function get_asset_info($conn, $asset_id)
{
$asset = Asset_host::get_object($conn, $asset_id);
//Asset Type
$asset_type = $asset->get_external() ? _('External') : _('Internal');
//Asset IPs
$asset_ips = $asset->get_ips();
$ips = $asset_ips->get_ips();
//Asset Sensors
$asset_sensors = $asset->get_sensors();
$sensors = $asset_sensors->get_sensors();
//Asset Nets
$networks = $asset->get_nets($conn);
//Asset Devices
$asset_devices = $asset->get_devices();
$devices = array();
foreach ($asset_devices->get_devices() as $dt_id => $dt_data) {
foreach ($dt_data as $dst_id => $d_name) {
$device_id = $dt_id;
$device_id .= $dst_id > 0 ? ': ' . $dst_id : '';
$devices[$device_id] = $d_name;
}
}
$os_data = $asset->get_os();
$data = array('id' => $asset_id, 'hostname' => $asset->get_name(), 'ips' => $ips, 'descr' => html_entity_decode($asset->get_descr(), ENT_QUOTES, 'UTF-8'), 'asset_type' => $asset_type, 'fqdn' => $asset->get_fqdns(), 'asset_value' => $asset->get_asset_value(), 'icon' => base64_encode($asset->get_icon()), 'os' => $os_data['value'], 'model' => $asset->get_model(), 'sensors' => $sensors, 'networks' => $networks, 'devices' => $devices);
return $data;
}
/**
* @param $conn
* @param $asset_id
*
* @return array
*/
function get_asset_tags($conn, $asset_id)
{
if (!Asset_host::is_allowed($conn, $asset_id)) {
$error = _('Asset Not Allowed');
Util::response_bad_request($error);
}
return get_tags($conn, $asset_id);
}
function get_asset_groups($conn, $asset_id)
{
if (!Asset_host::is_allowed($conn, $asset_id)) {
$error = _('Asset Not Allowed');
Util::response_bad_request($error);
}
try {
$asset = Asset_host::get_object($conn, $asset_id);
$num = $asset->get_num_group($conn);
} catch (Exception $e) {
$num = '-';
}
return $num;
}
function jgraph_attack_graph($target, $hosts, $type = "Bar3D", $width = 450, $height = 250)
{
global $security_report;
global $datapath;
global $base_dir;
global $date_from, $date_to;
if (!strcmp($target, "ip_src")) {
if (!($fp = @fopen("{$base_dir}/tmp/ip_src.xml", "w"))) {
print "Error: <b>{$datapath}</b> directory must exists and be <br/>\n";
print "writable by the user the webserver runs as";
exit;
}
} else {
if (!($fp = @fopen("{$base_dir}/tmp/ip_dst.xml", "w"))) {
print "Error: <b>{$datapath}</b> directory must exists and be <br/>\n";
print "writable by the user the webserver runs as";
exit;
}
}
fwrite($fp, "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n" . "<CategoryDataset>\n <Series name=\"{$target}\">\n");
$list = $security_report->AttackHost($target, $hosts, "event", $date_from, $date_to);
foreach ($list as $l) {
$ip = $l[0];
$ctx = $l[2] != '' ? $l[2] : Session::get_default_ctx();
$occurrences = $l[1];
$_names_aux = Asset_host::get_name_by_ip($security_report->ossim_conn, $ip, $ctx);
$hostname = array_shift($_names_aux);
if (strlen($hostname) > MAX_HOSTNAME_LEN) {
$hostname = $ip;
}
fwrite($fp, " <Item>\n <Key>{$hostname}</Key>\n <Value>{$occurrences}</Value>\n </Item>\n");
}
fwrite($fp, " </Series>\n</CategoryDataset>\n\n");
fclose($fp);
echo "\n<applet archive=\"../java/jcommon-0.9.5.jar,../java/jfreechart-0.9.20.jar,../java/jossim-graph.jar\" code=\"net.ossim.graph.applet.OssimGraphApplet\" width=\"{$width}\" height=\"{$height}\" alt=\"You should see an applet, not this text.\">\n <param name=\"graphType\" value=\"{$type}\">";
if (!strcmp($target, "ip_src")) {
echo " <param name=\"xmlDataUrl\" value=\"{$datapath}/ip_src.xml\">";
} else {
echo " <param name=\"xmlDataUrl\" value=\"{$datapath}/ip_dst.xml\">";
}
echo "\n <param name=\"alpha\" value=\"0.42f\">\n <param name=\"legend\" value=\"false\">\n <param name=\"tooltips\" value=\"false\">\n <param name=\"orientation\" value=\"HORIZONTAL\">\n</applet>\n";
}
$db = new ossim_db();
$conn = $db->connect();
$filters = array('limit' => "{$from}, {$maxrows}", 'order_by' => "{$order} {$torder}");
if ($search_str != '') {
$filters['where'] = 'hostname LIKE "%' . $search_str . '%"';
}
// Get object from session
$asset_object = unserialize($_SESSION['asset_detail'][$group_id]);
if (!is_object($asset_object)) {
throw new Exception(_('Error retrieving the asset data from memory'));
}
// Get the hosts from another groups
if ($asset_type == 'othergroups') {
$where = " id NOT IN (SELECT host_id FROM host_group_reference WHERE host_group_id = UNHEX('" . $group_id . "')) ";
$filters['where'] = !empty($filters['where']) ? $where . ' AND ' . $filters['where'] : $where;
list($host_list, $total) = Asset_host::get_list($conn, '', $filters, $cache);
} else {
list($host_list, $total) = $asset_object->get_hosts($conn, $filters, FALSE);
}
// DATA
$data = array();
foreach ($host_list as $host_id => $host_data) {
$devices = Asset_host_devices::get_devices_to_string($conn, $host_id);
// Asset Group details format
if ($asset_type == 'group') {
try {
$asset_object->can_i_edit($conn);
$asset_object->can_delete_host($conn);
$delete_link = '<a href="javascript:;" onclick="del_asset_from_group(\'' . $host_id . '\');return false">';
$delete_link .= '<img class="delete_small tipinfo" txt="' . _('Remove this asset from group') . '" src="/ossim/pixmaps/delete.png" border="0"/>';
$delete_link .= '</a>';
function main_page($viewall, $sortby, $sortdir)
{
global $uroles, $username, $dbconn, $hosts;
global $arruser, $user;
$dbconn->SetFetchMode(ADODB_FETCH_BOTH);
$tz = Util::get_timezone();
if ($sortby == "") {
$sortby = "id";
}
if ($sortdir == "") {
$sortdir = "DESC";
}
$sql_order = "order by {$sortby} {$sortdir}";
if (Session::menu_perms("environment-menu", "EventsVulnerabilitiesScan")) {
?>
<div style="width:50%; position: relative; height: 5px; float:left">
<div style="width:100%; position: absolute; top: -41px;left:0px;">
<div style="float:left; height:28px; margin:5px 5px 0px 0px;">
<a class="button" href="<?php
echo Menu::get_menu_url(AV_MAIN_PATH . '/vulnmeter/sched.php?smethod=schedule&hosts_alive=1&scan_locally=1', 'environment', 'vulnerabilities', 'scan_jobs');
?>
">
<?php
echo _("New Scan Job");
?>
</a>
</div>
<div style="float:left;height:28px;margin:5px 5px 0px -2px;">
<a class="greybox button av_b_secondary" href="import_nbe.php" title="<?php
echo _("Import nbe file");
?>
">
<?php
echo _("Import nbe file");
?>
</a>
</div>
</div>
</div>
<?php
}
if (intval($_GET['page']) != 0) {
$page = intval($_GET['page']);
} else {
$page = 1;
}
$pagesize = 10;
if ($username == "admin") {
$query = "SELECT count(id) as num FROM vuln_jobs";
} else {
$query = "SELECT count(id) as num FROM vuln_jobs where username='******'";
}
$result = $dbconn->Execute($query);
$jobCount = $result->fields["num"];
$num_pages = ceil($jobCount / $pagesize);
//echo "num_pages:[".$num_pages."]";
//echo "jobCount:[".$jobCount."]";
//echo "page:[".$page."]";
if (Vulnerabilities::scanner_type() == "omp") {
// We can display scan status with OMP protocol
echo Vulnerabilities::get_omp_running_scans($dbconn);
