* * On Debian GNU/Linux systems, the complete text of the GNU General * Public License can be found in `/usr/share/common-licenses/GPL-2'. * * Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt * */ require_once 'av_init.php'; Session::logcheck("analysis-menu", "ControlPanelAlarms"); $db = new ossim_db(TRUE); $conn = $db->connect(); $mssp = Session::show_entities(); list($count_tags, $tags) = Tag::get_tags_by_type($conn, 'alarm'); $intents = Alarm::get_intents($conn); $sensors = Av_sensor::get_list($conn, array(), FALSE, TRUE); $_groups_data = Asset_group::get_list($conn); $asset_groups = $_groups_data[0]; //Autocomplete $autocomplete_keys = array('hosts'); $hosts_str = Autocomplete::get_autocomplete($conn, $autocomplete_keys); $db->close(); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html> <head> <title> <?php echo _('AlienVault ' . (Session::is_pro() ? 'USM' : 'OSSIM')); ?> </title> <meta http-equiv="Content-Type" content="text/html;charset=iso-8859-1"/>
require_once 'av_init.php'; Session::logcheck('environment-menu', 'PolicyHosts'); /**************************************************** ******************** Host Data ********************* ****************************************************/ //Database connection $db = new ossim_db(); $conn = $db->connect(); $id = GET('id'); $msg = GET('msg'); ossim_valid($id, OSS_HEX, 'illegal:' . _('Asset group ID')); if (ossim_error()) { echo ossim_error(_('Error! Asset group not found')); exit; } $asset_group = new Asset_group($id); $asset_group->can_i_edit($conn); $asset_group->load_from_db($conn); //Getting group data $id = $asset_group->get_id(); $name = $asset_group->get_name(); $owner = $asset_group->get_owner(); $descr = $asset_group->get_descr(); $threshold_a = $asset_group->get_threshold('a'); $threshold_c = $asset_group->get_threshold('c'); $nagios = Asset_group_scan::is_plugin_in_group($conn, $id, 2007); //Closing database connection $db->close(); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html>
if (!check_any($dest_host->get_host_id())) { $dest .= ($dest == "" ? "" : "<br/>") . "<img src='../pixmaps/theme/host.png' align=absbottom /> " . Asset_host::get_name_by_id($conn, $dest_host->get_host_id()); } } } if ($dest_net_list = $policy->get_nets($conn, 'dest')) { foreach ($dest_net_list as $dest_net) { if (!check_any($dest_net->get_net_id())) { $dest .= ($dest == "" ? "" : "<br/>") . "<img src='../pixmaps/theme/net.png' align=absbottom /> " . Asset_net::get_name_by_id($conn, $dest_net->get_net_id()); } } } if ($dest_host_list = $policy->get_host_groups($conn, 'dest')) { foreach ($dest_host_list as $dest_host_group) { if (!check_any($dest_host_group->get_host_group_id())) { $dest .= ($dest == "" ? "" : "<br/>") . "<img src='../pixmaps/theme/host_group.png' align=absbottom /> " . Asset_group::get_name_by_id($conn, $dest_host_group->get_host_group_id()); } } } if ($dest_net_list = $policy->get_net_groups($conn, 'dest')) { foreach ($dest_net_list as $dest_net_group) { if (!check_any($dest_net_group->get_net_group_id())) { $dest .= ($dest == "" ? "" : "<br/>") . "<img src='../pixmaps/theme/net_group.png' align=absbottom /> " . Net_group::get_name_by_id($conn, $dest_net_group->get_net_group_id()); } } } if (empty($dest)) { $dest = "<img src='../pixmaps/theme/host.png' align=absbottom />" . _('ANY'); } $xml .= "<cell><![CDATA[" . $dest . "]]></cell>"; //Ports source
function main_page($viewall, $sortby, $sortdir) { global $uroles, $username, $dbconn; global $arruser, $user, $rs_page; $dbconn->SetFetchMode(ADODB_FETCH_BOTH); $tz = Util::get_timezone(); if ($sortby == "") { $sortby = "id"; } if ($sortdir == "") { $sortdir = "DESC"; } $sql_order = "order by {$sortby} {$sortdir}"; if (Session::menu_perms("environment-menu", "EventsVulnerabilitiesScan")) { ?> <div style="width:50%; position: relative; height: 5px; float:left"> <div style="width:100%; position: absolute; top: -41px;left:0px;"> <div style="float:left; height:28px; margin:5px 5px 0px 0px;"> <a class="button" href="<?php echo Menu::get_menu_url(AV_MAIN_PATH . '/vulnmeter/sched.php?action=create_scan&hosts_alive=1&scan_locally=1', 'environment', 'vulnerabilities', 'scan_jobs'); ?> "> <?php echo _("New Scan Job"); ?