$to_time = strtotime($startDate); $from_time = strtotime($endDate); return floor(abs($to_time - $from_time) / 60); } Session::useractive('../session/login.php'); $conf = $GLOBALS['CONF']; /* Connect to db */ $db = new ossim_db(); $conn = $db->connect(); /* Version */ $pro = Session::is_pro(); $mode = empty($_SESSION['user_in_db']) ? 'insert' : 'update'; $login = POST('login') != '' ? POST('login') : $_SESSION['user_in_db']; $myself = Session::get_user_info($conn); $am_i_admin = Session::am_i_admin(); $am_i_proadmin = $pro && Acl::am_i_proadmin() ? TRUE : FALSE; $is_my_profile = $login == $myself->get_login() ? TRUE : FALSE; $validate = array('uuid' => array('validation' => 'OSS_HEX, OSS_NULLABLE', 'e_message' => 'illegal:' . _('UUID')), 'login' => array('validation' => 'OSS_USER_2', 'e_message' => 'illegal:' . _('User login')), 'user_name' => array('validation' => 'OSS_ALPHA, OSS_PUNC, OSS_AT', 'e_message' => 'illegal:' . _('User name')), 'email' => array('validation' => 'OSS_MAIL_ADDR, OSS_NULLABLE', 'e_message' => 'illegal:' . _('User e-mail')), 'language' => array('validation' => 'OSS_ALPHA, OSS_PUNC, OSS_AT, OSS_NULLABLE', 'e_message' => 'illegal:' . _('Language')), 'tzone' => array('validation' => "OSS_ALPHA, OSS_SCORE, '\\/', '\\+'", 'e_message' => 'illegal:' . _('Timezone')), 'login_method' => array('validation' => 'ldap, pass', 'e_message' => 'illegal:' . _('Login method')), 'c_pass' => array('validation' => 'OSS_PASSWORD', 'e_message' => 'illegal:' . _('Current password')), 'pass1' => array('validation' => 'OSS_PASSWORD', 'e_message' => 'illegal:' . _('Password')), 'pass2' => array('validation' => 'OSS_PASSWORD', 'e_message' => 'illegal:' . _('Retype password')), 'last_pass_change' => array('validation' => 'OSS_DIGIT, OSS_PUNC_EXT', 'e_message' => 'illegal:' . _('Last pass change')), 'is_admin' => array('validation' => 'OSS_DIGIT, OSS_NULLABLE', 'e_message' => 'illegal:' . _('Global admin')), 'template_id' => array('validation' => 'OSS_HEX', 'e_message' => 'illegal:' . _('Menu template')), 'assets[]' => array('validation' => 'OSS_HEX, OSS_NULLABLE', 'e_message' => 'illegal:' . _('Assets')), 'sensors[]' => array('validation' => 'OSS_HEX, OSS_NULLABLE', 'e_message' => 'illegal:' . _('Sensors'))); if ($mode == 'update') { $validate['pass1']['validation'] = 'OSS_PASSWORD, OSS_NULLABLE'; $validate['pass2']['validation'] = 'OSS_PASSWORD, OSS_NULLABLE'; } if ($pro && !$is_my_profile) { $validate['entities[]'] = array('validation' => 'OSS_HEX', 'e_message' => 'illegal:' . _('Entities')); } else { $validate['company'] = array('validation' => 'OSS_ALPHA, OSS_PUNC, OSS_AT, OSS_NULLABLE', 'e_message' => 'illegal:' . _('Company')); $validate['department'] = array('validation' => 'OSS_ALPHA, OSS_PUNC, OSS_AT, OSS_NULLABLE', 'e_message' => 'illegal:' . _('Department')); } /* AJAX validation using GET method */ if (GET('ajax_validation') == TRUE) { $data['status'] = 'OK';
require_once 'languages.inc'; Session::logcheck('configuration-menu', 'ConfigurationUsers'); // Load column layout require_once '../conf/layout.php'; $category = 'policy'; $name_layout = 'host_layout'; $layout = load_layout($name_layout, $category); $db = new ossim_db(); $conn = $db->connect(); $action = REQUEST('action'); $user_id = REQUEST('user_id'); $language = POST('language'); if (ossim_error()) { die(ossim_error()); } $proadmin = Session::am_i_admin() || Session::is_pro() && Acl::am_i_proadmin(); // admin user or pro admin /* Allowed actions: - Enable/disable user - Expire session - Change language */ if ($action != "" && $user_id != '') { $myself = Session::get_session_user(); ossim_valid($user_id, OSS_USER, 'illegal:' . _('User ID')); ossim_valid($action, OSS_ALPHA, OSS_SCORE, 'illegal:' . _('Action')); if (ossim_error()) { echo ossim_error(); exit; }
function edit_autoenable($sid) { global $dbconn, $username, $version; navbar($sid); $query = "select id, name, description, autoenable, type, owner, update_host_tracker\n FROM vuln_nessus_settings where id={$sid}"; $dbconn->SetFetchMode(ADODB_FETCH_BOTH); $result = $dbconn->execute($query); echo <<<EOT <form method="post" action="settings.php" id="profile_config"> <input type="hidden" name="type" value="update"> <input type="hidden" name="sid" value="{$sid}"> EOT; list($sid, $sname, $sdescription, $sautoenable, $stype, $sowner, $tracker) = $result->fields; $sname = mb_convert_encoding($sname, 'ISO-8859-1', 'UTF-8'); //if($stype=='G') { $stc = "checked"; } else { $stc = ""; } if (valid_hex32($sowner)) { $user_entity = $sowner; } else { $user = $sowner; } $old_user = $sowner; if ($tracker == '1') { $cktracker = "checked"; } else { $cktracker = ""; } echo <<<EOT <input type="hidden" name="old_owner" value="{$old_user}"> <input type="hidden" name="old_name" value="{$sname}"> <center> <table cellspacing="2" cellpadding="4"> <tr> EOT; echo "<th>" . _("Name") . ":</th>"; echo ' <td><input type="text" name="sname" value="' . $sname . '" size=50/> </tr> <tr> '; echo "<th>" . _("Description") . ":</th>"; echo ' <td><input type="text" name="sdescription" value="' . $sdescription . '" size=50/></td> </tr>'; $users = Session::get_users_to_assign($dbconn); $entities = Session::am_i_admin() || $pro && Acl::am_i_proadmin() ? Session::get_entities_to_assign($dbconn) : null; ?> <tr> <th><?php echo _("Make this profile available for"); ?> :</th> <td> <table cellspacing="0" cellpadding="0" align='center' class="transparent"> <tr> <td class='nobborder'><span style='margin-right:3px'><?php echo _("User:"******"user" style="width:150px" id="user" onchange="switch_user('user');return false;" > <?php $num_users = 0; $current_user = Session::get_session_user(); if (!Session::am_i_admin()) { $user = $user == "" && $entity == "" ? $current_user : $user; } foreach ($users as $k => $v) { $login = $v->get_login(); $selected = $login == $user ? "selected='selected'" : ""; $options .= "<option value='" . $login . "' {$selected}>{$login}</option>\n"; $num_users++; } if ($num_users == 0) { echo "<option value='-1' style='text-align:center !important;'>- " . _("No users found") . " -</option>"; } else { echo "<option value='-1' style='text-align:center !important;'>- " . _("Select users") . " -</option>"; if (Session::am_i_admin()) { $default_selected = ($user == "" || intval($user) == 0) && $entity == "" ? "selected='selected'" : ""; echo "<option value='0' {$default_selected}>" . _("ALL") . "</option>\n"; } echo $options; } ?> </select> </td> <?php if (!empty($entities)) { ?> <td style='text-align:center; border:none; !important'><span style='padding:5px;'><?php echo _("OR"); ?> <span></td> <td class='nobborder'><span style='margin-right:3px'><?php echo _("Entity:"); ?> </span></td> <td class='nobborder'> <select name="entity" style="width:170px" id="entity" onchange="switch_user('entity');return false;"> <option value="-1" style='text-align:center !important;'>- <?php echo _("Entity not assigned"); ?> -</option> <?php foreach ($entities as $k => $v) { $selected = $k == $user_entity ? "selected='selected'" : ""; echo "<option value='{$k}' {$selected}>{$v}</option>"; } ?> </select> </td> <?php } ?> </tr> </table> </td> </tr> <?php echo "<tr style='display:none'>"; echo "<th>" . _("Link scans run by this profile in Network Hosts") . "<br>" . _("Purpose so that Network Hosts can be tracking full/perfered audits") . ".</th>"; echo "<td class='left'><input type='checkbox' name='tracker' {$cktracker}/><font color='red'>" . _("Update Host Tracker \"Network Hosts\" Status") . "</font></input></td>"; echo "</tr>"; echo "<tr>\n<th valign='top' style='background-position:top center;'>" . _("Autoenable options") . ":</th>\n<td class='nobborder' style='text-align:center'><SELECT name=\"sautoenable\" onChange=\"showEnableBy();return false;\">"; //echo "<option value=\"N\""; // if ($sautoenable=="N") { echo " selected";} // echo ">None"; echo "<option value=\"C\""; if ($sautoenable == "C") { echo " selected"; } echo ">" . _("Autoenable by category") . "<option value=\"F\""; if ($sautoenable == "F") { echo " selected"; } echo ">" . _("Autoenable by family") . "</select>"; echo "<div id=\"cat2\"" . ($sautoenable == "C" ? "" : "style=\"display:none;\"") . ">"; echo "<BR><B>" . _("Autoenable plugins in categories") . ":</B><BR><BR>"; $query = "SELECT t1.cid, t2.name, t1.status FROM vuln_nessus_settings_category as t1,\n vuln_nessus_category as t2\n where t1.sid={$sid}\n and t1.cid=t2.id\n order by t2.name"; // var_dump($query); $dbconn->SetFetchMode(ADODB_FETCH_BOTH); $result = $dbconn->execute($query); echo <<<EOT <table bordercolor="#6797BF" border="0" cellspacing="2" cellpadding="0"> EOT; echo "<tr><th>" . _("Name") . "</th>"; echo "<th>" . _("Enable All") . "</th>"; echo "<th>" . _("Enable New") . "</th>"; echo "<th>" . _("Disable New") . "</th>"; echo "<th>" . _("Disable All") . "</th>"; echo "<th>" . _("Intelligent") . "</th></tr>"; while (!$result->EOF) { list($cid, $name, $status) = $result->fields; echo "<tr><td style=\"text-align:left;padding-left:3px;\">" . strtoupper($name) . "</td>"; echo "<td><input type=\"radio\" name=\"c_{$cid}\" value=\"1\" "; if ($status == 1) { echo "checked"; } echo "></td><td><input type=\"radio\" name=\"c_{$cid}\" value=\"2\" "; if ($status == 2) { echo "checked"; } echo "></td><td><input type=\"radio\" name=\"c_{$cid}\" value=\"3\" "; if ($status == 3) { echo "checked"; } echo "></td>"; echo "<td><input type=\"radio\" name=\"c_{$cid}\" value=\"4\" "; if ($status == 4) { echo "checked"; } echo "></td>"; echo "<td><input type=\"radio\" name=\"c_{$cid}\" value=\"5\" "; if ($status == 5) { echo "checked"; } echo "></td></tr>"; $result->MoveNext(); } echo "</table><BR>"; echo "</div>"; echo "<div id=\"fam2\"" . ($sautoenable == "F" ? "" : "style=\"display:none;\"") . ">"; $query = "select t1.fid, t2.name, t1.status\n from vuln_nessus_settings_family as t1,\n vuln_nessus_family as t2\n where t1.sid={$sid}\n and t1.fid=t2.id\n order by t2.name"; $dbconn->SetFetchMode(ADODB_FETCH_BOTH); $result = $dbconn->execute($query); echo "<BR><B>" . _("Autoenable plugins in families") . ":<BR><BR></B>"; echo <<<EOT <table bordercolor="#6797BF" border="0" cellspacing="2" cellpadding="0"> EOT; echo "<tr><th>" . _("Name") . "</th>"; echo "<th>" . _("Enable All") . "</th>"; echo "<th>" . _("Enable New") . "</th>"; echo "<th>" . _("Disable New") . "</th>"; echo "<th>" . _("Disable All") . "</th>"; echo "<th>" . _("Intelligent") . "</th></tr>"; while (!$result->EOF) { list($fid, $name, $status) = $result->fields; echo "<tr><td style=\"text-align:left;padding-left:3px;\">{$name}</td>"; echo "<td><input type=\"radio\" name=\"f_{$fid}\" value=\"1\" "; if ($status == 1) { echo "checked"; } echo "></td>"; echo "<td><input type=\"radio\" name=\"f_{$fid}\" value=\"2\" "; if ($status == 2) { echo "checked"; } echo "></td>"; echo "<td><input type=\"radio\" name=\"f_{$fid}\" value=\"3\" "; if ($status == 3) { echo "checked"; } echo "></td>"; echo "<td><input type=\"radio\" name=\"f_{$fid}\" value=\"4\" "; if ($status == 4) { echo "checked"; } echo "></td>"; echo "<td><input type=\"radio\" name=\"f_{$fid}\" value=\"5\" "; if ($status == 5) { echo "checked"; } echo "></td></tr>"; $result->MoveNext(); } echo "</table></div></td></tr></table></center><br/>"; echo "<input type='button' id='update_button' value='" . _("Update") . "' class='button update_profile'><br/><br/></form>"; }
