def buildOutgoing(self, layout, row, col): outgoing = QGroupBox(self) outgoing.setTitle(tr('Outgoing emails')) outgoing_layout = QGridLayout(outgoing) relayed_net = NetworkListEdit(self) relayed_net.setMaximumHeight(relayed_net.fontMetrics().height() * 5) self.connect(relayed_net, SIGNAL("textChanged()"), self.setMailModified) outgoing_layout.addWidget(QLabel(tr('Networks for which EdenWall relays emails')), 0, 0) outgoing_layout.addWidget(relayed_net, 1, 0, 1, 2) outgoing_layout.addWidget(QLabel(tr( """If outgoing mail should be relayed through a 'smarthost', configure this host in the "Contact" page of the "Services" tab.""" ))) layout.addWidget(outgoing, row, col) return relayed_net
def _mkPushedRoutes(self, lines): pushed_routes = NetworkListEdit() pushed_routes.setMaximumHeight( pushed_routes.fontMetrics().height() * lines ) return pushed_routes
def buildInterface(self): frame = QFrame() grid = QGridLayout(frame) self.setWidget(frame) self.setWidgetResizable(True) title = u'<h1>%s</h1>' % self.tr('Intrusion detection/prevention system') grid.addWidget(QLabel(title), 0, 0, 1, 2) #fromrow, fromcol, rowspan, colspan self.activation_box = self.mkCheckBox(tr('Enable IDS-IPS')) self.connect(self.activation_box, SIGNAL('stateChanged(int)'), self.config.setEnabled) grid.addWidget(self.activation_box, 1, 0) alerts, sub_form = mkGroupBox(tr('Alerts (IDS)')) self.alert_threshold = QDoubleSpinBox() sub_form.addRow(tr('Threshold for rule selection'), self.alert_threshold) self.connect(self.alert_threshold, SIGNAL('valueChanged(double)'), self.setAlertThreshold) self.connect(self.alert_threshold, SIGNAL('valueChanged(double)'), self.setModified) self.threshold_message = QLabel() self.threshold_message.setWordWrap(True) sub_form.addRow(self.threshold_message) self.alert_count_message = QLabel() self.alert_count_message.setWordWrap(True) sub_form.addRow(self.alert_count_message) self.threshold_range = MessageArea() sub_form.addRow(self.threshold_range) grid.addWidget(alerts, 2, 0) blocking, sub_form = mkGroupBox(tr('Blocking (IPS)')) self.block = self.mkCheckBox(tr('Block')) self.connect(self.block, SIGNAL('stateChanged(int)'), self.config.setBlockingEnabled) sub_form.addRow(self.block) self.drop_threshold = QDoubleSpinBox() sub_form.addRow(tr('Rule selection threshold for blocking'), self.drop_threshold) self.drop_count_message = QLabel() self.drop_count_message.setWordWrap(True) sub_form.addRow(self.drop_count_message) self.connect(self.drop_threshold, SIGNAL('valueChanged(double)'), self.setDropThreshold) self.connect(self.drop_threshold, SIGNAL('valueChanged(double)'), self.setModified) self.connect( self.block, SIGNAL('stateChanged(int)'), self.drop_threshold.setEnabled ) grid.addWidget(blocking, 2, 1) antivirus, sub_form = mkGroupBox(tr('Antivirus')) self.antivirus_toggle = self.mkCheckBox(tr('Enable antivirus ')) self.connect(self.antivirus_toggle, SIGNAL('stateChanged(int)'), self.config.setAntivirusEnabled) self.antivirus_message = QLabel() self.antivirus_message.setWordWrap(True) sub_form.addRow(self.antivirus_toggle) sub_form.addRow(self.antivirus_message) network, sub_form = mkGroupBox(tr('Protected networks')) self.networks = NetworkListEdit() self.connect(self.networks, SIGNAL('textChanged()'), self.setProtectedNetworks) self.networks_message = QLabel() self.networks_message.setWordWrap(True) sub_form.addRow(self.networks) sub_form.addRow(self.networks_message) grid.addWidget(antivirus, 3, 0) grid.addWidget(network, 3, 1) if HAVE_NULOG: fragment = Fragment('IDSIPSTable') fragment.load({'type': 'IDSIPSTable', 'title': tr('IDS-IPS Logs'), 'view': 'table', 'args': {} }) fragwidget = FragmentFrame(fragment, {}, self.client, parent=self) grid.addWidget(fragwidget, 4, 0, 1, 2) #fromrow, fromcol, rowspan, colspan fragwidget.updateData() self.frag = fragwidget self.mainwindow.writeAccessNeeded( self.activation_box, self.alert_threshold, self.block, self.drop_threshold, self.antivirus_toggle, self.networks, )
