function jgraph_attack_graph($target, $hosts, $type = "Bar3D", $width = 450, $height = 250)
{
global $security_report;
global $datapath;
global $base_dir;
if (!strcmp($target, "ip_src")) {
if (!($fp = @fopen("{$base_dir}/tmp/ip_src.xml", "w"))) {
print "Error: <b>{$datapath}</b> directory must exists and be <br/>\n";
print "writable by the user the webserver runs as";
exit;
}
} else {
if (!($fp = @fopen("{$base_dir}/tmp/ip_dst.xml", "w"))) {
print "Error: <b>{$datapath}</b> directory must exists and be <br/>\n";
print "writable by the user the webserver runs as";
exit;
}
}
fwrite($fp, "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n" . "<CategoryDataset>\n <Series name=\"{$target}\">\n");
$list = $security_report->AttackHost($target, $hosts);
foreach ($list as $l) {
$ip = $l[0];
$occurrences = $l[1];
$hostname = Host::ip2hostname($security_report->ossim_conn, $ip);
$os_pixmap = Host_os::get_os_pixmap($security_report->ossim_conn, $ip);
if (strlen($hostname) > MAX_HOSTNAME_LEN) {
$hostname = $ip;
}
fwrite($fp, " <Item>\n <Key>{$hostname}</Key>\n <Value>{$occurrences}</Value>\n </Item>\n");
}
fwrite($fp, " </Series>\n</CategoryDataset>\n\n");
fclose($fp);
echo "\n<applet archive=\"../java/jcommon-0.9.5.jar,../java/jfreechart-0.9.20.jar,../java/jossim-graph.jar\" code=\"net.ossim.graph.applet.OssimGraphApplet\" width=\"{$width}\" height=\"{$height}\" alt=\"You should see an applet, not this text.\">\n <param name=\"graphType\" value=\"{$type}\">";
if (!strcmp($target, "ip_src")) {
echo " <param name=\"xmlDataUrl\" value=\"{$datapath}/ip_src.xml\">";
} else {
echo " <param name=\"xmlDataUrl\" value=\"{$datapath}/ip_dst.xml\">";
}
echo "\n <param name=\"alpha\" value=\"0.42f\">\n <param name=\"legend\" value=\"false\">\n <param name=\"tooltips\" value=\"false\">\n <param name=\"orientation\" value=\"HORIZONTAL\">\n</applet>\n";
}
function ip_max_occurrences($target, $date_from, $date_to)
{
global $NUM_HOSTS;
global $security_report;
global $report_type;
/* ossim framework conf */
$conf = $GLOBALS["CONF"];
$acid_link = $conf->get_conf("acid_link");
$ossim_link = $conf->get_conf("ossim_link");
$acid_prefix = $conf->get_conf("event_viewer");
$report_graph_type = $conf->get_conf("report_graph_type");
if (!strcmp($target, "ip_src")) {
if ($report_type == "alarm") {
$target = "src_ip";
}
$title = _("Attacker hosts");
} elseif (!strcmp($target, "ip_dst")) {
if ($report_type == "alarm") {
$target = "dst_ip";
}
$title = _("Attacked hosts");
}
$list = $security_report->AttackHost($security_report->ossim_conn, $target, $NUM_HOSTS, $report_type, $date_from, $date_to);
if (count($list) == 0) {
echo "<table align='center' class='nobborder'><tr><td class='nobborder'>" . _("No data available") . "</td></tr></table></body></html>";
exit(0);
}
?>
<table align="center" width="750" cellpadding="0" cellspacing="0" class="noborder">
<tr><td class="headerpr"><?php
echo _("Top");
echo " {$NUM_HOSTS} {$title}";
?>
</td></tr>
</table>
<table align="center" width="750">
<tr><td style="padding-top:15px;" valign="top" class="nobborder">
<table align="center">
<tr>
<th> <?php
echo gettext("Host");
?>
</th>
<th> <?php
echo gettext("Occurrences");
?>
</th>
</tr>
<?php
foreach ($list as $l) {
$ip = $l[0];
$occurrences = number_format($l[1], 0, ",", ".");
$hostname = Host::ip2hostname($security_report->ossim_conn, $ip);
$os_pixmap = Host_os::get_os_pixmap($security_report->ossim_conn, $ip);
if ($report_type == "alarm") {
if ($target == "src_ip") {
$link = "{$ossim_link}/control_panel/alarm_console.php?src_ip=" . $ip;
