function get_user_icon($login, $pro)
{
    ${$pixmaps} = '../pixmaps/user-green.png';
    $db = new ossim_db();
    $conn = $db->connect();
    $user = Session::get_list($conn, "WHERE login='{$login}'");
    if ($pro) {
        // Pro-version
        if ($login == ACL_DEFAULT_OSSIM_ADMIN || $user[0]->get_is_admin()) {
            $pixmaps = '../pixmaps/user-gadmin.png';
        } elseif (Acl::is_proadmin($conn, $user[0]->get_login())) {
            $pixmaps = '../pixmaps/user-business.png';
        }
    } else {
        // Open Source
        if ($login == ACL_DEFAULT_OSSIM_ADMIN || $user[0]->get_is_admin()) {
            $pixmaps = "../pixmaps/user-gadmin.png";
        }
    }
    $db->close();
    return $pixmaps;
}
Example #2
0
function get_user_icon($login, $pro)
{
    require_once 'ossim_db.inc';
    $db = new ossim_db();
    $dbconn = $db->connect();
    $user = Session::get_list($dbconn, "WHERE login='{$login}'");
    if ($pro) {
        // Pro-version
        if ($login == ACL_DEFAULT_OSSIM_ADMIN || $user[0]->get_is_admin()) {
            return "../pixmaps/user-gadmin.png";
        } elseif (Acl::is_proadmin($dbconn, $user[0]->get_login())) {
            return "../pixmaps/user-business.png";
        } else {
            return "../pixmaps/user-green.png";
        }
    } else {
        // Opensource
        if ($login == ACL_DEFAULT_OSSIM_ADMIN || $user[0]->get_is_admin()) {
            return "../pixmaps/user-gadmin.png";
        } else {
            return "../pixmaps/user-green.png";
        }
    }
}
Example #3
0
 * @var String
 */
$plugin = '';
/**
 * application root path
 *
 * @var string
 */
define('APP_ROOT', realpath(dirname(__FILE__) . '/../'));
if (file_exists(APP_ROOT . '/config.php')) {
    include_once APP_ROOT . '/config.php';
}
/*if (defined('PSI_DEFAULT_LANG')) {
    $lang = PSI_DEFAULT_LANG;
}*/
$admin_data = Session::get_list($dbconn, "WHERE login='admin'");
preg_match("/(.*)_.*/", $admin_data[0]->get_language(), $found);
$lang = $found[1];
if (isset($_GET['lang'])) {
    if (file_exists(APP_ROOT . '/language/' . trim(htmlspecialchars(basename($_GET['lang']))) . '.xml')) {
        $lang = basename($_GET['lang']);
    }
}
$plugin = isset($_GET['plugin']) ? trim(htmlspecialchars(basename($_GET['plugin']))) : null;
if ($plugin == null) {
    if (file_exists(APP_ROOT . '/language/' . $lang . '.xml')) {
        echo file_get_contents(APP_ROOT . '/language/' . $lang . '.xml');
    } else {
        echo file_get_contents(APP_ROOT . '/language/en.xml');
    }
} else {
ini_set("include_path", ".:/usr/share/ossim/include:/usr/share/phpgacl");
$force_gacl = true;
require_once 'av_init.php';
$gacl = $GLOBALS['ACL'];
/* connect to db */
$db = new ossim_db();
$conn = $db->connect();
try {
    $net_list = Asset_net::get_all($conn);
    $sensor_list = Av_sensor::get_all($conn);
} catch (Exception $e) {
    print $e->getMessage();
    exit;
}
$permids = get_permids($conn);
$users = Session::get_list($conn);
foreach ($users as $user) {
    $nets = "";
    $sensors = "";
    $perms = array();
    $login = $user->get_login();
    if ($user->get_is_admin() || $login == ACL_DEFAULT_OSSIM_ADMIN) {
        continue;
    }
    // Skip admin user
    $query = "SELECT * FROM users WHERE login=?";
    $params = array($login);
    if (!($rs =& $conn->Execute($query, $params))) {
        print $conn->ErrorMsg();
        exit;
    } else {
Example #5
0
}
$db = new ossim_db();
$conn = $db->connect();
/* check params */
if (!POST("user") || !POST("pass1") || !POST("pass2")) {
    require_once "ossim_error.inc";
    $error = new OssimError();
    $error->display("FORM_MISSING_FIELDS");
}
if (!Session::am_i_admin() && ($_SESSION["_user"] != $user && !POST("oldpass"))) {
    require_once "ossim_error.inc";
    $error = new OssimError();
    $error->display("FORM_MISSING_FIELDS");
}
/* check for old password if not actual user or admin */
if ($_SESSION["_user"] != $user && !Session::am_i_admin() && !is_array($user_list = Session::get_list($conn, "WHERE login = '" . $user . "' and pass = '" . md5($oldpass) . "'"))) {
    require_once "ossim_error.inc";
    $error = new OssimError();
    $error->display("BAD_OLD_PASSWORD");
}
/* check passwords */
