<?
///////////////////////////////////////////////////////////////////////////////////////
// Pothos - IPTables Firewall Tool
// Copyright (c) 2004, Ken Stanley
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without modification,
// are permitted provided that the following conditions are met:
//
// - Redistributions of source code must retain the above copyright notice, this list
// of conditions and the following disclaimer.
// - Redistributions in binary form must reproduce the above copyright notice, this
// list of conditions and the following disclaimer in the documentation and/or other
// materials provided with the distribution.
// - Neither the name of the Author nor the names of its contributors may be
// used to endorse or promote products derived from this software without specific
// prior written permission.
//
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
// OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
// SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
// INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
// TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
// BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
// CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
// ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
// DAMAGE.
//
// Contact author : hide@address.com
///////////////////////////////////////////////////////////////////////////////////////
//error_reporting(0);
require_once('includes/config.inc');
require_once('includes/functions.inc');
include('includes/header.inc');
if ($preferences['mysql']['persist'] == "true") {
$chandle = mysql_pconnect(
$preferences['mysql']['host'],
$preferences['mysql']['user'],
$preferences['mysql']['pass']);
}
else {
$chandle = mysql_connect(
$preferences['mysql']['host'],
$preferences['mysql']['user'],
$preferences['mysql']['pass']);
}
if (!$chandle) {
dberr($preferences['path']);
}
else {
$mysql_query = "SELECT * FROM ulog WHERE id='" . $_GET['val'] . "'";
$qhandle = mysql_db_query($preferences['mysql']['dbase'], $mysql_query, $chandle);
if (!$qhandle) {
dberr($preferences['path']);
}
else {
foreach (($row = mysql_fetch_array($qhandle, MYSQL_ASSOC)) as $key => $value) {
switch ($key) {
case "id":
$id = $value;
break;
case "raw_mac":
$mac = $value;
break;
case "oob_time_sec":
$date = date("Y-m-d H:i:s", $value);
break;
case "oob_prefix":
$chain = $value;
break;
case "oob_in":
$iface_in = $value;
break;
case "oob_out":
$iface_out = $value;
break;
case "ip_saddr":
$shost = gethostbyaddr(long2ip($value));
$saddr = long2ip($value);
break;
case "ip_daddr":
$dhost = gethostbyaddr(long2ip($value));
$daddr = long2ip($value);
break;
case "ip_protocol":
$protocol = getprotobynumber($value);
break;
case "tcp_sport":
if ($value <> NULL)
$sport = getport($protocol, $value);
break;
case "tcp_dport":
if ($value <> NULL)
$dport = getport($protocol, $value);
break;
case "udp_sport":
if ($value <> NULL)
$sport = getport($protocol, $value);
break;
case "udp_dport":
if ($value <> NULL)
$dport = getport($protocol, $value);
break;
}
}
$qhandle = mysql_db_query(
$preferences['mysql']['dbase'],
"SELECT DISTINCT tcp_dport,udp_dport,count(*) FROM ulog" .
" WHERE ip_saddr='" . sprintf("%u",ip2long($saddr)) . "' GROUP BY tcp_dport,udp_dport",
$chandle);
if (!$qhandle) {
dberr($preferences['path']);
}
else {
while ($row = mysql_fetch_array($qhandle, MYSQL_ASSOC)) {
$ports['tcp'][] = $row['tcp_dport'];
$ports['udp'][] = $row['udp_dport'];
$ports['count'] = $row['count(*)'];
}
$header = "Full record for $shost (ID: $id)";
$table = "<table border=0 cellpadding=0 cellspacing=0 width=100%>\n";
$table .= " <tr class=\"fullrecord_row\">\n";
$table .= " <td valign=\"top\" align=\"right\" class=\"fullrecord_cell\" width=80>";
$table .= "<b>Date:</b></td>\n";