} elseif ($target == "dst_ip") {
$link = "{$ossim_link}/control_panel/alarm_console.php?dst_ip=" . $ip;
} else {
$link = "{$ossim_link}/control_panel/alarm_console.php?src_ip=" . $ip . "&dst_ip=" . $ip;
}
} else {
$link = "{$acid_link}/" . $acid_prefix . "_stat_alerts.php?&" . "num_result_rows=-1&" . "submit=Query+DB&" . "current_view=-1&" . "ip_addr[0][1]={$target}&" . "ip_addr[0][2]==&" . "ip_addr[0][3]={$ip}&" . "ip_addr_cnt=1&" . "sort_order=time_d";
}
?>
<tr>
<td><div id="<?php
echo $ip;
?>
;<?php
echo $hostname;
?>
" class="HostReportMenu" style="display:inline">
<a title="<?php
echo $ip;
?>
"
href="<?php
echo $link;
?>
"><?php
echo $hostname;
?>
</a></div>
<?php
echo $os_pixmap;
?>
</td>
<td><?php
echo $occurrences;
?>
</td>
</tr>
<?php
}
?>
</table>
</td>
<td valign="top" class="nobborder">
<?php
if ($report_graph_type == "applets") {
jgraph_attack_graph($target, $NUM_HOSTS);
} else {
?>
<img src="graphs/attack_graph.php?target=<?php
echo $target;
?>
&hosts=<?php
echo $NUM_HOSTS;
?>
&type=<?php
echo $report_type;
?>
&date_from=<?php
echo urlencode($date_from);
?>
&date_to=<?php
echo urlencode($date_to);
?>
"
alt="attack_graph"/>
<?php
}
?>
</td>
</tr>
</table>
<?php
}
echo "ANY";
} else {
echo $port->get_port() . "<br/>";
}
}
}
?>
</td>
<!-- end dest ports -->
<!-- sensors -->
<td>
<?php
if (is_array($sensor_list = $response->get_sensors($conn))) {
foreach ($sensor_list as $sensor) {
echo Host::ip2hostname($conn, $sensor->get_host()) . "<br/>";
}
}
?>
</td>
<!-- end sensors -->
<!-- plugins -->
<td>
<?php
if (is_array($plugin_list = $response->get_plugins($conn))) {
foreach ($plugin_list as $plugin) {
if ($plugin->get_plugin_id() == 0) {
echo "ANY";
} else {
echo $plugin->get_plugin_id() . "<br/>";
echo $risk_field;
?>
<!-- sensor -->
<td class="nobborder" style="background-color:<?php
echo $bgcolor;
?>
;text-align:center">
<?php
foreach ($sensors as $sensor) {
?>
<a href="../sensor/sensor_plugins.php?hmenu=Sensors&smenu=Sensors&sensor=<?php
echo $sensor;
?>
"
><?php
echo $no_resolv ? $sensor : Host::ip2hostname($conn, $sensor);
?>
</a>
<?php
}
if (!count($sensors)) {
echo " ";
}
?>
</td>
<!-- end sensor -->
<td class="nobborder" style='background-color:<?php
echo $bgcolor;
?>
;text-align: center' width='12%'><?php
echo $s_since;
if ($plugin_list = Plugin::get_list($conn, "WHERE id = {$id}")) {
$plugin_name = $plugin_list[0]->get_name();
} else {
$plugin_name = $id;
}
echo "<tr>\n";
echo "<td>" . $plugin_name . "</td>\n";
echo "<td>" . $schedule->get_minute() . "</td>\n";
echo "<td>" . $schedule->get_hour() . "</td>\n";
echo "<td>" . $schedule->get_day_month() . "</td>\n";
echo "<td>" . $schedule->get_month() . "</td>\n";
echo "<td>" . $schedule->get_day_week() . "</td>\n";
echo "<td>";
foreach ($sensors as $sensor) {
echo "Sensor: ";
echo Host::ip2hostname($conn, $sensor->get_sensor_name()) . "<br>";
}
foreach ($netgroups as $netgroup) {
echo "NetGroups: ";
echo $netgroup->get_netgroup_name() . "<br>";
}
foreach ($hostgroups as $hostgroup) {
echo "HostGroups: ";
echo $hostgroup->get_hostgroup_name() . "<br>";
}
foreach ($nets as $net) {
echo "Nets: ";
echo $net->get_net_name() . "<br>";
}
foreach ($hosts as $host) {
echo "Host: ";
$count = RRD_anomaly::get_list_count($conn);
if ($event_list = RRD_anomaly::get_list($conn, $where_clause, "order by\nanomaly_time desc", "0", $count)) {
foreach ($event_list as $event) {
$ip = $event->get_ip();
?>
<tr>
<th>
<A HREF="<?php
echo Sensor::get_sensor_link($conn, $ip) . "/{$ip}.html";
?>
" target="_blank" title="<?php
echo $ip;
?>
">
<?php
echo Host::ip2hostname($conn, $ip);
