} check_writable_relative("./maps"); check_writable_relative("./pixmaps/uploaded"); require_once 'classes/Security.inc'; $db = new ossim_db(); $conn = $db->connect(); $config = new User_config($conn); $login = Session::get_session_user(); $default_map = $config->get($login, "riskmap", 'simple', 'main'); if ($default_map == "") { $default_map = 1; } $map = $_GET["map"] != "" ? $_GET["map"] : $default_map; $_SESSION["riskmap"] = $map; if ($_GET['default'] != "" && $map != "") { $config->set($login, "riskmap", $map, 'simple', "main"); } $hide_others = 1; ossim_valid($map, OSS_DIGIT, 'illegal:' . _("type")); if (ossim_error()) { die(ossim_error()); } $perms = array(); $query = "SELECT map,perm FROM risk_maps"; if ($result = $conn->Execute($query)) { while (!$result->EOF) { $perms[$result->fields['map']][$result->fields['perm']]++; $result->MoveNext(); } } if (is_array($perms[$map]) && !mapAllowed($perms[$map], $version)) {
$login = Session::get_session_user(); $db_aux = new ossim_db(); $conn_aux = $db_aux->connect(); $config = new User_config($conn_aux); $_SESSION['views'] = $config->get($login, 'custom_views', 'php', "siem"); // First save of default view (important!) if ($_SESSION['views']['default'] == "") { $_SESSION['views']['default']['cols'] = array('SIGNATURE', 'DATE', 'IP_PORTSRC', 'IP_PORTDST', 'ASSET', 'PRIORITY', 'RELIABILITY', 'RISK', 'IP_PROTO'); $session_data = $_SESSION; foreach ($_SESSION as $k => $v) { if (preg_match("/^(_|alarms_|back_list|current_cview|views|ports_cache|acid_|report_|graph_radar|siem_event|deletetask|mdspw).*/", $k)) { unset($session_data[$k]); } } $_SESSION['views']['default']['data'] = $session_data; $config->set($login, 'custom_views', $_SESSION['views'], 'php', 'siem'); } if ($_GET["search_str"] == "search term") { unset($_GET["search_str"]); } // resolv host2ip if needed if ($_GET["search_str"] != "" && preg_match("/.*IP/", $_GET["submit"]) && !preg_match("/\\d+\\.\\d+(\\.\\d+\\.\\d+)?/", $_GET["search_str"])) { include_once "classes/Host.inc"; $_GET["search_str"] = Host::hostname2ip($conn_aux, $_GET["search_str"], true); } $db_aux->close($conn_aux); if ($_SESSION['view_name_changed']) { $_GET['custom_view'] = $_SESSION['view_name_changed']; $_SESSION['view_name_changed'] = ""; $_SESSION['norefresh'] = 1; } else {
function set_default_map($conn, $id) { ossim_valid($id, OSS_HEX, 'illegal:' . _('Map')); if (ossim_error()) { $info_error = "Error: " . ossim_get_error(); ossim_clean_error(); $return['error'] = TRUE; $return['msg'] = $info_error; return $return; } if (!is_map_editable($conn, $id)) { $return['error'] = TRUE; $return['msg'] = _("You do not have permission to edit this map"); return $return; } $login = Session::get_session_user(); $config = new User_config($conn); $config->set($login, "riskmap", $id, 'simple', "main"); $return['error'] = FALSE; $return['msg'] = _("Default map changed successfully"); return $return; }
* Public License can be found in `/usr/share/common-licenses/GPL-2'. * * Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt * */ require_once 'av_init.php'; Session::logcheck("analysis-menu", "EventsForensics"); $login = Session::get_session_user(); $db = new ossim_db(true); $conn = $db->connect(); $config = new User_config($conn); // Only set default if (GET('set_default') != "" && GET('name') != "") { $name = GET('name'); ossim_valid($name, OSS_NULLABLE, OSS_ALPHA, OSS_SPACE, OSS_PUNC, "Invalid: name"); if (ossim_error()) { die(ossim_error()); } $config->set($login, 'custom_view_default', $name, 'php', 'siem'); exit; } // Normal Save $session_data = $_SESSION; foreach ($_SESSION as $k => $v) { if (preg_match("/^(_|alarms_|back_list|current_cview|views|ports_cache|acid_|report_|graph_radar|siem_event|siem_current_query|siem_current_query_graph|deletetask).*/", $k)) { unset($session_data[$k]); } } $_SESSION['views'][$_SESSION['current_cview']]['data'] = $session_data; $config->set($login, 'custom_views', $_SESSION['views'], 'php', 'siem'); $db->close();
