Beispiel #1
0
function delete_nfsen_source($data)
{
    if (!Session::am_i_admin()) {
        $return['error'] = TRUE;
        $return['msg'] = _('Action not authorized');
        return $return;
    }
    require_once '../sensor/nfsen_functions.php';
    $sensor = $data['sensor'];
    ossim_valid($sensor, OSS_ALPHA, 'illegal:' . _('Nfsen Source'));
    if (ossim_error()) {
        $info_error = _('Error') . ': ' . ossim_get_error();
        ossim_clean_error();
        $return['error'] = TRUE;
        $return['msg'] = $info_error;
        return $return;
    }
    $res = delete_nfsen($sensor);
    if ($res['status'] == 'success') {
        $return['error'] = FALSE;
        $return['msg'] = _('Source deleted successfully');
        //To forcer load variables in session again
        unset($_SESSION['tab']);
    } else {
        $return['error'] = TRUE;
        $return['msg'] = $res['data'];
    }
    return $return;
}
Beispiel #2
0
function check_deploy_perms()
{
    if (!Session::am_i_admin()) {
        $config_nt = array('content' => _("You do not have permission to see this section"), 'options' => array('type' => 'nf_error', 'cancel_button' => false), 'style' => 'width: 60%; margin: 30px auto; text-align:center;');
        $nt = new Notification('nt_1', $config_nt);
        $nt->show();
        die;
    }
    return true;
}
Beispiel #3
0
function draw_user_header($conn, $user)
{
    $entities = "";
    foreach ($user->ctx as $entity) {
        $entities .= Acl::get_entity_name($conn, $entity) . "<br>";
    }
    if (empty($entities) && Session::am_i_admin()) {
        $entities = _("Global Admin");
    }
    $header = "\n\t       <div class='column_header'>\n\t           <div class='db_perm_header_title'>\n\t               " . $user->name . "\n\t           </div>\n\t           <div class='db_perm_header_opts' onclick='toggle_default_tabs(this,\"" . $user->login . "\");'>\n\t               " . _("Show Default Tabs") . "\n\t           </div>\n\t           <div title='{$entities}' class='db_perm_header_icon ui-icon ui-icon-help tooltip'></div>\n\t       </div>";
    return $header;
}
Beispiel #4
0
function mapAllowed($perms_arr, $version)
{
    if (Session::am_i_admin()) {
        return true;
    }
    $ret = false;
    foreach ($perms_arr as $perm => $val) {
        // ENTITY
        if (preg_match("/^\\d+\$/", $perm)) {
            if (preg_match("/pro|demo/i", $version) && $_SESSION['_user_vision']['entity'][$perm]) {
                $ret = true;
            }
            // USER
        } elseif (Session::get_session_user() == $perm) {
            $ret = true;
        }
    }
    return $ret;
}
Beispiel #5
0
 function showSubCategoryHTML()
 {
     $html = '';
     $check_ossim = $check_snort = '';
     if ($this->get('cloud_db') == 'snort') {
         $check_snort = 'checked';
     } else {
         $check_ossim = 'checked';
     }
     $resolv_yes = $resolv_no = '';
     if ($this->get('cloud_resolv_ip') == '1') {
         $resolv_yes = 'checked';
     } else {
         $resolv_no = 'checked';
     }
     $html .= _("Database") . ':<br/>
         <input type="radio" name="cloud_db" value="ossim" ' . $check_ossim . '>Ossim<br/>
         <input type="radio" name="cloud_db" value="snort" ' . $check_snort . '>Snort
         <br/>
         <hr noshade>
     ';
     $html .= _("SQL code") . ':<br/>';
     $hidden = !Session::am_i_admin() ? ' style="display:none"' : '';
     $html .= '<textarea name="cloud_sql" rows="6" cols="55" wrap="soft"' . $hidden . '>';
     $html .= $this->get('cloud_sql');
     $html .= '</textarea>';
     if (!Session::am_i_admin()) {
         $html .= '<b>' . _("Only global admins can change this query!") . "</b><br/>";
     }
     $html .= '<br/>';
     $html .= _("Cloud link. Use _TAG_ for placeholder");
     $html .= ': <input type ="text" name="cloud_link" size="30" value ="' . $this->get('cloud_link') . '"><br/>';
     $html .= _("Cloud tag max length, 0 means unlimited");
     $html .= ': <input type ="text" name="cloud_tag_max_len" value ="' . $this->get('cloud_tag_max_len') . '"><br/>';
     $html .= "<hr noshade>";
     $html .= _("Resolve hostname on column?") . ':<br/>
         <input type="radio" name="cloud_resolv_ip" value="1" ' . $resolv_yes . '>' . _("Yes") . '<br/>
         <input type="radio" name="cloud_resolv_ip" value="0" ' . $resolv_no . '>' . _("No") . '
         <br/>
     ';
     return $html;
 }
function get_wizard_perms($dbconn)
{
    define("NO_PERMS", 0);
    define("VISION_PERMS", 1);
    define("EDITING_PERMS", 2);
    $perms = array("entity_perms" => array(), "user_perms" => array());
    $user_vision = !isset($_SESSION['_user_vision']) ? Acl::get_user_vision($dbconn) : $_SESSION['_user_vision'];
    //User permission
    $perms['user_perms'] = $user_vision['user'];
    //Entity permissions
    if (Session::am_i_admin()) {
        $perms['entity_perms'] = $user_vision['entity'];
    } else {
        foreach ($user_vision['entity'] as $entity_id => $perm) {
            $perms['entity_perms'][$entity_id] = NO_PERMS;
            //Initial permissions
        }
        $my_entities = Acl::get_my_entities($dbconn, '', FALSE);
        $my_entities_admin = $user_vision['entity_admin'];
        foreach ($my_entities as $entity_id => $entity) {
            if (!empty($my_entities_admin[$entity_id])) {
                $perms['entity_perms'][$entity_id] = EDITING_PERMS;
            } else {
                if ($perms['entity_perms'][$entity_id] < EDITING_PERMS) {
                    $perms['entity_perms'][$entity_id] = VISION_PERMS;
                }
            }
            foreach ($entity['children'] as $entity_child_id) {
                if (!empty($my_entities_admin[$entity_id]) || !empty($my_entities_admin[$entity_child_id])) {
                    $perms['entity_perms'][$entity_child_id] = EDITING_PERMS;
                } else {
                    if ($perms['entity_perms'][$entity_child_id] < EDITING_PERMS) {
                        $perms['entity_perms'][$entity_child_id] = VISION_PERMS;
                    }
                }
            }
        }
    }
    return $perms;
}
Beispiel #7
0
 function showSubCategoryHTML()
 {
     $html = '';
     $check_ossim = $check_snort = '';
     if ($this->get('graph_db') == 'snort') {
         $check_snort = 'checked';
     } else {
         $check_ossim = 'checked';
     }
     $html .= 'Database:
         <input type="radio" name="graph_db" value="ossim" ' . $check_ossim . '>Ossim
         <input type="radio" name="graph_db" value="snort" ' . $check_snort . '>Snort
         <br/>
     ';
     $html .= _("SQL code") . ':<br/>';
     $hidden = !Session::am_i_admin() ? ' style="display:none"' : '';
     $html .= '<textarea name="graph_sql" rows="17" cols="55" wrap="soft"' . $hidden . '>';
     $html .= $this->get('graph_sql');
     $html .= '</textarea>';
     if (!Session::am_i_admin()) {
         $html .= '<b>' . _("Only global admins can change this query!") . "</b><br/>";
     }
     return $html;
 }
Beispiel #8
0
function SendHeader($established)
{
    global $self, $m_opt, $sm_opt, $h_opt;
    global $TabList;
    header("Content-type: text/html; charset=ISO-8859-1");
    ?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
	<meta http-equiv="Cache-Control" content="no-cache"/>
	<meta http-equiv="Pragma" content="no-cache"/>
	<link rel="stylesheet" type="text/css" href="../style/av_common.css?t=<?php 
    echo Util::get_css_id();
    ?>
">
	<link rel="stylesheet" type="text/css" href="../style/nfsen/nfsen.css">

	<script type="text/javascript" src="/ossim/js/jquery.min.js"></script>
	<script type='text/javascript' src="/ossim/js/notification.js"></script>
	<script type='text/javascript' src='/ossim/js/utils.js'></script>

<?php 
    include '../host_report_menu.php';
    if (!$established) {
        return;
    }
    $_tab = array_key_exists('tab', $_SESSION) ? $_SESSION['tab'] : 0;
    if (array_key_exists('tleft', $_SESSION)) {
        $str = $TabList[$_tab] == 'Details' ? strftime("%b %d %Y - %H:%M", $_SESSION['tleft']) : 'Overview';
    } else {
        $str = '';
    }
    ?>
    <title>
    <?php 
    if ($_REQUEST["login"]) {
        $name = strip_tags($_POST["name"]);
        $_SESSION["_nfsen_title"] = $name . " - Network Traffic";
    } elseif (empty($_SESSION["_nfsen_title"])) {
        $_SESSION["_nfsen_title"] = _("NFSEN");
    }
    echo Util::htmlentities($_SESSION["_nfsen_title"]) . _(' - Profile');
    ?>
 <?php 
    echo Util::htmlentities($_SESSION['profile']) . " {$str}";
    ?>
</title>

    <?php 
    $refresh = $_SESSION['refresh'];
    if ($TabList[$_tab] != 'Details' && $refresh > 0) {
        print "<meta HTTP-EQUIV='Refresh' CONTENT='" . Util::htmlentities($refresh) . "; URL=" . Util::htmlentities($self) . "?bookmark=" . Util::htmlentities($_SESSION['bookmark']) . "&bypassexpirationupdate=1'>\n";
    }
    if ($TabList[$_tab] == 'Details') {
        ?>
	   <link rel="stylesheet" type="text/css" href="../style/nfsen/detail.css">
	<?php 
    }
    if ($TabList[$_tab] == 'Stats') {
        ?>
	   <link rel="stylesheet" type="text/css" href="../style/nfsen/profileadmin.css">
	<?php 
    }
    if ($TabList[$_tab] == 'Alerts') {
        ?>
	   <link rel="stylesheet" type="text/css" href="../style/nfsen/alerting.css">
	   <?php 
    }
    ?>

	<script type="text/javascript" src="js/global.js"></script>
	<script type="text/javascript" src="js/menu.js"></script>
    <script type="text/javascript" src="../js/jquery.simpletip.js"></script>
    
    <!-- JQuery TipTip: -->
    <link rel="stylesheet" type="text/css" href="/ossim/style/tipTip.css"/>
    <script type="text/javascript" src="/ossim/js/jquery.tipTip-ajax.js"></script>
    
	<script type="text/javascript">
		function postload() {

		     // menu.php postload
			 $('#interface').change(function() {                        
                 send($(this).val(), $('#interface option:selected').text());
             });
             
