function add_note($conn, $type)
{
$validate = array('asset_id' => array('validation' => 'OSS_HEX', 'e_message' => 'illegal:' . _('Asset ID')), 'txt' => array('validation' => 'OSS_TEXT, OSS_PUNC_EXT', 'e_message' => 'illegal:' . _('Note text')));
$validation_errors = validate_form_fields('POST', $validate);
if (is_array($validation_errors) && !empty($validation_errors)) {
Av_exception::throw_error(Av_exception::USER_ERROR, _('Error! Note could not be added'));
}
$asset_id = POST('asset_id');
$txt = POST('txt');
// Check Asset Type
$asset_types = array('asset' => 'asset_host', 'network' => 'asset_net', 'group' => 'asset_group', 'net_group' => 'net_group');
// Note type
$type_tr = array('group' => 'host_group', 'network' => 'net', 'asset' => 'host', 'net_group' => 'net_group');
$class_name = $asset_types[$type];
$asset_type = $type_tr[$type];
// Check Asset Permission
if (method_exists($class_name, 'is_allowed') && !$class_name::is_allowed($conn, $asset_id)) {
$error = sprintf(_('Error! %s is not allowed'), ucwords($type));
Av_exception::throw_error(Av_exception::USER_ERROR, $error);
}
$note_id = Notes::insert($conn, $asset_type, gmdate('Y-m-d H:i:s'), $asset_id, $txt);
if (intval($note_id) > 0) {
$tz = Util::get_timezone();
$data['msg'] = _('Note added successfully');
$data['id'] = $note_id;
$data['note'] = $txt;
$data['date'] = gmdate('Y-m-d H:i:s', Util::get_utc_unixtime(gmdate('Y-m-d H:i:s')) + 3600 * $tz);
$data['user'] = Session::get_session_user();
$data['editable'] = 1;
} else {
Av_exception::throw_error(Av_exception::USER_ERROR, _('Error! Note could not be added'));
}
return $data;
}
function calc_events_trend($conn)
{
$tz = Util::get_timezone();
$timetz = gmdate("U") + 3600 * $tz - 3600;
$values = SIEM_trend($conn);
$data = array();
$label = array();
for ($i = 0; $i < 60; $i++) {
//Data
$h = gmdate("i", $timetz + 60 * $i);
$h = preg_replace("/^0/", '', $h);
$data[] = $values[$h] != "" ? $values[$h] : 0;
//Label
$label[] = gmdate("Y-m-d H:i", $timetz + 60 * $i);
}
return array($label, $data);
}
/**
*
* License:
*
* Copyright (c) 2003-2006 ossim.net
* Copyright (c) 2007-2013 AlienVault
* All rights reserved.
*
* This package is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; version 2 dated June, 1991.
* You may not use, modify or distribute this program under any other version
* of the GNU General Public License.
*
* This package is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this package; if not, write to the Free Software
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
* MA 02110-1301 USA
*
*
* On Debian GNU/Linux systems, the complete text of the GNU General
* Public License can be found in `/usr/share/common-licenses/GPL-2'.
*
* Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt
*
*/
function normalize_date($from_date, $to_date)
{
// Format correction
$from_date = preg_replace("/(\\d\\d)\\/(\\d\\d)\\/(\\d\\d\\d\\d)/", "\\3-\\2-\\1", $from_date);
$to_date = preg_replace("/(\\d\\d)\\/(\\d\\d)\\/(\\d\\d\\d\\d)/", "\\3-\\2-\\1", $to_date);
// Timezone correction
$tz = Util::get_timezone();
if ($tz != 0) {
$from_date = gmdate("Y-m-d H:i:s", Util::get_utc_unixtime("{$from_date} 00:00:00") + -3600 * $tz);
$to_date = gmdate("Y-m-d H:i:s", Util::get_utc_unixtime("{$to_date} 23:59:59") + -3600 * $tz);
}
if (!preg_match("/\\d+\\:\\d+:\\d+/", $from_date)) {
$from_date .= " 00:00:00";
}
if (!preg_match("/\\d+\\:\\d+:\\d+/", $to_date)) {
$to_date .= " 23:59:59";
}
return array($from_date, $to_date);
}
function SIEM_trend($conn)
{
require_once '../../dashboard/sections/widgets/data/sensor_filter.php';
$tz = Util::get_timezone();
$tzc = Util::get_tzc($tz);
$data = array();
$fringe = gmdate('U') - 86400;
$fringe = gmdate('Y-m-d H:00:00', $fringe);
$ctx_where = Session::get_ctx_where() != '' ? " AND ctx IN (" . Session::get_ctx_where() . ")" : "";
list($join, $where) = make_asset_filter('event');
$sql = "SELECT sum(cnt) as num_events, convert_tz(timestamp,'+00:00','{$tzc}') as hour\n\t\t\t\tFROM alienvault_siem.ac_acid_event acid_event {$join}\n\t\t\t\tWHERE 1=1 {$where} {$ctx_where} AND timestamp >= '{$fringe}' \n\t\t\t\tGROUP BY hour\n\t\t\t\tORDER BY timestamp ASC";
$rg = $conn->Execute($sql);
if (!$rg) {
print $conn->ErrorMsg();
} else {
while (!$rg->EOF) {
$data[$rg->fields['hour']] = $rg->fields['num_events'];
$rg->MoveNext();
}
}
return $data;
}
function DisplayProcessing()
{
global $self;
global $ListNOption;
global $TopNOption;
global $OutputFormatOption;
global $IPStatOption;
global $IPStatOrder;
global $LimitScale;
require_once 'av_init.php';
$geoloc = new Geolocation("/usr/share/geoip/GeoLiteCity.dat");
$db_aux = new ossim_db();
$conn_aux = $db_aux->connect();
$aux_ri_interfaces = Remote_interface::get_list($conn_aux, "WHERE status = 1");
$ri_list = $aux_ri_interfaces[0];
$ri_total = $aux_ri_interfaces[1];
$ri_data = array();
if ($ri_total > 0) {
foreach ($ri_list as $r_interface) {
$ri_data[] = array("name" => $r_interface->get_name(), "id" => "web_interfaces", "target" => "_blank", "url" => $r_interface->get_ip());
}
}
$type = $detail_opts['type'] == "flows" ? 0 : ($detail_opts['type'] == "packets" ? 1 : 2);
if ($ri_total >= 0) {
echo '<a name="processing"></a>';
}
$detail_opts = $_SESSION['detail_opts'];
$process_form = $_SESSION['process_form'];
?>
<table style='width:100%;margin-top:15px;margin-bottom:5px;border:none'><tr>
<td class='nobborder'><b><?php
echo _("Netflow Processing");
?>
</b></td>
<td class='noborder nfsen_menu'>
<a href='javascript:lastsessions()'><?php
echo _("List last 500 sessions");
?>
</a> |
<a href='javascript:launch("2","<?php
echo $type;
?>
")'><?php
echo _("Top 10 Src IPs");
?>
</a> |
<a href='javascript:launch("3","<?php
echo $type;
?>
")'><?php
echo _("Top 10 Dst IPs");
?>
</a> |
<a href='javascript:launch("5","<?php
echo $type;
?>
")'><?php
echo _("Top 10 Src Port");
?>
</a> |
<a href='javascript:launch("6","<?php
echo $type;
?>
")'><?php
echo _("Top 10 Dst Port");
?>
</a> |
<a href='javascript:launch("13","<?php
echo $type;
?>
")'><?php
echo _("Top 10 Proto");
?>
</a>
</td></tr></table>
<form action="<?php
echo $self;
?>
" onSubmit="return ValidateProcessForm()" id="FlowProcessingForm" method="POST" laction="<?php
echo $self;
?>
">
<?php
if (preg_match("/^\\d+\$/", $_SESSION['tend'])) {
?>
<input type="hidden" name="tend" value="<?php
echo intval($_SESSION['tend']);
?>
" />
<?php
}
if (preg_match("/^\\d+\$/", $_SESSION['tleft'])) {
?>
<input type="hidden" name="tleft" value="<?php
echo intval($_SESSION['tleft']);
?>
" />
<?php
}
if (preg_match("/^\\d+\$/", $_SESSION['tright'])) {
?>
<input type="hidden" name="tright" value="<?php
echo intval($_SESSION['tright']);
?>
" />
<?php
}
if ($_SESSION["detail_opts"]["cursor_mode"] != "") {
?>
<input type="hidden" name="cursor_mode" value="<?php
echo Util::htmlentities($_SESSION["detail_opts"]["cursor_mode"]);
?>
" />
<?php
}
if ($_SESSION["detail_opts"]["wsize"] != "") {
?>
<input type="hidden" name="wsize" value="<?php
echo Util::htmlentities($_SESSION["detail_opts"]["wsize"]);
?>
" />
<?php
}
if ($_SESSION["detail_opts"]["logscale"] != "") {
?>
<input type="hidden" name="logscale" value="<?php
echo Util::htmlentities($_SESSION["detail_opts"]["logscale"]);
?>
" />
<?php
}
if ($_SESSION["detail_opts"]["linegraph"] != "") {
?>
<input type="hidden" name="linegraph" value="<?php
echo Util::htmlentities($_SESSION["detail_opts"]["linegraph"]);
?>
" />
<?php
}
?>
<input type="hidden" name="login" value="<?php
echo Util::htmlentities($_SESSION["_remote_login"]);
?>
" />
<table class='nfsen_filters'>
<tr>
<th class="thold"><?php
echo _("Source");
?>
</th>
<th class="thold"><?php
echo _("Filter");
?>
</th>
<th class="thold"><?php
echo _("Options");
?>
</th>
</tr>
<tr>
<td style='vertical-align:top'>
<select name="srcselector[]" id='SourceSelector' size="6" style="width: 100%" multiple='multiple'>
<?php
foreach ($process_form['srcselector'] as $selected_channel) {
$_tmp[$selected_channel] = 1;
}
$i = 0;
foreach ($_SESSION['profileinfo']['channel'] as $channel) {
$channel_name = $channel['name'];
$checked = array_key_exists($channel['id'], $_tmp) ? 'selected' : '';
echo "<OPTION value='" . Util::htmlentities($channel['id']) . "' {$checked}>{$channel_name}</OPTION>\n";
}
?>
</select>
<div style='margin: 5px auto'>
<input class="small av_b_secondary" type="button" name="JSbutton2" value="All Sources" onClick="SelectAllSources()"/>
</div>
</td>
<td style="vertical-align:top;">
<textarea name="filter" id="filter" multiline="true" wrap="phisical" rows="6" cols="50" maxlength="10240"><?php
if (is_array($process_form)) {
$display_filter = array_key_exists('editfilter', $process_form) ? $process_form['editfilter'] : $process_form['filter'];
} else {
$display_filter = array();
}
if (count($display_filter) < 1 && GET('ip') != "" && GET('ip2') != "") {
$display_filter[0] = "(src ip " . GET('ip') . " and dst ip " . GET('ip2') . ") or (src ip " . GET('ip2') . " and dst ip " . GET('ip') . ")";
} elseif (count($display_filter) < 1 && GET('ip') != "") {
$display_filter[0] = "src ip " . GET('ip') . " or dst ip " . GET('ip');
} elseif (preg_match("/(\\d+\\.\\d+\\.\\d+\\.\\d+)/", $display_filter[0]) && GET('ip') != "" && GET('ip2') != "") {
$ip1 = GET('ip');
$ip2 = GET('ip2');
$filter = "(src ip {$ip1} and dst ip {$ip2}) or (src ip {$ip2} and dst ip {$ip1})";
$display_filter[0] = preg_replace("/\\(src ip \\d+\\.\\d+\\.\\d+\\.\\d+ and dst ip \\d+\\.\\d+\\.\\d+\\.\\d+\\) or \\(src ip \\d+\\.\\d+\\.\\d+\\.\\d+ and dst ip \\d+\\.\\d+\\.\\d+\\.\\d+\\)/", $filter, $display_filter[0]);
$display_filter[0] = preg_replace("/src ip \\d+\\.\\d+\\.\\d+\\.\\d+ or dst ip \\d+\\.\\d+\\.\\d+\\.\\d+/", $filter, $display_filter[0]);
} elseif (preg_match("/(\\d+\\.\\d+\\.\\d+\\.\\d+)/", $display_filter[0]) && GET('ip') != "") {
$filter = "src ip " . GET('ip') . " or dst ip " . GET('ip');
$display_filter[0] = preg_replace("/\\(src ip \\d+\\.\\d+\\.\\d+\\.\\d+ and dst ip \\d+\\.\\d+\\.\\d+\\.\\d+\\) or \\(src ip \\d+\\.\\d+\\.\\d+\\.\\d+ and dst ip \\d+\\.\\d+\\.\\d+\\.\\d+\\)/", $filter, $display_filter[0]);
$display_filter[0] = preg_replace("/src ip \\d+\\.\\d+\\.\\d+\\.\\d+ or dst ip \\d+\\.\\d+\\.\\d+\\.\\d+/", $filter, $display_filter[0]);
}
foreach ($display_filter as $line) {
print str_replace("&", "&", Util::htmlentities(stripslashes($line))) . "\n";
}
?>
</textarea>
<?php
$deletefilter_display_style = is_array($process_form) && array_key_exists('editfilter', $process_form) ? '' : 'style="display:none;"';
?>
<input type="image" name="filter_delete" id="filter_delete" title="<?php
echo _("Delete filter");
?>
" align="right"
onClick="HandleFilter(3)" value="" src="icons/trash.png" <?php
echo $deletefilter_display_style;
?>
>
<!-- <input type="image" name="filter_save" id="filter_save" title="Save filter" align="right"
onClick="HandleFilter(2)"
value="" src="icons/save.png"> -->
<input type="hidden" name="filter_name" id="filter_name" value="none">
<div style='margin: 5px auto'>
<span id="filter_span">and</span>
<select name="DefaultFilter" id="DefaultFilter" onChange="HandleFilter(0)" size="1">
<?php
print "<option value='-1' label='none'><none></option>\n";
foreach ($_SESSION['DefaultFilters'] as $name) {
$checked = $process_form['DefaultFilter'] == $name ? 'selected' : '';
print "<option value='" . Util::htmlentities($name) . "' {$checked}>" . Util::htmlentities($name) . "</option>\n";
}
$editfilter_display_style = 'style="display:none;"';
foreach ($_SESSION['DefaultFilters'] as $name) {
if ($process_form['DefaultFilter'] == $name) {
$editfilter_display_style = '';
}
}
?>
</select>
<input type="image" name="filter_save" id="filter_save" title="<?php
echo _("Save filter");
?>
"
onClick="HandleFilter(2)" value="" src="icons/save.png" border="0" align="absmiddle">
<input type="image" name="filter_edit" id="filter_edit" title="Edit filter" <?php
echo $editfilter_display_style;
?>
onClick="HandleFilter(1)" value="" src="icons/edit.png">
</div>
<script language="Javascript" type="text/javascript">
var DefaultFilters = new Array();
<?php
foreach ($_SESSION['DefaultFilters'] as $name) {
print "DefaultFilters.push('" . Util::htmlentities($name) . "');\n";
}
if (array_key_exists('editfilter', $process_form)) {
print "edit_filter = '" . Util::htmlentities($process_form['DefaultFilter']) . "';\n";
}
?>
</script>
</td>
<!-- Options start here -->
<td style='padding: 0px;vertical-align:top;border:none;'>
<table border="0" id="ProcessOptionTable" style="font-size:14px;font-weight:bold;width:100%;border:none">
<tr>
<td class='TDnfprocLabel' style='white-space:nowrap'>
<?php
$i = 0;
foreach (array('List Flows', 'Stat TopN') as $s) {
$checked = $process_form['modeselect'] == $i ? 'checked' : '';
print "<input type='radio' onClick='SwitchOptionTable({$i})' name='modeselect' id='modeselect{$i}' value='{$i}' {$checked}>{$s} ";
$i++;
}
$list_display_style = $process_form['modeselect'] == 0 ? '' : 'style="display:none;"';
$stat_display_style = $process_form['modeselect'] == 0 ? 'style="display:none;"' : '';
$formatselect_display_opts = $process_form['modeselect'] == 1 && $process_form['stattype'] != 0 ? 'style="display:none;"' : '';
?>
</td>
<td class='TDnfprocControl' >
<table class='noborder' style='margin: auto;'>
<tr>
<td class='nobborder'><input class="small av_b_secondary" type="button" name="JSbutton1" value="<?php
echo _("Clear Form");
?>
" onClick="ResetProcessingForm()"/></td>
<td class='nobborder'><input class="small" type="submit" name="process" value="<?php
echo _("Process");
?>
" id="process_button" onClick="clean_remote_data();form_ok=true;" size="1"/></td>
<?php
if (count($RemoteInterfacesData) > 0 && !isset($_POST['login'])) {
?>
<td class='nobborder'><input type="button" name="remote_process" value="<?php
echo _("Remote Process");
?>
" id="remote_process_button" onclick="$('#rinterfaces').toggle()"/>
<div id='container_rmp' style='position:relative;'>
<div id="rinterfaces" style="position:absolute; top:0; right:0;display:none; margin:1px 0px 0px 2px; text-align:right;">
<?php
foreach ($RemoteInterfacesData as $data) {
$short_name = strlen($data['name']) > 12 ? substr($data['name'], 0, 12) . "..." : $data['name'];
?>
<input type="button" onclick="remote_interface('<?php
echo $data["url"];
?>
')" style="width:180px; font-size: 11px;" title="<?php
echo $data["name"] . " [" . $data["url"] . "]";
?>
" value="<?php
echo $short_name . " [" . $data["url"] . "]";
?>
"/><br />
<?php
}
?>
</div>
</div>
</td>
<?php
}
?>
</tr>
</table>
</td>
</tr>
<tr id="listNRow" <?php
echo $list_display_style;
?>
>
<td class='TDnfprocLabel'><?php
echo _("Limit to");
?>
:</td>
<td class='TDnfprocControl'>
<select name="listN" id="listN" style="margin-left:1" size="1">
<?php
for ($i = 0; $i < count($ListNOption); $i++) {
$checked = $process_form['listN'] == $i ? 'selected' : '';
print "<OPTION value='{$i}' {$checked}>" . $ListNOption[$i] . "</OPTION>\n";
}
?>
</select><?php
echo _("Flows");
?>
<br>
</td>
</tr>
<tr id="topNRow" <?php
echo $stat_display_style;
?>
>
<td class='TDnfprocLabel'><?php
echo _("Top");
?>
:</td>
<td class='TDnfprocControl'>
<select name="topN" id="TopN" size="1">
<?php
for ($i = 0; $i < count($TopNOption); $i++) {
$checked = $process_form['topN'] == $i ? 'selected' : '';
print "<OPTION value='{$i}' {$checked}>" . $TopNOption[$i] . "</OPTION>\n";
}
?>
</select>
</td>
</tr>
<tr id="stattypeRow" <?php
echo $stat_display_style;
?>
>
<td class="TDnfprocLabel"><?php
echo _("Stat");
?>
:</td>
<td class="TDnfprocControl">
<select name="stattype" id="StatTypeSelector" onChange="ShowHideOptions()" size="1">
<?php
for ($i = 0; $i < count($IPStatOption); $i++) {
$checked = $process_form['stattype'] == $i ? 'selected' : '';
print "<OPTION value='{$i}' {$checked}>" . $IPStatOption[$i] . "</OPTION>\n";
}
?>
</select>
order by
<select name='statorder' id="statorder" size='1'>
<?php
for ($i = 0; $i < count($IPStatOrder); $i++) {
$checked = $process_form['statorder'] == $i ? 'selected' : '';
print "<OPTION value='{$i}' {$checked}>" . $IPStatOrder[$i] . "</OPTION>\n";
}
?>
</select>
</td>
</tr>
<tr id="AggregateRow" <?php
echo $formatselect_display_opts;
?>
>
<td class='TDnfprocLabel'><?php
echo _("Aggregate");
?>
</td>
<td class='TDnfprocControl'>
<input type="checkbox" name="aggr_bidir" id="aggr_bidir" value="checked" onClick="ToggleAggregate();"
style="margin-left:1" <?php
echo Util::htmlentities($process_form['aggr_bidir']);
?>
> <?php
echo _("bi-directional");
?>
<br>
<input type="checkbox" name="aggr_proto" id="aggr_proto" value="checked"
style="margin-left:1" <?php
echo Util::htmlentities($process_form['aggr_proto']);
?>
> <?php
echo _("proto");
?>
<br>
<input type="checkbox" name="aggr_srcport" id="aggr_srcport" value="checked"
style="margin-left:1" <?php
echo Util::htmlentities($process_form['aggr_srcport']);
?>
> <?php
echo _("srcPort");
?>
<input type="checkbox" name="aggr_srcip" id="aggr_srcip" value="checked"
style="margin-left:1" <?php
echo Util::htmlentities($process_form['aggr_srcip']);
?>
>
<select name="aggr_srcselect" id="aggr_srcselect" onChange="NetbitEntry('src')" size="1">
<?php
$i = 0;
foreach (array('srcIP', 'srcIPv4/', 'srcIPv6/') as $s) {
$checked = $process_form['aggr_srcselect'] == $i ? 'selected' : '';
print "<option value='{$i}' {$checked}>{$s}</option>\n";
$i++;
}
$_style = $process_form['aggr_srcselect'] == 0 ? 'style="display:none"' : '';
?>
</select>
<input size="3" type="text" name="aggr_srcnetbits" id="aggr_srcnetbits"
value="<?php
echo Util::htmlentities($process_form['aggr_srcnetbits']);
?>
" <?php
echo $_style;
?>
><br>
<input type="checkbox" name="aggr_dstport" id="aggr_dstport" value="checked"
style="margin-left:1" <?php
echo Util::htmlentities($process_form['aggr_dstport']);
?>
> <?php
echo _("dstPort");
?>
<input type="checkbox" name="aggr_dstip" id="aggr_dstip" value="checked"
style="margin-left:1" <?php
echo Util::htmlentities($process_form['aggr_dstip']);
?>
>
<select name="aggr_dstselect" id="aggr_dstselect" onChange="NetbitEntry('dst')" size="1">
<?php
$i = 0;
