FS#3640 - Add Intrusion Detection System

Author: Till Brehm

install/dist/lib/fedora.lib.php

@@ -1010,6 +1010,12 @@ public function install_ispconfig()
 		caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
 		$command = 'chown root:ispconfig '.$install_dir.'/security';
 		caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
+		$command = 'chown root:ispconfig '.$install_dir.'/security/ids.whitelist';
+		caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
+		$command = 'chown root:ispconfig '.$install_dir.'/security/ids.htmlfield';
+		caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
+		$command = 'chown root:ispconfig '.$install_dir.'/security/apache_directives.blacklist';
+		caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
 
 		//* Make the global language file directory group writable
 		exec("chmod -R 770 $install_dir/interface/lib/lang");

install/dist/lib/gentoo.lib.php

@@ -903,6 +903,12 @@ public function install_ispconfig()
 		caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
 		$command = 'chown root:ispconfig '.$install_dir.'/security';
 		caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
+		$command = 'chown root:ispconfig '.$install_dir.'/security/ids.whitelist';
+		caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
+		$command = 'chown root:ispconfig '.$install_dir.'/security/ids.htmlfield';
+		caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
+		$command = 'chown root:ispconfig '.$install_dir.'/security/apache_directives.blacklist';
+		caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
 
 		//* Make the global language file directory group writable
 		exec("chmod -R 770 $install_dir/interface/lib/lang");

install/dist/lib/opensuse.lib.php

@@ -1081,6 +1081,12 @@ public function install_ispconfig()
 		caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
 		$command = 'chown root:ispconfig '.$install_dir.'/security';
 		caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
+		$command = 'chown root:ispconfig '.$install_dir.'/security/ids.whitelist';
+		caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
+		$command = 'chown root:ispconfig '.$install_dir.'/security/ids.htmlfield';
+		caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
+		$command = 'chown root:ispconfig '.$install_dir.'/security/apache_directives.blacklist';
+		caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
 
 		//* Make the global language file directory group writable
 		exec("chmod -R 770 $install_dir/interface/lib/lang");

install/lib/installer_base.lib.php

@@ -1937,6 +1937,12 @@ public function install_ispconfig() {
 		caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
 		$command = 'chown root:ispconfig '.$install_dir.'/security';
 		caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
+		$command = 'chown root:ispconfig '.$install_dir.'/security/ids.whitelist';
+		caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
+		$command = 'chown root:ispconfig '.$install_dir.'/security/ids.htmlfield';
+		caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
+		$command = 'chown root:ispconfig '.$install_dir.'/security/apache_directives.blacklist';
+		caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
 
 		//* Make the global language file directory group writable
 		exec("chmod -R 770 $install_dir/interface/lib/lang");

interface/lib/app.inc.php

@@ -48,6 +48,7 @@ class app {
 	private $_wb;
 	private $_loaded_classes = array();
 	private $_conf;
+	private $_security_config;
 
 	public $loaded_plugins = array();
 
@@ -109,7 +110,8 @@ public function __construct() {
 		}
 
 		$this->uses('functions'); // we need this before all others!
-		$this->uses('auth,plugin');
+		$this->uses('auth,plugin,ini_parser,getconf');
+		
 	}
 
 	public function __get($prop) {
@@ -327,4 +329,13 @@ public function tpl_defaults() {
 //* possible future =  new app($conf);
 $app = new app();
 
+// load and enable PHP Intrusion Detection System (PHPIDS)
+$ids_security_config = $app->getconf->get_security_config('ids');
+		
+if(is_dir(ISPC_CLASS_PATH.'/IDS') && $ids_security_config['ids_enabled'] == 'yes') {
+	$app->uses('ids');
+	$app->ids->start();
+}
+unset($ids_security_config);
+
 ?>

interface/lib/classes/IDS/.htaccess

@@ -0,0 +1,5 @@
+# in case PHPIDS is placed in the web-root
+deny from all
+
+# silence is golden
+php_flag display_errors off

interface/lib/classes/IDS/Caching/ApcCache.php

@@ -0,0 +1,144 @@
+<?php
+/**
+ * PHPIDS
+ *
+ * Requirements: PHP5, SimpleXML
+ *
+ * Copyright (c) 2008 PHPIDS group (https://phpids.org)
+ *
+ * PHPIDS is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * PHPIDS is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with PHPIDS. If not, see <http://www.gnu.org/licenses/>.
+ *
+ * PHP version 5.1.6+
+ *
+ * @category Security
+ * @package  PHPIDS
+ * @author   Mario Heiderich <mario.heiderich@gmail.com>
+ * @author   Christian Matthies <ch0012@gmail.com>
+ * @author   Lars Strojny <lars@strojny.net>
+ * @license  http://www.gnu.org/licenses/lgpl.html LGPL
+ * @link     http://php-ids.org/
+ */
+
+namespace IDS\Caching;
+
+/**
+ * APC caching wrapper
+ *
+ * This class inhabits functionality to get and set cache via memcached.
+ *
+ * @category  Security
+ * @package   PHPIDS
+ * @author    Yves Berkholz <godzilla80@gmx.net>
+ * @copyright 2007-2009 The PHPIDS Groupoup
+ * @license   http://www.gnu.org/licenses/lgpl.html LGPL
+ * @link      http://php-ids.org/
+ * @since     Version 0.6.5
+ */
+class ApcCache implements CacheInterface
+{
+    /**
+     * Caching type
+     *
+     * @var string
+     */
+    private $type = null;
+
+    /**
+     * Cache configuration
+     *
+     * @var array
+     */
+    private $config = null;
+
+    /**
+     * Flag if the filter storage has been found in memcached
+     *
+     * @var boolean
+     */
+    private $isCached = false;
+
+    /**
+     * Holds an instance of this class
+     *
+     * @var object
+     */
+    private static $cachingInstance = null;
+
+    /**
+     * Constructor
+     *
+     * @param string $type caching type
+     * @param array  $init the IDS_Init object
+     *
+     * @return void
+     */
+    public function __construct($type, $init)
+    {
+        $this->type   = $type;
+        $this->config = $init->config['Caching'];
+    }
+
+    /**
+     * Returns an instance of this class
+     *
+     * @param string $type caching type
+     * @param object $init the IDS_Init object
+     *
+     * @return object $this
+     */
+    public static function getInstance($type, $init)
+    {
+        if (!self::$cachingInstance) {
+            self::$cachingInstance = new ApcCache($type, $init);
+        }
+
+        return self::$cachingInstance;
+    }
+
+    /**
+     * Writes cache data
+     *
+     * @param array $data the caching data
+     *
+     * @return object $this
+     */
+    public function setCache(array $data)
+    {
+        if (!$this->isCached) {
+            apc_store(
+                $this->config['key_prefix'] . '.storage',
+                $data,
+                $this->config['expiration_time']
+            );
+        }
+
+        return $this;
+    }
+
+    /**
+     * Returns the cached data
+     *
+     * Note that this method returns false if either type or file cache is
+     * not set
+     *
+     * @return mixed cache data or false
+     */
+    public function getCache()
+    {
+        $data = apc_fetch($this->config['key_prefix'] . '.storage');
+        $this->isCached = !empty($data);
+
+        return $data;
+    }
+}

