function main_page($viewall, $sortby, $sortdir)
{
global $uroles, $username, $dbconn;
global $arruser, $user, $rs_page;
$dbconn->SetFetchMode(ADODB_FETCH_BOTH);
$tz = Util::get_timezone();
if ($sortby == "") {
$sortby = "id";
}
if ($sortdir == "") {
$sortdir = "DESC";
}
$sql_order = "order by {$sortby} {$sortdir}";
if (Session::menu_perms("environment-menu", "EventsVulnerabilitiesScan")) {
?>
<div style="width:50%; position: relative; height: 5px; float:left">
<div style="width:100%; position: absolute; top: -41px;left:0px;">
<div style="float:left; height:28px; margin:5px 5px 0px 0px;">
<a class="button" href="<?php
echo Menu::get_menu_url(AV_MAIN_PATH . '/vulnmeter/sched.php?action=create_scan&hosts_alive=1&scan_locally=1', 'environment', 'vulnerabilities', 'scan_jobs');
?>
">
<?php
echo _("New Scan Job");
?>
</a>
</div>
<div style="float:left;height:28px;margin:5px 5px 0px -2px;">
<a class="greybox button av_b_secondary" href="import_nbe.php" title="<?php
echo _("Import nbe file");
?>
">
<?php
echo _("Import nbe file");
?>
</a>
</div>
</div>
</div>
<?php
}
if (intval($_GET['page']) != 0) {
$page = intval($_GET['page']);
} else {
$page = 1;
}
$pagesize = 10;
if ($username == "admin") {
$query = "SELECT count(id) as num FROM vuln_jobs WHERE status !='R'";
} else {
$query = "SELECT count(id) as num FROM vuln_jobs where username='******' WHERE status !='R'";
}
$result = $dbconn->Execute($query);
$jobCount = $result->fields["num"];
$num_pages = ceil($jobCount / $pagesize);
//echo "num_pages:[".$num_pages."]";
//echo "jobCount:[".$jobCount."]";
//echo "page:[".$page."]";
if (Vulnerabilities::scanner_type() == "omp") {
// We can display scan status with OMP protocol
echo Vulnerabilities::get_omp_running_scans($dbconn, $rs_page);
} else {
// Nessus
all_jobs(0, 10, "R");
}
?>
<?php
$schedulejobs = _("Scheduled Jobs");
echo <<<EOT
<table style='margin-top:20px;' class='w100 transparent'><tr><td class='sec_title'>{$schedulejobs}</td></tr></table>
<table summary="Job Schedules" class='w100 table_list'>
EOT;
if ($sortdir == "ASC") {
$sortdir = "DESC";
} else {
$sortdir = "ASC";
}
$arr = array("name" => "Name", "schedule_type" => "Schedule Type", "time" => "Time", "next_CHECK" => "Next Scan", "enabled" => "Status");
// modified by hsh to return all scan schedules
if (empty($arruser)) {
$query = "SELECT t2.name as profile, t1.meth_TARGET, t1.id, t1.name, t1.schedule_type, t1.meth_VSET, t1.meth_TIMEOUT, t1.username, t1.enabled, t1.next_CHECK, t1.email\n FROM vuln_job_schedule t1 LEFT JOIN vuln_nessus_settings t2 ON t1.meth_VSET=t2.id ";
} else {
$query = "SELECT t2.name as profile, t1.meth_TARGET, t1.id, t1.name, t1.schedule_type, t1.meth_VSET, t1.meth_TIMEOUT, t1.username, t1.enabled, t1.next_CHECK, t1.email\n FROM vuln_job_schedule t1 LEFT JOIN vuln_nessus_settings t2 ON t1.meth_VSET=t2.id WHERE username in ({$user}) ";
}
$query .= $sql_order;
$result = $dbconn->execute($query);
if ($result->EOF) {
echo "<tr><td class='empty_results' height='20' style='text-align:center;'>" . _("No Scheduled Jobs") . "</td></tr>";
}
if (!$result->EOF) {
echo "<tr>";
foreach ($arr as $order_by => $value) {
