|
1
|
<?php
|
|
2
|
/*
|
|
3
|
* status.php
|
|
4
|
*
|
|
5
|
* part of pfSense (https://www.pfsense.org)
|
|
6
|
* Copyright (c) 2004-2016 Electric Sheep Fencing, LLC
|
|
7
|
* All rights reserved.
|
|
8
|
*
|
|
9
|
* originally based on m0n0wall (http://neon1.net/m0n0wall)
|
|
10
|
* Copyright (c) 2003 Jim McBeath <jimmc@macrovision.com>
|
|
11
|
* Copyright (c) 2003-2004 Manuel Kasper <mk@neon1.net>.
|
|
12
|
* All rights reserved.
|
|
13
|
*
|
|
14
|
* Redistribution and use in source and binary forms, with or without
|
|
15
|
* modification, are permitted provided that the following conditions are met:
|
|
16
|
*
|
|
17
|
* 1. Redistributions of source code must retain the above copyright notice,
|
|
18
|
* this list of conditions and the following disclaimer.
|
|
19
|
*
|
|
20
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
21
|
* notice, this list of conditions and the following disclaimer in
|
|
22
|
* the documentation and/or other materials provided with the
|
|
23
|
* distribution.
|
|
24
|
*
|
|
25
|
* 3. All advertising materials mentioning features or use of this software
|
|
26
|
* must display the following acknowledgment:
|
|
27
|
* "This product includes software developed by the pfSense Project
|
|
28
|
* for use in the pfSense® software distribution. (http://www.pfsense.org/).
|
|
29
|
*
|
|
30
|
* 4. The names "pfSense" and "pfSense Project" must not be used to
|
|
31
|
* endorse or promote products derived from this software without
|
|
32
|
* prior written permission. For written permission, please contact
|
|
33
|
* coreteam@pfsense.org.
|
|
34
|
*
|
|
35
|
* 5. Products derived from this software may not be called "pfSense"
|
|
36
|
* nor may "pfSense" appear in their names without prior written
|
|
37
|
* permission of the Electric Sheep Fencing, LLC.
|
|
38
|
*
|
|
39
|
* 6. Redistributions of any form whatsoever must retain the following
|
|
40
|
* acknowledgment:
|
|
41
|
*
|
|
42
|
* "This product includes software developed by the pfSense Project
|
|
43
|
* for use in the pfSense software distribution (http://www.pfsense.org/).
|
|
44
|
*
|
|
45
|
* THIS SOFTWARE IS PROVIDED BY THE pfSense PROJECT ``AS IS'' AND ANY
|
|
46
|
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
47
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
|
48
|
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE pfSense PROJECT OR
|
|
49
|
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
50
|
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
|
51
|
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
|
52
|
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
53
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
|
54
|
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
|
55
|
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
|
56
|
* OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
57
|
*/
|
|
58
|
|
|
59
|
##|+PRIV
|
|
60
|
##|*IDENT=page-hidden-detailedstatus
|
|
61
|
##|*NAME=Hidden: Detailed Status
|
|
62
|
##|*DESCR=Allow access to the 'Hidden: Detailed Status' page.
|
|
63
|
##|*MATCH=status.php*
|
|
64
|
##|-PRIV
|
|
65
|
|
|
66
|
/* Execute a command, with a title, and generate an HTML table
|
|
67
|
* showing the results.
