コード例 #1
0
    $validate['user'] = array('validation' => 'OSS_USER_2', 'e_message' => 'illegal:' . _('User'));
    $validate['pass'] = array('validation' => 'OSS_PASSWORD', 'e_message' => 'illegal:' . _('Password'));
}
if (GET('ajax_validation') == TRUE) {
    $data['status'] = 'OK';
    $validation_errors = validate_form_fields('GET', $validate);
    if (is_array($validation_errors) && !empty($validation_errors)) {
        $data['status'] = 'error';
        $data['data'] = $validation_errors;
    }
    echo json_encode($data);
    exit;
} else {
    //Checking form token
    if (!isset($_POST['ajax_validation_all']) || POST('ajax_validation_all') == FALSE) {
        if (Token::verify('tk_form_a_deployment', POST('token')) == FALSE) {
            Token::show_error();
            exit;
        }
    }
    $validation_errors = validate_form_fields('POST', $validate);
    //Check Token
    if (empty($validation_errors)) {
        $db = new ossim_db();
        $conn = $db->connect();
        $res = Av_center::get_system_info_by_ip($conn, POST('sensor_ip'));
        if ($res['status'] == 'success') {
            $sensor_id = $res['data']['sensor_id'];
            $ossec_server_ip = $res['data']['admin_ip'];
            if (!Ossec_utilities::is_sensor_allowed($conn, $sensor_id)) {
                $validation_errors['sensor_ip'] = _('Error! Sensor not allowed');
コード例 #2
0
ファイル: modifyserver.php プロジェクト: jackpf/ossim-arc
                ossim_clean_error();
            }
        }
    } else {
        $validation_errors = validate_form_fields('GET', $validate);
    }
    if (is_array($validation_errors) && !empty($validation_errors)) {
        $data['status'] = 'error';
        $data['data'] = $validation_errors;
    }
    echo json_encode($data);
    exit;
}
//Check Token
if (!isset($_POST['ajax_validation_all']) || POST('ajax_validation_all') == FALSE) {
    if (!Token::verify('tk_form_server', POST('token'))) {
        Token::show_error(_("Action not allowed"));
        exit;
    }
}
$id = POST('id');
$sname = POST('sname');
$ip = POST('ip');
$port = POST('port');
$descr = POST('descr');
$correlate = POST('correlate') ? 1 : 0;
$cross_correlate = POST('cross_correlate') ? 1 : 0;
$store = POST('store') ? 1 : 0;
$rep = POST('reputation') ? 1 : 0;
$qualify = POST('qualify') ? 1 : 0;
$resend_events = POST('resend_events') ? 1 : 0;
コード例 #3
0
//Data related to the action.
ossim_valid($action, OSS_INPUT, 'illegal:' . _("Action"));
if (ossim_error()) {
    $response['error'] = TRUE;
    $response['msg'] = ossim_get_error();
    ossim_clean_error();
    echo json_encode($response);
    die;
}
//Default values for the response.
$response['error'] = TRUE;
$response['msg'] = _('Unknown Error');
//checking if it is an ajax request
if (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest') {
    //Checking token
    if (!Token::verify('tk_plugin_select', GET('token'))) {
        $response['error'] = TRUE;
        $response['msg'] = _('Invalid Action');
    } else {
        //List of all the possibles functions
        $function_list = array('set_plugins' => array('name' => 'set_plugins', 'params' => array('conn', 'data')), 'vendor_list' => array('name' => 'get_vendor_list', 'params' => array('conn')), 'model_list' => array('name' => 'get_model_list', 'params' => array('conn', 'data')), 'version_list' => array('name' => 'get_version_list', 'params' => array('conn', 'data')), 'plugin_activity' => array('name' => 'plugin_activity', 'params' => array('conn', 'data')));
        $_function = $function_list[$action];
        //Checking we have a function associated to the action given
        if (is_array($_function) && function_exists($_function['name'])) {
            $db = new ossim_db();
            $conn = $db->connect();
            //Now we translate the params list to a real array with the real parameters
            $params = array();
            foreach ($_function['params'] as $p) {
                $params[] = ${$p};
            }
コード例 #4
0
ファイル: users_edit.php プロジェクト: alienfault/ossim
                        $data['data'][$_GET['name']] = _('Password is long enough') . ' [' . _('Maximum password size is') . ' ' . $pass_length_max . ']';
                    } elseif (!Session::pass_check_complexity($pass)) {
                        $data['status'] = 'error';
                        $data['data'][$_GET['name']] = _('Password is not strong enough. Check the password policy configuration for more details');
                    }
                }
                break;
        }
    }
    $db->close();
    echo json_encode($data);
    exit;
}
//Check Token
if (!isset($_POST['ajax_validation_all']) || POST('ajax_validation_all') == FALSE) {
    if (!Token::verify('tk_fuser', POST('token'))) {
        Token::show_error();
        exit;
    }
}
$greybox = POST('greybox');
$uuid = POST('uuid');
