コード例 #1
0
ファイル: status.php プロジェクト: jackpf/ossim-arc
    <script type="text/javascript" src='/ossim/ossec/js/agents.js'></script>

    <script type="text/javascript" src="/ossim/js/greybox.js"></script>

    <?php 
require AV_MAIN_ROOT_PATH . '/host_report_menu.php';
?>
    <script type="text/javascript">

        function formatNmb(nNmb)
        {
            var sRes = "";
            for (var j, i = nNmb.length - 1, j = 0; i >= 0; i--, j++)
            {
                sRes = nNmb.charAt(i) + ((j > 0) && (j % 3 == 0)? "<?php 
echo Ossec_utilities::thousands_locale();
?>
": '') + sRes;
            }

            return sRes;
        }


        function showTooltip(x, y, contents)
        {
            $('<div id="tooltip" class="tooltipLabel"><span style="font-size:10px;">' + contents + '</span></div>').css({
                position: 'absolute',
                display: 'none',
                top: y - 28,
                left: x - 10,
コード例 #2
0
ファイル: agent.php プロジェクト: AntBean/alienvault-ossim
* MA  02110-1301  USA
*
*
* On Debian GNU/Linux systems, the complete text of the GNU General
* Public License can be found in `/usr/share/common-licenses/GPL-2'.
*
* Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt
*
*/
require_once dirname(__FILE__) . '/conf/config.inc';
Session::logcheck('environment-menu', 'EventsHidsConfig');
//Current sensor
$sensor_id = $_SESSION['ossec_sensor'];
$db = new ossim_db();
$conn = $db->connect();
$s_data = Ossec_utilities::get_sensors($conn, $sensor_id);
$sensor_opt = $s_data['sensor_opt'];
$db->close();
//Check available sensors
if (!is_array($s_data['sensors']) || empty($s_data['sensors'])) {
    $styles = 'width: 90%; text-align:left; margin: 50px auto;';
    echo ossim_error(_('There is no sensor available'), AV_INFO, $styles);
    exit;
}
$conf = $GLOBALS['CONF'];
$idm_enabled = $conf->get_conf('enable_idm');
$_SESSION['_idm'] = $idm_enabled;
session_write_close();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
コード例 #3
0
     $asset_sensors = Asset_host_sensors::get_sensors_by_id($conn, $asset_id);
     $cnd_2 = empty($asset_sensors[$sensor_id]);
     if ($cnd_1 || $cnd_2) {
         $validation_errors['sensor_id'] = sprintf(_("Sensor %s not allowed. Please check with your account admin for more information"), Av_sensor::get_name_by_id($conn, $sensor_id));
     } else {
         $system_ids = Av_center::get_system_id_by_component($conn, $sensor_id);
         $res = Av_center::get_system_info_by_id($conn, $system_ids['non-canonical']);
         if ($res['status'] == 'success') {
             //We use this function to calculate sensor name because in HA environments there are two systems for one Sensor ID
             if (empty($res['data']['ha_ip'])) {
                 $sensor_name = $res['data']['name'];
             } else {
                 $sensor_name = Av_sensor::get_name_by_id($conn, $sensor_id);
             }
             $sensor_ip = $res['data']['current_ip'];
             if (Ossec_utilities::get_default_sensor_id() == $sensor_id && empty($res['data']['ha_ip'])) {
                 $sensor_ip = $res['data']['admin_ip'];
             }
             $sensor_ip_txt = $sensor_ip . ' [' . $sensor_name . ']';
         }
         //Getting Agent information
         $_aux_agent = Asset_host::get_related_hids_agents($conn, $asset_id, $sensor_id);
         $agent_key = md5(strtoupper($sensor_id) . '#' . $agent_id);
         $agent = $_aux_agent[$agent_key];
         if (empty($agent)) {
             $validation_errors['agent_id'] = _('Error! Agent information cannot be retrieved from system');
         } else {
