function add_note($conn, $type) { $validate = array('asset_id' => array('validation' => 'OSS_HEX', 'e_message' => 'illegal:' . _('Asset ID')), 'txt' => array('validation' => 'OSS_TEXT, OSS_PUNC_EXT', 'e_message' => 'illegal:' . _('Note text'))); $validation_errors = validate_form_fields('POST', $validate); if (is_array($validation_errors) && !empty($validation_errors)) { Av_exception::throw_error(Av_exception::USER_ERROR, _('Error! Note could not be added')); } $asset_id = POST('asset_id'); $txt = POST('txt'); // Check Asset Type $asset_types = array('asset' => 'asset_host', 'network' => 'asset_net', 'group' => 'asset_group', 'net_group' => 'net_group'); // Note type $type_tr = array('group' => 'host_group', 'network' => 'net', 'asset' => 'host', 'net_group' => 'net_group'); $class_name = $asset_types[$type]; $asset_type = $type_tr[$type]; // Check Asset Permission if (method_exists($class_name, 'is_allowed') && !$class_name::is_allowed($conn, $asset_id)) { $error = sprintf(_('Error! %s is not allowed'), ucwords($type)); Av_exception::throw_error(Av_exception::USER_ERROR, $error); } $note_id = Notes::insert($conn, $asset_type, gmdate('Y-m-d H:i:s'), $asset_id, $txt); if (intval($note_id) > 0) { $tz = Util::get_timezone(); $data['msg'] = _('Note added successfully'); $data['id'] = $note_id; $data['note'] = $txt; $data['date'] = gmdate('Y-m-d H:i:s', Util::get_utc_unixtime(gmdate('Y-m-d H:i:s')) + 3600 * $tz); $data['user'] = Session::get_session_user(); $data['editable'] = 1; } else { Av_exception::throw_error(Av_exception::USER_ERROR, _('Error! Note could not be added')); } return $data; }
/** * * License: * * Copyright (c) 2003-2006 ossim.net * Copyright (c) 2007-2013 AlienVault * All rights reserved. * * This package is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; version 2 dated June, 1991. * You may not use, modify or distribute this program under any other version * of the GNU General Public License. * * This package is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this package; if not, write to the Free Software * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, * MA 02110-1301 USA * * * On Debian GNU/Linux systems, the complete text of the GNU General * Public License can be found in `/usr/share/common-licenses/GPL-2'. * * Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt * */ function normalize_date($from_date, $to_date) { // Format correction $from_date = preg_replace("/(\\d\\d)\\/(\\d\\d)\\/(\\d\\d\\d\\d)/", "\\3-\\2-\\1", $from_date); $to_date = preg_replace("/(\\d\\d)\\/(\\d\\d)\\/(\\d\\d\\d\\d)/", "\\3-\\2-\\1", $to_date); // Timezone correction $tz = Util::get_timezone(); if ($tz != 0) { $from_date = gmdate("Y-m-d H:i:s", Util::get_utc_unixtime("{$from_date} 00:00:00") + -3600 * $tz); $to_date = gmdate("Y-m-d H:i:s", Util::get_utc_unixtime("{$to_date} 23:59:59") + -3600 * $tz); } if (!preg_match("/\\d+\\:\\d+:\\d+/", $from_date)) { $from_date .= " 00:00:00"; } if (!preg_match("/\\d+\\:\\d+:\\d+/", $to_date)) { $to_date .= " 23:59:59"; } return array($from_date, $to_date); }
$query = ossim_query("SELECT report_id, scantime, report_key FROM vuln_nessus_reports t1 WHERE t1.report_id={$report_id} LIMIT 1"); if (!($rs =& $dbconn->Execute($query))) { print $dbconn->ErrorMsg(); } else { if (!$rs->EOF) { $report_id = $rs->fields['report_id']; $scantime = $rs->fields['scantime']; $key = $rs->fields['report_key']; } } //Seperates the parts of the date so it doesn't just display it as one big number $tz = Util::get_timezone(); if ($tz == 0) { $localtime = $scantime; } else { $localtime = gmdate("YmdHis", Util::get_utc_unixtime($scantime) + 3600 * $tz); } $scanyear = substr($localtime, 0, 4); $scanmonth = substr($localtime, 4, 2); $scanday = substr($localtime, 6, 2); $scanhour = substr($localtime, 8, 2); $scanmin = substr($localtime, 10, 2); $scansec = substr($localtime, 12); } if (empty($report_id)) { echo _("Report not found"); exit(0); } $query = "select count(scantime) from vuln_nessus_results t1\n where report_id in ({$report_id}) and falsepositive='N'"; $result = $dbconn->execute($query); list($numofresults) = $result->fields;
function get_timestamp($dbconn, $login, $datetime) { $user_timezone = $dbconn->GetOne("SELECT timezone FROM users WHERE login='******'"); $tz = Session::get_timezone($user_timezone); return gmdate("Y-m-d H:i:s", Util::get_utc_unixtime($datetime) + 3600 * $tz); }
$s_sid_name = $s_plugin_sid_list[0]->get_name(); $s_sid_priority = $s_plugin_sid_list[0]->get_priority(); } else { $s_sid_name = "Unknown (id={$s_id} sid={$s_sid})"; $s_sid_priority = "N/A"; } $s_last = Util::timestamp2date($s_alarm->get_last()); $timestamp_utc = Util::get_utc_unixtime($s_last); $s_last = gmdate("Y-m-d H:i:s", $timestamp_utc + 3600 * $tz); $s_event_count = Alarm::get_total_events($conn, $s_backlog_id); $aux_date = Util::timestamp2date($s_alarm->get_timestamp()); $timestamp_utc = Util::get_utc_unixtime($s_alarm->get_timestamp()); $s_date = gmdate("Y-m-d H:i:s", $timestamp_utc + 3600 * $tz); if ($s_backlog_id && $s_id == 1505 && $s_event_count > 0) { $aux_date = Util::timestamp2date($s_alarm->get_since()); $timestamp_utc = Util::get_utc_unixtime($aux_date); $s_since = gmdate("Y-m-d H:i:s", $timestamp_utc + 3600 * $tz); } else { $s_since = $s_date; } $s_risk = $s_alarm->get_risk(); $s_alarm_link = "alarm_detail.php?backlog=" . $s_backlog_id; /* Alarm name */ $s_alarm_name = ereg_replace("directive_event: ", "", $s_sid_name); $s_alarm_name = Util::translate_alarm($conn, $s_alarm_name, $s_alarm); $event_ocurrences = Alarm::get_total_events($conn, $s_backlog_id); if ($event_ocurrences != 1) { $ocurrences_text = strtolower(gettext("Events")); } else { $ocurrences_text = strtolower(gettext("Event")); }
