1. Diese Seite verwendet Cookies. Wenn du dich weiterhin auf dieser Seite aufhältst, akzeptierst du unseren Einsatz von Cookies. Weitere Informationen

HowTo Fail2ban OScamInfoPHP

Dieses Thema im Forum "Root / Vserver Server Sicherheit" wurde erstellt von aragorn, 24. September 2012.

Status des Themas:
Es sind keine weiteren Antworten möglich.
  1. aragorn
    Online

    aragorn Guest

    die schnellste lösung wäre das verzeichnis über .htaccess abzusichern und für jeden benutzer aus "config.user.php" in der .htaccess beziehungsweise .htpasswd einen eigenen account an zu legen..

    dann müsste man sich zwar doppelt anmelden, einmal beim apache2 und dann noch mal beim oscam-infophp aber wenn irgend wer die zugangsdaten nicht kennt kann er sich bereits beim ersten abfragen nicht anmelden und das würde apache2 dann ins log schreiben woraufhin fail2ban es mitkriegen könnte..

    wenn paramite dazu etwas einbaut kannst du das dann wieder rückgängig machen indem du einfach die .htaccess datei löschst.

    ansonsten könnte man vielleicht auch selber am source herrumpfuschen und in der class.auth.php bei der function doAuth entsprechende zeilen einfügen sodass ein fehlerhafter login protokolliert wird (dort wo 'LOGIN_FAILED' steht aber vor dem 'return')



    für oscam-infophp v1.7.4:
    -> oscaminfo/class.auth.php mit der folgenden ersetzen:
    Code:
    <?php
    session_start();
    
    class auth{
    
        private $authData;
        public $errortext = "Login";
        public $sizeFaktor;
        
        function __construct(){
        
                if(isset($_GET["logoff"])){
                   session_destroy();
                   session_start();
                   setcookie("aktReader", "");
                   }
        
                if(!empty($_POST["user"]) && !empty($_POST["pass"])) $this->doAuth();
        
                if(isset($_SESSION["oscaminfo_auth"])) $this->authData = $_SESSION["oscaminfo_auth"];
                $this->calcSizes(SCREEN_SIZE);
                
                }
                 
        function isAuth(){
                 return (is_array($this->authData))?true:false;
                 }
                 
        function isTab($tab){
                 return (in_array($tab,$this->authData["tabs"]))?true:false;
                 }
                 
        function doAuth(){
                 require("config.user.php");
                 require("config.oscam.php");
                 [COLOR=#ff0000]if (file_exists("authfailedlog.php")) { require("authfailedlog.php"); }[/COLOR]
    
                 $array = @$user[$_POST["user"]];
                 if(!is_array($array)){
                    unset($_SESSION["oscaminfo_auth"]);
                    [COLOR=#ff0000]if (isset($LOGDIR)) { LogAuthFailed("$LOGDIR/$LOGFILE",[/COLOR][COLOR=#ff0000]$_POST['user'],[/COLOR][COLOR=#ff0000]$_SERVER['REMOTE_ADDR']); }[/COLOR]
                    $this->errortext = LOGIN_FAILED;
                    return;
                    }
    
                 if($array["password"] != $_POST["pass"]){
                    unset($_SESSION["oscaminfo_auth"]);
                    [COLOR=#ff0000]if (isset($LOGDIR)) { LogAuthFailed("$LOGDIR/$LOGFILE",[/COLOR][COLOR=#ff0000]$_POST['user'],[/COLOR][COLOR=#ff0000]$_SERVER['REMOTE_ADDR']); }[/COLOR]
                    $this->errortext = LOGIN_FAILED;
                    return;             
                    }
                    
                 $oscams = explode(",",$array["oscam"]);
                 $array["tabs"] = explode(",",$array["tabs"]);
                 $array["onlyclients"] = isset($array["onlyclients"])?explode(",",$array["onlyclients"]):array();
                 $array["onlyreaders"] = isset($array["onlyreaders"])?explode(",",$array["onlyreaders"]):array();
                 for($i=0;$i<count($oscams);$i++){
                     $o[$oscams[$i]] = $server[$oscams[$i]];
                     }
                 