<td class='right'> <input type="button" class="av_b_secondary small" value="<?php echo _('Add New'); ?> " onclick="javascript:add_frw_server();return false;"/> </td> </tr> </table> </td> </tr> <?php } ?> <?php if ($mssp && $pro && (Session::am_i_admin() || Acl::am_i_proadmin())) { $tooltip = "<ul class='tip'>\n \t\t\t\t\t\t\t<li>" . _('Right-click on engine nodes to change its name') . "</li>\n \t\t\t\t\t\t\t<li>" . _('Drag and drop contexts between engines') . "</li>\n \t\t\t\t\t\t</ul>"; ?> <tr id='engine_notification'> <td colspan=2 class="noborder"> <div></div> </td> </tr> <tr id='engines_server' > <th style="text-decoration:underline"> <label for='eng_name'><?php echo _('Correlation Options'); ?> </label> <a href='javascript:;' class='tiptip' title="<?php echo $tooltip;
$select_targets = get_targets($conn, $database['meth_TARGET']); } else { if ($action == 'delete_scan') { $query = 'SELECT username, name, id, scan_SERVER, report_id, status FROM vuln_jobs WHERE id=?'; $params = array($job_id); $result = $conn->execute($query, $params); $username = $result->fields['username']; $job_name = $result->fields['name']; $kill_id = $result->fields['id']; $nserver_id = $result->fields['scan_SERVER']; $report_id = $result->fields['report_id']; $can_i_delete = FALSE; if (Session::am_i_admin() || Session::get_session_user() == $username) { $can_i_delete = TRUE; } else { if (Session::is_pro() && Acl::am_i_proadmin()) { $user_vision = !isset($_SESSION['_user_vision']) ? Acl::get_user_vision($conn) : $_SESSION['_user_vision']; $my_entities_admin = array_keys($user_vision['entity_admin']); if (in_array($username, $my_entities_admin)) { $can_i_delete = TRUE; } } } if ($can_i_delete) { $query = 'DELETE FROM vuln_jobs WHERE id=?'; $params = array($kill_id); $result = $conn->execute($query, $params); $query = 'DELETE FROM vuln_nessus_reports WHERE report_id=?'; $params = array($report_id); $result = $conn->execute($query, $params); $query = 'DELETE FROM vuln_nessus_report_stats WHERE report_id=?';
function select_profile() { global $sid, $username, $dbconn, $version, $nessus_path; $used_sids = array(); if (preg_match("/omp\\s*\$/i", $nessus_path)) { $omp = new OMP(); $used_sids = $omp->get_used_sids(); } $entities_nt = array(); $query = "SELECT ae.id as eid, ae.name as ename, aet.name as etype FROM acl_entities AS ae, acl_entities_types AS aet WHERE ae.type = aet.id"; $result_entities = $dbconn->Execute($query); while (!$result_entities->EOF) { $entities_nt[$result_entities->fields['eid']] = $result_entities->fields['ename'] . " [" . $result_entities->fields['etype'] . "]"; $result_entities->MoveNext(); } $query = ""; $normal_user_pro = false; if ($username == "admin") { $query = "SELECT id, name, description, owner, type FROM vuln_nessus_settings \n WHERE deleted != '1' ORDER BY name"; } else { if (preg_match("/pro|demo/i", $version)) { if (Acl::am_i_proadmin()) { $pro_users = array(); $entities_list = array(); //list($entities_admin,$num) = Acl::get_entities_admin($dbconn,Session::get_session_user()); //$entities_list = array_keys($entities_admin); $entities_list = Acl::get_user_entities($current_user); $users = Acl::get_my_users($dbconn, Session::get_session_user()); foreach ($users as $us) { $pro_users[] = $us["login"]; } $query = "SELECT id, name, description, owner, type FROM vuln_nessus_settings \n WHERE deleted != '1' and (name='Default' or owner in ('0','" . implode("', '", array_merge($entities_list, $pro_users)) . "')) ORDER BY name"; } else { $tmp = array(); $entities = Acl::get_user_entities($username); foreach ($entities as $entity) { $tmp[] = "'" . $entity . "'"; } if (count($tmp) > 0) { $user_where = "owner in ('0','{$username}'," . implode(", ", $tmp) . ")"; } else { $user_where = "owner in ('0','{$username}')"; } $query = "SELECT id, name, description, owner, type FROM vuln_nessus_settings \n WHERE deleted != '1' and (name='Default' or {$user_where}) ORDER BY name"; $normal_user_pro = true; } } else { $query = "SELECT id, name, description, owner, type FROM vuln_nessus_settings \n WHERE deleted != '1' and (name='Default' or owner in ('0','{$username}')) ORDER BY name"; } } //var_dump($query); $result = $dbconn->execute($query); //echo $query; echo "<CENTER>"; echo "<table cellspacing=\"0\" cellpadding=\"0\" border=\"0\" width=\"800\"><tr><td class=\"headerpr\" style=\"border:0;\">" . _("Vulnerability Scan Profiles") . "</td></tr></table>"; echo "<table cellspacing=\"0\" cellpadding=\"0\" border=\"0\" width=\"800\"><tr><td class=\"noborder\">"; echo "<p>"; echo _("Please select a profile to edit") . ":"; echo "</p>"; echo "<table align='center'>"; echo "<tr>"; if ($username == "admin" || Session::am_i_admin()) { echo "<th>" . _("Available for") . "</th>"; } echo " <th>" . _("Profile") . "</th>"; echo " <th>" . _("Description") . "</th>"; echo " <th>" . _("Action") . "</th>"; echo "</tr>"; while (!$result->EOF) { //<td>$sowner</td> //<td>$stype</td> list($sid, $sname, $sdescription, $sowner, $stype) = $result->fields; echo "<tr>"; if ($username == "admin" || Session::am_i_admin()) { if ($sowner == "0") { echo "<td>" . _("All") . "</td>"; } elseif (is_numeric($sowner)) { echo "<td style='padding:0px 2px 0px 2px;'>" . $entities_nt[$sowner] . "</td>"; } else { echo "<td>" . html_entity_decode($sowner) . "</td>"; } } echo "<td>" . html_entity_decode($sname) . "</td>"; echo "<td>" . html_entity_decode($sdescription) . "</td>"; echo "<td>"; //var_dump($normal_user_pro); //var_dump($sowner); //var_dump($username); //var_dump($used_sids); if ($normal_user_pro && $sowner != $username && $sname != "Default") { echo " "; } elseif ($username == "admin" || Session::am_i_admin()) { if (!in_array($sid, $used_sids)) { echo "<a href=\"settings.php?disp=edit&&sid={$sid}\"><img src=\"images/pencil.png\"></a>"; echo "<a href=\"settings.php?disp=edit&op=delete&sid={$sid}\" onclick=\"return confirmDelete();\"><img src=\"images/delete.gif\"></a>"; } else { echo "<img src=\"images/pencil.png\" title=\"" . _("This profile is being used by a running job now") . "\" style=\"filter:alpha(opacity=50);-moz-opacity:0.5;-khtml-opacity: 0.5;opacity: 0.5;\">"; echo "<img src=\"images/delete.gif\" title=\"" . _("This profile is being used by a running job now") . "\" style=\"filter:alpha(opacity=50);-moz-opacity:0.5;-khtml-opacity: 0.5;opacity: 0.5;\">"; } } elseif ($sname == "Default") { echo "[" . _("edit by admin") . "]"; } elseif ($sname != "Default") { if (!in_array($sid, $used_sids)) { echo "<a href=\"settings.php?disp=edit&&sid={$sid}\"><img src=\"images/pencil.png\"></a>"; echo "<a href=\"settings.php?disp=edit&op=delete&sid={$sid}\" onclick=\"return confirmDelete();\"><img src=\"images/delete.gif\"></a>"; } else { echo "<img title=\"" . _("This profile is being used by a running job now") . "\" style=\"filter:alpha(opacity=50);-moz-opacity:0.5;-khtml-opacity: 0.5;opacity: 0.5;\" src=\"images/pencil.png\">"; echo "<img title=\"" . _("This profile is being used by a running job now") . "\" style=\"filter:alpha(opacity=50);-moz-opacity:0.5;-khtml-opacity: 0.5;opacity: 0.5;\" src=\"images/delete.gif\">"; } } echo "</td>"; echo "</tr>"; $result->MoveNext(); } echo "</table>"; echo "<center>"; echo "<p>"; echo "<form>"; echo "<input type=button onclick=\"document.location.href='settings.php?disp=new'\" value=\"" . _("Create New Profile") . "\" class=\"button\"> "; if ($username == "admin" || Session::am_i_admin()) { echo "<input type=button onclick=\"document.location.href='defaults.php'\" value=\"" . _("Edit default profile") . "\" class=\"button\">"; } echo "</form>"; echo "</p>"; echo "</center>"; echo "<br><br>"; echo "</td></tr></table></center>"; // end else }
Web_indicator::set_on('Reload_servers'); $return['error'] = FALSE; $return['data'] = ''; return $return; } $login = Session::get_session_user(); $db = new ossim_db(); $conn = $db->connect(); $action = POST('action'); $data = POST('data'); ossim_valid($action, OSS_DIGIT, 'illegal:' . _('Action')); if (ossim_error()) { die(ossim_error()); } if ($action != '' && isset($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest') { if (!Session::is_pro() || !Session::am_i_admin() && !Acl::am_i_proadmin()) { $response['error'] = TRUE; $response['msg'] = _('You do not have permission to do this action'); } else { switch ($action) { case 1: $response = change_ctx_engine($conn, $data); break; case 2: $response = change_engine_name($conn, $data); break; case 3: $response = insert_engine($conn, $data); break; case 4: $response = delete_engine($conn, $data);
* * * On Debian GNU/Linux systems, the complete text of the GNU General * Public License can be found in `/usr/share/common-licenses/GPL-2'. * * Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt * */ require_once 'av_init.php'; //First we check we have session active Session::useractive(); //Then we check the permissions $cond1 = Session::logcheck_bool("dashboard-menu", "ControlPanelExecutive"); $cond1 = $cond1 && Session::logcheck_bool("dashboard-menu", "ControlPanelExecutiveEdit"); $cond2 = !Session::am_i_admin(); $cond3 = Session::is_pro() && !Acl::am_i_proadmin(); if (!$cond1 && $cond2 && $cond3) { $response['error'] = TRUE; $response['msg'] = _('You do not have permissions to see this section'); echo json_encode($response); exit - 1; } require_once AV_MAIN_ROOT_PATH . '/dashboard/sections/widgets/widget_common.php'; /****************************************************************************************************************/ /* */ /************************************************ TABS FUNTIONS *************************************************/ /* */ /****************************************************************************************************************/ function clone_tab($data) { $from = $data['from'];
