries', class => 'input'
</span></p>
<p><span class=label>
%=l 'xtg_LABEL_BADCOUNTRIES_STATUS'
</span><span class=input>
%= $c->get_badcountries();
</span></p>
<p>
%=l 'xtg_DESC_OTHERS'
<br><span class=label>
%=l 'xtg_LABEL_OTHERS'
</span><span class=data>
% param 'Masq_others' => $c->get_reverse('masq','Xt_geoipOther') unless param 'Masq_others';
%= select_field 'Masq_others' => [[(l 'DISABLED') => 'disabled'], [(l 'ENABLED') => 'enabled']], class => 'input'
</span></p>
<p>
%=l 'xtg_DESC_UPDATE'
<br><span class=label>
%=l 'xtg_LABEL_UPDATE'
</span><span class=data>
%= select_field 'Update_geoip' => [[ (l 'NO') => 'NO'], [ (l 'YES') => 'YES']], class => 'input'
</span></p>
%= hidden_field 'Choice' => 'UPDT'
<div class='center'>
%= submit_button l('SAVE'), class => 'action'
</div>
%end
</div>
%end

280
source/root/usr/share/xt_geoip/geoip_countries_list.txt Normal file
View File

@@ -0,0 +1,280 @@
Abbreviated Country Code List
A1 Anonymous Proxy
A2 Satellite Provider
AC Ascension Island
AD Andorra
AE United Arab Emirates
AERO members of the air-transport industry
AF Afghanistan
AG Antigua and Barbuda
AI Anguilla
AL Albania
AM Armenia
AN Netherlands Antilles (being phased out)
AO Angola
AQ Antarctica
AP Asia/Pacific
AR Argentina
AS American Samoa
ASIA Restricted to the Pan-Asia and Asia Pacific community
AT Austria
AU Australia
AW Aruba
AX Aland Islands
AZ Azerbaijan
BA Bosnia and Herzegovina
BB Barbados
BD Bangladesh
BE Belgium
BF Burkina Faso
BG Bulgaria
BH Bahrain
BI Burundi
BIZ Restricted for Business
BJ Benin
BL Saint Barthelemy
BM Bermuda
BN Brunei Darussalam
BO Bolivia
BQ Bonaire, Sint Eustatius and Saba
BR Brazil
BS Bahamas
BT Bhutan
BV Bouvet Island
BW Botswana
BY Belarus
BZ Belize
CA Canada
CC Cocos (Keeling) Islands
CD Congo, The Democratic Republic of the
CF Central African Republic
CG Congo
CH Switzerland
CI Cote d'Ivoire
CK Cook Islands
CL Chile
CM Cameroon
CN China
CO Colombia
COM Generic top-level domain
COOP cooperative associations
CR Costa Rica
CU Cuba
CV Cape Verde
CW Curaçao
CX Christmas Island
CY Cyprus
CZ Czech Republic
DE Germany
DJ Djibouti
DK Denmark
DM Dominica
DO Dominican Republic
DZ Algeria
EC Ecuador
EDU Educational Institutions
EE Estonia
EG Egypt
EH Western Sahara
ER Eritrea
ES Spain
ET Ethiopia
EU European Union
FI Finland
FJ Fiji
FK Falkland Islands (Malvinas)
FM Micronesia, Federated States of
FO Faroe Islands
FR France
GA Gabon
GB United Kingdom
GD Grenada
GE Georgia
GF French Guiana
GG Guernsey
GH Ghana
GI Gibraltar
GL Greenland
GM Gambia
GN Guinea
GOV United States Government
GP Guadeloupe
GQ Equatorial Guinea
GR Greece
GS South Georgia and the South Sandwich Islands
GT Guatemala
GU Guam
GW Guinea-Bissau
GY Guyana
HK Hong Kong
HM Heard Island and McDonald Islands
HN Honduras
HR Croatia
HT Haiti
HU Hungary
ID Indonesia
IE Ireland
IL Israel
IM Isle of Man
IN India
INFO Generic top-level domain
IO British Indian Ocean Territory
IQ Iraq
IR Iran, Islamic Republic of
IS Iceland
IT Italy
JE Jersey
JM Jamaica
JO Jordan
JOBS Reserved to serve needs of the international human resource management community
JP Japan
KE Kenya
KG Kyrgyzstan
KH Cambodia
KI Kiribati
KM Comoros
KN Saint Kitts and Nevis
KP Korea, Democratic People's Republic of
KR Korea, Republic of
KW Kuwait
KY Cayman Islands
KZ Kazakhstan
LA Lao People's Democratic Republic
LB Lebanon
LC Saint Lucia
LI Liechtenstein
LK Sri Lanka
LR Liberia
LS Lesotho
LT Lithuania
LU Luxembourg
LV Latvia
LY Libyan Arab Jamahiriya
MA Morocco
MC Monaco
MD Moldova, Republic of
ME Montenegro
MF Saint Martin (French part)
MG Madagascar
MH Marshall Islands
MIL United States Military
MK Macedonia, The Former Yugoslav Republic of
ML Mali
MM Myanmar
MN Mongolia
MO Macao
MOBI consumers and providers of mobile products and services
MP Northern Mariana Islands
MQ Martinique
MR Mauritania
MS Montserrat
MT Malta
MU Mauritius
MUSEUM museums
MV Maldives
MW Malawi
MX Mexico
MY Malaysia
MZ Mozambique
NA Namibia
NAME individuals
NC New Caledonia
NE Niger
NET Generic top-level domain
NF Norfolk Island
NG Nigeria
NI Nicaragua
NL Netherlands
NO Norway
NP Nepal
NR Nauru
NU Niue
NZ New Zealand
OM Oman
ORG Generic top-level domain
PA Panama
PE Peru
PF French Polynesia
PG Papua New Guinea
PH Philippines
PK Pakistan
PL Poland
PM Saint Pierre and Miquelon
PN Pitcairn
PR Puerto Rico
PRO Restricted to credentialed professionals and related entities
PS Palestinian Territory, Occupied
PT Portugal
PW Palau
PY Paraguay
QA Qatar
RE Reunion
RO Romania
RS Serbia
RU Russian Federation
RW Rwanda
SA Saudi Arabia
SB Solomon Islands
SC Seychelles
SD Sudan
SE Sweden
SG Singapore
SH Saint Helena
SI Slovenia
SJ Svalbard and Jan Mayen
SK Slovakia
SL Sierra Leone
SM San Marino
SN Senegal
SO Somalia
SR Suriname
SS South Sudan
ST Sao Tome and Principe
SU Soviet Union (being phased out)
SV El Salvador
SX Saint Maarten (Dutch part)
SY Syrian Arab Republic
SZ Swaziland
TC Turks and Caicos Islands
TD Chad
TEL businesses and individuals to publish their contact data
TF French Southern Territories
TG Togo
TH Thailand
TJ Tajikistan
TK Tokelau
TL Timor-Leste
TM Turkmenistan
TN Tunisia
TO Tonga
TP Portuguese Timor (being phased out)
TR Turkey
TRAVEL entities whose primary area of activity is in the travel industry
TT Trinidad and Tobago
TV Tuvalu
TW Taiwan, Province of China
TZ Tanzania, United Republic of
UA Ukraine
UG Uganda
UK United Kingdom
UM United States Minor Outlying Islands
US United States
UY Uruguay
UZ Uzbekistan
VA Holy See (Vatican City State)
VC Saint Vincent and the Grenadines
VE Venezuela, Bolivarian Republic of
VG Virgin Islands, British
VI Virgin Islands, US
VN Viet Nam
VU Vanuatu
WF Wallis and Futuna
WS Samoa
XXX the adult entertainment community
YE Yemen
YT Mayotte
ZA South Africa
ZM Zambia
ZW Zimbabwe