if (0 != strcmp($pass1, $pass2)) {
    require_once "ossim_error.inc";
    $error = new OssimError();
    $error->display("PASSWORDS_MISMATCH");
}
/* only the user himself or the admin can change passwords */
if (POST('user') != $_SESSION["_user"] && !Session::am_i_admin()) {
    die(ossim_error(_("To change the password for other user is not allowed")));
}
/* check OK, insert into DB */
Example #6
0
$is_my_profile = $login == $myself && !$duplicate ? TRUE : FALSE;
ossim_valid($greybox, OSS_DIGIT, OSS_NULLABLE, 'illegal:' . _('Greybox'));
if (ossim_error()) {
    echo ossim_error();
    exit;
}
if ($is_default_admin && $duplicate == TRUE) {
    echo ossim_error(_('The user admin can not be duplicated'));
    exit;
}
if ($login != '') {
    if ($login == AV_DEFAULT_ADMIN && $myself != AV_DEFAULT_ADMIN) {
        $user = '';
    } else {
        $s_login = escape_sql($login, $conn, FALSE);
        $user_list = Session::get_list($conn, "WHERE login='{$s_login}'", '', FALSE, TRUE);
        $user = $user_list[0];
    }
    if (is_object($user) && !empty($user)) {
        $user = $user_list[0];
        $uuid = $user->get_uuid();
        $login = $duplicate == TRUE ? $login . '_duplicated' : $login;
        $user_name = $user->get_name();
        $email = $user->get_email();
        $language = $user->get_language();
        $tzone = $user->get_tzone();
        $template_id = $user->get_template_id();
        $login_method = $user->get_login_method();
        $login_method = $login_method == 'ldap' ? 'ldap' : 'pass';
        $last_pass_change = $user->last_pass_change();
        $is_admin = $user->get_is_admin();
Example #7
0
if (isset($_POST['user_id'])) {
    $user_id = POST('user_id');
    $language = POST('language');
    ossim_valid($user_id, OSS_USER, 'illegal:' . _("user_id"));
    ossim_valid($language, OSS_ALPHA, OSS_PUNC, OSS_AT, OSS_NULLABLE, 'illegal:' . _("Language"));
    if (ossim_error()) {
        die(ossim_error());
    }
    $_SESSION['_user_language'] = $language;
    Session::changelang($conn, $user_id, $language);
    if ($user_id == Session::get_session_user()) {
        ?>
<script type="text/javascript">top.topmenu.location = '../top.php?option=7&soption=1';</script><?php 
    }
}
if ($session_list = Session::get_list($conn, "ORDER BY {$order}")) {
    foreach ($session_list as $session) {
        $login = $session->get_login();
        if (!Session::am_i_admin() && $login != Session::get_session_user()) {
            continue;
        }
        $name = $session->get_name();
        $email = $session->get_email();
        $enabled = $session->get_enabled();
        $pass = "...";
        $company = $session->get_company();
        $department = $session->get_department();
        $language = $session->get_language();
        $is_admin = $session->get_is_admin();
        $color = $i++ % 2 == 0 ? "bgcolor='#f2f2f2'" : "";
        ?>
Example #8
0
    </head>
    <body>' . '<table width="100%" cellspacing="0" cellpadding="0" style="border:0px;">' . '<tr><td width="75">' . _('Id:') . '</td><td>' . $result->fields["id"] . '</td></tr>' . '<tr><td width="75">' . _('Title:') . '</td><td>' . $result->fields["title"] . '</td></tr>' . '<tr><td width="75">' . _('Date:') . '</td><td>' . $result->fields["date"] . '</td></tr>' . '<tr><td width="75">' . _('Ref:') . '</td><td>' . $result->fields["ref"] . '</td></tr>' . '<tr><td width="75">' . _('Type id:') . '</td><td>' . $result->fields["type_id"] . '</td></tr>' . '<tr><td width="75">' . _('Priority:') . '</td><td>' . $result->fields["priority"] . '</td></tr>' . '<tr><td width="75">' . _('Last update:') . '</td><td>' . $result->fields["last_update"] . '</td></tr>' . '<tr><td width="75">' . _('In charge:') . '</td><td>' . $in_charge . '</td></tr>' . '<tr><td width="75">' . _('Submitter:') . '</td><td>' . $result->fields["submitter"] . '</td></tr>' . '</table>' . '</body>
    </html>';
    if (!valid_hex32($result->fields["in_charge"])) {
        $user_data = Session::get_list($conn, "WHERE login='" . $result->fields["in_charge"] . "'", "", TRUE);
        if (is_object($user_data[0])) {
            if ($user_data[0]->get_email() != '') {
                Util::send_email($conn, $user_data[0]->get_email(), $subject, $body);
