function get_indicators_from_map($conn, $map)
{
    Ossim_db::check_connection($conn);
    $indicators = array();
    $query = "SELECT * FROM risk_indicators WHERE map = UNHEX(?)";
    $params = array($map);
    $rs = $conn->Execute($query, $params);
    if (!$rs) {
        Av_exception::throw_error(Av_exception::DB_ERROR, $conn->ErrorMsg());
    }
    while (!$rs->EOF) {
        if (is_indicator_allowed($conn, $rs->fields['type'], $rs->fields['type_name'])) {
            $id = $rs->fields['id'];
            $indicators[$id] = format_indicator($conn, $rs->fields);
        }
        $rs->MoveNext();
    }
    return $indicators;
}
Ejemplo n.º 2
0
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
* MA  02110-1301  USA
*
*
* On Debian GNU/Linux systems, the complete text of the GNU General
* Public License can be found in `/usr/share/common-licenses/GPL-2'.
*
* Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt
*
*/
require_once 'av_init.php';
Session::logcheck('environment-menu', 'PolicyHosts');
//CPE Types
$_cpe_types = array('os' => 'o', 'hardware' => 'h', 'software' => 'a');
$_cpe = GET('q');
$_cpe_type = GET('cpe_type');
ossim_valid($_cpe, OSS_NULLABLE, OSS_ALPHA, OSS_PUNC_EXT, 'illegal:' . _('CPE'));
ossim_valid($_cpe_type, 'os | software | hardware', 'illegal:' . _('CPE Type'));
if (ossim_error() || !array_key_exists($_cpe_type, $_cpe_types)) {
    exit;
}
$db = new Ossim_db();
$conn = $db->connect();
$_cpe = escape_sql($_cpe, $conn);
$filters = array('where' => "`cpe` LIKE 'cpe:/" . $_cpe_types[$_cpe_type] . "%' AND `line` LIKE '%{$_cpe}%'", 'limit' => 20);
$software = new Software($conn, $filters);
$db->close();
foreach ($software->get_software() as $cpe_info) {
    echo $cpe_info['cpe'] . '###' . $cpe_info['line'] . "\n";
}
/* End of file search_cpe.php */
Ejemplo n.º 3
0
    $name = $_SESSION['_actions']['name'];
    $cond = $_SESSION['_actions']['cond'];
    $on_risk = $_SESSION['_actions']['on_risk'];
    $email_from = $_SESSION['_actions']['email_from'];
    $email_to = $_SESSION['_actions']['email_to'];
    $email_subject = $_SESSION['_actions']['email_subject'];
    $email_message = $_SESSION['_actions']['email_message'];
    $exec_command = $_SESSION['_actions']['exec_command'];
    unset($_SESSION['_actions']);
} else {
    $action_id = REQUEST('id');
    ossim_valid($action_id, OSS_HEX, OSS_NULLABLE, 'illegal:' . _('Action ID'));
    if (ossim_error()) {
        die(ossim_error());
    }
    list($db, $conn) = Ossim_db::get_conn_db();
    $action_list = Action::get_list($conn, " AND id = UNHEX('{$action_id}')");
    if (is_array($action_list)) {
        $action = $action_list[0];
    }
    if (!is_null($action)) {
        $action_type = $action->get_action_type();
        $ctx = $action->get_ctx();
        $cond = Util::htmlentities($action->get_cond());
        $on_risk = $action->is_on_risk();
        $name = $action->get_name();
        if (REQUEST('descr')) {
            $description = $descr;
        } else {
            $description = $action->get_descr();
        }
Ejemplo n.º 4
0
        }
        else
        {
            document.location.href = '/ossim/legal/download.php';
        }

    });



    <?php 
$pro = Session::is_pro();
$am_i_admin = Session::am_i_admin();
/* Remote Interfaces */
if ($pro && $am_i_admin) {
    $db = new Ossim_db();
    $conn = $db->connect();
    $aux_ri_interfaces = Remote_interface::get_list($conn, "WHERE status=1");
    $ri_total = $aux_ri_interfaces[1];
    if ($ri_total > 0) {
        ?>
            av_menu.add_ri_link();
            <?php 
    }
}
?>


