v3.1

Meet Web application firewall!
6 years ago · da77663484
9 changed files with 183 additions and 27 deletions
--- a/app/options.py
+++ b/app/options.py
@ -102,10 +102,20 @@ if form.getvalue('action_hap') is not None and serv is not None:
 		print("HAproxy was %s" % action)
 	else:
 		print("Bad config, check please")
-		
+	
+if form.getvalue('action_waf') is not None and serv is not None:
+	serv = form.getvalue('serv')
+	action = form.getvalue('action_waf')
+
+	commands = [ "sudo systemctl %s waf" % action ]
+	funct.ssh_command(serv, commands)		
+	
 if act == "overview":
 	ovw.get_overview()
-
+	
+if act == "overviewwaf":
+	ovw.get_overviewWaf()
+	
 if act == "overviewServers":
 	ovw.get_overviewServers()
 	
@ -161,6 +171,7 @@ if serv is not None and act == "stats":

 if serv is not None and form.getvalue('rows') is not None:
 	rows = form.getvalue('rows')
+	waf = form.getvalue('waf')
 	grep = form.getvalue('grep')
 	hour = form.getvalue('hour')
 	minut = form.getvalue('minut')
@ -179,11 +190,15 @@ if serv is not None and form.getvalue('rows') is not None:
 	if syslog_server_enable is None or syslog_server_enable == "0":
 		local_path_logs = sql.get_setting('local_path_logs')
 		syslog_server = serv	
-		commands = [ "sudo cat %s| awk '$3>\"%s:00\" && $3<\"%s:00\"' |tail -%s  %s %s" % (local_path_logs, date, date1, rows, grep_act, grep) ]	
+		commands = [ "sudo cat %s| awk '$3>\"%s:00\" && $3<\"%s:00\"' |tail -%s  %s %s" % (local_path_logs, date, date1, rows, grep_act, grep) ]		
 	else:
 		commands = [ "sudo cat /var/log/%s/syslog.log | sed '/ %s:00/,/ %s:00/! d' |tail -%s  %s %s" % (serv, date, date1, rows, grep_act, grep) ]
 		syslog_server = sql.get_setting('syslog_server')
-
+	
+	if waf == "1":
+		local_path_logs = '/var/log/modsec_audit.log'
+		commands = [ "sudo cat %s |tail -%s  %s %s" % (local_path_logs, rows, grep_act, grep) ]	
+		
 	funct.ssh_command(syslog_server, commands, show_log="1")
 	
 if serv is not None and form.getvalue('rows1') is not None:
--- a/app/ovw.py
+++ b/app/ovw.py
@ -28,14 +28,35 @@ def get_overview():

 	template = template.render(service_status = servers, role = sql.get_user_role_by_uuid(user_id.value))
 	print(template)	
+	
+def get_overviewWaf():
+	import http.cookies
+	from jinja2 import Environment, FileSystemLoader
+	env = Environment(loader=FileSystemLoader('templates/ajax'))
+	template = env.get_template('overivewWaf.html')
+	cookie = http.cookies.SimpleCookie(os.environ.get("HTTP_COOKIE"))
+	user_id = cookie.get('uuid')
+	haproxy_dir  = sql.get_setting('haproxy_dir')
+	haproxy_sock_port = sql.get_setting('haproxy_sock_port')
+	
+	listhap = sql.get_dick_permit()
+	commands = [ "ps ax |grep waf/bin/modsecurity |grep -v grep |wc -l" ]
+	commands1 = [ "cat %s/waf/modsecurity.conf  |grep SecRuleEngine |grep -v '#' |awk '{print $2}'" % haproxy_dir ]	
+	servers = []
+
+	for server in listhap:
+		server_status = ()
+		server_status = (server[1],server[2], funct.ssh_command(server[2], commands), funct.ssh_command(server[2], commands1))
+		servers.append(server_status)
+
+	template = template.render(service_status = servers, role = sql.get_user_role_by_uuid(user_id.value))
+	print(template)	
 		
 def get_overviewServers():
 	import http.cookies
 	from jinja2 import Environment, FileSystemLoader
 	env = Environment(loader=FileSystemLoader('templates/ajax'))
 	template = env.get_template('overviewServers.html')
-	cookie = http.cookies.SimpleCookie(os.environ.get("HTTP_COOKIE"))
-	user_id = cookie.get('uuid')
 	haproxy_sock_port = sql.get_setting('haproxy_sock_port')
 	
 	listhap = sql.get_dick_permit()
@ -58,7 +79,7 @@ def get_overviewServers():
 		server_status = (server[1],server[2], out1, funct.ssh_command(server[2], commands),funct.show_backends(server[2], ret=1))
 		servers.append(server_status)
 	
