$sensor_ip = $system_info['data']['admin_ip'];
}
$ip_cidr = empty($sensor_ip) ? $agent['ip'] : $sensor_ip;
} else {
$agent_idm_data = Ossec_agent::get_idm_data($sensor_id, $agent['ip']);
$agent_idm_ip = $agent_idm_data['ip'];
if (empty($agent_idm_ip)) {
try {
$agent_idm_ip = Ossec_agent::get_last_ip($sensor_id, $agent);
} catch (Exception $e) {
}
}
$ip_cidr = Asset_host_ips::valid_ip($agent_idm_ip) ? $agent_idm_ip : $agent['ip'];
}
$data = array();
if (!preg_match('/Never connected/i', $agent['status']) && Asset_host_ips::valid_ip($ip_cidr)) {
$data = Ossec_utilities::SIEM_trends_hids($conn, $ip_cidr);
}
$trend_plot = "<div style='color:gray; margin:15px; text-align:center;'>" . _('Trend chart not available') . "</div>";
if (is_array($data) && !empty($data)) {
$trend = '';
$max = 7;
for ($ii = $max - 1; $ii >= 0; $ii--) {
$d = gmdate("j M", $timetz - 86400 * $ii);
$trend[$d] = $data[$d] != '' ? $data[$d] : 0;
}
$i = 0;
foreach ($trend as $k => $v) {
$x[$k] = $i;
$i++;
}
$validate['ip_cidr'] = array('validation' => 'any', 'e_message' => 'illegal:' . _('Agent IP'));
}
$validation_errors = validate_form_fields('POST', $validate);
if (empty($validation_errors['sensor_id'])) {
$db = new ossim_db();
$conn = $db->connect();
if (!Ossec_utilities::is_sensor_allowed($conn, $sensor_id)) {
$validation_errors['sensor_id'] = _('Error! Sensor not allowed');
}
$db->close();
}
if (empty($validation_errors)) {
//IDM Info
$agent_idm_data = Ossec_agent::get_idm_data($sensor_id, $agent_ip);
if (empty($agent_idm_data)) {
$agent = array('ip' => $agent_ip, 'name' => $agent_name);
$last_ip = Ossec_agent::get_last_ip($sensor_id, $agent);
if (Asset_host_ips::valid_ip($last_ip)) {
$agent_idm_data = array('userdomain' => '-', 'ip' => $last_ip);
} else {
$agent_idm_data = array('userdomain' => '-', 'ip' => '-');
}
}
$data['status'] = 'success';
$data['data'] = $agent_idm_data;
} else {
$data['status'] = 'error';
$data['data'] = $validation_errors;
}
echo json_encode($data);
exit;
$s_data = Ossec_utilities::get_sensors($conn);
$hids_sensors = $s_data['sensors'];
foreach ($assets_w_os as $asset_id => $a_data) {
$deployment_stats[$asset_id] = array('status' => 'success', 'data' => '');
//Getting HIDS sensor and Windows IP
$sensor_id = NULL;
$hids_agents = Asset_host::get_related_hids_agents($conn, $asset_id);
$aux_ip_address = explode(',', $a_data['ips']);
$aux_ip_address = array_flip($aux_ip_address);
$default_ip_address = array_pop(array_keys($aux_ip_address));
if (is_array($hids_agents) && !empty($hids_agents)) {
//Case 1: HIDS Agents was previously deployed
$hids_agent = array_pop($hids_agents);
$sensor_id = $hids_agent['sensor_id'];
$agent_id = $hids_agent['agent_id'];
if (Asset_host_ips::valid_ip($hids_agent['ip_cidr']) && array_key_exists($hids_agent['ip_cidr'], $aux_ip_address)) {
$ip_address = $hids_agent['ip_cidr'];
} else {
$ip_address = $default_ip_address;
}
} else {
//Case 2: Not HIDS Agent deployed
$asset_sensors = Asset_host_sensors::get_sensors_by_id($conn, $asset_id);
foreach ($asset_sensors as $asset_sensor_id => $s_data) {
//Checking HIDS Sensor
$cnd_1 = Ossec_utilities::is_sensor_allowed($conn, $asset_sensor_id) == TRUE;
$cnd_2 = !empty($asset_sensors[$asset_sensor_id]);
if ($cnd_1 && $cnd_2) {
$sensor_id = $asset_sensor_id;
break;
}
ossim_valid($agent_id, OSS_DIGIT, 'illegal:' . _('Agent ID'));
ossim_valid($sensor_id, OSS_HEX, 'illegal:' . _('Sensor ID'));
if ($agent_ip != 'any') {
ossim_valid($agent_ip, OSS_IP_CIDR_0, 'illegal:' . _('Agent IP'));