> </a> </div> <div style="float:left;height:28px;margin:5px 5px 0px -2px;"> <a class="greybox button av_b_secondary" href="import_nbe.php" title="<?php echo _("Import nbe file"); ?> "> <?php echo _("Import nbe file"); ?> </a> </div> </div> </div> <?php } if (intval($_GET['page']) != 0) { $page = intval($_GET['page']); } else { $page = 1; } $pagesize = 10; if ($username == "admin") { $query = "SELECT count(id) as num FROM vuln_jobs WHERE status !='R'"; } else { $query = "SELECT count(id) as num FROM vuln_jobs where username='******' WHERE status !='R'"; } $result = $dbconn->Execute($query); $jobCount = $result->fields["num"]; $num_pages = ceil($jobCount / $pagesize); //echo "num_pages:[".$num_pages."]"; //echo "jobCount:[".$jobCount."]"; //echo "page:[".$page."]"; if (Vulnerabilities::scanner_type() == "omp") { // We can display scan status with OMP protocol echo Vulnerabilities::get_omp_running_scans($dbconn, $rs_page); } else { // Nessus all_jobs(0, 10, "R"); } ?> <?php $schedulejobs = _("Scheduled Jobs"); echo <<<EOT <table style='margin-top:20px;' class='w100 transparent'><tr><td class='sec_title'>{$schedulejobs}</td></tr></table> <table summary="Job Schedules" class='w100 table_list'> EOT; if ($sortdir == "ASC") { $sortdir = "DESC"; } else { $sortdir = "ASC"; } $arr = array("name" => "Name", "schedule_type" => "Schedule Type", "time" => "Time", "next_CHECK" => "Next Scan", "enabled" => "Status"); // modified by hsh to return all scan schedules if (empty($arruser)) { $query = "SELECT t2.name as profile, t1.meth_TARGET, t1.id, t1.name, t1.schedule_type, t1.meth_VSET, t1.meth_TIMEOUT, t1.username, t1.enabled, t1.next_CHECK, t1.email\n FROM vuln_job_schedule t1 LEFT JOIN vuln_nessus_settings t2 ON t1.meth_VSET=t2.id "; } else { $query = "SELECT t2.name as profile, t1.meth_TARGET, t1.id, t1.name, t1.schedule_type, t1.meth_VSET, t1.meth_TIMEOUT, t1.username, t1.enabled, t1.next_CHECK, t1.email\n FROM vuln_job_schedule t1 LEFT JOIN vuln_nessus_settings t2 ON t1.meth_VSET=t2.id WHERE username in ({$user}) "; } $query .= $sql_order; $result = $dbconn->execute($query); if ($result->EOF) { echo "<tr><td class='empty_results' height='20' style='text-align:center;'>" . _("No Scheduled Jobs") . "</td></tr>"; } if (!$result->EOF) { echo "<tr>"; foreach ($arr as $order_by => $value) { echo "<th><a href=\"manage_jobs.php?sortby={$order_by}&sortdir={$sortdir}\">" . _($value) . "</a></th>"; } if (Session::menu_perms("environment-menu", "EventsVulnerabilitiesScan")) { echo "<th>" . _("Action") . "</th></tr>"; } } $colors = array("#FFFFFF", "#EEEEEE"); $color = 0; while (!$result->EOF) { list($profile, $targets, $schedid, $schedname, $schedtype, $sid, $timeout, $user, $schedstatus, $nextscan, $servers) = $result->fields; $name = Av_sensor::get_name_by_id($dbconn, $servers); $servers = $name != '' ? $name : _('First Available Sensor'); $targets_to_resolve = explode("\n", $targets); $ttargets = array(); foreach ($targets_to_resolve as $id_ip) { if (preg_match("/^([a-f\\d]{32})#\\d+\\.\\d+\\.\\d+\\.\\d+\\/\\d{1,2}/i", $id_ip, $found) && Asset_net::is_in_db($dbconn, $found[1])) { $ttargets[] = preg_replace("/^([a-f\\d]{32})#/i", "", $id_ip) . " (" . Asset_net::get_name_by_id($dbconn, $found[1]) . ")"; } else { if (preg_match("/^([a-f\\d]{32})#\\d+\\.\\d+\\.\\d+\\.\\d+/i", $id_ip, $found) && Asset_host::is_in_db($dbconn, $found[1])) { $ttargets[] = preg_replace("/^([a-f\\d]{32})#/i", "", $id_ip) . " (" . Asset_host::get_name_by_id($dbconn, $found[1]) . ")"; } else { if (preg_match("/^([a-f\\d]{32})#hostgroup/i", $id_ip, $found)) { $hostgroup_name = Asset_group::get_name_by_id($dbconn, $found[1]); $ttargets[] = $hostgroup_name == _('Unknown') ? _('Unknown hostgroup') : $hostgroup_name; } else { if (preg_match("/^([a-f\\d]{32})#netgroup/i", $id_ip, $found)) { $netgroup_name = Net_group::get_name_by_id($dbconn, $found[1]); $ttargets[] = $netgroup_name == _('Unknown') ? _('Unknown netgroup') : $netgroup_name; } else { $ttargets[] = preg_replace("/[a-f\\d]{32}/i", "", $id_ip); } } } } } $targets = implode("<BR/>", $ttargets); $tz = intval($tz); $nextscan = gmdate("Y-m-d H:i:s", Util::get_utc_unixtime($nextscan) + 3600 * $tz); preg_match("/\\d+\\-\\d+\\-\\d+\\s(\\d+:\\d+:\\d+)/", $nextscan, $found); $time = $found[1]; switch ($schedtype) { case "N": $stt = _("Once (Now)"); break; case "O": $stt = _("Once"); break; case "D": $stt = _("Daily"); break; case "W": $stt = _("Weekly"); break; case "M": $stt = _("Monthly"); break; case "Q": $stt = _("Quarterly"); break; case "H": $stt = _("On Hold"); break; case "NW": $stt = _("N<sup>th</sup> week of the month"); break; default: $stt = " "; break; } switch ($schedstatus) { case "1": $itext = _("Disable Scheduled Job"); $isrc = "images/stop_task.png"; $ilink = "manage_jobs.php?disp=setstatus&schedid={$schedid}&enabled=0"; break; default: $itext = _("Enable Scheduled Job"); $isrc = "images/play_task.png"; $ilink = "manage_jobs.php?disp=setstatus&schedid={$schedid}&enabled=1"; break; } if (!Session::menu_perms("environment-menu", "EventsVulnerabilitiesScan")) { $ilink = "javascript:return false;"; } if ($schedstatus) { $txt_enabled = "<td><a href=\"{$ilink}\"><font color=\"green\">" . _("Enabled") . "</font></a></td>"; } else { $txt_enabled = "<td><a href=\"{$ilink}\"><font color=\"red\">" . _("Disabled") . "</font></a></td>"; } require_once 'classes/Security.inc'; if (valid_hex32($user)) { $user = Session::get_entity_name($dbconn, $user); } echo "<tr bgcolor=\"" . $colors[$color % 2] . "\">"; if ($profile == "") { $profile = _("Default"); } echo "<td><span class=\"tip\" title=\"<b>" . _("Owner") . ":</b> {$user}<br><b>" . _("Sensor") . ":</b> {$servers}<br /><b>" . _("Scheduled Job ID") . ":</b> {$schedid}<br><b>" . _("Profile") . ":</b> {$profile}<br><b>" . _("Targets") . ":</b><br>" . $targets . "\">{$schedname}</span></td>"; ?> <td><?php echo $stt; ?> </td> <td><?php echo $time; ?> </td> <td><?php echo $nextscan; ?> </td> <?php echo <<<EOT {$txt_enabled} <td style="padding-top:2px;"><a href="{$ilink}"><img alt="{$itext}" src="{$isrc}" border=0 title="{$itext}"></a> EOT; if (Session::menu_perms("environment-menu", "EventsVulnerabilitiesScan")) { echo "<a href='" . Menu::get_menu_url(AV_MAIN_PATH . '/vulnmeter/sched.php?action=edit_sched&sched_id=' . $schedid . '&status=' . intval($schedstatus), 'environment', 'vulnerabilities', 'scan_jobs') . "'><img src='images/pencil.png' title='" . _("Edit Scheduled") . "'></a> "; echo "<a href='manage_jobs.php?disp=delete&schedid={$schedid}' onclick='return confirmDelete();'><img src='images/delete.gif' title='" . gettext("Delete Scheduled") . "'></a>"; } echo "</td>"; echo <<<EOT </tr> EOT; $result->MoveNext(); $color++; } echo <<<EOT </table> EOT; ?> <br /> <?php $out = all_jobs(($page - 1) * $pagesize, $pagesize); ?> <table width="100%" align="center" class="transparent" cellspacing="0" cellpadding="0"> <tr> <td class="nobborder" valign="top" style="padding-top:5px;"> <div class="fright"> <?php if ($out != 0 && $num_pages != 1) { $page_url = "manage_jobs.php"; if ($page == 1 && $page == $num_pages) { echo '<a href="" class="link_paginate_disabled" onclick="return false">< ' . _("PREVIOUS") . '</a>'; echo '<a class="lmargin link_paginate_disabled" href="" onclick="return false">' . _("NEXT") . ' ></a>'; } elseif ($page == 1) { echo '<a href="" class="link_paginate_disabled" onclick="return false">< ' . _("PREVIOUS") . '</a>'; echo '<a class="lmargin" href="' . $page_url . '?page=' . ($page + 1) . '&rs_page=' . $rs_page . '">' . _("NEXT") . ' ></a> '; } elseif ($page == $num_pages) { echo '<a href="' . $page_url . '?page=' . ($page - 1) . '&rs_page=' . $rs_page . '">< ' . _("PREVIOUS") . '</a>'; echo '<a class="lmargin link_paginate_disabled" href="" onclick="return false">' . _("NEXT") . ' ></a>'; } else { echo '<a href="' . $page_url . '?page=' . ($page - 1) . '&rs_page=' . $rs_page . '">< ' . _("PREVIOUS") . '</a><a class="lmargin" href="' . $page_url . '?page=' . ($page + 1) . '&rs_page=' . $rs_page . '">' . _("NEXT") . ' ></a>'; } } ?> </div> </td> </tr> </table> <?php }
function get_group_info($conn, $group_id) { $group = Asset_group::get_object($conn, $group_id); $data = array('id' => $group_id, 'name' => $group->get_name(), 'owner' => $group->get_owner(), 'descr' => html_entity_decode($group->get_descr(), ENT_QUOTES, 'UTF-8')); return $data; }
function GetOssimHostsFromHostGroups($hostgroup) { $db = new ossim_db(); $conn = $db->connect(); $pg = array(); try { $asset_group = new Asset_group($hostgroup); $asset_group->load_from_db($conn); $_hosts = $asset_group->get_hosts($conn, array(), TRUE); $hosts = $_hosts[0]; } catch (Exception $e) { echo $e->getMessage(); return $pg; } foreach ($hosts as $hg) { $pg[] = $hg[2]; // Array ( [0] => ID [1] => CTX [2] => IP [3] => Name ) } $db->close(); return $pg; }
