function get_plugin_list($conn, $product_type)
{
$list = "";
$product_types = implode(",", $product_type);
$plugin_list = Plugin::get_list($conn, "WHERE product_type IN ({$product_types})");
foreach ($plugin_list as $plugin) {
$list .= $list != "" ? "," . $plugin->get_id() : $plugin->get_id();
}
if ($list == "") {
$list = "0";
}
return $list;
}
function plugin_select($conn)
{
$plugins = Plugin::get_list($conn, 'ORDER BY name');
$select = "<select style='width:300px' onchange='change_type(\"sid\", \$(this).val())'>";
if (is_array($plugins) && count($plugins) > 0) {
foreach ($plugins as $plugin) {
$plugin_title = strlen($plugin->get_description()) > 0 ? $plugin->get_name() . ': ' . $plugin->get_description() : $plugin->get_name();
$plugin_name = strlen($plugin_title) > 36 ? substr($plugin_title, 0, 39) . '...' : $plugin_title;
$select .= "<option title='" . $plugin_title . "' value='" . $plugin->get_id() . "' >" . $plugin_name . "</option>";
}
$select .= "</select>";
$select .= "<div id='sidselect'></div>";
} else {
$select .= "<option value=''>" . _('No items found') . "</option>";
$select .= "</select>";
}
return $select;
}
if ($plugin_id1 != '' || $plugin_id2 != '' || $plugin_sid1 != '' || $plugin_sid2 != '') {
$action = 'modify';
$url_form = 'modifypluginref.php';
$button_text = Util::js_entities(_('Save rule'));
ossim_valid($plugin_id1, OSS_DIGIT, 'illegal:' . _('Plugin ID1'));
ossim_valid($plugin_id2, OSS_DIGIT, 'illegal:' . _('Plugin ID2'));
ossim_valid($plugin_sid1, OSS_DIGIT, 'illegal:' . _('Plugin SID1'));
ossim_valid($plugin_sid2, OSS_DIGIT, 'illegal:' . _('Plugin SID2'));
if (ossim_error()) {
echo ossim_error();
exit;
}
}
$db = new ossim_db();
$conn = $db->connect();
$plugin_list = Plugin::get_list($conn, 'ORDER BY name', 0);
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title><?php
echo _("Cross-Correlation");
?>
</title>
<meta http-equiv="Pragma" content="no-cache"/>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>
<link rel="stylesheet" type="text/css" href="../style/av_common.css?t=<?php
echo Util::get_css_id();
?>
"/>
<script type="text/javascript" src="../js/jquery.min.js"></script>
*
* On Debian GNU/Linux systems, the complete text of the GNU General
* Public License can be found in `/usr/share/common-licenses/GPL-2'.
*
* Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt
*
*/
require_once 'av_init.php';
Session::logcheck("analysis-menu", "EventsForensics");
if (!Session::am_i_admin()) {
echo ossim_error(_("You don't have permission to see this page"));
exit;
}
$db = new ossim_db();
$conn = $db->connect();
$plugin_list = Plugin::get_list($conn, "ORDER BY name", 0);
require 'base_conf.php';
include_once $BASE_path . "includes/base_db.inc.php";
include_once "{$BASE_path}/includes/base_state_query.inc.php";
include_once "{$BASE_path}/includes/base_state_common.inc.php";
/* Connect to the Alert database */
$db_snort = NewBASEDBConnection($DBlib_path, $DBtype);
$db_snort->baseDBConnect($db_connect_method, $alert_dbname, $alert_host, $alert_port, $alert_user, $alert_password, 1);
$qs = new QueryState();
$newref = GET('newref');
$delete = GET('deleteref');
$error_msg = null;
if ($newref != "") {
ossim_valid($newref, OSS_ALPHA, OSS_NULLABLE, 'illegal:' . _("New Reference"));
if (!ossim_error()) {
$sql = "INSERT INTO reference_system (ref_system_name) VALUES (\"{$newref}\")";
require_once 'classes/Sensor.inc';
$sensor_list = Sensor::get_list($conn);
$sensors[] = array("value" => ANY, "name" => "ANY");
foreach ($sensor_list as $s) {
$sensors[] = array("value" => $s->get_ip(), "name" => $s->get_name() . " (" . $s->get_ip() . ")");
}
/* ports */
require_once 'classes/Port_group.inc';
$port_list = Port_group::get_list($conn);
$ports[] = array("value" => ANY, "name" => "ANY");
foreach ($port_list as $p) {