                 $array["oscam"] = $o;
                 
                 $_SESSION["oscaminfo_auth"] = $array;
                 }
    
        function getOscams($einer=true){
                 $oscams = $this->authData["oscam"];
                 if(!is_array($oscams))return;
                 while(list($key,$val)=each($oscams)){
    
                       $icon = ($val["ssl"])?'<img border="0" title="SSL WebIF" alt="SSL WebIF" align="absmiddle" src="themes/icons/lock.gif">':'';
    
                       if($einer){
                          echo $key.' ('.$icon.trim($val["url"]).')';
                          break;
                          }
                       else{
                          echo '<a href="#" onClick="changeServer(\''.$key.'\',\''.$val["url"].'\',\''.str_replace('"','\\\'',$icon).'\')">'.$key.' ('.$icon.trim($val["url"]).')</a><br>';
                        }
                       }
    
                 }
        function calcSizes($size=775){
                 $size = ($size=="full")?$_POST["fullscreen"]:$size;
                 if(is_NaN($size) || $size==0)$size = 755;
                 $erg = floor($size / (775 / 100));
                 $this->sizeFaktor = $erg/100;
                 }
                 
        function sortable($withLastActivity=true){
                 
                 if(empty($_SESSION["oscaminfo_auth"]["sort"]))return;
        
                 $sorts = explode("_",$_SESSION["oscaminfo_auth"]["sort"]);
                 
                 if($sorts[0] == "lastactivity" && !$withLastActivity) return;
                 
                 echo "sortName=\"".$sorts[0]."\" ";
                 echo "sortOrder=\"".$sorts[1]."\"";
                 
                 }
        
    }
    
    (die rot markierten zeilen (3) sind die angepassten/ergänzten zeilen)


    -> oscaminfo/admin/class.admin.php mit der folgenden ersetzen:
    Code:
    <?php
    require("../config.global.php");
    require("../lang/".LANGUAGE.".inc.php");
    require("../class.auth.php");
    @session_start();
    
    class admin extends auth{
        
          public $delimiter;
    
        public $errortext = "Admin Login";
        
        private $oscamApi;
        
        private $server_tpl = "\n  \$server[\"#SERVERNAME#\"] = array(
                            \"url\"        => \"#SERVERURL#\",
                            \"port\"        => \"#SERVERPORT#\",
                            \"user\"        => \"#SERVERUSER#\",
                            \"pass\"        => \"#SERVERPASS#\",
                            \"ssl\"        => #SERVERSSL#
                            );\n";
                            
        private $user_tpl = "\$user[\"#LOGINNAME#\"] = array(
                     \"password\"    => \"#LOGINPASS#\", 
                     \"tabs\"        => \"#LOGINTABS#\", 
                     \"onlyclients\"     => \"#ONLYCLIENTS#\",
                     \"onlyreaders\"     => \"#ONLYREADERS#\",
                     \"oscam\"    => \"#OSCAM#\",
                     \"sort\"    => \"#SORT#\"
                     );\n";     
                     
    
        private $global_tpl = "<?php
    /* Autorefresh in seconds for OSCam Info */
    DEFINE('REFRESH_SECS',#REFRESH_SECS#);
    
    /* Language de=german / en=english */
    DEFINE('LANGUAGE','#LANGUAGE#');
    
    /* A custom notice in the header (empty if no message should be displayed)*/
    DEFINE('CUSTOM_NOTICE','#CUSTOM_NOTICE#');
    
    /* A custom stlye for the main grid, available are 'blue' and 'gray' */
    DEFINE('OSCAM_STYLE','#OSCAM_STYLE#');
    
    /* The width (in px) of the mainwindow(s), full screen size can be set with 'full' */
    DEFINE('SCREEN_SIZE','#SCREEN_SIZE#');
    