} ?> </td> </tr> </table> <input type="hidden" name="action" value="save" /> <input type="hidden" name="name" value="<?php echo $name; ?> " /> <input type="hidden" name="url" value="<?php echo $url; ?> " /> <?php } elseif (Acl::am_i_proadmin()) { // pro admin //users $users_admin = Acl::get_my_users($dbconn, Session::get_session_user()); foreach ($users_admin as $u) { // if($u["login"]!=Session::get_session_user()){ $users_pro_login[] = $u["login"]; // } } //if(!in_array(Session::get_session_user(), $users_pro_login) && $incident_in_charge!=Session::get_session_user()) $users_pro_login[] = Session::get_session_user(); //entities list($entities_all, $num_entities) = Acl::get_entities($dbconn); list($entities_admin, $num) = Acl::get_entities_admin($dbconn, Session::get_session_user()); $entities_list = array_keys($entities_admin); $entities_types_aux = Acl::get_entities_types($dbconn); $entities_types = array();
<a href='view.php?map=<?php echo $n; ?> '><img src='maps/<?php echo $ico; ?> ' border='<?php echo $default_map == $n ? "1" : "0"; ?> ' width=150 height=150></a> </td> </tr> <tr> <td align="center"> <?php if (Session::am_i_admin() || preg_match("/pro|demo/i", $version) && Acl::am_i_proadmin()) { ?> <a class="greyboxo" href="change_user.php?id_map=<?php echo $n; ?> " title="<?php echo "Change owner"; ?> "><img src="../pixmaps/group.png" title="<?php _("Change owner"); ?> " alt="<?php _("Change owner"); ?> " border="0"></a> <?php
<select name="login"> <?php $current_user = Session::get_session_user(); $number_users = count($users); if (Session::am_i_admin()) { $filtered_users = $users; } else { foreach ($users as $u) { $login = $u->get_login(); if ($login == $current_user) { $filtered_users[] = $u; } else { if (!Session::is_admin($conn, $login)) { if ($pro && !Acl::am_i_proadmin() && !Acl::is_proadmin($conn, $login) > 0) { $filtered_users[] = $u; } elseif ($pro && Acl::am_i_proadmin()) { $filtered_users[] = $u; } } } } } if ($number_users == 0) { ?> <option value="">- <?php echo _("No users found"); ?> -</option> <?php } foreach ($filtered_users as $u) {
$configuration = 0; if (Session::menu_perms("MenuConfiguration", "ConfigurationMain")) { $configuration = 1; $menu["Configuration"][] = array("name" => gettext("Main"), "id" => "Main", "url" => "conf/main.php"); $hmenu["Main"][] = array("name" => gettext("Simple"), "id" => "Main", "url" => "conf/main.php", "help" => "javascript:top.topmenu.new_wind('http://ossim.net/dokuwiki/doku.php?id=user_manual:configuration:configuration','Help');"); $hmenu["Main"][] = array("name" => gettext("Advanced"), "id" => "Advanced", "url" => "conf/main.php?adv=1", "help" => "javascript:top.topmenu.new_wind('http://ossim.net/dokuwiki/doku.php?id=user_manual:configuration:configuration','Help');"); if ($prodemo && Session::am_i_admin()) { $hmenu["Main"][] = array("name" => gettext("Customization Wizard"), "id" => "Customize", "url" => "session/customize.php", "help" => "javascript:top.topmenu.new_wind('http://ossim.net/dokuwiki/doku.php?id=user_manual:configuration:customize','Help');"); } } if (Session::menu_perms("MenuConfiguration", "ConfigurationUsers")) { $configuration = 1; $users_path = $opensource ? "session/users.php" : "acl/users.php"; $menu["Configuration"][] = array("name" => gettext("Users"), "id" => "Users", "url" => $users_path); $hmenu["Users"][] = array("name" => gettext("Configuration"), "id" => "Users", "url" => $users_path, "help" => "javascript:top.topmenu.new_wind('http://ossim.net/dokuwiki/doku.php?id=user_manual:configuration:users:users','Help');", "config" => "users"); if (!$opensource && (Session::am_i_admin() || Acl::am_i_proadmin())) { $rmenu["Users"][] = array("name" => gettext("Entities"), "target" => "main", "url" => "../acl/entities.php"); $rmenu["Users"][] = array("name" => gettext("Templates"), "target" => "main", "url" => "../acl/templates.php"); $rmenu["Users"][] = array("name" => gettext("Password Policy"), "target" => "main", "url" => "../conf/main.php?adv=1&passpolicy=1&hmenu=Main&smenu=Advanced"); } } if (Session::menu_perms("MenuConfiguration", "ConfigurationUserActionLog")) { $configuration = 1; $hmenu["Users"][] = array("name" => gettext("User activity"), "id" => "User action logs", "url" => "conf/userlog.php", "help" => "javascript:top.topmenu.new_wind('http://ossim.net/dokuwiki/doku.php?id=user_manual:configuration:users:user_activity','Help');", "config" => "userlog"); } if (Session::menu_perms("MenuConfiguration", "PolicyServers") || Session::menu_perms("MenuConfiguration", "PolicySensors")) { $assets = 1; if (Session::menu_perms("MenuConfiguration", "PolicySensors")) { $menu["Configuration"][] = array("name" => gettext("SIEM Components"), "id" => "SIEM Components", "url" => "sensor/sensor.php"); } elseif (Session::menu_perms("MenuConfiguration", "PolicyServers")) { $menu["Configuration"][] = array("name" => gettext("SIEM Components"), "id" => "SIEM Components", "url" => "server/server.php");
function tab_discovery() { global $component, $uroles, $editdata, $scheduler, $username, $useremail, $dbconn, $disp, $enScanRequestImmediate, $enScanRequestRecur, $timeout, $smethod, $SVRid, $sid, $ip_list, $ip_exceptions_list, $schedule_type, $ROYEAR, $ROday, $ROMONTH, $time_hour, $time_min, $dayofweek, $dayofmonth, $sname, $user, $entity, $hosts_alive, $scan_locally, $version, $nthweekday, $semail, $not_resolve; global $pluginOptions, $enComplianceChecks, $profileid; $conf = $GLOBALS["CONF"]; $pre_scan_locally_status = $conf->get_conf("nessus_pre_scan_locally", FALSE); $user_selected = $user; $entity_selected = $entity; $SVRid_selected = $SVRid; $sid_selected = $sid != "" ? $sid : $editdata['meth_VSET']; $timeout_selected = $editdata["meth_TIMEOUT"]; $ip_list_selected = str_replace("\\r\\n", "\n", str_replace(";;", "\n", $ip_list)); if (count($ip_exceptions_list) > 0) { $ip_list_selected .= "\n" . implode("\n", $ip_exceptions_list); } $ROYEAR_selected = $ROYEAR; $ROday_selected = $ROday; $ROMONTH_selected = $ROMONTH; $time_hour_selected = $time_hour; $time_min_selected = $time_min; $dayofweek_selected = $dayofweek; $dayofmonth_selected = $dayofmonth; $sname_selected = $sname; //print_r($editdata); if ($schedule_type != "") { $editdata['schedule_type'] = $schedule_type; } $cquery_like = ""; if ($component != "") { $cquery_like = " AND component='{$component}'"; } $today = date("Ymd"); $tyear = substr($today, 0, 4); $nyear = $tyear + 1; $tmonth = substr($today, 4, 2); $tday = substr($today, 6, 2); #SET VALUES UP IF EDIT SCHEDULER if (isset($editdata['notify'])) { $enotify = $editdata['notify']; } else { $enotify = "{$useremail}"; } if (isset($editdata['time'])) { list($time_hour, $time_min, $time_sec) = split(':', $editdata['time']); } $arrTypes = array("N", "O", "D", "W", "M", "NW"); foreach ($arrTypes as $type) { $sTYPE[$type] = ""; } $arrJobTypes = array("C", "M", "R", "S"); foreach ($arrJobTypes as $type) { $sjTYPE[$type] = ""; } if (isset($editdata['schedule_type'])) { $sTYPE[$editdata['schedule_type']] = "CHECKED"; if ($editdata['schedule_type'] == 'D') { $ni = 2; } elseif ($editdata['schedule_type'] == 'O') { $ni = 3; } elseif ($editdata['schedule_type'] == 'W') { $ni = 4; } elseif ($editdata['schedule_type'] == 'NW') { $ni = 6; } else { $ni = 5; } $show = "<br><script language=javascript>showLayer('idSched', {$ni});</script>"; } else { if ($enScanRequestImmediate) { $sTYPE['N'] = "CHECKED"; $show = "<br><script language=javascript>showLayer('idSched', 1);</script>"; } else { $sTYPE['O'] = "checked"; $show = "<br><script language=javascript>showLayer('idSched', 3);</script>"; } } if ($schedule_type != "") { if ($schedule_type == "N") { $show .= "<br><script language=javascript>showLayer('idSched', 1);</script>"; } if ($schedule_type == "O") { $show .= "<br><script language=javascript>showLayer('idSched', 3);</script>"; } if ($schedule_type == "D") { $show .= "<br><script language=javascript>showLayer('idSched', 2);</script>"; } if ($schedule_type == "W") { $show .= "<br><script language=javascript>showLayer('idSched', 4);</script>"; } if ($schedule_type == "M") { $show .= "<br><script language=javascript>showLayer('idSched', 5);</script>"; } if ($schedule_type == "NW") { $show .= "<br><script language=javascript>showLayer('idSched', 6);</script>"; } } if (isset($editdata['job_TYPE'])) { $sjTYPE[$editdata['job_TYPE']] = "SELECTED"; } else { $sjTYPE['M'] = "SELECTED"; } if (isset($editdata['day_of_month'])) { $dayofmonth = $editdata['day_of_month']; } if (isset($editdata['day_of_week'])) { $day[$editdata['day_of_week']] = "SELECTED"; } if ($dayofweek_selected != "") { $day[$dayofweek_selected] = "SELECTED"; } if (!$uroles['nessus']) { $name = "sr-" . substr($username, 0, 6) . "-" . time(); $name = $editdata['name'] == "" ? $name : $editdata['name']; $nameout = $name . "<input type=hidden style='width:200px' name='sname' value='{$name}'>"; } else { $nameout = "<input type=text style='width:200px' name='sname' value='" . ($sname_selected != "" ? "{$sname_selected}" : "{$editdata['name']}") . "'>"; } $discovery = "<input type=\"hidden\" name=\"cred_type\" value=\"N\">"; $discovery .= "<table width=\"80%\">"; $discovery .= "<tr>"; $discovery .= "<input type=\"hidden\" name=\"smethod\" value=\"{$smethod}\">"; $discovery .= "<td align=\"Right\" width=\"30%\">" . _("Job Name") . ":</td>"; $discovery .= "<td style=\"text-align:left;\">{$nameout}</td>"; $discovery .= "</tr>"; $query = "SELECT id, name, hostname\n FROM vuln_nessus_servers\n WHERE enabled='1' AND status='A'"; $result = $dbconn->execute($query); $discovery .= "<tr>"; $discovery .= "<td align=\"right\">" . _("Select Server") . ":</td>"; $discovery .= "<td style=\"text-align:left;\"><select name=\"SVRid\">"; //if($SVRid=="" || $SVRid_selected=="Null") { $discovery .= "<option value=\"Null\">" . _("First Available Server-Distributed") . "</option>"; //} while (!$result->EOF) { list($SVRid, $sname, $shostIP) = $result->fields; if (Session::am_i_admin() || Session::sensorAllowed($shostIP)) { // $shostIP=="localhost" || $discovery .= "<option value=\"{$SVRid}\" "; if ($editdata['scan_ASSIGNED'] != "" && $editdata['scan_ASSIGNED'] == $SVRid) { $discovery .= " SELECTED"; } if ($SVRid_selected == $SVRid) { $discovery .= " SELECTED"; } $discovery .= ">" . strtoupper($sname) . " [{$shostIP}] </option>"; } $result->MoveNext(); } $discovery .= <<<EOT </select> </td> </tr> <tr> EOT; $discovery .= "<td align='right' width='25%'>" . _("Profile") . ":</td>"; $discovery .