Creating custom modules for phpips
Hi,
as promised I will explain how you can create custom modules for the ips system today.
At first you should get the latest version from the svn reposatory from sourcforge.
svn co https://php-ips.svn.sourceforge.net/svnroot/php-ips/trunk/ php-ips
To add a new module, you just need to create a new directory under phpids/lib/Modules
We will name it Example.
mkdir phpids/lib/Modules/Example
This is you new Module Directory. Now we need a place where we can add Commands for our Module.
The Directory name, the system searches Commands is named, well "Command" :)
mkdir phpids/lib/Modules/Command
Our first command, we will implement is a modified version of the log command.
The default command just opens a file and writes logging messages to it.
This is fine, but we are logs going in a database, so wa can do some analysing logfiles more easily with a nice backend. To simplify this example much, I will use a SQLite Database. If you want another Database, like MySQL, PGSQL or even Microsoft SQL Server you can do this on your own.
Further I will use the PDO php package doing the Database stuff, so forgive me, its my second time working with it, so hopefully I don't mess up my code to much. (We will see if Zend Framework spoiled me too much :))
To create the Command, all we have to do is add a new file. With the name Log.php. Lets do it.
touch phpids/lib/Modules/Command/Log.php
In the file itself you need to insert the following code, before we begin.
class Module_Example_Command_Log extends Ips_Command_Abstract {
private static $_instance=null;
public static function getInstance() {
if (self::$_instance==null)
self::$_instance=new self();
return self::$_instance;
}
protected function realExecute() {
}
protected function realSimulate($fileHandle) {
}
}
From the frameworks point of view, thats all. Just implement the methods and you are done. (Well you need to configure the system, using the new Module Directory, furthermore it makes no sense to only implement one command in a module. So you have to implement all commands you need in this module.
I will show the configuration Part at the end. )
Ok, forget the last note, we implement the code now here, cause I wann show some things you probably need while you are implementing your own commands.
As I said, we wanna log to a sqlite database. So first of all, we need to create it. (We will use sqlite3, so moke sure you got the sqlite3 package of your distribution. Further you need php5-sqlite php module)
First the table definition:
CREATE TABLE [loggertable] (
[id] INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
[time] TIMESTAMP DEFAULT CURRENT_TIMESTAMP NOT NULL,
[affected_tags] VARCHAR(256) NULL,
[impact] INTEGER NOT NULL,
[session_impact] INTEGER NOT NULL,
[attacker_ip] VARCHAR(128)
);
Just open a new file, called create_loggerdb.sql and insert the sql code in it. Than use the following commands
sqlite3 logger.db < create_loggerdb.sql
chown www-data logger.db
chmod u+rw logger.db
(www-data is the user running the httpd server at debian based systems. So you have to use your user who run the httpd server on your host)
Now we have our database finished. Just put the file to a place where you httpd server can reach it. I willt put it in the directory /var/www/path/to/webroot/phpips/examples/logger.db
If you downloaded a package greater alpha_01 you already have such a file in the examples directory. You can use it if you like.
Now lets go back to our logger command.
I will now add some methods to the class, you can just copy and paste the following code or do it on your own.
I created a method called dbInsert, here the code:
private function dbInsert(){
$this->_dbPath=$this->_dbPath=$this->_registry->getBasePath().
"phpips/examples/db/logger.db";
$this->_dbTableName="loggertable";
$db=new PDO('sqlite:'.$this->_dbPath);
$idsReport=$this->_registry->getidsReport();
$session_impact=$this->_registry->getHighestSessionImpact();
$impact=$idsReport->getImpact();
$attacker_ip=$_SERVER['REMOTE_ADDR'];
$affected_tags=$idsReport->getTags();
$affected_tags_text="";
foreach ($affected_tags as $tag){
$affected_tags_text.="[".$tag."]";
}
$values=array($impact,$affected_tags_text,
$session_impact,$attacker_ip);
$insert=$db->prepare("INSERT INTO ".
$this->_dbTableName." ( impact,
affected_tags,
session_impact,
attacker_ip
)
values (?,?,?,?);"
)->execute($values);
}
I modified the realExecute method like this:
protected function realExecute() {
$this->dbInsert();
}
The realSimulate method I just copied from an existing one.
protected function realSimulate($fileHandle) {
$logText = "\n-------\n";
$logText.= "SIMULATING LOGGING COMMAND\n";
$logText.= "Logging to Database\n";
$logText.= "-------\n";
$this->_registry->add("SimulationOutputBuffer", $this->_registry->
get("SimulationOutputBuffer").$logText);
fwrite($fileHandle, $logText);
}
To get the full code I post it here again:
class Module_Example_Command_Log extends Ips_Command_Abstract {
/*
* This is the sample command descripted implementing in my blog.
* http://ra23.net/wop/category/phpips/
*
*/
private static $_instance=null;
private $_dbPath=null;
private $_dbTableName=null;
public static function getInstance() {
if (self::$_instance==null)
self::$_instance=new self();
return self::$_instance;
}
protected function realExecute() {
$this->dbInsert();
}
protected function realSimulate($fileHandle) {
$logText = "\n-------\n";
$logText.= "SIMULATING LOGGING COMMAND\n";
$logText.= "Logging to Database\n";
$logText.= "-------\n";
$this->_registry->add("SimulationOutputBuffer", $this->_registry->
get("SimulationOutputBuffer").$logText);
fwrite($fileHandle, $logText);
}
private function dbInsert(){
$this->_dbPath=$this->_dbPath=$this->_registry->getBasePath().
"phpips/examples/db/logger.db";
$this->_dbTableName="loggertable";
$db=new PDO('sqlite:'.$this->_dbPath);
$idsReport=$this->_registry->getidsReport();
$session_impact=$this->_registry->getHighestSessionImpact();
$impact=$idsReport->getImpact();
$attacker_ip=$_SERVER['REMOTE_ADDR'];
$affected_tags=$idsReport->getTags();
$affected_tags_text="";
foreach ($affected_tags as $tag){
$affected_tags_text.="[".$tag."]";
}
$values=array($impact,$affected_tags_text,
$session_impact,$attacker_ip);
$insert=$db->prepare("INSERT INTO ".
$this->_dbTableName." ( impact,
affected_tags,
session_impact,
attacker_ip
)
values (?,?,?,?);"
)->execute($values);
}
The other needed commands like Mail, Warn, Kick, Ban I just copied out of the Test folder and renamed them to fit the module.
Thes example is included withing the alpha_2 release, so you get the code here:
http://sourceforge.net/projects/php-ips/files/
To get this module now running, just go to etc/System.ini and edit it. Below I show you what you need to change:
UseCustomCommands="On"
CustomCommandModuleName="Example"
Now your new Module is activated and the system uses our created new log command.
I hope you enjoyed this post, if anything isn't clear or you just found an error in this post, use the comment system.
I'll upload the alpha_2 release asap, so you can implement your own command modules now.
regards