            }
        }
    } else {
        // In_charge is a entity
        $entity_data = Acl::get_entity($conn, $result->fields["in_charge"], FALSE, FALSE);
        if ($entity_data["admin_user"] != "") {
            // exists pro admin
            $pro_admin_data = Session::get_list($conn, "WHERE login='" . $entity_data["admin_user"] . "'", "", TRUE);
            if ($pro_admin_data[0]->get_email() != '') {
                Util::send_email($conn, $pro_admin_data[0]->get_email(), $subject, $body);
            }
        } else {
            // Doesn't exit pro admin
            $users_list = Acl::get_users_by_entity($conn, $result->fields["in_charge"]);
            foreach ($users_list as $user) {
                if ($user["email"] != '') {
                    Util::send_email($conn, $user['email'], $subject, $body);
                }
            }
        }
    }
    $result->MoveNext();
}
function get_json_users($conn)
{
    require_once 'av_init.php';
    $json_users = NULL;
    $users_list = Session::get_list($conn, "ORDER BY login");
    if (is_array($users_list) && !empty($users_list)) {
        foreach ($users_list as $user) {
            $json_users .= '{ txt:"' . $user->get_name() . ' [' . _("User") . ']", id: "' . $user->get_login() . '" },';
        }
    }
    return $json_users;
}
Example #10
0
ossim_valid($perms, OSS_ALPHA, OSS_PUNC, OSS_NULLABLE, 'illegal:' . _("Permissions"));
if (ossim_error()) {
    die(ossim_error());
}
function check_perms($user, $mainmenu, $submenu)
{
    $gacl = $GLOBALS['ACL'];
    return $gacl->acl_check($mainmenu, $submenu, ACL_DEFAULT_USER_SECTION, $user);
}
require_once 'classes/Session.inc';
require_once 'classes/Net.inc';
require_once 'classes/Sensor.inc';
require_once 'ossim_db.inc';
$db = new ossim_db();
$conn = $db->connect();
if ($user_list = Session::get_list($conn, "WHERE login = '{$user}'")) {
    $user = $user_list[0];
}
$net_list = Net::get_all($conn);
$sensor_list = Sensor::get_all($conn, "ORDER BY name ASC");
?>

<form name="fnewuser" id="fnewuser" method="post" action="duplicateuser.php">

<table align="center">
	<input type="hidden" name="insert" value="insert" />
	<tr>
		<th> <?php 
echo _("User login") . required();
?>
</th>
Example #11
0
" style="width:80px;"/>
							<div id="widget" style="display:inline;">
								<a href="javascript:;"><img src="../pixmaps/calendar.png" id='imgcalendar' border="0" align="absmiddle" style="padding-bottom:1px" /></a>
								<div id="widgetCalendar" style="position:absolute;top:11;z-index:10"></div>
							</div>
						</td>
					</tr>
				</table>
			</td>
		
			<td class="nobborder" style="padding:5px;">
				<select name="user">
					<?php 
    $selected = $user == "" ? "selected='selected'" : "";
    echo "<option {$selected} value=''>" . _("All") . "</option>";
    if ($session_list = Session::get_list($conn, "ORDER BY login")) {
        foreach ($session_list as $session) {
            $login = $session->get_login();
            $selected = $login == $user ? "selected='selected'" : "";
            echo "<option {$selected} value='{$login}'>{$login}</option>";
        }
    }
    ?>
				</select>
			</td>
			
			<td class="nobborder" style="padding:5px;">
				<select name="code">
					<?php 
    $selected = $code == "" ? "selected='selected'" : "";
    echo "<option {$selected} value=''>" . _("All") . "</option>";
Example #12
0
    }
}
if (ossim_error()) {
    $db->close();
    echo "<rows>\n<page>1</page>\n<total>0</total>\n</rows>\n";
    exit;
}
if (!empty($order)) {
    $order .= POST('sortorder') == 'asc' ? '' : ' desc';
} else {
    $order = 'name';
}
$start = ($page - 1) * $rp;
$limit = "LIMIT {$start}, {$rp}";
$xml = "";
$user_list = Session::get_list($conn, $where, "ORDER BY {$order} {$limit}");
if ($user_list[0]) {
    $total = $user_list[0]->get_foundrows();
    if ($total == 0) {
        $total = count($user_list);
    }
} else {
    $total = 0;
}
$xml .= "<rows>\n";
$xml .= "<page>{$page}</page>\n";
$xml .= "<total>{$total}</total>\n";
foreach ($user_list as $user) {
    $login = $user->get_login();
    if ($login == AV_DEFAULT_ADMIN && $myself != AV_DEFAULT_ADMIN) {
        continue;
Example #13
0
