コード例 #1
0
ファイル: login.php プロジェクト: jhbsz/ossimTest
function check_phpgacl_install()
{
    global $gacl;
    $db_table_prefix = $gacl->_db_table_prefix;
    require_once "ossim_db.inc";
    $db = new ossim_db();
    if (!($conn = $db->phpgacl_connect())) {
        echo "<p align=\"center\">\n                <b>Can't connect to OSSIM acl database (phpgacl)</b><br/>\n                Check for phpgacl values at framework configuration\n                </p>";
        exit;
    }
    $query1 = OssimQuery("SELECT * FROM acl");
    $query2 = OssimQuery("SELECT * FROM " . $db_table_prefix . "_acl");
    if (!$conn->Execute($query1) and !$conn->Execute($query2)) {
        echo "\n        <p align=\"center\"><b>You need to configure phpGACL</b><br/>\n        Remember to setup the database connection at phpGACL config files!\n        <br/>\n        Click <a href=\"/phpgacl/setup.php\">here</a> to enter setup\n        </p>\n            ";
        exit;
    }
    $db->close($conn);
}
コード例 #2
0
function get_user_icon($login, $pro)
{
    ${$pixmaps} = '../pixmaps/user-green.png';
    $db = new ossim_db();
    $conn = $db->connect();
    $user = Session::get_list($conn, "WHERE login='******'");
    if ($pro) {
        // Pro-version
        if ($login == ACL_DEFAULT_OSSIM_ADMIN || $user[0]->get_is_admin()) {
            $pixmaps = '../pixmaps/user-gadmin.png';
        } elseif (Acl::is_proadmin($conn, $user[0]->get_login())) {
            $pixmaps = '../pixmaps/user-business.png';
        }
    } else {
        // Open Source
        if ($login == ACL_DEFAULT_OSSIM_ADMIN || $user[0]->get_is_admin()) {
            $pixmaps = "../pixmaps/user-gadmin.png";
        }
    }
    $db->close();
    return $pixmaps;
}
コード例 #3
0
function ProcessCriteria()
{
    global $db, $join_sql, $perms_sql, $where_sql, $criteria_sql, $sql, $debug_mode, $caller, $DBtype;
    /* XXX-SEC */
    global $cs, $timetz;
    $db_aux = new ossim_db();
    $conn_aux = $db_aux->connect();
    /* the JOIN criteria */
    $ip_join_sql = " LEFT JOIN iphdr ON acid_event.sid=iphdr.sid AND acid_event.cid=iphdr.cid ";
    // *************** DEPRECATED: TCP UDP ICMP join *********************
    //$tcp_join_sql = " LEFT JOIN tcphdr ON acid_event.sid=tcphdr.sid AND acid_event.cid=tcphdr.cid ";
    //$udp_join_sql = " LEFT JOIN udphdr ON acid_event.sid=udphdr.sid AND acid_event.cid=udphdr.cid ";
    //$icmp_join_sql = " LEFT JOIN icmphdr ON acid_event.sid=icmphdr.sid AND acid_event.cid=icmphdr.cid ";
    $rawip_join_sql = " LEFT JOIN iphdr ON acid_event.sid=iphdr.sid AND acid_event.cid=iphdr.cid ";
    $sig_join_sql = " LEFT JOIN alienvault.plugin_sid ON acid_event.plugin_id=plugin_sid.plugin_id AND acid_event.plugin_sid=plugin_sid.sid ";
    $sig_join = false;
    //$data_join_sql = " LEFT JOIN extra_data ON acid_event.sid=extra_data.sid AND acid_event.cid=extra_data.cid ";
    $data_join_sql = "";
    $ag_join_sql = " LEFT JOIN acid_ag_alert ON acid_event.sid=acid_ag_alert.ag_sid AND acid_event.cid=acid_ag_alert.ag_cid ";
    //$sig_join_sql = "";
    //SQL_CALC_FOUND_ROWS
    $sql = "SELECT acid_event.*, HEX(acid_event.ctx) AS ctx, HEX(acid_event.src_host) AS src_host, HEX(acid_event.dst_host) AS dst_host, HEX(acid_event.src_net) AS src_net, HEX(acid_event.dst_net) AS dst_net FROM acid_event";
    $where_sql = " WHERE ";
    //$where_sql = "";
    // $criteria_sql = " acid_event.sid > 0";
    // Initially show last 24hours events
    if ($_GET['time_range'] == "") {
        $criteria_sql = " ( timestamp >='" . gmdate("Y-m-d", $timetz) . "' ) ";
    } else {
        $criteria_sql = " 1 ";
    }
    //$criteria_sql = " ( timestamp <= CURDATE() ) ";
