function add_note($conn, $type)
{
$validate = array('asset_id' => array('validation' => 'OSS_HEX', 'e_message' => 'illegal:' . _('Asset ID')), 'txt' => array('validation' => 'OSS_TEXT, OSS_PUNC_EXT', 'e_message' => 'illegal:' . _('Note text')));
$validation_errors = validate_form_fields('POST', $validate);
if (is_array($validation_errors) && !empty($validation_errors)) {
Av_exception::throw_error(Av_exception::USER_ERROR, _('Error! Note could not be added'));
}
$asset_id = POST('asset_id');
$txt = POST('txt');
// Check Asset Type
$asset_types = array('asset' => 'asset_host', 'network' => 'asset_net', 'group' => 'asset_group', 'net_group' => 'net_group');
// Note type
$type_tr = array('group' => 'host_group', 'network' => 'net', 'asset' => 'host', 'net_group' => 'net_group');
$class_name = $asset_types[$type];
$asset_type = $type_tr[$type];
// Check Asset Permission
if (method_exists($class_name, 'is_allowed') && !$class_name::is_allowed($conn, $asset_id)) {
$error = sprintf(_('Error! %s is not allowed'), ucwords($type));
Av_exception::throw_error(Av_exception::USER_ERROR, $error);
}
$note_id = Notes::insert($conn, $asset_type, gmdate('Y-m-d H:i:s'), $asset_id, $txt);
if (intval($note_id) > 0) {
$tz = Util::get_timezone();
$data['msg'] = _('Note added successfully');
$data['id'] = $note_id;
$data['note'] = $txt;
$data['date'] = gmdate('Y-m-d H:i:s', Util::get_utc_unixtime(gmdate('Y-m-d H:i:s')) + 3600 * $tz);
$data['user'] = Session::get_session_user();
$data['editable'] = 1;
} else {
Av_exception::throw_error(Av_exception::USER_ERROR, _('Error! Note could not be added'));
}
return $data;
}
function load_layout($name_layout, $category = 'policy')
{
$db = new ossim_db();
$conn = $db->connect();
$config = new User_config($conn);
$login = Session::get_session_user();
$data = $config->get($login, $name_layout, 'php', $category);
return $data == null ? array() : $data;
}
function reorder_widgets($dbconn, $tab)
{
$user = Session::get_session_user();
ossim_valid($tab, OSS_DIGIT, 'illegal:' . _("Tab ID"));
if (ossim_error()) {
die(ossim_error());
}
$query = "UPDATE dashboard_widget_config set fil = (fil + 1) WHERE panel_id=? and user=? and col=0";
$params = array($tab, $user);
if (!$dbconn->Execute($query, $params)) {
print $dbconn->ErrorMsg();
return TRUE;
} else {
return FALSE;
}
}
function check_report_availability($user_perm, $entity_perm, $creator, $wizard_perms)
{
$me = Session::get_session_user();
if (Session::am_i_admin() || $me == $creator || $wizard_perms['user_perms'][$creator] > 1) {
return TRUE;
} else {
if ($user_perm >= 0) {
if ($user_perm == "0" || $wizard_perms['user_perms'][$user_perm] > 1) {
return TRUE;
}
} elseif ($entity_perm > 0) {
if ($wizard_perms['entity_perms'][$entity_perm] >= 1) {
return TRUE;
}
}
}
return FALSE;
}
function getSourceLocalSSIYear($conn, $date_from, $date_to)
{
$where_range = whereYM($date_from, $date_to);
$user = Session::get_session_user();
$sql = "SELECT source, count(*) as volume from datawarehouse.ssi_user WHERE ssi_user.user = ? AND {$where_range} Group BY source;";
//print_r($sql);
$result = array();
$rs = $conn->Execute($sql, array($user));
if (!$rs) {
Av_exception::write_log(Av_exception::DB_ERROR, $conn->ErrorMsg());
return $result;
}
while (!$rs->EOF) {
$result[] = $rs->fields;
$rs->MoveNext();
}
return $result;
}
function mapAllowed($perms_arr, $version)
{
if (Session::am_i_admin()) {
return true;
}
$ret = false;
foreach ($perms_arr as $perm => $val) {
// ENTITY
if (preg_match("/^\\d+\$/", $perm)) {
if (preg_match("/pro|demo/i", $version) && $_SESSION['_user_vision']['entity'][$perm]) {
$ret = true;
}
// USER
} elseif (Session::get_session_user() == $perm) {
$ret = true;
}
}
return $ret;
}
function get_report_uuid()
{
require_once 'classes/Session.inc';
$uuid = Session::get_secure_id();
$url = null;
if (empty($uuid)) {
$db = new ossim_db();
$dbconn = $db->connect();
$user = Session::get_session_user();
$query = 'SELECT * FROM `users` WHERE login="******"';
$result = $dbconn->Execute($query);
if (is_array($result->fields) && !empty($result->fields)) {
$pass = $result->fields["pass"];
$uuid = sha1($user . "#" . $pass);
} else {
$uuid = false;
}
}
return $uuid;
}
function gettabsavt($configs_dir, $cloud_instance = false)
{
$user = Session::get_session_user();
$tabsavt = array();
if (is_dir($configs_dir)) {
if ($dh = opendir($configs_dir)) {
while (($file = readdir($dh)) !== false) {
if (preg_match("/^{$user}.*\\.avt/", $file)) {
list($avt_id, $avt_values) = getavt($file, $configs_dir);
if (!$cloud_instance || $cloud_instance && $avt_id != 1004) {
// if cloud disable Compliance Tab
$tabsavt[$avt_id] = $avt_values;
}
}
}
closedir($dh);
}
}
return $tabsavt;
}
function get_report_data($id = NULL)
{
$conf = $GLOBALS['CONF'];
$conf = !$conf ? new Ossim_conf() : $conf;
$y = strftime('%Y', time() - 24 * 60 * 60 * 30);
$m = strftime('%m', time() - 24 * 60 * 60 * 30);
$d = strftime('%d', time() - 24 * 60 * 60 * 30);
$reports['asset_report'] = array('report_name' => _('Asset Details'), 'report_id' => 'asset_report', 'type' => 'external', 'link_id' => 'link_ar_asset', 'link' => '', 'parameters' => array(array('name' => _('Host Name/IP/Network'), 'id' => 'ar_asset', 'type' => 'asset', 'default_value' => '')), 'access' => Session::menu_perms('environment-menu', 'PolicyHosts') || Session::menu_perms('environment-menu', 'PolicyNetworks'), 'send_by_email' => 0);
$status_values = array('All' => array('text' => _('All')), 'Open' => array('text' => _('Open')), 'Assigned' => array('text' => _('Assigned')), 'Studying' => array('text' => _('Studying')), 'Waiting' => array('text' => _('Waiting')), 'Testing' => array('text' => _('Testing')), 'Closed' => array('text' => _('Closed')));
$types_values = array('ALL' => array('text' => _('ALL')), 'Expansion Virus' => array('text' => _('Expansion Virus')), 'Corporative Nets Attack' => array('text' => _('Corporative Nets Attack')), 'Policy Violation' => array('text' => _('Policy Violation')), 'Security Weakness' => array('text' => _('Security Weakness')), 'Net Performance' => array('text' => _('Net Performance')), 'Applications and Systems Failures' => array('text' => _('Applications and Systems Failures')), 'Anomalies' => array('text' => _('Anomalies')), 'Vulnerability' => array('text' => _('Vulnerability')));
$priority_values = array('High' => _('High'), 'Medium' => _('Medium'), 'Low' => _('Low'));
$reports['tickets_report'] = array('report_name' => _('Tickets Report'), 'report_id' => 'tickets_report', 'type' => 'pdf', 'subreports' => array('title_page' => array('id' => 'title_page', 'name' => _('Title Page'), 'report_file' => 'os_reports/Common/titlepage.php'), 'alarm' => array('id' => 'alarm', 'name' => _('Alarm'), 'report_file' => 'os_reports/Tickets/Alarm.php'), 'event' => array('id' => 'event', 'name' => _('Event'), 'report_file' => 'os_reports/Tickets/Event.php'), 'anomaly' => array('id' => 'anomaly', 'name' => _('Anomaly'), 'report_file' => 'os_reports/Tickets/Anomaly.php'), 'vulnerability' => array('id' => 'vulnerability', 'name' => _('Vulnerability'), 'report_file' => 'os_reports/Tickets/Vulnerability.php')), 'parameters' => array(array('name' => _('Date Range'), 'date_from_id' => 'tr_date_from', 'date_to_id' => 'tr_date_to', 'type' => 'date_range', 'default_value' => array('date_from' => $y . '-' . $m . '-' . $d, 'date_to' => date('Y') . '-' . date('m') . '-' . date('d'))), array('name' => _('Status'), 'id' => 'tr_status', 'type' => 'select', 'values' => $status_values), array('name' => _('Type'), 'id' => 'tr_type', 'type' => 'select', 'values' => $types_values), array('name' => _('Priority'), 'id' => 'tr_priority', 'type' => 'checkbox', 'values' => $priority_values)), 'access' => Session::menu_perms('analysis-menu', 'IncidentsIncidents'), 'send_by_email' => 1);
