function valid_value($key, $value)
{
$numeric_values = array("recovery", "threshold", "use_resolv", "have_scanmap3d", "max_event_tmp");
if (in_array($key, $numeric_values)) {
if (!is_numeric($value)) {
require_once "ossim_error.inc";
$error = new OssimError();
$error->display("NOT_NUMERIC", array($key));
}
}
return true;
}
ossim_valid($custom_old_name, OSS_ALPHA, OSS_SPACE, OSS_PUNC_EXT, OSS_SCORE, 'illegal:' . _("Custom field name"));
}
} else {
die(ossim_error('illegal:' . _("action")));
}
}
}
ossim_valid($inctype_descr, OSS_NULLABLE, OSS_ALPHA, OSS_SPACE, OSS_PUNC_EXT, OSS_AT, 'illegal:' . _("Description"));
ossim_valid($inctype_id, OSS_ALPHA, OSS_SPACE, OSS_PUNC, 'illegal:' . _("id"));
ossim_valid($action, OSS_ALPHA, OSS_SCORE, 'illegal:' . _("action"));
if (ossim_error()) {
die(ossim_error());
}
if (!Session::am_i_admin()) {
require_once "ossim_error.inc";
$error = new OssimError();
$error->display("ONLY_ADMIN");
}
require_once 'ossim_db.inc';
require_once 'classes/Incident_type.inc';
$db = new ossim_db();
$conn = $db->connect();
$custom_name = Util::htmlentities($custom_name, ENT_QUOTES);
$custom_old_name = Util::htmlentities($custom_old_name, ENT_QUOTES);
if ($action == "modify") {
Incident_type::update($conn, $inctype_id, $inctype_descr, $custom == 1 ? "custom" : "");
$location = "incidenttype.php";
} elseif ($action == "modify_ct") {
Incident_custom::update_custom($conn, $custom_name, $custom_type, $custom_options, $custom_required, $inctype_id, $custom_old_name);
$location = "modifyincidenttypeform.php?id=" . urlencode($inctype_id);
} elseif ($action == "modify_pos") {
}
if (!Session::am_i_admin() && ($_SESSION["_user"] != $user && !POST("oldpass"))) {
require_once "ossim_error.inc";
$error = new OssimError();
$error->display("FORM_MISSING_FIELDS");
}
/* check for old password if not actual user or admin */
if ($_SESSION["_user"] != $user && !Session::am_i_admin() && !is_array($user_list = Session::get_list($conn, "WHERE login = '******' and pass = '******'"))) {
require_once "ossim_error.inc";
$error = new OssimError();
$error->display("BAD_OLD_PASSWORD");
}
/* check passwords */
if (0 != strcmp($pass1, $pass2)) {
require_once "ossim_error.inc";
$error = new OssimError();
$error->display("PASSWORDS_MISMATCH");
}
/* only the user himself or the admin can change passwords */
if (POST('user') != $_SESSION["_user"] && !Session::am_i_admin()) {
die(ossim_error(_("To change the password for other user is not allowed")));
}
/* check OK, insert into DB */
if (POST('update')) {
Session::changepass($conn, $user, $pass1);
?>
<p> <?php
echo gettext("User succesfully updated");
?>
</p>
<?php
</h1>
<?php
require_once 'ossim_conf.inc';
require_once 'dir.php';
$ossim_conf = $GLOBALS["CONF"];
$snort_rules_path = $ossim_conf->get_conf("snort_rules_path");
?>
<table align="center">
<?php
$files = getDirFiles($snort_rules_path);
/* local snort rule directory */
if ($files == NULL) {
require_once "ossim_error.inc";
$error = new OssimError();
$error->display("RULES_NOT_FOUND", array($snort_rules_path));
}
foreach ($files as $file) {
/* only show .rules files */
$f = split("\\.", $file);
if ($f[1] == 'rules') {
?>
<tr><td>
<a href="rule.php?name=<?php
echo $file;
?>
"><?php
echo $f[0];
?>
</a>
$conf = $GLOBALS["CONF"];
/* Frameworkd's address & port */
$address = $conf->get_conf("frameworkd_address");
$port = $conf->get_conf("frameworkd_port");
/* create socket */
$socket = socket_create(AF_INET, SOCK_STREAM, 0);
if ($socket < 0) {
require_once "ossim_error.inc";
$error = new OssimError();
$error->display("CRE_SOCKET", array(socket_strerror($socket)));
}
/* connect */
$result = @socket_connect($socket, $address, $port);
if (!$result) {
require_once "ossim_error.inc";
