function validate_post_params($conn, $name, $descr, $sids, $imported_sids) { $vals = array('name' => array(OSS_INPUT, 'illegal:' . _("Name")), 'descr' => array(OSS_TEXT, OSS_NULLABLE, 'illegal:' . _("Description"))); ossim_valid($name, $vals['name']); ossim_valid($descr, $vals['descr']); $plugins = array(); $sids = is_array($sids) ? $sids : array(); if (intval(POST('pluginid')) > 0) { $sids[POST('pluginid')] = "0"; } foreach ($sids as $plugin => $sids_str) { if ($sids_str !== '') { list($valid, $data) = Plugin_sid::validate_sids_str($sids_str); if (!$valid) { ossim_set_error(_("Error for data source ") . $plugin . ': ' . $data); break; } if ($sids_str == "ANY") { $sids_str = "0"; } else { $aux = count(explode(',', $sids_str)); $total = Plugin_sid::get_sidscount_by_id($conn, $plugin); $sids_str = $aux == $total ? "0" : $sids_str; } $plugins[$plugin] = $sids_str; } } if (!count($plugins) && !count($imported_sids)) { ossim_set_error(_("No Data Sources or Event Types selected")); } if (ossim_error()) { die(ossim_error()); } return array($name, $descr, $plugins); }
function modify_plugingroup_plugin($conn, $data) { $plugin_group = $data['plugin_group']; $plugin_id = $data['plugin_id']; $sids_str = $data['plugin_sids']; ossim_valid($plugin_id, OSS_DIGIT, 'illegal:' . _("Plugin ID")); ossim_valid($plugin_group, OSS_HEX, 'illegal:' . _("Plugin GroupID")); if (ossim_error()) { $info_error = "Error: " . ossim_get_error(); ossim_clean_error(); $return['error'] = true; $return['msg'] = $info_error; return $return; } $total_sel = 1; if (is_array($sids_str)) { $total_sel = count($sids_str); $sids_str = implode(',', $sids_str); } if ($sids_str !== '') { list($valid, $data) = Plugin_sid::validate_sids_str($sids_str); if (!$valid) { $return['error'] = true; $return['msg'] = _("Error for data source ") . $plugin_id . ': ' . $data; return $return; } if ($sids_str == "ANY") { $sids_str = "0"; } else { $total = Plugin_sid::get_sidscount_by_id($conn, $plugin_id); $sids_str = $total_sel == $total ? "0" : $sids_str; } Plugin_group::edit_plugin($conn, $plugin_group, $plugin_id, $sids_str); } $return['error'] = false; $return['output'] = ''; return $return; }
function validate_post_params($conn, $name, $descr, $sids, $imported_sids, $group_id = NULL) { $vals = array('name' => array(OSS_INPUT, 'illegal:' . _("Name")), 'descr' => array(OSS_ALL, OSS_NULLABLE, 'illegal:' . _("Description")), 'group_id' => array(OSS_HEX, OSS_NULLABLE, 'illegal:' . _("Group ID"))); ossim_valid($group_id, $vals['group_id']); ossim_valid($name, $vals['name']); if (ossim_error() == FALSE && Plugin_group::is_valid_group_name($conn, $name, $group_id) == FALSE) { $name = Util::htmlentities($name); ossim_set_error(sprintf(_("DS group name '<strong>%s</strong>' already exists"), $name)); } ossim_valid($descr, $vals['descr']); $plugins = array(); $sids = is_array($sids) ? $sids : array(); $pluginid = intval(POST('pluginid')); if ($pluginid > 0) { $sids[$pluginid] = "0"; } foreach ($sids as $plugin => $sids_str) { if ($sids_str !== '') { list($valid, $data) = Plugin_sid::validate_sids_str($sids_str); if (!$valid) { ossim_set_error(_("Error for data source ") . $plugin . ': ' . $data); break; } if ($sids_str == "ANY") { $sids_str = "0"; } else { $aux = count(explode(',', $sids_str)); $total = Plugin_sid::get_sidscount_by_id($conn, $plugin); $sids_str = $aux == $total ? "0" : $sids_str; } $plugins[$plugin] = $sids_str; } } if (!count($plugins) && !count($imported_sids)) { ossim_set_error(_("No Data Sources or Event Types selected")); } return array($group_id, $name, $descr, $plugins, ossim_error()); }
} if ($direct->id != $directive_id) { echo "<center><span style='color:red'>" . _("The directive {$directive_id} doesn't exist in {$XML_FILE}") . "</span></center>"; exit; } $_SESSION['directive'] = serialize($direct); if ($XML_FILE != '/etc/ossim/server/directives.xml') { release_file($XML_FILE); } if (!empty($directive_id)) { $direct->printDirective($level, $directive_xml); } ?> </table> <?php $directive_name = Plugin_sid::get_name_by_idsid($conn, "1505", $directive_id); list($properties, $num_properties) = Compliance::get_category($conn, "AND category.sid={$directive_id}"); $iso_groups = ISO27001::get_groups($conn, "WHERE SIDSS_Ref LIKE '{$directive_id}' OR SIDSS_Ref LIKE '{$directive_id},%' OR SIDSS_Ref LIKE '%,{$directive_id}' OR SIDSS_Ref LIKE '%,{$directive_id},%'"); $pci_groups = PCI::get_groups($conn, "WHERE SIDSS_ref LIKE '{$directive_id}' OR SIDSS_ref LIKE '{$directive_id},%' OR SIDSS_ref LIKE '%,{$directive_id}' OR SIDSS_ref LIKE '%,{$directive_id},%'"); list($alarms, $num_alarms) = Alarm::get_list3($conn, "", "", 0, "", null, null, null, null, "", $directive_id); $kdocs = Repository::get_linked_by_directive($conn, $directive_id); ?> <table class="transparent" height="100%" width="100%"> <tr> <td class="nobborder" valign="top"> <table height="100%" width="100%"> <tr><th colspan="2" height="15"><?php echo _("Properties"); ?> </th></tr> <?php
