|
1
|
<?php
|
|
2
|
/*
|
|
3
|
status.php
|
|
4
|
*/
|
|
5
|
/* Run various commands and collect their output into HTML tables.
|
|
6
|
* Jim McBeath <jimmc@macrovision.com> Nov 2003
|
|
7
|
*
|
|
8
|
* (modified for m0n0wall by Manuel Kasper <mk@neon1.net>)
|
|
9
|
* (modified for pfSense by Scott Ullrich geekgod@pfsense.com)
|
|
10
|
*
|
|
11
|
*/
|
|
12
|
/* ====================================================================
|
|
13
|
* Copyright (c) 2004-2015 Electric Sheep Fencing, LLC. All rights reserved.
|
|
14
|
*
|
|
15
|
* Some or all of this file is based on the m0n0wall project which is
|
|
16
|
* Copyright (c) 2004 Manuel Kasper (BSD 2 clause)
|
|
17
|
*
|
|
18
|
* Redistribution and use in source and binary forms, with or without modification,
|
|
19
|
* are permitted provided that the following conditions are met:
|
|
20
|
*
|
|
21
|
* 1. Redistributions of source code must retain the above copyright notice,
|
|
22
|
* this list of conditions and the following disclaimer.
|
|
23
|
*
|
|
24
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
25
|
* notice, this list of conditions and the following disclaimer in
|
|
26
|
* the documentation and/or other materials provided with the
|
|
27
|
* distribution.
|
|
28
|
*
|
|
29
|
* 3. All advertising materials mentioning features or use of this software
|
|
30
|
* must display the following acknowledgment:
|
|
31
|
* "This product includes software developed by the pfSense Project
|
|
32
|
* for use in the pfSense software distribution. (http://www.pfsense.org/).
|
|
33
|
*
|
|
34
|
* 4. The names "pfSense" and "pfSense Project" must not be used to
|
|
35
|
* endorse or promote products derived from this software without
|
|
36
|
* prior written permission. For written permission, please contact
|
|
37
|
* coreteam@pfsense.org.
|
|
38
|
*
|
|
39
|
* 5. Products derived from this software may not be called "pfSense"
|
|
40
|
* nor may "pfSense" appear in their names without prior written
|
|
41
|
* permission of the Electric Sheep Fencing, LLC.
|
|
42
|
*
|
|
43
|
* 6. Redistributions of any form whatsoever must retain the following
|
|
44
|
* acknowledgment:
|
|
45
|
*
|
|
46
|
* "This product includes software developed by the pfSense Project
|
|
47
|
* for use in the pfSense software distribution (http://www.pfsense.org/).
|
|
48
|
*
|
|
49
|
* THIS SOFTWARE IS PROVIDED BY THE pfSense PROJECT ``AS IS'' AND ANY
|
|
50
|
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
51
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
|
52
|
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE pfSense PROJECT OR
|
|
53
|
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
54
|
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
|
55
|
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
|
56
|
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
57
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
|
58
|
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
|
59
|
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
|
60
|
* OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
61
|
*
|
|
62
|
* ====================================================================
|
|
63
|
*
|
|
64
|
*/
|
|
65
|
/*
|
|
66
|
pfSense_BUILDER_BINARIES: /usr/bin/vmstat /usr/bin/netstat /sbin/dmesg /sbin/mount /sbin/setkey /usr/local/sbin/pftop
|
|
67
|
pfSense_BUILDER_BINARIES: /sbin/pfctl /sbin/sysctl /usr/bin/top /usr/bin/netstat /sbin/pfctl /sbin/ifconfig
|
|
68
|
pfSense_MODULE: support
|
|
69
|
*/
|
|
70
|
|
|
71
|
##|+PRIV
|
|
72
|
##|*IDENT=page-hidden-detailedstatus
|
|
73
|
##|*NAME=Hidden: Detailed Status
|
|
74
|
##|*DESCR=Allow access to the 'Hidden: Detailed Status' page.