    /* The Adminuser */
    DEFINE('ADM_USER','#ADM_USER#');
    
    /* The Adminpassword */
    DEFINE('ADM_PASS','#ADM_PASS#');
    
    /* Connect through proxyserver, if no proxy is needed just leave blank */
    DEFINE('PROXY_URL','#PROXY_URL#'); 
    DEFINE('PROXY_PORT','#PROXY_PORT#');
    DEFINE('PROXY_USER','#PROXY_USER#');
    DEFINE('PROXY_PASS','#PROXY_PASS#');
    
    /* Lower than this percent the values will cumulated */
    DEFINE('LOWER_THAN','#LOWER_THAN#');
    
    /* Available entries per page */
    DEFINE('ENTRIES_PER_PAGE','#ENTRIES_PER_PAGE#');
    
    /* Default entries per page */
    DEFINE('ENTRIES_PER_PAGE_DEFAULT','#ENTRIES_PER_PAGE_DEFAULT#');
    
    /* Channel picons update every XX days */
    DEFINE('CHANNEL_PICONS','#CHANNEL_PICONS#');
    ?>";                 
                     
        
        function __construct(){
        
                if(isset($_GET["logoff"])){
                   session_destroy();
                   session_start();
                   unset($_COOKIE["aktReader"]);
                   }
        
                if(!empty($_POST["user"]) && !empty($_POST["pass"])) $this->doAuthAdm();
        
                $this->calcSizes(SCREEN_SIZE);
               
                $this->delimiter = (LANGUAGE=="de")?",":"."; 
                }
                
        function getLanguagesSelects(){
                 $handle=opendir("../lang");
                 while ($datei = readdir ($handle)) {
                        if(stristr($datei,".inc.") && !stristr($datei,"tld")){
                            
                            $checkLang = file_get_contents("../lang/".$datei);
                            preg_match('#DEFINE\("_LANGUAGE_","(.*)"\);#',$checkLang,$erg);
                            $sel = (LANGUAGE == substr($datei,0,2))?" selected":"";
                            echo '<option value="'.substr($datei,0,2).'"'.$sel.'>'.$erg[1].'</option>';
                           }
                        }
    
                 closedir($handle);
            
                 }
    
        function getPerPageSelects(){
                 $entries = explode(",",ENTRIES_PER_PAGE);
                 foreach($entries as $entry) {
                         $sel = ($entry==ENTRIES_PER_PAGE_DEFAULT)?" selected":"";
                         echo '<option value="'.$entry.'"'.$sel.'>'.$entry.'</option>';
                        }
                 }
                 
        function saveGlobal(){
                 while(list($k,$v) = each($_POST)){
                       $this->global_tpl = str_replace("#".strtoupper($k)."#",$v,$this->global_tpl);
                       }
                 if(@file_put_contents("../config.global.php",$this->global_tpl)){
                     echo "info|".ADM_SAVE_GLOBAL_OK_TITLE."|".ADM_SAVE_GLOBAL_OK_BODY;
                     exit;
                    }
                 
                 echo "error|".ADM_SAVE_GLOBAL_ERR_TITLE."|".ADM_SAVE_GLOBAL_ERR_BODY;
                 }
                 
        function isAuthAdm(){
                 return (isset($_SESSION["oscaminfo_adm_auth"]))?true:false;
                 }
    
                 
        function doAuthAdm(){
                 if(ADM_USER == $_POST["user"] && ADM_PASS == $_POST["pass"]){
                     $_SESSION["oscaminfo_adm_auth"] = "adm";
                    }
                 else{
                    [COLOR=#ff0000]if (file_exists("../authfailedlog.php")) { require("../authfailedlog.php"); }[/COLOR]
                    session_destroy();
                    session_start();
                    unset($_SESSION["oscaminfo_adm_auth"]);
                    [COLOR=#ff0000]if (isset($LOGDIR)) { LogAuthFailed("$LOGDIR/$LOGFILE",[/COLOR][COLOR=#ff0000]$_POST['user'],[/COLOR][COLOR=#ff0000]$_SERVER['REMOTE_ADDR']); }[/COLOR]
                    $this->errortext = LOGIN_FAILED;
                    }
                 }
                 
        function printServerProtocols(){
                 $data = array();
                 $count = 0;
                 foreach($_SESSION["OIP_ADM_PROTOCOLS"][$_GET["types"]]["protocol"] as $p){
                          $data[$count]["id"] = $p;
                          $data[$count]["text"] = LNG_PROTOCOL.': '.$p;
                     