} else {
// Nessus
all_jobs(0, 10, "R");
}
?>
<?php
$schedulejobs = _("Scheduled Jobs");
echo <<<EOT
<table style='margin-top:20px;' class='w100 transparent'><tr><td class='sec_title'>{$schedulejobs}</td></tr></table>
<table summary="Job Schedules" class='w100 table_list'>
EOT;
if ($sortdir == "ASC") {
$sortdir = "DESC";
} else {
$sortdir = "ASC";
}
$arr = array("name" => "Name", "schedule_type" => "Schedule Type", "time" => "Time", "next_CHECK" => "Next Scan", "enabled" => "Status");
// modified by hsh to return all scan schedules
if (empty($arruser)) {
$query = "SELECT t2.name as profile, t1.meth_TARGET, t1.id, t1.name, t1.schedule_type, t1.meth_VSET, t1.meth_TIMEOUT, t1.username, t1.enabled, t1.next_CHECK, t1.email\n FROM vuln_job_schedule t1 LEFT JOIN vuln_nessus_settings t2 ON t1.meth_VSET=t2.id ";
} else {
$query = "SELECT t2.name as profile, t1.meth_TARGET, t1.id, t1.name, t1.schedule_type, t1.meth_VSET, t1.meth_TIMEOUT, t1.username, t1.enabled, t1.next_CHECK, t1.email\n FROM vuln_job_schedule t1 LEFT JOIN vuln_nessus_settings t2 ON t1.meth_VSET=t2.id WHERE username in ({$user}) ";
}
$query .= $sql_order;
$result = $dbconn->execute($query);
if ($result->EOF) {
echo "<tr><td class='empty_results' height='20' style='text-align:center;'>" . _("No Scheduled Jobs") . "</td></tr>";
}
if (!$result->EOF) {
echo "<tr>";
foreach ($arr as $order_by => $value) {
echo "<th><a href=\"manage_jobs.php?sortby={$order_by}&sortdir={$sortdir}\">" . _($value) . "</a></th>";
}
if (Session::menu_perms("environment-menu", "EventsVulnerabilitiesScan")) {
echo "<th>" . _("Action") . "</th></tr>";
}
}
$colors = array("#FFFFFF", "#EEEEEE");
$color = 0;
while (!$result->EOF) {
list($profile, $targets, $schedid, $schedname, $schedtype, $sid, $timeout, $user, $schedstatus, $nextscan, $servers) = $result->fields;
$name = Av_sensor::get_name_by_id($dbconn, $servers);
$servers = $name != '' ? $name : "unknown";
$targets_to_resolve = explode("\n", $targets);
$ttargets = array();
foreach ($targets_to_resolve as $id_ip) {
if (preg_match("/^([a-f\\d]{32})#\\d+\\.\\d+\\.\\d+\\.\\d+\\/\\d{1,2}/i", $id_ip, $found) && Asset_net::is_in_db($dbconn, $found[1])) {
$ttargets[] = preg_replace("/^([a-f\\d]{32})#/i", "", $id_ip) . " (" . Asset_net::get_name_by_id($dbconn, $found[1]) . ")";
} else {
if (preg_match("/^([a-f\\d]{32})#\\d+\\.\\d+\\.\\d+\\.\\d+/i", $id_ip, $found) && Asset_host::is_in_db($dbconn, $found[1])) {
$ttargets[] = preg_replace("/^([a-f\\d]{32})#/i", "", $id_ip) . " (" . Asset_host::get_name_by_id($dbconn, $found[1]) . ")";
} else {
$ttargets[] = preg_replace("/[a-f\\d]{32}/i", "", $id_ip);
}
}
}
$targets = implode("<BR/>", $ttargets);
$tz = intval($tz);
$nextscan = gmdate("Y-m-d H:i:s", Util::get_utc_unixtime($nextscan) + 3600 * $tz);
preg_match("/\\d+\\-\\d+\\-\\d+\\s(\\d+:\\d+:\\d+)/", $nextscan, $found);
$time = $found[1];
switch ($schedtype) {
case "N":
$stt = _("Once (Now)");
break;
case "O":
$stt = _("Once");
break;
case "D":
$stt = _("Daily");
break;
case "W":
$stt = _("Weekly");
break;
case "M":
$stt = _("Monthly");
break;
case "Q":
$stt = _("Quarterly");
break;
case "H":
$stt = _("On Hold");
break;
case "NW":
$stt = _("N<sup>th</sup> weekday of the month");
break;
default:
$stt = " ";
break;
}
switch ($schedstatus) {
case "1":
$itext = _("Disable Scheduled Job");
$isrc = "images/stop_task.png";
$ilink = "manage_jobs.php?disp=setstatus&schedid={$schedid}&enabled=0";
break;
default:
$itext = _("Enable Scheduled Job");
$isrc = "images/play_task.png";
$ilink = "manage_jobs.php?disp=setstatus&schedid={$schedid}&enabled=1";
break;
}
if (!Session::menu_perms("environment-menu", "EventsVulnerabilitiesScan")) {
$ilink = "javascript:return false;";
}
if ($schedstatus) {
$txt_enabled = "<td><a href=\"{$ilink}\"><font color=\"green\">" . _("Enabled") . "</font></a></td>";
} else {
$txt_enabled = "<td><a href=\"{$ilink}\"><font color=\"red\">" . _("Disabled") . "</font></a></td>";
}
require_once 'classes/Security.inc';
if (valid_hex32($user)) {
$user = Session::get_entity_name($dbconn, $user);
}
echo "<tr bgcolor=\"" . $colors[$color % 2] . "\">";
if ($profile == "") {
$profile = _("Default");
}
echo "<td><span class=\"tip\" title=\"<b>" . _("Owner") . ":</b> {$user}<br><b>" . _("Server") . ":</b> {$servers}<br /><b>" . _("Scheduled Job ID") . ":</b> {$schedid}<br><b>" . _("Profile") . ":</b> {$profile}<br><b>" . _("Targets") . ":</b><br>" . $targets . "\">{$schedname}</span></td>";
?>
<td><?php
echo $stt;
?>
</td>
<td><?php
echo $time;
?>
</td>
<td><?php
echo $nextscan;
?>
</td>
<?php
echo <<<EOT
{$txt_enabled}
<td style="padding-top:2px;"><a href="{$ilink}"><img alt="{$itext}" src="{$isrc}" border=0 title="{$itext}"></a>
EOT;
if (Session::menu_perms("environment-menu", "EventsVulnerabilitiesScan")) {
echo "<a href='" . Menu::get_menu_url(AV_MAIN_PATH . '/vulnmeter/sched.php?disp=edit_sched&sched_id=' . $schedid, 'environment', 'vulnerabilities', 'scan_jobs') . "'><img src='images/pencil.png' title='" . _("Edit Scheduled") . "'></a> ";
echo "<a href='manage_jobs.php?disp=delete&schedid={$schedid}' onclick='return confirmDelete();'><img src='images/delete.gif' title='" . gettext("Delete Scheduled") . "'></a>";
}
echo "</td>";
echo <<<EOT
</tr>
EOT;
$result->MoveNext();
$color++;
}
echo <<<EOT
</table>
EOT;
?>
<br />
<?php
$out = all_jobs(($page - 1) * $pagesize, $pagesize);
?>
<table width="100%" align="center" class="transparent" cellspacing="0" cellpadding="0">
<tr>
<td class="nobborder" valign="top" style="padding-top:5px;">
<div class="fright">
<?php
if ($out != 0 && $num_pages != 1) {
$page_url = "manage_jobs.php";
if ($page == 1 && $page == $num_pages) {
echo '<a href="" class="link_paginate_disabled" onclick="return false">< ' . _("PREVIOUS") . '</a>';
echo '<a class="lmargin link_paginate_disabled" href="" onclick="return false">' . _("NEXT") . ' ></a>';
} elseif ($page == 1) {
echo '<a href="" class="link_paginate_disabled" onclick="return false">< ' . _("PREVIOUS") . '</a>';
echo '<a class="lmargin" href="' . $page_url . '?page=' . ($page + 1) . '">' . _("NEXT") . ' ></a> ';
} elseif ($page == $num_pages) {
echo '<a href="' . $page_url . '?page=' . ($page - 1) . '">< ' . _("PREVIOUS") . '</a>';
echo '<a class="lmargin link_paginate_disabled" href="" onclick="return false">' . _("NEXT") . ' ></a>';
} else {
echo '<a href="' . $page_url . '?page=' . ($page - 1) . '">< ' . _("PREVIOUS") . '</a><a class="lmargin" href="' . $page_url . '?page=' . ($page + 1) . '">' . _("NEXT") . ' ></a>';
}
}
?>
</div>
</td>
</tr>
</table>
<?php
}
$arrResults[$hostIP . "#" . $hostctx][] = array('service' => $service, 'port' => $service_num, 'protocol' => $service_proto, 'application' => $app, 'risk' => $risk, 'scriptid' => $scriptid, 'exception' => $eid, 'msg' => preg_replace('/(<br\\s*?\\/??>)+/i', "\n", $msg), 'pname' => $pname);