    $('#c_help img').click(function(event){
         var width  = 1024;
         var height = 768;
Ejemplo n.º 5
0
// Order by column
switch ($order) {
    case 0:
        $order = 'port';
        //Order by hostname
        break;
    case 1:
        $order = 'service';
        //Order by IP
        break;
    default:
        $order = 'port';
}
$torder = strtoupper($torder) == 'ASC' ? 'ASC' : 'DESC';
try {
    $db = new Ossim_db();
    $conn = $db->connect(TRUE);
    $params = array('backlog_id' => $backlog_id, 'ip' => $asset_ip, 'source' => $source, 'limit' => "{$from}, {$maxrows}", 'order_by' => "{$order} {$torder}");
    list($port_total, $port_list) = Alarm::get_alarm_port_by_ip($conn, $params);
} catch (Exception $e) {
    $db->close();
    Util::response_bad_request($e->getMessage());
}
$data = array();
foreach ($port_list as $p_data) {
    $service = empty($p_data['service']) ? '-' : $p_data['service'];
    $data[] = array($p_data['port'], $service);
}
$response['sEcho'] = $sec;
$response['iTotalRecords'] = $port_total;
$response['iTotalDisplayRecords'] = $port_total;
Ejemplo n.º 6
0
/**
 * This function gets the first allowed map available
 *
 * @param  object $conn  Database access object
 *
 * @return string
 */
function get_first_map_available($conn)
{
    $map = NULL;
    Ossim_db::check_connection($conn);
    $query = "SELECT HEX(map) AS map, perm, name FROM risk_maps";
    $rs = $conn->Execute($query);
    while (!$rs->EOF) {
        if (file_exists("maps/map" . $rs->fields['map'] . ".jpg") && is_map_allowed($rs->fields['perm'])) {
            $map = $rs->fields['map'];
            break;
        }
        $rs->MoveNext();
    }
    return $map;
}
*
* Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt
*
*/
ini_set('include_path', '/usr/share/ossim/include/');
error_reporting(0);
ini_set("display_errors", "0");
ini_set('memory_limit', '2048M');
set_time_limit(0);
require_once 'av_handlers.php';
function write_log($exp_type, $log_message = '')
{
    echo '[' . gmdate('D M d h:i:s Y') . '] [' . $exp_type . '] ' . $log_message . "\n";
}
//
$db = new Ossim_db();
if (!@$db->test_connect()) {
    echo "[ERROR] Updating Software CPE: Unable to connect to DB";
    exit - 1;
}
$conn = $db->connect();
$conn->Execute('DROP TABLE IF EXISTS `alienvault`.`software_cpe_aux`');
$query = "CREATE TABLE `alienvault`.`software_cpe_aux` (\n\t\t\t`cpe` VARCHAR( 255 ) NOT NULL,\n\t\t\t`name` VARCHAR( 255 ) NOT NULL,\n\t\t\t`version` VARCHAR( 255 ) NOT NULL,\n\t\t\t`line` VARCHAR( 255 ) NOT NULL,\n\t\t\t`vendor` VARCHAR( 255 ) NOT NULL,\n\t\t    `plugin` VARCHAR(255) NOT NULL,\n\t\t\tPRIMARY KEY (  `cpe`  ),\n\t\t\tINDEX `line` (`line` ASC),\n\t\t\tINDEX `search` (`vendor` ASC, `name` ASC, `version` ASC)\n\t\t) ENGINE=InnoDB DEFAULT CHARSET=utf8;";
$conn->Execute($query);
$file = "/usr/share/ossim-cd-tools/cpe/official-cpe-dictionary.xml";
if (file_exists($file)) {
    write_log('INFO', "Reading XML data from {$file}");
    $cpe_list = @simplexml_load_file($file);
    if (!$cpe_list) {
        write_log('ERROR', 'Unable to open ' . $file . ' or invalid XML format');
        $db->close();
Ejemplo n.º 8
0
        $params = array($tag_type, session_id());
        $rs = $conn->Execute($query, $params);
        if (!$rs) {
            Av_exception::throw_error(Av_exception::DB_ERROR, $conn->ErrorMsg());
        }
        $tag_with_selected_components = array();
        while (!$rs->EOF) {
            $tag_with_selected_components[$rs->fields['id']] = $rs->fields['total'];
            $rs->MoveNext();
        }
        // Get total selected components by tag
        $query = 'SELECT * from user_component_filter WHERE asset_type = ? AND session_id = ?';
        $params = array($tag_type, session_id());
        $rs = $conn->Execute($query, $params);
        if (!$rs) {
            Av_exception::throw_error(Av_exception::DB_ERROR, $conn->ErrorMsg());
        }
        $total_selected_components = Ossim_db::get_found_rows($conn, $query);
        foreach ($tag_with_selected_components as $tag_id => $tag_total) {
            $results[$tag_id]['mark_state'] = $tag_total < $total_selected_components ? 2 : 1;
        }
    }
    $response['status'] = 'OK';
    $response['data'] = $results;
} catch (Exception $e) {
    $response['status'] = 'error';
    $response['data'] = $e->getMessage();
}
$db->close();
echo json_encode($response);
exit;