|
|
68
|
*/
|
|
69
|
|
|
70
|
/* include all configuration functions */
|
|
71
|
require_once("guiconfig.inc");
|
|
72
|
require_once("functions.inc");
|
|
73
|
$output_path = "/tmp/status_output/";
|
|
74
|
$output_file = "/tmp/status_output.tgz";
|
|
75
|
|
|
76
|
if (is_dir($output_path)) {
|
|
77
|
unlink_if_exists("{$output_path}/*");
|
|
78
|
@rmdir($output_path);
|
|
79
|
}
|
|
80
|
unlink_if_exists($output_file);
|
|
81
|
mkdir($output_path);
|
|
82
|
|
|
83
|
function doCmdT($title, $command) {
|
|
84
|
global $output_path, $output_file;
|
|
85
|
/* Fixup output directory */
|
|
86
|
|
|
87
|
$rubbish = array('|', '-', '/', '.', ' '); /* fixes the <a> tag to be W3C compliant */
|
|
88
|
echo "\n<a name=\"" . str_replace($rubbish, '', $title) . "\" id=\"" . str_replace($rubbish, '', $title) . "\"></a>\n";
|
|
89
|
|
|
90
|
print('<div class="panel panel-default">');
|
|
91
|
print('<div class="panel-heading"><h2 class="panel-title">' . $title . '</h2></div>');
|
|
92
|
print('<div class="panel-body">');
|
|
93
|
print('<pre>');
|
|
94
|
|
|
95
|
if ($command == "dumpconfigxml") {
|
|
96
|
$ofd = @fopen("{$output_path}/config-sanitized.xml", "w");
|
|
97
|
$fd = @fopen("/conf/config.xml", "r");
|
|
98
|
if ($fd) {
|
|
99
|
while (!feof($fd)) {
|
|
100
|
$line = fgets($fd);
|
|
101
|
/* remove sensitive contents */
|
|
102
|
$line = preg_replace("/<authorizedkeys>.*?<\\/authorizedkeys>/", "<authorizedkeys>xxxxx</authorizedkeys>", $line);
|
|
103
|
$line = preg_replace("/<secret>.*?<\\/secret>/", "<secret>xxxxx</secret>", $line);
|
|
104
|
$line = preg_replace("/<bcrypt-hash>.*?<\\/bcrypt-hash>/", "<bcrypt-hash>xxxxx</bcrypt-hash>", $line);
|
|
105
|
$line = preg_replace("/<password>.*?<\\/password>/", "<password>xxxxx</password>", $line);
|
|
106
|
$line = preg_replace("/<auth_user>.*?<\\/auth_user>/", "<auth_user>xxxxx</auth_user>", $line);
|
|
107
|
$line = preg_replace("/<auth_pass>.*?<\\/auth_pass>/", "<auth_pass>xxxxx</auth_pass>", $line);
|
|
108
|
$line = preg_replace("/<proxy_user>.*?<\\/proxy_user>/", "<proxy_user>xxxxx</proxy_user>", $line);
|
|
109
|
$line = preg_replace("/<proxy_passwd>.*?<\\/proxy_passwd>/", "<proxy_passwd>xxxxx</proxy_passwd>", $line);
|
|
110
|
$line = preg_replace("/<proxyuser>.*?<\\/proxyuser>/", "<proxyuser>xxxxx</proxyuser>", $line);
|
|
111
|
$line = preg_replace("/<proxypass>.*?<\\/proxypass>/", "<proxypass>xxxxx</proxypass>", $line);
|
|
112
|
$line = preg_replace("/<pre-shared-key>.*?<\\/pre-shared-key>/", "<pre-shared-key>xxxxx</pre-shared-key>", $line);
|
|
113
|
$line = preg_replace("/<rocommunity>.*?<\\/rocommunity>/", "<rocommunity>xxxxx</rocommunity>", $line);
|
|
114
|
$line = preg_replace("/<prv>.*?<\\/prv>/", "<prv>xxxxx</prv>", $line);
|
|
115
|
$line = preg_replace("/<shared_key>.*?<\\/shared_key>/", "<shared_key>xxxxx</shared_key>", $line);
|
|
116
|
$line = preg_replace("/<tls>.*?<\\/tls>/", "<tls>xxxxx</tls>", $line);
|
|
117
|
$line = preg_replace("/<ipsecpsk>.*?<\\/ipsecpsk>/", "<ipsecpsk>xxxxx</ipsecpsk>", $line);
|
|
118
|
$line = preg_replace("/<md5-hash>.*?<\\/md5-hash>/", "<md5-hash>xxxxx</md5-hash>", $line);
|
|
119
|
$line = preg_replace("/<md5password>.*?<\\/md5password>/", "<md5password>xxxxx</md5password>", $line);
|
|
120
|
$line = preg_replace("/<nt-hash>.*?<\\/nt-hash>/", "<nt-hash>xxxxx</nt-hash>", $line);
|
|
121
|
$line = preg_replace("/<radius_secret>.*?<\\/radius_secret>/", "<radius_secret>xxxxx</radius_secret>", $line);
