function get_asset_info($conn, $asset_id) { $asset = Asset_host::get_object($conn, $asset_id); //Asset Type $asset_type = $asset->get_external() ? _('External') : _('Internal'); //Asset IPs $asset_ips = $asset->get_ips(); $ips = $asset_ips->get_ips(); //Asset Sensors $asset_sensors = $asset->get_sensors(); $sensors = $asset_sensors->get_sensors(); //Asset Nets $networks = $asset->get_nets($conn); //Asset Devices $asset_devices = $asset->get_devices(); $devices = array(); foreach ($asset_devices->get_devices() as $dt_id => $dt_data) { foreach ($dt_data as $dst_id => $d_name) { $device_id = $dt_id; $device_id .= $dst_id > 0 ? ': ' . $dst_id : ''; $devices[$device_id] = $d_name; } } $os_data = $asset->get_os(); $data = array('id' => $asset_id, 'hostname' => $asset->get_name(), 'ips' => $ips, 'descr' => html_entity_decode($asset->get_descr(), ENT_QUOTES, 'UTF-8'), 'asset_type' => $asset_type, 'fqdn' => $asset->get_fqdns(), 'asset_value' => $asset->get_asset_value(), 'icon' => base64_encode($asset->get_icon()), 'os' => $os_data['value'], 'model' => $asset->get_model(), 'sensors' => $sensors, 'networks' => $networks, 'devices' => $devices); return $data; }
/** * @param $conn * @param $asset_id * * @return array */ function get_asset_tags($conn, $asset_id) { if (!Asset_host::is_allowed($conn, $asset_id)) { $error = _('Asset Not Allowed'); Util::response_bad_request($error); } return get_tags($conn, $asset_id); }
function get_asset_groups($conn, $asset_id) { if (!Asset_host::is_allowed($conn, $asset_id)) { $error = _('Asset Not Allowed'); Util::response_bad_request($error); } try { $asset = Asset_host::get_object($conn, $asset_id); $num = $asset->get_num_group($conn); } catch (Exception $e) { $num = '-'; } return $num; }
function jgraph_attack_graph($target, $hosts, $type = "Bar3D", $width = 450, $height = 250) { global $security_report; global $datapath; global $base_dir; global $date_from, $date_to; if (!strcmp($target, "ip_src")) { if (!($fp = @fopen("{$base_dir}/tmp/ip_src.xml", "w"))) { print "Error: <b>{$datapath}</b> directory must exists and be <br/>\n"; print "writable by the user the webserver runs as"; exit; } } else { if (!($fp = @fopen("{$base_dir}/tmp/ip_dst.xml", "w"))) { print "Error: <b>{$datapath}</b> directory must exists and be <br/>\n"; print "writable by the user the webserver runs as"; exit; } } fwrite($fp, "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n" . "<CategoryDataset>\n <Series name=\"{$target}\">\n"); $list = $security_report->AttackHost($target, $hosts, "event", $date_from, $date_to); foreach ($list as $l) { $ip = $l[0]; $ctx = $l[2] != '' ? $l[2] : Session::get_default_ctx(); $occurrences = $l[1]; $_names_aux = Asset_host::get_name_by_ip($security_report->ossim_conn, $ip, $ctx); $hostname = array_shift($_names_aux); if (strlen($hostname) > MAX_HOSTNAME_LEN) { $hostname = $ip; } fwrite($fp, " <Item>\n <Key>{$hostname}</Key>\n <Value>{$occurrences}</Value>\n </Item>\n"); } fwrite($fp, " </Series>\n</CategoryDataset>\n\n"); fclose($fp); echo "\n<applet archive=\"../java/jcommon-0.9.5.jar,../java/jfreechart-0.9.20.jar,../java/jossim-graph.jar\" code=\"net.ossim.graph.applet.OssimGraphApplet\" width=\"{$width}\" height=\"{$height}\" alt=\"You should see an applet, not this text.\">\n <param name=\"graphType\" value=\"{$type}\">"; if (!strcmp($target, "ip_src")) { echo " <param name=\"xmlDataUrl\" value=\"{$datapath}/ip_src.xml\">"; } else { echo " <param name=\"xmlDataUrl\" value=\"{$datapath}/ip_dst.xml\">"; } echo "\n <param name=\"alpha\" value=\"0.42f\">\n <param name=\"legend\" value=\"false\">\n <param name=\"tooltips\" value=\"false\">\n <param name=\"orientation\" value=\"HORIZONTAL\">\n</applet>\n"; }
$db = new ossim_db(); $conn = $db->connect(); $filters = array('limit' => "{$from}, {$maxrows}", 'order_by' => "{$order} {$torder}"); if ($search_str != '') { $filters['where'] = 'hostname LIKE "%' . $search_str . '%"'; } // Get object from session $asset_object = unserialize($_SESSION['asset_detail'][$group_id]); if (!is_object($asset_object)) { throw new Exception(_('Error retrieving the asset data from memory')); } // Get the hosts from another groups if ($asset_type == 'othergroups') { $where = " id NOT IN (SELECT host_id FROM host_group_reference WHERE host_group_id = UNHEX('" . $group_id . "')) "; $filters['where'] = !empty($filters['where']) ? $where . ' AND ' . $filters['where'] : $where; list($host_list, $total) = Asset_host::get_list($conn, '', $filters, $cache); } else { list($host_list, $total) = $asset_object->get_hosts($conn, $filters, FALSE); } // DATA $data = array(); foreach ($host_list as $host_id => $host_data) { $devices = Asset_host_devices::get_devices_to_string($conn, $host_id); // Asset Group details format if ($asset_type == 'group') { try { $asset_object->can_i_edit($conn); $asset_object->can_delete_host($conn); $delete_link = '<a href="javascript:;" onclick="del_asset_from_group(\'' . $host_id . '\');return false">'; $delete_link .= '<img class="delete_small tipinfo" txt="' . _('Remove this asset from group') . '" src="/ossim/pixmaps/delete.png" border="0"/>'; $delete_link .= '</a>';
function main_page($viewall, $sortby, $sortdir) { global $uroles, $username, $dbconn, $hosts; global $arruser, $user; $dbconn->SetFetchMode(ADODB_FETCH_BOTH); $tz = Util::get_timezone(); if ($sortby == "") { $sortby = "id"; } if ($sortdir == "") { $sortdir = "DESC"; } $sql_order = "order by {$sortby} {$sortdir}"; if (Session::menu_perms("environment-menu", "EventsVulnerabilitiesScan")) { ?> <div style="width:50%; position: relative; height: 5px; float:left"> <div style="width:100%; position: absolute; top: -41px;left:0px;"> <div style="float:left; height:28px; margin:5px 5px 0px 0px;"> <a class="button" href="<?php echo Menu::get_menu_url(AV_MAIN_PATH . '/vulnmeter/sched.php?smethod=schedule&hosts_alive=1&scan_locally=1', 'environment', 'vulnerabilities', 'scan_jobs'); ?> "> <?php echo _("New Scan Job"); ?> </a> </div> <div style="float:left;height:28px;margin:5px 5px 0px -2px;"> <a class="greybox button av_b_secondary" href="import_nbe.php" title="<?php echo _("Import nbe file"); ?> "> <?php echo _("Import nbe file"); ?> </a> </div> </div> </div> <?php } if (intval($_GET['page']) != 0) { $page = intval($_GET['page']); } else { $page = 1; } $pagesize = 10; if ($username == "admin") { $query = "SELECT count(id) as num FROM vuln_jobs"; } else { $query = "SELECT count(id) as num FROM vuln_jobs where username='******'"; } $result = $dbconn->Execute($query); $jobCount = $result->fields["num"]; $num_pages = ceil($jobCount / $pagesize); //echo "num_pages:[".$num_pages."]"; //echo "jobCount:[".$jobCount."]"; //echo "page:[".$page."]"; if (Vulnerabilities::scanner_type() == "omp") { // We can display scan status with OMP protocol echo Vulnerabilities::get_omp_running_scans($dbconn); } else { // Nessus all_jobs(0, 10, "R"); } ?