<table style="width:80mm; padding-top: 10px; padding-bottom: 10px;">
<tr>
<th>' . gettext("Host") . '</th>
<th class="center">' . gettext("Occurrences") . '</th>
</tr>');
$c = 0;
$shared_file = $dDB["_shared"]->dbfile();
$dDB["_shared"]->put("SS_AttackedHost" . $runorder, $list);
$font_size = getFontSizeSIEM($list);
foreach ($list as $l) {
$ip = $l[0];
$occurrences = number_format($l[1], 0, ",", ".");
$host_id = $l[2];
$ctx = $l[3] != '' ? $l[3] : Session::get_default_ctx();
$host_output = Asset_host::get_extended_name($security_report->ossim_conn, $geoloc, $ip, $ctx, $host_id);
$os_pixmap = $host_id != "" ? Asset_host_properties::get_os_by_host($security_report->ossim_conn, $host_id) : "";
$hostname = $host_id != "" ? $host_output['name'] : $ip;
$icon = $host_output['html_icon'];
$link = "{$acid_link}/" . $acid_prefix . "_stat_alerts.php?&" . "num_result_rows=-1&" . "submit=Query+DB&" . "current_view=-1&" . "ip_addr[0][1]={$target}&" . "ip_addr[0][2]==&" . "ip_addr[0][3]={$ip}&" . "ip_addr_cnt=1&" . "sort_order=time_d";
$bc = $c++ % 2 != 0 ? "class='par'" : "";
$htmlPdfReport->set('
<tr ' . $bc . '>
<td style="width:55mm;font-size:' . $font_size . 'px">' . $icon . ' ' . Util::wordwrap($hostname, 21, " ", true) . ' ' . $os_pixmap . '</td>
<td style="width:22mm;text-align:center;font-size:' . $font_size . 'px">' . $occurrences . '</td>
</tr>');
}
$htmlPdfReport->set('
</table>
</td>
<td valign="top" style="padding-top:15px; width:98mm;">');
if ($report_graph_type == "applets") {
$_SESSION['_csv_file_hosts'] = $file;
session_write_close();
$csv = array();
//Export a filtered list
$filters = array();
$session = session_id();
$tables = ', user_component_filter hc';
$filters = array('where' => "hc.asset_id=host.id AND hc.asset_type='asset' AND hc.session_id = '{$session}'", 'order_by' => 'host.hostname ASC');
$_host_list = Asset_host::get_list($conn, $tables, $filters);
foreach ($_host_list[0] as $host) {
$id = $host['id'];
//Description
$descr = $host['descr'];
$descr = mb_convert_encoding($descr, 'UTF-8', 'HTML-ENTITIES');
//Operating System
$os = Asset_host_properties::get_property_from_db($conn, $host['id'], 3);
$os = array_pop($os);
//Latitude/Longitude
$latitude = empty($host['location']['lat']) ? '' : $host['location']['lat'];
$longitude = empty($host['location']['lon']) ? '' : $host['location']['lon'];
//Devices
$str_devices = '';
$devices = Asset_host_devices::get_devices_to_string($conn, $id);
if (!empty($devices)) {
$str_devices = str_replace('<br/>', ',', $devices);
}
$h_data = array();
$h_data['ips'] = $host['ips'];
$h_data['name'] = $host['name'];
$h_data['fqdns'] = $host['fqdns'];
$h_data['descr'] = $descr;
list($assets, $total_assets) = Asset_host::get_list($conn, '', array('limit' => 1));
//Number of selected assets
$total_selected = Filter_list::get_total_selection($conn, 'asset');
//Remove asset selection
Filter_list::clean_selection($conn);
//Getting the object with the filters.