$reports['alarm_report'] = array('report_name' => _('Alarms Report'), 'report_id' => 'alarm_report', 'type' => 'pdf', 'subreports' => array('title_page' => array('id' => 'title_page', 'name' => _('Title Page'), 'report_file' => 'os_reports/Common/titlepage.php'), 'top_attacker_host' => array('id' => 'top_attacker_host', 'name' => _('Top 10 Attacker Host'), 'report_file' => 'os_reports/Alarms/AttackerHosts.php'), 'top_attacked_host' => array('id' => 'top_attacked_host', 'name' => _('Top 10 Attacked Host'), 'report_file' => 'os_reports/Alarms/AttackedHosts.php'), 'used_port' => array('id' => 'used_port', 'name' => _('Top 10 Used Ports'), 'report_file' => 'os_reports/Alarms/UsedPorts.php'), 'top_events' => array('id' => 'top_events', 'name' => _('Top 15 Alarms'), 'report_file' => 'os_reports/Alarms/TopAlarms.php'), 'events_by_risk' => array('id' => 'events_by_risk', 'name' => _('Top 15 Alarms by Risk'), 'report_file' => 'os_reports/Alarms/TopAlarmsByRisk.php')), 'parameters' => array(array('name' => _('Date Range'), 'date_from_id' => 'ar_date_from', 'date_to_id' => 'ar_date_to', 'type' => 'date_range', 'default_value' => array('date_from' => $y . '-' . $m . '-' . $d, 'date_to' => date('Y') . '-' . date('m') . '-' . date('d')))), 'access' => Session::menu_perms('analysis-menu', 'ControlPanelAlarms'), 'send_by_email' => 1);
$reports['bc_pci_report'] = array('report_name' => _('Business & Compliance ISO PCI Report'), 'report_id' => 'bc_pci_report', 'type' => 'pdf', 'subreports' => array('title_page' => array('id' => 'title_page', 'name' => _('Title Page'), 'report_file' => 'os_reports/Common/titlepage.php'), 'threat_overview' => array('id' => 'threat_overview', 'name' => _('Threat overview'), 'report_file' => 'os_reports/BusinessAndComplianceISOPCI/ThreatOverview.php'), 'bri_risks' => array('id' => 'bri_risks', 'name' => _('Business real impact risks'), 'report_file' => 'os_reports/BusinessAndComplianceISOPCI/BusinessPotentialImpactsRisks.php'), 'ciap_impact' => array('id' => 'ciap_impact', 'name' => _('C.I.A Potential impact'), 'report_file' => 'os_reports/BusinessAndComplianceISOPCI/CIAPotentialImpactsRisks.php'), 'pci_dss' => array('id' => 'pci_dss', 'name' => _('PCI-DSS 2.0'), 'report_file' => 'os_reports/BusinessAndComplianceISOPCI/PCI-DSS.php'), 'pci_dss3' => array('id' => 'pci_dss3', 'name' => _('PCI-DSS 3.0'), 'report_file' => 'os_reports/BusinessAndComplianceISOPCI/PCI-DSS3.php'), 'trends' => array('id' => 'trends', 'name' => _('Trends'), 'report_file' => 'os_reports/BusinessAndComplianceISOPCI/Trends.php'), 'iso27002_p_impact' => array('id' => 'iso27002_p_impact', 'name' => _('ISO27002 Potential impact'), 'report_file' => 'os_reports/BusinessAndComplianceISOPCI/ISO27002PotentialImpact.php'), 'iso27001' => array('id' => 'iso27001', 'name' => _('ISO27001'), 'report_file' => 'os_reports/BusinessAndComplianceISOPCI/ISO27001.php')), 'parameters' => array(array('name' => _('Date Range'), 'date_from_id' => 'bc_pci_date_from', 'date_to_id' => 'bc_pci_date_to', 'type' => 'date_range', 'default_value' => array('date_from' => $y . '-' . $m . '-' . $d, 'date_to' => date('Y') . '-' . date('m') . '-' . date('d')))), 'access' => Session::menu_perms('report-menu', 'ReportsReportServer'), 'send_by_email' => 1);
$reports['siem_report'] = array('report_name' => _('SIEM Events'), 'report_id' => 'siem_report', 'type' => 'pdf', 'subreports' => array('title_page' => array('id' => 'title_page', 'name' => _('Title Page'), 'report_file' => 'os_reports/Common/titlepage.php'), 'top_attacker_host' => array('id' => 'top_attacker_host', 'name' => _('Top 10 Attacker Host'), 'report_file' => 'os_reports/Siem/AttackerHosts.php'), 'top_attacked_host' => array('id' => 'top_attacked_host', 'name' => _('Top 10 Attacked Host'), 'report_file' => 'os_reports/Siem/AttackedHosts.php'), 'used_port' => array('id' => 'used_port', 'name' => _('Top 10 Used Ports'), 'report_file' => 'os_reports/Siem/UsedPorts.php'), 'top_events' => array('id' => 'top_events', 'name' => _('Top 15 Events'), 'report_file' => 'os_reports/Siem/TopEvents.php'), 'events_by_risk' => array('id' => 'events_by_risk', 'name' => _('Top 15 Events by Risk'), 'report_file' => 'os_reports/Siem/TopEventsByRisk.php')), 'parameters' => array(array('name' => _('Date Range'), 'date_from_id' => 'sr_date_from', 'date_to_id' => 'sr_date_to', 'type' => 'date_range', 'default_value' => array('date_from' => $y . '-' . $m . '-' . $d, 'date_to' => date('Y') . '-' . date('m') . '-' . date('d')))), 'access' => Session::menu_perms('analysis-menu', 'EventsForensics'), 'send_by_email' => 1);
$reports['vulnerabilities_report'] = array('report_name' => _('Vulnerabilities Report'), 'report_id' => 'vulnerabilities_report', 'type' => 'external', 'target' => '_blank', 'link_id' => 'link_vr', 'link' => Menu::get_menu_url('../vulnmeter/lr_respdf.php?ipl=all&scantype=M', 'environment', 'vulnerabilities', 'overview'), 'access' => Session::menu_perms('analysis-menu', 'EventsVulnerabilities'), 'send_by_email' => 0);
$reports['th_vuln_db'] = array('report_name' => _('Threats & Vulnerabilities Database'), 'report_id' => 'th_vuln_db', 'type' => 'external', 'link_id' => 'link_tvd', 'link' => Menu::get_menu_url('../vulnmeter/threats-db.php', 'environment', 'vulnerabilities', 'threat_database'), 'access' => Session::menu_perms('analysis-menu', 'EventsVulnerabilities'), 'send_by_email' => 0);
$reports['ticket_status'] = array('report_name' => _('Tickets Status'), 'report_id' => 'ticket_status', 'type' => 'external', 'link_id' => 'link_tr', 'link' => Menu::get_menu_url('../report/incidentreport.php', 'analysis', 'tickets', 'tickets'), 'access' => Session::menu_perms('analysis-menu', 'IncidentsIncidents'), 'send_by_email' => 0);
$db = new ossim_db();
$conn = $db->connect();
$user = Session::get_session_user();
$session_list = Session::get_list($conn, 'ORDER BY login');
if (preg_match('/pro|demo/', $conf->get_conf('ossim_server_version')) && !Session::am_i_admin()) {
$myusers = Acl::get_my_users($conn, Session::get_session_user());
if (count($myusers) > 0) {
$is_pro_admin = 1;
}
}
// User Log lists
if (Session::am_i_admin()) {
$user_values[''] = array('text' => _('All'));
if ($session_list) {
foreach ($session_list as $session) {
$login = $session->get_login();
$user_values[$login] = $login == $user ? array('text' => $login, 'selected' => TRUE) : array('text' => $login);
}
}
} elseif ($is_pro_admin) {
foreach ($myusers as $myuser) {
$user_values[$myuser['login']] = array('text' => $myuser['login']);
$user_values[$user] = array('text' => $user, 'selected' => TRUE);
}
} else {
$user_values[$user] = array('text' => $user);
}
$code_list = Log_config::get_list($conn, 'ORDER BY descr');
$action_values[''] = array('text' => _('All'));
if ($code_list) {
foreach ($code_list as $code_log) {
$code_aux = $code_log->get_code();
$action_values[$code_aux] = array('text' => '[' . sprintf("%02d", $code_aux) . '] ' . _(preg_replace('|%.*?%|', " ", $code_log->get_descr())));
}
}
$reports['user_activity'] = array('report_name' => _('User Activity Report'), 'report_id' => 'user_activity', 'type' => 'external', 'link_id' => 'link_ua', 'link' => Menu::get_menu_url('../userlog/user_action_log.php', 'settings', 'settings', 'user_activity'), 'parameters' => array(array('name' => _('User'), 'id' => 'ua_user', 'type' => 'select', 'values' => $user_values), array('name' => _('Action'), 'id' => 'ua_action', 'type' => 'select', 'values' => $action_values)), 'access' => Session::menu_perms('settings-menu', 'ToolsUserLog'), 'send_by_email' => 0);