     $in_charge = Session::get_list($conn, "WHERE login='{$in_charge}'");
     $in_charge = count($in_charge) == 1 ? $in_charge[0] : false;
     $in_charge_name = format_user($in_charge);
 }
 if (!empty($transferred)) {
     if (preg_match("/^\\d+\$/", $transferred)) {
         $querye = "SELECT ae.name as ename, aet.name as etype FROM acl_entities AS ae, acl_entities_types AS aet WHERE ae.type = aet.id AND ae.id={$transferred}";
         $resulte = $conn->execute($querye);
         list($entity_name, $entity_type) = $resulte->fields;
         if (!empty($entity_name) && !empty($entity_type)) {
             $transferred_name = $entity_name . " [" . $entity_type . "]";
         } else {
             $transferred = false;
         }
     } else {
         $transferred = Session::get_list($conn, "WHERE login='{$transferred}'");
         $transferred = count($transferred) == 1 ? $transferred[0] : false;
         $transferred_name = format_user($transferred);
     }
 } else {
     $transferred = false;
 }
 $descrip = $ticket->get_description();
 $action = $ticket->get_action();
 $status = $ticket->get_status();
 $prio = $ticket->get_priority();
 $prio_str = Incident::get_priority_string($prio);
 $prio_box = Incident::get_priority_in_html($prio);
 if ($attach = $ticket->get_attachment($conn)) {
     $file_id = $attach->get_id();
     $file_name = $attach->get_name();
Example #14
0
    $company = POST('company');
    $department = POST('department');
    if ($mode == 'insert') {
        unset($validate["template_id"]);
    }
}
$validation_errors = validate_form_fields('POST', $validate);
//Extended validation
if (empty($validation_errors['login'])) {
    //Checking permissions to create or modify users
    if ($mode == 'insert') {
        if (!$am_i_admin && !$am_i_proadmin) {
            $validation_errors['login'] = _("You don't have permission to create users");
        } else {
            $s_login = escape_sql($login, $conn, FALSE);
            $u_list = Session::get_list($conn, "WHERE login='" . $s_login . "'");
            if (count($u_list) > 0) {
                $validation_errors['login'] = _('User login already exists') . '. <br/>' . _('Entered value') . ": '<strong>" . Util::htmlentities($login) . "</strong>'";
            }
        }
    } else {
        $condition_1 = $am_i_admin && $login != AV_DEFAULT_ADMIN || $is_my_profile;
        $condition_2 = $am_i_proadmin && Session::userAllowed($login) == 2;
        if (!($condition_1 || $condition_2)) {
            $validation_errors['login'] = _("You don't have permission to modify this user");
        }
    }
}
//Checking password field requirements
if (empty($validation_errors['pass'])) {
    //Checking current password
$resend_event = 0;
$sign = 0;
$sem = 0;
$sim = 1;
$rep = 0;
if ($group == "") {
    $group = '00000000000000000000000000000000';
}
$desc = "";
$flag_events = true;
$flag_sensors = true;
$flag_reputation = true;
$flag_servers = false;
$flag_event_prio = true;
$flag_time = true;
$user_list = Session::get_list($conn, "WHERE login='{$login}'");
$user = $user_list[0];
//Getting timezone
$utz = $login != "" ? $user->get_tzone() : "";
if ($utz == "0" || $utz == "") {
    $utz = 'UTC';
}
if (preg_match("/Localtime/", $utz)) {
    $utz = trim(`head -1 /etc/timezone`);
}
//This is the default timezone, It's needed to save in case u delete the time range condition
$default_tz = $utz;
$sources = $dests = $ports = $plugingroups = $sensors = $targets = $actions = array();
$rep_filters = $tax_filters = $event_filters = $server_fwd_filters = array();
$filter = get_filters_names($conn);
if ($id != "") {
Example #16
0
}
// Insert
while ($file = $dir->read()) {
    if (preg_match("/^insert\\-(.+)\\.sql\\.gz/", $file, $found)) {
        if (!in_array($found[1], $delete)) {
            $insert[] = $found[1];
        }
    }
}
rsort($insert);
$dir->close();
if ($pro) {
    // users
    $users = array();
    if (Session::am_i_admin()) {
        $users_list = Session::get_list($conn_ossim);
        foreach ($users_list as $user_data) {
            $users[] = $user_data->login;
        }
    } else {
        $users_list = Acl::get_my_users($conn_ossim, Session::get_session_user());
        foreach ($users_list as $user_data) {