class IdsIpsFrontend(ScrollArea): COMPONENT = 'ids_ips' LABEL = tr('IDS/IPS') REQUIREMENTS = ('ids_ips',) ICON = ':/icons/monitoring.png' def __init__(self, client, parent): ScrollArea.__init__(self) if not EDENWALL: raise NuConfModuleDisabled("idsips") self.client = client self.mainwindow = parent self._modified = False self.error_message = '' self._not_modifying = True self.config = None self.resetConf(no_interface=True) self.buildInterface() self.updateView() @staticmethod def get_calls(): """ services called by initial multicall """ return (("ids_ips", 'getIdsIpsConfig'),) def setModified(self): if self._modified or self._not_modifying: return self._modified = True self.emit(SIGNAL('modified')) self.mainwindow.setModified(self) def mkCheckBox(self, title): checkbox = QCheckBox(title) self.connect(checkbox, SIGNAL('stateChanged(int)'), self.setModified) return checkbox def buildInterface(self): frame = QFrame() grid = QGridLayout(frame) self.setWidget(frame) self.setWidgetResizable(True) title = u'<h1>%s</h1>' % self.tr('Intrusion detection/prevention system') grid.addWidget(QLabel(title), 0, 0, 1, 2) #fromrow, fromcol, rowspan, colspan self.activation_box = self.mkCheckBox(tr('Enable IDS-IPS')) self.connect(self.activation_box, SIGNAL('stateChanged(int)'), self.config.setEnabled) grid.addWidget(self.activation_box, 1, 0) alerts, sub_form = mkGroupBox(tr('Alerts (IDS)')) self.alert_threshold = QDoubleSpinBox() sub_form.addRow(tr('Threshold for rule selection'), self.alert_threshold) self.connect(self.alert_threshold, SIGNAL('valueChanged(double)'), self.setAlertThreshold) self.connect(self.alert_threshold, SIGNAL('valueChanged(double)'), self.setModified) self.threshold_message = QLabel() self.threshold_message.setWordWrap(True) sub_form.addRow(self.threshold_message) self.alert_count_message = QLabel() self.alert_count_message.setWordWrap(True) sub_form.addRow(self.alert_count_message) self.threshold_range = MessageArea() sub_form.addRow(self.threshold_range) grid.addWidget(alerts, 2, 0) blocking, sub_form = mkGroupBox(tr('Blocking (IPS)')) self.block = self.mkCheckBox(tr('Block')) self.connect(self.block, SIGNAL('stateChanged(int)'), self.config.setBlockingEnabled) sub_form.addRow(self.block) self.drop_threshold = QDoubleSpinBox() sub_form.addRow(tr('Rule selection threshold for blocking'), self.drop_threshold) self.drop_count_message = QLabel() self.drop_count_message.setWordWrap(True) sub_form.addRow(self.drop_count_message) self.connect(self.drop_threshold, SIGNAL('valueChanged(double)'), self.setDropThreshold) self.connect(self.drop_threshold, SIGNAL('valueChanged(double)'), self.setModified) self.connect( self.block, SIGNAL('stateChanged(int)'), self.drop_threshold.setEnabled ) grid.addWidget(blocking, 2, 1) antivirus, sub_form = mkGroupBox(tr('Antivirus')) self.antivirus_toggle = self.mkCheckBox(tr('Enable antivirus ')) self.connect(self.antivirus_toggle, SIGNAL('stateChanged(int)'), self.config.setAntivirusEnabled) self.antivirus_message = QLabel() self.antivirus_message.setWordWrap(True) sub_form.addRow(self.antivirus_toggle) sub_form.addRow(self.antivirus_message) network, sub_form = mkGroupBox(tr('Protected networks')) self.networks = NetworkListEdit() self.connect(self.networks, SIGNAL('textChanged()'), self.setProtectedNetworks) self.networks_message = QLabel() self.networks_message.setWordWrap(True) sub_form.addRow(self.networks) sub_form.addRow(self.networks_message) grid.addWidget(antivirus, 3, 0) grid.addWidget(network, 3, 1) if HAVE_NULOG: fragment = Fragment('IDSIPSTable') fragment.load({'type': 'IDSIPSTable', 'title': tr('IDS-IPS Logs'), 'view': 'table', 'args': {} }) fragwidget = FragmentFrame(fragment, {}, self.client, parent=self) grid.addWidget(fragwidget, 4, 0, 1, 2) #fromrow, fromcol, rowspan, colspan fragwidget.updateData() self.frag = fragwidget self.mainwindow.writeAccessNeeded( self.activation_box, self.alert_threshold, self.block, self.drop_threshold, self.antivirus_toggle, self.networks, ) def closeEvent(self, event): if hasattr(self, 'frag'): self.frag.destructor() def setAlertThreshold(self): self.config.alert_threshold = self.alert_threshold.value() def setProtectedNetworks(self): if