$ports[] = array("value" => $p->get_name(), "name" => $p->get_name() . " (" . $p->get_descr() . ")");
}
/* plugins */
require_once 'classes/Plugin.inc';
$plugin_list = Plugin::get_list($conn);
$plugins[] = array("value" => ANY, "name" => "ANY");
foreach ($plugin_list as $p) {
$plugins[] = array("value" => $p->get_id(), "name" => $p->get_name() . " (" . $p->get_id() . ")");
}
/* actions */
require_once 'classes/Action.inc';
$action_list = Action::get_list($conn);
if (is_array($action_list)) {
foreach ($action_list as $a) {
$actions[] = array("value" => $a->get_id(), "name" => $a->get_descr());
}
}
function select_response_object($title, $objects, $id)
{
?>
$xml .= "<cell><![CDATA[" . $host->get_threshold_c() . "]]></cell>";
$xml .= "<cell><![CDATA[" . $host->get_threshold_a() . "]]></cell>";
$sensors = "";
if ($sensor_list = $host->get_sensors($conn)) {
foreach ($sensor_list as $sensor) {
$sensors .= $sensor->get_sensor_name() . '<br/>';
}
}
$xml .= "<cell><![CDATA[" . utf8_encode($sensors) . "]]></cell>";
$scantype = gettext("None");
if ($scan_list = Host_scan::get_list($conn, "WHERE host_ip = inet_aton('{$ip}')")) {
$scantype = "";
foreach ($scan_list as $scan) {
$id = $scan->get_plugin_id();
$plugin_name = "";
if ($plugin_list = Plugin::get_list($conn, "WHERE id = {$id}")) {
$plugin_name .= $plugin_list[0]->get_name();
$scantype .= ucfirst($plugin_name) . "<br>";
} else {
$scantype .= "{$id}<BR>";
}
}
}
$xml .= "<cell><![CDATA[" . $scantype . "]]></cell>";
if ($os_data = Host_os::get_ip_data($conn, $host->get_ip())) {
$os = $os_data["os"];
$host_os = $os . " " . Host_os::get_os_pixmap_nodb($os);
} else {
$host_os = "";
}
$xml .= "<cell><![CDATA[" . $host_os . "]]></cell>";
<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
<link rel="stylesheet" type="text/css" href="../style/style.css"/>
</head>
<body>
<h1> <?php
echo gettext("Insert new host scan configuration");
?>
</h1>
<?php
require_once 'ossim_db.inc';
require_once 'classes/Plugin.inc';
$db = new ossim_db();
$conn = $db->connect();
$plugin_list = Plugin::get_list($conn, "WHERE id >= 3000 AND id < 4000");
?>
<table align="center">
<form method="post" action="newhostscan.php">
<input type="hidden" name="insert" value="insert">
<tr>
<th><?php
echo gettext("host IP");
?>
</th>
<td class="left"><input type="text" name="host_ip"></td>
</tr>
<tr>
<th><?php
foreach ($protocol_list as $proto) {
//$_SESSION[$id] = $plugin->get_name();
echo "protocols['proto_" . $proto['id'] . "'] = '" . $proto['name'] . "'\n";
//Load available protocols (Autocompleted)
$p_list .= '{ txt: "Protocol:' . $proto['name'] . '", id: "' . $proto['id'] . '" },';
}
}
//Port list (Autocompleted)
if ($port_list = Port::get_list($conn, " AND protocol_name='tcp'")) {
foreach ($port_list as $port) {
$prt_list .= '{ txt:"' . $port->get_port_number() . " - " . $port->get_service() . '", id: "' . $port->get_port_number() . '" },';
}
}
// Plugin list
$sids = array();
if ($plugin_list = Plugin::get_list($conn, "")) {
echo "var plugins = new Array(" . count($plugin_list) . ")\n";
foreach ($plugin_list as $plugin) {
$sids[$plugin->get_name()] = $plugin->get_id();
//$_SESSION[$id] = $plugin->get_name();
echo "plugins['id_" . $plugin->get_id() . "'] = '" . $plugin->get_name() . "';\n";
echo "plugins['id_" . $plugin->get_name() . "'] = '" . $plugin->get_name() . "';\n";
}
}
// Device list
$devices = array();
$query = "SELECT name,inet6_ntoa(ip) as ip,device.id FROM sensor,alienvault_siem.device WHERE device.sensor_id=sensor.id";
$rs = $conn->Execute($query);
while (!$rs->EOF) {
$devices[] = $rs->fields;
$rs->MoveNext();
/**
* Prints the html code on the output.Should be called to render the current rule
* (and all of its sub-rules) in a navigator. This method only display <tr> elements, and so
* other markups (eg <table>) must be printed in order to obtain a valid HTML
* code.