$filters = Filter_list::retrieve_filter_list_session();
$filters->empty_filter_search($conn);
if ($filters === FALSE) {
$exp_msg = _('Sorry, operation was not completed due to an error when processing the request');
Av_exception::throw_error(Av_exception::USER_ERROR, $exp_msg);
}
if ($total_selected == $total_assets) {
//All assets were selected, so we filter them by OS
$os_filters = array('where' => '(host_properties.value NOT LIKE "windows%" AND host_properties.value NOT LIKE "microsoft%")');
list($os_list, $total_os) = Asset_host_properties::get_property_values($conn, 3, $os_filters);
$filters->modify_filter(20, 'unknown', 0);
foreach ($os_list as $os_key => $os_value) {
$filters->modify_filter(20, $os_value, 0);
}
} else {
//Not all assets were selected, so we filter by asset
//Getting assets with unknown or Linux/UNIX Operating System
$tables = 'LEFT JOIN host_properties hp ON hp.host_id=host.id AND hp.property_ref=3 INNER JOIN user_component_filter f ON f.asset_id = host.id';
$os_filters = array('where' => '((hp.host_id IS NULL OR hp.value IS NULL OR hp.value LIKE "%unknown%") OR (hp.value NOT LIKE "windows%" AND hp.value NOT LIKE "microsoft%"))
AND f.asset_type="asset" AND f.session_id = "' . session_id() . '"');
$unsupported_assets = Asset_host::get_list_tree($conn, $tables, $os_filters, FALSE, TRUE);
foreach ($unsupported_assets as $a_data) {
$filters->modify_filter(11, $a_data[2], 0);
}
}
$search = utf8_decode($search);
$search = escape_sql($search, $conn);
$filters['where'] = 'host.hostname LIKE "%' . $search . '%"';
}
}
try {
list($assets, $total) = Asset_host::get_list($conn, $tables, $filters, TRUE);
} catch (Exception $e) {
$assets = array();
$total = 0;
}
$results = array();
foreach ($assets as $_id => $asset_data) {
$_res = array();
// Get OS
$os = implode(' ', Asset_host_properties::get_property_from_db($conn, $_id, 3));
$_os = '';
$_dev = '';
if (preg_match("/windows/i", $os)) {
$_os = 'Windows';
} elseif (preg_match("/linux/i", $os)) {
$_os = 'Linux';
}
// Get device types
$_devices = new Asset_host_devices($conn, $_id);
$_devices->load_from_db($conn);
$devices = $_devices->get_devices();
if ($_os == 'Windows') {
$_dev = 'windows_';
} elseif (is_array($devices[1]) && !empty($devices[1])) {
if ($_os == 'Linux') {
function import_assets_from_csv($filename, $iic, $ctx, $import_type)
{
//Process status
$summary = array('general' => array('status' => '', 'data' => '', 'statistics' => array('total' => 0, 'warnings' => 0, 'errors' => 0, 'saved' => 0)), 'by_hosts' => array());
$db = new ossim_db();
$conn = $db->connect();
$str_data = file_get_contents($filename);
if ($str_data === FALSE) {
$summary['general']['status'] = 'error';
$summary['general']['data']['errors'] = _('Failed to read data from CSV file');
$summary['general']['statistics']['errors'] = 1;
return $summary;
}
$array_data = preg_split('/\\n|\\r/', $str_data);
foreach ($array_data as $k => $v) {
if (trim($v) != '') {
$data[] = explode('";"', trim($v));
}
}
/*************************************************************************************************************************************
* From asset section:
* - Version 4.x.x or higher: "IP (IP1,IP2,...)";"Hostname";"FQDNs(FQDN1,FQDN2,...)";"Description";"Asset value";"Operating System";
* "Latitude";"Longitude";"Host ID";"External Asset";"Device Types(Type1,Type2,...)"
*
* - Version 3.x.x: "IP"*;"Hostname";"FQDNs(FQDN1,FQDN2,...)";"Description";"Asset value";"Sensors(Sensor1,Sensor2,...)";
* "Operating System";"Latitude";"Longitude"
*
* From welcome wizard:
* - Version 4.x.x or higher: "IP (IP1,IP2,...)";"Hostname";"Description";"Operating System";"Device Type(Type1,Type2,...)"