$login = POST('login');
$user_name = POST('user_name');
$email = POST('email');
$language = POST('language');
$tzone = POST('tzone');
$login_method = POST('login_method');
$c_pass = POST('c_pass');
if (POST('ajax_validation_all') == TRUE) {
    $c_pass = utf8_decode($c_pass);
コード例 #5
0
ファイル: new_ri.php プロジェクト: jackpf/ossim-arc
require_once 'av_init.php';
Session::logcheck('configuration-menu', 'PolicyServers');
$validate = array('ip' => array('validation' => 'OSS_IP_ADDR', 'e_message' => 'illegal:' . _('IP address')), 'ri_name' => array('validation' => 'OSS_ALPHA, OSS_DIGIT, OSS_SCORE, OSS_DOT', 'e_message' => 'illegal:' . _('Name')));
if (GET('ajax_validation') == TRUE) {
    $data['status'] = 'OK';
    $validation_errors = validate_form_fields('GET', $validate);
    if (is_array($validation_errors) && !empty($validation_errors)) {
        $data['status'] = 'error';
        $data['data'] = $validation_errors;
    }
    echo json_encode($data);
    exit;
}
//Check Token
if (!isset($_POST['ajax_validation_all']) || POST('ajax_validation_all') == FALSE) {
    if (!Token::verify('tk_form_ri', POST('token'))) {
        Token::show_error();
        exit;
    }
}
$name = POST('ri_name');
$ip = POST('ip');
$status = POST('status') == 1 ? 1 : 0;
$validation_errors = validate_form_fields('POST', $validate);
$data['status'] = 'OK';
$data['data'] = $validation_errors;
if (POST('ajax_validation_all') == TRUE) {
    if (is_array($validation_errors) && !empty($validation_errors)) {
        $data['status'] = 'error';
        echo json_encode($data);
    } else {
コード例 #6
0
ファイル: user_form.php プロジェクト: alienfault/ossim
* Public License can be found in `/usr/share/common-licenses/GPL-2'.
*
* Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt
*
*/
require_once 'av_init.php';
require_once 'languages.inc';
Session::useractive('../session/login.php');
$conf = $GLOBALS['CONF'];
/* Connect to db */
$db = new ossim_db();
$conn = $db->connect();
// Expire session
$action = REQUEST('action');
if ($action == 'expire_session') {
    if (!Token::verify('tk_f_users', GET('token'))) {
        Token::show_error();
        exit;
    }
    if (Session::userAllowed($user_id) > 1) {
        Session_activity::expire_my_others_sessions($conn, $user_id);
    }
}
/* Version */
$pro = Session::is_pro();
//Timezone
$tzlist = timezone_identifiers_list(4095);
sort($tzlist);
//Login method list
$lm_list = array('ldap' => _('LDAP'), 'pass' => _('PASSWORD'));
//Entities and Templates
コード例 #7
0
ファイル: note_actions.php プロジェクト: jackpf/ossim-arc
        Session::logcheck_ajax('environment-menu', 'PolicyNetworks');
    } else {
        Util::response_bad_request(_('Invalid asset type value'));
    }
}
//Validate action type
$action = POST('action');
ossim_valid($action, OSS_LETTER, '_', 'illegal:' . _('Action'));
if (ossim_error()) {
    $error = ossim_get_error_clean();
    Util::response_bad_request($error);
}
//Validate Form token
$token = POST('token');
$tk_key = 'tk_' . $action;
if (Token::verify($tk_key, $token) == FALSE) {
    $error = Token::create_error_message();
    Util::response_bad_request($error);
}
$db = new ossim_db();
$conn = $db->connect();
try {
    $response = array();
    switch ($action) {
        case 'add_note':
            $response = add_note($conn, $type);
            break;
        case 'edit_note':
            $response = edit_note($conn);
            break;
        case 'delete_note':
コード例 #8
0
ファイル: save_schedule.php プロジェクト: alienfault/ossim
            if ($frequency < 1800) {
                $data['status'] = 'error';
                $validation_errors[$_GET['name']] = sprintf(_('Invalid time between scans') . '. <br/>' . _('Entered value') . ": '<strong>%s</strong>' (1800(s) " . _('minimum') . ")", Util::htmlentities($frequency));
            }
        }
    }
    echo json_encode($data);
    exit;
}
/****************************************************
**************** Checking all fields ****************
*****************************************************/
//Checking form token
if (!isset($_POST['ajax_validation_all']) || POST('ajax_validation_all') == FALSE) {
    $token = POST('token');
    if (Token::verify('tk_ss_form', $token) == FALSE) {
        Token::show_error();
        exit;
    }
}
$s_type = POST('s_type');
$task_id = intval(POST('task_id'));
$name = POST('task_name');
$sensor_id = POST('task_sensor');
$params = POST('task_params');
$frequency = POST('task_period');
$validation_errors = validate_form_fields('POST', $validate);
//Extra validations
if (empty($validation_errors)) {
    switch ($s_type) {
        case 'nmap':
コード例 #9
0
if (ossim_error()) {
    $response['error'] = TRUE;
    $response['msg'] = ossim_get_error();
    ossim_clean_error();
    echo json_encode($response);
    die;
}
$db = new ossim_db(TRUE);
$conn = $db->connect();
//Default values for the response.
