Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
First version of the ZeSecurity module.
Currently contains a wrapper for PHPIDS (modified to follow PSR-0 and removed require_once), ability to set up unlimited threat levels and to define new actions to handle attacks.
- Loading branch information
1 parent
abf32c5
commit 0f7365e
Showing
410 changed files
with
32,072 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
# in case PHPIDS is placed in the web-root | ||
deny from all | ||
|
||
# silence is golden | ||
php_flag display_errors off |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
Copyright (c) 2012 to ZendExperts Team, see AUTHORS for more details. | ||
|
||
Some rights reserved. | ||
|
||
Redistribution and use in source and binary forms, with or without | ||
modification, are permitted provided that the following conditions are met: | ||
|
||
* Redistributions of source code must retain the above copyright | ||
notice, this list of conditions and the following disclaimer. | ||
|
||
* Redistributions in binary form must reproduce the above | ||
copyright notice, this list of conditions and the following | ||
disclaimer in the documentation and/or other materials provided | ||
with the distribution. | ||
|
||
* The names of the contributors may not be used to endorse or | ||
promote products derived from this software without specific | ||
prior written permission. | ||
|
||
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS | ||
"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT | ||
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR | ||
A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT | ||
OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT | ||
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | ||
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | ||
THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | ||
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE | ||
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,82 @@ | ||
<?php | ||
/** | ||
* This file is part of ZeSecurity | ||
* | ||
* (c) 2012 ZendExperts <team@zendexperts.com> | ||
* | ||
* For the full copyright and license information, please view the LICENSE | ||
* file that was distributed with this source code. | ||
*/ | ||
namespace ZeSecurity; | ||
|
||
use Zend\ModuleManager\Feature\AutoloaderProviderInterface, | ||
Zend\Mvc\MvcEvent, | ||
IDS\MonitorFactory; | ||
|
||
/** | ||
* ZeSecurity Module class | ||
* @package ZeSecurity | ||
* @author Cosmin Harangus <cosmin@zendexperts.com> | ||
*/ | ||
class Module implements AutoloaderProviderInterface | ||
{ | ||
protected static $serviceManager = null; | ||
|
||
public function onBootstrap(MvcEvent $event) | ||
{ | ||
// Set the static service manager instance so we can use it everywhere in the module | ||
$app = $event->getApplication(); | ||
self::$serviceManager = $app->getServiceManager(); | ||
$idsMonitor = self::$serviceManager->get('ZeSecurityIDS'); | ||
|
||
$idsMonitor->detect(); | ||
unset($idsMonitor); | ||
} | ||
|
||
/** | ||
* Get Autoloader Config | ||
* @return array | ||
*/ | ||
public function getAutoloaderConfig() | ||
{ | ||
return array( | ||
'Zend\Loader\ClassMapAutoloader' => array( | ||
__DIR__ . '/autoload/classmap.php', | ||
), | ||
'Zend\Loader\StandardAutoloader' => array( | ||
'namespaces' => array( | ||
__NAMESPACE__ => __DIR__ . '/src/' . __NAMESPACE__, | ||
), | ||
), | ||
); | ||
} | ||
|
||
/** | ||
* Get Service Configuration | ||
* @return array | ||
*/ | ||
public function getServiceConfiguration(){ | ||
return include __DIR__ . '/config/service.config.php'; | ||
} | ||
|
||
/** | ||
* Get Module Configuration | ||
* @return mixed | ||
*/ | ||
public function getConfig() | ||
{ | ||
$config = include __DIR__ . '/config/module.config.php'; | ||
return $config; | ||
} | ||
|
||
/** | ||
* Return the ServiceManager instance | ||
* @static | ||
* @return \Zend\ServiceManager\ServiceManager | ||
*/ | ||
public static function getServiceManager() | ||
{ | ||
return static::$serviceManager; | ||
} | ||
|
||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,51 @@ | ||
ZeSecurity | ||
========== | ||
|
||
A ZF2 module that adds an out of the box security layer for your applications based on PHPIDS. | ||
ZeSecurity is a Zend Framework 2 module that integrates a security layer in your | ||
applications. It includes various components to manage security threats: | ||
|
||
IDS - Powered by [PHP IDS (Intrusion Detection System)](https://phpids.org/): | ||
----------------------------------------------------------------------------- | ||
|
||
This component scans any user input, be it sent via POST, GET or COOKIE and tries to see if the | ||
user input can be considered a threat. Any number of threat levels can be defined with various | ||
actions for each one via the configuration file. | ||
|
||
Using this component you can define multiple threat levels, what actions should be taken for each | ||
level and also register new plugins for handling attacks. | ||
|
||
Installation / Usage | ||
==================== | ||
|
||
ZeSecurity can be installed using Composer by simply adding the following lines to your composer.json file: | ||
|
||
"require": { | ||
"ZendExperts/ZeSecurity": "1.0.*" | ||
} | ||
|
||
Then run `php composer.phar update`. | ||
|
||