$error = new OssimError();
$error->display("FRAMW_NOTRUN", array($address . ":" . $port));
}
if ($status == "reset") {
$in = 'nessus action="reset"' . "\n";
socket_write($socket, $in, strlen($in));
?>
<center><a href="index.php"> <?php
echo gettext("Back");
?>
</a></center>
<?php
exit;
}
if (strlen($sensors) == 0) {
foreach ($sensor_list as $sensor) {
</head>
<body>
<?php
require_once 'classes/Security.inc';
require_once 'classes/Util.inc';
include "../hmenu.php";
if (GET('type') == 'alarm') {
$report_type = "alarm";
} else {
$report_type = "event";
}
require_once 'ossim_conf.inc';
$path_conf = $GLOBALS["CONF"];
$jpgraph_path = $path_conf->get_conf("jpgraph_path");
if (!is_readable($jpgraph_path)) {
$error = new OssimError();
$error->display("JPGRAPH_PATH");
}
require_once 'ossim_db.inc';
require_once 'classes/Host.inc';
require_once 'classes/Host_os.inc';
require_once 'jgraphs/jgraphs.php';
require_once 'classes/SecurityReport.inc';
$security_report = new SecurityReport();
$server = $_SERVER["SERVER_ADDR"];
$file = $_SERVER["REQUEST_URI"];
/* database connect */
$db = new ossim_db();
$conn = $db->connect();
/* Number of hosts to show */
$NUM_HOSTS = 10;
require_once 'classes/Session.inc';
Session::logcheck("MenuIntelligence", "CorrelationDirectives");
require_once 'ossim_conf.inc';
require_once 'classes/Security.inc';
$conf = $GLOBALS["CONF"];
if (version_compare(PHP_VERSION, '5', '>=') && extension_loaded('xsl')) {
require_once 'domxml-php4-to-php5.php';
}
$XML_FILE = '/etc/ossim/server/directives.xml';
$XSL_FILE = $conf->get_conf("base_dir") . '/directives/directivemenu.xsl';
if (GET('css_stylesheet')) {
$css_stylesheet = GET('css_stylesheet');
} else {
$css_stylesheet = 'directives.css';
}
$array_params = array('css_stylesheet' => $css_stylesheet);
if (!function_exists('domxml_xslt_stylesheet_file')) {
require_once "ossim_error.inc";
$error = new OssimError();
$error->display("PHP_DOMXML");
}
if (!is_file($XSL_FILE)) {
die(_("Missing required XSL file") . " '{$XSL_FILE}'");
}
if (!is_file($XML_FILE)) {
die(_("Missing required XML file") . " '{$XML_FILE}'");
}
$xslt = domxml_xslt_stylesheet_file($XSL_FILE);
$xml = domxml_open_file($XML_FILE, DOMXML_LOAD_SUBSTITUTE_ENTITIES);
$html = $xslt->process($xml, $array_params);
echo $html->dump_mem(true);
?>
"><?php
echo gettext("Yes");
?>
</a>
<a href="users.php"> <?php
echo gettext("No");
?>
</a>
</p>
<?php
exit;
}
if ($loguser == $user) {
require_once "ossim_error.inc";
$error = new OssimError();
$error->display("USER_CANT_REMOVE");
}
$db = new ossim_db();
$conn = $db->connect();
//Remove associated PDF report
$uuid = get_report_uuid();
$url = "/usr/share/ossim/www/tmp/scheduler/{$uuid}";
if (is_dir($url) && !empty($uuid)) {
exec("rm -r {$url}");
}
Session::delete($conn, $user);
$db->close($conn);
?>
<p> <?php
.ossim_error { width: auto;}
.error_item { padding-left: 50px;}
</style>
</head>
<body>
<?php
$typeMenu = 'horizontal';
include "../hmenu.php";
if (!$nmap_exists) {
require_once "ossim_error.inc";
$error = new OssimError();
$error->display("NMAP_PATH");
}
?>
<!-- Asset form -->
<div id='error_messages' class='ossim_error'></div>
<form name="assets_form" id="assets_form" method="GET" action="do_scan.php" target="process">
<table align="center" style='width: 570px;'>
<tr>
<th colspan="2"><?php
echo gettext("Please, select the assets you want to scan:");
?>
</th>
</tr>
include "../hmenu.php";
$date_from = GET('date_from') != "" ? GET('date_from') : strftime("%d/%m/%Y ", time()) . "00:00:00";
$date_to = GET('date_to') != "" ? GET('date_to') : strftime("%d/%m/%Y %H:%M:%S", time());
$report_type = GET('report_type');
ossim_valid($report_type, OSS_ALPHA, OSS_PUNC, OSS_NULLABLE, 'illegal:' . _("Report Type"));