    //$criteria_sql = " 1 ";
    $join_sql = "";
    $use_ac = true;
    // Use ac_acid_event or not
    /* ********************** Meta Criteria ******************************************** */
    $sig = $cs->criteria['sig']->criteria;
    $sig_type = $cs->criteria['sig']->sig_type;
    $sig_class = $cs->criteria['sig_class']->criteria;
    $sig_priority = $cs->criteria['sig_priority']->criteria;
    $ag = $cs->criteria['ag']->criteria;
    $sensor = $cs->criteria['sensor']->criteria;
    $sensor_op = $cs->criteria['sensor']->param ? "not in" : "in";
    $plugin = $cs->criteria['plugin']->criteria;
    $plugingroup = $cs->criteria['plugingroup']->criteria;
    $networkgroup = $cs->criteria['networkgroup']->criteria;
    $userdata = $cs->criteria['userdata']->criteria;
    $idm_username = $cs->criteria['idm_username']->criteria;
    $idm_hostname = $cs->criteria['idm_hostname']->criteria;
    $idm_domain = $cs->criteria['idm_domain']->criteria;
    $sourcetype = $cs->criteria['sourcetype']->criteria;
    $category = $cs->criteria['category']->criteria;
    $rep = $cs->criteria['rep']->criteria;
    $time = $cs->criteria['time']->GetUTC();
    $real_time = $cs->criteria['time']->criteria;
    //print_r($time);
    $time_cnt = $cs->criteria['time']->GetFormItemCnt();
    $hostid = $cs->criteria['hostid']->criteria;
    $netid = $cs->criteria['netid']->criteria;
    $ctx = $cs->criteria['ctx']->criteria;
    $device = $cs->criteria['device']->criteria;
    $ip_addr = $cs->criteria['ip_addr']->criteria;
    $ip_addr_cnt = $cs->criteria['ip_addr']->GetFormItemCnt();
    $layer4 = $cs->criteria['layer4']->criteria;
    $ip_field = $cs->criteria['ip_field']->criteria;
    $ip_field_cnt = $cs->criteria['ip_field']->GetFormItemCnt();
    $tcp_port = $cs->criteria['tcp_port']->criteria;
    $tcp_port_cnt = $cs->criteria['tcp_port']->GetFormItemCnt();
    // DEPRECATED tcp flags
    //$tcp_flags = $cs->criteria['tcp_flags']->criteria;
    //$tcp_field = $cs->criteria['tcp_field']->criteria;
    //$tcp_field_cnt = $cs->criteria['tcp_field']->GetFormItemCnt();
    $udp_port = $cs->criteria['udp_port']->criteria;
    $udp_port_cnt = $cs->criteria['udp_port']->GetFormItemCnt();
    // DEPRECATED udp field icmp field
    //$udp_field = $cs->criteria['udp_field']->criteria;
    //$udp_field_cnt = $cs->criteria['udp_field']->GetFormItemCnt();
    //$icmp_field = $cs->criteria['icmp_field']->criteria;
    //$icmp_field_cnt = $cs->criteria['icmp_field']->GetFormItemCnt();
    $rawip_field = $cs->criteria['rawip_field']->criteria;
    $rawip_field_cnt = $cs->criteria['rawip_field']->GetFormItemCnt();
    $data = $cs->criteria['data']->criteria;
    $data_cnt = $cs->criteria['data']->GetFormItemCnt();
    $cs->criteria['data']->data_encode;
    //$data_encode[0] = "ascii"; $data_encode[1] = "hex";
    /* OSSIM */
    $ossim_type = $cs->criteria['ossim_type']->criteria;
    $ossim_priority = $cs->criteria['ossim_priority']->criteria;
    $ossim_reliability = $cs->criteria['ossim_reliability']->criteria;
    $ossim_asset_dst = $cs->criteria['ossim_asset_dst']->criteria;
    $ossim_risk_a = $cs->criteria['ossim_risk_a']->criteria;
    $tmp_meta = "";
    /* Sensor */
    if ($sensor != "" && $sensor != " ") {
        $tmp_meta = $tmp_meta . " AND acid_event.device_id {$sensor_op} ( " . preg_replace("/^\\!/", "", $sensor) . " )";
    } else {
        $cs->criteria['sensor']->Set("");
    }
    /* Device */
    if ($device != "") {
        $_ip = bin2hex(inet_pton($device));
        $tmp_meta .= " AND acid_event.device_id IN (SELECT id FROM device WHERE device_ip=UNHEX('" . $_ip . "'))";
    }
    /* Plugin */