// sensors permissions $ttargets[$target]['sensors_perms'] = $sperm; // sensors permissions $ttargets[$target]['vuln_scanner'] = $vs; // Nmap status $ttargets[$target]['nmap_scan'] = $snmap; // Load $ttargets[$target]['load'] = $load; } // group targets by group and sensors $result = array(); foreach ($ttargets as $target => $target_data) { if (Av_sensor::is_in_db($conn, $target_data['sensor']) == TRUE) { if (!empty($target_data['hostgroup_id'])) { $result_key = $target_data['hostgroup_id'] . '#hostgroup#' . $target_data['sensor']; $result[$result_key]['name'] = Asset_group::get_name_by_id($conn, $target_data['hostgroup_id']); } else { if (!empty($target_data['netgroup_id'])) { $result_key = $target_data['netgroup_id'] . '#netgroup#' . $target_data['sensor']; $result[$result_key]['name'] = Net_group::get_name_by_id($conn, $target_data['netgroup_id']); } else { $result_key = $target . '#' . $target_data['sensor']; $result[$result_key]['name'] = $target_data['name']; } } $result[$result_key]['ips'][] = $target; $result[$result_key]['sensor'] = $target_data['sensor']; $result[$result_key]['sperm'] = empty($result[$result_key]['sperm']) || $result[$result_key]['sperm'] == 1 ? $target_data['sperm'] : $result[$result_key]['sperm']; $result[$result_key]['perm'] = empty($result[$result_key]['perm']) || $result[$result_key]['perm'] == 1 ? $target_data['perm'] : $result[$result_key]['perm']; $result[$result_key]['vs'] = empty($result[$result_key]['vs']) || $result[$result_key]['vs'] == 1 ? $target_data['vs'] : $result[$result_key]['vs']; $result[$result_key]['snmap'] = empty($result[$result_key]['snmap']) || $result[$result_key]['snmap'] == 1 ? $target_data['snmap'] : $result[$result_key]['snmap'];
function group_list($conn, $page, $search) { $filters = array(); $filters['limit'] = get_query_limits($page); if ($search != '') { $search = utf8_decode($search); $search = escape_sql($search, $conn); $filters['where'] = " name LIKE '%{$search}%'"; } $filters['order_by'] = 'name ASC'; try { list($groups, $total) = Asset_group::get_list($conn, '', $filters, TRUE); } catch (Exception $e) { $return['error'] = TRUE; $return['msg'] = $e->getMessage(); return $return; } //If we have at least one element... if ($total > 0) { //Getting the nets already selected in the filter. $selected = get_selected_values(18); } $list = array(); //Going through the list to format the elements properly: foreach ($groups as $id => $group) { $_chk = $selected[$id] != '' ? TRUE : FALSE; $_grp = array('id' => $id, 'name' => $group->get_name(), 'checked' => $_chk); $list[$id] = $_grp; } $data['total'] = intval($total); $data['list'] = $list; $return['error'] = FALSE; $return['data'] = $data; return $return; }
* Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt * */ require_once 'av_init.php'; $group_id = POST('group_id') != '' ? POST('group_id') : GET('group_id'); $num_assets = POST('num_assets'); $error_msg = ''; ossim_valid($group_id, OSS_HEX, 'illegal: Group ID'); ossim_valid($num_assets, OSS_DIGIT, OSS_NULLABLE, 'illegal: Num of assets'); if (ossim_error()) { die(ossim_error()); } // Database Object $db = new ossim_db(); $conn = $db->connect(); $group = Asset_group::get_object($conn, $group_id); $group->can_i_edit($conn); // Form is submited: Add to group if ($num_assets > 0) { for ($i = 0; $i < $num_assets; $i++) { if (valid_hex32(POST('host' . $i))) { $assets[] = POST('host' . $i); } } try { $group->add_host($conn, $assets); } catch (Exception $e) { $error_msg = $e->getMessage(); } if ($error_msg == '') { $msg = 'saved';
$data['general']['data'] = _('Hosts saved successfully'); foreach ($data['by_host'] as $h_key => $h_data) { if ($h_data['status'] == 'warning') { $data['general']['status'] = 'warning'; $data['general']['data'] = _('Hosts saved with warnings'); break; } } } else { $data['general']['status'] = 'warning'; $data['general']['data'] = _('Warning! Some hosts could not be saved'); } //Create a Asset Group if (!empty($group_name)) { $new_group_id = Util::uuid(); $group = new Asset_group($new_group_id); $group->set_name($group_name); $group->set_ctx($ctx); $group->save_in_db($conn); $group->save_assets_from_list($conn, $data['general']['hosts_in_group']); } } /* echo '<pre style="white-space: pre;">'; print_r($data); print_r($scan_results); echo '</pre>'; */ //Showing scan results ?>
