$sensor_id = POST('sensor_id'); $new_xml_data = $_POST['data']; $token = POST('token'); ossim_valid($sensor_id, OSS_HEX, 'illegal:' . _('Sensor ID')); ossim_valid($file, OSS_ALPHA, OSS_SCORE, OSS_DOT, 'illegal:' . _('File')); if (ossim_error()) { $data['status'] = 'error'; $data['data'] = ossim_get_error_clean(); } else { if (!Token::verify('tk_f_rules', $token)) { $data['status'] = 'error'; $data['data'] = Token::create_error_message(); } else { $db = new ossim_db(); $conn = $db->connect(); if (!Ossec_utilities::is_sensor_allowed($conn, $sensor_id)) { $data['status'] = 'error'; $data['data'] = _('Error! Sensor not allowed'); } $db->close(); } } if ($data['status'] == 'error') { $data['status'] = 'error'; $data['data'] = _('We found the followings errors:') . "<div style='padding-left: 15px; text-align:left;'>" . $data['data'] . '</div>'; echo json_encode($data); exit; } if (!Ossec::is_editable($file)) { $data['status'] = 'error'; $data['data'] = _('Error! File not editable');
$s_name = $server_obj->get_name(); $s_ip = $server_obj->get_ip(); $server = $s_name . ' (' . $s_ip . ')'; $e_msg = sprintf(_("Unable to deploy agent to assets on a child server. Please login to %s to deploy the HIDS agents"), $server); } Av_exception::throw_error(Av_exception::USER_ERROR, $e_msg); } } catch (Exception $e) { $validation_errors['asset_id'] = $e->getMessage(); } if (empty($validation_errors)) { //Getting asset information $_ips = $asset->get_ips(); $ips = $_ips->get_ips(); //Checking HIDS Sensor $cnd_1 = Ossec_utilities::is_sensor_allowed($conn, $sensor_id) == FALSE; $asset_sensors = Asset_host_sensors::get_sensors_by_id($conn, $asset_id); $cnd_2 = empty($asset_sensors[$sensor_id]); if ($cnd_1 || $cnd_2) { $validation_errors['sensor_id'] = sprintf(_("Sensor %s not allowed. Please check with your account admin for more information"), Av_sensor::get_name_by_id($conn, $sensor_id)); } else { $system_ids = Av_center::get_system_id_by_component($conn, $sensor_id); $res = Av_center::get_system_info_by_id($conn, $system_ids['non-canonical']); if ($res['status'] == 'success') { //We use this function to calculate sensor name because in HA environments there are two systems for one Sensor ID if (empty($res['data']['ha_ip'])) { $sensor_name = $res['data']['name']; } else { $sensor_name = Av_sensor::get_name_by_id($conn, $sensor_id); } $sensor_ip = $res['data']['current_ip'];
if (Session::menu_perms($m_perms, $sm_perms)) { $sensor_id = POST('sensor_id'); $agent_id = POST('agent_id'); $asset_id = POST('asset_id'); $agent_name = POST('agent_name'); $ip_cidr = POST('ip_cidr'); $agent_status = POST('agent_status'); $validate = array('sensor_id' => array('validation' => "OSS_HEX", 'e_message' => 'illegal:' . _('Sensor ID')), 'agent_id' => array('validation' => "OSS_DIGIT", 'e_message' => 'illegal:' . _('Agent ID')), 'asset_id' => array('validation' => "OSS_HEX, OSS_NULLABLE", 'e_message' => 'illegal:' . _('Asset ID')), 'agent_name' => array('validation' => 'OSS_SCORE, OSS_LETTER, OSS_DIGIT, OSS_DOT, OSS_SPACE, "(", ")"', 'e_message' => 'illegal:' . _('Agent Name')), 'ip_cidr' => array('validation' => 'OSS_IP_ADDRCIDR', 'e_message' => 'illegal:' . _('IP/CIDR')), 'agent_status' => array('validation' => 'OSS_DIGIT', 'e_message' => 'illegal:' . _('Agent Status'))); if ($ip_cidr == 'any') { $validate['ip_cidr'] = array('validation' => 'any', 'e_message' => 