$reports['geographic_report'] = array('report_name' => _('Geographic Report'), 'report_id' => 'geographic_report', 'type' => 'pdf', 'subreports' => array('title_page' => array('id' => 'title_page', 'name' => _('Title Page'), 'report_file' => 'os_reports/Common/titlepage.php'), 'geographic_report' => array('id' => 'geographic_report', 'name' => _('Geographic Report'), 'report_file' => 'os_reports/Various/Geographic.php')), 'parameters' => array(array('name' => _('Date Range'), 'date_from_id' => 'gr_date_from', 'date_to_id' => 'gr_date_to', 'type' => 'date_range', 'default_value' => array('date_from' => $y . '-' . $m . '-' . $d, 'date_to' => date('Y') . '-' . date('m') . '-' . date('d')))), 'access' => Session::menu_perms('analysis-menu', 'EventsForensics'), 'send_by_email' => 1);
//Sensor list
$sensor_values[''] = array('text' => ' -- ' . _('Sensors no found') . ' -- ');
$filters = array('order_by' => 'name');
$sensor_list = Av_sensor::get_basic_list($conn, $filters);
$filters = array('order_by' => 'priority desc');
list($sensor_list, $sensor_total) = Av_sensor::get_list($conn, $filters);
if ($sensor_total > 0) {
$sensor_values = array();
foreach ($sensor_list as $s) {
$properties = $s['properties'];
if ($properties['has_nagios']) {
$sensor_values[$s['ip']] = array('text' => $s['name']);
}
}
}
/* Nagios link */
$nagios_link = $conf->get_conf('nagios_link');
$scheme = empty($_SERVER['HTTPS']) ? 'http://' : 'https://';
$path = !empty($nagios_link) ? $nagios_link : '/nagios3/';
$port = !empty($_SERVER['SERVER_PORT']) ? ':' . $_SERVER['SERVER_PORT'] : "";
$nagios = $port . $path;
$section_values = array(urlencode($nagios . 'cgi-bin/trends.cgi') => array('text' => _('Trends')), urlencode($nagios . 'cgi-bin/avail.cgi') => array('text' => _('Availability')), urlencode($nagios . 'cgi-bin/histogram.cgi') => array('text' => _('Event Histogram')), urlencode($nagios . 'cgi-bin/history.cgi?host=all') => array('text' => _('Event History')), urlencode($nagios . 'cgi-bin/summary.cgi') => array('text' => _('Event Summary')), urlencode($nagios . 'cgi-bin/notifications.cgi') => array('text' => _('Notifications')), urlencode($nagios . 'cgi-bin/showlog.cgi') => array('text' => _('Performance Info')));
$reports['availability_report'] = array('report_name' => _('Availability Report'), 'report_id' => 'availability_report', 'type' => 'external', 'link_id' => 'link_avr', 'click' => "nagios_link('avr_nagios_link', 'avr_sensor', 'avr_section');", 'parameters' => array(array('name' => _('Sensor'), 'id' => 'avr_sensor', 'type' => 'select', 'values' => $sensor_values), array('name' => 'Nagioslink', 'id' => 'avr_nagios_link', 'type' => 'hidden', 'default_value' => urlencode($scheme)), array('name' => _('Section'), 'id' => 'avr_section', 'type' => 'select', 'values' => $section_values)), 'access' => Session::menu_perms('environment-menu', 'MonitorsAvailability'), 'send_by_email' => 0);
$db->close();
if ($id == NULL) {
ksort($reports);
return $reports;
} else {
return !empty($reports[$id]) ? $reports[$id] : array();
}
}
//Regional settings
require_once 'classes/locale.inc';
//Set language
ossim_set_lang();
//Sessions (users, activity, permissions, etc)
require_once 'classes/session.inc';
//Security functions
require_once 'classes/Security.inc';
//Check IDS Security
ids();
//Check session status
//No check in these cases (Scheduled reports and migration)
if (!preg_match('/AV Report Scheduler/', $_SERVER['HTTP_USER_AGENT']) && !preg_match('/migration/', $_SERVER['REQUEST_URI'])) {
Session::is_expired();
}
if (Session::get_session_user() != '') {
//Set menu options
$m_opt = REQUEST('m_opt');
$sm_opt = REQUEST('sm_opt');
$h_opt = REQUEST('h_opt');
$l_opt = REQUEST('l_opt');
ossim_valid($m_opt, OSS_LETTER, OSS_DIGIT, OSS_SCORE, OSS_NULLABLE, 'illegal:' . _('Menu option'));
ossim_valid($sm_opt, OSS_LETTER, OSS_DIGIT, OSS_SCORE, OSS_NULLABLE, 'illegal:' . _('Submenu option'));
ossim_valid($h_opt, OSS_LETTER, OSS_DIGIT, OSS_SCORE, OSS_NULLABLE, 'illegal:' . _('Hmenu option'));
ossim_valid($l_opt, OSS_LETTER, OSS_DIGIT, OSS_SCORE, OSS_NULLABLE, 'illegal:' . _('Lmenu option'));
//Chenck menu options
if (ossim_error()) {
header('Location: ' . AV_MAIN_PATH . '/session/login.php?action=logout');
}
$av_menu = @unserialize($_SESSION['av_menu']);
//Check menu object
*/
require_once 'av_init.php';
Session::logcheck('environment-menu', 'PolicyHosts');
function is_allowed_format($type_uf)
{
$types = '/force-download|octet-stream|text|csv|plain|spreadsheet|excel|comma-separated-values/';
if (preg_match($types, $type_uf) == FALSE) {
return FALSE;
} else {
return TRUE;
}
}
$import_type = POST('import_type');
$ctx = POST('ctx');
$path = '../tmp/';
$current_user = md5(Session::get_session_user());
$file_csv = $path . $current_user . '_assets_import.csv';
if ($import_type != 'hosts' && $import_type != 'welcome_wizard_hosts') {
?>
<script type='text/javascript'>
parent.show_error('<?php
echo _('Error! Import Type not found');
?>
');
</script>
<?php
exit;
}
if (!isset($_POST['ctx']) || empty($_POST['ctx'])) {
?>
<script type='text/javascript'>
if ($munin_link == '') {
$munin_link = "/munin/";
}
$server_ip = Util::get_default_admin_ip();
if ($server_ip == '') {
$server_ip = $ossim_conf->get_conf('frameworkd_address');
}
$protocol = 'http';
if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') {
$protocol = 'https';
}
$port = "";
if (isset($_SERVER['SERVER_PORT']) && $_SERVER['SERVER_PORT'] != "80" && $_SERVER['SERVER_PORT'] != '443') {
$port = ":" . $_SERVER['SERVER_PORT'];
}
$current_user = Session::get_session_user();
if ($ip == $server_ip) {
$munin_url = $protocol . '://' . $_SERVER['SERVER_NAME'] . $port . $munin_link;
$munin_url = str_replace('localhost', $ip, $munin_url);
$testmunin = $protocol . '://' . $ip . '/munin/';
} else {
$munin_url = $protocol . '://' . $ip . $port . $munin_link;
$testmunin = $munin_url;
}
// check valid munin url
$default_opts = array('http' => array('header' => "Cookie: PHPSESSID=" . $_COOKIE["PHPSESSID"]));
$resource = stream_context_get_default($default_opts);
$data = @file($testmunin, FILE_SKIP_EMPTY_LINES, $resource);
$munin_valid = TRUE;
if (is_array($data)) {
foreach ($data as $line) {
function edit_autoenable($sid)
{
global $dbconn, $username, $version;
navbar($sid);
$query = "select id, name, description, autoenable, type, owner, update_host_tracker\n FROM vuln_nessus_settings where id={$sid}";
$dbconn->SetFetchMode(ADODB_FETCH_BOTH);
$result = $dbconn->execute($query);
echo <<<EOT
<form method="post" action="settings.php" id="profile_config">
<input type="hidden" name="type" value="update">
<input type="hidden" name="sid" value="{$sid}">
EOT;
list($sid, $sname, $sdescription, $sautoenable, $stype, $sowner, $tracker) = $result->fields;
$sname = mb_convert_encoding($sname, 'ISO-8859-1', 'UTF-8');
//if($stype=='G') { $stc = "checked"; } else { $stc = ""; }
if (valid_hex32($sowner)) {
$user_entity = $sowner;
} else {
$user = $sowner;
}
$old_user = $sowner;
if ($tracker == '1') {
$cktracker = "checked";
} else {
$cktracker = "";
}
echo <<<EOT
<input type="hidden" name="old_owner" value="{$old_user}">
<input type="hidden" name="old_name" value="{$sname}">
<center>
<table cellspacing="2" cellpadding="4">
<tr>
EOT;
echo "<th>" . _("Name") . ":</th>";
echo '
<td><input type="text" name="sname" value="' . $sname . '" size=50/>
</tr>
<tr>
';
echo "<th>" . _("Description") . ":</th>";
echo '
<td><input type="text" name="sdescription" value="' . $sdescription . '" size=50/></td>
</tr>';