-	template = template.render(service_status = servers, role = sql.get_user_role_by_uuid(user_id.value))
+	template = template.render(service_status = servers)
 	print(template)	
 	
 def get_map(serv):
--- a/app/scripts/waf.sh
+++ b/app/scripts/waf.sh
@ -28,11 +28,14 @@ fi
 if [ -f $HAPROXY_PATH/waf/modsecurity.conf  ];then
 	echo -e 'error: Haproxy WAF already installed. You can edit config<a href="/app/config.py" title="Edit HAProxy config">here</a> <br /><br />'
 	exit 1
-fi
-wget -O /tmp/yajl-devel-2.0.4-4.el7.x86_64.rpm http://rpmfind.net/linux/centos/7.5.1804/os/x86_64/Packages/yajl-devel-2.0.4-4.el7.x86_64.rpm
-wget -O /tmp/libevent-devel-2.0.21-4.el7.x86_64.rpm http://mirror.centos.org/centos/7/os/x86_64/Packages/libevent-devel-2.0.21-4.el7.x86_64.rpm
-wget -O /tmp/modsecurity-2.9.2.tar.gz https://www.modsecurity.org/tarball/2.9.2/modsecurity-2.9.2.tar.gz
-sudo yum install /tmp/libevent-devel-2.0.21-4.el7.x86_64.rpm /tmp/yajl-devel-2.0.4-4.el7.x86_64.rpm  httpd-devel libxml2-devel gcc curl-devel -y
+fiif hash apt-get 2>/dev/null; then
+	sudo apt-get install yajl-dev libevent-dev httpd-dev libxml2-dev gcc curl-dev -y
+else
+	wget -O /tmp/yajl-devel-2.0.4-4.el7.x86_64.rpm http://rpmfind.net/linux/centos/7.5.1804/os/x86_64/Packages/yajl-devel-2.0.4-4.el7.x86_64.rpm
+	wget -O /tmp/libevent-devel-2.0.21-4.el7.x86_64.rpm http://mirror.centos.org/centos/7/os/x86_64/Packages/libevent-devel-2.0.21-4.el7.x86_64.rpm
+	wget -O /tmp/modsecurity-2.9.2.tar.gz https://www.modsecurity.org/tarball/2.9.2/modsecurity-2.9.2.tar.gz
+	sudo yum install /tmp/libevent-devel-2.0.21-4.el7.x86_64.rpm /tmp/yajl-devel-2.0.4-4.el7.x86_64.rpm  httpd-devel libxml2-devel gcc curl-devel -y
+if

 if [ $? -eq 1 ]; then
 	echo -e "Can't download waf application. Check Internet connection"
@ -119,6 +122,8 @@ sudo tar xf /tmp/owasp.tar.gz
 sudo mv /tmp/owasp-modsecurity-crs-2.2.9/modsecurity_crs_10_setup.conf.example  $HAPROXY_PATH/waf/rules/modsecurity_crs_10_setup.conf 
 sudo mv /tmp/owasp-modsecurity-crs-2.2.9/*rules/* $HAPROXY_PATH/waf/rules/
 sudo sed -i 's/#SecAction/SecAction/' $HAPROXY_PATH/waf/rules/modsecurity_crs_10_setup.conf 
+sudo sed -i 's/SecRuleEngine DetectionOnly/SecRuleEngine On/' $HAPROXY_PATH/waf/modsecurity.conf
+sudo sed -i 's/SecAuditLogParts ABIJDEFHZ/SecAuditLogParts ABIJDEH/' $HAPROXY_PATH/waf/modsecurity.conf
 sudo rm -f /tmp/owasp.tar.gz

 sudo bash -c cat << EOF > /etc/systemd/system/multi-user.target.wants/waf.service 
@ -144,7 +149,7 @@ if $programname startswith 'waf' then /var/log/waf.log
 & stop
 EOF