*
**************************************************************************************************************************************/
//Check file size
if (count($data) <= 0 || count($data) == 1 && preg_match('/IP/', $data[0][0])) {
$summary['general']['status'] = 'error';
$summary['general']['data'] = _('CSV file is empty');
$summary['general']['statistics']['errors'] = 1;
return $summary;
}
//Check importation type and headers
$csv_headers = array();
if ($import_type == 'hosts') {
if (preg_match('/Operating System/', $data[0][5]) || preg_match('/Sensors/', $data[0][5])) {
$csv_headers = array_shift($data);
} else {
$summary['general']['status'] = 'error';
$summary['general']['data'] = _('Headers not found');
$summary['general']['statistics']['errors'] = 1;
return $summary;
}
}
//Setting total hosts to import
$summary['general']['statistics']['total'] = count($data);
//Getting all Operating System
$all_os = Properties::get_all_os();
//Getting devices types
$all_devices = array();
$aux_all_devices = Devices::get_all_for_filter($conn);
$_all_devices = $aux_all_devices[0];
foreach ($_all_devices as $d_data) {
$d_key = $d_data['type_name'];
$d_key .= $d_data['subtype_id'] != 0 ? ':' . $d_data['subtype_name'] : '';
$all_devices[$d_key] = $d_data['type_id'] . ':' . $d_data['subtype_id'];
}
//Allowed sensors
$filters = array('where' => "acl_sensors.entity_id = UNHEX('{$ctx}')");
$a_sensors = Av_sensor::get_basic_list($conn, $filters);
$sensor_ids = array_keys($a_sensors);
if (count($sensor_ids) == 0) {
$summary['general']['status'] = 'error';
$s_error_msg = Session::is_pro() ? _('There is no sensors for this context') : _('There is no sensors for this IP address');
$summary['general']['data'] = $s_error_msg;
$summary['general']['statistics']['errors'] = 1;
return $summary;
}
Util::disable_perm_triggers($conn, TRUE);
foreach ($data as $k => $v) {
//Clean previous errors
ossim_clean_error();
$num_line = $k + 1;
//Set default status
$summary['by_hosts'][$num_line]['status'] = 'error';
//Check file format
$cnd_1 = $import_type == 'hosts' && count($v) < 9;
$cnd_2 = $import_type == 'welcome_wizard_hosts' && count($v) < 5;
if ($cnd_1 || $cnd_2) {
$summary['by_hosts'][$num_line]['errors']['Format'] = _('Number of fields is incorrect');
$summary['general']['statistics']['errors']++;
continue;
}
//Clean values
$param = array();
$index = 0;
$max_index = count($v) - 1;
foreach ($v as $field) {
$parameter = trim($field);
if ($index == 0) {
$pattern = '/^\\"|^\'/';
$param[] = preg_replace($pattern, '', $parameter);
} else {
if ($index == $max_index) {
$pattern = '/\\"$|\'$/';
$param[] = preg_replace($pattern, '', $parameter);
} else {
$param[] = $parameter;
}
}
$index++;
}
//Values
$is_in_db = FALSE;
$host_id = '';
$sensors = $sensor_ids;
$csv_ips = preg_replace("/\\s+/", '', $param[0]);
if (!empty($param[1])) {
$name = $param[1];
} else {
$aux_name = str_replace(' ', '', $csv_ips);
$aux_name = str_replace(',', '-', $aux_name);
$name = Asset_host::get_autodetected_name($aux_name);
}
if ($import_type == 'hosts') {
$fqdns = $param[2];
$descr = $param[3];
$asset_value = !empty($param[4]) ? $param[4] : 2;
if (preg_match('/Host ID/', $csv_headers[8])) {
$os = $param[5];
$latitude = floatval($param[6]);
$longitude = floatval($param[7]);
$external = empty($param[9]) ? 0 : intval($param[9]);
$csv_devices = $param[10];
} else {
$os = $param[6];
$latitude = floatval($param[7]);
$longitude = floatval($param[8]);
$external = 0;
$csv_devices = '';
}
} else {
$descr = $param[2];
$os = $param[3];
$latitude = 0;
$longitude = 0;
$asset_value = 2;
$external = 0;
$csv_devices = $param[4];
}
//Permissions
$can_i_create_assets = Session::can_i_create_assets();
$can_i_modify_ips = TRUE;
//IPs
if (!ossim_valid($csv_ips, OSS_IP_ADDR, 'illegal:' . _('IP'))) {
$summary['by_hosts'][$num_line]['errors']['IP'] = ossim_get_error_clean();
$summary['general']['statistics']['errors']++;
continue;
}
//Check Host ID: Is there a host registered in the System?
