summaryrefslogtreecommitdiffstats
path: root/etc/inc
diff options
context:
space:
mode:
authorjim-p <jimp@pfsense.org>2013-03-20 13:24:12 -0400
committerjim-p <jimp@pfsense.org>2013-03-20 13:26:16 -0400
commitba1d9714c5a96d892a6a80157d542f2dbe4fb71c (patch)
tree079bdc26e13959e111de0c3e70e1523e80ed1f16 /etc/inc
parent919ff1f07070287ee1408ae4d8e530efa756106f (diff)
downloadpfsense-ba1d9714c5a96d892a6a80157d542f2dbe4fb71c.zip
pfsense-ba1d9714c5a96d892a6a80157d542f2dbe4fb71c.tar.gz
Track user/time a firewall rule was created and last updated, and show this information at the bottom of the page when viewing the firewall rule. Have various places in the system that create rules add a proper entry to indicate their origin.
Diffstat (limited to 'etc/inc')
-rw-r--r--etc/inc/config.lib.inc59
-rw-r--r--etc/inc/easyrule.inc2
2 files changed, 38 insertions, 23 deletions
diff --git a/etc/inc/config.lib.inc b/etc/inc/config.lib.inc
index d6e48e5..bbd6fec 100644
--- a/etc/inc/config.lib.inc
+++ b/etc/inc/config.lib.inc
@@ -509,35 +509,13 @@ function write_config($desc="Unknown", $backup = true) {
}
}
- if (empty($_SESSION["Username"])) {
- if (empty($_ENV['USER']) || $_ENV['USER'] == "root")
- $username = "(system)";
- else
- $username = $_ENV['USER'];
- } else
- $username = $_SESSION["Username"];
-
- if (!empty($_SERVER['REMOTE_ADDR']))
- $username .= '@' . $_SERVER['REMOTE_ADDR'];
-
if (!isset($argc))
session_commit();
if($backup)
backup_config();
- if (!is_array($config['revision']))
- $config['revision'] = array();
-
- if (time() > mktime(0, 0, 0, 9, 1, 2004)) /* make sure the clock settings are plausible */
- $config['revision']['time'] = time();
-
- /* Log the running script so it's not entirely unlogged what changed */
- if ($desc == "Unknown")
- $desc = sprintf(gettext("%s made unknown change"), $_SERVER['SCRIPT_NAME']);
-
- $config['revision']['description'] = "{$username}: " . $desc;
- $config['revision']['username'] = $username;
+ $config['revision'] = make_config_revision_entry($desc);
conf_mount_rw();
$lockkey = lock('config', LOCK_EX);
@@ -894,4 +872,39 @@ function set_device_perms() {
}
}
+function get_config_user() {
+ if (empty($_SESSION["Username"])) {
+ if (empty($_ENV['USER']) || $_ENV['USER'] == "root")
+ $username = "(system)";
+ else
+ $username = $_ENV['USER'];
+ } else
+ $username = $_SESSION["Username"];
+
+ if (!empty($_SERVER['REMOTE_ADDR']))
+ $username .= '@' . $_SERVER['REMOTE_ADDR'];
+
+ return $username;
+}
+
+function make_config_revision_entry($desc = null, $override_user = null) {
+ if (empty($override_user))
+ $username = get_config_user();
+ else
+ $username = $override_user;
+
+ $revision = array();
+
+ if (time() > mktime(0, 0, 0, 9, 1, 2004)) /* make sure the clock settings are plausible */
+ $revision['time'] = time();
+
+ /* Log the running script so it's not entirely unlogged what changed */
+ if ($desc == "Unknown")
+ $desc = sprintf(gettext("%s made unknown change"), $_SERVER['SCRIPT_NAME']);
+ if (!empty($desc))
+ $revision['description'] = "{$username}: " . $desc;
+ $revision['username'] = $username;
+ return $revision;
+}
+
?>
diff --git a/etc/inc/easyrule.inc b/etc/inc/easyrule.inc
index d7bbcf9..a88b322 100644
--- a/etc/inc/easyrule.inc
+++ b/etc/inc/easyrule.inc
@@ -115,6 +115,7 @@ function easyrule_block_rule_create($int = 'wan', $ipproto = "inet") {
$filterent['source']['address'] = $blockaliasname . strtoupper($int);
$filterent['destination']['any'] = '';
$filterent['descr'] = gettext("Easy Rule: Blocked from Firewall Log View");
+ $filterent['created'] = make_config_revision_entry(null, gettext("Easy Rule"));
array_splice($a_filter, 0, 0, array($filterent));
@@ -294,6 +295,7 @@ function easyrule_pass_rule_add($int, $proto, $srchost, $dsthost, $dstport, $ipp
pconfig_to_address($filterent['source'], $srchost, $srcmask);
pconfig_to_address($filterent['destination'], $dsthost, $dstmask, '', $dstport, $dstport);
+ $filterent['created'] = make_config_revision_entry(null, gettext("Easy Rule"));
$a_filter[] = $filterent;
write_config($filterent['descr']);
OpenPOWER on IntegriCloud