* Copyright (c) 2003-2004 Manuel Kasper . * All rights reserved. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ ##|+PRIV ##|*IDENT=page-hidden-detailedstatus ##|*NAME=Hidden: Detailed Status ##|*DESCR=Allow access to the 'Hidden: Detailed Status' page. ##|*MATCH=status.php* ##|-PRIV /* Execute a command, with a title, and generate an HTML table * showing the results. */ global $console; global $show_output; global $errors; $console = false; $show_output = !isset($_GET['archiveonly']); $errors = []; $output_path = "/tmp/status_output/"; $output_file = "/tmp/status_output.tgz"; if ((php_sapi_name() == 'cli') || (defined('STDIN'))) { /* Running from console/shell, not web */ $console = true; $show_output = false; parse_str($argv[1], $_GET); } require_once('status_output.inc'); if ($_POST['submit'] == "DOWNLOAD" && file_exists($output_file)) { session_cache_limiter('public'); send_user_download('file', $output_file); } if (is_dir($output_path)) { unlink_if_exists("{$output_path}/*"); @rmdir($output_path); } unlink_if_exists($output_file); mkdir($output_path); if ($console) { print(gettext("Gathering status data...") . "\n"); } /* Set up all of the commands we want to execute. */ /* OS stats/info */ status_cmd_define("OS-Uptime", "/usr/bin/uptime"); status_cmd_define("Network-Interfaces", "/sbin/ifconfig -vvvvvam"); status_cmd_define("Network-Interface Statistics", "/usr/bin/netstat -nWi"); status_cmd_define("Network-Multicast Groups", "/usr/sbin/ifmcstat"); status_cmd_define("Process-Top Usage", "/usr/bin/top | /usr/bin/head -n5"); status_cmd_define("Process-List", "/bin/ps xauwwd"); status_cmd_define("Disk-Mounted Filesystems", "/sbin/mount"); status_cmd_define("Disk-Free Space", "/bin/df -hi"); status_cmd_define("Network-Routing tables", "/usr/bin/netstat -nWr"); status_cmd_define("Network-IPv4 Nexthop Data", "/usr/bin/netstat -4onW"); status_cmd_define("Network-IPv6 Nexthop Data", "/usr/bin/netstat -6onW"); status_cmd_define("Network-IPv4 Nexthop Group Data", "/usr/bin/netstat -4OnW"); status_cmd_define("Network-IPv6 Nexthop Group Data", "/usr/bin/netstat -6OnW"); status_cmd_define("Network-Gateway Status", 'status_get_gateway_status', "php_func"); status_cmd_define("Network-Mbuf Usage", "/usr/bin/netstat -mb"); status_cmd_define("Network-Protocol Statistics", "/usr/bin/netstat -s"); status_cmd_define("Network-Buffer and Timer Statistics", "/usr/bin/netstat -nWx"); status_cmd_define("Network-Listen Queues", "/usr/bin/netstat -LaAn"); status_cmd_define("Network-Sockets", "/usr/bin/sockstat"); status_cmd_define("Network-ARP Table", "/usr/sbin/arp -an"); status_cmd_define("Network-NDP Table", "/usr/sbin/ndp -na"); status_cmd_define("OS-Kernel Modules", "/sbin/kldstat -v"); status_cmd_define("OS-Kernel VMStat", "/usr/bin/vmstat -afimsz"); /* If a device has a switch, put the switch configuration in the status output */ if (file_exists("/dev/etherswitch0")) { status_cmd_define("Network-Switch Configuration", "/sbin/etherswitchcfg -f /dev/etherswitch0 info"); } /* Firewall rules and info */ status_cmd_define("Firewall-Generated Ruleset", "/bin/cat " . g_get('tmp_path') . "/rules.debug"); status_cmd_define("Firewall-Generated Ruleset Limiters", "/bin/cat " . g_get('tmp_path') . "/rules.limiter"); status_cmd_define("Firewall-Generated Ruleset Limits", "/bin/cat " . g_get('tmp_path') . "/rules.limits"); foreach (glob(g_get('tmp_path') . "/rules.packages.