if (!empty($allowed_users) && is_array($allowed_users)) { foreach ($allowed_users as $user) { if ($user->get_id() == $my_session) { $me = "style='font-weight: bold;'"; $action = "<img class='info_logout dis_logout' src='../pixmaps/menu/logout.gif' alt='" . $user->get_login() . "' title='" . $user->get_login() . "'/>"; } else { $action = "<a onclick=\"logout('" . $user->get_id() . "');\">\n\t\t\t\t\t\t\t <img class='info_logout' src='../pixmaps/menu/logout.gif' alt='" . _('Logout') . " " . $user->get_login() . "' title='" . _('Logout') . " " . $user->get_login() . "'/>\n\t\t\t\t\t\t\t </a>"; $me = NULL; } $_country_aux = $geoloc->get_country_by_host($conn, $user->get_ip()); $s_country = strtolower($_country_aux[0]); $s_country_name = $_country_aux[1]; $geo_code = get_country($s_country); $flag = !empty($geo_code) ? "<img src='" . $geo_code . "' border='0' align='top'/>" : ''; $logon_date = gmdate('Y-m-d H:i:s', Util::get_utc_unixtime($user->get_logon_date()) + 3600 * Util::get_timezone()); $activity_date = Util::get_utc_unixtime($user->get_activity()); $background = Session_activity::is_expired($activity_date) ? 'background:#FFD8D6;' : ''; $expired = Session_activity::is_expired($activity_date) ? "<span style='color:red'>(" . _('Expired') . ")</span>" : ""; $agent = explode('###', $user->get_agent()); if ($agent[1] == 'av report scheduler') { $agent = array('AV Report Scheduler', 'wget'); } $host = @array_shift(Asset_host::get_name_by_ip($conn, $user->get_ip())); $host = $host == '' ? $user->get_ip() : $host; echo " <tr id='" . $user->get_id() . "'>\n\t\t\t\t\t\t\t\t\t<td class='ops_user' {$me}><img class='user_icon' src='" . get_user_icon($user->get_login(), $pro) . "' alt='" . _('User icon') . "' title='" . _('User icon') . "' align='absmiddle'/> " . $user->get_login() . "</td>\n\t\t\t\t\t\t\t\t\t<td class='ops_ip'>" . $user->get_ip() . "</td>\n\t\t\t\t\t\t\t\t\t<td class='ops_host'>" . $host . $flag . "</td>\n\t\t\t\t\t\t\t\t\t<td class='ops_agent'><a title='" . htmlentities($agent[1]) . "' class='info_agent'>" . htmlentities($agent[0]) . "</a></td>\n\t\t\t\t\t\t\t\t\t<td class='ops_id'>" . $user->get_id() . " {$expired}</td>\n\t\t\t\t\t\t\t\t\t<td class='ops_logon'>" . $logon_date . "</td>\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t<td class='ops_activity'>" . _(TimeAgo($activity_date, gmdate('U'))) . "</td>\n\t\t\t\t\t\t\t\t\t<td class='ops_actions'>{$action}</td>\t\n\t\t\t\t\t\t\t\t</tr>"; } } ?> </tbody> </table> </div>
?> </td> <td style='text-align: center; background-color:#9DD131;font-weight:bold' width='7%'><?php echo gettext("Status"); ?> </td> <td width='7%' style='text-decoration: none; background-color:#9DD131;font-weight:bold'><?php echo gettext("Action"); ?> </td> </tr> <?php // Timezone correction $tz = Util::get_timezone(); foreach ($alarm_group as $group) { $group['date'] = $group['date'] != "" ? gmdate("Y-m-d H:i:s", Util::get_utc_unixtime($conn, $group['date']) + 3600 * $tz) : ""; $group_id = $group['group_id']; $_SESSION[$group_id] = $group['name']; $ocurrences = $group['group_count']; //if($group_type=="similar" && $ocurrences>1) { $ocurrences = $ocurrences-1; } $max_risk = $group['max_risk']; $id_tag = $group['id_tag']; if ($group['date'] != $lastday) { $lastday = $group['date']; list($year, $month, $day) = split("-", $group['date']); $date = Util::htmlentities(strftime("%A %d-%b-%Y", mktime(0, 0, 0, $month, $day, $year))); $show_day = $group_type == "name" || $group_type == "similar" ? 0 : 1; } else { $show_day = 0; } $descr = $db_groups[$group_id]['descr'];
function get_timestamps($dbconn, $login, $scan_START, $scan_SUBMIT, $body) { $user_timezone = $dbconn->GetOne("SELECT timezone FROM users WHERE login='******'"); $tz = get_timezone($user_timezone); if ($tz != 0) { $scan_START = gmdate("Y-m-d H:i:s", Util::get_utc_unixtime($scan_START) + 3600 * $tz); $scan_SUBMIT = gmdate("Y-m-d H:i:s", Util::get_utc_unixtime($scan_SUBMIT) + 3600 * $tz); } $body_part_with_timestamp = str_replace("SCAN_SUBMIT", $scan_SUBMIT, $body); $body_part_with_timestamp = str_replace("SCAN_START", $scan_START, $body_part_with_timestamp); return $body_part_with_timestamp; }
// select report ids if (!empty($arruser)) { $query_onlyuser = "******"; } if ($freport != '' && $sreport != '') { $query = "SELECT report_id, name, scantime FROM vuln_nessus_reports where 1=1 {$query_onlyuser} ORDER BY scantime DESC"; } else { $query = "SELECT report_id, name, scantime FROM vuln_nessus_reports where report_id!={$freport} {$query_onlyuser} ORDER BY scantime DESC"; } $result = $dbconn->Execute($query); $tz = Util::get_timezone(); while (!$result->EOF) { if ($tz == 0) { $date = preg_replace('/(\\d\\d\\d\\d)(\\d+\\d+)(\\d+\\d+)(\\d+\\d+)(\\d+\\d+)(\\d+\\d+)/i', '$1-$2-$3 $4:$5:$6', $result->fields["scantime"]); } else { $date = gmdate("Y-m-d H:i:s", Util::get_utc_unixtime($result->fields['scantime']) + 3600 * $tz); } $result->fields['name'] = preg_replace('/\\d+\\s-\\s/', '', $result->fields['name']); $reports[$result->fields['report_id']] = $date . " - " . $result->fields['name']; $result->MoveNext(); } if (count($reports) == 0 && GET("submit") != '') { ?> <script type="text/javascript"> parent.GB_close(); </script> <?php } else { if ($freport != '' && $sreport != '' && array_key_exists($freport, $reports) && array_key_exists($sreport, $reports)) { ?> <script type="text/javascript">
function reportsummary() { //GENERATE REPORT SUMMARY global $user, $border, $report_id, $scantime, $scantype, $fp, $nfp, $output, $filterip, $query_risk, $dbconn, $pluginid; global $treport, $sid, $ipl; $tz = Util::get_timezone(); $htmlsummary = ''; $user_filter = $user != '' ? "AND t1.username in ({$user})" : ""; $query = "SELECT t2.id, t1.username, t1.name as job_name, t2.name as profile_name, t2.description \n FROM vuln_jobs t1\n LEFT JOIN vuln_nessus_settings t2 on t1.meth_VSET=t2.id\n WHERE t1.report_id in ({$report_id}) {$user_filter}\n order by t1.SCAN_END DESC"; $result = $dbconn->execute($query); $id_profile = $result->fields['id']; $query_uid = $result->fields['username']; $job_name = $result->fields['jobname']; $profile_name = $result->fields['profile_name']; $profile_desc = $result->fields['description']; if ($job_name == '') { // imported report $query_imported_report = "SELECT name FROM vuln_nessus_reports WHERE scantime='{$scantime}'"; $result_imported_report = $dbconn->execute($query_imported_report); $job_name = $result_imported_report->fields["name"]; } if ($tz == 0) { $localtime = gen_strtotime($scantime, ""); } else { $localtime = gmdate("Y-m-d H:i:s", Util::get_utc_unixtime($scantime) + 3600 * $tz); } $htmlsummary .