$result->MoveNext();
}
//Vulnerability table configs
$vcols = array(_("Risk"), _("Details"));
//widths for columns
$vwidth_array = array(20, 170);
// 196 total
$count = 0;
$oldip = "";
// iterate through the IP is the results
foreach ($arrResults as $hostIP_ctx => $scanData) {
list($hostIP, $hostctx) = explode("#", $hostIP_ctx);
$host_id = key(Asset_host::get_id_by_ips($dbconn, $hostIP, $hostctx));
if (valid_hex32($host_id)) {
$hostname = Asset_host::get_name_by_id($dbconn, $host_id);
} else {
$hostname = _('unknown');
}
$hostIP = htmlspecialchars_decode($hostIP);
$hostname = htmlspecialchars_decode($hostname);
$pdf->SetLink(${"IP_" . $hostIP_ctx}, $pdf->GetY());
//print out the host cell
$pdf->SetFillColor(229, 229, 229);
$pdf->SetFont('', 'B', 10);
$pdf->Cell(95, 6, $hostIP, 1, 0, 'C', 1);
$pdf->Cell(95, 6, $hostname, 1, 0, 'C', 1);
//$pdf->Cell(105, 6, "",1,0,'C');
$pdf->SetFont('', '');
$pdf->Ln();
// now iterate through the scan results for this IP
$negated_op = preg_match('/^\\!/', $_GET["search_str"]) ? '!' : '';
$_GET["search_str"] = Util::htmlentities(preg_replace("/[^0-9A-Za-z\\!\\-\\_\\.]/", "", $_GET["search_str"]));
// htmlentities for fortify test
$_ips_aux = Asset_host::get_ips_by_name($conn_aux, $_GET["search_str"]);
$_GET["search_str"] = $negated_op . implode(" OR {$negated_op}", array_keys($_ips_aux));
}
// Conversion: Searching by IP, but Host selected
if ($_GET["search_str"] != "" && in_array($_GET["submit"], $host_submit) && preg_match("/^\\!?\\d+\\.\\d+\\.\\d+\\.\\d+\$/", $_GET["search_str"])) {
$_GET['submit'] = str_replace(" Host", " IP", $_GET['submit']);
}
// Hostname
if ($_GET["search_str"] != "" && in_array($_GET["submit"], $host_submit) && !preg_match("/\\d+\\.\\d+\\.\\d+\\.\\d+/", $_GET["search_str"])) {
$negated_op = preg_match('/^\\!/', $_GET["search_str"]) ? 'NOT IN' : 'IN';
$_GET["search_str"] = Util::htmlentities(preg_replace("/[^0-9A-Za-z\\!\\-\\_\\.]/", "", $_GET["search_str"]));
// htmlentities for fortify test
$hids = Asset_host::get_id_by_name($conn_aux, $_GET["search_str"]);
$htype = $_GET["submit"] == _("Src or Dst Host") ? "both" : ($_GET["submit"] == _("Src Host") ? "src" : "dst");
$_SESSION["hostid"] = array(array_shift(array_keys($hids)), $_GET["search_str"], $htype, $negated_op);
unset($_GET["search_str"]);
}
$db_aux->close();
if ($_SESSION['view_name_changed']) {
$_GET['custom_view'] = $_SESSION['view_name_changed'];
$_SESSION['view_name_changed'] = "";
$_SESSION['norefresh'] = 1;
} else {
$_SESSION['norefresh'] = "";
}
$custom_view = $_GET['custom_view'];
ossim_valid($custom_view, OSS_NULLABLE, OSS_ALPHA, OSS_SPACE, OSS_PUNC, "Invalid: custom_view");
if (ossim_error()) {
function list_results($type, $value, $ctx_filter, $sortby, $sortdir)
{
global $allres, $offset, $pageSize, $dbconn;
global $user, $arruser;
$dbconn->SetFetchMode(ADODB_FETCH_BOTH);
$filteredView = FALSE;
$selRadio = array("", "", "", "");
$query_onlyuser = "";
$url_filter = "";
// Deprecated filter
//if(!empty($arruser)) {$query_onlyuser = "******";}
$sortby = "t1.results_sent DESC, t1.hostIP DESC";
$sortdir = "";
$queryw = "";
$queryl = "";
$querys = "SELECT distinct t1.hostIP, HEX(t1.ctx) as ctx, t1.scantime, t1.username, t1.scantype, t1.report_key, t1.report_type as report_type, t1.sid, t3.name as profile\n FROM vuln_nessus_latest_reports AS t1 LEFT JOIN vuln_nessus_settings AS t3 ON t1.sid = t3.id, vuln_nessus_latest_results AS t5\n WHERE\n t1.hostIP = t5.hostIP\n AND t1.ctx = t5.ctx\n AND t1.deleted = '0' ";
// set up the SQL query based on the search form input (if any)
if ($type == "scantime" && $value != "") {
$selRadio[0] = "CHECKED";
$q = $value;
$queryw = " AND t1.scantime LIKE '%{$q}%' {$query_onlyuser} order by {$sortby} {$sortdir}";
$queryl = " limit {$offset},{$pageSize}";
$stext = "<b>" . _("Search for Date/Time") . "</b> = '*{$q}*'";
$url_filter = "&type={$type}&value={$value}";
} else {
if ($type == "service" && $value != "") {
$selRadio[5] = "CHECKED";
$q = $value;
$queryw = " AND t5.service LIKE '%{$q}%' {$query_onlyuser} order by {$sortby} {$sortdir}";
$queryl = " limit {$offset},{$pageSize}";
$stext = "<b>" . _("Search for Service") . "</b> = '*" . html_entity_decode($q) . "*'";
$url_filter = "&type={$type}&value={$value}";
} else {
if ($type == "freetext" && $value != "") {
$selRadio[6] = "CHECKED";
$q = $value;
$queryw = " AND t5.msg LIKE '%{$q}%' {$query_onlyuser} order by {$sortby} {$sortdir}";
$queryl = " limit {$offset},{$pageSize}";
$stext = "<b>" . _("Search for Free Text") . "</b> = '*" . html_entity_decode($q) . "*'";
$url_filter = "&type={$type}&value={$value}";
} else {
if ($type == "hostip" && $value != "") {
$selRadio[1] = "CHECKED";
$q = strtolower($value);
$queryw = " t1.hostIP LIKE '%{$q}%' {$query_onlyuser} order by {$sortby} {$sortdir}";
$queryl = " limit {$offset},{$pageSize}";
$stext = "<b>" . _("Search for Host-IP") . "</b> = '*{$q}*'";
$url_filter = "&type={$type}&value={$value}";
} else {
if ($type == "fk_name" && $value != "") {
$selRadio[2] = "CHECKED";
$q = strtolower($value);
$queryw = " AND t1.fk_name LIKE '%{$q}%' {$query_onlyuser} order by {$sortby} {$sortdir}";
$queryl = " limit {$offset},{$pageSize}";
$stext = _("Search for Subnet/CIDR") . " = '*{$q}*'";
$url_filter = "&type={$type}&value={$value}";
} else {
if ($type == "username" && $value != "") {
$selRadio[3] = "CHECKED";
$q = strtolower($value);
$queryw = " AND t1.username LIKE '%{$q}%' {$query_onlyuser} order by {$sortby} {$sortdir}";
$queryl = " limit {$offset},{$pageSize}";
$stext = "<b>" . _("Search for user") . "</b> = '*{$q}*'";
$url_filter = "&type={$type}&value={$value}";
} else {
if ($type == "hn" && $value != "") {
if (!empty($ctx_filter)) {
$queryw = " AND t1.ctx=UNHEX('{$ctx_filter}')";
}
$selRadio[4] = "CHECKED";
if (preg_match("/\\//", $value)) {
$ip_range = array();
$ip_range = Cidr::expand_CIDR($value, "SHORT");
$queryw .= " AND (inet_aton(t1.hostIP) >= '" . $ip_range[0] . "' AND inet_aton(t1.hostIP) <='" . $ip_range[1] . "') {$query_onlyuser} order by {$sortby} {$sortdir}";
} elseif (preg_match("/\\,/", $value)) {
$q = implode("','", explode(",", $value));
$queryw .= " AND t1.hostIP in ('{$q}') {$query_onlyuser} order by {$sortby} {$sortdir}";
$q = "Others";
} else {
$q = $value;
$queryw .= " AND t1.hostIP LIKE '{$q}' {$query_onlyuser} order by {$sortby} {$sortdir}";
}
$queryl = " limit {$offset},{$pageSize}";
if (!preg_match("/\\//", $value)) {
$stext = "<b>" . _("Search for Host") . "</b> = '" . html_entity_decode($q) . "'";
} else {
$stext = "<b>" . _("Search for Subnet/CIDR") . "</b> = '{$value}'";
}
$url_filter = "&type={$type}&value={$value}";
} else {
$selRadio[4] = "CHECKED";
$viewAll = FALSE;
$queryw = "{$query_onlyuser} order by {$sortby} {$sortdir}";
$queryl = " limit {$offset},{$pageSize}";
$stext = "";
}
}