echo "<th><a href=\"manage_jobs.php?sortby={$order_by}&sortdir={$sortdir}\">" . _($value) . "</a></th>";
}
if (Session::menu_perms("environment-menu", "EventsVulnerabilitiesScan")) {
echo "<th>" . _("Action") . "</th></tr>";
}
}
$colors = array("#FFFFFF", "#EEEEEE");
$color = 0;
while (!$result->EOF) {
list($profile, $targets, $schedid, $schedname, $schedtype, $sid, $timeout, $user, $schedstatus, $nextscan, $servers) = $result->fields;
$name = Av_sensor::get_name_by_id($dbconn, $servers);
$servers = $name != '' ? $name : _('First Available Sensor');
$targets_to_resolve = explode("\n", $targets);
$ttargets = array();
foreach ($targets_to_resolve as $id_ip) {
if (preg_match("/^([a-f\\d]{32})#\\d+\\.\\d+\\.\\d+\\.\\d+\\/\\d{1,2}/i", $id_ip, $found) && Asset_net::is_in_db($dbconn, $found[1])) {
$ttargets[] = preg_replace("/^([a-f\\d]{32})#/i", "", $id_ip) . " (" . Asset_net::get_name_by_id($dbconn, $found[1]) . ")";
} else {
if (preg_match("/^([a-f\\d]{32})#\\d+\\.\\d+\\.\\d+\\.\\d+/i", $id_ip, $found) && Asset_host::is_in_db($dbconn, $found[1])) {
$ttargets[] = preg_replace("/^([a-f\\d]{32})#/i", "", $id_ip) . " (" . Asset_host::get_name_by_id($dbconn, $found[1]) . ")";
} else {
if (preg_match("/^([a-f\\d]{32})#hostgroup/i", $id_ip, $found)) {
$hostgroup_name = Asset_group::get_name_by_id($dbconn, $found[1]);
$ttargets[] = $hostgroup_name == _('Unknown') ? _('Unknown hostgroup') : $hostgroup_name;
} else {
if (preg_match("/^([a-f\\d]{32})#netgroup/i", $id_ip, $found)) {
$netgroup_name = Net_group::get_name_by_id($dbconn, $found[1]);
$ttargets[] = $netgroup_name == _('Unknown') ? _('Unknown netgroup') : $netgroup_name;
} else {
$ttargets[] = preg_replace("/[a-f\\d]{32}/i", "", $id_ip);
}
}
}
}
}
$targets = implode("<BR/>", $ttargets);
$tz = intval($tz);
$nextscan = gmdate("Y-m-d H:i:s", Util::get_utc_unixtime($nextscan) + 3600 * $tz);
preg_match("/\\d+\\-\\d+\\-\\d+\\s(\\d+:\\d+:\\d+)/", $nextscan, $found);
$time = $found[1];
switch ($schedtype) {
case "N":
$stt = _("Once (Now)");
break;
case "O":
$stt = _("Once");
break;
case "D":
$stt = _("Daily");
break;
case "W":
$stt = _("Weekly");
break;
case "M":
$stt = _("Monthly");
break;
case "Q":
$stt = _("Quarterly");
break;
case "H":
$stt = _("On Hold");
break;
case "NW":
$stt = _("N<sup>th</sup> week of the month");
break;
default:
$stt = " ";
break;
}
switch ($schedstatus) {
case "1":
$itext = _("Disable Scheduled Job");
$isrc = "images/stop_task.png";
$ilink = "manage_jobs.php?disp=setstatus&schedid={$schedid}&enabled=0";
break;
default:
$itext = _("Enable Scheduled Job");
$isrc = "images/play_task.png";
$ilink = "manage_jobs.php?disp=setstatus&schedid={$schedid}&enabled=1";
break;
}
if (!Session::menu_perms("environment-menu", "EventsVulnerabilitiesScan")) {
$ilink = "javascript:return false;";
}
if ($schedstatus) {
$txt_enabled = "<td><a href=\"{$ilink}\"><font color=\"green\">" . _("Enabled") . "</font></a></td>";
} else {
$txt_enabled = "<td><a href=\"{$ilink}\"><font color=\"red\">" . _("Disabled") . "</font></a></td>";
}
require_once 'classes/Security.inc';
if (valid_hex32($user)) {
$user = Session::get_entity_name($dbconn, $user);
}
echo "<tr bgcolor=\"" . $colors[$color % 2] . "\">";