|
|
75
|
##|*MATCH=status.php*
|
|
76
|
##|-PRIV
|
|
77
|
|
|
78
|
/* Execute a command, with a title, and generate an HTML table
|
|
79
|
* showing the results.
|
|
80
|
*/
|
|
81
|
|
|
82
|
/* include all configuration functions */
|
|
83
|
require_once("guiconfig.inc");
|
|
84
|
require_once("functions.inc");
|
|
85
|
$output_path = "/tmp/status_output/";
|
|
86
|
$output_file = "/tmp/status_output.tgz";
|
|
87
|
|
|
88
|
if (is_dir($output_path)) {
|
|
89
|
unlink_if_exists("{$output_path}/*");
|
|
90
|
@rmdir($output_path);
|
|
91
|
}
|
|
92
|
unlink_if_exists($output_file);
|
|
93
|
mkdir($output_path);
|
|
94
|
|
|
95
|
function doCmdT($title, $command) {
|
|
96
|
global $output_path, $output_file;
|
|
97
|
/* Fixup output directory */
|
|
98
|
|
|
99
|
$rubbish = array('|', '-', '/', '.', ' '); /* fixes the <a> tag to be W3C compliant */
|
|
100
|
echo "\n<a name=\"" . str_replace($rubbish, '', $title) . "\" id=\"" . str_replace($rubbish, '', $title) . "\"></a>\n";
|
|
101
|
|
|
102
|
print('<div class="panel panel-default">');
|
|
103
|
print( '<div class="panel-heading">' . $title . '</div>');
|
|
104
|
print( '<div class="panel-body">');
|
|
105
|
print( '<pre>');
|
|
106
|
|
|
107
|
if ($command == "dumpconfigxml") {
|
|
108
|
$ofd = @fopen("{$output_path}/config-sanitized.xml", "w");
|
|
109
|
$fd = @fopen("/conf/config.xml", "r");
|
|
110
|
if ($fd) {
|
|
111
|
while (!feof($fd)) {
|
|
112
|
$line = fgets($fd);
|
|
113
|
/* remove sensitive contents */
|
|
114
|
$line = preg_replace("/<password>.*?<\\/password>/", "<password>xxxxx</password>", $line);
|
|
115
|
$line = preg_replace("/<pre-shared-key>.*?<\\/pre-shared-key>/", "<pre-shared-key>xxxxx</pre-shared-key>", $line);
|
|
116
|
$line = preg_replace("/<rocommunity>.*?<\\/rocommunity>/", "<rocommunity>xxxxx</rocommunity>", $line);
|
|
117
|
$line = preg_replace("/<prv>.*?<\\/prv>/", "<prv>xxxxx</prv>", $line);
|
|
118
|
$line = preg_replace("/<shared_key>.*?<\\/shared_key>/", "<shared_key>xxxxx</shared_key>", $line);
|
|
119
|
$line = preg_replace("/<tls>.*?<\\/tls>/", "<tls>xxxxx</tls>", $line);
|
|
120
|
$line = preg_replace("/<ipsecpsk>.*?<\\/ipsecpsk>/", "<ipsecpsk>xxxxx</ipsecpsk>", $line);
|
|
121
|
$line = preg_replace("/<md5-hash>.*?<\\/md5-hash>/", "<md5-hash>xxxxx</md5-hash>", $line);
|
|
122
|
$line = preg_replace("/<md5password>.*?<\\/md5password>/", "<md5password>xxxxx</md5password>", $line);
|
|
123
|
$line = preg_replace("/<nt-hash>.*?<\\/nt-hash>/", "<nt-hash>xxxxx</nt-hash>", $line);
|
|
124
|
$line = preg_replace("/<radius_secret>.*?<\\/radius_secret>/", "<radius_secret>xxxxx</radius_secret>", $line);
|
|
125
|
$line = preg_replace("/<ldap_bindpw>.*?<\\/ldap_bindpw>/", "<ldap_bindpw>xxxxx</ldap_bindpw>", $line);
|
|
126
|