$users = Session::get_users_to_assign($dbconn);
$entities = Session::am_i_admin() || $pro && Acl::am_i_proadmin() ? Session::get_entities_to_assign($dbconn) : null;
?>
<tr>
<th><?php
echo _("Make this profile available for");
?>
:</th>
<td>
<table cellspacing="0" cellpadding="0" align='center' class="transparent">
<tr>
<td class='nobborder'><span style='margin-right:3px'><?php
echo _("User:"******"user" style="width:150px" id="user" onchange="switch_user('user');return false;" >
<?php
$num_users = 0;
$current_user = Session::get_session_user();
if (!Session::am_i_admin()) {
$user = $user == "" && $entity == "" ? $current_user : $user;
}
foreach ($users as $k => $v) {
$login = $v->get_login();
$selected = $login == $user ? "selected='selected'" : "";
$options .= "<option value='" . $login . "' {$selected}>{$login}</option>\n";
$num_users++;
}
if ($num_users == 0) {
echo "<option value='-1' style='text-align:center !important;'>- " . _("No users found") . " -</option>";
} else {
echo "<option value='-1' style='text-align:center !important;'>- " . _("Select users") . " -</option>";
if (Session::am_i_admin()) {
$default_selected = ($user == "" || intval($user) == 0) && $entity == "" ? "selected='selected'" : "";
echo "<option value='0' {$default_selected}>" . _("ALL") . "</option>\n";
}
echo $options;
}
?>
</select>
</td>
<?php
if (!empty($entities)) {
?>
<td style='text-align:center; border:none; !important'><span style='padding:5px;'><?php
echo _("OR");
?>
<span></td>
<td class='nobborder'><span style='margin-right:3px'><?php
echo _("Entity:");
?>
</span></td>
<td class='nobborder'>
<select name="entity" style="width:170px" id="entity" onchange="switch_user('entity');return false;">
<option value="-1" style='text-align:center !important;'>- <?php
echo _("Entity not assigned");
?>
-</option>
<?php
foreach ($entities as $k => $v) {
$selected = $k == $user_entity ? "selected='selected'" : "";
echo "<option value='{$k}' {$selected}>{$v}</option>";
}
?>
</select>
</td>
<?php
}
?>
</tr>
</table>
</td>
</tr>
<?php
echo "<tr style='display:none'>";
echo "<th>" . _("Link scans run by this profile in Network Hosts") . "<br>" . _("Purpose so that Network Hosts can be tracking full/perfered audits") . ".</th>";
echo "<td class='left'><input type='checkbox' name='tracker' {$cktracker}/><font color='red'>" . _("Update Host Tracker \"Network Hosts\" Status") . "</font></input></td>";
echo "</tr>";
echo "<tr>\n<th valign='top' style='background-position:top center;'>" . _("Autoenable options") . ":</th>\n<td class='nobborder' style='text-align:center'><SELECT name=\"sautoenable\" onChange=\"showEnableBy();return false;\">";
//echo "<option value=\"N\"";
// if ($sautoenable=="N") { echo " selected";}
// echo ">None";
echo "<option value=\"C\"";
if ($sautoenable == "C") {
echo " selected";
}
echo ">" . _("Autoenable by category") . "<option value=\"F\"";
if ($sautoenable == "F") {
echo " selected";
}
echo ">" . _("Autoenable by family") . "</select>";
echo "<div id=\"cat2\"" . ($sautoenable == "C" ? "" : "style=\"display:none;\"") . ">";
echo "<BR><B>" . _("Autoenable plugins in categories") . ":</B><BR><BR>";
$query = "SELECT t1.cid, t2.name, t1.status FROM vuln_nessus_settings_category as t1,\n vuln_nessus_category as t2\n where t1.sid={$sid}\n and t1.cid=t2.id\n order by t2.name";
// var_dump($query);
$dbconn->SetFetchMode(ADODB_FETCH_BOTH);
$result = $dbconn->execute($query);
echo <<<EOT
<table bordercolor="#6797BF" border="0" cellspacing="2" cellpadding="0">
EOT;
echo "<tr><th>" . _("Name") . "</th>";
echo "<th>" . _("Enable All") . "</th>";
echo "<th>" . _("Enable New") . "</th>";
echo "<th>" . _("Disable New") . "</th>";
echo "<th>" . _("Disable All") . "</th>";
echo "<th>" . _("Intelligent") . "</th></tr>";
while (!$result->EOF) {
list($cid, $name, $status) = $result->fields;
echo "<tr><td style=\"text-align:left;padding-left:3px;\">" . strtoupper($name) . "</td>";
echo "<td><input type=\"radio\" name=\"c_{$cid}\" value=\"1\" ";
if ($status == 1) {
echo "checked";
}
echo "></td><td><input type=\"radio\" name=\"c_{$cid}\" value=\"2\" ";
if ($status == 2) {
echo "checked";
}
echo "></td><td><input type=\"radio\" name=\"c_{$cid}\" value=\"3\" ";
if ($status == 3) {
echo "checked";
}
echo "></td>";
echo "<td><input type=\"radio\" name=\"c_{$cid}\" value=\"4\" ";
if ($status == 4) {
echo "checked";
}
echo "></td>";
echo "<td><input type=\"radio\" name=\"c_{$cid}\" value=\"5\" ";
if ($status == 5) {
echo "checked";
}
echo "></td></tr>";
$result->MoveNext();
}
echo "</table><BR>";
echo "</div>";
echo "<div id=\"fam2\"" . ($sautoenable == "F" ? "" : "style=\"display:none;\"") . ">";
$query = "select t1.fid, t2.name, t1.status\n from vuln_nessus_settings_family as t1,\n vuln_nessus_family as t2\n where t1.sid={$sid}\n and t1.fid=t2.id\n order by t2.name";
$dbconn->SetFetchMode(ADODB_FETCH_BOTH);
$result = $dbconn->execute($query);
echo "<BR><B>" . _("Autoenable plugins in families") . ":<BR><BR></B>";
echo <<<EOT
<table bordercolor="#6797BF" border="0" cellspacing="2" cellpadding="0">
EOT;
echo "<tr><th>" . _("Name") . "</th>";
echo "<th>" . _("Enable All") . "</th>";
echo "<th>" . _("Enable New") . "</th>";
echo "<th>" . _("Disable New") . "</th>";
echo "<th>" . _("Disable All") . "</th>";
echo "<th>" . _("Intelligent") . "</th></tr>";
while (!$result->EOF) {
list($fid, $name, $status) = $result->fields;
echo "<tr><td style=\"text-align:left;padding-left:3px;\">{$name}</td>";
echo "<td><input type=\"radio\" name=\"f_{$fid}\" value=\"1\" ";
if ($status == 1) {
echo "checked";
}
echo "></td>";
echo "<td><input type=\"radio\" name=\"f_{$fid}\" value=\"2\" ";
if ($status == 2) {
echo "checked";
}
echo "></td>";
echo "<td><input type=\"radio\" name=\"f_{$fid}\" value=\"3\" ";
if ($status == 3) {
echo "checked";
}
echo "></td>";
echo "<td><input type=\"radio\" name=\"f_{$fid}\" value=\"4\" ";
if ($status == 4) {
echo "checked";
}
echo "></td>";
echo "<td><input type=\"radio\" name=\"f_{$fid}\" value=\"5\" ";
if ($status == 5) {
echo "checked";
}
echo "></td></tr>";
$result->MoveNext();
}
echo "</table></div></td></tr></table></center><br/>";
echo "<input type='button' id='update_button' value='" . _("Update") . "' class='button update_profile'><br/><br/></form>";
}
/* Deklarasi class UserAuth
* Class Name : UserAuth
* Location :root_path/function/userAuth/user_func.php
* Warning !!! Jangan buat nama variabel sama dengan nama variabel ini
*/
$USERAUTH = new UserAuth();
$SESSION = new Session();
/* Ambil session user */
$UserSession = $SESSION->get_session_user();
if (isset($_POST['login']))
{
$dataVar = array ('username'=>$_POST['username'], 'password'=>md5($_POST['password']), 'token' => 0);
$dataValid = $DBVAR->form_validation($dataVar);
if (is_array($dataValid))
{
$dataLogin = $USERAUTH->check_login_user($dataValid);
if ($dataLogin == true)
{
//header ("location:$url_rewrite");
echo "<script>window.location.href='$url_rewrite';</script>script>";
}
<?php
include "../../../config/config.php";
$USERAUTH = new UserAuth();
$SESSION = new Session();
$menu_id = 28;
$SessionUser = $SESSION->get_session_user();
$USERAUTH->FrontEnd_check_akses_menu($menu_id, $SessionUser);
?>
<?php ob_start(); ?>
<html>
<?php
include "$path/header.php";
include "$path/title.php";
?>
<body>
<?php
include "$path/menu.php";
open_connection();
echo '<pre>';
//print_r($_POST);
echo '</pre>';
echo '<pre>';
//print_r($dataArr);
echo '</pre>';
function echochildrens($entities, $parent_id, $entities_admin)
{
/* Connect to db */
$db = new ossim_db();
$conn = $db->connect();
$users_by_entity = Acl::get_users_by_entity($conn, $parent_id);
