Add IPTables to monitoring data and monitoring interface

Author: latham

interface/web/monitor/lib/lang/en.lng

@@ -139,6 +139,7 @@ $wb['monitor_title_mailq_txt'] = 'Mail Queue';
 $wb['monitor_title_raidstate_txt'] = 'RAID Status';
 $wb['monitor_title_rkhunterlog_txt'] = 'RKHunter Log';
 $wb['monitor_title_fail2ban_txt'] = 'Fail2Ban Log';
+$wb['monitor_title_iptables_txt'] = 'IPTables Rules';
 $wb['monitor_title_beancounter_txt'] = 'OpenVz VE BeanCounter';
 $wb['monitor_updates_nosupport_txt'] = 'Your distribution is not supported for this monitoring';
 $wb['monitor_beancounter_nosupport_txt'] = 'This server is not a OpenVz VE and has no beancounter information';

interface/web/monitor/lib/module.conf.php

@@ -180,6 +180,11 @@
                   'link'	=> 'monitor/show_data.php?type=fail2ban',
                   'html_id' => 'fai2ban');
 
+$items[] = array( 'title' 	=> "Show IPTables",
+                  'target' 	=> 'content',
+                  'link'	=> 'monitor/show_data.php?type=iptables',
+                  'html_id' => 'iptables');
+
 $module["nav"][] = array(	'title'	=> 'Logfiles',
                             'open' 	=> 1,
                             'items'	=> $items);

interface/web/monitor/show_data.php

@@ -124,6 +124,13 @@
         $title = $app->lng("monitor_title_fail2ban_txt") . ' (' . $monTransSrv . ' : ' . $_SESSION['monitor']['server_name'] . ')';
         $description = '';
         break;
+    case 'iptables':
+        $template = 'templates/show_data.htm';
+        $output .= showIPTables();
+        $time = getDataTime('iptables_rules');
+        $title = $app->lng("monitor_title_iptables_txt") . ' (' . $monTransSrv . ' : ' . $_SESSION['monitor']['server_name'] . ')';
+        $description = '';
+        break;
     default:
         $template = '';
         break;

interface/web/monitor/tools.inc.php

@@ -450,6 +450,28 @@ function showFail2ban() {
 	return $html;
 }
 
+function showIPTables() {
+    global $app;
+    $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'iptables_rules' and server_id = " . $_SESSION['monitor']['server_id'] . " order by created desc");
+    if(isset($record['data'])) {
+        $html =
+                '<div class="systemmonitor-state state-'.$record['state'].'">
+            <div class="systemmonitor-content icons32 ico-'.$record['state'].'">';
+        $data = unserialize($record['data']);
+        if ($data == '') {
+            $html .= '<p>Problem, there are no rules listed for the server</p>';
+        }
+        else {
+			$html = nl2br($data['output']);
+        }
+        $html .= '</div></div>';
+    } else {
+        $html = '<p>There is no data available at the moment.</p>';
+    }
+    return $html;
+}
+
+
 function showMailq() {
 	global $app;
 

server/lib/classes/monitor_tools.inc.php

@@ -1127,6 +1127,40 @@ public function monitorFail2ban() {
 		return $res;
 	}
 
+	public function monitorIPTables() {
+        global $conf;
+
+        /* the id of the server as int */
+        $server_id = intval($conf['server_id']);
+
+        /** The type of the data */
+        $type = 'iptables_rules';
+
+        /* This monitoring is only available if fail2ban is installed */
+        system('which iptables', $retval); // Debian, Ubuntu, Fedora
+        if ($retval === 0) {
+            /*  Get the data of the log */
+            $data['output'] = shell_exec('iptables -S');
+
+            /*
+             * At this moment, there is no state (maybe later)
+             */
+            $state = 'no_state';
+        } else {
+            $state = 'no_state';
+            $data = '';
+        }
+
+        /*
+         * Return the Result
+         */
+        $res['server_id'] = $server_id;
+        $res['type'] = $type;
+        $res['data'] = $data;
+        $res['state'] = $state;
+        return $res;
+    }
+
 	public function monitorSysLog() {
 		global $app;
 		global $conf;

server/mods-available/monitor_core_module.inc.php

@@ -112,6 +112,7 @@ private function _doMonitor() {
 		$this->_monitorRaid();
 		$this->_monitorRkHunter();
 		$this->_monitorFail2ban();
+		$this->_monitorIPTables();
 		$this->_monitorSysLog();
 	}
 
@@ -509,12 +510,38 @@ private function _monitorRkHunter() {
 	}
 
 	private function _monitorFail2ban() {
+        global $app;
+
+        /*
+         * First we get the Monitoring-data from the tools
+         */
+        $res = $this->_tools->monitorFail2ban();
+
+        /*
+         * Insert the data into the database
+         */
+        $sql = 'INSERT INTO monitor_data (server_id, type, created, data, state) ' .
+                'VALUES (' .
+                $res['server_id'] . ', ' .
+                "'" . $app->dbmaster->quote($res['type']) . "', " .
+                'UNIX_TIMESTAMP(), ' .
+                "'" . $app->dbmaster->quote(serialize($res['data'])) . "', " .
+                "'" . $res['state'] . "'" .
+                ')';
+        $app->dbmaster->query($sql);
+
+        /* The new data is written, now we can delete the old one */
+        $this->_delOldRecords($res['type'], $res['server_id']);
+    }
+
+
+	private function _monitorIPTables() {
 		global $app;
 
 		/*
 		 * First we get the Monitoring-data from the tools
 		 */
-		$res = $this->_tools->monitorFail2ban();
+		$res = $this->_tools->monitorIPTables();
 
 		/*
 		 * Insert the data into the database