= "<table border=\"5\" width=\"900\" style=\"margin: 9px 0px 0px 0px;\"><tr><th class=\"noborder\" valign=\"top\" style=\"text-align:left;font-size:12px;\" nowrap>\n \n <b>" . _("Scan time") . ":</b></th><td class=\"noborder\" style=\"text-align:left;padding-left:9px;\">" . $localtime . " </td>"; //Generated date $gendate = gmdate("Y-m-d H:i:s", gmdate("U") + 3600 * $tz); $htmlsummary .= "<th class=\"noborder\" valign=\"top\" style=\"text-align:left;font-size:12px;\" nowrap>\n <b>" . _("Generated") . ":</b></th><td class=\"noborder\" style=\"text-align:left;padding-left:10px;\">{$gendate}</td></tr>"; $htmlsummary .= "<tr><th class=\"noborder\" valign=\"top\" style=\"text-align:left;font-size:12px;\" nowrap>\n <b>" . _("Profile") . ":</b></th><td class=\"noborder\" style=\"text-align:left;padding-left:10px;\">"; $htmlsummary .= "{$profile_name} - {$profile_desc} </td>\n <th class=\"noborder\" valign=\"top\" style=\"text-align:left;font-size:12px;\" nowrap>\n <b>" . _("Job Name") . ":</b></th><td class=\"noborder\" style=\"text-align:left;padding-left:10px;\">{$job_name}</td></tr>"; $htmlsummary .= "</table>"; return "<center>" . $htmlsummary . "</center>"; }
require_once 'av_init.php'; require_once '../alarm_common.php'; Session::logcheck("analysis-menu", "ControlPanelAlarms"); $backlog = GET('backlog'); ossim_valid($backlog, OSS_HEX, OSS_NULLABLE, 'illegal:' . _("Backlog")); // Maybe nullable from Logger resolves if (ossim_error()) { die(ossim_error()); } $geoloc = new Geolocation("/usr/share/geoip/GeoLiteCity.dat"); $db = new ossim_db(TRUE); $conn = $db->connect(); $tz = Util::get_timezone(); list($alarm, $event) = Alarm::get_alarm_detail($conn, $backlog); $stats = $alarm->get_stats(); $timestamp_utc = Util::get_utc_unixtime(Util::timestamp2date($alarm->get_timestamp())); $last = gmdate("Y-m-d H:i:s", $timestamp_utc + 3600 * $tz); $alarm_time = get_alarm_life($alarm->get_since(), $alarm->get_last()); preg_match_all("/(\\d+)\\s(\\w+)/", strip_tags(trim($alarm_time)), $found); $alarm_time_number = $found[1][0]; $alarm_time_unit = $found[2][0]; $alarm_life = get_alarm_life($alarm->get_since(), gmdate("Y-m-d H:i:s")); preg_match_all("/(\\d+)\\s(\\w+)/", strip_tags(trim($alarm_life)), $found); $alarm_life_number = $found[1][0]; $alarm_life_unit = $found[2][0]; $show_total = false; $removable = $alarm->get_removable(); $backlog_id = $alarm->get_backlog_id(); $event_id = $alarm->get_event_id(); /* Buttons */ $alarm_detail_url = empty($stats) ? "load_alarm_detail('{$event_id}', 'event')" : "load_alarm_detail('{$backlog_id}', 'alarm')";
<?php } else { $href = ""; echo " {$name}"; } ?> </td> <!-- end id & name event --> <!-- risk --> <?php $orig_date = $alarm->get_timestamp(); $date = Util::timestamp2date($orig_date); $orig_date = $date; $event_date = $date; $event_date_uut = Util::get_utc_unixtime($conn, $event_date); $date = gmdate("Y-m-d H:i:s", $event_date_uut + 3600 * $tz); $event_date = gmdate("Y-m-d H:i:s", $event_date_uut + 3600 * $alarm->get_tzone()); $src_ip = $alarm->get_src_ip(); $dst_ip = $alarm->get_dst_ip(); $src_port = $alarm->get_src_port(); $dst_port = $alarm->get_dst_port(); if ($have_scanmap) { fwrite($backlog_file, "{$orig_date},{$src_ip},{$src_port},{$dst_ip},{$dst_port}\n"); } $src_port = Port::port2service($conn, $src_port); $dst_port = Port::port2service($conn, $dst_port); if ($risk > 7) { echo "<td bgcolor=\"red\"><b>"; if ($href) { echo "<a href=\"{$href}\">";
$db = new ossim_db(); $conn = $db->connect(); $info = Alarm::get_similar_info($conn, $similar); if (count($info) != 0) { $tz = Util::get_timezone(); ?> <table class="transparent"> <tr><td class="nobborder" width="55"><strong><?php echo _("Min date: "); ?> </strong></td> <td class="nobborder"><?php echo gmdate("Y-m-d H:i:s", Util::get_utc_unixtime($conn, $info["min_date"]) + 3600 * $tz); ?> </td> </tr> <tr><td class="nobborder" width="55"><strong><?php echo _("Max date: "); ?> </strong></td> <td class="nobborder"><?php echo gmdate("Y-m-d H:i:s", Util::get_utc_unixtime($conn, $info["max_date"]) + 3600 * $tz); ?> </td> </tr> </table> <?php } else { echo "<strong>{$similar}</strong> not found in alarms"; } $db->close($conn);
function reportsummary() { //GENERATE REPORT SUMMARY global $user, $border, $report_id, $scantime, $scantype, $fp, $nfp, $output, $filterip, $query_risk, $dbconn, $pluginid; global $treport, $sid, $ipl; $tz = Util::get_timezone(); $htmlsummary = ""; if ($treport == "latest" || $ipl != "") { $query = "SELECT t2.id, t1.username, t1.name, t2.name, t2.description, t4.hostname as host_name \n FROM vuln_nessus_latest_reports t1\n LEFT JOIN vuln_nessus_settings t2 on t1.sid=t2.id\n LEFT JOIN host t4 ON t4.ip=inet_ntoa(t1.report_id)\n WHERE " . ($ipl != "all" ? "t1.report_id in ({$report_id}) and " : "") . "t1.sid in ({$sid}) AND t1.username in ('{$user}')\n order by t1.scantime DESC"; } else { $query = "SELECT t2.id, t1.username, t1.name, t2.name, t2.description \n FROM vuln_jobs t1\n LEFT JOIN vuln_nessus_settings t2 on t1.meth_VSET=t2.id\n WHERE t1.report_id in ({$report_id}) AND t1.username in('{$user}')\n order by t1.SCAN_END DESC"; } $result = $dbconn->execute($query); //print_r($query); if ($treport == "latest" || $ipl != "") { //list( $id_profile, $query_uid, $job_name, $profile_name, $profile_desc, $host_name ) =$result->fields; $lprofiles = array(); $tmp_profiles = array(); while (list($id_profile, $query_uid, $job_name, $profile_name, $profile_desc, $host_name) = $result->fields) { if ($host_name != "" && $host_name != long2ip($report_id)) { $phost_name = "{$host_name} (" . long2ip($report_id) . ")"; } else { $phost_name = long2ip($report_id); } $lprofiles[] = "{$profile_name} - {$profile_desc}"; $tmp_profiles[] = $id_profile; $result->MoveNext(); } $profiles = implode("<br>", $lprofiles); $id_profile = implode(", ", $tmp_profiles); } else { list($id_profile, $query_uid, $job_name, $profile_name, $profile_desc) = $result->fields; if ($job_name == "") { // imported report $query_imported_report = "SELECT name FROM vuln_nessus_reports WHERE scantime='{$scantime}'"; $result_imported_report = $dbconn->execute($query_imported_report); $job_name = $result_imported_report->fields["name"]; } } if ($tz == 0) { $localtime = gen_strtotime($scantime, ""); } else { $localtime = gmdate("Y-m-d H:i:s", Util::get_utc_unixtime($dbconn, $scantime) + 3600 * $tz); } $htmlsummary .