$line = preg_replace("/<passwordagain>.*?<\\/passwordagain>/", "<passwordagain>xxxxx</passwordagain>", $line);
|
|
127
|
$line = preg_replace("/<crypto_password>.*?<\\/crypto_password>/", "<crypto_password>xxxxx</crypto_password>", $line);
|
|
128
|
$line = preg_replace("/<crypto_password2>.*?<\\/crypto_password2>/", "<crypto_password2>xxxxx</crypto_password2>", $line);
|
|
129
|
$line = str_replace("\t", " ", $line);
|
|
130
|
echo htmlspecialchars($line, ENT_NOQUOTES);
|
|
131
|
fwrite($ofd, $line);
|
|
132
|
}
|
|
133
|
}
|
|
134
|
fclose($fd);
|
|
135
|
fclose($ofd);
|
|
136
|
} else {
|
|
137
|
$ofd = @fopen("{$output_path}/{$title}.txt", "w");
|
|
138
|
$execOutput = "";
|
|
139
|
$execStatus = "";
|
|
140
|
exec ($command . " 2>&1", $execOutput, $execStatus);
|
|
141
|
for ($i = 0; isset($execOutput[$i]); $i++) {
|
|
142
|
if ($i > 0) {
|
|
143
|
echo "\n";
|
|
144
|
}
|
|
145
|
echo htmlspecialchars($execOutput[$i], ENT_NOQUOTES);
|
|
146
|
fwrite($ofd, $execOutput[$i] . "\n");
|
|
147
|
}
|
|
148
|
fclose($ofd);
|
|
149
|
}
|
|
150
|
|
|
151
|
print( '</pre>');
|
|
152
|
print( '</div>');
|
|
153
|
print('</div>');
|
|
154
|
}
|
|
155
|
|
|
156
|
/* Define a command, with a title, to be executed later. */
|
|
157
|
function defCmdT($title, $command) {
|
|
158
|
global $commands;
|
|
159
|
$title = htmlspecialchars($title, ENT_NOQUOTES);
|
|
160
|
$commands[] = array($title, $command);
|
|
161
|
}
|
|
162
|
|
|
163
|
/* List all of the commands as an index. */
|
|
164
|
function listCmds() {
|
|
165
|
global $currentDate;
|
|
166
|
global $commands;
|
|
167
|
|
|
168
|
$rubbish = array('|', '-', '/', '.', ' '); /* fixes the <a> tag to be W3C compliant */
|
|
169
|
|
|
170
|
print('<div class="panel panel-default">');
|
|
171
|
print( '<div class="panel-heading">' . gettext("System status on ") . $currentDate . '</div>');
|
|
172
|
print( '<div class="panel-body">');
|
|
173
|
print( ' <div class="content">');
|
|
174
|
print("\n<p>" . gettext("This status page includes the following information") . ":\n");
|
|
175
|
print("<ul>\n");
|
|
176
|
for ($i = 0; isset($commands[$i]); $i++ ) {
|
|
177
|
print("\t<li><strong><a href=\"#" . str_replace($rubbish,'',$commands[$i][0]) . "\">" . $commands[$i][0] . "</a></strong></li>\n");
|
|
178
|
}
|
|
179
|
|
|
180
|
print("</ul>\n");
|
|
181
|
print(' </div>');
|
|
182
|
print(' </div>');
|
|
183
|
print('</div>');
|
|
184
|
}
|
|
185
|
|
|
186
|
/* Execute all of the commands which were defined by a call to defCmd. */
|
|
187
|
function execCmds() {
|
|
188
|
global $commands;
|
|
189
|
for ($i = 0; isset($commands[$i]); $i++) {
|
|
190
|
doCmdT($commands[$i][0], $commands[$i][1]);
|
|
191
|
}
|
|
192
|
}
|
|
193
|
|
|
194
|
global $g, $config;
|
|
195
|
|
|
196
|
/* Set up all of the commands we want to execute. */
|
|
197
|
|
|
198
|
/* System stats/info */
|
|