             <?php 
    if (isset($_POST['ip'])) {
        ?>
                 send('<?php 
        echo Util::htmlentities($_POST['ip']);
        ?>
', $('#interface option:selected').text());
                 <?php 
    }
    ?>
             // ************

             $('.scriptinfo').tipTip({
                 defaultPosition: "down",
                 content: function (e) {
                    
                    var ip_data = $(this).attr('data-title');
                        ip_data = ip_data.split('-');
                    
                    $.ajax({
                        url: '../alarm/alarm_netlookup.php?ip=' + ip_data[0],
                        success: function (response) {
                          e.content.html(response); // the var e is the callback function data (see above)
                        }
                    });
                    return '<?php 
    echo _("Searching") . "...";
    ?>
'; // We temporary show a Please wait text until the ajax success callback is called.
                 }
              });
  			
			$(".repinfo").tipTip({
				defaultPosition: 'left',
				content: function (e) { 
					return $(this).attr('txt');
				}
			});  
                
			$('#filter').on('keyup', function(e){
                $(this).val(function(i, val) {
					return val.replace(/[\t\r\b]/g, '');
				});
			});
										  
			<?php 
    if (GET('ip') != "") {
        ?>
				$("#process_button").click();
				<?php 
    }
    ?>
			
		}

		function lastsessions() {
			$('#modeselect0').click();
			$("#listN option[value='3']").attr('selected', 'selected');
			$("#process_button").click();
		}
		
		function launch(val,order) {
			$('#modeselect1').click();
			$("#TopN option[value='0']").attr('selected', 'selected');
			$("#StatTypeSelector option[value='"+val+"']").attr('selected', 'selected');
			$("#statorder option[value='"+order+"']").attr('selected', 'selected');
			$("#process_button").click();
		}
		
		function remote_interface(ip) {
			$("#FlowProcessingForm").attr("action", "menu.php");
			$("#FlowProcessingForm").attr("target", "menu_nfsen");
			$("#FlowProcessingForm").append("<input type='hidden' name='process' value='Process' />");
			$("#FlowProcessingForm").append("<input type='hidden' name='ip' value='"+ip+"' />");
			$("#FlowProcessingForm").submit();
		}
		
		function clean_remote_data() {
			$("#FlowProcessingForm").removeAttr("target");
			$("#FlowProcessingForm").attr("action", $("#FlowProcessingForm").attr("laction")); // set the local action
		}
	</script>	
</head>

<body>

<?php 
    $db_aux = new ossim_db();
    $conn_aux = $db_aux->connect();
    $aux_ri_interfaces = Remote_interface::get_list($conn_aux, "WHERE status = 1");
    $ri_list = $aux_ri_interfaces[0];
    $ri_total = $aux_ri_interfaces[1];
    $db_aux->close();
    if (Session::am_i_admin() && count($ri_total) > 0) {
        include 'menu.php';
    }
}
Beispiel #9
0
        <div id="db_tab_blob"></div>

    </div>

    <div class='dashboard_options_tab'> 

        <?php 
if ($can_edit) {
    ?>
        <img id='op_edition' class='db_img_opt' src='pixmaps/edit.png' title="<?php 
    echo $show_edit ? _('Switch to View Mode') : _('Switch to Edit Mode');
    ?>
"/>
        <?php 
}
if (Session::am_i_admin() || $pro && Acl::am_i_proadmin()) {
    ?>
        <img id='op_permissions' class='db_img_opt'src='pixmaps/permissions.png' title="<?php 
    echo _('Permissions');
    ?>
"/>
        <?php 
}
?>
        <img id='op_fullscreen' class='db_img_opt' src='pixmaps/full-screen.png' title="<?php 
echo _('Full Screen');
?>
"/>

    </div>
Beispiel #10
0
function list_results($type, $value, $ctx_filter, $sortby, $sortdir)
{
    global $allres, $offset, $pageSize, $dbconn;
    global $user, $arruser;
    $dbconn->SetFetchMode(ADODB_FETCH_BOTH);
    $filteredView = FALSE;
    $selRadio = array("", "", "", "");
    $query_onlyuser = "";
    $url_filter = "";
    // Deprecated filter
    //if(!empty($arruser)) {$query_onlyuser = "******";}
    $sortby = "t1.results_sent DESC, t1.hostIP DESC";
    $sortdir = "";
    $queryw = "";
    $queryl = "";
    $querys = "SELECT distinct t1.hostIP, HEX(t1.ctx) as ctx, t1.scantime, t1.username, t1.scantype, t1.report_key, t1.report_type as report_type, t1.sid, t3.name as profile\n    FROM vuln_nessus_latest_reports AS t1 LEFT JOIN vuln_nessus_settings AS t3 ON t1.sid = t3.id, vuln_nessus_latest_results AS t5\n    WHERE\n    t1.hostIP      = t5.hostIP\n    AND t1.ctx     = t5.ctx\n    AND t1.deleted = '0' ";
    // set up the SQL query based on the search form input (if any)
    if ($type == "scantime" && $value != "") {
        $selRadio[0] = "CHECKED";
        $q = $value;
        $queryw = " AND t1.scantime LIKE '%{$q}%' {$query_onlyuser} order by {$sortby} {$sortdir}";
        $queryl = " limit {$offset},{$pageSize}";
        $stext = "<b>" . _("Search for Date/Time") . "</b> = '*{$q}*'";
        $url_filter = "&type={$type}&value={$value}";
    } else {
        if ($type == "service" && $value != "") {
            $selRadio[5] = "CHECKED";
            $q = $value;
            $queryw = " AND t5.service LIKE '%{$q}%' {$query_onlyuser} order by {$sortby} {$sortdir}";
            $queryl = " limit {$offset},{$pageSize}";
            $stext = "<b>" . _("Search for Service") . "</b> = '*" . html_entity_decode($q) . "*'";
            $url_filter = "&type={$type}&value={$value}";
        } else {
            if ($type == "freetext" && $value != "") {
                $selRadio[6] = "CHECKED";
                $q = $value;
                $queryw = " AND t5.msg LIKE '%{$q}%' {$query_onlyuser} order by {$sortby} {$sortdir}";
                $queryl = " limit {$offset},{$pageSize}";
                $stext = "<b>" . _("Search for Free Text") . "</b> = '*" . html_entity_decode($q) . "*'";
                $url_filter = "&type={$type}&value={$value}";
            } else {
                if ($type == "hostip" && $value != "") {
                    $selRadio[1] = "CHECKED";
                    $q = strtolower($value);
                    $queryw = " t1.hostIP LIKE '%{$q}%' {$query_onlyuser} order by {$sortby} {$sortdir}";
                    $queryl = " limit {$offset},{$pageSize}";
                    $stext = "<b>" . _("Search for Host-IP") . "</b> = '*{$q}*'";
                    $url_filter = "&type={$type}&value={$value}";
                } else {
                    if ($type == "fk_name" && $value != "") {
                        $selRadio[2] = "CHECKED";
                        $q = strtolower($value);
                        $queryw = " AND t1.fk_name LIKE '%{$q}%' {$query_onlyuser} order by {$sortby} {$sortdir}";
                        $queryl = " limit {$offset},{$pageSize}";
                        $stext = _("Search for Subnet/CIDR") . " = '*{$q}*'";
                        $url_filter = "&type={$type}&value={$value}";
                    } else {
                        if ($type == "username" && $value != "") {
                            $selRadio[3] = "CHECKED";
                            $q = strtolower($value);
                            $queryw = " AND t1.username LIKE '%{$q}%' {$query_onlyuser} order by {$sortby} {$sortdir}";
                            $queryl = " limit {$offset},{$pageSize}";
                            $stext = "<b>" . _("Search for user") . "</b> = '*{$q}*'";
                            $url_filter = "&type={$type}&value={$value}";
                        } else {
                            if ($type == "hn" && $value != "") {
                                if (!empty($ctx_filter)) {
                                    $queryw = " AND t1.ctx=UNHEX('{$ctx_filter}')";
                                }
                                $selRadio[4] = "CHECKED";
                                if (preg_match("/\\//", $value)) {
                                    $ip_range = array();
                                    $ip_range = Cidr::expand_CIDR($value, "SHORT");
                                    $queryw .= " AND (inet_aton(t1.hostIP) >= '" . $ip_range[0] . "' AND inet_aton(t1.hostIP) <='" . $ip_range[1] . "') {$query_onlyuser} order by {$sortby} {$sortdir}";
                                } elseif (preg_match("/\\,/", $value)) {
                                    $q = implode("','", explode(",", $value));
                                    $queryw .= " AND t1.hostIP in ('{$q}') {$query_onlyuser} order by {$sortby} {$sortdir}";
                                    $q = "Others";
                                } else {
                                    $q = $value;
                                    $queryw .= " AND t1.hostIP LIKE '{$q}' {$query_onlyuser} order by {$sortby} {$sortdir}";
                                }
                                $queryl = " limit {$offset},{$pageSize}";
                                if (!preg_match("/\\//", $value)) {
                                    $stext = "<b>" . _("Search for Host") . "</b> = '" . html_entity_decode($q) . "'";
                                } else {
                                    $stext = "<b>" . _("Search for Subnet/CIDR") . "</b> = '{$value}'";
                                }
                                $url_filter = "&type={$type}&value={$value}";
                            } else {
                                $selRadio[4] = "CHECKED";
                                $viewAll = FALSE;
                                $queryw = "{$query_onlyuser} order by {$sortby} {$sortdir}";
                                $queryl = " limit {$offset},{$pageSize}";
                                $stext = "";
                            }
                        }
                    }
                }
            }
        }
    }
    // set up the pager and search fields if viewing all hosts
    $reportCount = 0;
    if (!$filteredView) {
        $dbconn->Execute(str_replace("SELECT distinct", "SELECT SQL_CALC_FOUND_ROWS distinct", $querys) . $queryw);
        $reportCount = $dbconn->GetOne("SELECT FOUND_ROWS() as total");
        $previous = $offset - $pageSize;
        if ($previous < 0) {
            $previous = 0;
        }
        $last = intval($reportCount / $pageSize) * $pageSize;
        if ($last < 0) {
            $last = 0;
        }
        $next = $offset + $pageSize;
        $pageEnd = $offset + $pageSize;
        $value = html_entity_decode($value);
        //echo "<center><table cellspacing='0' cellpadding='0' border='0' width='100%'><tr><td class='headerpr' style='border:0;'>"._("Current Vulnerablities")."</td></tr></table>";
        // output the search form
        echo "<table class='w100 transparent'>";
        echo "<tr><td class='sec_title'>" . _("Asset Vulnerability Details") . "</td></tr>";
        echo "<tr><td style='padding:12px 0px 0px 0px;' class='transparent'>";
        ?>
    <div id='cvleftdiv'>
        <a id="new_scan_button" class="button" href="<?php 
        echo Menu::get_menu_url(AV_MAIN_PATH . '/vulnmeter/sched.php?action=create_scan&hosts_alive=1&scan_locally=1', 'environment', 'vulnerabilities', 'scan_jobs');
        ?>
" style="text-decoration:none;">
        <?php 
        echo _("New Scan Job");
        ?>
        </a>
    </div>
    <div id='cvrightdiv'>

