|
1
|
<?php
|
|
2
|
/* $Id$ */
|
|
3
|
/* Run various commands and collect their output into HTML tables.
|
|
4
|
* Jim McBeath <jimmc@macrovision.com> Nov 2003
|
|
5
|
*
|
|
6
|
* (modified for m0n0wall by Manuel Kasper <mk@neon1.net>)
|
|
7
|
* (modified for pfSense by Scott Ullrich geekgod@pfsense.com)
|
|
8
|
*
|
|
9
|
*/
|
|
10
|
/*
|
|
11
|
Copyright (C) 2013-2015 Electric Sheep Fencing, LP
|
|
12
|
All rights reserved.
|
|
13
|
|
|
14
|
Redistribution and use in source and binary forms, with or without
|
|
15
|
modification, are permitted provided that the following conditions are met:
|
|
16
|
|
|
17
|
1. Redistributions of source code must retain the above copyright notice,
|
|
18
|
this list of conditions and the following disclaimer.
|
|
19
|
|
|
20
|
2. Redistributions in binary form must reproduce the above copyright
|
|
21
|
notice, this list of conditions and the following disclaimer in the
|
|
22
|
documentation and/or other materials provided with the distribution.
|
|
23
|
|
|
24
|
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
|
|
25
|
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
|
|
26
|
AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
|
|
27
|
AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
|
|
28
|
OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
|
|
29
|
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
|
|
30
|
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
|
|
31
|
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
|
32
|
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
|
33
|
POSSIBILITY OF SUCH DAMAGE.
|
|
34
|
*/
|
|
35
|
/*
|
|
36
|
pfSense_BUILDER_BINARIES: /usr/bin/vmstat /usr/bin/netstat /sbin/dmesg /sbin/mount /sbin/setkey /usr/local/sbin/pftop
|
|
37
|
pfSense_BUILDER_BINARIES: /sbin/pfctl /sbin/sysctl /usr/bin/top /usr/bin/netstat /sbin/pfctl /sbin/ifconfig
|
|
38
|
pfSense_MODULE: support
|
|
39
|
*/
|
|
40
|
|
|
41
|
##|+PRIV
|
|
42
|
##|*IDENT=page-hidden-detailedstatus
|
|
43
|
##|*NAME=Hidden: Detailed Status page
|
|
44
|
##|*DESCR=Allow access to the 'Hidden: Detailed Status' page.
|
|
45
|
##|*MATCH=status.php*
|
|
46
|
##|-PRIV
|
|
47
|
|
|
48
|
/* Execute a command, with a title, and generate an HTML table
|
|
49
|
* showing the results.
|
|
50
|
*/
|
|
51
|
|
|
52
|
/* include all configuration functions */
|
|
53
|
require_once("guiconfig.inc");
|
|
54
|
require_once("functions.inc");
|
|
55
|
$output_path = "/tmp/status_output/";
|
|
56
|
$output_file = "/tmp/status_output.tgz";
|
|
57
|
|
|
58
|
if (is_dir($output_path)) {
|
|
59
|
unlink_if_exists("{$output_path}/*");
|
|
60
|
@rmdir($output_path);
|
|
61
|
}
|
|
62
|
unlink_if_exists($output_file);
|
|
63
|
mkdir($output_path);
|
|
64
|
|
|
65
|
function doCmdT($title, $command) {
|
|
66
|
global $output_path, $output_file;
|
|
67
|
/* Fixup output directory */
|
|
68
|
|
|
69
|
$rubbish = array('|', '-', '/', '.', ' '); /* fixes the <a> tag to be W3C compliant */
|
|
70
|
echo "\n<a name=\"" . str_replace($rubbish, '', $title) . "\" id=\"" . str_replace($rubbish, '', $title) . "\"></a>\n";
|
|
71
|
|
|
72
|
print('<div class="panel panel-default">');
|
|
73
|
print( '<div class="panel-heading">' . $title . '</div>');
|
|
74
|
print( '<div class="panel-body">');
|
|
75
|
print( '<pre>');
|
|
76
|
|
|
77
|
if ($command == "dumpconfigxml") {
|
|
78
|