?>
</A></th><td> <?php
echo $event->get_what();
?>
</td>
<td> <?php
echo $event->get_anomaly_time();
?>
</td>
<td> <?php
echo round($event->get_count() / $perl_interval);
echo _("h.");
?>
</td>
<td><font color="red"><?php
$acid_link = Util::get_acid_events_link($since, $date, "time_a");
echo "\n <a href=\"{$acid_link}\">\n <font color=\"black\">{$since}</font>\n </a>\n ";
?>
</td>
<td style="padding-left:3px;padding-right:3px" class="center nobborder">
<?php
$acid_link = Util::get_acid_events_link($since, $date, "time_d");
echo "\n <a href=\"{$acid_link}\">\n <font color=\"black\">{$date}</font></a>\n ";
?>
</td>
<?php
$src_link = "../forensics/base_stat_ipaddr.php?clear_allcriteria=1&ip={$src_ip}&hmenu=Forensics&smenu=Forensics";
$dst_link = "../forensics/base_stat_ipaddr.php?clear_allcriteria=1&ip={$dst_ip}&hmenu=Forensics&smenu=Forensics";
$src_name = $no_resolv ? $src_ip : Host::ip2hostname($conn, $src_ip);
$dst_name = $no_resolv ? $dst_ip : Host::ip2hostname($conn, $dst_ip);
$src_img = Host_os::get_os_pixmap($conn, $src_ip);
$dst_img = Host_os::get_os_pixmap($conn, $dst_ip);
$src_country = strtolower(geoip_country_code_by_addr($gi, $src_ip));
$src_country_name = geoip_country_name_by_addr($gi, $src_ip);
$src_country_img = "<img src=\"/ossim/pixmaps/flags/" . $src_country . ".png\" title=\"" . $src_country_name . "\">";
$dst_country = strtolower(geoip_country_code_by_addr($gi, $dst_ip));
$dst_country_name = geoip_country_name_by_addr($gi, $dst_ip);
$dst_country_img = "<img src=\"/ossim/pixmaps/flags/" . $dst_country . ".png\" title=\"" . $dst_country_name . "\">";
?>
<!-- src & dst hosts -->
<td nowrap style="text-align:center;padding-left:3px;padding-right:3px" class="nobborder">
<div id="<?php
echo $src_ip;
?>
;<?php
$sensor_where = "";
if (Session::allowedSensors() != "") {
$user_sensors = explode(",", Session::allowedSensors());
$snortsensors = Event_viewer::GetSensorSids($conn);
$sensor_str = "";
foreach ($user_sensors as $user_sensor) {
if (count($snortsensors[$user_sensor]) > 0) {
$sensor_str .= $sensor_str != "" ? "," . implode(",", $snortsensors[$user_sensor]) : implode(",", $snortsensors[$user_sensor]);
}
}
if ($sensor_str == "") {
$sensor_str = "0";
}
$sensor_where = " AND sid in (" . $sensor_str . ")";
}
$hostname = Host::ip2hostname($conn_ossim, $host);
if ($hostname != $host) {
$title = $hostname . "({$host})";
} else {
$title = $host;
}
$_SESSION['host_report'] = $host;
if (preg_match("/\\/\\d+/", $host)) {
$exp = CIDR::expand_CIDR($host, "SHORT", "IP");
$src_s_range = $exp[0];
$src_e_range = end($exp);
$ip_where = "ip_src>=INET_ATON('{$src_s_range}') AND ip_src<=INET_ATON('{$src_e_range}') and";
} elseif ($host == 'any') {
$ip_where = "";
} else {
$ip_where = "ip_src=INET_ATON('{$host}') and";
if ($type == "event" && is_array($SS_Attack) && count($SS_Attack) > 0) {
$list = $SS_Attack;
} elseif ($type == "alarm" && is_array($SA_Attack) && count($SA_Attack) > 0) {
$list = $SA_Attack;
} else {
$list = $security_report->AttackHost($security_report->ossim_conn, $target, $limit, $type, $date_from, $date_to);
}
$datax = $datay = array();
$gorientation = "h";
foreach ($list as $key => $l) {
if ($key >= 10) {
// ponemos un límite de resultados para la gráfica
//break;
$gorientation = "v";
}
$datax[] = Host::ip2hostname($security_report->ossim_conn, $l[0]);
$datay[] = $l[1];
}
require_once 'ossim_conf.inc';
$conf = $GLOBALS["CONF"];
$jpgraph = $conf->get_conf("jpgraph_path");
require_once "{$jpgraph}/jpgraph.php";
require_once "{$jpgraph}/jpgraph_bar.php";
// Setup the graph.
