コード例 #1
0
         $sensor_ip = $system_info['data']['admin_ip'];
     }
     $ip_cidr = empty($sensor_ip) ? $agent['ip'] : $sensor_ip;
 } else {
     $agent_idm_data = Ossec_agent::get_idm_data($sensor_id, $agent['ip']);
     $agent_idm_ip = $agent_idm_data['ip'];
     if (empty($agent_idm_ip)) {
         try {
             $agent_idm_ip = Ossec_agent::get_last_ip($sensor_id, $agent);
         } catch (Exception $e) {
         }
     }
     $ip_cidr = Asset_host_ips::valid_ip($agent_idm_ip) ? $agent_idm_ip : $agent['ip'];
 }
 $data = array();
 if (!preg_match('/Never connected/i', $agent['status']) && Asset_host_ips::valid_ip($ip_cidr)) {
     $data = Ossec_utilities::SIEM_trends_hids($conn, $ip_cidr);
 }
 $trend_plot = "<div style='color:gray; margin:15px; text-align:center;'>" . _('Trend chart not available') . "</div>";
 if (is_array($data) && !empty($data)) {
     $trend = '';
     $max = 7;
     for ($ii = $max - 1; $ii >= 0; $ii--) {
         $d = gmdate("j M", $timetz - 86400 * $ii);
         $trend[$d] = $data[$d] != '' ? $data[$d] : 0;
     }
     $i = 0;
     foreach ($trend as $k => $v) {
         $x[$k] = $i;
         $i++;
     }
コード例 #2
0
    $validate['ip_cidr'] = array('validation' => 'any', 'e_message' => 'illegal:' . _('Agent IP'));
}
$validation_errors = validate_form_fields('POST', $validate);
if (empty($validation_errors['sensor_id'])) {
    $db = new ossim_db();
    $conn = $db->connect();
    if (!Ossec_utilities::is_sensor_allowed($conn, $sensor_id)) {
        $validation_errors['sensor_id'] = _('Error! Sensor not allowed');
    }
    $db->close();
}
if (empty($validation_errors)) {
    //IDM Info
    $agent_idm_data = Ossec_agent::get_idm_data($sensor_id, $agent_ip);
    if (empty($agent_idm_data)) {
        $agent = array('ip' => $agent_ip, 'name' => $agent_name);
        $last_ip = Ossec_agent::get_last_ip($sensor_id, $agent);
        if (Asset_host_ips::valid_ip($last_ip)) {
            $agent_idm_data = array('userdomain' => '-', 'ip' => $last_ip);
        } else {
            $agent_idm_data = array('userdomain' => '-', 'ip' => '-');
        }
    }
    $data['status'] = 'success';
    $data['data'] = $agent_idm_data;
} else {
    $data['status'] = 'error';
    $data['data'] = $validation_errors;
}
echo json_encode($data);
exit;
コード例 #3
0
ファイル: bk_deploy_hids.php プロジェクト: jackpf/ossim-arc
 $s_data = Ossec_utilities::get_sensors($conn);
 $hids_sensors = $s_data['sensors'];
 foreach ($assets_w_os as $asset_id => $a_data) {
     $deployment_stats[$asset_id] = array('status' => 'success', 'data' => '');
     //Getting HIDS sensor and Windows IP
     $sensor_id = NULL;
     $hids_agents = Asset_host::get_related_hids_agents($conn, $asset_id);
     $aux_ip_address = explode(',', $a_data['ips']);
     $aux_ip_address = array_flip($aux_ip_address);
     $default_ip_address = array_pop(array_keys($aux_ip_address));
     if (is_array($hids_agents) && !empty($hids_agents)) {
         //Case 1: HIDS Agents was previously deployed
         $hids_agent = array_pop($hids_agents);
         $sensor_id = $hids_agent['sensor_id'];
         $agent_id = $hids_agent['agent_id'];
         if (Asset_host_ips::valid_ip($hids_agent['ip_cidr']) && array_key_exists($hids_agent['ip_cidr'], $aux_ip_address)) {
             $ip_address = $hids_agent['ip_cidr'];
         } else {
             $ip_address = $default_ip_address;
         }
     } else {
         //Case 2: Not HIDS Agent deployed
         $asset_sensors = Asset_host_sensors::get_sensors_by_id($conn, $asset_id);
         foreach ($asset_sensors as $asset_sensor_id => $s_data) {
             //Checking HIDS Sensor
             $cnd_1 = Ossec_utilities::is_sensor_allowed($conn, $asset_sensor_id) == TRUE;
             $cnd_2 = !empty($asset_sensors[$asset_sensor_id]);
             if ($cnd_1 && $cnd_2) {
