function delete_nfsen_source($data) { if (!Session::am_i_admin()) { $return['error'] = TRUE; $return['msg'] = _('Action not authorized'); return $return; } require_once '../sensor/nfsen_functions.php'; $sensor = $data['sensor']; ossim_valid($sensor, OSS_ALPHA, 'illegal:' . _('Nfsen Source')); if (ossim_error()) { $info_error = _('Error') . ': ' . ossim_get_error(); ossim_clean_error(); $return['error'] = TRUE; $return['msg'] = $info_error; return $return; } $res = delete_nfsen($sensor); if ($res['status'] == 'success') { $return['error'] = FALSE; $return['msg'] = _('Source deleted successfully'); //To forcer load variables in session again unset($_SESSION['tab']); } else { $return['error'] = TRUE; $return['msg'] = $res['data']; } return $return; }
function check_ossim_error() { if (ossim_error()) { $error = ossim_get_error(); ossim_clean_error(); Av_exception::throw_error(Av_exception::USER_ERROR, $error); } }
function check_ossim_error($throw_excep = TRUE) { if (ossim_error()) { $error = ossim_get_error(); ossim_clean_error(); if ($throw_excep) { Av_exception::throw_error(Av_exception::USER_ERROR, $error); } else { Util::response_bad_request($error); } } }
function modify_plugingroup_plugin($conn, $data) { $plugin_group = $data['plugin_group']; $plugin_id = $data['plugin_id']; $sids_str = $data['plugin_sids']; ossim_valid($plugin_id, OSS_DIGIT, 'illegal:' . _("Plugin ID")); ossim_valid($plugin_group, OSS_HEX, 'illegal:' . _("Plugin GroupID")); if (ossim_error()) { $info_error = "Error: " . ossim_get_error(); ossim_clean_error(); $return['error'] = true; $return['msg'] = $info_error; return $return; } $total_sel = 1; if (is_array($sids_str)) { $total_sel = count($sids_str); $sids_str = implode(',', $sids_str); } if ($sids_str !== '') { list($valid, $data) = Plugin_sid::validate_sids_str($sids_str); if (!$valid) { $return['error'] = true; $return['msg'] = _("Error for data source ") . $plugin_id . ': ' . $data; return $return; } if ($sids_str == "ANY") { $sids_str = "0"; } else { $total = Plugin_sid::get_sidscount_by_id($conn, $plugin_id); $sids_str = $total_sel == $total ? "0" : $sids_str; } Plugin_group::edit_plugin($conn, $plugin_group, $plugin_id, $sids_str); } $return['error'] = false; $return['output'] = ''; return $return; }
function modify_deploy_hosts($wizard, $data) { $os = $data['os']; $hosts = $data['hosts']; $username = $data['username']; $password = $data['password']; $domain = $data['domain']; ossim_valid($os, "windows|linux", 'illegal:' . _('Deploy Option')); ossim_valid($hosts, OSS_HEX, 'illegal:' . _('Host')); ossim_valid($username, OSS_USER_2, 'illegal:' . _('Username')); ossim_valid($password, OSS_PASSWORD, 'illegal:' . _('Password')); ossim_valid($domain, OSS_NOECHARS, OSS_ALPHA, OSS_PUNC_EXT, OSS_NULLABLE, 'illegal:' . _('Domain')); if (ossim_error()) { $response['error'] = TRUE; $response['msg'] = ossim_get_error(); ossim_clean_error(); return $response; } $domain = $os == 'windows' ? $domain : ''; //Encrypting password to save it in the object $pass_c = Util::encrypt($password, Util::get_system_uuid()); //First we clean the deploy info stored in the object $wizard->clean_step_data(); //Saving the info to achieve the deploy $wizard->set_step_data('deploy_os', $os); $wizard->set_step_data('deploy_username', $username); $wizard->set_step_data('deploy_password', $pass_c); $wizard->set_step_data('deploy_domain', $domain); $wizard->set_step_data('deploy_hosts', $hosts); //Setting the deploy step to 1 (Inicialized) $wizard->set_step_data('deploy_step', 1); //Saving wizard status $wizard->save_status(); $response['error'] = FALSE; return $response; }
