function edit_autoenable($sid) { global $dbconn, $username, $version; navbar($sid); $query = "select id, name, description, autoenable, type, owner, auto_cat_status, auto_fam_status, update_host_tracker\n FROM vuln_nessus_settings where id={$sid}"; $result = $dbconn->execute($query); echo <<<EOT <form method="post" action="settings.php"> <input type="hidden" name="disp" value="update"> <input type="hidden" name="sid" value="{$sid}"> EOT; list($sid, $sname, $sdescription, $sautoenable, $stype, $sowner, $auto_cat_status, $auto_fam_status, $tracker) = $result->fields; //if($stype=='G') { $stc = "checked"; } else { $stc = ""; } if (is_numeric($sowner) && intval($sowner) != 0) { $entity = $sowner; } else { $user = $sowner; } if ($tracker == '1') { $cktracker = "checked"; } else { $cktracker = ""; } echo <<<EOT <center> <table> <tr> EOT; echo "<th>" . _("Name") . ":</th>"; echo ' <td><input type="text" name="sname" value="' . html_entity_decode($sname) . '" size=50/> </tr> <tr> '; echo "<th>" . _("Description") . ":</th>"; echo ' <td><input type="text" name="sdescription" value="' . html_entity_decode($sdescription) . '" size=50/></td> </tr>'; $users = Session::get_users_to_assign($dbconn); $entities = Session::am_i_admin() || $pro && Acl::am_i_proadmin() ? Session::get_entities_to_assign($dbconn) : null; ?> <tr> <th><?php echo _("Make this profile available for"); ?> :</th> <td> <table cellspacing="0" cellpadding="0" align='center' class="transparent"> <tr> <td class='nobborder'><span style='margin-right:3px'><?php echo _("User:"******"user" style="width:150px" id="user" onchange="switch_user('user');return false;" > <?php $num_users = 0; $current_user = Session::get_session_user(); if (!Session::am_i_admin()) { $user = $user == "" && $entity == "" ? $current_user : $user; } foreach ($users as $k => $v) { $login = $v->get_login(); $selected = $login == $user ? "selected='selected'" : ""; $options .= "<option value='" . $login . "' {$selected}>{$login}</option>\n"; $num_users++; } if ($num_users == 0) { echo "<option value='-1' style='text-align:center !important;'>- " . _("No users found") . " -</option>"; } else { echo "<option value='-1' style='text-align:center !important;'>- " . _("Select users") . " -</option>"; if (Session::am_i_admin()) { $default_selected = ($user == "" || intval($user) == 0) && $entity == "" ? "selected='selected'" : ""; echo "<option value='0' {$default_selected}>" . _("ALL") . "</option>\n"; } echo $options; } ?> </select> </td> <?php if (!empty($entities)) { ?> <td style='text-align:center; border:none; !important'><span style='padding:5px;'><?php echo _("OR"); ?> <span></td> <td class='nobborder'><span style='margin-right:3px'><?php echo _("Entity:"); ?> </span></td> <td class='nobborder'> <select name="entity" style="width:170px" id="entity" onchange="switch_user('entity');return false;"> <option value="-1" style='text-align:center !important;'>- <?php echo _("Entity not assigned"); ?> -</option> <?php foreach ($entities as $k => $v) { $selected = $k == $user_entity ? "selected='selected'" : ""; echo "<option value='{$k}' {$selected}>{$v}</option>"; } ?> </select> </td> <?php } ?> </tr> </table> </td> </tr> <?php echo "<tr style='display:none'>"; echo "<th>" . _("Link scans run by this profile in Network Hosts") . "<br>" . _("Purpose so that Network Hosts can be tracking full/perfered audits") . ".</th>"; echo "<td class='left'><input type='checkbox' name='tracker' {$cktracker}/><font color='red'>" . _("Update Host Tracker \"Network Hosts\" Status") . "</font></input></td>"; echo "</tr>"; echo "<tr>\n<th valign='top' style='background-position:top center;'>" . _("Autoenable options") . ":</th>\n<td><SELECT name=\"sautoenable\" onChange=\"showEnableBy();return false;\">"; //echo "<option value=\"N\""; // if ($sautoenable=="N") { echo " selected";} // echo ">None"; echo "<option value=\"C\""; if ($sautoenable == "C") { echo " selected"; } echo ">" . _("Autoenable by category") . "<option value=\"F\""; if ($sautoenable == "F") { echo " selected"; } echo ">" . _("Autoenable by family") . "</select>"; echo "<div id=\"cat1\"" . ($sautoenable == "C" ? "" : "style=\"display:none;\"") . ">"; // now the auto-enable status pulldowns echo "<br>" . _("Initial status for autoenabled Categories") . ": "; echo "<select name='auto_cat_status'>"; echo "<option value='1'"; if ($auto_cat_status == 1) { echo " selected"; } echo ">" . _("Enable All") . "</option>"; echo "<option value='2'"; if ($auto_cat_status == 2) { echo " selected"; } echo ">" . _("Enable New") . "</option>"; echo "<option value='3'"; if ($auto_cat_status == 3) { echo " selected"; } echo ">" . _("Disable New") . "</option>"; echo "<option value='4'"; if ($auto_cat_status == 4) { echo " selected"; } echo ">" . _("Disable All") . "</option>"; echo "<option value='5'"; if ($auto_cat_status == 5) { echo " selected"; } echo ">" . _("Intelligent") . "</option><br>"; echo "</select>"; echo "<br><br><br></div>"; echo "<div id=\"fam1\"" . ($sautoenable == "F" ? "" : "style=\"display:none;\"") . ">"; echo "<br>" . _("Initial status for autoenabled Families") . ": "; echo "<select name='auto_fam_status'>"; echo "<option value='1'"; if ($auto_fam_status == 1) { echo " selected"; } echo ">" . _("Enable All") . "</option>"; echo "<option value='2'"; if ($auto_fam_status == 2) { echo " selected"; } echo ">" . _("Enable New") . "</option>"; echo "<option value='3'"; if ($auto_fam_status == 3) { echo " selected"; } echo ">" . _("Disable New") . "</option>"; echo "<option value='4'"; if ($auto_fam_status == 4) { echo " selected"; } echo ">" . _("Disable All") . "</option>"; echo "<option value='5'"; if ($auto_fam_status == 5) { echo " selected"; } echo ">" . _("Intelligent") . "</option>"; echo "</select>"; echo "</div>"; echo "<p></p>"; echo "<div id=\"cat2\"" . ($sautoenable == "C" ? "" : "style=\"display:none;\"") . ">"; echo "<B>" . _("Autoenable plugins in categories") . ":</B><BR><BR>"; $query = "SELECT t1.cid, t2.name, t1.status FROM vuln_nessus_settings_category as t1, \n vuln_nessus_category as t2 \n where t1.sid={$sid} \n and t1.cid=t2.id \n order by t2.name"; // var_dump($query); $result = $dbconn->execute($query); echo <<<EOT <table bordercolor="#6797BF" border="0" cellspacing="2" cellpadding="0"> EOT; echo "<tr><th>" . _("Name") . "</th>"; echo "<th>" . _("Enable All") . "</th>"; echo "<th>" . _("Enable New") . "</th>"; echo "<th>" . _("Disable New") . "</th>"; echo "<th>" . _("Disable All") . "</th>"; echo "<th>" . _("Intelligent") . "</th></tr>"; while (!$result->EOF) { list($cid, $name, $status) = $result->fields; echo "<tr><td style=\"text-align:left;padding-left:3px;\">" . strtoupper($name) . "</td>"; echo "<td><input type=\"radio\" name=\"c_{$cid}\" value=\"1\" "; if ($status == 1) { echo "checked"; } echo "></td><td><input type=\"radio\" name=\"c_{$cid}\" value=\"2\" "; if ($status == 2) { echo "checked"; } echo "></td><td><input type=\"radio\" name=\"c_{$cid}\" value=\"3\" "; if ($status == 3) { echo "checked"; } echo "></td>"; echo "<td><input type=\"radio\" name=\"c_{$cid}\" value=\"4\" "; if ($status == 4) { echo "checked"; } echo "></td>"; echo "<td><input type=\"radio\" name=\"c_{$cid}\" value=\"5\" "; if ($status == 5) { echo "checked"; } echo "></td></tr>"; $result->MoveNext(); } echo "</table><BR>"; echo "</div>"; echo "<div id=\"fam2\"" . ($sautoenable == "F" ? "" : "style=\"display:none;\"") . ">"; $query = "select t1.fid, t2.name, t1.status \n from vuln_nessus_settings_family as t1, \n vuln_nessus_family as t2 \n where t1.sid={$sid} \n and t1.fid=t2.id \n order by t2.name"; $result = $dbconn->execute($query); echo "<B><BR><BR>" . _("Autoenable plugins in families") . ":<BR><BR></B>"; echo <<<EOT <table bordercolor="#6797BF" border="0" cellspacing="2" cellpadding="0"> EOT; echo "<tr><th>" . _("Name") . "</th>"; echo "<th>" . _("Enable All") . "</th>"; echo "<th>" . _("Enable New") . "</th>"; echo "<th>" . _("Disable New") . "</th>"; echo "<th>" . _("Disable All") . "</th>"; echo "<th>" . _("Intelligent") . "</th></tr>"; while (!$result->EOF) { list($fid, $name, $status) = $result->fields; echo "<tr><td style=\"text-align:left;padding-left:3px;\">{$name}</td>"; echo "<td><input type=\"radio\" name=\"f_{$fid}\" value=\"1\" "; if ($status == 1) { echo "checked"; } echo "></td>"; echo "<td><input type=\"radio\" name=\"f_{$fid}\" value=\"2\" "; if ($status == 2) { echo "checked"; } echo "></td>"; echo "<td><input type=\"radio\" name=\"f_{$fid}\" value=\"3\" "; if ($status == 3) { echo "checked"; } echo "></td>"; echo "<td><input type=\"radio\" name=\"f_{$fid}\" value=\"4\" "; if ($status == 4) { echo "checked"; } echo "></td>"; echo "<td><input type=\"radio\" name=\"f_{$fid}\" value=\"5\" "; if ($status == 5) { echo "checked"; } echo "></td></tr>"; $result->MoveNext(); } echo "</table></div></td></tr></table></center><br/>"; echo "<input type=\"submit\" name=\"submit\" value=\"" . _("Update") . "\" class=\"button updateautoenable\"><br/><br/></form>"; }