-sudo bash -c cat << EOF > $HAPROXY_PATH/spoe-modsecurity.conf
+sudo bash -c cat << EOF > $HAPROXY_PATH/waf.conf
 [modsecurity]
 spoe-agent modsecurity-agent
   messages check-request
@ -152,7 +157,7 @@ spoe-agent modsecurity-agent
   timeout hello      100ms
   timeout idle       30s
   timeout processing 15ms
-   use-backend spoe-modsecurity
+   use-backend waf
   
 spoe-message check-request
   args unique-id method path query req.ver req.hdrs_bin req.body_size req.body
@ -163,7 +168,7 @@ if sudo grep -q "backend spoe-modsecurity" $HAPROXY_PATH/haproxy.cfg; then
 else
 	sudo bash -c cat << EOF >> $HAPROXY_PATH/haproxy.cfg

-backend spoe-modsecurity
+backend waf
    mode tcp
    timeout connect 5s
    timeout server  3m
--- a/app/templates/ajax/overivewWaf.html
+++ b/app/templates/ajax/overivewWaf.html
@ -0,0 +1,35 @@
+{% for service in service_status %}
+	<tr class="{{ loop.cycle('odd', 'even') }}">
+		<td class="padding10 first-collumn">
+			<a href="#{{ service.0 }}" title="Go to {{ service.0 }} status" style="color: #000">{{ service.0 }}</a>
+		</td>
+		<td  class="second-collumn">
+		{% if service.2|int() >= 1 %}
+			<span class="serverUp"> UP</span> running {{service.2 }} processes
+		{% else %}
+			<span class="serverDown"> DOWN</span> running {{service.2 }} processes
+		{% endif %}
+		</td>
+		<td>
+		{% if role <= 1 %}
+			<a id="{{ service.1 }}" class="start-waf" title="Start WAF service">
+				<img src=/image/pic/start.png alt="start" class="icon">
+			</a>
+			<a id="{{ service.1 }}" class="stop-waf" title="Stop WAF service">
+				<img src=/image/pic/stop.png alt="start" class="icon">
+			</a>
+			<a id="{{ service.1 }}" class="restart-waf" title="Restart WAF service">
+				<img src=/image/pic/update.png alt="restart" class="icon">
+			</a>
+		{% endif %}
+		</td>
+		<td>
+			{% if service.3 %}
+				{{ service.3 }}
+			{%else %}
+				WAF not installed
+			{% endif %}
+		</td>
+		<td></td>
+	</tr>
+{% endfor %}
--- a/app/templates/logs.html
+++ b/app/templates/logs.html
@ -10,6 +10,7 @@
 				Server
 			{% endif %}
 		</td>
+		<td style="width: 5%;">WAF logs</td>
 		<td style="width: 10%;">Number rows</td>
 		<td class="padding10" style="width: 10%;">Ex for grep</td>
 		<td style="width: 10%;">
@ -44,6 +45,9 @@
 					{% endif %}
 				</select>
 		</td>
+		<td>
+			<label for="waf"></label><input type="checkbox" id="waf"> 
+		</td>
 		<td class="padding10" style="width: 10%;">
 			<input type="number" name="rows" id="rows" value="{{ rows }}" class="form-control" required>
 		</td> 
--- a/app/templates/ovw.html
+++ b/app/templates/ovw.html
@ -97,10 +97,7 @@
 		<td class="padding10 second-collumn">
 			HAproxy status
 		</td>
-		<td class="padding10">
-			WAF status
-		</td>
-		<td class="padding10 second-collumn">
+		<td class="padding10  third-collumn">
 			Action
 		</td>
 		<td class="padding10">
@ -112,6 +109,25 @@
 	</tr>
 <tbody id="ajaxstatus"></tbody>

