function plugin_activity($conn, $data) { $asset_id = $data['asset']; ossim_valid($asset_id, OSS_HEX, 'illegal:' . _("ASSET")); check_ossim_error(); $active_plugin = array(); $total_plugins = 0; try { $sensors = Asset_host_sensors::get_sensors_by_id($conn, $asset_id); $client = new Alienvault_client(); foreach ($sensors as $sensor_id => $s_data) { $plugins = $client->sensor(Util::uuid_format($sensor_id))->get_plugins_by_assets(); $plugins = @json_decode($plugins, TRUE); if ($plugins['status'] == 'success') { if (array_key_exists($asset_id, $plugins['data']['plugins'])) { $plugins = $plugins['data']['plugins'][$asset_id]; foreach ($plugins as $pdata) { $active = Asset_host_devices::check_device_connectivity($conn, $asset_id, $pdata['plugin_id'], $sensor_id, TRUE); if ($active) { $row_id = md5($asset_id . $pdata['cpe'] . $sensor_id); $active_plugin[$row_id] = TRUE; } $total_plugins++; } } } } } catch (Exception $e) { //nothing here } $response['error'] = FALSE; $response['data']['plugins'] = $active_plugin; $response['data']['total_p'] = $total_plugins; return $response; }
} $levels = array("1" => "Serious:", "2" => "High:", "3" => "Medium:", "6" => "Low:", "7" => "Info:"); $db = new ossim_db(); $dbconn = $db->connect(); // select data for specified job_id if (!($result = $dbconn->Execute(ossim_query("SELECT vj.report_id, vns.name as profile, vj.meth_VSET as profile_id, vj.name, vj.username, vj.fk_name, vj.scan_SUBMIT, vj.scan_START, vj.scan_END, TIMESTAMPDIFF(MINUTE, vj.scan_START, vj.scan_END) as duration, vj.meth_TARGET\n FROM vuln_jobs as vj, vuln_nessus_settings as vns WHERE vj.id={$job_id} and vj.meth_VSET=vns.id")))) { echo $dbconn->ErrorMsg() . "\n"; $dbconn->close(); } else { $report_id = $result->fields["report_id"]; $username = $result->fields["username"]; if (intval($report_id) != 0 || $message != "") { $data = Session::get_user_info($dbconn, 'admin', TRUE); // API Login to read email settings // $cc = new Alienvault_client(); $cc->auth()->login('admin', $data->get_pass()); $attachments = array(); $subject = _('Scan Job Notification: ') . $result->fields["name"]; $width = 115; $body = '<html> <head> <title>' . $subject . '</title> </head> <body>' . '<table width="100%" cellspacing="0" cellpadding="0" style="border:0px;">' . '<tr><td colspan="2" style="text-decoration: underline;">' . _('Email scan summary') . '</td></tr>' . '<tr><td colspan="2"> </td></tr>' . '<tr><td width="' . $width . '">' . _('Scan Title:') . '</td><td>' . $result->fields["name"] . '</td></tr>' . '<tr><td width="' . $width . '">' . _('Profile:') . '</td><td>' . $result->fields["profile"] . '</td></tr>'; $body .= '<tr><td width="' . $width . '">' . _('Submit Date:') . '</td><td>SCAN_SUBMIT</td></tr>' . '<tr><td width="' . $width . '">' . _('Start Date:') . '</td><td>SCAN_START</td></tr>'; $body .= '<tr><td width="' . $width . '">' . _('Duration:') . '</td><td>' . (intval($result->fields["duration"]) == 0 ? "< 1 min" : $result->fields["duration"] . " mins") . '</td></tr>' . '<tr><td colspan="2"> </td></tr>' . '<tr><td width="' . $width . '">' . _('Launched By:') . '</td><td>' . ($result->fields["fk_name"] != "" ? $result->fields["fk_name"] : _("Unknown")) . '</td></tr>'; if (valid_hex32($username)) { $visible_for = Acl::get_entity_name($dbconn, $username); } else { $visible_for = $username;