= "<td style='text-align:left;'><select name='sid'>"; //$query = "SELECT distinct(t1.id), t1.name, t1.description // FROM vuln_nessus_settings t1 // LEFT JOIN vuln_nessus_settings_users t2 ON t1.id = t2.sid // WHERE t1.type = 'G' OR t2.username='******' // ORDER BY t1.name"; $query = ""; if ($username == "admin" || Session::am_i_admin()) { $query = "SELECT distinct(t1.id), t1.name, t1.description \n FROM vuln_nessus_settings t1 WHERE deleted='0'\n ORDER BY t1.name"; } else { if (preg_match("/pro|demo/i", $version)) { if (Acl::am_i_proadmin()) { $pro_users = array(); $entities_list = Acl::get_user_entities($current_user); //list($entities_admin,$num) = Acl::get_entities_admin($dbconn,Session::get_session_user()); //$entities_list = array_keys($entities_admin); $users = Acl::get_my_users($dbconn, Session::get_session_user()); foreach ($users as $us) { $pro_users[] = $us["login"]; } $query = "SELECT distinct(t1.id), t1.name, t1.description FROM vuln_nessus_settings t1\n WHERE deleted = '0' and (name='Default' or owner in ('0','" . implode("','", array_merge($entities_list, $pro_users)) . "')) ORDER BY t1.name"; } else { $tmp = array(); $entities = Acl::get_user_entities($username); foreach ($entities as $entity) { $tmp[] = "'" . $entity . "'"; } if (count($tmp) > 0) { $user_where = "owner in ('0','{$username}'," . implode(", ", $tmp) . ")"; } else { $user_where = "owner in ('0','{$username}')"; } $query = "SELECT distinct(t1.id), t1.name, t1.description FROM vuln_nessus_settings t1\n WHERE deleted = '0' and (name='Default' or {$user_where}) ORDER BY t1.name"; } } else { $query = "SELECT distinct(t1.id), t1.name, t1.description FROM vuln_nessus_settings t1\n WHERE deleted = '0' and (name='Default' or owner in ('0','{$username}')) ORDER BY t1.name"; } } //var_dump($query); $result = $dbconn->execute($query); $job_profiles = array(); $id_found = false; $ipr = 0; while (!$result->EOF) { list($sid, $sname, $sdescription) = $result->fields; if ($sid_selected == $sid) { $id_found = true; } $job_profiles[$ipr]["sid"] = $sid; $job_profiles[$ipr]["sname"] = $sname; $job_profiles[$ipr]["sdescription"] = $sdescription; $ipr++; $result->MoveNext(); } foreach ($job_profiles as $profile_data) { $sid = $profile_data["sid"]; $sname = $profile_data["sname"]; $sdescription = $profile_data["sdescription"]; $discovery .= "<option value=\"{$sid}\" "; if ($sid_selected == $sid) { if ($sdescription != "") { $discovery .= "selected>{$sname} - {$sdescription}</option>"; } else { $discovery .= "selected>{$sname}</option>"; } } else { if ($sdescription != "") { $discovery .= (preg_match("/default/i", $sname) && !$id_found ? 'selected="selected"' : "") . ">{$sname} - {$sdescription}</option>"; } else { $discovery .= (preg_match("/default/i", $sname) && !$id_found ? 'selected="selected"' : "") . ">{$sname}</option>"; } } } $discovery .= "</select>  [<a href=\"settings.php?hmenu=Vulnerabilities&smenu=ScanProfiles\">" . _("Edit Profiles") . "</a>]</td>"; $discovery .= "</tr>"; $discovery .= "<tr>"; $discovery .= "<td align='right'>" . _("Timeout") . "</td>"; $discovery .= "<td style=\"text-align:left;\" nowrap><input type='text' style='width:80px' name='timeout' value='" . ($timeout_selected == "" ? "{$timeout}" : "{$timeout_selected}") . "'>"; $discovery .= "<font color='black'> " . _("Max scan run time in seconds") . " </font></td>"; $discovery .= "</tr>"; if ($smethod == "inmediately") { $discovery .= "<tr>"; $discovery .= "<td style=\"text-align:center;\" nowrap>" . _("Schedule Method") . ":</td>"; $discovery .= "<td style=\"text-align:left;\" nowrap>" . _("Inmediately") . "<td>"; $discovery .= "</tr>"; $discovery .= "<tr style='display:none'>"; } else { $discovery .= "<tr>"; } $discovery .= "<td style=\"text-align:left;padding-left:35px;\">" . _("Schedule Method") . ":<br>"; if (!$scheduler && $enScanRequestImmediate) { $discovery .= "<input type=\"radio\" name=\"schedule_type\" value=\"N\" onClick=\"showLayer('idSched', 1)\" {$sTYPE['N']}>" . _("Immediately") . "</input><br>"; } if (!$scheduler) { $discovery .= "<input type=\"radio\" name=\"schedule_type\" value=\"O\" onClick=\"showLayer('idSched', 3)\" {$sTYPE['O']}>" . _("Run Once") . "</input><br>"; } if ($scheduler || $enScanRequestRecur) { $discovery .= "<input type=\"radio\" name=\"schedule_type\" value=\"D\" onClick=\"showLayer('idSched', 2)\" {$sTYPE['D']}>" . _("Daily") . "</input><br>"; $discovery .= "<input type=\"radio\" name=\"schedule_type\" value=\"W\" onClick=\"showLayer('idSched', 4)\" {$sTYPE['W']}>" . _("Day of the Week") . "</input><br>"; $discovery .= "<input type=\"radio\" name=\"schedule_type\" value=\"M\" onClick=\"showLayer('idSched', 5)\" {$sTYPE['M']}>" . _("Day of the Month") . "</input><br>"; $discovery .= "<input type=\"radio\" name=\"schedule_type\" value=\"NW\" onClick=\"showLayer('idSched', 6)\" {$sTYPE['NW']}>" . _("N<sup>th</sup> weekday of the month") . "</input><br>"; } $discovery .= <<<EOT </td> <td><div> <div id="idSched1" class="forminput"> </div> <div id="idSched3" class="forminput"> <table cellspacing="2" cellpadding="0" width="100%"> EOT; $discovery .= "<tr><td colspan='7' class='noborder'>" . gettext("Year") . " <select name='ROYEAR'>"; $discovery .= "<option value=\"{$tyear}\" " . ($ROYEAR_selected == "" || $ROYEAR_selected == $tyear ? "selected" : "") . ">{$tyear}</option>"; $discovery .= "<option value=\"{$nyear}\" " . ($ROYEAR_selected == $nyear ? "selected" : "") . ">{$nyear}</option>"; $discovery .= "</select> " . gettext("Month") . " <select name='ROMONTH'>"; /* $discovery .= <<<EOT </td> <td><div> <div id="idSched1" class="forminput"> </div> <div id="idSched3" class="forminput"> <table cellspacing="2" cellpadding="0" width="100%"> <tr><td colspan="7" class="noborder">Year <select name="ROYEAR"> <option value="$tyear" selected>$tyear</option>"; <option value="$nyear">$nyear</option>"; </select> Month <select name="ROMONTH">"; EOT;*/ for ($i = 1; $i <= 12; $i++) { $discovery .= "<option value=\"{$i}\" "; if ($i == $tmonth && $ROMONTH_selected == "" || $ROMONTH_selected == $i) { $discovery .= "selected"; } $discovery .= ">{$i}</option>"; } $discovery .= "</select> " . gettext("Day") . " <select name=\"ROday\">"; for ($i = 1; $i <= 31; $i++) { $discovery .= "<option value=\"{$i}\" "; if ($i == $tday && $ROday_selected == "" || $ROday_selected == $i) { $discovery .= "selected"; } $discovery .= ">{$i}</option>"; } $discovery .= <<<EOT </select></td> </tr> </table> </div> <div id="idSched4" class="forminput" > <table width="100%"> <tr> EOT; $discovery .= "<th align=\"right\">" . _("Weekly") . "</td><td colspan=\"2\" class=\"noborder\">"; $discovery .= "<select name=\"dayofweek\">"; $discovery .= "<option value=\"Su\" SELECTED >" . gettext("Select week day to run") . "</option>"; $discovery .= "<option value=\"Su\" {$day['Su']} >" . gettext("Sunday") . "</option>"; $discovery .= "<option value=\"Mo\" {$day['Mo']} >" . gettext("Monday") . "</option>"; $discovery .= "<option value=\"Tu\" {$day['Tu']} >" . gettext("Tuesday") . "</option>"; $discovery .= "<option value=\"We\" {$day['We']} >" . gettext("Wednesday") . "</option>"; $discovery .= "<option value=\"Th\" {$day['Th']} >" . gettext("Thursday") . "</option>"; $discovery .= "<option value=\"Fr\" {$day['Fr']} >" . gettext("Friday") . "</option>"; $discovery .= "<option value=\"Sa\" {$day['Sa']} >" . gettext("Saturday") . "</option>"; $discovery .= "</select>"; $discovery .= "</td>"; $discovery .= <<<EOT </tr> </table> </div> <div id="idSched5" class="forminput"> <table width="100%"> <tr> EOT; $discovery .= "<th align='right'>" . gettext("Select Day") . "</td>"; $discovery .= <<<EOT <td colspan="2" class="noborder"><select name="dayofmonth">" EOT; for ($i = 1; $i <= 31; $i++) { $discovery .= "<option value=\"{$i}\""; if ($dayofmonth == $i && $dayofmonth_selected == "" || $dayofmonth_selected == $i) { $discovery .= " selected"; } $discovery .= ">{$i}</option>"; } $discovery .= <<<EOT </select></td> </tr> </table> </div> <div id="idSched6" class="forminput"> <table width="100%"> <tr> EOT; $discovery .= "<th align=\"right\">" . gettext("Day of week") . "</th><td colspan=\"2\" class=\"noborder\">"; $discovery .= "<select name=\"nthdayofweek\">"; $discovery .= "<option value=\"Su\" SELECTED >" . gettext("Select week day to run") . "</option>"; $discovery .= "<option value=\"Su\" {$day['Su']} >" . gettext("Sunday") . "</option>"; $discovery .= "<option value=\"Mo\" {$day['Mo']} >" . gettext("Monday") . "</option>"; $discovery .= "<option value=\"Tu\" {$day['Tu']} >" . gettext("Tuesday") . "</option>"; $discovery .= "<option value=\"We\" {$day['We']} >" . gettext("Wednesday") . "</option>"; $discovery .= "<option value=\"Th\" {$day['Th']} >" . gettext("Thursday") . "</option>"; $discovery .= "<option value=\"Fr\" {$day['Fr']} >" . gettext("Friday") . "</option>"; $discovery .= "<option value=\"Sa\" {$day['Sa']} >" . gettext("Saturday") . "</option>"; $discovery .= "</select>"; $discovery .= "</td>"; $discovery .= <<<EOT </tr> </table> <br> <table width="100%"> <tr> EOT; $discovery .= "<th align='right'>" . gettext("N<sup>th</sup> weekday") . "</th><td colspan='2' class='noborder'>"; $discovery .= "<select name='nthweekday'>"; $discovery .= "<option value='1'>" . gettext("Select nth weekday to run") . "</option>"; $discovery .= "<option value='1'" . ($dayofmonth == 1 ? " selected" : "") . ">" . gettext("First") . "</option>"; $discovery .= "<option value='2'" . ($dayofmonth == 2 ? " selected" : "") . ">" . gettext("Second") . "</option>"; $discovery .= "<option value='3'" . ($dayofmonth == 3 ? " selected" : "") . ">" . gettext("Third") . "</option>"; $discovery .= "<option value='4'" . ($dayofmonth == 4 ? " selected" : "") . ">" . gettext("Fourth") . "</option>"; $discovery .= "<option value='5'" . ($dayofmonth == 5 ? " selected" : "") . ">" . gettext("Fifth") . "</option>"; $discovery .= <<<EOT </select> </td> </tr> </table> </div> <div id="idSched2" class="forminput"> <table width="100%"> EOT; $discovery .= "<tr>"; $discovery .= "<th rowspan='2' align='right' width='30%'>" . gettext("Time") . "</td>"; $discovery .= "<td align='right'>" . gettext("Hour") . "</td><td>" . gettext("Minutes") . "</td>"; $discovery .= "</tr>"; $discovery .= <<<EOT <tr> <td align="right" class="noborder"><select name="time_hour"> EOT; for ($i = 0; $i <= 23; $i++) { $discovery .= "<option align=\"right\" value=\"{$i}\""; if ($time_hour == $i && $time_hour_selected == "" || $time_hour_selected == $i) { $discovery .= " selected"; } $discovery .= ">{$i}</option>"; } $discovery .= <<<EOT </select></td> <td class="noborder"><select name="time_min"> EOT; for ($i = 0; $i < 60; $i = $i + 15) { $discovery .= "<option value=\"{$i}\""; if ($time_min == $i && $time_min_selected == "" || $time_min_selected == $i) { $discovery .= " selected"; } $discovery .= ">{$i}</option>"; } $discovery .