}
}
}
}
}
// set up the pager and search fields if viewing all hosts
$reportCount = 0;
if (!$filteredView) {
$dbconn->Execute(str_replace("SELECT distinct", "SELECT SQL_CALC_FOUND_ROWS distinct", $querys) . $queryw);
$reportCount = $dbconn->GetOne("SELECT FOUND_ROWS() as total");
$previous = $offset - $pageSize;
if ($previous < 0) {
$previous = 0;
}
$last = intval($reportCount / $pageSize) * $pageSize;
if ($last < 0) {
$last = 0;
}
$next = $offset + $pageSize;
$pageEnd = $offset + $pageSize;
$value = html_entity_decode($value);
//echo "<center><table cellspacing='0' cellpadding='0' border='0' width='100%'><tr><td class='headerpr' style='border:0;'>"._("Current Vulnerablities")."</td></tr></table>";
// output the search form
echo "<table class='w100 transparent'>";
echo "<tr><td class='sec_title'>" . _("Asset Vulnerability Details") . "</td></tr>";
echo "<tr><td style='padding:12px 0px 0px 0px;' class='transparent'>";
?>
<div id='cvleftdiv'>
<a id="new_scan_button" class="button" href="<?php
echo Menu::get_menu_url(AV_MAIN_PATH . '/vulnmeter/sched.php?action=create_scan&hosts_alive=1&scan_locally=1', 'environment', 'vulnerabilities', 'scan_jobs');
?>
" style="text-decoration:none;">
<?php
echo _("New Scan Job");
?>
</a>
</div>
<div id='cvrightdiv'>
<?php
echo '<form name="hostSearch" id="hostSearch" action="index.php" method="GET">
<input type="text" length="25" name="value" id="assets" class="assets" style="margin:0px !important;" value="' . Util::htmlentities($value) . '">';
// cvfiltertype -> current vulnerabilities filter type
echo "\n<input type=\"radio\" name=\"type\" value=\"service\" {$selRadio['5']}>" . _("Service") . "\n<input type=\"radio\" name=\"type\" value=\"freetext\" {$selRadio['6']}>" . _("Free text") . "\n<input type=\"radio\" name=\"type\" value=\"hn\" {$selRadio['4']}>" . _("Host/Net") . "\n";
echo "<input type=\"submit\" name=\"submit\" value=\"" . _("Find") . "\" id=\"current_vulns_find_button\" class=\"av_b_secondary small\" style=\"margin-left:15px;\">";
echo <<<EOT
</form>
</p>
EOT;
} else {
// get the search result count
$queryc = "SELECT count( report_id ) FROM vuln_nessus_latest_reports WHERE t1.deleted = '0' ";
$scount = $dbconn->GetOne($queryc . $queryw);
echo "<p>{$scount} report";
if ($scount != 1) {
echo "s";
} else {
}
echo " " . _("found matching search criteria") . " | ";
echo " <a href='index.php' alt='" . _("View All Reports") . "'>" . _("View All Reports") . "</a></p>";
}
echo "<p>";
echo $stext;
echo "</p>";
echo "</div></td></tr></table>";
$result = array();
// get the hosts to display
$result = $dbconn->GetArray($querys . $queryw . $queryl);
// main query
//echo $querys.$queryw.$queryl;
$delete_ids = array();
if (count($result) > 0) {
foreach ($result as $rpt) {
$delete_ids[] = $dreport_id = $rpt["report_id"];
}
}
$_SESSION["_dreport_ids"] = implode(",", $delete_ids);
//echo "$querys$queryw$queryl";
if ($result === false) {
$errMsg[] = _("Error getting results") . ": " . $dbconn->ErrorMsg();
$error++;
dispSQLError($errMsg, $error);
} else {
$data['vInfo'] = 0;
$data['vLow'] = 0;
$data['vMed'] = 0;
$data['vHigh'] = 0;
$data['vSerious'] = 0;
$perms_where = Asset_host::get_perms_where('host.', TRUE);
if (!empty($perms_where)) {
$queryt = "SELECT count(lr.result_id) AS total, lr.risk, lr.hostIP, HEX(lr.ctx) AS ctx\n FROM vuln_nessus_latest_results lr, host, host_ip hi\n WHERE host.id=hi.host_id AND inet6_ntoa(hi.ip)=lr.hostIP {$perms_where} AND falsepositive='N'\n GROUP BY risk, hostIP, ctx";
} else {
$queryt = "SELECT count(lr.result_id) AS total, risk, lr.hostIP, HEX(lr.ctx) AS ctx\n FROM vuln_nessus_latest_results lr\n WHERE falsepositive='N'\n GROUP BY risk, hostIP, ctx";
}
//echo "$queryt<br>";
$resultt = $dbconn->Execute($queryt);
while (!$resultt->EOF) {
$riskcount = $resultt->fields['total'];
$risk = $resultt->fields['risk'];
if ($risk == 7) {
$data['vInfo'] += $riskcount;
} else {
if ($risk == 6) {
$data['vLow'] += $riskcount;
} else {
if ($risk == 3) {
$data['vMed'] += $riskcount;
} else {
if ($risk == 2) {
$data['vHigh'] += $riskcount;
} else {
if ($risk == 1) {
$data['vSerious'] += $riskcount;
}
}
}
}
}
$resultt->MoveNext();
}
if ($data['vInfo'] == 0 && $data['vLow'] == 0 && $data['vMed'] == 0 && $data['vHigh'] == 0 && $data['vSerious'] == 0) {
$tdata[] = array("report_id" => "All", "host_name" => "", "scantime" => "", "username" => "", "scantype" => "", "report_key" => "", "report_type" => "", "sid" => "", "profile" => "", "hlink" => "", "plink" => "", "xlink" => "", "vSerious" => $data['vSerious'], "vHigh" => $data['vHigh'], "vMed" => $data['vMed'], "vLow" => $data['vLow'], "vInfo" => $data['vInfo']);
} else {
$tdata[] = array("report_id" => "All", "host_name" => "", "scantime" => "", "username" => "", "scantype" => "", "report_key" => "", "report_type" => "", "sid" => "", "profile" => "", "hlink" => "lr_reshtml.php?ipl=all&disp=html&output=full&scantype=M", "plink" => "lr_respdf.php?ipl=all&scantype=M", "xlink" => "lr_rescsv.php?ipl=all&scantype=M", "dlink" => "", "vSerious" => $data['vSerious'], "vHigh" => $data['vHigh'], "vMed" => $data['vMed'], "vLow" => $data['vLow'], "vInfo" => $data['vInfo']);
}
foreach ($result as $data) {
if (!Session::hostAllowed_by_ip_ctx($dbconn, $data["hostIP"], $data["ctx"])) {
continue;
}
$host_id = key(Asset_host::get_id_by_ips($dbconn, $data["hostIP"], $data["ctx"]));
if (valid_hex32($host_id)) {
$data['host_name'] = Asset_host::get_name_by_id($dbconn, $host_id);
}
$data['vSerious'] = 0;
$data['vHigh'] = 0;
$data['vMed'] = 0;
$data['vLow'] = 0;
$data['vInfo'] = 0;
// query for reports for each IP
$query_risk = "SELECT distinct risk, port, protocol, app, scriptid, msg, hostIP FROM vuln_nessus_latest_results WHERE hostIP = '" . $data['hostIP'];
$query_risk .= "' AND username = '******'username'] . "' AND sid =" . $data['sid'] . " AND ctx = UNHEX('" . $data['ctx'] . "') AND falsepositive='N'";
$result_risk = $dbconn->Execute($query_risk);
while (!$result_risk->EOF) {
if ($result_risk->fields["risk"] == 7) {
$data['vInfo']++;
} else {
if ($result_risk->fields["risk"] == 6) {
$data['vLow']++;
} else {
if ($result_risk->fields["risk"] == 3) {
$data['vMed']++;
} else {
if ($result_risk->fields["risk"] == 2) {
$data['vHigh']++;
} else {
if ($result_risk->fields["risk"] == 1) {
$data['vSerious']++;
}
}
}
}
}
$result_risk->MoveNext();
}
$data['plink'] = "lr_respdf.php?treport=latest&ipl=" . urlencode($data['hostIP']) . "&ctx=" . $data['ctx'] . "&scantype=" . $data['scantype'];
$data['hlink'] = "lr_reshtml.php?treport=latest&ipl=" . urlencode($data['hostIP']) . "&ctx=" . $data['ctx'] . "&scantype=" . $data['scantype'];
$data['xlink'] = "lr_rescsv.php?treport=latest&ipl=" . urlencode($data['hostIP']) . "&ctx=" . $data['ctx'] . "&scantype=" . $data['scantype'];
if (Session::am_i_admin()) {