function rule_table($dom, $directive_id, $directive, $level, $ilevel) { global $conn; if ($directive->has_child_nodes()) { $rules = $directive->child_nodes(); $branch = 0; foreach ($rules as $rule) { if ($rule->type == XML_ELEMENT_NODE && $rule->tagname() == 'rule') { if ($ilevel != $level) { $indent = "<td colspan=" . ($ilevel - $level) . ">"; } else { $indent = ''; } if ($level == 1) { ?> <tr><?php echo $indent; } elseif ($level == 2) { ?> <tr bgcolor="#CCCCCC"><?php echo $indent; } elseif ($level == 3) { ?> <tr bgcolor="#999999"><?php echo $indent; } elseif ($level == 4) { ?> <tr bgcolor="#9999CC"><?php echo $indent; } elseif ($level == 5) { ?> <tr bgcolor="#6699CC"><?php echo $indent; } ?> <!-- expand --> <td class="left" colspan=<?php echo $level; ?> > <?php if ($level == 1 && $rule->has_child_nodes()) { ?> <a href="<?php echo $_SERVER["SCRIPT_NAME"]; ?> ?directive=<?php echo $directive_id; ?> &level=<?php echo $ilevel + 1; ?> "><?php echo "+"; ?> </a> <?php } elseif ($rule->has_child_nodes()) { ?> <a href="<?php echo $_SERVER["SCRIPT_NAME"]; ?> ?directive=<?php echo $directive_id; ?> &level=<?php echo $ilevel - $level + 1; ?> "><?php echo '-'; ?> </a> <?php } ?> </td> <!-- end expand --> <td><?php echo $rule->get_attribute('name'); ?> </td> <td><?php echo $rule->get_attribute('reliability'); ?> </td> <td><?php echo $rule->get_attribute('time_out'); ?> </td> <td><?php echo $rule->get_attribute('occurrence'); ?> </td> <td><?php echo $rule->get_attribute('from'); ?> </td> <td><?php echo $rule->get_attribute('to'); ?> </td> <td><?php echo $rule->get_attribute('port_from'); ?> </td> <td><?php echo $rule->get_attribute('port_to'); ?> </td> <td><?php echo $rule->get_attribute('sensor'); ?> </td> <td> <?php $plugin_id = $rule->get_attribute('plugin_id'); if ($plugin_list = Plugin::get_list($conn, "WHERE id = {$plugin_id}")) { $name = $plugin_list[0]->get_name(); echo "<a href=\"../conf/pluginsid.php?id={$plugin_id}&" . "name={$name}\">{$name}</a> ({$plugin_id})"; } ?> </td> <td> <?php $plugin_sid = $rule->get_attribute('plugin_sid'); $plugin_sid_list = split(',', $plugin_sid); if (count($plugin_sid_list) > 30) { ?> <a style="cursor:hand;" TITLE="To view or hide the list of plugin sid click here." onclick="Menus('plugsid')"> <?php echo gettext("Expand / Collapse"); ?> </a> <div id="plugsid" class="menucache"> <?php } foreach ($plugin_sid_list as $sid_negate) { $sid = $sid_negate; if (!strncmp($sid_negate, "!", 1)) { $sid = substr($sid_negate, 1); } /* sid == ANY */ if (!strcmp($sid, "ANY")) { echo gettext("ANY"); } elseif (strpos($sid, "PLUGIN_SID")) { echo gettext("{$sid}"); } elseif ($plugin_list = Plugin_sid::get_list($conn, "WHERE plugin_id = {$plugin_id} AND sid = {$sid}")) { $name = $plugin_list[0]->get_name(); echo "<a title=\"{$name}\">{$sid_negate}</a> "; } } if (count($plugin_sid_list) > 30) { ?> </div> <?php } ?> </td> </tr> <?php if ($level > 1) { if ($rule->has_child_nodes()) { $rules = $rule->child_nodes(); foreach ($rules as $rule) { rule_table($dom, $directive_id, $rule, $level - 1, $ilevel); } } } $branch++; } } /* foreach */ } }
function get_doc_info($conn, $rel) { $name = ''; $url = ''; $url_links['host'] = Menu::get_menu_url('/ossim/av_asset/common/views/detail.php?asset_id=KKKK', 'environment', 'assets', 'assets'); $url_links['net'] = Menu::get_menu_url('/ossim/av_asset/network/view/list.php', 'environment', 'assets', 'networks'); $url_links['host_group'] = Menu::get_menu_url('/ossim/av_asset/group/view/list.php', 'environment', 'assets', 'asset_groups'); $url_links['net_group'] = Menu::get_menu_url('/ossim/netgroup/netgroup.php', 'environment', 'assets', 'network_groups'); $url_links['incident'] = Menu::get_menu_url('/ossim/incidents/incident.php?id=KKKK', 'analysis', 'tickets', 'tickets'); $url_links['directive'] = Menu::get_menu_url('/ossim/directives/index.php?toggled_dir=KKKK&dir_info=1', 'configuration', 'threat_intelligence', 'directives'); $url_links['plugin_sid'] = Menu::get_menu_url('/ossim/forensics/base_qry_main.php?clear_allcriteria=1&search=1&sensor=&sip=&plugin=&ossim_risk_a=+&submit=Signature&search_str=KKKK', 'analysis', 'security_events', 'security_events'); $url_links['taxonomy'] = ""; $key = $rel['key']; switch ($rel['type']) { case 'directive': $name = $rel['key']; break; case 'incident': $sql = "SELECT title from incident where id=?"; $params = array($rel['key']); $rs = $conn->Execute($sql, $params); if (!$rs) { $name = _('Unknown'); } elseif (!