$host_ids = Asset_host::get_id_by_ips($conn, $csv_ips, $ctx);
$host_id = key($host_ids);
if (!empty($host_id)) {
$is_in_db = TRUE;
} else {
$host_id = Util::uuid();
}
// Special case: Forced Host ID [Version 4.x.x or higher]
if ($import_type == 'hosts' && preg_match('/Host ID/', $csv_headers[8]) && valid_hex32($param[8])) {
$csv_hosts_id = strtoupper($param[8]);
if ($is_in_db == TRUE && $csv_hosts_id != $host_id) {
$id_error_msg = _('Host is already registered in the System with another Host ID');
$summary['by_hosts'][$num_line]['errors']['Host'] = $id_error_msg;
$summary['general']['statistics']['errors']++;
continue;
} else {
if ($is_in_db == FALSE) {
$host_id = $csv_hosts_id;
// Save host ID to insert it
}
}
}
//Hostname
if (!empty($iic)) {
$name = clean_iic($name);
}
if (!ossim_valid($name, OSS_HOST_NAME, 'illegal:' . _('Hostname'))) {
ossim_clean_error();
$name = Asset_host::create_valid_name($name);
$warning_msg = _('Hostname does not match with RFC 1123 specifications') . '<br/>' . _('Hostname will be replaced by') . ": <strong>{$name}</strong>";
$summary['by_hosts'][$num_line]['warnings']['Hostname'] = $warning_msg;
$summary['by_hosts'][$num_line]['status'] = 'warning';
$summary['general']['statistics']['warnings']++;
if (!ossim_valid($name, OSS_HOST_NAME, 'illegal:' . _('Hostname'))) {
unset($summary['by_hosts'][$num_line]['warnings']);
$summary['general']['statistics']['warnings']--;
$summary['by_hosts'][$num_line]['status'] = 'error';
$summary['by_hosts'][$num_line]['errors']['Hostname'] = ossim_get_error_clean();
$summary['general']['statistics']['errors']++;
continue;
}
}
//Description
if (!ossim_valid($descr, OSS_NULLABLE, OSS_ALL, 'illegal:' . _('Description'))) {
$summary['by_hosts'][$num_line]['errors']['Description'] = ossim_get_error_clean();
$summary['general']['statistics']['errors']++;
continue;
} else {
if (mb_detect_encoding($descr . ' ', 'UTF-8,ISO-8859-1') == 'UTF-8') {
$descr = mb_convert_encoding($descr, 'HTML-ENTITIES', 'UTF-8');
}
}
//Operating System
$os_pattern = '/' . preg_quote(implode('|', $all_os), '/') . '/';
$os_pattern = str_replace('\\|', '|', $os_pattern);
if (!empty($os) && !preg_match($os_pattern, $os)) {
$warning_msg = _('Operating System unknown');
$summary['by_hosts'][$num_line]['warnings']['Operating System'] = $warning_msg;
$summary['by_hosts'][$num_line]['status'] = 'warning';
$summary['general']['statistics']['warnings']++;
$os = 'Unknown';
}
//Devices Types
$devices = array();
$unallowed_devices = array();
if (!empty($csv_devices)) {
$aux_devices = explode(',', $csv_devices);
if (is_array($aux_devices) && !empty($aux_devices)) {
foreach ($aux_devices as $d_name) {
$d_name = trim($d_name);
if (array_key_exists($d_name, $all_devices)) {
$devices[] = $all_devices[$d_name];
} else {
$unallowed_devices[] = $d_name;
}
}
if (!empty($unallowed_devices)) {
$warning_msg = _('Some devices could not be added (Type and/or subtype unknown)') . ': ' . implode(',', $unallowed_devices);
$summary['by_hosts'][$num_line]['warnings']['Devices'] = $warning_msg;
$summary['by_hosts'][$num_line]['status'] = 'warning';
$summary['general']['statistics']['warnings']++;
}
}
}
//Sensor
if ($is_in_db == FALSE) {
//Only update host sensors with unregistered hosts
if ($import_type == 'hosts' && preg_match('/Sensors/', $csv_headers[5])) {
//Special case: Sensors in CSV file //[Version 3.x.x]
$sensors = array();
$_sensors = explode(',', $param[4]);
if (is_array($_sensors) && !empty($_sensors)) {
$_sensors = array_flip($_sensors);
if (is_array($a_sensors) && !empty($a_sensors)) {
foreach ($a_sensors as $s_id => $s_data) {
if (array_key_exists($s_data['ip'], $_sensors)) {
$sensors[] = $s_id;
}
}
}
}
if (!is_array($sensors) || empty($sensors)) {
$s_error_msg = Session::is_pro() ? _('There is no sensors for this context') : _('There is no sensors for this IP address');
$summary['by_hosts'][$num_line]['errors']['Sensors'] = $s_error_msg;
$summary['general']['statistics']['errors']++;
continue;
}
}
}
/***********************************************************