$deploy_agent = Session::logcheck_bool('environment-menu', 'EventsHidsConfig'); } else { if (Asset_net::is_in_db($conn, $id)) { $asset_type = 'network'; Session::logcheck('environment-menu', 'PolicyNetworks'); $breadcrumb = array('section' => _('Networks'), 'current' => _('Network Details')); $edit = Asset_net::can_i_modify_ips($conn, $id); $delete = Asset_net::can_delete($conn, $id); $p_plugin = Session::am_i_admin(); $deploy_agent = FALSE; } else { if (Asset_group::is_in_db($conn, $id)) { $asset_type = 'group'; Session::logcheck('environment-menu', 'PolicyHosts'); $breadcrumb = array('section' => _('Groups'), 'current' => _('Group Details')); $gobj = new Asset_group($id); try { $edit = $gobj->can_i_edit($conn); } catch (Exception $err) { $edit = FALSE; } try { $delete = $gobj->can_delete_group($conn); } catch (Exception $err) { $delete = FALSE; } $p_plugin = Session::am_i_admin(); $deploy_agent = FALSE; } else { $error = _('Invalid Asset ID'); Av_exception::throw_error(Av_exception::USER_ERROR, $error);
exit; } $db = new ossim_db(); $conn = $db->connect(); // Load the current asset object in session same as in index.php // Host if (Asset_host::is_in_db($conn, $asset_id)) { if (Asset_host::is_allowed($conn, $asset_id)) { $asset_object = Asset_host::get_object($conn, $asset_id); $reloaded = TRUE; } } elseif (Asset_net::is_in_db($conn, $asset_id)) { if (Asset_net::is_allowed($conn, $asset_id)) { $asset_object = Asset_net::get_object($conn, $asset_id); $reloaded = TRUE; } } elseif (Asset_group::is_in_db($conn, $asset_id)) { $asset_object = Asset_group::get_object($conn, $asset_id); $reloaded = TRUE; } // Save session object only if is already saved (it means the user has perms) if (!empty($_SESSION['asset_detail'][$asset_id]) && $reloaded) { $_SESSION['asset_detail'][$asset_id] = serialize($asset_object); $response['session_updated'] = TRUE; } else { $response['session_updated'] = FALSE; } echo json_encode($response); $db->close(); /* End of file reload_session_object.php */ /* Location: ./asset_details/ajax/reload_session_object.php */
</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <meta http-equiv="Pragma" content="no-cache"> <link type="text/css" rel="stylesheet" href="../style/av_common.css?t=<?php echo Util::get_css_id(); ?> "/> </head> <body> <?php if ($data['status'] != 'error') { try { $db = new ossim_db(); $conn = $db->connect(); $asset_group = new Asset_group($id); $asset_group->load_from_db($conn); $asset_group->set_name($name); $asset_group->set_owner($owner); $asset_group->set_descr($descr); $asset_group->set_threshold($threshold_a, 'a'); $asset_group->set_threshold($threshold_c, 'c'); $asset_group->save_in_db($conn); $_hosts_data_aux = $asset_group->get_hosts($conn, '', TRUE); $hosts = array_keys($_hosts_data_aux[0]); if (!empty($nagios)) { if (Asset_group_scan::is_plugin_in_group($conn, $id, 2007)) { Asset_group_scan::delete_plugin_from_db($conn, $id, 2007); } Asset_group_scan::save_plugin_in_db($conn, $id, 2007); foreach ($hosts as $host_id) {
//Config File require_once 'av_init.php'; Session::logcheck_ajax('environment-menu', 'PolicyHosts'); //Validate Form token $token = POST('token'); if (Token::verify('tk_delete_group_bulk', $token) == FALSE) { $error = Token::create_error_message(); Util::response_bad_request($error); } session_write_close(); /* connect to db */ $db = new ossim_db(TRUE); $conn = $db->connect(); try { $perm_add = Session::can_i_create_assets(); if (!$perm_add) { $error = _('You do not have the correct permissions to delete groups. Please contact system administrator with any questions'); Util::response_bad_request($error); } $app_name = Session::is_pro() ? 'AlienVault' : 'OSSIM'; $num_assets = Filter_list::get_total_selection($conn, 'group'); //Delete all filtered groups Asset_group::bulk_delete($conn); $data['status'] = 'OK'; $data['data'] = sprintf(_('%s groups have been permanently deleted from %s'), $num_assets, $app_name); } catch (Exception $e) { $db->close(); Util::response_bad_request($e->getMessage()); } $db->close(); echo json_encode($data);
