firewall/ipt-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add support for logging CGI script user.

Browse Source
This commit is contained in:
Christoph 2024-09-14 01:15:52 +02:00
parent bbabeeab27
commit 830f48ff61
5 changed files with 76 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
conf/main_ipv4.conf.sample
View File

@ -331,6 +331,19 @@ forward_http_server_ips=""
http_ports="$standard_http_ports" http_ports="$standard_http_ports"
# - LOG CGI script Traffic out
# -
log_cgi_traffic_out=false
# - cgi_script_users
# -
# - List of CGI script users (suexec user, php-fpm user. ...)
# -
# - Blank separated list
# -
cgi_script_users=""
# - Mattermost (MM) Service # - Mattermost (MM) Service
# - # -
mm_server_ips="" mm_server_ips=""

13
conf/main_ipv6.conf.sample
View File

@ -347,6 +347,19 @@ forward_http_server_ips=""
http_ports="$standard_http_ports" http_ports="$standard_http_ports"
# - LOG CGI script Traffic out
# -
log_cgi_traffic_out=false
# - cgi_script_users
# -
# - List of CGI script users (suexec user, php-fpm user. ...)
# -
# - Blank separated list
# -
cgi_script_users=""
# - Mattermost (MM) Service # - Mattermost (MM) Service
# - # -
mm_server_ips="" mm_server_ips=""

10
conf/post_decalrations.conf
View File

@ -45,6 +45,16 @@ for _ip in $log_ips ; do
log_ip_arr+=("$_ip") log_ip_arr+=("$_ip")
done done
# ---
# - LOG CGI script Traffic out
# ---
declare -a cgi_script_user_arr=()
for _user in $cgi_script_users ; do
cgi_script_user_arr+=($_user)
done
# --- # ---
# - IP-Addresses (Host, Guests (VServer, LX_Container) # - IP-Addresses (Host, Guests (VServer, LX_Container)
# --- # ---

20
ip6t-firewall-server
View File

@ -1077,6 +1077,26 @@ fi
echo_done echo_done
# ---
# - LOG CGI script Traffic out
# ---
echo
echononl "\tLOG CGI/PHP traffic out."
if $log_cgi_traffic_out && [[ ${#cgi_script_user_arr[@]} -gt 0 ]] ; then
for _dev in ${ext_if_arr[@]} ; do
for _user in ${cgi_script_user_arr[@]} ; do
$ip6t -A OUTPUT -o $_dev -m owner --uid-owner $_user -j $LOG_TARGET $tag_log_prefix "$log_prefix $_user PHP-OUT: "
done
done
echo_done
else
echo_skipped
fi
echo
# ------------- # -------------
# --- Allow all outgoing traffic # --- Allow all outgoing traffic
# ------------- # -------------

20
ipt-firewall-server
View File

@ -1231,6 +1231,26 @@ fi
echo_done echo_done
# ---
# - LOG CGI script Traffic out
# ---
echo
echononl "\tLOG CGI/PHP traffic out."
if $log_cgi_traffic_out && [[ ${#cgi_script_user_arr[@]} -gt 0 ]] ; then
for _dev in ${ext_if_arr[@]} ; do
for _user in ${cgi_script_user_arr[@]} ; do
$ipt -A OUTPUT -o $_dev -m owner --uid-owner $_user -j $LOG_TARGET $tag_log_prefix "$log_prefix $_user PHP-OUT: "
done
done
echo_done
else
echo_skipped
fi
echo
# ------------- # -------------
# --- Allow all outgoing traffic # --- Allow all outgoing traffic
# ------------- # -------------