= "<table border=\"5\" width=\"900\"><tr><th class=\"noborder\" valign=\"top\" style=\"text-align:left;font-size:12px;\" nowrap>\n \n <b>" . _("Scan time") . ":</b></th><td class=\"noborder\" style=\"text-align:left;padding-left:10px;\">" . $localtime . " </td>"; //Generated date $gendate = date("Y-m-d H:i:s"); $htmlsummary .= "<th class=\"noborder\" valign=\"top\" style=\"text-align:left;font-size:12px;\" nowrap>\n <b>" . _("Generated") . ":</b></th><td class=\"noborder\" style=\"text-align:left;padding-left:10px;\">{$gendate}</td></tr>"; if ($ipl != "all") { if ($treport == "latest" || $ipl != "") { $htmlsummary .= "<tr><th class=\"noborder\" valign=\"top\" style=\"text-align:left;font-size:12px;\" nowrap>\n <b>" . (count($lprofiles) > 1 ? _("Profiles") : _("Profile")) . ":</b></th><td class=\"noborder\" style=\"text-align:left;padding-left:10px;\">"; $htmlsummary .= "{$profiles} </td>\n <th class=\"noborder\" valign=\"top\" style=\"text-align:left;font-size:12px;\" nowrap>\n <b>" . ($treport == "latest" || $ipl != "" ? _("Host - IP") : _("Job Name")) . ":</b></th><td class=\"noborder\" valign=\"top\" style=\"text-align:left;padding-left:10px;\">" . ($treport == "latest" || $ipl != "" ? "{$phost_name}" : "{$job_name}") . "</td></tr>"; } else { $htmlsummary .= "<tr><th class=\"noborder\" valign=\"top\" style=\"text-align:left;font-size:12px;\" nowrap>\n <b>" . _("Profile") . ":</b></th><td class=\"noborder\" style=\"text-align:left;padding-left:10px;\">"; $htmlsummary .= "{$profile_name} - {$profile_desc} </td>\n <th class=\"noborder\" valign=\"top\" style=\"text-align:left;font-size:12px;\" nowrap>\n <b>" . _("Job Name") . ":</b></th><td class=\"noborder\" style=\"text-align:left;padding-left:10px;\">{$job_name}</td></tr>"; } } $htmlsummary .= "</table>"; /* if($pluginid!="") { if($fp!=""){ $dbconn->execute("UPDATE vuln_nessus_settings_plugins SET enabled='N' WHERE sid in ($id_profile) and id='$pluginid'"); } else { $dbconn->execute("UPDATE vuln_nessus_settings_plugins SET enabled='Y' WHERE sid in ($id_profile) and id='$pluginid'"); } } */ return "<center>" . $htmlsummary . "</center>"; }
?> </td> </tr> </table> </td> <td class="nobborder" width="2%"> </td> <td class="noborder" width="49%"> <table style="margin:auto;border: 0pt none;" width="100%" cellspacing="0" cellpadding="0"> <tr> <?php if ($tz == 0) { $slocaltime = $sreport_scantime; } else { $slocaltime = gmdate("Y-m-d H:i:s", Util::get_utc_unixtime($sreport_scantime) + 3600 * $tz); } ?> <td class="headerpr_no_bborder"><?php echo $sreport_name; ?> <span style="font-size : 9px;"><?php echo " (" . $slocaltime . ")"; ?> </span></td> </tr> </table> <table style="margin:auto;background: transparent;" width="100%" cellspacing="0" cellpadding="0"> <tr> <td class="noborder" style="padding-bottom:10px;"><?php echo vulnbreakdown($dbconn, $sreport, $perms_where);
function main_page($viewall, $sortby, $sortdir) { global $uroles, $username, $dbconn, $hosts; global $arruser, $user; $dbconn->SetFetchMode(ADODB_FETCH_BOTH); $tz = Util::get_timezone(); if ($sortby == "") { $sortby = "id"; } if ($sortdir == "") { $sortdir = "DESC"; } $sql_order = "order by {$sortby} {$sortdir}"; if (Session::menu_perms("environment-menu", "EventsVulnerabilitiesScan")) { ?> <div style="width:50%; position: relative; height: 5px; float:left"> <div style="width:100%; position: absolute; top: -41px;left:0px;"> <div style="float:left; height:28px; margin:5px 5px 0px 0px;"> <a class="button" href="<?php echo Menu::get_menu_url(AV_MAIN_PATH . '/vulnmeter/sched.php?smethod=schedule&hosts_alive=1&scan_locally=1', 'environment', 'vulnerabilities', 'scan_jobs'); ?> "> <?php echo _("New Scan Job"); ?> </a> </div> <div style="float:left;height:28px;margin:5px 5px 0px -2px;"> <a class="greybox button av_b_secondary" href="import_nbe.php" title="<?php echo _("Import nbe file"); ?> "> <?php echo _("Import nbe file"); ?> </a> </div> </div> </div> <?php } if (intval($_GET['page']) != 0) { $page = intval($_GET['page']); } else { $page = 1; } $pagesize = 10; if ($username == "admin") { $query = "SELECT count(id) as num FROM vuln_jobs"; } else { $query = "SELECT count(id) as num FROM vuln_jobs where username='******'"; } $result = $dbconn->Execute($query); $jobCount = $result->fields["num"]; $num_pages = ceil($jobCount / $pagesize); //echo "num_pages:[".$num_pages."]"; //echo "jobCount:[".$jobCount."]"; //echo "page:[".$page."]"; if (Vulnerabilities::scanner_type() == "omp") { // We can display scan status with OMP protocol echo Vulnerabilities::get_omp_running_scans($dbconn); } else { // Nessus all_jobs(0, 10, "R"); } ?> <?php $schedulejobs = _("Scheduled Jobs"); echo <<<EOT <table style='margin-top:20px;' class='w100 transparent'><tr><td class='sec_title'>{$schedulejobs}</td></tr></table> <table summary="Job Schedules" class='w100 table_list'> EOT; if ($sortdir == "ASC") { $sortdir = "DESC"; } else { $sortdir = "ASC"; } $arr = array("name" => "Name", "schedule_type" => "Schedule Type", "time" => "Time", "next_CHECK" => "Next Scan", "enabled" => "Status"); // modified by hsh to return all scan schedules if (empty($arruser)) { $query = "SELECT t2.name as profile, t1.meth_TARGET, t1.id, t1.name, t1.schedule_type, t1.meth_VSET, t1.meth_TIMEOUT, t1.username, t1.enabled, t1.next_CHECK, t1.email\n FROM vuln_job_schedule t1 LEFT JOIN vuln_nessus_settings t2 ON t1.meth_VSET=t2.id "; } else { $query = "SELECT t2.name as profile, t1.meth_TARGET, t1.id, t1.name, t1.schedule_type, t1.meth_VSET, t1.meth_TIMEOUT, t1.username, t1.enabled, t1.next_CHECK, t1.email\n FROM vuln_job_schedule t1 LEFT JOIN vuln_nessus_settings t2 ON t1.meth_VSET=t2.id WHERE username in ({$user}) "; } $query .= $sql_order; $result = $dbconn->execute($query); if ($result->EOF) { echo "<tr><td class='empty_results' height='20' style='text-align:center;'>" . _("No Scheduled Jobs") . "</td></tr>"; } if (!$result->EOF) { echo "<tr>"; foreach ($arr as $order_by => $value) { echo "<th><a href=\"manage_jobs.php?sortby={$order_by}&sortdir={$sortdir}\">" . _($value) . "</a></th>"; } if (Session::menu_perms("environment-menu", "EventsVulnerabilitiesScan")) { echo "<th>" . _("Action") . "</th></tr>"; } } $colors = array("#FFFFFF", "#EEEEEE"); $color = 0; while (!