$ofd = @fopen("{$output_path}/config-sanitized.xml", "w");
|
|
79
|
$fd = @fopen("/conf/config.xml", "r");
|
|
80
|
if ($fd) {
|
|
81
|
while (!feof($fd)) {
|
|
82
|
$line = fgets($fd);
|
|
83
|
/* remove sensitive contents */
|
|
84
|
$line = preg_replace("/<password>.*?<\\/password>/", "<password>xxxxx</password>", $line);
|
|
85
|
$line = preg_replace("/<pre-shared-key>.*?<\\/pre-shared-key>/", "<pre-shared-key>xxxxx</pre-shared-key>", $line);
|
|
86
|
$line = preg_replace("/<rocommunity>.*?<\\/rocommunity>/", "<rocommunity>xxxxx</rocommunity>", $line);
|
|
87
|
$line = preg_replace("/<prv>.*?<\\/prv>/", "<prv>xxxxx</prv>", $line);
|
|
88
|
$line = preg_replace("/<shared_key>.*?<\\/shared_key>/", "<shared_key>xxxxx</shared_key>", $line);
|
|
89
|
$line = preg_replace("/<tls>.*?<\\/tls>/", "<tls>xxxxx</tls>", $line);
|
|
90
|
$line = preg_replace("/<ipsecpsk>.*?<\\/ipsecpsk>/", "<ipsecpsk>xxxxx</ipsecpsk>", $line);
|
|
91
|
$line = preg_replace("/<md5-hash>.*?<\\/md5-hash>/", "<md5-hash>xxxxx</md5-hash>", $line);
|
|
92
|
$line = preg_replace("/<md5password>.*?<\\/md5password>/", "<md5password>xxxxx</md5password>", $line);
|
|
93
|
$line = preg_replace("/<nt-hash>.*?<\\/nt-hash>/", "<nt-hash>xxxxx</nt-hash>", $line);
|
|
94
|
$line = preg_replace("/<radius_secret>.*?<\\/radius_secret>/", "<radius_secret>xxxxx</radius_secret>", $line);
|
|
95
|
$line = preg_replace("/<ldap_bindpw>.*?<\\/ldap_bindpw>/", "<ldap_bindpw>xxxxx</ldap_bindpw>", $line);
|
|
96
|
$line = preg_replace("/<passwordagain>.*?<\\/passwordagain>/", "<passwordagain>xxxxx</passwordagain>", $line);
|
|
97
|
$line = preg_replace("/<crypto_password>.*?<\\/crypto_password>/", "<crypto_password>xxxxx</crypto_password>", $line);
|
|
98
|
$line = preg_replace("/<crypto_password2>.*?<\\/crypto_password2>/", "<crypto_password2>xxxxx</crypto_password2>", $line);
|
|
99
|
$line = str_replace("\t", " ", $line);
|
|
100
|
echo htmlspecialchars($line, ENT_NOQUOTES);
|
|
101
|
fwrite($ofd, $line);
|
|
102
|
}
|
|
103
|
}
|
|
104
|
fclose($fd);
|
|
105
|
fclose($ofd);
|
|
106
|
} else {
|
|
107
|
$ofd = @fopen("{$output_path}/{$title}.txt", "w");
|
|
108
|
$execOutput = "";
|
|
109
|
$execStatus = "";
|
|
110
|
exec ($command . " 2>&1", $execOutput, $execStatus);
|
|
111
|
for ($i = 0; isset($execOutput[$i]); $i++) {
|
|
112
|
if ($i > 0) {
|
|
113
|
echo "\n";
|
|
114
|
}
|
|
115
|
echo htmlspecialchars($execOutput[$i], ENT_NOQUOTES);
|
|
116
|
fwrite($ofd, $execOutput[$i] . "\n");
|
|
117
|
}
|
|
118
|
fclose($ofd);
|
|
119
|
}
|
|
120
|
|
|
121
|
print( '</pre>');
|
|
122
|
print( '</div>');
|
|
123
|
print('</div>');
|
|
124
|
}
|
|
125
|
|
|
126
|
/* Define a command, with a title, to be executed later. */
|
|
127
|
function defCmdT($title, $command) {
|
|
128
|
global $commands;
|
|
129
|
$title = htmlspecialchars($title, ENT_NOQUOTES);
|
|
130
|
$commands[] = array($title, $command);
|
|
131
|
}
|
|
132
|
|
|
133
|
/* List all of the commands as an index. */
|
|
134
|
function listCmds() {
|
|
135
|
global $currentDate;
|
|
136
|
global $commands;
|
|
137
|
|
|
138
|
$rubbish = array('|', '-', '/', '.', ' '); /* fixes the <a> tag to be W3C compliant */
|
|
139
|
|
|
140
|
print('<div class="panel panel-default">');
|
|
141
|
print( '<div class="panel-heading">' . gettext("System status on ") . $currentDate . '</div>');
|
|
142
|
print( '<div class="panel-body">');
