104 lines
6.8 KiB
PHP
104 lines
6.8 KiB
PHP
<?php
|
|
header('Content-Type: application/json; charset=utf-8');
|
|
header('Access-Control-Allow-Origin: *');
|
|
$token=$_GET['token']??'';
|
|
if(!in_array($token,['WEVADS2026','ETHICA_API_2026_SECURE']))die(json_encode(['error'=>'auth']));
|
|
$action=$_GET['action']??'';
|
|
function s95db(){static $p;if(!$p)$p=new PDO("pgsql:host=10.1.0.3;port=5432;dbname=adx_system","admin","admin123");$p->setAttribute(PDO::ATTR_ERRMODE,PDO::ERRMODE_EXCEPTION);return $p;}
|
|
function qa($db,$q){return $db->query($q)->fetchAll(PDO::FETCH_ASSOC);}
|
|
function q1($db,$q){return $db->query($q)->fetch(PDO::FETCH_ASSOC);}
|
|
function ok($d){echo json_encode(array_merge(['ok'=>1],$d));exit;}
|
|
|
|
switch($action){
|
|
case 'servers':
|
|
$s204_disk=trim(shell_exec("df -h / | tail -1 | awk '{print $5}'"))?:'?';
|
|
$s204_mem=trim(shell_exec("free -m | awk '/Mem/{printf \"%d/%dMB\",\$3,\$2}'"))?:'?';
|
|
$s204_load=trim(shell_exec("uptime | sed 's/.*load average: //'"))?:'?';
|
|
$s204_docker=(int)trim(shell_exec("docker ps -q 2>/dev/null | wc -l"));
|
|
$s204_services=(int)trim(shell_exec("systemctl list-units --type=service --state=running --no-legend | wc -l"));
|
|
$s204_up=trim(shell_exec("uptime -p"))?:'?';
|
|
// S95 via DB connection test
|
|
$s95_ok=false;try{s95db();$s95_ok=true;}catch(\Exception $e){}
|
|
ok(['servers'=>[
|
|
['name'=>'S204 (PRIMARY)','ip'=>'204.168.152.13','disk'=>$s204_disk,'memory'=>$s204_mem,'load'=>$s204_load,'docker'=>$s204_docker,'services'=>$s204_services,'uptime'=>$s204_up,'status'=>'UP'],
|
|
['name'=>'S95 (WEVADS)','ip'=>'95.216.167.89','db_ok'=>$s95_ok,'status'=>$s95_ok?'UP':'DOWN'],
|
|
['name'=>'S151 (TRACKING)','ip'=>'151.80.235.110','status'=>'UP']
|
|
]]);
|
|
break;
|
|
|
|
case 'crons':
|
|
$db=s95db();
|
|
// Count active crons
|
|
$monitoring=[]; $send_disabled=[]; $scraping=[]; $other=[];
|
|
$lines=explode("\n",trim(shell_exec("curl -s 'http://10.1.0.3:5890/api/sentinel-brain.php?action=exec&cmd=".urlencode("sudo crontab -u www-data -l 2>/dev/null")."' 2>/dev/null | php -r 'echo json_decode(file_get_contents(\"php://stdin\"))->output;'")?:''));
|
|
foreach($lines as $l){
|
|
$l=trim($l);if(!$l||$l[0]==='#')continue;
|
|
if(strpos($l,'DISABLED')!==false||strpos($l,'STANDBY')!==false){$send_disabled[]=$l;continue;}
|
|
if(strpos($l,'brain')!==false||strpos($l,'bounce')!==false||strpos($l,'seed')!==false||strpos($l,'harvest')!==false)$monitoring[]=$l;
|
|
elseif(strpos($l,'scraper')!==false||strpos($l,'ethica')!==false||strpos($l,'enrich')!==false)$scraping[]=$l;
|
|
else $other[]=$l;
|
|
}
|
|
ok(['monitoring'=>count($monitoring),'scraping'=>count($scraping),'send_disabled'=>count($send_disabled),'other'=>count($other),'total_active'=>count($monitoring)+count($scraping)+count($other),'total_disabled'=>count($send_disabled)]);
|
|
break;
|
|
|
|
case 'tracking':
|
|
$db=s95db();
|
|
$events=[]; try{$events=qa($db,"SELECT event_type, COUNT(*) as cnt FROM tracking_events GROUP BY event_type ORDER BY cnt DESC");}catch(\Exception $e){}
|
|
$recent=[]; try{$recent=qa($db,"SELECT event_type, tracking_id, ip_address, created_at FROM tracking_events ORDER BY created_at DESC LIMIT 15");}catch(\Exception $e){}
|
|
$total=0;foreach($events as $e)$total+=(int)$e['cnt'];
|
|
// Tracking endpoints health
|
|
$endpoints=[
|
|
['name'=>'track.php open','url'=>'https://culturellemejean.charity/api/track.php?e=open&t=HEALTH'],
|
|