if ($profile == "") {
$profile = _("Default");
}
echo "<td><span class=\"tip\" title=\"<b>" . _("Owner") . ":</b> {$user}<br><b>" . _("Sensor") . ":</b> {$servers}<br /><b>" . _("Scheduled Job ID") . ":</b> {$schedid}<br><b>" . _("Profile") . ":</b> {$profile}<br><b>" . _("Targets") . ":</b><br>" . $targets . "\">{$schedname}</span></td>";
?>
<td><?php
echo $stt;
?>
</td>
<td><?php
echo $time;
?>
</td>
<td><?php
echo $nextscan;
?>
</td>
<?php
echo <<<EOT
{$txt_enabled}
<td style="padding-top:2px;"><a href="{$ilink}"><img alt="{$itext}" src="{$isrc}" border=0 title="{$itext}"></a>
EOT;
if (Session::menu_perms("environment-menu", "EventsVulnerabilitiesScan")) {
echo "<a href='" . Menu::get_menu_url(AV_MAIN_PATH . '/vulnmeter/sched.php?action=edit_sched&sched_id=' . $schedid . '&status=' . intval($schedstatus), 'environment', 'vulnerabilities', 'scan_jobs') . "'><img src='images/pencil.png' title='" . _("Edit Scheduled") . "'></a> ";
echo "<a href='manage_jobs.php?disp=delete&schedid={$schedid}' onclick='return confirmDelete();'><img src='images/delete.gif' title='" . gettext("Delete Scheduled") . "'></a>";
}
echo "</td>";
echo <<<EOT
</tr>
EOT;
$result->MoveNext();
$color++;
}
echo <<<EOT
</table>
EOT;
?>
<br />
<?php
$out = all_jobs(($page - 1) * $pagesize, $pagesize);
?>
<table width="100%" align="center" class="transparent" cellspacing="0" cellpadding="0">
<tr>
<td class="nobborder" valign="top" style="padding-top:5px;">
<div class="fright">
<?php
if ($out != 0 && $num_pages != 1) {
$page_url = "manage_jobs.php";
if ($page == 1 && $page == $num_pages) {
echo '<a href="" class="link_paginate_disabled" onclick="return false">< ' . _("PREVIOUS") . '</a>';
echo '<a class="lmargin link_paginate_disabled" href="" onclick="return false">' . _("NEXT") . ' ></a>';
} elseif ($page == 1) {
echo '<a href="" class="link_paginate_disabled" onclick="return false">< ' . _("PREVIOUS") . '</a>';
echo '<a class="lmargin" href="' . $page_url . '?page=' . ($page + 1) . '&rs_page=' . $rs_page . '">' . _("NEXT") . ' ></a> ';
} elseif ($page == $num_pages) {
echo '<a href="' . $page_url . '?page=' . ($page - 1) . '&rs_page=' . $rs_page . '">< ' . _("PREVIOUS") . '</a>';
echo '<a class="lmargin link_paginate_disabled" href="" onclick="return false">' . _("NEXT") . ' ></a>';
} else {
echo '<a href="' . $page_url . '?page=' . ($page - 1) . '&rs_page=' . $rs_page . '">< ' . _("PREVIOUS") . '</a><a class="lmargin" href="' . $page_url . '?page=' . ($page + 1) . '&rs_page=' . $rs_page . '">' . _("NEXT") . ' ></a>';
}
}
?>
</div>
</td>
</tr>
</table>
<?php
}
function get_targets($conn, $ip_list)
{
$result = array();
if (!empty($ip_list)) {
if (is_array($ip_list) == FALSE) {
$ip_list = explode("\n", trim($ip_list));
}
foreach ($ip_list as $asset) {
$asset = trim($asset);
if (preg_match('/^([a-f\\d]{32})#(\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\/\\d{1,2})$/i', $asset, $found)) {
$_asset_name = Asset_net::is_in_db($conn, $found[1]) ? Asset_net::get_name_by_id($conn, $found[1]) : $found[2];
$result[$asset] = $_asset_name;
} else {
if (preg_match('/^([a-f\\d]{32})#(\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3})$/i', $asset, $found)) {