                 $sensor_id = $asset_sensor_id;
                 break;
             }
コード例 #4
0
        ossim_valid($agent_id, OSS_DIGIT, 'illegal:' . _('Agent ID'));
        ossim_valid($sensor_id, OSS_HEX, 'illegal:' . _('Sensor ID'));
        if ($agent_ip != 'any') {
            ossim_valid($agent_ip, OSS_IP_CIDR_0, 'illegal:' . _('Agent IP'));
        }
        if (!ossim_error()) {
            $db = new ossim_db();
            $conn = $db->connect();
            if (!Ossec_utilities::is_sensor_allowed($conn, $sensor_id)) {
                Av_exception::throw_error(Av_exception::USER_ERROR, _('Error! Sensor not allowed'));
            }
            $db->close();
        }
        $more_info = Ossec_agent::get_info($sensor_id, $agent_id);
        $last_scan_dates = '';
        if (Asset_host_ips::valid_ip($agent_ip)) {
            $last_scan_dates = Ossec_agent::get_last_scans($sensor_id, $agent_ip);
        }
        if (is_array($more_info) && !empty($more_info)) {
            $syscheck_date = empty($last_scan_dates['syscheck']) ? $more_info[7] : $last_scan_dates['syscheck'];
            $rootcheck_date = empty($last_scan_dates['rootcheck']) ? $more_info[8] : $last_scan_dates['rootcheck'];
            ?>
            <table class='t_agent_mi'>
                <tr><td colspan='2' style='text-align: center;'><?php 
            echo _('Agent information');
            ?>
</td></tr>
                <tr>
                    <td><?php 
            echo _('Agent ID');
            ?>
コード例 #5
0
ファイル: load_trend.php プロジェクト: jackpf/ossim-arc
 if ($agent_status > 1) {
     if (Asset_host::is_in_db($conn, $asset_id)) {
         $data = Ossec_utilities::hids_trend_by_id($conn, $asset_id);
     } else {
         if ($ip_cidr == '127.0.0.1') {
             // Getting default sensor IP
             $sensor_ip = Av_sensor::get_ip_by_id($conn, $sensor_id);
             $ip_cidr = empty($sensor_ip) ? $ip_cidr : $sensor_ip;
         } else {
             try {
                 $agent = array('name' => $agent_name, 'ip_cidr' => $ip_cidr);
                 $ip_cidr = Ossec_agent::get_last_ip($sensor_id, $agent);
             } catch (Exception $e) {
             }
         }
         if (Asset_host_ips::valid_ip($ip_cidr)) {
             $data = Ossec_utilities::hids_trend_by_ip($conn, $ip_cidr);
         }
     }
 }
 $trend_plot = "<div style='color:gray; margin:15px; text-align:center;'>" . _('Trend chart not available') . "</div>";
 if (is_array($data) && !empty($data)) {
     $trend = '';
     $max = 7;
     for ($ii = $max - 1; $ii >= 0; $ii--) {
         $d = gmdate("j M", $timetz - 86400 * $ii);
         $trend[$d] = $data[$d] != '' ? $data[$d] : 0;
     }
     $i = 0;
     foreach ($trend as $k => $v) {
         $x[$k] = $i;
コード例 #6
0
ファイル: agent_idm_info.php プロジェクト: jackpf/ossim-arc
if (empty($validation_errors)) {
    $current_user = '******';
    $current_ip = '-';
    //Current user
    if (valid_hex32($asset_id)) {
        $q_filters = array('limit' => "1");
        list($users, $total_users) = Asset_host_properties::get_users_by_host($conn, $asset_id, $filters);
        if ($total_users > 0) {
            $_current_user = array_pop($users[$asset_id]);
            if (!empty($_current_user)) {
                $current_user = $_current_user['user'];
                $current_user .= !empty($_current_user['domain']) ? '@' . $_current_user['domain'] : '';
            }
        }
    }
    //Current IP
    $agent = array('ip_cidr' => $agent_ip, 'name' => $agent_name);
    $_current_ip = Ossec_agent::get_last_ip($sensor_id, $agent);
    if (Asset_host_ips::valid_ip($_current_ip)) {
        $current_ip = $_current_ip;
    }
    $agent_idm_data = array('current_ip' => $current_ip, 'current_user' => $current_user);
    $data['status'] = 'success';
    $data['data'] = $agent_idm_data;
} else {