$table .= " <td valign=\"top\" class=\"fullrecord_cell\" width=275>$date</td>\n";
$table .= " <td valign=\"top\" class=\"fullrecord_cell\" colspan=7> </td>\n";
$table .= " </tr>\n";
$table .= " <tr class=\"fullrecord_row\">\n";
$table .= " <td valign=\"top\" align=\"right\" class=\"fullrecord_cell\" width=80>";
$table .= "<b>Mac Address:</b></td>\n";
$table .= " <td valign=\"top\" class=\"fullrecord_cell\" width=275>$mac</td>\n";
$table .= " <td valign=\"top\" align=\"right\" class=\"fullrecord_cell\" width=50>";
$table .= "<b>Protocol:</b></td>\n";
$table .= " <td valign=\"top\" class=\"fullrecord_cell\" width=25>$protocol</td>\n";
$table .= " <td valign=\"top\" align=\"right\" class=\"fullrecord_cell\" width=75>";
$table .= "<b>Source Port:</b></td>\n";
$table .= " <td valign=\"top\" class=\"fullrecord_cell\" width=25>$sport</td>\n";
$table .= " <td valign=\"top\" align=\"right\" class=\"fullrecord_cell\" width=100>";
$table .= "<b>Destination Port:</b></td>\n";
$table .= " <td valign=\"top\" class=\"fullrecord_cell\">$dport</td>\n";
$table .= " </tr>\n";
$table .= " <tr class=\"fullrecord_row\">\n";
$table .= " <td valign=\"top\" align=\"right\" class=\"fullrecord_cell\" width=80>";
$table .= "<b>Source Host:</b></td>\n";
$table .= " <td valign=\"top\" class=\"fullrecord_cell\" width=275>$shost</td>\n";
$table .= " <td valign=\"top\" align=\"right\" class=\"fullrecord_cell\" colspan=2 width=110>";
$table .= "<b>Destination Host:</b></td>\n";
$table .= " <td valign=\"top\" class=\"fullrecord_cell\" colspan=4>$dhost</td>\n";
$table .= " </tr>\n";
$table .= " <tr class=\"fullrecord_row\">\n";
$table .= " <td valign=\"top\" align=\"right\" class=\"fullrecord_cell\" width=80>";
$table .= "<b>Source IP:</b></td>\n";
$table .= " <td valign=\"top\" class=\"fullrecord_cell\" width=275>$saddr</td>\n";
$table .= " <td valign=\"top\" align=\"right\" class=\"fullrecord_cell\" colspan=2>";
$table .= "<b>Destination IP:</b></td>\n";
$table .= " <td valign=\"top\" class=\"fullrecord_cell\" colspan=4>$daddr</td>\n";
$table .= " </tr>\n";
$table .= " <tr class=\"fullrecord_row\">\n";
$table .= " <td valign=\"top\" align=\"right\" class=\"fullrecord_cell\">\n";
$table .= " <b>TCP Ports:</b></td>\n";
$table .= " <td valign=\"top\" class=\"fullrecord_cell\">";
for ($i = 0; $i < count($ports['tcp']);$i++) {
$table .= $ports['tcp'][$i] . " ";
}
$table .= " </td>\n";
$table .= " <td align=\"right\" valign=\"top\" class=\"fullrecord_cell\" colspan=2>\n";
$table .= " <b>UDP Ports:</b></td>\n";
$table .= " <td valign=\"top\" class=\"fullrecord_cell\" colspan=4>";
for ($i = 0; $i < count($ports['udp']);$i++) {
$table .= $ports['udp'][$i] . " ";
}
$table .= " </td>\n";
$table .= " </tr>\n";
$table .= " <tr class=\"fullrecord_row\">\n";
$table .= " <td align=\"right\" valign=\"top\" class=\"fullrecord_cell\">\n";
$table .= "<b>Total Hits:</b></td>\n";
$table .= " <td valign=\"top\" class=\"fullrecord_cell\" colspan=8>\n";
$table .= $ports['count'] . "</td>\n";
$table .= " </tr>\n";
$table .= " <tr class=\"fullrecord_row\">\n";
$table .= " <td valign=\"top\" class=\"fullrecord_cell\" colspan=8>\n";
$table .= " <h3><u>Whois record for <i>$saddr</i>:</u></h3>\n";
$table .= " <pre>\n";
exec(escapeshellcmd("whois -H $saddr"),$whois);
foreach ($whois as $output) {
// Don't print commented lines
//if (substr($output, 0, 1) <> "#")
$table .= "$output\n";
}
$table .= " </pre>\n";
$table .= " </td>\n";
$table .= " </tr>\n";
$table .= "</table>\n";
create_table("100%",$preferences['path'],$header,$table);
}
}
// Since using mysql_close with a persistent connection doesn't do anything,
// we just go ahead and call mysql_close regardless of the type of connection
// we created (it saves a line or two of code).
mysql_close($chandle);
}
include('includes/footer.inc');
?>