$title = Util::htmlentities($title); $tooltip = $s_title; $li = "url:'" . $sensor->get_ip() . "', icon:'../../pixmaps/theme/server.png', title:'{$title}', tooltip:'{$tooltip}'\n"; $buffer .= ($j > 0 ? "," : "") . "{ {$li} }"; $j++; } } $buffer .= "]"; if ($buffer == "" || $buffer == "[]") { echo "[{title:'" . _("No Sensors Found") . "', noLink:true}]"; } else { echo $buffer; } } else { if ($key == "entities") { $entities = Acl::get_entities($conn); $entities_types = Acl::get_entities_types($conn); $num_entities = count($entities[0]); $expand = $num_entities > 0 ? "expand:true" : "expand:false"; echo "["; $flag = false; $entities_admin = array(); if ($num_entities > 0) { foreach ($entities[0] as $entity) { $entity_allowed = Acl::entityAllowed($entity['id']); if ($entity['parent_id'] > 0 || $entity['type'] <= 0 || !$entity_allowed) { continue; } if ($flag) { echo ","; }
if ($pro) { // users $users = array(); if (Session::am_i_admin()) { $users_list = Session::get_list($conn_ossim); foreach ($users_list as $user_data) { $users[] = $user_data->login; } } else { $users_list = Acl::get_my_users($conn_ossim, Session::get_session_user()); foreach ($users_list as $user_data) { $users[] = $user_data["login"]; } } // entities list($entities_all, $num_entities) = Acl::get_entities($conn_ossim); list($entities_admin, $num) = Acl::get_entities_admin($conn_ossim, Session::get_session_user()); $entities_list = array_keys($entities_admin); } $db->close($conn); $db->close($conn_ossim); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html> <head> <title><?php echo _('Backup'); ?> </title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <meta http-equiv="Pragma" content="no-cache">
$directive_id = GET('directive_id'); $intent = intval(GET('intent')); $sensor_query = GET('sensor_query'); $tag = GET('tag'); $num_events = GET('num_events'); $num_events_op = GET('num_events_op'); $date_from = GET('date_from'); $date_to = GET('date_to'); $ds_id = GET('ds_id'); $ds_name = GET('ds_name'); $beep = intval(GET('beep')); $sec = POST('sEcho'); //$tags = Tags::get_list($conn); $tags_html = Tags::get_list_html($conn); if (Session::is_pro() && Session::show_entities()) { list($entities, $_children, $_num_ent) = Acl::get_entities($conn, '', '', true, false); } ossim_valid($order, OSS_DIGIT, OSS_NULLABLE, 'illegal:' . _("Order")); ossim_valid($torder, OSS_ALPHA, OSS_NULLABLE, 'illegal:' . _("Order Direction")); ossim_valid($delete, OSS_HEX, OSS_NULLABLE, 'illegal:' . _("Delete")); ossim_valid($close, OSS_HEX, OSS_NULLABLE, 'illegal:' . _("Close")); ossim_valid($open, OSS_HEX, OSS_NULLABLE, 'illegal:' . _("Open")); ossim_valid($delete_day, OSS_ALPHA, OSS_SPACE, OSS_PUNC, OSS_NULLABLE, 'illegal:' . _("Delete_day")); ossim_valid($query, OSS_ALPHA, OSS_PUNC_EXT, OSS_SPACE, OSS_NULLABLE, 'illegal:' . _("Query")); ossim_valid($autorefresh, OSS_DIGIT, OSS_NULLABLE, 'illegal:' . _("Autorefresh")); ossim_valid($refresh_time, OSS_DIGIT, OSS_NULLABLE, 'illegal:' . _("Refresh_time")); ossim_valid($directive_id, OSS_DIGIT, OSS_NULLABLE, 'illegal:' . _("Directive_id")); ossim_valid($intent, OSS_DIGIT, OSS_NULLABLE, 'illegal:' . _("Intent")); ossim_valid($src_ip, OSS_IP_ADDRCIDR_0, OSS_NULLABLE, 'illegal:' . _("Src_ip")); ossim_valid($dst_ip, OSS_IP_ADDRCIDR_0, OSS_NULLABLE, 'illegal:' . _("Dst_ip")); ossim_valid($inf, OSS_DIGIT, OSS_NULLABLE, 'illegal:' . _("Inf"));
/* Version */ $pro = Session::is_pro(); //Timezone $tzlist = timezone_identifiers_list(4095); sort($tzlist); //Login method list $lm_list = array('ldap' => _('LDAP'), 'pass' => _('PASSWORD')); //Entities and Templates $noentities = 0; $notemplates = 0; if ($pro) { $entity_list = Session::get_entities_to_assign($conn); if (count($entity_list) < 1) { $noentities = 1; } list($entities_all, $num_entities_all) = Acl::get_entities($conn, '', '', FALSE, FALSE); $templates = array(); list($templates, $num_templates) = Session::get_templates($conn); if (count($templates) < 1) { $templates[0] = array('id' => '', 'name' => ' -- ' . _('No templates found') . ' -- '); $notemplates = 1; } } else { list($menu_perms, $perms_check) = Session::get_menu_perms($conn); } //Initialize variables $_SESSION['user_in_db'] = NULL; $login = ''; $uuid = ''; $user_name = ''; $email = '';