while (!$result->EOF) { $p_description = $result->fields['description'] != '' ? ' - ' . $result->fields['description'] : ''; $v_profiles[$result->fields['id']]['name&description'] = $result->fields['name'] . $p_description; if ($sid == '' && $result->fields['name'] == 'Default' || $result->fields['id'] == $sid) { $v_profiles[$result->fields['id']]['selected'] = 'selected="selected"'; } $result->MoveNext(); } // load users and entities $users = Session::get_users_to_assign($conn); $users_to_assign = array(); foreach ($users as $u_key => $u_value) { $users_to_assign[$u_value->get_login()]['selected'] = $u_value->get_login() == $user ? 'selected="selected"' : ''; $users_to_assign[$u_value->get_login()]['name'] = $u_value->get_login(); } $entities = Session::get_entities_to_assign($conn); $entities_to_assign = array(); foreach ($entities as $e_key => $e_value) { $entities_to_assign[$e_key]['selected'] = $e_key == $entity ? 'selected="selected"' : ''; $entities_to_assign[$e_key]['name'] = $e_value; } // load credentials $ssh_cred = Vulnerabilities::get_credentials($conn, 'ssh'); $ssh_arr = array(); foreach ($ssh_cred as $cred) { $login_text = $cred['login']; if ($login_text == '0' || valid_hex32($login_text)) { $login_text = $login_text == '0' ? _('All') : Session::get_entity_name($conn, $cred['login']); } $cred_key = $cred['name'] . '#' . $cred['login']; $ssh_arr[$cred_key]['selected'] = $cred_key == $ssh_credential ? 'selected="selected"' : '';
if (Session::userAllowed($user_id) > 1) { Session_activity::expire_my_others_sessions($conn, $user_id); } } /* Version */ $pro = Session::is_pro(); //Timezone $tzlist = timezone_identifiers_list(4095); sort($tzlist); //Login method list $lm_list = array('ldap' => _('LDAP'), 'pass' => _('PASSWORD')); //Entities and Templates $noentities = 0; $notemplates = 0; if ($pro) { $entity_list = Session::get_entities_to_assign($conn); if (count($entity_list) < 1) { $noentities = 1; } list($entities_all, $num_entities_all) = Acl::get_entities($conn, '', '', FALSE, FALSE); $templates = array(); list($templates, $num_templates) = Session::get_templates($conn); if (count($templates) < 1) { $templates[0] = array('id' => '', 'name' => ' -- ' . _('No templates found') . ' -- '); $notemplates = 1; } } else { list($menu_perms, $perms_check) = Session::get_menu_perms($conn); } //Initialize variables $_SESSION['user_in_db'] = NULL;
function tab_discovery() { global $component, $uroles, $editdata, $scheduler, $username, $useremail, $dbconn, $disp, $enScanRequestImmediate, $enScanRequestRecur, $timeout, $smethod, $SVRid, $sid, $ip_list, $ip_exceptions_list, $schedule_type, $ROYEAR, $ROday, $ROMONTH, $time_hour, $time_min, $dayofweek, $dayofmonth, $sname, $user, $entity, $hosts_alive, $scan_locally, $version, $nthweekday, $semail, $not_resolve; global $pluginOptions, $enComplianceChecks, $profileid; $conf = $GLOBALS["CONF"]; $pre_scan_locally_status = $conf->get_conf("nessus_pre_scan_locally", FALSE); $user_selected = $user; $entity_selected = $entity; $SVRid_selected = $SVRid; $sid_selected = $sid != "" ? $sid : $editdata['meth_VSET']; $timeout_selected = $editdata["meth_TIMEOUT"]; $ip_list_selected = str_replace("\\r\\n", "\n", str_replace(";;", "\n", $ip_list)); if (count($ip_exceptions_list) > 0) { $ip_list_selected .= "\n" . implode("\n", $ip_exceptions_list); } $ROYEAR_selected = $ROYEAR; $ROday_selected = $ROday; $ROMONTH_selected = $ROMONTH; $time_hour_selected = $time_hour; $time_min_selected = $time_min; $dayofweek_selected = $dayofweek; $dayofmonth_selected = $dayofmonth; $sname_selected = $sname; //print_r($editdata); if ($schedule_type != "") { $editdata['schedule_type'] = $schedule_type; } $cquery_like = ""; if ($component != "") { $cquery_like = " AND component='{$component}'"; } $today = date("Ymd"); $tyear = substr($today, 0, 4); $nyear = $tyear + 1; $tmonth = substr($today, 4, 2); $tday = substr($today, 6, 2); #SET VALUES UP IF EDIT SCHEDULER if (isset($editdata['notify'])) { $enotify = $editdata['notify']; } else { $enotify = "{$useremail}"; } if (isset($editdata['time'])) { list($time_hour, $time_min, $time_sec) = split(':', $editdata['time']); } $arrTypes = array("N", "O", "D", "W", "M", "NW"); foreach ($arrTypes as $type) { $sTYPE[$type] = ""; } $arrJobTypes = array("C", "M", "R", "S"); foreach ($arrJobTypes as $type) { $sjTYPE[$type] = ""; } if (isset($editdata['schedule_type'])) { $sTYPE[$editdata['schedule_type']] = "CHECKED"; if ($editdata['schedule_type'] == 'D') { $ni = 2; } elseif ($editdata['schedule_type'] == 'O') { $ni = 3; } elseif ($editdata['schedule_type'] == 'W') { $ni = 4; } elseif ($editdata['schedule_type'] == 'NW') { $ni = 6; } else { $ni = 5; } $show = "<br><script language=javascript>showLayer('idSched', {$ni});</script>"; } else { if ($enScanRequestImmediate) { $sTYPE['N'] = "CHECKED"; $show = "<br><script language=javascript>showLayer('idSched', 1);</script>"; } else { $sTYPE['O'] = "checked"; $show = "<br><script language=javascript>showLayer('idSched', 3);</script>"; } } if ($schedule_type != "") { if ($schedule_type == "N") { $show .= "<br><script language=javascript>showLayer('idSched', 1);</script>"; } if ($schedule_type == "O") { $show .= "<br><script language=javascript>showLayer('idSched', 3);</script>"; } if ($schedule_type == "D") { $show .= "<br><script language=javascript>showLayer('idSched', 2);</script>"; } if ($schedule_type == "W") { $show .= "<br><script language=javascript>showLayer('idSched', 4);</script>"; } if ($schedule_type == "M") { $show .= "<br><script language=javascript>showLayer('idSched', 5);</script>"; } if ($schedule_type == "NW") { $show .= "<br><script language=javascript>showLayer('idSched', 6);</script>"; } } if (isset($editdata['job_TYPE'])) { $sjTYPE[$editdata['job_TYPE']] = "SELECTED"; } else { $sjTYPE['M'] = "SELECTED"; } if (isset($editdata['day_of_month'])) { $dayofmonth = $editdata['day_of_month']; } if (isset($editdata['day_of_week'])) { $day[$editdata['day_of_week']] = "SELECTED"; } if ($dayofweek_selected != "") { $day[$dayofweek_selected] = "SELECTED"; } if (!$uroles['nessus']) { $name = "sr-" . substr($username, 0, 6) . "-" . time(); $name = $editdata['name'] == "" ? $name : $editdata['name']; $nameout = $name . "<input type=hidden style='width:200px' name='sname' value='{$name}'>"; } else { $nameout = "<input type=text style='width:200px' name='sname' value='" . ($sname_selected != "" ? "{$sname_selected}" : "{$editdata['name']}") . "'>"; } $discovery = "<input type=\"hidden\" name=\"cred_type\" value=\"N\">"; $discovery .= "<table width=\"80%\">"; $discovery .= "<tr>"; $discovery .= "<input type=\"hidden\" name=\"smethod\" value=\"{$smethod}\">"; $discovery .= "<td align=\"Right\" width=\"30%\">" . _("Job Name") . ":</td>"; $discovery .= "<td style=\"text-align:left;\">{$nameout}</td>"; $discovery .= "</tr>"; $query = "SELECT id, name, hostname\n FROM vuln_nessus_servers\n WHERE enabled='1' AND status='A'"; $result = $dbconn->execute($query); $discovery .= "<tr>"; $discovery .= "<td align=\"right\">" . _("Select Server") . ":</td>"; $discovery .= "<td style=\"text-align:left;\"><select name=\"SVRid\">"; //if($SVRid=="" || $SVRid_selected=="Null") { $discovery .= "<option value=\"Null\">" . _("First Available Server-Distributed") . "</option>"; //} while (!$result->EOF) { list($SVRid, $sname, $shostIP) = $result->fields; if (Session::am_i_admin() || Session::sensorAllowed($shostIP)) { // $shostIP=="localhost" || $discovery .= "<option value=\"{$SVRid}\" "; if ($editdata['scan_ASSIGNED'] != "" && $editdata['scan_ASSIGNED'] == $SVRid) { $discovery .= " SELECTED"; } if ($SVRid_selected == $SVRid) { $discovery .= " SELECTED"; } $discovery .