199
|
defCmdT("System uptime","/usr/bin/uptime");
|
|
200
|
defCmdT("Interfaces","/sbin/ifconfig -a");
|
|
201
|
defCmdT("Interface Statistics","/usr/bin/netstat -ni");
|
|
202
|
defCmdT("Top Process Info", "/usr/bin/top | /usr/bin/head -n5");
|
|
203
|
defCmdT("Processes","/bin/ps xauww");
|
|
204
|
defCmdT("Mounted Filesystems", "/sbin/mount");
|
|
205
|
defCmdT("Free Disk Space","/bin/df -hi");
|
|
206
|
defCmdT("Routing tables","/usr/bin/netstat -nWr");
|
|
207
|
defCmdT("Mbuf Usage","/usr/bin/netstat -mb");
|
|
208
|
defCmdT("VMStat", "/usr/bin/vmstat -afimsz");
|
|
209
|
defCmdT("Sockets", "/usr/bin/sockstat");
|
|
210
|
|
|
211
|
/* Firewall rules and info */
|
|
212
|
defCmdT("Generated Ruleset","/bin/cat {$g['tmp_path']}/rules.debug");
|
|
213
|
defCmdT("Generated Ruleset Limiters","/bin/cat {$g['tmp_path']}/rules.limiter");
|
|
214
|
defCmdT("Generated Ruleset Limits","/bin/cat {$g['tmp_path']}/rules.limits");
|
|
215
|
defCmdT("pf NAT Rules", "/sbin/pfctl -vvsn");
|
|
216
|
defCmdT("pf Firewall Rules", "/sbin/pfctl -vvsr");
|
|
217
|
defCmdT("pf Tables","/sbin/pfctl -vs Tables");
|
|
218
|
defCmdT("pf State Table Contents", "/sbin/pfctl -ss");
|
|
219
|
defCmdT("pf Info", "/sbin/pfctl -si");
|
|
220
|
defCmdT("pf Show All", "/sbin/pfctl -sa");
|
|
221
|
defCmdT("pf Queues","/sbin/pfctl -s queue -v");
|
|
222
|
defCmdT("pf OSFP","/sbin/pfctl -s osfp");
|
|
223
|
defCmdT("pfsync stats","/usr/bin/netstat -s -ppfsync");
|
|
224
|
defCmdT("pftop Default","/usr/local/sbin/pftop -a -b");
|
|
225
|
defCmdT("pftop Long","/usr/local/sbin/pftop -w 150 -a -b -v long");
|
|
226
|
defCmdT("pftop Queue","/usr/local/sbin/pftop -w 150 -a -b -v queue");
|
|
227
|
defCmdT("pftop Rules","/usr/local/sbin/pftop -w 150 -a -b -v rules");
|
|
228
|
defCmdT("pftop Size","/usr/local/sbin/pftop -w 150 -a -b -v size");
|
|
229
|
defCmdT("pftop Speed","/usr/local/sbin/pftop -w 150 -a -b -v speed");
|
|
230
|
if (isset($config['captiveportal']) && is_array($config['captiveportal'])) {
|
|
231
|
foreach ($config['captiveportal'] as $cpZone => $cpdata) {
|
|
232
|
if (isset($cpdata['enable']))
|
|
233
|
defCmdT("IPFW rules for {$cpdata['zone']}", "/sbin/ipfw -x " . escapeshellarg($cpdata['zoneid']) . " show");
|
|
234
|
}
|
|
235
|
}
|
|
236
|
|
|
237
|
/* Configuration Files */
|
|
238
|
defCmdT("Contents of var run", "/bin/ls /var/run");
|
|
239
|
defCmdT("Contents of conf", "/bin/ls /conf");
|
|
240
|
defCmdT("config.xml","dumpconfigxml");
|
|
241
|
defCmdT("resolv.conf","/bin/cat /etc/resolv.conf");
|
|
242
|
defCmdT("DHCP Configuration","/bin/cat /var/dhcpd/etc/dhcpd.conf");
|
|
243
|
defCmdT("DHCPv6 Configuration","/bin/cat /var/dhcpd/etc/dhcpdv6.conf");
|
|
244
|
defCmdT("strongSwan config","/bin/cat /var/etc/ipsec/strongswan.conf");
|
|
245
|
defCmdT("IPsec config","/bin/cat /var/etc/ipsec/ipsec.conf");
