$conn = $db->connect();
//Agents trends
if ($agent['ip'] == '127.0.0.1') {
// Get default system uuid
$system_id = Util::get_system_uuid();
$system_info = Av_center::get_system_info_by_id($conn, $system_id);
if ($system_info['status'] == 'success') {
$sensor_ip = $system_info['data']['admin_ip'];
}
$ip_cidr = empty($sensor_ip) ? $agent['ip'] : $sensor_ip;
} else {
$agent_idm_data = Ossec_agent::get_idm_data($sensor_id, $agent['ip']);
$agent_idm_ip = $agent_idm_data['ip'];
if (empty($agent_idm_ip)) {
try {
$agent_idm_ip = Ossec_agent::get_last_ip($sensor_id, $agent);
} catch (Exception $e) {
}
}
$ip_cidr = Asset_host_ips::valid_ip($agent_idm_ip) ? $agent_idm_ip : $agent['ip'];
}
$data = array();
if (!preg_match('/Never connected/i', $agent['status']) && Asset_host_ips::valid_ip($ip_cidr)) {
$data = Ossec_utilities::SIEM_trends_hids($conn, $ip_cidr);
}
$trend_plot = "<div style='color:gray; margin:15px; text-align:center;'>" . _('Trend chart not available') . "</div>";
if (is_array($data) && !empty($data)) {
$trend = '';
$max = 7;
for ($ii = $max - 1; $ii >= 0; $ii--) {
$d = gmdate("j M", $timetz - 86400 * $ii);
$e_msg = _('Error! Sensor not allowed');
Av_exception::throw_error(Av_exception::USER_ERROR, $e_msg);
}
} else {
$e_msg = ossim_get_error_clean();
Av_exception::throw_error(Av_exception::USER_ERROR, $e_msg);
}
$agents = Ossec_agent::get_list($sensor_id);
$data = array();
if (is_array($agents) && !empty($agents)) {
foreach ($agents as $agent_id => $a_data) {
if (empty($a_data)) {
continue;
}
$a_unique_id = md5($agent_id);
$agent_actions = Ossec_agent::get_actions($agent_id, $a_data);
if (!empty($a_data['host_id'])) {
$asset_name = Asset_host::get_name_by_id($conn, $a_data['host_id']);
} else {
$asset_name = '-';
}
//Normalize status description (See asset list filters)
if ($a_data['status']['id'] == 1) {
$a_data['status']['descr'] = 'Disconnected';
}
$t_data = array("DT_RowId" => 'cont_agent_' . $agent_id, "DT_RowData" => array('agent_key' => $a_unique_id, 'asset_id' => $a_data['host_id'], 'agent_status' => $a_data['status']), '', $agent_id, $a_data['name'], $asset_name, $a_data['ip_cidr'], "-", "-", $a_data['status']['descr'], $agent_actions);
$data[] = $t_data;
}
}
} catch (Exception $e) {
$db->close();
ossim_valid($sensor_id, OSS_HEX, 'illegal:' . _('Sensor ID'));
if ($agent_ip != 'any') {
ossim_valid($agent_ip, OSS_IP_CIDR_0, 'illegal:' . _('Agent IP'));
}
if (!ossim_error()) {
$db = new ossim_db();
$conn = $db->connect();
if (!Ossec_utilities::is_sensor_allowed($conn, $sensor_id)) {
Av_exception::throw_error(Av_exception::USER_ERROR, _('Error! Sensor not allowed'));
}
$db->close();
}
$more_info = Ossec_agent::get_info($sensor_id, $agent_id);
$last_scan_dates = '';
if (Asset_host_ips::valid_ip($agent_ip)) {
$last_scan_dates = Ossec_agent::get_last_scans($sensor_id, $agent_ip);
}
if (is_array($more_info) && !empty($more_info)) {
$syscheck_date = empty($last_scan_dates['syscheck']) ? $more_info[7] : $last_scan_dates['syscheck'];
$rootcheck_date = empty($last_scan_dates['rootcheck']) ? $more_info[8] : $last_scan_dates['rootcheck'];
?>
<table class='t_agent_mi'>
<tr><td colspan='2' style='text-align: center;'><?php
echo _('Agent information');
?>
</td></tr>
<tr>
<td><?php
echo _('Agent ID');
?>
:</td>
$cnd_2 = !empty($asset_sensors[$asset_sensor_id]);
if ($cnd_1 && $cnd_2) {
$sensor_id = $asset_sensor_id;
break;
}
}
$agent_id = NULL;
$ip_address = $default_ip_address;
}
if ($sensor_id === NULL) {
$deployment_stats[$asset_id]['status'] = 'error';
$deployment_stats[$asset_id]['data'] = _('Error! No HIDS sensor related to asset');
continue;
}
$d_data = array('asset_id' => $asset_id, 'w_ip' => $ip_address, 'w_user' => $user, 'w_password' => $pass, 'w_domain' => $domain, 'agent_id' => $agent_id);
$res = Ossec_agent::deploy_windows_agent($sensor_id, $d_data);
$job_id = $res['job_id'];
if (valid_hex32($job_id, TRUE) == FALSE) {
$deployment_stats[$asset_id]['status'] = 'warning';
$deployment_stats[$asset_id]['data'] = _('Warning! Deployment job cannot be launched');
} else {
$total_deployed++;
}
}
if ($total_deployed == $total_windows) {
$data = array('status' => 'success', 'data' => _('Deployment job/s scheduled successfully.