|
|
122
|
$line = preg_replace("/<ldap_bindpw>.*?<\\/ldap_bindpw>/", "<ldap_bindpw>xxxxx</ldap_bindpw>", $line);
|
|
123
|
$line = preg_replace("/<passwordagain>.*?<\\/passwordagain>/", "<passwordagain>xxxxx</passwordagain>", $line);
|
|
124
|
$line = preg_replace("/<crypto_password>.*?<\\/crypto_password>/", "<crypto_password>xxxxx</crypto_password>", $line);
|
|
125
|
$line = preg_replace("/<crypto_password2>.*?<\\/crypto_password2>/", "<crypto_password2>xxxxx</crypto_password2>", $line);
|
|
126
|
$line = str_replace("\t", " ", $line);
|
|
127
|
echo htmlspecialchars($line, ENT_NOQUOTES);
|
|
128
|
fwrite($ofd, $line);
|
|
129
|
}
|
|
130
|
}
|
|
131
|
fclose($fd);
|
|
132
|
fclose($ofd);
|
|
133
|
} else {
|
|
134
|
$ofd = @fopen("{$output_path}/{$title}.txt", "w");
|
|
135
|
$execOutput = "";
|
|
136
|
$execStatus = "";
|
|
137
|
exec ($command . " 2>&1", $execOutput, $execStatus);
|
|
138
|
for ($i = 0; isset($execOutput[$i]); $i++) {
|
|
139
|
if ($i > 0) {
|
|
140
|
echo "\n";
|
|
141
|
}
|
|
142
|
echo htmlspecialchars($execOutput[$i], ENT_NOQUOTES);
|
|
143
|
fwrite($ofd, $execOutput[$i] . "\n");
|
|
144
|
}
|
|
145
|
fclose($ofd);
|
|
146
|
}
|
|
147
|
|
|
148
|
print('</pre>');
|
|
149
|
print('</div>');
|
|
150
|
print('</div>');
|
|
151
|
}
|
|
152
|
|
|
153
|
/* Define a command, with a title, to be executed later. */
|
|
154
|
function defCmdT($title, $command) {
|
|
155
|
global $commands;
|
|
156
|
$title = htmlspecialchars($title, ENT_NOQUOTES);
|
|
157
|
$commands[] = array($title, $command);
|
|
158
|
}
|
|
159
|
|
|
160
|
/* List all of the commands as an index. */
|
|
161
|
function listCmds() {
|
|
162
|
global $currentDate;
|
|
163
|
global $commands;
|
|
164
|
|
|
165
|
$rubbish = array('|', '-', '/', '.', ' '); /* fixes the <a> tag to be W3C compliant */
|
|
166
|
|
|
167
|
print('<div class="panel panel-default">');
|
|
168
|
print('<div class="panel-heading"><h2 class="panel-title">' . gettext("System Status on ") . $currentDate . '</h2></div>');
|
|
169
|
print('<div class="panel-body">');
|
|
170
|
print(' <div class="content">');
|
|
171
|
print("\n<p>" . gettext("This status page includes the following information") . ":\n");
|
|
172
|
print("<ul>\n");
|
|
173
|
for ($i = 0; isset($commands[$i]); $i++) {
|
|
174
|
print("\t<li><strong><a href=\"#" . str_replace($rubbish, '', $commands[$i][0]) . "\">" . $commands[$i][0] . "</a></strong></li>\n");
|
|
175
|
}
|
|
176
|
|
|
177
|
print("</ul>\n");
|
|
178
|
print(' </div>');
|
|
179
|
print(' </div>');
|
|
180
|
print('</div>');
|
|
181
|
}
|
|
182
|
|
|
183
|
/* Execute all of the commands which were defined by a call to defCmd. */
|
|
184
|
function execCmds() {
|
|
185
|
global $commands;
|
|
186
|
for ($i = 0; isset($commands[$i]); $i++) {
|
|
187
|
doCmdT($commands[$i][0], $commands[$i][1]);
|
|
188
|
}
|
|
189
|
}
|
|
190
|
|
|
191
|
global $g, $config;
|
|
192
|
|
|
193
|
/* Set up all of the commands we want to execute. */
|
|
194
|
|
|
195
|
/* System stats/info */
|
|
196
|
defCmdT("System Uptime", "/usr/bin/uptime");
|
|
197
|
defCmdT("Interfaces", "/sbin/ifconfig -a");
|
|
198
|
defCmdT("Interface Statistics", "/usr/bin/netstat -nWi");
|
|
199
|
defCmdT("Top Process Info", "/usr/bin/top | /usr/bin/head -n5");
|
|
200
|
defCmdT("Processes", "/bin/ps xauww");
|
|
201
|
defCmdT("Mounted Filesystems", "/sbin/mount");