$response['error'] = TRUE;
$response['msg'] = _('Error');
//checking if it is an ajax request
if ($action != '' && isset($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest') {
    //Checking token
    if (!Token::verify('tk_asset_filter_list', GET('token'))) {
        $response['error'] = TRUE;
        $response['msg'] = _('Invalid Action');
    } else {
        $function_list = array('network' => 'network_list', 'software' => 'software_list', 'sensor' => 'sensor_list', 'device_type' => 'device_type_list', 'service' => 'service_list', 'location' => 'location_list', 'operating_system' => 'operating_system_list', 'group' => 'group_list', 'model' => 'model_list', 'label' => 'label_list', 'plugin' => 'plugin_list');
        try {
            $func_name = $function_list[$action];
            if (function_exists($func_name)) {
                $response = $func_name($conn, $page, $search);
            } else {
                $response['error'] = TRUE;
                $response['msg'] = _('Wrong Option Chosen');
            }
        } catch (Exception $e) {
            $response['error'] = TRUE;
            $response['msg'] = $e->getMessage();
コード例 #10
0
ファイル: deploy_ajax.php プロジェクト: jackpf/ossim-arc
        Util::memcacheFlush(false);
        $return['error'] = false;
        $return['data'] = _('Device Property Modified Successfully');
    }
    return $return;
}
$action = POST("action");
$data = POST("data");
ossim_valid($action, OSS_DIGIT, 'illegal:' . _("Action"));
if (ossim_error()) {
    die(ossim_error());
}
$db = new ossim_db(TRUE);
$conn = $db->connect();
if ($action != '' && isset($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest') {
    if (!Token::verify('tk_deploy_ajax', GET('token'))) {
        $response['error'] = true;
        $response['msg'] = 'Invalid Action';
        echo json_encode($response);
        $db->close();
        exit;
    }
    switch ($action) {
        case 1:
            $response = get_network_status($conn, $data);
            break;
        case 2:
            $response = modify_location_services($conn, $data);
            break;
        case 3:
            $response = get_assets_visibility($conn);
コード例 #11
0
*
*/
//Config File
require_once 'av_init.php';
Session::logcheck('environment-menu', 'PolicyHosts');
$search = utf8_decode(POST('search'));
ossim_valid($search, OSS_NOECHARS, OSS_ALPHA, OSS_PUNC, OSS_NULLABLE, 'illegal: search');
if (ossim_error()) {
    $data['status'] = 'error';
    $data['data'] = $GLOBALS['ossim_last_error'];
    echo json_encode($data);
    exit;
}
//Validate Form token
$token = POST('token');
if (Token::verify('tk_delete_all', $token) == FALSE) {
    $data['status'] = 'error';
    $data['data'] = Token::create_error_message();
    echo json_encode($data);
    exit;
}
session_write_close();
/* connect to db */
$db = new ossim_db(TRUE);
$conn = $db->connect();
try {
    $filters = array();
    if ($search != '') {
        $search = escape_sql($search, $conn);
        $filters['where'] = " g.name LIKE '%{$search}%' OR g.owner LIKE '%{$search}%'";
    }
コード例 #12
0
ファイル: deletepolicy.php プロジェクト: jackpf/ossim-arc
*
* You should have received a copy of the GNU General Public License
* along with this package; if not, write to the Free Software
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
* MA  02110-1301  USA
*
*
* On Debian GNU/Linux systems, the complete text of the GNU General
* Public License can be found in `/usr/share/common-licenses/GPL-2'.