|
|
143
|
|
|
144
|
print("\n<p>" . gettext("This status page includes the following information") . ":\n");
|
|
145
|
print("<ul>\n");
|
|
146
|
for ($i = 0; isset($commands[$i]); $i++ ) {
|
|
147
|
print("\t<li><strong><a href=\"#" . str_replace($rubbish,'',$commands[$i][0]) . "\">" . $commands[$i][0] . "</a></strong></li>\n");
|
|
148
|
}
|
|
149
|
|
|
150
|
print("</ul>\n");
|
|
151
|
print(' </div>');
|
|
152
|
print('</div>');
|
|
153
|
}
|
|
154
|
|
|
155
|
/* Execute all of the commands which were defined by a call to defCmd. */
|
|
156
|
function execCmds() {
|
|
157
|
global $commands;
|
|
158
|
for ($i = 0; isset($commands[$i]); $i++) {
|
|
159
|
doCmdT($commands[$i][0], $commands[$i][1]);
|
|
160
|
}
|
|
161
|
}
|
|
162
|
|
|
163
|
global $g, $config;
|
|
164
|
|
|
165
|
/* Set up all of the commands we want to execute. */
|
|
166
|
|
|
167
|
/* System stats/info */
|
|
168
|
defCmdT("System uptime","/usr/bin/uptime");
|
|
169
|
defCmdT("Interfaces","/sbin/ifconfig -a");
|
|
170
|
defCmdT("Interface Statistics","/usr/bin/netstat -ni");
|
|
171
|
defCmdT("Top Process Info", "/usr/bin/top | /usr/bin/head -n5");
|
|
172
|
defCmdT("Processes","/bin/ps xauww");
|
|
173
|
defCmdT("Mounted Filesystems", "/sbin/mount");
|
|
174
|
defCmdT("Free Disk Space","/bin/df -hi");
|
|
175
|
defCmdT("Routing tables","/usr/bin/netstat -nWr");
|
|
176
|
defCmdT("Mbuf Usage","/usr/bin/netstat -mb");
|
|
177
|
defCmdT("VMStat", "/usr/bin/vmstat -afimsz");
|
|
178
|
defCmdT("Sockets", "/usr/bin/sockstat");
|
|
179
|
|
|
180
|
/* Firewall rules and info */
|
|
181
|
defCmdT("Generated Ruleset","/bin/cat {$g['tmp_path']}/rules.debug");
|
|
182
|
defCmdT("Generated Ruleset Limiters","/bin/cat {$g['tmp_path']}/rules.limiter");
|
|
183
|
defCmdT("Generated Ruleset Limits","/bin/cat {$g['tmp_path']}/rules.limits");
|
|
184
|
defCmdT("pf NAT Rules", "/sbin/pfctl -vvsn");
|
|
185
|
defCmdT("pf Firewall Rules", "/sbin/pfctl -vvsr");
|
|
186
|
defCmdT("pf Tables","/sbin/pfctl -vs Tables");
|
|
187
|
defCmdT("pf State Table Contents", "/sbin/pfctl -ss");
|
|
188
|
defCmdT("pf Info", "/sbin/pfctl -si");
|
|
189
|
defCmdT("pf Show All", "/sbin/pfctl -sa");
|
|
190
|
defCmdT("pf Queues","/sbin/pfctl -s queue -v");
|
|
191
|
defCmdT("pf OSFP","/sbin/pfctl -s osfp");
|
|
192
|
defCmdT("pfsync stats","/usr/bin/netstat -s -ppfsync");
|
|
193
|
defCmdT("pftop Default","/usr/local/sbin/pftop -a -b");
|
|
194
|
defCmdT("pftop Long","/usr/local/sbin/pftop -w 150 -a -b -v long");
|
|
195
|
defCmdT("pftop Queue","/usr/local/sbin/pftop -w 150 -a -b -v queue");
|
|
196
|
defCmdT("pftop Rules","/usr/local/sbin/pftop -w 150 -a -b -v rules");
|
|
197
|
defCmdT("pftop Size","/usr/local/sbin/pftop -w 150 -a -b -v size");
|
|
198
|
defCmdT("pftop Speed","/usr/local/sbin/pftop -w 150 -a -b -v speed");
|
|
199
|
if (isset($config['captiveportal']) && is_array($config['captiveportal'])) {
|
|
200
|
foreach ($config['captiveportal'] as $cpZone => $cpdata) {
|
|
201
|
if (isset($cpdata['enable']))
|
|
202
|
defCmdT("IPFW rules for {$cpdata['zone']}", "/sbin/ipfw -x " . escapeshellarg($cpdata['zoneid']) . " show");
|
|
203
|
}
|
|
204
|
}
|
|
205
|
|
|
206
|
/* Configuration Files */
|
|
207
|
defCmdT("Contents of var run", "/bin/ls /var/run");
|
|
208
|
defCmdT("Contents of conf", "/bin/ls /conf");
|
|
209
|
defCmdT("config.xml","dumpconfigxml");
|