                          $count++;
                          }
                 foreach($_SESSION["OIP_ADM_PROTOCOLS"][$_GET["types"]]["name"] as $p){
                          $data[$count]["id"] = $p;
                          $txt = ($_GET["types"]=="server")?LNG_READER:LNG_CLIENT;
                          $data[$count]["text"] = $txt.': '.$p;
                     
                          $count++;
                          }                      
                 echo json_encode($data);
                 }
                 
        function restartServer(){
                 include("../config.oscam.php");
            
                 $prot = ($server[$_GET["data"]]["ssl"])?"https":"http";
                 print_r($server[$_GET["data"]]);
                 $ch =  curl_init($prot."://".$server[$_GET["data"]]["url"].":".$server[$_GET["data"]]["port"]."/oscamapi.html?part=shutdown&action=restart");
                 if(((boolean) PROXY_URL) && ((boolean) PROXY_PORT)){
                    curl_setopt($ch, CURLOPT_PROXY, "http://".PROXY_URL.":".PROXY_PORT);
                    curl_setopt($ch, CURLOPT_PROXYPORT, PROXY_PORT);
                    if(((boolean) PROXY_USER) && ((boolean)  PROXY_PASS)) curl_setopt($ch, CURLOPT_PROXYUSERPWD,  PROXY_USER.":".PROXY_PASS);
                    }
                 curl_setopt($ch,CURLOPT_RETURNTRANSFER, 1);
                 curl_setopt($ch,CURLOPT_TIMEOUT,10);
                 curl_setopt($ch,CURLOPT_FAILONERROR,1);
                 curl_setopt($ch,CURLOPT_HTTPAUTH, CURLAUTH_DIGEST);
                 curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
                 curl_setopt($ch,CURLOPT_USERPWD,$server[$_GET["data"]]["user"].':'.$server[$_GET["data"]]["pass"]);
                 if($server[$_GET["data"]]["ssl"]){
                     curl_setopt($ch,CURLOPT_SSL_VERIFYHOST, 0);
                     curl_setopt($ch,CURLOPT_SSL_VERIFYPEER, 0);
                     }
                 curl_exec($ch);       
                 }
                 
        function getServerProtocols(){
            
                 if(isset($_SESSION["OIP_ADM_PROTOCOLS"])){
                     $this->printServerProtocols();
                     return;
                    }
            
                 include("../config.oscam.php");
                 
                 $servers = explode(",",$_GET["servers"]);
                 $typeArrayAll['user']['protocol'] = array(); 
                 $typeArrayAll['server']['protocol'] = array(); 
                 $typeArrayAll['user']['name'] = array(); 
                 $typeArrayAll['server']['name'] = array(); 
                 foreach($servers as $s){
                          $prot = ($server[$s]["ssl"])?"https":"http";
                         $ch = curl_init($prot."://".$server[$s]["url"].":".$server[$s]["port"]."/oscamapi.html?part=status");
                         if(((boolean) PROXY_URL) && ((boolean) PROXY_PORT)){
                            curl_setopt($ch, CURLOPT_PROXY, "http://".PROXY_URL.":".PROXY_PORT);
                            curl_setopt($ch, CURLOPT_PROXYPORT, PROXY_PORT);
                            if(((boolean) PROXY_USER) && ((boolean)  PROXY_PASS)) curl_setopt($ch, CURLOPT_PROXYUSERPWD,  PROXY_USER.":".PROXY_PASS);
                            }
                         curl_setopt($ch,CURLOPT_RETURNTRANSFER, 1);
                         curl_setopt($ch,CURLOPT_TIMEOUT,10);
                         curl_setopt($ch,CURLOPT_FAILONERROR,1);
                         curl_setopt($ch,CURLOPT_HTTPAUTH, CURLAUTH_DIGEST);
                         curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
                         curl_setopt($ch,CURLOPT_USERPWD,$server[$s]["user"].':'.$server[$s]["pass"]);
                         if($server[$s]["ssl"]){
                            curl_setopt($ch,CURLOPT_SSL_VERIFYHOST, 0);
                            curl_setopt($ch,CURLOPT_SSL_VERIFYPEER, 0);
                            }
                        