$result->EOF) { list($profile, $targets, $schedid, $schedname, $schedtype, $sid, $timeout, $user, $schedstatus, $nextscan, $servers) = $result->fields; $name = Av_sensor::get_name_by_id($dbconn, $servers); $servers = $name != '' ? $name : "unknown"; $targets_to_resolve = explode("\n", $targets); $ttargets = array(); foreach ($targets_to_resolve as $id_ip) { if (preg_match("/^([a-f\\d]{32})#\\d+\\.\\d+\\.\\d+\\.\\d+\\/\\d{1,2}/i", $id_ip, $found) && Asset_net::is_in_db($dbconn, $found[1])) { $ttargets[] = preg_replace("/^([a-f\\d]{32})#/i", "", $id_ip) . " (" . Asset_net::get_name_by_id($dbconn, $found[1]) . ")"; } else { if (preg_match("/^([a-f\\d]{32})#\\d+\\.\\d+\\.\\d+\\.\\d+/i", $id_ip, $found) && Asset_host::is_in_db($dbconn, $found[1])) { $ttargets[] = preg_replace("/^([a-f\\d]{32})#/i", "", $id_ip) . " (" . Asset_host::get_name_by_id($dbconn, $found[1]) . ")"; } else { $ttargets[] = preg_replace("/[a-f\\d]{32}/i", "", $id_ip); } } } $targets = implode("<BR/>", $ttargets); $tz = intval($tz); $nextscan = gmdate("Y-m-d H:i:s", Util::get_utc_unixtime($nextscan) + 3600 * $tz); preg_match("/\\d+\\-\\d+\\-\\d+\\s(\\d+:\\d+:\\d+)/", $nextscan, $found); $time = $found[1]; switch ($schedtype) { case "N": $stt = _("Once (Now)"); break; case "O": $stt = _("Once"); break; case "D": $stt = _("Daily"); break; case "W": $stt = _("Weekly"); break; case "M": $stt = _("Monthly"); break; case "Q": $stt = _("Quarterly"); break; case "H": $stt = _("On Hold"); break; case "NW": $stt = _("N<sup>th</sup> weekday of the month"); break; default: $stt = " "; break; } switch ($schedstatus) { case "1": $itext = _("Disable Scheduled Job"); $isrc = "images/stop_task.png"; $ilink = "manage_jobs.php?disp=setstatus&schedid={$schedid}&enabled=0"; break; default: $itext = _("Enable Scheduled Job"); $isrc = "images/play_task.png"; $ilink = "manage_jobs.php?disp=setstatus&schedid={$schedid}&enabled=1"; break; } if (!Session::menu_perms("environment-menu", "EventsVulnerabilitiesScan")) { $ilink = "javascript:return false;"; } if ($schedstatus) { $txt_enabled = "<td><a href=\"{$ilink}\"><font color=\"green\">" . _("Enabled") . "</font></a></td>"; } else { $txt_enabled = "<td><a href=\"{$ilink}\"><font color=\"red\">" . _("Disabled") . "</font></a></td>"; } require_once 'classes/Security.inc'; if (valid_hex32($user)) { $user = Session::get_entity_name($dbconn, $user); } echo "<tr bgcolor=\"" . $colors[$color % 2] . "\">"; if ($profile == "") { $profile = _("Default"); } echo "<td><span class=\"tip\" title=\"<b>" . _("Owner") . ":</b> {$user}<br><b>" . _("Server") . ":</b> {$servers}<br /><b>" . _("Scheduled Job ID") . ":</b> {$schedid}<br><b>" . _("Profile") . ":</b> {$profile}<br><b>" . _("Targets") . ":</b><br>" . $targets . "\">{$schedname}</span></td>"; ?> <td><?php echo $stt; ?> </td> <td><?php echo $time; ?> </td> <td><?php echo $nextscan; ?> </td> <?php echo <<<EOT {$txt_enabled} <td style="padding-top:2px;"><a href="{$ilink}"><img alt="{$itext}" src="{$isrc}" border=0 title="{$itext}"></a> EOT; if (Session::menu_perms("environment-menu", "EventsVulnerabilitiesScan")) { echo "<a href='" . Menu::get_menu_url(AV_MAIN_PATH . '/vulnmeter/sched.php?disp=edit_sched&sched_id=' . $schedid, 'environment', 'vulnerabilities', 'scan_jobs') . "'><img src='images/pencil.png' title='" . _("Edit Scheduled") . "'></a> "; echo "<a href='manage_jobs.php?disp=delete&schedid={$schedid}' onclick='return confirmDelete();'><img src='images/delete.gif' title='" . gettext("Delete Scheduled") . "'></a>"; } echo "</td>"; echo <<<EOT </tr> EOT; $result->MoveNext(); $color++; } echo <<<EOT </table> EOT; ?> <br /> <?php $out = all_jobs(($page - 1) * $pagesize, $pagesize); ?> <table width="100%" align="center" class="transparent" cellspacing="0" cellpadding="0"> <tr> <td class="nobborder" valign="top" style="padding-top:5px;"> <div class="fright"> <?php if ($out != 0 && $num_pages != 1) { $page_url = "manage_jobs.php"; if ($page == 1 && $page == $num_pages) { echo '<a href="" class="link_paginate_disabled" onclick="return false">< ' . _("PREVIOUS") . '</a>'; echo '<a class="lmargin link_paginate_disabled" href="" onclick="return false">' . _("NEXT") . ' ></a>'; } elseif ($page == 1) { echo '<a href="" class="link_paginate_disabled" onclick="return false">< ' . _("PREVIOUS") . '</a>'; echo '<a class="lmargin" href="' . $page_url . '?page=' . ($page + 1) . '">' . _("NEXT") . ' ></a> '; } elseif ($page == $num_pages) { echo '<a href="' . $page_url . '?page=' . ($page - 1) . '">< ' . _("PREVIOUS") . '</a>'; echo '<a class="lmargin link_paginate_disabled" href="" onclick="return false">' . _("NEXT") . ' ></a>'; } else { echo '<a href="' . $page_url . '?page=' . ($page - 1) . '">< ' . _("PREVIOUS") . '</a><a class="lmargin" href="' . $page_url . '?page=' . ($page + 1) . '">' . _("NEXT") . ' ></a>'; } } ?> </div> </td> </tr> </table> <?php }
if ($backlog_id) { $event_count = !empty($_stats) ? $_stats["events"] : Alarm::get_total_events($conn, $backlog_id, true); $event_count_label = $event_count . " " . _("events"); } $timestamp_utc = Util::get_utc_unixtime(Util::timestamp2date($alarm->get_timestamp())); // $alarm->get_last() $last = gmdate("Y-m-d", $timestamp_utc + 3600 * $tz); $hour = gmdate("H:i:s", $timestamp_utc + 3600 * $tz); $today = gmdate("Y-m-d"); $date = Util::timestamp2date($alarm->get_timestamp()); $timestamp_utc = Util::get_utc_unixtime($date); $beep_on = $beep && $refresh_time_secs > 0 && gmdate("U") - $timestamp_utc <= $refresh_time_secs ? true : false; $date = gmdate("Y-m-d H:i:s", $timestamp_utc + 3600 * $tz); if ($backlog_id && $id == 1505 && $event_count > 0) { $since = Util::timestamp2date($alarm->get_since()); $since = gmdate("Y-m-d H:i:s", Util::get_utc_unixtime($since) + 3600 * $tz); } else { $since = $date; } /* show alarms by days */ $date_slices = split(" ", $date); list($year, $month, $day) = split("-", $date_slices[0]); $date_unformated = $year . $month . $day; $date_formatted = Util::htmlentities(strftime("%A %d-%b-%Y", mktime(0, 0, 0, $month, $day, $year))); // INPUT $chk = ''; if ($alarm->get_removable() && $_SESSION['_SELECTED_ALARMS'][$backlog_id]) { $chk = ' checked="checked" '; } $input = '<input style="border:none" type="checkbox" ' . $chk . ' name="check_' . $backlog_id . '_' . $event_id . '" id="check_' . $backlog_id . '" class="alarm_check stop" datecheck="' . $date_unformated . '" value="1" ' . ($alarm->get_removable() ? "" : " disabled='disabled'") . ' data="' . (empty($_stats) ? 'event' : 'alarm') . '"/>'; if (!$sound && $beep_on) {