<?php 
        echo '<form name="hostSearch" id="hostSearch" action="index.php" method="GET">
<input type="text" length="25" name="value" id="assets" class="assets" style="margin:0px !important;" value="' . Util::htmlentities($value) . '">';
        // cvfiltertype -> current vulnerabilities filter type
        echo "\n<input type=\"radio\" name=\"type\" value=\"service\" {$selRadio['5']}>" . _("Service") . "\n<input type=\"radio\" name=\"type\" value=\"freetext\" {$selRadio['6']}>" . _("Free text") . "\n<input type=\"radio\" name=\"type\" value=\"hn\" {$selRadio['4']}>" . _("Host/Net") . "\n";
        echo "<input type=\"submit\" name=\"submit\" value=\"" . _("Find") . "\" id=\"current_vulns_find_button\" class=\"av_b_secondary small\" style=\"margin-left:15px;\">";
        echo <<<EOT
</form>
</p>
EOT;
    } else {
        // get the search result count
        $queryc = "SELECT count( report_id ) FROM vuln_nessus_latest_reports WHERE t1.deleted = '0' ";
        $scount = $dbconn->GetOne($queryc . $queryw);
        echo "<p>{$scount} report";
        if ($scount != 1) {
            echo "s";
        } else {
        }
        echo " " . _("found matching search criteria") . " | ";
        echo " <a href='index.php' alt='" . _("View All Reports") . "'>" . _("View All Reports") . "</a></p>";
    }
    echo "<p>";
    echo $stext;
    echo "</p>";
    echo "</div></td></tr></table>";
    $result = array();
    // get the hosts to display
    $result = $dbconn->GetArray($querys . $queryw . $queryl);
    // main query
    //echo $querys.$queryw.$queryl;
    $delete_ids = array();
    if (count($result) > 0) {
        foreach ($result as $rpt) {
            $delete_ids[] = $dreport_id = $rpt["report_id"];
        }
    }
    $_SESSION["_dreport_ids"] = implode(",", $delete_ids);
    //echo "$querys$queryw$queryl";
    if ($result === false) {
        $errMsg[] = _("Error getting results") . ": " . $dbconn->ErrorMsg();
        $error++;
        dispSQLError($errMsg, $error);
    } else {
        $data['vInfo'] = 0;
        $data['vLow'] = 0;
        $data['vMed'] = 0;
        $data['vHigh'] = 0;
        $data['vSerious'] = 0;
        $perms_where = Asset_host::get_perms_where('host.', TRUE);
        if (!empty($perms_where)) {
            $queryt = "SELECT count(lr.result_id) AS total, lr.risk, lr.hostIP, HEX(lr.ctx) AS ctx\n                        FROM vuln_nessus_latest_results lr, host, host_ip hi\n                        WHERE host.id=hi.host_id AND inet6_ntoa(hi.ip)=lr.hostIP {$perms_where} AND falsepositive='N'\n                        GROUP BY risk, hostIP, ctx";
        } else {
            $queryt = "SELECT count(lr.result_id) AS total, risk, lr.hostIP, HEX(lr.ctx) AS ctx\n                        FROM vuln_nessus_latest_results lr\n                        WHERE falsepositive='N'\n                        GROUP BY risk, hostIP, ctx";
        }
        //echo "$queryt<br>";
        $resultt = $dbconn->Execute($queryt);
        while (!$resultt->EOF) {
            $riskcount = $resultt->fields['total'];
            $risk = $resultt->fields['risk'];
            if ($risk == 7) {
                $data['vInfo'] += $riskcount;
            } else {
                if ($risk == 6) {
                    $data['vLow'] += $riskcount;
                } else {
                    if ($risk == 3) {
                        $data['vMed'] += $riskcount;
                    } else {
                        if ($risk == 2) {
                            $data['vHigh'] += $riskcount;
                        } else {
                            if ($risk == 1) {
                                $data['vSerious'] += $riskcount;
                            }
                        }
                    }
                }
            }
            $resultt->MoveNext();
        }
        if ($data['vInfo'] == 0 && $data['vLow'] == 0 && $data['vMed'] == 0 && $data['vHigh'] == 0 && $data['vSerious'] == 0) {
            $tdata[] = array("report_id" => "All", "host_name" => "", "scantime" => "", "username" => "", "scantype" => "", "report_key" => "", "report_type" => "", "sid" => "", "profile" => "", "hlink" => "", "plink" => "", "xlink" => "", "vSerious" => $data['vSerious'], "vHigh" => $data['vHigh'], "vMed" => $data['vMed'], "vLow" => $data['vLow'], "vInfo" => $data['vInfo']);
        } else {
            $tdata[] = array("report_id" => "All", "host_name" => "", "scantime" => "", "username" => "", "scantype" => "", "report_key" => "", "report_type" => "", "sid" => "", "profile" => "", "hlink" => "lr_reshtml.php?ipl=all&disp=html&output=full&scantype=M", "plink" => "lr_respdf.php?ipl=all&scantype=M", "xlink" => "lr_rescsv.php?ipl=all&scantype=M", "dlink" => "", "vSerious" => $data['vSerious'], "vHigh" => $data['vHigh'], "vMed" => $data['vMed'], "vLow" => $data['vLow'], "vInfo" => $data['vInfo']);
        }
        foreach ($result as $data) {
            if (!Session::hostAllowed_by_ip_ctx($dbconn, $data["hostIP"], $data["ctx"])) {
                continue;
            }
            $host_id = key(Asset_host::get_id_by_ips($dbconn, $data["hostIP"], $data["ctx"]));
            if (valid_hex32($host_id)) {
                $data['host_name'] = Asset_host::get_name_by_id($dbconn, $host_id);
            }
            $data['vSerious'] = 0;
            $data['vHigh'] = 0;
            $data['vMed'] = 0;
            $data['vLow'] = 0;
            $data['vInfo'] = 0;
            // query for reports for each IP
            $query_risk = "SELECT distinct risk, port, protocol, app, scriptid, msg, hostIP FROM vuln_nessus_latest_results WHERE hostIP = '" . $data['hostIP'];
            $query_risk .= "' AND username = '******'username'] . "' AND sid =" . $data['sid'] . " AND ctx = UNHEX('" . $data['ctx'] . "') AND falsepositive='N'";
            $result_risk = $dbconn->Execute($query_risk);
            while (!$result_risk->EOF) {
                if ($result_risk->fields["risk"] == 7) {
                    $data['vInfo']++;
                } else {
                    if ($result_risk->fields["risk"] == 6) {
                        $data['vLow']++;
                    } else {
                        if ($result_risk->fields["risk"] == 3) {
                            $data['vMed']++;
                        } else {
                            if ($result_risk->fields["risk"] == 2) {
                                $data['vHigh']++;
                            } else {
                                if ($result_risk->fields["risk"] == 1) {
                                    $data['vSerious']++;
                                }
                            }
                        }
                    }
                }
                $result_risk->MoveNext();
            }
            $data['plink'] = "lr_respdf.php?treport=latest&ipl=" . urlencode($data['hostIP']) . "&ctx=" . $data['ctx'] . "&scantype=" . $data['scantype'];
            $data['hlink'] = "lr_reshtml.php?treport=latest&ipl=" . urlencode($data['hostIP']) . "&ctx=" . $data['ctx'] . "&scantype=" . $data['scantype'];
            $data['xlink'] = "lr_rescsv.php?treport=latest&ipl=" . urlencode($data['hostIP']) . "&ctx=" . $data['ctx'] . "&scantype=" . $data['scantype'];
            if (Session::am_i_admin()) {
                $data['dlink'] = "index.php?delete=" . $data['report_key'] . "&scantime=" . $data['scantime'];
            }
            $list = explode("\n", trim($data['meth_target']));
            if (count($list) == 1) {
                $list[0] = trim($list[0]);
                $data['target'] = resolve_asset($dbconn, $list[0]);
            } elseif (count($list) == 2) {
                $list[0] = trim($list[0]);
                $list[0] = resolve_asset($dbconn, $list[0]);
                $list[1] = trim($list[1]);
                $list[1] = resolve_asset($dbconn, $list[1]);
                $data['target'] = $list[0] . ' ' . $list[1];
            } else {
                $list[0] = trim($list[0]);
                $list[0] = resolve_asset($dbconn, $list[0]);
                $list[count($list) - 1] = trim($list[count($list) - 1]);
                $list[count($list) - 1] = resolve_asset($dbconn, $list[count($list) - 1]);
                $data['target'] = $list[0] . " ... " . $list[count($list) - 1];
            }
            $tdata[] = $data;
        }
        if ($sortdir == "ASC") {
            $sortdir = "DESC";
        } else {
            $sortdir = "ASC";
        }
        $url = $_SERVER['SCRIPT_NAME'] . "?offset={$offset}&sortby=%var%&sortdir={$sortdir}" . $url_filter;
        $fieldMapLinks = array();
        $fieldMapLinks = array(gettext("HTML Results") => array('url' => '%param%', 'param' => 'hlink', 'target' => 'main', 'icon' => 'images/html.png'), gettext("PDF Results") => array('url' => '%param%', 'param' => 'plink', 'target' => '_blank', 'icon' => 'images/pdf.png'), gettext("EXCEL Results") => array('url' => '%param%', 'param' => 'xlink', 'target' => '_blank', 'icon' => 'images/page_white_excel.png'));
        if (Session::am_i_admin()) {
            $fieldMapLinks["DELETE Results"] = array('url' => '%param%', 'param' => 'dlink', 'target' => 'main', 'icon' => 'images/delete.gif');
        }
        $fieldMap = array("Host - IP" => array('var' => 'hostip'), "Date/Time" => array('var' => 'scantime'), "Profile" => array('var' => 'profile'), "Serious" => array('var' => 'vSerious'), "High" => array('var' => 'vHigh'), "Medium" => array('var' => 'vMed'), "Low" => array('var' => 'vLow'), "Info" => array('var' => 'vInfo'), "Links" => $fieldMapLinks);
        // echo "<pre>";
        // var_dump($tdata);
        // echo "</pre>";
        if (count($tdata) > 1) {
            drawTableLatest($fieldMap, $tdata, "Hosts");
        } elseif (Session::menu_perms("environment-menu", "EventsVulnerabilitiesScan")) {
            echo "<br><span class='gray'>" . _("No results found: ") . "</span><a href='" . Menu::get_menu_url(AV_MAIN_PATH . '/vulnmeter/sched.php?action=create_scan&hosts_alive=1&scan_locally=1', 'environment', 'vulnerabilities', 'scan_jobs') . "'>" . _("Click here to run a Vulnerability Scan now") . "</a><br><br>";
        }
    }
    // draw the pager again, if viewing all hosts
    if (!$filteredView && $reportCount > 10) {
        ?>
    <div class="fright tmargin">
        <?php 
        if ($next > $pageSize) {
            ?>
	        <a href="index.php?<?php 
            echo "offset={$previous}{$url_filter}";
            ?>
" class="pager">< <?php 
            echo _("PREVIOUS");
            ?>
 </a>
	    <?php 
        } else {
            ?>
	        <a class='link_paginate_disabled' href="" onclick='return false'>< <?php 
            echo _("PREVIOUS");
            ?>
 </a>
		<?php 
        }
        if ($next <= $last) {
            ?>
            <a class='lmargin' href="index.php?<?php 
            echo "offset={$next}{$url_filter}";
            ?>
">  <?php 
            echo _("NEXT");
            ?>
 ></a>
        <?php 
        } else {
            ?>
            <a class='link_paginate_disabled lmargin' href="" onclick='return false'><?php 
            echo _("NEXT");
            ?>
 ></a>
        <?php 
        }
        ?>
    </div>
<?php 
    } else {
        echo "<p>&nbsp;</p>";
    }
}
Beispiel #11
0
        ?>
</option>
	   <?php 
    }
    ?>
	   </select>
	   </td></tr>
	   <tr><td class="nobborder">
	   <select name="entity">
	   <option value="">- <?php 
    echo _("All Entities");
    ?>
 -</option>
	   <?php 
    foreach ($entities_all as $entity) {
        if (Session::am_i_admin() || Acl::am_i_proadmin() && in_array($entity["id"], $entities_list)) {
            ?>
            <option value="<?php 
            echo $entity["id"];
            ?>
"><?php 
            echo $entity["name"];
            ?>
</option>
        <?php 
        }
    }
    ?>
	   </select>
	   </td></tr>
	   <?php 
Beispiel #12
0
$scan_name = GET("scan_name");
$sensor_name = GET("sensor_name");
ossim_valid($scan_name, OSS_SCORE, OSS_NULLABLE, OSS_ALPHA, OSS_DOT, 'illegal:' . _("Scan name"));
ossim_valid($sensor_name, OSS_NULLABLE, OSS_ALPHA, OSS_SPACE, OSS_PUNC, 'illegal:' . _("Sensor name"));
if (ossim_error()) {
    die(ossim_error());
}
$db = new ossim_db();
$dbconn = $db->connect();
$scan_info = explode("_", $scan_name);
$users = Session::get_users_to_assign($dbconn);
$my_users = array();
foreach ($users as $k => $v) {
    $my_users[$v->get_login()] = 1;
}
if ($my_users[$scan_info[1]] != 1 && !Session::am_i_admin()) {
    return;
}
$scan = new TrafficScan();
$file = $scan->get_pcap_file($scan_name, $sesor_name);
if (file_exists($file)) {
    header('Cache-Control: cache, must-revalidate');
    header('Pragma: no-cache');
    // no-cache, public
    header('Expires: Sat, 26 Jul 1997 05:00:00 GMT');
    // Date in the past
    header('Content-Description: File Transfer');
    header('Content-Type: application/binary');
    header('Content-Length: ' . filesize($file));
    header('Content-Disposition: inline; filename=' . $scan_name);
    readfile($file);
Beispiel #13
0
            $conf = $GLOBALS['CONF'];
            $pass_length_min = $conf->get_conf('pass_length_min') ? $conf->get_conf('pass_length_min') : 7;
            $pass_length_max = $conf->get_conf('pass_length_max') ? $conf->get_conf('pass_length_max') : 255;
            $pass_length_max = $pass_length_max < $pass_length_min || $pass_length_max < 1 ? 255 : $pass_length_max;
            $pass_expire_min = $conf->get_conf('pass_expire_min') ? $conf->get_conf('pass_expire_min') : 0;
            if (0 != strcmp($pass1, $pass2)) {
                $validation_errors['pass'] = _('Authentication failure') . '. ' . _('Passwords mismatch');
            } elseif (strlen($pass1) < $pass_length_min) {
                $validation_errors['pass'] = _('Password is not long enough') . ' [' . _('Minimum password size is') . ' ' . $pass_length_min . ']';
            } elseif (strlen($pass1) > $pass_length_max) {
                $validation_errors['pass'] = _('Password is long enough') . ' [' . _('Maximum password size is') . ' ' . $pass_length_max . ']';
            } elseif (!Session::pass_check_complexity($pass1)) {
                $validation_errors['pass'] = _('Password is not strong enough. Check the password policy configuration for more details');
            } elseif ($mode == 'update') {
                $recent_pass = Log_action::get_last_pass($conn, $login);
                if ($pass_expire_min > 0 && dateDiff_min($last_pass_change, date('Y-m-d H:i:s')) < $pass_expire_min && !Session::am_i_admin()) {
                    $validation_errors['pass'] = _('Password lifetime is too short to allow change. Wait a few minutes...');
                } elseif (count($recent_pass) > 0 && (in_array(md5($pass1), $recent_pass) || in_array(hash('sha256', $pass1), $recent_pass))) {
                    $validation_errors['pass'] = _('This password is recently used. Try another');
                }
            }
        }
    }
}
//Checking entities field requirements
if (empty($validation_errors['entities[]'])) {
    //Check allowed entities
    if ($pro && !$is_my_profile) {
        foreach ($entities as $ent_id) {
            if (!Acl::entityAllowed($ent_id)) {
                $validation_errors['entities[]'] = _("You don't have permission to create users at this level");
        						<td class='right'>
        							<input type="button" class="av_b_secondary small" value="<?php 
    echo _('Add New');
    ?>
" onclick="javascript:add_frw_server();return false;"/>
        						</td>
        					</tr>
        				</table>
        			</td>
        		</tr>
        		<?php 
}
?>
    		