= <<<EOT </select></td> </tr> </table> </div> </tr> EOT; $conf = $GLOBALS["CONF"]; $version = $conf->get_conf("ossim_server_version", FALSE); $pro = preg_match("/pro|demo/i", $version) ? true : false; $users = Session::get_users_to_assign($dbconn); $entities = Session::get_entities_to_assign($dbconn); $discovery .= "<tr>\n\t\t\t\t\t\t<td>" . _("Make this scan job visible for:") . "</td>\n\t\t\t\t\t\t<td style='text-align: left'>\n\t\t\t\t\t\t\t<table cellspacing='0' cellpadding='0' class='transparent' style='margin: 5px 0px;'>\n\t\t\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t\t\t<td class='nobborder'><span style='margin-right:3px'>" . _('User:'******'nobborder'>\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t<select name='user' id='user' onchange=\"switch_user('user');return false;\">"; $num_users = 0; foreach ($users as $k => $v) { $login = $v->get_login(); $selected = $editdata["username"] == $login || $user_selected == $login ? "selected='selected'" : ""; $options .= "<option value='" . $login . "' {$selected}>{$login}</option>\n"; $num_users++; } if ($num_users == 0) { $discovery .= "<option value='' style='text-align:center !important;'>- " . _("No users found") . " -</option>"; } else { $discovery .= "<option value='' style='text-align:center !important;'>- " . _("Select one user") . " -</option>\n"; $discovery .= $options; } $discovery .= "\t\t\t\t\t\t</select>\n\t\t\t\t\t\t\t\t\t</td>"; if (!empty($entities)) { $discovery .= "\t \t\t\t<td style='text-align:center; border:none; !important'><span style='padding:5px;'>" . _("OR") . "<span></td>\n\t\t\t\t\t\t\t\t\t<td class='nobborder'><span style='margin-right:3px'>" . _("Entity:") . "</span></td>\n\t\t\t\t\t\t\t\t\t<td class='nobborder'>\t\n\t\t\t\t\t\t\t\t\t\t<select name='entity' id='entity' onchange=\"switch_user('entity');return false;\">\n\t\t\t\t\t\t\t\t\t\t\t<option value='' style='text-align:center !important;'>-" . _("Select one entity") . "-</option>"; foreach ($entities as $k => $v) { $selected = $editdata["username"] == $k || $entity_selected == $k ? "selected='selected'" : ""; $discovery .= "<option value='{$k}' {$selected}>{$v}</option>"; } $discovery .= "\t\t\t\t\t</select>\n\t\t\t\t\t\t\t\t\t</td>"; } $discovery .= " \t \t</tr>\n\t\t\t\t\t\t\t</table>\n\t\t\t\t\t\t</td>\n\t\t\t\t\t</tr>"; $discovery .= "<tr><td>" . _("Send an email notification when finished:"); $discovery .= "</td>"; $discovery .= "<td style=\"text-align:left;\">"; $discovery .= "<input type=\"radio\" name=\"semail\" value=\"0\"" . (count($editdata) <= 1 && intval($semail) == 0 || intval($editdata['meth_Wfile']) == 0 ? " checked" : "") . "/>" . _("No"); $discovery .= "<input type=\"radio\" name=\"semail\" value=\"1\"" . (count($editdata) <= 1 && intval($semail) == 1 || intval($editdata['meth_Wfile']) == 1 ? " checked" : "") . "/>" . _("Yes"); $discovery .= "</td></tr>"; $targets_message = _("Targets") . "<br>" . _("(Hosts/Networks)") . "<br>"; $discovery .= "<tr><td valign=\"top\" style=\"text-align:left;padding-left:50px;\" width=\"20%\" class=\"noborder\"><br>"; $discovery .= "<input type=\"checkbox\" name=\"hosts_alive\" value=\"1\"" . (count($editdata) <= 1 && intval($hosts_alive) == 1 || intval($editdata['meth_CRED']) == 1 ? " checked" : "") . ">" . _("Only scan hosts that are alive") . "<br>(" . _("greatly speeds up the scanning process") . ")<br><br>"; //if (Session::am_i_admin()) $discovery .= "<input type=\"checkbox\" name=\"scan_locally\" value=\"1\"" . ($pre_scan_locally_status == 0 ? " disabled=\"disabled\"" : "") . ($pre_scan_locally_status == 1 && (count($editdata) <= 1 && intval($scan_locally) == 1 || intval($editdata['authorized']) == 1) ? " checked" : "") . ">" . _("Pre-Scan locally") . "<br>(" . _("do not pre-scan from scanning sensor") . ")<br><br>"; $discovery .= "<input type=\"checkbox\" name=\"not_resolve\" value=\"1\" " . ($editdata['resolve_names'] === "0" || $not_resolve == "1" ? "checked=\"checked\"" : "") . "/>" . _("Do not resolve names"); //else // $discovery .= "<input type=\"hidden\" name=\"scan_locally\" value=\"0\">"; $discovery .= <<<EOT <select name="tarSel" style="display:none;" onClick="if (this.options[this.selectedIndex].value != 'null') { showLayer('idTarget', this.options[this.selectedIndex].value ) }"> <option name="schedule" value="1" {$sjTYPE['M']} selected>IP List</option> <option name="schedule" value="2">IP Range</option> <option name="schedule" value="3" >Named Target List</option> <option name="schedule" value="4">CIDR</option> <option name="schedule" value="5" {$sjTYPE['C']} >Subnet</option> <option name="schedule" value="6" {$sjTYPE['S']} >Asset List/System</option> </select><br><br><br><br><br><br><br><br><br></td> <td class="noborder" style="text-align:left" valign="top"> <div align="left"> <div id="idTarget1"> \t\t\t<table class="noborder"><tr> <td style="text-align:center;padding-bottom:3px;" class="nobborder">{$targets_message}</td> </tr> <tr> \t\t\t<td valign="top" class="noborder"> <table class="transparent" width="100%"> <tr> <td class='nobborder'> EOT; $discovery .= "<textarea name=\"ip_list\" id=\"ip_list\" cols=\"32\" rows=\"8\">" . ($ip_list_selected == "" ? "{$editdata['meth_TARGET']}" : "{$ip_list_selected}") . "</textarea>"; $discovery .= "</td></tr>"; $discovery .= "<tr><td style='text-align:left;' class='nobborder'>"; $discovery .= "<div id='lassets' style='display:none'>"; $discovery .= "<img width=\"16\" align=\"absmiddle\" src=\"./images/loading.gif\" border=\"0\" alt=\"" . _("Loading assets...") . "\" title=\"" . _("Loading assets...") . "\">"; $discovery .= "<span style='margin-left:4px;'>" . _("Loading assets, please wait few seconds...") . "</span>"; $discovery .= <<<EOT </div> <td> </tr> </table> \t\t\t</td> \t\t\t<td valign="top" style="text-align:left" class="noborder"> \t\t\t\t<div id="htree" style="width:450px"></div> \t\t\t</td> \t\t\t</tr></table> </div> <div id="idTarget2" class="forminput"> <table width="100%" style="border:0;"> <tr> <td align="Right" width="30%" >Range Start</td> <td><input type="text" name="ip_start" value=""></td> </tr> <tr> <td align="Right" width="30%" >Range End</td> <td><input type="text" name="ip_end" value=""></td> </tr> </table> </div> <div id="idTarget3" class="forminput"> <textarea name="named_list" cols="32" rows="8"></textarea> </div> <div id="idTarget4" class="forminput"> <input type="text" name="cidr" value=""> </div> <div id="idTarget5" class="forminput"> <table width="100%" style="border:0;"> <tr> <td align="Right" width="30%" ></td> <td><select name="subnet"> <option value="" >Select A Subnet to Scan</option> EOT; if ($uroles['admin'] || $uroles['auditAll']) { $discovery .= "<option value='ALL' >Audit All Subnets - (SINGLE JOB)!!!</option>"; $query_filter = "AND t1.tiScanApproval='1'"; } else { $query_filter = "AND t4.pn_uname = '{$username}'"; } #$query = "SELECT distinct t1.id, t1.site_code, t1.CIDR # FROM vuln_subnets t1 # LEFT JOIN vuln_sites t2 ON t1.site_code = t2.site_code # LEFT JOIN vuln_org_sites t3 ON t2.id = t3.siteID # LEFT JOIN vuln_org_users t4 ON t3.orgID = t4.orgID # WHERE t1.status != 'available' $query_filter # ORDER BY t1.site_code, CIDR"; //$result=$dbconn->execute($query); //while (!$result->EOF) { // list($subid, $scode, $sname)=$result->fields; // if ( $editdata['fk_name'] == $sname ) { $selected= "SELECTED"; } else { $selected=""; } // $discovery .= "<option value=\"$sname\" $selected >[$scode] $sname</option>"; // $result->MoveNext(); //} $discovery .= <<<EOT </select></td> </tr> </table> </div> <div id="idTarget6" class="forminput"> <table width="100%" style="border:0;"> <tr> <td align="Right" width="30%" ></td> <td><select name="system"> <option value="" >Select A System to Scan</option> EOT; if ($uroles['admin'] || $uroles['auditAll']) { } else { $query_filter = "AND t2.pn_uname = '{$username}'"; } #$query = "SELECT distinct t1.id, t1.acronym, t1.name # FROM vuln_systems t1 # LEFT JOIN vuln_system_users t2 ON t2.sysID = t1.id # WHERE t1.deleted='0' $cquery_like AND t1.status='assigned' $query_filter # ORDER BY t1.site_code, acronym"; #$result=$dbconn->execute($query); #while (!$result->EOF) { # list($subid, $scode, $sname)=$result->fields; # if ( $editdata['fk_name'] == $scode ) { $selected= "SELECTED"; } else { $selected=""; } # $discovery .= "<option value=\"$scode\" $selected>[$scode] $sname</option>"; # $result->MoveNext(); #} $discovery .= <<<EOT </select></td> </tr> </table> </div> </div> </div> </td> </tr> </table> </tr></td></table> EOT; //if(!$scheduler && !$enScanRequestImmediate) { // $discovery .= "<script language=javascript>showLayer('idSched', 3);</script>"; //} $discovery .= $show; return $discovery; }
function tab_discovery() { global $component, $uroles, $editdata, $scheduler, $username, $useremail, $dbconn, $disp, $enScanRequestImmediate, $enScanRequestRecur, $timeout, $smethod, $SVRid, $sid, $ip_list, $ip_exceptions_list, $schedule_type, $ROYEAR, $ROday, $ROMONTH, $time_hour, $time_min, $dayofweek, $dayofmonth, $sname, $user, $entity, $hosts_alive, $scan_locally, $version, $nthweekday, $semail, $not_resolve, $time_interval, $ssh_credential, $smb_credential, $net_id; global $pluginOptions, $enComplianceChecks, $profileid; $conf = $GLOBALS["CONF"]; $users = Session::get_users_to_assign($dbconn); $entities_to_assign = Session::get_entities_to_assign($dbconn); $pre_scan_locally_status = $conf->get_conf("nessus_pre_scan_locally"); $user_selected = $user; $entity_selected = $entity; $SVRid_selected = $SVRid; $sid_selected = $sid != "" ? $sid : $editdata['meth_VSET']; $timeout_selected = $editdata["meth_TIMEOUT"]; $ip_list_selected = str_replace("\\r\\n", "\n", str_replace(";;", "\n", $ip_list)); if (count($ip_exceptions_list) > 0) { $ip_list_selected .