*
* Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt
*
*/
require_once 'av_init.php';
Session::logcheck("configuration-menu", "PolicyPolicy");
if (!Token::verify('tk_delete_policy', GET('token'))) {
    echo "Action not allowed";
    exit;
}
?>

<html>
<head>
  <title> <?php 
echo _("OSSIM Framework");
?>
 </title>
  
  <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>
  <META HTTP-EQUIV="Pragma" CONTENT="no-cache">
  <link rel="stylesheet" type="text/css" href="../style/av_common.css?t=<?php 
コード例 #13
0
ファイル: backup_actions.php プロジェクト: jackpf/ossim-arc
         if ($launch_status > 0) {
             $response['status'] = 'success';
             $response['message'] = _('The backup process is inserting events...');
         } else {
             $response['status'] = 'error';
             $response['message'] = _('Sorry, operation was not completed due to an error when restoring events');
         }
     } else {
         $response['status'] = 'error';
         $response['message'] = _('Please, select the dates you want to restore');
     }
     break;
     // Purge button
 // Purge button
 case 'delete':
     if (Token::verify('tk_delete_events', GET('token')) == FALSE) {
         $response['status'] = 'error';
         $response['message'] = Token::create_error_message();
     } elseif (count($dates_list) > 0) {
         $launch_status = Backup::Delete($dates_list);
         if ($launch_status > 0) {
             $response['status'] = 'success';
             $response['message'] = _('The backup process is purging events...');
         } else {
             $response['status'] = 'error';
             $response['message'] = _('Sorry, operation was not completed due to an error when purging events');
         }
     } else {
         $response['status'] = 'error';
         $response['message'] = _('Please, select the dates you want to purge');
     }
コード例 #14
0
ファイル: pop_up_actions.php プロジェクト: jackpf/ossim-arc
// Get action type
$action = POST('action');
// Validate action type
ossim_valid($action, OSS_LETTER, '_', 'illegal:' . _('Action'));
if (ossim_error()) {
    Util::response_bad_request(ossim_get_error_clean());
}
// Database access object
$db = new Ossim_db();
$conn = $db->connect();
switch ($action) {
    case 'track_usage_information':
        try {
            //Validate Token
            $token = POST('token');
            if (Token::verify('tk_tui', $token) == FALSE) {
                $t_error = Token::create_error_message();
                Av_exception::throw_error(Av_exception::USER_ERROR, $t_error);
            }
            if (Session::am_i_admin()) {
                $tui = intval(POST('tui'));
                $tui_status = $tui > 0 ? 1 : 0;
                $config = new Config();
                $config->update('track_usage_information', $tui_status);
                $client = new Alienvault_client();
                $tui_status = $tui > 0 ? TRUE : FALSE;
                $client->system()->set_telemetry($tui_status);
                $data['status'] = 'success';
                $data['data'] = _('Your changes have been saved');
            } else {
                Av_exception::throw_error(Av_exception::USER_ERROR, _('You do not have the correct permissions to configure this option. Please contact system administrator with any questions'));
コード例 #15
0
ファイル: bk_delete.php プロジェクト: jackpf/ossim-arc
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
* MA  02110-1301  USA
*
*
* On Debian GNU/Linux systems, the complete text of the GNU General
* Public License can be found in `/usr/share/common-licenses/GPL-2'.
*
* Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt
*
*/
//Config File
require_once 'av_init.php';
Session::logcheck_ajax('environment-menu', 'PolicyHosts');
//Validate Form token
$token = POST('token');
if (Token::verify('tk_delete_asset_bulk', $token) == FALSE) {
    $error = Token::create_error_message();
    Util::response_bad_request($error);
}
session_write_close();
/* connect to db */
$db = new ossim_db(TRUE);
$conn = $db->connect();
try {
    $perm_add = Session::can_i_create_assets();
    if (!$perm_add) {
        $db->close();
        $error = _('You do not have the correct permissions to delete assets. Please contact system administrator with any questions');
        Util::response_bad_request($error);
    }
    $app_name = Session::is_pro() ? 'AlienVault' : 'OSSIM';
コード例 #16
0
*
*
* On Debian GNU/Linux systems, the complete text of the GNU General
* Public License can be found in `/usr/share/common-licenses/GPL-2'.