$info_error = '<div>' . _('We Found the following errors') . ':</div><div style="padding:10px;">' . implode('<br/>', $validation_errors) . '</div>'; } } } //Form actions if (empty($step)) { unset($_SESSION['_al_new']); $sensor_id = GET('sensor'); ossim_valid($sensor_id, OSS_HEX, 'illegal:' . _('Sensor')); if (!ossim_error()) { if (!Ossec_utilities::is_sensor_allowed($conn, $sensor_id)) { ossim_set_error(_('Error! Sensor not allowed')); } } if (ossim_error()) { $info_error = ossim_get_error(); } else { $sensor_name = Av_sensor::get_name_by_id($conn, $sensor_id); $_SESSION['_al_new']['sensor'] = $sensor_id; $_SESSION['_al_new']['sensor_name'] = $sensor_name; } } elseif ($step == 1 || $step == 2 && !empty($back)) { $hostname = $_SESSION['_al_new']['hostname'] = POST('hostname'); $ip = $_SESSION['_al_new']['ip'] = POST('ip'); $user = $_SESSION['_al_new']['user'] = POST('user'); $pass = $_SESSION['_al_new']['pass'] = POST('pass'); $passc = $_SESSION['_al_new']['passc'] = POST('passc'); $ppass = $_SESSION['_al_new']['ppass'] = POST('ppass'); $ppassc = $_SESSION['_al_new']['ppassc'] = POST('ppassc'); $use_su = $_SESSION['_al_new']['use_su'] = intval(POST('use_su')); $descr = $_SESSION['_al_new']['descr'] = POST('descr');
* Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt * */ require_once 'av_init.php'; require_once '../deploy_common.php'; //Checking perms check_deploy_perms(); /* connect to db */ $db = new ossim_db(TRUE); $conn = $db->connect(); $type = GET('type'); $id = GET('id'); ossim_valid($id, OSS_HEX, 'illegal:' . _("Network ID")); ossim_valid($type, "network", "server", 'illegal:' . _("Asset Type")); if (ossim_error()) { $error_msg = "Error: " . ossim_get_error(); $error = true; ossim_clean_error(); } $type = $type == 'server' ? 1 : 4; $sql = "SELECT distinct HEX(h.id) as id, h.hostname, MAX(DATE(ac.timestamp)) as log\n\t\t\t\tFROM alienvault.host_types t, alienvault.host_net_reference hn, alienvault.host h \n\t\t\t\tLEFT JOIN alienvault_siem.ac_acid_event ac ON ac.src_host = h.id\n\t\t\t\tWHERE h.id=hn.host_id AND h.id=t.host_id AND t.type=? AND hn.net_id=UNHEX(?)\n\t\t\t\tGROUP BY h.id\n\t\t\t\t"; $params = array($type, $id); $asset_list = array(); if ($rs = $conn->Execute($sql, $params)) { while (!$rs->EOF) { try { $ips = Asset_host_ips::get_ips_to_string($conn, $rs->fields['id']); } catch (Exception $e) { $ips = ''; } $asset_list[] = array('id' => $rs->fields['id'], 'name' => $rs->fields["hostname"], 'ip' => $ips, 'log' => $rs->fields["log"]);
function insert_link($conn, $data) { $new_linkname = $data['link']; $id_document = $data['id']; $link_type = $data['type']; ossim_valid($link_type, OSS_INPUT, 'Illegal:' . _('Link Type')); ossim_valid($id_document, OSS_DIGIT, 'Illegal:' . _('Document ID')); switch ($link_type) { case 'directive': ossim_valid($new_linkname, OSS_DIGIT, 'illegal:' . _('Directive')); break; case 'incident': ossim_valid($new_linkname, OSS_DIGIT, 'illegal:' . _('Incident ID')); break; case 'plugin_sid': $plugin = explode('##', $new_linkname); ossim_valid($plugin[0], OSS_DIGIT, 'illegal:' . _('Plugin SID')); ossim_valid($plugin[1], OSS_DIGIT, 'illegal:' . _('Plugin ID')); break; case 'host': case 'host_group': case 'net': case 'net_group': ossim_valid($new_linkname, OSS_HEX, 'illegal:' . _('Asset ID')); break; case 'taxonomy': $tax = explode('##', $new_linkname); ossim_valid($tax[0], OSS_DIGIT, 'illegal:' . _('Product Type')); ossim_valid($tax[1], OSS_DIGIT, 'illegal:' . _('Category')); ossim_valid($tax[2], OSS_DIGIT, 'illegal:' . _('Subcategory')); break; default: $return['error'] = TRUE; $return['msg'] = _('Invalid Link Type'); return $return; } if (ossim_error()) { $info_error = _('Error') . ': ' . ossim_get_error(); ossim_clean_error(); $return['error'] = TRUE; $return['msg'] = $info_error; return $return; } $result = Repository::insert_relationships($conn, $id_document, $link_type, $new_linkname); if (!empty($result)) { $return['error'] = TRUE; $return['msg'] = $result; return $return; } if ($link_type == 'plugin_sid') { $result = Repository::insert_snort_references($conn, $id_document, $plugin[1], $plugin[0]); if (!empty($result)) { $return['error'] = TRUE; $return['msg'] = $result; return $return; } } $info_item['key'] = $new_linkname; $info_item['id'] = $id_document; $info_item['type'] = $link_type; $item_html = build_item_list($conn, $info_item); $return['error'] = FALSE; $return['data'] = $item_html; $return['msg'] = _('Link inserted successfully'); return $return; }