*/
function print_rule($level, &$rules)
{
global $conn;
list($id_dir, $id_rule, $id_father) = explode("-", $this->id);
$newid = new_id($this->id, &$rules);
$newlevel = $this->level + 1;
$ilevel = $this->level;
$directive_id = $_GET['directive'];
if ($this->level <= $level) {
if ($this->is_new()) {
?>
<tr bgcolor="f48222"><?php
} elseif ($level - $ilevel == 0) {
?>
<tr bgcolor="#ffffff"><?php
} elseif ($level - $ilevel == 1) {
?>
<tr bgcolor="#CCCCCC"><?php
} elseif ($level - $ilevel == 2) {
?>
<tr bgcolor="#999999"><?php
} elseif ($level - $ilevel == 3) {
?>
<tr bgcolor="#9999CC"><?php
} elseif ($level - $ilevel == 4) {
?>
<tr bgcolor="#6699CC"><?php
}
if ($ilevel - 1 != 0) {
?>
<td bgcolor="#ffffff" colspan=<?php
echo $ilevel - 1;
?>
>
</td>
<?php
}
?>
<td class="left" colspan=<?php
echo $level - $ilevel + 1;
?>
>
<?php
if (isset($_SESSION['rule'])) {
$newrule = unserialize($_SESSION['rule']);
list($id_dir2, $id_rule2, $id_father2) = explode("-", $newrule->id);
if ($id_father2 == $id_rule && $id_dir2 == $id_dir) {
$this->nb_child = $this->nb_child + 1;
}
}
if ($level - $ilevel == 0 && $this->nb_child > 0) {
?>
<a TARGET ="right" href="../viewer/index.php?directive=<?php
echo $directive_id;
?>
&level=<?php
echo $level + 1;
?>
"><img border="0" src="../viewer/img/fleched.gif"></a>
<?php
} elseif ($this->nb_child > 0) {
?>
<a TARGET ="right" href="../viewer/index.php?directive=<?php
echo $directive_id;
?>
&level=<?php
echo $ilevel;
?>
"><img border="0" src="../viewer/img/flecheb.gif"></a>
<?php
}
?>
</td>
<?php
if ($ilevel + 1 > $level) {
$newlev = $ilevel + 1;
} else {
$newlev = $level;
}
if ($level > 1) {
$uplevel = $level - 1;
} else {
$uplevel = 1;
}
//addRule button
if (!$this->is_new()) {
print '<td>';
print "<a TARGET=\"right\" href=\"../include/utils.php?query=add_rule&id=" . $newid . "\" TITLE=\"" . gettext("Add a rule") . "\">+</a>";
print '</td>';
//removeRule button
print '<td>';
print "<a onclick=\"javascript:if (confirm('" . gettext("Are you sure you want to delete this rule ?") . "')) { window.open('../include/utils.php?query=del_rule&id=" . $this->id . "','right'); }\" style=\"marging-left:20px; cursor:pointer\" TITLE=\"" . gettext("Delete this rule") . "\">x</a>";
print '</td>';
//left button
print '<td>';
print "<a TARGET=\"right\" href=\"../include/utils.php?query=move&direction=left&id=" . $this->id . "\">←</a>";
print '</td>';
//right button
print '<td>';
print "<a TARGET=\"right\" href=\"../include/utils.php?query=move&direction=right&id=" . $this->id . "\">→</a>";
print '</td>';
//up button
print '<td>';
print "<a TARGET=\"right\" href=\"../include/utils.php?query=move&direction=up&id=" . $this->id . "\">↑</a>";
print '</td>';
//down button
print '<td>';
print "<a TARGET=\"right\" href=\"../include/utils.php?query=move&direction=down&id=" . $this->id . "\">↓</a>";
print '</td>';
} else {
print '<td>     </td>';
print '<td>';