*
* Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt
*
*/
//Config File
require_once 'av_init.php';
Session::logcheck_ajax('environment-menu', 'PolicyHosts');
$asset_type = POST('asset_type');
$token = POST('token');
$action = POST('action');
// Validate Form token
if (Token::verify('tk_toggle_monitoring', POST('token')) == FALSE) {
    $error = Token::create_error_message();
    Util::response_bad_request($error);
}
session_write_close();
ossim_valid($asset_type, OSS_LETTER, 'illegal: ' . _('Asset Type'));
ossim_valid($action, 'enable', 'disable', 'illegal: ' . _('Action'));
if (ossim_error()) {
    $error = ossim_get_error();
    Util::response_bad_request($error);
}
/* connect to db */
$db = new ossim_db(TRUE);
$conn = $db->connect();
$data = array();
try {
コード例 #17
0
ファイル: modifylocations.php プロジェクト: jackpf/ossim-arc
}
$validation_errors = validate_form_fields('POST', $validate);
if (POST('ajax_validation_all') == TRUE) {
    if (is_array($validation_errors) && !empty($validation_errors)) {
        $data['status'] = 'error';
        $data['data'] = $validation_errors;
    } else {
        $data['status'] = 'OK';
        $data['data'] = '';
    }
    echo json_encode($data);
    exit;
}
//Checking form token
if (!isset($_POST['ajax_validation_all']) || POST('ajax_validation_all') == FALSE) {
    if (Token::verify('tk_form_wi', POST('token')) == FALSE) {
        Util::response_bad_request(Token::create_error_message());
    }
}
//Perform action
if (is_array($validation_errors) && !empty($validation_errors)) {
    $error_msg = '<div style="padding-left:5px">' . _('The following errors occurred') . ":</div>\n        <div style='padding: 5px 5px 5px 15px;'>" . implode('<br/>', $validation_errors) . '</div>';
    Util::response_bad_request($error_msg);
}
$locations_id = POST('locations_id');
$name = POST('l_name');
$ctx = POST('ctx');
$desc = POST('desc');
$location = POST('search_location');
$longitude = POST('longitude');
$latitude = POST('latitude');
コード例 #18
0
ファイル: bk_deploy_hids.php プロジェクト: jackpf/ossim-arc
 $validate = array('user' => array('validation' => 'OSS_USER', 'e_message' => 'illegal:' . _('User')), 'pass' => array('validation' => 'OSS_PASSWORD', 'e_message' => 'illegal:' . _('Password')), 'domain' => array('validation' => 'OSS_NOECHARS, OSS_ALPHA, OSS_PUNC_EXT, OSS_NULLABLE', 'e_message' => 'illegal:' . _('Domain')));
 //Validate parameters
 if (GET('ajax_validation') == TRUE) {
     $data['status'] = 'OK';
     $validation_errors = validate_form_fields('GET', $validate);
     if (is_array($validation_errors) && !empty($validation_errors)) {
         $data['status'] = 'error';
         $data['data'] = $validation_errors;
     }
     echo json_encode($data);
     exit;
 }
 $token = POST('token');
 //Checking form token
 if (!isset($_POST['ajax_validation_all']) || POST('ajax_validation_all') == FALSE) {
     if (Token::verify('tk_deploy_form', $token) == FALSE) {
         $data['status'] = 'error';
         $data['data']['tk_form'] = Token::create_error_message();
         echo json_encode($data);
         exit;
     }
 }
 $validation_errors = validate_form_fields('POST', $validate);
 $user = POST('user');
 $pass = POST('pass');
 $domain = POST('domain');
 //AJAX validator: Return validation results
 if (POST('ajax_validation_all') == TRUE) {
     if (is_array($validation_errors) && !empty($validation_errors)) {
         $data['status'] = 'error';
         $data['data'] = $validation_errors;
コード例 #19
0
*
* You should have received a copy of the GNU General Public License
* along with this package; if not, write to the Free Software
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
* MA  02110-1301  USA
*
*
* On Debian GNU/Linux systems, the complete text of the GNU General
* Public License can be found in `/usr/share/common-licenses/GPL-2'.
*
* Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt
*
*/
require_once 'av_init.php';
Session::logcheck("configuration-menu", "PolicyPorts");
if (!Token::verify('tk_delete_portgroup', GET('token'))) {
    echo _("Action not allowed");
    exit;
}
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
	<title> <?php 
echo gettext("OSSIM Framework");
?>
 </title>
	<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>
	<meta http-equiv="Pragma" CONTENT="no-cache"/>
	<link rel="stylesheet" type="text/css" href="../style/av_common.css?t=<?php 
コード例 #20
0
ファイル: deletelocations.php プロジェクト: jackpf/ossim-arc
* along with this package; if not, write to the Free Software
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
* MA  02110-1301  USA
*
*
* On Debian GNU/Linux systems, the complete text of the GNU General
* Public License can be found in `/usr/share/common-licenses/GPL-2'.
*
* Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt
*
*/
require_once 'av_init.php';
if (!Session::am_i_admin()) {
    Session::unallowed_section(null, 'noback');
}
if (!Token::verify('tk_delete_location', GET('token'))) {
    header("Location: locations.php?msg=unallowed");
    exit;
}
?>

<html>
<head>
    <title> <?php 
echo gettext("OSSIM Framework");
?>
 </title>
    <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>
    <META http-equiv="Pragma" content="no-cache">
    <link rel="stylesheet" type="text/css" href="../style/av_common.css?t=<?php 
echo Util::get_css_id();
コード例 #21
0
ファイル: bk_delete.php プロジェクト: jackpf/ossim-arc
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
* MA  02110-1301  USA
*
*
* On Debian GNU/Linux systems, the complete text of the GNU General
* Public License can be found in `/usr/share/common-licenses/GPL-2'.