                         $typeArray = array();                     
                         $obj = (simplexml_load_string(curl_exec($ch),'SimpleXMLElement', LIBXML_NOCDATA));
                         foreach($obj->status->client as $c) {
                                  if(!empty($c['type']) && ($c['type'] == "r" || $c['type'] == "p")){
                                      $typeArray['server']['protocol'][] = preg_replace("#\s(.*)#","",(String)$c['protocol']);
                                      $typeArray['server']['name'][] = (String)$c['name'];
                                     }
                                  if(!empty($c['type']) && ($c['type'] == "c")){
                                      $typeArray['user']['protocol'][] = preg_replace("#\s(.*)#","",(String)$c['protocol']);
                                      $typeArray['user']['name'][] = (String)$c['name'];
                                     }
                                  }
                         $typeArrayAll['user']['protocol'] =  array_merge($typeArrayAll['user']['protocol'],  $typeArray['user']['protocol']);
                         $typeArrayAll['server']['protocol'] =  array_merge($typeArrayAll['server']['protocol'],  $typeArray['server']['protocol']);
                         $typeArrayAll['user']['name'] = array_merge($typeArrayAll['user']['name'], $typeArray['user']['name']);
                         $typeArrayAll['server']['name'] =  array_merge($typeArrayAll['server']['name'],  $typeArray['server']['name']);
                         $typeArrayAll['user']['protocol'] = array_unique($typeArrayAll['user']['protocol']);
                         $typeArrayAll['server']['protocol'] = array_unique($typeArrayAll['server']['protocol']);
                         $typeArrayAll['user']['name'] = array_unique($typeArrayAll['user']['name']);
                         $typeArrayAll['server']['name'] = array_unique($typeArrayAll['server']['name']);
                  }
          
                 
                 $_SESSION["OIP_ADM_PROTOCOLS"] = $typeArrayAll;
                 
                 $this->printServerProtocols();
            
                 }
    
        function getOscamServer($onlyNames=false){
                 require("../config.oscam.php");
                 $data = array();
                 $count = 0;
                 while(list($k,$v) = each($server)){
                          $data[$count]["servername"] = $k;
                          if(!$onlyNames)$data[$count]["serverurl"] = $v["url"];
                          if(!$onlyNames)$data[$count]["serverport"] = $v["port"];
                          if(!$onlyNames)$data[$count]["serveruser"] = $v["user"];
                          if(!$onlyNames)$data[$count]["serverpass"] = $v["pass"];
                          if(!$onlyNames)$data[$count]["serverssl"] = $v["ssl"];
                          $count++;
                          }
                 echo json_encode($data);
                 }
                 
        function getOscamUser(){
                 require("../config.user.php");
                 $data = array();
                 $count = 0;
                 while(list($k,$v) = each($user)){
                          $data[$count]["loginname"] = $k;
                          $data[$count]["loginpass"] = $v["password"];
                          $data[$count]["logintabs"] = $v["tabs"];
                          if (array_key_exists('onlyclients', $v)) $data[$count]["onlyclients"] = $v["onlyclients"];
                          if (array_key_exists('onlyreaders', $v)) $data[$count]["onlyreaders"] = $v["onlyreaders"];
                          $data[$count]["oscam"] = $v["oscam"];
                          $data[$count]["sort"] = $v["sort"];
                          $count++;
                          }
                 echo json_encode($data);
                 }
                 