self.networks.isValid(): self.config.networks = self.networks.value() self.setModified() def setDropThreshold(self): self.config.drop_threshold = self.drop_threshold.value() def resetConf(self, no_interface=False): serialized = self.mainwindow.init_call("ids_ips", u'getIdsIpsConfig') self.config = IdsIpsCfg.deserialize(serialized) self._modified = False if no_interface: return self.updateView() def isValid(self): self.error_message = "" if self.config.block and \ self.config.drop_threshold < self.config.alert_threshold: self.error_message = \ tr('Inconsistent configuration (IDS-IPS thresholds): ') + \ tr("the threshold for blocking rules must be greater than the threshold for alerting.") return False if self.config.enabled and not self.networks.value(): self.error_message = tr('You must add some networks in the "Protected networks" area before you can enable the IDS-IPS service.') return False ok, msg = self.config.isValidWithMsg() if not ok: self.error_message = msg return False return True def saveConf(self, message): serialized = self.config.serialize() self.client.call("ids_ips", 'setIdsIpsConfig', serialized, message) self.mainwindow.addNeutralMessage(tr("IDS - IPS configuration saved")) self._modified = False self.update_counts() def updateView(self): self._not_modifying = True italic_start = u'<span style="font-style:italic;">' close_span = u'</span>' self.activation_box.setChecked( Qt.Checked if self.config.enabled else Qt.Unchecked ) self.block.setChecked( Qt.Checked if self.config.block else Qt.Unchecked ) try: (score_min, score_max) = self.client.call("ids_ips", 'minmaxScores') except RpcdError: (score_min, score_max) = (-1, -1) self.mainwindow.addToInfoArea(tr('IDS-IPS: Could not compute the min/max scores.')) self.alert_threshold.setRange(score_min, score_max) self.drop_threshold.setRange(score_min, score_max) self.threshold_range.setMessage(tr('Current range'), "%s %s %s %s" %( tr("The scores for the current rules range from"), score_min, tr("to"), score_max) ) self.alert_threshold.setValue(self.config.alert_threshold) self.drop_threshold.setValue(self.config.drop_threshold) self.drop_threshold.setEnabled(self.block.checkState()) help = u'%s %s %s' % ( italic_start, tr("The rules are selected according to a level of confidence with regard to " "false positives (the greater the threshold, the fewer rules selected)."), close_span ) self.threshold_message.setText(help) warning = italic_start + tr('Warning: This may degrade the performances of the firewall') + u'</span>' self.antivirus_message.setText(warning) self.antivirus_toggle.setChecked( Qt.Checked if self.config.antivirus_enabled else Qt.Unchecked ) self.networks_message.setText(u'%s%s%s' % ( italic_start, tr('You may add a network definition per line'), close_span ) ) self.networks.setIpAddrs(self.config.networks) self.update_counts() self._not_modifying = False def isModified(self): return self._modified def update_counts(self): try: (alert_count, drop_count, available_count) = \ self.client.call("ids_ips", 'getSelectedRulesCounts', [self.alert_threshold.value(), self.drop_threshold.value()]) except RpcdError: (alert_count, drop_count, available_count) = (-1, -1, -1) self.mainwindow.addToInfoArea(tr('IDS-IPS: Could not count the selected rules.')) self.alert_count_message.setText( tr('A threshold of ') + unicode(self.config.alert_threshold) + tr(' selects ') + unicode(alert_count) + tr(' rules out of ') + unicode(available_count) + tr('.')) if self.config.block: self.drop_count_message.setText( tr('A threshold of ') + unicode(self.config.drop_threshold) + tr(' selects ') + unicode(drop_count) + tr(' blocking rules out of ') + unicode(available_count) + tr('.')) else: self.drop_count_message.setText('')