$asset_group = new Asset_group($group_id); $asset_group->save_assets_from_search($conn); $db->close(); $data['status'] = 'success'; $data['data'] = sprintf(_("%s assets have been added to group"), $num_assets); } catch (Exception $e) { Util::response_bad_request(_('Error! Selected assets could not be added') . ': ' . $e->getMessage()); } } break; case 'delete_assets': $group_id = POST('asset_id'); if (!valid_hex32($group_id)) { Util::response_bad_request(_('Error! Asset group ID not allowed. Selected assets could not be removed')); } else { try { $db = new ossim_db(); $conn = $db->connect(); $num_assets = Filter_list::get_total_selection($conn, 'asset'); $asset_group = new Asset_group($group_id); $asset_group->delete_selected_assets($conn); $db->close(); $data['status'] = 'success'; $data['data'] = sprintf(_("%s assets have been deleted from group"), $num_assets); } catch (Exception $e) { Util::response_bad_request(_('Error! Selected assets could not be deleted') . ': ' . $e->getMessage()); } } break; } echo json_encode($data);
/* connect to db */ $db = new ossim_db(TRUE); $conn = $db->connect(); try { $filters = array(); if ($search != '') { $search = escape_sql($search, $conn); $filters['where'] = " g.name LIKE '%{$search}%' OR g.owner LIKE '%{$search}%'"; } $host_perm_where = Asset_host::get_perms_where(); $net_perm_where = Asset_net::get_perms_where(); if (!empty($host_perm_where) || !empty($net_perm_where)) { $exp_msg = _('You do not have permission to do this action'); Av_exception::throw_error(Av_exception::USER_ERROR, $exp_msg); } //Delete all filtered groups Asset_group::delete_all_from_db($conn, $filters); $data['status'] = 'OK'; $data['data'] = _('Groups deleted successfully'); } catch (Exception $e) { $error_msg = $e->getMessage(); if (empty($error_msg)) { $error_msg = _('Sorry, operation was not completed due to an unknown error'); } $data['status'] = 'error'; $data['data'] = $error_msg; } $db->close(); echo json_encode($data); /* End of file delete_all.php */ /* Location: ./group/ajax/delete_all.php */
function save_filter($conn, $filters, $data) { //Getting the number of filters to be applied of the group $cont = $filters->get_num_filter_added(); //We need at least one, otherwise we show an error. if ($cont < 1) { $return['error'] = TRUE; $return['msg'] = _('At least one filter needed'); return $return; } $name = utf8_decode($data['name']); $descr = utf8_decode($data['descr']); ossim_valid($name, OSS_NOECHARS, OSS_ALPHA, OSS_PUNC, 'illegal:' . _('Group Name')); ossim_valid($descr, OSS_ALPHA, OSS_NULLABLE, OSS_PUNC, OSS_AT, OSS_NL, 'illegal:' . _('Description')); if (ossim_error()) { $response['error'] = TRUE; $response['msg'] = ossim_get_error(); ossim_clean_error(); return $response; } //Trying to save the filters, in case of error an exception will arise try { $new_id = Util::uuid(); $ctx = Session::get_default_ctx(); $group = new Asset_group($new_id); $group->set_name($name); $group->set_descr($descr); $group->set_ctx($ctx); $group->save_in_db($conn); $group->save_assets_from_search($conn); $filters->empty_filter_search($conn); $return['error'] = FALSE; $return['id'] = $new_id; $return['msg'] = 'ok'; Asset_filter_list::delete_filters_from_session(); } catch (Exception $e) { $return['error'] = TRUE; $return['msg'] = $e->getMessage(); } return $return; }
// Limit $maxrows = $maxrows > 50 ? 50 : $maxrows; //Session ID $session = session_id(); //list params $filters = array(); $tables = ''; $filters['order_by'] = $order . ' ' . $torder; $filters['limit'] = $from . ', ' . $maxrows; if (!$all_list) { $tables = ', user_host_filter hf'; $filters['where'] = "hf.asset_id=g.id AND hf.session_id='{$session}'"; } try { // Get Groups list($groups, $total) = Asset_group::get_list($conn, $tables, $filters); $results = array(); foreach ($groups as $group) { // Alarms $alarms = $group->has_alarms($conn); $alarms_icon = $alarms ? "<img src='" . AV_PIXMAPS_DIR . "/assets_tick_gray.png'/>" : '-'; // Vulns list($vulns_list, $vulns) = $group->get_vulnerabilities($conn); $vulns_icon = $vulns > 0 ? "<img src='" . AV_PIXMAPS_DIR . "/assets_tick_gray.png'/>" : '-'; // Events $events = $group->has_events($conn); $events_icon = $events ? "<img src='" . AV_PIXMAPS_DIR . "/assets_tick_gray.png'/>" : '-'; // COLUMNS $_res = array(); $_res['DT_RowId'] = $group->get_id(); $_res[] = '';