if ($gorientation == "v") {
$y = 30 + count($list) * 21;
} else {
$y = 250;
}
$graph = new Graph(400, $y, "auto");
$graph->img->SetMargin(60, 20, 30, 100);
}
} elseif ($ref == 'Vulnerability') {
$vulnerability_list = $incident->get_vulnerabilities($conn);
foreach ($vulnerability_list as $vulnerability_data) {
// Osvdb starting
$nessus_id = $vulnerability_data->get_nessus_id();
$osvdb_id = Osvdb::get_osvdbid_by_nessusid($conn, $nessus_id);
if ($osvdb_id) {
$nessus_id = "<a href=\"osvdb.php?id=" . $osvdb_id . "\">" . $nessus_id . "</a>";
}
// Osvdb end
// Add name and kdb link
require_once "classes/Host.inc";
require_once "classes/Repository.inc";
$txt_temp = '';
$hostname_temp = Host::ip2hostname($conn, $vulnerability_data->get_ip());
if ($hostname_temp != $vulnerability_data->get_ip()) {
$txt_temp .= $hostname_temp . ' - ';
}
if ($linkedocs = Repository::have_linked_documents($conn, $vulnerability_data->get_ip(), 'host')) {
$txt_temp .= "<a href=\"javascript:;\" onclick=\"GB_edit('../repository/repository_list.php?keyname=" . urlencode($vulnerability_data->get_ip()) . "&type=host')\" class='blue' target='main'>[" . $linkedocs . "] " . _('Knowledge DB') . "</a>";
}
if ($txt_temp != '') {
$txt_temp = ' (' . $txt_temp . ')';
}
echo "<strong>IP:</strong> " . $vulnerability_data->get_ip() . $txt_temp . "<br>";
echo "<strong>Port:</strong> " . $vulnerability_data->get_port() . "<br/>";
echo "<strong>Scanner ID:</strong> " . $nessus_id . "<br/>";
echo "<strong>Risk:</strong> " . $vulnerability_data->get_risk() . "<br/>";
echo "<strong>Description:</strong> " . Osvdb::sanity($vulnerability_data->get_description()) . "<br/>";
}
$alarm_name = Util::translate_alarm($conn, $alarm_name, $alarm);
$alarm_name_orig = $alarm_name;
if ($backlog_id != 0) {
$events_link = "events.php?backlog_id={$backlog_id}";
$alarm_name = $events_link;
} else {
$events_link = $_SERVER["SCRIPT_NAME"];
$alarm_link = Util::get_acid_pair_link($date, $alarm->get_src_ip(), $alarm->get_dst_ip());
$alarm_name = $alarm_link;
}
$src_ip = $alarm->get_src_ip();
$dst_ip = $alarm->get_dst_ip();
$src_port = Port::port2service($conn, $alarm->get_src_port());
$dst_port = Port::port2service($conn, $alarm->get_dst_port());
$sensors = $alarm->get_sensors();
$risk = $alarm->get_risk();
$src_link = "report/index.php?host={$src_ip}§ion=events";
$dst_link = "report/index.php?host={$dst_ip}§ion=events";
$src_name = Host::ip2hostname($conn, $src_ip);
$dst_name = Host::ip2hostname($conn, $dst_ip);
$event_id = $alarm->get_event_id();
$status = $alarm->get_status();
echo "\n <entry>\n <title>\n Alarm: {$alarm_name_orig} Risk: {$risk}</title>\n <id>http://" . $_SERVER['SERVER_ADDR'] . "/" . urlencode($alarm_name) . "</id>\n <link href=\"http://" . $_SERVER['SERVER_ADDR'] . "/" . urlencode($alarm_name) . "\"/>\n <summary>{$alarm_name_orig}</summary>\n <content type=\"application/xhtml+xml\" xml:space=\"preserve\">\n <div xmlns=\"http://www.w3.org/1999/xhtml\">\n <strong>Alarm:</strong> {$alarm_name_orig}<br/>\n <strong>Risk:</strong> {$risk}<br/>\n <strong>Date:</strong> {$since}<br/>\n";
foreach ($sensors as $sensor) {
echo "\n <strong>Sensor:</strong>\n <a href=\"http://" . $_SERVER['SERVER_ADDR'] . "/ossim/sensor/sensor_plugins.php?sensor={$sensor}\" >{$sensor}</a>\n (" . Host::ip2hostname($conn, $sensor) . ")<br/>\n ";
}
echo "\n <strong>Source IP:</strong>\n <a href=\"http://" . $_SERVER['SERVER_ADDR'] . "/ossim/" . urlencode($src_link) . "\">{$src_ip}</a><br/>\n <strong>Destination IP:</strong>\n <a href=\"http://" . $_SERVER['SERVER_ADDR'] . "/ossim/" . urlencode($dst_link) . "\">{$dst_ip}</a><br/>\n </div>\n </content>\n <author>\n <name>\nOSSIM at " . $_SERVER['SERVER_ADDR'] . "\n </name>\n </author>\n <updated>" . Util::timestamp2RFC1459($alarm->get_timestamp()) . "</updated>\n </entry>\n";