********** Only for importation from host section **********
***********************************************************/
if ($import_type == 'hosts') {
//FQDNs
if (!ossim_valid($fqdns, OSS_FQDNS, OSS_NULLABLE, 'illegal:' . _('FQDN/Aliases'))) {
$summary['by_hosts'][$num_line]['errors']['FQDN/Aliases'] = ossim_get_error_clean();
$summary['general']['statistics']['errors']++;
continue;
}
//Asset
if (!ossim_valid($asset_value, OSS_DIGIT, 'illegal:' . _('Asset value'))) {
$summary['by_hosts'][$num_line]['errors']['Asset value'] = ossim_get_error_clean();
$summary['general']['statistics']['errors']++;
continue;
}
//Latitude
if (!empty($latitude)) {
if (!ossim_valid(trim($latitude), OSS_NULLABLE, OSS_DIGIT, OSS_DOT, '\\-', 'illegal:' . _('Latitude'))) {
$summary['by_hosts'][$num_line]['errors']['Latitude'] = ossim_get_error_clean();
$summary['general']['statistics']['errors']++;
continue;
}
}
//Longitude
if (!empty($longitude)) {
if (!ossim_valid(trim($longitude), OSS_NULLABLE, OSS_DIGIT, OSS_DOT, '\\-', 'illegal:' . _('Longitude'))) {
$summary['by_hosts'][$num_line]['errors']['Longitude'] = ossim_get_error_clean();
$summary['general']['statistics']['errors']++;
continue;
}
}
}
//Insert/Update host in database
if (count($summary['by_hosts'][$num_line]['errors']) == 0) {
try {
$host = new Asset_host($conn, $host_id);
if ($is_in_db == TRUE) {
$host->load_from_db($conn, $host_id);
$can_i_modify_ips = Asset_host::can_i_modify_ips($conn, $host_id);
} else {
if ($can_i_create_assets == FALSE) {
$n_error_msg = _('Host') . ' ' . $name . ' ' . _("not allowed. You don't have permissions to import this host");
$summary['by_hosts'][$num_line]['errors']['Net'] = $n_error_msg;
$summary['general']['statistics']['errors']++;
continue;
}
}
//Check IPs
if ($can_i_modify_ips == TRUE) {
$aux_ips = explode(',', $csv_ips);
foreach ($aux_ips as $ip) {
$host_ids = Asset_host::get_id_by_ips($conn, $ip, $ctx);
unset($host_ids[$host_id]);
if (!empty($host_ids)) {
$c_error_msg = _('IP') . ' ' . $csv_ips . ' ' . _("not allowed. IP {$ip} already exists for this entity");
$summary['by_hosts'][$num_line]['errors']['IP'] = $c_error_msg;
$summary['general']['statistics']['errors']++;
break;
} else {
$cnd_1 = Session::get_net_where() != '' && !Session::only_ff_net();
$cnd_2 = Asset_host::is_ip_in_cache_cidr($conn, $ip, $ctx, TRUE);
if ($cnd_1 && !$cnd_2) {
$c_error_msg = sprintf(_("Error! The IP %s is not allowed. Please check with your account admin for more information"), $csv_ips);
$summary['by_hosts'][$num_line]['errors']['IP'] = $c_error_msg;
$summary['general']['statistics']['errors']++;
break;
}
}
}
} else {
$c_error_msg = _('Host') . ' ' . $name . ': ' . _("IP address not allowed. IP address cannot be modified");
$summary['by_hosts'][$num_line]['status'] = 'warning';
$summary['general']['warnings']['errors']++;
$summary['by_hosts'][$num_line]['warnings']['IP'] = $c_error_msg;
}
//Setting new values
if (count($summary['by_hosts'][$num_line]['errors']) == 0) {
$host->set_ctx($ctx);
$host->set_name($name);
$host->set_descr($descr);
if ($is_in_db == FALSE) {
if ($can_i_modify_ips == TRUE) {
if (is_array($aux_ips) && !empty($aux_ips)) {
$ips = array();
foreach ($aux_ips as $ip) {
$ips[$ip] = array('ip' => $ip, 'mac' => NULL);
}
$host->set_ips($ips);
}
}
$host->set_sensors($sensors);
}
if (!empty($fqdns)) {
$host->set_fqdns($fqdns);
}
$host->set_external($external);
$host->set_location($latitude, $longitude);
$host->set_asset_value($asset_value);
$host->set_devices($devices);
$host->save_in_db($conn, FALSE);
//Save Operating System
if (!empty($os)) {
Asset_host_properties::save_property_in_db($conn, $host_id, 3, $os, 2);
}
$summary['general']['statistics']['saved']++;
$summary['by_hosts'][$num_line]['data'] = $is_in_db == TRUE ? _('Asset updated') : _('New asset inserted');
//Keep warnings
if ($summary['by_hosts'][$num_line]['status'] != 'warning') {
$summary['by_hosts'][$num_line]['status'] = 'success';
}
}
} catch (Exception $e) {
$summary['by_hosts'][$num_line]['errors']['Database error'] = $e->getMessage();