*
* Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt
*
*/
//Config File
require_once 'av_init.php';
Session::logcheck_ajax('environment-menu', 'PolicyNetworks');
//Validate Form token
$token = POST('token');
if (Token::verify('tk_delete_network_bulk', $token) == FALSE) {
    $error = Token::create_error_message();
    Util::response_bad_request($error);
}
session_write_close();
/* connect to db */
$db = new ossim_db(TRUE);
$conn = $db->connect();
try {
    $perm_add = Session::can_i_create_assets();
    if (!$perm_add) {
        $error = _('You do not have the correct permissions to delete networks. Please contact system administrator with any questions');
        Util::response_bad_request($error);
    }
    $app_name = Session::is_pro() ? 'AlienVault' : 'OSSIM';
    $num_assets = Filter_list::get_total_selection($conn, 'network');
コード例 #22
0
            $validation_errors['ppass'] = _('Privileged Password fields are different');
        }
    }
    $data['data'] = $validation_errors;
    if (POST('ajax_validation_all') == TRUE) {
        if (is_array($validation_errors) && !empty($validation_errors)) {
            $data['status'] = 'error';
            echo json_encode($data);
        } else {
            $data['status'] = 'OK';
            echo json_encode($data);
        }
        exit;
    } else {
        if (empty($validation_errors)) {
            if (!Token::verify('tk_al_new_form', $_POST['token'])) {
                $validation_errors['token'] = _('A Cross-Site Request Forgery attempt has been detected or the token has expired');
            }
        }
        if (is_array($validation_errors) && !empty($validation_errors)) {
            $info_error = '<div>' . _('We Found the following errors') . ':</div><div style="padding:10px;">' . implode('<br/>', $validation_errors) . '</div>';
        }
    }
}
//Form actions
if (empty($step)) {
    unset($_SESSION['_al_new']);
    $sensor_id = GET('sensor');
    ossim_valid($sensor_id, OSS_HEX, 'illegal:' . _('Sensor'));
    if (!ossim_error()) {
        if (!Ossec_utilities::is_sensor_allowed($conn, $sensor_id)) {
コード例 #23
0
ファイル: netgroup_actions.php プロジェクト: jackpf/ossim-arc
//Config File
require_once 'av_init.php';
Session::logcheck('environment-menu', 'PolicyHosts');
session_write_close();
//Validate action type
$action = POST('action');
ossim_valid($action, OSS_LETTER, '_', 'illegal:' . _('Action'));
if (ossim_error()) {
    $data['status'] = 'error';
    $data['data'] = ossim_get_error_clean();
    echo json_encode($data);
    exit;
}
//Validate Form token
$token = POST('token');
if (Token::verify('tk_ng_form', POST('token')) == FALSE) {
    $data['status'] = 'error';
    $data['data'] = Token::create_error_message();
    echo json_encode($data);
    exit;
}
switch ($action) {
    case 'delete_netgroup':
        $name = explode(";", POST('name'));
        foreach ($name as $netgroup_id) {
            ossim_valid($netgroup_id, OSS_HEX, 'illegal:' . _('Network group'));
            if (ossim_error()) {
                $data['status'] = 'error';
                $data['data'] = ossim_get_error_clean();
                echo json_encode($data);
                exit;
コード例 #24
0
ファイル: backup_actions.php プロジェクト: jackpf/ossim-arc
     } else {
         try {
             $backup_object = new Av_backup($system_id, 'configuration');
             $job_id = $backup_object->run_backup();
             $data['status'] = 'success';
             $data['data']['msg'] = _('Backup successfully launched');
             $data['data']['job_id'] = $job_id;
         } catch (Exception $e) {
             Util::response_bad_request(_('An API error occurred - backup could not be launched. Please try again.'));
         }
     }
     break;
 case 'download_backup':
     //Validate Form token
     $token = POST('token');
     if (Token::verify('tk_backup_action', $token) == FALSE) {
         $error = Token::create_error_message();
         Util::response_bad_request($error);
     }
     $validate = array('system_id' => array('validation' => 'OSS_UUID', 'e_message' => 'illegal:' . _('System ID')), 'backup_file' => array('validation' => 'OSS_ALPHA, OSS_SCORE, OSS_DOT', 'e_message' => 'illegal:' . _('Backup File')));
     $system_id = POST('system_id');
     $backup_file = POST('backup_file');
     $validation_errors = validate_form_fields('POST', $validate);
     if (!empty($validation_errors)) {
         Util::response_bad_request(_('Validation error - unable to download backup file. Please try again.'));
     } else {
         try {
             $backup_object = new Av_backup($system_id, 'configuration');
             $download_response = $backup_object->download_backup($backup_file);