function main_page($viewall, $sortby, $sortdir) { global $uroles, $username, $dbconn, $hosts; global $arruser, $user; $tz = Util::get_timezone(); if ($sortby == "") { $sortby = "id"; } if ($sortdir == "") { $sortdir = "DESC"; } /* if ( $uroles['admin'] ) { if($viewall == 1) { echo " <a href='manage_jobs.php'>View My Schedules</a> | "; } else { echo " <a href='manage_jobs.php?viewall=1'>View All Schedules</a> | "; } } else { $viewall = "1"; }*/ //echo "<a href='sched.php?op=reoccuring'>New Schedule</a> |<br><br>"; $sql_order = "order by {$sortby} {$sortdir}"; // if($viewall == 1) { // $url_sortby="<a href=\"manage_jobs.php?viewall=1&sortby="; // } else { // $url_sortby="<a href=\"manage_jobs.php?sortby="; // } echo "<center>"; status($arruser, $user); echo "<br>"; echo "<form>"; echo "<input type=\"button\" onclick=\"document.location.href='sched.php?smethod=schedule&hosts_alive=1&scan_locally=1'\" value=\"" . _("New Scan Job") . "\" class=\"button\">"; echo " "; echo "<input type=\"button\" onclick=\"document.location.href='sched.php?smethod=inmediately&hosts_alive=1&scan_locally=1'\" value=\"" . _("Run Scan Now") . "\" class=\"button\">"; echo "</form>"; echo "</center>"; echo "<br>"; $schedulejobs = _("Scheduled Jobs"); echo <<<EOT <center> <table cellspacing="0" cellpadding="0" border="0" width="90%"><tr><td class="headerpr" style="border:0;">{$schedulejobs}</td></tr></table> <table cellspacing="2" width="90%" summary="Job Schedules" border=0 cellspacing="0" cellpadding="0"> EOT; if ($sortdir == "ASC") { $sortdir = "DESC"; } else { $sortdir = "ASC"; } $arr = array(_("Name"), _("Schedule Type"), _("Time"), _("Next Scan"), _("Status")); // modified by hsh to return all scan schedules if (in_array("admin", $arruser)) { $query = "SELECT t2.name as profile, t1.meth_TARGET, t1.id, t1.name, t1.schedule_type, t1.meth_VSET, t1.meth_TIMEOUT, t1.username, t1.enabled, t1.next_CHECK, t1.email\n FROM vuln_job_schedule t1 LEFT JOIN vuln_nessus_settings t2 ON t1.meth_VSET=t2.id "; } else { $query = "SELECT t2.name as profile, t1.meth_TARGET, t1.id, t1.name, t1.schedule_type, t1.meth_VSET, t1.meth_TIMEOUT, t1.username, t1.enabled, t1.next_CHECK, t1.email\n FROM vuln_job_schedule t1 LEFT JOIN vuln_nessus_settings t2 ON t1.meth_VSET=t2.id WHERE username in ('{$user}') "; } // if($viewall == 1) { // list all schedules // } else { // view only logged in users schedules // $query .= "where username='******' "; // } $query .= $sql_order; $result = $dbconn->execute($query); if ($result->EOF) { echo "<tr><td height='20' class='nobborder' style='text-align:center;'>" . _("No Scheduled Jobs") . "</td></tr>"; } if (!$result->EOF) { echo "<tr>"; foreach ($arr as $value) { echo "<th><a href=\"manage_jobs.php?sortby={$value}&sortdir={$sortdir}\">{$value}</a></th>"; } echo "<th>" . _("Action") . "</th></tr>"; } while (!$result->EOF) { list($profile, $targets, $schedid, $schedname, $schedtype, $sid, $timeout, $user, $schedstatus, $nextscan, $servers) = $result->fields; $tz = intval($tz); $nextscan = gmdate("Y-m-d H:i:s", Util::get_utc_unixtime($dbconn, $nextscan) + 3600 * $tz); preg_match("/\\d+\\-\\d+\\-\\d+\\s(\\d+:\\d+:\\d+)/", $nextscan, $found); $time = $found[1]; switch ($schedtype) { case "N": $stt = _("Once (Now)"); break; case "O": $stt = _("Once"); break; case "D": $stt = _("Daily"); break; case "W": $stt = _("Weekly"); break; case "M": $stt = _("Monthly"); break; case "Q": $stt = _("Quarterly"); break; case "H": $stt = _("On Hold"); break; case "NW": $stt = _("N<sup>th</sup> weekday of the month"); break; default: $stt = " "; break; } switch ($schedstatus) { case "1": $itext = _("Disable Scheduled Job"); $isrc = "images/stop2.png"; $ilink = "manage_jobs.php?disp=setstatus&schedid={$schedid}&enabled=0"; break; default: $itext = _("Enable Scheduled Job"); $isrc = "images/play.png"; $ilink = "manage_jobs.php?disp=setstatus&schedid={$schedid}&enabled=1"; break; } if ($schedstatus) { $txt_enabled = "<td><a href=\"{$ilink}\"><font color=\"green\">" . _("Enabled") . "</font></a></td>"; } else { $txt_enabled = "<td><a href=\"{$ilink}\"><font color=\"red\">" . _("Disabled") . "</font></a></td>"; } if (preg_match('/^\\d+$/', $user)) { list($entities_all, $num_entities) = Acl::get_entities($dbconn, $user); $user = $entities_all[$user]['name']; } echo <<<EOT <tr> EOT; if ($profile == "") { $profile = _("Default"); } echo "<td><a style=\"text-decoration:none;\" href=\"javascript:;\" txt=\"<b>" . _("Owner") . ":</b> {$user}<br><b>" . _("Server") . ":</b> {$servers}<br /><b>" . _("Scheduled Job ID") . ":</b> {$schedid}<br><b>" . _("Profile") . ":</b> {$profile}<br><b>" . _("Targets") . ":</b><br>" . tooltip_hosts($targets, $hosts) . "\" class=\"scriptinfo\">{$schedname}</a></td>"; ?> <td><?php echo $stt; ?> </td> <td><?php echo $time; ?> </td> <td><?php echo $nextscan; ?> </td> <?php echo <<<EOT {$txt_enabled} <td style="padding-top:2px;"><a href="{$ilink}"><img alt="{$itext}" src="{$isrc}" border=0 title="{$itext}"></a> EOT; echo "<a href='sched.php?disp=edit_sched&sched_id={$schedid}&hmenu=Vulnerabilities&smenu=Jobs'><img src='images/pencil.png' title='" . gettext("Edit Scheduled") . "'></a> "; echo "<a href='manage_jobs.php?disp=delete&schedid={$schedid}' onclick='return confirmDelete();'><img src='images/delete.gif' title='" . gettext("Delete Scheduled") . "'></a></td>"; echo <<<EOT </tr> EOT; $result->MoveNext(); } echo <<<EOT </table></center> EOT; echo "<br>"; if ($_GET['page'] != "") { $page = $_GET['page']; } else { $page = 1; } $pagesize = 10; if ($username == "admin") { $query = "SELECT count(id) as num FROM vuln_jobs"; } else { $query = "SELECT count(id) as num FROM vuln_jobs where username='******'"; } $result = $dbconn->Execute($query); $jobCount = $result->fields["num"]; $num_pages = ceil($jobCount / $pagesize); //echo "num_pages:[".