> <?php $schedulejobs = _("Scheduled Jobs"); echo <<<EOT <table style='margin-top:20px;' class='w100 transparent'><tr><td class='sec_title'>{$schedulejobs}</td></tr></table> <table summary="Job Schedules" class='w100 table_list'> EOT; if ($sortdir == "ASC") { $sortdir = "DESC"; } else { $sortdir = "ASC"; } $arr = array("name" => "Name", "schedule_type" => "Schedule Type", "time" => "Time", "next_CHECK" => "Next Scan", "enabled" => "Status"); // modified by hsh to return all scan schedules if (empty($arruser)) { $query = "SELECT t2.name as profile, t1.meth_TARGET, t1.id, t1.name, t1.schedule_type, t1.meth_VSET, t1.meth_TIMEOUT, t1.username, t1.enabled, t1.next_CHECK, t1.email\n FROM vuln_job_schedule t1 LEFT JOIN vuln_nessus_settings t2 ON t1.meth_VSET=t2.id "; } else { $query = "SELECT t2.name as profile, t1.meth_TARGET, t1.id, t1.name, t1.schedule_type, t1.meth_VSET, t1.meth_TIMEOUT, t1.username, t1.enabled, t1.next_CHECK, t1.email\n FROM vuln_job_schedule t1 LEFT JOIN vuln_nessus_settings t2 ON t1.meth_VSET=t2.id WHERE username in ({$user}) "; } $query .= $sql_order; $result = $dbconn->execute($query); if ($result->EOF) { echo "<tr><td class='empty_results' height='20' style='text-align:center;'>" . _("No Scheduled Jobs") . "</td></tr>"; } if (!$result->EOF) { echo "<tr>"; foreach ($arr as $order_by => $value) { echo "<th><a href=\"manage_jobs.php?sortby={$order_by}&sortdir={$sortdir}\">" . _($value) . "</a></th>"; } if (Session::menu_perms("environment-menu", "EventsVulnerabilitiesScan")) { echo "<th>" . _("Action") . "</th></tr>"; } } $colors = array("#FFFFFF", "#EEEEEE"); $color = 0; while (!$result->EOF) { list($profile, $targets, $schedid, $schedname, $schedtype, $sid, $timeout, $user, $schedstatus, $nextscan, $servers) = $result->fields; $name = Av_sensor::get_name_by_id($dbconn, $servers); $servers = $name != '' ? $name : "unknown"; $targets_to_resolve = explode("\n", $targets); $ttargets = array(); foreach ($targets_to_resolve as $id_ip) { if (preg_match("/^([a-f\\d]{32})#\\d+\\.\\d+\\.\\d+\\.\\d+\\/\\d{1,2}/i", $id_ip, $found) && Asset_net::is_in_db($dbconn, $found[1])) { $ttargets[] = preg_replace("/^([a-f\\d]{32})#/i", "", $id_ip) . " (" . Asset_net::get_name_by_id($dbconn, $found[1]) . ")"; } else { if (preg_match("/^([a-f\\d]{32})#\\d+\\.\\d+\\.\\d+\\.\\d+/i", $id_ip, $found) && Asset_host::is_in_db($dbconn, $found[1])) { $ttargets[] = preg_replace("/^([a-f\\d]{32})#/i", "", $id_ip) . " (" . Asset_host::get_name_by_id($dbconn, $found[1]) . ")"; } else { $ttargets[] = preg_replace("/[a-f\\d]{32}/i", "", $id_ip); } } } $targets = implode("<BR/>", $ttargets); $tz = intval($tz); $nextscan = gmdate("Y-m-d H:i:s", Util::get_utc_unixtime($nextscan) + 3600 * $tz); preg_match("/\\d+\\-\\d+\\-\\d+\\s(\\d+:\\d+:\\d+)/", $nextscan, $found); $time = $found[1]; switch ($schedtype) { case "N": $stt = _("Once (Now)"); break; case "O": $stt = _("Once"); break; case "D": $stt = _("Daily"); break; case "W": $stt = _("Weekly"); break; case "M": $stt = _("Monthly"); break; case "Q": $stt = _("Quarterly"); break; case "H": $stt = _("On Hold"); break; case "NW": $stt = _("N<sup>th</sup> weekday of the month"); break; default: $stt = " "; break; } switch ($schedstatus) { case "1": $itext = _("Disable Scheduled Job"); $isrc = "images/stop_task.png"; $ilink = "manage_jobs.php?disp=setstatus&schedid={$schedid}&enabled=0"; break; default: $itext = _("Enable Scheduled Job"); $isrc = "images/play_task.png"; $ilink = "manage_jobs.php?disp=setstatus&schedid={$schedid}&enabled=1"; break; } if (!Session::menu_perms("environment-menu", "EventsVulnerabilitiesScan")) { $ilink = "javascript:return false;"; } if ($schedstatus) { $txt_enabled = "<td><a href=\"{$ilink}\"><font color=\"green\">" . _("Enabled") . "</font></a></td>"; } else { $txt_enabled = "<td><a href=\"{$ilink}\"><font color=\"red\">" . _("Disabled") . "</font></a></td>"; } require_once 'classes/Security.inc'; if (valid_hex32($user)) { $user = Session::get_entity_name($dbconn, $user); } echo "<tr bgcolor=\"" . $colors[$color % 2] . "\">"; if ($profile == "") { $profile = _("Default"); } echo "<td><span class=\"tip\" title=\"<b>" . _("Owner") . ":</b> {$user}<br><b>" . _("Server") . ":</b> {$servers}<br /><b>" . _("Scheduled Job ID") . ":</b> {$schedid}<br><b>" . _("Profile") . ":</b> {$profile}<br><b>" . _("Targets") . ":</b><br>" . $targets . "\">{$schedname}</span></td>"; ?> <td><?php echo $stt; ?> </td> <td><?php echo $time; ?> </td> <td><?php echo $nextscan; ?> </td> <?php echo <<<EOT {$txt_enabled} <td style="padding-top:2px;"><a href="{$ilink}"><img alt="{$itext}" src="{$isrc}" border=0 title="{$itext}"></a> EOT; if (Session::menu_perms("environment-menu", "EventsVulnerabilitiesScan")) { echo "<a href='" . Menu::get_menu_url(AV_MAIN_PATH . '/vulnmeter/sched.php?disp=edit_sched&sched_id=' . $schedid, 'environment', 'vulnerabilities', 'scan_jobs') . "'><img src='images/pencil.png' title='" . _("Edit Scheduled") . "'></a> "; echo "<a href='manage_jobs.php?disp=delete&schedid={$schedid}' onclick='return confirmDelete();'><img src='images/delete.gif' title='" . gettext("Delete Scheduled") . "'></a>"; } echo "</td>"; echo <<<EOT </tr> EOT; $result->MoveNext(); $color++; } echo <<<EOT </table> EOT; ?> <br /> <?php $out = all_jobs(($page - 1) * $pagesize, $pagesize); ?> <table width="100%" align="center" class="transparent" cellspacing="0" cellpadding="0"> <tr> <td class="nobborder" valign="top" style="padding-top:5px;"> <div class="fright"> <?php if ($out != 0 && $num_pages != 1) { $page_url = "manage_jobs.php"; if ($page == 1 && $page == $num_pages) { echo '<a href="" class="link_paginate_disabled" onclick="return false">< ' . _("PREVIOUS") . '</a>'; echo '<a class="lmargin link_paginate_disabled" href="" onclick="return false">' . _("NEXT") . ' ></a>'; } elseif ($page == 1) { echo '<a href="" class="link_paginate_disabled" onclick="return false">< ' . _("PREVIOUS") . '</a>'; echo '<a class="lmargin" href="' . $page_url . '?page=' . ($page + 1) . '">' . _("NEXT") . ' ></a> '; } elseif ($page == $num_pages) { echo '<a href="' . $page_url . '?page=' . ($page - 1) . '">< ' . _("PREVIOUS") . '</a>'; echo '<a class="lmargin link_paginate_disabled" href="" onclick="return false">' . _("NEXT") . ' ></a>'; } else { echo '<a href="' . $page_url . '?page=' . ($page - 1) . '">< ' . _("PREVIOUS") . '</a><a class="lmargin" href="' . $page_url . '?page=' . ($page + 1) . '">' . _("NEXT") . ' ></a>'; } } ?> </div> </td> </tr> </table> <?php }