    $data['status'] = 'error';
    $data['data'] = $validation_errors;
}
$db->close();
echo json_encode($data);
exit;
コード例 #7
0
function draw_html_content($conn, $ri_data, $edit_mode = FALSE)
{
    $ri_html = '';
    if ($ri_data['type'] == 'indicator') {
        //Allowed host types
        $host_types = array('host', 'server', 'sensor');
        //Getting indicator values
        if (preg_match("/view\\.php\\?map\\=([a-fA-F0-9]*)/", $ri_data['url'], $found)) {
            // Linked to another map: loop by this map indicators
            list($r_value, $v_value, $a_value, $ri_data['asset_id'], $related_sensor, , $ips, $in_assets) = get_map_values($conn, $found[1], $ri_data['asset_id'], $ri_data['asset_type'], $host_types);
        } else {
            // Asset Values
            list(, $related_sensor, , $ips, $in_assets) = get_assets($conn, $ri_data['asset_id'], $ri_data['asset_type'], $host_types);
            list($r_value, $v_value, $a_value) = get_values($conn, $host_types, $ri_data['asset_type'], $ri_data['asset_id'], FALSE);
        }
        // Getting indacator links
        if ($edit_mode == TRUE) {
            $linked_url = "javascript:void(0);";
            $r_url = "javascript:void(0);";
            $v_url = "javascript:void(0);";
            $a_url = "javascript:void(0);";
        } else {
            // Risk link
            $alarm_query = '';
            if ($ri_data['asset_type'] == 'host') {
                $alarm_query .= "&host_id=" . $ri_data['asset_id'];
            } elseif ($ri_data['asset_type'] == 'net') {
                $alarm_query .= "&net_id=" . $ri_data['asset_id'];
            } elseif ($ri_data['asset_type'] == 'sensor') {
                $alarm_query .= "&sensor_query=" . $ri_data['asset_id'];
            } elseif ($ri_data['asset_type'] == 'host_group' || $ri_data['asset_type'] == 'hostgroup') {
                $alarm_query .= "&asset_group=" . $ri_data['asset_id'];
            }
            $r_url = Menu::get_menu_url("/ossim/alarm/alarm_console.php?hide_closed=1" . $alarm_query, 'analysis', 'alarms', 'alarms');
            // Vulnerability link
            if ($ri_data['asset_type'] == 'host_group' || $ri_data['asset_type'] == 'hostgroup') {
                $v_data = '';
                if (valid_hex32($ri_data['asset_id'])) {
                    $_group_object = Asset_group::get_object($conn, $ri_data['asset_id']);
                    if ($_group_object != NULL) {
                        $_assets_aux = $_group_object->get_hosts($conn, '', array(), TRUE);
                        foreach ($_assets_aux[0] as $_host_data) {
                            if ($v_data != '') {
                                $v_data .= ',';
                            }
                            $v_data .= $_host_data[2];
                            // IP
                        }
                    }
                }
            } else {
                $v_data = $ips;
            }
            $v_url = Menu::get_menu_url("/ossim/vulnmeter/index.php?value={$v_data}&type=hn", 'environment', 'vulnerabilities', 'overview');
            // Availability link
            if (!empty($related_sensor)) {
                $conf = $GLOBALS['CONF'];
                $conf = !$conf ? new Ossim_conf() : $conf;
                $nagios_link = $conf->get_conf('nagios_link');
                $scheme = empty($_SERVER['HTTPS']) ? 'http://' : 'https://';
                $path = !empty($nagios_link) ? $nagios_link : '/nagios3/';
                $port = !empty($_SERVER['SERVER_PORT']) ? ':' . $_SERVER['SERVER_PORT'] : "";
                $nagios_url = $scheme . $related_sensor . $port . $path;
                if ($ri_data['asset_type'] == 'host') {
                    $hostname = Asset_host::get_name_by_id($conn, $ri_data['asset_id']);
                    if (preg_match('/\\,/', $ips)) {