$data['dlink'] = "index.php?delete=" . $data['report_key'] . "&scantime=" . $data['scantime'];
}
$list = explode("\n", trim($data['meth_target']));
if (count($list) == 1) {
$list[0] = trim($list[0]);
$data['target'] = resolve_asset($dbconn, $list[0]);
} elseif (count($list) == 2) {
$list[0] = trim($list[0]);
$list[0] = resolve_asset($dbconn, $list[0]);
$list[1] = trim($list[1]);
$list[1] = resolve_asset($dbconn, $list[1]);
$data['target'] = $list[0] . ' ' . $list[1];
} else {
$list[0] = trim($list[0]);
$list[0] = resolve_asset($dbconn, $list[0]);
$list[count($list) - 1] = trim($list[count($list) - 1]);
$list[count($list) - 1] = resolve_asset($dbconn, $list[count($list) - 1]);
$data['target'] = $list[0] . " ... " . $list[count($list) - 1];
}
$tdata[] = $data;
}
if ($sortdir == "ASC") {
$sortdir = "DESC";
} else {
$sortdir = "ASC";
}
$url = $_SERVER['SCRIPT_NAME'] . "?offset={$offset}&sortby=%var%&sortdir={$sortdir}" . $url_filter;
$fieldMapLinks = array();
$fieldMapLinks = array(gettext("HTML Results") => array('url' => '%param%', 'param' => 'hlink', 'target' => 'main', 'icon' => 'images/html.png'), gettext("PDF Results") => array('url' => '%param%', 'param' => 'plink', 'target' => '_blank', 'icon' => 'images/pdf.png'), gettext("EXCEL Results") => array('url' => '%param%', 'param' => 'xlink', 'target' => '_blank', 'icon' => 'images/page_white_excel.png'));
if (Session::am_i_admin()) {
$fieldMapLinks["DELETE Results"] = array('url' => '%param%', 'param' => 'dlink', 'target' => 'main', 'icon' => 'images/delete.gif');
}
$fieldMap = array("Host - IP" => array('var' => 'hostip'), "Date/Time" => array('var' => 'scantime'), "Profile" => array('var' => 'profile'), "Serious" => array('var' => 'vSerious'), "High" => array('var' => 'vHigh'), "Medium" => array('var' => 'vMed'), "Low" => array('var' => 'vLow'), "Info" => array('var' => 'vInfo'), "Links" => $fieldMapLinks);
// echo "<pre>";
// var_dump($tdata);
// echo "</pre>";
if (count($tdata) > 1) {
drawTableLatest($fieldMap, $tdata, "Hosts");
} elseif (Session::menu_perms("environment-menu", "EventsVulnerabilitiesScan")) {
echo "<br><span class='gray'>" . _("No results found: ") . "</span><a href='" . Menu::get_menu_url(AV_MAIN_PATH . '/vulnmeter/sched.php?action=create_scan&hosts_alive=1&scan_locally=1', 'environment', 'vulnerabilities', 'scan_jobs') . "'>" . _("Click here to run a Vulnerability Scan now") . "</a><br><br>";
}
}
// draw the pager again, if viewing all hosts
if (!$filteredView && $reportCount > 10) {
?>
<div class="fright tmargin">
<?php
if ($next > $pageSize) {
?>
<a href="index.php?<?php
echo "offset={$previous}{$url_filter}";
?>
" class="pager">< <?php
echo _("PREVIOUS");
?>
</a>
<?php
} else {
?>
<a class='link_paginate_disabled' href="" onclick='return false'>< <?php
echo _("PREVIOUS");
?>
</a>
<?php
}
if ($next <= $last) {
?>
<a class='lmargin' href="index.php?<?php
echo "offset={$next}{$url_filter}";
?>
"> <?php
echo _("NEXT");
?>
></a>
<?php
} else {
?>
<a class='link_paginate_disabled lmargin' href="" onclick='return false'><?php
echo _("NEXT");
?>
></a>
<?php
}
?>
</div>
<?php
} else {
echo "<p> </p>";
}
}
$ctx_src = $src_host->get_ctx();
}
// Src icon and bold
$src_output = Asset_host::get_extended_name($conn, $geoloc, $s_src_ip, $ctx_src, $event_info["src_host"], $event_info["src_net"]);
$homelan_src = $src_output['is_internal'];
$src_img = $src_output['html_icon'];
// Dst
if ($no_resolv || !$dst_host) {
$s_dst_name = $s_dst_ip;
$ctx_dst = $ctx;
} elseif ($dst_host) {
$s_dst_name = $dst_host->get_name();
$ctx_dst = $dst_host->get_ctx();
}
// Dst icon and bold
$dst_output = Asset_host::get_extended_name($conn, $geoloc, $s_dst_ip, $ctx_dst, $event_info["dst_host"], $event_info["dst_net"]);
$homelan_dst = $dst_output['is_internal'];
$dst_img = $dst_output['html_icon'];
// Clean icon hover tiptip
$s_src_link = Menu::get_menu_url("../forensics/base_stat_ipaddr.php?clear_allcriteria=1&ip={$s_src_ip}", 'analysis', 'security_events', 'security_events');
$s_dst_link = Menu::get_menu_url("../forensics/base_stat_ipaddr.php?clear_allcriteria=1&ip={$s_dst_ip}", 'analysis', 'security_events', 'security_events');
$s_src_port = $s_src_port != 0 ? ":" . Port::port2service($conn, $s_src_port) : "";
$s_dst_port = $s_dst_port != 0 ? ":" . Port::port2service($conn, $s_dst_port) : "";
// Reputation info
$rep_src_icon = Reputation::getrepimg($event_info["rep_prio_src"], $event_info["rep_rel_src"], $event_info["rep_act_src"], $s_src_ip);
//$rep_src_bgcolor = Reputation::getrepbgcolor($event_info["rep_prio_src"]);
$rep_dst_icon = Reputation::getrepimg($event_info["rep_prio_dst"], $event_info["rep_rel_dst"], $event_info["rep_act_dst"], $s_dst_ip);
//$rep_dst_bgcolor = Reputation::getrepbgcolor($event_info["rep_prio_dst"]);
$c_src_homelan = $homelan_src ? 'bold alarm_netlookup' : '';
$source_link = $src_img . " <a href='{$s_src_link}' class='{$c_src_homelan}' data-title='{$s_src_ip}-{$ctx_src}' title='{$s_src_ip}'>" . $s_src_name . $s_src_port . "</a> {$rep_src_icon}";
$source_balloon = "<div id='" . $s_src_ip . ";" . $s_src_name . ";" . $event_info["src_host"] . "' ctx='{$ctx}' id2='" . $s_src_ip . ";" . $s_dst_ip . "' class='HostReportMenu'>";
$me = NULL;
}
$_country_aux = $geoloc->get_country_by_host($conn, $user->get_ip());
$s_country = strtolower($_country_aux[0]);
$s_country_name = $_country_aux[1];
$geo_code = get_country($s_country);
$flag = !empty($geo_code) ? "<img src='" . $geo_code . "' border='0' align='top'/>" : '';
$logon_date = gmdate('Y-m-d H:i:s', Util::get_utc_unixtime($user->get_logon_date()) + 3600 * Util::get_timezone());
$activity_date = Util::get_utc_unixtime($user->get_activity());
$background = Session_activity::is_expired($activity_date) ? 'background:#FFD8D6;' : '';
$expired = Session_activity::is_expired($activity_date) ? "<span style='color:red'>(" . _('Expired') . ")</span>" : "";
$agent = explode('###', $user->get_agent());
if ($agent[1] == 'av report scheduler') {
$agent = array('AV Report Scheduler', 'wget');
}
$host = @array_shift(Asset_host::get_name_by_ip($conn, $user->get_ip()));
$host = $host == '' ? $user->get_ip() : $host;
echo " <tr id='" . $user->get_id() . "'>\n\t\t\t\t\t\t\t\t\t<td class='ops_user' {$me}><img class='user_icon' src='" . get_user_icon($user->get_login(), $pro) . "' alt='" . _('User icon') . "' title='" . _('User icon') . "' align='absmiddle'/> " . $user->get_login() . "</td>\n\t\t\t\t\t\t\t\t\t<td class='ops_ip'>" . $user->get_ip() . "</td>\n\t\t\t\t\t\t\t\t\t<td class='ops_host'>" . $host . $flag . "</td>\n\t\t\t\t\t\t\t\t\t<td class='ops_agent'><a title='" . htmlentities($agent[1]) . "' class='info_agent'>" . htmlentities($agent[0]) . "</a></td>\n\t\t\t\t\t\t\t\t\t<td class='ops_id'>" . $user->get_id() . " {$expired}</td>\n\t\t\t\t\t\t\t\t\t<td class='ops_logon'>" . $logon_date . "</td>\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t<td class='ops_activity'>" . _(TimeAgo($activity_date, gmdate('U'))) . "</td>\n\t\t\t\t\t\t\t\t\t<td class='ops_actions'>{$action}</td>\t\n\t\t\t\t\t\t\t\t</tr>";