}
if (!ossim_error()) {
$db = new ossim_db();
$conn = $db->connect();
if (!Ossec_utilities::is_sensor_allowed($conn, $sensor_id)) {
Av_exception::throw_error(Av_exception::USER_ERROR, _('Error! Sensor not allowed'));
}
$db->close();
}
$more_info = Ossec_agent::get_info($sensor_id, $agent_id);
$last_scan_dates = '';
if (Asset_host_ips::valid_ip($agent_ip)) {
$last_scan_dates = Ossec_agent::get_last_scans($sensor_id, $agent_ip);
}
if (is_array($more_info) && !empty($more_info)) {
$syscheck_date = empty($last_scan_dates['syscheck']) ? $more_info[7] : $last_scan_dates['syscheck'];
$rootcheck_date = empty($last_scan_dates['rootcheck']) ? $more_info[8] : $last_scan_dates['rootcheck'];
?>
<table class='t_agent_mi'>
<tr><td colspan='2' style='text-align: center;'><?php
echo _('Agent information');
?>
</td></tr>
<tr>
<td><?php
echo _('Agent ID');
?>
if ($agent_status > 1) {
if (Asset_host::is_in_db($conn, $asset_id)) {
$data = Ossec_utilities::hids_trend_by_id($conn, $asset_id);
} else {
if ($ip_cidr == '127.0.0.1') {
// Getting default sensor IP
$sensor_ip = Av_sensor::get_ip_by_id($conn, $sensor_id);
$ip_cidr = empty($sensor_ip) ? $ip_cidr : $sensor_ip;
} else {
try {
$agent = array('name' => $agent_name, 'ip_cidr' => $ip_cidr);
$ip_cidr = Ossec_agent::get_last_ip($sensor_id, $agent);
} catch (Exception $e) {
}
}
if (Asset_host_ips::valid_ip($ip_cidr)) {
$data = Ossec_utilities::hids_trend_by_ip($conn, $ip_cidr);
}
}
}
$trend_plot = "<div style='color:gray; margin:15px; text-align:center;'>" . _('Trend chart not available') . "</div>";
if (is_array($data) && !empty($data)) {
$trend = '';
$max = 7;
for ($ii = $max - 1; $ii >= 0; $ii--) {
$d = gmdate("j M", $timetz - 86400 * $ii);
$trend[$d] = $data[$d] != '' ? $data[$d] : 0;
}
$i = 0;
foreach ($trend as $k => $v) {
$x[$k] = $i;
if (empty($validation_errors)) {
$current_user = '******';
$current_ip = '-';
//Current user
if (valid_hex32($asset_id)) {
$q_filters = array('limit' => "1");
list($users, $total_users) = Asset_host_properties::get_users_by_host($conn, $asset_id, $filters);
if ($total_users > 0) {
$_current_user = array_pop($users[$asset_id]);
if (!empty($_current_user)) {
$current_user = $_current_user['user'];
$current_user .= !empty($_current_user['domain']) ? '@' . $_current_user['domain'] : '';
}
}
}
//Current IP
$agent = array('ip_cidr' => $agent_ip, 'name' => $agent_name);
$_current_ip = Ossec_agent::get_last_ip($sensor_id, $agent);
if (Asset_host_ips::valid_ip($_current_ip)) {
$current_ip = $_current_ip;
}
$agent_idm_data = array('current_ip' => $current_ip, 'current_user' => $current_user);
$data['status'] = 'success';
$data['data'] = $agent_idm_data;
} else {
$data['status'] = 'error';
$data['data'] = $validation_errors;
}
$db->close();
echo json_encode($data);
exit;
function draw_html_content($conn, $ri_data, $edit_mode = FALSE)
{
$ri_html = '';
if ($ri_data['type'] == 'indicator') {
//Allowed host types
$host_types = array('host', 'server', 'sensor');
//Getting indicator values
if (preg_match("/view\\.php\\?map\\=([a-fA-F0-9]*)/", $ri_data['url'], $found)) {
// Linked to another map: loop by this map indicators
list($r_value, $v_value, $a_value, $ri_data['asset_id'], $related_sensor, , $ips, $in_assets) = get_map_values($conn, $found[1], $ri_data['asset_id'], $ri_data['asset_type'], $host_types);
} else {
// Asset Values
list(, $related_sensor, , $ips, $in_assets) = get_assets($conn, $ri_data['asset_id'], $ri_data['asset_type'], $host_types);