foreach (array('dstIP', 'dstIPv4/', 'dstIPv6/') as $s) {
$checked = $process_form['aggr_dstselect'] == $i ? 'selected' : '';
print "<option value='{$i}' {$checked}>{$s}</option>\n";
$i++;
}
$_style = $process_form['aggr_dstselect'] == 0 ? 'style="display:none"' : '';
?>
</select>
<input size="3" type="text" name="aggr_dstnetbits" id="aggr_dstnetbits"
value="<?php
echo Util::htmlentities($process_form['aggr_dstnetbits']);
?>
" <?php
echo $_style;
?>
><br>
</td>
</tr>
<tr id="timesortedRow" <?php
echo $list_display_style;
?>
>
<td class='TDnfprocLabel'><?php
echo _("Sort");
?>
:</td>
<td class='TDnfprocControl'>
<input type="checkbox" name="timesorted" id="timesorted" value="checked"
style="margin-left:1" <?php
echo Util::htmlentities($process_form['timesorted']);
?>
>
<?php
echo _("start time of flows");
?>
</td>
</tr>
<tr id="limitoutputRow" <?php
echo $stat_display_style;
?>
>
<td class='TDnfprocLabel'><?php
echo _("Limit");
?>
:</td>
<td class='TDnfprocControl'>
<input type="checkbox" name="limitoutput" id="limitoutput" value="checked" style="margin-left:1"
size="1" <?php
echo Util::htmlentities($process_form['limitoutput']);
?>
>
<select name="limitwhat" id="limitwhat" size="1">
<?php
$i = 0;
foreach (array(gettext("Packets"), gettext("Traffic")) as $s) {
$checked = $process_form['limitwhat'] == $i ? 'selected' : '';
print "<option value='{$i}' {$checked}>{$s}</option>\n";
$i++;
}
?>
</select>
<select name="limithow" id="limithow" size="1">
<?php
$i = 0;
foreach (array('>', '<') as $s) {
$checked = $process_form['limithow'] == $i ? 'selected' : '';
print "<option value='{$i}' {$checked}>{$s}</option>\n";
$i++;
}
?>
</select>
<input type="text" name="limitsize" id="limitsize" value="<?php
echo Util::htmlentities($process_form['limitsize']);
?>
" SIZE="6" MAXLENGTH="8">
<select name="limitscale" id="limitscale" size="1" style="margin-left:1">
<?php
$i = 0;
foreach ($LimitScale as $s) {
$checked = $process_form['limitscale'] == $i ? 'selected' : '';
print "<option value='{$i}' {$checked}>{$s}</option>\n";
$i++;
}
?>
</select>
</td>
</tr>
<tr id="outputRow">
<td class='TDnfprocLabel'><?php
echo _("Output");
?>
:</td>
<td class='TDnfprocControl'>
<span id="FormatSelect" <?php
echo $formatselect_display_opts;
?>
>
<select name="output" id="output" onChange="CustomOutputFormat()" style="margin-left:1" size="1">
<?php
foreach ($_SESSION['formatlist'] as $key => $value) {
$checked = $process_form['output'] == $key ? 'selected' : '';
print "<OPTION value='" . Util::htmlentities($key) . "' {$checked}>" . Util::htmlentities($key) . "</OPTION>\n";
}
$fmt = $_SESSION['formatlist'][$process_form['output']];
if ($process_form['output'] == $fmt) {
// built in format
$space_display_style = '';
$edit_display_style = 'style="display:none"';
} else {
$space_display_style = 'style="display:none"';
$edit_display_style = '';
}
?>
</select>
<script language="Javascript" type="text/javascript">
var fmts = new Hash();
<?php
foreach ($_SESSION['formatlist'] as $key => $value) {
print "fmts.setItem('" . Util::htmlentities($key) . "', '" . Util::htmlentities($value) . "');\n";
}
?>
</script>
<img src="icons/space.png" border="0" alt='space' id='space' <?php
echo $space_display_style;
?>
/>
<a href="#null" onClick="EditCustomFormat()"
title="<?php
echo _("Edit format");
?>
" ><IMG SRC="icons/edit.png" name="fmt_doedit" id="fmt_doedit" border="0"
<?php
echo $edit_display_style;
?>
alt="Edit format"></a>
</span>
<input type="checkbox" name="IPv6_long" id="IPv6_long" style="margin-left:1" value="checked" <?php
echo Util::htmlentities($process_form['IPv6_long']);
?>
>
/ <?php
echo _("IPv6 long");
?>
<?php
$fmt_edit_display_style = $process_form['output'] == 'custom ...' ? '' : 'style="display:none"';
?>
<span id="fmt_edit" <?php
echo $fmt_edit_display_style;
?>
>
<br><?php
echo _("Enter custom output format");
?>
:<br>
<input size="30" type="text" name="customfmt" id="customfmt"
value="<?php
echo Util::htmlentities($process_form['customfmt']);
?>
" >
<input type="image" name="fmt_save" id="fmt_save" title="<?php
echo _("Save format");
?>
"
onClick="SaveOutputFormat()"
value="" src="icons/save.png">
<input type="image" name="fmt_delete" id="fmt_delete" title="<?php
echo _("Delete format");
?>
"
onClick="DeleteOutputFormat()"
value="" src="icons/trash.png" <?php
echo $edit_display_style;
?>
>
</span>
</td>
</tr>
</table>
</td>
</tr>
<!--
<tr>
<td></td><td></td>
<td align="right" style="border:none">
<input type="button" name="JSbutton1" value="<?php
echo _("Clear Form");
?>
" onClick="ResetProcessingForm()">
<input type="submit" name="process" value="<?php
echo _("process");
?>
" id="process_button" onClick="form_ok=true;" size="1">
</td>
</tr>
-->
</table>
</form>
<div id="lookupbox">
<div id="lookupbar" align="right" style="background-color:olivedrab"><img src="icons/close.png"
onmouseover="this.style.cursor='pointer';" onClick="hidelookup()" title="Close lookup box"></div>
<iframe id="cframe" src="" frameborder="0" scrolling="auto" width="100%" height="166"></iframe>
</div>
<?php
if (!array_key_exists('run', $_SESSION)) {
return;
}
print "<div class='flowlist'>\n";
$run = $_SESSION['run'];
if ($run != null) {
$filter = $process_form['filter'];
if ($process_form['DefaultFilter'] != -1) {
$cmd_opts['and_filter'] = $process_form['DefaultFilter'];
}
$cmd_opts['type'] = ($_SESSION['profileinfo']['type'] & 4) > 0 ? 'shadow' : 'real';
$cmd_opts['profile'] = $_SESSION['profileswitch'];
$cmd_opts['srcselector'] = implode(':', $process_form['srcselector']);
#print "<pre>\n";
$patterns = array();
$replacements = array();
$patterns[0] = '/(\\s*)([^\\s]+)/';
$replacements[0] = "\$1<a href='#null' onClick='lookup(\"\$2\", this, event)' title='lookup \$2'>\$2</a>";
// gets HAP4NfSens plugin id. returns -1 if HAP4NfSen is not installed.
function getHAP4NfSenId()
{
$plugins = GetPlugins();
for ($i = 0; $i < count($plugins); $i++) {
$plugin = $plugins[$i];
if ($plugin == "HAP4NfSen") {
return $i;
}
}
return -1;
}
ClearMessages();
$cmd_opts['args'] = "-T {$run}";
$cmd_opts['filter'] = $filter;
$titcol = get_tit_col($run);
$cmd_out = nfsend_query("run-nfdump", $cmd_opts);
if (!is_array($cmd_out)) {
ShowMessages();
} else {
$conf = $GLOBALS["CONF"];
$solera = $conf->get_conf("solera_enable", FALSE) ? true : false;
$db = new ossim_db();
$conn = $db->connect();
$sensors = $hosts = $ossim_servers = array();
$tz = Util::get_timezone();
list($hosts, $host_ids) = Asset_host::get_basic_list($conn, array(), TRUE);
$entities = Session::get_all_entities($conn);
$_sensors = Av_sensor::get_basic_list($conn);
foreach ($_sensors as $s_id => $s) {
$sensors[$s['ip']] = $s['name'];
}
/*$hap4nfsen_id = getHAP4NfSenId();
if ($hap4nfsen_id >= 0) {
// ICMP "port" filter are no currently supported by the HAP4NfSen plugin
function isChecked(&$form, $name) { // helper function used to find out, if an option is checked
return $form[$name]=="checked";
}
$ip_and_port_columns = preg_match('/(flow records)/i', $IPStatOption[$process_form['stattype']]) &&
((isChecked($process_form,'aggr_srcip') && isChecked($process_form,'aggr_srcport')) ||
(isChecked($process_form,'aggr_dstip') && isChecked($process_form,'aggr_dstport')));
$ip_contains_port = $_SESSION["process_form"]["modeselect"]=='0' || !preg_match('/[ip|flow_records]/i', $IPStatOption[$process_form['stattype']]) ||
(preg_match('/(flow records)/i', $IPStatOption[$process_form['stattype']]) && !( // no boxes checked
isChecked($process_form,'aggr_srcip') || isChecked($process_form,'aggr_srcport') ||
isChecked($process_form,'aggr_dstip') || isChecked($process_form,'aggr_dstport')));
$_SESSION["plugin"][$hap4nfsen_id]["cmd_opts"] = $cmd_opts;
$hap_pic = "<img src=\"plugins/HAP4NfSen/graphviz.png\" valign=\"middle\" border=\"0\" alt=\"HAP\" />";
$default_pattern = array_pop($patterns);
$default_replacement = array_pop($replacements);
if ($ip_contains_port) { // matches cases like ip:port
$max_prot_length = 5; // max. port length = 5 chars(highest port number = 65535)
for ($i=$max_prot_length;$i>=1;$i--) {
$diff = ($max_prot_length-$i); // difference between actual and max port length
$ip_port_pattern_icmp = "/(\s*)([^\s|^:]+)(:)(0\s{4}|\d\.\d\s{2}|\d{2}\.\d\|\d\.\d{2}\s|\d{2}\.\d{2})/";
$ip_port_pattern_normal = "/(\s*)([^\s|^:]+)(:)([\d|\.]{{$i}})(\s{{$diff}})/";
$spaces = '';
for ($k=0;$k<$diff;$k++) {$spaces = $spaces . ' ';} // spaces required to align hap viewer icons
array_push($patterns, $ip_port_pattern_icmp);
array_push($replacements, $default_replacement .
"$3$4 <a href=\"nfsen.php?tab=5&sub_tab=" . $hap4nfsen_id . "&ip=$2&mode=new\" title='HAP graphlet for $2'>$hap_pic</a> ");
array_push($patterns, $ip_port_pattern_normal);
array_push($replacements, $default_replacement .
"$3$4$spaces <a href=\"nfsen.php?tab=5&sub_tab=" . $hap4nfsen_id . "&ip=$2&port=$4&mode=new\" title='HAP graphlet for $2 on port $4'>$hap_pic</a> ");
}
array_push($patterns, '/(\sIP\sAddr:Port)/i');
array_push($replacements, "$1 $hap_pic");
} else {
if ($ip_and_port_columns) { // matches cases when both ip and port are available but are located in separate columns
// ICMP verion
$ip_and_port_pattern = "/(\s*)([^\s]+)(\s+)(0|\d\.\d)/";
$ip_and_port_replacement = "$1$2$3$4 " .
"<a href=\"nfsen.php?tab=5&sub_tab=" . $hap4nfsen_id . "&ip=$2&mode=new\" title='HAP graphlet for $2'>$hap_pic</a>";
array_push($patterns, $ip_and_port_pattern);
array_push($replacements, $ip_and_port_replacement);
// non-ICMP version with port filter
$ip_and_port_pattern = "/(\s*)([^\s]+)(\s*)([\d|.]+)/";
$ip_and_port_replacement = "$1$2$3$4 " .
"<a href=\"nfsen.php?tab=5&sub_tab=" . $hap4nfsen_id . "&ip=$2&port=$4&mode=new\" title='HAP graphlet for $2 on port $4'>$hap_pic</a>";
array_push($patterns, $ip_and_port_pattern);
array_push($replacements, $ip_and_port_replacement);
array_push($patterns, '/(\s\s(Src\sIP\sAddr\s*Src\sPt|Dst\sIP\sAddr\s*Dst\sPt))/i');
array_push($replacements, "$1 $hap_pic");
} else { // matches all other cases
array_push($patterns, $default_pattern);
array_push($replacements, $default_replacement .
" <a href=\"nfsen.php?tab=5&sub_tab=" . $hap4nfsen_id . "&ip=$2&mode=new\" title='HAP graphlet for $2'>$hap_pic</a>");
array_push($patterns, '/(\s(|\s(Src|Dst))\sIP\sAddr)/i');
array_push($replacements, "$1 $hap_pic");
}
}
}
if ( array_key_exists('arg', $cmd_out) ) {
print "** nfdump " . $cmd_out['arg'] . "\n";
}
if ( array_key_exists('filter', $cmd_out) ) {
print "nfdump filter:\n";
foreach ( $cmd_out['filter'] as $line ) {
print "$line\n";
}
}
foreach ( $cmd_out['nfdump'] as $line ) {
print preg_replace($patterns, $replacements, $line) . "\n";
}*/
# parse command line
#2009-12-09 17:08:17.596 40.262 TCP 192.168.1.9:80 -> 217.126.167.80:51694 .AP.SF 0 70 180978 1 35960 2585 1
$list = preg_match("/\\-o extended/", $cmd_out['arg']) ? 1 : 0;
$regex = $list ? "/(\\d\\d\\d\\d\\-.*?\\s.*?)\\s+(.*?)\\s+(.*?)\\s+(.*?)\\s+->\\s+(.*?)\\s+(.*?)\\s+(.*?)\\s+(.*?)\\s+(.*?\\s*[KMG]?)\\s+(.*?)\\s+(.*?)\\s+(.*?)\\s+(.*)/" : "/(\\d\\d\\d\\d\\-.*?\\s.*?)\\s+(.*?)\\s+(.*?)\\s+(.*?)\\s+(.*?)\\s+(.*?)\\s+(.*?\\s*[KMGT]?)\\s+(.*?)\\s+(.*?)\\s+(.*)/";
echo '<div class="nfsen_list_title">' . _('Flows Info') . '</div>';
echo "<table class='table_list'>";
$geotools = false;
if ($list && file_exists("../kml/GoogleEarth.php")) {
$geotools = true;
$geoips = array();
$geotools_src = " <a href='' onclick='window.open(\"../kml/TourConfig.php?type=ip_src&ip=&flows=1\",\"Flows sources - Goggle Earth API\",\"width=1024,height=700,scrollbars=NO,toolbar=1\");return false'><img align='absmiddle' src='../pixmaps/google_earth_icon.png' border='0'></a> <a href='' onclick='window.open(\"../kml/IPGoogleMap.php?type=ip_src&ip=&flows=1\",\"Flows sources - Goggle Maps API\",\"width=1024,height=700,scrollbars=NO,toolbar=1\");return false'><img align='absmiddle' src='../pixmaps/google_maps_icon.png' border='0'></a>";
$geotools_dst = " <a href='' onclick='window.open(\"../kml/TourConfig.php?type=ip_dst&ip=&flows=1\",\"Flows destinations - Goggle Earth API\",\"width=1024,height=700,scrollbars=NO,toolbar=1\");return false'><img align='absmiddle' src='../pixmaps/google_earth_icon.png' border='0'></a> <a href='' onclick='window.open(\"../kml/IPGoogleMap.php?type=ip_dst&ip=&flows=1\",\"Flows destinations - Goggle Maps API\",\"width=1024,height=700,scrollbars=NO,toolbar=1\");return false'><img align='absmiddle' src='../pixmaps/google_maps_icon.png' border='0'></a>";
}
echo $list ? "\n \n <tr>\n <th>" . _("Date flow start") . "<br><span style='font-size:8px'>" . Util::timezone($tz) . "</style></th>\n <th>" . _("Duration") . "</th>\n <th>" . _("Proto") . "</th>\n <th>" . _("Src IP Addr:Port") . "{$geotools_src}</th>\n <th>" . _("Dst IP Addr:Port") . "{$geotools_dst}</th>\n <th>" . _("Flags") . "</th>\n <th>" . _("Tos") . "</th>\n <th>" . _("Packets") . "</th>\n <th>" . _("Bytes") . "</th>\n <th>" . _("pps") . "</th>\n <th>" . _("bps") . "</th>\n <th>" . _("Bpp") . "</th>\n <th>" . _("Flows") . "</th>\n \t" . ($solera ? "<th></th>" : "") . "\n </tr>" : "<tr>\n <th>" . _("Date flow seen") . "<br><span style='font-size:8px'>" . Util::timezone($tz) . "</style></th>\n <th>" . _("Duration") . "</th>\n <th>" . _("Proto") . "</th>\n <th>" . $titcol . "</th>\n <th>" . _("Flows") . "(%)</th>\n <th>" . _("Packets") . "(%)</th>\n <th>" . _("Bytes") . "(%)</th>\n <th>" . _("pps") . "</th>\n <th>" . _("bps") . "</th>\n <th>" . _("Bpp") . "</th>\n \t" . ($solera ? "<th></th>" : "") . "\n </tr>";
$status = $errors = array();
$rep = new Reputation();
//print_r($cmd_out['arg']);
//print_r($cmd_out['nfdump']);
foreach ($cmd_out['nfdump'] as $k => $line) {
#capture status
if (preg_match("/^(Summary|Time window|Total flows processed|Sys)\\:/", $line, $found)) {
$status[$found[1]] = str_replace($found[1] . ":", "", $line);
}
# capture errors
if (preg_match("/ error /i", $line, $found)) {
if (preg_match("/stat\\(\\) error/i", $line)) {
$errors[] = _('The netflow information you are trying to access either has not been processed yet or does not exist. Please check your date filters.');
Av_exception::write_log(Av_exception::USER_ERROR, $line);
} else {
$errors[] = $line;
}
}
# print results
$line = preg_replace("/\\(\\s(\\d)/", "(\\1", $line);
// Patch for ( 0.3)
$line = preg_replace("/(\\d)\\s*([KMGT])/", "\\1\\2", $line);
// Patch for 1.2 M(99.6)
$line = preg_replace("/(\\d+)(TCP|UDP|ICMP|IGMP)\\s/", "\\1 \\2 ", $line);
// Patch for 9.003TCP
$start = $end = $proto = "";
$ips = $ports = array();
if (preg_match($regex, preg_replace('/\\s*/', ' ', $line), $found)) {
echo "<tr class='tr_flow_data'>\n";
foreach ($found as $ki => $field) {
if ($ki > 0) {
$wrap = $ki == 1 ? "nowrap" : "";
$field = Util::htmlentities(preg_replace("/(\\:\\d+)\\.0\$/", "\\1", $field));
if (preg_match("/(\\d+\\.\\d+\\.\\d+\\.\\d+)(.*)/", $field, $fnd)) {
# match ip (resolve and geolocalize)
$ip = $fnd[1];
$port = $fnd[2];
list($name, $ctx, $host_id) = GetDataFromSingleIp($ip, $hosts);
if ($name == "" && $sensors[$ip] != "") {
$name = $sensors[$ip];
}
$output = Asset_host::get_extended_name($conn, $geoloc, $ip, $ctx, $host_id, '');
$homelan = $output['is_internal'] || $name != "" && $name != $ip;
$icon = $output['html_icon'];
# reputation info
if (!is_array($_SESSION["_repinfo_ips"][$ip])) {
$_SESSION["_repinfo_ips"][$ip] = $rep->get_data_by_ip($ip);
}
$rep_icon = Reputation::getrepimg($_SESSION["_repinfo_ips"][$ip][0], $_SESSION["_repinfo_ips"][$ip][1], $_SESSION["_repinfo_ips"][$ip][2], $ip);
$rep_bgcolor = Reputation::getrepbgcolor($_SESSION["_repinfo_ips"][$ip][0]);
$style_aux = $homelan ? 'style="font-weight:bold"' : '';
$bold_aux1 = $homelan ? '<b>' : '';
$bold_aux2 = $homelan ? '<b>' : '';
$field = '<div id="' . $ip . ';' . Util::htmlentities($name) . ';' . $host_id . '" id2="' . $ip . ';' . $ip . '" ctx="' . $ctx . '" class="HostReportMenu">' . $icon . ' <a ' . $style_aux . ' href="javascript:;">' . Util::htmlentities($name) . '</a>' . $bold_aux1 . $port . $bold_aux2 . ' ' . $rep_icon . '</div>';
$wrap = "nowrap style='{$rep_bgcolor}'";
$ips[] = $ip;
if ($geotools) {
if ($ki == 4) {
$geoips['ip_src'][$ip]++;
} elseif ($ki == 5) {
$geoips['ip_dst'][$ip]++;
}
}
$ports[] = str_replace(":", "", $port);
}
if (preg_match("/(\\d+-\\d+-\\d+ \\d+:\\d+:\\d+)(.*)/", $field, $fnd)) {
# match date
$start = $end = $fnd[1];
$time = strtotime($fnd[1]);
$field = Util::htmlentities(gmdate("Y-m-d H:i:s", $time + 3600 * $tz) . "." . $fnd[2]);
}
if (preg_match("/(TCP|UDP|ICMP|RAW)/", $field, $fnd)) {
# match date
$proto = strtolower($fnd[1]);
}
print "<td {$wrap}>{$field}</td>";
}
}
// solera deepsee integration
if ($solera) {
echo "<td><a href=\"javascript:;\" onclick=\"solera_deepsee('" . Util::htmlentities($start) . "','" . Util::htmlentities($end) . "','" . Util::htmlentities($ips[0]) . "','" . Util::htmlentities($ports[0]) . "','" . Util::htmlentities($ips[1]) . "','" . Util::htmlentities($ports[1]) . "','" . Util::htmlentities($proto) . "')\"><img src='/ossim/pixmaps/solera.png' border='0' align='absmiddle'></a></td>";
}
echo "</tr>\n";
}
}
echo "</table>";
if ($geotools) {
foreach ($geoips as $type => $list) {
$ipsfile = fopen("/var/tmp/flowips_" . Session::get_session_user() . ".{$type}", "w");
foreach ($list as $ip => $val) {
fputs($ipsfile, "{$ip}\n");
}
fclose($ipsfile);
}
}
#Summary: total flows: 20, total bytes: 7701, total packets: 133, avg bps: 60, avg pps: 0, avg bpp: 57
#Time window: 2009-12-10 08:21:30 - 2009-12-10 08:38:26
#Total flows processed: 21, Records skipped: 0, Bytes read: 1128
#Sys: 0.000s flows/second: 0.0 Wall: 0.000s flows/second: 152173.9
if (count($status) > 0) {
echo "<table class='transparent' style='margin-bottom:5px;width:100%'>";
foreach ($status as $key => $line) {
$line = preg_replace("/(Wall)\\:/", "<span class='th_summary'>\\1</span>", $line);
$line = preg_replace("/\\,\\s+(.*?)\\:/", " <span class='th_summary'>\\1</span>", $line);
echo "<tr>\n <td class='nobborder' style='padding: 4px;'>\n <span class='th_summary'>{$key}</span>\n {$line}\n </td>\n </tr>";
}
echo "</table>";
