params['bare'])?$this->params['bare']:0; * if(($bare === 0 || $this->RequestHandler->isAjax()) && DEBUG == 0 && ADMIN == 0) { * $this->Ids->detect($this); * } * //EOF * * 6. Make sure DEBUG and ADMIN are 0 if you want to test * 7. Customize some stuff in the Config/Config.ini if you like * 8. Inject some XSS via URL or an arbitrary form of your webapp * 9. Please make sure you tested the use of the PHPIDS before you go live * * If you have problems getting the PHPIDS to work just drop us a line via our forum * * http://forum.php-ids.org/ * */ /** * The CakePHP IDS component * * @package PHPIDS */ class IdsComponent extends Object { /** * define the threshold for the ids reactions */ private $threshold = array( 'log' => 3, 'mail' => 9, 'warn' => 27, 'kick' => 81 ); /** * define the email addresses for idsmail */ private $email = array( 'address1@what.ever', 'address2@what.ever' ); /** * the init object */ private $init = NULL; /** * This function includes the IDS vendor parts and runs the * detection routines on the request array. * * @param object cake controller object * @return boolean */ public function detect(&$controller) { $this->controller = &$controller; $this->name = Inflector::singularize($this->controller->name); #set include path for IDS and store old one $path = get_include_path(); set_include_path( VENDORS . 'phpids/'); #require the needed files vendor('phpids/IDS/Init'); #add request url and user agent $_REQUEST['IDS_request_uri'] = $_SERVER['REQUEST_URI']; if (isset($_SERVER['HTTP_USER_AGENT'])) { $_REQUEST['IDS_user_agent'] = $_SERVER['HTTP_USER_AGENT']; } #init the PHPIDS and pass the REQUEST array $this->init = IDS_Init::init(); $ids = new IDS_Monitor($this->init, $_REQUEST); $result = $ids->run(); // Re-set include path set_include_path($path); if (!$result->isEmpty()) { $this->react($result); } return true; } /** * This function rects on the values in * the incoming results array. * * Depending on the impact value certain actions are * performed. * * @param IDS_Report $result * @return boolean */ private function react(IDS_Report $result) { $new = $this->controller ->Session ->read('IDS.Impact') + $result->getImpact(); $this->controller->Session->write('IDS.Impact', $new); $impact = $this->controller->Session->read('IDS.Impact'); if ($impact >= $this->threshold['kick']) { $this->idslog($result, 3, $impact); $this->idsmail($result); $this->idskick($result); return true; } else if ($impact >= $this->threshold['warn']) { $this->idslog($result, 2, $impact); $this->idsmail($result); $this->idswarn($result); return true; } else if ($impact >= $this->threshold['mail']) { $this->idslog($result, 1, $impact); $this->idsmail($result); return true; } else if ($impact >= $this->threshold['log']) { $this->idslog($result, 0, $impact); return true; } else { return true; } } /** * This function writes an entry about the intrusion * to the intrusion database * * @param array $results * @return boolean */ private function idslog($result, $reaction = 0) { $user = $this->controller ->Session->read('User.id') ? $this->controller->Session->read('User.id') : 0; $ip = ($_SERVER['SERVER_ADDR'] != '127.0.0.1') ? $_SERVER['SERVER_ADDR'] : (isset($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : '127.0.0.1'); foreach ($result as $event) { $data = array( 'Intrusion' => array( 'name' => $event->getName(), 'value' => stripslashes($event->getValue()), 'page' => $_SERVER['REQUEST_URI'], 'userid' => $user, 'session' => session_id() ? session_id() : '0', 'ip' => $ip, 'reaction' => $reaction, 'impact' => $result->getImpact() ) ); } loadModel('Intrusion'); $intrusion = new Intrusion; $saveable = array('name', 'value', 'page', 'userid', 'session', 'ip', 'reaction', 'impact'); $intrusion->save($data, false, $saveable); return true; } /** * This function sends out a mail * about the intrusion including the intrusion details * * @param array $results * @return boolean */ private function idsmail($result) { vendor('phpids/IDS/Log/Email.php'); vendor('phpids/IDS/Log/Composite.php'); $compositeLog = new IDS_Log_Composite(); $compositeLog->addLogger( IDS_Log_Email::getInstance($this->init->config['IDS_Logging']['recipient'], $this->config['IDS_Logging']['subject'], NULL, //optional headers $this->init->config['IDS_Logging']['safemode'], $this->init->config['IDS_Logging']['allowed_rate'], $this->init->config['IDS_Basic']['tmp_path']) ); if (!$result->isEmpty()) { $compositeLog->execute($result); } return true; } /** * //todo * * */ private function idswarn($result) { return $result; } /** * //todo * * */ private function idskick($result) { return $result; } }