$res['data'] = md5($cidr); } echo json_encode($res); exit; } elseif ($action == 'check_server') { $new_server = POST('new_server'); $old_server = POST('old_server'); $priority = POST('priority'); ossim_valid($new_server, OSS_IP_ADDR, 'illegal:' . _('IP Address')); ossim_valid($priority, '0,1,2,3,4,5', 'illegal:' . _('Priority')); if (!empty($old_server)) { ossim_valid($old_server, OSS_IP_ADDR, 'illegal:' . _('IP Address')); } if (ossim_error()) { $res['status'] = 'error'; $res['data'] = ossim_get_error(); echo json_encode($res); exit; } session_start(); $cnf_data = $_SESSION['sensor_cnf']; $server_ip = $cnf_data['server_ip']['value']; session_write_close(); //Update master server if (!empty($old_server) && $old_server == $server_ip) { $res['status'] = 'success'; $res['data']['id'] = md5($new_server); $res['data']['server_type'] = _('Server, Inventory'); $res['data']['is_master'] = TRUE; } else { $res['status'] = 'success';
function check_security($value, $match, $value2 = NULL, $userfriendly = false) { require_once "classes/Security.inc"; switch ($match) { case "text": ossim_valid($value, OSS_SPACE, OSS_ALPHA, OSS_SCORE, OSS_SLASH, OSS_DOT, 'illegal:' . _("{$match} value")); break; case "ip": // "LIKE" patch if (preg_match("/^\\d+\\.\\d+\\.\\d+\$/", $value)) { $value .= ".0"; } elseif (preg_match("/^\\d+\\.\\d+\$/", $value)) { $value .= ".0.0"; } elseif (preg_match("/^\\d+\$/", $value)) { $value .= ".0.0.0"; } ossim_valid($value, OSS_IP_ADDR, 'illegal:' . _("{$match} value")); break; case "network": ossim_valid($value, OSS_IP_CIDR, 'illegal:' . _("{$match} value")); break; case "number": ossim_valid($value, OSS_DIGIT, 'illegal:' . _("{$match} value")); break; case "fixed": ossim_valid($value, OSS_SPACE, OSS_ALPHA, OSS_SCORE, OSS_SLASH, OSS_DOT, 'illegal:' . _("{$match} value")); //ossim_valid($value, OSS_ALPHA, OSS_SCORE, OSS_SLASH, 'illegal:' . _("$match value")); break; case "concat": ossim_valid($value, OSS_ALPHA, '-', 'illegal:' . _("{$match} value")); break; case "fixedText": ossim_valid($value2, OSS_SPACE, OSS_ALPHA, OSS_SCORE, OSS_SLASH, 'illegal:' . _("{$match} value")); ossim_valid($value, OSS_ALPHA, OSS_SCORE, OSS_SLASH, 'illegal:' . _("{$match} value")); break; } if (ossim_error()) { ?> <table class="noborder transparent" align="center" width="94%"> <tr><td class='nobborder'><div class='ossim_error'><?php echo ossim_get_error(); ?> </div></td></tr> <tr> <td class="nobborder" style="padding:10px 0;text-align:center"> <?php $location = $userfriendly ? "/ossim/inventorysearch/userfriendly.php" : "/ossim/inventorysearch/inventory_search.php"; ?> <input type="button" value="Back" onclick="document.location.href='<?php echo $location; ?> '" class="button"/> </td> </tr> </table> <?php exit; } }
//DataTables Pagination and search Params $maxrows = POST('iDisplayLength') != '' ? POST('iDisplayLength') : 10; $from = POST('iDisplayStart') != '' ? POST('iDisplayStart') : 0; $order = POST('iSortCol_0') != '' ? POST('iSortCol_0') : ''; $torder = POST('sSortDir_0'); $sec = POST('sEcho'); $search = utf8_decode(POST('search')); $torder = !strcasecmp($torder, 'asc') ? 0 : 1; ossim_valid($maxrows, OSS_DIGIT, 'illegal: iDisplayLength'); ossim_valid($from, OSS_DIGIT, 'illegal: iDisplayStart'); ossim_valid($order, OSS_ALPHA, 'illegal: iSortCol_0'); ossim_valid($torder, OSS_DIGIT, 'illegal: sSortDir_0'); ossim_valid($sec, OSS_DIGIT, 'illegal: sEcho'); ossim_valid($search, OSS_NOECHARS, OSS_ALPHA, OSS_NET_NAME, OSS_NULLABLE, 'illegal: search'); if (ossim_error()) { echo ossim_get_error(); $response['sEcho'] = intval($sec); $response['iTotalRecords'] = 0; $response['iTotalDisplayRecords'] = 0; $response['aaData'] = array(); echo json_encode($response); exit; } $filters = array(); $tables = ''; // Order by column switch ($order) { case 0: $order = 'name'; break; default:
function set_default_map($conn, $id) { ossim_valid($id, OSS_HEX, 'illegal:' . _('Map')); if (ossim_error()) { $info_error = "Error: " . ossim_get_error(); ossim_clean_error(); $return['error'] = TRUE; $return['msg'] = $info_error; return $return; } if (!is_map_editable($conn, $id)) { $return['error'] = TRUE; $return['msg'] = _("You do not have permission to edit this map"); return $return; } $login = Session::get_session_user(); $config = new User_config($conn); $config->set($login, "riskmap", $id, 'simple', "main"); $return['error'] = FALSE; $return['msg'] = _("Default map changed successfully"); return $return; }
$err_msn = array('dir' => _('Directory/File monitored'), 'ign' => _('Directory/File ignored'), 'went' => _('Windows registry entry'), 'regi' => _('Registry ignore')); $keys = array(); $indexes = array('dir' => 0, 'ign' => 0, 'went' => 0, 'regi' => 0); foreach ($_POST as $k => $v) { if ($v == '') { continue; } foreach ($regex as $i => $r) { if (preg_match("/{$r}/", $k, $match)) { $indexes[$i] = $indexes[$i]++; //Auto-remove '\' to avoid a syntax error $v = preg_replace('/\\\\+$/', '', $v); $keys[$i][$match[1]] = $v; ossim_valid($v, OSS_ALPHA, OSS_PUNC_EXT, OSS_SLASH, OSS_NULLABLE, 'illegal:' . $err_msn[$i]); if (ossim_error()) { $info_error[] = ossim_get_error() . '. Input num. ' . $indexes[$i]; ossim_clean_error(); } break; } } } if (!empty($info_error)) { $data['status'] = 'error'; $data['data'] = implode('<br/>', $info_error); echo json_encode($data); exit; } if (is_array($keys['dir']) && !empty($keys['dir'])) { foreach ($keys['dir'] as $k => $v) { $node_sys .= '<directories';
function build_crumb($data) { Session::logcheck("dashboard-menu", "ControlPanelExecutiveEdit"); $type = $data['type']; $step = $data['step']; $titles = array(); $pro = Session::is_pro(); ossim_valid($type, OSS_DIGIT, 'illegal:' . _("Breadcrumb")); ossim_valid($step, OSS_DIGIT, 'illegal:' . _("Step")); if (ossim_error()) { $info_error = "Error: " . ossim_get_error(); ossim_clean_error(); $return['error'] = TRUE; $return['msg'] = $info_error; return $return; } switch ($type) { case 1: $titles = array(1 => utf8_encode(_("Select Type")), 2 => utf8_encode(_("Select Category")), 4 => utf8_encode(_("Customize Widget")), 5 => utf8_encode(_("Save Widget"))); if ($pro) { $titles[3] = utf8_encode(_("Select Assets")); } break; case 2: $titles = array(1 => utf8_encode(_("Select Type")), 2 => utf8_encode(_("Insert Rss URL")), 4 => utf8_encode(_("Customize Widget")), 5 => utf8_encode(_("Save Widget"))); break; case 3: $titles = array(1 => utf8_encode(_("Select Type")), 2 => utf8_encode(_("Insert Image URL")), 4 => utf8_encode(_("Customize Widget")), 5 => utf8_encode(_("Save Widget"))); break; case 4: $titles = array(1 => utf8_encode(_("Select Type")), 2 => utf8_encode(_("Select Report")), 4 => utf8_encode(_("Customize Widget")), 5 => utf8_encode(_("Save Widget"))); break; case 5: $titles = array(1 => utf8_encode(_("Select Type")), 2 => utf8_encode(_("Select OSSIM URL")), 4 => utf8_encode(_("Customize Widget")), 5 => utf8_encode(_("Save Widget"))); break; case 6: $titles = array(1 => utf8_encode(_("Select Type")), 4 => utf8_encode(_("Customize Widget")), 5 => utf8_encode(_("Save Widget"))); if ($pro) { $titles[3] = utf8_encode(_("Select Assets")); } break; case 7: $titles = array(1 => utf8_encode(_("Select Type")), 4 => utf8_encode(_("Customize Widget")), 5 => utf8_encode(_("Save Widget"))); break; } $breadcrumb = ""; ksort($titles); foreach ($titles as $i => $title) { if ($i > $step) { break; } if ($i == $step) { $class = "class='current'"; $link = "#"; } else { $class = ""; $link = "wizard.php?backbc=1&step={$i}"; } $breadcrumb .= "<li id='step{$i}' {$class}>\n\t\t\t\t\t\t\t<a href='{$link}'>" . $title . "</a>\n\t\t\t\t\t\t</li>"; } $return['error'] = FALSE; $return['msg'] = $breadcrumb; return $return; }