}
# stat() error '/home/dk/nfsen/profiles-data/live/device2/2009/12/10/nfcapd.200912100920': File not found!
if (count($errors) > 0) {
foreach ($errors as $line) {
echo "<div class='details_error'>" . _("ERROR FOUND: ") . "{$line}</div>";
}
}
$conn->disconnect();
}
#print "</pre>\n";
}
print "</div>\n";
$db_aux->close();
$geoloc->close();
return;
}
function main_page($viewall, $sortby, $sortdir)
{
global $uroles, $username, $dbconn, $hosts;
global $arruser, $user;
$tz = Util::get_timezone();
if ($sortby == "") {
$sortby = "id";
}
if ($sortdir == "") {
$sortdir = "DESC";
}
/* if ( $uroles['admin'] ) {
if($viewall == 1) {
echo " <a href='manage_jobs.php'>View My Schedules</a> | ";
} else {
echo " <a href='manage_jobs.php?viewall=1'>View All Schedules</a> | ";
}
} else {
$viewall = "1";
}*/
//echo "<a href='sched.php?op=reoccuring'>New Schedule</a> |<br><br>";
$sql_order = "order by {$sortby} {$sortdir}";
// if($viewall == 1) {
// $url_sortby="<a href=\"manage_jobs.php?viewall=1&sortby=";
// } else {
// $url_sortby="<a href=\"manage_jobs.php?sortby=";
// }
echo "<center>";
status($arruser, $user);
echo "<br>";
echo "<form>";
echo "<input type=\"button\" onclick=\"document.location.href='sched.php?smethod=schedule&hosts_alive=1&scan_locally=1'\" value=\"" . _("New Scan Job") . "\" class=\"button\">";
echo " ";
echo "<input type=\"button\" onclick=\"document.location.href='sched.php?smethod=inmediately&hosts_alive=1&scan_locally=1'\" value=\"" . _("Run Scan Now") . "\" class=\"button\">";
echo "</form>";
echo "</center>";
echo "<br>";
$schedulejobs = _("Scheduled Jobs");
echo <<<EOT
<center>
<table cellspacing="0" cellpadding="0" border="0" width="90%"><tr><td class="headerpr" style="border:0;">{$schedulejobs}</td></tr></table>
<table cellspacing="2" width="90%" summary="Job Schedules"
border=0 cellspacing="0" cellpadding="0">
EOT;
if ($sortdir == "ASC") {
$sortdir = "DESC";
} else {
$sortdir = "ASC";
}
$arr = array(_("Name"), _("Schedule Type"), _("Time"), _("Next Scan"), _("Status"));
// modified by hsh to return all scan schedules
if (in_array("admin", $arruser)) {
$query = "SELECT t2.name as profile, t1.meth_TARGET, t1.id, t1.name, t1.schedule_type, t1.meth_VSET, t1.meth_TIMEOUT, t1.username, t1.enabled, t1.next_CHECK, t1.email\n FROM vuln_job_schedule t1 LEFT JOIN vuln_nessus_settings t2 ON t1.meth_VSET=t2.id ";
} else {
$query = "SELECT t2.name as profile, t1.meth_TARGET, t1.id, t1.name, t1.schedule_type, t1.meth_VSET, t1.meth_TIMEOUT, t1.username, t1.enabled, t1.next_CHECK, t1.email\n FROM vuln_job_schedule t1 LEFT JOIN vuln_nessus_settings t2 ON t1.meth_VSET=t2.id WHERE username in ('{$user}') ";
}
// if($viewall == 1) { // list all schedules
// } else { // view only logged in users schedules
// $query .= "where username='******' ";
// }
$query .= $sql_order;
$result = $dbconn->execute($query);
if ($result->EOF) {
echo "<tr><td height='20' class='nobborder' style='text-align:center;'>" . _("No Scheduled Jobs") . "</td></tr>";
}
if (!$result->EOF) {
echo "<tr>";
foreach ($arr as $value) {
echo "<th><a href=\"manage_jobs.php?sortby={$value}&sortdir={$sortdir}\">{$value}</a></th>";
}
echo "<th>" . _("Action") . "</th></tr>";
}
while (!$result->EOF) {
list($profile, $targets, $schedid, $schedname, $schedtype, $sid, $timeout, $user, $schedstatus, $nextscan, $servers) = $result->fields;
$tz = intval($tz);
$nextscan = gmdate("Y-m-d H:i:s", Util::get_utc_unixtime($dbconn, $nextscan) + 3600 * $tz);
preg_match("/\\d+\\-\\d+\\-\\d+\\s(\\d+:\\d+:\\d+)/", $nextscan, $found);
$time = $found[1];
switch ($schedtype) {
case "N":
$stt = _("Once (Now)");
break;
case "O":
$stt = _("Once");
break;
case "D":
$stt = _("Daily");
break;
case "W":
$stt = _("Weekly");
break;
case "M":
$stt = _("Monthly");
break;
case "Q":
$stt = _("Quarterly");
break;
case "H":
$stt = _("On Hold");
break;
case "NW":
$stt = _("N<sup>th</sup> weekday of the month");
break;
default:
$stt = " ";
break;
}
switch ($schedstatus) {
case "1":
$itext = _("Disable Scheduled Job");
$isrc = "images/stop2.png";
$ilink = "manage_jobs.php?disp=setstatus&schedid={$schedid}&enabled=0";
break;
default:
$itext = _("Enable Scheduled Job");
$isrc = "images/play.png";
$ilink = "manage_jobs.php?disp=setstatus&schedid={$schedid}&enabled=1";
break;
}
if ($schedstatus) {
$txt_enabled = "<td><a href=\"{$ilink}\"><font color=\"green\">" . _("Enabled") . "</font></a></td>";
} else {
$txt_enabled = "<td><a href=\"{$ilink}\"><font color=\"red\">" . _("Disabled") . "</font></a></td>";
}
if (preg_match('/^\\d+$/', $user)) {
list($entities_all, $num_entities) = Acl::get_entities($dbconn, $user);
$user = $entities_all[$user]['name'];
}
echo <<<EOT
<tr>
EOT;
if ($profile == "") {
$profile = _("Default");
}
echo "<td><a style=\"text-decoration:none;\" href=\"javascript:;\" txt=\"<b>" . _("Owner") . ":</b> {$user}<br><b>" . _("Server") . ":</b> {$servers}<br /><b>" . _("Scheduled Job ID") . ":</b> {$schedid}<br><b>" . _("Profile") . ":</b> {$profile}<br><b>" . _("Targets") . ":</b><br>" . tooltip_hosts($targets, $hosts) . "\" class=\"scriptinfo\">{$schedname}</a></td>";
?>
<td><?php
echo $stt;
?>
</td>
<td><?php
echo $time;
?>
</td>
<td><?php
echo $nextscan;
?>
</td>
<?php
echo <<<EOT
{$txt_enabled}
<td style="padding-top:2px;"><a href="{$ilink}"><img alt="{$itext}" src="{$isrc}" border=0 title="{$itext}"></a>
EOT;
echo "<a href='sched.php?disp=edit_sched&sched_id={$schedid}&hmenu=Vulnerabilities&smenu=Jobs'><img src='images/pencil.png' title='" . gettext("Edit Scheduled") . "'></a> ";
echo "<a href='manage_jobs.php?disp=delete&schedid={$schedid}' onclick='return confirmDelete();'><img src='images/delete.gif' title='" . gettext("Delete Scheduled") . "'></a></td>";
echo <<<EOT
</tr>
EOT;
$result->MoveNext();
}
echo <<<EOT
</table></center>
EOT;
echo "<br>";
if ($_GET['page'] != "") {
$page = $_GET['page'];
} else {
$page = 1;
}
$pagesize = 10;
if ($username == "admin") {
$query = "SELECT count(id) as num FROM vuln_jobs";
} else {
$query = "SELECT count(id) as num FROM vuln_jobs where username='******'";
}
$result = $dbconn->Execute($query);
$jobCount = $result->fields["num"];
$num_pages = ceil($jobCount / $pagesize);
//echo "num_pages:[".$num_pages."]";
//echo "jobCount:[".$jobCount."]";
//echo "page:[".$page."]";
all_jobs(0, 10, "R");
// only running jobs
?>
<br />
<?php
$out = all_jobs(($page - 1) * $pagesize, $pagesize);
?>
<table width="90%" align="center" class="transparent">
<tr><td style="text-align:center;padding-top:5px;" class="nobborder">
<a href="javascript:;" onclick="$('#legend').toggle();$('#message_show').toggle();$('#message_hide').toggle();" colspan="2"><img src="../pixmaps/arrow_green.gif" align="absmiddle" border="0">
<span id="message_show"><?php
echo _("Show legend");
?>
</span>
<span id="message_hide" style="display:none"><?php
echo _("Hide legend");
?>
</span>
</a>
</td>
<td class="nobborder" valign="top" style="padding-top:5px;">
<?php
if ($out != 0 && $num_pages != 1) {
if ($page == 1 && $page == $num_pages) {
echo '<center><< ' . _("First") . ' <' . _(" Previous") . ' [' . $page . ' ' . _("of") . ' ' . $num_pages . '] ' . _("Next") . ' > ' . _("Last") . ' >></center>';
} elseif ($page == 1) {
echo '<center><< ' . _("First") . ' < ' . _("Previous") . ' [' . $page . ' ' . _("of") . ' ' . $num_pages . '] <a href="manage_jobs.php?page=' . ($page + 1) . '">' . _("Next") . ' ></a> <a href="manage_jobs.php?page=' . $num_pages . '">' . _("Last") . ' >></a></center>';
} elseif ($page == $num_pages) {
echo '<center><a href="manage_jobs.php?page=1"><< ' . _("First") . '</a> <a href="manage_jobs.php?page=' . ($page - 1) . '">< ' . _("Previous") . '</a> [' . $page . ' ' . _("of") . ' ' . $num_pages . '] ' . _("Next") . '> ' . _("Last") . ' >></center>';
} else {
echo '<center><a href="manage_jobs.php?page=1"><< ' . _("First") . '</a> <a href="manage_jobs.php?page=' . ($page - 1) . '">< ' . _("Previous") . '</a> [' . $page . ' ' . _("of") . ' ' . $num_pages . '] <a href="manage_jobs.php?page=' . ($page + 1) . '">' . _("Next") . ' ></a> <a href="manage_jobs.php?page=' . $num_pages . '">' . _("Last") . ' >></a></center>';
}
//echo "<br>";
}
?>
</td>
</tr>
<tr>
<td width="110" class="nobborder">
<table width="100%" cellpadding="3" cellspacing="3" id="legend" style="display:none;">
<tr>
<th colspan="2" style="padding-right: 3px;">
<div style="float: left; width: 60%; text-align: right;padding-top:3px;"><b><?php
echo _("Legend");
?>
</b></div>
<div style="float: right; width: 18%; padding-top: 2px; padding-bottom: 2px; text-align: right;"><a style="cursor: pointer; text-align: right;" onclick="$('#legend').toggle();$('#message_show').toggle();$('#message_hide').toggle();"><img src="../pixmaps/cross-circle-frame.png" alt="Close" title="Close" align="absmiddle" border="0"></a></div>
</th>
</tr>
<tr>
<td bgcolor="#EFFFF7" style="border:1px solid #999999" width="25%"></td><td class="nobborder" width="75%" style="text-align:left;padding-left:7px;"><?php
echo _("Completed");
?>
</td>
</tr>
<tr>
<td bgcolor="#EFE1E0" style="border:1px solid #999999" width="25%"></td><td class="nobborder" width="75%" style="text-align:left;padding-left:7px;"><?php
echo _("Failed");
?>
</td>
</tr>
<tr>
<td bgcolor="#D1E7EF" style="border:1px solid #999999" width="25%"></td><td class="nobborder" width="75%" style="text-align:left;padding-left:7px;"><?php
echo _("Running");
?>
</td>
</tr>
<tr>
<td bgcolor="#DFF7FF" style="border:1px solid #999999" width="25%"></td><td class="nobborder" width="75%" style="text-align:left;padding-left:7px;"><?php
echo _("Scheduled");
?>
</td>
</tr>
<tr>
<td bgcolor="#FFFFDF" style="border:1px solid #999999" width="25%"></td><td class="nobborder" width="75%" style="text-align:left;padding-left:7px;"><?php
echo _("Timeout");
?>
</td>
</tr>
</table>
</td>
<td class="nobborder">
</td>
</tr>
</table>
<?php
}
function main_page($viewall, $sortby, $sortdir)
{
global $uroles, $username, $dbconn, $hosts;
global $arruser, $user;
$dbconn->SetFetchMode(ADODB_FETCH_BOTH);
$tz = Util::get_timezone();
if ($sortby == "") {
$sortby = "id";
}
if ($sortdir == "") {
$sortdir = "DESC";
}
$sql_order = "order by {$sortby} {$sortdir}";
if (Session::menu_perms("environment-menu", "EventsVulnerabilitiesScan")) {
?>
<div style="width:50%; position: relative; height: 5px; float:left">
<div style="width:100%; position: absolute; top: -41px;left:0px;">
<div style="float:left; height:28px; margin:5px 5px 0px 0px;">
<a class="button" href="<?php
echo Menu::get_menu_url(AV_MAIN_PATH . '/vulnmeter/sched.php?smethod=schedule&hosts_alive=1&scan_locally=1', 'environment', 'vulnerabilities', 'scan_jobs');
?>
">
<?php
echo _("New Scan Job");
?>
</a>
</div>
<div style="float:left;height:28px;margin:5px 5px 0px -2px;">
<a class="greybox button av_b_secondary" href="import_nbe.php" title="<?php
echo _("Import nbe file");
?>
">
<?php
echo _("Import nbe file");
?>
</a>
</div>
</div>
</div>
<?php
}
if (intval($_GET['page']) != 0) {
$page = intval($_GET['page']);
} else {
$page = 1;
}
$pagesize = 10;
if ($username == "admin") {
$query = "SELECT count(id) as num FROM vuln_jobs";
} else {
$query = "SELECT count(id) as num FROM vuln_jobs where username='******'";
}
$result = $dbconn->Execute($query);
$jobCount = $result->fields["num"];
$num_pages = ceil($jobCount / $pagesize);
//echo "num_pages:[".$num_pages."]";
//echo "jobCount:[".$jobCount."]";
//echo "page:[".$page."]";
if (Vulnerabilities::scanner_type() == "omp") {
// We can display scan status with OMP protocol
echo Vulnerabilities::get_omp_running_scans($dbconn);
} else {
// Nessus
all_jobs(0, 10, "R");
}
?>
<?php
$schedulejobs = _("Scheduled Jobs");
echo <<<EOT
<table style='margin-top:20px;' class='w100 transparent'><tr><td class='sec_title'>{$schedulejobs}</td></tr></table>
<table summary="Job Schedules" class='w100 table_list'>
EOT;
if ($sortdir == "ASC") {
$sortdir = "DESC";
} else {
$sortdir = "ASC";
}
$arr = array("name" => "Name", "schedule_type" => "Schedule Type", "time" => "Time", "next_CHECK" => "Next Scan", "enabled" => "Status");
// modified by hsh to return all scan schedules
if (empty($arruser)) {
$query = "SELECT t2.name as profile, t1.meth_TARGET, t1.id, t1.name, t1.schedule_type, t1.meth_VSET, t1.meth_TIMEOUT, t1.username, t1.enabled, t1.next_CHECK, t1.email\n FROM vuln_job_schedule t1 LEFT JOIN vuln_nessus_settings t2 ON t1.meth_VSET=t2.id ";
} else {
$query = "SELECT t2.name as profile, t1.meth_TARGET, t1.id, t1.name, t1.schedule_type, t1.meth_VSET, t1.meth_TIMEOUT, t1.username, t1.enabled, t1.next_CHECK, t1.email\n FROM vuln_job_schedule t1 LEFT JOIN vuln_nessus_settings t2 ON t1.meth_VSET=t2.id WHERE username in ({$user}) ";
}
$query .= $sql_order;
$result = $dbconn->execute($query);
if ($result->EOF) {
echo "<tr><td class='empty_results' height='20' style='text-align:center;'>" . _("No Scheduled Jobs") . "</td></tr>";
}
if (!$result->EOF) {
echo "<tr>";
foreach ($arr as $order_by => $value) {
echo "<th><a href=\"manage_jobs.php?sortby={$order_by}&sortdir={$sortdir}\">" . _($value) . "</a></th>";
}
if (Session::menu_perms("environment-menu", "EventsVulnerabilitiesScan")) {
echo "<th>" . _("Action") . "</th></tr>";
}
}
$colors = array("#FFFFFF", "#EEEEEE");
$color = 0;
while (!$result->EOF) {
list($profile, $targets, $schedid, $schedname, $schedtype, $sid, $timeout, $user, $schedstatus, $nextscan, $servers) = $result->fields;
$name = Av_sensor::get_name_by_id($dbconn, $servers);
$servers = $name != '' ? $name : "unknown";
$targets_to_resolve = explode("\n", $targets);
$ttargets = array();
foreach ($targets_to_resolve as $id_ip) {
if (preg_match("/^([a-f\\d]{32})#\\d+\\.\\d+\\.\\d+\\.\\d+\\/\\d{1,2}/i", $id_ip, $found) && Asset_net::is_in_db($dbconn, $found[1])) {
$ttargets[] = preg_replace("/^([a-f\\d]{32})#/i", "", $id_ip) . " (" . Asset_net::get_name_by_id($dbconn, $found[1]) . ")";
} else {
if (preg_match("/^([a-f\\d]{32})#\\d+\\.\\d+\\.\\d+\\.\\d+/i", $id_ip, $found) && Asset_host::is_in_db($dbconn, $found[1])) {
$ttargets[] = preg_replace("/^([a-f\\d]{32})#/i", "", $id_ip) . " (" . Asset_host::get_name_by_id($dbconn, $found[1]) . ")";
} else {
$ttargets[] = preg_replace("/[a-f\\d]{32}/i", "", $id_ip);
}
}
}
$targets = implode("<BR/>", $ttargets);
$tz = intval($tz);
$nextscan = gmdate("Y-m-d H:i:s", Util::get_utc_unixtime($nextscan) + 3600 * $tz);
preg_match("/\\d+\\-\\d+\\-\\d+\\s(\\d+:\\d+:\\d+)/", $nextscan, $found);
$time = $found[1];
switch ($schedtype) {
case "N":
$stt = _("Once (Now)");
break;
case "O":
$stt = _("Once");
break;
case "D":
$stt = _("Daily");
break;
case "W":
$stt = _("Weekly");
break;
case "M":
$stt = _("Monthly");
break;
case "Q":
$stt = _("Quarterly");
break;
case "H":
$stt = _("On Hold");
break;
case "NW":
$stt = _("N<sup>th</sup> weekday of the month");
break;
default:
$stt = " ";
break;
}
switch ($schedstatus) {
case "1":
$itext = _("Disable Scheduled Job");
$isrc = "images/stop_task.png";
$ilink = "manage_jobs.php?disp=setstatus&schedid={$schedid}&enabled=0";
break;
default:
$itext = _("Enable Scheduled Job");
$isrc = "images/play_task.png";
$ilink = "manage_jobs.php?disp=setstatus&schedid={$schedid}&enabled=1";
break;
}
if (!Session::menu_perms("environment-menu", "EventsVulnerabilitiesScan")) {
$ilink = "javascript:return false;";
}
if ($schedstatus) {
$txt_enabled = "<td><a href=\"{$ilink}\"><font color=\"green\">" . _("Enabled") . "</font></a></td>";
} else {
$txt_enabled = "<td><a href=\"{$ilink}\"><font color=\"red\">" . _("Disabled") . "</font></a></td>";
}
require_once 'classes/Security.inc';
if (valid_hex32($user)) {
$user = Session::get_entity_name($dbconn, $user);
}
echo "<tr bgcolor=\"" . $colors[$color % 2] . "\">";
if ($profile == "") {
$profile = _("Default");
}
echo "<td><span class=\"tip\" title=\"<b>" . _("Owner") . ":</b> {$user}<br><b>" . _("Server") . ":</b> {$servers}<br /><b>" . _("Scheduled Job ID") . ":</b> {$schedid}<br><b>" . _("Profile") . ":</b> {$profile}<br><b>" . _("Targets") . ":</b><br>" . $targets . "\">{$schedname}</span></td>";
?>
<td><?php
echo $stt;
?>
</td>
<td><?php
echo $time;
?>
</td>
<td><?php
echo $nextscan;
?>
</td>
<?php
echo <<<EOT
{$txt_enabled}
<td style="padding-top:2px;"><a href="{$ilink}"><img alt="{$itext}" src="{$isrc}" border=0 title="{$itext}"></a>
EOT;
if (Session::menu_perms("environment-menu", "EventsVulnerabilitiesScan")) {
echo "<a href='" . Menu::get_menu_url(AV_MAIN_PATH . '/vulnmeter/sched.php?disp=edit_sched&sched_id=' . $schedid, 'environment', 'vulnerabilities', 'scan_jobs') . "'><img src='images/pencil.png' title='" . _("Edit Scheduled") . "'></a> ";
echo "<a href='manage_jobs.php?disp=delete&schedid={$schedid}' onclick='return confirmDelete();'><img src='images/delete.gif' title='" . gettext("Delete Scheduled") . "'></a>";
}
echo "</td>";
echo <<<EOT
</tr>
EOT;
$result->MoveNext();
$color++;
}
echo <<<EOT
</table>
EOT;
?>
<br />
<?php
$out = all_jobs(($page - 1) * $pagesize, $pagesize);
?>
<table width="100%" align="center" class="transparent" cellspacing="0" cellpadding="0">
<tr>
<td class="nobborder" valign="top" style="padding-top:5px;">