             $data['status'] = 'success';
             $data['data']['msg'] = _('Backup file is ready for download.');
コード例 #25
0
ファイル: newnetgroup.php プロジェクト: jackpf/ossim-arc
*/
require_once 'av_init.php';
Session::logcheck("environment-menu", "PolicyNetworks");
$validate = array('ngname' => array('validation' => 'OSS_NOECHARS, OSS_ALPHA, OSS_PUNC', 'e_message' => 'illegal:' . _('Group Name')), 'descr' => array('validation' => 'OSS_NULLABLE, OSS_ALL', 'e_message' => 'illegal:' . _('Description')), 'ctx' => array('validation' => 'OSS_HEX', 'e_message' => 'illegal:' . _('Entity')), 'nets[]' => array('validation' => 'OSS_ALPHA', 'e_message' => 'illegal:' . _('Networks')), 'rrd_profile' => array('validation' => 'OSS_ALPHA, OSS_NULLABLE, OSS_PUNC', 'e_message' => 'illegal:' . _('RRD Profile')), 'nagios' => array('validation' => 'OSS_NULLABLE, OSS_DIGIT', 'e_message' => 'illegal:' . _('Availability Monitoring')));
if (GET('ajax_validation') == TRUE) {
    $data['status'] = 'OK';
    $validation_errors = validate_form_fields('GET', $validate);
    if (is_array($validation_errors) && !empty($validation_errors)) {
        $data['status'] = 'error';
        $data['data'] = $validation_errors;
    }
    echo json_encode($data);
    exit;
}
if (!isset($_POST['ajax_validation_all']) || POST('ajax_validation_all') == FALSE) {
    if (!Token::verify('tk_ng_form', POST('token'))) {
        Token::show_error();
        exit;
    }
}
$ctx = POST('ctx');
$descr = POST('descr');
$ngname = POST('ngname');
$rrd_profile = POST('rrd_profile');
$networks = isset($_POST['nets']) && !empty($_POST['nets']) ? Util::clean_array(POST('nets')) : array();
$validation_errors = validate_form_fields('POST', $validate);
$data['status'] = 'OK';
$data['data'] = $validation_errors;
if (POST('ajax_validation_all') == TRUE) {
    if (is_array($validation_errors) && !empty($validation_errors)) {
        $data['status'] = 'error';
コード例 #26
0
        }
        if ($_GET['name'] == 'task_period') {
            $task_period = intval(GET($_GET['name']));
            if ($task_period < 1800) {
                $data['status'] = 'error';
                $data['data'][$_GET['name']] = _('Invalid time between scans') . '. <br/>' . _('Entered value') . ": '<strong>" . Util::htmlentities($task_period) . "</strong>' (1800(s) " . _("minimum") . ")";
            }
        }
    }
    echo json_encode($data);
    exit;
} else {
    if (POST('mode') == 'insert' || POST('mode') == 'update' || GET('mode') == 'delete') {
        //Check Token
        if (!isset($_POST['ajax_validation_all']) || POST('ajax_validation_all') == FALSE) {
            if (!Token::verify('tk_form_task', REQUEST('token'))) {
                Token::show_error();
                exit;
            }
        }
    }
    $validation_errors = validate_form_fields('POST', $validate);
    if (empty($validation_errors['task_params'])) {
        if ($_SESSION['av_inventory_type'] == 'nmap') {
            $task_params = POST('task_params');
            $task_sensor = POST('task_sensor');
            if (!Asset_net::is_cidr_in_my_nets($conn, $task_params)) {
                $validation_errors['task_params'] = _('Network not allowed') . '. Check your asset filter. <br/>' . _('Entered value') . ": <strong>'" . Util::htmlentities($task_params) . "</strong>'";
            } else {
                if (!Asset_net::check_cidr_by_sensor($conn, $task_params, $task_sensor)) {
                    $validation_errors['task_params'] = _("You can't scan the specified network using this sensor");
コード例 #27
0
ファイル: save.php プロジェクト: jackpf/ossim-arc
*/
require_once dirname(__FILE__) . '/../../conf/config.inc';
Session::logcheck('environment-menu', 'EventsHidsConfig');
$data['status'] = 'success';
$data['data'] = NULL;
$file = $_SESSION['_current_file'];
$sensor_id = POST('sensor_id');
$new_xml_data = $_POST['data'];
$token = POST('token');
ossim_valid($sensor_id, OSS_HEX, 'illegal:' . _('Sensor ID'));
ossim_valid($file, OSS_ALPHA, OSS_SCORE, OSS_DOT, 'illegal:' . _('File'));
if (ossim_error()) {
    $data['status'] = 'error';
    $data['data'] = ossim_get_error_clean();
} else {
    if (!Token::verify('tk_f_rules', $token)) {
        $data['status'] = 'error';
        $data['data'] = Token::create_error_message();
    } else {
        $db = new ossim_db();
        $conn = $db->connect();
        if (!Ossec_utilities::is_sensor_allowed($conn, $sensor_id)) {
            $data['status'] = 'error';
            $data['data'] = _('Error! Sensor not allowed');
        }
        $db->close();
    }
}
if ($data['status'] == 'error') {
    $data['status'] = 'error';