list($r_value, $v_value, $a_value) = get_values($conn, $host_types, $ri_data['asset_type'], $ri_data['asset_id'], FALSE);
}
// Getting indacator links
if ($edit_mode == TRUE) {
$linked_url = "javascript:void(0);";
$r_url = "javascript:void(0);";
$v_url = "javascript:void(0);";
$a_url = "javascript:void(0);";
} else {
// Risk link
$alarm_query = '';
if ($ri_data['asset_type'] == 'host') {
$alarm_query .= "&host_id=" . $ri_data['asset_id'];
} elseif ($ri_data['asset_type'] == 'net') {
$alarm_query .= "&net_id=" . $ri_data['asset_id'];
} elseif ($ri_data['asset_type'] == 'sensor') {
$alarm_query .= "&sensor_query=" . $ri_data['asset_id'];
} elseif ($ri_data['asset_type'] == 'host_group' || $ri_data['asset_type'] == 'hostgroup') {
$alarm_query .= "&asset_group=" . $ri_data['asset_id'];
}
$r_url = Menu::get_menu_url("/ossim/alarm/alarm_console.php?hide_closed=1" . $alarm_query, 'analysis', 'alarms', 'alarms');
// Vulnerability link
if ($ri_data['asset_type'] == 'host_group' || $ri_data['asset_type'] == 'hostgroup') {
$v_data = '';
if (valid_hex32($ri_data['asset_id'])) {
$_group_object = Asset_group::get_object($conn, $ri_data['asset_id']);
if ($_group_object != NULL) {
$_assets_aux = $_group_object->get_hosts($conn, '', array(), TRUE);
foreach ($_assets_aux[0] as $_host_data) {
if ($v_data != '') {
$v_data .= ',';
}
$v_data .= $_host_data[2];
// IP
}
}
}
} else {
$v_data = $ips;
}
$v_url = Menu::get_menu_url("/ossim/vulnmeter/index.php?value={$v_data}&type=hn", 'environment', 'vulnerabilities', 'overview');
// Availability link
if (!empty($related_sensor)) {
$conf = $GLOBALS['CONF'];
$conf = !$conf ? new Ossim_conf() : $conf;
$nagios_link = $conf->get_conf('nagios_link');
$scheme = empty($_SERVER['HTTPS']) ? 'http://' : 'https://';
$path = !empty($nagios_link) ? $nagios_link : '/nagios3/';
$port = !empty($_SERVER['SERVER_PORT']) ? ':' . $_SERVER['SERVER_PORT'] : "";
$nagios_url = $scheme . $related_sensor . $port . $path;
if ($ri_data['asset_type'] == 'host') {
$hostname = Asset_host::get_name_by_id($conn, $ri_data['asset_id']);
if (preg_match('/\\,/', $ips)) {
$hostname .= '_' . preg_replace('/\\,.*/', '', $ips);
}
$a_url = Menu::get_menu_url("/ossim/nagios/index.php?sensor={$related_sensor}&nagios_link=" . urlencode($nagios_url . "cgi-bin/status.cgi?host=" . $hostname), 'environment', 'availability');
} else {
$a_url = Menu::get_menu_url("/ossim/nagios/index.php?sensor={$related_sensor}&nagios_link=" . urlencode($nagios_url . "cgi-bin/status.cgi?hostgroup=all"), 'environment', 'availability');
}
} else {
$a_url = 'javascript:void(0);';
}
//Report link or map link
if ($ri_data['url'] == 'REPORT') {
$linked_url = "javascript:void(0);";
if ($ri_data['asset_type'] == 'sensor') {
try {
//Special case 1: Sensors don't have detail view
$sensor_ip = Av_sensor::get_ip_by_id($conn, $ri_data['asset_id']);
if (Asset_host_ips::valid_ip($sensor_ip)) {
$filters = array('where' => "host.id = hi.host_id AND hi.ip = INET6_ATON('{$sensor_ip}')\n AND hi.host_id = hs.host_id AND hs.sensor_id = UNHEX('" . $ri_data['asset_id'] . "')");
list($hosts, $total) = Asset_host::get_list($conn, ', host_sensor_reference hs, host_ip hi', $filters);
if ($total == 1) {
$ri_data['asset_id'] = key($hosts);
$linked_url = Menu::get_menu_url("/ossim/av_asset/common/views/detail.php?asset_id=" . $ri_data['asset_id'], 'environment', 'assets', 'assets');
} elseif ($total > 1) {
$linked_url = Menu::get_menu_url("/ossim/av_asset/asset/index.php?filter_id=11&filter_value={$sensor_ip}", 'environment', 'assets', 'assets');