<br/>Check out the <span class="bold" id="go_to_mc">Message Center</span> for more details'));
} else {
if ($total_deployed == 0) {
$data = array('status' => 'warning', 'data' => _('Unable to deploy HIDS agents due to an internal error. Please try again'), 'stats' => $deployment_stats);
} else {
}
}
if (is_array($validation_errors) && !empty($validation_errors)) {
$data['status'] = 'error';
if (POST('ajax_validation_all') == TRUE) {
$data['data'] = $validation_errors;
} else {
$data['data'] = '<div>' . _('We Found the following errors') . ":</div>\n <div style='padding: 10px;'>" . implode('<br/>', $validation_errors) . '</div>';
}
} else {
if (POST('ajax_validation_all') == TRUE) {
$data['status'] = 'OK';
$data['data'] = _('Automatic deployment data checked successfully');
} else {
$d_data = array('ossec_server_ip' => $ossec_server_ip, 'sensor_ip' => POST('sensor_ip'), 'agent_ip' => POST('agent_ip'));
if ($os_type == 'windows') {
$d_data['domain'] = POST('domain');
$d_data['user'] = POST('user');
$d_data['password'] = POST('pass');
}
try {
$data['status'] = 'success';
$data['data'] = Ossec_agent::execute_deployment_action($d_data, 'deploy', $os_type);
} catch (Exception $e) {
$data['status'] = 'warning';
$data['data'] = $e->getMessage();
}
}
}
echo json_encode($data);
exit;
$timetz = gmdate("U") + 3600 * $tz;
// time to generate dates with timezone correction
//HIDS trend
$data = array();
if ($agent_status > 1) {
if (Asset_host::is_in_db($conn, $asset_id)) {
$data = Ossec_utilities::hids_trend_by_id($conn, $asset_id);
} else {
if ($ip_cidr == '127.0.0.1') {
// Getting default sensor IP
$sensor_ip = Av_sensor::get_ip_by_id($conn, $sensor_id);
$ip_cidr = empty($sensor_ip) ? $ip_cidr : $sensor_ip;
} else {
try {
$agent = array('name' => $agent_name, 'ip_cidr' => $ip_cidr);
$ip_cidr = Ossec_agent::get_last_ip($sensor_id, $agent);
} catch (Exception $e) {
}
}
if (Asset_host_ips::valid_ip($ip_cidr)) {
$data = Ossec_utilities::hids_trend_by_ip($conn, $ip_cidr);
}
}
}
$trend_plot = "<div style='color:gray; margin:15px; text-align:center;'>" . _('Trend chart not available') . "</div>";
if (is_array($data) && !empty($data)) {
$trend = '';
$max = 7;
for ($ii = $max - 1; $ii >= 0; $ii--) {
$d = gmdate("j M", $timetz - 86400 * $ii);
$trend[$d] = $data[$d] != '' ? $data[$d] : 0;
if ($num_agents == 1) {
$agent = array_pop($hids_agents);
$d_data['agent_id'] = $agent['agent_id'];
} else {
$e_msg = _('Unable to deploy HIDS agent. This asset already has an agent deployed. If you want to deploy a new agent, please review <a class="bold_red" href="https://www.alienvault.com/help/redirect/usm/connect_agent" target="_blank">how to manage agent connections</a> and try again');
Av_exception::throw_error(Av_exception::USER_ERROR, $e_msg);
}
}
$res = Ossec_agent::deploy_windows_agent($sensor_id, $d_data);
$job_id = $res['job_id'];
$attempts = 0;
$max_attempts = 80;
$data = Ossec_agent::check_deployment_status($job_id);
while ($data['status'] == 'in_progress' && $attempts < $max_attempts) {
sleep(3);
$data = Ossec_agent::check_deployment_status($job_id);
$attempts++;
}
if ($attempts >= $max_attempts) {
$e_msg = _('Connection has timed out. Please deploy the HIDS agent again');
Av_exception::throw_error(Av_exception::USER_ERROR, $e_msg);