= ">" . strtoupper($sname) . " [{$shostIP}] </option>"; } $result->MoveNext(); } $discovery .= <<<EOT </select> </td> </tr> <tr> EOT; $discovery .= "<td align='right' width='25%'>" . _("Profile") . ":</td>"; $discovery .= "<td style='text-align:left;'><select name='sid'>"; //$query = "SELECT distinct(t1.id), t1.name, t1.description // FROM vuln_nessus_settings t1 // LEFT JOIN vuln_nessus_settings_users t2 ON t1.id = t2.sid // WHERE t1.type = 'G' OR t2.username='******' // ORDER BY t1.name"; $query = ""; if ($username == "admin" || Session::am_i_admin()) { $query = "SELECT distinct(t1.id), t1.name, t1.description \n FROM vuln_nessus_settings t1 WHERE deleted='0'\n ORDER BY t1.name"; } else { if (preg_match("/pro|demo/i", $version)) { if (Acl::am_i_proadmin()) { $pro_users = array(); $entities_list = Acl::get_user_entities($current_user); //list($entities_admin,$num) = Acl::get_entities_admin($dbconn,Session::get_session_user()); //$entities_list = array_keys($entities_admin); $users = Acl::get_my_users($dbconn, Session::get_session_user()); foreach ($users as $us) { $pro_users[] = $us["login"]; } $query = "SELECT distinct(t1.id), t1.name, t1.description FROM vuln_nessus_settings t1\n WHERE deleted = '0' and (name='Default' or owner in ('0','" . implode("','", array_merge($entities_list, $pro_users)) . "')) ORDER BY t1.name"; } else { $tmp = array(); $entities = Acl::get_user_entities($username); foreach ($entities as $entity) { $tmp[] = "'" . $entity . "'"; } if (count($tmp) > 0) { $user_where = "owner in ('0','{$username}'," . implode(", ", $tmp) . ")"; } else { $user_where = "owner in ('0','{$username}')"; } $query = "SELECT distinct(t1.id), t1.name, t1.description FROM vuln_nessus_settings t1\n WHERE deleted = '0' and (name='Default' or {$user_where}) ORDER BY t1.name"; } } else { $query = "SELECT distinct(t1.id), t1.name, t1.description FROM vuln_nessus_settings t1\n WHERE deleted = '0' and (name='Default' or owner in ('0','{$username}')) ORDER BY t1.name"; } } //var_dump($query); $result = $dbconn->execute($query); $job_profiles = array(); $id_found = false; $ipr = 0; while (!$result->EOF) { list($sid, $sname, $sdescription) = $result->fields; if ($sid_selected == $sid) { $id_found = true; } $job_profiles[$ipr]["sid"] = $sid; $job_profiles[$ipr]["sname"] = $sname; $job_profiles[$ipr]["sdescription"] = $sdescription; $ipr++; $result->MoveNext(); } foreach ($job_profiles as $profile_data) { $sid = $profile_data["sid"]; $sname = $profile_data["sname"]; $sdescription = $profile_data["sdescription"]; $discovery .= "<option value=\"{$sid}\" "; if ($sid_selected == $sid) { if ($sdescription != "") { $discovery .= "selected>{$sname} - {$sdescription}</option>"; } else { $discovery .= "selected>{$sname}</option>"; } } else { if ($sdescription != "") { $discovery .= (preg_match("/default/i", $sname) && !$id_found ? 'selected="selected"' : "") . ">{$sname} - {$sdescription}</option>"; } else { $discovery .= (preg_match("/default/i", $sname) && !$id_found ? 'selected="selected"' : "") . ">{$sname}</option>"; } } } $discovery .= "</select>  [<a href=\"settings.php?hmenu=Vulnerabilities&smenu=ScanProfiles\">" . _("Edit Profiles") . "</a>]</td>"; $discovery .= "</tr>"; $discovery .= "<tr>"; $discovery .= "<td align='right'>" . _("Timeout") . "</td>"; $discovery .= "<td style=\"text-align:left;\" nowrap><input type='text' style='width:80px' name='timeout' value='" . ($timeout_selected == "" ? "{$timeout}" : "{$timeout_selected}") . "'>"; $discovery .= "<font color='black'> " . _("Max scan run time in seconds") . " </font></td>"; $discovery .= "</tr>"; if ($smethod == "inmediately") { $discovery .= "<tr>"; $discovery .= "<td style=\"text-align:center;\" nowrap>" . _("Schedule Method") . ":</td>"; $discovery .= "<td style=\"text-align:left;\" nowrap>" . _("Inmediately") . "<td>"; $discovery .= "</tr>"; $discovery .= "<tr style='display:none'>"; } else { $discovery .= "<tr>"; } $discovery .= "<td style=\"text-align:left;padding-left:35px;\">" . _("Schedule Method") . ":<br>"; if (!$scheduler && $enScanRequestImmediate) { $discovery .= "<input type=\"radio\" name=\"schedule_type\" value=\"N\" onClick=\"showLayer('idSched', 1)\" {$sTYPE['N']}>" . _("Immediately") . "</input><br>"; } if (!$scheduler) { $discovery .= "<input type=\"radio\" name=\"schedule_type\" value=\"O\" onClick=\"showLayer('idSched', 3)\" {$sTYPE['O']}>" . _("Run Once") . "</input><br>"; } if ($scheduler || $enScanRequestRecur) { $discovery .= "<input type=\"radio\" name=\"schedule_type\" value=\"D\" onClick=\"showLayer('idSched', 2)\" {$sTYPE['D']}>" . _("Daily") . "</input><br>"; $discovery .= "<input type=\"radio\" name=\"schedule_type\" value=\"W\" onClick=\"showLayer('idSched', 4)\" {$sTYPE['W']}>" . _("Day of the Week") . "</input><br>"; $discovery .= "<input type=\"radio\" name=\"schedule_type\" value=\"M\" onClick=\"showLayer('idSched', 5)\" {$sTYPE['M']}>" . _("Day of the Month") . "</input><br>"; $discovery .= "<input type=\"radio\" name=\"schedule_type\" value=\"NW\" onClick=\"showLayer('idSched', 6)\" {$sTYPE['NW']}>" . _("N<sup>th</sup> weekday of the month") . "</input><br>"; } $discovery .= <<<EOT </td> <td><div> <div id="idSched1" class="forminput"> </div> <div id="idSched3" class="forminput"> <table cellspacing="2" cellpadding="0" width="100%"> EOT; $discovery .= "<tr><td colspan='7' class='noborder'>" . gettext("Year") . " <select name='ROYEAR'>"; $discovery .= "<option value=\"{$tyear}\" " . ($ROYEAR_selected == "" || $ROYEAR_selected == $tyear ? "selected" : "") . ">{$tyear}</option>"; $discovery .= "<option value=\"{$nyear}\" " . ($ROYEAR_selected == $nyear ? "selected" : "") . ">{$nyear}</option>"; $discovery .= "</select> " . gettext("Month") . " <select name='ROMONTH'>"; /* $discovery .= <<<EOT </td> <td><div> <div id="idSched1" class="forminput"> </div> <div id="idSched3" class="forminput"> <table cellspacing="2" cellpadding="0" width="100%"> <tr><td colspan="7" class="noborder">Year <select name="ROYEAR"> <option value="$tyear" selected>$tyear</option>"; <option value="$nyear">$nyear</option>"; </select> Month <select name="ROMONTH">"; EOT;*/ for ($i = 1; $i <= 12; $i++) { $discovery .= "<option value=\"{$i}\" "; if ($i == $tmonth && $ROMONTH_selected == "" || $ROMONTH_selected == $i) { $discovery .= "selected"; } $discovery .= ">{$i}</option>"; } $discovery .= "</select> " . gettext("Day") . " <select name=\"ROday\">"; for ($i = 1; $i <= 31; $i++) { $discovery .= "<option value=\"{$i}\" "; if ($i == $tday && $ROday_selected == "" || $ROday_selected == $i) { $discovery .= "selected"; } $discovery .= ">{$i}</option>"; } $discovery .= <<<EOT </select></td> </tr> </table> </div> <div id="idSched4" class="forminput" > <table width="100%"> <tr> EOT; $discovery .= "<th align=\"right\">" . _("Weekly") . "</td><td colspan=\"2\" class=\"noborder\">"; $discovery .= "<select name=\"dayofweek\">"; $discovery .= "<option value=\"Su\" SELECTED >" . gettext("Select week day to run") . "</option>"; $discovery .= "<option value=\"Su\" {$day['Su']} >" . gettext("Sunday") . "</option>"; $discovery .= "<option value=\"Mo\" {$day['Mo']} >" . gettext("Monday") . "</option>"; $discovery .= "<option value=\"Tu\" {$day['Tu']} >" . gettext("Tuesday") . "</option>"; $discovery .= "<option value=\"We\" {$day['We']} >" . gettext("Wednesday") . "</option>"; $discovery .= "<option value=\"Th\" {$day['Th']} >" . gettext("Thursday") . "</option>"; $discovery .= "<option value=\"Fr\" {$day['Fr']} >" . gettext("Friday") . "</option>"; $discovery .= "<option value=\"Sa\" {$day['Sa']} >" . gettext("Saturday") . "</option>"; $discovery .= "</select>"; $discovery .= "</td>"; $discovery .= <<<EOT </tr> </table> </div> <div id="idSched5" class="forminput"> <table width="100%"> <tr> EOT; $discovery .= "<th align='right'>" . gettext("Select Day") . "</td>"; $discovery .= <<<EOT <td colspan="2" class="noborder"><select name="dayofmonth">" EOT; for ($i = 1; $i <= 31; $i++) { $discovery .= "<option value=\"{$i}\""; if ($dayofmonth == $i && $dayofmonth_selected == "" || $dayofmonth_selected == $i) { $discovery .= " selected"; } $discovery .= ">{$i}</option>"; } $discovery .= <<<EOT </select></td> </tr> </table> </div> <div id="idSched6" class="forminput"> <table width="100%"> <tr> EOT; $discovery .= "<th align=\"right\">" . gettext("Day of week") . "</th><td colspan=\"2\" class=\"noborder\">"; $discovery .