+<table class="overview">
+	<tr class="overviewHead">
+		<td class="padding10 first-collumn">
+			Server
+		</td class="padding10 second-collumn">
+		<td class="padding10 second-collumn">
+			WAF status
+		</td>
+		<td class="padding10  third-collumn">
+			Action
+		</td>
+		<td class="padding10">
+			WAF mode
+		</td  class="padding10">
+		<td>
+			<a onclick="showOverviewWaf()" title="Refresh" style="float: right; margin-right: 25px;"><img  src="/image/pic/update.png" alt="restart" class="icon"></a>
+		</td>
+	</tr>
+<tbody id="ajaxwafstatus"></tbody>	
 </table>
 <table class="overview" >
 	<tr class="overviewHead">
--- a/image/haproxy-wi-overview.jpeg
+++ b/image/haproxy-wi-overview.jpeg
--- a/inc/overview.js
+++ b/inc/overview.js
@ -14,7 +14,29 @@ function ajaxActionServers(action, id) {
 					if( data ==  'Bad config, check please ' ) {
 						alert(data);
 					} else {
-						setTimeout(showOverview, 2000)
+						setTimeout(showOverview, 2000)					
+					}
+				},
+				error: function(){
+					alert(w.data_error);
+				}					
+			} );
+	}
+function ajaxActionWafServers(action, id) {
+		var bad_ans = 'Bad config, check please';
+		$.ajax( {
+				url: "options.py",
+				data: {
+					action_waf: action,
+					serv: id,
+					token: $('#token').val()
+				},
+				success: function( data ) {
+					data = data.replace(/\s+/g,' ');
+					if( data ==  'Bad config, check please ' ) {
+						alert(data);
+					} else {
+						setTimeout(showOverviewWaf, 2000)						
 					}
 				},
 				error: function(){
@ -22,19 +44,30 @@ function ajaxActionServers(action, id) {
 				}					
 			} );
 	}
-	
 $( function() {
 	$('.start').click(function() {
 		var id = $(this).attr('id');
-		confirmAjaxAction("start", id);
+		confirmAjaxAction("start", "hap", id);
 	});
 	$('.stop').click(function() {
 		var id = $(this).attr('id');
-		confirmAjaxAction("stop", id);
+		confirmAjaxAction("stop", "hap", id);
 	});
 	$('.restart').click(function() {
 		var id = $(this).attr('id');
-		confirmAjaxAction("restart", id);
+		confirmAjaxAction("restart", "hap", id);
+	});
+	$('.start-waf').click(function() {
+		var id = $(this).attr('id');
+		confirmAjaxAction("start", "waf", id);
+	});
+	$('.stop-waf').click(function() {
+		var id = $(this).attr('id');
+		confirmAjaxAction("stop", "waf", id);
+	});
+	$('.restart-waf').click(function() {
+		var id = $(this).attr('id');
+		confirmAjaxAction("restart", "waf", id);
 	});
 	$( "#show-all-users" ).click( function() {
 		if($( "#show-all-users" ).text() == "Show all") {
@ -49,7 +82,7 @@ $( function() {
 	});
 	$('#secIntervals').css('display', 'none');
 });
-function confirmAjaxAction(action, id) {
+function confirmAjaxAction(action, service, id) {
 	$( "#dialog-confirm" ).dialog({
 		resizable: false,
 		height: "auto",
@ -58,8 +91,12 @@ function confirmAjaxAction(action, id) {
 		title: "Are you sure you want "+ action + " " + id + "?",
 		buttons: {
 			"Sure": function() {
-				$( this ).dialog( "close" );	
-				ajaxActionServers(action, id);
+				$( this ).dialog( "close" );
+				if(service == "hap") {
+					ajaxActionServers(action, id);
+				} else if (service == "waf") {
+					ajaxActionWafServers(action, id)
+				}
 			},
 			Cancel: function() {
 				$( this ).dialog( "close" );
--- a/inc/script.js
+++ b/inc/script.js
@ -140,6 +140,7 @@ $( document ).ajaxComplete(function( event, request, settings ) {

 function showOverview() {
 	showOverviewServers();
+	showOverviewWaf()
 	$.ajax( {
 		url: "options.py",
 		data: {
@ -150,6 +151,23 @@ function showOverview() {
 		success: function( data ) {
 			$("#ajaxstatus").empty();
 			$("#ajaxstatus").html(data);
+			$.getScript('/inc/overview.js');
+		}					
+	} );
+}
+function showOverviewWaf() {
+	showOverviewServers();
+	$.ajax( {
+		url: "options.py",
+		data: {
+			act: "overviewwaf",
+			token: $('#token').val()
+		},
+		type: "GET",
+		success: function( data ) {
+			$("#ajaxwafstatus").empty();
+			$("#ajaxwafstatus").html(data);
+			$.getScript('/inc/overview.js');
 		}					
 	} );
 }
@ -185,11 +203,16 @@ function showStats() {

 }
 function showLog() {
+	var waf = 0;
+	if ($('#waf').is(':checked')) {
+		waf = '1';
+	}
 	$.ajax( {
 		url: "options.py",
 		data: {
 			rows: $('#rows').val(),
 			serv: $("#serv").val(),
+			waf: waf,
 			grep: $("#grep").val(),
 			hour: $('#time_range_out_hour').val(),
 			minut: $('#time_range_out_minut').val(),