function get_json_entities($conn) { require_once 'av_init.php'; $json_entities = NULL; $conf = $GLOBALS["CONF"]; if (!$conf) { $conf = new Ossim_conf(); } $version = $conf->get_conf("ossim_server_version", FALSE); $pro = preg_match("/pro|demo/i", $version) ? TRUE : FALSE; if ($pro) { list($entities_all, $num_entities) = Acl::get_entities($conn, '', '', FALSE, FALSE); if (is_array($entities_all) && !empty($entities_all)) { foreach ($entities_all as $entity_id) { $entity_text = $entity["name"]; $entity_id = $entity["id"]; $json_entities .= '{ txt:"' . $entity_text . '", id:"' . $entity_id . '"},'; } } } return $json_entities; }
echo $url; ?> " /> <?php } elseif (Acl::am_i_proadmin()) { // pro admin //users $users_admin = Acl::get_my_users($dbconn, Session::get_session_user()); foreach ($users_admin as $u) { // if($u["login"]!=Session::get_session_user()){ $users_pro_login[] = $u["login"]; // } } //if(!in_array(Session::get_session_user(), $users_pro_login) && $incident_in_charge!=Session::get_session_user()) $users_pro_login[] = Session::get_session_user(); //entities list($entities_all, $num_entities) = Acl::get_entities($dbconn); list($entities_admin, $num) = Acl::get_entities_admin($dbconn, Session::get_session_user()); $entities_list = array_keys($entities_admin); $entities_types_aux = Acl::get_entities_types($dbconn); $entities_types = array(); foreach ($entities_types_aux as $etype) { $entities_types[$etype['id']] = $etype; } //save entities for proadmin foreach ($entities_all as $entity) { if (in_array($entity["id"], $entities_list)) { $entities_pro[$entity["id"]] = $entity["name"] . " [" . $entities_types[$entity["type"]]["name"] . "]"; } } // filter users $users_pro = array();
function main_page($viewall, $sortby, $sortdir) { global $uroles, $username, $dbconn, $hosts; global $arruser, $user; $tz = Util::get_timezone(); if ($sortby == "") { $sortby = "id"; } if ($sortdir == "") { $sortdir = "DESC"; } /* if ( $uroles['admin'] ) { if($viewall == 1) { echo " <a href='manage_jobs.php'>View My Schedules</a> | "; } else { echo " <a href='manage_jobs.php?viewall=1'>View All Schedules</a> | "; } } else { $viewall = "1"; }*/ //echo "<a href='sched.php?op=reoccuring'>New Schedule</a> |<br><br>"; $sql_order = "order by {$sortby} {$sortdir}"; // if($viewall == 1) { // $url_sortby="<a href=\"manage_jobs.php?viewall=1&sortby="; // } else { // $url_sortby="<a href=\"manage_jobs.php?sortby="; // } echo "<center>"; status($arruser, $user); echo "<br>"; echo "<form>"; echo "<input type=\"button\" onclick=\"document.location.href='sched.php?smethod=schedule&hosts_alive=1&scan_locally=1'\" value=\"" . _("New Scan Job") . "\" class=\"button\">"; echo " "; echo "<input type=\"button\" onclick=\"document.location.href='sched.php?smethod=inmediately&hosts_alive=1&scan_locally=1'\" value=\"" . _("Run Scan Now") . "\" class=\"button\">"; echo "</form>"; echo "</center>"; echo "<br>"; $schedulejobs = _("Scheduled Jobs"); echo <<<EOT <center> <table cellspacing="0" cellpadding="0" border="0" width="90%"><tr><td class="headerpr" style="border:0;">{$schedulejobs}</td></tr></table> <table cellspacing="2" width="90%" summary="Job Schedules" border=0 cellspacing="0" cellpadding="0"> EOT; if ($sortdir == "ASC") { $sortdir = "DESC"; } else { $sortdir = "ASC"; } $arr = array(_("Name"), _("Schedule Type"), _("Time"), _("Next Scan"), _("Status")); // modified by hsh to return all scan schedules if (in_array("admin", $arruser)) { $query = "SELECT t2.name as profile, t1.meth_TARGET, t1.id, t1.name, t1.schedule_type, t1.meth_VSET, t1.meth_TIMEOUT, t1.username, t1.enabled, t1.next_CHECK, t1.email\n FROM vuln_job_schedule t1 LEFT JOIN vuln_nessus_settings t2 ON t1.meth_VSET=t2.id "; } else { $query = "SELECT t2.name as profile, t1.meth_TARGET, t1.id, t1.name, t1.schedule_type, t1.meth_VSET, t1.meth_TIMEOUT, t1.username, t1.enabled, t1.next_CHECK, t1.email\n FROM vuln_job_schedule t1 LEFT JOIN vuln_nessus_settings t2 ON t1.meth_VSET=t2.id WHERE username in ('{$user}') "; } // if($viewall == 1) { // list all schedules // } else { // view only logged in users schedules // $query .= "where username='******' "; // } $query .= $sql_order; $result = $dbconn->execute($query); if ($result->EOF) { echo "<tr><td height='20' class='nobborder' style='text-align:center;'>" . _("No Scheduled Jobs") . "</td></tr>"; } if (!$result->EOF) { echo "<tr>"; foreach ($arr as $value) { echo "<th><a href=\"manage_jobs.php?sortby={$value}&sortdir={$sortdir}\">{$value}</a></th>"; } echo "<th>" . _("Action") . "</th></tr>"; } while (!$result->EOF) { list($profile, $targets, $schedid, $schedname, $schedtype, $sid, $timeout, $user, $schedstatus, $nextscan, $servers) = $result->fields; $tz = intval($tz); $nextscan = gmdate("Y-m-d H:i:s", Util::get_utc_unixtime($dbconn, $nextscan) + 3600 * $tz); preg_match("/\\d+\\-\\d+\\-\\d+\\s(\\d+:\\d+:\\d+)/", $nextscan, $found); $time = $found[1]; switch ($schedtype) { case "N": $stt = _("Once (Now)"); break; case "O": $stt = _("Once"); break; case "D": $stt = _("Daily"); break; case "W": $stt = _("Weekly"); break; case "M": $stt = _("Monthly"); break; case "Q": $stt = _("Quarterly"); break; case "H": $stt = _("On Hold"); break; case "NW": $stt = _("N<sup>th</sup> weekday of the month"); break; default: $stt = " "; break; } switch ($schedstatus) { case "1": $itext = _("Disable Scheduled Job"); $isrc = "images/stop2.png"; $ilink = "manage_jobs.php?disp=setstatus&schedid={$schedid}&enabled=0"; break; default: $itext = _("Enable Scheduled Job"); $isrc = "images/play.png"; $ilink = "manage_jobs.php?disp=setstatus&schedid={$schedid}&enabled=1"; break; } if ($schedstatus) { $txt_enabled = "<td><a href=\"{$ilink}\"><font color=\"green\">" . _("Enabled") . "</font></a></td>"; } else { $txt_enabled = "<td><a href=\"{$ilink}\"><font color=\"red\">" . _("Disabled") . "</font></a></td>"; } if (preg_match('/^\\d+$/', $user)) { list($entities_all, $num_entities) = Acl::get_entities($dbconn, $user); $user = $entities_all[$user]['name']; } echo <<<EOT <tr> EOT; if ($profile == "") { $profile = _("Default"); } echo "<td><a style=\"text-decoration:none;\" href=\"javascript:;\" txt=\"<b>" . _("Owner") . ":</b> {$user}<br><b>" . _("Server") . ":</b> {$servers}<br /><b>" . _("Scheduled Job ID") . ":</b> {$schedid}<br><b>" . _("Profile") . ":</b> {$profile}<br><b>" . _("Targets") . ":</b><br>" . tooltip_hosts($targets, $hosts) . "\" class=\"scriptinfo\">{$schedname}</a></td>"; ?> <td><?php echo $stt; ?> </td> <td><?php echo $time; ?> </td> <td><?php echo $nextscan; ?> </td> <?php echo <<<EOT {$txt_enabled} <td style="padding-top:2px;"><a href="{$ilink}"><img alt="{$itext}" src="{$isrc}" border=0 title="{$itext}"></a> EOT; echo "<a href='sched.php?disp=edit_sched&sched_id={$schedid}&hmenu=Vulnerabilities&smenu=Jobs'><img src='images/pencil.png' title='" . gettext("Edit Scheduled") . "'></a> "; echo "<a href='manage_jobs.php?disp=delete&schedid={$schedid}' onclick='return confirmDelete();'><img src='images/delete.gif' title='" . gettext("Delete Scheduled") . "'></a></td>"; echo <<<EOT </tr> EOT; $result->MoveNext(); } echo <<<EOT </table></center> EOT; echo "<br>"; if ($_GET['page'] != "") { $page = $_GET['page']; } else { $page = 1; } $pagesize = 10; if ($username == "admin") { $query = "SELECT count(id) as num FROM vuln_jobs"; } else { $query = "SELECT count(id) as num FROM vuln_jobs where username='******'"; } $result = $dbconn->Execute($query); $jobCount = $result->fields["num"]; $num_pages = ceil($jobCount / $pagesize); //echo "num_pages:[".