= "<select name=\"nthdayofweek\">"; $discovery .= "<option value=\"Su\" SELECTED >" . gettext("Select week day to run") . "</option>"; $discovery .= "<option value=\"Su\" {$day['Su']} >" . gettext("Sunday") . "</option>"; $discovery .= "<option value=\"Mo\" {$day['Mo']} >" . gettext("Monday") . "</option>"; $discovery .= "<option value=\"Tu\" {$day['Tu']} >" . gettext("Tuesday") . "</option>"; $discovery .= "<option value=\"We\" {$day['We']} >" . gettext("Wednesday") . "</option>"; $discovery .= "<option value=\"Th\" {$day['Th']} >" . gettext("Thursday") . "</option>"; $discovery .= "<option value=\"Fr\" {$day['Fr']} >" . gettext("Friday") . "</option>"; $discovery .= "<option value=\"Sa\" {$day['Sa']} >" . gettext("Saturday") . "</option>"; $discovery .= "</select>"; $discovery .= "</td>"; $discovery .= <<<EOT </tr> </table> <br> <table width="100%"> <tr> EOT; $discovery .= "<th align='right'>" . gettext("N<sup>th</sup> weekday") . "</th><td colspan='2' class='noborder'>"; $discovery .= "<select name='nthweekday'>"; $discovery .= "<option value='1'>" . gettext("Select nth weekday to run") . "</option>"; $discovery .= "<option value='1'" . ($dayofmonth == 1 ? " selected" : "") . ">" . gettext("First") . "</option>"; $discovery .= "<option value='2'" . ($dayofmonth == 2 ? " selected" : "") . ">" . gettext("Second") . "</option>"; $discovery .= "<option value='3'" . ($dayofmonth == 3 ? " selected" : "") . ">" . gettext("Third") . "</option>"; $discovery .= "<option value='4'" . ($dayofmonth == 4 ? " selected" : "") . ">" . gettext("Fourth") . "</option>"; $discovery .= "<option value='5'" . ($dayofmonth == 5 ? " selected" : "") . ">" . gettext("Fifth") . "</option>"; $discovery .= <<<EOT </select> </td> </tr> </table> </div> <div id="idSched2" class="forminput"> <table width="100%"> EOT; $discovery .= "<tr>"; $discovery .= "<th rowspan='2' align='right' width='30%'>" . gettext("Time") . "</td>"; $discovery .= "<td align='right'>" . gettext("Hour") . "</td><td>" . gettext("Minutes") . "</td>"; $discovery .= "</tr>"; $discovery .= <<<EOT <tr> <td align="right" class="noborder"><select name="time_hour"> EOT; for ($i = 0; $i <= 23; $i++) { $discovery .= "<option align=\"right\" value=\"{$i}\""; if ($time_hour == $i && $time_hour_selected == "" || $time_hour_selected == $i) { $discovery .= " selected"; } $discovery .= ">{$i}</option>"; } $discovery .= <<<EOT </select></td> <td class="noborder"><select name="time_min"> EOT; for ($i = 0; $i < 60; $i = $i + 15) { $discovery .= "<option value=\"{$i}\""; if ($time_min == $i && $time_min_selected == "" || $time_min_selected == $i) { $discovery .= " selected"; } $discovery .= ">{$i}</option>"; } $discovery .= <<<EOT </select></td> </tr> </table> </div> </tr> EOT; $conf = $GLOBALS["CONF"]; $version = $conf->get_conf("ossim_server_version", FALSE); $pro = preg_match("/pro|demo/i", $version) ? true : false; $users = Session::get_users_to_assign($dbconn); $entities = Session::get_entities_to_assign($dbconn); $discovery .= "<tr>\n\t\t\t\t\t\t<td>" . _("Make this scan job visible for:") . "</td>\n\t\t\t\t\t\t<td style='text-align: left'>\n\t\t\t\t\t\t\t<table cellspacing='0' cellpadding='0' class='transparent' style='margin: 5px 0px;'>\n\t\t\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t\t\t<td class='nobborder'><span style='margin-right:3px'>" . _('User:'******'nobborder'>\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t<select name='user' id='user' onchange=\"switch_user('user');return false;\">"; $num_users = 0; foreach ($users as $k => $v) { $login = $v->get_login(); $selected = $editdata["username"] == $login || $user_selected == $login ? "selected='selected'" : ""; $options .= "<option value='" . $login . "' {$selected}>{$login}</option>\n"; $num_users++; } if ($num_users == 0) { $discovery .= "<option value='' style='text-align:center !important;'>- " . _("No users found") . " -</option>"; } else { $discovery .= "<option value='' style='text-align:center !important;'>- " . _("Select one user") . " -</option>\n"; $discovery .= $options; } $discovery .= "\t\t\t\t\t\t</select>\n\t\t\t\t\t\t\t\t\t</td>"; if (!empty($entities)) { $discovery .= "\t \t\t\t<td style='text-align:center; border:none; !important'><span style='padding:5px;'>" . _("OR") . "<span></td>\n\t\t\t\t\t\t\t\t\t<td class='nobborder'><span style='margin-right:3px'>" . _("Entity:") . "</span></td>\n\t\t\t\t\t\t\t\t\t<td class='nobborder'>\t\n\t\t\t\t\t\t\t\t\t\t<select name='entity' id='entity' onchange=\"switch_user('entity');return false;\">\n\t\t\t\t\t\t\t\t\t\t\t<option value='' style='text-align:center !important;'>-" . _("Select one entity") . "-</option>"; foreach ($entities as $k => $v) { $selected = $editdata["username"] == $k || $entity_selected == $k ? "selected='selected'" : ""; $discovery .= "<option value='{$k}' {$selected}>{$v}</option>"; } $discovery .= "\t\t\t\t\t</select>\n\t\t\t\t\t\t\t\t\t</td>"; } $discovery .= " \t \t</tr>\n\t\t\t\t\t\t\t</table>\n\t\t\t\t\t\t</td>\n\t\t\t\t\t</tr>"; $discovery .= "<tr><td>" . _("Send an email notification when finished:"); $discovery .= "</td>"; $discovery .= "<td style=\"text-align:left;\">"; $discovery .= "<input type=\"radio\" name=\"semail\" value=\"0\"" . (count($editdata) <= 1 && intval($semail) == 0 || intval($editdata['meth_Wfile']) == 0 ? " checked" : "") . "/>" . _("No"); $discovery .= "<input type=\"radio\" name=\"semail\" value=\"1\"" . (count($editdata) <= 1 && intval($semail) == 1 || intval($editdata['meth_Wfile']) == 1 ? " checked" : "") . "/>" . _("Yes"); $discovery .= "</td></tr>"; $targets_message = _("Targets") . "<br>" . _("(Hosts/Networks)") . "<br>"; $discovery .= "<tr><td valign=\"top\" style=\"text-align:left;padding-left:50px;\" width=\"20%\" class=\"noborder\"><br>"; $discovery .= "<input type=\"checkbox\" name=\"hosts_alive\" value=\"1\"" . (count($editdata) <= 1 && intval($hosts_alive) == 1 || intval($editdata['meth_CRED']) == 1 ? " checked" : "") . ">" . _("Only scan hosts that are alive") . "<br>(" . _("greatly speeds up the scanning process") . ")<br><br>"; //if (Session::am_i_admin()) $discovery .= "<input type=\"checkbox\" name=\"scan_locally\" value=\"1\"" . ($pre_scan_locally_status == 0 ? " disabled=\"disabled\"" : "") . ($pre_scan_locally_status == 1 && (count($editdata) <= 1 && intval($scan_locally) == 1 || intval($editdata['authorized']) == 1) ? " checked" : "") . ">" . _("Pre-Scan locally") . "<br>(" . _("do not pre-scan from scanning sensor") . ")<br><br>"; $discovery .= "<input type=\"checkbox\" name=\"not_resolve\" value=\"1\" " . ($editdata['resolve_names'] === "0" || $not_resolve == "1" ? "checked=\"checked\"" : "") . "/>" . _("Do not resolve names"); //else // $discovery .= "<input type=\"hidden\" name=\"scan_locally\" value=\"0\">"; $discovery .= <<<EOT <select name="tarSel" style="display:none;" onClick="if (this.options[this.selectedIndex].value != 'null') { showLayer('idTarget', this.options[this.selectedIndex].value ) }"> <option name="schedule" value="1" {$sjTYPE['M']} selected>IP List</option> <option name="schedule" value="2">IP Range</option> <option name="schedule" value="3" >Named Target List</option> <option name="schedule" value="4">CIDR</option> <option name="schedule" value="5" {$sjTYPE['C']} >Subnet</option> <option name="schedule" value="6" {$sjTYPE['S']} >Asset List/System</option> </select><br><br><br><br><br><br><br><br><br></td> <td class="noborder" style="text-align:left" valign="top"> <div align="left"> <div id="idTarget1"> \t\t\t<table class="noborder"><tr> <td style="text-align:center;padding-bottom:3px;" class="nobborder">{$targets_message}</td> </tr> <tr> \t\t\t<td valign="top" class="noborder"> <table class="transparent" width="100%"> <tr> <td class='nobborder'> EOT; $discovery .= "<textarea name=\"ip_list\" id=\"ip_list\" cols=\"32\" rows=\"8\">" . ($ip_list_selected == "" ? "{$editdata['meth_TARGET']}" : "{$ip_list_selected}") . "</textarea>"; $discovery .= "</td></tr>"; $discovery .= "<tr><td style='text-align:left;' class='nobborder'>"; $discovery .= "<div id='lassets' style='display:none'>"; $discovery .= "<img width=\"16\" align=\"absmiddle\" src=\"./images/loading.gif\" border=\"0\" alt=\"" . _("Loading assets...") . "\" title=\"" . _("Loading assets...") . "\">"; $discovery .= "<span style='margin-left:4px;'>" . _("Loading assets, please wait few seconds...") . "</span>"; $discovery .