* */ header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); header("Last-Modified: " . gmdate("D, d M Y H:i:s") . "GMT"); header("Cache-Control: no-cache, must-revalidate"); header("Pragma: no-cache"); require_once 'av_init.php'; $group_id = GET('id'); ossim_valid($group_id, OSS_HEX, OSS_NULLABLE, 'illegal:' . _("Group ID")); if (ossim_error()) { die(ossim_error()); } $db = new ossim_db(TRUE); $conn = $db->connect(); try { $group = new Asset_group($group_id); $group->load_from_db($conn); } catch (Exception $e) { echo _('Impossible to load the group info'); die; } ?> <div id='tray_container'> <div class="tray_triangle"></div> <div id='tray_host_owner' class='tray_section'> <div class='tray_title'> <?php echo _('Owner'); ?>
$order = 'g.name'; } // Order direction $torder = $torder == 1 ? 'ASC' : 'DESC'; // Limit $maxrows = $maxrows > 50 ? 50 : $maxrows; // Search where if ($search != "") { $search = escape_sql($search, $conn); $filters['where'] = " g.name LIKE '%{$search}%' OR g.owner LIKE '%{$search}%'"; } $filters['order_by'] = $order . ' ' . $torder; $filters['limit'] = $from . ', ' . $maxrows; try { // Get Groups list($groups, $total) = Asset_group::get_list($conn, '', $filters, TRUE); $detail = "<img class='detail_img' src='" . AV_PIXMAPS_DIR . "/show_details.png'/>"; $results = array(); foreach ($groups as $group) { // Alarms $alarms = $group->has_alarms($conn); $alarms_icon = $alarms ? "<img src='" . AV_PIXMAPS_DIR . "/assets_tick_gray.png'/>" : '-'; // Vulns $vulns = $group->get_vulnerability_number($conn, $group->get_id()); $vulns_icon = $vulns > 0 ? "<img src='" . AV_PIXMAPS_DIR . "/assets_tick_gray.png'/>" : '-'; // Events $events = $group->has_events($conn); $events_icon = $events ? "<img src='" . AV_PIXMAPS_DIR . "/assets_tick_gray.png'/>" : '-'; // COLUMNS $_res = array(); $_res['DT_RowId'] = $group->get_id();
$vars['_HOST_DESC'] = $host->get_descr(); } break; case 'net': try { $net = Asset_net::get_object($conn, $keyname); } catch (Exception $e) { $net = NULL; } if (is_object($net)) { $vars['_NET_CIDR'] = $net->get_ips(); $vars['_NET_NAME'] = $net->get_name(); } break; case 'host_group': $vars['_HG_NAME'] = Asset_group::get_name_by_id($conn, $keyname); break; case 'net_group': $vars['_NG_NAME'] = Net_group::get_name_by_id($conn, $keyname); break; } if (count($repository_list) > 0) { $parser = new KDB_Parser(); $parser->load_session_vars($vars); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html> <head> <title> <?php echo gettext("OSSIM Framework"); ?>
foreach ($dest_host_list as $dest_host) { if (check_any($dest_host->get_host_id())) { $dests[$dest_host->get_host_id()] = _("ANY"); } else { $dests['host_' . $dest_host->get_host_id()] = _("HOST") . ": " . Asset_host::get_name_by_id($conn, $dest_host->get_host_id()); } } } if ($dest_net_list = $policy->get_nets($conn, 'dest')) { foreach ($dest_net_list as $dest_net) { $dests['net_' . $dest_net->get_net_id()] = check_any($dest_net->get_net_id()) ? _("ANY") : _("NETWORK") . ": " . Asset_net::get_name_by_id($conn, $dest_net->get_net_id()); } } if ($dest_host_list = $policy->get_host_groups($conn, 'dest')) { foreach ($dest_host_list as $dest_host_group) { $dests['hostgroup_' . $dest_host_group->get_host_group_id()] = check_any($dest_host_group->get_host_group_id()) ? _("ANY") : _("HOST_GROUP") . ": " . Asset_group::get_name_by_id($conn, $dest_host_group->get_host_group_id()); } } if ($dest_net_list = $policy->get_net_groups($conn, 'dest')) { foreach ($dest_net_list as $dest_net_group) { $dests['netgroup_' . $dest_net_group->get_net_group_id()] = check_any($dest_net_group->get_net_group_id()) ? _("ANY") : _("NETWORK_GROUP") . ": " . Net_group::get_name_by_id($conn, $dest_net_group->get_net_group_id()); } } //PORTS //source if ($port_list = $policy->get_ports($conn, 'source')) { foreach ($port_list as $port_group) { $ports_source[$port_group->get_port_id()] = check_any($port_group->get_port_id()) ? _("ANY") : Port_group::get_name_by_id($conn, $port_group->get_port_id()); } } //destiny