$arrResults[$hostIP . "#" . $hostctx][] = array('service' => $service, 'port' => $service_num, 'protocol' => $service_proto, 'application' => $app, 'risk' => $risk, 'scriptid' => $scriptid, 'exception' => $eid, 'msg' => preg_replace('/(<br\\s*?\\/??>)+/i', "\n", $msg), 'pname' => $pname); $result->MoveNext(); } //Vulnerability table configs $vcols = array(_("Risk"), _("Details")); //widths for columns $vwidth_array = array(20, 170); // 196 total $count = 0; $oldip = ""; // iterate through the IP is the results foreach ($arrResults as $hostIP_ctx => $scanData) { list($hostIP, $hostctx) = explode("#", $hostIP_ctx); $host_id = key(Asset_host::get_id_by_ips($dbconn, $hostIP, $hostctx)); if (valid_hex32($host_id)) { $hostname = Asset_host::get_name_by_id($dbconn, $host_id); } else { $hostname = _('unknown'); } $hostIP = htmlspecialchars_decode($hostIP); $hostname = htmlspecialchars_decode($hostname); $pdf->SetLink(${"IP_" . $hostIP_ctx}, $pdf->GetY()); //print out the host cell $pdf->SetFillColor(229, 229, 229); $pdf->SetFont('', 'B', 10); $pdf->Cell(95, 6, $hostIP, 1, 0, 'C', 1); $pdf->Cell(95, 6, $hostname, 1, 0, 'C', 1); //$pdf->Cell(105, 6, "",1,0,'C'); $pdf->SetFont('', ''); $pdf->Ln(); // now iterate through the scan results for this IP
$negated_op = preg_match('/^\\!/', $_GET["search_str"]) ? '!' : ''; $_GET["search_str"] = Util::htmlentities(preg_replace("/[^0-9A-Za-z\\!\\-\\_\\.]/", "", $_GET["search_str"])); // htmlentities for fortify test $_ips_aux = Asset_host::get_ips_by_name($conn_aux, $_GET["search_str"]); $_GET["search_str"] = $negated_op . implode(" OR {$negated_op}", array_keys($_ips_aux)); } // Conversion: Searching by IP, but Host selected if ($_GET["search_str"] != "" && in_array($_GET["submit"], $host_submit) && preg_match("/^\\!?\\d+\\.\\d+\\.\\d+\\.\\d+\$/", $_GET["search_str"])) { $_GET['submit'] = str_replace(" Host", " IP", $_GET['submit']); } // Hostname if ($_GET["search_str"] != "" && in_array($_GET["submit"], $host_submit) && !preg_match("/\\d+\\.\\d+\\.\\d+\\.\\d+/", $_GET["search_str"])) { $negated_op = preg_match('/^\\!/', $_GET["search_str"]) ? 'NOT IN' : 'IN'; $_GET["search_str"] = Util::htmlentities(preg_replace("/[^0-9A-Za-z\\!\\-\\_\\.]/", "", $_GET["search_str"])); // htmlentities for fortify test $hids = Asset_host::get_id_by_name($conn_aux, $_GET["search_str"]); $htype = $_GET["submit"] == _("Src or Dst Host") ? "both" : ($_GET["submit"] == _("Src Host") ? "src" : "dst"); $_SESSION["hostid"] = array(array_shift(array_keys($hids)), $_GET["search_str"], $htype, $negated_op); unset($_GET["search_str"]); } $db_aux->close(); if ($_SESSION['view_name_changed']) { $_GET['custom_view'] = $_SESSION['view_name_changed']; $_SESSION['view_name_changed'] = ""; $_SESSION['norefresh'] = 1; } else { $_SESSION['norefresh'] = ""; } $custom_view = $_GET['custom_view']; ossim_valid($custom_view, OSS_NULLABLE, OSS_ALPHA, OSS_SPACE, OSS_PUNC, "Invalid: custom_view"); if (ossim_error()) {
function list_results($type, $value, $ctx_filter, $sortby, $sortdir) { global $allres, $offset, $pageSize, $dbconn; global $user, $arruser; $dbconn->SetFetchMode(ADODB_FETCH_BOTH); $filteredView = FALSE; $selRadio = array("", "", "", ""); $query_onlyuser = ""; $url_filter = ""; // Deprecated filter //if(!empty($arruser)) {$query_onlyuser = "******";} $sortby = "t1.results_sent DESC, t1.hostIP DESC"; $sortdir = ""; $queryw = ""; $queryl = ""; $querys = "SELECT distinct t1.hostIP, HEX(t1.ctx) as ctx, t1.scantime, t1.username, t1.scantype, t1.report_key, t1.report_type as report_type, t1.sid, t3.name as profile\n FROM vuln_nessus_latest_reports AS t1 LEFT JOIN vuln_nessus_settings AS t3 ON t1.sid = t3.id, vuln_nessus_latest_results AS t5\n WHERE\n t1.hostIP = t5.hostIP\n AND t1.ctx = t5.ctx\n AND t1.deleted = '0' "; // set up the SQL query based on the search form input (if any) if ($type == "scantime" && $value != "") { $selRadio[0] = "CHECKED"; $q = $value; $queryw = " AND t1.scantime LIKE '%{$q}%' {$query_onlyuser} order by {$sortby} {$sortdir}"; $queryl = " limit {$offset},{$pageSize}"; $stext = "<b>" . _("Search for Date/Time") . "</b> = '*{$q}*'"; $url_filter = "&type={$type}&value={$value}"; } else { if ($type == "service" && $value != "") { $selRadio[5] = "CHECKED"; $q = $value; $queryw = " AND t5.service LIKE '%{$q}%' {$query_onlyuser} order by {$sortby} {$sortdir}"; $queryl = " limit {$offset},{$pageSize}"; $stext = "<b>" . _("Search for Service") . "</b> = '*" . html_entity_decode($q) . "*'"; $url_filter = "&type={$type}&value={$value}"; } else { if ($type == "freetext" && $value != "") { $selRadio[6] = "CHECKED"; $q = $value; $queryw = " AND t5.msg LIKE '%{$q}%' {$query_onlyuser} order by {$sortby} {$sortdir}"; $queryl = " limit {$offset},{$pageSize}"; $stext = "<b>" . _("Search for Free Text") . "</b> = '*" . html_entity_decode($q) . "*'"; $url_filter = "&type={$type}&value={$value}"; } else { if ($type == "hostip" && $value != "") { $selRadio[1] = "CHECKED"; $q = strtolower($value); $queryw = " t1.hostIP LIKE '%{$q}%' {$query_onlyuser} order by {$sortby} {$sortdir}"; $queryl = " limit {$offset},{$pageSize}"; $stext = "<b>" . _("Search for Host-IP") . "</b> = '*{$q}*'"; $url_filter = "&type={$type}&value={$value}"; } else { if ($type == "fk_name" && $value != "") { $selRadio[2] = "CHECKED"; $q = strtolower($value); $queryw = " AND t1.fk_name LIKE '%{$q}%' {$query_onlyuser} order by {$sortby} {$sortdir}"; $queryl = " limit {$offset},{$pageSize}"; $stext = _("Search for Subnet/CIDR") . " = '*{$q}*'"; $url_filter = "&type={$type}&value={$value}"; } else { if ($type == "username" && $value != "") { $selRadio[3] = "CHECKED"; $q = strtolower($value); $queryw = " AND t1.username LIKE '%{$q}%' {$query_onlyuser} order by {$sortby} {$sortdir}"; $queryl = " limit {$offset},{$pageSize}"; $stext = "<b>" . _("Search for user") . "</b> = '*{$q}*'"; $url_filter = "&type={$type}&value={$value}"; } else { if ($type == "hn" && $value != "") { if (!empty($ctx_filter)) { $queryw = " AND t1.ctx=UNHEX('{$ctx_filter}')"; } $selRadio[4] = "CHECKED"; if (preg_match("/\\//", $value)) { $ip_range = array(); $ip_range = Cidr::expand_CIDR($value, "SHORT"); $queryw .= " AND (inet_aton(t1.hostIP) >= '" . $ip_range[0] . "' AND inet_aton(t1.hostIP) <='" . $ip_range[1] . "') {$query_onlyuser} order by {$sortby} {$sortdir}"; } elseif (preg_match("/\\,/", $value)) { $q = implode("','", explode(",", $value)); $queryw .= " AND t1.hostIP in ('{$q}') {$query_onlyuser} order by {$sortby} {$sortdir}"; $q = "Others"; } else { $q = $value; $queryw .= " AND t1.hostIP LIKE '{$q}' {$query_onlyuser} order by {$sortby} {$sortdir}"; } $queryl = " limit {$offset},{$pageSize}"; if (!preg_match("/\\//", $value)) { $stext = "<b>" . _("Search for Host") . "</b> = '" . html_entity_decode($q) . "'"; } else { $stext = "<b>" . _("Search for Subnet/CIDR") . "</b> = '{$value}'"; } $url_filter = "&type={$type}&value={$value}"; } else { $selRadio[4] = "CHECKED"; $viewAll = FALSE; $queryw = "{$query_onlyuser} order by {$sortby} {$sortdir}"; $queryl = " limit {$offset},{$pageSize}"; $stext = ""; } } } } } } } // set up the pager and search fields if viewing all hosts $reportCount = 0; if (!