104
source/root/usr/share/xt_geoip/geoip_exstat Normal file
View File

@@ -0,0 +1,104 @@
#!/bin/sh
# Read one of the files updated by geoip_stats depending on $1 (PREF)
# Read all of the daily scores by country on a period of D(ay) -default-, W(eek) or M(onth)
# depending on $2
EXECDIR="/usr/share/xt_geoip"
STATDIR="/var/lib/xt_geoip"
case $1 in
"ssh")
PREF="ssh"
TITLE=" Numbers of SSH bad attempts by country"
;;
"ipt")
PREF="ipt"
TITLE=" Numbers of IPs banned (xt_geoip) by country"
;;
"f2b")
PREF="f2b"
TITLE=" Numbers of IPs banned (fail2ban) by country"
;;
*)
echo "usage : $0 'ssh|ipt|f2b' [D|W|M]"
exit 1
;;
esac
# permanent files
BASE2FILE="$STATDIR/Base_${PREF}_country.lst"
# results files
RESFILE="$STATDIR/ext${2}_${PREF}_country.lst"
# tempo
TMPFILE=$(mktemp $STATDIR/xt_${PREF}.XXXXXXX)
# Day -1 -7 -31
DATE1=$(date --date '1 day ago' '+%Y-%m-%d')
DATE2=$DATE1
PRD="DAY"
if [ "X$2" == "XW" ]
then
DATE2=$(date --date '8 day ago' '+%Y-%m-%d')
PRD="WEEK"
else
if [ "X$2" == "XM" ]
then
DATE2=$(date --date '31 day ago' '+%Y-%m-%d')
PRD="MONTH"
fi
fi
#echo "d1: $DATE1 d2: $DATE2"
Date1=$(date -d $DATE1 +%s)
Date2=$(date -d $DATE2 +%s)
#echo "d1: $Date1 d2: $Date2"
cd $EXECDIR
# yesterday already in base ?
if [ ! -f $BASE2FILE ]
then
echo "$0 : File $BASE2FILE does not exist."
exit 1
fi
TOT=0
while read -r line
do
DATELIG=$(date -d $(echo "$line" | cut -s -d';' -f1) +%s)
if [ $DATELIG -le $Date1 -a $DATELIG -ge $Date2 ]
then
echo "$line" >> $TMPFILE
TOT=$(expr $TOT + $(echo "$line" | cut -s -d';' -f3))
fi
done < $BASE2FILE
#echo "tot: $TOT"
# number of incidents by country code, sorted reverse by number
awk -F ";" -v v1=$TOT -v OFS=";" \
'{t[$2]=$2; t1[$2]+=$3} END {for(n in t) printf("%s | %d | %0.1f%\n", t[n], t1[n], (t1[n]*100)/v1)}' $TMPFILE | sort -t "|" -k 3 -r -n > $RESFILE
rm -f $TMPFILE
# for mail
if [ -s $RESFILE ]
then
echo ""
echo " Smeserver daily statistics for Xtables - GEOIP"
echo " from $(hostname) - $DATE1"
echo ""
echo " $TITLE during LAST $PRD"
echo " ( XX means 'country not found' )"
echo ""
echo "--------------------"
cat $RESFILE
echo "--------------------"
echo " | $TOT | 100%"
echo "--------------------"
echo ""
fi