$rs->EOF) { $name = $rs->fields["title"]; } break; case 'plugin_sid': $plugin = explode('##', $rel['key']); $pid = $plugin[1]; $sid = $plugin[0]; if ($pid != '' && $sid != '') { $name = Plugin_sid::get_name_by_idsid($conn, $pid, $sid); if (!preg_match('/:/', $name)) { $name = Plugin::get_name_by_id($conn, $pid) . ": " . $name; } $key = $name; } else { $name = _('Unknown, Please edit this relationship'); $key = ''; } break; case 'host': case 'host_group': case 'net': case 'net_group': $field = $rel['type'] == 'host' ? 'hostname' : 'name'; $sql = "SELECT {$field} as name from " . $rel['type'] . " where id=UNHEX(?)"; $params = array($rel['key']); $rs = $conn->Execute($sql, $params); if (!$rs) { $name = _('Unknown'); } elseif (!$rs->EOF) { $name = $rs->fields["name"]; } break; case 'taxonomy': $tax = explode('##', $rel['key']); $ptype = intval($tax[0]) != 0 ? Product_type::get_name_by_id($conn, $tax[0]) : _('ANY'); $cat = intval($tax[1]) != 0 ? Category::get_name_by_id($conn, $tax[1]) : _('ANY'); $subcat = intval($tax[2]) != 0 ? Subcategory::get_name_by_id($conn, $tax[2]) : _('ANY'); $name = _('Product Type') . ': ' . $ptype . ', ' . _('Category') . ': ' . $cat . ', ' . _('Subcategory') . ': ' . $subcat; break; default: $name = _('Unknown'); } $url = $url_links[$rel['type']]; $url = $url != '' ? str_replace('KKKK', $key, $url) : 'javascript:;'; return array($name, $url); }
$page = "../net/net.php"; } if ($rel['type'] == "host_group") { $page = "../host/hostgroup.php"; } if ($rel['type'] == "net_group") { $page = "../net/netgroup.php"; } if ($rel['type'] == "incident") { $page = "../incidents/incident.php?id=" . $rel['key']; } if ($rel['type'] == "directive") { $page = "../directive_editor/index.php?hmenu=Directives&smenu=Directives&level=1&directive=" . $rel['key']; } if ($rel['type'] == "plugin_sid") { $page = "../forensics/base_qry_main.php?clear_allcriteria=1&search=1&sensor=&sip=&plugin=&ossim_risk_a=+&hmenu=Forensics&smenu=Forensics&submit=Signature&search_str=" . urlencode(Plugin_sid::get_name_by_idsid($conn, $rel['key'], $rel['name'])); } ?> <tr> <td class="nobborder"><a href="<?php echo $page; ?> " target="main"><?php echo $rel['type'] == "plugin_sid" ? $rel['key'] . " (" . $rel['name'] . ")" : $rel['name']; ?> </a></td> <td class="nobborder"><?php echo $rel['type'] == "incident" ? "ticket" : $rel['type']; ?> </td> </tr>
pluginsid_inputs_error("Event type {$sid} already exists"); } elseif ($sid < 1) { echo "<p align=\"center\"> " . gettext("Sid must be a valid number higher than 0") . " </p>"; echo "<p align=\"center\"><a href=\"pluginsid.php?id={$plugin}\"> " . gettext("Back") . " </a></p>"; exit; } else { // if ($category == 'NULL') { $category = NULL; $subCategory = NULL; } else { if ($subCategory == 'NULL') { $subCategory = NULL; } } Plugin_sid::insert($conn, $plugin, $name, $sid, $reliability, $priority, $category, $subCategory); ?> <p><?php echo _("Event type succesfully updated"); ?> </p> <script type="text/javascript"> //<![CDATA[ document.location.href='plugin.php'; //]]> </script> <?php } } ?>
/** * Prints the html code on the output.Should be called to render the current rule * (and all of its sub-rules) in a navigator. This method only display <tr> elements, and so * other markups (eg <table>) must be printed in order to obtain a valid HTML * code. */ function print_rule($level, &$rules) { global $conn; list($id_dir, $id_rule, $id_father) = explode("-", $this->id); $newid = new_id($this->id, &$rules); $newlevel = $this->level + 1; $ilevel = $this->level; $directive_id = $_GET['directive']; if ($this->level <= $level) { if ($this->is_new()) { ?> <tr bgcolor="f48222"><?php } elseif ($level - $ilevel == 0) { ?> <tr bgcolor="#ffffff"><?php } elseif ($level - $ilevel == 1) { ?> <tr bgcolor="#CCCCCC"><?php } elseif ($level - $ilevel == 2) { ?> <tr bgcolor="#999999"><?php } elseif ($level - $ilevel == 3) { ?> <tr bgcolor="#9999CC"><?php } elseif ($level - $ilevel == 4) { ?> <tr bgcolor="#6699CC"><?php } if ($ilevel - 1 != 0) { ?> <td bgcolor="#ffffff" colspan=<?php echo $ilevel - 1; ?> > </td> <?php } ?> <td class="left" colspan=<?php echo $level - $ilevel + 1; ?> > <?php if (isset($_SESSION['rule'])) { $newrule = unserialize($_SESSION['rule']); list($id_dir2, $id_rule2, $id_father2) = explode("-", $newrule->id); if ($id_father2 == $id_rule && $id_dir2 == $id_dir) { $this->nb_child = $this->nb_child + 1; } } if ($level - $ilevel == 0 && $this->nb_child > 0) { ?> <a TARGET ="right" href="../viewer/index.php?directive=<?php echo $directive_id; ?> &level=<?php echo $level + 1; ?> "><img border="0" src="../viewer/img/fleched.gif"></a> <?php } elseif ($this->nb_child > 0) { ?> <a TARGET ="right" href="../viewer/index.php?directive=<?php echo $directive_id; ?> &level=<?php echo $ilevel; ?