|
|
202
|
defCmdT("Free Disk Space", "/bin/df -hi");
|
|
203
|
defCmdT("Routing tables", "/usr/bin/netstat -nWr");
|
|
204
|
defCmdT("Mbuf Usage", "/usr/bin/netstat -mb");
|
|
205
|
defCmdT("VMStat", "/usr/bin/vmstat -afimsz");
|
|
206
|
defCmdT("Sockets", "/usr/bin/sockstat");
|
|
207
|
|
|
208
|
/* Firewall rules and info */
|
|
209
|
defCmdT("Generated Ruleset", "/bin/cat {$g['tmp_path']}/rules.debug");
|
|
210
|
defCmdT("Generated Ruleset Limiters", "/bin/cat {$g['tmp_path']}/rules.limiter");
|
|
211
|
defCmdT("Generated Ruleset Limits", "/bin/cat {$g['tmp_path']}/rules.limits");
|
|
212
|
defCmdT("pf NAT Rules", "/sbin/pfctl -vvsn");
|
|
213
|
defCmdT("pf Firewall Rules", "/sbin/pfctl -vvsr");
|
|
214
|
defCmdT("pf Tables", "/sbin/pfctl -vs Tables");
|
|
215
|
defCmdT("pf State Table Contents", "/sbin/pfctl -vvss");
|
|
216
|
defCmdT("pf Info", "/sbin/pfctl -si");
|
|
217
|
defCmdT("pf Show All", "/sbin/pfctl -sa");
|
|
218
|
defCmdT("pf Queues", "/sbin/pfctl -s queue -v");
|
|
219
|
defCmdT("pf OSFP", "/sbin/pfctl -s osfp");
|
|
220
|
defCmdT("pfsync Stats", "/usr/bin/netstat -s -ppfsync");
|
|
221
|
defCmdT("pftop Default", "/usr/local/sbin/pftop -a -b");
|
|
222
|
defCmdT("pftop Long", "/usr/local/sbin/pftop -w 150 -a -b -v long");
|
|
223
|
defCmdT("pftop Queue", "/usr/local/sbin/pftop -w 150 -a -b -v queue");
|
|
224
|
defCmdT("pftop Rules", "/usr/local/sbin/pftop -w 150 -a -b -v rules");
|
|
225
|
defCmdT("pftop Size", "/usr/local/sbin/pftop -w 150 -a -b -v size");
|
|
226
|
defCmdT("pftop Speed", "/usr/local/sbin/pftop -w 150 -a -b -v speed");
|
|
227
|
if (isset($config['captiveportal']) && is_array($config['captiveportal'])) {
|
|
228
|
foreach ($config['captiveportal'] as $cpZone => $cpdata) {
|
|
229
|
if (isset($cpdata['enable'])) {
|
|
230
|
defCmdT("IPFW Rules for {$cpdata['zone']}", "/sbin/ipfw -x " . escapeshellarg($cpdata['zoneid']) . " show");
|
|
231
|
}
|
|
232
|
}
|
|
233
|
}
|
|
234
|
|
|
235
|
/* Configuration Files */
|
|
236
|
defCmdT("Contents of var run", "/bin/ls /var/run");
|
|
237
|
defCmdT("Contents of conf", "/bin/ls /conf");
|
|
238
|
defCmdT("config.xml", "dumpconfigxml");
|
|
239
|
defCmdT("resolv.conf", "/bin/cat /etc/resolv.conf");
|
|
240
|
defCmdT("DHCP Configuration", "/bin/cat /var/dhcpd/etc/dhcpd.conf");
|
|
241
|
defCmdT("DHCPv6 Configuration", "/bin/cat /var/dhcpd/etc/dhcpdv6.conf");
|
|
242
|
defCmdT("strongSwan Configuration", "/bin/cat /var/etc/ipsec/strongswan.conf");
|
|
243
|
defCmdT("IPsec Configuration", "/bin/cat /var/etc/ipsec/ipsec.conf");
|
|
244
|
defCmdT("IPsec Status", "/usr/local/sbin/ipsec statusall");
|
|
245
|
defCmdT("SPD", "/sbin/setkey -DP");
|
|
246
|
defCmdT("SAD", "/sbin/setkey -D");
|
|
247
|
if (file_exists("/cf/conf/upgrade_log.txt")) {
|
|
248
|
defCmdT("Upgrade Log", "/bin/cat /cf/conf/upgrade_log.txt");
|
|
249
|
}
|
|
250
|
if (file_exists("/boot/loader.conf")) {
|
|
251
|
defCmdT("Loader Configuration", "/bin/cat /boot/loader.conf");
|
|
252
|
}
|
|
253
|
if (file_exists("/boot/loader.conf.local")) {
|
|
254
|
defCmdT("Loader Configuration (Local)", "/bin/cat /boot/loader.conf.local");
|
|
255
|
}
|
|
256
|
if (file_exists("/var/etc/filterdns.conf")) {
|
|
257
|
defCmdT("Filter DNS Daemon Configuration", "/bin/cat /var/etc/filterdns.conf");
|
|
258
|
}
|
|
259
|
defCmdT("last 1000 system log entries", "/usr/local/sbin/clog /var/log/system.log 2>&1 | tail -n 1000");
|