require_once 'av_init.php'; Session::logcheck('environment-menu', 'PolicyHosts'); /**************************************************** ******************** Host Data ********************* ****************************************************/ //Database connection $db = new ossim_db(); $conn = $db->connect(); $id = GET('id'); $msg = GET('msg'); ossim_valid($id, OSS_HEX, 'illegal:' . _('Asset group ID')); if (ossim_error()) { echo ossim_error(_('Error! Asset group not found')); exit; } $asset_group = new Asset_group($id); $asset_group->can_i_edit($conn); $asset_group->load_from_db($conn); //Getting group data $id = $asset_group->get_id(); $name = $asset_group->get_name(); $owner = $asset_group->get_owner(); $descr = $asset_group->get_descr(); $nagios = Asset_group_scan::is_plugin_in_group($conn, $id, 2007); //Closing database connection $db->close(); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html> <head> <title><?php
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <meta http-equiv="Pragma" content="no-cache"> <?php //CSS Files $_files = array(array('src' => 'av_common.css', 'def_path' => TRUE)); Util::print_include_files($_files, 'css'); ?> </head> <body> <?php if ($data['status'] != 'error') { try { $db = new ossim_db(); $conn = $db->connect(); $asset_group = new Asset_group($id); $asset_group->load_from_db($conn); $asset_group->set_name($name); $asset_group->set_owner($owner); $asset_group->set_descr($descr); $asset_group->save_in_db($conn); $data['status'] = 'OK'; $data['data'] = _('Your changes have been saved'); $db->close(); } catch (Exception $e) { $data['status'] = 'error'; $data['data'] = array('php_exception' => $e->getMessage()); } } if ($data['status'] == 'error') { $txt_error = '<div>' . _('The following errors occurred') . ":</div>\n <div style='padding: 10px;'>" . implode('<br/>', $data['data']) . '</div>';
function get_indicator_asset_name($conn, $type, $asset_id) { $name = ''; switch ($type) { case 'host': $name = Asset_host::get_name_by_id($conn, $asset_id); break; case 'net': $name = Asset_net::get_name_by_id($conn, $asset_id); break; case 'hostgroup': case 'host_group': $name = Asset_group::get_name_by_id($conn, $asset_id); break; case 'net_group': case 'netgroup': $name = Net_group::get_name_by_id($conn, $asset_id); break; case 'sensor': $name = Av_sensor::get_name_by_id($conn, $asset_id); break; } $name = empty($name) ? _('Unknown') : $name; return $name; }
function get_targets($conn, $ip_list) { $result = array(); if (!empty($ip_list)) { if (is_array($ip_list) == FALSE) { $ip_list = explode("\n", trim($ip_list)); } foreach ($ip_list as $asset) { $asset = trim($asset); if (preg_match('/^([a-f\\d]{32})#(\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\/\\d{1,2})$/i', $asset, $found)) { $_asset_name = Asset_net::is_in_db($conn, $found[1]) ? Asset_net::get_name_by_id($conn, $found[1]) : $found[2]; $result[$asset] = $_asset_name; } else { if (preg_match('/^([a-f\\d]{32})#(\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3})$/i', $asset, $found)) { $_asset_name = Asset_host::is_in_db($conn, $found[1]) ? Asset_host::get_name_by_id($conn, $found[1]) : $found[2]; $result[$asset] = $_asset_name; } else { if (preg_match('/^([a-f\\d]{32})#hostgroup$/i', $asset, $found)) { $result[$asset] = Asset_group::get_name_by_id($conn, $found[1]); } else { if (preg_match('/^([a-f\\d]{32})#netgroup$/i', $asset, $found)) { $result[$asset] = Net_group::get_name_by_id($conn, $found[1]); } else { $result[$asset] = $asset; } } } } } } return $result; }
if (Token::verify('tk_ag_form', POST('token')) == FALSE) { $data['status'] = 'error'; $data['data'] = Token::create_error_message(); echo json_encode($data); exit; } switch ($action) { case 'delete_group': $validate = array('asset_id' => array('validation' => 'OSS_HEX', 'e_message' => 'illegal:' . _('Asset Group ID'))); $ag_id = POST('asset_id'); $validation_errors = validate_form_fields('POST', $validate); if (is_array($validation_errors) && !empty($validation_errors)) { $data['status'] = 'error'; $data['data'] = _('Error! Asset group ID not allowed. Asset group could not be removed'); } else { try { $db = new ossim_db(); $conn = $db->connect(); $asset_group = new Asset_group($ag_id); $asset_group->delete($conn); $db->close(); $data['status'] = 'OK'; $data['data'] = _('Asset group removed successfully'); } catch (Exception $e) { $data['status'] = 'error'; $data['data'] = _('Error!') . ' ' . $e->getMessage(); } } break; } echo json_encode($data);