From 8ff998226000602b7439e72677d8dc6c0b812c9e Mon Sep 17 00:00:00 2001 From: Mark Vejvoda Date: Fri, 9 Feb 2024 18:43:09 -0800 Subject: [PATCH] - added security audit menu and fixed a mailer parameter bug --- php/config-default.php | 6 + php/controllers/security-menu-controller.php | 33 ++++++ php/email_polling.php | 4 +- php/models/security-menu-model.php | 82 ++++++++++++++ php/sql/sql_mysql.ini | 46 ++++++++ php/views/main-menu.twig.html | 1 + php/views/security-menu.twig.html | 109 +++++++++++++++++++ 7 files changed, 279 insertions(+), 2 deletions(-) create mode 100644 php/controllers/security-menu-controller.php create mode 100644 php/models/security-menu-model.php create mode 100644 php/views/security-menu.twig.html diff --git a/php/config-default.php b/php/config-default.php index 3c866426..33e9c485 100755 --- a/php/config-default.php +++ b/php/config-default.php @@ -185,6 +185,12 @@ ); + $config = new \riprunner\ConfigManager(); + +$php_session_save_path = $config->getSystemConfigValue('session.save_path'); +if(strlen($php_session_save_path ?? '') > 0) { +ini_set('session.save_path', $php_session_save_path); +} // ============================================================================================= // ===--------------EDIT BLOCKS BELOW TO COMPLETE THE SETUP FOR YOUR SITE--------------------=== diff --git a/php/controllers/security-menu-controller.php b/php/controllers/security-menu-controller.php new file mode 100644 index 00000000..e7c95d12 --- /dev/null +++ b/php/controllers/security-menu-controller.php @@ -0,0 +1,33 @@ +resolveTemplate( + array('@custom/security-menu-custom.twig.html', + 'security-menu.twig.html')); + +// Output our template +echo $template->render($view_template_vars); diff --git a/php/email_polling.php b/php/email_polling.php index 63288c38..d10d7f04 100644 --- a/php/email_polling.php +++ b/php/email_polling.php @@ -65,7 +65,7 @@ public function imap_headers($imap_stream) { } public function imap_headerinfo($imap_stream, $msg_number, $fromlength = null, $subjectlength = null, $defaulthost = null) { - return \imap_headerinfo($imap_stream, $msg_number, $fromlength, $subjectlength, $defaulthost); + return \imap_headerinfo($imap_stream, $msg_number, $fromlength ?? 0, $subjectlength ?? 0); } public function imap_expunge($imap_stream) { @@ -73,7 +73,7 @@ public function imap_expunge($imap_stream) { } public function imap_close($imap_stream, $flag = null) { - return \imap_close($imap_stream, $flag); + return \imap_close($imap_stream, $flag ?? 0); } public function imap_fetchstructure($imap_stream, $msg_number, $options = null) { diff --git a/php/models/security-menu-model.php b/php/models/security-menu-model.php new file mode 100644 index 00000000..d133b925 --- /dev/null +++ b/php/models/security-menu-model.php @@ -0,0 +1,82 @@ +getAuditList(); + } + + return parent::__get($name); + } + + public function __isset($name) { + if(in_array($name, + array('audit_list')) === true) { + return true; + } + return parent::__isset($name); + } + + private function getAuditList() { + global $log; + + + $sql_statement = new SqlStatement($this->getGvm()->RR_DB_CONN); + $sql = $sql_statement->getSqlStatement('login_audit_by_date_recent'); + $qry_bind = $this->getGvm()->RR_DB_CONN->prepare($sql); + + $qry_bind->execute(); + + $rows = $qry_bind->fetchAll(\PDO::FETCH_ASSOC); + $qry_bind->closeCursor(); + + $log->trace("About to display audit list for sql [$sql] result count: " . safe_count($rows)); + + $firehall = $this->getGvm()->firehall; + $db_connection = $this->getGvm()->RR_DB_CONN; + $auth_notification = new \riprunner\AuthNotification($firehall,$db_connection); + $geo_location_cache = array(); + + $resultArray = array(); + foreach($rows as $row){ + // Add any custom fields with values here + $ip = $row['login_ip']; + if (preg_match('/\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}/', $ip, $ip_match)) { + $ip = $ip_match[0]; + + if(in_array($ip,$geo_location_cache)) { + $ip_location = array_search($ip,$geo_location_cache); + } + else { + $ip_location = $auth_notification->getIpLocation($ip); + $geo_location_cache[$ip] = $ip_location; + } + } + else { + $ip_location = '???'; + } + $row['geo_location'] = $ip_location; + $resultArray[] = $row; + } + + return $resultArray; + } + +} diff --git a/php/sql/sql_mysql.ini b/php/sql/sql_mysql.ini index e75fb38b..e228536e 100644 --- a/php/sql/sql_mysql.ini +++ b/php/sql/sql_mysql.ini @@ -469,6 +469,12 @@ login_audit_insert = "INSERT INTO login_audit (useracctid, username, status, log login_audit_by_user = "SELECT * FROM login_audit WHERE useracctid = :useracctid AND status < 100" +login_audit_by_date_recent = "SELECT a.id,a.username,b.name,a.login_agent,a.login_ip,a.updatetime + FROM login_audit a + left join login_audit_types b on a.status = b.id + WHERE a.updatetime >= CURRENT_DATE() - INTERVAL 3 MONTH + ORDER BY a.updatetime DESC;" + schema_version_get = "SELECT keyvalue from config WHERE firehall_id = -1 AND keyname = 'DB_SCHEMA_VERSION' AND keyindex = 0;" schema_upgrade_1_1 = "CREATE TABLE IF NOT EXISTS `config` ( @@ -845,3 +851,43 @@ schema_upgrade_6_4_skip_error = true schema_upgrade_6_5 = "UPDATE config SET keyvalue= '6.5' WHERE firehall_id = -1 AND keyname = 'DB_SCHEMA_VERSION' AND keyindex = 0;" + +schema_upgrade_6_6 = "CREATE TABLE IF NOT EXISTS `login_audit_types` ( + `id` int(11) NOT NULL PRIMARY KEY, + `firehall_id` varchar(80) COLLATE utf8_unicode_ci NOT NULL, + `name` varchar(255) COLLATE utf8_unicode_ci NOT NULL, + `updatetime` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP + ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;" +schema_upgrade_6_6_skip_error = true + +schema_upgrade_6_7 = "INSERT IGNORE INTO login_audit_types + SET id=0, firehall_id = -1, name = 'login success with password';" +schema_upgrade_6_7_skip_error = true + +schema_upgrade_6_8 = "INSERT IGNORE INTO login_audit_types + SET id=1, firehall_id = -1, name = 'login success with two factor';" +schema_upgrade_6_8_skip_error = true + +schema_upgrade_6_9 = "INSERT IGNORE INTO login_audit_types + SET id=10, firehall_id = -1, name = 'changed password';" +schema_upgrade_6_9_skip_error = true + +schema_upgrade_7_0 = "INSERT IGNORE INTO login_audit_types + SET id=100, firehall_id = -1, name = 'invalid username';" +schema_upgrade_7_0_skip_error = true + +schema_upgrade_7_1 = "INSERT IGNORE INTO login_audit_types + SET id=101, firehall_id = -1, name = 'invalid password';" +schema_upgrade_7_1_skip_error = true + +schema_upgrade_7_2 = "INSERT IGNORE INTO login_audit_types + SET id=102, firehall_id = -1, name = 'invalid two factor';" +schema_upgrade_7_2_skip_error = true + +schema_upgrade_7_3 = "INSERT IGNORE INTO login_audit_types + SET id=103, firehall_id = -1, name = 'account locked';" +schema_upgrade_7_3_skip_error = true + +schema_upgrade_7_4 = "UPDATE config + SET keyvalue= '7.4' WHERE firehall_id = -1 AND keyname = 'DB_SCHEMA_VERSION' AND keyindex = 0;" + diff --git a/php/views/main-menu.twig.html b/php/views/main-menu.twig.html index ae490992..e9ff5878 100644 --- a/php/views/main-menu.twig.html +++ b/php/views/main-menu.twig.html @@ -40,6 +40,7 @@
  • Callout Address Overrides
  • System Settings
  • System Information
    • +
  • Security Information
  • System Testing
  • View Logs
    • diff --git a/php/views/security-menu.twig.html b/php/views/security-menu.twig.html new file mode 100644 index 00000000..c3232a4f --- /dev/null +++ b/php/views/security-menu.twig.html @@ -0,0 +1,109 @@ + + + + + Secure Login: Protected Page + {% if gvm.isMobile %} + + + {% else %} + + + {% endif %} + + + + + +
    + {% if gvm.auth.isAuth and gvm.auth.isAdmin %} + + {% include 'user-welcome.twig.html' %} + {% include 'live-callout-warning.twig.html' %} + +
    + +
    + +

    Recent Login Audit

    +
    + +
    + + + + + + + + + + + + + + + + + {% for audit in securitymenu_vm.audit_list %} + + + + + + + + + + + + + + {% endfor %} + +
    IdUser NameAudit StatusUser AgentIP AddressGEO LocationDate/Time
    + {{ audit.id }} + + {{ audit.username }} + + {{ audit.name }} + + {{ audit.login_agent }} + + {{ audit.login_ip }} + + {{ audit.geo_location }} + + {{ audit.updatetime }} +
    +
    +
    + + {% else %} + {% include 'access-denied.twig.html' %} + {% endif %} +
    + + \ No newline at end of file