$info_error = '<div>' . _('We Found the following errors') . ':</div><div style="padding:10px;">' . implode('<br/>', $validation_errors) . '</div>'; } } } //Form actions ossim_valid($ip, OSS_IP_ADDR, 'illegal:' . _('Ip Address')); ossim_valid($sensor_id, OSS_HEX, 'illegal:' . _('Sensor')); $db = new ossim_db(); $conn = $db->connect(); if (!ossim_error()) { if (!Ossec_utilities::is_sensor_allowed($conn, $sensor_id)) { ossim_set_error(_('Error! Sensor not allowed')); } } if (ossim_error()) { $critical_error = ossim_get_error(); ossim_clean_error(); } else { $agentless = Ossec_agentless::get_object($conn, $sensor_id, $ip); if (is_object($agentless) && !empty($agentless)) { $ip = $agentless->get_ip(); $hostname = $agentless->get_hostname(); $user = $agentless->get_user(); $pass = Util::fake_pass($agentless->get_pass()); $passc = $pass; $ppass = Util::fake_pass($agentless->get_ppass()); $use_su = $agentless->get_use_su(); $ppassc = $ppass; $descr = $agentless->get_descr(); $sensor_name = Av_sensor::get_name_by_id($conn, $sensor_id); $_SESSION['_al_new']['sensor'] = $sensor_id;
function delete_alarm($conn, $data) { $id = $data['id']; //Validating ID before closing the alarm ossim_valid($id, OSS_HEX, 'illegal:' . _("Backlog ID")); if (ossim_error()) { $info_error = "Error: " . ossim_get_error(); ossim_clean_error(); $return['error'] = TRUE; $return['msg'] = $info_error; return $return; } //Opening the alarm Alarm::delete_backlog($conn, $id); $return['error'] = FALSE; $return['msg'] = _('Alarm deleted successfully'); return $return; }
* * * On Debian GNU/Linux systems, the complete text of the GNU General * Public License can be found in `/usr/share/common-licenses/GPL-2'. * * Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt * */ require_once 'av_init.php'; Session::logcheck("configuration-menu", "Osvdb"); $user = $_SESSION["_user"]; $error = false; $id_document = GET('id_document'); ossim_valid($id_document, OSS_DIGIT, 'illegal:' . _("Id_document")); if (ossim_error()) { $error_txt = ossim_get_error(); $error = true; } else { $db = new ossim_db(); $conn = $db->connect(); Repository::delete($conn, $id_document); $db->close(); } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html> <head> <title> <?php echo gettext("OSSIM Framework"); ?>
$s_data = array(); //Asset ID $s_data['asset_id'] = $asset_id; $s_data['nagios'] = $nagios; $s_data['ip'] = $s_values['s_ip']; $s_data['port'] = $s_values['s_port']; $s_data['protocol'] = $s_values['s_protocol']; $p_function = 'Asset_host_services::toggle_nagios'; //Validate service values foreach ($validate as $v_key => $v_data) { $parameters = $v_data['validation']; array_unshift($parameters, $s_data[$v_key]); array_push($parameters, $v_data['e_message']); call_user_func_array('ossim_valid', $parameters); if (ossim_error()) { $exp_msg = ossim_get_error(); Av_exception::throw_error(Av_exception::USER_ERROR, $exp_msg); } } //Update Nagios $parameters = array(); $parameters = array_values($s_data); //Adding BD connection array_unshift($parameters, $conn); call_user_func_array($p_function, $parameters); } catch (Exception $e) { $data['status'] = 'error'; } } } if ($data['status'] == 'error') {
if (ossim_error()) { $info_error[] = ossim_get_error(); $error = true; } $vuser = POST('user'); $ventity = POST('entity'); $title = POST('title'); $doctext = POST('doctext'); $keywords = POST('keywords'); if (isset($title) || isset($doctext)) { ossim_valid($vuser, OSS_USER, OSS_NULLABLE, 'illegal:' . _("User")); ossim_valid($ventity, OSS_HEX, OSS_NULLABLE, 'illegal:' . _("Entity")); ossim_valid($title, OSS_TEXT, 'illegal:' . _("Tittle")); ossim_valid($keywords, OSS_TEXT, OSS_NULLABLE, 'illegal:' . _("Keywords")); if (ossim_error()) { $info_error[] = ossim_get_error(); ossim_clean_error(); $error = true; } if ($doctext == "") { $info_error[] = _("Error in the 'text' field (missing required field)"); $error = true; } if ($error == false) { $parser = new KDB_Parser(); $parser->proccess_file($doctext, $id_document); $info_error = $parser->is_valid(); if (count($info_error) > 0) { $error = true; } }