} else {
if ($data['status'] != 'success') {
$e_msg = $data['data'] . "<br/><br/>" . $data['help'];
Av_exception::throw_error(Av_exception::USER_ERROR, $e_msg);
}
}
break;
case 3:
//Deploy Agentless
/************************************************
$copy_cf = str_replace($pattern, $unique_id, $copy_cf);
} else {
if (preg_match("/<\\s*agent_config\\s*>/", $copy_cf)) {
$copy_cf = preg_replace("/<\\/\\s*agent_config\\s*>/", "{$unique_id}</agent_config>", $copy_cf, 1);
} else {
$copy_cf = "<agent_config>{$unique_id}</agent_config>";
}
}
$copy_cf = preg_replace("/{$unique_id}/", $node_sys, $copy_cf);
$conf_data = Ossec_utilities::formatXmlString($copy_cf);
try {
$data = Ossec_agent::set_configuration_file($sensor_id, $conf_data);
} catch (Exception $e) {
$data['status'] = 'error';
$data['data'] = $e->getMessage();
}
echo json_encode($data);
} elseif ($tab == '#tab3') {
try {
$conf_data = html_entity_decode(base64_decode($_POST['data']), ENT_QUOTES, 'UTF-8');
$data = Ossec_agent::set_configuration_file($sensor_id, $conf_data);
} catch (Exception $e) {
$data['status'] = 'error';
$data['data'] = $e->getMessage();
}
echo json_encode($data);
} else {
$data['status'] = 'error';
$data['data'] = _('Error! Illegal action');
echo json_encode($data);
}
?>
<script type='text/javascript'>
parent.hide_loading_box();
parent.$("#c_info").html(parent.notify_error('<?php
echo _('Error! Sensor not allowed');
?>
'));
parent.$("#c_info").fadeIn(4000);
parent.window.scrollTo(0,0);
parent.$('#c_ossec_agent').remove();
</script>
<?php
exit;
}
try {
$agent_path = Ossec_agent::download_agent($sensor_id, $agent_id, $agent_type);
} catch (Exception $e) {
$e_data = $e->getMessage();
$errors = preg_match('/Error!/', $e_data) ? $e_data : _('Error!') . '<br/>' . $e_data;
?>
<script type='text/javascript'>
var content = "<div style='padding-left:5px; text-align: left;'><?php
echo $errors;
?>
</div>";
parent.hide_loading_box();
parent.$("#c_info").html(parent.notify_error(content));
parent.$("#c_info").fadeIn(4000);
}
?>
</tbody>
</table>
<div class='cont_savet2'>
<input type='button' class='small' id='send_6' value='<?php
echo _('Save');
?>
' onclick="save_agent_conf();"/>
</div>
</div>
</form>
<?php
} catch (Exception $e) {
echo "2###" . _('We found the followings errors:') . "<div style='padding-left: 15px; text-align:left;'>" . $e->getMessage() . "</div>";
}
} else {
if ($tab == '#tab3') {
try {
$conf_data = Ossec_agent::get_configuration_file($sensor_id);
echo "1###" . $conf_data['data'];
} catch (Exception $e) {
echo "2###" . _('We found the followings errors:') . "<div style='padding-left: 15px; text-align:left;'>" . $e->getMessage() . "</div>";
}
} else {
echo "2###" . _('We found the followings errors') . ": <div style='padding-left: 15px; text-align:left;'>" . _('Illegal action') . "</div>";
}
}
}
$_aux_agents = Asset_host::get_related_hids_agents($conn, $asset_id, $sensor_id);
$agent_key = md5(strtoupper($sensor_id) . '#' . $agent_id);
unset($_aux_agents[$agent_key]);
if (!empty($_aux_agents)) {
$validation_errors['asset_id'] = sprintf(_("Unable to connect HIDS agent to '%s'. This asset already has an agent deployed. If you want to deploy a new agent, please review <a class=\"bold_red\" href=\"https://www.alienvault.com/help/redirect/usm/connect_agent\" target=\"_blank\">how to manage agent connections</a> and try again"), Asset_host::get_name_by_id($conn, $asset_id));