'illegal:' . _('IP/CIDR')); } $validation_errors = validate_form_fields('POST', $validate); $db = new ossim_db(); $conn = $db->connect(); //Extra validations if (empty($validation_errors['sensor_id']) && !Ossec_utilities::is_sensor_allowed($conn, $sensor_id)) { $validation_errors['sensor_id'] = sprintf(_("Sensor %s not allowed. Please check with your account admin for more information"), Av_sensor::get_name_by_id($conn, $sensor_id)); } if (is_array($validation_errors) && !empty($validation_errors)) { $db->close(); echo "<div style='color:gray; margin:15px; text-align:center;'>" . _('Trend chart not available') . "</div>"; exit; } $tz = Util::get_timezone(); $timetz = gmdate("U") + 3600 * $tz; // time to generate dates with timezone correction //HIDS trend $data = array(); if ($agent_status > 1) { if (Asset_host::is_in_db($conn, $asset_id)) { $data = Ossec_utilities::hids_trend_by_id($conn, $asset_id);
if (is_array($hids_agents) && !empty($hids_agents)) { //Case 1: HIDS Agents was previously deployed $hids_agent = array_pop($hids_agents); $sensor_id = $hids_agent['sensor_id']; $agent_id = $hids_agent['agent_id']; if (Asset_host_ips::valid_ip($hids_agent['ip_cidr']) && array_key_exists($hids_agent['ip_cidr'], $aux_ip_address)) { $ip_address = $hids_agent['ip_cidr']; } else { $ip_address = $default_ip_address; } } else { //Case 2: Not HIDS Agent deployed $asset_sensors = Asset_host_sensors::get_sensors_by_id($conn, $asset_id); foreach ($asset_sensors as $asset_sensor_id => $s_data) { //Checking HIDS Sensor $cnd_1 = Ossec_utilities::is_sensor_allowed($conn, $asset_sensor_id) == TRUE; $cnd_2 = !empty($asset_sensors[$asset_sensor_id]); if ($cnd_1 && $cnd_2) { $sensor_id = $asset_sensor_id; break; } } $agent_id = NULL; $ip_address = $default_ip_address; } if ($sensor_id === NULL) { $deployment_stats[$asset_id]['status'] = 'error'; $deployment_stats[$asset_id]['data'] = _('Error! No HIDS sensor related to asset'); continue; } $d_data = array('asset_id' => $asset_id, 'w_ip' => $ip_address, 'w_user' => $user, 'w_password' => $pass, 'w_domain' => $domain, 'agent_id' => $agent_id);
$data['data'] = $validation_errors; } echo json_encode($data); exit; } $validation_errors = validate_form_fields('POST', $validate); if (is_array($validation_errors) && !empty($validation_errors)) { Util::response_bad_request(implode('<br/>', $validation_errors)); } if (POST('pass') != POST('passc')) { Util::response_bad_request(_('Password fields are different')); } if (!empty($_POST['ppass']) && POST('ppass') != POST('ppassc')) { Util::response_bad_request(_('Privileged Password fields are different')); } if (!Ossec_utilities::is_sensor_allowed($conn, POST('sensor'))) { Util::response_bad_request(_('Error! Sensor not allowed')); } $entries = is_array(POST('entries')) ? POST('entries') : array(); foreach ($entries as $entry) { ossim_valid($entry['id_type'], OSS_NOECHARS, OSS_SCORE, OSS_LETTER, 'illegal:' . _('Type')); ossim_valid($entry['frequency'], OSS_DIGIT, 'illegal:' . _('frequency')); ossim_valid($entry['state'], OSS_NOECHARS, OSS_SCORE, OSS_LETTER, 'illegal:' . _('State')); ossim_valid($entry['arguments'], OSS_NOECHARS, OSS_TEXT, OSS_SPACE, OSS_AT, OSS_NULLABLE, OSS_PUNC_EXT, '\\`', '\\<', '\\>', 'illegal:' . _('Arguments')); if (ossim_error()) { Util::response_bad_request(ossim_get_error_clean()); } } $ip = POST('ip'); $sensor_id = POST('sensor'); $hostname = POST('hostname');