             $agent_descr = $agent['name'] . ' (' . $agent['ip_cidr'] . ')';
         }
     }
 }
コード例 #4
0
ファイル: edit_2.php プロジェクト: AntBean/alienvault-ossim
$title = $editable == TRUE ? _("Edit node:  {$node_name} ") : _("Show node:  {$node_name} ");
?>

<div id='edit_container'>

    <table id='header_rule'>
        <tbody>
            <tr><td class='sec_title'><?php 
echo $title;
?>
</td></tr>
        </tbody>
    </table>

    <form name='form_m' id='form_m'>

        <table class='er_container' id='erc1'>
            <tbody id='erb_c1'>
                <?php 
echo Ossec_utilities::print_subheader('attributes', $editable);
$at_data = array('data' => $attributes, 'img_path' => 'images', 'is_editable' => $editable, 'lk_name' => $lk_name);
echo Ossec_utilities::print_attributes($at_data);
?>
            </tbody>
        </table>

        <?php 
echo Ossec_utilities::print_subfooter($sf_data, $editable);
?>
    </form>
</div>
コード例 #5
0
            }
        }
        $ip_cidr = Asset_host_ips::valid_ip($agent_idm_ip) ? $agent_idm_ip : $agent['ip'];
    }
    $data = array();
    if (!preg_match('/Never connected/i', $agent['status']) && Asset_host_ips::valid_ip($ip_cidr)) {
        $data = Ossec_utilities::SIEM_trends_hids($conn, $ip_cidr);
    }
    $trend_plot = "<div style='color:gray; margin:15px; text-align:center;'>" . _('Trend chart not available') . "</div>";
    if (is_array($data) && !empty($data)) {
        $trend = '';
        $max = 7;
        for ($ii = $max - 1; $ii >= 0; $ii--) {
            $d = gmdate("j M", $timetz - 86400 * $ii);
            $trend[$d] = $data[$d] != '' ? $data[$d] : 0;
        }
        $i = 0;
        foreach ($trend as $k => $v) {
            $x[$k] = $i;
            $i++;
        }
        $y = $trend;
        $xticks = $x;
        foreach ($trend as $k => $v) {
            $xlabels[$k] = $k;
        }
        $trend_plot = "<div id='plotarea_" . $agent_id . "'>" . Ossec_utilities::plot_graphic('plotarea_' . $agent_id, 40, 250, $x, $y, $xticks, $xlabels, FALSE) . '</div>';
    }
    $db->close();
    echo $trend_plot;
}
コード例 #6
0
        $data['status'] = 'error';
        $data['data'] = _('Error! XML file not updated (1)');
        echo json_encode($data);
    } else {
        $xml = new Xml_parser($lk_name);
        $output = $xml->array2xml($tree);
        $output = Ossec_utilities::formatOutput($output, $lk_name);
        $output = utf8_decode($output);
        try {
            Ossec::set_rule_file($sensor_id, $file, $output);
            $tree = Ossec::get_tree($sensor_id, $file);
            $tree_json = Ossec_utilities::array2json($tree, $file);
            $_SESSION['_tree_json'] = $tree_json;
            $_SESSION['_tree'] = $tree;
        } catch (Exception $e) {
            $data['status'] = 'error';
            $data['data'] = $e->getMessage();
        }
    }
}
if ($data['status'] == 'error') {
    //Restore copy
    @copy($path_tmp, $rule_file);
    $_SESSION['_tree'] = $tree_cp;
    $_SESSION['_tree_json'] = Ossec_utilities::array2json($tree_cp, $file);
} else {
    $data['status'] = 'success';
    $data['data'] = _('XML file update successfully') . '###' . base64_encode($tree_json);
    echo json_encode($data);
}
@unlink($path_tmp);
コード例 #7
0
ファイル: get_xml_node.php プロジェクト: jackpf/ossim-arc
*
* You should have received a copy of the GNU General Public License
* along with this package; if not, write to the Free Software
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
* MA  02110-1301  USA
*
*
* On Debian GNU/Linux systems, the complete text of the GNU General
* Public License can be found in `/usr/share/common-licenses/GPL-2'.