         function setOscamUser(){
                   $ret["success"] = false;
                   unset($_SESSION["OIP_ADM_PROTOCOLS"]);
    
                   if(!isset($_GET["delete"])){
                      $user_tpl = str_replace("#LOGINNAME#",$_POST["loginname"],$this->user_tpl);
                 $user_tpl = str_replace("#LOGINPASS#",$_POST["loginpass"],$user_tpl);
                 $user_tpl = str_replace("#LOGINTABS#",implode(",",$_POST["logintabs"]),$user_tpl);
                 if(!isset($_POST["onlyclients"]))$_POST["onlyclients"]=array();
                 if(!isset($_POST["onlyreaders"]))$_POST["onlyreaders"]=array();
                 $user_tpl = str_replace("#ONLYCLIENTS#",implode(",",$_POST["onlyclients"]),$user_tpl);
                 $user_tpl = str_replace("#ONLYREADERS#",implode(",",$_POST["onlyreaders"]),$user_tpl);
                 if(count($_POST["onlyclients"])==0 ||  empty($_POST["onlyclients"]) ||  empty($_POST["onlyclients"][0]))$user_tpl =  str_replace('"onlyclients"','//"onlyclients"',$user_tpl);
                 if(count($_POST["onlyreaders"])==0 ||  empty($_POST["onlyreaders"]) ||  empty($_POST["onlyreaders"][0]))$user_tpl =  str_replace('"onlyreaders"','//"onlyreaders"',$user_tpl);
                 $osCams = explode(",",implode(",",array_unique($_POST["oscam"])));
                 $user_tpl = str_replace("#OSCAM#",implode(",",array_unique($osCams)),$user_tpl);   
                 if($_POST["sortable"] == "NONE_asc")$_POST["sortable"] = "identname_asc";
                 if($_POST["sortable"] == "NONE_desc")$_POST["sortable"] = "identname_desc";             
                 $user_tpl = str_replace("#SORT#",$_POST["sortable"],$user_tpl);   
                 include("../config.user.php");
                 if(array_key_exists($_POST["loginname"],$user) && !isset($_GET["server"])){
                    $ret["success"] = false;
                    $ret["msg"] = LNG_ADM_LOGINNAME_EXISTS;
                    echo json_encode($ret);
                    exit();
                    }                              
                 }
                
                $cfg = file_get_contents("../config.user.php");
                                 
                   if(!isset($_GET["server"])){
                      $cfg = str_replace("?>",$user_tpl."\n?>",$cfg);     
                      }
                   else{
                     $cfgData = file("../config.user.php");
                     $replaceData = "";
                     $writeRepData = false;
                     foreach($cfgData as $zeile){
                         if(stristr($zeile,'$user["'.$_GET["server"].'"]'))$writeRepData = true;
                         if($writeRepData)$replaceData.=$zeile;
                         if(stristr($zeile,');'))$writeRepData = false;
                            }
                     
                      $user_tpl = (isset($_GET["delete"]))?"":$user_tpl;
                      $replace_usr = (isset($_GET["delete"]))?"":$_POST["loginname"];
                     
                     $cfg = str_replace($replaceData,$user_tpl,$cfg);
                  }
    
                   if(file_put_contents("../config.user.php",$cfg)){
                        $ret["success"] = true;
                        }
                   else{
                      $ret["msg"] = "Error writing config.user.php";
                     }   
                      
                   echo json_encode($ret);
                   