}
}
} catch (Exception $e) {
}
} elseif ($ri_data['asset_type'] == 'net_group' || $ri_data['asset_type'] == 'netgroup') {
//Special case 2: Net groups don't have detail view
$_sm_option = 'assets';
$_h_option = 'network_groups';
$linked_url = Menu::get_menu_url("/ossim/netgroup/netgroup_form.php?id=" . $ri_data['asset_id'], 'environment', $_sm_option, $_h_option);
} else {
if ($ri_data['asset_type'] == 'host') {
$_sm_option = 'assets';
$_h_option = 'assets';
} elseif ($ri_data['asset_type'] == 'host_group' || $ri_data['asset_type'] == 'hostgroup') {
$_sm_option = 'assets';
$_h_option = 'asset_groups';
} else {
$_sm_option = 'assets';
$_h_option = 'networks';
}
$linked_url = Menu::get_menu_url("/ossim/av_asset/common/views/detail.php?asset_id=" . $ri_data['asset_id'], 'environment', $_sm_option, $_h_option);
}
} else {
$linked_url = $ri_data['url'] != '' ? Menu::get_menu_url($ri_data['url'], 'dashboard', 'riskmaps', 'overview') : "javascript:void(0);";
}
}
//Special image when linked asset has been removed
if ($ri_data['asset_type'] != '' && !$in_assets) {
$ri_data['icon'] = "/ossim/pixmaps/marker--exclamation.png";
$ri_data['icon_size'] = "16";
$ri_data['icon_bg'] = 'transparent';
}
$ri_data['icon_size'] = $ri_data['icon_size'] >= 0 || $ri_data['icon_size'] == -1 ? $ri_data['icon_size'] : '';
$ri_html .= "<input type='hidden' name='dataname" . $ri_data['id'] . "' id='dataname" . $ri_data['id'] . "' value='" . $ri_data['name'] . "'/>\n <input type='hidden' name='datatype" . $ri_data['id'] . "' id='datatype" . $ri_data['id'] . "' value='" . $ri_data['asset_type'] . "'/>\n <input type='hidden' name='type_name" . $ri_data['id'] . "' id='type_name" . $ri_data['id'] . "' value='" . $ri_data['asset_id'] . "'/>\n <input type='hidden' name='type_name_show" . $ri_data['id'] . "' id='type_name_show" . $ri_data['id'] . "' value='" . $ri_data['asset_name'] . "'/>\n <input type='hidden' name='dataurl" . $ri_data['id'] . "' id='dataurl" . $ri_data['id'] . "' value='" . $ri_data['url'] . "'/>\n <input type='hidden' name='dataicon" . $ri_data['id'] . "' id='dataicon" . $ri_data['id'] . "' value='" . $ri_data['icon'] . "'/>\n <input type='hidden' name='dataiconsize" . $ri_data['id'] . "' id='dataiconsize" . $ri_data['id'] . "' value='" . $ri_data['icon_size'] . "'/>\n <input type='hidden' name='dataiconbg" . $ri_data['id'] . "' id='dataiconbg" . $ri_data['id'] . "' value='" . $ri_data['icon_bg'] . "'/>";
$ri_html .= '<table width="100%" border="0" cellspacing="0" cellpadding="1" style="padding:2px; background-color:' . $ri_data['icon_bg'] . '; text-align:center; margin-left:2px; margin-right:2px">';
if (!preg_match("/#NONAME/", $ri_data['name'])) {
$ri_html .= '<tr>
<td align="center" nowrap="nowrap">
<a href="' . $linked_url . '" class="ne"><i>' . $ri_data['name'] . '</i></a>
</td>
</tr>';
}
if ($ri_data['icon_size'] != -1) {
$ri_data['icon_size'] = $ri_data['icon_size'] > 0 ? 'width="' . $ri_data['icon_size'] . '"' : '';
$ri_html .= '<tr>
<td align="center" style="white-space: nowrap;">
<a href="' . $linked_url . '" class="ne">
<img src="' . $ri_data['icon'] . '" ' . $ri_data['icon_size'] . ' border="0"/>
</a>
</td>
</tr>';
}
$ri_html .= '<tr align="center">
<td style="margin-left:2px; margin-right:2px">';
if ($ri_data['icon_size'] == -1 && preg_match("/#NONAME/", $ri_data['name'])) {
$ri_html .= '<table border="0" cellspacing="0" cellpadding="2" style="text-align:center; margin:auto;">
<tr>