    if ($plugin != "" && $plugin != " ") {
        if (preg_match("/(\\d+)\\-(\\d+)/", $plugin, $match)) {
            $tmp_meta = $tmp_meta . " AND acid_event.plugin_id between " . $match[1] . " and " . $match[2];
        } else {
            $tmp_meta = $tmp_meta . " AND acid_event.plugin_id in (" . $plugin . ")";
        }
    }
    /* Plugin Group */
    if ($plugingroup != "" && $plugingroup != " ") {
        $pg_ids = QueryOssimPluginGroup($plugingroup);
        if ($pg_ids != "") {
            $tmp_meta = $tmp_meta . " AND ({$pg_ids}) ";
        } else {
            $tmp_meta = $tmp_meta . " AND (acid_event.plugin_id=-1 AND acid_event.plugin_sid=-1)";
        }
    }
    /* Network Group */
    if ($networkgroup != "" && $networkgroup != " ") {
        $ng_ids = QueryOssimNetworkGroup($networkgroup);
        if ($ng_ids != "") {
            $tmp_meta = $tmp_meta . " AND ({$ng_ids}) ";
            $use_ac = false;
        }
    }
    /* User Data */
    //echo "User Data:$userdata";
    $rpl = array('EQ' => '=', 'NE' => '!=', 'LT' => '<', 'LOE' => '<=', 'GT' => '>', 'GOE' => '>=');
    if (trim($userdata[2]) != "") {
        $_q = parenthesis_encode(escape_sql($userdata[2], $conn_aux));
        $sql = "SELECT acid_event.*, HEX(acid_event.ctx) AS ctx, HEX(acid_event.src_host) AS src_host, \n                                  HEX(acid_event.dst_host) AS dst_host, HEX(acid_event.src_net) AS src_net, \n                                  HEX(acid_event.dst_net) AS dst_net,extra_data.* \n                           FROM acid_event";
        $data_join_sql .= ",extra_data ";
        $_nq = is_numeric($_q) ? $_q : "'" . $_q . "'";
        $flt = "extra_data." . $userdata[0] . " " . strtr($userdata[1], $rpl) . " " . ($userdata[1] == "like" ? "'%" . $_q . "%'" : $_nq);
        $tmp_meta .= " AND acid_event.id=extra_data.event_id AND ({$flt})";
        $use_ac = FALSE;
    }
    /* IDM */
    if (trim($idm_username[0]) != '' || trim($idm_domain[0]) != '') {
        $data_join_sql .= ",idm_data ";
        $tmp_meta .= " AND acid_event.id=idm_data.event_id";
        $use_ac = FALSE;
    }
    if ($idm_username[0] != '') {
        $_q = parenthesis_encode(escape_sql($idm_username[0], $conn_aux));
        if ($idm_username[1] == "both") {
            $tmpcrit = "idm_data.username='******'";
        } else {
            $tmpcrit = "(idm_data.username='******' AND idm_data.from_src=" . ($idm_username[1] == "src" ? "1" : "0") . ")";
        }
        $tmp_meta .= " AND {$tmpcrit}";
    }
    if ($idm_domain[0] != '') {
        $_q = parenthesis_encode(escape_sql($idm_domain[0], $conn_aux));
        if ($idm_domain[1] == "both") {
            $tmpcrit = "idm_data.domain='" . $_q . "'";
        } else {
            $tmpcrit = "(idm_data.domain='" . $_q . "' AND idm_data.from_src=" . ($idm_domain[1] == "src" ? "1" : "0") . ")";
        }
        $tmp_meta .= " AND {$tmpcrit}";
    }
    if ($idm_hostname[0] != '') {
        $_q = parenthesis_encode(escape_sql($idm_hostname[0], $conn_aux));
        if ($idm_hostname[1] == "both") {
            $tmpcrit = "(acid_event.src_hostname='" . $_q . "' OR acid_event.dst_hostname='" . $_q . "')";
        } else {
            $tmpcrit = "acid_event." . $idm_hostname[1] . "_hostname='" . $_q . "'";
        }
        $tmp_meta .= " AND {$tmpcrit}";
        $use_ac = FALSE;
    }
    /* Reputation */
    $rep_data = trim($rep[0]) != "" || trim($rep[1]) != "" ? true : false;
    if ($rep_data) {
        $data_join_sql .= ",reputation_data";
        $tmp_meta .= " AND acid_event.id=reputation_data.event_id";
        $use_ac = false;
    }
    if (trim($rep[0]) != "") {
        # Activity