    		<?php 
if ($mssp && !empty($id) && !$opensource && (Session::am_i_admin() || Acl::am_i_proadmin())) {
    $tooltip = "<ul class='tip'>\n    \t\t\t\t\t\t\t<li>" . _('Right-click on engine nodes to change its name') . "</li>\n    \t\t\t\t\t\t\t<li>" . _('Drag and drop contexts between engines') . "</li>\n    \t\t\t\t\t\t</ul>";
    ?>
        		<tr id='engine_notification'>			
        			<td colspan=2 class="noborder">
        				<div></div>
        			</td>
        		</tr>
        		<tr id='engines_server' >
        			<th style="text-decoration:underline">
        				<label for='eng_name'><?php 
    echo _('Correlation Options');
    ?>
</label>
        				<a href='javascript:;' class='tiptip' title="<?php 
    echo $tooltip;
Beispiel #15
0
$d_c_from = $filters[1]->get_from();
$d_c_to = $filters[1]->get_to();
//Vulnerabilities
$flag_vulns = $filters[5]->is_active();
$vulns_from = $flag_vulns ? $filters[5]->get_to() : 7;
$vulns_to = $flag_vulns ? $filters[5]->get_from() : 1;
//Asset Value
$flag_av = $filters[6]->is_active();
$av_from = $flag_av ? $filters[6]->get_from() : 0;
$av_to = $flag_av ? $filters[6]->get_to() : 5;
// Getting Filter Legends
$f_legend = Filter_list::get_filter_legends();
// Getting Permissions:
$perm_add = Session::can_i_create_assets();
// Getting Permissions:
$perms = array('admin' => Session::am_i_admin(), 'create' => $perm_add, 'delete' => $perm_add, 'vulnerabilities' => Session::logcheck_bool('environment-menu', 'EventsVulnerabilitiesScan'), 'alarms' => Session::logcheck_bool('analysis-menu', 'ControlPanelAlarms'), 'events' => Session::logcheck_bool('analysis-menu', 'EventsForensics'), 'availability' => Session::logcheck_bool('environment-menu', 'MonitorsAvailability'), 'deploy_agents' => Session::logcheck_bool('environment-menu', 'EventsHidsConfig'), 'nmap' => Session::logcheck_bool('environment-menu', 'ToolsScan'));
switch ($notif) {
    case 'delete':
        $msg = _('Network has been permanently deleted.');
        show_notif($msg, 'nf_success');
        break;
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
    <title><?php 
echo _('AlienVault ' . (Session::is_pro() ? 'USM' : 'OSSIM'));
?>
</title>
    <meta http-equiv="Content-Type" content="text/html;charset=iso-8859-1"/>
Beispiel #16
0
		function checkall() 
		{
			if (checks) 
			{
				$("#fuser").unCheckCheckboxes(".i_perms", true);
				checks = 0;
			} 
			else 
			{
				$("#fuser").checkCheckboxes(".i_perms", true);
				checks = 1;
			}
		}
		
		<?php 
if (Session::am_i_admin() && Session::is_pro()) {
    ?>
	
			function save_inputs() 
			{
				var data = new Array();
				
				data[0] = $('#login').val();
				data[1] = $('#user_name').val();
				data[2] = $('#email').val();
				data[3] = $('#language').val();
				data[4] = $('#tzone').val();
					
				if ($('#fl_yes').length >= 1)
				{
					data[5] = ($('#fl_yes:checked').length == 1) ? 'fl_yes' : 'fl_no';
Beispiel #17
0
*
* You should have received a copy of the GNU General Public License
* along with this package; if not, write to the Free Software
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
* MA  02110-1301  USA
*
*
* On Debian GNU/Linux systems, the complete text of the GNU General
* Public License can be found in `/usr/share/common-licenses/GPL-2'.
*
* Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt
*
*/
require_once 'av_init.php';
Session::logcheck("dashboard-menu", "IPReputation");
$perms = array('admin' => Session::am_i_admin());
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
    <title><?php 
echo _('Open Threat Exchange Configuration');
?>
</title>
    <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>
    <meta http-equiv="Pragma" content="no-cache"/>