    $data['data'] = _('We found the followings errors:') . "<div style='padding-left: 15px; text-align:left;'>" . $data['data'] . '</div>';
コード例 #28
0
ファイル: index.php プロジェクト: jackpf/ossim-arc
}
// Insert
while ($file = $dir->read()) {
    if (preg_match("/^insert\\-(.+)\\.sql\\.gz/", $file, $found)) {
        if (!in_array($found[1], $delete) && !$executing[$found[1]]) {
            $insert[] = $found[1];
        }
    }
}
rsort($insert);
$dir->close();
$users = Session::get_users_to_assign($conn_ossim);
$entities = Session::get_entities_to_assign($conn_ossim);
// Clear Data Tables button
if (GET('cleardatatables') != '' && Session::am_i_admin()) {
    if (!Token::verify('tk_delete_events', GET('token'))) {
        Token::show_error();
        exit;
    } else {
        // kill all deleting tasks
        $cmd = "ps ax -o pid,command | grep bg_purge_from_siem | grep -v grep | grep -v 'sh -c' |  awk '{print \$1\":\"\$4}'";
        $pids = Util::execute_command($cmd, FALSE, 'array');
        if (!empty($pids)) {
            foreach ($pids as $pdata) {
                list($pid, $name_file) = explode(":", $pdata);
                $cpids = Util::execute_command("ps -o pid --no-headers --ppid ?", array($pid), 'array');
                foreach ($cpids as $cpid) {
                    posix_kill($cpid, 9);
                }
                posix_kill($pid, 9);
                if (file_exists("/var/tmp/" . $name_file)) {
コード例 #29
0
ファイル: wizard_ajax.php プロジェクト: jackpf/ossim-arc
//Data related to the action.
ossim_valid($action, OSS_INPUT, 'illegal:' . _("Action"));
if (ossim_error()) {
    $response['error'] = TRUE;
    $response['msg'] = ossim_get_error();
    ossim_clean_error();
    echo json_encode($response);
    die;
}
//Default values for the response.
$response['error'] = TRUE;
$response['msg'] = _('Error when processing the request');
//checking if it is an ajax request
if (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest') {
    //Checking token
    if (!Token::verify('tk_welcome_wizard', GET('token'))) {
        $response['error'] = TRUE;
        $response['msg'] = _('Invalid Action');
    } else {
        //Getting the object with the filters. Unserialize needed.
        $wizard = Welcome_wizard::get_instance();
        //List of all the possibles functions
        $function_list = array('start_wizard' => array('name' => 'initialize_wizard', 'params' => array()), 'change_step' => array('name' => 'change_step', 'params' => array('wizard', 'data')), 'exit_wizard' => array('name' => 'exit_wizard', 'params' => array('data')));
        $_function = $function_list[$action];
        //Checking we have a function associated to the action given
        if (is_array($_function) && function_exists($_function['name'])) {
            //Now we translate the params list to a real array with the real parameters
            $params = array();
            foreach ($_function['params'] as $p) {
                $params[] = ${$p};
            }
コード例 #30
0
ファイル: check_agent_ip.php プロジェクト: jackpf/ossim-arc
Session::logcheck('environment-menu', 'EventsHidsConfig');
session_write_close();
$validation_errors = array();
$sensor_id = POST('sensor_id');
$asset_id = POST('asset_id');
$token = POST('token');
$_REQUEST['ip_cidr'] = strtolower(REQUEST('ip_cidr'));
$ip_cidr = REQUEST('ip_cidr');
$validate = array('sensor_id' => array('validation' => "OSS_HEX", 'e_message' => 'illegal:' . _('Sensor ID')), 'asset_id' => array('validation' => "OSS_HEX", 'e_message' => 'illegal:' . _('Asset')), 'ip_cidr' => array('validation' => 'OSS_IP_ADDRCIDR', 'e_message' => 'illegal:' . _('IP/CIDR')));
if ($ip_cidr == 'any') {
    $validate['ip_cidr'] = array('validation' => 'any', 'e_message' => 'illegal:' . _('IP/CIDR'));
}
$db = new ossim_db();
$conn = $db->connect();
//Check Token
if (!Token::verify('tk_f_agents', $token)) {
    $error = Token::create_error_message();
    Util::response_bad_request($error);
}
$validation_errors = validate_form_fields('POST', $validate);
//Extra validations
if (empty($validation_errors['sensor_id']) && !Ossec_utilities::is_sensor_allowed($conn, $sensor_id)) {
    $validation_errors['sensor_id'] = sprintf(_("Sensor %s not allowed. Please check with your account admin for more information"), Av_sensor::get_name_by_id($conn, $sensor_id));
}
if (is_array($validation_errors) && !empty($validation_errors)) {
    $error_msg = "<div style='text-align: left;'>" . _('The following errors occurred') . ":</div>\n                  <div style='padding-left:15px; text-align: left;'>" . implode('<br/>', $validation_errors) . "</div>";
    $error = Token::create_error_message();
    Util::response_bad_request($error_msg);
}
$warning_msg = '';
//Validate IP/CIDR