}
$db->close();
}
if (is_array($validation_errors) && !empty($validation_errors)) {
$validation_errors['html_errors'] = "<div style='text-align: left;'>" . _('The following errors occurred') . ":</div>\n <div style='padding-left:15px; text-align: left;'>" . implode('<br/>', $validation_errors) . "</div>";
$data['status'] = 'error';
$data['data'] = $validation_errors;
} else {
$data['status'] = 'success';
$data['data'] = _('Your changes have been saved');
try {
Ossec_agent::link_to_asset($sensor_id, $agent_id, $asset_id);
$db = new ossim_db();
$conn = $db->connect();
$agents = Asset_host::get_related_hids_agents($conn, $asset_id, $sensor_id);
$agent_key = md5(strtoupper($sensor_id) . '#' . $agent_id);
$agent_info = array('ip_cidr' => $agents[$agent_key]['ip_cidr'], 'host_id' => $asset_id);
$data['asset'] = array('id' => $asset_id, 'name' => Asset_host::get_name_by_id($conn, $asset_id), 'actions' => Ossec_agent::get_actions($agent_id, $agent_info));
$db->close();
} catch (Exception $e) {
$data['status'] = 'error';
$data['data'] = _('An unexpected error occurred. Unable to connect asset to HIDS agent. Please try again') . '.<br/><br/>' . sprintf(_('Reason: %s'), $e->getMessage());
}
}
echo json_encode($data);
exit;
$data['status'] = 'error';
$data['data'] = $validation_errors;
} else {
$ret = NULL;
$data['status'] = 'success';
try {
$new_agent = Ossec_agent::create($sensor_id, $agent_name, $ip_cidr, $asset_id);
//If ossec-remoted is not running, we have to restart Ossec Server
$ossec_status = Ossec_control::execute_action($sensor_id, 'status');
if ('UP' !== $ossec_status['general_status']['ossec-remoted']) {
Ossec_control::execute_action($sensor_id, 'restart');
}
if (is_array($new_agent) && !empty($new_agent)) {
$agent_id = $new_agent['id'];
$agent_info = array('name' => $new_agent['name'], 'ip_cidr' => $new_agent['ip_cidr'], 'status' => $new_agent['status']);
$agent_actions = Ossec_agent::get_actions($agent_id, $new_agent);
$data['data'] = _("HIDS agent has been created. To deploy the agent, please choose one of the options under the 'Actions' column") . "###" . $agent_id . "###";
$a_unique_id = md5($agent_id);
if (valid_hex32($new_agent['host_id'])) {
$db = new Ossim_db();
$conn = $db->connect();
$asset_name = Asset_host::get_name_by_id($conn, $new_agent['host_id']);
$db->close();
} else {
$asset_name = '-';
}
//Normalize status description (See asset list filters)
if ($new_agent['status']['id'] == 1) {
$new_agent['status']['descr'] = 'Disconnected';
}
$agent_elem = array("DT_RowId" => 'cont_agent_' . $agent_id, "DT_RowData" => array('agent_key' => $a_unique_id, 'asset_id' => $new_agent['host_id'], 'agent_status' => $new_agent['status']), '', $agent_id, $new_agent['name'], $asset_name, $new_agent['ip_cidr'], "-", "-", $new_agent['status']['descr'], $agent_actions);
}
$data['data'] .= "</tbody>\n </table>";
} else {
$config_nt = array('content' => _($header) . " <span style='font-weight: bold;'>" . _('No results') . "</span>", 'options' => array('type' => 'nf_info', 'cancel_button' => FALSE), 'style' => 'width: 80%; margin: 20px auto; text-align: left;');
$nt = new Notification('nt_1', $config_nt);