$filteredView) { $dbconn->Execute(str_replace("SELECT distinct", "SELECT SQL_CALC_FOUND_ROWS distinct", $querys) . $queryw); $reportCount = $dbconn->GetOne("SELECT FOUND_ROWS() as total"); $previous = $offset - $pageSize; if ($previous < 0) { $previous = 0; } $last = intval($reportCount / $pageSize) * $pageSize; if ($last < 0) { $last = 0; } $next = $offset + $pageSize; $pageEnd = $offset + $pageSize; $value = html_entity_decode($value); //echo "<center><table cellspacing='0' cellpadding='0' border='0' width='100%'><tr><td class='headerpr' style='border:0;'>"._("Current Vulnerablities")."</td></tr></table>"; // output the search form echo "<table class='w100 transparent'>"; echo "<tr><td class='sec_title'>" . _("Asset Vulnerability Details") . "</td></tr>"; echo "<tr><td style='padding:12px 0px 0px 0px;' class='transparent'>"; ?> <div id='cvleftdiv'> <a id="new_scan_button" class="button" href="<?php echo Menu::get_menu_url(AV_MAIN_PATH . '/vulnmeter/sched.php?action=create_scan&hosts_alive=1&scan_locally=1', 'environment', 'vulnerabilities', 'scan_jobs'); ?> " style="text-decoration:none;"> <?php echo _("New Scan Job"); ?> </a> </div> <div id='cvrightdiv'> <?php echo '<form name="hostSearch" id="hostSearch" action="index.php" method="GET"> <input type="text" length="25" name="value" id="assets" class="assets" style="margin:0px !important;" value="' . Util::htmlentities($value) . '">'; // cvfiltertype -> current vulnerabilities filter type echo "\n<input type=\"radio\" name=\"type\" value=\"service\" {$selRadio['5']}>" . _("Service") . "\n<input type=\"radio\" name=\"type\" value=\"freetext\" {$selRadio['6']}>" . _("Free text") . "\n<input type=\"radio\" name=\"type\" value=\"hn\" {$selRadio['4']}>" . _("Host/Net") . "\n"; echo "<input type=\"submit\" name=\"submit\" value=\"" . _("Find") . "\" id=\"current_vulns_find_button\" class=\"av_b_secondary small\" style=\"margin-left:15px;\">"; echo <<<EOT </form> </p> EOT; } else { // get the search result count $queryc = "SELECT count( report_id ) FROM vuln_nessus_latest_reports WHERE t1.deleted = '0' "; $scount = $dbconn->GetOne($queryc . $queryw); echo "<p>{$scount} report"; if ($scount != 1) { echo "s"; } else { } echo " " . _("found matching search criteria") . " | "; echo " <a href='index.php' alt='" . _("View All Reports") . "'>" . _("View All Reports") . "</a></p>"; } echo "<p>"; echo $stext; echo "</p>"; echo "</div></td></tr></table>"; $result = array(); // get the hosts to display $result = $dbconn->GetArray($querys . $queryw . $queryl); // main query //echo $querys.$queryw.$queryl; $delete_ids = array(); if (count($result) > 0) { foreach ($result as $rpt) { $delete_ids[] = $dreport_id = $rpt["report_id"]; } } $_SESSION["_dreport_ids"] = implode(",", $delete_ids); //echo "$querys$queryw$queryl"; if ($result === false) { $errMsg[] = _("Error getting results") . ": " . $dbconn->ErrorMsg(); $error++; dispSQLError($errMsg, $error); } else { $data['vInfo'] = 0; $data['vLow'] = 0; $data['vMed'] = 0; $data['vHigh'] = 0; $data['vSerious'] = 0; $perms_where = Asset_host::get_perms_where('host.', TRUE); if (!empty($perms_where)) { $queryt = "SELECT count(lr.result_id) AS total, lr.risk, lr.hostIP, HEX(lr.ctx) AS ctx\n FROM vuln_nessus_latest_results lr, host, host_ip hi\n WHERE host.id=hi.host_id AND inet6_ntoa(hi.ip)=lr.hostIP {$perms_where} AND falsepositive='N'\n GROUP BY risk, hostIP, ctx"; } else { $queryt = "SELECT count(lr.result_id) AS total, risk, lr.hostIP, HEX(lr.ctx) AS ctx\n FROM vuln_nessus_latest_results lr\n WHERE falsepositive='N'\n GROUP BY risk, hostIP, ctx"; } //echo "$queryt<br>"; $resultt = $dbconn->Execute($queryt); while (!$resultt->EOF) { $riskcount = $resultt->fields['total']; $risk = $resultt->fields['risk']; if ($risk == 7) { $data['vInfo'] += $riskcount; } else { if ($risk == 6) { $data['vLow'] += $riskcount; } else { if ($risk == 3) { $data['vMed'] += $riskcount; } else { if ($risk == 2) { $data['vHigh'] += $riskcount; } else { if ($risk == 1) { $data['vSerious'] += $riskcount; } } } } } $resultt->MoveNext(); } if ($data['vInfo'] == 0 && $data['vLow'] == 0 && $data['vMed'] == 0 && $data['vHigh'] == 0 && $data['vSerious'] == 0) { $tdata[] = array("report_id" => "All", "host_name" => "", "scantime" => "", "username" => "", "scantype" => "", "report_key" => "", "report_type" => "", "sid" => "", "profile" => "", "hlink" => "", "plink" => "", "xlink" => "", "vSerious" => $data['vSerious'], "vHigh" => $data['vHigh'], "vMed" => $data['vMed'], "vLow" => $data['vLow'], "vInfo" => $data['vInfo']); } else { $tdata[] = array("report_id" => "All", "host_name" => "", "scantime" => "", "username" => "", "scantype" => "", "report_key" => "", "report_type" => "", "sid" => "", "profile" => "", "hlink" => "lr_reshtml.php?ipl=all&disp=html&output=full&scantype=M", "plink" => "lr_respdf.php?ipl=all&scantype=M", "xlink" => "lr_rescsv.php?ipl=all&scantype=M", "dlink" => "", "vSerious" => $data['vSerious'], "vHigh" => $data['vHigh'], "vMed" => $data['vMed'], "vLow" => $data['vLow'], "vInfo" => $data['vInfo']); } foreach ($result as $data) { if (!Session::hostAllowed_by_ip_ctx($dbconn, $data["hostIP"], $data["ctx"])) { continue; } $host_id = key(Asset_host::get_id_by_ips($dbconn, $data["hostIP"], $data["ctx"])); if (valid_hex32($host_id)) { $data['host_name'] = Asset_host::get_name_by_id($dbconn, $host_id); } $data['vSerious'] = 0; $data['vHigh'] = 0; $data['vMed'] = 0; $data['vLow'] = 0; $data['vInfo'] = 0; // query for reports for each IP $query_risk = "SELECT distinct risk, port, protocol, app, scriptid, msg, hostIP FROM vuln_nessus_latest_results WHERE hostIP = '" . $data['hostIP']; $query_risk .= "' AND username = '******'username'] . "' AND sid =" . $data['sid'] . " AND ctx = UNHEX('" . $data['ctx'] . "') AND falsepositive='N'"; $result_risk = $dbconn->Execute($query_risk); while (!