$me = Session::get_session_user();
$entities_types = Acl::get_entities_types($conn);
$length_name = !empty($_GET['length_name']) ? GET('length_name') : 30;
echo ",children:[";
$is_editable = $parent_id != "" && (!empty($users_by_entity[$me]) || Session::am_i_admin() || !empty($entities_admin[$me]));
if ($is_editable) {
echo "{title:'<font style=\"font-weight:normal\">" . _("All Assets") . "</font>', url:'AllAssets', key:'e_" . $parent_id . "_allassets', icon:'../../pixmaps/menu/assets.gif', isFolder:false, expand:true,";
echo "children:[ ";
echo "{ key:'e_" . $parent_id . "_net', isFolder:true, isLazy:true, icon:'../../pixmaps/theme/net.png', title:'" . _("Networks") . "'},";
echo "{ key:'e_" . $parent_id . "_sensor', isFolder:true, isLazy:true, icon:'../../pixmaps/theme/server.png', title:'" . _("Sensors") . "'}";
echo "]}";
}
$children = Acl::get_entity_childs($conn, $parent_id);
if (!empty($children)) {
$flag = false;
foreach ($children as $index => $child_id) {
$icon = "../../pixmaps/theme/any.png";
$child = $entities[0][$child_id];
$entity_allowed = Acl::entityAllowed($child_id);
$child_key = "e_" . $child_id;
$child_sn = strlen($child['name']) > $length_name ? substr($child['name'], 0, $length_name) . "..." : $child['name'];
$child_name = Util::htmlentities($child['name']);
$chil_ent_admin = $entities_admin;
$chil_ent_admin[$child['admin_user']] = $child_id;
if ($child['parent_id'] == $parent_id) {
$title = "<font style=\"font-weight:bold;\">" . Util::htmlentities($child_sn) . "</font> <font style=\"color:gray\">[" . $entities_types[$child['type']]['name'] . "]</font>";
$tooltip = Util::htmlentities($child['name']) . " [" . $entities_types[$child['type']]['name'] . "]";
if ($flag || $is_editable) {
echo ",";
}
$flag = true;
echo "{title:'" . $title . "', tooltip:'{$tooltip}', noLink: true, url:'" . $child_url . "', key:'" . $child_key . "', icon:'{$icon}', expand:true, name:'{$child_name}'";
echochildrens($entities, $child_id, $withusers, $entities_admin, $length_name);
echo "}";
}
}
}
echo "]";
}
function set_default_map($conn, $id)
{
ossim_valid($id, OSS_HEX, 'illegal:' . _('Map'));
if (ossim_error()) {
$info_error = "Error: " . ossim_get_error();
ossim_clean_error();
$return['error'] = TRUE;
$return['msg'] = $info_error;
return $return;
}
if (!is_map_editable($conn, $id)) {
$return['error'] = TRUE;
$return['msg'] = _("You do not have permission to edit this map");
return $return;
}
$login = Session::get_session_user();
$config = new User_config($conn);
$config->set($login, "riskmap", $id, 'simple', "main");
$return['error'] = FALSE;
$return['msg'] = _("Default map changed successfully");
return $return;
}
* along with this package; if not, write to the Free Software
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
* MA 02110-1301 USA
*
*
* On Debian GNU/Linux systems, the complete text of the GNU General
* Public License can be found in `/usr/share/common-licenses/GPL-2'.
*
* Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt
*
*/
Session::logcheck("report-menu", "ReportsReportServer");
if (!Session::is_pro()) {
die(_('Report section is only available in professional version'));
}
$me = Session::get_session_user();
$db = new ossim_db();
$dbconn = $db->connect();
$creports = array();
$result = $dbconn->Execute("SELECT login, name, value FROM user_config where category LIKE 'custom_report%' ORDER BY name ASC");
//Wizard Perms
$wizard_perms = Av_report::get_report_permissions($dbconn);
while (!$result->EOF) {
$available = false;
$unserializedata = unserialize($result->fields["value"]);
$user_perm = $unserializedata["user"];
$entity_perm = $unserializedata["entity"];
$available = Av_report::check_report_availability($result->fields["login"], $user_perm, $entity_perm, $wizard_perms);
if ($available == true) {
$creports[] = $result->fields;
}
$users = array();
$allowed_users = array();
if (Session::am_i_admin() || $pro && Acl::am_i_proadmin()) {
if (Session::am_i_admin()) {
$users_list = Session::get_list($conn, 'ORDER BY login');
} else {
$users_list = Acl::get_my_users($conn, Session::get_session_user());
}
if (is_array($users_list) && !empty($users_list)) {
foreach ($users_list as $v) {
$users[] = is_object($v) ? $v->get_login() : $v['login'];
}
$where = "WHERE login in ('" . implode("','", $users) . "')";
}
} else {
$where = "WHERE login = '******'";
}
$allowed_users = Session_activity::get_list($conn, $where . ' ORDER BY activity DESC');
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title><?php
echo _('Opened Sessions');
?>
</title>
<meta http-equiv="Pragma" content="no-cache"/>
<link rel="stylesheet" type="text/css" href="/ossim/style/jquery-ui-1.7.custom.css"/>
<link rel="stylesheet" type="text/css" href="/ossim/style/av_common.css?t=<?php
echo Util::get_css_id();
?>
case 'up':
$directive_editor->up($dom, $rule, &$tab_rules, $direct);
break;
case 'down':
$directive_editor->down($dom, $rule, &$tab_rules, $direct);
break;
}
$directive_editor->save_xml($filepath, $dom, "DOMXML");
}
}
// Get columns
$columns = array("name" => _("Name"), "reliability" => _("Reliability"), "time_out" => _("Timeout"), "occurrence" => _("Occurrence"), "from" => _("From"), "to" => _("To"), "plugin_id" => _("Data Source"), "plugin_sid" => _("Event Type"), "sensor" => _("Sensor"), "protocol" => _("Protocol"), "sticky_different" => _("Sticky Dif"), "username" => _("Username"), "password" => _("Pass"), "userdata1" => _("Userdata1"), "userdata2" => _("Userdata2"), "userdata3" => _("Userdata3"), "userdata4" => _("Userdata4"), "userdata5" => _("Userdata5"), "userdata6" => _("Userdata6"), "userdata7" => _("Userdata7"), "userdata8" => _("Userdata8"), "userdata9" => _("Userdata9"));
$db = new ossim_db();
$conn = $db->connect();
$config = new User_config($conn);
$columns_arr = $config->get(Session::get_session_user(), 'directive_editor_cols', 'php', 'directives');
if (count($columns_arr) < 1) {
$columns_arr = array("name", "reliability", "time_out", "occurrence", "from", "to", "plugin_id", "plugin_sid");
}
$rules = $directive_editor->get_rules($directive_id, $file);
?>
<table width="100%" cellspacing="0">
<tr><td><table class="transparent" cellpadding="0" cellspacing="0"><tr><td style="padding:3px;text-align:left"><a href="" onclick="toggle_directive_rulelist(<?php
echo $directive_id;
?>
);return false" class='uppercase'><img id="rulelist_arrow_<?php
echo $directive_id;
?>
" src="../pixmaps/arrow_green_down.gif" align="absmiddle" border="0"/> <b><?php
echo _("Rules");
?>
echo _("Delete");
?>
'/>
<?php
}
?>
</div>
</td>
<td class="nobborder" width='75%' height="100px" align='center'>
<!-- side note -->
<div id="ncontainer">
<div class="paper">
<div class="tape"></div>
<div class='note_txt <?php
echo Session::get_session_user() == $note->get_user() ? "editInPlace" : "";
?>
' note='<?php
echo $note->get_id();
?>
'>
<?php
echo nl2br(Util::htmlentities($note->get_txt()));
?>
</div>
<div class="left-shadow"></div>
<div class="right-shadow"></div>
</div><!--end paper-->
</div><!--end container-->
<!-- side note -->
</td>
if ($chk_parameters['error'] == TRUE) {
echo "error###<div style='padding-left: 15px; text-align:left;'>" . _('We found the followings errors') . ':</div>';
echo "<div style='padding-left: 15px; text-align:left;'>";
echo "<div style='padding-left: 30px;'>" . implode('</div><div style="padding-left: 30px;">', $chk_parameters['error_msg']) . "</div>";
echo "</div>";
exit;
}
Session::logcheck('report-menu', 'ReportsReportServer');
$TBackground = "#7B7B7B";
$TForeground = "#FFFFFF";
$SBackground = "#8CC221";
$SForeground = "#FFFFFF";
// Load css