<div class="fright">
<?php
if ($out != 0 && $num_pages != 1) {
$page_url = "manage_jobs.php";
if ($page == 1 && $page == $num_pages) {
echo '<a href="" class="link_paginate_disabled" onclick="return false">< ' . _("PREVIOUS") . '</a>';
echo '<a class="lmargin link_paginate_disabled" href="" onclick="return false">' . _("NEXT") . ' ></a>';
} elseif ($page == 1) {
echo '<a href="" class="link_paginate_disabled" onclick="return false">< ' . _("PREVIOUS") . '</a>';
echo '<a class="lmargin" href="' . $page_url . '?page=' . ($page + 1) . '">' . _("NEXT") . ' ></a> ';
} elseif ($page == $num_pages) {
echo '<a href="' . $page_url . '?page=' . ($page - 1) . '">< ' . _("PREVIOUS") . '</a>';
echo '<a class="lmargin link_paginate_disabled" href="" onclick="return false">' . _("NEXT") . ' ></a>';
} else {
echo '<a href="' . $page_url . '?page=' . ($page - 1) . '">< ' . _("PREVIOUS") . '</a><a class="lmargin" href="' . $page_url . '?page=' . ($page + 1) . '">' . _("NEXT") . ' ></a>';
}
}
?>
</div>
</td>
</tr>
</table>
<?php
}
function SIEM_trends_hids($agent_ip)
{
include_once '../panel/sensor_filter.php';
require_once 'classes/Plugin.inc';
require_once 'classes/Util.inc';
require_once 'ossim_db.inc';
$tz = Util::get_timezone();
$tzc = Util::get_tzc($tz);
$data = array();
$plugins = $plugins_sql = "";
$db = new ossim_db();
$dbconn = $db->connect();
$sensor_where = make_sensor_filter($dbconn);
// Ossec filter
$oss_p_id_name = Plugin::get_id_and_name($dbconn, "WHERE name LIKE 'ossec%'");
$plugins = implode(",", array_flip($oss_p_id_name));
$plugins_sql = "AND acid_event.plugin_id in ({$plugins})";
// Agent ip filter
$agent_where = make_sid_filter($dbconn, $agent_ip);
if ($agent_where == "") {
$agent_where = "0";
}
$sqlgraph = "SELECT COUNT(acid_event.sid) as num_events, day(convert_tz(timestamp,'+00:00','{$tzc}')) as intervalo, monthname(convert_tz(timestamp,'+00:00','{$tzc}')) as suf FROM snort.acid_event LEFT JOIN ossim.plugin ON acid_event.plugin_id=plugin.id WHERE sid in ({$agent_where}) AND timestamp BETWEEN '" . gmdate("Y-m-d 00:00:00", gmdate("U") - 604800) . "' AND '" . gmdate("Y-m-d 23:59:59") . "' {$plugins_sql} {$sensor_where} GROUP BY suf,intervalo ORDER BY suf,intervalo";
//print $sqlgraph;
if (!($rg =& $dbconn->Execute($sqlgraph))) {
return false;
} else {
while (!$rg->EOF) {
$hours = $rg->fields["intervalo"] . " " . substr($rg->fields["suf"], 0, 3);
$data[$hours] = $rg->fields["num_events"];
$rg->MoveNext();
}
}
$db->close($dbconn);
return $data;
}
function GetTimeProfile2($start_date, $end_date, $time_sep, $join, $where)
{
global $db, $cnt, $label_lst, $value_lst, $value_POST_lst, $debug_mode;
// Timezone
$tz = Util::get_timezone();
$tzc = Util::get_tzc($tz);
$precision = $time_sep[0];
// group by date_format(timestamp, "%Y%m%d %H")
switch ($precision) {
case "hour":
$format = "%Y%m%d %H";
break;
case "day":
$format = "%Y%m%d";
break;
case "month":
default:
$format = "%Y%m";
break;
}
if ($where != "") {
$sql = "select date_format(convert_tz(timestamp,'+00:00','{$tzc}'), \"{$format}\") as date, count(convert_tz(timestamp,'+00:00','{$tzc}')) as count from acid_event {$join} {$where} group by date";
} else {
$sql = "select date_format(convert_tz(timestamp,'+00:00','{$tzc}'), \"{$format}\") as date, count(convert_tz(timestamp,'+00:00','{$tzc}')) as count from acid_event where timestamp between \"{$start_date}\" and \"{$end_date}\" + interval 1 day group by date";
}
if ($debug_mode > 0) {
echo $sql;
}
$result = $db->baseExecute($sql);
while ($myrow = $result->baseFetchRow()) {
$date_str = $myrow["date"];
$count = $myrow["count"];
$i_year = substr($date_str, 0, 4);
$i_month = "";
$i_day = "";
$i_hour = "";
switch ($precision) {
case "hour":
$i_month = substr($date_str, 4, 2);
$i_day = substr($date_str, 6, 2);
$i_hour = substr($date_str, 9, 2);
StoreAlertNum2($count, $i_month . "/" . $i_day . "/" . $i_year . " " . $i_hour . ":00:00 - " . $i_hour . ":59:59", $time_sep, $i_year, $i_month, $i_day, $i_hour);
break;
case "day":
$i_month = substr($date_str, 4, 2);
$i_day = substr($date_str, 6, 2);
StoreAlertNum2($count, $i_month . "/" . $i_day . "/" . $i_year, $time_sep, $i_year, $i_month, $i_day, $i_hour);
break;
case "month":
default:
$i_month = substr($date_str, 4, 2);
StoreAlertNum2($count, $i_month . "/" . $i_year, $time_sep, $i_year, $i_month, $i_day, $i_hour);
$format = "%Y%m";
break;
}
}
$result->baseFreeRows();
}
<td class="ne"><?php
echo _("Number of IPs in the database");
?>
</td>
<td class="grb"> <?php
echo Util::number_format_locale($total, 0);
?>
</td>
</tr>
<tr>
<td class="ne"><?php
echo _("Latest update");
?>
</td>
<td class="grb"> <?php
echo gmdate("Y-m-d H:i:s", filemtime($reputation->rep_file) + 3600 * Util::get_timezone());
?>
</td>
</tr>
</table>
</div>
<div class='otx_p_middle'>
<div class='otx_p_title'><?php
echo _("Malicious IPs by Activity");
?>
</div>
<div id="chart" style="width:400px; height:220px"></div>
</div>
<div class='otx_p_right'>
//
}
arsort($countries);
// Not found
if (count($countries) == 0)
{
echo "<tr><td><table class='transparent' style='width:100%'><tr><td colspan='5' style='padding:6px'><b>"._("No external IP addresses were found in the SIEM events")."</b></td></tr></table></td></tr>\n";
}
// Results
else
{
echo '<br/><TABLE class="table_list">';
echo '<tr><th style="text-align:left" width="25%">Country</th>
<th width="15%">' . gettext("Events") . " # <span class='idminfo' txt='".Util::timezone(Util::get_timezone())."'>(*)</span>". '</th>
<th width="10%">' . gettext("Unique Src. #") . '</th>
<th width="10%">' . gettext("Unique Dst. #") . '</th>
<th></th></TR>';
$max_cnt = 1;
$i = 0;
foreach ($countries as $country=>$num) {
if ($max_cnt == 1 && $num > 0) $max_cnt = $num;
$data = $country_acc[$country];
if ($data['srcnum']+$data['dstnum'] == 0) $entry_width = 0;
else $entry_width = round($data['events'] / $max_cnt * 100);
if ($data['code']=="") $data['code']="unknown";
?>
<tr>
<td style="padding:7px;text-align:left"><?=$data['flag']." ".$country?></td>
function submit_scan($op, $sched_id, $sname, $notify_email, $schedule_type, $ROYEAR, $ROMONTH, $ROday, $time_hour, $time_min, $dayofweek, $dayofmonth, $timeout, $SVRid, $sid, $tarSel, $ip_list, $ip_exceptions_list, $ip_start, $ip_end, $named_list, $cidr, $subnet, $system, $cred_type, $credid, $acc, $domain, $accpass, $acctype, $passtype, $passstore, $wpolicies, $wfpolicies, $upolicies, $custadd_type, $cust_plugins, $is_enabled, $hosts_alive, $scan_locally, $nthweekday, $semail, $not_resolve)
{
global $wdaysMap, $daysMap, $allowscan, $uroles, $username, $schedOptions, $adminmail, $mailfrom, $dbk, $dbconn;
require_once "classes/Util.inc";
$tz = Util::get_timezone();
if (empty($ROYEAR)) {
$ROYEAR = gmdate("Y");
}
if (empty($ROMONTH)) {
$ROMONTH = gmdate("m");
}
if (empty($ROday)) {
$ROday = gmdate("d");
}
list($_y, $_m, $_d, $_h, $_u, $_s, $_time) = Util::get_utc_from_date($dbconn, "{$ROYEAR}-{$ROMONTH}-{$ROday} {$time_hour}:{$time_min}:00", $tz);
$ROYEAR = $_y;
$ROMONTH = $_m;
$ROday = $_d;
$time_hour = $_h;
$time_min = $_u;
if ($not_resolve == "1") {
$resolve_names = 0;
} else {
$resolve_names = 1;
}
$notify_email = str_replace(";", ",", $notify_email);
$requested_run = "";
$jobType = "M";
$recurring = False;
$targets = array();
$time_value = "";
$profile_desc = getProfileName($sid);
$target_list = "";
$need_authorized = "";
$request = "";
$plugs_list = "NULL";
$fk_name = "NULL";
$target_list = "NULL";
$tmp_target_list = "";
$jobs_names = array();
$sjobs_names = array();
//$I3crID = getCredentialId ( $cred_type, $passstore, $credid, $acc, $domain, $accpass, $acctype, $passtype );
$I3crID = "";
if ($hosts_alive == "1") {
// option: Only scan hosts that are alive
$I3crID = "1";
} else {
$I3crID = "0";
}
if ($custadd_type == "") {
$custadd_type = "N";
}
if ($custadd_type != "N" && $cust_plugins != "") {
$plugs_list = "";
$vals = preg_split("/\\s+|\r\n|,|;/", $cust_plugins);
foreach ($vals as $v) {
$v = trim($v);
if (strlen($v) > 0) {
$plugs_list .= $v . "\n";
}
}
$plugs_list = "'" . $plugs_list . "'";
}
/* echo <<<EOT
<h3>Job Details:</h3>
<center>
<table>
<tr><th align="right">Job Name</th><td>$sname</td></tr>
<tr><th align="right">Notify</th><td>$notify_email</td></tr>
<tr><th align="right">Timeout</th><td>$timeout</td></tr>
<tr><th align="right">Profile</th><td>$profile_desc</td></tr>
<tr><th></th><td> </td></tr>
<tr><th align="right">Schedule Info</th><td> </td></tr>
EOT;*/
//$arrTime = localtime((int)gmdate('U'), true);
$arrTime = explode(":", gmdate('Y:m:d:w:H:i:s'));
$year = $arrTime[0];
$mon = $arrTime[1];
$mday = $arrTime[2];
$wday = $arrTime[3];
$hour = $arrTime[4];
$min = $arrTime[5];
$sec = $arrTime[6];
$timenow = $hour . $min . $sec;
if ($time_hour) {
$hour = $time_hour;
}
if ($time_min) {
$min = $time_min;
}
#echo "hour=$hour<br>";
#$hour = $hour - $tz_offset;
#echo "offset=$tz_offset<br>hour=$hour<br>";
#if ( $hour < "0" ) { echo "change 1<br>"; $hour = $hour + 24; }
#if ( $hour >= "24" ) { echo "change 2<br>"; $hour = $hour - 24; }
#echo "hour_changed=$hour<br>";
$run_wday = $wdaysMap[$dayofweek];
#echo "run_day=$run_wday<br>dayofweek=$dayofweek<br>";
$run_time = sprintf("%02d%02d%02d", $time_hour, $time_min, "00");
$run_mday = $dayofmonth;
$time_value = "{$time_hour}:{$time_min}:00";
//echo "schedule_type: ".$schedule_type;
//echo "$run_time : $timenow\n"; exit();
$ndays = array("Sunday", "Monday", "Tuesday", "Wednesday", "Thursday", "Friday", "Saturday");
switch ($schedule_type) {
case "N":
$requested_run = gmdate("YmdHis");
$sched_message = "No reccurring Jobs Necessary";
break;
case "O":
$requested_run = sprintf("%04d%02d%02d%06d", $ROYEAR, $ROMONTH, $ROday, $run_time);
$sched_message = "No reccurring Jobs Necessary";
//var_dump($schedule_type);
$recurring = True;
$reccur_type = "Run Once";
break;
case "D":
if ($run_time > $timenow) {
$next_day = $year . $mon . $mday;
} else {
$next_day = gmdate("Ymd", strtotime("+1 day GMT", gmdate("U")));
}
// next day
$requested_run = sprintf("%08d%06d", $next_day, $run_time);
$recurring = True;
$sched_message = "Schedule Reccurring";
$reccur_type = "Daily";
break;
case "W":
if ($run_wday == $wday && $run_time > $timenow) {
$next_day = $year . $mon . $mday;
} else {
$next_day = gmdate("Ymd", strtotime("next " . $ndays[$run_wday] . " GMT", gmdate("U")));
}
// next week
$requested_run = sprintf("%08d%06d", $next_day, $run_time);
$recurring = True;
$sched_message = "Schedule Reccurring";
$reccur_type = "Weekly";
break;
case "M":
if ($run_mday > $mday || $run_mday == $mday && $run_time > $timenow) {
$next_day = $year . $mon . ($run_mday < 10 ? "0" : "") . $run_mday;
// this month
#echo "date selected is in the future<br>";
} else {
$next_day = sprintf("%06d%02d", gmdate("Ym", strtotime("next month GMT", gmdate("U"))), $run_mday);
#$next_day = gmdate("Ymd", mktime(0, 0, 0, date("m")+1, $run_mday, date("y"))); // next month
#echo "date selected is in the past<br>";
}
#echo "run_mday=$run_mday mday=$mday rtime=$run_time now=$timenow next_day=$next_day<br>";
$requested_run = sprintf("%08d%06d", $next_day, $run_time);
$recurring = True;
$sched_message = "Schedule Reccurring";
$reccur_type = "Montly";
break;
case "NW":
$dayweektonum = array("Mo" => 1, "Tu" => 2, "We" => 3, "Th" => 4, "Fr" => 5, "Sa" => 6, "Su" => 7);
$next_day = nthweekdaymonth($year, gmdate("n"), 1, $dayweektonum[$dayofweek], $nthweekday);
$requested_run = sprintf("%08d%06d", $next_day, $run_time);
$dayofmonth = $nthweekday;
$recurring = True;
$sched_message = "Schedule Reccurring";
$reccur_type = "Nth weekday of the month";
break;
default:
break;
}
//if ( $schedule_type != "N" ){
//$requested_run = switchTime_TimeZone( $requested_run, "server" );
//}
/* echo <<<EOT
<tr><th align="right">Type</th><td>$schedOptions[$schedule_type]</td></tr>
<tr><th align="right">First Occurrence</th><td>$requested_run</td></tr>
<tr><th align="right">Recurring</th><td>$sched_message</td></tr>
<tr><th align="right"> </th><td></td></tr>
<tr><th colspan="2">Target Selection</th></tr>
EOT;*/
switch ($tarSel) {
case "1":
#SINGLE
$vals = preg_split("/\\s+|\r\n|;/", $ip_list);
foreach ($vals as $v) {
$v = trim($v);
if (strlen($v) > 0) {
array_push($targets, $v);
}
}
break;
case "2":
#IP RANGE
if ($ip_start || $ip_end) {
if ($ip_start && $ip_end) {
$targets = range2List($ip_start, $ip_end);
} else {
// echo "<tr><td colspan=2>incomplete target list</td></tr>";
}
}
break;
case "3":
#NAMED TARGET
$vals = preg_split("/\\s+|\n|,|;/", $named_list);
foreach ($vals as $v) {
$v = trim($v);
if (strlen($v) > 0) {
$ip = gethostbyname($v);
if (strlen($ip) > 0) {
array_push($targets, $ip);
} else {
// echo "<tr><td colspan=2>$v Name could not be resolved</td></tr>";
}
}
}
break;
case "4":
#SUBNET
array_push($targets, $cidr);
break;
case "5":
if ($uroles['auditAll'] && $subnet == "ALL") {
array_push($targets, "all_live_subnets");
} else {
array_push($targets, $subnet);
}
$fk_name = "'" . $subnet . "'";
break;
case "6":
#$query = "SELECT isso_email, admin_sys, admin_dba, admin_network from vuln_systems WHERE acronym='$system'";
#$result = $dbconn->Execute($query);
#list( $isso_poc, $poc_sa, $poc_dba, $poc_network ) = $result->fields;
$all_pocs = $isso_poc;
if ($all_pocs != "" && $poc_sa != "") {
$all_pocs .= ", {$poc_sa}";
}
if ($all_pocs != "" && $poc_dba != "") {
$all_pocs .= ", {$poc_dba}";
}
if ($all_pocs != "" && $poc_network != "") {
$all_pocs .= ", {$poc_network}";
}
$notify_email = $all_pocs;
$fk_name = "'" . $system . "'";
break;
default:
#INPUT FILE
break;
}
if ($tarSel < "4") {
foreach ($targets as $hostip) {
if (!$allowscan && !inrange($hostip, $dbconn)) {
$need_authorized .= $hostip . "\n";
}
$tmp_target_list .= $hostip . "\n";
//echo "<tr><td colspan=2>$hostip</td></tr>";
}
if ($need_authorized != "") {
//echo "<tr><th colspan=2><font color=red>NOT IN APPROVED ZONE</font></th></tr>";
$html_needs_auth = str_replace("\n", "<br>", $need_authorized);
//echo "<tr><td colspan=2>$html_needs_auth</td></tr>";
}
} elseif ($tarSel == "4") {
$tmp_target_list = $cidr;
//echo "<tr><td colspan=2>$cidr</td></tr>";
} elseif ($tarSel == "6") {
$jobType = "S";
if ($recurring == True) {
#$tmp_target_list="";
#DO NOT PUT THE LIST OF IP'S IN UNTIL THE JOB STARTS FOR REOCCURING ( LIST MAY BE FREQUENT TO CHANGE )
} else {
/*$query = "SELECT hostip from vuln_systems t1
LEFT JOIN vuln_system_hosts t2 on t2.sysID = t1.id
WHERE t1.acronym='$system'";
$result = $dbconn->Execute($query);
while ( !$result->EOF ) {
list($hostip) = $result->fields;
if ( strlen($hostip)>0) {
$tmp_target_list .= "$hostip\n";
array_push($targets, $hostip );
}
$result->MoveNext();
}*/
}
// echo "<tr><td colspan=2>$system</td></tr>";
} else {
$jobType = "C";
$tmp_target_list = $subnet;
// echo "<tr><td colspan=2>$subnet</td></tr>";
}
if (!($tarSel == "6" && $recurring == True) && count($targets) == 0) {
// echo "<p><center><font color=red>Missing Host Selection or BAD LIST:$targets[0]<br><br></font>"
// ."[ <a href=\"javascript:history.go(-1)\">Go Back</a> ]</center></p>";
//logAccess( "USER $username Fubared: Missing Host Selection or BAD LIST:$targets[0]" );
require_once "footer.php";
exit;
} elseif (!$sname) {
// echo "<p><center><font color=red>Missing or BAD SNAME:[$sname]<br><br></font>"
// ."[ <a href=\"javascript:history.go(-1)\">Go Back</a> ]</center></p>";
//logAccess( "USER $username Fubared something on job name [$sname]" );
require_once "footer.php";
exit;
}
if ($subnet == "" or $subnet == "0") {
$subnet = "Null";
} else {
$subnet = "'{$subnet}'";
}
if ($SVRid == "" or $SVRid == "Null") {
$SVRid = "Null";
} else {
$SVRid = "'{$SVRid}'";
}
if ($tmp_target_list != "") {
$target_list = "'" . $tmp_target_list . "'";
}
$arrChecks = array("w" => $wpolicies, "f" => $wfpolicies, "u" => $upolicies);
$arrAudits = array('w', 'f', 'u');
foreach ($arrChecks as $check => $policydata) {
$i = 1;
$audit_data = "";
if ($policydata) {
if ($i <= 5) {
foreach ($policydata as $policy) {
$audit_data .= "{$policy}\n";
$i++;
}
}
}
if ($audit_data != "") {
$arrAudits[$check] = "'{$audit_data}'";
} else {
$arrAudits[$check] = "NULL";
}
}
$insert_time = gmdate("YmdHis");
// if ( $need_authorized != "" || !($uroles['nessus']) ) {
// $jobType="R"; #REQUEST JOB
// #DO not wrap $subnet / $SVRid with ticks '' as 'Null' is not Null
// $query = "INSERT INTO vuln_jobs ( name, fk_name, username, job_TYPE, meth_SCHED, meth_TARGET, meth_CRED,
// meth_VSET, meth_CUSTOM, meth_CPLUGINS, meth_Wcheck, meth_Wfile, meth_Ucheck, meth_TIMEOUT, scan_ASSIGNED, scan_SUBMIT,
// scan_next, scan_PRIORITY, status, notify ) VALUES ( '$sname', $fk_name, '$username', '$jobType', '$schedule_type', $target_list, $I3crID,
// '$sid', '$custadd_type', $plugs_list, $arrAudits[w], $arrAudits[f], $arrAudits[u], '$timeout', $SVRid, '$insert_time',
// '$requested_run', '3' , 'H', '$notify_email' )";
// $request = "for Approval";
// $subject = "Scan request [$sname]";
// $message = "HELLO SOC TEAM, \tThe following User [ $username ] has requested a scan against:\n"
// ." $target_list\n\nPlease Promptly Accept/Reject the request!"