interface/lib/classes/IDS/Caching/CacheFactory.php

@@ -0,0 +1,85 @@
+<?php
+/**
+ * PHPIDS
+ *
+ * Requirements: PHP5, SimpleXML
+ *
+ * Copyright (c) 2008 PHPIDS group (https://phpids.org)
+ *
+ * PHPIDS is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * PHPIDS is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with PHPIDS. If not, see <http://www.gnu.org/licenses/>.
+ *
+ * PHP version 5.1.6+
+ *
+ * @category Security
+ * @package  PHPIDS
+ * @author   Mario Heiderich <mario.heiderich@gmail.com>
+ * @author   Christian Matthies <ch0012@gmail.com>
+ * @author   Lars Strojny <lars@strojny.net>
+ * @license  http://www.gnu.org/licenses/lgpl.html LGPL
+ * @link     http://php-ids.org/
+ */
+namespace IDS\Caching;
+
+/**
+ * Caching factory
+ *
+ * This class is used as a factory to load the correct concrete caching
+ * implementation.
+ *
+ * @category  Security
+ * @package   PHPIDS
+ * @author    Christian Matthies <ch0012@gmail.com>
+ * @author    Mario Heiderich <mario.heiderich@gmail.com>
+ * @author    Lars Strojny <lars@strojny.net>
+ * @copyright 2007-2009 The PHPIDS Group
+ * @license   http://www.gnu.org/licenses/lgpl.html LGPL
+ * @link      http://php-ids.org/
+ * @since     Version 0.4
+ */
+class CacheFactory
+{
+    /**
+     * Factory method
+     *
+     * @param object $init the IDS_Init object
+     * @param string $type the caching type
+     *
+     * @return object the caching facility
+     */
+    public static function factory($init, $type)
+    {
+        $object  = false;
+        $wrapper = preg_replace(
+            '/\W+/m',
+            null,
+            ucfirst($init->config['Caching']['caching'])
+        );
+        $class   = '\\IDS\\Caching\\' . $wrapper . 'Cache';
+        $path    = dirname(__FILE__) . DIRECTORY_SEPARATOR . $wrapper . 'Cache.php';
+
+        if (file_exists($path)) {
+            include_once $path;
+
+            if (class_exists($class)) {
+                $object = call_user_func(
+                    array('' . $class, 'getInstance'),
+                    $type,
+                    $init
+                );
+            }
+        }
+
+        return $object;
+    }
+}

interface/lib/classes/IDS/Caching/CacheInterface.php

@@ -0,0 +1,64 @@
+<?php
+/**
+ * PHPIDS
+ *
+ * Requirements: PHP5, SimpleXML
+ *
+ * Copyright (c) 2008 PHPIDS group (https://phpids.org)
+ *
+ * PHPIDS is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * PHPIDS is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with PHPIDS. If not, see <http://www.gnu.org/licenses/>.
+ *
+ * PHP version 5.1.6+
+ *
+ * @category Security
+ * @package  PHPIDS
+ * @author   Mario Heiderich <mario.heiderich@gmail.com>
+ * @author   Christian Matthies <ch0012@gmail.com>
+ * @author   Lars Strojny <lars@strojny.net>
+ * @license  http://www.gnu.org/licenses/lgpl.html LGPL
+ * @link     http://php-ids.org/
+ */
+namespace IDS\Caching;
+
+/**
+ * Caching wrapper interface
+ *
+ * @category  Security
+ * @package   PHPIDS
+ * @author    Christian Matthies <ch0012@gmail.com>
+ * @author    Mario Heiderich <mario.heiderich@gmail.com>
+ * @author    Lars Strojny <lars@strojny.net>
+ * @copyright 2007-2009 The PHPIDS Group
+ * @license   http://www.gnu.org/licenses/lgpl.html LGPL
+ * @since     Version 0.4
+ * @link      http://php-ids.org/
+ */
+interface CacheInterface
+{
+    /**
+     * Interface method
+     *
+     * @param array $data the cache data
+     *
+     * @return void
+     */
+    public function setCache(array $data);
+
+    /**
+     * Interface method
+     *
+     * @return void
+     */
+    public function getCache();
+}