$result_risk->EOF) { if ($result_risk->fields["risk"] == 7) { $data['vInfo']++; } else { if ($result_risk->fields["risk"] == 6) { $data['vLow']++; } else { if ($result_risk->fields["risk"] == 3) { $data['vMed']++; } else { if ($result_risk->fields["risk"] == 2) { $data['vHigh']++; } else { if ($result_risk->fields["risk"] == 1) { $data['vSerious']++; } } } } } $result_risk->MoveNext(); } $data['plink'] = "lr_respdf.php?treport=latest&ipl=" . urlencode($data['hostIP']) . "&ctx=" . $data['ctx'] . "&scantype=" . $data['scantype']; $data['hlink'] = "lr_reshtml.php?treport=latest&ipl=" . urlencode($data['hostIP']) . "&ctx=" . $data['ctx'] . "&scantype=" . $data['scantype']; $data['xlink'] = "lr_rescsv.php?treport=latest&ipl=" . urlencode($data['hostIP']) . "&ctx=" . $data['ctx'] . "&scantype=" . $data['scantype']; if (Session::am_i_admin()) { $data['dlink'] = "index.php?delete=" . $data['report_key'] . "&scantime=" . $data['scantime']; } $list = explode("\n", trim($data['meth_target'])); if (count($list) == 1) { $list[0] = trim($list[0]); $data['target'] = resolve_asset($dbconn, $list[0]); } elseif (count($list) == 2) { $list[0] = trim($list[0]); $list[0] = resolve_asset($dbconn, $list[0]); $list[1] = trim($list[1]); $list[1] = resolve_asset($dbconn, $list[1]); $data['target'] = $list[0] . ' ' . $list[1]; } else { $list[0] = trim($list[0]); $list[0] = resolve_asset($dbconn, $list[0]); $list[count($list) - 1] = trim($list[count($list) - 1]); $list[count($list) - 1] = resolve_asset($dbconn, $list[count($list) - 1]); $data['target'] = $list[0] . " ... " . $list[count($list) - 1]; } $tdata[] = $data; } if ($sortdir == "ASC") { $sortdir = "DESC"; } else { $sortdir = "ASC"; } $url = $_SERVER['SCRIPT_NAME'] . "?offset={$offset}&sortby=%var%&sortdir={$sortdir}" . $url_filter; $fieldMapLinks = array(); $fieldMapLinks = array(gettext("HTML Results") => array('url' => '%param%', 'param' => 'hlink', 'target' => 'main', 'icon' => 'images/html.png'), gettext("PDF Results") => array('url' => '%param%', 'param' => 'plink', 'target' => '_blank', 'icon' => 'images/pdf.png'), gettext("EXCEL Results") => array('url' => '%param%', 'param' => 'xlink', 'target' => '_blank', 'icon' => 'images/page_white_excel.png')); if (Session::am_i_admin()) { $fieldMapLinks["DELETE Results"] = array('url' => '%param%', 'param' => 'dlink', 'target' => 'main', 'icon' => 'images/delete.gif'); } $fieldMap = array("Host - IP" => array('var' => 'hostip'), "Date/Time" => array('var' => 'scantime'), "Profile" => array('var' => 'profile'), "Serious" => array('var' => 'vSerious'), "High" => array('var' => 'vHigh'), "Medium" => array('var' => 'vMed'), "Low" => array('var' => 'vLow'), "Info" => array('var' => 'vInfo'), "Links" => $fieldMapLinks); // echo "<pre>"; // var_dump($tdata); // echo "</pre>"; if (count($tdata) > 1) { drawTableLatest($fieldMap, $tdata, "Hosts"); } elseif (Session::menu_perms("environment-menu", "EventsVulnerabilitiesScan")) { echo "<br><span class='gray'>" . _("No results found: ") . "</span><a href='" . Menu::get_menu_url(AV_MAIN_PATH . '/vulnmeter/sched.php?action=create_scan&hosts_alive=1&scan_locally=1', 'environment', 'vulnerabilities', 'scan_jobs') . "'>" . _("Click here to run a Vulnerability Scan now") . "</a><br><br>"; } } // draw the pager again, if viewing all hosts if (!$filteredView && $reportCount > 10) { ?> <div class="fright tmargin"> <?php if ($next > $pageSize) { ?> <a href="index.php?<?php echo "offset={$previous}{$url_filter}"; ?> " class="pager">< <?php echo _("PREVIOUS"); ?> </a> <?php } else { ?> <a class='link_paginate_disabled' href="" onclick='return false'>< <?php echo _("PREVIOUS"); ?> </a> <?php } if ($next <= $last) { ?> <a class='lmargin' href="index.php?<?php echo "offset={$next}{$url_filter}"; ?> "> <?php echo _("NEXT"); ?> ></a> <?php } else { ?> <a class='link_paginate_disabled lmargin' href="" onclick='return false'><?php echo _("NEXT"); ?> ></a> <?php } ?> </div> <?php } else { echo "<p> </p>"; } }
$ctx_src = $src_host->get_ctx(); } // Src icon and bold $src_output = Asset_host::get_extended_name($conn, $geoloc, $s_src_ip, $ctx_src, $event_info["src_host"], $event_info["src_net"]); $homelan_src = $src_output['is_internal']; $src_img = $src_output['html_icon']; // Dst if ($no_resolv || !$dst_host) { $s_dst_name = $s_dst_ip; $ctx_dst = $ctx; } elseif ($dst_host) { $s_dst_name = $dst_host->get_name(); $ctx_dst = $dst_host->get_ctx(); } // Dst icon and bold $dst_output = Asset_host::get_extended_name($conn, $geoloc, $s_dst_ip, $ctx_dst, $event_info["dst_host"], $event_info["dst_net"]); $homelan_dst = $dst_output['is_internal']; $dst_img = $dst_output['html_icon']; // Clean icon hover tiptip $s_src_link = Menu::get_menu_url("../forensics/base_stat_ipaddr.php?clear_allcriteria=1&ip={$s_src_ip}", 'analysis', 'security_events', 'security_events'); $s_dst_link = Menu::get_menu_url("../forensics/base_stat_ipaddr.php?clear_allcriteria=1&ip={$s_dst_ip}", 'analysis', 'security_events', 'security_events'); $s_src_port = $s_src_port != 0 ? ":" . Port::port2service($conn, $s_src_port) : ""; $s_dst_port = $s_dst_port != 0 ? ":" . Port::port2service($conn, $s_dst_port) : ""; // Reputation info $rep_src_icon = Reputation::getrepimg($event_info["rep_prio_src"], $event_info["rep_rel_src"], $event_info["rep_act_src"], $s_src_ip); //$rep_src_bgcolor = Reputation::getrepbgcolor($event_info["rep_prio_src"]); $rep_dst_icon = Reputation::getrepimg($event_info["rep_prio_dst"], $event_info["rep_rel_dst"], $event_info["rep_act_dst"], $s_dst_ip); //$rep_dst_bgcolor = Reputation::getrepbgcolor($event_info["rep_prio_dst"]); $c_src_homelan = $homelan_src ? 'bold alarm_netlookup' : ''; $source_link = $src_img . " <a href='{$s_src_link}' class='{$c_src_homelan}' data-title='{$s_src_ip}-{$ctx_src}' title='{$s_src_ip}'>" . $s_src_name . $s_src_port . "</a> {$rep_src_icon}"; $source_balloon = "<div id='" . $s_src_ip . ";" . $s_src_name . ";" . $event_info["src_host"] . "' ctx='{$ctx}' id2='" . $s_src_ip . ";" . $s_dst_ip . "' class='HostReportMenu'>";
$me = NULL; } $_country_aux = $geoloc->get_country_by_host($conn, $user->get_ip()); $s_country = strtolower($_country_aux[0]); $s_country_name = $_country_aux[1]; $geo_code = get_country($s_country); $flag = !empty($geo_code) ? "<img src='" . $geo_code . "' border='0' align='top'/>" : ''; $logon_date = gmdate('Y-m-d H:i:s', Util::get_utc_unixtime($user->get_logon_date()) + 3600 * Util::get_timezone()); $activity_date = Util::get_utc_unixtime($user->get_activity()); $background = Session_activity::is_expired($activity_date) ? 'background:#FFD8D6;' : ''; $expired = Session_activity::is_expired($activity_date) ? "<span style='color:red'>(" . _('Expired') . ")</span>" : ""; $agent = explode('###', $user->get_agent()); if ($agent[1] == 'av report scheduler') { $agent = array('AV Report Scheduler', 'wget'); } $host = @array_shift(Asset_host::get_name_by_ip($conn, $user->get_ip())); $host = $host == '' ? $user->get_ip() : $host; echo " <tr id='" . $user->get_id() . "'>\n\t\t\t\t\t\t\t\t\t<td class='ops_user' {$me}><img class='user_icon' src='" . get_user_icon($user->get_login(), $pro) . "' alt='" . _('User icon') . "' title='" . _('User icon') . "' align='absmiddle'/> " . $user->get_login() . "</td>\n\t\t\t\t\t\t\t\t\t<td class='ops_ip'>" . $user->get_ip() . "</td>\n\t\t\t\t\t\t\t\t\t<td class='ops_host'>" . $host . $flag . "</td>\n\t\t\t\t\t\t\t\t\t<td class='ops_agent'><a title='" . htmlentities($agent[1]) . "' class='info_agent'>" . htmlentities($agent[0]) . "</a></td>\n\t\t\t\t\t\t\t\t\t<td class='ops_id'>" . $user->get_id() . " {$expired}</td>\n\t\t\t\t\t\t\t\t\t<td class='ops_logon'>" . $logon_date . "</td>\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t<td class='ops_activity'>" . _(TimeAgo($activity_date, gmdate('U'))) . "</td>\n\t\t\t\t\t\t\t\t\t<td class='ops_actions'>{$action}</td>\t\n\t\t\t\t\t\t\t\t</tr>"; } } ?> </tbody> </table> </div> </div> </body> </html> <?php $db->close();