if ($config["debug_log"] == "") { $config["debug_log"] = "/var/log/ossim/sem.log"; } //$handle = fopen($config["debug_log"], "a+"); //fputs($handle,"============================== INDEX.php ".date("Y-m-d H:i:s")." ==============================\n"); //fclose($handle); } $uniqueid = uniqid(rand(), true); // Filters $uconfig = new User_config($conn_aux); $_SESSION['logger_filters'] = $uconfig->get(Session::get_session_user(), 'logger_filters', 'php', "logger"); if ($_SESSION['logger_filters']['default'] == "") { $_SESSION['logger_filters']['default']['start_aaa'] = $param_start; $_SESSION['logger_filters']['default']['end_aaa'] = $param_end; $_SESSION['logger_filters']['default']['query'] = ""; $uconfig->set(Session::get_session_user(), 'logger_filters', $_SESSION['logger_filters'], 'php', 'logger'); } // Exports $exports = array(); if (is_dir($config["searches_dir"])) { $find_str = $config["searches_dir"] . Session::get_session_user(); $cmd = "ls -t '{$find_str}'*/results.txt"; $res = explode("\n", `{$cmd}`); foreach ($res as $line) { if (preg_match("/{$user}\\_(\\d\\d\\d\\d\\-\\d\\d\\-\\d\\d \\d\\d\\:\\d\\d\\:\\d\\d)\\_(\\d\\d\\d\\d\\-\\d\\d\\-\\d\\d \\d\\d\\:\\d\\d\\:\\d\\d)\\_(none|date|date\\_desc)\\_(.*)\\/results\\.txt/", $line, $found)) { $name = $found[1] . $found[2] . $found[3] . $found[4]; $filename = trim($line); if (GET('del_export') != "" && $name == base64_decode(GET('del_export')) && file_exists($filename)) { unlink($filename); } else { $exports[$filename] = array($found[1], $found[2], $found[3], $found[4]);
rename($configs_dir . "/" . $file, $configs_dir . "/" . $newfile); $tabsavt = gettabsavt($configs_dir, $cloud_instance); } if (GET('tabdefault') != "") { $newtabdefault = GET('tabdefault'); ossim_valid($newtabdefault, OSS_DIGIT, 'error: Invalid tab id.'); if (ossim_error()) { echo ossim_error(); } require_once 'classes/User_config.inc'; $login = Session::get_session_user(); $db = new ossim_db(); $conn = $db->connect(); $config = new User_config($conn); $_SESSION['views'][$name] = array('cols' => $columns_arr); $config->set($login, 'panel_default', $newtabdefault, 'simple', 'main'); $tabdefault = $newtabdefault; $panel_id = $tabdefault; } $standard_dir = "../risk_maps/pixmaps/standard/"; if ($dir == "custom") { $standard_dir = "pixmaps/uploaded/"; } if ($dir == "flags") { $standard_dir = "pixmaps/flags/"; } $icons = explode("\n", `ls -1 '{$standard_dir}'`); $icons2 = explode("\n", `ls -1 '../risk_maps/pixmaps/uploaded/'`); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
function check_bg_tasks($conn) { $user = Session::get_session_user(); $config = new User_config($conn); //Getting the pid of the operation running in background $pid = $config->get($user, 'background_task', 'simple', "alarm"); $bg = FALSE; //If the pid is not empty, then we check if the process is still running if ($pid != '') { //Launching a ps with the pid stored $process_state = Util::execute_command('ps ?', array(intval($pid)), 'array'); $bg = count($process_state) >= 2; //If the count is >= 2 then there is a process running //If the process is not running any longer, then we delete the pid from db if (!$bg) { $config->set($user, 'background_task', '', 'simple', 'alarm'); } } $return['error'] = FALSE; $return['msg'] = ''; $return['bg'] = $bg; Util::memcacheFlush(FALSE); return $return; }