}
}
echo "</feed>\n";
$db->close($conn);
<td> </td>
<td>
<A HREF="<?php
echo Sensor::get_sensor_link($conn, $anom_services_ip["ip"]) . "/" . $anom_services_ip["ip"] . ".html";
?>
" target="_blank" title="<?php
echo $anom_services_ip["ip"];
?>
">
<?php
echo Host::ip2hostname($conn, $anom_services_ip["ip"]);
?>
</A>
</td>
<td colspan="1"><?php
echo Host::ip2hostname($conn, $anom_services_ip["sensor"], true);
?>
</td>
<td colspan="1"><?php
echo $anom_services_ip["port"];
?>
</td>
<td colspan="1"><font color="red"><?php
echo $anom_services_ip["service"] . "/" . getprotobynumber($anom_services_ip["protocol"]) . " [" . $anom_services_ip["version"] . "]";
?>
</font></td>
<td colspan="1"><?php
echo $anom_services_ip["old_service"] . "/" . getprotobynumber($anom_services_ip["old_protocol"]) . " [" . $anom_services_ip["old_version"] . "]";
?>
</td>
<td colspan="1"><?php
echo _("Device");
?>
</th>
<th><?php
echo _("Date");
?>
</th>
<th><?php
echo _("Last SIEM Event");
?>
</th>
</tr>
<?php
}
foreach ($events as $event) {
$hostname = Host::ip2hostname($conn, $event["ip"]);
if ($event["ip"] != $hostname) {
$hostname = $event["ip"] . " [{$hostname}]";
}
$ago = TimeAgo(strtotime($event["event_date"]), time());
?>
<tr class="trc" txt="<?php
echo strtotime($event["event_date"]);
?>
">
<td class="small nobborder center" width="16px"><img src="" border="0"></td>
<td class="small nobborder"><b><?php
echo $hostname;
?>
</b> </td>
<td class="small nobborder center"><?php
if ($need_extradata && !array_key_exists("username", $myrow)) {
$rs_ed = $qs->ExecuteOutputQueryNoCanned("SELECT * FROM extra_data WHERE sid=" . $myrow["sid"] . " AND cid=" . $myrow["cid"], $db);
while ($row_ed = $rs_ed->baseFetchRow()) {
foreach ($row_ed as $k => $v) {
$myrow[$k] = $v;
}
}
$rs_ed->baseFreeRows();
}
//
// SID, CID, PLUGIN_*
$cell_data['SID'] = $myrow["sid"];
$cell_align['SID'] = "center";
$cell_data['SENSOR'] = $sensornames[$myrow["sid"]] != "" ? $sensornames[$myrow["sid"]] : gettext("unknown");
if (preg_match("/\\d+\\.\\d+\\.\\d+\\.\\d+/", $cell_data['SENSOR'])) {
$cell_data['SENSOR'] = '<A alt="' . $cell_data['SENSOR'] . '" title="' . $cell_data['SENSOR'] . '" HREF="base_stat_ipaddr.php?ip=' . $cell_data['SENSOR'] . '&netmask=32">' . Host::ip2hostname($_conn, $cell_data['SENSOR'], true) . '</A>';
}
$cell_align['SENSOR'] = "center";
$cell_data['CID'] = $myrow["cid"];
$cell_align['CID'] = "center";
$cell_data['PLUGIN_ID'] = $myrow["plugin_id"];
$cell_align['PLUGIN_ID'] = "center";
$cell_data['PLUGIN_SID'] = $myrow["plugin_sid"];
$cell_align['PLUGIN_SID'] = "center";
if (in_array("PLUGIN_NAME", $_SESSION['views'][$_SESSION['current_cview']]['cols']) || in_array("PLUGIN_DESC", $_SESSION['views'][$_SESSION['current_cview']]['cols'])) {
list($cell_data['PLUGIN_NAME'], $cell_data['PLUGIN_DESC']) = GetPluginNameDesc($myrow["plugin_id"], $db);
$cell_align['PLUGIN_NAME'] = $cell_align['PLUGIN_DESC'] = "left";
}
if (in_array("PLUGIN_SOURCE_TYPE", $_SESSION['views'][$_SESSION['current_cview']]['cols'])) {
$cell_data['PLUGIN_SOURCE_TYPE'] = $opensource ? _("Only in Profesional version") : GetSourceType($myrow["plugin_id"], $db);
$cell_align['PLUGIN_SOURCE_TYPE'] = "center";
</td>
<td width="128" style='background-color:#FFFFE3;border-radius: 3px; -moz-border-radius: 3px; -webkit-border-radius: 3px;border: 1px solid #F0E68C;'>
<?php
echo _("Info");
?>
</td></tr>
<?php
$tp = intval(count($vulns) / $maxpag);
$tp += count($vulns) % $maxpag == 0 ? 0 : 1;
$to = $pag * $maxpag;
$from = $to - $maxpag;
$ips_to_show = array();