|
|
246
|
defCmdT("IPsec Status","/usr/local/sbin/ipsec statusall");
|
|
247
|
defCmdT("SPD","/sbin/setkey -DP");
|
|
248
|
defCmdT("SAD","/sbin/setkey -D");
|
|
249
|
if (file_exists("/cf/conf/upgrade_log.txt")) {
|
|
250
|
defCmdT("Upgrade Log", "/bin/cat /cf/conf/upgrade_log.txt");
|
|
251
|
}
|
|
252
|
if (file_exists("/boot/loader.conf")) {
|
|
253
|
defCmdT("Loader Configuration", "/bin/cat /boot/loader.conf");
|
|
254
|
}
|
|
255
|
if (file_exists("/boot/loader.conf.local")) {
|
|
256
|
defCmdT("Loader Configuration (Local)", "/bin/cat /boot/loader.conf.local");
|
|
257
|
}
|
|
258
|
if (file_exists("/var/run/apinger.status")) {
|
|
259
|
defCmdT("Gateway Status", "/bin/cat /var/run/apinger.status");
|
|
260
|
}
|
|
261
|
if (file_exists("/var/etc/apinger.conf")) {
|
|
262
|
defCmdT("Gateway Monitoring Config", "/bin/cat /var/etc/apinger.conf");
|
|
263
|
}
|
|
264
|
if (file_exists("/var/etc/filterdns.conf")) {
|
|
265
|
defCmdT("Filter DNS Daemon Config", "/bin/cat /var/etc/filterdns.conf");
|
|
266
|
}
|
|
267
|
if(isset($config['system']['usefifolog'])) {
|
|
268
|
defCmdT("last 1000 system log entries","/usr/sbin/fifolog_reader /var/log/system.log 2>&1 | tail -n 1000");
|
|
269
|
defCmdT("last 1000 DHCP log entries","/usr/sbin/fifolog_reader /var/log/dhcpd.log 2>&1 | tail -n 1000");
|
|
270
|
defCmdT("last 500 filter log entries","/usr/sbin/fifolog_reader /var/log/filter.log 2>&1 | tail -n 500");
|
|
271
|
defCmdT("last 1000 gateways log entries","/usr/sbin/fifolog_reader /var/log/gateways.log 2>&1 | tail -n 1000");
|
|
272
|
defCmdT("last 1000 IPsec log entries","/usr/sbin/fifolog_reader /var/log/ipsec.log 2>&1 | tail -n 1000");
|
|
273
|
defCmdT("last 1000 L2TP log entries","/usr/sbin/fifolog_reader /var/log/l2tps.log 2>&1 | tail -n 1000");
|
|
274
|
defCmdT("last 1000 NTP log entries","/usr/sbin/fifolog_reader /var/log/ntpd.log 2>&1 | tail -n 1000");
|
|
275
|
defCmdT("last 1000 OpenVPN log entries","/usr/sbin/fifolog_reader /var/log/openvpn.log 2>&1 | tail -n 1000");
|
|
276
|
defCmdT("last 1000 Captive Portal auth log entries","/usr/sbin/fifolog_reader /var/log/portalauth.log 2>&1 | tail -n 1000");
|
|
277
|
defCmdT("last 1000 PPP log entries","/usr/sbin/fifolog_reader /var/log/poes.log 2>&1 | tail -n 1000");
|
|
278
|
defCmdT("last 1000 relayd log entries","/usr/sbin/fifolog_reader /var/log/relayd.log 2>&1 | tail -n 1000");
|
|
279
|
defCmdT("last 1000 resolver log entries","/usr/sbin/fifolog_reader /var/log/resolver.log 2>&1 | tail -n 1000");
|
|
280
|
defCmdT("last 1000 routing log entries","/usr/sbin/fifolog_reader /var/log/routing.log 2>&1 | tail -n 1000");
|
|
281
|
defCmdT("last 1000 wireless log entries","/usr/sbin/fifolog_reader /var/log/wireless.log 2>&1 | tail -n 1000");
|
|
282
|
} else {
|
|
283
|