//Autologin in UI and AlienVault API //Database connection list($db, $conn) = Ossim_db::get_conn_db(); $db = new Ossim_db(); $conn = $db->connect(); $user_obj = Session::get_user_info($conn, $user, TRUE, FALSE); $pass = $user_obj->get_pass(); $session = new Session($user, $pass, ''); $session->login(TRUE); $db->close(); $is_disabled = $session->is_user_disabled(); if ($is_disabled == TRUE) { $e_msg = _('Error! Scan cannot be completed: Scan owner is disabled'); Av_exception::throw_error(Av_exception::USER_ERROR, $e_msg); } $client = new Alienvault_client($user); $client->auth()->login($user, $pass); //Launching scan $autodetect = $autodetect == 1 ? 'true' : 'false'; $rdns = $rdns == 1 ? 'true' : 'false'; $timing_template = empty($timing_template) ? 'T3' : $timing_template; $scan_options = array('scan_type' => $scan_type, 'scan_timing' => $timing_template, 'autodetect_os' => $autodetect, 'reverse_dns' => $rdns, 'scan_ports' => $custom_ports, 'idm' => 'false'); $av_scan = new Av_scan($targets_p, $sensor, $scan_options); $av_scan->run(); echo "Asset scan:\n"; echo "\tTargets: " . $av_scan->get_targets('scan_format') . "\n"; echo "\tSensor: " . $av_scan->get_sensor() . "\n"; echo "\tScan Options: \n"; $sc_options = $av_scan->get_scan_options(); foreach ($sc_options as $sc_type => $sc_value) { echo "\t\t{$sc_type}: {$sc_value}\n";
if (POST('insert')) { if ($data['status'] == 'error') { $txt_error = "<div>" . _("We Found the following errors") . ":</div>\n \t\t\t\t\t <div style='padding: 2px 10px 5px 10px;'>" . implode("<br/>", $data['data']) . "</div>"; $config_nt = array('content' => $txt_error, 'options' => array('type' => 'nf_error', 'cancel_button' => FALSE), 'style' => 'width: 80%; margin: 20px auto; text-align: left;'); $nt = new Notification('nt_1', $config_nt); $nt->show(); Util::make_form("POST", "newserverform.php"); $db->close(); exit; } if (!Session::hostAllowed_by_ip_ctx($conn, $ip, Session::get_default_ctx())) { $db->close(); die(ossim_error(_("You don't have permission to create a new server with this IP Address"))); } // Try to attach a new server $client = new Alienvault_client(); $response = $client->system()->set_component($ip, $rpass); $return = @json_decode($response, TRUE); if (!$return || $return['status'] == 'error') { $config_nt = array('content' => $return['message'], 'options' => array('type' => 'nf_error', 'cancel_button' => FALSE), 'style' => 'width: 80%; margin: 20px auto; text-align:center;'); $nt = new Notification('nt_1', $config_nt); $nt->show(); Util::make_form("POST", "newserverform.php"); $db->close(); exit; } else { $new_id = strtoupper(str_replace('-', '', $return['data']['server_id'])); if ($return['data']['hostname'] != '') { $sname = $return['data']['hostname']; } }
<?php if ($data['status'] == 'error') { $txt_error = "<div>" . _("The following errors occurred") . ":</div>\n\t\t\t\t\t <div style='padding: 2px 10px 5px 10px;'>" . implode("<br/>", $data['data']) . "</div>"; $config_nt = array('content' => $txt_error, 'options' => array('type' => 'nf_error', 'cancel_button' => FALSE), 'style' => 'width: 80%; margin: 20px auto; text-align: left;'); $nt = new Notification('nt_1', $config_nt); $nt->show(); Util::make_form("POST", "newserverform.php"); $db->close(); exit; } if (!Session::hostAllowed_by_ip_ctx($conn, $ip, Session::get_default_ctx())) { $db->close(); die(ossim_error(_("You don't have permission to create a new server with this IP Address"))); } // Try to attach a new server $client = new Alienvault_client(); $response = $client->system()->set_component($ip, $password, 'password'); $return = @json_decode($response, TRUE); if (!$return || $return['status'] == 'error') { $config_nt = array('content' => $return['message'], 'options' => array('type' => 'nf_error', 'cancel_button' => FALSE), 'style' => 'width: 80%; margin: 20px auto; text-align:center;'); $nt = new Notification('nt_1', $config_nt); $nt->show(); Util::make_form("POST", "newserverform.php"); $db->close(); exit; } else { $new_id = strtoupper(str_replace('-', '', $return['data']['server_id'])); if ($return['data']['hostname'] != '') { $sname = $return['data']['hostname']; } else { $sname = 'USM-Server';