        if (intval($rep[0])) {
            $aname = GetActivityName($rep[0], $db);
            $tmpcrit = "(reputation_data.rep_act_src like '%" . str_replace("'", "\\'", $aname) . "%' OR reputation_data.rep_act_dst like '%" . str_replace("'", "\\'", $aname) . "%')";
        } else {
            $tmpcrit = "(reputation_data.rep_act_src!='' OR reputation_data.rep_act_dst!='')";
        }
        $tmp_meta .= " AND {$tmpcrit}";
    }
    if (trim($rep[1]) != "") {
        # Severity
        switch ($rep[1]) {
            case "High":
                $tmpcrit = "(reputation_data.rep_prio_src>6 OR reputation_data.rep_prio_dst>6)";
                break;
            case "Medium":
                $tmpcrit = "(reputation_data.rep_prio_src in (3,4,5,6) OR reputation_data.rep_prio_dst in (3,4,5,6))";
                break;
            case "Low":
                $tmpcrit = "(reputation_data.rep_prio_src in (0,1,2) OR reputation_data.rep_prio_dst in (0,1,2))";
                break;
            default:
                $tmpcrit = "(reputation_data.rep_prio_src>0 OR reputation_data.rep_prio_dst>0)";
        }
        $tmp_meta .= " AND {$tmpcrit}";
    }
    /* Source Type */
    if (trim($sourcetype) != "") {
        $tmp_meta = $tmp_meta . " AND acid_event.plugin_id in (" . GetPluginListBySourceType($sourcetype) . ")";
    }
    /* Category */
    if ($category[0] != 0) {
        $sig_join = true;
        $tmp_meta = $tmp_meta . GetPluginListByCategory($category);
    }
    /* Signature */
    if (isset($sig[0]) && $sig[0] != " " && $sig[0] != "" && (isset($sig[1]) && $sig[1] != "")) {
        if ($sig_type == 1) {
            // sending sig[1]=plugin_id;plugin_sid
            $pidsid = preg_split("/[\\s;]+/", $sig[1]);
            $tmp_meta = $tmp_meta . " AND (acid_event.plugin_id=" . intval($pidsid[0]) . " AND acid_event.plugin_sid=" . intval($pidsid[1]) . ")";
        } else {
            // free string
            $sig_ids = QueryOssimSignature($sig[1], $sig[0], $sig[2]);
            $sig_join = true;
            $tmp_meta = $tmp_meta . " AND ({$sig_ids})";
            //if ($sig_ids != "")
            //  $tmp_meta = $tmp_meta . " AND ($sig_ids) ";
            //else
            //  $tmp_meta = $tmp_meta." AND (plugin_id=-1 AND plugin_sid=-1)";
        }
    } else {
        $cs->criteria['sig']->Set("");
    }
    /*
     * OSSIM Code
     */
    /* OSSIM Type */
    if ($ossim_type[1] != " " && $ossim_type[1] != "" && $ossim_type[1] != "0") {
        $tmp_meta = $tmp_meta . " AND acid_event.ossim_type = '" . $ossim_type[1] . "'";
        $use_ac = false;
    } else {
        if ($ossim_type[1] == "0") {
            $tmp_meta = $tmp_meta . " AND (acid_event.ossim_type is null OR acid_event.ossim_type = '0')";
            $use_ac = false;
        } else {
            $cs->criteria['ossim_type']->Set("");
        }
    }
    /* OSSIM Priority */
    if ($ossim_priority[1] != " " && $ossim_priority[1] != "" && $ossim_priority[1] != "0") {
        $tmp_meta = $tmp_meta . " AND acid_event.ossim_priority  " . $ossim_priority[0] . " '" . $ossim_priority[1] . "'";
        $use_ac = false;
    } else {
        if ($ossim_priority[1] == "0") {
            $use_ac = false;
            $tmp_meta = $ossim_priority[0] == "=" ? $tmp_meta . " AND (acid_event.ossim_priority is null OR acid_event.ossim_priority = '0')" : ($tmp_meta = $tmp_meta . " AND acid_event.ossim_priority  " . $ossim_priority[0] . " '" . $ossim_priority[1] . "'");
        } else {
            $cs->criteria['ossim_priority']->Set("");
        }
    }
    /* OSSIM Reliability */
    if ($ossim_reliability[1] != " " && $ossim_reliability[1] != "" && $ossim_reliability[1] != "0") {