$dates_list = GET("dates_list") != '' ? explode(',', GET("dates_list")) : array(); $nomerge = GET("nomerge") != "" ? GET("nomerge") : "merge"; // $_GET['merge'] is empty, always merge by default $filter_by = GET('filter_by'); // Disable filter (Entity/User) to prevent framework error // Note: remove filter_by parameter when the select boxes are removed from UI $filter_by = ''; ossim_valid($action, "insert", "delete", "status", 'illegal:' . _("Action")); ossim_valid($nomerge, OSS_ALPHA, OSS_NULLABLE, 'illegal:' . _("nomerge")); ossim_valid($filter_by, OSS_NULLABLE, OSS_DIGIT, OSS_USER, 'illegal:' . _("filter_by")); foreach ($dates_list as $_date) { ossim_valid($_date, OSS_DIGIT, 'illegal:' . _("Date")); } if (ossim_error()) { $response['status'] = 'error'; $response['message'] = ossim_get_error(); } else { switch ($action) { // Restore button case 'insert': if (Token::verify('tk_insert_events', GET('token')) == FALSE) { $response['status'] = 'error'; $response['message'] = Token::create_error_message(); } elseif (count($dates_list) > 0) { $launch_status = Backup::Insert($dates_list, $filter_by, $nomerge); if ($launch_status > 0) { $response['status'] = 'success'; $response['message'] = _('The backup process is inserting events...'); } else { $response['status'] = 'error'; $response['message'] = _('Sorry, operation was not completed due to an error when restoring events');
} $value = strtoupper($value); } elseif ($attrib == "filename") { ossim_valid($value, OSS_NULLABLE, OSS_ALPHA, OSS_SLASH, OSS_DIGIT, OSS_DOT, OSS_COLON, '\\!,', 'illegal:' . _("file name")); } elseif ($attrib == "username") { ossim_valid($value, OSS_NULLABLE, OSS_USER, OSS_PUNC_EXT, 'illegal:' . _("user name")); } elseif ($attrib == "password") { ossim_valid($value, OSS_NULLABLE, OSS_PASSWORD, 'illegal:' . _("password")); } elseif (preg_match("/^userdata\\d+\$/", $attrib)) { ossim_valid($value, OSS_NULLABLE, OSS_ALPHA, OSS_PUNC_EXT, 'illegal:' . _("userdata1")); } else { echo json_encode(array("error" => 1, "msg" => _("Attribute not found"), "current_value" => $current_value, "new_value" => $value)); exit; } if (ossim_error()) { echo json_encode(array("error" => 1, "msg" => ossim_get_error(), "current_value" => $current_value, "new_value" => $value)); exit; } elseif ($another_error != "") { echo json_encode(array("error" => 1, "msg" => $another_error, "current_value" => $current_value, "new_value" => $value)); exit; } if ($directive_editor->save_rule_attrib($rule, $dir_id, $file, $attrib, $value)) { if ($attrib == "password") { $value = preg_replace("/./", "*", $value); } // Hide password field if ($attrib == "timeout" && $value == "") { $value = "None"; } if ($attrib == "protocol" && $value == "") { $value = "ANY";
function modify_device_host($conn, $data) { $id = $data['id']; $type = $data['type']; $subtype = $data['subtype']; ossim_valid($id, OSS_HEX, 'illegal:' . _("Host ID")); ossim_valid($type, OSS_DIGIT, OSS_NULLABLE, 'illegal:' . _("Device Type")); ossim_valid($subtype, OSS_DIGIT, OSS_NULLABLE, 'illegal:' . _("Device Subtype")); if (ossim_error()) { $info_error = "Error: " . ossim_get_error(); ossim_clean_error(); $return['error'] = true; $return['msg'] = $info_error; return $return; } if (empty($type)) { $sql = "DELETE FROM host_types WHERE host_id = UNHEX(?)"; $params = array($id); } else { $sql = "DELETE FROM host_types WHERE host_id = UNHEX(?)"; $params = array($id); $conn->Execute($sql, $params); $sql = "REPLACE INTO host_types (host_id, type, subtype) VALUES (UNHEX(?), ?, ?)"; $params = array($id, $type, $subtype); } if ($conn->Execute($sql, $params) === false) { $return['error'] = true; $return['msg'] = $conn->ErrorMsg(); } else { Util::memcacheFlush(false); $return['error'] = false; $return['data'] = _('Device Property Modified Successfully'); } return $return; }
* * * On Debian GNU/Linux systems, the complete text of the GNU General * Public License can be found in `/usr/share/common-licenses/GPL-2'. * * Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt * */ //Config File require_once dirname(__FILE__) . '/../../../../config.inc'; require_once 'data/sections/configuration/utilities.php'; session_write_close(); $system_id = POST('system_id'); ossim_valid($system_id, OSS_DIGIT, OSS_LETTER, '-', 'illegal:' . _('System ID')); if (ossim_error()) { $config_nt = array('content' => ossim_get_error(), 'options' => array('type' => 'nf_error', 'cancel_button' => FALSE), 'style' => 'margin: auto; width: 90%; text-align: center;'); $nt = new