$sensor_id = POST('sensor_id'); $asset_id = POST('asset_id'); $agent_id = POST('agent_id'); $validate = array('sensor_id' => array('validation' => "OSS_HEX", 'e_message' => 'illegal:' . _('Sensor ID')), 'asset_id' => array('validation' => "OSS_HEX", 'e_message' => 'illegal:' . _('Asset ID')), 'agent_id' => array('validation' => 'OSS_DIGIT', 'e_message' => 'illegal:' . _('Agent ID'))); $validation_errors = validate_form_fields('POST', $validate); //Database connection $db = new ossim_db(); $conn = $db->connect(); if (empty($validation_errors)) { //Extra validations try { if (Asset_host::is_in_db($conn, $asset_id) == FALSE) { $e_msg = _('Unable to deploy HIDS agent. This asset no longer exists in the asset inventory. Please check with your system admin for more information'); Av_exception::throw_error(Av_exception::USER_ERROR, $e_msg); } $asset = new Asset_host($conn, $asset_id); $asset->load_from_db($conn); //Check asset context $ext_ctxs = Session::get_external_ctxs($conn); $ctx = $asset->get_ctx(); if (!empty($ext_ctxs[$ctx])) { $e_msg = _('Asset can only be deployed at this USM'); //Server related to CTX $server_obj = Server::get_server_by_ctx($conn, $ctx); if ($server_obj) { $s_name = $server_obj->get_name(); $s_ip = $server_obj->get_ip(); $server = $s_name . ' (' . $s_ip . ')'; $e_msg = sprintf(_("Unable to deploy agent to assets on a child server. Please login to %s to deploy the HIDS agents"), $server); } Av_exception::throw_error(Av_exception::USER_ERROR, $e_msg);
exit; } while (!$rs->EOF) { $ip = $rs->fields['ip']; $ctx = $rs->fields['ctx']; $ids = Asset_host::get_id_by_ips($conn_aux, $ip, $ctx); if (empty($hosts_in_db[$ip][$ctx]) && empty($ids)) { if ($mode == 'insert') { try { $id = Util::uuid(); $hostname = Asset_host::get_autodetected_name($ip); $ips = array(); $ips[$ip] = array('ip' => $ip, 'mac' => NULL); $sensors = array($rs->fields['sensor_id']); $conn_aux = $db->connect(); $host = new Asset_host($conn_aux, $id); Util::disable_perm_triggers($conn_aux, TRUE); $host->set_name($hostname); $host->set_ctx($ctx); $host->set_ips($ips); $host->set_sensors($sensors); $host->save_in_db($conn_aux, FALSE); $hosts_in_db[$ip][$ctx] = $ip; ?> <script type="text/javascript"> parent.$("#ptext").html("<?php echo _('Inserting new host') . ' <strong>' . $hostname . '</strong>'; ?> "); </script> <?php
Session::logcheck("analysis-menu", "ControlPanelAlarms"); $h_id = GET('id'); $h_ip = GET('ip'); $prefix = GET('prefix'); ossim_valid($h_id, OSS_HEX, OSS_NULLABLE, 'illegal:' . _("Asset ID")); ossim_valid($h_ip, OSS_IP_ADDR_0, OSS_NULLABLE, 'illegal:' . _("Ip")); ossim_valid($prefix, 'src', 'dst', 'illegal:' . _("Prefix")); if (ossim_error()) { die(ossim_error()); } $gloc = new Geolocation('/usr/share/geoip/GeoLiteCity.dat'); $data = $_SESSION['_alarm_stats'][$prefix]; /* connect to db */ $db = new ossim_db(TRUE); $conn = $db->connect(); $h_obj = Asset_host::get_object($conn, $h_id, TRUE); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html> <head> <title><?php echo gettext("OSSIM Framework"); ?> </title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <meta http-equiv="Pragma" content="no-cache"/> <link rel="stylesheet" type="text/css" href="/ossim/style/av_common.css?t=<?php echo Util::get_css_id(); ?>
require_once 'av_init.php'; Session::logcheck_ajax('environment-menu', 'PolicyHosts'); //Validate Form token $token = POST('token'); if (Token::verify('tk_delete_asset_bulk', $token) == FALSE) { $error = Token::create_error_message(); Util::response_bad_request($error); } session_write_close(); /* connect to db */ $db = new ossim_db(TRUE); $conn = $db->connect(); try { $perm_add = Session::can_i_create_assets(); if (!$perm_add) { $db->close(); $error = _('You do not have the correct permissions to delete assets. Please contact system administrator with any questions'); Util::response_bad_request($error); } $app_name = Session::is_pro() ? 'AlienVault' : 'OSSIM'; $num_assets = Filter_list::get_total_selection($conn, 'asset'); //Delete all filtered asset Asset_host::bulk_delete($conn); $data['status'] = 'OK'; $data['data'] = sprintf(_('%s assets have been permanently deleted from %s'), $num_assets, $app_name); } catch (Exception $e) { $db->close(); Util::response_bad_request($e->getMessage()); } $db->close(); echo json_encode($data);
if (isset($_GET['get_data'])) { //Setting up a high time limit. set_time_limit(360); $db = new ossim_db(); $conn = $db->connect(); //Setting up the file name with the hosts info $file = uniqid('/tmp/export_all_host_' . date('Ymd_H-i-s') . '_'); $_SESSION['_csv_file_hosts'] = $file; session_write_close(); $csv = array(); //Export a filtered list $filters = array(); $session = session_id(); $tables = ', user_component_filter hc'; $filters = array('where' => "hc.asset_id=host.id AND hc.asset_type='asset' AND hc.session_id = '{$session}'", 'order_by' => 'host.hostname ASC'); $_host_list = Asset_host::get_list($conn, $tables, $filters); foreach ($_host_list[0] as $host) { $id = $host['id']; //Description $descr = $host['descr']; $descr = mb_convert_encoding($descr, 'UTF-8', 'HTML-ENTITIES'); //Operating System $os = Asset_host_properties::get_property_from_db($conn, $host['id'], 3); $os = array_pop($os); //Latitude/Longitude $latitude = empty($host['location']['lat']) ? '' : $host['location']['lat']; $longitude = empty($host['location']['lon']) ? '' : $host['location']['lon']; //Devices $str_devices = ''; $devices = Asset_host_devices::get_devices_to_string($conn, $id); if (!empty($devices)) {
<table align="center" class="noborder"> <tr> <th style="background-position:top center"><?php echo _("Destination"); ?> </th> <td class="left nobborder"> <select id="toselect" name="toselect[]" size="12" multiple="multiple" style="width:150px"> <?php if ($rule->to != "ANY" && $rule->to != "" && !preg_match("/\\:...\\_IP/", $rule->to)) { $pre_list = explode(",", $rule->to); foreach ($pre_list as $list_element) { // Asset ID: Resolve by name if (preg_match("/(\\!)?([0-9A-Fa-f\\-]{36})/", $list_element, $found)) { $uuid_aux = str_replace("-", "", strtoupper($found[2])); $h_obj = Asset_host::get_object($conn, $uuid_aux); if ($h_obj != null) { echo "<option value='" . $found[1] . $found[2] . "'>" . $found[1] . $h_obj->get_name() . " (" . $h_obj->get_ips()->get_ips('string') . ")</option>\n"; } else { $n_obj = Asset_net::get_object($conn, $uuid_aux); if ($n_obj != null) { echo "<option value='" . $found[1] . $found[2] . "'>" . $found[1] . $n_obj->get_name() . " (" . $n_obj->get_ips() . ")</option>\n"; } } // Another one (HOME_NET, 12.12.12.12...) } else { echo "<option value='{$list_element}'>{$list_element}</option>\n"; } } } ?>