> "><img border="0" src="../viewer/img/flecheb.gif"></a> <?php } ?> </td> <?php if ($ilevel + 1 > $level) { $newlev = $ilevel + 1; } else { $newlev = $level; } if ($level > 1) { $uplevel = $level - 1; } else { $uplevel = 1; } //addRule button if (!$this->is_new()) { print '<td>'; print "<a TARGET=\"right\" href=\"../include/utils.php?query=add_rule&id=" . $newid . "\" TITLE=\"" . gettext("Add a rule") . "\">+</a>"; print '</td>'; //removeRule button print '<td>'; print "<a onclick=\"javascript:if (confirm('" . gettext("Are you sure you want to delete this rule ?") . "')) { window.open('../include/utils.php?query=del_rule&id=" . $this->id . "','right'); }\" style=\"marging-left:20px; cursor:pointer\" TITLE=\"" . gettext("Delete this rule") . "\">x</a>"; print '</td>'; //left button print '<td>'; print "<a TARGET=\"right\" href=\"../include/utils.php?query=move&direction=left&id=" . $this->id . "\">←</a>"; print '</td>'; //right button print '<td>'; print "<a TARGET=\"right\" href=\"../include/utils.php?query=move&direction=right&id=" . $this->id . "\">→</a>"; print '</td>'; //up button print '<td>'; print "<a TARGET=\"right\" href=\"../include/utils.php?query=move&direction=up&id=" . $this->id . "\">↑</a>"; print '</td>'; //down button print '<td>'; print "<a TARGET=\"right\" href=\"../include/utils.php?query=move&direction=down&id=" . $this->id . "\">↓</a>"; print '</td>'; } else { print '<td>     </td>'; print '<td>'; print "<a TARGET=\"right\" href=\"../include/utils.php?query=del_new_rule&level=" . $uplevel . "\" TITLE=\"Delete this rule.\">-</a>"; print '</td>'; for ($i = 0; $i < 4; $i++) { print '<td>     </td>'; } } if ($this->is_new()) { ?> <td><a TARGET="right" href="../include/utils.php?query=add_rule&id=<?php echo $this->id; ?> &level=<?php echo $this->level; ?> " TITLE="<?php echo gettext("Click to modify this rule"); ?> "><?php echo $this->name; ?> </a></td> <?php } else { ?> <td><a TARGET="right" href="../include/utils.php?query=edit_rule&id=<?php echo $this->id; ?> " TITLE="<?php echo gettext("Click to modify this rule"); ?> "><?php echo $this->name; ?> </a></td> <?php } ?> <td><?php echo $this->reliability; ?> </td> <td><?php echo $this->time_out; ?> </td> <td><?php echo $this->occurrence; ?> </td> <td><?php echo $this->from; ?> </td> <td><?php echo $this->to; ?> </td> <td><?php echo $this->port_from; ?> </td> <td><?php echo $this->port_to; ?> </td> <td><?php echo $this->sensor; ?> </td> <td> <?php if ($this->plugin_id != "") { $plugin_id = $this->plugin_id; if ($plugin_list = Plugin::get_list($conn, "WHERE id = {$plugin_id}")) { $name = $plugin_list[0]->get_name(); echo "<a href=\"../../conf/pluginsid.php?id={$plugin_id}&" . "name={$name}\">{$name}</a> ({$plugin_id})"; } } ?> </td> <td> <?php if ($this->plugin_id != "") { $plugin_sid = $this->plugin_sid; $plugin_sid_list = split(',', $plugin_sid); if (count($plugin_sid_list) > 30) { ?> <a style="cursor:pointer;" TITLE="<?php echo gettext("To view or hide the list of plugin sid click here"); ?> " onclick="Menus('plugsid')"> <?php echo gettext("Expand / Collapse"); ?> </a> <div id="plugsid" class="menuhide"> <?php } foreach ($plugin_sid_list as $sid_negate) { $sid = $sid_negate; if (!strncmp($sid_negate, "!", 1)) { $sid = substr($sid_negate, 1); } /* sid == ANY */ if (!strcmp($sid, "ANY")) { echo gettext("ANY"); } elseif (strpos($sid, "PLUGIN_SID")) { echo gettext("{$sid}"); } elseif ($plugin_list = Plugin_sid::get_list($conn, "WHERE plugin_id = {$plugin_id} AND sid = {$sid}")) { $name = $plugin_list[0]->get_name(); echo "<a title=\"{$name}\">{$sid_negate}</a> "; } else { echo "<a title=\"" . gettext("Invalid plugin sid") . "\" style=\"color:red\">{$sid_negate}</a> "; } } if (count($plugin_sid_list) > 30) { ?> </div> <?php } } ?> </td> </tr> <?php } }
} $torder = $torder == 1 ? 'ASC' : 'DESC'; $order .= ' ' . $torder; /* WHERE */ $where = "WHERE id<>1505"; switch ($field) { case "sourcetype": $type = escape_sql($type, $conn); $pids = Plugin_sid::get_plugins_by_type($conn, $type); $plugin_list = implode(",", $pids); $plugin_list = $plugin_list != '' ? $plugin_list : "''"; $where .= " AND id in ({$plugin_list})"; break; case "category_id": $type = escape_sql($type, $conn); $pids = Plugin_sid::get_plugins_by_category($conn, $type, $subcategory_id); $plugin_list = implode(",", $pids); $plugin_list = $plugin_list != '' ? $plugin_list : "''"; $where .= " AND id in ({$plugin_list})"; break; } if (!empty($search)) { $search = mb_detect_encoding($search . " ", 'UTF-8,ISO-8859-1') == 'UTF-8' ? Util::utf8entities($search) : $search; $search = escape_sql($search, $conn); $where .= " AND (name like '%{$search}%' OR id='{$search}' OR description like '%{$search}%') "; } /* LIMIT */ $limit = "LIMIT {$from}, {$maxrows}"; $results = array(); if ($plugin_list = Plugin::get_list($conn, "{$where} ORDER BY {$order} {$limit}")) { $total = $plugin_list[0]->get_foundrows();