}
}
?>
</tbody>
</table>
</div>
</div>
</body>
</html>
<?php
$db->close();
$sensor_id = POST('sensor_id');
$asset_id = POST('asset_id');
$agent_id = POST('agent_id');
$validate = array('sensor_id' => array('validation' => "OSS_HEX", 'e_message' => 'illegal:' . _('Sensor ID')), 'asset_id' => array('validation' => "OSS_HEX", 'e_message' => 'illegal:' . _('Asset ID')), 'agent_id' => array('validation' => 'OSS_DIGIT', 'e_message' => 'illegal:' . _('Agent ID')));
$validation_errors = validate_form_fields('POST', $validate);
//Database connection
$db = new ossim_db();
$conn = $db->connect();
if (empty($validation_errors)) {
//Extra validations
try {
if (Asset_host::is_in_db($conn, $asset_id) == FALSE) {
$e_msg = _('Unable to deploy HIDS agent. This asset no longer exists in the asset inventory. Please check with your system admin for more information');
Av_exception::throw_error(Av_exception::USER_ERROR, $e_msg);
}
$asset = new Asset_host($conn, $asset_id);
$asset->load_from_db($conn);
//Check asset context
$ext_ctxs = Session::get_external_ctxs($conn);
$ctx = $asset->get_ctx();
if (!empty($ext_ctxs[$ctx])) {
$e_msg = _('Asset can only be deployed at this USM');
//Server related to CTX
$server_obj = Server::get_server_by_ctx($conn, $ctx);
if ($server_obj) {
$s_name = $server_obj->get_name();
$s_ip = $server_obj->get_ip();
$server = $s_name . ' (' . $s_ip . ')';
$e_msg = sprintf(_("Unable to deploy agent to assets on a child server. Please login to %s to deploy the HIDS agents"), $server);
}
Av_exception::throw_error(Av_exception::USER_ERROR, $e_msg);
exit;
}
while (!$rs->EOF) {
$ip = $rs->fields['ip'];
$ctx = $rs->fields['ctx'];
$ids = Asset_host::get_id_by_ips($conn_aux, $ip, $ctx);
if (empty($hosts_in_db[$ip][$ctx]) && empty($ids)) {
if ($mode == 'insert') {
try {
$id = Util::uuid();
$hostname = Asset_host::get_autodetected_name($ip);
$ips = array();
$ips[$ip] = array('ip' => $ip, 'mac' => NULL);
$sensors = array($rs->fields['sensor_id']);
$conn_aux = $db->connect();
$host = new Asset_host($conn_aux, $id);
Util::disable_perm_triggers($conn_aux, TRUE);
$host->set_name($hostname);
$host->set_ctx($ctx);
$host->set_ips($ips);
$host->set_sensors($sensors);
$host->save_in_db($conn_aux, FALSE);
$hosts_in_db[$ip][$ctx] = $ip;
?>
<script type="text/javascript">
parent.$("#ptext").html("<?php
echo _('Inserting new host') . ' <strong>' . $hostname . '</strong>';
?>
");
</script>
<?php
Session::logcheck("analysis-menu", "ControlPanelAlarms");
$h_id = GET('id');
$h_ip = GET('ip');
$prefix = GET('prefix');
ossim_valid($h_id, OSS_HEX, OSS_NULLABLE, 'illegal:' . _("Asset ID"));
ossim_valid($h_ip, OSS_IP_ADDR_0, OSS_NULLABLE, 'illegal:' . _("Ip"));
ossim_valid($prefix, 'src', 'dst', 'illegal:' . _("Prefix"));
if (ossim_error()) {
die(ossim_error());
}
$gloc = new Geolocation('/usr/share/geoip/GeoLiteCity.dat');
$data = $_SESSION['_alarm_stats'][$prefix];
/* connect to db */
$db = new ossim_db(TRUE);
$conn = $db->connect();
$h_obj = Asset_host::get_object($conn, $h_id, TRUE);
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title><?php
echo gettext("OSSIM Framework");
?>
</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>
<meta http-equiv="Pragma" content="no-cache"/>
<link rel="stylesheet" type="text/css" href="/ossim/style/av_common.css?t=<?php
echo Util::get_css_id();
?>
require_once 'av_init.php';
Session::logcheck_ajax('environment-menu', 'PolicyHosts');
//Validate Form token
$token = POST('token');
if (Token::verify('tk_delete_asset_bulk', $token) == FALSE) {
$error = Token::create_error_message();
Util::response_bad_request($error);
}
session_write_close();
/* connect to db */
$db = new ossim_db(TRUE);
$conn = $db->connect();
try {
$perm_add = Session::can_i_create_assets();
if (!$perm_add) {
$db->close();
$error = _('You do not have the correct permissions to delete assets. Please contact system administrator with any questions');
Util::response_bad_request($error);
}
$app_name = Session::is_pro() ? 'AlienVault' : 'OSSIM';
$num_assets = Filter_list::get_total_selection($conn, 'asset');
//Delete all filtered asset
Asset_host::bulk_delete($conn);
$data['status'] = 'OK';
$data['data'] = sprintf(_('%s assets have been permanently deleted from %s'), $num_assets, $app_name);
} catch (Exception $e) {
$db->close();
Util::response_bad_request($e->getMessage());
}
$db->close();
echo json_encode($data);
if (isset($_GET['get_data'])) {
//Setting up a high time limit.
set_time_limit(360);
$db = new ossim_db();
$conn = $db->connect();
//Setting up the file name with the hosts info
$file = uniqid('/tmp/export_all_host_' . date('Ymd_H-i-s') . '_');
$_SESSION['_csv_file_hosts'] = $file;
session_write_close();
$csv = array();
//Export a filtered list
$filters = array();
$session = session_id();
$tables = ', user_component_filter hc';
$filters = array('where' => "hc.asset_id=host.id AND hc.asset_type='asset' AND hc.session_id = '{$session}'", 'order_by' => 'host.hostname ASC');
$_host_list = Asset_host::get_list($conn, $tables, $filters);
foreach ($_host_list[0] as $host) {
$id = $host['id'];
//Description
$descr = $host['descr'];
$descr = mb_convert_encoding($descr, 'UTF-8', 'HTML-ENTITIES');
//Operating System
$os = Asset_host_properties::get_property_from_db($conn, $host['id'], 3);
$os = array_pop($os);
//Latitude/Longitude
$latitude = empty($host['location']['lat']) ? '' : $host['location']['lat'];
$longitude = empty($host['location']['lon']) ? '' : $host['location']['lon'];
//Devices
$str_devices = '';
$devices = Asset_host_devices::get_devices_to_string($conn, $id);
if (!empty($devices)) {
<table align="center" class="noborder">
<tr>
<th style="background-position:top center"><?php
echo _("Destination");
?>
</th>
<td class="left nobborder">
<select id="toselect" name="toselect[]" size="12" multiple="multiple" style="width:150px">
<?php
if ($rule->to != "ANY" && $rule->to != "" && !preg_match("/\\:...\\_IP/", $rule->to)) {
$pre_list = explode(",", $rule->to);
foreach ($pre_list as $list_element) {
// Asset ID: Resolve by name
if (preg_match("/(\\!)?([0-9A-Fa-f\\-]{36})/", $list_element, $found)) {
$uuid_aux = str_replace("-", "", strtoupper($found[2]));
$h_obj = Asset_host::get_object($conn, $uuid_aux);
if ($h_obj != null) {
echo "<option value='" . $found[1] . $found[2] . "'>" . $found[1] . $h_obj->get_name() . " (" . $h_obj->get_ips()->get_ips('string') . ")</option>\n";
} else {
$n_obj = Asset_net::get_object($conn, $uuid_aux);
if ($n_obj != null) {
echo "<option value='" . $found[1] . $found[2] . "'>" . $found[1] . $n_obj->get_name() . " (" . $n_obj->get_ips() . ")</option>\n";
}
}
// Another one (HOME_NET, 12.12.12.12...)