                        $hostname .= '_' . preg_replace('/\\,.*/', '', $ips);
                    }
                    $a_url = Menu::get_menu_url("/ossim/nagios/index.php?sensor={$related_sensor}&nagios_link=" . urlencode($nagios_url . "cgi-bin/status.cgi?host=" . $hostname), 'environment', 'availability');
                } else {
                    $a_url = Menu::get_menu_url("/ossim/nagios/index.php?sensor={$related_sensor}&nagios_link=" . urlencode($nagios_url . "cgi-bin/status.cgi?hostgroup=all"), 'environment', 'availability');
                }
            } else {
                $a_url = 'javascript:void(0);';
            }
            //Report link or map link
            if ($ri_data['url'] == 'REPORT') {
                $linked_url = "javascript:void(0);";
                if ($ri_data['asset_type'] == 'sensor') {
                    try {
                        //Special case 1: Sensors don't have detail view
                        $sensor_ip = Av_sensor::get_ip_by_id($conn, $ri_data['asset_id']);
                        if (Asset_host_ips::valid_ip($sensor_ip)) {
                            $filters = array('where' => "host.id = hi.host_id AND hi.ip = INET6_ATON('{$sensor_ip}')\n                                AND hi.host_id = hs.host_id AND hs.sensor_id = UNHEX('" . $ri_data['asset_id'] . "')");
                            list($hosts, $total) = Asset_host::get_list($conn, ', host_sensor_reference hs, host_ip hi', $filters);
                            if ($total == 1) {
                                $ri_data['asset_id'] = key($hosts);
                                $linked_url = Menu::get_menu_url("/ossim/av_asset/common/views/detail.php?asset_id=" . $ri_data['asset_id'], 'environment', 'assets', 'assets');
                            } elseif ($total > 1) {
                                $linked_url = Menu::get_menu_url("/ossim/av_asset/asset/index.php?filter_id=11&filter_value={$sensor_ip}", 'environment', 'assets', 'assets');
                            }
                        }
                    } catch (Exception $e) {
                    }
                } elseif ($ri_data['asset_type'] == 'net_group' || $ri_data['asset_type'] == 'netgroup') {
                    //Special case 2: Net groups don't have detail view
                    $_sm_option = 'assets';
                    $_h_option = 'network_groups';
                    $linked_url = Menu::get_menu_url("/ossim/netgroup/netgroup_form.php?id=" . $ri_data['asset_id'], 'environment', $_sm_option, $_h_option);
                } else {
                    if ($ri_data['asset_type'] == 'host') {
                        $_sm_option = 'assets';
                        $_h_option = 'assets';
                    } elseif ($ri_data['asset_type'] == 'host_group' || $ri_data['asset_type'] == 'hostgroup') {
                        $_sm_option = 'assets';
                        $_h_option = 'asset_groups';
                    } else {
                        $_sm_option = 'assets';
                        $_h_option = 'networks';
                    }
                    $linked_url = Menu::get_menu_url("/ossim/av_asset/common/views/detail.php?asset_id=" . $ri_data['asset_id'], 'environment', $_sm_option, $_h_option);
                }
            } else {
                $linked_url = $ri_data['url'] != '' ? Menu::get_menu_url($ri_data['url'], 'dashboard', 'riskmaps', 'overview') : "javascript:void(0);";
            }
        }
        //Special image when linked asset has been removed
        if ($ri_data['asset_type'] != '' && !$in_assets) {
            $ri_data['icon'] = "/ossim/pixmaps/marker--exclamation.png";
            $ri_data['icon_size'] = "16";
            $ri_data['icon_bg'] = 'transparent';
        }
        $ri_data['icon_size'] = $ri_data['icon_size'] >= 0 || $ri_data['icon_size'] == -1 ? $ri_data['icon_size'] : '';