$styleCss = array('Title' => array('Background' => $TBackground, 'Foreground' => $TForeground), 'Subtitle' => array('Background' => $SBackground, 'Foreground' => $SForeground));
// Make header - footer with replacements
$footerContent = array('left' => 'User: '******' / [[date_y]]-[[date_m]]-[[date_d]] [[date_h]]:[[date_i]]:[[date_s]]', 'right' => 'Page [[page_cu]] / [[page_nb]]');
$report_data = $section == 'forensics' ? get_freport_data($report_id) : get_report_data($report_id);
// Init PDF Report
$pdfReport = new Pdf_report($report_id, 'P', 'A4', NULL, FALSE);
// Init html2pdf document
//$header = ucwords(str_replace('_',' ',$pdfReport->getName()));
$htmlPdfReport = new Pdf_html($report_id, $report_data['report_name'], Session::is_pro() ? 'default.png' : 'ossim.png', '', $styleCss, $footerContent);
// Include php per each sub-report
$runorder = 1;
// Close session to stop() feature
$dDB['_shared'] = new DBA_shared($report_id);
$dDB['_shared']->truncate();
session_write_close();
foreach ($report_data['subreports'] as $r_key => $r_data) {
//PDF Report with hidden modules
if (!isset($_POST['sr_' . $r_data['id']]) && $report_id == $r_data["id"] && file_exists($r_data['report_file'])) {
function QueryOssimSignatureTmpTable($q, $cmd, $cmp)
{
global $db;
$ids = "";
/*
* Prepare search string:
* - html_entity_decode() The string here is with htmlentities, chars like " must be "
* - escape_sql()
*/
$q = html_entity_decode($q, ENT_QUOTES, 'ISO-8859-1');
$q = escape_sql($q, $db->DB);
if (preg_match("/.* OR .*|.* AND .*/", $q)) {
$or_str = $cmd == "=" ? "' OR plugin_sid.name = '" : "%' OR plugin_sid.name LIKE '%";
$and_str = $cmd == "=" ? "' AND plugin_sid.name = '" : "%' AND plugin_sid.name LIKE '%";
$q = str_replace(" OR ", $or_str, $q);
$q = str_replace(" AND ", $and_str, $q);
}
$q = parenthesis_encode($q);
$op = $cmd == "=" ? "plugin_sid.name = '{$q}'" : "plugin_sid.name LIKE '%" . $q . "%'";
// apply ! operator
$op = str_replace(" = '!", " != '", $op);
$op = str_replace(" LIKE '%!", " NOT LIKE '%", $op);
$_user = Session::get_session_user();
$db->DB->Execute('CREATE TABLE IF NOT EXISTS alienvault_siem.plugins_join (id int(11) NOT NULL, sid int(11) NOT NULL, login VARCHAR(64) NOT NULL, PRIMARY KEY (id,sid,login)) ENGINE=MEMORY');
$db->DB->Execute('DELETE FROM alienvault_siem.plugins_join WHERE login=?', array($_user));
$sql = "INSERT IGNORE INTO alienvault_siem.plugins_join SELECT plugin_id,sid,? FROM alienvault.plugin_sid WHERE {$op}";
if (file_exists('/tmp/debug_siem')) {
error_log("TMP TABLE:{$sql}\n", 3, "/tmp/siem");
}
$db->DB->Execute($sql, array($_user));
$plugin_join = " INNER JOIN alienvault_siem.plugins_join ON acid_event.plugin_id=plugins_join.id AND acid_event.plugin_sid=plugins_join.sid AND plugins_join.login='******'";
return $plugin_join;
}
} else {
$company = '';
$departament = '';
}
//Parameters
$greybox = REQUEST('greybox');
$duplicate = GET('duplicate') != '' ? TRUE : FALSE;
$login = REQUEST('login');
$msg = GET('msg');
$load_cookies = $_GET['load_cookies'];
//Check login
if ($login != '') {
ossim_valid($login, OSS_USER, 'illegal:' . _('User name'));
}
// Session parameters
$myself = Session::get_session_user();
$am_i_admin = Session::am_i_admin();
$is_default_admin = $login == AV_DEFAULT_ADMIN ? TRUE : FALSE;
$am_i_proadmin = $pro && Acl::am_i_proadmin() ? TRUE : FALSE;
$is_my_profile = $login == $myself && !$duplicate ? TRUE : FALSE;
ossim_valid($greybox, OSS_DIGIT, OSS_NULLABLE, 'illegal:' . _('Greybox'));
if (ossim_error()) {
echo ossim_error();
exit;
}
if ($is_default_admin && $duplicate == TRUE) {
echo ossim_error(_('The user admin can not be duplicated'));
exit;
}
if ($login != '') {
if ($login == AV_DEFAULT_ADMIN && $myself != AV_DEFAULT_ADMIN) {
if (!isset($_SESSION["_user"])) {
require_once "ossim_conf.inc";
$conf = $GLOBALS["CONF"];
$ossim_link = $conf->get_conf("ossim_link", FALSE);
$login_location = $ossim_link . '/session/login.php';
header("Location: {$login_location}");
exit;
}
require_once "classes/Util.inc";
// Timezone correction
$tz = Util::get_timezone();
$timetz = gmdate("U") + 3600 * $tz;
// time to generate dates with timezone correction
// Custom Views
require_once 'classes/User_config.inc';
$login = Session::get_session_user();
$db_aux = new ossim_db();
$conn_aux = $db_aux->connect();
$config = new User_config($conn_aux);
$_SESSION['views'] = $config->get($login, 'custom_views', 'php', "siem");
// First save of default view (important!)
if ($_SESSION['views']['default'] == "") {
$_SESSION['views']['default']['cols'] = array('SIGNATURE', 'DATE', 'IP_PORTSRC', 'IP_PORTDST', 'ASSET', 'PRIORITY', 'RELIABILITY', 'RISK', 'IP_PROTO');
$session_data = $_SESSION;
foreach ($_SESSION as $k => $v) {
if (preg_match("/^(_|alarms_|back_list|current_cview|views|ports_cache|acid_|report_|graph_radar|siem_event|deletetask|mdspw).*/", $k)) {
unset($session_data[$k]);
}
}
$_SESSION['views']['default']['data'] = $session_data;
$config->set($login, 'custom_views', $_SESSION['views'], 'php', 'siem');
$query_temp['dayCompromiseNet'] = $pdf->MetricsNoPDF('day', 'compromise', 'net', $filter, $dates_filter['max_c_date']);
$data['data'] = $query_temp['dayCompromiseNet'];
createTable($data, &$htmlPdfReport);
}
$htmlPdfReport->set('</table>');
}
$htmlPdfReport->pageBreak();
$htmlPdfReport->set($htmlPdfReport->newTitle($subreport_name . ' - ' . _('Last Day (Attack)'), $date_from, $date_to, NULL));
//User
$htmlPdfReport->set('<table class="tableTitle w100" style="margin-top:3px;"><tr><td class="w100">' . _('Global') . '</td></tr></table>');
$htmlPdfReport->set('<table class="w100">');
$query_temp['dayAttackGlobal'] = $pdf->MetricsNoPDF('day', 'attack', 'global', '', $dates_filter['max_a_date'], $param['user']);
if ($query_temp['dayAttackGlobal'][1][1] == '') {
$query_temp['dayAttackGlobal'] = array($query_temp['dayAttackGlobal'][0]);
}
$data['asset'] = Session::get_session_user();
$data['date'] = ' - ';
$data['data'] = $query_temp['dayAttackGlobal'];
createTable($data, &$htmlPdfReport);
$htmlPdfReport->set('</table>');
//Hosts
if (count($param['hosts']) > 0) {
$htmlPdfReport->set('<table class="tableTitle w100" style="margin-top:5px;"><tr><td class="w100">' . _('Hosts') . '</td></tr></table>');
$htmlPdfReport->set('<table class="w100">');
foreach ($param['hosts'] as $host_id => $host_data) {
$host_ip = $host_data[2];
$data['asset'] = $host_ip;
$data['date'] = ' - ';
$filter = "AND id = '{$host_id}'";
$query_temp['dayAttackHost'] = $pdf->MetricsNoPDF('day', 'attack', 'host', $filter, $dates_filter['max_a_date']);
$data['data'] = $query_temp['dayAttackHost'];
function select_profile()
{
global $sid, $username, $dbconn, $version, $nessus_path;
$used_sids = array();
if (preg_match("/omp\\s*\$/i", $nessus_path)) {
$omp = new OMP();
$used_sids = $omp->get_used_sids();
}
$entities_nt = array();
$query = "SELECT ae.id as eid, ae.name as ename, aet.name as etype FROM acl_entities AS ae, acl_entities_types AS aet WHERE ae.type = aet.id";
$result_entities = $dbconn->Execute($query);
while (!$result_entities->EOF) {
$entities_nt[$result_entities->fields['eid']] = $result_entities->fields['ename'] . " [" . $result_entities->fields['etype'] . "]";
$result_entities->MoveNext();
}
$query = "";
$normal_user_pro = false;
if ($username == "admin") {
$query = "SELECT id, name, description, owner, type FROM vuln_nessus_settings \n WHERE deleted != '1' ORDER BY name";
} else {
if (preg_match("/pro|demo/i", $version)) {
if (Acl::am_i_proadmin()) {
$pro_users = array();
$entities_list = array();
//list($entities_admin,$num) = Acl::get_entities_admin($dbconn,Session::get_session_user());