} else {
echo "<option value='{$list_element}'>{$list_element}</option>\n";
}
}
}
?>
foreach ($source_net_list as $source_net_group) {
if (!check_any($source_net_group->get_net_group_id())) {
$source .= ($source == "" ? "" : "<br/>") . "<img src='../pixmaps/theme/net_group.png' align=absbottom /> " . Net_group::get_name_by_id($conn, $source_net_group->get_net_group_id());
}
}
}
if (empty($source)) {
$source = "<img src='../pixmaps/theme/host.png' align=absbottom />" . _('ANY');
}
$xml .= "<cell><![CDATA[" . $source . "]]></cell>";
//
$dest = "";
if ($dest_host_list = $policy->get_hosts($conn, 'dest')) {
foreach ($dest_host_list as $dest_host) {
if (!check_any($dest_host->get_host_id())) {
$dest .= ($dest == "" ? "" : "<br/>") . "<img src='../pixmaps/theme/host.png' align=absbottom /> " . Asset_host::get_name_by_id($conn, $dest_host->get_host_id());
}
}
}
if ($dest_net_list = $policy->get_nets($conn, 'dest')) {
foreach ($dest_net_list as $dest_net) {
if (!check_any($dest_net->get_net_id())) {
$dest .= ($dest == "" ? "" : "<br/>") . "<img src='../pixmaps/theme/net.png' align=absbottom /> " . Asset_net::get_name_by_id($conn, $dest_net->get_net_id());
}
}
}
if ($dest_host_list = $policy->get_host_groups($conn, 'dest')) {
foreach ($dest_host_list as $dest_host_group) {
if (!check_any($dest_host_group->get_host_group_id())) {
$dest .= ($dest == "" ? "" : "<br/>") . "<img src='../pixmaps/theme/host_group.png' align=absbottom /> " . Asset_group::get_name_by_id($conn, $dest_host_group->get_host_group_id());
}
$selected = "";
// src_ips from acid_event
$where = Security_report::make_where($conn, $date_from, $date_to, $plugin_list, $dDB);
$ejoin = preg_match('/plist_[a-z]+/', $where) ? preg_replace('/.*(plist_[a-z]+)\\.id .*/', ',\\1', $where) : '';
$query = "SELECT DISTINCT ip_src AS ip FROM alienvault_siem.acid_event {$ejoin} WHERE 1=1 {$where}\n UNION SELECT DISTINCT ip_dst as ip FROM alienvault_siem.acid_event {$ejoin} WHERE 1=1 {$where}";
$rs = $conn->Execute($query);
if (!$rs) {
Av_exception::throw_error(Av_exception::DB_ERROR, $conn->ErrorMsg());
}
$already = array();
while (!$rs->EOF) {
$ip = inet_ntop($rs->fields['ip']);
if (!isset($already[$ip])) {
//Session::hostAllowed($conn,$ip) => not necessary here?
$already[$ip]++;
if (!Asset_host::is_ip_in_cache_cidr($conn, $ip)) {
// geoip
$_country_aux = $geoloc->get_country_by_host($conn, $ip);
$s_country = strtolower($_country_aux[0]);
$s_country_name = $_country_aux[1];
if ($s_country == '') {
$ips[':Unknown']++;
} else {
$ips["{$s_country}:{$s_country_name}"]++;
}
}
}
$rs->MoveNext();
}
//
arsort($ips);
$sensors = array_keys(Asset_host_sensors::get_sensors_by_id($conn, $host_id));
}
} else {
if (preg_match("/^\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\/\\d{1,2}?\$/", $ip_cidr)) {
// Net without ID
$total_host += Util::host_in_net($ip_cidr);
$name = $target;
$perm = TRUE;
} else {
if (preg_match("/^\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\$/", $ip_cidr)) {
// Host without ID
$total_host++;
$name = $target;
$perm = TRUE;
if (count($sensors) == 0) {
$closetnet_id = key(Asset_host::get_closest_net($conn, $ip_cidr));
$sensors = array_keys(Asset_net_sensors::get_sensors_by_id($conn, $closetnet_id));
}
} else {
if ($unresolved) {
// the target is a hostname
$total_host++;
$perm = true;
$name = '-';
if (count($sensors) == 0) {
$sensors = $ids;
}
}
}
}
}
function get_allowed_hosts($conn, $tables = '', $filters = array())
{
$filters['order_by'] = 'hostname';
$hosts = Asset_host::get_list_tree($conn, $tables, $filters, FALSE, FALSE);
return $hosts;
}
$response['aaData'] = array();
$response['iDisplayStart'] = 0;
echo json_encode($response);
die;
}
$detail = '<img class="detail_img" src="' . AV_PIXMAPS_DIR . '/show_details.png"/>';
$results = array();
foreach ($assets as $_id => $asset_data) {
// Alarms
$alarms = Asset_host::has_alarms($conn, $_id);
$alarms_icon = $alarms ? '<img src="' . AV_PIXMAPS_DIR . '/assets_tick_gray.png"/>' : '-';
// Vulns
$vulns = Asset_host::get_vulnerability_number($conn, $_id);
$vulns_icon = $vulns > 0 ? '<img src="' . AV_PIXMAPS_DIR . '/assets_tick_gray.png"/>' : '-';
// Events
$events = Asset_host::has_events($conn, $_id);
$events_icon = $events ? '<img src="' . AV_PIXMAPS_DIR . '/assets_tick_gray.png"/>' : '-';
$fqdns = $asset_data['fqdns'] != '' ? Util::htmlentities($asset_data['fqdns']) : '';
// COLUMNS
$_res = array();
$_res['DT_RowId'] = $_id;
$_res[] = Util::htmlentities($asset_data['name']);
$_res[] = Util::htmlentities(Asset::format_to_print($asset_data['ips']));
$_res[] = $fqdns;
$_res[] = $alarms_icon;
$_res[] = $vulns_icon;
$_res[] = $events_icon;
$_res[] = $detail;
$results[] = $_res;
}
// datatables response json
}
} else {
$e_msg = ossim_get_error_clean();
Av_exception::throw_error(Av_exception::USER_ERROR, $e_msg);
}
$agents = Ossec_agent::get_list($sensor_id);
$data = array();
if (is_array($agents) && !empty($agents)) {
foreach ($agents as $agent_id => $a_data) {
if (empty($a_data)) {
continue;
}
$a_unique_id = md5($agent_id);
$agent_actions = Ossec_agent::get_actions($agent_id, $a_data);
if (!empty($a_data['host_id'])) {
$asset_name = Asset_host::get_name_by_id($conn, $a_data['host_id']);
} else {
$asset_name = '-';
}
//Normalize status description (See asset list filters)
if ($a_data['status']['id'] == 1) {
$a_data['status']['descr'] = 'Disconnected';
}
$t_data = array("DT_RowId" => 'cont_agent_' . $agent_id, "DT_RowData" => array('agent_key' => $a_unique_id, 'asset_id' => $a_data['host_id'], 'agent_status' => $a_data['status']), '', $agent_id, $a_data['name'], $asset_name, $a_data['ip_cidr'], "-", "-", $a_data['status']['descr'], $agent_actions);
$data[] = $t_data;
}
}
} catch (Exception $e) {
$db->close();
Util::response_bad_request($e->getMessage());
}
} else {
$list = $security_report->AttackHost($target, $limit, $type, $date_from, $date_to);
}
$datax = $datay = array();
$gorientation = "h";
foreach ($list as $key => $l) {
if ($key >= 10) {
// ponemos un límite de resultados para la gráfica
//break;
$gorientation = "v";
}
$ip = $l[0];
$occurrences = number_format($l[1], 0, ",", ".");
$id = $l[2];
$ctx = $l[3];
$hostname = valid_hex32($id) ? Asset_host::get_name_by_id($security_report->ossim_conn, $id) : $ip;
$datax[] = $hostname ? $hostname : $ip;
$datay[] = $l[1];
}
require_once 'ossim_conf.inc';
$conf = $GLOBALS["CONF"];
$jpgraph = $conf->get_conf("jpgraph_path");
require_once "{$jpgraph}/jpgraph.php";
require_once "{$jpgraph}/jpgraph_bar.php";
// Setup the graph.