$i = 1;
foreach ($vulns as $key => $value) {
if ($i > $from && $i <= $to) {
$name = Host::ip2hostname($dbconn, $key);
$ips_to_show[] = $key . "|" . $name;
?>
<tr>
<td style="text-align:center"><?php
echo $key;
?>
</td>
<td style="text-align:center"><?php
echo $name;
?>
</td>
<?php
$image = get_image($value[1]);
?>
<td style="text-align:center"><?php
$me = null;
}
$gi = geoip_open("/usr/share/geoip/GeoIP.dat", GEOIP_STANDARD);
$s_country = strtolower(geoip_country_code_by_addr($gi, $user->get_ip()));
$s_country_name = geoip_country_name_by_addr($gi, $user->get_ip());
$geo_code = get_country($s_country, $s_country_name);
$flag = !empty($geo_code) ? "<img src='" . $geo_code . "' border='0' align='top'/>" : "";
$logon_date = gmdate("Y-m-d H:i:s", Util::get_utc_unixtime($dbconn, $user->get_logon_date()) + 3600 * Util::get_timezone());
$activity_date = Util::get_utc_unixtime($dbconn, $user->get_activity());
$style = Session_activity::is_expired($activity_date) ? "background:#EFE1E0;" : "background:#EFFFF7;";
$expired = Session_activity::is_expired($activity_date) ? "<span style='color:red'>(" . _("Expired") . ")</span>" : "";
$agent = explode("###", $user->get_agent());
if ($agent[1] == "av report scheduler") {
$agent = array("AV Report Scheduler", "wget");
}
echo " <tr style='{$style}' id='" . $user->get_id() . "'>\n\t\t\t\t\t\t\t\t\t<td class='ops_user' {$me}><img class='user_icon' src='" . get_user_icon($user->get_login(), $pro) . "' alt='" . _("User icon") . "' title='" . _("User icon") . "' align='absmiddle'/> " . $user->get_login() . "</td>\n\t\t\t\t\t\t\t\t\t<td class='ops_ip'>" . $user->get_ip() . "</td>\n\t\t\t\t\t\t\t\t\t<td class='ops_host'>" . Host::ip2hostname($dbconn, $user->get_ip()) . $flag . "</td>\n\t\t\t\t\t\t\t\t\t<td class='ops_agent'><a txt='" . htmlentities($agent[1]) . "' class='info_agent'>" . htmlentities($agent[0]) . "</a></td>\n\t\t\t\t\t\t\t\t\t<td class='ops_id'>" . $user->get_id() . " {$expired}</td>\n\t\t\t\t\t\t\t\t\t<td class='ops_logon'>" . $logon_date . "</td>\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t<td class='ops_activity'>" . _(TimeAgo($activity_date, gmdate("U"))) . "</td>\n\t\t\t\t\t\t\t\t\t<td class='ops_actions'>{$action}</td>\t\n\t\t\t\t\t\t\t\t</tr>";
}
} else {
echo "<tr><td colspan='8' id='no_sessions' class='nobborder'><div class='ossim_info'>" . _("No active sessions") . "</td></tr>";
}
?>
</tbody>
</table>
</div>
</body>
</html>
<?php
$db->close($dbconn);
function showWindowContents()
{
require_once 'ossim_db.inc';
require_once 'classes/Event_viewer.inc';
$dbname = $this->get('cloud_db');
$link = $this->get('cloud_link');
$max_len = $this->get('cloud_tag_max_len');
$resolv_hostname = $this->get('cloud_resolv_ip');
if (ossim_error()) {
die(ossim_error());
}
$method = $dbname == 'snort' ? 'snort_connect' : 'connect';
$db = new ossim_db();
$conn = $db->{$method}();
// User sensor filtering
$sensor_where = "";
if (Session::allowedSensors() != "") {
$user_sensors = explode(",", Session::allowedSensors());
$snortsensors = Event_viewer::GetSensorSids($conn);
$sensor_str = "";
foreach ($user_sensors as $user_sensor) {
if (count($snortsensors[$user_sensor]) > 0) {
$sensor_str .= $sensor_str != "" ? "," . implode(",", $snortsensors[$user_sensor]) : implode(",", $snortsensors[$user_sensor]);
}
}
if ($sensor_str == "") {
$sensor_str = "0";
}
$sensor_where = " sid in (" . $sensor_str . ")";
}
$sql = $this->get('cloud_sql');
if (!preg_match('/^\\s*\\(?\\s*SELECT\\s/i', $sql) || preg_match('/\\sFOR\\s+UPDATE/i', $sql) || preg_match('/\\sINTO\\s+OUTFILE/i', $sql) || preg_match('/\\sLOCK\\s+IN\\s+SHARE\\s+MODE/i', $sql)) {
return _("SQL Query invalid due security reasons");