    <?php 
//CSS Files
$_files = array(array('src' => 'jquery-ui.css', 'def_path' => TRUE), array('src' => 'jquery.dataTables.css', 'def_path' => TRUE), array('src' => 'av_common.css', 'def_path' => TRUE), array('src' => 'jquery.switch.css', 'def_path' => TRUE), array('src' => 'tipTip.css', 'def_path' => TRUE), array('src' => 'jquery.dropdown.css', 'def_path' => TRUE), array('src' => 'av_table.css', 'def_path' => TRUE), array('src' => 'otx/av_pulse.css', 'def_path' => TRUE));
Beispiel #18
0
?>
', 600, '90%');"><div><span class="add" style="padding-left:20px;font-size:12px"><b><?php 
echo _("New Directive");
?>
</b></span></div></div>
						<div class="btnseparator"></div>
						<div class="fbutton" onclick="GB_show('Test Directives', '/ossim/directives/test.php?engine_id=<?php 
echo $engine_id;
?>
', 200, 500);"><div><span class="test" style="padding-left:20px;font-size:12px"><b><?php 
echo _("Test Directives");
?>
</b></span></div></div>
						<div class="btnseparator"></div>
						<?php 
if (Session::am_i_admin() && 1 == 2) {
    // Temporary hidden
    ?>
						<div class="fbutton" onclick="GB_show('User Contributed Directives', '/ossim/directives/editxml.php?engine_id=<?php 
    echo $engine_id;
    ?>
', 600, '90%');"><div><span class="xml" style="padding-left:20px;font-size:12px"><b><?php 
    echo _("Edit XML");
    ?>
</b></span></div></div>
						<div class="btnseparator"></div>
						<?php 
}
?>
						<div class="fbutton" onclick="restart_directives();"><div><span class="apply <?php 
echo Web_indicator::is_on("Reload_directives") ? "reload_red" : "";
function PrintPredefinedViews()
{
    global $opensource;
    $current_str = $_SESSION['current_cview'] != "default" && $_SESSION['current_cview'] != "" ? Util::htmlentities($_SESSION['current_cview']) : _("Default");
    // Get default view
    require_once "ossim_conf.inc";
    $conf = $GLOBALS["CONF"];
    $idm_enabled = $conf->get_conf("enable_idm") == 1 && Session::is_pro() ? true : false;
    $login = Session::get_session_user();
    $db_aux = new ossim_db(true);
    $conn_aux = $db_aux->connect();
    $config = new User_config($conn_aux);
    $default_view = $config->get($login, 'custom_view_default', 'php', "siem") != "" ? $config->get($login, 'custom_view_default', 'php', "siem") : ($idm_enabled ? 'IDM' : 'default');
    $db_aux->close($conn_aux);
    ?>
    <button id="views_link" class="button av_b_secondary">
        <?php 
    echo _('Change View');
    ?>
 &nbsp;&#x25be;
    </button>

    <div id="custom_views" class="dropdown dropdown-secondary dropdown-close dropdown-tip dropdown-anchor-right dropdown-scrolling" style='display:none'>
        <ul id="custom_views_ul" class="dropdown-menu">
            <?php 
    if (Session::am_i_admin()) {
        ?>
            <li><a href="#" onclick="GB_show('<?php 
        echo _("Edit Current View");
        ?>
','/forensics/custom_view_edit.php?edit=1',480,700);$('#custom_views').hide();return false"><?php 
        echo _("Edit Current View");
        ?>
&nbsp;</a></li>
            <li><a href="#" onclick="GB_show('<?php 
        echo _("Create new custom view");
        ?>
','/forensics/custom_view_edit.php',480,700);$('#custom_views').hide();return false"><?php 
        echo _("Create New View");
        ?>
&nbsp;</a></li>
            <?php 
    }
    foreach ($_SESSION['views'] as $name => $attr) {
        $dname = $name == "default" ? "Default" : $name;
        $selected = $_SESSION['current_cview'] == $name ? "&#x25BA;&nbsp;" : "";
        ?>
                <li><a href="#" onclick="change_view('<?php 
        echo Util::htmlentities($name);
        ?>
');$('#custom_views').hide()"><?php 
        echo $selected . Util::htmlentities($dname);
        ?>
&nbsp;</a></li>
            <?php 
    }
    ?>
        </ul>
    </div>