foreach ($source_net_list as $source_net_group) { if (!check_any($source_net_group->get_net_group_id())) { $source .= ($source == "" ? "" : "<br/>") . "<img src='../pixmaps/theme/net_group.png' align=absbottom /> " . Net_group::get_name_by_id($conn, $source_net_group->get_net_group_id()); } } } if (empty($source)) { $source = "<img src='../pixmaps/theme/host.png' align=absbottom />" . _('ANY'); } $xml .= "<cell><![CDATA[" . $source . "]]></cell>"; // $dest = ""; if ($dest_host_list = $policy->get_hosts($conn, 'dest')) { foreach ($dest_host_list as $dest_host) { if (!check_any($dest_host->get_host_id())) { $dest .= ($dest == "" ? "" : "<br/>") . "<img src='../pixmaps/theme/host.png' align=absbottom /> " . Asset_host::get_name_by_id($conn, $dest_host->get_host_id()); } } } if ($dest_net_list = $policy->get_nets($conn, 'dest')) { foreach ($dest_net_list as $dest_net) { if (!check_any($dest_net->get_net_id())) { $dest .= ($dest == "" ? "" : "<br/>") . "<img src='../pixmaps/theme/net.png' align=absbottom /> " . Asset_net::get_name_by_id($conn, $dest_net->get_net_id()); } } } if ($dest_host_list = $policy->get_host_groups($conn, 'dest')) { foreach ($dest_host_list as $dest_host_group) { if (!check_any($dest_host_group->get_host_group_id())) { $dest .= ($dest == "" ? "" : "<br/>") . "<img src='../pixmaps/theme/host_group.png' align=absbottom /> " . Asset_group::get_name_by_id($conn, $dest_host_group->get_host_group_id()); }
$selected = ""; // src_ips from acid_event $where = Security_report::make_where($conn, $date_from, $date_to, $plugin_list, $dDB); $ejoin = preg_match('/plist_[a-z]+/', $where) ? preg_replace('/.*(plist_[a-z]+)\\.id .*/', ',\\1', $where) : ''; $query = "SELECT DISTINCT ip_src AS ip FROM alienvault_siem.acid_event {$ejoin} WHERE 1=1 {$where}\n UNION SELECT DISTINCT ip_dst as ip FROM alienvault_siem.acid_event {$ejoin} WHERE 1=1 {$where}"; $rs = $conn->Execute($query); if (!$rs) { Av_exception::throw_error(Av_exception::DB_ERROR, $conn->ErrorMsg()); } $already = array(); while (!$rs->EOF) { $ip = inet_ntop($rs->fields['ip']); if (!isset($already[$ip])) { //Session::hostAllowed($conn,$ip) => not necessary here? $already[$ip]++; if (!Asset_host::is_ip_in_cache_cidr($conn, $ip)) { // geoip $_country_aux = $geoloc->get_country_by_host($conn, $ip); $s_country = strtolower($_country_aux[0]); $s_country_name = $_country_aux[1]; if ($s_country == '') { $ips[':Unknown']++; } else { $ips["{$s_country}:{$s_country_name}"]++; } } } $rs->MoveNext(); } // arsort($ips);
$sensors = array_keys(Asset_host_sensors::get_sensors_by_id($conn, $host_id)); } } else { if (preg_match("/^\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\/\\d{1,2}?\$/", $ip_cidr)) { // Net without ID $total_host += Util::host_in_net($ip_cidr); $name = $target; $perm = TRUE; } else { if (preg_match("/^\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\$/", $ip_cidr)) { // Host without ID $total_host++; $name = $target; $perm = TRUE; if (count($sensors) == 0) { $closetnet_id = key(Asset_host::get_closest_net($conn, $ip_cidr)); $sensors = array_keys(Asset_net_sensors::get_sensors_by_id($conn, $closetnet_id)); } } else { if ($unresolved) { // the target is a hostname $total_host++; $perm = true; $name = '-'; if (count($sensors) == 0) { $sensors = $ids; } } } } }
function get_allowed_hosts($conn, $tables = '', $filters = array()) { $filters['order_by'] = 'hostname'; $hosts = Asset_host::get_list_tree($conn, $tables, $filters, FALSE, FALSE); return $hosts; }
$response['aaData'] = array(); $response['iDisplayStart'] = 0; echo json_encode($response); die; } $detail = '<img class="detail_img" src="' . AV_PIXMAPS_DIR . '/show_details.png"/>'; $results = array(); foreach ($assets as $_id => $asset_data) { // Alarms $alarms = Asset_host::has_alarms($conn, $_id); $alarms_icon = $alarms ? '<img src="' . AV_PIXMAPS_DIR . '/assets_tick_gray.png"/>' : '-'; // Vulns $vulns = Asset_host::get_vulnerability_number($conn, $_id); $vulns_icon = $vulns > 0 ? '<img src="' . AV_PIXMAPS_DIR . '/assets_tick_gray.png"/>' : '-'; // Events $events = Asset_host::has_events($conn, $_id); $events_icon = $events ? '<img src="' . AV_PIXMAPS_DIR . '/assets_tick_gray.png"/>' : '-'; $fqdns = $asset_data['fqdns'] != '' ? Util::htmlentities($asset_data['fqdns']) : ''; // COLUMNS $_res = array(); $_res['DT_RowId'] = $_id; $_res[] = Util::htmlentities($asset_data['name']); $_res[] = Util::htmlentities(Asset::format_to_print($asset_data['ips'])); $_res[] = $fqdns; $_res[] = $alarms_icon; $_res[] = $vulns_icon; $_res[] = $events_icon; $_res[] = $detail; $results[] = $_res; } // datatables response json
} } else { $e_msg = ossim_get_error_clean(); Av_exception::throw_error(Av_exception::USER_ERROR, $e_msg); } $agents = Ossec_agent::get_list($sensor_id); $data = array(); if (is_array($agents) && !empty($agents)) { foreach ($agents as $agent_id => $a_data) { if (empty($a_data)) { continue; } $a_unique_id = md5($agent_id); $agent_actions = Ossec_agent::get_actions($agent_id, $a_data); if (!empty($a_data['host_id'])) { $asset_name = Asset_host::get_name_by_id($conn, $a_data['host_id']); } else { $asset_name = '-'; } //Normalize status description (See asset list filters) if ($a_data['status']['id'] == 1) { $a_data['status']['descr'] = 'Disconnected'; } $t_data = array("DT_RowId" => 'cont_agent_' . $agent_id, "DT_RowData" => array('agent_key' => $a_unique_id, 'asset_id' => $a_data['host_id'], 'agent_status' => $a_data['status']), '', $agent_id, $a_data['name'], $asset_name, $a_data['ip_cidr'], "-", "-", $a_data['status']['descr'], $agent_actions); $data[] = $t_data; } } } catch (Exception $e) { $db->close(); Util::response_bad_request($e->getMessage()); }
} else { $list = $security_report->AttackHost($target, $limit, $type, $date_from, $date_to); } $datax = $datay = array(); $gorientation = "h"; foreach ($list as $key => $l) { if ($key >= 10) { // ponemos un límite de resultados para la gráfica //break; $gorientation = "v"; } $ip = $l[0]; $occurrences = number_format($l[1], 0, ",", "."); $id = $l[2]; $ctx = $l[3]; $hostname = valid_hex32($id) ? Asset_host::get_name_by_id($security_report->ossim_conn, $id) : $ip; $datax[] = $hostname ? $hostname : $ip; $datay[] = $l[1]; } require_once 'ossim_conf.inc'; $conf = $GLOBALS["CONF"]; $jpgraph = $conf->get_conf("jpgraph_path"); require_once "{$jpgraph}/jpgraph.php"; require_once "{$jpgraph}/jpgraph_bar.php"; // Setup the graph. if ($gorientation == "v") { $y = 30 + count($list) * 21; } else { $y = 250; } $graph = new Graph(400, $y, "auto");