$summary['general']['statistics']['errors']++;
}
}
}
if ($summary['general']['statistics']['saved'] > 0) {
if ($summary['general']['statistics']['errors'] == 0) {
$summary['general']['status'] = 'success';
$summary['general']['data'] = _('All assets have been successfully imported ');
} else {
$summary['general']['status'] = 'warning';
$summary['general']['data'] = _('Some assets cannot be imported');
}
Util::disable_perm_triggers($conn, FALSE);
try {
Asset_host::report_changes($conn, 'hosts');
} catch (Exception $e) {
Av_exception::write_log(Av_exception::USER_ERROR, $e->getMessage());
}
} else {
$summary['general']['statistics']['errors'] = count($data);
//CSV file is not empty, but all lines are wrong
if (empty($summary['general']['status'])) {
$summary['general']['status'] = 'error';
$summary['general']['data'] = _('Assets cannot be imported');
}
}
@$conn->Execute("REPLACE INTO alienvault.host_net_reference SELECT host.id,net_id FROM alienvault.host, alienvault.host_ip, alienvault.net_cidrs WHERE host.id = host_ip.host_id AND host_ip.ip >= net_cidrs.begin AND host_ip.ip <= net_cidrs.end");
$db->close();
return $summary;
}
function model_list($conn, $page, $search)
{
$filters = array();
$filters['limit'] = get_query_limits($page);
if ($search != '') {
$search = utf8_decode($search);
$search = escape_sql($search, $conn);
$filters['where'] = " host_properties.value LIKE '%{$search}%' ";
}
try {
list($properties, $total) = Asset_host_properties::get_property_values($conn, 14, $filters, TRUE);
} catch (Exception $e) {
$return['error'] = TRUE;
$return['msg'] = $e->getMessage();
return $return;
}
if ($total > 0) {
$selected = get_selected_values(21);
}
$list = array();
//Going through the list to format the elements properly:
foreach ($properties as $os_id => $value) {
$_chk = $selected[$os_id] != '' ? TRUE : FALSE;
$_prop = array('id' => $value, 'name' => $value, 'checked' => $_chk);
$list[$os_id] = $_prop;
}
$data['total'] = intval($total);
$data['list'] = $list;
$return['error'] = FALSE;
$return['data'] = $data;
return $return;
}
}
//Perform action
if (is_array($validation_errors) && !empty($validation_errors)) {
$error_msg = '<div style="padding-left:5px">' . _('The following errors occurred') . ":</div>\n <div style='padding: 5px 5px 5px 15px;'>" . implode('<br/>', $validation_errors) . '</div>';
$db->close();
Util::response_bad_request($error_msg);
}
try {
$data['status'] = 'success';
$data['data'] = _('Your changes have been saved');
switch ($action) {
case 'select_os':
//Select Operating System
if ($os_windows == 1) {
Asset_host_properties::delete_property_from_db($conn, $asset_id, 3);
Asset_host_properties::save_property_in_db($conn, $asset_id, 3, 'Microsoft Windows', 1);
} else {
$data['status'] = 'warning';
$data['data'] = _("Unable to deploy HIDS agent. Automatic deployment is only available for Windows operating systems. Please go to <a href='javascript:parent.GB_close({\"action\": \"go_to_hids\"});' class='bold_yellow'>HIDS page</a> for more options");
}
break;
case 'deploy_agent':
//Deploy HIDS Agent
$db = new Ossim_db();
$conn = $db->connect();
$d_data = array('asset_id' => $asset_id, 'w_ip' => $ip_address, 'w_user' => $user, 'w_password' => $pass, 'w_domain' => $domain);
$hids_agents = Asset_host::get_related_hids_agents($conn, $asset_id, $sensor_id);
$num_agents = count($hids_agents);
if ($num_agents >= 1) {
if ($num_agents == 1) {
$agent = array_pop($hids_agents);
if (Token::verify($tk_key, $token) == FALSE) {
$db->close();
$error = Token::create_error_message();
Util::response_bad_request($error);
}
$data['status'] = 'success';
$data['data'] = _('Your changes have been saved');
if ($delete_all == TRUE) {
if (!valid_hex32($asset_id)) {
$db->close();
Util::response_bad_request(_('Error! Asset ID not allowed. Your changes could not be saved'));
} else {
try {
if ($action == 'delete_properties') {
Asset_host_ips::delete_all_from_db($conn, $asset_id, TRUE);
Asset_host_properties::delete_all_from_db($conn, $asset_id);