*") as $pkgrules) { $pkgname = substr($pkgrules, strrpos($pkgrules, '.') + 1); status_cmd_define("Firewall-Generated Package Invalid Ruleset {$pkgname}", "/bin/cat " . escapeshellarg($pkgrules)); } $ovpnradrules = array(); foreach (glob(g_get('tmp_path') . "/ovpn_ovpns*.rules") as $ovpnrules) { if (preg_match('/ovpn_ovpns(\d+)\_(\w+)\_(\d+)\.rules/', basename($ovpnrules), $matches)) { $ovpnradrules[$matches[1]] .= "# user '{$matches[2]}' remote port {$matches[3]}\n"; $ovpnradrules[$matches[1]] .= file_get_contents($ovpnrules); $ovpnradrules[$matches[1]] .= "\n"; } } foreach ($ovpnradrules as $ovpns => $genrules) { status_cmd_define("OpenVPN-Generated RADIUS ACL Ruleset for server{$ovpns}", "echo " . escapeshellarg($genrules)); } status_cmd_define("Firewall-pf NAT Rules", "/sbin/pfctl -vvsn"); status_cmd_define("Firewall-pf Firewall Rules", "/sbin/pfctl -vvsr"); status_cmd_define("Firewall-pf Tables", "/sbin/pfctl -vs Tables"); status_cmd_define("Firewall-pf State Table Contents", "/sbin/pfctl -vvss"); status_cmd_define("Firewall-pf Info", "/sbin/pfctl -si"); status_cmd_define("Firewall-pf Show All", "/sbin/pfctl -sa"); status_cmd_define("Firewall-pf Queues", "/sbin/pfctl -s queue -v"); status_cmd_define("Firewall-pf OSFP", "/sbin/pfctl -s osfp"); status_cmd_define("Firewall-pftop Default", "/usr/local/sbin/pftop -a -b"); status_cmd_define("Firewall-pftop Long", "/usr/local/sbin/pftop -w 150 -a -b -v long"); status_cmd_define("Firewall-pftop Queue", "/usr/local/sbin/pftop -w 150 -a -b -v queue"); status_cmd_define("Firewall-pftop Rules", "/usr/local/sbin/pftop -w 150 -a -b -v rules"); status_cmd_define("Firewall-pftop Size", "/usr/local/sbin/pftop -w 150 -a -b -v size"); status_cmd_define("Firewall-pftop Speed", "/usr/local/sbin/pftop -w 150 -a -b -v speed"); status_cmd_define("Firewall-Limiter Info", "/sbin/dnctl pipe show"); status_cmd_define("Firewall-Queue Info", "/sbin/dnctl queue show"); /* Configuration Files */ status_cmd_define("Disk-Contents of var run", "/bin/ls /var/run"); status_cmd_define("Disk-Contents of conf", "/bin/ls /conf"); status_cmd_define("config.xml", "dumpconfigxml"); status_cmd_define("DNS-Resolution Configuration", "/bin/cat /etc/resolv.conf"); status_cmd_define("DNS-Resolver Access Lists", "/bin/cat /var/unbound/access_lists.conf"); status_cmd_define("DNS-Resolver Configuration", "/bin/cat /var/unbound/unbound.conf"); status_cmd_define("DNS-Resolver Domain Overrides", "/bin/cat /var/unbound/domainoverrides.conf"); status_cmd_define("DNS-Resolver Host Overrides", "/bin/cat /var/unbound/host_entries.conf"); if (file_exists("/var/dhcpd/etc/dhcpd.conf")) { status_cmd_define("DHCP-ISC-IPv4 Configuration", '/usr/bin/sed "s/\([[:blank:]]secret \).*/\1/" /var/dhcpd/etc/dhcpd.conf'); } if (file_exists("/var/dhcpd/etc/dhcpdv6.conf")) { status_cmd_define("DHCP-ISC-IPv6-Configuration", '/usr/bin/sed "s/\([[:blank:]]secret \).