//$entities_list = array_keys($entities_admin);
$entities_list = Acl::get_user_entities($current_user);
$users = Acl::get_my_users($dbconn, Session::get_session_user());
foreach ($users as $us) {
$pro_users[] = $us["login"];
}
$query = "SELECT id, name, description, owner, type FROM vuln_nessus_settings \n WHERE deleted != '1' and (name='Default' or owner in ('0','" . implode("', '", array_merge($entities_list, $pro_users)) . "')) ORDER BY name";
} else {
$tmp = array();
$entities = Acl::get_user_entities($username);
foreach ($entities as $entity) {
$tmp[] = "'" . $entity . "'";
}
if (count($tmp) > 0) {
$user_where = "owner in ('0','{$username}'," . implode(", ", $tmp) . ")";
} else {
$user_where = "owner in ('0','{$username}')";
}
$query = "SELECT id, name, description, owner, type FROM vuln_nessus_settings \n WHERE deleted != '1' and (name='Default' or {$user_where}) ORDER BY name";
$normal_user_pro = true;
}
} else {
$query = "SELECT id, name, description, owner, type FROM vuln_nessus_settings \n WHERE deleted != '1' and (name='Default' or owner in ('0','{$username}')) ORDER BY name";
}
}
//var_dump($query);
$result = $dbconn->execute($query);
//echo $query;
echo "<CENTER>";
echo "<table cellspacing=\"0\" cellpadding=\"0\" border=\"0\" width=\"800\"><tr><td class=\"headerpr\" style=\"border:0;\">" . _("Vulnerability Scan Profiles") . "</td></tr></table>";
echo "<table cellspacing=\"0\" cellpadding=\"0\" border=\"0\" width=\"800\"><tr><td class=\"noborder\">";
echo "<p>";
echo _("Please select a profile to edit") . ":";
echo "</p>";
echo "<table align='center'>";
echo "<tr>";
if ($username == "admin" || Session::am_i_admin()) {
echo "<th>" . _("Available for") . "</th>";
}
echo " <th>" . _("Profile") . "</th>";
echo " <th>" . _("Description") . "</th>";
echo " <th>" . _("Action") . "</th>";
echo "</tr>";
while (!$result->EOF) {
//<td>$sowner</td>
//<td>$stype</td>
list($sid, $sname, $sdescription, $sowner, $stype) = $result->fields;
echo "<tr>";
if ($username == "admin" || Session::am_i_admin()) {
if ($sowner == "0") {
echo "<td>" . _("All") . "</td>";
} elseif (is_numeric($sowner)) {
echo "<td style='padding:0px 2px 0px 2px;'>" . $entities_nt[$sowner] . "</td>";
} else {
echo "<td>" . html_entity_decode($sowner) . "</td>";
}
}
echo "<td>" . html_entity_decode($sname) . "</td>";
echo "<td>" . html_entity_decode($sdescription) . "</td>";
echo "<td>";
//var_dump($normal_user_pro);
//var_dump($sowner);
//var_dump($username);
//var_dump($used_sids);
if ($normal_user_pro && $sowner != $username && $sname != "Default") {
echo " ";
} elseif ($username == "admin" || Session::am_i_admin()) {
if (!in_array($sid, $used_sids)) {
echo "<a href=\"settings.php?disp=edit&&sid={$sid}\"><img src=\"images/pencil.png\"></a>";
echo "<a href=\"settings.php?disp=edit&op=delete&sid={$sid}\" onclick=\"return confirmDelete();\"><img src=\"images/delete.gif\"></a>";
} else {
echo "<img src=\"images/pencil.png\" title=\"" . _("This profile is being used by a running job now") . "\" style=\"filter:alpha(opacity=50);-moz-opacity:0.5;-khtml-opacity: 0.5;opacity: 0.5;\">";
echo "<img src=\"images/delete.gif\" title=\"" . _("This profile is being used by a running job now") . "\" style=\"filter:alpha(opacity=50);-moz-opacity:0.5;-khtml-opacity: 0.5;opacity: 0.5;\">";
}
} elseif ($sname == "Default") {
echo "[" . _("edit by admin") . "]";
} elseif ($sname != "Default") {
if (!in_array($sid, $used_sids)) {
echo "<a href=\"settings.php?disp=edit&&sid={$sid}\"><img src=\"images/pencil.png\"></a>";
echo "<a href=\"settings.php?disp=edit&op=delete&sid={$sid}\" onclick=\"return confirmDelete();\"><img src=\"images/delete.gif\"></a>";
} else {
echo "<img title=\"" . _("This profile is being used by a running job now") . "\" style=\"filter:alpha(opacity=50);-moz-opacity:0.5;-khtml-opacity: 0.5;opacity: 0.5;\" src=\"images/pencil.png\">";
echo "<img title=\"" . _("This profile is being used by a running job now") . "\" style=\"filter:alpha(opacity=50);-moz-opacity:0.5;-khtml-opacity: 0.5;opacity: 0.5;\" src=\"images/delete.gif\">";
}
}
echo "</td>";
echo "</tr>";
$result->MoveNext();
}
echo "</table>";
echo "<center>";
echo "<p>";
echo "<form>";
echo "<input type=button onclick=\"document.location.href='settings.php?disp=new'\" value=\"" . _("Create New Profile") . "\" class=\"button\"> ";
if ($username == "admin" || Session::am_i_admin()) {
echo "<input type=button onclick=\"document.location.href='defaults.php'\" value=\"" . _("Edit default profile") . "\" class=\"button\">";
}
echo "</form>";
echo "</p>";
echo "</center>";
echo "<br><br>";
echo "</td></tr></table></center>";
// end else
}
* You should have received a copy of the GNU General Public License
* along with this package; if not, write to the Free Software
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
* MA 02110-1301 USA
*
*
* On Debian GNU/Linux systems, the complete text of the GNU General
* Public License can be found in `/usr/share/common-licenses/GPL-2'.
*
* Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt
*
*/
require_once 'av_init.php';
Session::logcheck("report-menu", "ReportsReportServer");
$year = GET('year') != "" ? intval(GET('year')) : date("Y");
$user = Session::get_session_user();
// define colors
define('COLOR1', '#D6302C');
define('COLOR2', '#3933FC');
define('COLOR3', 'green');
define('COLOR4', 'yellow');
define('COLOR5', 'pink');
define('COLOR6', '#40E0D0');
define('COLOR7', '#00008B');
define('COLOR8', '#800080');
define('COLOR9', '#FFA500');
define('COLOR10', '#A52A2A');
define('COLOR11', '#228B22');
define('COLOR12', '#D3D3D3');
//
require_once 'ossim_db.inc';
// users
$users = array();
if (Session::am_i_admin()) {
$users_list = Session::get_list($conn_ossim);
foreach ($users_list as $user_data) {
$users[] = $user_data->login;
}
} else {
$users_list = Acl::get_my_users($conn_ossim, Session::get_session_user());
foreach ($users_list as $user_data) {
$users[] = $user_data["login"];
}
}
// entities
list($entities_all, $num_entities) = Acl::get_entities($conn_ossim);
list($entities_admin, $num) = Acl::get_entities_admin($conn_ossim, Session::get_session_user());
$entities_list = array_keys($entities_admin);
}
$db->close($conn);
$db->close($conn_ossim);
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title><?php
echo _('Backup');
?>
</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>
<meta http-equiv="Pragma" content="no-cache">
<link rel="stylesheet" type="text/css" href="../style/style.css"/>
function submit_scan($SVRid, $job_name, $ssh_credential, $smb_credential, $schedule_type, $not_resolve, $user, $entity, $targets, $scheduled_status, $hosts_alive, $sid, $send_email, $timeout, $scan_locally, $dayofweek, $dayofmonth, $ROYEAR, $ROMONTH, $ROday, $time_hour, $time_min, $time_interval, $sched_id, $biyear, $bimonth, $biday, $nthweekday, $tz, $daysMap)
{
$db = new ossim_db();
$dbconn = $db->connect();
$credentials = $ssh_credential . '|' . $smb_credential;
$username = valid_hex32($entity) ? $entity : $user;
if (empty($username)) {
$username = Session::get_session_user();
}
$btime_hour = $time_hour;
// save local time
$btime_min = $time_min;
$bbiyear = $biyear;
$bbimonth = $bimonth;
$bbiday = $biday;
if ($schedule_type == 'O') {
// date and time for run once
if (empty($ROYEAR)) {
$ROYEAR = gmdate('Y');
}
if (empty($ROMONTH)) {
$ROMONTH = gmdate('m');
}
if (empty($ROday)) {
$ROday = gmdate('d');
}
list($_y, $_m, $_d, $_h, $_u, $_s, $_time) = Util::get_utc_from_date($dbconn, "{$ROYEAR}-{$ROMONTH}-{$ROday} {$time_hour}:{$time_min}:00", $tz);
$ROYEAR = $_y;
$ROMONTH = $_m;
$ROday = $_d;
$time_hour = $_h;
$time_min = $_u;