$data['data'] = $nt->show(FALSE);
}
} catch (Exception $e) {
$data['status'] = 'error';
$data['data'] = _('Error! Modified registry files could not be extracted for this agent');
}
break;
case 'rootcheck':
try {
$data['status'] = 'success';
$res = Ossec_agent::launch_rootcheck($sensor_id, $id);
$header = _('Policy and auditing database');
if (count($res) > 0) {
$data['data'] = "<div style='font-weight: bold; font-size: 11px; padding: 10px 0px;'>" . _($header) . ":</div>\n <table class='table_files table_data' id='tf'>\n <thead>\n <tr>\n <th class='cf_type'>" . _('Type') . "</th>\n <th class='cf_date'>" . _('Last Date') . "</th>\n <th class='cf_date'>" . _('First Date') . "</th>\n <th>" . _('Event') . "</th>\n </tr>\n </thead>\n \n <tbody>";
$days = 0;
$dates = array();
foreach ($res as $line) {
$r_data = explode(',', $line);
if (!empty($r_data)) {
if (empty($dates[$r_data[1]])) {
$dates[$data[1]] = $r_data[1];
$days = $days + 1;
$color = $days % 2 == 0 ? 'class="odd"' : 'class="even"';
}
$data['data'] .= "<tr {$color}>\n <td class='cf_type'>" . $r_data[0] . "</td>\n <td class='cf_date'>" . $r_data[1] . "</td>\n <td class='cf_date'>" . $r_data[2] . "</td>\n <td class='cf_path'>" . $r_data[3] . "</td>\n </tr>";
}
$conn = $db->connect();
$res = Av_center::get_system_info_by_ip($conn, $d_data['sensor_ip']);
if ($res['status'] == 'success') {
$sensor_id = $res['data']['sensor_id'];
if (!Ossec_utilities::is_sensor_allowed($conn, $sensor_id)) {
$data['status'] = 'error';
$data['data'] = _('Error! Sensor not allowed');
}
} else {
$data['status'] = 'error';
$data['data'] = _('Error! Unable to validate sensor IP');
}
if ($data['status'] == 'error') {
$db->close();
echo json_encode($data);
exit;
}
$db->close();
try {
if ($order == 'status') {
$data = Ossec_agent::check_deployment_status($d_data, $os_type);
} else {
$data = Ossec_agent::execute_deployment_action($d_data, $order, $os_type);
}
} catch (Exception $e) {
$data['status'] = 'warning';
$data['data'] = $e->getMessage();
}
echo json_encode($data);
exit;
}
if (!Ossec_utilities::is_sensor_allowed($conn, $sensor_id)) {
$validation_errors['sensor_id'] = _('Unable to deploy HIDS agent. The selected sensor is not allowed. Please update the sensor in asset details and try again');
}
}
if (is_array($validation_errors) && !empty($validation_errors)) {
$data['status'] = 'error';
if (POST('ajax_validation_all') == TRUE) {
$data['data'] = $validation_errors;
} else {
$data['data'] = '<div>' . _('The following errors occurred') . ":</div>\n <div style='padding: 10px;'>" . implode('<br/>', $validation_errors) . '</div>';
}
} else {
if (POST('ajax_validation_all') == TRUE) {
$data['status'] = 'OK';
$data['data'] = _('HIDS data successfully checked');
} else {
$asset_id = POST('asset_id');
$sensor_id = POST('sensor_id');
$agent_id = POST('agent_id');
try {
$d_data = array('asset_id' => $asset_id, 'w_ip' => POST('asset_ip'), 'w_user' => POST('user'), 'w_password' => POST('pass'), 'w_domain' => POST('domain'), 'agent_id' => $agent_id);
$data['status'] = 'success';
$data['data'] = Ossec_agent::deploy_windows_agent($sensor_id, $d_data);
} catch (Exception $e) {
$data['status'] = 'error';
$data['data'] = $e->getMessage();
}
}
}
$db->close();
echo json_encode($data);