// ."Thank You\n\nThe SOC TEAM!\n";
// mail($adminmail, $subject, $message, "From: $mailfrom\nX-Mailer: PHP/" . phpversion());
// echo "needs authorization<br>";
//logAccess( "USER $username Submitted Scan Request [$sname]" );
// } else {
require_once "classes/Host_sensor_reference.inc";
require_once "classes/Net_sensor_reference.inc";
require_once "classes/Net.inc";
require_once "classes/Scan.inc";
require_once "classes/Sensor.inc";
//Check Permissions
$allowed = array();
$notallowed = array();
$ftargets = explode("\\r\\n", $target_list);
foreach ($ftargets as $ftarget) {
$ftarget = preg_replace("/\r|\n|\t|\\s|\\'/", "", $ftarget);
$unresolved = !preg_match("/\\d+\\.\\d+\\.\\d+\\.\\d+/", $ftarget) && $not_resolve ? true : false;
if (preg_match("/\\//", $ftarget) && Session::netAllowed($dbconn, Net::get_name_by_ip($dbconn, $ftarget))) {
//, $username
$allowed[] = $ftarget;
} else {
if (Session::hostAllowed($dbconn, $ftarget) || $unresolved) {
// , $username
$allowed[] = $ftarget;
} else {
$notallowed[] = $ftarget;
}
}
}
if (count($allowed) > 0) {
$forced_server = "";
$all_sensors = array();
$sensor_list = Sensor::get_all($dbconn, "", false);
foreach ($sensor_list as $s) {
$all_sensors[$s->get_ip()] = $s->get_name();
}
// force scanner
if ($SVRid != "Null") {
$query = "SELECT hostname FROM vuln_nessus_servers WHERE id={$SVRid}";
$result = $dbconn->execute($query);
list($forced_server) = $result->fields;
} elseif ($not_resolve) {
$result = $dbconn->Execute("SELECT name,hostname FROM vuln_nessus_servers WHERE enabled=1");
while (!$result->EOF) {
list($name, $hostname) = $result->fields;
if (Session::sensorAllowed($hostname)) {
$all_sensors[$hostname] = $name;
}
$result->MoveNext();
}
}
// remote nmap
$rscan = new RemoteScan("", "");
if ($rscan->available_scan()) {
$reports = $rscan->get_scans();
$ids = is_array($reports) ? array_keys($reports) : array();
} else {
$ids = array();
}
//if ($forced_server!="") $ids = array_merge(array($forced_server),$ids);
//$tsjobs = explode("\\r\\n", $target_list);
$sgr = array();
$unables = array();
$tsjobs = $allowed;
foreach ($tsjobs as $tjobs) {
$tjobs = preg_replace("/\r|\n|\t|\\s|\\'/", "", $tjobs);
$unresolved = !preg_match("/\\d+\\.\\d+\\.\\d+\\.\\d+/", $tjobs) && $not_resolve ? true : false;
if (preg_match("/\\//", $tjobs)) {
$sensor = Net_sensor_reference::get_list_array($dbconn, $tjobs);
} else {
$sensor = Host_sensor_reference::get_list_array($dbconn, $tjobs);
}
if ($forced_server != "") {
$sensor = array_merge(array($forced_server), $sensor);
}
if ($unresolved || Session::am_i_admin() && count($sensor) == 0 && $forced_server == "") {
if ($unresolved) {
foreach ($all_sensors as $sip => $unused) {
$sensor[] = $sip;
}
} else {
$local_ip = `grep framework_ip /etc/ossim/ossim_setup.conf | cut -f 2 -d "="`;
$local_ip = trim($local_ip);
$results = $dbconn->Execute("SELECT name FROM vuln_nessus_servers WHERE hostname like '{$local_ip}'");
if ($results->fields["name"] != "") {
$sensor[] = $local_ip;
}
}
}
// reorder sensors with load
if ($forced_server != "") {
$sensor = Sensor::reorder_sensors($dbconn, $sensor);
}
// select best sensor with available nmap and vulnmeter
$selected = array();
foreach ($sensor as $sen) {
$properties = Sensor::get_properties($dbconn, $sen);
$withnmap = in_array($all_sensors[$sen], $ids) || !$hosts_alive || $unresolved;
//echo "$sen:".$all_sensors[$sen].":$withnmap || $scan_locally:".$properties["has_vuln_scanner"]." || $SVRid:$forced_server<br>\n";
if ((Session::sensorAllowed($sen) || $forced_server != "") && ($withnmap || $scan_locally) && ($properties["has_vuln_scanner"] || $forced_server != "")) {
//$selected = ($SVRid!="Null" && $all_sensors[$sen]!="") ? $all_sensors[$sen] : $sen;
//echo "sel:$selected<br>\n";
//break;
$selected[] = $forced_server != "" ? $forced_server : $sen;
}
}
if (count($selected) > 0) {
$sgr[implode(",", array_unique($selected))][] = $tjobs;
} else {
$unables[] = $tjobs;
}
}
$query = array();
/* if($tz!=0) {
list ($y,$m,$d,$h,$u,$s,$time) = Util::get_utc_from_date($dbconn, $requested_run, $tz);
$requested_run = $y.$m.$d.$h.$u.$s;
}*/
if ($op == "editrecurring" && $sched_id > 0) {
$query[] = "DELETE FROM vuln_job_schedule WHERE id='{$sched_id}'";
$i = 1;
foreach ($sgr as $notify_sensor => $targets) {
$target_list = implode("\n", $targets);
$target_list .= "\n" . implode("\n", $ip_exceptions_list);
$query[] = "INSERT INTO vuln_job_schedule ( name, username, fk_name, job_TYPE, schedule_type, day_of_week, day_of_month, \n time, email, meth_TARGET, meth_CRED, meth_VSET, meth_CUSTOM, meth_CPLUGINS, meth_Wcheck, meth_Wfile, \n meth_Ucheck, meth_TIMEOUT, scan_ASSIGNED, next_CHECK, createdate, enabled, resolve_names ) VALUES ( '{$sname}', '{$username}', '" . Session::get_session_user() . "', '{$jobType}',\n '{$schedule_type}', '{$dayofweek}', '{$dayofmonth}', '{$time_value}', '{$notify_sensor}', '{$target_list}',\n {$I3crID}, '{$sid}', '{$custadd_type}', {$plugs_list}, {$arrAudits['w']}, {$semail}, '{$scan_locally}',\n '{$timeout}', {$SVRid}, '{$requested_run}', '{$insert_time}', '1', '{$resolve_names}' ) ";
$sjobs_names[] = $sname . $i;
$i++;
}
} elseif ($recurring) {
$i = 1;
foreach ($sgr as $notify_sensor => $targets) {
$target_list = implode("\n", $targets);
$target_list .= "\n" . implode("\n", $ip_exceptions_list);
$query[] = "INSERT INTO vuln_job_schedule ( name, username, fk_name, job_TYPE, schedule_type, day_of_week, day_of_month, \n time, email, meth_TARGET, meth_CRED, meth_VSET, meth_CUSTOM, meth_CPLUGINS, meth_Wcheck, meth_Wfile, \n meth_Ucheck, meth_TIMEOUT, scan_ASSIGNED, next_CHECK, createdate, enabled, resolve_names ) VALUES ( '{$sname}', '{$username}', '" . Session::get_session_user() . "', '{$jobType}',\n '{$schedule_type}', '{$dayofweek}', '{$dayofmonth}', '{$time_value}', '{$notify_sensor}', '{$target_list}',\n {$I3crID}, '{$sid}', '{$custadd_type}', {$plugs_list}, {$arrAudits['w']}, {$semail}, '{$scan_locally}',\n '{$timeout}', {$SVRid}, '{$requested_run}', '{$insert_time}', '1', '{$resolve_names}' ) ";
$sjobs_names[] = $sname . $i;
$i++;
}
} else {
$i = 1;
foreach ($sgr as $notify_sensor => $targets) {
$target_list = implode("\n", $targets);
$target_list .= "\n" . implode("\n", $ip_exceptions_list);
$query[] = "INSERT INTO vuln_jobs ( name, username, fk_name, job_TYPE, meth_SCHED, meth_TARGET, meth_CRED,\n meth_VSET, meth_CUSTOM, meth_CPLUGINS, meth_Wcheck, meth_Wfile, meth_Ucheck, meth_TIMEOUT, scan_ASSIGNED,\n scan_SUBMIT, scan_next, scan_PRIORITY, status, notify, authorized, author_uname, resolve_names ) VALUES ( '{$sname}',\n '{$username}', '" . Session::get_session_user() . "', '{$jobType}', '{$schedule_type}', '{$target_list}', {$I3crID}, '{$sid}', '{$custadd_type}', {$plugs_list},\n {$arrAudits['w']}, {$semail}, {$arrAudits['u']}, '{$timeout}', {$SVRid}, '{$insert_time}', '{$requested_run}', '3',\n 'S', '{$notify_sensor}', '{$scan_locally}', 'ACL', '{$resolve_names}' ) ";
$jobs_names[] = $sname . $i;
$i++;
}
}
$query_insert_time = gen_strtotime($insert_time, "");
foreach ($query as $sql) {
$error_updating = false;
$error_inserting = false;
$sql = str_replace(", ',", ", '',", str_replace("''", "'", $sql));
if ($dbconn->execute($sql) === false) {
echo _("Error creating scan job") . ": " . $dbconn->ErrorMsg();
if ($op == "editrecurring") {
$error_updating = true;
} else {
$error_creating = true;
}
} else {
if ($op == "editrecurring" && !$error_updating) {
echo "<br><center>" . _("Successfully Updated Recurring Job") . "</center>";
if (count($notallowed) == 0 && count($unables) == 0) {
?>
<script type="text/javascript">
//<![CDATA[
document.location.href='manage_jobs.php?hmenu=Vulnerabilities&smenu=Jobs';
//]]>
</script><?php
}
//logAccess( "Updated Recurring Job [ $jid ]" );
} elseif (!$error_creating) {
echo "<br><center>" . _("Successfully Submitted Job") . " {$request}</center>";
//logAccess( "Submitted Job [ $jid ] $request" );
foreach ($jobs_names as $job_name) {
$infolog = array($job_name);
Log_action::log(66, $infolog);
}
foreach ($sjobs_names as $job_name) {
$infolog = array($job_name);
Log_action::log(67, $infolog);
}
if (count($notallowed) == 0 && count($unables) == 0) {
?>
<script type="text/javascript">
//<![CDATA[
document.location.href='manage_jobs.php?hmenu=Vulnerabilities&smenu=Jobs';
//]]>
</script><?php
}
} else {
echo "<br><center>" . _("Failed Job Creation") . "</center>";
//logAccess( "Failed Job Creation" );
if (count($notallowed) == 0 && count($unables) == 0) {
?>
<script type="text/javascript">
//<![CDATA[
document.location.href='manage_jobs.php?hmenu=Vulnerabilities&smenu=Jobs';
//]]>
</script><?php
}
}
}
}
}
//end count($alowed)>0
if (count($notallowed) > 0 || count($unables) > 0) {
echo "<center>";
echo "<table class=\"noborder\" width=\"400\" style=\"background-color:transparent;\">";
echo "<tr><td class=\"nobborder\" style=\"text-align:left;\"><b>" . _("Errors Found") . ":</b></td></tr>";
if (count($notallowed) > 0) {
if (!preg_match("/^\\d+\$/", $username)) {
echo "<tr><td class=\"nobborder\" style=\"text-align:left;\">" . _("User") . " <b>{$username}</b> " . _("is not allowed for the following targets") . ":</td></tr>";
} else {
$entity_query = "SELECT name FROM acl_entities WHERE id={$username}";
$result = $dbconn->execute($entity_query);
list($username) = $result->fields;
echo "<tr><td class=\"nobborder\" style=\"text-align:left;\">" . _("Entiy") . " <b>{$username}</b> " . _("is not allowed for the following targets") . ":</td></tr>";
}
foreach ($notallowed as $target) {
echo "<tr><td class=\"nobborder\" style=\"text-align:left;padding-left:5px;\">- <b>{$target}</b></tr>";
}
echo "<tr height=\"30\"><td class=\"nobborder\"> </td></tr>";
}
if (count($unables) > 0) {
echo "<tr><td class=\"nobborder\" style=\"text-align:left;\">" . _("No remote vulnerability scanners available for the following targets") . ":</td></tr>";
foreach ($unables as $target) {
echo "<tr><td class=\"nobborder\" style=\"text-align:left;padding-left:5px;\">- <b>{$target}</b></tr>";
}
echo "<tr height=\"30\"><td class=\"nobborder\"> </td></tr>";
}
echo "<tr><td class=\"nobborder\" style=\"text-align:center;\">";
echo "<form action=\"sched.php\" method=\"post\">";
?>
<input type="hidden" name="sname" value="<?php
echo $sname;
?>
"/>
<?php
$SVRid = str_replace("'", "", $SVRid);
?>
<input type="hidden" name="SVRid" value="<?php
echo $SVRid;
?>
"/>
<input type="hidden" name="sid" value="<?php
echo $sid;
?>
"/>
<input type="hidden" name="timeout" value="<?php
echo $timeout;
?>
"/>
<input type="hidden" name="schedule_type" value="<?php
echo $schedule_type;
?>
"/>
<input type="hidden" name="ROYEAR" value="<?php
echo $ROYEAR;
?>
"/>
<input type="hidden" name="ROMONTH" value="<?php
echo $ROMONTH;
?>
"/>
<input type="hidden" name="ROday" value="<?php
echo $ROday;
?>
"/>
<input type="hidden" name="time_hour" value="<?php
echo $time_hour;
?>
"/>
<input type="hidden" name="time_min" value="<?php
echo $time_min;
?>
"/>
<input type="hidden" name="dayofweek" value="<?php
echo $dayofweek;
?>
"/>
<input type="hidden" name="nthweekday" value="<?php
echo $nthweekday;
?>
"/>
<input type="hidden" name="dayofmonth" value="<?php
echo $dayofmonth;
?>
"/>
<input type="hidden" name="ip_list" value="<?php
echo str_replace("\\r\\n", ";;", $ip_list);
?>
"/>
<?php
if (is_numeric($username)) {
?>
<input type="hidden" name="entity" value="<?php
echo $username;
?>
"/>
<?php
} else {
?>
<input type="hidden" name="user" value="<?php
echo $username;
?>
"/>
<?php
}
?>
<input type="hidden" name="hosts_alive" value="<?php
echo $hosts_alive;
?>
"/>
<input type="hidden" name="scan_locally" value="<?php
echo $scan_locally;
?>
"/>
<input type="hidden" name="semail" value="<?php
echo $semail;
?>
"/>
<input type="hidden" name="not_resolve" value="<?php
echo $not_resolve;
?>
"/>
<?php
echo "<input type=\"submit\" value=\"" . _("Back") . "\" class=\"button\"/> ";
echo "<input value=\"" . _("Continue") . "\" class=\"button\" type=\"button\" onclick=\"document.location.href='manage_jobs.php?hmenu=Vulnerabilities&smenu=Jobs'\"></form>";
echo "</td></tr>";
echo "</table>";
echo "</center>";
}
echo "</b></center>";
}
function submit_scan($vuln_op, $sched_id, $sname, $notify_email, $schedule_type, $ROYEAR, $ROMONTH, $ROday, $time_hour, $time_min, $dayofweek, $dayofmonth, $timeout, $SVRid, $sid, $tarSel, $ip_list, $ip_exceptions_list, $ip_start, $ip_end, $named_list, $cidr, $subnet, $system, $cred_type, $credid, $acc, $domain, $accpass, $acctype, $passtype, $passstore, $wpolicies, $wfpolicies, $upolicies, $custadd_type, $cust_plugins, $is_enabled, $hosts_alive, $scan_locally, $nthweekday, $semail, $not_resolve, $time_interval, $biyear, $bimonth, $biday, $ssh_credential = "", $smb_credential = "")
{
global $wdaysMap, $daysMap, $allowscan, $uroles, $username, $schedOptions, $adminmail, $mailfrom, $dbk, $dbconn;
// credentials
$credentials = $ssh_credential . "|" . $smb_credential;
$btime_hour = $time_hour;
// save local time
$btime_min = $time_min;
$bbiyear = $biyear;
$bbimonth = $bimonth;
$bbiday = $biday;
$tz = Util::get_timezone();
if ($schedule_type == "O") {
// date and time for run once
if (empty($ROYEAR)) {
$ROYEAR = gmdate("Y");
}
if (empty($ROMONTH)) {
$ROMONTH = gmdate("m");
}
if (empty($ROday)) {
$ROday = gmdate("d");
}
list($_y, $_m, $_d, $_h, $_u, $_s, $_time) = Util::get_utc_from_date($dbconn, "{$ROYEAR}-{$ROMONTH}-{$ROday} {$time_hour}:{$time_min}:00", $tz);
$ROYEAR = $_y;
$ROMONTH = $_m;
$ROday = $_d;
$time_hour = $_h;
$time_min = $_u;
} else {
if ($schedule_type == "D" || $schedule_type == "W" || $schedule_type == "M" || $schedule_type == "NW") {
// date and time for Daily, Day of Week, Day of month, Nth weekday of month
list($b_y, $b_m, $b_d, $b_h, $b_u, $b_s, $b_time) = Util::get_utc_from_date($dbconn, "{$biyear}-{$bimonth}-{$biday} {$time_hour}:{$time_min}:00", $tz);
$biyear = $b_y;
$bimonth = $b_m;
$biday = $b_d;
$time_hour = $b_h;
$time_min = $b_u;
}
}
if ($not_resolve == "1") {
$resolve_names = 0;
} else {
$resolve_names = 1;
}
$notify_email = str_replace(";", ",", $notify_email);
$requested_run = "";
$jobType = "M";
$recurring = False;
$targets = array();
$time_value = "";
$profile_desc = getProfileName($sid);
$target_list = "";
$need_authorized = "";
$request = "";
$plugs_list = "NULL";
$fk_name = "NULL";
$target_list = "NULL";
$tmp_target_list = "";
$jobs_names = array();
$sjobs_names = array();
$I3crID = "";
if ($hosts_alive == "1") {
// option: Only scan hosts that are alive
$I3crID = "1";
} else {
$I3crID = "0";
}
// if ( $custadd_type == "" ) { $custadd_type = "N"; }
// if ( $custadd_type != "N" && $cust_plugins != "" ) {
// $plugs_list="";
// $vals=preg_split( "/\s+|\r\n|,|;/", $cust_plugins );
// foreach($vals as $v) {
// $v=trim($v);
// if ( strlen($v)>0 ) {
// $plugs_list .= $v . "\n";
// }
// }
// $plugs_list = "'".$plugs_list."'";
// }
if ($schedule_type != "N") {
// current datetime in UTC
$arrTime = explode(":", gmdate('Y:m:d:w:H:i:s'));
$year = $arrTime[0];
$mon = $arrTime[1];
$mday = $arrTime[2];
$wday = $arrTime[3];
$hour = $arrTime[4];
$min = $arrTime[5];
$sec = $arrTime[6];
$timenow = $hour . $min . $sec;
$run_wday = $wdaysMap[$dayofweek];
$run_time = sprintf("%02d%02d%02d", $time_hour, $time_min, "00");
$run_mday = $dayofmonth;
$time_value = "{$time_hour}:{$time_min}:00";
$ndays = array("Sunday", "Monday", "Tuesday", "Wednesday", "Thursday", "Friday", "Saturday");
$begin_in_seconds = mktime($bihour, $bimin, 0, $bimonth, $biday, $biyear);
// selected datetime by user in UTC
$current_in_seconds = mktime($hour, $min, 0, $mon, $mday, $year);
// current datetime in UTC
if (strlen($bimonth) == 1) {
$bimonth = "0" . $bimonth;
}
if (strlen($biday) == 1) {
$biday = "0" . $biday;
}
}
switch ($schedule_type) {
case "N":
$requested_run = gmdate("YmdHis");