print "<a TARGET=\"right\" href=\"../include/utils.php?query=del_new_rule&level=" . $uplevel . "\" TITLE=\"Delete this rule.\">-</a>";
print '</td>';
for ($i = 0; $i < 4; $i++) {
print '<td>     </td>';
}
}
if ($this->is_new()) {
?>
<td><a TARGET="right" href="../include/utils.php?query=add_rule&id=<?php
echo $this->id;
?>
&level=<?php
echo $this->level;
?>
" TITLE="<?php
echo gettext("Click to modify this rule");
?>
"><?php
echo $this->name;
?>
</a></td>
<?php
} else {
?>
<td><a TARGET="right" href="../include/utils.php?query=edit_rule&id=<?php
echo $this->id;
?>
" TITLE="<?php
echo gettext("Click to modify this rule");
?>
"><?php
echo $this->name;
?>
</a></td>
<?php
}
?>
<td><?php
echo $this->reliability;
?>
</td>
<td><?php
echo $this->time_out;
?>
</td>
<td><?php
echo $this->occurrence;
?>
</td>
<td><?php
echo $this->from;
?>
</td>
<td><?php
echo $this->to;
?>
</td>
<td><?php
echo $this->port_from;
?>
</td>
<td><?php
echo $this->port_to;
?>
</td>
<td><?php
echo $this->sensor;
?>
</td>
<td>
<?php
if ($this->plugin_id != "") {
$plugin_id = $this->plugin_id;
if ($plugin_list = Plugin::get_list($conn, "WHERE id = {$plugin_id}")) {
$name = $plugin_list[0]->get_name();
echo "<a href=\"../../conf/pluginsid.php?id={$plugin_id}&" . "name={$name}\">{$name}</a> ({$plugin_id})";
}
}
?>
</td>
<td>
<?php
if ($this->plugin_id != "") {
$plugin_sid = $this->plugin_sid;
$plugin_sid_list = split(',', $plugin_sid);
if (count($plugin_sid_list) > 30) {
?>
<a style="cursor:pointer;" TITLE="<?php
echo gettext("To view or hide the list of plugin sid click here");
?>
" onclick="Menus('plugsid')"> <?php
echo gettext("Expand / Collapse");
?>
</a>
<div id="plugsid" class="menuhide">
<?php
}
foreach ($plugin_sid_list as $sid_negate) {
$sid = $sid_negate;
if (!strncmp($sid_negate, "!", 1)) {
$sid = substr($sid_negate, 1);
}
/* sid == ANY */
if (!strcmp($sid, "ANY")) {
echo gettext("ANY");
} elseif (strpos($sid, "PLUGIN_SID")) {
echo gettext("{$sid}");
} elseif ($plugin_list = Plugin_sid::get_list($conn, "WHERE plugin_id = {$plugin_id} AND sid = {$sid}")) {
$name = $plugin_list[0]->get_name();
echo "<a title=\"{$name}\">{$sid_negate}</a> ";
} else {
echo "<a title=\"" . gettext("Invalid plugin sid") . "\" style=\"color:red\">{$sid_negate}</a> ";
}
}
if (count($plugin_sid_list) > 30) {
?>
</div>
<?php
}
}
?>
</td>
</tr>
<?php
}
}
function rule_table($dom, $directive_id, $directive, $level, $ilevel)
{
global $conn;
if ($directive->has_child_nodes()) {
$rules = $directive->child_nodes();
$branch = 0;
foreach ($rules as $rule) {
if ($rule->type == XML_ELEMENT_NODE && $rule->tagname() == 'rule') {
if ($ilevel != $level) {
$indent = "<td colspan=" . ($ilevel - $level) . ">";
} else {
$indent = '';
}
if ($level == 1) {
?>
<tr><?php
echo $indent;
} elseif ($level == 2) {
?>
<tr bgcolor="#CCCCCC"><?php
echo $indent;
} elseif ($level == 3) {
?>
<tr bgcolor="#999999"><?php
echo $indent;
} elseif ($level == 4) {
?>
<tr bgcolor="#9999CC"><?php
echo $indent;
} elseif ($level == 5) {
?>
<tr bgcolor="#6699CC"><?php