|
260
|
defCmdT("last 1000 DHCP log entries", "/usr/local/sbin/clog /var/log/dhcpd.log 2>&1 | tail -n 1000");
|
|
261
|
defCmdT("last 500 filter log entries", "/usr/local/sbin/clog /var/log/filter.log 2>&1 | tail -n 500");
|
|
262
|
defCmdT("last 1000 gateways log entries", "/usr/local/sbin/clog /var/log/gateways.log 2>&1 | tail -n 1000");
|
|
263
|
defCmdT("last 1000 IPsec log entries", "/usr/local/sbin/clog /var/log/ipsec.log 2>&1 | tail -n 1000");
|
|
264
|
defCmdT("last 1000 L2TP log entries", "/usr/local/sbin/clog /var/log/l2tps.log 2>&1 | tail -n 1000");
|
|
265
|
defCmdT("last 1000 NTP log entries", "/usr/local/sbin/clog /var/log/ntpd.log 2>&1 | tail -n 1000");
|
|
266
|
defCmdT("last 1000 OpenVPN log entries", "/usr/local/sbin/clog /var/log/openvpn.log 2>&1 | tail -n 1000");
|
|
267
|
defCmdT("last 1000 Captive Portal auth log entries", "/usr/local/sbin/clog /var/log/portalauth.log 2>&1 | tail -n 1000");
|
|
268
|
defCmdT("last 1000 PPP log entries", "/usr/local/sbin/clog /var/log/poes.log 2>&1 | tail -n 1000");
|
|
269
|
defCmdT("last 1000 relayd log entries", "/usr/local/sbin/clog /var/log/relayd.log 2>&1 | tail -n 1000");
|
|
270
|
defCmdT("last 1000 resolver log entries", "/usr/local/sbin/clog /var/log/resolver.log 2>&1 | tail -n 1000");
|
|
271
|
defCmdT("last 1000 routing log entries", "/usr/local/sbin/clog /var/log/routing.log 2>&1 | tail -n 1000");
|
|
272
|
defCmdT("last 1000 wireless log entries", "/usr/local/sbin/clog /var/log/wireless.log 2>&1 | tail -n 1000");
|
|
273
|
if (file_exists("/tmp/PHP_errors.log")) {
|
|
274
|
defCmdT("PHP Error Log", "/bin/cat /tmp/PHP_errors.log");
|
|
275
|
}
|
|
276
|
defCmdT("System Message Buffer", "/sbin/dmesg -a");
|
|
277
|
defCmdT("System Message Buffer (Boot)", "/bin/cat /var/log/dmesg.boot");
|
|
278
|
defCmdT("sysctl values", "/sbin/sysctl -a");
|
|
279
|
defCmdT("Kernel Environment", "/bin/kenv");
|
|
280
|
defCmdT("Installed OS Packages", "/usr/sbin/pkg info");
|
|
281
|
defCmdT("System Devices-PCI", "/usr/sbin/pciconf -lvb");
|
|
282
|
defCmdT("System Devices-USB", "/usr/sbin/usbconfig dump_device_desc");
|
|
283
|
|
|
284
|
exec("/bin/date", $dateOutput, $dateStatus);
|
|
285
|
$currentDate = $dateOutput[0];
|
|
286
|
|
|
287
|
$pgtitle = array("{$g['product_name']}", "Status");
|
|
288
|
include("head.inc");
|
|
289
|
|
|
290
|
print_info_box(gettext("Make sure all sensitive information is removed! (Passwords, etc.) before posting " .
|
|
291
|
"information from this page in public places (like mailing lists).") . '<br />' .
|
|
292
|
gettext("Common password fields in config.xml have been automatically redacted.") . '<br />' .
|
|
293
|
gettext("When the page has finished loading, the output will be stored in {$output_file}. It may be downloaded via scp or ") .
|
|
294
|
"<a href=\"/diag_command.php?dlPath={$output_file}\">" . gettext("Diagnostics > Command Prompt.") . '</a>');
|
|
295
|
|
|
296
|
listCmds();
|
|
297
|
execCmds();
|
|
298
|
|
|
299
|
print(gettext("Saving output to archive..."));
|
|
300
|
|
|
301
|
if (is_dir($output_path)) {
|
|
302
|
mwexec("/usr/bin/tar czpf " . escapeshellarg($output_file) . " -C " . escapeshellarg(dirname($output_path)) . " " . escapeshellarg(basename($output_path)));
|
|
303
|
unlink_if_exists("{$output_path}/*");
|
|
304
|
@rmdir($output_path);
|
|
305
|
}
|
|
306
|
|
|
307
|
print(gettext("Done."));
|
|
308
|
|
|
309
|
include("foot.inc");
|