                   }                          
                 
         function setOscamServer(){
                   $ret["success"] = false;
                   unset($_SESSION["OIP_ADM_PROTOCOLS"]);               
                   
                   if(!isset($_GET["delete"])){
                      $server_tpl = str_replace("#SERVERNAME#",$_POST["servername"],$this->server_tpl);
                 $server_tpl = str_replace("#SERVERURL#",$_POST["serverurl"],$server_tpl);
                 $server_tpl = str_replace("#SERVERPORT#",$_POST["serverport"],$server_tpl);
                 $server_tpl = str_replace("#SERVERUSER#",$_POST["serveruser"],$server_tpl);
                 $server_tpl = str_replace("#SERVERPASS#",$_POST["serverpass"],$server_tpl);
                 $server_tpl = str_replace("#SERVERSSL#",($_POST["serverssl"]=="true")?"true":"false",$server_tpl);
                 include("../config.oscam.php");
                 if(array_key_exists($_POST["servername"],$server) && !isset($_GET["server"])){
                    $ret["success"] = false;
                    $ret["msg"] = LNG_ADM_SERVERNAME_EXISTS;
                    echo json_encode($ret);
                    exit();
                    }
                                                  
                 }       
                   
                $cfg = file_get_contents("../config.oscam.php");
                                 
                   if(!isset($_GET["server"])){
                      $cfg = str_replace("?>",$server_tpl."\n?>",$cfg);     
                      }
                   else{
                     $cfgData = file("../config.oscam.php");
                     $replaceData = "";
                     $writeRepData = false;
                     foreach($cfgData as $zeile){
                         if(stristr($zeile,'$server["'.$_GET["server"].'"]'))$writeRepData = true;
                         if($writeRepData)$replaceData.=$zeile;
                         if(stristr($zeile,');'))$writeRepData = false;
                            }
                     
                     $server_tpl = (isset($_GET["delete"]))?"":$server_tpl;
                     $replace_usr = (isset($_GET["delete"]))?"":$_POST["servername"];
                     
                  $cfg = str_replace($replaceData,$server_tpl,$cfg);
                  
                  
                  
                  $users = file("../config.user.php");
                  $userData='';
                  foreach($users as $usr){
                            if(stristr($usr,'"oscam"')){
                                 $usr = str_replace('"'.$_GET["server"].'"','"'.$replace_usr.'"',$usr);
                                 $usr = str_replace(','.$_GET["server"].'"',','.$replace_usr.'"',$usr);
                                 $usr = str_replace('"'.$_GET["server"].',','"'.$replace_usr.',',$usr);
                                 $usr = str_replace(','.$_GET["server"].',',','.$replace_usr.',',$usr);
                                 $usr = str_replace(',,',',',$usr);
                                 $usr = str_replace('> ",','> "',$usr);
                                 $usr = str_replace(',"','"',$usr);
                                 }
                            $userData.=$usr;
                            }
                  file_put_contents("../config.user.php",$userData);
                   }
                    
                   
                   if(file_put_contents("../config.oscam.php",$cfg)){
                        $ret["success"] = true;
                        }
                   else{
                      $ret["msg"] = "Error writing config.oscam.php";
                     }    
                     
                   echo json_encode($ret); 
                    
                   }
    
    function getSortable(){
             $ordner = array(LNG_ADM_SORTABLE_ASC,LNG_ADM_SORTABLE_DESC);
             $ordnerIcon = array("icon-asc","icon-desc");
             $ordnerVal = array("asc","desc");
             $data = array("identname"=>LNG_CLIENT.'/'.LNG_READER,
                   "country"=>LNG_CTY,
                       "protocol"=>LNG_PROTOCOL,
                       "request"=>LNG_LAST_USED_SHARE,
                   "ecmtime"=>LNG_ECM,
                       "loggedin"=>LNG_LOGGED_IN,
                       "lastactivity"=>LNG_LAST_ACTIVITY,
                       "connection"=>LNG_CONNECTION);
             $ajax = array();
             $ajax[0]["id"] = "";
         $ajax[0]["text"] = ADM_NONE;
         $ajax[0]["iconCls"] = "icon-cancel";
    