= <<<EOT </div> <td> </tr> </table> \t\t\t</td> \t\t\t<td valign="top" style="text-align:left" class="noborder"> \t\t\t\t<div id="htree" style="width:450px"></div> \t\t\t</td> \t\t\t</tr></table> </div> <div id="idTarget2" class="forminput"> <table width="100%" style="border:0;"> <tr> <td align="Right" width="30%" >Range Start</td> <td><input type="text" name="ip_start" value=""></td> </tr> <tr> <td align="Right" width="30%" >Range End</td> <td><input type="text" name="ip_end" value=""></td> </tr> </table> </div> <div id="idTarget3" class="forminput"> <textarea name="named_list" cols="32" rows="8"></textarea> </div> <div id="idTarget4" class="forminput"> <input type="text" name="cidr" value=""> </div> <div id="idTarget5" class="forminput"> <table width="100%" style="border:0;"> <tr> <td align="Right" width="30%" ></td> <td><select name="subnet"> <option value="" >Select A Subnet to Scan</option> EOT; if ($uroles['admin'] || $uroles['auditAll']) { $discovery .= "<option value='ALL' >Audit All Subnets - (SINGLE JOB)!!!</option>"; $query_filter = "AND t1.tiScanApproval='1'"; } else { $query_filter = "AND t4.pn_uname = '{$username}'"; } #$query = "SELECT distinct t1.id, t1.site_code, t1.CIDR # FROM vuln_subnets t1 # LEFT JOIN vuln_sites t2 ON t1.site_code = t2.site_code # LEFT JOIN vuln_org_sites t3 ON t2.id = t3.siteID # LEFT JOIN vuln_org_users t4 ON t3.orgID = t4.orgID # WHERE t1.status != 'available' $query_filter # ORDER BY t1.site_code, CIDR"; //$result=$dbconn->execute($query); //while (!$result->EOF) { // list($subid, $scode, $sname)=$result->fields; // if ( $editdata['fk_name'] == $sname ) { $selected= "SELECTED"; } else { $selected=""; } // $discovery .= "<option value=\"$sname\" $selected >[$scode] $sname</option>"; // $result->MoveNext(); //} $discovery .= <<<EOT </select></td> </tr> </table> </div> <div id="idTarget6" class="forminput"> <table width="100%" style="border:0;"> <tr> <td align="Right" width="30%" ></td> <td><select name="system"> <option value="" >Select A System to Scan</option> EOT; if ($uroles['admin'] || $uroles['auditAll']) { } else { $query_filter = "AND t2.pn_uname = '{$username}'"; } #$query = "SELECT distinct t1.id, t1.acronym, t1.name # FROM vuln_systems t1 # LEFT JOIN vuln_system_users t2 ON t2.sysID = t1.id # WHERE t1.deleted='0' $cquery_like AND t1.status='assigned' $query_filter # ORDER BY t1.site_code, acronym"; #$result=$dbconn->execute($query); #while (!$result->EOF) { # list($subid, $scode, $sname)=$result->fields; # if ( $editdata['fk_name'] == $scode ) { $selected= "SELECTED"; } else { $selected=""; } # $discovery .= "<option value=\"$scode\" $selected>[$scode] $sname</option>"; # $result->MoveNext(); #} $discovery .= <<<EOT </select></td> </tr> </table> </div> </div> </div> </td> </tr> </table> </tr></td></table> EOT; //if(!$scheduler && !$enScanRequestImmediate) { // $discovery .= "<script language=javascript>showLayer('idSched', 3);</script>"; //} $discovery .= $show; return $discovery; }
function select_profile() { global $sid, $username, $dbconn, $version, $nessus_path; $args = ""; if (!Session::am_i_admin()) { $my_entities = Session::get_entities_to_assign($dbconn); $my_entities["0"] = '0'; $my_entities_keys = array_keys($my_entities); $my_entities = implode("', '", $my_entities_keys); $sql_perms = "OR owner IN('" . $my_entities . "')"; $my_users_list = Session::get_users_to_assign($dbconn); $my_users_logins = array(); foreach ($my_users_list as $user_data) { $my_users_logins[] = $user_data->get_login(); } if (!empty($my_users_logins)) { $sql_perms .= " OR owner IN('" . implode("', '", $my_entities_keys) . "')"; } $args = "WHERE owner = '" . Session::get_session_user() . "' OR name='Default' OR name='Deep' OR name='Ultimate' " . $sql_perms; } $layouts = array(); $query = "SELECT id, name, description, owner, type FROM vuln_nessus_settings {$args} ORDER BY name"; $dbconn->SetFetchMode(ADODB_FETCH_BOTH); $result = $dbconn->execute($query); echo "<CENTER>"; echo "<table class=\"transparent\"><tr><td class=\"sec_title\">" . _("Vulnerability Scan Profiles") . "</td></tr></table>"; echo "<p>"; echo _("Please select a profile to edit") . ":"; echo "</p>"; echo "<table class='table_list'>"; echo "<tr>"; echo "<th>" . _("Available for") . "</th>"; echo "<th>" . _("Profile") . "</th>"; echo "<th>" . _("Description") . "</th>"; echo "<th>" . _("Action") . "</th>"; echo "</tr>"; $color = 0; while (!$result->EOF) { $sid = $result->fields[0]; $sname = $result->fields[1]; $sdescription = $result->fields[2]; $sowner = $result->fields[3]; $stype = $result->fields[4]; echo "<tr id='profile{$sid}'>"; if ($sowner == "0") { echo "<td>" . _("All") . "</td>"; } elseif (valid_hex32($sowner)) { echo "<td style='padding:0px 2px 0px 2px;'>" . Session::get_entity_name($dbconn, $sowner) . "</td>"; } else { echo "<td>" . Util::htmlentities($sowner) . "</td>"; } echo "<td width='200'>" . Util::htmlentities($sname) . "</td>"; echo "<td width='450'>" . Util::htmlentities($sdescription) . "</td>"; echo "<td>"; if ($sname == "Default" || $sname == "Deep" || $sname == "Ultimate") { echo "<img src=\"images/pencil.png\" class=\"tip disabled\" title=\"" . _("{$sname} profile can't be edited, clone it to make changes") . "\" />"; echo "<img src=\"images/delete.gif\" class=\"tip disabled\" title=\"" . _("{$sname} profile can't be deleted") . "\" />"; } else { if (Vulnerabilities::can_modify_profile($dbconn, $sname, $sowner)) { echo "<a href='settings.php?disp=edit&sid={$sid}'><img class='hand' id='edit_" . md5($sname . $sowner) . "' src='images/pencil.png' ></a>"; } else { echo "<img class='disabled' src='images/pencil.png'>"; } if (Vulnerabilities::can_delete_profile($dbconn, $sname, $sowner)) { echo "<img class='hand' src='images/delete.gif' id='delete_" . md5($sname . $sowner) . "' onclick='deleteProfile({$sid})'>"; } else { echo "<img class='disabled' src=\"images/delete.gif\" >"; } } echo "</td>"; echo "</tr>"; $result->MoveNext(); $color++; } echo "</table>"; echo "<center>"; echo "<form>"; echo "<br/>"; echo "<input type='button' onclick=\"document.location.href='settings.php?disp=new'\" id=\"new_profile\" value=\"" . _("Create New Profile") . "\"/>"; echo "</form>"; echo "</p>"; echo "</center>"; // end else }
function tab_discovery() { global $component, $uroles, $editdata, $scheduler, $username, $useremail, $dbconn, $disp, $enScanRequestImmediate, $enScanRequestRecur, $timeout, $smethod, $SVRid, $sid, $ip_list, $ip_exceptions_list, $schedule_type, $ROYEAR, $ROday, $ROMONTH, $time_hour, $time_min, $dayofweek, $dayofmonth, $sname, $user, $entity, $hosts_alive, $scan_locally, $version, $nthweekday, $semail, $not_resolve, $time_interval, $ssh_credential, $smb_credential, $net_id; global $pluginOptions, $enComplianceChecks, $profileid; $conf = $GLOBALS["CONF"]; $users = Session::get_users_to_assign($dbconn); $entities_to_assign = Session::get_entities_to_assign($dbconn); $pre_scan_locally_status = $conf->get_conf("nessus_pre_scan_locally"); $user_selected = $user; $entity_selected = $entity; $SVRid_selected = $SVRid; $sid_selected = $sid != "" ? $sid : $editdata['meth_VSET']; $timeout_selected = $editdata["meth_TIMEOUT"]; $ip_list_selected = str_replace("\\r\\n", "\n", str_replace(";;", "\n", $ip_list)); if (count($ip_exceptions_list) > 0) { $ip_list_selected .