            $users[] = $user_data["login"];
        }
    }
    // entities
    list($entities_all, $num_entities) = Acl::get_entities($conn_ossim);
    list($entities_admin, $num) = Acl::get_entities_admin($conn_ossim, Session::get_session_user());
    $entities_list = array_keys($entities_admin);
}
$db->close($conn);
Example #17
0
$pass1 = GET('pass1');
$pass2 = GET('pass2');
$oldpass = GET('oldpass');
ossim_valid($pass1, OSS_ALPHA, OSS_PUNC_EXT, OSS_NULLABLE, 'illegal:' . _("Password"));
ossim_valid($pass2, OSS_ALPHA, OSS_PUNC_EXT, OSS_NULLABLE, 'illegal:' . _("Password"));
ossim_valid($oldpass, OSS_ALPHA, OSS_NULLABLE, 'illegal:' . _("Current Password"));
if (ossim_error()) {
    die(ossim_error());
}
if ($pass1 != "") {
    /* check passwords */
    if (0 != strcmp($pass1, $pass2)) {
        $msg = _("Passwords mismatches");
    } elseif (strlen($pass1) < 5) {
        $msg = _("Minimum password length is 5 characters.");
    } elseif (count($user_list = Session::get_list($conn, "WHERE login = '" . $user . "' and pass = '" . md5($oldpass) . "'")) < 1) {
        $msg = _("Current password is not correct");
    } elseif ($pass1 == $oldpass) {
        $msg = _("You must change your old password.");
    } else {
        if (preg_match("/pro|demo/i", $conf->get_conf("ossim_server_version", FALSE))) {
            Acl::changepass($conn, $user, $pass1);
        } else {
            Session::changepass($conn, $user, $pass1);
        }
        header("location:../index.php");
    }
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
Example #18
0
function get_report_data($id = NULL)
{
    $conf = $GLOBALS['CONF'];
    $conf = !$conf ? new Ossim_conf() : $conf;
    $y = strftime('%Y', time() - 24 * 60 * 60 * 30);
    $m = strftime('%m', time() - 24 * 60 * 60 * 30);
    $d = strftime('%d', time() - 24 * 60 * 60 * 30);
    $reports['asset_report'] = array('report_name' => _('Asset Details'), 'report_id' => 'asset_report', 'type' => 'external', 'link_id' => 'link_ar_asset', 'link' => '', 'parameters' => array(array('name' => _('Host Name/IP/Network'), 'id' => 'ar_asset', 'type' => 'asset', 'default_value' => '')), 'access' => Session::menu_perms('environment-menu', 'PolicyHosts') || Session::menu_perms('environment-menu', 'PolicyNetworks'), 'send_by_email' => 0);
    $status_values = array('All' => array('text' => _('All')), 'Open' => array('text' => _('Open')), 'Assigned' => array('text' => _('Assigned')), 'Studying' => array('text' => _('Studying')), 'Waiting' => array('text' => _('Waiting')), 'Testing' => array('text' => _('Testing')), 'Closed' => array('text' => _('Closed')));
    $types_values = array('ALL' => array('text' => _('ALL')), 'Expansion Virus' => array('text' => _('Expansion Virus')), 'Corporative Nets Attack' => array('text' => _('Corporative Nets Attack')), 'Policy Violation' => array('text' => _('Policy Violation')), 'Security Weakness' => array('text' => _('Security Weakness')), 'Net Performance' => array('text' => _('Net Performance')), 'Applications and Systems Failures' => array('text' => _('Applications and Systems Failures')), 'Anomalies' => array('text' => _('Anomalies')), 'Vulnerability' => array('text' => _('Vulnerability')));
    $priority_values = array('High' => _('High'), 'Medium' => _('Medium'), 'Low' => _('Low'));
    $reports['tickets_report'] = array('report_name' => _('Tickets Report'), 'report_id' => 'tickets_report', 'type' => 'pdf', 'subreports' => array('title_page' => array('id' => 'title_page', 'name' => _('Title Page'), 'report_file' => 'os_reports/Common/titlepage.php'), 'alarm' => array('id' => 'alarm', 'name' => _('Alarm'), 'report_file' => 'os_reports/Tickets/Alarm.php'), 'event' => array('id' => 'event', 'name' => _('Event'), 'report_file' => 'os_reports/Tickets/Event.php'), 'anomaly' => array('id' => 'anomaly', 'name' => _('Anomaly'), 'report_file' => 'os_reports/Tickets/Anomaly.php'), 'vulnerability' => array('id' => 'vulnerability', 'name' => _('Vulnerability'), 'report_file' => 'os_reports/Tickets/Vulnerability.php')), 'parameters' => array(array('name' => _('Date Range'), 'date_from_id' => 'tr_date_from', 'date_to_id' => 'tr_date_to', 'type' => 'date_range', 'default_value' => array('date_from' => $y . '-' . $m . '-' . $d, 'date_to' => date('Y') . '-' . date('m') . '-' . date('d'))), array('name' => _('Status'), 'id' => 'tr_status', 'type' => 'select', 'values' => $status_values), array('name' => _('Type'), 'id' => 'tr_type', 'type' => 'select', 'values' => $types_values), array('name' => _('Priority'), 'id' => 'tr_priority', 'type' => 'checkbox', 'values' => $priority_values)), 'access' => Session::menu_perms('analysis-menu', 'IncidentsIncidents'), 'send_by_email' => 1);