         for($i=0;$i<count($ordner);$i++){
             $ajax[$i+1]["id"] = "NONE_".$ordnerVal[$i];
             $ajax[$i+1]["text"] = $ordner[$i];
             $ajax[$i+1]["iconCls"] = $ordnerIcon[$i];
             $tmpData = $data;
             $tmpCount = 0;
             $ajaxKids = array();
             while(list($key,$value) = each ($tmpData)){
                  $ajaxKids[$tmpCount]["id"] = $key.'_'.$ordnerVal[$i];
                  $ajaxKids[$tmpCount]["text"] = $value;
                  $tmpCount++;
                  }
             $ajax[$i+1]["children"] = $ajaxKids;
             $ajax[$i+1]["state"] = "open";
         
             
             
             }
         
         
         echo json_encode($ajax);
    
             }
    }
    
    
    (die rot markierten zeilen (2) sind die angepassten/ergänzten zeilen)


    ausserdem folgende datei neu erstellen -> oscaminfo/authfailedlog.php
    PHP:
    <?php

    $LOGDIR 
    "logs";
    $LOGFILE "auth.failed.log";

    if (
    preg_match("/admin/",$_SERVER['PHP_SELF'])) { $LOGDIR "../$LOGDIR"; }

    if (!
    is_dir($LOGDIR)) { CreateLogDir($LOGDIR); }
    if (!
    file_exists("$LOGDIR/.htaccess")) { CreateLogDir($LOGDIR); }

    function 
    LogAuthFailed($TOFILE,$USER="",$IP) {
        if (!empty(
    $USER)) {
            
    $logline "[".date('d/m/Y H:i:s')."] $USER LOGIN FAILED: $IP";
        } else {
            
    $logline "[".date('d/m/Y H:i:s')."] LOGIN FAILED: $IP";
        }
        
    $handle fopen("$TOFILE","a");
        
    fwrite($handle,"$logline\n");
        
    fclose($handle);
    }

    function 
    CreateLogDir($DIR) {
        if (!
    is_dir($DIR)) { $MKDIR mkdir($DIR,0777,true); }
        if (!
    file_exists("$DIR/.htaccess")) {
            
    $handle fopen("$DIR/.htaccess","w");
            if (
    $handle) {
                
    fwrite($handle,"Order deny,allow\n");
                
    fwrite($handle,"Deny from all\n");
                
    fclose($handle);
                
    exec("chmod 600 $DIR/.htaccess");
            }
        }
    }

    ?>
    wenn sich dann jemand fehlerhaft anmeldet wird das in die datei oscaminfo/logs/auth.failed.log geschrieben:
    Code:
    [24.09.2012 22:52:00] LOGIN FAILED: 10.0.2.2

    dafür muss dann noch in fail2ban ein jail und filter erstellt werden..

    -> /etc/fail2ban/jail.conf
    Code:
    [oscaminfo_login]
    enabled = true
    port = 80,443
    filter = oscaminfo-login
    logpath = /var/www/oscaminfo/logs/auth.failed.log
    bantime = 3600
    maxretry = 3
    (zum testen die bantime zum beispiel auf 60 stellen)

    -> /etc/fail2ban/filter.d/oscaminfo-login.conf
    Code:
    [Definition]
    failregex = .*LOGIN FAILED: <HOST>
    ignoreregex =
    
    dann anweisen das fail2ban die configs neu einliest: /etc/init.d/fail2ban force-reload
    und dann zum testen fehlerhafte logins provozieren und gleichzeitig das fail2ban.log überwachen: tail -f /var/log/fail2ban.log



    optional kann dann noch das logfile ins ipc web interface nachtragen werden indem über das ipc web interface unter Editor -> SYSTEM -> config.php im abschnitt Logs folgendes einfügt wird:
    Code:
    $LOGS['System']['oscaminfoauth'] = "/var/www/oscaminfo/logs/auth.failed.log";
     
    Zuletzt von einem Moderator bearbeitet: 28. September 2012
    #1
Status des Themas:
Es sind keine weiteren Antworten möglich.

Diese Seite empfehlen