Notification('nt_1', $config_nt); $nt->show(); exit; } /************************************************************** ***************** Sensor Configuraton Data ***************** ***************************************************************/ $db = new ossim_db(); $conn = $db->connect(); $sensor_cnf = Av_center::get_sensor_configuration($system_id); if ($sensor_cnf['status'] == 'error') { $config_nt = array('content' => _('Error retrieving information. Please, try again'), 'options' => array('type' => 'nf_error', 'cancel_button' => FALSE), 'style' => 'margin: 100px auto; width: 550px; text-align: center;'); $nt = new Notification('nt_1', $config_nt); $nt->show(); } else {
* * On Debian GNU/Linux systems, the complete text of the GNU General * Public License can be found in `/usr/share/common-licenses/GPL-2'. * * Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt * */ //Config File require_once dirname(__FILE__) . '/../../../config.inc'; session_write_close(); $system_id = POST('system_id'); $confirm = intval(POST('confirm')); ossim_valid($system_id, OSS_UUID, 'illegal:' . _('System ID')); if (ossim_error()) { $data['status'] = 'error'; $data['data'] = ossim_get_error(); } else { //Getting system status $local_id = strtolower(Util::get_system_uuid()); try { $db = new ossim_db(); $conn = $db->connect(); $ha_enabled = Av_center::is_ha_enabled($conn, $system_id); $db->close(); } catch (Exception $e) { $db->close(); $data['status'] = 'error'; $data['data'] = $e->getMessage(); echo json_encode($data); } $can_be_removed = $system_id != $local_id && $ha_enabled == FALSE ? TRUE : FALSE;
while ($myrow = $result->baseFetchRow()) { if ($ids != "") { $ids .= ","; } $ids .= $myrow[0]; } if ($ids != "") { $sql = "DELETE FROM sig_reference WHERE ref_id in ({$ids})"; $qs->ExecuteOutputQueryNoCanned($sql, $db_snort); } $sql = "DELETE FROM reference_system WHERE ref_system_id={$delete}"; $qs->ExecuteOutputQueryNoCanned($sql, $db_snort); $sql = "DELETE FROM reference WHERE ref_system_id={$delete}"; $qs->ExecuteOutputQueryNoCanned($sql, $db_snort); } else { $error_msg = ossim_get_error(); ossim_clean_error(); } } $sql = "SELECT * FROM reference_system"; $result = $qs->ExecuteOutputQuery($sql, $db_snort); $ref_types = array(); while ($myrow = $result->baseFetchRow()) { $ref_types[] = $myrow; } ?> <!-- <?php echo gettext("Forensics Console " . $BASE_installID) . $BASE_VERSION; ?> -->
$asset = POST('asset'); $nat = POST('nat'); $sensors = isset($_POST['sboxs']) && !empty($_POST['sboxs']) ? Util::clean_array(POST('sboxs')) : array(); $nagios = POST('nagios'); $rrd_profile = POST('rrd_profile'); $threshold_a = POST('threshold_a'); $threshold_c = POST('threshold_c'); if (is_numeric($ips)) { for ($i = 0; $i < $ips; $i++) { $item_ip = "ip_{$i}"; ${$item_ip} = POST($item_ip); $num = $i + 1; $hostname = "Host {$num}"; ossim_valid(${$item_ip}, OSS_IP_ADDR, OSS_NULLABLE, 'illegal:' . _($hostname)); if (ossim_error()) { $message_error[] = ossim_get_error(); $error = true; $invalid_hosts = true; ossim_clean_error(); } else { if (!empty(${$item_ip})) { $num_hosts++; } } } } $num_sensors = count($sensors); $validate = array("ips" => array("validation" => "OSS_DIGIT", "e_message" => 'illegal:' . _("Hosts")), "groupname" => array("validation" => "OSS_SCORE, OSS_INPUT, OSS_NULLABLE", "e_message" => 'illegal:' . _("Group name")), "descr" => array("validation" => "OSS_TEXT, OSS_NULLABLE, OSS_AT", "e_message" => 'illegal:' . _("Description")), "asset" => array("validation" => "OSS_DIGIT", "e_message" => 'illegal:' . _("Asset")), "nat" => array("validation" => "OSS_NULLABLE, OSS_IP_ADDR", "e_message" => 'illegal:' . _("Nat")), "sboxs" => array("validation" => "OSS_SCORE, OSS_INPUT, OSS_AT", "e_message" => 'illegal:' . _("Sensors")), "rrd_profile" => array("validation" => "OSS_INPUT, OSS_NULLABLE", "e_message" => 'illegal:' . _("RRD Profile")), "threshold_a" => array("validation" => "OSS_DIGIT", "e_message" => 'illegal:' . _("Threshold A")), "threshold_c" => array("validation" => "OSS_DIGIT", "e_message" => 'illegal:' . _("Threshold C")), "nagios" => array("validation" => "OSS_NULLABLE, OSS_DIGIT", "e_message" => 'illegal:' . _("Nagios"))); if (GET('ajax_validation') == true) { $validation_errors = validate_form_fields('GET', $validate); if ($validation_errors == 1) {