$conn = $db->connect(); switch ($action) { case 'track_usage_information': try { //Validate Token $token = POST('token'); if (Token::verify('tk_tui', $token) == FALSE) { $t_error = Token::create_error_message(); Av_exception::throw_error(Av_exception::USER_ERROR, $t_error); } if (Session::am_i_admin()) { $tui = intval(POST('tui')); $tui_status = $tui > 0 ? 1 : 0; $config = new Config(); $config->update('track_usage_information', $tui_status); $client = new Alienvault_client(); $tui_status = $tui > 0 ? TRUE : FALSE; $client->system()->set_telemetry($tui_status); $data['status'] = 'success'; $data['data'] = _('Your changes have been saved'); } else { Av_exception::throw_error(Av_exception::USER_ERROR, _('You do not have the correct permissions to configure this option. Please contact system administrator with any questions')); } } catch (Exception $e) { $db->close(); Util::response_bad_request($e->getMessage()); } break; } $db->close(); echo json_encode($data);
$response['iTotalDisplayRecords'] = 0; $response['aaData'] = array(); echo json_encode($response); exit; } $db = new ossim_db(); $conn = $db->connect(); // Get plugins by asset using Alienvault API $total = 0; $data = array(); $plugins = array(); try { $sensors = Asset_host_sensors::get_sensors_by_id($conn, $asset_id); //Show column 'Sensor' when there are two sensors or more $num_sensors = count($sensors); $client = new Alienvault_client(); foreach ($sensors as $sensor_id => $s_data) { $plugins = $client->sensor(Util::uuid_format($sensor_id))->get_plugins_by_assets(); $plugins = @json_decode($plugins, TRUE); if ($plugins['status'] == 'success') { if (array_key_exists($asset_id, $plugins['data']['plugins'])) { $plugins = $plugins['data']['plugins'][$asset_id]; foreach ($plugins as $plugin_name => $pdata) { $total++; if (!empty($search_str)) { $aux_search_str = '/' . strtolower($search_str) . '/'; $aux_cpe = strtolower($pdata['cpe']); if (!preg_match($aux_search_str, $aux_cpe)) { continue; } }
function reconfig_system() { $uuid = Util::get_default_uuid(); $data['status'] = 'error'; $data['data'] = _('Error! It was not possible to apply the nfsen configuration.'); if ($uuid !== FALSE) { //If we find a job id, then we try to retrieve the status of the job $client = new Alienvault_client(); $response = $client->server()->nfsen_reconfig(); $response = @json_decode($response, TRUE); //Comunication problem with the API. Error if (!$response || $response['status'] == 'error') { $exp_msg = $client->get_error_message($response); $data['status'] = 'error'; $data['data'] = _('Error! Nfsen Reconfig was not executed due to an unexpected error.') . ' (' . $exp_msg . ')'; } else { $data['status'] = 'success'; $data['data'] = ''; } } return $data; }
if ($flag_status != 2) { for ($i = 0; $i < POST('nconfs'); $i++) { if (isset($_POST["conf_{$i}"]) && isset($_POST["value_{$i}"])) { if ($pass_fields[POST("conf_{$i}")] == 1 && Util::is_fake_pass(POST("value_{$i}")) || POST("value_{$i}") == 'skip_this_config_value') { continue; } else { $before_value = $ossim_conf->get_conf(POST("conf_{$i}")); $config->update(POST("conf_{$i}"), POST("value_{$i}")); if (POST("value_{$i}") != $before_value) { Log_action::log(7, array("variable: " . POST("conf_{$i}"))); // Special cases if (POST("conf_{$i}") == 'idm_user_login_timeout') { $restart_server = 1; } if (POST("conf_{$i}") == 'track_usage_information') { $client = new Alienvault_client(); $client->system()->set_telemetry(POST("value_{$i}") > 0 ? TRUE : FALSE); } } } } } } // check valid pass length max if (intval($pass_length_max) < intval($pass_length_min) || intval($pass_length_max) < 1 || intval($pass_length_max) > 255) { $config->update('pass_length_max', 255); } else { $config->update('pass_length_max', intval($pass_length_max)); } // check valid expire min - max if ($pass_expire_max * 60 * 24 < $pass_expire_min) {