= "\n" . implode("\n", $ip_exceptions_list); } $ROYEAR_selected = $ROYEAR; $ROday_selected = $ROday; $ROMONTH_selected = $ROMONTH; $time_hour_selected = $time_hour; $time_min_selected = $time_min; $dayofweek_selected = $dayofweek; $dayofmonth_selected = $dayofmonth; $sname_selected = $sname; if (preg_match("/^[a-f\\d]{32}\$/i", $net_id)) { // Autofill new scan job from deployment if (Asset_net::is_in_db($dbconn, $net_id)) { $sname_selected = Asset_net::get_name_by_id($dbconn, $net_id); $schedule_type = "M"; $ip_list = array(); $nips = explode(",", Asset_net::get_ips_by_id($dbconn, $net_id)); foreach ($nips as $nip) { $ip_list[] = $net_id . "#" . trim($nip); } } } if ($schedule_type != "") { $editdata['schedule_type'] = $schedule_type; } $cquery_like = ""; if ($component != "") { $cquery_like = " AND component='{$component}'"; } $today = date("Ymd"); $tyear = substr($today, 0, 4); $nyear = $tyear + 1; $tmonth = substr($today, 4, 2); $tday = substr($today, 6, 2); #SET VALUES UP IF EDIT SCHEDULER if (isset($editdata['notify'])) { $enotify = $editdata['notify']; } else { $enotify = "{$useremail}"; } if (isset($editdata['time'])) { list($time_hour, $time_min, $time_sec) = split(':', $editdata['time']); $tz = Util::get_timezone(); $time_hour = $time_hour + $tz; } $arrTypes = array("N", "O", "D", "W", "M", "NW"); foreach ($arrTypes as $type) { $sTYPE[$type] = ""; } $arrJobTypes = array("C", "M", "R", "S"); foreach ($arrJobTypes as $type) { $sjTYPE[$type] = ""; } if (isset($editdata['schedule_type'])) { $sTYPE[$editdata['schedule_type']] = "selected='selected'"; if ($editdata['schedule_type'] == 'D') { $ni = 2; } elseif ($editdata['schedule_type'] == 'O') { $ni = 3; } elseif ($editdata['schedule_type'] == 'W') { $ni = 4; } elseif ($editdata['schedule_type'] == 'NW') { $ni = 6; } else { $ni = 5; } $show = "<br><script language=javascript>showLayer('idSched', {$ni});</script>"; } else { if ($enScanRequestImmediate) { $sTYPE['N'] = "selected='selected'"; $show = "<br><script language=javascript>showLayer('idSched', 1);</script>"; } else { $sTYPE['O'] = "selected='selected'"; $show = "<br><script language=javascript>showLayer('idSched', 3);</script>"; } } if ($schedule_type != "") { if ($schedule_type == "N") { $show .= "<br><script language=javascript>showLayer('idSched', 1);</script>"; } if ($schedule_type == "O") { $show .= "<br><script language=javascript>showLayer('idSched', 3);</script>"; } if ($schedule_type == "D") { $show .= "<br><script language=javascript>showLayer('idSched', 2);</script>"; } if ($schedule_type == "W") { $show .= "<br><script language=javascript>showLayer('idSched', 4);</script>"; } if ($schedule_type == "M") { $show .= "<br><script language=javascript>showLayer('idSched', 5);</script>"; } if ($schedule_type == "NW") { $show .= "<br><script language=javascript>showLayer('idSched', 6);</script>"; } } if (isset($editdata['job_TYPE'])) { $sjTYPE[$editdata['job_TYPE']] = "SELECTED"; } else { $sjTYPE['M'] = "SELECTED"; } if (isset($editdata['day_of_month'])) { $dayofmonth = $editdata['day_of_month']; } if (isset($editdata['day_of_week'])) { $day[$editdata['day_of_week']] = "SELECTED"; } if ($dayofweek_selected != "") { $day[$dayofweek_selected] = "SELECTED"; } if (!$uroles['nessus']) { $name = "sr-" . substr($username, 0, 6) . "-" . time(); $name = $editdata['name'] == "" ? $name : $editdata['name']; $nameout = $name . "<input type=hidden style='width:210px' name='sname' value='{$name}'>"; } else { $nameout = "<input type=text style='width:210px' name='sname' value='" . ($sname_selected != "" ? "{$sname_selected}" : "{$editdata['name']}") . "'>"; } $discovery = "<input type=\"hidden\" name=\"save_scan\" value=\"1\">"; $discovery .= "<input type=\"hidden\" name=\"cred_type\" value=\"N\">"; $discovery .= "<table width=\"80%\" cellspacing=\"4\">"; $discovery .= "<tr>"; $discovery .= "<input type=\"hidden\" name=\"smethod\" value=\"{$smethod}\">"; $discovery .= "<td width=\"25%\" class='job_option'>" . Util::strong(_("Job Name") . ":") . "</td>"; $discovery .= "<td style=\"text-align:left;\">{$nameout}</td>"; $discovery .= "</tr>"; list($sensor_list, $total) = Av_sensor::get_list($dbconn); $discovery .= "<tr>"; $discovery .= "<td class='job_option'>" . Util::strong(_("Select Server") . ":") . "</td>"; $discovery .= "<td style='text-align:left;'><select id='SVRid' style='width:212px' name='SVRid'>"; $discovery .= "<option value='Null'>" . _("First Available Server-Distributed") . "</option>"; foreach ($sensor_list as $_sensor_id => $sensor_data) { if (intval($sensor_data['properties']['has_vuln_scanner']) == 1) { $discovery .= "<option value=\"{$_sensor_id}\" "; if ($editdata['email'] == $_sensor_id || $editdata['scan_ASSIGNED'] == $_sensor_id) { $discovery .= " SELECTED"; } if ($SVRid_selected == $_sensor_id) { $discovery .= " SELECTED"; } $discovery .= ">" . strtoupper($sensor_data['name']) . " [" . $sensor_data['ip'] . "] </option>"; } } $discovery .= <<<EOT </select> </td> </tr> <tr> EOT; $discovery .= "<td class='job_option'>" . Util::strong(_("Profile") . ":") . "</td>"; $discovery .= "<td style='text-align:left;'><select name='sid'>"; $query = ""; if ($username == "admin" || Session::am_i_admin()) { $query = "SELECT distinct(t1.id), t1.name, t1.description \n FROM vuln_nessus_settings t1 WHERE deleted='0'\n ORDER BY t1.name"; } else { if (Session::is_pro()) { $users_and_entities = Acl::get_entities_to_assign($dbconn); if (Acl::am_i_proadmin()) { $users = Acl::get_my_users($dbconn, Session::get_session_user()); foreach ($users as $us) { $users_and_entities[$us->get_login()] = $us->get_login(); } $owner_list['0'] = '0'; $owner_list = array_keys($users_and_entities); $owner_list = implode("','", $owner_list); $query = "SELECT distinct(t1.id), t1.name, t1.description FROM vuln_nessus_settings t1\n WHERE deleted = '0' and (name='Default' or owner in ('" . $owner_list . "')) ORDER BY t1.name"; } else { $owner_list['0'] = '0'; $owner_list[$username] = $username; $owner_list = array_keys($users_and_entities); $owner_list[] = Session::get_session_user(); $owner_list = implode("','", $owner_list); $user_where = "owner in ('" . $owner_list . "')"; $query = "SELECT distinct(t1.id), t1.name, t1.description FROM vuln_nessus_settings t1\n WHERE deleted = '0' and (name='Default' or {$user_where}) ORDER BY t1.name"; } } else { $query = "SELECT distinct(t1.id), t1.name, t1.description FROM vuln_nessus_settings t1\n WHERE deleted = '0' and (name='Default' or owner in ('0','{$username}')) ORDER BY t1.name"; } } $dbconn->SetFetchMode(ADODB_FETCH_BOTH); $result = $dbconn->execute($query); $job_profiles = array(); $id_found = false; $ipr = 0; while (!$result->EOF) { list($sid, $sname, $sdescription) = $result->fields; if ($sid_selected == $sid) { $id_found = true; } $job_profiles[$ipr]["sid"] = $sid; $job_profiles[$ipr]["sname"] = $sname; $job_profiles[$ipr]["sdescription"] = $sdescription; $ipr++; $result->MoveNext(); } foreach ($job_profiles as $profile_data) { $sid = $profile_data["sid"]; $sname = $profile_data["sname"]; $sdescription = $profile_data["sdescription"]; $discovery .= "<option value=\"{$sid}\" "; if ($sid_selected == $sid) { if ($sdescription != "") { $discovery .= "selected>{$sname} - {$sdescription}</option>"; } else { $discovery .= "selected>{$sname}</option>"; } } else { if ($sdescription != "") { $discovery .= (preg_match("/default/i", $sname) && !$id_found ? 'selected="selected"' : "") . ">{$sname} - {$sdescription}</option>"; } else { $discovery .= (preg_match("/default/i", $sname) && !$id_found ? 'selected="selected"' : "") . ">{$sname}</option>"; } } } $discovery .= "</select>  <a href=\"" . Menu::get_menu_url('settings.php', 'environment', 'vulnerabilities', 'scan_jobs') . "\">[" . _("EDIT PROFILES") . "]</a></td>"; $discovery .= "</tr>"; $discovery .= "<tr>"; $discovery .= "<td class='job_option' style='vertical-align: top;'><div>" . Util::strong(_("Schedule Method") . ":") . "</div></td>"; $discovery .= "<td style='text-align:left'><div><select name='schedule_type' id='scheduleM'>"; $discovery .= "<option value='N' {$sTYPE['N']}>" . _("Immediately") . "</option>"; $discovery .= "<option value='O' {$sTYPE['O']}>" . _("Run Once") . "</option>"; $discovery .= "<option value='D' {$sTYPE['D']}>" . _("Daily") . "</option>"; $discovery .= "<option value='W' {$sTYPE['W']}>" . _("Day of the Week") . "</option>"; $discovery .= "<option value='M' {$sTYPE['M']}>" . _("Day of the Month") . "</option>"; $discovery .= "<option value='NW' {$sTYPE['NW']}>" . _("N<sup>th</sup> weekday of the month") . "</option>"; $discovery .= "</select></div></tr>"; $smethods = array("O", "D", "W", "M", "NW"); $smethodtr_display = in_array($editdata['schedule_type'], $smethods) ? "" : "style='display:none'"; $discovery .= "<tr {$smethodtr_display} id='smethodtr'><td> </td>"; $discovery .= <<<EOT </td> <td><div> <div id="idSched1" class="forminput"> </div> EOT; // div to select start day $discovery .= "<div id=\"idSched8\" class=\"forminput\">"; $discovery .= "<table cellspacing=\"2\" cellpadding=\"0\" width=\"100%\">"; $discovery .= "<tr><th width='35%'>" . _("Begin in") . "</th><td class='noborder' nowrap='nowrap'>" . gettext("Year") . " <select name='biyear'>"; $discovery .= "<option value=\"{$tyear}\" selected>{$tyear}</option>"; $discovery .= "<option value=\"{$nyear}\" >{$nyear}</option>"; $discovery .= "</select> " . gettext("Month") . " <select name='bimonth'>"; for ($i = 1; $i <= 12; $i++) { $discovery .= "<option value=\"{$i}\" "; if ($i == $tmonth) { $discovery .= "selected"; } $discovery .= ">{$i}</option>"; } $discovery .= "</select> " . gettext("Day") . " <select name=\"biday\">"; for ($i = 1; $i <= 31; $i++) { $discovery .= "<option value=\"{$i}\" "; if ($i == $tday) { $discovery .= "selected"; } $discovery .= ">{$i}</option>"; } $discovery .= "</select></td>"; $discovery .= "</tr>"; $discovery .= "</table>"; $discovery .= "</div>"; $discovery .= <<<EOT <div id="idSched3" class="forminput"> <table cellspacing="2" cellpadding="0" width="100%"> EOT; $discovery .= "<tr><th width='35%'>" . _("Day") . "</th><td colspan='6' class='noborder' nowrap='nowrap'>" . gettext("Year") . " <select name='ROYEAR'>"; $discovery .= "<option value=\"{$tyear}\" " . ($ROYEAR_selected == "" || $ROYEAR_selected == $tyear ? "selected" : "") . ">{$tyear}</option>"; $discovery .= "<option value=\"{$nyear}\" " . ($ROYEAR_selected == $nyear ? "selected" : "") . ">{$nyear}</option>"; $discovery .= "</select> " . gettext("Month") . " <select name='ROMONTH'>"; for ($i = 1; $i <= 12; $i++) { $discovery .= "<option value=\"{$i}\" "; if ($i == $tmonth && $ROMONTH_selected == "" || $ROMONTH_selected == $i) { $discovery .= "selected"; } $discovery .= ">{$i}</option>"; } $discovery .= "</select> " . gettext("Day") . " <select name=\"ROday\">"; for ($i = 1; $i <= 31; $i++) { $discovery .= "<option value=\"{$i}\" "; if ($i == $tday && $ROday_selected == "" || $ROday_selected == $i) { $discovery .= "selected"; } $discovery .= ">{$i}</option>"; } $discovery .= <<<EOT </select></td> </tr> </table> </div> <div id="idSched4" class="forminput" > <table width="100%"> <tr> EOT; $discovery .= "<th align=\"right\" width=\"35%\">" . _("Weekly") . "</th><td colspan=\"2\" class=\"noborder\">"; $discovery .= "<select name=\"dayofweek\">"; $discovery .= "<option value=\"Su\" SELECTED >" . gettext("Select week day to run") . "</option>"; $discovery .= "<option value=\"Su\" {$day['Su']} >" . gettext("Sunday") . "</option>"; $discovery .= "<option value=\"Mo\" {$day['Mo']} >" . gettext("Monday") . "</option>"; $discovery .