|
210
|
defCmdT("resolv.conf","/bin/cat /etc/resolv.conf");
|
|
211
|
defCmdT("DHCP Configuration","/bin/cat /var/dhcpd/etc/dhcpd.conf");
|
|
212
|
defCmdT("DHCPv6 Configuration","/bin/cat /var/dhcpd/etc/dhcpdv6.conf");
|
|
213
|
defCmdT("strongSwan config","/bin/cat /var/etc/ipsec/strongswan.conf");
|
|
214
|
defCmdT("IPsec config","/bin/cat /var/etc/ipsec/ipsec.conf");
|
|
215
|
defCmdT("IPsec Status","/usr/local/sbin/ipsec statusall");
|
|
216
|
defCmdT("SPD","/sbin/setkey -DP");
|
|
217
|
defCmdT("SAD","/sbin/setkey -D");
|
|
218
|
if (file_exists("/cf/conf/upgrade_log.txt")) {
|
|
219
|
defCmdT("Upgrade Log", "/bin/cat /cf/conf/upgrade_log.txt");
|
|
220
|
}
|
|
221
|
if (file_exists("/boot/loader.conf")) {
|
|
222
|
defCmdT("Loader Configuration", "/bin/cat /boot/loader.conf");
|
|
223
|
}
|
|
224
|
if (file_exists("/boot/loader.conf.local")) {
|
|
225
|
defCmdT("Loader Configuration (Local)", "/bin/cat /boot/loader.conf.local");
|
|
226
|
}
|
|
227
|
if (file_exists("/var/run/apinger.status")) {
|
|
228
|
defCmdT("Gateway Status", "/bin/cat /var/run/apinger.status");
|
|
229
|
}
|
|
230
|
if (file_exists("/var/etc/apinger.conf")) {
|
|
231
|
defCmdT("Gateway Monitoring Config", "/bin/cat /var/etc/apinger.conf");
|
|
232
|
}
|
|
233
|
if (file_exists("/var/etc/filterdns.conf")) {
|
|
234
|
defCmdT("Filter DNS Daemon Config", "/bin/cat /var/etc/filterdns.conf");
|
|
235
|
}
|
|
236
|
if(isset($config['system']['usefifolog'])) {
|
|
237
|
defCmdT("last 500 system log entries","/usr/sbin/fifolog_reader /var/log/system.log 2>&1 | tail -n 500");
|
|
238
|
defCmdT("last 50 filter log entries","/usr/sbin/fifolog_reader /var/log/filter.log 2>&1 | tail -n 50");
|
|
239
|
defCmdT("last 100 IPsec log entries","/usr/sbin/fifolog_reader /var/log/ipsec.log 2>&1 | tail -n 100");
|
|
240
|
} else {
|
|
241
|
defCmdT("last 500 system log entries","/usr/local/sbin/clog /var/log/system.log 2>&1 | tail -n 500");
|
|
242
|
defCmdT("last 50 filter log entries","/usr/local/sbin/clog /var/log/filter.log 2>&1 | tail -n 50");
|
|
243
|
defCmdT("last 100 IPsec log entries","/usr/local/sbin/clog /var/log/ipsec.log 2>&1 | tail -n 100");
|
|
244
|
}
|
|
245
|
if (file_exists("/tmp/PHP_errors.log")) {
|
|
246
|
defCmdT("PHP Error Log", "/bin/cat /tmp/PHP_errors.log");
|
|
247
|
}
|
|
248
|
defCmdT("System Message Buffer","/sbin/dmesg -a");
|
|
249
|
defCmdT("System Message Buffer (Boot)","/bin/cat /var/log/dmesg.boot");
|
|
250
|
defCmdT("sysctl values","/sbin/sysctl -a");
|
|
251
|
|
|
252
|
exec("/bin/date", $dateOutput, $dateStatus);
|
|
253
|
$currentDate = $dateOutput[0];
|
|
254
|
|
|
255
|
$pgtitle = array("{$g['product_name']}", "status");
|
|
256
|
include("head.inc");
|
|
257
|
|
|
258
|
print_info_box(gettext("Make sure all sensitive information is removed! (Passwords, etc.) before posting " .
|
|
259
|
"information from this page in public places (like mailing lists)") . '<br />' .
|
|
260
|
gettext("Common password fields in config.xml have been automatically redacted.") . '<br />' .
|
|
261
|
gettext("When the page has finished loading, the output will be stored in {$output_file}. It may be downloaded via scp or ") .
|
|
262
|
"<a href=\"/exec.php?dlPath={$output_file}\">" . gettext("Diagnostics > Command Prompt") . '</a>');
|
|
263
|
|
|
264
|
listCmds();
|
|
265
|
execCmds();
|
|
266
|
|
|
267
|
include("foot.inc");
|