} else {
if (in_array($schedule_type, array('D', 'W', 'M', 'NW'))) {
// date and time for Daily, Day of Week, Day of month, Nth weekday of month
list($b_y, $b_m, $b_d, $b_h, $b_u, $b_s, $b_time) = Util::get_utc_from_date($dbconn, "{$biyear}-{$bimonth}-{$biday} {$time_hour}:{$time_min}:00", $tz);
$biyear = $b_y;
$bimonth = $b_m;
$biday = $b_d;
$time_hour = $b_h;
$time_min = $b_u;
}
}
$resolve_names = $not_resolve == '1' ? 0 : 1;
if ($schedule_type != 'N') {
// current datetime in UTC
$arrTime = explode(":", gmdate('Y:m:d:w:H:i:s'));
$year = $arrTime[0];
$mon = $arrTime[1];
$mday = $arrTime[2];
$wday = $arrTime[3];
$hour = $arrTime[4];
$min = $arrTime[5];
$sec = $arrTime[6];
$timenow = $hour . $min . $sec;
$run_wday = $daysMap[$dayofweek]['number'];
$run_time = sprintf('%02d%02d%02d', $time_hour, $time_min, '00');
$run_mday = $dayofmonth;
$time_value = "{$time_hour}:{$time_min}:00";
$ndays = array('Sunday', 'Monday', 'Tuesday', 'Wednesday', 'Thursday', 'Friday', 'Saturday');
$begin_in_seconds = Util::get_utc_unixtime("{$biyear}-{$bimonth}-{$biday} {$time_hour}:{$time_min}:00") - 3600 * $tz;
$current_in_seconds = gmdate('U');
// current datetime in UTC
if (strlen($bimonth) == 1) {
$bimonth = '0' . $bimonth;
}
if (strlen($biday) == 1) {
$biday = '0' . $biday;
}
}
switch ($schedule_type) {
case 'N':
$requested_run = gmdate('YmdHis');
break;
case 'O':
$requested_run = sprintf('%04d%02d%02d%06d', $ROYEAR, $ROMONTH, $ROday, $run_time);
break;
case 'D':
if ($begin_in_seconds > $current_in_seconds) {
$next_day = $biyear . $bimonth . $biday;
// selected date by user
} else {
if ($run_time > $timenow) {
$next_day = $year . $mon . $mday;
// today
} else {
$next_day = gmdate("Ymd", strtotime("+1 day GMT", gmdate("U")));
// next day
}
}
$requested_run = sprintf("%08d%06d", $next_day, $run_time);
break;
case 'W':
if ($begin_in_seconds > $current_in_seconds) {
// if it is a future date
$wday = date("w", mktime(0, 0, 0, $bimonth, $biday, $biyear));
// make week day for begin day
if ($run_wday == $wday) {
$next_day = $biyear . $bimonth . $biday;
// selected date by user
} else {
$next_day = gmdate("Ymd", strtotime("next " . $ndays[$run_wday] . " GMT", mktime(0, 0, 0, $bimonth, $biday, $biyear)));
}
} else {
if ($run_wday == $wday && $run_time > $timenow) {
$next_day = $year . $mon . $mday;
// today
} else {
$next_day = gmdate("Ymd", strtotime("next " . $ndays[$run_wday] . " GMT", gmdate("U")));
// next week
}
}
preg_match("/(\\d{4})(\\d{2})(\\d{2})/", $next_day, $found);
list($b_y, $b_m, $b_d, $b_h, $b_u, $b_s, $b_time) = Util::get_utc_from_date($dbconn, $found[1] . "-" . $found[2] . "-" . $found[3] . " {$btime_hour}:{$btime_min}:00", $tz);
$requested_run = sprintf("%04d%02d%02d%02d%02d%02d", $b_y, $b_m, $b_d, $b_h, $b_u, "00");
break;
case 'M':
if ($begin_in_seconds > $current_in_seconds) {
// if it is a future date
if ($run_mday >= $biday) {
$next_day = $biyear . $bimonth . ($run_mday < 10 ? "0" : "") . $run_mday;
// this month
} else {
$next_day = sprintf("%06d%02d", gmdate("Ym", strtotime("next month GMT", mktime(0, 0, 0, $bimonth, $biday, $biyear))), $run_mday);
}
} else {
if ($run_mday > $mday || $run_mday == $mday && $run_time > $timenow) {
$next_day = $year . $mon . ($run_mday < 10 ? "0" : "") . $run_mday;
// this month
} else {
$next_day = sprintf("%06d%02d", gmdate("Ym", strtotime("next month GMT", gmdate("U"))), $run_mday);
}
}
preg_match("/(\\d{4})(\\d{2})(\\d{2})/", $next_day, $found);
list($b_y, $b_m, $b_d, $b_h, $b_u, $b_s, $b_time) = Util::get_utc_from_date($dbconn, $found[1] . "-" . $found[2] . "-" . $found[3] . " {$btime_hour}:{$btime_min}:00", $tz);
$requested_run = sprintf("%04d%02d%02d%02d%02d%02d", $b_y, $b_m, $b_d, $b_h, $b_u, "00");
break;
case 'NW':
if ($begin_in_seconds > $current_in_seconds) {
// if it is a future date
$array_time = array('month' => $bbimonth, 'day' => $bbiday, 'year' => $bbiyear);
$requested_run = weekday_month(strtolower($daysMap[$dayofweek]['text']), $nthweekday, $btime_hour, $btime_min, $array_time);
} else {
$requested_run = weekday_month(strtolower($daysMap[$dayofweek]['text']), $nthweekday, $btime_hour, $btime_min);
}
preg_match("/(\\d{4})(\\d{2})(\\d{2})(\\d{2})(\\d{2})(\\d{2})/", $requested_run, $found);
list($b_y, $b_m, $b_d, $b_h, $b_u, $b_s, $b_time) = Util::get_utc_from_date($dbconn, $found[1] . "-" . $found[2] . "-" . $found[3] . " " . $found[4] . ":" . $found[5] . ":00", $tz);
$requested_run = sprintf("%04d%02d%02d%02d%02d%02d", $b_y, $b_m, $b_d, $b_h, $b_u, "00");
$dayofmonth = $nthweekday;
break;
default:
break;
}
$insert_time = gmdate('YmdHis');
if (!empty($_SESSION['_vuln_targets']) && count($_SESSION['_vuln_targets']) > 0) {
$sgr = array();
foreach ($_SESSION['_vuln_targets'] as $target_selected => $server_id) {
$sgr[$server_id][] = $target_selected;
}
ossim_clean_error();
unset($_SESSION['_vuln_targets']);
// clean scan targets
$resolve_names = $not_resolve == '1' ? 0 : 1;
$queries = array();
$bbimonth = strlen($bbimonth) == 1 ? '0' . $bbimonth : $bbimonth;
$bbiday = strlen($bbiday) == 1 ? '0' . $bbiday : $bbiday;
$qc = 0;
if ($schedule_type == 'N') {
foreach ($sgr as $notify_sensor => $target_list) {
$target_list = implode("\n", $target_list);
$params = array($job_name, $username, Session::get_session_user(), $schedule_type, $target_list, $hosts_alive, $sid, $send_email, $timeout, $SVRid, $insert_time, $requested_run, '3', 'S', $notify_sensor, $scan_locally, '', $resolve_names, $credentials);
$queries[$qc]['query'] = 'INSERT INTO vuln_jobs ( name, username, fk_name, meth_SCHED, meth_TARGET, meth_CRED,
meth_VSET, meth_Wfile, meth_TIMEOUT, scan_ASSIGNED,
scan_SUBMIT, scan_next, scan_PRIORITY, status, notify, authorized, author_uname, resolve_names, credentials )
VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)';
$queries[$qc]['params'] = $params;
$qc++;
}
} else {
$params = array($bbiyear . $bbimonth . $bbiday, $job_name, $username, Session::get_session_user(), $schedule_type, $dayofweek, $dayofmonth, $time_value, implode("\n", $targets), $hosts_alive, $sid, $send_email, $scan_locally, $timeout, $requested_run, $insert_time, strval($scheduled_status), $resolve_names, $time_interval, '', $credentials, $SVRid);
$queries[$qc]['query'] = 'INSERT INTO vuln_job_schedule ( begin, name, username, fk_name, schedule_type, day_of_week, day_of_month, time, meth_TARGET, meth_CRED, meth_VSET, meth_Wfile, meth_Ucheck, meth_TIMEOUT, next_CHECK, createdate, enabled, resolve_names, time_interval, IP_ctx, credentials, email)
VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?) ';
$queries[$qc]['params'] = $params;
$qc++;
}
$execute_errors = array();
foreach ($queries as $id => $sql_data) {
$rs = $dbconn->execute($sql_data['query'], $sql_data['params']);
if ($rs === FALSE) {
$execute_errors[] = $dbconn->ErrorMsg();
}
}
if (empty($execute_errors) && $schedule_type != 'N') {
// We have to update the vuln_job_assets
if (intval($sched_id) == 0) {
$query = ossim_query('SELECT LAST_INSERT_ID() as sched_id');
$rs = $dbconn->Execute($query);
if (!$rs) {
Av_exception::throw_error(Av_exception::DB_ERROR, $dbconn->ErrorMsg());
} else {
$sched_id = $rs->fields['sched_id'];
}
}
Vulnerabilities::update_vuln_job_assets($dbconn, 'insert', $sched_id, 0);
}
$config_nt = array('content' => '', 'options' => array('type' => 'nf_success', 'cancel_button' => FALSE), 'style' => 'width: 40%; margin: 20px auto; text-align: center;');
$config_nt['content'] = empty($execute_errors) ? _('Successfully Submitted Job') : _('Error creating scan job:') . implode('<br>', $execute_errors);
$nt = new Notification('nt_1', $config_nt);
$nt->show();
$dbconn->close();
}
}