*
* Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt
*
*/
require_once dirname(__FILE__) . '/../../conf/config.inc';
Session::logcheck('environment-menu', 'EventsHidsConfig');
//Get XML node
$lk_value = POST('lk_value');
$lk_name = $_SESSION['lk_name'];
$tree_lr = $_SESSION['_tree'];
$child = Ossec::get_child($tree_lr, $lk_name, $lk_value);
$rule = array('@attributes' => array($lk_name => '1'), '0' => array('rule' => $child['tree']));
if (!empty($child)) {
    $xml_obj = new Xml_parser($lk_name);
    $output = $xml_obj->array2xml($rule);
    $data['status'] = 'success';
    $data['data'] = Ossec_utilities::formatOutput($output, $lk_name);
} else {
    $data['status'] = 'error';
    $data['data'] = _('Error! Information not available');
}
echo json_encode($data);
コード例 #8
0
ファイル: get_tree.php プロジェクト: jackpf/ossim-arc
ossim_valid($file, OSS_ALPHA, OSS_SCORE, OSS_DOT, 'illegal:' . _('File'));
if (!ossim_error()) {
    $db = new ossim_db();
    $conn = $db->connect();
    if (!Ossec_utilities::is_sensor_allowed($conn, $sensor_id)) {
        ossim_set_error(_('Error! Sensor not allowed'));
    }
    $db->close();
}
if (ossim_error()) {
    $data['status'] = 'error';
    $data['data'] = _('We found the followings errors:') . "<div style='padding-left: 15px; text-align:left;'>" . ossim_get_error_clean() . '</div>';
    echo json_encode($data);
    exit;
}
//Set current file
$_SESSION['_current_file'] = $file;
$_SESSION['lk_name'] = Ossec::get_key_name($file);
try {
    $tree = Ossec::get_tree($sensor_id, $file);
    $tree_json = Ossec_utilities::array2json($tree, $file);
    $_SESSION['_tree_json'] = $tree_json;
    $_SESSION['_tree'] = $tree;
    $data['status'] = 'success';
    $data['data'] = _('Click on a branch to display a node') . '###' . base64_encode($tree_json);
} catch (Exception $e) {
    $data['status'] = 'error';
    $data['data'] = $e->getMessage();
}
echo json_encode($data);
exit;
コード例 #9
0
function get_sensor_id()
{
    return Ossec_utilities::get_default_sensor_id();
}
コード例 #10
0
ファイル: check_agent_ip.php プロジェクト: jackpf/ossim-arc
$_REQUEST['ip_cidr'] = strtolower(REQUEST('ip_cidr'));
$ip_cidr = REQUEST('ip_cidr');
$validate = array('sensor_id' => array('validation' => "OSS_HEX", 'e_message' => 'illegal:' . _('Sensor ID')), 'asset_id' => array('validation' => "OSS_HEX", 'e_message' => 'illegal:' . _('Asset')), 'ip_cidr' => array('validation' => 'OSS_IP_ADDRCIDR', 'e_message' => 'illegal:' . _('IP/CIDR')));
if ($ip_cidr == 'any') {
    $validate['ip_cidr'] = array('validation' => 'any', 'e_message' => 'illegal:' . _('IP/CIDR'));
}
$db = new ossim_db();
$conn = $db->connect();
//Check Token
if (!Token::verify('tk_f_agents', $token)) {
    $error = Token::create_error_message();
    Util::response_bad_request($error);
}
$validation_errors = validate_form_fields('POST', $validate);
//Extra validations
if (empty($validation_errors['sensor_id']) && !Ossec_utilities::is_sensor_allowed($conn, $sensor_id)) {
    $validation_errors['sensor_id'] = sprintf(_("Sensor %s not allowed. Please check with your account admin for more information"), Av_sensor::get_name_by_id($conn, $sensor_id));
}
if (is_array($validation_errors) && !empty($validation_errors)) {
    $error_msg = "<div style='text-align: left;'>" . _('The following errors occurred') . ":</div>\n                  <div style='padding-left:15px; text-align: left;'>" . implode('<br/>', $validation_errors) . "</div>";