} elseif ($action == 'delete_software') {
Asset_host_software::delete_all_from_db($conn, $asset_id);
} else {
Asset_host_services::delete_all_from_db($conn, $asset_id, TRUE);
}
} catch (Exception $e) {
$db->close();
Util::response_bad_request($e->getMessage());
}
}
} else {
if (is_array($p_list) && !empty($p_list)) {
foreach ($p_list as $p_values) {
try {
//Clean last error
function ip_max_occurrences($target, $date_from, $date_to)
{
global $NUM_HOSTS;
global $security_report;
global $report_type;
global $geoloc;
/* ossim framework conf */
$conf = $GLOBALS['CONF'];
$report_graph_type = $conf->get_conf('report_graph_type');
if (!strcmp($target, "ip_src")) {
if ($report_type == "alarm") {
$target = "src_ip";
}
$title = _("Attacker hosts");
} elseif (!strcmp($target, "ip_dst")) {
if ($report_type == "alarm") {
$target = "dst_ip";
}
$title = _("Attacked hosts");
}
$list = $security_report->AttackHost($target, $NUM_HOSTS, $report_type, $date_from, $date_to);
if (!is_array($list) || empty($list)) {
return 0;
}
?>
<table class='t_alarms'>
<thead>
<tr><td colspan='2' class="headerpr"><?php
echo _("Top");
echo " {$NUM_HOSTS} {$title}";
?>
</td></tr>
</thead>
<tbody>
<tr>
<td class='td_container'>
<table class="table_data">
<thead>
<tr>
<th> <?php
echo _("Host");
?>
</th>
<th> <?php
echo _("Occurrences");
?>
</th>
</tr>
</thead>
<tbody>
<?php
foreach ($list as $l) {
$ip = $l[0];
$occurrences = number_format($l[1], 0, ",", ".");
$id = $l[2];
$ctx = $l[3];
$host_output = Asset_host::get_extended_name($security_report->ossim_conn, $geoloc, $ip, $ctx, $id);
$hostname = $host_output['name'];
$icon = $host_output['html_icon'];
$os = valid_hex32($id) ? Asset_host_properties::get_os_by_host($security_report->ossim_conn, $id) : "";
$os_pixmap = preg_match("/unknown/", $os) ? '' : $os;
$bold = $host_output['is_internal'];
?>
<tr>
<td class='td_data <?php
if ($bold) {
echo 'bold';
}
?>
'>
<?php
echo $icon . ' ' . $hostname . ' ' . $os_pixmap;
?>
</td>
<td class='td_data'><?php
echo $occurrences;
?>
</td>
</tr>
<?php
}
?>
</tbody>
</table>
</td>
<td class='td_container'>
<?php
if ($report_graph_type == "applets") {
jgraph_attack_graph($target, $NUM_HOSTS);
} else {
?>
<img src="graphs/attack_graph.php?target=<?php
echo $target;
?>
&hosts=<?php
echo $NUM_HOSTS;
?>
&type=<?php
echo $report_type;
?>
&date_from=<?php
echo urlencode($date_from);
?>
&date_to=<?php
echo urlencode($date_to);
?>
" alt="attack_graph"/>
<?php
}
?>
</td>
</tr>
</tbody>
</table>
<?php
return 1;
}
}
$validation_errors = validate_form_fields('POST', $validate);
$db = new ossim_db();
$conn = $db->connect();
if (empty($validation_errors['sensor_id'])) {
if (!Ossec_utilities::is_sensor_allowed($conn, $sensor_id)) {
$validation_errors['sensor_id'] = _('Error! Sensor not allowed');
}
}
if (empty($validation_errors)) {
$current_user = '******';
$current_ip = '-';
//Current user
if (valid_hex32($asset_id)) {
$q_filters = array('limit' => "1");
list($users, $total_users) = Asset_host_properties::get_users_by_host($conn, $asset_id, $filters);
if ($total_users > 0) {
$_current_user = array_pop($users[$asset_id]);
if (!empty($_current_user)) {
$current_user = $_current_user['user'];
$current_user .= !empty($_current_user['domain']) ? '@' . $_current_user['domain'] : '';
}
}
}
//Current IP
$agent = array('ip_cidr' => $agent_ip, 'name' => $agent_name);
$_current_ip = Ossec_agent::get_last_ip($sensor_id, $agent);
if (Asset_host_ips::valid_ip($_current_ip)) {
$current_ip = $_current_ip;
}
$agent_idm_data = array('current_ip' => $current_ip, 'current_user' => $current_user);
function change_htype($conn, $data)
{
$uuid = $data['id'];
list($os, $dtype) = explode("_", $data['type']);
// Type
ossim_valid($uuid, OSS_HEX, 'illegal:' . _("ID"));
ossim_valid($os, OSS_NULLABLE, OSS_ALPHA, 'illegal:' . _("OS"));
ossim_valid($dtype, OSS_NULLABLE, OSS_ALPHA, 'illegal:' . _("Device Type"));
check_ossim_error();
if (empty($dtype) && empty($os)) {
Asset_host_devices::delete_all_from_db($conn, $uuid);
Asset_host_properties::delete_property_from_db($conn, $uuid, 3, '', TRUE);