    <?php 
}
            $content = _('The sensor is busy');
            $type = 'nf_warning';
        }
    }
}
// Delete scan
if ($op == 'delete' && $scan_name != '' && $sensor_ip != '') {
    $content = _('Deleting capture... wait a few seconds');
    $type = 'nf_success';
    $scan_info = explode('_', $scan_name);
    $users = Session::get_users_to_assign($dbconn);
    $my_users = array();
    foreach ($users as $k => $v) {
        $my_users[$v->get_login()] = 1;
    }
    if ($my_users[$scan_info[1]] == 1 || Session::am_i_admin()) {
        $scan->delete_scan($scan_name, $sensor_ip);
    }
}
// Stop capture
if ($op == 'stop' && $sensor_ip != '') {
    if (Session::sensorAllowed($sensor_ip)) {
        $scan->stop_capture($sensor_ip);
    }
    $db->close();
    exit;
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
function get_notifications($conn)
{
    $notifications = array();
    if (Session::menu_perms('configuration-menu', 'PolicySensors')) {
        $new_sensors = Av_sensor::get_unregistered($conn);
        if (count($new_sensors) > 0) {
            $notif['msg'] = count($new_sensors) > 1 ? _('New Sensors Detected') : _('New Sensor Detected');
            $notif['class'] = 'nl_sensors';
            $notifications[$notif['class']] = $notif;
        }
    }
    if (Session::am_i_admin()) {
        $trial_days = calc_days_to_expire();
        if ($trial_days !== FALSE) {
            $notif['msg'] = $trial_days == 0 ? _('Trial Version expired') : $trial_days . ' ' . _('Days Left of Free Trial');
            $notif['class'] = 'nl_trial';
            $notifications[$notif['class']] = $notif;
        }
        $new_updates = get_only_updates();
        if ($new_updates == TRUE) {
            $notif['msg'] = _('New Updates Available');
            $notif['class'] = 'nl_updates';
            $notifications[$notif['class']] = $notif;
        }
        $unread = get_status_messages();
        if ($unread) {
            $notif['msg'] = _('New Warnings & Errors');
            $notif['class'] = 'nl_messages';
            $notifications[$notif['class']] = $notif;
        }
        $otx = calc_otx_notif();
        if ($otx === TRUE) {
            $notif['msg'] = _('Contribute to AlienVault OTX');
            $notif['class'] = 'nl_otx';
            $notifications[$notif['class']] = $notif;
        }
        $devices = calc_devices_total($conn);
        $max_dev = intval($_SESSION["_max_devices"]);
        //This val is loaded when the users log in. (session.inc)
        if ($max_dev > 0 && $devices > $max_dev) {
            $over = $devices - $max_dev;
            $notif['msg'] = _("License Violation - {$over} Assets Over");
            $notif['class'] = 'nl_device_exceed';
            $notifications[$notif['class']] = $notif;
        }
    }
    $return['error'] = FALSE;
    $return['output'] = $notifications;
    return $return;
}
Beispiel #22
0
function echochildrens($entities, $parent_id, $withusers, $entities_admin)
{
    $length_name = 50;
    echo ",children:[";
    /* Connect to db */
    $db = new ossim_db();
    $conn = $db->connect();
    $users_by_entity = Acl::get_users_by_entity($conn, $parent_id);
    $me = Session::get_session_user();
    $entities_types = Acl::get_entities_types($conn);
    $is_editable = $parent_id != "" && (!empty($users_by_entity[$me]) || Session::am_i_admin() || !empty($entities_admin[$me]));
    if ($is_editable) {
        echo "{title:'<font style=\"font-weight:normal\">" . _("All Assets") . "</font>', key:'ae_" . $parent_id . "', icon:'../../pixmaps/menu/assets.gif', isFolder:true, isLazy:true}";
        if ($withusers) {
            echo ",{title:'<font style=\"font-weight:normal\">" . _("Assets by user") . "</font>', key:'ue_" . $parent_id . "', icon:'../../pixmaps/menu/assets.gif', isFolder:true, isLazy:true}";
        }
    }
    $children = Acl::get_entity_childs($conn, $parent_id);
    if (!empty($children)) {
        $flag = false;
        foreach ($children as $index => $child_id) {
            $icon = "../../pixmaps/theme/any.png";
            $child = $entities[0][$child_id];
            $entity_allowed = Acl::entityAllowed($child_id);
            if ($entity_allowed == 2) {
                $child_link = "noLink: false";
                $child_url = "../acl/entities_edit.php?id=" . $child_id;
            } else {
                $child_link = "noLink: true";
                $child_url = "";
            }
            $child_key = "e_" . $child_id;
            $child_sn = strlen($child['name']) > $length_name ? substr($child['name'], 0, $length_name) . "..." : $child['name'];
            $child_name = Util::htmlentities($child['name']);
            $chil_ent_admin = $entities_admin;
            $chil_ent_admin[$child['admin_user']] = $child_id;
            if ($child['parent_id'] == $parent_id) {
                $title = "<font style=\"font-weight:bold;\">" . Util::htmlentities($child_sn) . "</font> <font style=\"color:gray\">[" . $entities_types[$child['type']]['name'] . "]</font>";
                $tooltip = Util::htmlentities($child['name']) . " [" . $entities_types[$child['type']]['name'] . "]";
                if ($flag || $is_editable) {
                    echo ",";
                }
                $flag = true;
                $h = "400";
                echo "{title:'" . $title . "', h:'{$h}', " . $child_link . ", url:'" . $child_url . "', tooltip:'{$tooltip}', key:'" . $child_key . "', icon:'{$icon}', expand:true, name:'{$child_name}'";
                echochildrens($entities, $child_id, $withusers, $entities_admin);
                echo "}";
            }
        }
    }
    echo "]";
}
Beispiel #23
0
function get_report_data($id = NULL)
{
    $conf = $GLOBALS['CONF'];
    $conf = !$conf ? new Ossim_conf() : $conf;
    $y = strftime('%Y', time() - 24 * 60 * 60 * 30);
    $m = strftime('%m', time() - 24 * 60 * 60 * 30);
    $d = strftime('%d', time() - 24 * 60 * 60 * 30);
    $reports['asset_report'] = array('report_name' => _('Asset Details'), 'report_id' => 'asset_report', 'type' => 'external', 'link_id' => 'link_ar_asset', 'link' => '', 'parameters' => array(array('name' => _('Host Name/IP/Network'), 'id' => 'ar_asset', 'type' => 'asset', 'default_value' => '')), 'access' => Session::menu_perms('environment-menu', 'PolicyHosts') || Session::menu_perms('environment-menu', 'PolicyNetworks'), 'send_by_email' => 0);
    $status_values = array('All' => array('text' => _('All')), 'Open' => array('text' => _('Open')), 'Assigned' => array('text' => _('Assigned')), 'Studying' => array('text' => _('Studying')), 'Waiting' => array('text' => _('Waiting')), 'Testing' => array('text' => _('Testing')), 'Closed' => array('text' => _('Closed')));
    $types_values = array('ALL' => array('text' => _('ALL')), 'Expansion Virus' => array('text' => _('Expansion Virus')), 'Corporative Nets Attack' => array('text' => _('Corporative Nets Attack')), 'Policy Violation' => array('text' => _('Policy Violation')), 'Security Weakness' => array('text' => _('Security Weakness')), 'Net Performance' => array('text' => _('Net Performance')), 'Applications and Systems Failures' => array('text' => _('Applications and Systems Failures')), 'Anomalies' => array('text' => _('Anomalies')), 'Vulnerability' => array('text' => _('Vulnerability')));
    $priority_values = array('High' => _('High'), 'Medium' => _('Medium'), 'Low' => _('Low'));
    $reports['tickets_report'] = array('report_name' => _('Tickets Report'), 'report_id' => 'tickets_report', 'type' => 'pdf', 'subreports' => array('title_page' => array('id' => 'title_page', 'name' => _('Title Page'), 'report_file' => 'os_reports/Common/titlepage.php'), 'alarm' => array('id' => 'alarm', 'name' => _('Alarm'), 'report_file' => 'os_reports/Tickets/Alarm.php'), 'event' => array('id' => 'event', 'name' => _('Event'), 'report_file' => 'os_reports/Tickets/Event.php'), 'anomaly' => array('id' => 'anomaly', 'name' => _('Anomaly'), 'report_file' => 'os_reports/Tickets/Anomaly.php'), 'vulnerability' => array('id' => 'vulnerability', 'name' => _('Vulnerability'), 'report_file' => 'os_reports/Tickets/Vulnerability.php')), 'parameters' => array(array('name' => _('Date Range'), 'date_from_id' => 'tr_date_from', 'date_to_id' => 'tr_date_to', 'type' => 'date_range', 'default_value' => array('date_from' => $y . '-' . $m . '-' . $d, 'date_to' => date('Y') . '-' . date('m') . '-' . date('d'))), array('name' => _('Status'), 'id' => 'tr_status', 'type' => 'select', 'values' => $status_values), array('name' => _('Type'), 'id' => 'tr_type', 'type' => 'select', 'values' => $types_values), array('name' => _('Priority'), 'id' => 'tr_priority', 'type' => 'checkbox', 'values' => $priority_values)), 'access' => Session::menu_perms('analysis-menu', 'IncidentsIncidents'), 'send_by_email' => 1);
    $reports['alarm_report'] = array('report_name' => _('Alarms Report'), 'report_id' => 'alarm_report', 'type' => 'pdf', 'subreports' => array('title_page' => array('id' => 'title_page', 'name' => _('Title Page'), 'report_file' => 'os_reports/Common/titlepage.php'), 'top_attacker_host' => array('id' => 'top_attacker_host', 'name' => _('Top 10 Attacker Host'), 'report_file' => 'os_reports/Alarms/AttackerHosts.php'), 'top_attacked_host' => array('id' => 'top_attacked_host', 'name' => _('Top 10 Attacked Host'), 'report_file' => 'os_reports/Alarms/AttackedHosts.php'), 'used_port' => array('id' => 'used_port', 'name' => _('Top 10 Used Ports'), 'report_file' => 'os_reports/Alarms/UsedPorts.php'), 'top_events' => array('id' => 'top_events', 'name' => _('Top 15 Alarms'), 'report_file' => 'os_reports/Alarms/TopAlarms.php'), 'events_by_risk' => array('id' => 'events_by_risk', 'name' => _('Top 15 Alarms by Risk'), 'report_file' => 'os_reports/Alarms/TopAlarmsByRisk.php')), 'parameters' => array(array('name' => _('Date Range'), 'date_from_id' => 'ar_date_from', 'date_to_id' => 'ar_date_to', 'type' => 'date_range', 'default_value' => array('date_from' => $y . '-' . $m . '-' . $d, 'date_to' => date('Y') . '-' . date('m') . '-' . date('d')))), 'access' => Session::menu_perms('analysis-menu', 'ControlPanelAlarms'), 'send_by_email' => 1);
    $reports['bc_pci_report'] = array('report_name' => _('Business & Compliance ISO PCI Report'), 'report_id' => 'bc_pci_report', 'type' => 'pdf', 'subreports' => array('title_page' => array('id' => 'title_page', 'name' => _('Title Page'), 'report_file' => 'os_reports/Common/titlepage.php'), 'threat_overview' => array('id' => 'threat_overview', 'name' => _('Threat overview'), 'report_file' => 'os_reports/BusinessAndComplianceISOPCI/ThreatOverview.php'), 'bri_risks' => array('id' => 'bri_risks', 'name' => _('Business real impact risks'), 'report_file' => 'os_reports/BusinessAndComplianceISOPCI/BusinessPotentialImpactsRisks.php'), 'ciap_impact' => array('id' => 'ciap_impact', 'name' => _('C.I.A Potential impact'), 'report_file' => 'os_reports/BusinessAndComplianceISOPCI/CIAPotentialImpactsRisks.php'), 'pci_dss' => array('id' => 'pci_dss', 'name' => _('PCI-DSS 2.0'), 'report_file' => 'os_reports/BusinessAndComplianceISOPCI/PCI-DSS.php'), 'pci_dss3' => array('id' => 'pci_dss3', 'name' => _('PCI-DSS 3.0'), 'report_file' => 'os_reports/BusinessAndComplianceISOPCI/PCI-DSS3.php'), 'trends' => array('id' => 'trends', 'name' => _('Trends'), 'report_file' => 'os_reports/BusinessAndComplianceISOPCI/Trends.php'), 'iso27002_p_impact' => array('id' => 'iso27002_p_impact', 'name' => _('ISO27002 Potential impact'), 'report_file' => 'os_reports/BusinessAndComplianceISOPCI/ISO27002PotentialImpact.php'), 'iso27001' => array('id' => 'iso27001', 'name' => _('ISO27001'), 'report_file' => 'os_reports/BusinessAndComplianceISOPCI/ISO27001.php')), 'parameters' => array(array('name' => _('Date Range'), 'date_from_id' => 'bc_pci_date_from', 'date_to_id' => 'bc_pci_date_to', 'type' => 'date_range', 'default_value' => array('date_from' => $y . '-' . $m . '-' . $d, 'date_to' => date('Y') . '-' . date('m') . '-' . date('d')))), 'access' => Session::menu_perms('report-menu', 'ReportsReportServer'), 'send_by_email' => 1);