$sched_message = "No reccurring Jobs Necessary";
break;
case "O":
$requested_run = sprintf("%04d%02d%02d%06d", $ROYEAR, $ROMONTH, $ROday, $run_time);
//error_log("O-> $requested_run\n" ,3,"/tmp/sched.log");
$sched_message = "No reccurring Jobs Necessary";
$recurring = True;
$reccur_type = "Run Once";
break;
case "D":
if ($begin_in_seconds > $current_in_seconds) {
$next_day = $biyear . $bimonth . $biday;
// selected date by user
} else {
if ($run_time > $timenow) {
$next_day = $year . $mon . $mday;
} else {
$next_day = gmdate("Ymd", strtotime("+1 day GMT", gmdate("U")));
}
// next day
}
$requested_run = sprintf("%08d%06d", $next_day, $run_time);
//error_log("D-> $requested_run\n" ,3,"/tmp/sched.log");
$recurring = True;
$sched_message = "Schedule Reccurring";
$reccur_type = "Daily";
break;
case "W":
if ($begin_in_seconds > $current_in_seconds) {
// if it is a future date
$wday = date("w", mktime(0, 0, 0, $bimonth, $biday, $biyear));
// make week day for begin day
if ($run_wday == $wday) {
$next_day = $biyear . $bimonth . $biday;
// selected date by user
} else {
$next_day = gmdate("Ymd", strtotime("next " . $ndays[$run_wday] . " GMT", mktime(0, 0, 0, $bimonth, $biday, $biyear)));
}
} else {
if ($run_wday == $wday && $run_time > $timenow || $run_wday > $wday) {
$next_day = $year . $mon . $mday;
} else {
$next_day = gmdate("Ymd", strtotime("next " . $ndays[$run_wday] . " GMT", gmdate("U")));
}
// next week
}
preg_match("/(\\d{4})(\\d{2})(\\d{2})/", $next_day, $found);
list($b_y, $b_m, $b_d, $b_h, $b_u, $b_s, $b_time) = Util::get_utc_from_date($dbconn, $found[1] . "-" . $found[2] . "-" . $found[3] . " {$btime_hour}:{$btime_min}:00", $tz);
$requested_run = sprintf("%04d%02d%02d%02d%02d%02d", $b_y, $b_m, $b_d, $b_h, $b_u, "00");
//error_log("W-> $requested_run\n" ,3,"/tmp/sched.log");
$recurring = True;
$sched_message = "Schedule Reccurring";
$reccur_type = "Weekly";
break;
case "M":
if ($begin_in_seconds > $current_in_seconds) {
// if it is a future date
if ($run_mday >= $biday) {
$next_day = $biyear . $bimonth . ($run_mday < 10 ? "0" : "") . $run_mday;
// this month
} else {
$next_day = sprintf("%06d%02d", gmdate("Ym", strtotime("next month GMT", mktime(0, 0, 0, $bimonth, $biday, $biyear))), $run_mday);
}
} else {
if ($run_mday > $mday || $run_mday == $mday && $run_time > $timenow) {
$next_day = $year . $mon . ($run_mday < 10 ? "0" : "") . $run_mday;
// this month
} else {
$next_day = sprintf("%06d%02d", gmdate("Ym", strtotime("next month GMT", gmdate("U"))), $run_mday);
}
}
preg_match("/(\\d{4})(\\d{2})(\\d{2})/", $next_day, $found);
list($b_y, $b_m, $b_d, $b_h, $b_u, $b_s, $b_time) = Util::get_utc_from_date($dbconn, $found[1] . "-" . $found[2] . "-" . $found[3] . " {$btime_hour}:{$btime_min}:00", $tz);
$requested_run = sprintf("%04d%02d%02d%02d%02d%02d", $b_y, $b_m, $b_d, $b_h, $b_u, "00");
//error_log("M-> $requested_run $begin_in_seconds $current_in_seconds\n" ,3,"/tmp/sched.log");
$recurring = True;
$sched_message = "Schedule Reccurring";
$reccur_type = "Montly";
break;
case "NW":
if ($begin_in_seconds > $current_in_seconds) {
// if it is a future date
$array_time = array('month' => $bbimonth, 'day' => $bbiday, 'year' => $bbiyear);
$requested_run = weekday_month(strtolower($daysMap[$dayofweek]), $nthweekday, $btime_hour, $btime_min, $array_time);
} else {
$requested_run = weekday_month(strtolower($daysMap[$dayofweek]), $nthweekday, $btime_hour, $btime_min);
}
preg_match("/(\\d{4})(\\d{2})(\\d{2})(\\d{2})(\\d{2})(\\d{2})/", $requested_run, $found);
list($b_y, $b_m, $b_d, $b_h, $b_u, $b_s, $b_time) = Util::get_utc_from_date($dbconn, $found[1] . "-" . $found[2] . "-" . $found[3] . " " . $found[4] . ":" . $found[5] . ":00", $tz);
$requested_run = sprintf("%04d%02d%02d%02d%02d%02d", $b_y, $b_m, $b_d, $b_h, $b_u, "00");
//error_log("NW-> $requested_run\n" ,3,"/tmp/sched.log");
$dayofmonth = $nthweekday;
$recurring = True;
$sched_message = "Schedule Reccurring";
$reccur_type = "Nth weekday of the month";
break;
default:
break;
}
$insert_time = gmdate("YmdHis");
if (!empty($_SESSION["_vuln_targets"]) && count($_SESSION["_vuln_targets"]) > 0) {
$arr_ctx = array();
$sgr = array();
foreach ($_SESSION["_vuln_targets"] as $target_selected => $server_id) {
$sgr[$server_id][] = $target_selected;
if (preg_match("/^\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\/\\d{1,2}\$/i", $target_selected)) {
$related_ctxs = array_values(Asset_net::get_id_by_ips($dbconn, $target_selected));
if (is_array($related_ctxs) && count($related_ctxs) > 0) {
$arr_ctx[$target_selected] = key(array_shift($related_ctxs));
}
} else {
if (preg_match("/^\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\$/i", $target_selected)) {
$related_ctxs = array_values(Asset_host::get_id_by_ips($dbconn, $target_selected));
if (is_array($related_ctxs) && count($related_ctxs) > 0) {
$arr_ctx[$target_selected] = key(array_shift($related_ctxs));
// to assign a ctx for a IP
}
} else {
if (valid_hostname($target_selected) || valid_fqdns($target_selected)) {
$filters = array('where' => "hostname like '{$target_selected}' OR fqdns like '{$target_selected}'");
$_hosts_data = Asset_host::get_basic_list($dbconn, $filters);
$host_list = $_hosts_data[1];
if (count($host_list) > 0) {
$first_host = array_shift($host_list);
$hips = explode(",", $first_host['ips']);
foreach ($hips as $hip) {
$hip = trim($hip);
$arr_ctx[$hip] = $first_host['ctx'];
}
}
}
}
}
}
ossim_clean_error();
unset($_SESSION["_vuln_targets"]);
// clean scan targets
$query = array();
$IP_ctx = array();
foreach ($arr_ctx as $aip => $actx) {
$IP_ctx[] = $actx . "#" . $aip;
}
if ($vuln_op == "editrecurring" && $sched_id > 0) {
$query[] = "DELETE FROM vuln_job_schedule WHERE id='{$sched_id}'";
$i = 1;
foreach ($sgr as $notify_sensor => $targets) {
$target_list = implode("\n", $targets);
$target_list .= "\n" . implode("\n", $ip_exceptions_list);
$query[] = "INSERT INTO vuln_job_schedule ( name, username, fk_name, job_TYPE, schedule_type, day_of_week, day_of_month, \n time, email, meth_TARGET, meth_CRED, meth_VSET, meth_CUSTOM, meth_CPLUGINS, meth_Wfile, \n meth_Ucheck, meth_TIMEOUT, next_CHECK, createdate, enabled, resolve_names, time_interval, IP_ctx, credentials) VALUES ( '{$sname}', '{$username}', '" . Session::get_session_user() . "', '{$jobType}',\n '{$schedule_type}', '{$dayofweek}', '{$dayofmonth}', '{$time_value}', '{$notify_sensor}', '{$target_list}',\n {$I3crID}, '{$sid}', '{$custadd_type}', {$plugs_list}, {$semail}, '{$scan_locally}',\n '{$timeout}', '{$requested_run}', '{$insert_time}', '1', '{$resolve_names}' ,'{$time_interval}', '" . implode("\n", $IP_ctx) . "', '{$credentials}') ";
$sjobs_names[] = $sname . $i;
$i++;
}
} elseif ($recurring) {
$i = 1;
foreach ($sgr as $notify_sensor => $targets) {
$target_list = implode("\n", $targets);
$target_list .= "\n" . implode("\n", $ip_exceptions_list);
$query[] = "INSERT INTO vuln_job_schedule ( name, username, fk_name, job_TYPE, schedule_type, day_of_week, day_of_month, \n time, email, meth_TARGET, meth_CRED, meth_VSET, meth_CUSTOM, meth_CPLUGINS, meth_Wfile, \n meth_Ucheck, meth_TIMEOUT, scan_ASSIGNED, next_CHECK, createdate, enabled, resolve_names, time_interval, IP_ctx, credentials) VALUES ( '{$sname}', '{$username}', '" . Session::get_session_user() . "', '{$jobType}',\n '{$schedule_type}', '{$dayofweek}', '{$dayofmonth}', '{$time_value}', '{$notify_sensor}', '{$target_list}',\n {$I3crID}, '{$sid}', '{$custadd_type}', {$plugs_list}, {$semail}, '{$scan_locally}',\n '{$timeout}', '{$SVRid}', '{$requested_run}', '{$insert_time}', '1', '{$resolve_names}' , '{$time_interval}', '" . implode("\n", $IP_ctx) . "', '{$credentials}') ";
$sjobs_names[] = $sname . $i;
$i++;
}
} else {
$i = 1;
foreach ($sgr as $notify_sensor => $targets) {
$target_list = implode("\n", $targets);
$target_list .= "\n" . implode("\n", $ip_exceptions_list);
$query[] = "INSERT INTO vuln_jobs ( name, username, fk_name, job_TYPE, meth_SCHED, meth_TARGET, meth_CRED,\n meth_VSET, meth_CUSTOM, meth_CPLUGINS, meth_Wfile, meth_TIMEOUT, scan_ASSIGNED,\n scan_SUBMIT, scan_next, scan_PRIORITY, status, notify, authorized, author_uname, resolve_names, credentials ) VALUES ( '{$sname}',\n '{$username}', '" . Session::get_session_user() . "', '{$jobType}', '{$schedule_type}', '{$target_list}', {$I3crID}, '{$sid}', '{$custadd_type}', {$plugs_list},\n {$semail}, '{$timeout}', '{$SVRid}', '{$insert_time}', '{$requested_run}', '3',\n 'S', '{$notify_sensor}', '{$scan_locally}', '" . implode("\n", $IP_ctx) . "', '{$resolve_names}' , '{$credentials}') ";
// echo "$query1";
// die();
$jobs_names[] = $sname . $i;
$i++;
}
}
$query_insert_time = gen_strtotime($insert_time, "");
foreach ($query as $sql) {
$error_updating = false;
$error_inserting = false;
if ($dbconn->execute($sql) === false) {
echo _("Error creating scan job") . ": " . $dbconn->ErrorMsg();
if ($vuln_op == "editrecurring") {
$error_updating = true;
} else {
$error_creating = true;
}
} else {
$config_nt = array('content' => "", 'options' => array('type' => "nf_success", 'cancel_button' => false), 'style' => 'width: 40%; margin: 20px auto; text-align: center;');
if ($vuln_op == "editrecurring" && !$error_updating) {
$config_nt["content"] = _("Successfully Updated Recurring Job");
$nt = new Notification('nt_1', $config_nt);
$nt->show();
} elseif (!$error_creating) {
$config_nt["content"] = _("Successfully Submitted Job");
$nt = new Notification('nt_1', $config_nt);
$nt->show();
//logAccess( "Submitted Job [ $jid ] $request" );
foreach ($jobs_names as $job_name) {
$infolog = array($job_name);
Log_action::log(66, $infolog);
}
foreach ($sjobs_names as $job_name) {
$infolog = array($job_name);
Log_action::log(67, $infolog);
}
} else {
echo "<br><center>" . _("Failed Job Creation") . "</center>";
}
?>
<script type="text/javascript">
//<![CDATA[
document.location.href='<?php
echo Menu::get_menu_url(AV_MAIN_PATH . '/vulnmeter/manage_jobs.php', 'environment', 'vulnerabilities', 'scan_jobs');
?>
';
//]]>
</script>
<?php
}
}
}
// count($_SESSION["_vuln_targets"])>0
echo "</b></center>";
}
function reportsummary()
{
//GENERATE REPORT SUMMARY
global $user, $border, $report_id, $scantime, $scantype, $fp, $nfp, $output, $filterip, $query_risk, $dbconn, $pluginid;
global $treport, $sid, $ipl;
$tz = Util::get_timezone();
$htmlsummary = "";
if ($treport == "latest" || $ipl != "") {
$query = "SELECT t2.id, t1.username, t1.name, t2.name, t2.description, t4.hostname as host_name \n FROM vuln_nessus_latest_reports t1\n LEFT JOIN vuln_nessus_settings t2 on t1.sid=t2.id\n LEFT JOIN host t4 ON t4.ip=inet_ntoa(t1.report_id)\n WHERE " . ($ipl != "all" ? "t1.report_id in ({$report_id}) and " : "") . "t1.sid in ({$sid}) AND t1.username in ('{$user}')\n order by t1.scantime DESC";
} else {
$query = "SELECT t2.id, t1.username, t1.name, t2.name, t2.description \n FROM vuln_jobs t1\n LEFT JOIN vuln_nessus_settings t2 on t1.meth_VSET=t2.id\n WHERE t1.report_id in ({$report_id}) AND t1.username in('{$user}')\n order by t1.SCAN_END DESC";
}
$result = $dbconn->execute($query);
//print_r($query);
if ($treport == "latest" || $ipl != "") {
//list( $id_profile, $query_uid, $job_name, $profile_name, $profile_desc, $host_name ) =$result->fields;
$lprofiles = array();
$tmp_profiles = array();
while (list($id_profile, $query_uid, $job_name, $profile_name, $profile_desc, $host_name) = $result->fields) {
if ($host_name != "" && $host_name != long2ip($report_id)) {
$phost_name = "{$host_name} (" . long2ip($report_id) . ")";
} else {
$phost_name = long2ip($report_id);
}
$lprofiles[] = "{$profile_name} - {$profile_desc}";
$tmp_profiles[] = $id_profile;
$result->MoveNext();
}
$profiles = implode("<br>", $lprofiles);
$id_profile = implode(", ", $tmp_profiles);
} else {
list($id_profile, $query_uid, $job_name, $profile_name, $profile_desc) = $result->fields;
if ($job_name == "") {
// imported report
$query_imported_report = "SELECT name FROM vuln_nessus_reports WHERE scantime='{$scantime}'";
$result_imported_report = $dbconn->execute($query_imported_report);
$job_name = $result_imported_report->fields["name"];
}
}
if ($tz == 0) {
$localtime = gen_strtotime($scantime, "");
} else {
$localtime = gmdate("Y-m-d H:i:s", Util::get_utc_unixtime($dbconn, $scantime) + 3600 * $tz);
}
$htmlsummary .= "<table border=\"5\" width=\"900\"><tr><th class=\"noborder\" valign=\"top\" style=\"text-align:left;font-size:12px;\" nowrap>\n \n <b>" . _("Scan time") . ":</b></th><td class=\"noborder\" style=\"text-align:left;padding-left:10px;\">" . $localtime . " </td>";
//Generated date
$gendate = date("Y-m-d H:i:s");
$htmlsummary .= "<th class=\"noborder\" valign=\"top\" style=\"text-align:left;font-size:12px;\" nowrap>\n <b>" . _("Generated") . ":</b></th><td class=\"noborder\" style=\"text-align:left;padding-left:10px;\">{$gendate}</td></tr>";
if ($ipl != "all") {
if ($treport == "latest" || $ipl != "") {
$htmlsummary .= "<tr><th class=\"noborder\" valign=\"top\" style=\"text-align:left;font-size:12px;\" nowrap>\n <b>" . (count($lprofiles) > 1 ? _("Profiles") : _("Profile")) . ":</b></th><td class=\"noborder\" style=\"text-align:left;padding-left:10px;\">";
$htmlsummary .= "{$profiles} </td>\n <th class=\"noborder\" valign=\"top\" style=\"text-align:left;font-size:12px;\" nowrap>\n <b>" . ($treport == "latest" || $ipl != "" ? _("Host - IP") : _("Job Name")) . ":</b></th><td class=\"noborder\" valign=\"top\" style=\"text-align:left;padding-left:10px;\">" . ($treport == "latest" || $ipl != "" ? "{$phost_name}" : "{$job_name}") . "</td></tr>";
} else {
$htmlsummary .= "<tr><th class=\"noborder\" valign=\"top\" style=\"text-align:left;font-size:12px;\" nowrap>\n <b>" . _("Profile") . ":</b></th><td class=\"noborder\" style=\"text-align:left;padding-left:10px;\">";
$htmlsummary .= "{$profile_name} - {$profile_desc} </td>\n <th class=\"noborder\" valign=\"top\" style=\"text-align:left;font-size:12px;\" nowrap>\n <b>" . _("Job Name") . ":</b></th><td class=\"noborder\" style=\"text-align:left;padding-left:10px;\">{$job_name}</td></tr>";
}
}
$htmlsummary .= "</table>";
/*
if($pluginid!="") {
if($fp!=""){
$dbconn->execute("UPDATE vuln_nessus_settings_plugins SET enabled='N' WHERE sid in ($id_profile) and id='$pluginid'");
}
else {
$dbconn->execute("UPDATE vuln_nessus_settings_plugins SET enabled='Y' WHERE sid in ($id_profile) and id='$pluginid'");
}
}
*/
return "<center>" . $htmlsummary . "</center>";
}
if ($matches[2] != $matches[3]) {
$where = $matches[1] . " AND timestamp BETWEEN('" . $matches[2] . "') AND ('" . $matches[3] . "') " . $matches[4];
} else {
$where = $matches[1] . " AND timestamp >= '" . $matches[2] . "' " . $matches[4];
}
}
$qs->SetActionSQL($from . $where);
$et->Mark("Initialization");
$qs->RunAction($submit, PAGE_STAT_UADDR, $db);
$et->Mark("Alert Action");
/* Setup the Query Results Table */
$qro = new QueryResultsOutput("base_stat_otx.php?caller=" . $caller);
$qro->AddTitle(_('OTX Pulse'));
$events_title = _("Events"). " # <span class='idminfo' txt='".Util::timezone(Util::get_timezone())."'>(*)</span>";
$qro->AddTitle("<span id='total_title'>$events_title</span>", "occur_a", " ", " ORDER BY num_events ASC, num_iocs ASC", "occur_d", " ", " ORDER BY num_events DESC, num_iocs DESC");
$qro->AddTitle(_("Indicators #") , "ioc_a", " ", " ORDER BY num_iocs ASC", "ioc_d", " ", " ORDER BY num_iocs DESC");
$qro->AddTitle(' ');
$sort_sql = $qro->GetSortSQL($qs->GetCurrentSort() , $qs->GetCurrentCannedQuerySort());
$sql = "SELECT SQL_CALC_FOUND_ROWS hex(otx_data.pulse_id) as pulse, COUNT(distinct otx_data.event_id) as num_events, COUNT(distinct otx_data.ioc_hash) as num_iocs ". $sort_sql[0] . $from . $where . " GROUP BY pulse_id " . $sort_sql[1];
// use accumulate tables only with timestamp criteria
if (file_exists('/tmp/debug_siem'))
{
error_log("STATS OTX:$sql\n", 3, "/tmp/siem");
