yanis/wevads-platform
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
wevads-platform/scripts/api_security-monitor.php
Yacineutt efb76e0234 BASELINE 26-02-2026 Cursor 5 servers
2026-02-26 04:53:11 +01:00

60 lines
2.2 KiB
PHP
Executable File
Raw Permalink Blame History

<?php
header('Content-Type: application/json');
header('Access-Control-Allow-Origin: *');
$alerts = [];
$db_connections = [];
// Connexions PostgreSQL actives
$pg_connections = shell_exec("sudo -u postgres psql -t -c \"SELECT pid, usename, client_addr, state, query FROM pg_stat_activity WHERE state != 'idle' AND query NOT LIKE '%pg_stat_activity%' LIMIT 20;\" 2>/dev/null");
if ($pg_connections) {
$lines = array_filter(explode("\n", trim($pg_connections)));
foreach ($lines as $line) {
$parts = array_map('trim', explode('|', $line));
if (count($parts) >= 4 && !empty($parts[0])) {
$query = isset($parts[4]) ? $parts[4] : '';
$is_suspicious = preg_match('/(DROP|DELETE FROM|TRUNCATE|pg_dump|COPY.*TO)/i', $query);
$db_connections[] = [
'pid' => $parts[0],
'user' => $parts[1],
'client_ip' => $parts[2] ?: 'local',
'state' => $parts[3],
'query' => substr($query, 0, 100),
'suspicious' => $is_suspicious
];
if ($is_suspicious) {
$alerts[] = ['type' => 'DATABASE', 'severity' => 'HIGH', 'message' => 'Suspicious query: ' . substr($query, 0, 50), 'source_ip' => $parts[2] ?: 'local', 'time' => date('H:i:s')];
}
}
}
}
// Sessions SSH
$ssh_sessions = shell_exec("who 2>/dev/null");
$ssh_list = [];
if ($ssh_sessions) {
$lines = array_filter(explode("\n", trim($ssh_sessions)));
foreach ($lines as $line) {
if (preg_match('/^(\S+)\s+(\S+)\s+(\S+ \S+ \S+)\s+\(([^)]+)\)/', $line, $m)) {
$ssh_list[] = ['user' => $m[1], 'terminal' => $m[2], 'login_time' => $m[3], 'ip' => $m[4]];
}
}
}
$alert_counts = [
'critical' => count(array_filter($alerts, fn($a) => $a['severity'] === 'CRITICAL')),
'high' => count(array_filter($alerts, fn($a) => $a['severity'] === 'HIGH')),
'medium' => count(array_filter($alerts, fn($a) => $a['severity'] === 'MEDIUM'))
];
echo json_encode([
'alerts' => $alerts,
'alert_counts' => $alert_counts,
'db_connections' => $db_connections,
'ssh_sessions' => $ssh_list,
'total_alerts' => count($alerts),
'timestamp' => date('Y-m-d H:i:s')
]);
Reference in New Issue View Git Blame Copy Permalink