if (ossim_error()) {
die(ossim_error());
}
if (empty($report_type)) {
$report_type = "security";
}
require_once 'ossim_conf.inc';
$path_conf = $GLOBALS["CONF"];
$fpdf_path = $path_conf->get_conf("fpdf_path");
if (!is_readable($fpdf_path)) {
$error = new OssimError();
$error->display("FPDF_PATH");
}
?>
<!-- report selector -->
<form name="report_selector" method="GET">
<table align="center">
<tr><td>
<select name="report_type"
onChange="document.forms['report_selector'].submit()">
<option
<?php
if ($report_type == "security") {
echo " selected ";
}
$error->display("PASSWORD_SIZE");
} elseif (strlen($pass1) > $pass_length_max) {
require_once "ossim_error.inc";
$error = new OssimError();
$error->display("PASSWORD_SIZE_MAX");
} elseif (!Session::pass_check_complexity($pass1)) {
require_once "ossim_error.inc";
$error = new OssimError();
$error->display("PASSWORD_ALPHANUM");
} elseif ($pass_expire_min > 0 && dateDiff_min($last_pass_change, date("Y-m-d H:i:s")) < $pass_expire_min) {
require_once "ossim_error.inc";
$error = new OssimError();
$error->display("PASSWORD_EXPIRE_MIN");
} elseif (count($recent_pass) > 0 && in_array(md5($pass1), $recent_pass)) {
require_once "ossim_error.inc";
$error = new OssimError();
$error->display("PASSWORD_RECENT");
}
/* check for old password if not actual user or admin */
/*
if ((($_SESSION["_user"] != $user) && $_SESSION["_user"] != ACL_DEFAULT_OSSIM_ADMIN) && !is_array($user_list = Session::get_list($conn, "WHERE login = '******' and pass = '******'"))) {
require_once ("ossim_error.inc");
$error = new OssimError();
$error->display("BAD_OLD_PASSWORD");
}*/
/* only the user himself or the admin can change passwords */
if (POST('user') != $_SESSION["_user"] && !Session::am_i_admin()) {
die(ossim_error(_("To change the password for other user is not allowed")));
}
Session::changepass($conn, $user, $pass1, $oldpass);
Session::log_pass_history($user, md5($pass1));
$error->display("ONLY_ADMIN");
} elseif (0 != strcmp($pass1, $pass2)) {
require_once "ossim_error.inc";
$error = new OssimError();
$error->display("PASSWORDS_MISMATCH");
} elseif (strlen($pass1) < $pass_length_min) {
require_once "ossim_error.inc";
$error = new OssimError();
$error->display("PASSWORD_SIZE");
} elseif (strlen($pass1) > $pass_length_max) {
require_once "ossim_error.inc";
$error = new OssimError();
$error->display("PASSWORD_SIZE_MAX");
} elseif (!Session::pass_check_complexity($pass1)) {
require_once "ossim_error.inc";
$error = new OssimError();
$error->display("PASSWORD_ALPHANUM");
} elseif (POST("insert")) {
require_once 'ossim_acl.inc';
require_once 'classes/Session.inc';
require_once 'classes/Net.inc';
$perms = array();
foreach ($ACL_MAIN_MENU as $menus) {
foreach ($menus as $key => $menu) {
if (POST($key) == "on") {
$perms[$key] = true;
} else {
$perms[$key] = false;
}
}
}
}
echo ossim_error();
echo '<table class="noborder transparent" align="center">
<tr>
<td class="nobborder"><input type="button" value="' . _("Back") . '" class="button" onclick="javascript:history.back()"/></td>
</tr>
</table>';
echo $append;
?>
</body>
</html>
<?php
exit;
}
if (empty($_GET) && empty($_POST)) {
$ossim_error = new OssimError(null, null);
echo "<div style='width:95%; margin:auto;'>";
$ossim_error->display(_("DEFAULT"), array(_("Error processing form")), $ossim_error->action);
echo "</div>";
}
$db = new ossim_db();
$conn = $db->connect();
if (!count($_GET) && count($_POST) > 0) {
foreach ($_POST as $k => $v) {
$_GET[$k] = $v;
}
}
$id = GET('incident_id');
$action = POST('action') == "newincident" ? "newincident" : GET('action');
$from_vuln = POST('from_vuln') != "" ? POST('from_vuln') : GET('from_vuln');
$edit = isset($_GET['edit']) || isset($_POST['edit']) ? 1 : 0;