}
/* Run the Query again for the actual data (with the LIMIT) */
$et->Mark("Initialization");
$qs->RunAction($submit, PAGE_STAT_UADDR, $db);
$et->Mark("Alert Action");
/* Run the query to determine the number of rows (No LIMIT)*/
//$cnt_sql = "SELECT count(DISTINCT $addr_type_name) " . $from . $where;
$et->Mark("Counting Result size");
/* Setup the Query Results Table */
$qro = new QueryResultsOutput("base_stat_uaddr.php?caller=" . $caller . "&addr_type=" . $addr_type);
$qro->AddTitle(" ");
$qro->AddTitle($results_title, "addr_a", " ", " ORDER BY {$addr_type_name} ASC", "addr_d", " ", " ORDER BY {$addr_type_name} DESC");
$qro->AddTitle(gettext("OTX"));
if ($resolve_IP == 1) {
$qro->AddTitle("FQDN");
}
$qro->AddTitle(Session::show_entities() ? gettext("Context") : gettext("Sensor"));
$qro->AddTitle(gettext("Events") . " # <span class='idminfo' txt='" . Util::timezone(Util::get_timezone()) . "'>(*)</span>", "occur_a", " ", " ORDER BY num_events ASC", "occur_d", " ", " ORDER BY num_events DESC");
$qro->AddTitle(gettext("Unique Events"), "sig_a", " ", " ORDER BY num_sig ASC", "sig_d", " ", " ORDER BY num_sig DESC");
if ($addr_type == DEST_IP) {
$displaytitle = gettext("Displaying unique destination addresses %d-%d of <b>%s</b> matching your selection.");
$qro->AddTitle(gettext("Unique Src. Contacted."), "saddr_a", " ", " ORDER BY num_sip ASC", "saddr_d", " ", " ORDER BY num_sip DESC");
} else {
$displaytitle = gettext("Displaying unique source addresses %d-%d of <b>%s</b> matching your selection.");
$qro->AddTitle(gettext("Unique Dst. Contacted"), "daddr_a", " ", " ORDER BY num_dip ASC", "daddr_d", " ", " ORDER BY num_dip DESC");
}
if (file_exists("../kml/GoogleEarth.php")) {
$qro->AddTitle(gettext("Geo Tools") . " <a href='' onclick='window.open(\"../kml/TourConfig.php?type={$addr_type_name}&ip={$currentIP}\",\"IP {$currentIP} " . ($addr_type == 2 ? _("sources") : _("destinations")) . " - Goggle Earth API\",\"width=1024,height=700,scrollbars=NO,toolbar=1\");return false'><img title='" . _("Geolocation Tour") . "' align='absmiddle' src='../pixmaps/google_earth_icon.png' border='0'></a> <a href='' onclick='window.open(\"../kml/IPGoogleMap.php?type={$addr_type_name}&ip={$currentIP}\",\"IP {$currentIP} " . ($addr_type == 2 ? _("sources") : _("destinations")) . " - Goggle Maps API\",\"width=1024,height=700,scrollbars=NO,toolbar=1\");return false'><img title='" . _("Geolocation Map") . "' align='absmiddle' src='../pixmaps/google_maps_icon.png' border='0'></a>", "geotools");
}
if (!Session::am_i_admin()) {
$displaytitle = preg_replace("/\\. <b>.*/", ".", $displaytitle);
}
$sort_sql = $qro->GetSortSQL($qs->GetCurrentSort(), $qs->GetCurrentCannedQuerySort());
echo $from_str;
?>
...');</script><?php
$perc[$current_server] = 100;
}
}
// Order only if remote fetch
if ($from_remote) {
arsort($result);
}
?>
<script type="text/javascript">$("#loading").hide();</script><?php
fclose($fp);
$time2 = microtime(true);
$totaltime = round($time2 - $time1, 2);
$tz = GET("tzone") != "" ? $tzone : Util::get_timezone();
$txtzone = Util::timezone($tz);
?>
<div id="processcontent" style="display:none">
<?php
if (has_results($num_lines)) {
?>
<table width="100%" class="noborder" style="background-color:transparent;">
<tr>
<td width="20%" class="nobborder" nowrap><img src="../pixmaps/arrow_green.gif" align="absmiddle"><?php
print _("Time Range") . ": <b>{$start_query} <-> {$end_query}</b> {$txtzone}";
?>
</td>
<td class="center nobborder">
<?php
if ($from_remote) {
?>
</div>
<div id='r_desc'><?php
echo $release_info['description'];
?>
</div>
</div>
</div>
<?php
}
?>
<div id='c_latest_update'>
<?php
if (!empty($res_si['last_update']) && $res_si['last_update'] != 'unknown') {
$last_update = gmdate('Y-m-d H:i:s', strtotime($res_si['last_update'] . ' GMT') + 3600 * Util::get_timezone());
echo "<span class='bold'>" . _('Latest System Update') . ": <span style='color:#4F8A10'>" . $last_update . "</span></span>";
} else {
echo "<span class='bold'>" . _('Latest System Update') . ": <span style='color:#00529B'> -- </span></span>";
}
?>
</div>
<div id='c_info_pkg'>
<table class='t_info_pkg table_data' cellspacing='0' cellpadding='0'>
<?php
if (is_array($packages_info) && !empty($packages_info)) {
?>
<thead>
<tr>
function build_legend($days)
{
if ($days < 1) {
return array();
}
$tz = Util::get_timezone();
$legend = array();
for ($i = $days - 1; $i >= 0; $i--) {
$legend[] = gmdate('Y-m-d', time() + 3600 * $tz - 86400 * $i);
}
return $legend;
}
<?php
if (!empty($allowed_users) && is_array($allowed_users)) {
foreach ($allowed_users as $user) {
if ($user->get_id() == $my_session) {
$me = "style='font-weight: bold;'";
$action = "<img class='info_logout dis_logout' src='../pixmaps/menu/logout.gif' alt='" . $user->get_login() . "' title='" . $user->get_login() . "'/>";
} else {
$action = "<a onclick=\"logout('" . $user->get_id() . "');\">\n\t\t\t\t\t\t\t <img class='info_logout' src='../pixmaps/menu/logout.gif' alt='" . _('Logout') . " " . $user->get_login() . "' title='" . _('Logout') . " " . $user->get_login() . "'/>\n\t\t\t\t\t\t\t </a>";
$me = NULL;
}
$_country_aux = $geoloc->get_country_by_host($conn, $user->get_ip());
$s_country = strtolower($_country_aux[0]);
$s_country_name = $_country_aux[1];
$geo_code = get_country($s_country);
$flag = !empty($geo_code) ? "<img src='" . $geo_code . "' border='0' align='top'/>" : '';
$logon_date = gmdate('Y-m-d H:i:s', Util::get_utc_unixtime($user->get_logon_date()) + 3600 * Util::get_timezone());
$activity_date = Util::get_utc_unixtime($user->get_activity());
$background = Session_activity::is_expired($activity_date) ? 'background:#FFD8D6;' : '';
$expired = Session_activity::is_expired($activity_date) ? "<span style='color:red'>(" . _('Expired') . ")</span>" : "";
$agent = explode('###', $user->get_agent());
if ($agent[1] == 'av report scheduler') {
$agent = array('AV Report Scheduler', 'wget');
}
$host = @array_shift(Asset_host::get_name_by_ip($conn, $user->get_ip()));
$host = $host == '' ? $user->get_ip() : $host;
echo " <tr id='" . $user->get_id() . "'>\n\t\t\t\t\t\t\t\t\t<td class='ops_user' {$me}><img class='user_icon' src='" . get_user_icon($user->get_login(), $pro) . "' alt='" . _('User icon') . "' title='" . _('User icon') . "' align='absmiddle'/> " . $user->get_login() . "</td>\n\t\t\t\t\t\t\t\t\t<td class='ops_ip'>" . $user->get_ip() . "</td>\n\t\t\t\t\t\t\t\t\t<td class='ops_host'>" . $host . $flag . "</td>\n\t\t\t\t\t\t\t\t\t<td class='ops_agent'><a title='" . htmlentities($agent[1]) . "' class='info_agent'>" . htmlentities($agent[0]) . "</a></td>\n\t\t\t\t\t\t\t\t\t<td class='ops_id'>" . $user->get_id() . " {$expired}</td>\n\t\t\t\t\t\t\t\t\t<td class='ops_logon'>" . $logon_date . "</td>\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t<td class='ops_activity'>" . _(TimeAgo($activity_date, gmdate('U'))) . "</td>\n\t\t\t\t\t\t\t\t\t<td class='ops_actions'>{$action}</td>\t\n\t\t\t\t\t\t\t\t</tr>";
}
}
?>
</tbody>
</table>
function GetUTC()
{
/* convert to UTC time for sql */
require_once "classes/Util.inc";
$tz = Util::get_timezone();
$utc_criteria = $this->criteria;
for ($i = 0; $i < $this->criteria_cnt; $i++) {
if ($this->criteria[$i][4] != " " && $this->criteria[$i][4] != "") {
$y = $this->criteria[$i][4];
$m = $this->criteria[$i][2] != " " && $this->criteria[$i][2] != "" ? $this->criteria[$i][2] : "01";
$d = $this->criteria[$i][3] != " " && $this->criteria[$i][3] != "" ? $this->criteria[$i][3] : "01";
$h = $this->criteria[$i][5] != " " && $this->criteria[$i][5] != "" ? $this->criteria[$i][5] : "00";
$u = $this->criteria[$i][6] != " " && $this->criteria[$i][6] != "" ? $this->criteria[$i][6] : "00";
$s = $this->criteria[$i][7] != " " && $this->criteria[$i][7] != "" ? $this->criteria[$i][7] : "00";
///$time = gmmktime($h,$u,$s,$m,$d,$y)+(3600*$tz);
//echo "$y-$m-$d $h:$u:$s =";
list($y, $m, $d, $h, $u, $s, $time) = Util::get_utc_from_date($this->db, "{$y}-{$m}-{$d} {$h}:{$u}:{$s}", $tz);
//echo "$y-$m-$d $h:$u:$s == $time\n<br>";
$utc_criteria[$i][4] = $y;
$utc_criteria[$i][2] = $m;
$utc_criteria[$i][3] = $d;
$utc_criteria[$i][5] = $h;
$utc_criteria[$i][6] = $u;
$utc_criteria[$i][7] = $s;
}
}
return $utc_criteria;
}
function list_reports($type, $value, $sortby, $sortdir, $widget_mode)
{
global $allres, $roffset, $pageSize, $dbconn;
global $user, $arruser;
$dbconn->SetFetchMode(ADODB_FETCH_BOTH);
$filteredView = FALSE;
$selRadio = array("", "", "", "");
$query_onlyuser = "";
$url_filter = "";
if (!empty($arruser)) {
$query_onlyuser = "******";
}
if (!empty($sortby)) {
$or_sortby = $sortby;
} else {
$or_sortby = "";
}
if (!empty($sortdir)) {
$or_sortdir = $sortdir;
} else {
$or_sortdir = "";
}
if ($sortby == "jobname") {
$sortby = "t2.name";
} else {
if ($sortby == "profile") {
$sortby = "t3.name";
}
}
if ($sortby == "") {
$sortby = "scantime";
}
if ($sortdir == "" && !preg_match("/(ASC|DESC)\$/i", $sortby)) {
$sortdir = "DESC";
}
$queryw = "";
$queryl = "";
$leftjoin = "";
if ($type == "net") {
$leftjoin = "LEFT JOIN vuln_nessus_results t5 ON t5.report_id=t1.report_id";
}
$querys = "SELECT distinct t1.sid as sid, t1.report_id, t4.name as jobname, t4.scan_submit, t4.meth_target, t1.scantime,\n t1.username, t1.scantype, t1.report_key, t1.report_type as report_type, t3.name as profile, t4.id as jobid, t4.meth_SCHED, t1.name as report_name\n FROM vuln_nessus_reports t1\n LEFT JOIN vuln_jobs t2 ON t1.report_id=t2.report_id\n LEFT JOIN vuln_nessus_settings t3 ON t1.sid=t3.id\n LEFT JOIN vuln_jobs t4 on t1.report_id = t4.report_id {$leftjoin}\n WHERE t1.deleted = '0' AND t1.scantime IS NOT NULL ";
//Set up the SQL query based on the search form input (if any)
switch ($type) {
case "scantime":
$selRadio[0] = "CHECKED";
$utc_data = Util::get_utc_from_date($dbconn, $value, Util::get_timezone());
$q = $utc_data[6];
$q = str_replace("-", "", $q);
$q = str_replace(":", "", $q);
$q = str_replace(" ", "", $q);
$queryw = " AND t1.scantime LIKE '%{$q}%' {$query_onlyuser} order by {$sortby} {$sortdir}";
$queryl = " limit {$roffset},{$pageSize}";
$stext = "<b>" . _("Search for Date/Time") . "</b> = '*{$value}*'";
$url_filter = "&type={$type}&value={$value}";
break;
case "jobname":
$selRadio[1] = "CHECKED";
$q = strtolower($value);
$queryw = " AND t1.name LIKE '%{$q}%' {$query_onlyuser} order by {$sortby} {$sortdir}";
$queryl = " limit {$roffset},{$pageSize}";
$stext = "<b>" . _("Search for Job Name") . "</b> = '*" . html_entity_decode($q) . "*'";
$url_filter = "&type={$type}&value={$value}";
break;
case "fk_name":
$selRadio[2] = "CHECKED";
$q = strtolower($value);
$queryw = " AND t1.fk_name LIKE '%{$q}%' {$query_onlyuser} order by {$sortby} {$sortdir}";
$queryl = " limit {$roffset},{$pageSize}";
$stext = _("Search for Subnet/CIDR") . " = '*{$q}*'";
$url_filter = "&type={$type}&value={$value}";
break;
case "username":
$selRadio[3] = "CHECKED";
$q = strtolower($value);
$queryw = " AND t1.username LIKE '%{$q}%' {$query_onlyuser} order by {$sortby} {$sortdir}";
$queryl = " limit {$roffset},{$pageSize}";
$stext = "<b>" . _("Search for user") . "</b> = '*{$q}*'";
$url_filter = "&type={$type}&value={$value}";
break;
case "net":
$selRadio[4] = "CHECKED";
if (!preg_match("/\\//", $value)) {
$q = $value;
} else {
$tokens = explode("/", $value);
$bytes = explode(".", $tokens[0]);
if ($tokens[1] == "24") {
$q = $bytes[0] . "." . $bytes[1] . "." . $bytes[2] . ".";
} else {
if ($tokens[1] == "16") {
$q = $bytes[0] . "." . $bytes[1] . ".";
} else {
if ($tokens[1] == "8") {
$q = $bytes[0] . ".";
} else {
if ((int) $tokens[1] > 24) {
$q = $bytes[0] . "." . $bytes[1] . "." . $bytes[2] . "." . $bytes[3];
}
}
}
}
}
$queryw = " AND (t4.meth_TARGET LIKE '%{$q}%' OR t5.hostIP LIKE '%{$q}%') {$query_onlyuser} order by {$sortby} {$sortdir}";
$queryl = " limit {$roffset},{$pageSize}";
if (!preg_match("/\\//", $value)) {
$stext = "<b>" . _("Search for Host") . "</b> = '*" . html_entity_decode($q) . "*'";
} else {
$stext = "<b>" . _("Search for Subnet/CIDR") . "</b> = '*{$q}*'";
}
$url_filter = "&type={$type}&value={$value}";
break;
default:
$selRadio[1] = "CHECKED";
$viewAll = FALSE;
$queryw = "{$query_onlyuser} order by {$sortby} {$sortdir}";
$queryl = " limit {$roffset},{$pageSize}";
$stext = "";
break;
}
$reportCount = 0;
if (!$filteredView) {
$queryc = "SELECT count(t1.report_id)\n FROM vuln_nessus_reports t1 LEFT JOIN vuln_jobs t2 on t1.report_id = t2.report_id\n LEFT JOIN vuln_nessus_settings t3 ON t1.sid=t3.id\n WHERE t1.deleted = '0'";
$reportCount = $dbconn->GetOne($queryc . $queryw);
$previous = $roffset - $pageSize;
if ($previous < 0) {
$previous = 0;
}
$last = intval($reportCount / $pageSize) * $pageSize;
if ($last < 0) {
$last = 0;
}
$next = $roffset + $pageSize;
$pageEnd = $roffset + $pageSize;
$value = html_entity_decode($value);
$w_val = intval($widget_mode);
//echo "<center><table cellspacing=\"0\" cellpadding=\"0\" border=\"0\" width=\"100%\"><tr><td class=\"headerpr\" style=\"border:0;\">"._("Reports")."</td></tr></table></center>";
// output the search form
echo "<table cellspacing='0' cellpadding='0' class='w100 transparent'>";
echo "<tr><td class='sec_title'>" . _("Scan Reports Details") . "</td></tr>";
echo "<tr><td style='padding-top:12px;' class='transparent'>";
echo '
<center>
<form name="hostSearch" action="index.php" method="GET">
<input type="hidden" name="widget_mode" value="' . $w_val . '">
<input type="text" length="25" name="rvalue" id="rvalue" value="' . Util::htmlentities($value) . '">';
echo "\n<input type=\"radio\" name=\"type\" value=\"scantime\" {$selRadio['0']}>" . _("Date") . "/" . _("Time") . "\n<input type=\"radio\" name=\"type\" value=\"jobname\" {$selRadio['1']}>" . _("Job Name") . "\n<input type=\"radio\" name=\"type\" value=\"net\" {$selRadio['4']}>" . _("Host") . "/" . _("Net") . "\n";
echo <<<EOT
<input type="hidden" name="sortby" value="{$sortby}">
<input type="hidden" name="allres" value="{$allres}">
<input type="hidden" name="op" value="search">
EOT;
echo "<input type=\"submit\" name=\"submit\" value=\"" . _("Find") . "\" id=\"reports_find_button\" class=\"av_b_secondary small\">";
echo <<<EOT
</form>
</center>
</p>
EOT;
} else {
// get the search result count
$queryc = "SELECT count( report_id ) FROM vuln_nessus_reports WHERE t1.deleted = '0' ";
$scount = $dbconn->GetOne($queryc . $queryw);
echo "<p>{$scount} report";
if ($scount != 1) {
echo "s";
} else {
}
echo " " . _("found matching search criteria") . " | ";
echo " <a href='index.php' alt='" . _("View All Reports") . "'>" . _("View All Reports") . "</a></p>";
}
echo "<p>";
echo $stext;
echo "</p>";
echo "</td></tr></table>";
// get the hosts to display
//print_r($querys.$queryw.$queryl);
$result = $dbconn->GetArray($querys . $queryw . $queryl);
if ($result === false) {
$errMsg[] = _("Error getting results") . ": " . $dbconn->ErrorMsg();
$error++;
dispSQLError($errMsg, $error);
} else {
$tdata = array();
foreach ($result as $data) {
$data['vSerious'] = 0;
$data['vHigh'] = 0;
$data['vMed'] = 0;
$data['vLow'] = 0;
$data['vInfo'] = 0;
$vulns_in_report = false;
// query for reports for each IP
$perms_where = Asset_host::get_perms_where('host.', TRUE);
if (!empty($perms_where)) {
$query_risk = "SELECT count(lr.risk) as count, lr.risk, lr.hostIP, lr.ctx\n FROM vuln_nessus_results lr, host, host_ip hi\n WHERE host.id=hi.host_id AND inet6_ntoa(hi.ip)=lr.hostIP {$perms_where} AND report_id in (?) AND falsepositive='N'\n GROUP BY lr.risk, lr.hostIP, lr.ctx";
} else {
$query_risk = "SELECT count(lr.risk) as count, lr.risk, lr.hostIP, lr.ctx\n FROM vuln_nessus_results lr\n WHERE report_id in (?) AND falsepositive='N'\n GROUP BY lr.risk, lr.hostIP, lr.ctx";
}
$result_risk = $dbconn->Execute($query_risk, array($data['report_id']));
while (!$result_risk->EOF) {