def __init__(self, client, parent): self.__loading = True ScrollArea.__init__(self) self.mainwindow = parent self.client = client self.modified = False self.qauthcertobject = QAuthCertObject.getInstance() frame = QFrame(self) layout = QVBoxLayout(frame) layout.addWidget(QLabel('<H1>%s</H1>' % tr('Authentication server') )) head_box = QGroupBox(tr("How the authentication server handles certificates")) head = QFormLayout(head_box) self.strictCheckBox = QCheckBox() head.addRow(QLabel(tr("Strict mode (check the client's certificate against the installed CA)")), self.strictCheckBox) self.connect(self.strictCheckBox, SIGNAL('toggled(bool)'), self.setStrict) self.cl_auth_box = QGroupBox(tr("Client authentication with a certificate is")) cl_auth = QVBoxLayout(self.cl_auth_box) self.auth_by_cert = QButtonGroup() self.auth_by_cert.setExclusive(True) self.mainwindow.writeAccessNeeded(self.strictCheckBox) labels = [tr('forbidden'), tr('allowed'), tr('mandatory')] for index, label_button in enumerate(labels): button = QRadioButton(label_button) self.auth_by_cert.addButton(button, index) cl_auth.addWidget(button) self.mainwindow.writeAccessNeeded(button) self.auth_by_cert.button(0).setChecked(Qt.Checked) self.connect(self.auth_by_cert, SIGNAL('buttonClicked(int)'), self.auth_by_cert_modified) # Captive portal # -------------- self.portal_groupbox = QGroupBox(tr("Captive portal")) self.portal_groupbox.setLayout(QVBoxLayout()) # Enabled checkbox: self.portal_checkbox = QCheckBox(tr("Enable captive portal")) self.connect(self.portal_checkbox, SIGNAL('toggled(bool)'), self.setPortalEnabled) # List of networks redirected to the captive portal: self.portal_nets_groupbox = QGroupBox( tr("Networks handled by the captive portal")) self.portal_nets_groupbox.setLayout(QVBoxLayout()) self.portal_nets_edit = NetworkListEdit() self.connect(self.portal_nets_edit, SIGNAL('textChanged()'), self.setPortalNets) self.portal_nets_groupbox.layout().addWidget(self.portal_nets_edit) # Pack the widgets: for widget in (self.portal_checkbox, self.portal_nets_groupbox): self.portal_groupbox.layout().addWidget(widget) self.mainwindow.writeAccessNeeded(self.portal_checkbox) self.mainwindow.writeAccessNeeded(self.portal_nets_edit) if not EDENWALL: self.portal_groupbox.setVisible(False) # authentication server self.pki_widget = PkiEmbedWidget(self.client, self, 'auth_cert', PkiEmbedWidget.SHOW_ALL|PkiEmbedWidget.CRL_OPTIONAL, self.setModified) self.mainwindow.writeAccessNeeded(self.pki_widget) layout.addWidget(head_box) layout.addWidget(self.cl_auth_box) layout.addWidget(self.portal_groupbox) layout.addWidget(self.pki_widget) layout.addStretch() self.setWidget(frame) self.setWidgetResizable(True) self.resetConf() self.__loading = False
class AuthenticationFrontend(ScrollArea): COMPONENT = 'auth_cert' LABEL = tr('Authentication server') REQUIREMENTS = ('auth_cert',) ICON = ':/icons/auth_protocol.png' def __init__(self, client, parent): self.__loading = True ScrollArea.__init__(self) self.mainwindow = parent self.client = client self.modified = False self.qauthcertobject = QAuthCertObject.getInstance() frame = QFrame(self) layout = QVBoxLayout(frame) layout.addWidget(QLabel('<H1>%s</H1>' % tr('Authentication server') )) head_box = QGroupBox(tr("How the authentication server handles certificates")) head = QFormLayout(head_box) self.strictCheckBox = QCheckBox() head.addRow(QLabel(tr("Strict mode (check the client's certificate against the installed CA)")), self.strictCheckBox) self.connect(self.strictCheckBox, SIGNAL('toggled(bool)'), self.setStrict) self.cl_auth_box = QGroupBox(tr("Client authentication with a certificate is")) cl_auth = QVBoxLayout(self.cl_auth_box) self.auth_by_cert = QButtonGroup() self.auth_by_cert.setExclusive(True) self.mainwindow.writeAccessNeeded(self.strictCheckBox) labels = [tr('forbidden'), tr('allowed'), tr('mandatory')] for index, label_button in enumerate(labels): button = QRadioButton(label_button) self.auth_by_cert.addButton(button, index) cl_auth.addWidget(button) self.mainwindow.writeAccessNeeded(button) self.auth_by_cert.button(0).setChecked(Qt.Checked) self.connect(self.auth_by_cert, SIGNAL('buttonClicked(int)'), self.auth_by_cert_modified) # Captive portal # -------------- self.portal_groupbox = QGroupBox(tr("Captive portal")) self.portal_groupbox.setLayout(QVBoxLayout()) # Enabled checkbox: self.portal_checkbox = QCheckBox(tr("Enable captive portal")) self.connect(self.portal_checkbox, SIGNAL('toggled(bool)'), self.setPortalEnabled) # List