//Config File require_once 'av_init.php'; Session::logcheck_ajax('environment-menu', 'PolicyHosts'); $asset_type = POST('asset_type'); $token = POST('token'); $action = POST('action'); // Validate Form token if (Token::verify('tk_toggle_monitoring', POST('token')) == FALSE) { $error = Token::create_error_message(); Util::response_bad_request($error); } session_write_close(); ossim_valid($asset_type, OSS_LETTER, 'illegal: ' . _('Asset Type')); ossim_valid($action, 'enable', 'disable', 'illegal: ' . _('Action')); if (ossim_error()) { $error = ossim_get_error(); Util::response_bad_request($error); } /* connect to db */ $db = new ossim_db(TRUE); $conn = $db->connect(); $data = array(); try { $_class_name = $asset_type == 'group' ? 'Asset_group_scan' : 'Asset_host_scan'; if ($action == 'enable') { $success = $_class_name::bulk_enable_monitoring($conn); } else { $success = $_class_name::bulk_disable_monitoring($conn); } if ($success == FALSE) { if ($action == 'enable') {
function change_disable_option($data) { $panel = $data['panel']; $user = $data['user']; ossim_valid($panel, OSS_DIGIT, 'illegal:' . _("Tab")); ossim_valid($user, OSS_USER, 'illegal:' . _("User")); if (ossim_error()) { $info_error = "Error: " . ossim_get_error(); ossim_clean_error(); $return['error'] = TRUE; $return['msg'] = $info_error; return $return; } if (!get_user_valid($user)) { $return['error'] = TRUE; $return['msg'] = _('You do not have permission to modify this tab'); return $return; } try { $tab = new Dashboard_tab($panel, $user); $tab->set_visible(1 - intval($tab->is_visible())); $tab->save_db(); } catch (Exception $e) { $return['error'] = TRUE; $return['msg'] = $e->getMessage(); return $return; } $return['error'] = FALSE; $return['msg'] = _("Visibility Option Changed Successfully"); return $return; }
* <------------------------ END OF THE FUNCTIONS ------------------------> * */ /* * * <------------------------- BODY OF THE SCRIPT -------------------------> * */ $action = POST("action"); //Action to perform. $data = POST("data"); //Data related to the action. ossim_valid($action, OSS_INPUT, 'illegal:' . _("Action")); if (ossim_error()) { $response['error'] = TRUE; $response['msg'] = ossim_get_error(); ossim_clean_error(); echo json_encode($response); die; } //Default values for the response. $response['error'] = TRUE; $response['msg'] = _('Error when processing the request'); //checking if it is an ajax request if (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest') { //Checking token if (!Token::verify('tk_welcome_wizard', GET('token'))) { $response['error'] = TRUE; $response['msg'] = _('Invalid Action'); } else { //Getting the object with the filters. Unserialize needed.
function schedule_scan($conn, $wizard, $data) { $step = intval($wizard->get_step_data('scan_step')); $nets = $wizard->get_step_data('scan_nets'); if ($step != 3 || count($nets) < 1) { $response['error'] = TRUE; $response['msg'] = _('Asset Scan not valid to schedule'); return $response; } $sched = $data['sch_opt']; ossim_valid($sched, OSS_DIGIT, 'illegal:' . _("Schedule Option")); if (ossim_error()) { $response['error'] = TRUE; $response['msg'] = ossim_get_error(); ossim_clean_error(); $wizard->set_step_data('scan_nets', -1); return $response; } if ($sched == 1) { $period = 86400; } elseif ($sched == 2) { $period = 604800; } else { $period = 2419200; } $sensor_id = Av_sensor::get_default_sensor($conn); $name = _('Default_wizard_scan'); $type = 5; $targets = array(); foreach ($nets as $cidrs) { $cidrs = explode(' ', $cidrs); foreach ($cidrs as $cidr) { $targets[$cidr] = $cidr; } } $targets = implode(' ', $targets); $params = $targets . '#-T3 -A -sS -F'; Inventory::insert($conn, $sensor_id, $name, $type, $period, $params, $targets); $response['error'] = FALSE; $response['data'] = array(); return $response; }