}
if ($sensor_where != "") {
if (preg_match("/where/", $sql)) {
$sql = str_replace("where", "where " . $sensor_where . " AND ", $sql);
} else {
$sql = str_replace("GROUP BY", "where " . $sensor_where . " GROUP BY", $sql);
}
}
//echo "Ejecutando en $dbname: $sql";
if (!($rs = $conn->Execute($sql))) {
return "Error was: " . $conn->ErrorMsg() . "\n\nQuery was: " . $sql;
}
if ($resolv_hostname) {
require_once "classes/Host.inc";
}
$tags = array();
while (!$rs->EOF) {
if ($resolv_hostname) {
$tag_names[$rs->fields[0]] = Host::ip2hostname($conn, $rs->fields[0], $is_sensor = false, $force_no_dns = true);
}
$tags[$rs->fields[0]] = $rs->fields[1];
$rs->MoveNext();
}
$db->close($conn);
if (!count($tags)) {
return "";
}
// Default font sizes
$min_font_size = 8;
$max_font_size = 35;
$minimum_count = min(array_values($tags));
$maximum_count = max(array_values($tags));
$spread = $maximum_count - $minimum_count;
if ($spread == 0) {
$spread = 1;
}
if ($link == '') {
$link = '#';
}
$cloud_html = '';
$cloud_tags = array();
// create an array to hold tag code
foreach ($tags as $tag => $count) {
$local_link = str_replace("_TAG_", $tag, $link);
$local_name = $tag;
if ($resolv_hostname) {
$local_name = $tag_names[$tag];
}
if ($max_len > 0) {
$tag = substr($tag, 0, $max_len);
}
$size = count($tags) == 1 ? $max_font_size : $min_font_size + ($count - $minimum_count) * ($max_font_size - $min_font_size) / $spread;
$cloud_tags[] = '<a style="font-size: ' . floor($size) . 'px' . '" class="tag_cloud" href="' . htmlspecialchars($local_link) . '" title="\'' . $tag . '\' returned a count of ' . $count . '">' . htmlspecialchars(stripslashes($local_name)) . '</a> ';
}
$cloud_html = join("\n", $cloud_tags) . "\n";
return $cloud_html;
}
foreach ($source_host_list as $source_host_group) {
$source .= ($source == "" ? "" : "<br/>") . "<img src='../pixmaps/theme/host_group.png' align=absbottom> " . $source_host_group->get_host_group_name();
}
}
if ($source_net_list = $policy->get_net_groups($conn, 'source')) {
foreach ($source_net_list as $source_net_group) {
$source .= ($source == "" ? "" : "<br/>" . "<img src='../pixmaps/theme/net_group.png' align=absbottom> ") . $source_net_group->get_net_group_name();
}
}
$source = preg_replace("/\\> any/", "> <font color='#AAAAAA'><b>ANY</b></font>", $source);
$xml .= "<cell><![CDATA[" . $source . "]]></cell>";
//
$dest = "";
if ($dest_host_list = $policy->get_hosts($conn, 'dest')) {
foreach ($dest_host_list as $dest_host) {
$dest .= ($dest == "" ? "" : "<br/>") . "<img src='../pixmaps/theme/host.png' align=absbottom> " . Host::ip2hostname($conn, $dest_host->get_host_ip());
}
}
if ($dest_net_list = $policy->get_nets($conn, 'dest')) {
foreach ($dest_net_list as $dest_net) {
$dest .= ($dest == "" ? "" : "<br/>") . "<img src='../pixmaps/theme/net.png' align=absbottom> " . $dest_net->get_net_name();
}
}
if ($dest_host_list = $policy->get_host_groups($conn, 'dest')) {
foreach ($dest_host_list as $dest_host_group) {
$dest .= ($dest == "" ? "" : "<br/>") . "<img src='../pixmaps/theme/host_group.png' align=absbottom> " . $dest_host_group->get_host_group_name();
}
}
if ($dest_net_list = $policy->get_net_groups($conn, 'dest')) {
foreach ($dest_net_list as $dest_net_group) {
$dest .= ($dest == "" ? "" : "<br/>") . "<img src='../pixmaps/theme/net_group.png' align=absbottom> " . $dest_net_group->get_net_group_name();
$ntop_link = preg_replace("/\\/\$/", "", $ntop_link);
if ($fd = @fopen("{$ntop_link}/{$host}.html", "r")) {
while (!feof($fd)) {
$line = fgets($fd, 1024);
/*
* search for Sessions section
*/
if (eregi(">Active.*Sessions<", $line)) {
$found = 1;
}
/*
* begin to print at the begin of <table>...