    $reports['alarm_report'] = array('report_name' => _('Alarms Report'), 'report_id' => 'alarm_report', 'type' => 'pdf', 'subreports' => array('title_page' => array('id' => 'title_page', 'name' => _('Title Page'), 'report_file' => 'os_reports/Common/titlepage.php'), 'top_attacker_host' => array('id' => 'top_attacker_host', 'name' => _('Top 10 Attacker Host'), 'report_file' => 'os_reports/Alarms/AttackerHosts.php'), 'top_attacked_host' => array('id' => 'top_attacked_host', 'name' => _('Top 10 Attacked Host'), 'report_file' => 'os_reports/Alarms/AttackedHosts.php'), 'used_port' => array('id' => 'used_port', 'name' => _('Top 10 Used Ports'), 'report_file' => 'os_reports/Alarms/UsedPorts.php'), 'top_events' => array('id' => 'top_events', 'name' => _('Top 15 Alarms'), 'report_file' => 'os_reports/Alarms/TopAlarms.php'), 'events_by_risk' => array('id' => 'events_by_risk', 'name' => _('Top 15 Alarms by Risk'), 'report_file' => 'os_reports/Alarms/TopAlarmsByRisk.php')), 'parameters' => array(array('name' => _('Date Range'), 'date_from_id' => 'ar_date_from', 'date_to_id' => 'ar_date_to', 'type' => 'date_range', 'default_value' => array('date_from' => $y . '-' . $m . '-' . $d, 'date_to' => date('Y') . '-' . date('m') . '-' . date('d')))), 'access' => Session::menu_perms('analysis-menu', 'ControlPanelAlarms'), 'send_by_email' => 1);
    $reports['bc_pci_report'] = array('report_name' => _('Business & Compliance ISO PCI Report'), 'report_id' => 'bc_pci_report', 'type' => 'pdf', 'subreports' => array('title_page' => array('id' => 'title_page', 'name' => _('Title Page'), 'report_file' => 'os_reports/Common/titlepage.php'), 'threat_overview' => array('id' => 'threat_overview', 'name' => _('Threat overview'), 'report_file' => 'os_reports/BusinessAndComplianceISOPCI/ThreatOverview.php'), 'bri_risks' => array('id' => 'bri_risks', 'name' => _('Business real impact risks'), 'report_file' => 'os_reports/BusinessAndComplianceISOPCI/BusinessPotentialImpactsRisks.php'), 'ciap_impact' => array('id' => 'ciap_impact', 'name' => _('C.I.A Potential impact'), 'report_file' => 'os_reports/BusinessAndComplianceISOPCI/CIAPotentialImpactsRisks.php'), 'pci_dss' => array('id' => 'pci_dss', 'name' => _('PCI-DSS 2.0'), 'report_file' => 'os_reports/BusinessAndComplianceISOPCI/PCI-DSS.php'), 'pci_dss3' => array('id' => 'pci_dss3', 'name' => _('PCI-DSS 3.0'), 'report_file' => 'os_reports/BusinessAndComplianceISOPCI/PCI-DSS3.php'), 'trends' => array('id' => 'trends', 'name' => _('Trends'), 'report_file' => 'os_reports/BusinessAndComplianceISOPCI/Trends.php'), 'iso27002_p_impact' => array('id' => 'iso27002_p_impact', 'name' => _('ISO27002 Potential impact'), 'report_file' => 'os_reports/BusinessAndComplianceISOPCI/ISO27002PotentialImpact.php'), 'iso27001' => array('id' => 'iso27001', 'name' => _('ISO27001'), 'report_file' => 'os_reports/BusinessAndComplianceISOPCI/ISO27001.php')), 'parameters' => array(array('name' => _('Date Range'), 'date_from_id' => 'bc_pci_date_from', 'date_to_id' => 'bc_pci_date_to', 'type' => 'date_range', 'default_value' => array('date_from' => $y . '-' . $m . '-' . $d, 'date_to' => date('Y') . '-' . date('m') . '-' . date('d')))), 'access' => Session::menu_perms('report-menu', 'ReportsReportServer'), 'send_by_email' => 1);