= "\n" . implode("\n", $ip_exceptions_list); } $ROYEAR_selected = $ROYEAR; $ROday_selected = $ROday; $ROMONTH_selected = $ROMONTH; $time_hour_selected = $time_hour; $time_min_selected = $time_min; $dayofweek_selected = $dayofweek; $dayofmonth_selected = $dayofmonth; $sname_selected = $sname; if (preg_match("/^[a-f\\d]{32}\$/i", $net_id)) { // Autofill new scan job from deployment if (Asset_net::is_in_db($dbconn, $net_id)) { $sname_selected = Asset_net::get_name_by_id($dbconn, $net_id); $schedule_type = "M"; $ip_list = array(); $nips = explode(",", Asset_net::get_ips_by_id($dbconn, $net_id)); foreach ($nips as $nip) { $ip_list[] = $net_id . "#" . trim($nip); } } } if ($schedule_type != "") { $editdata['schedule_type'] = $schedule_type; } $cquery_like = ""; if ($component != "") { $cquery_like = " AND component='{$component}'"; } $today = date("Ymd"); $tyear = substr($today, 0, 4); $nyear = $tyear + 1; $tmonth = substr($today, 4, 2); $tday = substr($today, 6, 2); #SET VALUES UP IF EDIT SCHEDULER if (isset($editdata['notify'])) { $enotify = $editdata['notify']; } else { $enotify = "{$useremail}"; } if (isset($editdata['time'])) { list($time_hour, $time_min, $time_sec) = split(':', $editdata['time']); $tz = Util::get_timezone(); $time_hour = $time_hour + $tz; } $arrTypes = array("N", "O", "D", "W", "M", "NW"); foreach ($arrTypes as $type) { $sTYPE[$type] = ""; } $arrJobTypes = array("C", "M", "R", "S"); foreach ($arrJobTypes as $type) { $sjTYPE[$type] = ""; } if (isset($editdata['schedule_type'])) { $sTYPE[$editdata['schedule_type']] = "selected='selected'"; if ($editdata['schedule_type'] == 'D') { $ni = 2; } elseif ($editdata['schedule_type'] == 'O') { $ni = 3; } elseif ($editdata['schedule_type'] == 'W') { $ni = 4; } elseif ($editdata['schedule_type'] == 'NW') { $ni = 6; } else { $ni = 5; } $show = "<br><script language=javascript>showLayer('idSched', {$ni});</script>"; } else { if ($enScanRequestImmediate) { $sTYPE['N'] = "selected='selected'"; $show = "<br><script language=javascript>showLayer('idSched', 1);</script>"; } else { $sTYPE['O'] = "selected='selected'"; $show = "<br><script language=javascript>showLayer('idSched', 3);</script>"; } } if ($schedule_type != "") { if ($schedule_type == "N") { $show .= "<br><script language=javascript>showLayer('idSched', 1);</script>"; } if ($schedule_type == "O") { $show .= "<br><script language=javascript>showLayer('idSched', 3);</script>"; } if ($schedule_type == "D") { $show .= "<br><script language=javascript>showLayer('idSched', 2);</script>"; } if ($schedule_type == "W") { $show .= "<br><script language=javascript>showLayer('idSched', 4);</script>"; } if ($schedule_type == "M") { $show .= "<br><script language=javascript>showLayer('idSched', 5);</script>"; } if ($schedule_type == "NW") { $show .= "<br><script language=javascript>showLayer('idSched', 6);</script>"; } } if (isset($editdata['job_TYPE'])) { $sjTYPE[$editdata['job_TYPE']] = "SELECTED"; } else { $sjTYPE['M'] = "SELECTED"; } if (isset($editdata['day_of_month'])) { $dayofmonth = $editdata['day_of_month']; } if (isset($editdata['day_of_week'])) { $day[$editdata['day_of_week']] = "SELECTED"; } if ($dayofweek_selected != "") { $day[$dayofweek_selected] = "SELECTED"; } if (!$uroles['nessus']) { $name = "sr-" . substr($username, 0, 6) . "-" . time(); $name = $editdata['name'] == "" ? $name : $editdata['name']; $nameout = $name . "<input type=hidden style='width:210px' name='sname' value='{$name}'>"; } else { $nameout = "<input type=text style='width:210px' name='sname' value='" . ($sname_selected != "" ? "{$sname_selected}" : "{$editdata['name']}") . "'>"; } $discovery = "<input type=\"hidden\" name=\"save_scan\" value=\"1\">"; $discovery .= "<input type=\"hidden\" name=\"cred_type\" value=\"N\">"; $discovery .= "<table width=\"80%\" cellspacing=\"4\">"; $discovery .= "<tr>"; $discovery .= "<input type=\"hidden\" name=\"smethod\" value=\"{$smethod}\">"; $discovery .= "<td width=\"25%\" class='job_option'>" . Util::strong(_("Job Name") . ":") . "</td>"; $discovery .= "<td style=\"text-align:left;\">{$nameout}</td>"; $discovery .= "</tr>"; list($sensor_list, $total) = Av_sensor::get_list($dbconn); $discovery .= "<tr>"; $discovery .= "<td class='job_option'>" . Util::strong(_("Select Server") . ":") . "</td>"; $discovery .= "<td style='text-align:left;'><select id='SVRid' style='width:212px' name='SVRid'>"; $discovery .= "<option value='Null'>" . _("First Available Server-Distributed") . "</option>"; foreach ($sensor_list as $_sensor_id => $sensor_data) { if (intval($sensor_data['properties']['has_vuln_scanner']) == 1) { $discovery .= "<option value=\"{$_sensor_id}\" "; if ($editdata['email'] == $_sensor_id || $editdata['scan_ASSIGNED'] == $_sensor_id) { $discovery .= " SELECTED"; } if ($SVRid_selected == $_sensor_id) { $discovery .= " SELECTED"; } $discovery .= ">" . strtoupper($sensor_data['name']) . " [" . $sensor_data['ip'] . "] </option>"; } } $discovery .= <<<EOT </select> </td> </tr> <tr> EOT; $discovery .= "<td class='job_option'>" . Util::strong(_("Profile") . ":") . "</td>"; $discovery .= "<td style='text-align:left;'><select name='sid'>"; $query = ""; if ($username == "admin" || Session::am_i_admin()) { $query = "SELECT distinct(t1.id), t1.name, t1.description \n FROM vuln_nessus_settings t1 WHERE deleted='0'\n ORDER BY t1.name"; } else { if (Session::is_pro()) { $users_and_entities = Acl::get_entities_to_assign($dbconn); if (Acl::am_i_proadmin()) { $users = Acl::get_my_users($dbconn, Session::get_session_user()); foreach ($users as $us) { $users_and_entities[$us->get_login()] = $us->get_login(); } $owner_list['0'] = '0'; $owner_list = array_keys($users_and_entities); $owner_list = implode("','", $owner_list); $query = "SELECT distinct(t1.id), t1.name, t1.description FROM vuln_nessus_settings t1\n WHERE deleted = '0' and (name='Default' or owner in ('" . $owner_list . "')) ORDER BY t1.name"; } else { $owner_list['0'] = '0'; $owner_list[$username] = $username; $owner_list = array_keys($users_and_entities); $owner_list[] = Session::get_session_user(); $owner_list = implode("','", $owner_list); $user_where = "owner in ('" . $owner_list . "')"; $query = "SELECT distinct(t1.id), t1.name, t1.description FROM vuln_nessus_settings t1\n WHERE deleted = '0' and (name='Default' or {$user_where}) ORDER BY t1.name"; } } else { $query = "SELECT distinct(t1.id), t1.name, t1.description FROM vuln_nessus_settings t1\n WHERE deleted = '0' and (name='Default' or owner in ('0','{$username}')) ORDER BY t1.name"; } } $dbconn->SetFetchMode(ADODB_FETCH_BOTH); $result = $dbconn->execute($query); $job_profiles = array(); $id_found = false; $ipr = 0; while (!$result->EOF) { list($sid, $sname, $sdescription) = $result->fields; if ($sid_selected == $sid) { $id_found = true; } $job_profiles[$ipr]["sid"] = $sid; $job_profiles[$ipr]["sname"] = $sname; $job_profiles[$ipr]["sdescription"] = $sdescription; $ipr++; $result->MoveNext(); } foreach ($job_profiles as $profile_data) { $sid = $profile_data["sid"]; $sname = $profile_data["sname"]; $sdescription = $profile_data["sdescription"]; $discovery .= "<option value=\"{$sid}\" "; if ($sid_selected == $sid) { if ($sdescription != "") { $discovery .= "selected>{$sname} - {$sdescription}</option>"; } else { $discovery .= "selected>{$sname}</option>"; } } else { if ($sdescription != "") { $discovery .= (preg_match("/default/i", $sname) && !$id_found ? 'selected="selected"' : "") . ">{$sname} - {$sdescription}</option>"; } else { $discovery .= (preg_match("/default/i", $sname) && !$id_found ? 'selected="selected"' : "") . ">{$sname}</option>"; } } } $discovery .= "</select>  <a href=\"" . Menu::get_menu_url('settings.php', 'environment', 'vulnerabilities', 'scan_jobs') . "\">[" . _("EDIT PROFILES") . "]</a></td>"; $discovery .= "</tr>"; $discovery .= "<tr>"; $discovery .= "<td class='job_option' style='vertical-align: top;'><div>" . Util::strong(_("Schedule Method") . ":") . "</div></td>"; $discovery .= "<td style='text-align:left'><div><select name='schedule_type' id='scheduleM'>"; $discovery .= "<option value='N' {$sTYPE['N']}>" . _("Immediately") . "</option>"; $discovery .= "<option value='O' {$sTYPE['O']}>" . _("Run Once") . "</option>"; $discovery .= "<option value='D' {$sTYPE['D']}>" . _("Daily") . "</option>"; $discovery .= "<option value='W' {$sTYPE['W']}>" . _("Day of the Week") . "</option>"; $discovery .= "<option value='M' {$sTYPE['M']}>" . _("Day of the Month") . "</option>"; $discovery .= "<option value='NW' {$sTYPE['NW']}>" . _("N<sup>th</sup> weekday of the month") . "</option>"; $discovery .= "</select></div></tr>"; $smethods = array("O", "D", "W", "M", "NW"); $smethodtr_display = in_array($editdata['schedule_type'], $smethods) ? "" : "style='display:none'"; $discovery .= "<tr {$smethodtr_display} id='smethodtr'><td> </td>"; $discovery .= <<<EOT </td> <td><div> <div id="idSched1" class="forminput"> </div> EOT; // div to select start day $discovery .= "<div id=\"idSched8\" class=\"forminput\">"; $discovery .= "<table cellspacing=\"2\" cellpadding=\"0\" width=\"100%\">"; $discovery .= "<tr><th width='35%'>" . _("Begin in") . "</th><td class='noborder' nowrap='nowrap'>" . gettext("Year") . " <select name='biyear'>"; $discovery .= "<option value=\"{$tyear}\" selected>{$tyear}</option>"; $discovery .= "<option value=\"{$nyear}\" >{$nyear}</option>"; $discovery .