    $error = Token::create_error_message();
    Util::response_bad_request($error_msg);
}
$warning_msg = '';
//Validate IP/CIDR
if ($ip_cidr != 'any' && $ip_cidr != '0.0.0.0/0') {
    if (Asset_host_ips::valid_ip($ip_cidr)) {
        //Agent IP/CIDR is an IP address
        $asset_ips = Asset_host_ips::get_ips_to_string($conn, $asset_id);
        if (preg_match('/' . $ip_cidr . '/', $asset_ips) == FALSE) {
            $warning_msg = _('The asset IP and IP/CIDR do not match');
コード例 #11
0
ファイル: save_cnf.php プロジェクト: jackpf/ossim-arc
    $conf_file = preg_replace($pattern, $replacement, $conf_file);
    preg_match_all('/<\\s*syscheck\\s*>.*<\\/syscheck>/', $conf_file, $match);
    $size_m = count($match[0]);
    $unique_id = uniqid();
    if ($size_m > 0) {
        $pattern = trim($match[0][$ac_key]);
        $copy_cf = str_replace($pattern, $unique_id, $copy_cf);
    } else {
        if (preg_match("/<\\s*agent_config\\s*>/", $copy_cf)) {
            $copy_cf = preg_replace("/<\\/\\s*agent_config\\s*>/", "{$unique_id}</agent_config>", $copy_cf, 1);
        } else {
            $copy_cf = "<agent_config>{$unique_id}</agent_config>";
        }
    }
    $copy_cf = preg_replace("/{$unique_id}/", $node_sys, $copy_cf);
    $conf_data = Ossec_utilities::formatXmlString($copy_cf);
    try {
        $data = Ossec_agent::set_configuration_file($sensor_id, $conf_data);
    } catch (Exception $e) {
        $data['status'] = 'error';
        $data['data'] = $e->getMessage();
    }
    echo json_encode($data);
} elseif ($tab == '#tab3') {
    try {
        $conf_data = html_entity_decode(base64_decode($_POST['data']), ENT_QUOTES, 'UTF-8');
        $data = Ossec_agent::set_configuration_file($sensor_id, $conf_data);
    } catch (Exception $e) {
        $data['status'] = 'error';
        $data['data'] = $e->getMessage();
    }
コード例 #12
0
ファイル: al_save.php プロジェクト: jackpf/ossim-arc
        $data['data'] = $validation_errors;
    }
    echo json_encode($data);
    exit;
}
$validation_errors = validate_form_fields('POST', $validate);
if (is_array($validation_errors) && !empty($validation_errors)) {
    Util::response_bad_request(implode('<br/>', $validation_errors));
}
if (POST('pass') != POST('passc')) {
    Util::response_bad_request(_('Password fields are different'));
}
if (!empty($_POST['ppass']) && POST('ppass') != POST('ppassc')) {
    Util::response_bad_request(_('Privileged Password fields are different'));
}
if (!Ossec_utilities::is_sensor_allowed($conn, POST('sensor'))) {
    Util::response_bad_request(_('Error! Sensor not allowed'));
}
$entries = is_array(POST('entries')) ? POST('entries') : array();
foreach ($entries as $entry) {
    ossim_valid($entry['id_type'], OSS_NOECHARS, OSS_SCORE, OSS_LETTER, 'illegal:' . _('Type'));
    ossim_valid($entry['frequency'], OSS_DIGIT, 'illegal:' . _('frequency'));
    ossim_valid($entry['state'], OSS_NOECHARS, OSS_SCORE, OSS_LETTER, 'illegal:' . _('State'));
    ossim_valid($entry['arguments'], OSS_NOECHARS, OSS_TEXT, OSS_SPACE, OSS_AT, OSS_NULLABLE, OSS_PUNC_EXT, '\\`', '\\<', '\\>', 'illegal:' . _('Arguments'));
    if (ossim_error()) {
        Util::response_bad_request(ossim_get_error_clean());
    }
}
$ip = POST('ip');
$sensor_id = POST('sensor');
$hostname = POST('hostname');
コード例 #13
0
ファイル: deploy_hids.php プロジェクト: jackpf/ossim-arc
     $os_windows = POST('os_windows');
     break;
 case 'deploy_agent':
     $sensor_id = POST('sensor_id');
     $ip_address = POST('ip_address');