$sids = explode(",", $sids); $range = ""; $sin = array(); foreach ($sids as $sid) { if (preg_match("/(\\d+)-(\\d+)/", $sid, $found)) { $range .= " OR (sid BETWEEN " . $found[1] . " AND " . $found[2] . ")"; } else { $sin[] = $sid; } } if (count($sin) > 0) { $where = "sid in (" . implode(",", $sin) . ") {$range}"; } else { $where = preg_replace("/^ OR /", "", $range); } $plugin_list = Plugin_sid::get_list($conn, "WHERE plugin_id={$id} AND ({$where})"); foreach ($plugin_list as $plugin) { $id = $plugin->get_sid(); $name = "{$id} - " . trim($plugin->get_name()); if (strlen($name) > 73) { $name = substr($name, 0, 70) . "..."; } echo "<option value='{$id}' selected>{$name}</option>\n"; } } ?> </select><br><span id="msg"></span><br><br> <input type="button" class="button" onclick="makesel()" value="Submit selection"> </form> </body> </html>
<input type="checkbox" id="selunsel" onclick="chkall()"></th> <th><?php echo _("Data Source Name"); ?> </th> <th><?php echo _("Event Type"); ?> </th> <th><?php echo _("Event Type Name"); ?> </th> </tr> <?php $plugin_list = Plugin_sid::search_sids($conn, $q); $pa = 0; foreach ($plugin_list as $plugin) { if ($pa != $plugin["plugin_id"]) { $color = $color == "#eeeeee" ? "" : "#eeeeee"; $pa = $plugin["plugin_id"]; } ?> <tr bgcolor="<?php echo $color; ?> "> <td><input type="checkbox" name="psid<?php echo $plugin["plugin_id"]; ?> _<?php
if (preg_match("/' plugin_sid='(\\d+)/", $matches[12], $fnd)) { $plugin_sid = $fnd[1]; } $matches[12] = preg_replace("/' plugin_sid=.*/", "", $matches[12]); $signature = ""; if (preg_match("/' sig='(.*)('?)/", $matches[12], $found)) { $signature = $found[1]; $matches[12] = preg_replace("/' sig=.*/", "", $matches[12]); } # decode if data is stored in base64 $data = $matches[12]; $demo = 0; # special case "demo event" if ($data == "demo event" && $plugin_sid != "") { $demo = 1; $plugin_sid_name = Plugin_sid::get_name_by_idsid($conn, $matches[4], $plugin_sid); if ($plugin_sid_name != "") { $data = $plugin_sid_name; $matches[12] = $plugin_sid_name; } } #$data = $matches[12]; #$matches[12] = base64_decode($matches[12],true); #if ($matches[12]==FALSE) $matches[12] = $data; if ($htmlResult) { if ($_SESSION["_plugins"][$matches[4]] != "") { $plugin = $_SESSION["_plugins"][$matches[4]]; } else { $query = "select name from plugin where id = " . intval($matches[4]); if (!($rs =& $conn->Execute($query))) { print $conn->ErrorMsg();
ossim_valid($field, OSS_ALPHA, OSS_SPACE, OSS_PUNC, OSS_NULLABLE, 'illegal:' . _("field")); ossim_valid($subcategory_id, OSS_DIGIT, OSS_NULLABLE, 'illegal:' . _("subcategory_id")); if (ossim_error()) { die(ossim_error()); } if (empty($order)) { $order = "id"; } $where = "WHERE id<>1505"; if (!empty($search) && !empty($field)) { if ($field == "sourcetype") { $pids = Plugin_sid::GetPluginsBySourceType($conn, $search); $plugin_list = implode(",", $pids); $where .= " AND id in ({$plugin_list})"; } elseif ($field == "category_id") { $pids = Plugin_sid::GetPluginsByCategory($conn, $search, $subcategory_id); $plugin_list = implode(",", $pids); $where .= " AND id in ({$plugin_list})"; } else { $where .= " AND {$field} like '%" . $search . "%'"; } } $start = ($page - 1) * $rp; $limit = "LIMIT {$start}, {$rp}"; $xml = "<rows>\n"; if ($plugin_list = Plugin::get_list($conn, "{$where} ORDER BY {$order} {$limit}")) { $total = $plugin_list[0]->get_foundrows(); if ($total == 0) { $total = count($plugin_list); } $xml .= "<page>{$page}</page>\n";
$order = "sid"; } $where = "WHERE sid <> 20000000 AND sid <> 2000000000 AND plugin_id = {$id}"; if (!empty($search) && !empty($field)) { if ($field == "category_id") { $pids = Plugin_sid::GetPluginSidsByCategory($conn, $id, $search, $subcategory_id); $plugin_list = implode(",", $pids); $where .= " AND sid in ({$plugin_list})"; } else { $where .= " AND {$field} like '%" . $search . "%'"; } } $start = ($page - 1) * $rp; $limit = "LIMIT {$start}, {$rp}"; $xml = ""; if ($plugin_list = Plugin_sid::get_list($conn, "{$where} ORDER BY {$order} {$limit}")) { $total = $plugin_list[0]->get_foundrows(); if ($total == 0) { $total = count($plugin_list); } $xml .= "<rows>\n"; $xml .= "<page>{$page}</page>\n"; $xml .= "<total>{$total}</total>\n"; foreach ($plugin_list as $plugin) { $id = $plugin->get_plugin_id(); $sid = $plugin->get_sid(); $name = $plugin->get_name(); $xml .= "<row id='{$sid}'>"; $xml .= "<cell><![CDATA[" . $id . "]]></cell>"; $xml .= "<cell><![CDATA[" . $sid . "]]></cell>"; // translate category id