// SAVE // $user = Session::get_session_user(); $name_layout = POST('name'); $layout = POST('layout'); $category = POST('category'); if ($category == '') { $category = 'policy'; } ossim_valid($name_layout, OSS_ALPHA, OSS_SCORE, OSS_NULLABLE, 'illegal:' . _("name_layout")); ossim_valid($layout, OSS_TEXT, OSS_PUNC_EXT, OSS_NULLABLE, 'illegal:' . _("layout")); ossim_valid($category, OSS_ALPHA, OSS_NULLABLE, 'illegal:' . _("category")); if (ossim_error()) { die(ossim_error()); } //$text_layout = unserialize(stripslashes($layout)); //print_r(stripslashes($layout)); if ($user != "" && $name_layout != "" && isSerialized($layout)) { if (POST('type') == 'file') { $file = "/tmp/" . $user . "_" . $name_layout; $f = fopen($file, "w"); fputs($f, trim($layout)); fclose($f); } else { $db = new ossim_db(); $conn = $db->connect(); $config = new User_config($conn); $config->set($user, $name_layout, $layout, 'simple', $category); } echo _("Layout saved!"); }
* * You should have received a copy of the GNU General Public License * along with this package; if not, write to the Free Software * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, * MA 02110-1301 USA * * * On Debian GNU/Linux systems, the complete text of the GNU General * Public License can be found in `/usr/share/common-licenses/GPL-2'. * * Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt * */ set_include_path('/usr/share/ossim/include'); require_once 'av_init.php'; $user = $argv[1]; $file = $argv[2]; $db = new ossim_db(); $conn = $db->connect(); $config = new User_config($conn); if (!preg_match("/^\\/var\\/tmp\\//", $file) && !preg_match("/^\\/tmp\\//", $file)) { echo "Error: 'file' parameter must be a valid /tmp file\n"; exit; } if (!file_exists($file)) { echo "Error: '{$file}' file does not exist\n"; exit; } $pid = @shell_exec("(cat '{$file}' | ossim-db; rm -f '{$file}'; echo 'flush_all' | /bin/nc -q 2 127.0.0.1 11211; sleep 1) > /tmp/alarm_bg_result 2>&1 & echo \$!"); $config->set($user, 'background_task', $pid, 'simple', 'alarm'); $db->close($conn);
function setPanelTabs($tabs, $user = null) { $db = new ossim_db(); $conn = $db->connect(); $config = new User_config($conn); if ($user == null) { $login = Session::get_session_user(); } else { $login = $user; } $config->set($login, 'panel_tabs', $tabs, 'php'); }
$conn = $db->connect(); $map = POST("map") != "" ? POST("map") : (GET("map") != "" ? GET("map") : ($_SESSION["riskmap"] != "" ? $_SESSION["riskmap"] : 1)); $name = POST('name'); $erase_element = GET('delete'); $setdefault = GET('default'); ossim_valid($erase_element, OSS_SCORE, OSS_NULLABLE, OSS_ALPHA, OSS_DIGIT, ";,.", 'illegal:' . _("erase_element")); ossim_valid($name, OSS_ALPHA, OSS_NULLABLE, OSS_DIGIT, OSS_SCORE, ".,%", 'illegal:' . _("name")); ossim_valid($map, OSS_DIGIT, 'illegal:' . _("type")); ossim_valid($setdefault, OSS_DIGIT, OSS_NULLABLE, 'illegal:' . _("default")); if (ossim_error()) { die(ossim_error()); } $config = new User_config($conn); $login = Session::get_session_user(); if ($setdefault != "") { $config->set($login, "riskmap", $setdefault, 'simple', "main"); } $default_map = $config->get($login, "riskmap", 'simple', 'main'); // if (is_uploaded_file($HTTP_POST_FILES['ficheromap']['tmp_name'])) { $filename = "maps/" . $name . ".jpg"; $newid = 0; if (preg_match("/map(\\d+)/", $name, $found)) { $newid = $found[1]; } if (getimagesize($HTTP_POST_FILES['ficheromap']['tmp_name'])) { move_uploaded_file($HTTP_POST_FILES['ficheromap']['tmp_name'], $filename); if (!Session::am_i_admin()) { $conn->Execute("INSERT IGNORE INTO risk_maps (map,perm) VALUES ('{$newid}','" . $_SESSION['_user'] . "')"); } }
ossim_valid($directive_id, OSS_DIGIT, 'illegal:' . _("Directive ID")); ossim_valid($xml_file, OSS_ALPHA, OSS_DOT, OSS_SCORE, 'illegal:' . _("xml_file")); ossim_valid($selected_columns, OSS_NULLABLE, OSS_ALPHA, OSS_PUNC, "Invalid: columns"); if (ossim_error()) { die(ossim_error()); } $columns_arr = explode(",", $selected_columns); $db = new ossim_db(); $conn = $db->connect(); $config = new User_config($conn); // Save if ($save) { if ($selected_columns == "") { $msg = "<font style='color:red'>" . _("You must select one column at least.") . "</font>"; } else { $config->set(Session::get_session_user(), 'directive_editor_cols', $columns_arr, 'php', 'directives'); ?> <script type="text/javascript"> var params = new Array(); params['xml'] = "<?php echo $xml_file; ?> "; params['directive'] = "<?php echo $directive_id; ?> "; params['reload'] = true; parent.GB_hide(params); </script> <?php