     $user = POST('user');
     $pass = POST('pass');
     $domain = POST('domain');
     //Extra validations
     if (empty($validation_errors)) {
         //Checking Asset ID
         if (Asset_host::is_allowed($conn, $asset_id) == FALSE) {
             $validation_errors['asset_id'] = _('You do not have permission to deploy HIDS agent to this asset. Please check with your account admin for more information');
         }
         //Checking HIDS Sensor
         $cnd_1 = Ossec_utilities::is_sensor_allowed($conn, $sensor_id) == FALSE;
         $asset_sensors = Asset_host_sensors::get_sensors_by_id($conn, $asset_id);
         $cnd_2 = empty($asset_sensors[$sensor_id]);
         if ($cnd_1 || $cnd_2) {
             $validation_errors['sensor_id'] = sprintf(_("Sensor %s not allowed. Please check with your account admin for more information"), Av_sensor::get_name_by_id($conn, $sensor_id));
         }
         //Checking IP Address
         $aux_asset_ips = Asset_host_ips::get_ips_to_string($conn, $asset_id);
         if (preg_match('/' . $ip_address . '/', $aux_asset_ips) == FALSE) {
             $validation_errors['ip_address'] = _("The IP address you enter is not valid. Please check your asset and network settings and try again");
         }
     }
     break;
 case 'deploy_agentless':
     /***********************************************
      *******************   TO DO   ******************
コード例 #14
0
ファイル: load_tabs.php プロジェクト: jackpf/ossim-arc
*
*
* On Debian GNU/Linux systems, the complete text of the GNU General
* Public License can be found in `/usr/share/common-licenses/GPL-2'.
*
* Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt
*
*/
require_once dirname(__FILE__) . '/../../conf/config.inc';
Session::logcheck('environment-menu', 'EventsHidsConfig');
$sensor_id = POST('sensor_id');
ossim_valid($sensor_id, OSS_HEX, 'illegal:' . _('Sensor ID'));
if (!ossim_error()) {
    $db = new ossim_db();
    $conn = $db->connect();
    if (!Ossec_utilities::is_sensor_allowed($conn, $sensor_id)) {
        ossim_set_error(_('Error! Sensor not allowed'));
    }
    $db->close();
}
if (ossim_error()) {
    echo '2###' . _('We found the followings errors') . ": <div style='padding-left: 15px; text-align:left;'>" . ossim_get_error_clean() . '</div>';
    exit;
}
//Current sensor
$_SESSION['ossec_sensor'] = $sensor_id;
echo '1###';
try {
    $rules = Ossec::get_rule_files($sensor_id, FALSE);
    $options_e .= "<optgroup label='" . _('Editable rule file') . "'>\n";
    $options_ne .= "<optgroup label='" . _('Rules files read-only') . "'>\n";
コード例 #15
0
ファイル: bk_deploy_hids.php プロジェクト: jackpf/ossim-arc
 if (is_array($hids_agents) && !empty($hids_agents)) {
     //Case 1: HIDS Agents was previously deployed
     $hids_agent = array_pop($hids_agents);
     $sensor_id = $hids_agent['sensor_id'];
     $agent_id = $hids_agent['agent_id'];
     if (Asset_host_ips::valid_ip($hids_agent['ip_cidr']) && array_key_exists($hids_agent['ip_cidr'], $aux_ip_address)) {
         $ip_address = $hids_agent['ip_cidr'];
     } else {
         $ip_address = $default_ip_address;
     }
 } else {
     //Case 2: Not HIDS Agent deployed
     $asset_sensors = Asset_host_sensors::get_sensors_by_id($conn, $asset_id);
     foreach ($asset_sensors as $asset_sensor_id => $s_data) {
         //Checking HIDS Sensor
         $cnd_1 = Ossec_utilities::is_sensor_allowed($conn, $asset_sensor_id) == TRUE;