$vulns_in_report = TRUE;
if ($result_risk->fields["risk"] == 7) {
$data['vInfo'] += $result_risk->fields['count'];
} else {
if ($result_risk->fields["risk"] == 6) {
$data['vLow'] += $result_risk->fields['count'];
} else {
if ($result_risk->fields["risk"] == 3) {
$data['vMed'] += $result_risk->fields['count'];
} else {
if ($result_risk->fields["risk"] == 2) {
$data['vHigh'] += $result_risk->fields['count'];
} else {
if ($result_risk->fields["risk"] == 1) {
$data['vSerious'] += $result_risk->fields['count'];
}
}
}
}
}
$result_risk->MoveNext();
}
$data['clink'] = "respdfc.php?scantime=" . $data['scantime'] . "&scantype=" . $data['scantype'] . "&key=" . $data['report_key'] . $more;
$data['plink'] = "respdf.php?scantime=" . $data['scantime'] . "&scantype=" . $data['scantype'] . "&key=" . $data['report_key'] . $more;
$data['hlink'] = "reshtml.php?disp=html&output=full&scantime=" . $data['scantime'] . "&scantype=" . $data['scantype'] . $more;
$data['rerun'] = "sched.php?action=rerun_scan&job_id=" . $data['jobid'] . $more;
$data['xlink'] = "rescsv.php?scantime=" . $data['scantime'] . "&scantype=" . $data['scantype'] . "&key=" . $data['report_key'] . $more;
$data['xbase'] = "restextsummary.php?scantime=" . $data['scantime'] . "&scantype=" . $data['scantype'] . $more . "&key=" . $data['report_key'];
$list = array();
if ($data["report_type"] == "I") {
$perms_where = Asset_host::get_perms_where('host.', TRUE);
$dbconn->execute("CREATE TEMPORARY TABLE tmph (id binary(16) NOT NULL,ip varchar(64) NOT NULL,ctx binary(16) NOT NULL, PRIMARY KEY ( id, ip ));");
$dbconn->execute("REPLACE INTO tmph SELECT id, inet6_ntoa(ip), ctx FROM host, host_ip WHERE host.id=host_ip.host_id {$perms_where};");
$result_import = $dbconn->execute("SELECT DISTINCT hostIP, HEX(vuln_nessus_results.ctx) as ctx, hex(id) as host_id FROM vuln_nessus_results LEFT JOIN tmph ON tmph.ctx=vuln_nessus_results.ctx AND hostIP=tmph.ip WHERE report_id = " . $data['report_id']);
while (!$result_import->EOF) {
if (valid_hex32($result_import->fields["host_id"])) {
$list[] = $result_import->fields["host_id"] . "#" . $result_import->fields["hostIP"];
} else {
$list[] = $result_import->fields["hostIP"];
}
$result_import->MoveNext();
}
$dbconn->execute("DROP TABLE tmph;");
} else {
$list = explode("\n", trim($data['meth_target']));
}
//var_dump($list);
if (count($list) == 1) {
$list[0] = trim($list[0]);
$asset = resolve_asset($dbconn, $list[0], true);
$data['target'] = "<span class='tip' title='" . clean_id($list[0]) . "'>" . $asset . "</span>";
} elseif (count($list) == 2) {
$list[0] = trim($list[0]);
$asset = resolve_asset($dbconn, $list[0], true);
$list[0] = "<span class='tip' title='" . clean_id($list[0]) . "'>" . $asset . "</span>";
$list[1] = trim($list[1]);
$asset = resolve_asset($dbconn, $list[1], true);
$list[1] = "<span class='tip' title='" . clean_id($list[1]) . "'>" . $asset . "</span>";
$data['target'] = $list[0] . ', ' . $list[1];
} else {
$list[0] = trim($list[0]);
$asset = resolve_asset($dbconn, $list[0], true);
$list[0] = "<span class='tip' title='" . clean_id($list[0]) . "'>" . $asset . "</span>";
$list[count($list) - 1] = trim($list[count($list) - 1]);
$asset = resolve_asset($dbconn, $list[count($list) - 1], true);
$list[count($list) - 1] = "<span class='tip' title='" . clean_id($list[count($list) - 1]) . "'>" . $asset . "</span>";
$data['target'] = $list[0] . " ... " . $list[count($list) - 1];
}
if ($data["report_type"] == "I") {
$data["jobname"] = $data["report_name"];
}
if ($data['vSerious'] == 0 && $data['vHigh'] == 0 && $data['vMed'] == 0 && $data['vLow'] == 0 && $data['vInfo'] == 0 && $vulns_in_report) {
$data['vSerious'] = "-";
$data['vHigh'] = "-";
$data['vMed'] = "-";
$data['vLow'] = "-";
$data['vInfo'] = "-";
}
$data['target'] = preg_replace("/[0-9a-f]{32}#/i", "", $data['target']);
$tdata[] = $data;
}
if ($sortdir == "ASC") {
$sortdir = "DESC";
} else {
$sortdir = "ASC";
}
$url = $_SERVER['SCRIPT_NAME'] . "?offset=0&sortby=%var%&sortdir={$sortdir}" . $url_filter;
$fieldMapLinks = array();
$fieldMapLinks = array(gettext("HTML Results") => array('url' => '%param%', 'param' => 'hlink', 'target' => 'main', 'icon' => 'images/html.png'), gettext("PDF Results") => array('url' => '%param%', 'param' => 'plink', 'target' => '_blank', 'icon' => 'images/pdf.png'), gettext("EXCEL Results") => array('url' => '%param%', 'param' => 'xlink', 'target' => '_blank', 'icon' => 'images/page_white_excel.png'));
$fieldMap = array("Date/Time" => array('var' => 'scantime', 'link' => $url), "Job Name" => array('var' => 'jobname', 'link' => $url), "Targets" => array('var' => 'target', 'link' => $url), "Profile" => array('var' => 'profile', 'link' => $url), "Serious" => array('var' => 'vSerious', 'link' => $url), "High" => array('var' => 'vHigh', 'link' => $url), "Medium" => array('var' => 'vMed', 'link' => $url), "Low" => array('var' => 'vLow', 'link' => $url), "Info" => array('var' => 'vInfo', 'link' => $url), "Links" => $fieldMapLinks);
if (count($tdata) > 0) {
drawTable($fieldMap, $tdata, "Hosts", get_hosts($dbconn));
} else {
?>
<table class="table_list">
<tr><td class="nobborder" style="text-align:center;padding: 8px 0px 0px 0px;"><strong><?php
echo _("No reports found");
?>
</strong><br/><br/></td></tr>
</table>
<?php
}
}
// draw the pager again, if viewing all hosts
if ($last != 0) {
?>
<div class="fright tmargin">
<?php
if ($next > $pageSize) {
?>
<a href="index.php?sreport=1&<?php
echo "sortdir={$or_sortdir}&roffset={$previous}&sortby={$or_sortby}{$url_filter}";
?>
" class="pager">< <?php
echo _("PREVIOUS");
?>
</a>
<?php
} else {
?>
<a class='link_paginate_disabled' href="" onclick='return false'>< <?php
echo _("PREVIOUS");
?>
</a>
<?php
}
if ($next <= $last) {
?>
<a class='lmargin' href="index.php?sreport=1&<?php
echo "sortdir={$or_sortdir}&roffset={$next}&sortby={$or_sortby}{$url_filter}";
?>
"> <?php
echo _("NEXT");
?>
></a>
<?php
} else {
?>
<a class='link_paginate_disabled lmargin' href="" onclick='return false'><?php
echo _("NEXT");
?>
></a>
<?php
}
?>
</div>
<?php
} else {
echo "<p> </p>";
}
}
<?php
if (!empty($allowed_users)) {
foreach ($allowed_users as $user) {
if ($user->get_id() == $my_session) {
$me = "style='font-weight: bold;'";
$action = "<img class='dis_logout' src='../pixmaps/menu/logout.gif' alt='" . $user->get_login() . "' title='" . $user->get_login() . "'/>";
} else {
$action = "<a onclick=\"logout('" . $user->get_id() . "');\"><img src='../pixmaps/menu/logout.gif' alt='" . _("Logout") . " " . $user->get_login() . "' title='" . _("Forced logout") . " " . $user->get_login() . "'/></a>";
$me = null;
}
$gi = geoip_open("/usr/share/geoip/GeoIP.dat", GEOIP_STANDARD);
$s_country = strtolower(geoip_country_code_by_addr($gi, $user->get_ip()));
$s_country_name = geoip_country_name_by_addr($gi, $user->get_ip());
$geo_code = get_country($s_country, $s_country_name);
$flag = !empty($geo_code) ? "<img src='" . $geo_code . "' border='0' align='top'/>" : "";
$logon_date = gmdate("Y-m-d H:i:s", Util::get_utc_unixtime($dbconn, $user->get_logon_date()) + 3600 * Util::get_timezone());
$activity_date = Util::get_utc_unixtime($dbconn, $user->get_activity());
$style = Session_activity::is_expired($activity_date) ? "background:#EFE1E0;" : "background:#EFFFF7;";
$expired = Session_activity::is_expired($activity_date) ? "<span style='color:red'>(" . _("Expired") . ")</span>" : "";
$agent = explode("###", $user->get_agent());
if ($agent[1] == "av report scheduler") {
$agent = array("AV Report Scheduler", "wget");
}
echo " <tr style='{$style}' id='" . $user->get_id() . "'>\n\t\t\t\t\t\t\t\t\t<td class='ops_user' {$me}><img class='user_icon' src='" . get_user_icon($user->get_login(), $pro) . "' alt='" . _("User icon") . "' title='" . _("User icon") . "' align='absmiddle'/> " . $user->get_login() . "</td>\n\t\t\t\t\t\t\t\t\t<td class='ops_ip'>" . $user->get_ip() . "</td>\n\t\t\t\t\t\t\t\t\t<td class='ops_host'>" . Host::ip2hostname($dbconn, $user->get_ip()) . $flag . "</td>\n\t\t\t\t\t\t\t\t\t<td class='ops_agent'><a txt='" . htmlentities($agent[1]) . "' class='info_agent'>" . htmlentities($agent[0]) . "</a></td>\n\t\t\t\t\t\t\t\t\t<td class='ops_id'>" . $user->get_id() . " {$expired}</td>\n\t\t\t\t\t\t\t\t\t<td class='ops_logon'>" . $logon_date . "</td>\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t<td class='ops_activity'>" . _(TimeAgo($activity_date, gmdate("U"))) . "</td>\n\t\t\t\t\t\t\t\t\t<td class='ops_actions'>{$action}</td>\t\n\t\t\t\t\t\t\t\t</tr>";
}
} else {
echo "<tr><td colspan='8' id='no_sessions' class='nobborder'><div class='ossim_info'>" . _("No active sessions") . "</td></tr>";
}
?>
</tbody>
</table>
function range_graphic($trdata)
{
require_once "classes/Util.inc";
$tz = Util::get_timezone();
$timerange = $trdata[2];
switch ($timerange) {
case "today":
$desde = strtotime(gmdate("Y-m-d 00:00:00") . " GMT");
$suf = "h";
$jump = 3600;
$noprint = 2;
$interval = "G";
$key = "G";
$hasta = gmdate("U") + 3600 * $tz;
// time to generate dates with timezone correction
break;
case "day":
$desde = gmdate("U") + 3600 * $tz - 24 * 3600;
$suf = "";
$jump = 3600;
$noprint = 3;
$interval = "G\\h jM";
$key = "G j";
$hasta = gmdate("U") + 3600 * $tz;
break;
case "day2":
$desde = gmdate("U") + 3600 * $tz - 48 * 3600;
$suf = "";
$jump = 3600;
$noprint = 6;
$interval = "G\\h jM";
$key = "G j";
$hasta = gmdate("U") + 3600 * $tz;
break;
case "week":
$desde = gmdate("U") + 3600 * $tz - 7 * 24 * 3600;
$suf = "";
$jump = 86400;
$noprint = 1;
$interval = "j M";
$key = "j F";
$hasta = gmdate("U") + 3600 * $tz;
break;
case "weeks":
$desde = gmdate("U") + 3600 * $tz - 2 * 7 * 24 * 3600;
$suf = "";
$jump = 86400;
$noprint = 3;
$interval = "j M";
$key = "j F";
$hasta = gmdate("U") + 3600 * $tz;
break;
case "month":
$desde = gmdate("U") + 3600 * $tz - 31 * 24 * 3600;
$suf = "";
$jump = 86400;
$noprint = 3;
$interval = "j M";
$key = "j F";
$hasta = gmdate("U") + 3600 * $tz;
break;
case "range":
$desde = $trdata[0];
$hasta = $trdata[1];
// time_range calc
$diff = $hasta - $desde;
if ($diff > 2678400) {
// more than 1 month
$suf = "";
$jump = 0;
$noprint = 2;
$interval = "M-Y";
$key = "F Y";
} elseif ($diff > 1296000) {
// more than 7 days
$suf = "";
$jump = 86400;
$noprint = 3;
$interval = "j M";
$key = "j F";
} elseif ($diff > 604800) {
// more than 7 days
$suf = "";
$jump = 86400;
$noprint = 2;
$interval = "j M";
$key = "j F";
} elseif ($diff >= 86400) {
// more than 1 day
$suf = "";
$jump = 86400;
$noprint = 1;
$interval = "j M";
$key = "j F";
} elseif ($diff < 86400) {
$suf = "h";
$jump = 3600;
$noprint = 2;
$interval = "G";
$key = "G";
} else {
$suf = "";
$jump = 3600;
$noprint = 3;
$interval = "G\\h jM";
$key = "G j";
}
break;
default:
$desde = gmdate("U") + 3600 * $tz - 365 * 24 * 3600;
$suf = "";
$jump = 0;
$noprint = 2;
$interval = "M-Y";
$key = "F Y";
$hasta = gmdate("U") + 3600 * $tz + 28 * 24 * 3600;
}
//
$x = $y = $ticks = $labels = array();
$d = $desde;
$xx = 0;
while ($d <= $hasta) {
$now = trim(gmdate($key, $d) . " " . $suf);
$x["{$now}"] = $ticks["{$now}"] = $xx++;
$y["{$now}"] = 0;
// default value 0
$labels["{$now}"] = $xx % $noprint == 0 ? gmdate($interval, $d) . $suf : "";
if ($jump == 0) {
$d += date("t", $d) * 86400;
} else {
$d += $jump;
}
// next date
}
//var_dump($x);
//var_dump($labels);
return array($x, $y, $ticks, $labels);
}
function reportsummary()
{
//GENERATE REPORT SUMMARY
global $user, $border, $report_id, $scantime, $scantype, $fp, $nfp, $output, $filterip, $query_risk, $dbconn, $pluginid;
global $treport, $sid, $ipl;
$tz = Util::get_timezone();
$htmlsummary = '';
$user_filter = $user != '' ? "AND t1.username in ({$user})" : "";
$query = "SELECT t2.id, t1.username, t1.name as job_name, t2.name as profile_name, t2.description \n FROM vuln_jobs t1\n LEFT JOIN vuln_nessus_settings t2 on t1.meth_VSET=t2.id\n WHERE t1.report_id in ({$report_id}) {$user_filter}\n order by t1.SCAN_END DESC";
$result = $dbconn->execute($query);
$id_profile = $result->fields['id'];
$query_uid = $result->fields['username'];
$job_name = $result->fields['jobname'];
$profile_name = $result->fields['profile_name'];
$profile_desc = $result->fields['description'];
if ($job_name == '') {
// imported report
$query_imported_report = "SELECT name FROM vuln_nessus_reports WHERE scantime='{$scantime}'";
$result_imported_report = $dbconn->execute($query_imported_report);
$job_name = $result_imported_report->fields["name"];
}
if ($tz == 0) {
$localtime = gen_strtotime($scantime, "");
} else {
$localtime = gmdate("Y-m-d H:i:s", Util::get_utc_unixtime($scantime) + 3600 * $tz);
}
$htmlsummary .= "<table border=\"5\" width=\"900\" style=\"margin: 9px 0px 0px 0px;\"><tr><th class=\"noborder\" valign=\"top\" style=\"text-align:left;font-size:12px;\" nowrap>\n \n <b>" . _("Scan time") . ":</b></th><td class=\"noborder\" style=\"text-align:left;padding-left:9px;\">" . $localtime . " </td>";
//Generated date
$gendate = gmdate("Y-m-d H:i:s", gmdate("U") + 3600 * $tz);
$htmlsummary .= "<th class=\"noborder\" valign=\"top\" style=\"text-align:left;font-size:12px;\" nowrap>\n <b>" . _("Generated") . ":</b></th><td class=\"noborder\" style=\"text-align:left;padding-left:10px;\">{$gendate}</td></tr>";
$htmlsummary .= "<tr><th class=\"noborder\" valign=\"top\" style=\"text-align:left;font-size:12px;\" nowrap>\n <b>" . _("Profile") . ":</b></th><td class=\"noborder\" style=\"text-align:left;padding-left:10px;\">";
$htmlsummary .= "{$profile_name} - {$profile_desc} </td>\n <th class=\"noborder\" valign=\"top\" style=\"text-align:left;font-size:12px;\" nowrap>\n <b>" . _("Job Name") . ":</b></th><td class=\"noborder\" style=\"text-align:left;padding-left:10px;\">{$job_name}</td></tr>";
$htmlsummary .= "</table>";
return "<center>" . $htmlsummary . "</center>";
}
*
*
* On Debian GNU/Linux systems, the complete text of the GNU General
* Public License can be found in `/usr/share/common-licenses/GPL-2'.
*
* Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt
*
*/
require_once 'av_init.php';
require_once 'ossim_db.inc';
require_once 'general.php';
Session::logcheck("analysis-menu", "EventsForensics");
$it_security = "";
$address = "";
$tlfn = "";
$tz = Util::get_timezone();
$date = gmdate("Y-m-d H:i:s", gmdate("U") + 3600 * $tz);
$maintitle = $report_data['report_name'];
$db = new ossim_db();
$conn = $db->connect();
$t_params = array();
$t_params[] = $user;
$t_query = "SELECT dataV1, dataV2 \r\n\t\t FROM datawarehouse.report_data \r\n\t\t WHERE id_report_data_type=35 and user=?";
$conn->SetFetchMode(ADODB_FETCH_ASSOC);
$t_rs = $conn->Execute($t_query, $t_params);
if (!$t_rs) {
$filter = '';
} else {
$filter = '
<table class="w100" cellspacing="0" cellpadding="0">
<tr>
$status = new System_status();
list($message_list, $total) = $status->get_status_messages($filters, $pagination);
} catch (Exception $e) {
$response['sEcho'] = $sec;
$response['iTotalRecords'] = 0;
$response['iTotalDisplayRecords'] = 0;
$response['error'] = $e->getMessage();
$response['aaData'] = array();
echo json_encode($response);
exit;
}
$data = array();
foreach ($message_list as $message) {
$res = array();
$res['DT_RowId'] = $message['message_id'] . '_' . $message['component_id'];
$res['viewed'] = $message['viewed'];
$res['ctime'] = gmdate("Y-m-d H:i:s", strtotime($message['creation_time']));
$date = gmdate("Y-m-d H:i:s", strtotime(preg_replace('/GMT/', '', $message['creation_time'])) + 3600 * Util::get_timezone());
$res[] = $date;
$res[] = $message['level'];
$res[] = $message['component_type'];
$res[] = $message['component_name'];
$res[] = $message['component_ip'];
$res[] = $message['description'];
$data[] = $res;
}
$response['sEcho'] = $sec;
$response['iTotalRecords'] = $total;
$response['iTotalDisplayRecords'] = $total;
$response['aaData'] = $data;
echo json_encode($response);