} else {
// Device Type
if ($dtype == 'networkdevice') {
Asset_host_devices::save_device_in_db($conn, $uuid, 4);
//Adding the device type
Asset_host_properties::delete_property_from_db($conn, $uuid, 3, '', TRUE);
//Removing the previous OS
} elseif ($os == 'windows' || $os == 'linux') {
Asset_host_devices::delete_device_from_db($conn, $uuid, 4);
//Removing device type
Asset_host_properties::delete_property_from_db($conn, $uuid, 3);
//Removing previous OS
Asset_host_properties::save_property_in_db($conn, $uuid, 3, ucfirst($os), 1, TRUE);
//Adding the new OS
}
}
$response['error'] = FALSE;
$response['data'] = array();
return $response;
}
$search = utf8_decode($search);
$search = escape_sql($search, $conn);
$filters['where'] = 'host.hostname LIKE "%' . $search . '%"';
}
}
try {
list($assets, $total) = Asset_host::get_list($conn, $tables, $filters, TRUE);
} catch (Exception $e) {
$assets = array();
$total = 0;
}
$results = array();
foreach ($assets as $_id => $asset_data) {
$_res = array();
// Get OS
$os = Asset_host_properties::get_property_from_db($conn, $_id, 3);
$_os = '';
$_dev = '';
$windows_os = preg_grep("/^windows|microsoft/i", $os);
$linux_os = preg_grep("/linux|alienvault/i", $os);
if (count($windows_os) > 0) {
$_os = 'Windows';
} elseif (count($linux_os) > 0) {
$_os = 'Linux';
}
// Get device types
$_devices = new Asset_host_devices($conn, $_id);
$_devices->load_from_db($conn);
$devices = $_devices->get_devices();
if ($_os == 'Windows') {
$_dev = 'windows_';
$filters = array('where' => 'banner LIKE "%' . $selection_filter . '%"');
list($p_list, ) = Asset_host_software::bulk_get_list($conn, $filters);
}
}
}
//Validate Form token
$token = POST('token');
if (Token::verify($tk_key, $token) == FALSE) {
$db->close();
$error = Token::create_error_message();
Util::response_bad_request($error);
}
if ($delete_all == TRUE) {
try {
if ($action == 'delete_properties') {
Asset_host_properties::bulk_delete_all_from_db($conn);
} else {
Asset_host_software::bulk_delete_all_from_db($conn);
}
} catch (Exception $e) {
$db->close();
Util::response_bad_request($e->getMessage());
}
} else {
if (is_array($p_list) && !empty($p_list)) {
foreach ($p_list as $p_values) {
try {
//Clean last error
ossim_clean_error();
//Initialize property data
$p_data = array();
if (array_key_exists($order, $orders_by_columns)) {
$order = $orders_by_columns[$order];
} else {
$order = 'property_descr';
}
// Property filter
$filters = array('where' => "hp.property_ref NOT IN (3, 14)", 'limit' => "{$from}, {$maxrows}", 'order_by' => "{$order} {$torder}");
if ($search_str != '') {
$search_str = escape_sql($search_str, $conn);
$filters['where'] .= ' AND value LIKE "%' . $search_str . '%"';
}
// Properties data
$data = array();
$p_list = array();
$p_total = 0;
list($p_list, $p_total) = Asset_host_properties::bulk_get_list($conn, $filters);
foreach ($p_list as $p_id => $p_values) {
foreach ($p_values as $p_value) {
$r_key = strtolower($p_id . '_' . md5($p_value['value']));
$p_locked = $p_value['source']['id'] == 1 ? 1 : 0;
$_p_data = array("DT_RowId" => $r_key, "DT_RowData" => array('p_id' => $p_id, 'p_value' => $p_value['value'], 'source_id' => $p_value['source']['id'], 'locked' => $p_locked), "", $p_value['description'], $p_value['value'], $p_value['source']['name'], "");
$data[] = $_p_data;
}
}
$response['sEcho'] = $sec;
$response['iTotalRecords'] = $p_total;
$response['iTotalDisplayRecords'] = $p_total;
$response['aaData'] = $data;
echo json_encode($response);
$db->close();
/* End of file bk_dt_properties.php */
<!-- C & A levels for each IP -->
<tr>
<td align="center">
<a href="<?php
echo $r_url;
?>
" title="<?php
echo $ip;
?>
"><?php
echo $hostname;
?>
</a>
<?php
echo Asset_host_properties::get_os_by_host($conn, $host_id);
?>
</td>
<td align="center">
<a href="<?php
echo $cp_url;
?>
"> <img src="../pixmaps/graph.gif" border="0"/> </a>
</td>
<td class="left">
<?php
if ($compromise <= $threshold_c) {
?>
<img src="../pixmaps/solid-blue.jpg" height="12" width="<?php