    $reports['siem_report'] = array('report_name' => _('SIEM Events'), 'report_id' => 'siem_report', 'type' => 'pdf', 'subreports' => array('title_page' => array('id' => 'title_page', 'name' => _('Title Page'), 'report_file' => 'os_reports/Common/titlepage.php'), 'top_attacker_host' => array('id' => 'top_attacker_host', 'name' => _('Top 10 Attacker Host'), 'report_file' => 'os_reports/Siem/AttackerHosts.php'), 'top_attacked_host' => array('id' => 'top_attacked_host', 'name' => _('Top 10 Attacked Host'), 'report_file' => 'os_reports/Siem/AttackedHosts.php'), 'used_port' => array('id' => 'used_port', 'name' => _('Top 10 Used Ports'), 'report_file' => 'os_reports/Siem/UsedPorts.php'), 'top_events' => array('id' => 'top_events', 'name' => _('Top 15 Events'), 'report_file' => 'os_reports/Siem/TopEvents.php'), 'events_by_risk' => array('id' => 'events_by_risk', 'name' => _('Top 15 Events by Risk'), 'report_file' => 'os_reports/Siem/TopEventsByRisk.php')), 'parameters' => array(array('name' => _('Date Range'), 'date_from_id' => 'sr_date_from', 'date_to_id' => 'sr_date_to', 'type' => 'date_range', 'default_value' => array('date_from' => $y . '-' . $m . '-' . $d, 'date_to' => date('Y') . '-' . date('m') . '-' . date('d')))), 'access' => Session::menu_perms('analysis-menu', 'EventsForensics'), 'send_by_email' => 1);
    $reports['vulnerabilities_report'] = array('report_name' => _('Vulnerabilities Report'), 'report_id' => 'vulnerabilities_report', 'type' => 'external', 'target' => '_blank', 'link_id' => 'link_vr', 'link' => Menu::get_menu_url('../vulnmeter/lr_respdf.php?ipl=all&scantype=M', 'environment', 'vulnerabilities', 'overview'), 'access' => Session::menu_perms('analysis-menu', 'EventsVulnerabilities'), 'send_by_email' => 0);
    $reports['th_vuln_db'] = array('report_name' => _('Threats & Vulnerabilities Database'), 'report_id' => 'th_vuln_db', 'type' => 'external', 'link_id' => 'link_tvd', 'link' => Menu::get_menu_url('../vulnmeter/threats-db.php', 'environment', 'vulnerabilities', 'threat_database'), 'access' => Session::menu_perms('analysis-menu', 'EventsVulnerabilities'), 'send_by_email' => 0);
    $reports['ticket_status'] = array('report_name' => _('Tickets Status'), 'report_id' => 'ticket_status', 'type' => 'external', 'link_id' => 'link_tr', 'link' => Menu::get_menu_url('../report/incidentreport.php', 'analysis', 'tickets', 'tickets'), 'access' => Session::menu_perms('analysis-menu', 'IncidentsIncidents'), 'send_by_email' => 0);
    $db = new ossim_db();
    $conn = $db->connect();
    $user = Session::get_session_user();
    $session_list = Session::get_list($conn, 'ORDER BY login');
    if (preg_match('/pro|demo/', $conf->get_conf('ossim_server_version')) && !Session::am_i_admin()) {
        $myusers = Acl::get_my_users($conn, Session::get_session_user());
        if (count($myusers) > 0) {
            $is_pro_admin = 1;
        }
    }
    // User Log lists
    if (Session::am_i_admin()) {
        $user_values[''] = array('text' => _('All'));
        if ($session_list) {
            foreach ($session_list as $session) {
                $login = $session->get_login();
                $user_values[$login] = $login == $user ? array('text' => $login, 'selected' => TRUE) : array('text' => $login);
            }
        }
    } elseif ($is_pro_admin) {
        foreach ($myusers as $myuser) {
            $user_values[$myuser['login']] = array('text' => $myuser['login']);
            $user_values[$user] = array('text' => $user, 'selected' => TRUE);
        }
    } else {
        $user_values[$user] = array('text' => $user);
    }
    $code_list = Log_config::get_list($conn, 'ORDER BY descr');
    $action_values[''] = array('text' => _('All'));
    if ($code_list) {
        foreach ($code_list as $code_log) {
            $code_aux = $code_log->get_code();
            $action_values[$code_aux] = array('text' => '[' . sprintf("%02d", $code_aux) . '] ' . _(preg_replace('|%.*?%|', " ", $code_log->get_descr())));
        }
    }
    $reports['user_activity'] = array('report_name' => _('User Activity Report'), 'report_id' => 'user_activity', 'type' => 'external', 'link_id' => 'link_ua', 'link' => Menu::get_menu_url('../userlog/user_action_log.php', 'settings', 'settings', 'user_activity'), 'parameters' => array(array('name' => _('User'), 'id' => 'ua_user', 'type' => 'select', 'values' => $user_values), array('name' => _('Action'), 'id' => 'ua_action', 'type' => 'select', 'values' => $action_values)), 'access' => Session::menu_perms('settings-menu', 'ToolsUserLog'), 'send_by_email' => 0);