14
source/root/usr/share/xt_geoip/geoip_listat Normal file
View File

@@ -0,0 +1,14 @@
#!/bin/sh
EXECDIR="/usr/share/xt_geoip"
STATDIR="/var/lib/xt_geoip"
for pref in $(echo 'ipt ssh f2b')
do
echo "" > ${STATDIR}/extA_${pref}_country.lst
for period in $(echo 'D W M')
do
${EXECDIR}/geoip_exstat $pref $period >> $STATDIR/extA_${pref}_country.lst
done
cat $STATDIR/extA_${pref}_country.lst
done

11
source/root/usr/share/xt_geoip/geoip_look Normal file
View File

@@ -0,0 +1,11 @@
#! /bin/bash
for par in "$@"
do
CN=$(/usr/bin/mmdblookup --file /usr/share/GeoIP/GeoLite2-Country.mmdb --ip $par country iso_code 2>/dev/null | cut -d\" -f2| tr -d '\n')
if [ -z $CN ]; then echo 'XX'; else echo $CN; fi
done

135
source/root/usr/share/xt_geoip/geoip_stats Normal file
View File

@@ -0,0 +1,135 @@
#!/bin/sh
# Read the log files depending on $1 (PREF)
# Read all of the IPs concerned, search countries and count them.
# exec crontab 2h AM for previous day
EXECDIR="/usr/share/xt_geoip"
STATDIR="/var/lib/xt_geoip"
case $1 in
"ssh")
PREF="ssh"
LOGDIR="/var/log/sshd"
CMD1='cat'
CMD2=' | grep -i '
CMD3=' | grep -E "(Failed password|Invalid user \w+ from)" | sed -e "s/^.*from //" -e "s/ port.*$//" >> $RESFILE'
;;
"ipt")
PREF="ipt"
LOGDIR="/var/log/iptables"
CMD1='zcat -f '
CMD2=' | grep -i '
CMD3=' | grep "GeoIP BAN" | sed -e "s/^.*SRC=//" -e "s/ DST=.*$//" >> $RESFILE'
;;
"f2b")
if [[ -x /bin/fail2ban-client && -f /var/log/fail2ban/daemon.log ]]
then
PREF="f2b"
LOGDIR="/var/log/fail2ban"
CMD1='zcat -f '
CMD2=' | grep -i '
CMD3=' | grep -E "] Ban " | sed -e "s/^.* Ban //" >> $RESFILE'
# CMD3=' | grep -E ": NOTICE [.*] Ban" | sed -e "s/^.* Ban //" >> $RESFILE'
else
echo "No fail2ban enabled here"
exit 1
fi
;;
*)
echo "usage : $0 [ssh|ipt|f2b|....]"
exit 1
;;
esac
# files of the day
RESFILE="$STATDIR/${PREF}_ip.lst"
RES2FILE="$STATDIR/${PREF}_country.lst"
# permanent files
BASEFILE="$STATDIR/Base_${PREF}_ip.lst"
BASE2FILE="$STATDIR/Base_${PREF}_country.lst"
ARCHFILE="$STATDIR/ArchBase_${PREF}_ip.lst"
ARCH2FILE="$STATDIR/ArchBase_${PREF}_country.lst"
# tempo
TMPFILE=$(mktemp $STATDIR/xt_${PREF}.XXXXXXX)
# Day - 1
MONTH=$(date --date '1 day ago' +%B)
LOGDAY="$(LC_ALL=C date --date '1 day ago' '+%h %e')"
DATE=$(date --date '1 day ago' '+%Y-%m-%d')
ARCHDATE=$(date --date '90 day ago' '+%Y-%m-%d')
[[ $PREF = 'f2b' ]] && LOGDAY=$DATE
cd $EXECDIR
# yesterday already in base ?
if [ -f $BASEFILE ]
then
if (fgrep $DATE $BASEFILE > /dev/null 2>&1)
then
echo "$0 : $PREF already run for that date. Please verify this !"
exit 1
fi
fi
cp /dev/null $RESFILE
# All logfiles update for 2 days, not empty
for file in $(find $LOGDIR/* -type f -mtime -2 -size +50c)