$_asset_name = Asset_host::is_in_db($conn, $found[1]) ? Asset_host::get_name_by_id($conn, $found[1]) : $found[2];
$result[$asset] = $_asset_name;
} else {
if (preg_match('/^([a-f\\d]{32})#hostgroup$/i', $asset, $found)) {
$result[$asset] = Asset_group::get_name_by_id($conn, $found[1]);
} else {
if (preg_match('/^([a-f\\d]{32})#netgroup$/i', $asset, $found)) {
$result[$asset] = Net_group::get_name_by_id($conn, $found[1]);
} else {
$result[$asset] = $asset;
}
}
}
}
}
}
return $result;
}
if (!check_any($dest_host->get_host_id())) {
$dest .= ($dest == "" ? "" : "<br/>") . "<img src='../pixmaps/theme/host.png' align=absbottom /> " . Asset_host::get_name_by_id($conn, $dest_host->get_host_id());
}
}
}
if ($dest_net_list = $policy->get_nets($conn, 'dest')) {
foreach ($dest_net_list as $dest_net) {
if (!check_any($dest_net->get_net_id())) {
$dest .= ($dest == "" ? "" : "<br/>") . "<img src='../pixmaps/theme/net.png' align=absbottom /> " . Asset_net::get_name_by_id($conn, $dest_net->get_net_id());
}
}
}
if ($dest_host_list = $policy->get_host_groups($conn, 'dest')) {
foreach ($dest_host_list as $dest_host_group) {
if (!check_any($dest_host_group->get_host_group_id())) {
$dest .= ($dest == "" ? "" : "<br/>") . "<img src='../pixmaps/theme/host_group.png' align=absbottom /> " . Asset_group::get_name_by_id($conn, $dest_host_group->get_host_group_id());
}
}
}
if ($dest_net_list = $policy->get_net_groups($conn, 'dest')) {
foreach ($dest_net_list as $dest_net_group) {
if (!check_any($dest_net_group->get_net_group_id())) {
$dest .= ($dest == "" ? "" : "<br/>") . "<img src='../pixmaps/theme/net_group.png' align=absbottom /> " . Net_group::get_name_by_id($conn, $dest_net_group->get_net_group_id());
}
}
}
if (empty($dest)) {
$dest = "<img src='../pixmaps/theme/host.png' align=absbottom />" . _('ANY');
}
$xml .= "<cell><![CDATA[" . $dest . "]]></cell>";
//Ports source
foreach ($dest_host_list as $dest_host) {
if (check_any($dest_host->get_host_id())) {
$dests[$dest_host->get_host_id()] = _("ANY");
} else {
$dests['host_' . $dest_host->get_host_id()] = _("HOST") . ": " . Asset_host::get_name_by_id($conn, $dest_host->get_host_id());
}
}
}
if ($dest_net_list = $policy->get_nets($conn, 'dest')) {
foreach ($dest_net_list as $dest_net) {
$dests['net_' . $dest_net->get_net_id()] = check_any($dest_net->get_net_id()) ? _("ANY") : _("NETWORK") . ": " . Asset_net::get_name_by_id($conn, $dest_net->get_net_id());
}
}
if ($dest_host_list = $policy->get_host_groups($conn, 'dest')) {
foreach ($dest_host_list as $dest_host_group) {
$dests['hostgroup_' . $dest_host_group->get_host_group_id()] = check_any($dest_host_group->get_host_group_id()) ? _("ANY") : _("HOST_GROUP") . ": " . Asset_group::get_name_by_id($conn, $dest_host_group->get_host_group_id());
}
}
if ($dest_net_list = $policy->get_net_groups($conn, 'dest')) {
foreach ($dest_net_list as $dest_net_group) {
$dests['netgroup_' . $dest_net_group->get_net_group_id()] = check_any($dest_net_group->get_net_group_id()) ? _("ANY") : _("NETWORK_GROUP") . ": " . Net_group::get_name_by_id($conn, $dest_net_group->get_net_group_id());
}
}
//PORTS
//source
if ($port_list = $policy->get_ports($conn, 'source')) {