    $reports['geographic_report'] = array('report_name' => _('Geographic Report'), 'report_id' => 'geographic_report', 'type' => 'pdf', 'subreports' => array('title_page' => array('id' => 'title_page', 'name' => _('Title Page'), 'report_file' => 'os_reports/Common/titlepage.php'), 'geographic_report' => array('id' => 'geographic_report', 'name' => _('Geographic Report'), 'report_file' => 'os_reports/Various/Geographic.php')), 'parameters' => array(array('name' => _('Date Range'), 'date_from_id' => 'gr_date_from', 'date_to_id' => 'gr_date_to', 'type' => 'date_range', 'default_value' => array('date_from' => $y . '-' . $m . '-' . $d, 'date_to' => date('Y') . '-' . date('m') . '-' . date('d')))), 'access' => Session::menu_perms('analysis-menu', 'EventsForensics'), 'send_by_email' => 1);
    //Sensor list
    $sensor_values[''] = array('text' => ' -- ' . _('Sensors no found') . ' -- ');
    $filters = array('order_by' => 'name');
    $sensor_list = Av_sensor::get_basic_list($conn, $filters);
    $filters = array('order_by' => 'priority desc');
    list($sensor_list, $sensor_total) = Av_sensor::get_list($conn, $filters);
    if ($sensor_total > 0) {
        $sensor_values = array();
        foreach ($sensor_list as $s) {
            $properties = $s['properties'];
            if ($properties['has_nagios']) {
                $sensor_values[$s['ip']] = array('text' => $s['name']);
            }
        }
    }
    /* Nagios link */
    $nagios_link = $conf->get_conf('nagios_link');
    $scheme = empty($_SERVER['HTTPS']) ? 'http://' : 'https://';
    $path = !empty($nagios_link) ? $nagios_link : '/nagios3/';
    $port = !empty($_SERVER['SERVER_PORT']) ? ':' . $_SERVER['SERVER_PORT'] : "";
    $nagios = $port . $path;
    $section_values = array(urlencode($nagios . 'cgi-bin/trends.cgi') => array('text' => _('Trends')), urlencode($nagios . 'cgi-bin/avail.cgi') => array('text' => _('Availability')), urlencode($nagios . 'cgi-bin/histogram.cgi') => array('text' => _('Event Histogram')), urlencode($nagios . 'cgi-bin/history.cgi?host=all') => array('text' => _('Event History')), urlencode($nagios . 'cgi-bin/summary.cgi') => array('text' => _('Event Summary')), urlencode($nagios . 'cgi-bin/notifications.cgi') => array('text' => _('Notifications')), urlencode($nagios . 'cgi-bin/showlog.cgi') => array('text' => _('Performance Info')));
    $reports['availability_report'] = array('report_name' => _('Availability Report'), 'report_id' => 'availability_report', 'type' => 'external', 'link_id' => 'link_avr', 'click' => "nagios_link('avr_nagios_link', 'avr_sensor', 'avr_section');", 'parameters' => array(array('name' => _('Sensor'), 'id' => 'avr_sensor', 'type' => 'select', 'values' => $sensor_values), array('name' => 'Nagioslink', 'id' => 'avr_nagios_link', 'type' => 'hidden', 'default_value' => urlencode($scheme)), array('name' => _('Section'), 'id' => 'avr_section', 'type' => 'select', 'values' => $section_values)), 'access' => Session::menu_perms('environment-menu', 'MonitorsAvailability'), 'send_by_email' => 0);
    $db->close();
    if ($id == NULL) {
        ksort($reports);
        return $reports;
    } else {
        return !empty($reports[$id]) ? $reports[$id] : array();
    }
}
Example #19
0
$id = POST('id');
$my_session = session_id();
$db = new ossim_db();
$dbconn = $db->connect();
if ($id == $my_session) {
    $data['status'] = 'error';
    $data['data'] = _("Autologout is not allowed");
    echo json_encode($data);
    exit;
}
//Now, we are gonna check if we can force the logout of the user:
$allowed_users = array();
$flag_delete = false;
if (Session::am_i_admin() || $pro && Acl::am_i_proadmin()) {
    if (Session::am_i_admin()) {
        $users_list = Session::get_list($dbconn, "ORDER BY login");
    } else {
        $users_list = Acl::get_my_users($dbconn, Session::get_session_user());
    }
    if (is_array($users_list) && !empty($users_list)) {
        foreach ($users_list as $k => $v) {
            $users[] = is_object($v) ? $v->get_login() : $v["login"];
        }
        $where = "WHERE login in ('" . implode("','", $users) . "')";
    }
} else {
    $where = "WHERE login = '" . Session::get_session_user() . "'";
}
$allowed_users = Session_activity::get_list($dbconn, $where . " ORDER BY activity desc");
foreach ($allowed_users as $user) {
    if ($user->get_id() == $id) {