*/\1/" /var/dhcpd/etc/dhcpdv6.conf'); } if (file_exists("/usr/local/etc/kea/kea-dhcp4.conf") && !compare_files("/usr/local/etc/kea/kea-dhcp4.conf", "/usr/local/etc/kea/kea-dhcp4.conf.sample")) { status_cmd_define("DHCP-Kea-IPv4 Configuration", '/bin/cat /usr/local/etc/kea/kea-dhcp4.conf'); } if (file_exists("/usr/local/etc/kea/kea-dhcp6.conf") && !compare_files("/usr/local/etc/kea/kea-dhcp6.conf", "/usr/local/etc/kea/kea-dhcp6.conf.sample")) { status_cmd_define("DHCP-Kea-IPv6 Configuration", '/bin/cat /usr/local/etc/kea/kea-dhcp6.conf'); } if (file_exists("/var/etc/ipsec/strongswan.conf")) { status_cmd_define("IPsec-strongSwan Configuration", '/usr/bin/sed "s/\([[:blank:]]secret = \).*/\1/" /var/etc/ipsec/strongswan.conf'); } if (file_exists("/var/etc/ipsec/swanctl.conf")) { status_cmd_define("IPsec-Configuration", '/usr/bin/sed -E "s/([[:blank:]]*(secret|pin) = ).*/\1/" /var/etc/ipsec/swanctl.conf'); } if (file_exists("/var/run/charon.vici")) { status_cmd_define("IPsec-Status-Statistics", "/usr/local/sbin/swanctl --stats --pretty"); status_cmd_define("IPsec-Status-Connections", "/usr/local/sbin/swanctl --list-conns"); status_cmd_define("IPsec-Status-Active SAs", "/usr/local/sbin/swanctl --list-sas"); status_cmd_define("IPsec-Status-Policies", "/usr/local/sbin/swanctl --list-pols"); status_cmd_define("IPsec-Status-Certificates", "/usr/local/sbin/swanctl --list-certs --utc"); status_cmd_define("IPsec-Status-Pools", "/usr/local/sbin/swanctl --list-pools --leases"); } status_cmd_define("IPsec-SPD", "/sbin/setkey -DP"); status_cmd_define("IPsec-SAD", "/sbin/setkey -D"); if (file_exists("/cf/conf/upgrade_log.txt")) { status_cmd_define("OS-Upgrade Log", "/bin/cat /cf/conf/upgrade_log.txt"); } if (file_exists("/cf/conf/upgrade_log.latest.txt")) { status_cmd_define("OS-Upgrade Log Latest", "/bin/cat /cf/conf/upgrade_log.latest.txt"); } if (file_exists("/boot/loader.conf")) { status_cmd_define("OS-Boot Loader Configuration", "/bin/cat /boot/loader.conf"); } if (file_exists("/boot/loader.conf.local")) { status_cmd_define("OS-Boot Loader Configuration (Local)", "/bin/cat /boot/loader.conf.local"); } if (file_exists("/boot/loader.conf.lua")) { status_cmd_define("OS-Boot Loader Configuration (Lua)", "/bin/cat /boot/loader.conf.lua"); } if (file_exists("/var/etc/filterdns.conf")) { status_cmd_define("DNS-filterdns Daemon Configuration", "/bin/cat /var/etc/filterdns.conf"); } if (is_dir("/var/etc/openvpn")) { foreach(glob('/var/etc/openvpn/*/config.ovpn') as $file) { $ovpnfile = explode('/', $file); if (!count($ovpnfile) || (count($ovpnfile) < 6)) { continue; } status_cmd_define("OpenVPN-Configuration {$ovpnfile[4]}", "/bin/cat " . escapeshellarg($file)); } } if (file_exists("/var/etc/l2tp-vpn/mpd.conf")) { status_cmd_define("L2TP-Configuration", '/usr/bin/sed -E "s/([[:blank:]](secret|radius server .*) ).*/\1/" /var/etc/l2tp-vpn/mpd.conf'); } /* Config History */ $confvers = get_backups(); unset($confvers['versions']); if (count($confvers) != 0) { for ($c = count($confvers)-1; $c >= 0; $c--) { $conf_history .= backup_info($confvers[$c], $c+1); $conf_history .