<td><a class="ne11" href="' . $r_url . '"><img src="images/' . $r_value . '.gif" border="0"/></a></td>
<td><a class="ne11" href="' . $v_url . '"><img src="images/' . $v_value . '.gif" border="0"/></a></td>
<td><a class="ne11" href="' . $a_url . '"><img src="images/' . $a_value . '.gif" border="0"/></a></td>
</tr>
</table>';
} else {
$ri_html .= '
<table border="0" cellspacing="0" cellpadding="2" style="text-align:center; margin:auto;">
<tr>
<td><a class="ne11" href="' . $r_url . '">R</a></td>
<td><a class="ne11" href="' . $v_url . '">V</a></td>
<td><a class="ne11" href="' . $a_url . '">A</a></td>
</tr>
<tr>
<td><img src="images/' . $r_value . '.gif" border="0"/></td>
<td><img src="images/' . $v_value . '.gif" border="0"/></td>
<td><img src="images/' . $a_value . '.gif" border="0"/></td>
</tr>
</table>';
}
$ri_html .= ' </td>
</tr>';
if ($edit_mode == TRUE) {
$ri_html .= '
<tr align="center">
<td class="noborder">
<div id="indicator_edit" style="float:left;" onclick="load_indicator_info(this);">
<img src="images/edit.png" title="' . _("Edit Indicator") . '" class="ind_help" height="15px" border="0"/>
</div>
<div id="indicator_trash" style="float:right;" onclick="delete_indicator(this);">
<img src="../pixmaps/trash.png" title="' . _("Delete Indicator") . '" class="ind_help" height="15px" border="0"/>
</div>
</td>
</tr>';
}
$ri_html .= '</table>';
} elseif ($ri_data['type'] == 'rectangle') {
$ri_html = "<input type='hidden' name='dataname" . $ri_data['id'] . "' id='dataname" . $ri_data['id'] . "' value='" . $ri_data['name'] . "'/>\n\n <input type='hidden' name='dataurl" . $ri_data['id'] . "' id='dataurl" . $ri_data['id'] . "' value='" . $ri_data['url'] . "'/>\n";
if ($edit_mode == TRUE) {
$ri_html .= '<div class="itcanberesized" style="position:absolute; bottom:0px; right:0px; cursor:nw-resize;">
<img src="../pixmaps/resize.gif" border="0"/>
</div>';
}
$ri_html .= '<table border="0" cellspacing="0" cellpadding="0" width="100%" height="100%" style="border:0px;">
<tr>
<td style="border:1px dotted black" valign="bottom">';
if ($edit_mode == TRUE) {
$ri_html .= '<div id="indicator_edit" style="float:left;padding:2px;" onclick="load_indicator_info(this);">
<img src="images/edit.png" title="' . _("Edit Rectangle") . '" class="ind_help" height="15px" border="0"/>
</div>
<div id="indicator_trash" style="float:right;padding:2px;" onclick="delete_indicator(this);">
<img src="../pixmaps/trash.png" title="' . _("Delete Rectangle") . '" class="ind_help" height="15px" border="0"/>
</div>';
}
$ri_html .= ' </td>
</tr>
</table>';
}
return $ri_html;
}
$asset_type = REQUEST('asset_type');
//Database connection
$db = new ossim_db();
$conn = $db->connect();
if ($edition_type == 'single') {
// Single edition
$id = GET('id');
$_ip = GET('ip');
$_ctx = GET('ctx');
//Getting host by IP and CTX
if (empty($id) && !empty($_ctx) && !empty($_ip)) {
$entity_type = Session::get_entity_type($conn, $_ctx);
$entity_type = strtolower($entity_type);
//Sometimes CTX is an engine instead of context
$_ctx = $entity_type == 'context' ? $_ctx : Session::get_default_ctx();
if (Asset_host_ips::valid_ip($_ip) && valid_hex32($_ctx)) {
$aux_ids = Asset_host::get_id_by_ips($conn, $_ip, $_ctx);
$aux_id = key($aux_ids);
if (Asset_host::is_in_db($conn, $aux_id)) {
$id = $aux_id;
}
} else {
unset($_ip);
unset($_ctx);
}
}
if (!empty($id) && Asset_host::is_in_db($conn, $id)) {
ossim_valid($id, OSS_HEX, 'illegal:' . _('Asset ID'));
if (ossim_error()) {
echo ossim_error(_('Error! Asset not found'));
exit;