do
# echo "$(echo $CMD1 $file $CMD2 \'^"$LOGDAY"\' $CMD3)"
eval "$(echo $CMD1 $file $CMD2 \'^"$LOGDAY"\' $CMD3)"
done
# number of incidents by IP, sorted by IP
awk -F ";" -v OFS=";" \
'{t[$1]=$1; t1[$1]+=1} END {for(n in t) print t[n], t1[n]}' $RESFILE | sort -t ";" -n -k 1 > $TMPFILE
# +date, +country code
awk -F ";" -v v1=$DATE -v OFS=";" \
'{ printf "%s",v1 ";" $0 ";"; system("./geoip_look " $1) }' $TMPFILE > $RESFILE
# number of incidents by country code, sorted reverse by number
awk -F ";" -v v1=$DATE -v OFS=";" \
'{t[$4]=$4; t1[$4]+=$3} END {for(n in t) print v1, t[n], t1[n]}' $RESFILE | sort -t ";" -k 3 -r -n > $RES2FILE
rm -f $TMPFILE
# concatenate into bases
cat $RESFILE >> $BASEFILE
cat $RES2FILE >> $BASE2FILE
touch ${TMPFILE}_last3m
touch ${TMPFILE}_older
# split IP bases file between 'last 3 months' and 'archives'
awk -F ';' "\$1 > \"$ARCHDATE\" {print > (\"${TMPFILE}_last3m\"); next} {print > (\"${TMPFILE}_older\")}" $BASEFILE
if [ -f ${TMPFILE}_older ]
then
cat ${TMPFILE}_older >> $ARCHFILE
cp ${TMPFILE}_last3m $BASEFILE
fi
cp /dev/null ${TMPFILE}_last3m
cp /dev/null ${TMPFILE}_older
# split COUNTRY bases file between 'last 3 months' and archives
awk -F ';' "\$1 > \"$ARCHDATE\" {print > (\"${TMPFILE}_last3m\"); next} {print > (\"${TMPFILE}_older\")}" $BASE2FILE
if [ -f ${TMPFILE}_older ]
then
cat ${TMPFILE}_older >> $ARCH2FILE
cp ${TMPFILE}_last3m $BASE2FILE
fi
rm -f ${TMPFILE}_last3m ${TMPFILE}_older
# for mail
if [ -s $RES2FILE ]
then
echo "parse $LOGDIR for $PREF events"
cat $RES2FILE
fi
# delete files of today
#rm -f $RESFILE $RES2FILE

5
source/root/usr/share/xt_geoip/update_base Normal file
View File

@@ -0,0 +1,5 @@
cd /usr/share/xt_geoip
if ( ./xt_geoip_dl )
then
/usr/libexec/xtables-addons/xt_geoip_build GeoIPCountryWhois.csv
fi

30
source/root/usr/share/xt_geoip/xt_geoip_dl Normal file
View File

@@ -0,0 +1,30 @@
#!/bin/sh
# Original script from xtables-addons
# SME specific use of ConfigDB
# replace /usr/libexec/xtables-addons/xt_geoip_dl in /usr/share/xt_geoip/update_base
status=$(/sbin/e-smith/config getprop geoip status)
if [[ "$status" != "enabled" ]]
then
echo "Geoip is not enabled. No download."
exit 1
fi
LicenseKey=$(/sbin/e-smith/config getprop geoip LicenseKey)
if [ -z $LicenseKey ]
then
echo "No License Key available. Downloading cannot be performed"
exit 1
fi
rm -rf GeoLite2-Country-CSV_*
if ( ! wget -O GeoLite2-Country-CSV.zip -q "https://download.maxmind.com/app/geoip_download?edition_id=GeoLite2-Country-CSV&license_key=${LicenseKey}&suffix=zip" )
then
echo "Error while downloading"
exit 2
fi
unzip -q GeoLite2-Country-CSV.zip
rm -f GeoLite2-Country-CSV.zip