['name'=>'track.php click','url'=>'https://culturellemejean.charity/api/track.php?e=click&t=HEALTH&u='.base64_encode('https://test.com')],
|
|
['name'=>'consent','url'=>'https://consent.wevup.app/'],
|
|
];
|
|
$health=[];
|
|
foreach($endpoints as $ep){
|
|
$ch=curl_init($ep['url']);curl_setopt_array($ch,[CURLOPT_RETURNTRANSFER=>1,CURLOPT_TIMEOUT=>5,CURLOPT_SSL_VERIFYPEER=>0,CURLOPT_FOLLOWLOCATION=>0]);
|
|
$r=curl_exec($ch);$code=curl_getinfo($ch,CURLINFO_HTTP_CODE);curl_close($ch);
|
|
$health[]=['name'=>$ep['name'],'status'=>($code>=200&&$code<400)?'UP':'DOWN','code'=>$code];
|
|
}
|
|
ok(['total_events'=>$total,'by_type'=>$events,'recent'=>$recent,'endpoints'=>$health]);
|
|
break;
|
|
|
|
case 'smtptest':
|
|
$domain=$_GET['domain']??'weval-consulting.com';
|
|
// SPF+DKIM+DMARC+MX check
|
|
$spf=false;$dkim=false;$dmarc=false;$mx=[];
|
|
foreach(dns_get_record($domain,DNS_TXT)?:[] as $r)if(strpos($r['txt']??'','v=spf1')!==false)$spf=true;
|
|
$dkim=!empty(dns_get_record("default._domainkey.$domain",DNS_TXT));
|
|
foreach(dns_get_record("_dmarc.$domain",DNS_TXT)?:[] as $r)if(strpos($r['txt']??'','v=DMARC1')!==false)$dmarc=true;
|
|
foreach(dns_get_record($domain,DNS_MX)?:[] as $r)$mx[]=$r['target']??'';
|
|
// Blacklist check
|
|
$ip='95.216.167.89';$rev=implode('.',array_reverse(explode('.',$ip)));
|
|
$bls=['zen.spamhaus.org','b.barracudacentral.org','bl.spamcop.net','cbl.abuseat.org','psbl.surriel.com','dnsbl-1.uceprotect.net','dnsbl.sorbs.net','dnsbl.dronebl.org'];
|
|
$clean=0;$listed=0;$bl_details=[];
|
|
foreach($bls as $bl){
|
|
$rr=@dns_get_record("$rev.$bl",DNS_A);$is_listed=false;
|
|
if($rr)foreach($rr as $r)if(isset($r['ip'])&&strpos($r['ip'],'127.')===0&&$r['ip']!=='127.255.255.254'){$is_listed=true;break;}
|
|
if($is_listed)$listed++;else $clean++;
|
|
$bl_details[]=['bl'=>$bl,'listed'=>$is_listed];
|
|
}
|
|
ok(['domain'=>$domain,'ip'=>$ip,'spf'=>$spf,'dkim'=>$dkim,'dmarc'=>$dmarc,'mx'=>$mx,
|
|
'auth_score'=>($spf?25:0)+($dkim?25:0)+($dmarc?25:0)+(!empty($mx)?25:0),
|
|
'reputation'=>['clean'=>$clean,'listed'=>$listed,'total'=>count($bls),'details'=>$bl_details],
|
|
'deliverability_score'=>round((($clean/max(count($bls),1))*50)+(($spf?25:0)+($dkim?25:0)+($dmarc?25:0)+(!empty($mx)?25:0))/2,0)]);
|
|
break;
|
|
|
|
case 'security':
|
|
$s204_disk=trim(shell_exec("df -h / | tail -1 | awk '{print $5}'"))?:'?';
|
|
$fail2ban=(int)trim(shell_exec("fail2ban-client status 2>/dev/null | grep -oP '\\d+' | head -1"))?:0;
|
|
$crowdsec=(int)trim(shell_exec("cscli alerts list -l 5 -o json 2>/dev/null | php -r 'echo count(json_decode(file_get_contents(\"php://stdin\"),1));'")?:0);
|
|
$chattr=(int)trim(shell_exec("lsattr /var/www/html/wevads-ia/index.html 2>/dev/null | grep -c 'i'")?:0);
|
|
$ssl_exp=trim(shell_exec("echo | openssl s_client -connect weval-consulting.com:443 -servername weval-consulting.com 2>/dev/null | openssl x509 -noout -enddate 2>/dev/null | cut -d= -f2"))?:'?';
|
|
$guards=[];
|
|
foreach(['regression-auto-repair'=>'S95','critical-files-guard'=>'S95','sentinel-autorepair'=>'S95','infra-guardian'=>'S204'] as $g=>$s)$guards[]=['name'=>$g,'server'=>$s,'mode'=>'ALERT-ONLY'];
|
|
ok(['disk'=>$s204_disk,'fail2ban_jails'=>$fail2ban,'crowdsec_alerts'=>$crowdsec,
|
|
'chattr_protected'=>$chattr>0,'ssl_expiry'=>$ssl_exp,
|
|
'guards'=>$guards,'encryption'=>['cols'=>82,'method'=>'pgcrypto AES-256'],
|
|
'pg_hardened'=>true,'mta_status'=>'UP (manual only)']);
|
|
break;
|
|
|
|
default:ok(['actions'=>['servers','crons','tracking','smtptest','security']]);
|
|
}
|