        $ri_html .= "<input type='hidden' name='dataname" . $ri_data['id'] . "' id='dataname" . $ri_data['id'] . "' value='" . $ri_data['name'] . "'/>\n                     <input type='hidden' name='datatype" . $ri_data['id'] . "' id='datatype" . $ri_data['id'] . "' value='" . $ri_data['asset_type'] . "'/>\n                     <input type='hidden' name='type_name" . $ri_data['id'] . "' id='type_name" . $ri_data['id'] . "' value='" . $ri_data['asset_id'] . "'/>\n                     <input type='hidden' name='type_name_show" . $ri_data['id'] . "' id='type_name_show" . $ri_data['id'] . "' value='" . $ri_data['asset_name'] . "'/>\n                     <input type='hidden' name='dataurl" . $ri_data['id'] . "' id='dataurl" . $ri_data['id'] . "' value='" . $ri_data['url'] . "'/>\n                     <input type='hidden' name='dataicon" . $ri_data['id'] . "' id='dataicon" . $ri_data['id'] . "' value='" . $ri_data['icon'] . "'/>\n                     <input type='hidden' name='dataiconsize" . $ri_data['id'] . "' id='dataiconsize" . $ri_data['id'] . "' value='" . $ri_data['icon_size'] . "'/>\n                     <input type='hidden' name='dataiconbg" . $ri_data['id'] . "' id='dataiconbg" . $ri_data['id'] . "' value='" . $ri_data['icon_bg'] . "'/>";
        $ri_html .= '<table width="100%" border="0" cellspacing="0" cellpadding="1" style="padding:2px; background-color:' . $ri_data['icon_bg'] . '; text-align:center; margin-left:2px; margin-right:2px">';
        if (!preg_match("/#NONAME/", $ri_data['name'])) {
            $ri_html .= '<tr>
                            <td align="center" nowrap="nowrap">
                                <a href="' . $linked_url . '" class="ne"><i>' . $ri_data['name'] . '</i></a>
                            </td>
                        </tr>';
        }
        if ($ri_data['icon_size'] != -1) {
            $ri_data['icon_size'] = $ri_data['icon_size'] > 0 ? 'width="' . $ri_data['icon_size'] . '"' : '';
            $ri_html .= '<tr>
                            <td align="center" style="white-space: nowrap;">
                                <a href="' . $linked_url . '" class="ne">
                                    <img src="' . $ri_data['icon'] . '" ' . $ri_data['icon_size'] . ' border="0"/>
                                </a>
                            </td>
                        </tr>';
        }
        $ri_html .= '<tr align="center">
                        <td style="margin-left:2px; margin-right:2px">';
        if ($ri_data['icon_size'] == -1 && preg_match("/#NONAME/", $ri_data['name'])) {
            $ri_html .= '<table border="0" cellspacing="0" cellpadding="2" style="text-align:center; margin:auto;">
                            <tr>
                                <td><a class="ne11" href="' . $r_url . '"><img src="images/' . $r_value . '.gif" border="0"/></a></td>
                                <td><a class="ne11" href="' . $v_url . '"><img src="images/' . $v_value . '.gif" border="0"/></a></td>
                                <td><a class="ne11" href="' . $a_url . '"><img src="images/' . $a_value . '.gif" border="0"/></a></td>
                            </tr>
                        </table>';
        } else {
            $ri_html .= '
                <table border="0" cellspacing="0" cellpadding="2" style="text-align:center; margin:auto;">
                    <tr>
                        <td><a class="ne11" href="' . $r_url . '">R</a></td>
                        <td><a class="ne11" href="' . $v_url . '">V</a></td>
                        <td><a class="ne11" href="' . $a_url . '">A</a></td>
                    </tr>
                    <tr>
                        <td><img src="images/' . $r_value . '.gif" border="0"/></td>
                        <td><img src="images/' . $v_value . '.gif" border="0"/></td>