foreach ($port_list as $port_group) {
$ports_source[$port_group->get_port_id()] = check_any($port_group->get_port_id()) ? _("ANY") : Port_group::get_name_by_id($conn, $port_group->get_port_id());
}
}
//destiny
function get_indicator_asset_name($conn, $type, $asset_id)
{
$name = '';
switch ($type) {
case 'host':
$name = Asset_host::get_name_by_id($conn, $asset_id);
break;
case 'net':
$name = Asset_net::get_name_by_id($conn, $asset_id);
break;
case 'hostgroup':
case 'host_group':
$name = Asset_group::get_name_by_id($conn, $asset_id);
break;
case 'net_group':
case 'netgroup':
$name = Net_group::get_name_by_id($conn, $asset_id);
break;
case 'sensor':
$name = Av_sensor::get_name_by_id($conn, $asset_id);
break;
}
$name = empty($name) ? _('Unknown') : $name;
return $name;
}
$vars['_HOST_DESC'] = $host->get_descr();
}
break;
case 'net':
try {
$net = Asset_net::get_object($conn, $keyname);
} catch (Exception $e) {
$net = NULL;
}
if (is_object($net)) {
$vars['_NET_CIDR'] = $net->get_ips();
$vars['_NET_NAME'] = $net->get_name();
}
break;
case 'host_group':
$vars['_HG_NAME'] = Asset_group::get_name_by_id($conn, $keyname);
break;
case 'net_group':
$vars['_NG_NAME'] = Net_group::get_name_by_id($conn, $keyname);
break;
}
if (count($repository_list) > 0) {
$parser = new KDB_Parser();
$parser->load_session_vars($vars);
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title> <?php
echo gettext("OSSIM Framework");
?>
// sensors permissions
$ttargets[$target]['sensors_perms'] = $sperm;
// sensors permissions
$ttargets[$target]['vuln_scanner'] = $vs;
// Nmap status
$ttargets[$target]['nmap_scan'] = $snmap;
// Load
$ttargets[$target]['load'] = $load;
}
// group targets by group and sensors
$result = array();
foreach ($ttargets as $target => $target_data) {
if (Av_sensor::is_in_db($conn, $target_data['sensor']) == TRUE) {
if (!empty($target_data['hostgroup_id'])) {
$result_key = $target_data['hostgroup_id'] . '#hostgroup#' . $target_data['sensor'];
$result[$result_key]['name'] = Asset_group::get_name_by_id($conn, $target_data['hostgroup_id']);
} else {
if (!empty($target_data['netgroup_id'])) {
$result_key = $target_data['netgroup_id'] . '#netgroup#' . $target_data['sensor'];
$result[$result_key]['name'] = Net_group::get_name_by_id($conn, $target_data['netgroup_id']);
} else {
$result_key = $target . '#' . $target_data['sensor'];
$result[$result_key]['name'] = $target_data['name'];
}
}
$result[$result_key]['ips'][] = $target;
$result[$result_key]['sensor'] = $target_data['sensor'];
$result[$result_key]['sperm'] = empty($result[$result_key]['sperm']) || $result[$result_key]['sperm'] == 1 ? $target_data['sperm'] : $result[$result_key]['sperm'];
$result[$result_key]['perm'] = empty($result[$result_key]['perm']) || $result[$result_key]['perm'] == 1 ? $target_data['perm'] : $result[$result_key]['perm'];
$result[$result_key]['vs'] = empty($result[$result_key]['vs']) || $result[$result_key]['vs'] == 1 ? $target_data['vs'] : $result[$result_key]['vs'];
$result[$result_key]['snmap'] = empty($result[$result_key]['snmap']) || $result[$result_key]['snmap'] == 1 ? $target_data['snmap'] : $result[$result_key]['snmap'];