$num_pages."]"; //echo "jobCount:[".$jobCount."]"; //echo "page:[".$page."]"; all_jobs(0, 10, "R"); // only running jobs ?> <br /> <?php $out = all_jobs(($page - 1) * $pagesize, $pagesize); ?> <table width="90%" align="center" class="transparent"> <tr><td style="text-align:center;padding-top:5px;" class="nobborder"> <a href="javascript:;" onclick="$('#legend').toggle();$('#message_show').toggle();$('#message_hide').toggle();" colspan="2"><img src="../pixmaps/arrow_green.gif" align="absmiddle" border="0"> <span id="message_show"><?php echo _("Show legend"); ?> </span> <span id="message_hide" style="display:none"><?php echo _("Hide legend"); ?> </span> </a> </td> <td class="nobborder" valign="top" style="padding-top:5px;"> <?php if ($out != 0 && $num_pages != 1) { if ($page == 1 && $page == $num_pages) { echo '<center><< ' . _("First") . ' <' . _(" Previous") . ' [' . $page . ' ' . _("of") . ' ' . $num_pages . '] ' . _("Next") . ' > ' . _("Last") . ' >></center>'; } elseif ($page == 1) { echo '<center><< ' . _("First") . ' < ' . _("Previous") . ' [' . $page . ' ' . _("of") . ' ' . $num_pages . '] <a href="manage_jobs.php?page=' . ($page + 1) . '">' . _("Next") . ' ></a> <a href="manage_jobs.php?page=' . $num_pages . '">' . _("Last") . ' >></a></center>'; } elseif ($page == $num_pages) { echo '<center><a href="manage_jobs.php?page=1"><< ' . _("First") . '</a> <a href="manage_jobs.php?page=' . ($page - 1) . '">< ' . _("Previous") . '</a> [' . $page . ' ' . _("of") . ' ' . $num_pages . '] ' . _("Next") . '> ' . _("Last") . ' >></center>'; } else { echo '<center><a href="manage_jobs.php?page=1"><< ' . _("First") . '</a> <a href="manage_jobs.php?page=' . ($page - 1) . '">< ' . _("Previous") . '</a> [' . $page . ' ' . _("of") . ' ' . $num_pages . '] <a href="manage_jobs.php?page=' . ($page + 1) . '">' . _("Next") . ' ></a> <a href="manage_jobs.php?page=' . $num_pages . '">' . _("Last") . ' >></a></center>'; } //echo "<br>"; } ?> </td> </tr> <tr> <td width="110" class="nobborder"> <table width="100%" cellpadding="3" cellspacing="3" id="legend" style="display:none;"> <tr> <th colspan="2" style="padding-right: 3px;"> <div style="float: left; width: 60%; text-align: right;padding-top:3px;"><b><?php echo _("Legend"); ?> </b></div> <div style="float: right; width: 18%; padding-top: 2px; padding-bottom: 2px; text-align: right;"><a style="cursor: pointer; text-align: right;" onclick="$('#legend').toggle();$('#message_show').toggle();$('#message_hide').toggle();"><img src="../pixmaps/cross-circle-frame.png" alt="Close" title="Close" align="absmiddle" border="0"></a></div> </th> </tr> <tr> <td bgcolor="#EFFFF7" style="border:1px solid #999999" width="25%"></td><td class="nobborder" width="75%" style="text-align:left;padding-left:7px;"><?php echo _("Completed"); ?> </td> </tr> <tr> <td bgcolor="#EFE1E0" style="border:1px solid #999999" width="25%"></td><td class="nobborder" width="75%" style="text-align:left;padding-left:7px;"><?php echo _("Failed"); ?> </td> </tr> <tr> <td bgcolor="#D1E7EF" style="border:1px solid #999999" width="25%"></td><td class="nobborder" width="75%" style="text-align:left;padding-left:7px;"><?php echo _("Running"); ?> </td> </tr> <tr> <td bgcolor="#DFF7FF" style="border:1px solid #999999" width="25%"></td><td class="nobborder" width="75%" style="text-align:left;padding-left:7px;"><?php echo _("Scheduled"); ?> </td> </tr> <tr> <td bgcolor="#FFFFDF" style="border:1px solid #999999" width="25%"></td><td class="nobborder" width="75%" style="text-align:left;padding-left:7px;"><?php echo _("Timeout"); ?> </td> </tr> </table> </td> <td class="nobborder"> </td> </tr> </table> <?php }
function submit_scan($SVRid, $job_name, $ssh_credential, $smb_credential, $schedule_type, $not_resolve, $user, $entity, $targets, $scheduled_status, $hosts_alive, $sid, $send_email, $timeout, $scan_locally, $dayofweek, $dayofmonth, $ROYEAR, $ROMONTH, $ROday, $time_hour, $time_min, $time_interval, $sched_id, $biyear, $bimonth, $biday, $nthweekday, $tz, $daysMap) { $db = new ossim_db(); $dbconn = $db->connect(); $credentials = $ssh_credential . '|' . $smb_credential; $username = valid_hex32($entity) ? $entity : $user; if (empty($username)) { $username = Session::get_session_user(); } $btime_hour = $time_hour; // save local time $btime_min = $time_min; $bbiyear = $biyear; $bbimonth = $bimonth; $bbiday = $biday; if ($schedule_type == 'O') { // date and time for run once if (empty($ROYEAR)) { $ROYEAR = gmdate('Y'); } if (empty($ROMONTH)) { $ROMONTH = gmdate('m'); } if (empty($ROday)) { $ROday = gmdate('d'); } list($_y, $_m, $_d, $_h, $_u, $_s, $_time) = Util::get_utc_from_date($dbconn, "{$ROYEAR}-{$ROMONTH}-{$ROday} {$time_hour}:{$time_min}:00", $tz); $ROYEAR = $_y; $ROMONTH = $_m; $ROday = $_d; $time_hour = $_h; $time_min = $_u; } else { if (in_array($schedule_type, array('D', 'W', 'M', 'NW'))) { // date and time for Daily, Day of Week, Day of month, Nth weekday of month list($b_y, $b_m, $b_d, $b_h, $b_u, $b_s, $b_time) = Util::get_utc_from_date($dbconn, "{$biyear}-{$bimonth}-{$biday} {$time_hour}:{$time_min}:00", $tz); $biyear = $b_y; $bimonth = $b_m; $biday = $b_d; $time_hour = $b_h; $time_min = $b_u; } } $resolve_names = $not_resolve == '1' ? 0 : 1; if ($schedule_type != 'N') { // current datetime in UTC $arrTime = explode(":", gmdate('Y:m:d:w:H:i:s')); $year = $arrTime[0]; $mon = $arrTime[1]; $mday = $arrTime[2]; $wday = $arrTime[3]; $hour = $arrTime[4]; $min = $arrTime[5]; $sec = $arrTime[6]; $timenow = $hour . $min . $sec; $run_wday = $daysMap[$dayofweek]['number']; $run_time = sprintf('%02d%02d%02d', $time_hour, $time_min, '00'); $run_mday = $dayofmonth; $time_value = "{$time_hour}:{$time_min}:00"; $ndays = array('Sunday', 'Monday', 'Tuesday', 'Wednesday', 'Thursday', 'Friday', 'Saturday'); $begin_in_seconds = Util::get_utc_unixtime("{$biyear}-{$bimonth}-{$biday} {$time_hour}:{$time_min}:00") - 3600 * $tz; $current_in_seconds = gmdate('U'); // current datetime in UTC if (strlen($bimonth) == 1) { $bimonth = '0' . $bimonth; } if (strlen($biday) == 1) { $biday = '0' . $biday; } } switch ($schedule_type) { case 'N': $requested_run = gmdate('YmdHis'); break; case 'O': $requested_run = sprintf('%04d%02d%02d%06d', $ROYEAR, $ROMONTH, $ROday, $run_time); break; case 'D': if ($begin_in_seconds > $current_in_seconds) { $next_day = $biyear . $bimonth . $biday; // selected date by user } else { if ($run_time > $timenow) { $next_day = $year . $mon . $mday; // today } else { $next_day = gmdate("Ymd", strtotime("+1 day GMT", gmdate("U"))); // next day } } $requested_run = sprintf("%08d%06d", $next_day, $run_time); break; case 'W': if ($begin_in_seconds > $current_in_seconds) { // if it is a future date $wday = date("w", mktime(0, 0, 0, $bimonth, $biday, $biyear)); // make week day for begin day if ($run_wday == $wday) { $next_day = $biyear . $bimonth . $biday; // selected date by user } else { $next_day = gmdate("Ymd", strtotime("next " . $ndays[$run_wday] . " GMT", mktime(0, 0, 0, $bimonth, $biday, $biyear))); } } else { if ($run_wday == $wday && $run_time > $timenow) { $next_day = $year . $mon . $mday; // today } else { $next_day = gmdate("Ymd", strtotime("next " . $ndays[$run_wday] . " GMT", gmdate("U"))); // next week } } preg_match("/(\\d{4})(\\d{2})(\\d{2})/", $next_day, $found); list($b_y, $b_m, $b_d, $b_h, $b_u, $b_s, $b_time) = Util::get_utc_from_date($dbconn, $found[1] . "-" . $found[2] . "-" . $found[3] . " {$btime_hour}:{$btime_min}:00", $tz); $requested_run = sprintf("%04d%02d%02d%02d%02d%02d", $b_y, $b_m, $b_d, $b_h, $b_u, "00"); break; case 'M': if ($begin_in_seconds > $current_in_seconds) { // if it is a future date if ($run_mday >= $biday) { $next_day = $biyear . $bimonth . ($run_mday < 10 ? "0" : "") . $run_mday; // this month } else { $next_day = sprintf("%06d%02d", gmdate("Ym", strtotime("next month GMT", mktime(0, 0, 0, $bimonth, $biday, $biyear))), $run_mday); } } else { if ($run_mday > $mday || $run_mday == $mday && $run_time > $timenow) { $next_day = $year . $mon . ($run_mday < 10 ? "0" : "") . $run_mday; // this month } else { $next_day = sprintf("%06d%02d", gmdate("Ym", strtotime("next month GMT", gmdate("U"))), $run_mday); } } preg_match("/(\\d{4})(\\d{2})(\\d{2})/", $next_day, $found); list($b_y, $b_m, $b_d, $b_h, $b_u, $b_s, $b_time) = Util::get_utc_from_date($dbconn, $found[1] . "-" . $found[2] . "-" . $found[3] . " {$btime_hour}:{$btime_min}:00", $tz); $requested_run = sprintf("%04d%02d%02d%02d%02d%02d", $b_y, $b_m, $b_d, $b_h, $b_u, "00"); break; case 'NW': if ($begin_in_seconds > $current_in_seconds) { // if it is a future date $array_time = array('month' => $bbimonth, 'day' => $bbiday, 'year' => $bbiyear); $requested_run = weekday_month(strtolower($daysMap[$dayofweek]['text']), $nthweekday, $btime_hour, $btime_min, $array_time); } else { $requested_run = weekday_month(strtolower($daysMap[$dayofweek]['text']), $nthweekday, $btime_hour, $btime_min); } preg_match("/(\\d{4})(\\d{2})(\\d{2})(\\d{2})(\\d{2})(\\d{2})/", $requested_run, $found); list($b_y, $b_m, $b_d, $b_h, $b_u, $b_s, $b_time) = Util::get_utc_from_date($dbconn, $found[1] . "-" . $found[2] . "-" . $found[3] . " " . $found[4] . ":" . $found[5] . ":00", $tz); $requested_run = sprintf("%04d%02d%02d%02d%02d%02d", $b_y, $b_m, $b_d, $b_h, $b_u, "00"); $dayofmonth = $nthweekday; break; default: break; } $insert_time = gmdate('YmdHis'); if (!empty($_SESSION['_vuln_targets']) && count($_SESSION['_vuln_targets']) > 0) { $sgr = array(); foreach ($_SESSION['_vuln_targets'] as $target_selected => $server_id) { $sgr[$server_id][] = $target_selected; } ossim_clean_error(); unset($_SESSION['_vuln_targets']); // clean scan targets $resolve_names = $not_resolve == '1' ? 0 : 1; $queries = array(); $bbimonth = strlen($bbimonth) == 1 ? '0' . $bbimonth : $bbimonth; $bbiday = strlen($bbiday) == 1 ? '0' . $bbiday : $bbiday; $qc = 0; if ($schedule_type == 'N') { foreach ($sgr as $notify_sensor => $target_list) { $target_list = implode("\n", $target_list); $params = array($job_name, $username, Session::get_session_user(), $schedule_type, $target_list, $hosts_alive, $sid, $send_email, $timeout, $SVRid, $insert_time, $requested_run, '3', 'S', $notify_sensor, $scan_locally, '', $resolve_names, $credentials); $queries[$qc]['query'] = 'INSERT INTO vuln_jobs ( name, username, fk_name, meth_SCHED, meth_TARGET, meth_CRED, meth_VSET, meth_Wfile, meth_TIMEOUT, scan_ASSIGNED, scan_SUBMIT, scan_next, scan_PRIORITY, status, notify, authorized, author_uname, resolve_names, credentials ) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)'; $queries[$qc]['params'] = $params; $qc++; } } else { $params = array($bbiyear . $bbimonth . $bbiday, $job_name, $username, Session::get_session_user(), $schedule_type, $dayofweek, $dayofmonth, $time_value, implode("\n", $targets), $hosts_alive, $sid, $send_email, $scan_locally, $timeout, $requested_run, $insert_time, strval($scheduled_status), $resolve_names, $time_interval, '', $credentials, $SVRid); $queries[$qc]['query'] = 'INSERT INTO vuln_job_schedule ( begin, name, username, fk_name, schedule_type, day_of_week, day_of_month, time, meth_TARGET, meth_CRED, meth_VSET, meth_Wfile, meth_Ucheck, meth_TIMEOUT, next_CHECK, createdate, enabled, resolve_names, time_interval, IP_ctx, credentials, email) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?) '; $queries[$qc]['params'] = $params; $qc++; } $execute_errors = array(); foreach ($queries as $id => $sql_data) { $rs = $dbconn->execute($sql_data['query'], $sql_data['params']); if ($rs === FALSE) { $execute_errors[] = $dbconn->ErrorMsg(); } } if (empty($execute_errors) && $schedule_type != 'N') { // We have to update the vuln_job_assets if (intval($sched_id) == 0) { $query = ossim_query('SELECT LAST_INSERT_ID() as sched_id'); $rs = $dbconn->Execute($query); if (!$rs) { Av_exception::throw_error(Av_exception::DB_ERROR, $dbconn->ErrorMsg()); } else { $sched_id = $rs->fields['sched_id']; } } Vulnerabilities::update_vuln_job_assets($dbconn, 'insert', $sched_id, 0); } $config_nt = array('content' => '', 'options' => array('type' => 'nf_success', 'cancel_button' => FALSE), 'style' => 'width: 40%; margin: 20px auto; text-align: center;'); $config_nt['content'] = empty($execute_errors) ? _('Successfully Submitted Job') : _('Error creating scan job:') . implode('<br>', $execute_errors); $nt = new Notification('nt_1', $config_nt); $nt->show(); $dbconn->close(); } }