                        <td><img src="images/' . $a_value . '.gif" border="0"/></td>
                    </tr>
                </table>';
        }
        $ri_html .= '   </td>
                     </tr>';
        if ($edit_mode == TRUE) {
            $ri_html .= '
                <tr align="center">
                    <td class="noborder">
                        <div id="indicator_edit"  style="float:left;" onclick="load_indicator_info(this);">
                            <img src="images/edit.png" title="' . _("Edit Indicator") . '" class="ind_help" height="15px" border="0"/>
                        </div>
                        <div id="indicator_trash" style="float:right;" onclick="delete_indicator(this);">
                            <img src="../pixmaps/trash.png" title="' . _("Delete Indicator") . '" class="ind_help" height="15px" border="0"/>
                        </div>
                    </td>
            </tr>';
        }
        $ri_html .= '</table>';
    } elseif ($ri_data['type'] == 'rectangle') {
        $ri_html = "<input type='hidden' name='dataname" . $ri_data['id'] . "' id='dataname" . $ri_data['id'] . "' value='" . $ri_data['name'] . "'/>\n\n                    <input type='hidden' name='dataurl" . $ri_data['id'] . "' id='dataurl" . $ri_data['id'] . "' value='" . $ri_data['url'] . "'/>\n";
        if ($edit_mode == TRUE) {
            $ri_html .= '<div class="itcanberesized" style="position:absolute; bottom:0px; right:0px; cursor:nw-resize;">
                            <img src="../pixmaps/resize.gif" border="0"/>
                         </div>';
        }
        $ri_html .= '<table border="0" cellspacing="0" cellpadding="0" width="100%" height="100%" style="border:0px;">
                         <tr>
                             <td style="border:1px dotted black" valign="bottom">';
        if ($edit_mode == TRUE) {
            $ri_html .= '<div id="indicator_edit"  style="float:left;padding:2px;" onclick="load_indicator_info(this);">
                            <img src="images/edit.png" title="' . _("Edit Rectangle") . '" class="ind_help" height="15px" border="0"/>
                        </div>
                        <div id="indicator_trash" style="float:right;padding:2px;" onclick="delete_indicator(this);">
                            <img src="../pixmaps/trash.png" title="' . _("Delete Rectangle") . '" class="ind_help" height="15px" border="0"/>
                        </div>';
        }
        $ri_html .= '       </td>
                        </tr>
                    </table>';
    }
    return $ri_html;
}
コード例 #8
0
ファイル: asset_form.php プロジェクト: jackpf/ossim-arc
$asset_type = REQUEST('asset_type');
//Database connection
$db = new ossim_db();
$conn = $db->connect();
if ($edition_type == 'single') {
    // Single edition
    $id = GET('id');
    $_ip = GET('ip');
    $_ctx = GET('ctx');
    //Getting host by IP and CTX
    if (empty($id) && !empty($_ctx) && !empty($_ip)) {
        $entity_type = Session::get_entity_type($conn, $_ctx);
        $entity_type = strtolower($entity_type);
        //Sometimes CTX is an engine instead of context
        $_ctx = $entity_type == 'context' ? $_ctx : Session::get_default_ctx();
        if (Asset_host_ips::valid_ip($_ip) && valid_hex32($_ctx)) {
            $aux_ids = Asset_host::get_id_by_ips($conn, $_ip, $_ctx);
            $aux_id = key($aux_ids);
            if (Asset_host::is_in_db($conn, $aux_id)) {
                $id = $aux_id;
            }
        } else {
            unset($_ip);
            unset($_ctx);
        }
    }
    if (!empty($id) && Asset_host::is_in_db($conn, $id)) {
        ossim_valid($id, OSS_HEX, 'illegal:' . _('Asset ID'));
        if (ossim_error()) {
            echo ossim_error(_('Error! Asset not found'));
            exit;