= "<option value=\"Tu\" {$day['Tu']} >" . gettext("Tuesday") . "</option>"; $discovery .= "<option value=\"We\" {$day['We']} >" . gettext("Wednesday") . "</option>"; $discovery .= "<option value=\"Th\" {$day['Th']} >" . gettext("Thursday") . "</option>"; $discovery .= "<option value=\"Fr\" {$day['Fr']} >" . gettext("Friday") . "</option>"; $discovery .= "<option value=\"Sa\" {$day['Sa']} >" . gettext("Saturday") . "</option>"; $discovery .= "</select>"; $discovery .= "</td>"; $discovery .= <<<EOT </tr> </table> </div> <div id="idSched5" class="forminput"> <table width="100%"> <tr> EOT; $discovery .= "<th width='35%'>" . gettext("Select Day") . "</td>"; $discovery .= <<<EOT <td colspan="2" class="noborder"><select name="dayofmonth">" EOT; for ($i = 1; $i <= 31; $i++) { $discovery .= "<option value=\"{$i}\""; if ($dayofmonth == $i && $dayofmonth_selected == "" || $dayofmonth_selected == $i) { $discovery .= " selected"; } $discovery .= ">{$i}</option>"; } $discovery .= <<<EOT </select></td> </tr> </table> </div> <div id="idSched6" class="forminput"> <table width="100%"> <tr> EOT; $discovery .= "<th width=\"35%\">" . gettext("Day of week") . "</th><td colspan=\"2\" class=\"noborder\">"; $discovery .= "<select name=\"nthdayofweek\">"; $discovery .= "<option value=\"Su\" SELECTED >" . gettext("Select week day to run") . "</option>"; $discovery .= "<option value=\"Su\" {$day['Su']} >" . gettext("Sunday") . "</option>"; $discovery .= "<option value=\"Mo\" {$day['Mo']} >" . gettext("Monday") . "</option>"; $discovery .= "<option value=\"Tu\" {$day['Tu']} >" . gettext("Tuesday") . "</option>"; $discovery .= "<option value=\"We\" {$day['We']} >" . gettext("Wednesday") . "</option>"; $discovery .= "<option value=\"Th\" {$day['Th']} >" . gettext("Thursday") . "</option>"; $discovery .= "<option value=\"Fr\" {$day['Fr']} >" . gettext("Friday") . "</option>"; $discovery .= "<option value=\"Sa\" {$day['Sa']} >" . gettext("Saturday") . "</option>"; $discovery .= "</select>"; $discovery .= "</td>"; $discovery .= <<<EOT </tr> </table> <br> <table width="100%"> <tr> EOT; $discovery .= "<th align='right'>" . gettext("N<sup>th</sup> weekday") . "</th><td colspan='2' class='noborder'>"; $discovery .= "<select name='nthweekday'>"; $discovery .= "<option value='1'>" . gettext("Select nth weekday to run") . "</option>"; $discovery .= "<option value='1'" . ($dayofmonth == 1 ? " selected" : "") . ">" . gettext("First") . "</option>"; $discovery .= "<option value='2'" . ($dayofmonth == 2 ? " selected" : "") . ">" . gettext("Second") . "</option>"; $discovery .= "<option value='3'" . ($dayofmonth == 3 ? " selected" : "") . ">" . gettext("Third") . "</option>"; $discovery .= "<option value='4'" . ($dayofmonth == 4 ? " selected" : "") . ">" . gettext("Fourth") . "</option>"; $discovery .= "<option value='5'" . ($dayofmonth == 5 ? " selected" : "") . ">" . gettext("Fifth") . "</option>"; $discovery .= "<option value='6'" . ($dayofmonth == 6 ? " selected" : "") . ">" . gettext("Sixth") . "</option>"; $discovery .= "<option value='7'" . ($dayofmonth == 7 ? " selected" : "") . ">" . gettext("Seventh") . "</option>"; $discovery .= "<option value='8'" . ($dayofmonth == 8 ? " selected" : "") . ">" . gettext("Eighth") . "</option>"; $discovery .= "<option value='9'" . ($dayofmonth == 9 ? " selected" : "") . ">" . gettext("Ninth") . "</option>"; $discovery .= "<option value='10'" . ($dayofmonth == 10 ? " selected" : "") . ">" . gettext("Tenth") . "</option>"; $discovery .= <<<EOT </select> </td> </tr> </table> </div> EOT; $discovery .= "<div id='idSched7' class='forminput' style=margin-bottom:3px;>"; $discovery .= "<table width='100%'>"; $discovery .= "<tr>"; $discovery .= "<th width='35%'>" . _("Frequency") . "</th>"; $discovery .= "<td width='100%' style='text-align:center;' class='nobborder'>"; $discovery .= "<span style='margin-right:5px;'>" . _("Every") . "</span>"; $discovery .= "<select name='time_interval'>"; for ($itime = 1; $itime <= 30; $itime++) { $discovery .= "<option value='" . $itime . "'" . ($editdata['time_interval'] == $itime ? " selected" : "") . ">" . $itime . "</option>"; } $discovery .= "</select>"; $discovery .= "<span id='days' style='margin-left:5px'>" . _("day(s)") . "</span><span id='weeks' style='margin-left:5px'>" . _("week(s)") . "</span>"; $discovery .= "</td>"; $discovery .= "</tr>"; $discovery .= "</table>"; $discovery .= "</div>"; $discovery .= <<<EOT <div id="idSched2" class="forminput"> <table width="100%"> EOT; $discovery .= "<tr>"; $discovery .= "<th rowspan='2' align='right' width='35%'>" . gettext("Time") . "</td>"; $discovery .= "<td align='right'>" . gettext("Hour") . "</td>"; $discovery .= <<<EOT <td align="left" class="noborder"><select name="time_hour"> EOT; for ($i = 0; $i <= 23; $i++) { $discovery .= "<option value=\"{$i}\""; if ($time_hour == $i && $time_hour_selected == "" || $time_hour_selected == $i) { $discovery .= " selected"; } $discovery .= ">{$i}</option>"; } $discovery .= "</select></td><td align='right'>" . gettext("Minutes") . "</td>\n <td class='noborder' align='left'><select name='time_min'>"; for ($i = 0; $i < 60; $i = $i + 15) { $discovery .= "<option value=\"{$i}\""; if ($time_min == $i && $time_min_selected == "" || $time_min_selected == $i) { $discovery .= " selected"; } $discovery .= ">{$i}</option>"; } $discovery .= <<<EOT </select></td> </tr> </table> </div> </tr> EOT; $discovery .= "<tr>"; $discovery .= "\t\t<td class='madvanced'><a class='section'><img id='advanced_arrow' border='0' align='absmiddle' src='../pixmaps/arrow_green.gif'>" . _("ADVANCED") . "</a></td>"; $discovery .= "\t\t<td> </td>"; $discovery .= "</tr>"; if ($_SESSION["scanner"] == "omp") { $credentials = Vulnerabilities::get_credentials($dbconn, 'ssh'); preg_match("/(.*)\\|(.*)/", $editdata["credentials"], $found); $discovery .= "<tr class='advanced'>"; $discovery .= "<td class='job_option'>" . Util::strong(_("SSH Credential:")) . "</td>"; $discovery .= "<td style='text-align:left'><select id='ssh_credential' name='ssh_credential'>"; $discovery .= "<option value=''>--</option>"; foreach ($credentials as $cred) { $login_text = $cred["login"]; if ($cred["login"] == '0') { $login_text = _("All"); } elseif (valid_hex32($cred["login"])) { $login_text = Session::get_entity_name($dbconn, $cred["login"]); } $selected = $found[1] == $cred["name"] . "#" . $cred["login"] || $cred["name"] . "#" . $cred["login"] == $ssh_credential ? " selected='selected'" : ""; $discovery .= "<option value='" . $cred["name"] . "#" . $cred["login"] . "' {$selected}>" . $cred["name"] . " (" . $login_text . ")</option>"; } $discovery .= "</select></td>"; $discovery .= "</tr>"; $credentials = Vulnerabilities::get_credentials($dbconn, 'smb'); $discovery .= "<tr class='advanced'>"; $discovery .= "<td class='job_option'>" . Util::strong(_("SMB Credential:")) . "</td>"; $discovery .= "<td style='text-align:left'><select id='smb_credential' name='smb_credential'>"; $discovery .= "<option value=''>--</option>"; foreach ($credentials as $cred) { $login_text = $cred["login"]; if ($cred["login"] == '0') { $login_text = _("All"); } elseif (valid_hex32($cred["login"])) { $login_text = Session::get_entity_name($dbconn, $cred["login"]); } $selected = $found[2] == $cred["name"] . "#" . $cred["login"] || $cred["name"] . "#" . $cred["login"] == $smb_credential ? " selected='selected'" : ""; $discovery .= "<option value='" . $cred["name"] . "#" . $cred["login"] . "' {$selected}>" . $cred["name"] . " (" . $login_text . ")</option>"; } $discovery .= "</select></td>"; $discovery .= "</tr>"; } $discovery .= "<tr class='job_option advanced'>"; $discovery .= "<td class='job_option'>" . Util::strong(_("Timeout:")) . "</td>"; $discovery .= "<td style=\"text-align:left;\" nowrap><input type='text' style='width:80px' name='timeout' value='" . ($timeout_selected == "" ? "{$timeout}" : "{$timeout_selected}") . "'>"; $discovery .= "<font color='black'> " . _("Max scan run time in seconds") . " </font></td>"; $discovery .= "</tr>"; $discovery .= "<tr class='advanced'><td class='job_option'>" . Util::strong(_("Send an email notification:")); $discovery .= "</td>"; $discovery .= "<td style=\"text-align:left;\">"; $discovery .= "<input type=\"radio\" name=\"semail\" value=\"0\"" . (count($editdata) <= 1 && intval($semail) == 0 || intval($editdata['meth_Wfile']) == 0 ? " checked" : "") . "/>" . _("No"); $discovery .= "<input type=\"radio\" name=\"semail\" value=\"1\"" . (count($editdata) <= 1 && intval($semail) == 1 || intval($editdata['meth_Wfile']) == 1 ? " checked" : "") . "/>" . _("Yes"); $discovery .= "</td></tr>"; $discovery .= "<tr class='advanced'>\n\t\t\t\t\t\t<td class='job_option'>" . Util::strong(_("Scan job visible for:")) . "</td>\n\t\t\t\t\t\t<td style='text-align: left'>\n\t\t\t\t\t\t\t<table cellspacing='0' cellpadding='0' class='transparent' style='margin: 5px 0px;'>\n\t\t\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t\t\t<td class='nobborder'><span style='margin-right:3px'>" . _('User:'******'nobborder'>\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t<select name='user' id='user' onchange=\"switch_user('user');return false;\">"; $num_users = 0; foreach ($users as $k => $v) { $login = $v->get_login(); $selected = $editdata["username"] == $login || $user_selected == $login ? "selected='selected'" : ""; $options .= "<option value='" . $login . "' {$selected}>{$login}</option>\n"; $num_users++; } if ($num_users == 0) { $discovery .= "<option value='' style='text-align:center !important;'>- " . _("No users found") . " -</option>"; } else { $discovery .= "<option value='' style='text-align:center !important;'>- " . _("Select one user") . " -</option>\n"; $discovery .= $options; } $discovery .= "\t\t\t\t\t\t</select>\n\t\t\t\t\t\t\t\t\t</td>"; if (!empty($entities_to_assign)) { $discovery .= "\t \t\t\t<td style='text-align:center; border:none; !important'><span style='padding:5px;'>" . _("OR") . "<span></td>\n\t\t\t\t\t\t\t\t\t<td class='nobborder'><span style='margin-right:3px'>" . _("Entity:") . "</span></td>\n\t\t\t\t\t\t\t\t\t<td class='nobborder'>\t\n\t\t\t\t\t\t\t\t\t\t<select name='entity' id='entity' onchange=\"switch_user('entity');return false;\">\n\t\t\t\t\t\t\t\t\t\t\t<option value='' style='text-align:center !important;'>-" . _("Select one entity") . "-</option>"; foreach ($entities_to_assign as $k => $v) { $selected = $editdata["username"] == $k || $entity_selected == $k ? "selected='selected'" : ""; $discovery .= "<option value='{$k}' {$selected}>{$v}</option>"; } $discovery .= "\t\t\t\t\t</select>\n\t\t\t\t\t\t\t\t\t</td>"; } $discovery .