defCmdT("last 1000 system log entries","/usr/local/sbin/clog /var/log/system.log 2>&1 | tail -n 1000");
|
|
284
|
defCmdT("last 1000 DHCP log entries","/usr/local/sbin/clog /var/log/dhcpd.log 2>&1 | tail -n 1000");
|
|
285
|
defCmdT("last 500 filter log entries","/usr/local/sbin/clog /var/log/filter.log 2>&1 | tail -n 500");
|
|
286
|
defCmdT("last 1000 gateways log entries","/usr/local/sbin/clog /var/log/gateways.log 2>&1 | tail -n 1000");
|
|
287
|
defCmdT("last 1000 IPsec log entries","/usr/local/sbin/clog /var/log/ipsec.log 2>&1 | tail -n 1000");
|
|
288
|
defCmdT("last 1000 L2TP log entries","/usr/local/sbin/clog /var/log/l2tps.log 2>&1 | tail -n 1000");
|
|
289
|
defCmdT("last 1000 NTP log entries","/usr/local/sbin/clog /var/log/ntpd.log 2>&1 | tail -n 1000");
|
|
290
|
defCmdT("last 1000 OpenVPN log entries","/usr/local/sbin/clog /var/log/openvpn.log 2>&1 | tail -n 1000");
|
|
291
|
defCmdT("last 1000 Captive Portal auth log entries","/usr/local/sbin/clog /var/log/portalauth.log 2>&1 | tail -n 1000");
|
|
292
|
defCmdT("last 1000 PPP log entries","/usr/local/sbin/clog /var/log/poes.log 2>&1 | tail -n 1000");
|
|
293
|
defCmdT("last 1000 relayd log entries","/usr/local/sbin/clog /var/log/relayd.log 2>&1 | tail -n 1000");
|
|
294
|
defCmdT("last 1000 resolver log entries","/usr/local/sbin/clog /var/log/resolver.log 2>&1 | tail -n 1000");
|
|
295
|
defCmdT("last 1000 routing log entries","/usr/local/sbin/clog /var/log/routing.log 2>&1 | tail -n 1000");
|
|
296
|
defCmdT("last 1000 wireless log entries","/usr/local/sbin/clog /var/log/wireless.log 2>&1 | tail -n 1000");
|
|
297
|
}
|
|
298
|
if (file_exists("/tmp/PHP_errors.log")) {
|
|
299
|
defCmdT("PHP Error Log", "/bin/cat /tmp/PHP_errors.log");
|
|
300
|
}
|
|
301
|
defCmdT("System Message Buffer","/sbin/dmesg -a");
|
|
302
|
defCmdT("System Message Buffer (Boot)","/bin/cat /var/log/dmesg.boot");
|
|
303
|
defCmdT("sysctl values","/sbin/sysctl -a");
|
|
304
|
|
|
305
|
exec("/bin/date", $dateOutput, $dateStatus);
|
|
306
|
$currentDate = $dateOutput[0];
|
|
307
|
|
|
308
|
$pgtitle = array("{$g['product_name']}", "status");
|
|
309
|
include("head.inc");
|
|
310
|
|
|
311
|
print_info_box(gettext("Make sure all sensitive information is removed! (Passwords, etc.) before posting " .
|
|
312
|
"information from this page in public places (like mailing lists)") . '<br />' .
|
|
313
|
gettext("Common password fields in config.xml have been automatically redacted.") . '<br />' .
|
|
314
|
gettext("When the page has finished loading, the output will be stored in {$output_file}. It may be downloaded via scp or ") .
|
|
315
|
"<a href=\"/exec.php?dlPath={$output_file}\">" . gettext("Diagnostics > Command Prompt") . '</a>');
|
|
316
|
|
|
317
|
listCmds();
|
|
318
|
execCmds();
|
|
319
|
|
|
320
|
include("foot.inc");
|