*/
if ($found && eregi('<table', $line)) {
$show = 1;
$hostname = Host::ip2hostname($conn, $host);
$os_pixmap = Host_os::get_os_pixmap($conn, $host);
if (strcmp($hostname, $host)) {
$hostname .= " ({$host})";
}
echo "<HTML>\n <HEAD>\n <TITLE> \nEOF; \n echo gettext(\"Active TCP Sessions\");\necho <<<EOF\n </TITLE>\n <LINK REL=stylesheet HREF=\"{$ntop_link}/style.css\" type=\"text/css\">\n </HEAD>\n <BODY BGCOLOR=\"#FFFFFF\" LINK=blue VLINK=blue>\n <H2 align=\"center\">\n <a href=\"../report/index.php?section=usage&host={$host}\">{$hostname}</a>\n {$os_pixmap}\n </H2>\n<CENTER>";
}
/*
* </table> found, session section finished, stop printing
*/
if ($found && eregi('</table', $line)) {
$show = 0;
$found = 0;
echo <<<EOF
</CENTER>
</TABLE>
$withnmapforced = 1;
}
// targets
foreach ($targets as $target) {
if (preg_match("/^!/", $target)) {
continue;
}
$unresolved = !preg_match("/\\d+\\.\\d+\\.\\d+\\.\\d+/", $target) && $not_resolve ? true : false;
if (preg_match("/\\//", $target)) {
// Net
$name = Net::get_name_by_ip($conn, $target);
$perm = Session::netAllowed($conn, $name);
$sensors = Net::get_related_sensors($conn, $name);
} else {
// Host
$name = $unresolved ? $target : Host::ip2hostname($conn, $target);
$perm = $unresolved ? true : Session::hostAllowed($conn, $name);
$sensors = Host::get_related_sensors($conn, $target);
}
if ($unresolved || Session::am_i_admin() && count($sensors) == 0 && $scan_server == "0") {
if ($unresolved) {
foreach ($all_sensors as $ip => $unused) {
$sensors[] = $ip;
}
} else {
$local_ip = `grep framework_ip /etc/ossim/ossim_setup.conf | cut -f 2 -d "="`;
$local_ip = trim($local_ip);
$result = $conn->Execute("SELECT name FROM vuln_nessus_servers WHERE hostname like '{$local_ip}'");
if ($result->fields["name"] != "") {
$sensors[] = $local_ip;
}
$current_a = get_current_metric($host_qualification_cache, $net_qualification_cache, $ip, 'host', 'attack');
$current_c = get_current_metric($host_qualification_cache, $net_qualification_cache, $ip, 'host', 'compromise');
$global_a += $current_a;
$global_c += $current_c;
// only show hosts over their threshold
$max_a_level = round($rs->fields['max_a'] / $threshold_a);
$current_a_level = round($current_a / $threshold_a);
$max_c_level = round($rs->fields['max_c'] / $threshold_c);
$current_c_level = round($current_c / $threshold_c);
//* comment out this if you want to see all hosts
if ($max_a_level <= 1 && $current_a_level <= 1 && $max_c_level <= 1 && $current_c_level <= 1) {
$rs->MoveNext();
continue;
}
//*/
$name = Host::ip2hostname($conn, $ip);
// $name = $rs->fields['hostname'] ? $rs->fields['hostname'] : $ip;
if ($net_belong == "") {
$ext_hosts[$ip] = array('name' => $name, 'threshold_a' => $threshold_a, 'threshold_c' => $threshold_c, 'max_c' => $rs->fields['max_c'], 'max_a' => $rs->fields['max_a'], 'max_c_date' => $rs->fields['max_c_date'], 'max_a_date' => $rs->fields['max_a_date'], 'current_a' => $current_a, 'current_c' => $current_c);
} else {
$data = array('name' => $name, 'threshold_a' => $threshold_a, 'threshold_c' => $threshold_c, 'max_c' => $rs->fields['max_c'], 'max_a' => $rs->fields['max_a'], 'max_c_date' => $rs->fields['max_c_date'], 'max_a_date' => $rs->fields['max_a_date'], 'current_a' => $current_a, 'current_c' => $current_c, 'network' => $net_belong, 'group' => $group_belong);
$hosts[$ip] = $data;
$networks[$net_belong]['hosts'][$ip] = $data;
if ($group_belong) {
$groups[$group_belong]['nets'][$net_belong]['hosts'][$ip] = $data;
}
//printr($data);
}
$rs->MoveNext();
}
?>
?>
" target="_blank">
<font color="black"><?php
echo $date;
?>
</font>
</a>
</td>
<?php
$src_link = "../report/index.php?host={$src_ip}§ion=events";
$src_title = "<ul><li>" . gettext("Src Asset:") . " {$asset_src}</li><li>IP: {$src_ip}</li></ul>";
$dst_link = "../report/index.php?host={$dst_ip}§ion=events";
$dst_title = "<ul><li>" . gettext("Dst Asset:") . " {$asset_dst}</li><li>IP: {$dst_ip}</li></ul>";
$src_name = Host::ip2hostname($conn, $src_ip);
$dst_name = Host::ip2hostname($conn, $dst_ip);
$src_img = Host_os::get_os_pixmap($conn, $src_ip);
$dst_img = Host_os::get_os_pixmap($conn, $dst_ip);
?>
<!-- src & dst hosts -->
<td bgcolor="#eeeeee" nowrap>
<?php
//echo "<a href=\"$src_link\" onMouseOver=\"showhint('$src_title', this, event, '200px')\" target=\"_blank\">$src_name</a>:$src_port $src_img";
?>
<div class="balloon">
<a href="<?php
echo $src_link;
?>
" <?php
if (GET('box') == "1") {
?>