<td valign="top" style="border-width: 0px; text-align: right"><a href="#" onClick="javascript: xajax_add_column(' . $group_id . ')">' . _("add column") . '</td> </td> </tr> </table> </form> '; $resp->addAssign("columns_config", "innerHTML", $html); $resp->addAssign("columns_config", "style.display", ''); return $resp; } $xajax->setRequestURI($_SERVER["REQUEST_URI"]); $xajax->processRequests(); /************ END AJAX **************/ // start with fresh data $groups_config = $config->get($login, 'event_viewer', 'php'); $config->set($login, 'event_viewer_tmp', $groups_config, 'php'); $groups = Plugingroup::get_list($conn); ?> <html> <head> <title> <?php echo gettext("OSSIM Framework"); ?> </title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <META HTTP-EQUIV="Pragma" CONTENT="no-cache"> <link rel="stylesheet" type="text/css" href="../style/style.css"/> <link rel="stylesheet" type="text/css" href="../style/greybox.css"/> <script type="text/javascript" src="../js/jquery-1.3.2.min.js"></script> <script type="text/javascript" src="../js/greybox.js"></script>
if (ossim_error()) { echo "error###" . _("There was an error while saving the profile"); exit; } $filter = array("type" => $type, "subtype" => $subtype, "value" => $value, "value2" => $value2, "match" => $match); $inv_session['data'][$i] = $filter; } $inv_session['op'] = GET('operator'); $description = mb_detect_encoding(GET('description') . " ", 'UTF-8,ISO-8859-1') == 'UTF-8' ? GET('description') : mb_convert_encoding(GET('description'), 'UTF-8', 'ISO-8859-1'); $description = Util::utf8entities(GET('description')); $inv_session['description'] = $description; $serialized_inv = serialize($inv_session); $cur_name = mb_detect_encoding(GET('cur_name') . " ", 'UTF-8,ISO-8859-1') == 'UTF-8' ? GET('cur_name') : mb_convert_encoding(GET('cur_name'), 'UTF-8', 'ISO-8859-1'); $name = Util::utf8entities($cur_name); $name_iso = trim(mb_convert_encoding($name, 'ISO-8859-1', 'UTF-8')); $config->set($user, $name_iso, $serialized_inv, 'simple', "inv_search"); $_SESSION['profile'] = base64_encode($name); echo "1###" . $_SESSION['profile']; } elseif (GET('inv_do') == "export_last") { $inv_session = array(); for ($i = 1; $i <= $_SESSION['inventory_last_search']['num']; $i++) { ossim_valid($_SESSION['inventory_last_search']['num']['type'], OSS_ALPHA, OSS_SPACE, 'illegal:' . _("type")); ossim_valid($_SESSION['inventory_last_search']['num']['subtype'], OSS_ALPHA, OSS_SPACE, 'illegal:' . _("subtype")); ossim_valid($_SESSION['inventory_last_search']['num']['match'], OSS_ALPHA, OSS_NULLABLE, 'illegal:' . _("match")); if (ossim_error()) { echo "error###" . _("There was an error while saving the profile"); exit; } $inv_session['data'][$i] = $_SESSION['inventory_last_search'][$i]; } $inv_session['op'] = $_SESSION['inventory_last_search_op'];
} } } if (Session::am_i_admin() && Welcome_wizard::run_welcome_wizard()) { header('Location: /ossim/wizard/'); } if ($pro && ($trial_days == 7 || $trial_days == 2)) { $db = new ossim_db(); $conn = $db->connect(); $user = Session::get_session_user(); $config = new User_config($conn); $popup = $config->get($user, 'popup', 'simple', "trial"); if ($trial_days == 7) { if ($popup != '7days') { $flag_trial_popup = TRUE; $config->set($user, 'popup', '7days', 'simple', 'trial'); } } elseif ($trial_days == 2) { if ($popup != '2days') { $flag_trial_popup = TRUE; $config->set($user, 'popup', '2days', 'simple', 'trial'); } } $db->close(); } /* Track usage information */ $config = new Config(); $track_usage_information = $config->get_conf('track_usage_information'); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html>