After the module is installed copy the "zesecurity.ids.global.php" file from "ZeSecurity/config/" in the "/config/autoload/" folder and | ||
modify the paths to temp, log or cache files: | ||
|
||
// define used paths by ZeSecurity IDS | ||
$ids = array( | ||
'log'=> __DIR__ . '/../../data/log/ze_security.ids.log', | ||
'tmp'=> __DIR__ . '/../../data/tmp/', | ||
'cache'=> __DIR__ . '/../../data/cache/ze_security.ids.cache' | ||
); | ||
|
||
In the same configuration file a default range of attack levels is defined with various actions for each one. | ||
|
||
Feel free to change them per your needs or define new actions in the actions array. By default the following actions are defined: | ||
- ignore: Do nothing with the attack report | ||
- log: Save a log message in a stream, email, db, etc. depending on the writter factory param. Currently only stream/file and email are defined. | ||
- notify: Send an email with the report using the options defined in the actions array for this action. | ||
- redirect: Redirect to a specific URL. | ||
- clean_session: Destroy the session to log out any users. When used along with redirect you can log out any users and redirect them to a specic page. | ||
|
||
Documentation | ||
============= | ||
Comming soon. | ||
|
||
In the meanwhile please be sure to check out the [PHP IDS (Intrusion Detection System)](https://phpids.org/) documentation. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
<?php | ||
/** | ||
* Generated Class-File Relation Config | ||
*/ | ||
$prefix = dirname(__DIR__) . ""; | ||
return array( | ||
|
||
); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
<?php | ||
return function ($class) { | ||
static $map; | ||
if (!$map) { | ||
$map = include __DIR__ . '/classmap.php'; | ||
} | ||
|
||
if (!isset($map[$class])) { | ||
return false; | ||
} | ||
return include $map[$class]; | ||
}; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
<?php | ||
spl_autoload_register(include __DIR__ . '/function.php'); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,31 @@ | ||
{ | ||
"name": "ZendExperts/ZeSecurity", | ||
"type": "library", | ||
"description": "ZeSecurity is a Zend Framework 2 module that adds an out of the box security layer for your applications based on PHPIDS(Intrusion Detection System)(https://phpids.org/).", | ||
"keywords": ["module", "zf2", "security", "phpids"], | ||
"homepage": "https://github.com/ZendExperts/ZeSecurity", | ||
"license": "New BSD", | ||
"authors": [ | ||
{ | ||
"name": "Cosmin Harangus", | ||
"homepage": "http://www.zendexperts.com" | ||
} | ||
], | ||
"require": { | ||
"php": ">=5.3.3" | ||
}, | ||
"autoload": { | ||
"psr-0": { | ||
"ZeSecurity": "src/", | ||
"IDS_": "vendor/" | ||
}, | ||
"classmap":[ | ||
"./" | ||
] | ||
}, | ||
"extra": { | ||
"branch-alias": { | ||
"dev-master": "1.0.x-dev" | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,72 @@ | ||
<?php | ||
return array( | ||
'zendexperts_security' => array( | ||
'IDS'=>array( | ||
'aggregate_in_session'=>true, | ||
'levels' =>array(), | ||
'actions' => array( | ||
'ignore' => array( | ||
'class' => 'ZeSecurity\IDS\Action\Ignore', | ||
), | ||
'redirect' => array( | ||
'class' => 'ZeSecurity\IDS\Action\Redirect', | ||
'options' => array( | ||
'url'=>'/' | ||
) | ||
), | ||
'clean_session' => array( | ||
'class' => 'ZeSecurity\IDS\Action\CleanSession', | ||
'options'=> array( | ||
'send_expire_cookie' => true, | ||
'clear_storage' => true, | ||
), | ||
) | ||
), | ||
'options'=>array( | ||
'General'=>array( | ||
'filter_type' => 'xml', | ||
'filter_path' => __DIR__ . '/../vendor/IDS/default_filter.xml', | ||
// 'base_path' => __DIR__ . '/../vendor/IDS/', | ||
'use_base_path' => false, | ||
// 'tmp_path' => __DIR__ . '/../../../data/tmp/', | ||
'scan_keys' => false, | ||
// in case you want to use a different HTMLPurifier source, specify it here | ||
// By default, those files are used that are being shipped with PHPIDS | ||
'HTML_Purifier_Path' => 'vendors/htmlpurifier/HTMLPurifier.auto.php', | ||
'HTML_Purifier_Cache' => 'vendors/htmlpurifier/HTMLPurifier/DefinitionCache/Serializer', | ||
// define which fields contain html and need preparation before hitting the PHPIDS rules(new in PHPIDS 0.5) | ||
'html' => array(), | ||
// define which fields contain JSON data and should be treated as such; for fewer false positives(new in PHPIDS 0.5.3) | ||
'json' => array(), | ||
// define which fields shouldn't be monitored (a[b]=c should be referenced via a.b) | ||
// you can use regular expressions for wildcard exceptions - example: /.*foo/i | ||
'exceptions' => array( | ||
'GET.__utmz', | ||
'GET.__utmc' | ||
), | ||
'min_php_version' => '5.1.6', | ||
), | ||
'Caching'=>array( | ||
//caching: session|file|database|memcached|none | ||
'caching' => 'none', | ||
'expiration_time' => 600, | ||
// 'path' => __DIR__ . '/../../../data/cache/ze_security.ids.cache', | ||
// 'path' => 'tmp/default_filter.cache' | ||
/** | ||
; database cache | ||
wrapper = "mysql:host=localhost;port=3306;dbname=phpids" | ||
user = phpids_user | ||
password = 123456 | ||
table = cache | ||
; memcached | ||
;host = localhost | ||
;port = 11211 | ||
;key_prefix = PHPIDS | ||
*/ | ||
), | ||
) | ||
) | ||
), | ||
|
||
); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
<?php | ||
return array( | ||
'factories' => array( | ||
'ZeSecurityIDS' =>'ZeSecurity\IDS\MonitorFactory', | ||
) | ||
); |
Oops, something went wrong.