// Property filter $filters = array('limit' => "{$from}, {$maxrows}", 'order_by' => "{$order} {$torder}"); if ($search_str != '') { $search_str = escape_sql($search_str, $conn); $filters['where'] = 'p.name LIKE "%' . $search_str . '%"'; } list($vulns, $total) = $asset_object->get_vulnerabilities($conn, '', $filters); } else { Av_exception::throw_error(Av_exception::USER_ERROR, _('Error retrieving information')); } } catch (Exception $e) { $db->close(); Util::response_bad_request($e->getMessage()); } // DATA $data = array(); foreach ($vulns as $_asset_id => $asset_vulns) { $_host_aux = Asset_host::get_object($conn, $_asset_id); foreach ($asset_vulns as $vuln) { $_host = $class_name == 'asset_host' ? $vuln['ip'] : $_host_aux->get_name() . " (" . $_host_aux->get_ips()->get_ips('string') . ")"; $data[] = array(date("Y-m-d H:i:s", strtotime($vuln['date'])), $_host, $vuln['plugin'], $vuln['plugin_id'], $vuln['service'], Vulnerabilities::get_severity_by_risk($vuln['risk'])); } } $response['sEcho'] = $sec; $response['iTotalRecords'] = $total; $response['iTotalDisplayRecords'] = $total; $response['aaData'] = $data; echo json_encode($response); $db->close(); /* End of file dt_vulnerabilities.php */ /* Location: /av_asset/common/providers/dt_vulnerabilities.php */
<meta http-equiv="Pragma" content="no-cache"> <?php //CSS Files $_files = array(array('src' => 'av_common.css?t=' . Util::get_css_id(), 'def_path' => TRUE)); Util::print_include_files($_files, 'css'); ?> </head> <body> <?php if ($data['status'] != 'error') { try { $db = new ossim_db(); $conn = $db->connect(); $asset_data = array('external' => $external, 'descr' => $descr, 'asset_value' => $asset_value, 'latitude' => $latitude, 'longitude' => $longitude, 'zoom' => $zoom, 'os' => $os, 'model' => $model, 'sensors' => $sensors, 'devices' => $devices, 'icon' => $icon); Asset_host::bulk_save_in_db($conn, $asset_data); $data['status'] = 'OK'; $data['data'] = _('Your changes have been saved'); $db->close(); } catch (Exception $e) { $data['status'] = 'error'; $data['data'] = array('php_exception' => $e->getMessage()); } } if ($data['status'] == 'error') { $txt_error = '<div>' . _('The following errors occurred') . ":</div>\n <div style='padding: 10px;'>" . implode('<br/>', $data['data']) . '</div>'; $config_nt = array('content' => $txt_error, 'options' => array('type' => 'nf_error', 'cancel_button' => FALSE), 'style' => 'width: 80%; margin: 20px auto; text-align: left;'); $nt = new Notification('nt_1', $config_nt); $nt->show(); } else { ?>
* * Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt * */ header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); header("Last-Modified: " . gmdate("D, d M Y H:i:s") . "GMT"); header("Cache-Control: no-cache, must-revalidate"); header("Pragma: no-cache"); require_once 'av_init.php'; $m_perms = array('analysis-menu', 'analysis-menu'); $sm_perms = array('EventsForensics', 'ControlPanelAlarms'); Session::logcheck($m_perms, $sm_perms); list($ip, $ctx) = explode('-', GET('ip')); ossim_valid($ip, OSS_IP_ADDR_0, 'illegal:' . _('Ip')); ossim_valid($ctx, OSS_HEX, OSS_NULLABLE, 'illegal:' . _('Ctx')); // Maybe nullable from Logger resolves if (ossim_error()) { die(ossim_error()); } $db = new ossim_db(); $conn = $db->connect(); $net = array_shift(Asset_host::get_closest_net($conn, $ip, $ctx)); if (is_array($net)) { if ($net['icon'] != '') { echo "<img class='asset_icon w16' src='data:image/png;base64," . base64_encode($net['icon']) . "' border='0'/> "; } echo '<strong>' . $net['name'] . '</strong> (' . $net['ips'] . ')'; } else { echo "<b>{$ip}</b> " . _('not found in home networks'); } $db->close();
<td style="width:80mm;" valign="top"> <table style="width:80mm; padding-top: 10px; padding-bottom: 10px;"> <tr> <th>' . gettext("Host") . '</th> <th class="center">' . gettext("Occurrences") . '</th> </tr>'); $c = 0; $shared_file = $dDB["_shared"]->dbfile(); $dDB["_shared"]->put("SS_AttackedHost" . $runorder, $list); $font_size = getFontSizeSIEM($list); foreach ($list as $l) { $ip = $l[0]; $occurrences = number_format($l[1], 0, ",", "."); $host_id = $l[2]; $ctx = $l[3] != '' ? $l[3] : Session::get_default_ctx(); $host_output = Asset_host::get_extended_name($security_report->ossim_conn, $geoloc, $ip, $ctx, $host_id); $os_pixmap = $host_id != "" ? Asset_host_properties::get_os_by_host($security_report->ossim_conn, $host_id) : ""; $hostname = $host_id != "" ? $host_output['name'] : $ip; $icon = $host_output['html_icon']; $link = "{$acid_link}/" . $acid_prefix . "_stat_alerts.php?&" . "num_result_rows=-1&" . "submit=Query+DB&" . "current_view=-1&" . "ip_addr[0][1]={$target}&" . "ip_addr[0][2]==&" . "ip_addr[0][3]={$ip}&" . "ip_addr_cnt=1&" . "sort_order=time_d"; $bc = $c++ % 2 != 0 ? "class='par'" : ""; $htmlPdfReport->set(' <tr ' . $bc . '> <td style="width:55mm;font-size:' . $font_size . 'px">' . $icon . ' ' . Util::wordwrap($hostname, 21, " ", true) . ' ' . $os_pixmap . '</td> <td style="width:22mm;text-align:center;font-size:' . $font_size . 'px">' . $occurrences . '</td> </tr>'); } $htmlPdfReport->set(' </table> </td> <td valign="top" style="padding-top:15px; width:98mm;">');
function get_targets($conn, $ip_list) { $result = array(); if (!empty($ip_list)) { if (is_array($ip_list) == FALSE) { $ip_list = explode("\n", trim($ip_list)); } foreach ($ip_list as $asset) { $asset = trim($asset); if (preg_match('/^([a-f\\d]{32})#(\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\/\\d{1,2})$/i', $asset, $found)) { $_asset_name = Asset_net::is_in_db($conn, $found[1]) ? Asset_net::get_name_by_id($conn, $found[1]) : $found[2]; $result[$asset] = $_asset_name; } else { if (preg_match('/^([a-f\\d]{32})#(\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3})$/i', $asset, $found)) { $_asset_name = Asset_host::is_in_db($conn, $found[1]) ? Asset_host::get_name_by_id($conn, $found[1]) : $found[2]; $result[$asset] = $_asset_name; } else { if (preg_match('/^([a-f\\d]{32})#hostgroup$/i', $asset, $found)) { $result[$asset] = Asset_group::get_name_by_id($conn, $found[1]); } else { if (preg_match('/^([a-f\\d]{32})#netgroup$/i', $asset, $found)) { $result[$asset] = Net_group::get_name_by_id($conn, $found[1]); } else { $result[$asset] = $asset; } } } } } } return $result; }
"dataType": 'json', "type": "POST", "url": sSource, "data": aoData, "beforeSend": function() { datatables_loading(true); }, "success": function (json) { datatables_loading(false); <?php // Modify the 'Delete' button status // This option will be disable if the user has host or net permissions $host_perm_where = Asset_host::get_perms_where(); $net_perm_where = Asset_net::get_perms_where(); if (empty($host_perm_where) && empty($net_perm_where)) { ?> if (json.iTotalDisplayRecords > 0) { $('#delete_all').removeClass('disabled'); } else { $('#delete_all').addClass('disabled'); } <?php }