= "</select> " . gettext("Month") . " <select name='bimonth'>"; for ($i = 1; $i <= 12; $i++) { $discovery .= "<option value=\"{$i}\" "; if ($i == $tmonth) { $discovery .= "selected"; } $discovery .= ">{$i}</option>"; } $discovery .= "</select> " . gettext("Day") . " <select name=\"biday\">"; for ($i = 1; $i <= 31; $i++) { $discovery .= "<option value=\"{$i}\" "; if ($i == $tday) { $discovery .= "selected"; } $discovery .= ">{$i}</option>"; } $discovery .= "</select></td>"; $discovery .= "</tr>"; $discovery .= "</table>"; $discovery .= "</div>"; $discovery .= <<<EOT <div id="idSched3" class="forminput"> <table cellspacing="2" cellpadding="0" width="100%"> EOT; $discovery .= "<tr><th width='35%'>" . _("Day") . "</th><td colspan='6' class='noborder' nowrap='nowrap'>" . gettext("Year") . " <select name='ROYEAR'>"; $discovery .= "<option value=\"{$tyear}\" " . ($ROYEAR_selected == "" || $ROYEAR_selected == $tyear ? "selected" : "") . ">{$tyear}</option>"; $discovery .= "<option value=\"{$nyear}\" " . ($ROYEAR_selected == $nyear ? "selected" : "") . ">{$nyear}</option>"; $discovery .= "</select> " . gettext("Month") . " <select name='ROMONTH'>"; for ($i = 1; $i <= 12; $i++) { $discovery .= "<option value=\"{$i}\" "; if ($i == $tmonth && $ROMONTH_selected == "" || $ROMONTH_selected == $i) { $discovery .= "selected"; } $discovery .= ">{$i}</option>"; } $discovery .= "</select> " . gettext("Day") . " <select name=\"ROday\">"; for ($i = 1; $i <= 31; $i++) { $discovery .= "<option value=\"{$i}\" "; if ($i == $tday && $ROday_selected == "" || $ROday_selected == $i) { $discovery .= "selected"; } $discovery .= ">{$i}</option>"; } $discovery .= <<<EOT </select></td> </tr> </table> </div> <div id="idSched4" class="forminput" > <table width="100%"> <tr> EOT; $discovery .= "<th align=\"right\" width=\"35%\">" . _("Weekly") . "</th><td colspan=\"2\" class=\"noborder\">"; $discovery .= "<select name=\"dayofweek\">"; $discovery .= "<option value=\"Su\" SELECTED >" . gettext("Select week day to run") . "</option>"; $discovery .= "<option value=\"Su\" {$day['Su']} >" . gettext("Sunday") . "</option>"; $discovery .= "<option value=\"Mo\" {$day['Mo']} >" . gettext("Monday") . "</option>"; $discovery .= "<option value=\"Tu\" {$day['Tu']} >" . gettext("Tuesday") . "</option>"; $discovery .= "<option value=\"We\" {$day['We']} >" . gettext("Wednesday") . "</option>"; $discovery .= "<option value=\"Th\" {$day['Th']} >" . gettext("Thursday") . "</option>"; $discovery .= "<option value=\"Fr\" {$day['Fr']} >" . gettext("Friday") . "</option>"; $discovery .= "<option value=\"Sa\" {$day['Sa']} >" . gettext("Saturday") . "</option>"; $discovery .= "</select>"; $discovery .= "</td>"; $discovery .= <<<EOT </tr> </table> </div> <div id="idSched5" class="forminput"> <table width="100%"> <tr> EOT; $discovery .= "<th width='35%'>" . gettext("Select Day") . "</td>"; $discovery .= <<<EOT <td colspan="2" class="noborder"><select name="dayofmonth">" EOT; for ($i = 1; $i <= 31; $i++) { $discovery .= "<option value=\"{$i}\""; if ($dayofmonth == $i && $dayofmonth_selected == "" || $dayofmonth_selected == $i) { $discovery .= " selected"; } $discovery .= ">{$i}</option>"; } $discovery .= <<<EOT </select></td> </tr> </table> </div> <div id="idSched6" class="forminput"> <table width="100%"> <tr> EOT; $discovery .= "<th width=\"35%\">" . gettext("Day of week") . "</th><td colspan=\"2\" class=\"noborder\">"; $discovery .= "<select name=\"nthdayofweek\">"; $discovery .= "<option value=\"Su\" SELECTED >" . gettext("Select week day to run") . "</option>"; $discovery .= "<option value=\"Su\" {$day['Su']} >" . gettext("Sunday") . "</option>"; $discovery .= "<option value=\"Mo\" {$day['Mo']} >" . gettext("Monday") . "</option>"; $discovery .= "<option value=\"Tu\" {$day['Tu']} >" . gettext("Tuesday") . "</option>"; $discovery .= "<option value=\"We\" {$day['We']} >" . gettext("Wednesday") . "</option>"; $discovery .= "<option value=\"Th\" {$day['Th']} >" . gettext("Thursday") . "</option>"; $discovery .= "<option value=\"Fr\" {$day['Fr']} >" . gettext("Friday") . "</option>"; $discovery .= "<option value=\"Sa\" {$day['Sa']} >" . gettext("Saturday") . "</option>"; $discovery .= "</select>"; $discovery .= "</td>"; $discovery .= <<<EOT </tr> </table> <br> <table width="100%"> <tr> EOT; $discovery .= "<th align='right'>" . gettext("N<sup>th</sup> weekday") . "</th><td colspan='2' class='noborder'>"; $discovery .= "<select name='nthweekday'>"; $discovery .= "<option value='1'>" . gettext("Select nth weekday to run") . "</option>"; $discovery .= "<option value='1'" . ($dayofmonth == 1 ? " selected" : "") . ">" . gettext("First") . "</option>"; $discovery .= "<option value='2'" . ($dayofmonth == 2 ? " selected" : "") . ">" . gettext("Second") . "</option>"; $discovery .= "<option value='3'" . ($dayofmonth == 3 ? " selected" : "") . ">" . gettext("Third") . "</option>"; $discovery .= "<option value='4'" . ($dayofmonth == 4 ? " selected" : "") . ">" . gettext("Fourth") . "</option>"; $discovery .= "<option value='5'" . ($dayofmonth == 5 ? " selected" : "") . ">" . gettext("Fifth") . "</option>"; $discovery .= "<option value='6'" . ($dayofmonth == 6 ? " selected" : "") . ">" . gettext("Sixth") . "</option>"; $discovery .= "<option value='7'" . ($dayofmonth == 7 ? " selected" : "") . ">" . gettext("Seventh") . "</option>"; $discovery .= "<option value='8'" . ($dayofmonth == 8 ? " selected" : "") . ">" . gettext("Eighth") . "</option>"; $discovery .= "<option value='9'" . ($dayofmonth == 9 ? " selected" : "") . ">" . gettext("Ninth") . "</option>"; $discovery .= "<option value='10'" . ($dayofmonth == 10 ? " selected" : "") . ">" . gettext("Tenth") . "</option>"; $discovery .= <<<EOT </select> </td> </tr> </table> </div> EOT; $discovery .= "<div id='idSched7' class='forminput' style=margin-bottom:3px;>"; $discovery .= "<table width='100%'>"; $discovery .= "<tr>"; $discovery .= "<th width='35%'>" . _("Frequency") . "</th>"; $discovery .= "<td width='100%' style='text-align:center;' class='nobborder'>"; $discovery .= "<span style='margin-right:5px;'>" . _("Every") . "</span>"; $discovery .= "<select name='time_interval'>"; for ($itime = 1; $itime <= 30; $itime++) { $discovery .= "<option value='" . $itime . "'" . ($editdata['time_interval'] == $itime ? " selected" : "") . ">" . $itime . "</option>"; } $discovery .= "</select>"; $discovery .= "<span id='days' style='margin-left:5px'>" . _("day(s)") . "</span><span id='weeks' style='margin-left:5px'>" . _("week(s)") . "</span>"; $discovery .= "</td>"; $discovery .= "</tr>"; $discovery .= "</table>"; $discovery .= "</div>"; $discovery .= <<<EOT <div id="idSched2" class="forminput"> <table width="100%"> EOT; $discovery .= "<tr>"; $discovery .= "<th rowspan='2' align='right' width='35%'>" . gettext("Time") . "</td>"; $discovery .= "<td align='right'>" . gettext("Hour") . "</td>"; $discovery .= <<<EOT <td align="left" class="noborder"><select name="time_hour"> EOT; for ($i = 0; $i <= 23; $i++) { $discovery .= "<option value=\"{$i}\""; if ($time_hour == $i && $time_hour_selected == "" || $time_hour_selected == $i) { $discovery .= " selected"; } $discovery .= ">{$i}</option>"; } $discovery .= "</select></td><td align='right'>" . gettext("Minutes") . "</td>\n <td class='noborder' align='left'><select name='time_min'>"; for ($i = 0; $i < 60; $i = $i + 15) { $discovery .= "<option value=\"{$i}\""; if ($time_min == $i && $time_min_selected == "" || $time_min_selected == $i) { $discovery .= " selected"; } $discovery .= ">{$i}</option>"; } $discovery .= <<<EOT </select></td> </tr> </table> </div> </tr> EOT; $discovery .= "<tr>"; $discovery .= "\t\t<td class='madvanced'><a class='section'><img id='advanced_arrow' border='0' align='absmiddle' src='../pixmaps/arrow_green.gif'>" . _("ADVANCED") . "</a></td>"; $discovery .= "\t\t<td> </td>"; $discovery .= "</tr>"; if ($_SESSION["scanner"] == "omp") { $credentials = Vulnerabilities::get_credentials($dbconn, 'ssh'); preg_match("/(.*)\\|(.*)/", $editdata["credentials"], $found); $discovery .= "<tr class='advanced'>"; $discovery .= "<td class='job_option'>" . Util::strong(_("SSH Credential:")) . "</td>"; $discovery .= "<td style='text-align:left'><select id='ssh_credential' name='ssh_credential'>"; $discovery .