         $cnd_2 = !empty($asset_sensors[$asset_sensor_id]);
         if ($cnd_1 && $cnd_2) {
             $sensor_id = $asset_sensor_id;
             break;
         }
     }
     $agent_id = NULL;
     $ip_address = $default_ip_address;
 }
 if ($sensor_id === NULL) {
     $deployment_stats[$asset_id]['status'] = 'error';
     $deployment_stats[$asset_id]['data'] = _('Error! No HIDS sensor related to asset');
     continue;
 }
 $d_data = array('asset_id' => $asset_id, 'w_ip' => $ip_address, 'w_user' => $user, 'w_password' => $pass, 'w_domain' => $domain, 'agent_id' => $agent_id);
コード例 #16
0
ファイル: save.php プロジェクト: jackpf/ossim-arc
    exit;
}
if (!Ossec::is_editable($file)) {
    $data['status'] = 'error';
    $data['data'] = _('Error! File not editable');
    echo json_encode($data);
    exit;
}
$_SESSION['_current_file'] = $file;
$lk_name = $_SESSION['lk_name'];
$new_xml_data = html_entity_decode(base64_decode($new_xml_data), ENT_QUOTES, 'UTF-8');
$xml_obj = new Xml_parser($lk_name);
$xml_obj->load_string($new_xml_data);
if ($xml_obj->errors['status'] == FALSE) {
    $data['status'] = 'error';
    $data['data'] = "<div id='parse_errors'>\n                        <span style='font-weight: bold;'>" . _('Data in XML file with wrong format') . "&nbsp;<a onclick=\"\$('#msg_errors').toggle();\"> [" . _('View errors') . "]</a></span>\n                        <br/><div id='msg_errors'>" . implode('', $xml_obj->errors['msg']) . "</div>\n                   </div>";
} else {
    try {
        Ossec::set_rule_file($sensor_id, $file, $new_xml_data);
        $array_xml = $xml_obj->xml2array();
        $tree_json = Ossec_utilities::array2json($array_xml, $file);
        $_SESSION['_tree_json'] = $tree_json;
        $_SESSION['_tree'] = $array_xml;
        $data['data'] = _("{$file} updated successfully") . '###' . base64_encode($tree_json);
    } catch (Exception $e) {
        $data['status'] = 'error';
        $data['data'] = $e->getMessage();
    }
}
echo json_encode($data);
exit;
コード例 #17
0
$agent_ip = POST('agent_ip');
$type = POST('os_type');
$sensor_id = POST('sensor_id');
$validate = array('sensor_id' => array('validation' => "OSS_HEX", 'e_message' => 'illegal:' . _('Sensor ID')), 'agent_ip' => array('validation' => 'OSS_IP_CIDR_0', 'e_message' => 'illegal:' . _('Agent IP')), 'os_type' => array('validation' => "'regex:unix|windows'", 'e_message' => 'illegal:' . _('OS Type')));
$validation_errors = validate_form_fields('POST', $validate);
//Get Sensor IP for selected sensor
if (empty($validation_errors)) {
    $db = new ossim_db();
    $conn = $db->connect();
    if (!Ossec_utilities::is_sensor_allowed($conn, $sensor_id)) {
        $validation_errors["sensor_id"] = _("Sensor not allowed");
    } else {
        $system_ids = Av_center::get_system_id_by_component($conn, $sensor_id);
        $res = Av_center::get_system_info_by_id($conn, $system_ids['non-canonical']);
        if ($res['status'] == 'success') {
            if (!empty($res['data']['vpn_ip']) && Ossec_utilities::get_default_sensor_id() != $sensor_id) {
                $sensor_ip = $res['data']['vpn_ip'];
                $sensor_ip_txt = $res['data']['admin_ip'] . " [" . $res['data']['vpn_ip'] . "]";
            } else {
                $sensor_ip = $res['data']['admin_ip'];
                $sensor_ip_txt = $sensor_ip;
            }
        }
        $_SESSION['_ossec_os_type'] = $type;
    }
    $db->close();
}
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>