$num_pages."]"; //echo "jobCount:[".$jobCount."]"; //echo "page:[".$page."]"; all_jobs(0, 10, "R"); // only running jobs ?> <br /> <?php $out = all_jobs(($page - 1) * $pagesize, $pagesize); ?> <table width="90%" align="center" class="transparent"> <tr><td style="text-align:center;padding-top:5px;" class="nobborder"> <a href="javascript:;" onclick="$('#legend').toggle();$('#message_show').toggle();$('#message_hide').toggle();" colspan="2"><img src="../pixmaps/arrow_green.gif" align="absmiddle" border="0"> <span id="message_show"><?php echo _("Show legend"); ?> </span> <span id="message_hide" style="display:none"><?php echo _("Hide legend"); ?> </span> </a> </td> <td class="nobborder" valign="top" style="padding-top:5px;"> <?php if ($out != 0 && $num_pages != 1) { if ($page == 1 && $page == $num_pages) { echo '<center><< ' . _("First") . ' <' . _(" Previous") . ' [' . $page . ' ' . _("of") . ' ' . $num_pages . '] ' . _("Next") . ' > ' . _("Last") . ' >></center>'; } elseif ($page == 1) { echo '<center><< ' . _("First") . ' < ' . _("Previous") . ' [' . $page . ' ' . _("of") . ' ' . $num_pages . '] <a href="manage_jobs.php?page=' . ($page + 1) . '">' . _("Next") . ' ></a> <a href="manage_jobs.php?page=' . $num_pages . '">' . _("Last") . ' >></a></center>'; } elseif ($page == $num_pages) { echo '<center><a href="manage_jobs.php?page=1"><< ' . _("First") . '</a> <a href="manage_jobs.php?page=' . ($page - 1) . '">< ' . _("Previous") . '</a> [' . $page . ' ' . _("of") . ' ' . $num_pages . '] ' . _("Next") . '> ' . _("Last") . ' >></center>'; } else { echo '<center><a href="manage_jobs.php?page=1"><< ' . _("First") . '</a> <a href="manage_jobs.php?page=' . ($page - 1) . '">< ' . _("Previous") . '</a> [' . $page . ' ' . _("of") . ' ' . $num_pages . '] <a href="manage_jobs.php?page=' . ($page + 1) . '">' . _("Next") . ' ></a> <a href="manage_jobs.php?page=' . $num_pages . '">' . _("Last") . ' >></a></center>'; } //echo "<br>"; } ?> </td> </tr> <tr> <td width="110" class="nobborder"> <table width="100%" cellpadding="3" cellspacing="3" id="legend" style="display:none;"> <tr> <th colspan="2" style="padding-right: 3px;"> <div style="float: left; width: 60%; text-align: right;padding-top:3px;"><b><?php echo _("Legend"); ?> </b></div> <div style="float: right; width: 18%; padding-top: 2px; padding-bottom: 2px; text-align: right;"><a style="cursor: pointer; text-align: right;" onclick="$('#legend').toggle();$('#message_show').toggle();$('#message_hide').toggle();"><img src="../pixmaps/cross-circle-frame.png" alt="Close" title="Close" align="absmiddle" border="0"></a></div> </th> </tr> <tr> <td bgcolor="#EFFFF7" style="border:1px solid #999999" width="25%"></td><td class="nobborder" width="75%" style="text-align:left;padding-left:7px;"><?php echo _("Completed"); ?> </td> </tr> <tr> <td bgcolor="#EFE1E0" style="border:1px solid #999999" width="25%"></td><td class="nobborder" width="75%" style="text-align:left;padding-left:7px;"><?php echo _("Failed"); ?> </td> </tr> <tr> <td bgcolor="#D1E7EF" style="border:1px solid #999999" width="25%"></td><td class="nobborder" width="75%" style="text-align:left;padding-left:7px;"><?php echo _("Running"); ?> </td> </tr> <tr> <td bgcolor="#DFF7FF" style="border:1px solid #999999" width="25%"></td><td class="nobborder" width="75%" style="text-align:left;padding-left:7px;"><?php echo _("Scheduled"); ?> </td> </tr> <tr> <td bgcolor="#FFFFDF" style="border:1px solid #999999" width="25%"></td><td class="nobborder" width="75%" style="text-align:left;padding-left:7px;"><?php echo _("Timeout"); ?> </td> </tr> </table> </td> <td class="nobborder"> </td> </tr> </table> <?php }