of networks redirected to the captive portal: self.portal_nets_groupbox = QGroupBox( tr("Networks handled by the captive portal")) self.portal_nets_groupbox.setLayout(QVBoxLayout()) self.portal_nets_edit = NetworkListEdit() self.connect(self.portal_nets_edit, SIGNAL('textChanged()'), self.setPortalNets) self.portal_nets_groupbox.layout().addWidget(self.portal_nets_edit) # Pack the widgets: for widget in (self.portal_checkbox, self.portal_nets_groupbox): self.portal_groupbox.layout().addWidget(widget) self.mainwindow.writeAccessNeeded(self.portal_checkbox) self.mainwindow.writeAccessNeeded(self.portal_nets_edit) if not EDENWALL: self.portal_groupbox.setVisible(False) # authentication server self.pki_widget = PkiEmbedWidget(self.client, self, 'auth_cert', PkiEmbedWidget.SHOW_ALL|PkiEmbedWidget.CRL_OPTIONAL, self.setModified) self.mainwindow.writeAccessNeeded(self.pki_widget) layout.addWidget(head_box) layout.addWidget(self.cl_auth_box) layout.addWidget(self.portal_groupbox) layout.addWidget(self.pki_widget) layout.addStretch() self.setWidget(frame) self.setWidgetResizable(True) self.resetConf() self.__loading = False def setModified(self, isModified=True, message=""): if self.__loading: return if isModified: self.modified = True self.mainwindow.setModified(self, True) if message: self.mainwindow.addToInfoArea(message) else: self.modified = False def setModifiedCallback(self, *unused): self.setModified() def isModified(self): return self.modified def saveConf(self, message): self.qauthcertobject.auth_cert.auth_by_cert = self.auth_by_cert.checkedId() conf = self.pki_widget.getConfig() self.qauthcertobject.auth_cert.setSSLDict(conf) serialized = self.qauthcertobject.auth_cert.serialize(downgrade=True) self.client.call('auth_cert', 'setAuthCertConfig', serialized, message) def resetConf(self): auth_cert_loaded = self._reset_helper( 'auth_cert', 'getAuthCertConfig', self.qauthcertobject, tr("Authentication interface enabled"), tr("Authentication disabled: backend not loaded") ) self.setModified(False) remote = self.qauthcertobject.auth_cert.getReceivedSerialVersion() if remote < 3: self.mainwindow.addWarningMessage(tr('Captive portal configuration disabled: this frontend and your appliance software versions are not compatible.')) enable_portal = ( auth_cert_loaded and EDENWALL and remote >= 3 ) self.portal_groupbox.setVisible(enable_portal) if not auth_cert_loaded: return self.strictCheckBox.setChecked(self.qauthcertobject.auth_cert.strict) if not self.qauthcertobject.auth_cert.auth_by_cert: self.qauthcertobject.auth_cert.auth_by_cert = 0 self.auth_by_cert.button( self.qauthcertobject.auth_cert.auth_by_cert).setChecked(True) # Captive portal: self.portal_checkbox.setChecked( self.qauthcertobject.auth_cert.portal_enabled) self.portal_nets_edit.setIpAddrs( self.qauthcertobject.auth_cert.portal_nets) # Certificate (PKI): pki_conf = self.qauthcertobject.auth_cert.getSSLDict() self.pki_widget.setConfig(pki_conf) def error(self, message): self.mainwindow.addToInfoArea(message, category=COLOR_ERROR) def auth_by_cert_modified(self, idbox): button_name = self.auth_by_cert.button(idbox).text() info = tr("Certificates - Authentication with client certificate : '%s'") % button_name self.setModified(message=info) def setPortalEnabled(self, value): if value != self.qauthcertobject.auth_cert.portal_enabled: self.qauthcertobject.auth_cert.setPortalEnabled(value) self.setModified() def setPortalNets(self): if self.portal_nets_edit.isValid(): self.qauthcertobject.auth_cert.setPortalNets( self.portal_nets_edit.value()) self.setModified() def setStrict(self, value): if value != self.qauthcertobject.auth_cert.strict: self.qauthcertobject.auth_cert.setStrict(value) self.setModified() self.cl_auth_box.setEnabled(value) def isValid(self): cert_validity = self.pki_widget.validate() if cert_validity is not None: self.error_message = '<br/>' + cert_validity + '<br/>' self.mainwindow.addToInfoArea(cert_validity, category=COLOR_ERROR) return False return True def onApplyFinished(self): self.pki_widget.feed()