= "<option value=''>--</option>"; foreach ($credentials as $cred) { $login_text = $cred["login"]; if ($cred["login"] == '0') { $login_text = _("All"); } elseif (valid_hex32($cred["login"])) { $login_text = Session::get_entity_name($dbconn, $cred["login"]); } $selected = $found[1] == $cred["name"] . "#" . $cred["login"] || $cred["name"] . "#" . $cred["login"] == $ssh_credential ? " selected='selected'" : ""; $discovery .= "<option value='" . $cred["name"] . "#" . $cred["login"] . "' {$selected}>" . $cred["name"] . " (" . $login_text . ")</option>"; } $discovery .= "</select></td>"; $discovery .= "</tr>"; $credentials = Vulnerabilities::get_credentials($dbconn, 'smb'); $discovery .= "<tr class='advanced'>"; $discovery .= "<td class='job_option'>" . Util::strong(_("SMB Credential:")) . "</td>"; $discovery .= "<td style='text-align:left'><select id='smb_credential' name='smb_credential'>"; $discovery .= "<option value=''>--</option>"; foreach ($credentials as $cred) { $login_text = $cred["login"]; if ($cred["login"] == '0') { $login_text = _("All"); } elseif (valid_hex32($cred["login"])) { $login_text = Session::get_entity_name($dbconn, $cred["login"]); } $selected = $found[2] == $cred["name"] . "#" . $cred["login"] || $cred["name"] . "#" . $cred["login"] == $smb_credential ? " selected='selected'" : ""; $discovery .= "<option value='" . $cred["name"] . "#" . $cred["login"] . "' {$selected}>" . $cred["name"] . " (" . $login_text . ")</option>"; } $discovery .= "</select></td>"; $discovery .= "</tr>"; } $discovery .= "<tr class='job_option advanced'>"; $discovery .= "<td class='job_option'>" . Util::strong(_("Timeout:")) . "</td>"; $discovery .= "<td style=\"text-align:left;\" nowrap><input type='text' style='width:80px' name='timeout' value='" . ($timeout_selected == "" ? "{$timeout}" : "{$timeout_selected}") . "'>"; $discovery .= "<font color='black'> " . _("Max scan run time in seconds") . " </font></td>"; $discovery .= "</tr>"; $discovery .= "<tr class='advanced'><td class='job_option'>" . Util::strong(_("Send an email notification:")); $discovery .= "</td>"; $discovery .= "<td style=\"text-align:left;\">"; $discovery .= "<input type=\"radio\" name=\"semail\" value=\"0\"" . (count($editdata) <= 1 && intval($semail) == 0 || intval($editdata['meth_Wfile']) == 0 ? " checked" : "") . "/>" . _("No"); $discovery .= "<input type=\"radio\" name=\"semail\" value=\"1\"" . (count($editdata) <= 1 && intval($semail) == 1 || intval($editdata['meth_Wfile']) == 1 ? " checked" : "") . "/>" . _("Yes"); $discovery .= "</td></tr>"; $discovery .= "<tr class='advanced'>\n\t\t\t\t\t\t<td class='job_option'>" . Util::strong(_("Scan job visible for:")) . "</td>\n\t\t\t\t\t\t<td style='text-align: left'>\n\t\t\t\t\t\t\t<table cellspacing='0' cellpadding='0' class='transparent' style='margin: 5px 0px;'>\n\t\t\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t\t\t<td class='nobborder'><span style='margin-right:3px'>" . _('User:'******'nobborder'>\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t<select name='user' id='user' onchange=\"switch_user('user');return false;\">"; $num_users = 0; foreach ($users as $k => $v) { $login = $v->get_login(); $selected = $editdata["username"] == $login || $user_selected == $login ? "selected='selected'" : ""; $options .= "<option value='" . $login . "' {$selected}>{$login}</option>\n"; $num_users++; } if ($num_users == 0) { $discovery .= "<option value='' style='text-align:center !important;'>- " . _("No users found") . " -</option>"; } else { $discovery .= "<option value='' style='text-align:center !important;'>- " . _("Select one user") . " -</option>\n"; $discovery .= $options; } $discovery .= "\t\t\t\t\t\t</select>\n\t\t\t\t\t\t\t\t\t</td>"; if (!empty($entities_to_assign)) { $discovery .= "\t \t\t\t<td style='text-align:center; border:none; !important'><span style='padding:5px;'>" . _("OR") . "<span></td>\n\t\t\t\t\t\t\t\t\t<td class='nobborder'><span style='margin-right:3px'>" . _("Entity:") . "</span></td>\n\t\t\t\t\t\t\t\t\t<td class='nobborder'>\t\n\t\t\t\t\t\t\t\t\t\t<select name='entity' id='entity' onchange=\"switch_user('entity');return false;\">\n\t\t\t\t\t\t\t\t\t\t\t<option value='' style='text-align:center !important;'>-" . _("Select one entity") . "-</option>"; foreach ($entities_to_assign as $k => $v) { $selected = $editdata["username"] == $k || $entity_selected == $k ? "selected='selected'" : ""; $discovery .= "<option value='{$k}' {$selected}>{$v}</option>"; } $discovery .= "\t\t\t\t\t</select>\n\t\t\t\t\t\t\t\t\t</td>"; } $discovery .= " \t \t</tr>\n\t\t\t\t\t\t\t</table>\n\t\t\t\t\t\t</td>\n\t\t\t\t\t</tr>"; $discovery .= "<tr><td valign=\"top\" width=\"15%\" class=\"job_option noborder\"><br>"; // conditions to exclude IPs $condition1 = count($editdata) <= 1 && intval($hosts_alive) == 1 ? TRUE : FALSE; $condition2 = preg_match('/' . EXCLUDING_IP2 . '/', trim($editdata["meth_TARGET"])); $condition3 = intval($editdata['meth_CRED']) == 1 ? TRUE : FALSE; $condition4 = count($ip_exceptions_list) > 0 ? TRUE : FALSE; $host_alive_check = $condition1 || $condition2 || $condition3 || $condition4 ? ' checked' : ''; $host_alive_status = $condition2 || $condition4 ? ' disabled=\\"disabled\\"' : ''; $discovery .= "<input onclick=\"toggle_scan_locally()\" type=\"checkbox\" id=\"hosts_alive\" name=\"hosts_alive\" value=\"1\"" . $host_alive_check . $host_alive_status . ">" . Util::strong(_("Only scan hosts that are alive")) . "<br>(" . Util::strong(_("greatly speeds up the scanning process")) . ")<br><br>"; $discovery .= "<input type=\"checkbox\" id=\"scan_locally\" name=\"scan_locally\" value=\"1\"" . ($pre_scan_locally_status == 0 ? " disabled=\"disabled\"" : "") . ($pre_scan_locally_status == 1 && (intval($editdata['authorized']) == 1 || intval($scan_locally) == 1) ? " checked" : "") . ">" . Util::strong(_("Pre-Scan locally")) . "<br>(" . Util::strong(_("do not pre-scan from scanning sensor")) . ")<br><br>"; $discovery .= "<input type=\"checkbox\" id=\"not_resolve\" name=\"not_resolve\" value=\"1\" " . ($editdata['resolve_names'] === "0" || $not_resolve == "1" ? "checked=\"checked\"" : "") . "/>" . Util::strong(_("Do not resolve names")); $discovery .= <<<EOT </td> EOT; $discovery .= ' <td class="noborder" valign="top">'; $discovery .= ' <table width="100%" class="transparent" cellspacing="0" cellpadding="0">'; $discovery .= ' <tr>'; $discovery .= ' <td class="nobborder" style="vertical-align: top;text-align:left;padding:10px 0px 0px 0px;">'; $discovery .= ' <table class="transparent" cellspacing="4">'; $discovery .= ' <tr>'; $discovery .= ' <td class="nobborder" style="text-align:left;"><input class="greyfont" type="text" id="searchBox" value="' . _("Type here to search assets (Hosts/Networks)") . '" /></td>'; $discovery .= ' </tr>'; $discovery .= ' <tr>'; $discovery .= ' <td class="nobborder"><select id="targets" name="targets[]" multiple="multiple">'; if (!empty($editdata["meth_TARGET"])) { $ip_list = explode("\n", trim($editdata["meth_TARGET"])); } if (!empty($ip_list)) { foreach ($ip_list as $asset) { if (preg_match("/([a-f\\d]+)#(.*)/i", $asset, $found)) { if (Asset_host::is_in_db($dbconn, $found[1])) { $_asset_name = Asset_host::get_name_by_id($dbconn, $found[1]) . " (" . $found[2] . ")"; } else { $_asset_name = Asset_net::get_name_by_id($dbconn, $found[1]) . " (" . $found[2] . ")"; } $discovery .= '<option value="' . $asset . '">' . $_asset_name . '</option>'; } else { $discovery .= '<option value="' . $asset . '">' . $asset . '</option>'; } } foreach ($ip_exceptions_list as $asset) { $discovery .= '<option value="' . $asset . '">' . $asset . '</option>'; } } $discovery .= ' </select></td>'; $discovery .= ' </tr>'; $discovery .= ' <tr>'; $discovery .= ' <td class="nobborder" style="text-align:right"><input type="button" value=" [X] " id="delete_target" class="av_b_secondary small"/>'; $discovery .= ' <input type="button" style="margin-right:0px;"value="Delete all" id="delete_all" class="av_b_secondary small"/></td>'; $discovery .= ' </tr>'; $discovery .= ' </table>'; $discovery .= ' </td>'; $discovery .= ' <td class="nobborder" width="450px;" style="vertical-align: top;padding:0px 0px 0px 5px;">'; $discovery .= ' <div id="vtree" style="text-align:left;width:100%;"></div>'; $discovery .= ' </td>'; $discovery .= ' </tr>'; $discovery .= ' </table>'; $discovery .= ' </td>'; $discovery .= '</tr>'; $discovery .= '</table>'; $discovery .= '</tr></td></table>'; $discovery .= $show; return $discovery; }