= "\n"; } status_cmd_define("Config History", "echo " . escapeshellarg($conf_history)); } status_log_add("System", '/var/log/system.log'); status_log_add("DHCP", '/var/log/dhcpd.log'); status_log_add("Filter", '/var/log/filter.log'); status_log_add("Gateways", '/var/log/gateways.log'); status_log_add("IPsec", '/var/log/ipsec.log'); status_log_add("L2TP", '/var/log/l2tps.log'); status_log_add("NTP", '/var/log/ntpd.log'); status_log_add("OpenVPN", '/var/log/openvpn.log'); status_log_add("Captive Portal Authentication", '/var/log/portalauth.log'); status_log_add("PPP", '/var/log/ppp.log'); status_log_add("PPPoE Server", '/var/log/poes.log'); status_log_add("DNS", '/var/log/resolver.log'); status_log_add("Routing", '/var/log/routing.log'); status_log_add("Wireless", '/var/log/wireless.log'); status_log_add("PHP Errors", '/tmp/PHP_errors.log', 'all'); status_cmd_define("OS-Message Buffer", "/sbin/dmesg -a"); status_cmd_define("OS-Message Buffer (Boot)", "/bin/cat /var/log/dmesg.boot"); /* OS/Hardware Status */ status_cmd_define("OS-sysctl values", "/sbin/sysctl -aq"); status_cmd_define("OS-Kernel Environment", "/bin/kenv"); status_cmd_define("OS-Kernel Memory Usage", "/usr/local/sbin/kmemusage.sh"); status_cmd_define("OS-Installed Packages", "/usr/local/sbin/pkg-static info"); status_cmd_define("OS-Package Manager Configuration", "/usr/local/sbin/pkg-static -vv"); status_cmd_define("Hardware-PCI Devices", "/usr/sbin/pciconf -lvb"); status_cmd_define("Hardware-USB Devices", "/usr/sbin/usbconfig dump_device_desc"); status_cmd_define("Disk-Filesystem Table", "/bin/cat /etc/fstab"); status_cmd_define("Disk-Swap Information", "/usr/sbin/swapinfo"); if (is_module_loaded("zfs.ko")) { status_cmd_define("Disk-ZFS List", "/sbin/zfs list"); status_cmd_define("Disk-ZFS Properties", "/sbin/zfs get all"); status_cmd_define("Disk-ZFS Pool List", "/sbin/zpool list"); status_cmd_define("Disk-ZFS Pool Status", "/sbin/zpool status"); } status_cmd_define("Disk-GEOM Tree", "/sbin/geom -t"); status_cmd_define("Disk-GEOM Disk List", "/sbin/geom disk list -a"); status_cmd_define("Disk-GEOM Partition Summary", "/sbin/geom part show -p"); status_cmd_define("Disk-GEOM Partition Details", "/sbin/geom part list"); status_cmd_define("Disk-GEOM Label Status", "/sbin/geom label status"); status_cmd_define("Disk-GEOM Label Details", "/sbin/geom label list"); status_cmd_define("Disk-GEOM Mirror Status", "/sbin/gmirror status"); /* Items specific to EFI */ if (get_single_sysctl("machdep.bootmethod") == "UEFI") { /* Basic EFI boot list is easier to read but only includes active entries */ status_cmd_define("EFI-Boot Manager List", "/usr/sbin/efibootmgr"); /* Verbose EFI boot list has a lot more detail but is more difficult to read */ status_cmd_define("EFI-Boot Manager List (Verbose)", "/usr/sbin/efibootmgr -v"); } exec("/bin/date", $dateOutput, $dateStatus); $currentDate = $dateOutput[0]; $pgtitle = array(g_get('product_label'), "Status"); if (!$console): include("head.inc"); ?>

' . gettext("Common password and other private fields in config.xml have been automatically redacted.") . '
' . sprintf(gettext('When the page has finished loading, the output is stored in %1$s. It may be downloaded via scp or using this button: '), $output_file) . ' ' . '' . gettext("Download") . ''); ?>

" . implode('
', $errors), 'warning', false); } } print(gettext("Saving output to archive...")); if (is_dir($output_path)) { mwexec("/usr/bin/tar czpf " . escapeshellarg($output_file) . " -C " . escapeshellarg(dirname($output_path)) . " " . escapeshellarg(basename($output_path))); if (!isset($_GET["nocleanup"])) { unlink_if_exists("{$output_path}/*"); @rmdir($output_path); } } print(gettext("Done.") . "\n"); if (!$console) { include("foot.inc"); }