$range = ""; $sin = array(); foreach ($sids as $sid) { if (preg_match("/(\\d+)-(\\d+)/", $sid, $found)) { $range .= " OR (sid BETWEEN " . $found[1] . " AND " . $found[2] . ")"; } else { $sin[] = $sid; } } if (count($sin) > 0) { $where = "sid in (" . implode(",", $sin) . ") {$range}"; } else { $where = preg_replace("/^ OR /", "", $range); } $plugin_id_list = $product_type ? get_plugin_list($conn, $product_type) : $rule->plugin_id; $w = $plugin_id_list != "" ? "plugin_id in (" . $plugin_id_list . ")" : "1=1"; $plugin_list = Plugin_sid::get_list($conn, "WHERE {$w} AND ({$where})"); foreach ($plugin_list as $plugin) { $id_plugin = $plugin->get_sid(); $name = "{$id_plugin} - " . trim($plugin->get_name()); if (strlen($name) > 73) { $name = substr($name, 0, 70) . "..."; } $options .= "<option value='{$id_plugin}' selected>{$name}</option>\n"; } } $options .= "</select><br><br><span id='msg'></span><br><br>"; $response['error'] = false; $response['data'] = $options; echo json_encode($response); $db->close($conn);
*/ require_once 'av_init.php'; Session::logcheck("configuration-menu", "ConfigurationPlugins"); $db = new ossim_db(); $conn = $db->connect(); $category_id = GET('category_id'); $subcategory_id = GET('subcategory_id'); $sourcetype = GET('sourcetype'); ossim_valid($category_id, OSS_DIGIT, OSS_NULLABLE, 'illegal:' . _("Category ID")); ossim_valid($subcategory_id, OSS_DIGIT, OSS_NULLABLE, 'illegal:' . _("SubCategory ID")); ossim_valid($sourcetype, OSS_ALPHA, OSS_SPACE, OSS_NULLABLE, OSS_SLASH, 'illegal:' . _("Product Type")); if (ossim_error()) { die(ossim_error()); } if (GET('restore') != "" && Session::am_i_admin()) { Plugin_sid::restore_plugins($conn); } $ptypes = Plugin::get_ptypes($conn); $dt_url = "getplugin.php"; if ($sourcetype != "") { $dt_url .= "?type={$sourcetype}&field=sourcetype"; } elseif ($category_id != "") { $dt_url .= "?type={$category_id}&field=category_id&subcategory_id=" . $subcategory_id; } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title> <?php echo _('AlienVault ' . (Session::is_pro() ? 'USM' : 'OSSIM')); ?>
<meta http-equiv="Pragma" content="no-cache"/> <link rel="stylesheet" type="text/css" href="../style/av_common.css?t=<?php echo Util::get_css_id(); ?> "/> <script type="text/javascript" src="../js/jquery.min.js"></script> </head> <body> <?php $db = new ossim_db(); $conn = $db->connect(); $message = _("Can't delete Event Type"); if ($plugin_id != "" && $sid != "") { $error = Plugin_sid::delete($conn, $plugin_id, $sid); $message = $error ? _("Can't delete Event Type (not found)") : _("Event type deleted"); if (!$error) { Util::resend_asset_dump(); } } $db->close($conn); ?> <h1><?php echo _("Delete Event Type"); ?> </h1> <p style='font-size: 12px;'><?php echo $message; ?>
</th> <th><?php echo _("Event"); ?> </th> <th><?php echo _("Count"); ?> </th> </tr> <?php foreach ($arr as $ip => $plugins_obj) { $plugins_arr = (array) $plugins_obj; foreach ($plugins_arr as $idsid => $num) { list($id, $sid) = explode(",", $idsid); $event = Plugin_sid::get_name_by_idsid($conn, $id, $sid); ?> <tr style="background-color:<?php echo $i++ % 2 == 0 ? "#F2F2F2" : "#FFFFFF"; ?> "> <td><b><?php echo $ip; ?> </b></td> <td style="text-align:left"><?php echo $event; ?> </td> <td><?php echo $num;
* * Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt * */ require_once 'av_init.php'; Session::logcheck("configuration-menu", "PluginGroups"); $plugin_id = GET('plugin_id'); $q = urldecode(GET('q')); ossim_valid($plugin_id, OSS_DIGIT, 'illegal:' . _("ID")); ossim_valid($q, OSS_TEXT, OSS_NULLABLE); if (ossim_error()) { return false; } $q = addslashes($q); $db = new ossim_db(); $conn = $db->connect(); $more = ""; if ($q != "") { $more = preg_match("/^\\d+\$/", $q) ? "AND sid like '{$q}%'" : "AND name like '%{$q}%'"; } $plugin_list = Plugin_sid::get_list($conn, "WHERE plugin_id={$plugin_id} {$more} ORDER BY sid LIMIT 150"); if ($plugin_list[0]->foundrows > 150) { echo "Total=" . $plugin_list[0]->foundrows . "\n"; } foreach ($plugin_list as $plugin) { $id = $plugin->get_sid(); $name = "{$id} - " . trim($plugin->get_name()); //if (strlen($name)>73) $name=substr($name,0,70)."..."; echo "{$id}={$name}\n"; } $db->close();
ossim_valid($rel, OSS_DIGIT, OSS_NULLABLE, 'illegal:' . _("rel")); ossim_valid($category, OSS_DIGIT, OSS_NULLABLE, 'illegal:' . _("category")); ossim_valid($subcategory, OSS_DIGIT, OSS_NULLABLE, 'illegal:' . _("subcategory")); if (ossim_error()) { die(ossim_error()); } if (GET('modify') != "") { Plugin_sid::update($conn, $plugin_id, $plugin_sid, $prio, $rel, $category, $subcategory); Util::memcacheFlush(); ?> <script type="text/javascript">parent.GB_close();</script><?php } // Category $list_categories = Category::get_list($conn); // Plugin sid data $plugins = Plugin_sid::get_list($conn, "WHERE plugin_id={$plugin_id} AND sid={$plugin_sid}"); $plugin = $plugins[0]; $error_message = ""; if (!isset($plugins[0])) { $error_message = _("Plugin id or plugin sid doesn't exist"); } else { $rel = $plugin->get_reliability(); $prio = $plugin->get_priority(); } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html> <head> <link rel="stylesheet" href="../style/av_common.css?t=<?php echo Util::get_css_id(); ?>