if ($gorientation == "v") {
$y = 30 + count($list) * 21;
} else {
$y = 250;
}
$graph = new Graph(400, $y, "auto");
// Property filter
$filters = array('limit' => "{$from}, {$maxrows}", 'order_by' => "{$order} {$torder}");
if ($search_str != '') {
$search_str = escape_sql($search_str, $conn);
$filters['where'] = 'p.name LIKE "%' . $search_str . '%"';
}
list($vulns, $total) = $asset_object->get_vulnerabilities($conn, '', $filters);
} else {
Av_exception::throw_error(Av_exception::USER_ERROR, _('Error retrieving information'));
}
} catch (Exception $e) {
$db->close();
Util::response_bad_request($e->getMessage());
}
// DATA
$data = array();
foreach ($vulns as $_asset_id => $asset_vulns) {
$_host_aux = Asset_host::get_object($conn, $_asset_id);
foreach ($asset_vulns as $vuln) {
$_host = $class_name == 'asset_host' ? $vuln['ip'] : $_host_aux->get_name() . " (" . $_host_aux->get_ips()->get_ips('string') . ")";
$data[] = array(date("Y-m-d H:i:s", strtotime($vuln['date'])), $_host, $vuln['plugin'], $vuln['plugin_id'], $vuln['service'], Vulnerabilities::get_severity_by_risk($vuln['risk']));
}
}
$response['sEcho'] = $sec;
$response['iTotalRecords'] = $total;
$response['iTotalDisplayRecords'] = $total;
$response['aaData'] = $data;
echo json_encode($response);
$db->close();
/* End of file dt_vulnerabilities.php */
/* Location: /av_asset/common/providers/dt_vulnerabilities.php */
<meta http-equiv="Pragma" content="no-cache">
<?php
//CSS Files
$_files = array(array('src' => 'av_common.css?t=' . Util::get_css_id(), 'def_path' => TRUE));
Util::print_include_files($_files, 'css');
?>
</head>
<body>
<?php
if ($data['status'] != 'error') {
try {
$db = new ossim_db();
$conn = $db->connect();
$asset_data = array('external' => $external, 'descr' => $descr, 'asset_value' => $asset_value, 'latitude' => $latitude, 'longitude' => $longitude, 'zoom' => $zoom, 'os' => $os, 'model' => $model, 'sensors' => $sensors, 'devices' => $devices, 'icon' => $icon);
Asset_host::bulk_save_in_db($conn, $asset_data);
$data['status'] = 'OK';
$data['data'] = _('Your changes have been saved');
$db->close();
} catch (Exception $e) {
$data['status'] = 'error';
$data['data'] = array('php_exception' => $e->getMessage());
}
}
if ($data['status'] == 'error') {
$txt_error = '<div>' . _('The following errors occurred') . ":</div>\n <div style='padding: 10px;'>" . implode('<br/>', $data['data']) . '</div>';
$config_nt = array('content' => $txt_error, 'options' => array('type' => 'nf_error', 'cancel_button' => FALSE), 'style' => 'width: 80%; margin: 20px auto; text-align: left;');
$nt = new Notification('nt_1', $config_nt);
$nt->show();
} else {
?>
*
* Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt
*
*/
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . "GMT");
header("Cache-Control: no-cache, must-revalidate");
header("Pragma: no-cache");
require_once 'av_init.php';
$m_perms = array('analysis-menu', 'analysis-menu');
$sm_perms = array('EventsForensics', 'ControlPanelAlarms');
Session::logcheck($m_perms, $sm_perms);
list($ip, $ctx) = explode('-', GET('ip'));
ossim_valid($ip, OSS_IP_ADDR_0, 'illegal:' . _('Ip'));
ossim_valid($ctx, OSS_HEX, OSS_NULLABLE, 'illegal:' . _('Ctx'));
// Maybe nullable from Logger resolves
if (ossim_error()) {
die(ossim_error());
}
$db = new ossim_db();
$conn = $db->connect();
$net = array_shift(Asset_host::get_closest_net($conn, $ip, $ctx));
if (is_array($net)) {
if ($net['icon'] != '') {
echo "<img class='asset_icon w16' src='data:image/png;base64," . base64_encode($net['icon']) . "' border='0'/> ";
}
echo '<strong>' . $net['name'] . '</strong> (' . $net['ips'] . ')';
} else {
echo "<b>{$ip}</b> " . _('not found in home networks');
}
$db->close();
<td style="width:80mm;" valign="top">
<table style="width:80mm; padding-top: 10px; padding-bottom: 10px;">
<tr>
<th>' . gettext("Host") . '</th>
<th class="center">' . gettext("Occurrences") . '</th>
</tr>');
$c = 0;
$shared_file = $dDB["_shared"]->dbfile();
$dDB["_shared"]->put("SS_AttackedHost" . $runorder, $list);
$font_size = getFontSizeSIEM($list);
foreach ($list as $l) {
$ip = $l[0];
$occurrences = number_format($l[1], 0, ",", ".");
$host_id = $l[2];
$ctx = $l[3] != '' ? $l[3] : Session::get_default_ctx();
$host_output = Asset_host::get_extended_name($security_report->ossim_conn, $geoloc, $ip, $ctx, $host_id);
$os_pixmap = $host_id != "" ? Asset_host_properties::get_os_by_host($security_report->ossim_conn, $host_id) : "";
$hostname = $host_id != "" ? $host_output['name'] : $ip;
$icon = $host_output['html_icon'];
$link = "{$acid_link}/" . $acid_prefix . "_stat_alerts.php?&" . "num_result_rows=-1&" . "submit=Query+DB&" . "current_view=-1&" . "ip_addr[0][1]={$target}&" . "ip_addr[0][2]==&" . "ip_addr[0][3]={$ip}&" . "ip_addr_cnt=1&" . "sort_order=time_d";
$bc = $c++ % 2 != 0 ? "class='par'" : "";
$htmlPdfReport->set('
<tr ' . $bc . '>
<td style="width:55mm;font-size:' . $font_size . 'px">' . $icon . ' ' . Util::wordwrap($hostname, 21, " ", true) . ' ' . $os_pixmap . '</td>
<td style="width:22mm;text-align:center;font-size:' . $font_size . 'px">' . $occurrences . '</td>
</tr>');
}
$htmlPdfReport->set('
</table>
</td>
<td valign="top" style="padding-top:15px; width:98mm;">');
function get_targets($conn, $ip_list)
{
$result = array();
if (!empty($ip_list)) {
if (is_array($ip_list) == FALSE) {
$ip_list = explode("\n", trim($ip_list));
}
foreach ($ip_list as $asset) {
$asset = trim($asset);
if (preg_match('/^([a-f\\d]{32})#(\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\/\\d{1,2})$/i', $asset, $found)) {
$_asset_name = Asset_net::is_in_db($conn, $found[1]) ? Asset_net::get_name_by_id($conn, $found[1]) : $found[2];
$result[$asset] = $_asset_name;
} else {
if (preg_match('/^([a-f\\d]{32})#(\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3})$/i', $asset, $found)) {
$_asset_name = Asset_host::is_in_db($conn, $found[1]) ? Asset_host::get_name_by_id($conn, $found[1]) : $found[2];
$result[$asset] = $_asset_name;
} else {
if (preg_match('/^([a-f\\d]{32})#hostgroup$/i', $asset, $found)) {
$result[$asset] = Asset_group::get_name_by_id($conn, $found[1]);
} else {
if (preg_match('/^([a-f\\d]{32})#netgroup$/i', $asset, $found)) {
$result[$asset] = Net_group::get_name_by_id($conn, $found[1]);
} else {
$result[$asset] = $asset;
}
}
}
}
}
}
return $result;
}
"dataType": 'json',
"type": "POST",
"url": sSource,
"data": aoData,
"beforeSend": function()
{
datatables_loading(true);
},
"success": function (json)
{
datatables_loading(false);
<?php
// Modify the 'Delete' button status
// This option will be disable if the user has host or net permissions
$host_perm_where = Asset_host::get_perms_where();
$net_perm_where = Asset_net::get_perms_where();
if (empty($host_perm_where) && empty($net_perm_where)) {
?>
if (json.iTotalDisplayRecords > 0)
{
$('#delete_all').removeClass('disabled');
}
else
{
$('#delete_all').addClass('disabled');
}
<?php
}