    $reports['siem_report'] = array('report_name' => _('SIEM Events'), 'report_id' => 'siem_report', 'type' => 'pdf', 'subreports' => array('title_page' => array('id' => 'title_page', 'name' => _('Title Page'), 'report_file' => 'os_reports/Common/titlepage.php'), 'top_attacker_host' => array('id' => 'top_attacker_host', 'name' => _('Top 10 Attacker Host'), 'report_file' => 'os_reports/Siem/AttackerHosts.php'), 'top_attacked_host' => array('id' => 'top_attacked_host', 'name' => _('Top 10 Attacked Host'), 'report_file' => 'os_reports/Siem/AttackedHosts.php'), 'used_port' => array('id' => 'used_port', 'name' => _('Top 10 Used Ports'), 'report_file' => 'os_reports/Siem/UsedPorts.php'), 'top_events' => array('id' => 'top_events', 'name' => _('Top 15 Events'), 'report_file' => 'os_reports/Siem/TopEvents.php'), 'events_by_risk' => array('id' => 'events_by_risk', 'name' => _('Top 15 Events by Risk'), 'report_file' => 'os_reports/Siem/TopEventsByRisk.php')), 'parameters' => array(array('name' => _('Date Range'), 'date_from_id' => 'sr_date_from', 'date_to_id' => 'sr_date_to', 'type' => 'date_range', 'default_value' => array('date_from' => $y . '-' . $m . '-' . $d, 'date_to' => date('Y') . '-' . date('m') . '-' . date('d')))), 'access' => Session::menu_perms('analysis-menu', 'EventsForensics'), 'send_by_email' => 1);
    $reports['vulnerabilities_report'] = array('report_name' => _('Vulnerabilities Report'), 'report_id' => 'vulnerabilities_report', 'type' => 'external', 'target' => '_blank', 'link_id' => 'link_vr', 'link' => Menu::get_menu_url('../vulnmeter/lr_respdf.php?ipl=all&scantype=M', 'environment', 'vulnerabilities', 'overview'), 'access' => Session::menu_perms('analysis-menu', 'EventsVulnerabilities'), 'send_by_email' => 0);
    $reports['th_vuln_db'] = array('report_name' => _('Threats & Vulnerabilities Database'), 'report_id' => 'th_vuln_db', 'type' => 'external', 'link_id' => 'link_tvd', 'link' => Menu::get_menu_url('../vulnmeter/threats-db.php', 'environment', 'vulnerabilities', 'threat_database'), 'access' => Session::menu_perms('analysis-menu', 'EventsVulnerabilities'), 'send_by_email' => 0);
    $reports['ticket_status'] = array('report_name' => _('Tickets Status'), 'report_id' => 'ticket_status', 'type' => 'external', 'link_id' => 'link_tr', 'link' => Menu::get_menu_url('../report/incidentreport.php', 'analysis', 'tickets', 'tickets'), 'access' => Session::menu_perms('analysis-menu', 'IncidentsIncidents'), 'send_by_email' => 0);
    $db = new ossim_db();
    $conn = $db->connect();
    $user = Session::get_session_user();
    $session_list = Session::get_list($conn, 'ORDER BY login');
    if (preg_match('/pro|demo/', $conf->get_conf('ossim_server_version')) && !Session::am_i_admin()) {
        $myusers = Acl::get_my_users($conn, Session::get_session_user());
        if (count($myusers) > 0) {
            $is_pro_admin = 1;
        }
    }
    // User Log lists
    if (Session::am_i_admin()) {
        $user_values[''] = array('text' => _('All'));
        if ($session_list) {
            foreach ($session_list as $session) {
                $login = $session->get_login();
                $user_values[$login] = $login == $user ? array('text' => $login, 'selected' => TRUE) : array('text' => $login);
            }
        }
    } elseif ($is_pro_admin) {
        foreach ($myusers as $myuser) {
            $user_values[$myuser['login']] = array('text' => $myuser['login']);
            $user_values[$user] = array('text' => $user, 'selected' => TRUE);
        }
    } else {
        $user_values[$user] = array('text' => $user);
    }
    $code_list = Log_config::get_list($conn, 'ORDER BY descr');
    $action_values[''] = array('text' => _('All'));
    if ($code_list) {
        foreach ($code_list as $code_log) {
            $code_aux = $code_log->get_code();
            $action_values[$code_aux] = array('text' => '[' . sprintf("%02d", $code_aux) . '] ' . _(preg_replace('|%.*?%|', " ", $code_log->get_descr())));
        }
    }
    $reports['user_activity'] = array('report_name' => _('User Activity Report'), 'report_id' => 'user_activity', 'type' => 'external', 'link_id' => 'link_ua', 'link' => Menu::get_menu_url('../userlog/user_action_log.php', 'settings', 'settings', 'user_activity'), 'parameters' => array(array('name' => _('User'), 'id' => 'ua_user', 'type' => 'select', 'values' => $user_values), array('name' => _('Action'), 'id' => 'ua_action', 'type' => 'select', 'values' => $action_values)), 'access' => Session::menu_perms('settings-menu', 'ToolsUserLog'), 'send_by_email' => 0);
    $reports['geographic_report'] = array('report_name' => _('Geographic Report'), 'report_id' => 'geographic_report', 'type' => 'pdf', 'subreports' => array('title_page' => array('id' => 'title_page', 'name' => _('Title Page'), 'report_file' => 'os_reports/Common/titlepage.php'), 'geographic_report' => array('id' => 'geographic_report', 'name' => _('Geographic Report'), 'report_file' => 'os_reports/Various/Geographic.php')), 'parameters' => array(array('name' => _('Date Range'), 'date_from_id' => 'gr_date_from', 'date_to_id' => 'gr_date_to', 'type' => 'date_range', 'default_value' => array('date_from' => $y . '-' . $m . '-' . $d, 'date_to' => date('Y') . '-' . date('m') . '-' . date('d')))), 'access' => Session::menu_perms('analysis-menu', 'EventsForensics'), 'send_by_email' => 1);
    //Sensor list
    $sensor_values[''] = array('text' => ' -- ' . _('Sensors no found') . ' -- ');
    $filters = array('order_by' => 'name');
    $sensor_list = Av_sensor::get_basic_list($conn, $filters);
    $filters = array('order_by' => 'priority desc');
    list($sensor_list, $sensor_total) = Av_sensor::get_list($conn, $filters);
    if ($sensor_total > 0) {
        $sensor_values = array();
        foreach ($sensor_list as $s) {
            $properties = $s['properties'];
            if ($properties['has_nagios']) {
                $sensor_values[$s['ip']] = array('text' => $s['name']);
            }
        }
    }
    /* Nagios link */
    $nagios_link = $conf->get_conf('nagios_link');
    $scheme = empty($_SERVER['HTTPS']) ? 'http://' : 'https://';
    $path = !empty($nagios_link) ? $nagios_link : '/nagios3/';
    $port = !empty($_SERVER['SERVER_PORT']) ? ':' . $_SERVER['SERVER_PORT'] : "";
    $nagios = $port . $path;
    $section_values = array(urlencode($nagios . 'cgi-bin/trends.cgi') => array('text' => _('Trends')), urlencode($nagios . 'cgi-bin/avail.cgi') => array('text' => _('Availability')), urlencode($nagios . 'cgi-bin/histogram.cgi') => array('text' => _('Event Histogram')), urlencode($nagios . 'cgi-bin/history.cgi?host=all') => array('text' => _('Event History')), urlencode($nagios . 'cgi-bin/summary.cgi') => array('text' => _('Event Summary')), urlencode($nagios . 'cgi-bin/notifications.cgi') => array('text' => _('Notifications')), urlencode($nagios . 'cgi-bin/showlog.cgi') => array('text' => _('Performance Info')));
    $reports['availability_report'] = array('report_name' => _('Availability Report'), 'report_id' => 'availability_report', 'type' => 'external', 'link_id' => 'link_avr', 'click' => "nagios_link('avr_nagios_link', 'avr_sensor', 'avr_section');", 'parameters' => array(array('name' => _('Sensor'), 'id' => 'avr_sensor', 'type' => 'select', 'values' => $sensor_values), array('name' => 'Nagioslink', 'id' => 'avr_nagios_link', 'type' => 'hidden', 'default_value' => urlencode($scheme)), array('name' => _('Section'), 'id' => 'avr_section', 'type' => 'select', 'values' => $section_values)), 'access' => Session::menu_perms('environment-menu', 'MonitorsAvailability'), 'send_by_email' => 0);
    $db->close();
    if ($id == NULL) {
        ksort($reports);
        return $reports;
    } else {
        return !empty($reports[$id]) ? $reports[$id] : array();
    }
}
Beispiel #24
0
    if ($edit && $_SESSION['current_cview'] != 'default') {
        ?>
                    <input type="button" class="small av_b_secondary" onclick="document.fcols.save.value='insert';document.fcols.selected_cols.value=getselectedcombovalue('cols');document.fcols.submit()" value="<?php 
        echo _("Save As");
        ?>
" id="saveasbutton" disabled='disabled'>
                    <input type="button" class="small av_b_secondary" onclick="if(confirm('<?php 
        echo Util::js_entities(_("Are you sure?"));
        ?>
')) { document.fcols.save.value='delete';document.fcols.submit() }" value="<?php 
        echo _("Delete");
        ?>
">
                    <?php 
    }
    if (Session::am_i_admin() && $edit && !$opensource) {
        ?>
                    <input type="button"  class="small av_b_secondary" onclick="document.fcols.save.value='report';document.fcols.selected_cols.value=getselectedcombovalue('cols');document.fcols.submit()" value="<?php 
        echo _("Save as Report Module");
        ?>
">
                    <?php 
    }
    ?>
            <input type="button" class="small av_b_secondary" onclick="parent.GB_hide()" value="<?php 
    echo _("Cancel");
    ?>
">
            <input type="button" class="small" onclick="document.fcols.selected_cols.value=getselectedcombovalue('cols');document.fcols.submit()" value="<?php 
    echo $edit ? _("Save") : _("Create");
    ?>
Beispiel #25
0
function select_profile()
{
    global $sid, $username, $dbconn, $version, $nessus_path;
    $args = "";
    if (!Session::am_i_admin()) {
        list($owners, $sqlowners) = Vulnerabilities::get_users_and_entities_filter($dbconn);
        $owners[] = '0';
        $sql_perms .= " OR owner IN('" . implode("', '", $owners) . "')";
        $args = "WHERE name='Default' OR name='Deep' OR name='Ultimate' " . $sql_perms;
    }
    $layouts = array();
    $query = "SELECT id, name, description, owner, type FROM vuln_nessus_settings {$args} ORDER BY name";
    $dbconn->SetFetchMode(ADODB_FETCH_BOTH);
    $result = $dbconn->execute($query);
    echo "<CENTER>";
    echo "<table class=\"transparent\"><tr><td class=\"sec_title\">" . _("Vulnerability Scan Profiles") . "</td></tr></table>";
    echo "<p>";
    echo _("Please select a profile to edit") . ":";
    echo "</p>";
    echo "<table class='table_list'>";
    echo "<tr>";
    echo "<th>" . _("Available for") . "</th>";
    echo "<th>" . _("Profile") . "</th>";
    echo "<th>" . _("Description") . "</th>";
    echo "<th>" . _("Action") . "</th>";
    echo "</tr>";
    $color = 0;
    while (!$result->EOF) {
        $sid = $result->fields[0];
        $sname = $result->fields[1];
        $sdescription = $result->fields[2];
        $sowner = $result->fields[3];
        $stype = $result->fields[4];
        echo "<tr id='profile{$sid}'>";
        if ($sowner == "0") {
            echo "<td>" . _("All") . "</td>";
        } elseif (valid_hex32($sowner)) {
            echo "<td style='padding:0px 2px 0px 2px;'>" . Session::get_entity_name($dbconn, $sowner) . "</td>";
        } else {
            echo "<td>" . Util::htmlentities($sowner) . "</td>";
        }
        echo "<td width='200'>" . Util::htmlentities($sname) . "</td>";
        echo "<td width='450'>" . Util::htmlentities($sdescription) . "</td>";
        echo "<td>";
        if ($sname == "Default" || $sname == "Deep" || $sname == "Ultimate") {
            echo "<img src=\"images/pencil.png\" class=\"tip disabled\" title=\"" . _("{$sname} profile can't be edited, clone it to make changes") . "\" />";
            echo "<img src=\"images/delete.gif\" class=\"tip disabled\" title=\"" . _("{$sname} profile can't be deleted") . "\" />";
        } else {
            if (Vulnerabilities::can_modify_profile($dbconn, $sname, $sowner)) {
                echo "<a href='settings.php?disp=edit&amp;sid={$sid}'><img class='hand' id='edit_" . md5($sname . $sowner) . "' src='images/pencil.png' ></a>";
            } else {
                echo "<img class='disabled' src='images/pencil.png'>";
            }
            if (Vulnerabilities::can_delete_profile($dbconn, $sname, $sowner)) {
                echo "<img class='hand' src='images/delete.gif'  id='delete_" . md5($sname . $sowner) . "' onclick='deleteProfile({$sid})'>";
            } else {
                echo "<img class='disabled' src=\"images/delete.gif\" >";
            }
        }
        echo "</td>";
        echo "</tr>";
        $result->MoveNext();
        $color++;
    }
    echo "</table>";
    echo "<center>";
    echo "<form>";
    echo "<br/>";
    echo "<input type='button' onclick=\"document.location.href='settings.php?disp=new'\" id=\"new_profile\" value=\"" . _("Create New Profile") . "\"/>";
    echo "</form>";
    echo "</p>";
    echo "</center>";
    // end else
}
*
* You should have received a copy of the GNU General Public License
* along with this package; if not, write to the Free Software
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
* MA  02110-1301  USA
*
*
* On Debian GNU/Linux systems, the complete text of the GNU General