//$rep_src_bgcolor = Reputation::getrepbgcolor($event_info["rep_prio_src"]); $rep_dst_icon = Reputation::getrepimg($event_info["rep_prio_dst"], $event_info["rep_rel_dst"], $event_info["rep_act_dst"], $s_dst_ip); //$rep_dst_bgcolor = Reputation::getrepbgcolor($event_info["rep_prio_dst"]); $c_src_homelan = $homelan_src ? 'bold alarm_netlookup' : ''; $source_link = $src_img . " <a href='{$s_src_link}' class='{$c_src_homelan}' data-title='{$s_src_ip}-{$ctx_src}' title='{$s_src_ip}'>" . $s_src_name . $s_src_port . "</a> {$rep_src_icon}"; $source_balloon = "<div id='" . $s_src_ip . ";" . $s_src_name . ";" . $event_info["src_host"] . "' ctx='{$ctx}' id2='" . $s_src_ip . ";" . $s_dst_ip . "' class='HostReportMenu'>"; $source_balloon .= $source_link; $source_balloon .= "</div>"; $c_dst_homelan = $homelan_dst ? 'bold alarm_netlookup' : ''; $dest_link = $dst_img . " <a href='{$s_dst_link}' class='{$c_dst_homelan}' data-title='{$s_dst_ip}-{$ctx_dst}' title='{$s_dst_ip}'>" . $s_dst_name . $s_dst_port . "</a> {$rep_dst_icon}"; $dest_balloon = "<div id='" . $s_dst_ip . ";" . $s_dst_name . ";" . $event_info["dst_host"] . "' ctx='{$ctx}' id2='" . $s_dst_ip . ";" . $s_src_ip . "' class='HostReportMenu'>"; $dest_balloon .= $dest_link; $dest_balloon .= "</div>"; // $selection_array[$group_id][$child_number] = $s_backlog_id . "-" . $s_event_id; $s_sid_name = ""; if ($s_plugin_sid_list = Plugin_sid::get_list($conn, "WHERE plugin_id = {$s_id} AND sid = {$s_sid}")) { $s_sid_name = $s_plugin_sid_list[0]->get_name(); $s_sid_priority = $s_plugin_sid_list[0]->get_priority(); } else { $s_sid_name = "Unknown (id={$s_id} sid={$s_sid})"; $s_sid_priority = "N/A"; } $s_last = Util::timestamp2date($s_alarm->get_last()); $timestamp_utc = Util::get_utc_unixtime($s_last); $s_last = gmdate("Y-m-d H:i:s", $timestamp_utc + 3600 * $tz); $s_event_count = Alarm::get_total_events($conn, $s_backlog_id); $aux_date = Util::timestamp2date($s_alarm->get_timestamp()); $timestamp_utc = Util::get_utc_unixtime($s_alarm->get_timestamp()); $s_date = gmdate("Y-m-d H:i:s", $timestamp_utc + 3600 * $tz); if ($s_backlog_id && $s_id == 1505 && $s_event_count > 0) { $aux_date = Util::timestamp2date($s_alarm->get_since());
if ($plugin->get_sid() == $sid1) { echo " selected='selected'"; } ?> ><?php echo preg_replace("/(.............................).*/", "\\1[...]", $plugin->get_name()); ?> <?php } ?> </select> </td> <td id="sid2" class="nobborder" style="text-align:center;padding:20px"> <?php $plugin_list = Plugin_sid::get_list($conn, "WHERE plugin_id={$id2} ORDER BY name", 0); ?> <?php echo _('Reference SID'); ?> : <select id="sidajax2" onchange="document.frules.plugin_sid2.value=this.value"> <option value=""><?php echo _('Select Reference SID'); ?> <?php foreach ($plugin_list as $plugin) { ?> <option value="<?php echo $plugin->get_sid(); ?>
<?php if ($data['status'] == 'error') { $txt_error = '<div>' . _('The following errors occurred') . ":</div>\n\t\t\t\t <div style='padding:2px 10px 5px 10px;'>" . implode('<br/>', $validation_errors) . '</div>'; $config_nt = array('content' => $txt_error, 'options' => array('type' => 'nf_error', 'cancel_button' => FALSE), 'style' => 'width: 80%; margin: 20px auto; text-align: left;'); $nt = new Notification('nt_1', $config_nt); $nt->show(); Util::make_form('POST', 'plugin.php'); exit; } if ($category == '' || $subcategory == '') { $category = ''; $subcategory = ''; } $name = str_replace("<", "<", str_replace(">", ">", $name)); $db = new ossim_db(); $conn = $db->connect(); Plugin_sid::update($conn, $plugin_id, $sid, $priority, $reliability, $category, $subcategory, $name); Util::resend_asset_dump(); $db->close(); ?> <script type='text/javascript'> document.location.href="pluginsid.php?plugin_id=<?php echo $plugin_id; ?> &msg=updated"; </script> </body> </html>
if ($product_type == "null") { $product_type = ""; } if ($plugin_id < 1) { $plugin_id = ""; } ossim_valid($plugin_id, OSS_DIGIT, OSS_NULLABLE, 'illegal:' . _("ID")); ossim_valid($q, OSS_TEXT, OSS_NULLABLE); ossim_valid($product_type, OSS_DIGIT, OSS_NULLABLE, 'illegal:' . _("Product Type")); if (ossim_error()) { return false; } $db = new ossim_db(); $conn = $db->connect(); $more = ""; if ($q != "") { $more = preg_match("/^\\d+\$/", $q) ? "AND sid like '{$q}%'" : "AND name like '%{$q}%'"; } $plugin_id_list = $product_type ? get_plugin_list($conn, $product_type) : $plugin_id; $w = $plugin_id_list != "" ? "plugin_id in (" . $plugin_id_list . ")" : "1=1"; $plugin_list = Plugin_sid::get_list($conn, "WHERE {$w} {$more} ORDER BY plugin_id, sid LIMIT 150"); if ($plugin_list[0]->foundrows > 150) { echo "Total=" . $plugin_list[0]->foundrows . "\n"; } foreach ($plugin_list as $plugin) { $id = $plugin->get_sid(); $name = "{$id} - " . trim($plugin->get_name()); //if (strlen($name)>73) $name=substr($name,0,70)."..."; echo "{$id}={$name}\n"; } $db->close($conn);