echo $indent;
}
?>
<!-- expand -->
<td class="left" colspan=<?php
echo $level;
?>
>
<?php
if ($level == 1 && $rule->has_child_nodes()) {
?>
<a href="<?php
echo $_SERVER["SCRIPT_NAME"];
?>
?directive=<?php
echo $directive_id;
?>
&level=<?php
echo $ilevel + 1;
?>
"><?php
echo "+";
?>
</a>
<?php
} elseif ($rule->has_child_nodes()) {
?>
<a href="<?php
echo $_SERVER["SCRIPT_NAME"];
?>
?directive=<?php
echo $directive_id;
?>
&level=<?php
echo $ilevel - $level + 1;
?>
"><?php
echo '-';
?>
</a>
<?php
}
?>
</td>
<!-- end expand -->
<td><?php
echo $rule->get_attribute('name');
?>
</td>
<td><?php
echo $rule->get_attribute('reliability');
?>
</td>
<td><?php
echo $rule->get_attribute('time_out');
?>
</td>
<td><?php
echo $rule->get_attribute('occurrence');
?>
</td>
<td><?php
echo $rule->get_attribute('from');
?>
</td>
<td><?php
echo $rule->get_attribute('to');
?>
</td>
<td><?php
echo $rule->get_attribute('port_from');
?>
</td>
<td><?php
echo $rule->get_attribute('port_to');
?>
</td>
<td><?php
echo $rule->get_attribute('sensor');
?>
</td>
<td>
<?php
$plugin_id = $rule->get_attribute('plugin_id');
if ($plugin_list = Plugin::get_list($conn, "WHERE id = {$plugin_id}")) {
$name = $plugin_list[0]->get_name();
echo "<a href=\"../conf/pluginsid.php?id={$plugin_id}&" . "name={$name}\">{$name}</a> ({$plugin_id})";
}
?>
</td>
<td>
<?php
$plugin_sid = $rule->get_attribute('plugin_sid');
$plugin_sid_list = split(',', $plugin_sid);
if (count($plugin_sid_list) > 30) {
?>
<a style="cursor:hand;" TITLE="To view or hide the list of plugin sid click here." onclick="Menus('plugsid')"> <?php
echo gettext("Expand / Collapse");
?>
</a>
<div id="plugsid" class="menucache">
<?php
}
foreach ($plugin_sid_list as $sid_negate) {
$sid = $sid_negate;
if (!strncmp($sid_negate, "!", 1)) {
$sid = substr($sid_negate, 1);
}
/* sid == ANY */
if (!strcmp($sid, "ANY")) {
echo gettext("ANY");
} elseif (strpos($sid, "PLUGIN_SID")) {
echo gettext("{$sid}");
} elseif ($plugin_list = Plugin_sid::get_list($conn, "WHERE plugin_id = {$plugin_id} AND sid = {$sid}")) {
$name = $plugin_list[0]->get_name();
echo "<a title=\"{$name}\">{$sid_negate}</a> ";
}
}
if (count($plugin_sid_list) > 30) {
?>
</div>
<?php
}
?>
</td>
</tr>
<?php
if ($level > 1) {
if ($rule->has_child_nodes()) {
$rules = $rule->child_nodes();
foreach ($rules as $rule) {
rule_table($dom, $directive_id, $rule, $level - 1, $ilevel);
}
}
}
$branch++;
}
}
/* foreach */
}
}
function getPluginType($plugin_id)
{
global $conn;
if ($plugin_id != '') {
$plugins = Plugin::get_list($conn, 'WHERE id = ' . $plugin_id);
if ($plugins[0]->get_type() == '1') {
return 'detector';
} elseif ($plugins[0]->get_type() == '2') {
return 'monitor';
}
return 'other';
} else {
return '';
}
}
$type = escape_sql($type, $conn);
$pids = Plugin_sid::get_plugins_by_category($conn, $type, $subcategory_id);
$plugin_list = implode(",", $pids);
$plugin_list = $plugin_list != '' ? $plugin_list : "''";
$where .= " AND id in ({$plugin_list})";
