Add support for logging CGI script user.
This commit is contained in:
parent
bbabeeab27
commit
830f48ff61
@ -331,6 +331,19 @@ forward_http_server_ips=""
|
||||
http_ports="$standard_http_ports"
|
||||
|
||||
|
||||
# - LOG CGI script Traffic out
|
||||
# -
|
||||
log_cgi_traffic_out=false
|
||||
|
||||
# - cgi_script_users
|
||||
# -
|
||||
# - List of CGI script users (suexec user, php-fpm user. ...)
|
||||
# -
|
||||
# - Blank separated list
|
||||
# -
|
||||
cgi_script_users=""
|
||||
|
||||
|
||||
# - Mattermost (MM) Service
|
||||
# -
|
||||
mm_server_ips=""
|
||||
|
||||
@ -347,6 +347,19 @@ forward_http_server_ips=""
|
||||
http_ports="$standard_http_ports"
|
||||
|
||||
|
||||
# - LOG CGI script Traffic out
|
||||
# -
|
||||
log_cgi_traffic_out=false
|
||||
|
||||
# - cgi_script_users
|
||||
# -
|
||||
# - List of CGI script users (suexec user, php-fpm user. ...)
|
||||
# -
|
||||
# - Blank separated list
|
||||
# -
|
||||
cgi_script_users=""
|
||||
|
||||
|
||||
# - Mattermost (MM) Service
|
||||
# -
|
||||
mm_server_ips=""
|
||||
|
||||
@ -45,6 +45,16 @@ for _ip in $log_ips ; do
|
||||
log_ip_arr+=("$_ip")
|
||||
done
|
||||
|
||||
|
||||
# ---
|
||||
# - LOG CGI script Traffic out
|
||||
# ---
|
||||
declare -a cgi_script_user_arr=()
|
||||
for _user in $cgi_script_users ; do
|
||||
cgi_script_user_arr+=($_user)
|
||||
done
|
||||
|
||||
|
||||
# ---
|
||||
# - IP-Addresses (Host, Guests (VServer, LX_Container)
|
||||
# ---
|
||||
|
||||
@ -1077,6 +1077,26 @@ fi
|
||||
echo_done
|
||||
|
||||
|
||||
# ---
|
||||
# - LOG CGI script Traffic out
|
||||
# ---
|
||||
|
||||
echo
|
||||
echononl "\tLOG CGI/PHP traffic out."
|
||||
|
||||
if $log_cgi_traffic_out && [[ ${#cgi_script_user_arr[@]} -gt 0 ]] ; then
|
||||
for _dev in ${ext_if_arr[@]} ; do
|
||||
for _user in ${cgi_script_user_arr[@]} ; do
|
||||
$ip6t -A OUTPUT -o $_dev -m owner --uid-owner $_user -j $LOG_TARGET $tag_log_prefix "$log_prefix $_user PHP-OUT: "
|
||||
done
|
||||
done
|
||||
echo_done
|
||||
else
|
||||
echo_skipped
|
||||
fi
|
||||
echo
|
||||
|
||||
|
||||
# -------------
|
||||
# --- Allow all outgoing traffic
|
||||
# -------------
|
||||
|
||||
@ -1231,6 +1231,26 @@ fi
|
||||
echo_done
|
||||
|
||||
|
||||
# ---
|
||||
# - LOG CGI script Traffic out
|
||||
# ---
|
||||
|
||||
echo
|
||||
echononl "\tLOG CGI/PHP traffic out."
|
||||
|
||||
if $log_cgi_traffic_out && [[ ${#cgi_script_user_arr[@]} -gt 0 ]] ; then
|
||||
for _dev in ${ext_if_arr[@]} ; do
|
||||
for _user in ${cgi_script_user_arr[@]} ; do
|
||||
$ipt -A OUTPUT -o $_dev -m owner --uid-owner $_user -j $LOG_TARGET $tag_log_prefix "$log_prefix $_user PHP-OUT: "
|
||||
done
|
||||
done
|
||||
echo_done
|
||||
else
|
||||
echo_skipped
|
||||
fi
|
||||
echo
|
||||
|
||||
|
||||
# -------------
|
||||
# --- Allow all outgoing traffic
|
||||
# -------------
|
||||
|
||||
Loading…
Reference in New Issue
Block a user