* Public License can be found in `/usr/share/common-licenses/GPL-2'.
*
* Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt
*
*/
require_once 'av_init.php';
Session::logcheck("analysis-menu", "IncidentsTypes");
if (!Session::am_i_admin() && !Session::menu_perms("analysis-menu", "IncidentsTypes")) {
    die(ossim_error(_("Sorry, you are not allowed to perform this action")));
}
$inctype_id = POST('inctype_id');
ossim_valid($inctype_id, OSS_ALPHA, OSS_SPACE, OSS_PUNC, 'illegal:' . _("Incident ID"));
if (ossim_error()) {
    $data['status'] = 'error';
    $data['data'] = ossim_get_error();
    echo json_encode($data);
    exit;
}
$db = new ossim_db();
$conn = $db->connect();
Incident_type::delete($conn, $inctype_id);
$db->close($conn);
$data['status'] = 'OK';
Beispiel #27
0
function select_profile()
{
    global $sid, $username, $dbconn, $version, $nessus_path;
    $used_sids = array();
    if (preg_match("/omp\\s*\$/i", $nessus_path)) {
        $omp = new OMP();
        $used_sids = $omp->get_used_sids();
    }
    $entities_nt = array();
    $query = "SELECT ae.id as eid, ae.name as ename, aet.name as etype FROM acl_entities AS ae, acl_entities_types AS aet WHERE ae.type = aet.id";
    $result_entities = $dbconn->Execute($query);
    while (!$result_entities->EOF) {
        $entities_nt[$result_entities->fields['eid']] = $result_entities->fields['ename'] . " [" . $result_entities->fields['etype'] . "]";
        $result_entities->MoveNext();
    }
    $query = "";
    $normal_user_pro = false;
    if ($username == "admin") {
        $query = "SELECT id, name, description, owner, type FROM vuln_nessus_settings \n                    WHERE deleted != '1' ORDER BY name";
    } else {
        if (preg_match("/pro|demo/i", $version)) {
            if (Acl::am_i_proadmin()) {
                $pro_users = array();
                $entities_list = array();
                //list($entities_admin,$num) = Acl::get_entities_admin($dbconn,Session::get_session_user());
                //$entities_list = array_keys($entities_admin);
                $entities_list = Acl::get_user_entities($current_user);
                $users = Acl::get_my_users($dbconn, Session::get_session_user());
                foreach ($users as $us) {
                    $pro_users[] = $us["login"];
                }
                $query = "SELECT id, name, description, owner, type FROM vuln_nessus_settings \n                      WHERE deleted != '1' and (name='Default' or owner in ('0','" . implode("', '", array_merge($entities_list, $pro_users)) . "')) ORDER BY name";
            } else {
                $tmp = array();
                $entities = Acl::get_user_entities($username);
                foreach ($entities as $entity) {
                    $tmp[] = "'" . $entity . "'";
                }
                if (count($tmp) > 0) {
                    $user_where = "owner in ('0','{$username}'," . implode(", ", $tmp) . ")";
                } else {
                    $user_where = "owner in ('0','{$username}')";
                }
                $query = "SELECT id, name, description, owner, type FROM vuln_nessus_settings \n                          WHERE deleted != '1' and (name='Default' or {$user_where}) ORDER BY name";
                $normal_user_pro = true;
            }
        } else {
            $query = "SELECT id, name, description, owner, type FROM vuln_nessus_settings \n                          WHERE deleted != '1' and (name='Default' or owner in ('0','{$username}')) ORDER BY name";
        }
    }
    //var_dump($query);
    $result = $dbconn->execute($query);
    //echo $query;
    echo "<CENTER>";
    echo "<table cellspacing=\"0\" cellpadding=\"0\" border=\"0\" width=\"800\"><tr><td class=\"headerpr\" style=\"border:0;\">" . _("Vulnerability Scan Profiles") . "</td></tr></table>";
    echo "<table cellspacing=\"0\" cellpadding=\"0\" border=\"0\" width=\"800\"><tr><td class=\"noborder\">";
    echo "<p>";
    echo _("Please select a profile to edit") . ":";
    echo "</p>";
    echo "<table align='center'>";
    echo "<tr>";
    if ($username == "admin" || Session::am_i_admin()) {
        echo "<th>" . _("Available for") . "</th>";
    }
    echo "   <th>" . _("Profile") . "</th>";
    echo "   <th>" . _("Description") . "</th>";
    echo "   <th>" . _("Action") . "</th>";
    echo "</tr>";
    while (!$result->EOF) {
        //<td>$sowner</td>
        //<td>$stype</td>
        list($sid, $sname, $sdescription, $sowner, $stype) = $result->fields;
        echo "<tr>";
        if ($username == "admin" || Session::am_i_admin()) {
            if ($sowner == "0") {
                echo "<td>" . _("All") . "</td>";
            } elseif (is_numeric($sowner)) {
                echo "<td style='padding:0px 2px 0px 2px;'>" . $entities_nt[$sowner] . "</td>";
            } else {
                echo "<td>" . html_entity_decode($sowner) . "</td>";
            }
        }
        echo "<td>" . html_entity_decode($sname) . "</td>";
        echo "<td>" . html_entity_decode($sdescription) . "</td>";
        echo "<td>";
        //var_dump($normal_user_pro);
        //var_dump($sowner);
        //var_dump($username);
        //var_dump($used_sids);
        if ($normal_user_pro && $sowner != $username && $sname != "Default") {
            echo "&nbsp";
        } elseif ($username == "admin" || Session::am_i_admin()) {
            if (!in_array($sid, $used_sids)) {
                echo "<a href=\"settings.php?disp=edit&amp;&amp;sid={$sid}\"><img src=\"images/pencil.png\"></a>";
                echo "<a href=\"settings.php?disp=edit&amp;op=delete&amp;sid={$sid}\" onclick=\"return confirmDelete();\"><img src=\"images/delete.gif\"></a>";
            } else {
                echo "<img src=\"images/pencil.png\" title=\"" . _("This profile is being used by a running job now") . "\" style=\"filter:alpha(opacity=50);-moz-opacity:0.5;-khtml-opacity: 0.5;opacity: 0.5;\">";
                echo "<img src=\"images/delete.gif\" title=\"" . _("This profile is being used by a running job now") . "\" style=\"filter:alpha(opacity=50);-moz-opacity:0.5;-khtml-opacity: 0.5;opacity: 0.5;\">";
            }
        } elseif ($sname == "Default") {
            echo "[" . _("edit by admin") . "]";
        } elseif ($sname != "Default") {
            if (!in_array($sid, $used_sids)) {
                echo "<a href=\"settings.php?disp=edit&amp;&amp;sid={$sid}\"><img src=\"images/pencil.png\"></a>";
                echo "<a href=\"settings.php?disp=edit&amp;op=delete&amp;sid={$sid}\" onclick=\"return confirmDelete();\"><img src=\"images/delete.gif\"></a>";
            } else {
                echo "<img title=\"" . _("This profile is being used by a running job now") . "\" style=\"filter:alpha(opacity=50);-moz-opacity:0.5;-khtml-opacity: 0.5;opacity: 0.5;\" src=\"images/pencil.png\">";
                echo "<img title=\"" . _("This profile is being used by a running job now") . "\" style=\"filter:alpha(opacity=50);-moz-opacity:0.5;-khtml-opacity: 0.5;opacity: 0.5;\" src=\"images/delete.gif\">";
            }
        }
        echo "</td>";
        echo "</tr>";
        $result->MoveNext();
    }
    echo "</table>";
    echo "<center>";
    echo "<p>";
    echo "<form>";
    echo "<input type=button onclick=\"document.location.href='settings.php?disp=new'\" value=\"" . _("Create New Profile") . "\" class=\"button\">&nbsp;&nbsp;&nbsp;&nbsp;";
    if ($username == "admin" || Session::am_i_admin()) {
        echo "<input type=button onclick=\"document.location.href='defaults.php'\" value=\"" . _("Edit default profile") . "\" class=\"button\">";
    }
    echo "</form>";
    echo "</p>";
    echo "</center>";
    echo "<br><br>";
    echo "</td></tr></table></center>";
    // end else
}
Beispiel #28
0
    $error->display("FORM_MISSING_FIELDS");
}
/* check for old password if not actual user or admin */
if ($_SESSION["_user"] != $user && !Session::am_i_admin() && !is_array($user_list = Session::get_list($conn, "WHERE login = '******' and pass = '******'"))) {
    require_once "ossim_error.inc";
    $error = new OssimError();
    $error->display("BAD_OLD_PASSWORD");
}
/* check passwords */
if (0 != strcmp($pass1, $pass2)) {
    require_once "ossim_error.inc";
    $error = new OssimError();
    $error->display("PASSWORDS_MISMATCH");
}
/* only the user himself or the admin can change passwords */
if (POST('user') != $_SESSION["_user"] && !Session::am_i_admin()) {
    die(ossim_error(_("To change the password for other user is not allowed")));
}
/* check OK, insert into DB */
if (POST('update')) {
    Session::changepass($conn, $user, $pass1);
    ?>
    <p> <?php 
    echo gettext("User succesfully updated");
    ?>
 </p>
<?php 
    $location = "users.php";
    sleep(2);
    echo "<script>\n///history.go(-1);\nwindow.location='{$location}';\n</script>\n";
    ?>
Beispiel #29
0
* along with this package; if not, write to the Free Software
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
* MA  02110-1301  USA
*
*
* On Debian GNU/Linux systems, the complete text of the GNU General
* Public License can be found in `/usr/share/common-licenses/GPL-2'.
*
* Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt
*
*/
require_once 'av_init.php';
//First we check we have session active
Session::useractive();
//Then we check the permissions
if (!Session::am_i_admin()) {
    $response['error'] = TRUE;
    $response['msg'] = _('You do not have permissions to see this section');
    echo json_encode($response);
    exit - 1;
}
/*
*
* <------------------------   BEGINNING OF THE FUNCTIONS   ------------------------> 
*
*/
function check_wizard_object($wizard)
{
    if ($wizard === FALSE) {
        throw new Exception(_("There was an error, the Welcome_wizard object doesn't exist. Try again later"));
    }
Beispiel #30
0
function echochildrens($entities, $parent_id, $entities_admin)
{
    /* Connect to db */
    $db = new ossim_db();
    $conn = $db->connect();
    $users_by_entity = Acl::get_users_by_entity($conn, $parent_id);
    $me = Session::get_session_user();
    $entities_types = Acl::get_entities_types($conn);
    $length_name = !empty($_GET['length_name']) ? GET('length_name') : 30;
    echo ",children:[";
    $is_editable = $parent_id != "" && (!empty($users_by_entity[$me]) || Session::am_i_admin() || !empty($entities_admin[$me]));
    if ($is_editable) {
        echo "{title:'<font style=\"font-weight:normal\">" . _("All Assets") . "</font>', url:'AllAssets', key:'e_" . $parent_id . "_allassets', icon:'../../pixmaps/menu/assets.gif', isFolder:false, expand:true,";
        echo "children:[ ";
        echo "{ key:'e_" . $parent_id . "_net', isFolder:true, isLazy:true, icon:'../../pixmaps/theme/net.png', title:'" . _("Networks") . "'},";
        echo "{ key:'e_" . $parent_id . "_sensor', isFolder:true, isLazy:true, icon:'../../pixmaps/theme/server.png', title:'" . _("Sensors") . "'}";
        echo "]}";
    }
    $children = Acl::get_entity_childs($conn, $parent_id);
    if (!empty($children)) {
        $flag = false;
        foreach ($children as $index => $child_id) {
            $icon = "../../pixmaps/theme/any.png";
            $child = $entities[0][$child_id];
            $entity_allowed = Acl::entityAllowed($child_id);
            $child_key = "e_" . $child_id;
            $child_sn = strlen($child['name']) > $length_name ? substr($child['name'], 0, $length_name) . "..." : $child['name'];
            $child_name = Util::htmlentities($child['name']);
            $chil_ent_admin = $entities_admin;
            $chil_ent_admin[$child['admin_user']] = $child_id;
            if ($child['parent_id'] == $parent_id) {
                $title = "<font style=\"font-weight:bold;\">" . Util::htmlentities($child_sn) . "</font> <font style=\"color:gray\">[" . $entities_types[$child['type']]['name'] . "]</font>";
                $tooltip = Util::htmlentities($child['name']) . " [" . $entities_types[$child['type']]['name'] . "]";
                if ($flag || $is_editable) {
                    echo ",";
                }
                $flag = true;
                echo "{title:'" . $title . "', tooltip:'{$tooltip}', noLink: true, url:'" . $child_url . "', key:'" . $child_key . "', icon:'{$icon}', expand:true, name:'{$child_name}'";
                echochildrens($entities, $child_id, $withusers, $entities_admin, $length_name);
                echo "}";
            }
        }
    }
    echo "]";
}