break;
}
if (!empty($search)) {
$search = mb_detect_encoding($search . " ", 'UTF-8,ISO-8859-1') == 'UTF-8' ? Util::utf8entities($search) : $search;
$search = escape_sql($search, $conn);
$where .= " AND (name like '%{$search}%' OR id='{$search}' OR description like '%{$search}%') ";
}
/* LIMIT */
$limit = "LIMIT {$from}, {$maxrows}";
$results = array();
if ($plugin_list = Plugin::get_list($conn, "{$where} ORDER BY {$order} {$limit}")) {
$total = $plugin_list[0]->get_foundrows();
if ($total == 0) {
$total = count($plugin_list);
}
foreach ($plugin_list as $plugin) {
$_res = array();
$_id = $plugin->get_id();
$_res[] = $_id;
// DATA SOURCE ID
$_res[] = $plugin->get_name();
// NAME
$type = $plugin->get_type();
if ($type == '1') {
$type = "Detector ({$type})";
} elseif ($type == '2') {
foreach ($link_types as $k => $v) {
$selected = $k == $link_type ? "selected='selected'" : "";
echo "<option value='{$k}' {$selected}>{$v}</option>";
}
?>
</select>
</td>
<td valign="top" class="nobborder">
<?php
if ($link_type == "directive") {
?>
<input type="text" name="newlinkname" style='width:99%'/>
<?php
} elseif ($link_type == "plugin_sid") {
$plugins = Plugin::get_list($conn, "ORDER BY name");
echo "<select name='pid' onchange='document.flinks.submit()'>";
foreach ($plugins as $plugin) {
$sel = $plugin->get_id() == $pid ? "selected='selected'" : "";
echo "<option value='" . $plugin->get_id() . "' {$sel}>" . $plugin->get_name();
}
echo "</select><br>";
if ($pid != "" && $pid != "0") {
$sids = Plugin_sid::get_list($conn, "where plugin_id={$pid}");
echo "<select name='newlinkname' style='width:200px; margin-top:5px;'>";
foreach ($sids as $sid) {
echo "<option value='" . $sid->get_sid() . "####{$pid}'>" . $sid->get_name();
}
echo "</select>";
}
} else {
}
if (preg_match("/Top \\d+ matching plugins/", $line)) {
$plugins = 1;
}
}
pclose($f);
?>
<br/>
<?php
if (count($plugs) > 0) {
$db = new ossim_db();
$conn = $db->connect();
echo "<form action='detect.php' method='get'><input type='hidden' name='ip' value='{$ip}'><input type='hidden' name='activate' value='1'>\n";
foreach ($plugs as $plg => $perc) {
$plugin_name = str_replace(".cfg", "", $plg);
$rp = Plugin::get_list($conn, "WHERE name='{$plugin_name}'");
# syslog comment
$comment = "";
if (preg_match("/syslog/", $plugin_name)) {
$comment = "<br> <span style='color:gray;font-style:italic'>(*)" . _("This plugin does not categorize the events. It is only recommended for mass gathering events for compliance.") . "</span>";
}
if (isset($rp[0]) && $rp[0]->get_description() != "") {
echo "<input type='radio' name='{$plugin_name}' value='{$plg}'> " . $plugin_name . ": " . $rp[0]->get_description() . " {$comment} <br>\n";
} else {
echo "<input type='radio' name='{$plugin_name}' value='{$plg}'> {$plugin_name} {$comment}<br>\n";
}
}
echo "<br><input type='submit' class='lbutton' value='" . _("Activate selected plugins") . "'><br>\n";
echo "</form>\n";
$db->close($conn);
} else {