]" value="<?php echo $sids; ?> "> <div id="editsid<?php echo $id; ?> " style='white-space: nowrap;'> <span> <?php echo _($plugins[$id][0] . ' events type selected: '); if ($sids == "ANY") { $msg = "ANY"; } else { $aux = count(explode(',', $sids)); $total = Plugin_sid::get_sidscount_by_id($conn, $id); $msg = $aux == $total ? "ANY" : $aux; } ?> </span> <span id="namesid<?php echo $id; ?> " style='padding-right:10px;font-weight:bold'><?php echo $msg; ?> </span> <a href="javascript:;" name="sid<?php echo $id; ?>
$start = ($page - 1) * $rp; $limit = "LIMIT {$start}, {$rp}"; $xml = ""; $xml .= "<rows>\n"; if ($plugin_list = Plugin_reference::get_list($conn, "{$where} ORDER BY {$order} {$limit}")) { $total = $plugin_list[0]->get_foundrows(); if ($total == 0) { $total = count($plugin_list); } $xml .= "<page>{$page}</page>\n"; $xml .= "<total>{$total}</total>\n"; foreach ($plugin_list as $plugin) { $id = $plugin->get_plugin_id(); $sid = $plugin->get_plugin_sid(); $ref_id = $plugin->get_reference_id(); $ref_sid = $plugin->get_reference_sid(); $xml .= "<row id='{$id}" . "_" . "{$sid}" . "_" . "{$ref_id}" . "_" . "{$ref_sid}'>"; $lnk_id = "<a href='newpluginrefform.php?plugin_id1={$id}&plugin_sid1={$sid}&plugin_id2={$ref_id}&plugin_sid2={$ref_sid}'>" . Plugin::get_name_by_id($conn, $id) . "</a>"; $lnk_sid = "<a href='newpluginrefform.php?plugin_id1={$id}&plugin_sid1={$sid}&plugin_id2={$ref_id}&plugin_sid2={$ref_sid}'>" . Plugin_sid::get_name_by_idsid($conn, $id, $sid) . "</a>"; $lnk_ref = "<a href='newpluginrefform.php?plugin_id1={$id}&plugin_sid1={$sid}&plugin_id2={$ref_id}&plugin_sid2={$ref_sid}'>" . Plugin::get_name_by_id($conn, $ref_id) . "</a>"; $lnk_ref_sid = "<a href='newpluginrefform.php?plugin_id1={$id}&plugin_sid1={$sid}&plugin_id2={$ref_id}&plugin_sid2={$ref_sid}'>" . Plugin_sid::get_name_by_idsid($conn, $ref_id, $ref_sid) . "</a>"; $xml .= "<cell><![CDATA[" . $lnk_id . "]]></cell>"; $xml .= "<cell><![CDATA[" . $lnk_sid . "]]></cell>"; $xml .= "<cell><![CDATA[" . $lnk_ref . "]]></cell>"; $xml .= "<cell><![CDATA[" . $lnk_ref_sid . "]]></cell>"; $xml .= "</row>\n"; } } $xml .= "</rows>\n"; echo $xml; $db->close($conn);
function getPluginSidList($plugin_id, $req) { global $conn; if ($plugin_sid_list = Plugin_sid::get_list($conn, 'WHERE plugin_id = ' . $plugin_id . ' ' . $req)) { return $plugin_sid_list; } return ''; }
echo 'error###' . ossim_get_error_clean(); exit; } $query_temp = array(); // // select src_ip from alarm table and not defined into nets // $ips = array(); $plugin_id = NULL; $plugin_groups = NULL; $source_type = NULL; $category = NULL; $subcategory = NULL; $limit = 20; // Taxonomy filters $plugin_list = Plugin_sid::get_all_sids($conn, $plugin_id, $source_type, $category, $subcategory, $plugin_groups); // Data Source events or Source Type events $selected = ""; // src_ips from acid_event $where = Security_report::make_where($conn, $date_from, $date_to, $plugin_list, $dDB); $ejoin = preg_match('/plist_[a-z]+/', $where) ? preg_replace('/.*(plist_[a-z]+)\\.id .*/', ',\\1', $where) : ''; $query = "SELECT DISTINCT ip_src AS ip FROM alienvault_siem.acid_event {$ejoin} WHERE 1=1 {$where}\n UNION SELECT DISTINCT ip_dst as ip FROM alienvault_siem.acid_event {$ejoin} WHERE 1=1 {$where}"; $rs = $conn->Execute($query); if (!$rs) { Av_exception::throw_error(Av_exception::DB_ERROR, $conn->ErrorMsg()); } $already = array(); while (!$rs->EOF) { $ip = inet_ntop($rs->fields['ip']); if (!isset($already[$ip])) { //Session::hostAllowed($conn,$ip) => not necessary here?
* * Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt * */ require_once 'av_init.php'; Session::logcheck("configuration-menu", "ConfigurationPlugins"); $plugin_id = GET('plugin_id'); ossim_valid($plugin_id, OSS_DIGIT, 'illegal:' . _("Plugin ID")); if (ossim_error()) { echo ossim_error(); exit; } $db = new ossim_db(); $conn = $db->connect(); $list_categories = Category::get_list($conn); $sid = Plugin_sid::get_last_id($conn, $plugin_id); $sid = $sid > 0 ? $sid + 1 : ''; $db->close($conn); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html> <head> <title><?php echo _("OSSIM Framework"); ?> </title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <meta http-equiv="Pragma" content="no-cache"> <link rel="stylesheet" type="text/css" href="../style/av_common.css?t=<?php echo Util::get_css_id();