= " \t \t</tr>\n\t\t\t\t\t\t\t</table>\n\t\t\t\t\t\t</td>\n\t\t\t\t\t</tr>"; $discovery .= "<tr><td valign=\"top\" width=\"15%\" class=\"job_option noborder\"><br>"; // conditions to exclude IPs $condition1 = count($editdata) <= 1 && intval($hosts_alive) == 1 ? TRUE : FALSE; $condition2 = preg_match('/' . EXCLUDING_IP2 . '/', trim($editdata["meth_TARGET"])); $condition3 = intval($editdata['meth_CRED']) == 1 ? TRUE : FALSE; $condition4 = count($ip_exceptions_list) > 0 ? TRUE : FALSE; $host_alive_check = $condition1 || $condition2 || $condition3 || $condition4 ? ' checked' : ''; $host_alive_status = $condition2 || $condition4 ? ' disabled=\\"disabled\\"' : ''; $discovery .= "<input onclick=\"toggle_scan_locally()\" type=\"checkbox\" id=\"hosts_alive\" name=\"hosts_alive\" value=\"1\"" . $host_alive_check . $host_alive_status . ">" . Util::strong(_("Only scan hosts that are alive")) . "<br>(" . Util::strong(_("greatly speeds up the scanning process")) . ")<br><br>"; $discovery .= "<input type=\"checkbox\" id=\"scan_locally\" name=\"scan_locally\" value=\"1\"" . ($pre_scan_locally_status == 0 ? " disabled=\"disabled\"" : "") . ($pre_scan_locally_status == 1 && (intval($editdata['authorized']) == 1 || intval($scan_locally) == 1) ? " checked" : "") . ">" . Util::strong(_("Pre-Scan locally")) . "<br>(" . Util::strong(_("do not pre-scan from scanning sensor")) . ")<br><br>"; $discovery .= "<input type=\"checkbox\" id=\"not_resolve\" name=\"not_resolve\" value=\"1\" " . ($editdata['resolve_names'] === "0" || $not_resolve == "1" ? "checked=\"checked\"" : "") . "/>" . Util::strong(_("Do not resolve names")); $discovery .= <<<EOT </td> EOT; $discovery .= ' <td class="noborder" valign="top">'; $discovery .= ' <table width="100%" class="transparent" cellspacing="0" cellpadding="0">'; $discovery .= ' <tr>'; $discovery .= ' <td class="nobborder" style="vertical-align: top;text-align:left;padding:10px 0px 0px 0px;">'; $discovery .= ' <table class="transparent" cellspacing="4">'; $discovery .= ' <tr>'; $discovery .= ' <td class="nobborder" style="text-align:left;"><input class="greyfont" type="text" id="searchBox" value="' . _("Type here to search assets (Hosts/Networks)") . '" /></td>'; $discovery .= ' </tr>'; $discovery .= ' <tr>'; $discovery .= ' <td class="nobborder"><select id="targets" name="targets[]" multiple="multiple">'; if (!empty($editdata["meth_TARGET"])) { $ip_list = explode("\n", trim($editdata["meth_TARGET"])); } if (!empty($ip_list)) { foreach ($ip_list as $asset) { if (preg_match("/([a-f\\d]+)#(.*)/i", $asset, $found)) { if (Asset_host::is_in_db($dbconn, $found[1])) { $_asset_name = Asset_host::get_name_by_id($dbconn, $found[1]) . " (" . $found[2] . ")"; } else { $_asset_name = Asset_net::get_name_by_id($dbconn, $found[1]) . " (" . $found[2] . ")"; } $discovery .= '<option value="' . $asset . '">' . $_asset_name . '</option>'; } else { $discovery .= '<option value="' . $asset . '">' . $asset . '</option>'; } } foreach ($ip_exceptions_list as $asset) { $discovery .= '<option value="' . $asset . '">' . $asset . '</option>'; } } $discovery .= ' </select></td>'; $discovery .= ' </tr>'; $discovery .= ' <tr>'; $discovery .= ' <td class="nobborder" style="text-align:right"><input type="button" value=" [X] " id="delete_target" class="av_b_secondary small"/>'; $discovery .= ' <input type="button" style="margin-right:0px;"value="Delete all" id="delete_all" class="av_b_secondary small"/></td>'; $discovery .= ' </tr>'; $discovery .= ' </table>'; $discovery .= ' </td>'; $discovery .= ' <td class="nobborder" width="450px;" style="vertical-align: top;padding:0px 0px 0px 5px;">'; $discovery .= ' <div id="vtree" style="text-align:left;width:100%;"></div>'; $discovery .= ' </td>'; $discovery .= ' </tr>'; $discovery .= ' </table>'; $discovery .= ' </td>'; $discovery .= '</tr>'; $discovery .= '</table>'; $discovery .= '</tr></td></table>'; $discovery .= $show; return $discovery; }
?> </option> <?php } ?> </select> </td></tr> <tr><td class="nobborder"> <select name="entity"> <option value="">- <?php echo _("All Entities"); ?> -</option> <?php foreach ($entities_all as $entity) { if (Session::am_i_admin() || Acl::am_i_proadmin() && in_array($entity["id"], $entities_list)) { ?> <option value="<?php echo $entity["id"]; ?> "><?php echo $entity["name"]; ?> </option> <?php } } ?> </select> </td></tr> <?php
<?php echo _("Found") . " <strong>" . count($entities) . "</strong> " . _("entities in the system"); ?> </td> </tr> </table> </td> </tr> <tr> <td class='header_band'> <table class="transparent"> <tr> <td class="noborder"> <?php if (Session::am_i_admin() || Acl::am_i_proadmin()) { ?> <div class="fbutton" onclick="document.location.href='../acl/entities_edit.php?entity_type=logical'"><div><span class="add" style="padding-left:20px;font-size:12px"><b><?php echo _("New Entity"); ?> </b></span></div></div> <div class="btnseparator"></div> <?php } if ($can_create_ctx == TRUE && $avmssp) { ?> <div class="fbutton" onclick="document.location.href='../acl/entities_edit.php?entity_type=context'"><div><span class="gear" style="padding-left:20px;font-size:12px"><b><?php echo _("New Correlation Context"); ?> </b></span></div></div> <div class="btnseparator"></div>
<div id="db_tab_blob"></div> </div> <div class='dashboard_options_tab'> <?php if ($can_edit) { ?> <img id='op_edition' class='db_img_opt' src='pixmaps/edit.png' title="<?php echo $show_edit ? _('Switch to View Mode') : _('Switch to Edit Mode'); ?> "/> <?php } if (Session::am_i_admin() || $pro && Acl::am_i_proadmin()) { ?> <img id='op_permissions' class='db_img_opt'src='pixmaps/permissions.png' title="<?php echo _('Permissions'); ?> "/> <?php } ?> <img id='op_fullscreen' class='db_img_opt' src='pixmaps/full-screen.png' title="<?php echo _('Full Screen'); ?> "/> </div>
function showSubCategoryHTML() { // get list reports $db = new ossim_db(); $dbconn = $db->connect(); $creports = array(); $subreports_ac = array(); $sql_search = ""; if ($search != "") { $sql_search = "AND name like '%{$search}%'"; } $result = $dbconn->Execute("SELECT login, name, value FROM user_config where category='custom_report' {$sql_search} ORDER BY name ASC"); $hi = 0; while (!$result->EOF) { $available = false; $unserializedata = unserialize($result->fields["value"]); $available_for_user = $unserializedata["user"]; $available_for_entity = $unserializedata["entity"]; // check if this report is available for session user if (Session::am_i_admin()) { $available = true; } else { if ($available_for_user == "0") { $available = true; } else { if ($available_for_user != "" && $available_for_user == $session_user || $result->fields["login"] == $session_user) { $available = true; } else { if (preg_match("/pro|demo/i", $version)) { if (Acl::am_i_proadmin()) { $entities_list = Acl::get_entities_admin($dbconn, Session::get_session_user()); $entities = array_keys($entities_list[0]); $users = Acl::get_my_users($dbconn, Session::get_session_user()); $users_login = array(); foreach ($users as $user) { $users_login[] = $user["login"]; } if (in_array($available_for_entity, $entities) || in_array($available_for_user, $users_login) || in_array($result->fields["login"], $users_login)) { $available = true; } } else { $entities = Acl::get_user_entities(Session::get_session_user()); if (in_array($available_for_entity, $entities)) { $available = true; } } } } } } // save report if is available $maxpag = 20; $to = $pag * $maxpag; $from = $to - $maxpag; if ($available) { if ($from <= $hi && $hi < $to) { $creports[] = $result->fields; } // autocomplete $key = base64_encode($result->fields["name"] . "###" . $result->fields["login"]); $subreports_ac[$key] = trim($result->fields["name"]); $hi++; } $result->MoveNext(); } $dbconn->disconnect(); // $html = '<table style="margin:0;padding:0;width:100%;font-size:11px"> <tr> <td colspan="2">' . _('Properties report') . ':</td> </tr> <tr> <td>' . _('Report Name') . ':</td> <td> <select name="run">'; foreach ($subreports_ac as $key => $value) { $html .= '<option value="' . $key . '"'; $html .= $this->get('run') == $key ? ' selected="selected"' : ""; $html .= '>' . $value . '</option>'; } $html .= ' </select> </td> </tr> <tr> <td>' . _('Refresh report') . ':</td> <td><input name="refresh" value="false" '; if ($this->get('refresh') == 'false') { $html .= 'checked="checked" '; } $html .= 'type="radio">' . _('No') . ' <input name="refresh" value="true" '; if ($this->get('refresh') == 'true') { $html .= 'checked="checked" '; } $html .= 'type="radio">' . _('Yes') . ' <input style="width:80px" type="text" name="secondRefresh" value="' . $this->get('secondRefresh') . '" /> ' . _('seconds') . '</td> </tr> </table>'; return $html; }
<td class='right'> <input type="button" class="av_b_secondary small" value="<?php echo _('Add New'); ?> " onclick="javascript:add_frw_server();return false;"/> </td> </tr> </table> </td> </tr> <?php } ?> <?php if ($mssp && !empty($id) && !$opensource && (Session::am_i_admin() || Acl::am_i_proadmin())) { $tooltip = "<ul class='tip'>\n \t\t\t\t\t\t\t<li>" . _('Right-click on engine nodes to change its name') . "</li>\n \t\t\t\t\t\t\t<li>" . _('Drag and drop contexts between engines') . "</li>\n \t\t\t\t\t\t</ul>"; ?> <tr id='engine_notification'> <td colspan=2 class="noborder"> <div></div> </td> </tr> <tr id='engines_server' > <th style="text-decoration:underline"> <label for='eng_name'><?php echo _('Correlation Options'); ?> </label> <a href='javascript:;' class='tiptip' title="<?php echo $tooltip;
* along with this package; if not, write to the Free Software * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, * MA 02110-1301 USA * * * On Debian GNU/Linux systems, the complete text of the GNU General * Public License can be found in `/usr/share/common-licenses/GPL-2'. * * Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt ****************************************************************************/ require_once 'ossim_conf.inc'; require_once 'classes/Session.inc'; $conf = $GLOBALS["CONF"]; $version = $conf->get_conf("ossim_server_version", FALSE); $pro = preg_match("/pro|demo/i", $version) ? true : false; if (!Session::am_i_admin() && ($pro && !Acl::am_i_proadmin())) { echo "<br/><br/><center>" . _("You don't have permission to see this page.") . "</center>"; exit; } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html> <head> <title> <?php echo gettext("OSSIM Framework"); ?> </title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <meta http-equiv="Pragma" content="no-cache"/> <script type="text/javascript" src="../js/jquery-1.3.2.min.js"></script> <link rel="stylesheet" type="text/css" href="../style/style.css"/>