        $tmp_meta = $tmp_meta . " AND acid_event.ossim_reliability " . $ossim_reliability[0] . " '" . $ossim_reliability[1] . "'";
        $use_ac = false;
    } else {
        if ($ossim_reliability[1] == "0") {
            $tmp_meta = $ossim_reliability[0] == "=" ? $tmp_meta . " AND (acid_event.ossim_reliability is null OR acid_event.ossim_reliability = '0')" : $tmp_meta . " AND acid_event.ossim_reliability " . $ossim_reliability[0] . " '" . $ossim_reliability[1] . "'";
            $use_ac = false;
        } else {
            $cs->criteria['ossim_reliability']->Set("");
        }
    }
    /* OSSIM Asset DST */
    if ($ossim_asset_dst[1] != " " && $ossim_asset_dst[1] != "" && $ossim_asset_dst[1] != "0") {
        $tmp_meta = $tmp_meta . " AND acid_event.ossim_asset_dst " . $ossim_asset_dst[0] . " '" . $ossim_asset_dst[1] . "'";
        $use_ac = false;
    } else {
        if ($ossim_asset_dst[1] == "0") {
            $tmp_meta = $ossim_asset_dst[0] == "=" ? $tmp_meta . " AND (acid_event.ossim_asset_dst is null OR acid_event.ossim_asset_dst = '0')" : $tmp_meta . " AND acid_event.ossim_asset_dst " . $ossim_asset_dst[0] . " '" . $ossim_asset_dst[1] . "'";
            $use_ac = false;
        } else {
            $cs->criteria['ossim_asset_dst']->Set("");
        }
    }
    /* OSSIM Risk A */
    if ($ossim_risk_a != " " && $ossim_risk_a != "" && $ossim_risk_a != "0") {
        if ($ossim_risk_a == "low") {
            //$tmp_meta = $tmp_meta." AND ossim_risk_a >= 1 AND ossim_risk_a <= 4 ";
            $tmp_meta = $tmp_meta . " AND acid_event.ossim_risk_a < 1 ";
            $use_ac = false;
        } else {
            if ($ossim_risk_a == "medium") {
                //$tmp_meta = $tmp_meta." AND ossim_risk_a >= 5 AND ossim_risk_a <= 7 ";
                $tmp_meta = $tmp_meta . " AND acid_event.ossim_risk_a = 1 ";
                $use_ac = false;
            } else {
                if ($ossim_risk_a == "high") {
                    //$tmp_meta = $tmp_meta." AND ossim_risk_a >= 8 AND ossim_risk_a <= 10 ";
                    $tmp_meta = $tmp_meta . " AND acid_event.ossim_risk_a > 1 ";
                    $use_ac = false;
                }
            }
        }
    } else {
        $cs->criteria['ossim_risk_a']->Set("");
    }
    /* Date/Time */
    $time_meta = "";
    $real_time_meta = "";
    DateTimeRows2sql($real_time, $time_cnt, $real_time_meta);
    // Time without utc conversion
    if (DateTimeRows2sql($time, $time_cnt, $time_meta) == 0) {
        $cs->criteria['time']->SetFormItemCnt(0);
    }
    $criteria_sql = $criteria_sql . $tmp_meta;
    /* ********************** PERMS ************************ */
    // Allowed CTX's y Asset Filter
    $perms_sql = "";
    $domain = Session::get_ctx_where();
    if ($domain != "") {
        $perms_sql .= " AND acid_event.ctx in ({$domain})";
    }
    // Asset filter
    $host_perms = Session::get_host_where();
    $net_perms = Session::get_net_where();
    if ($host_perms != "") {
        $perms_sql .= " AND (acid_event.src_host in ({$host_perms}) OR acid_event.dst_host in ({$host_perms})";
        if ($net_perms != "") {
            $perms_sql .= " OR acid_event.src_net in ({$net_perms}) OR acid_event.dst_net in ({$net_perms}))";
        } else {
            $perms_sql .= ")";
        }
    } elseif ($net_perms != "") {
        $perms_sql .= " AND (acid_event.src_net in ({$net_perms}) OR acid_event.dst_net in ({$net_perms}))";
    }
    $criteria_sql .= $perms_sql;
    /* Host ID */
    $op = $hostid[3] != '' ? $hostid[3] : 'IN';
    $and_or = $op == 'NOT IN' ? 'AND' : 'OR';
    // src_host, dst_host fields
    if ($hostid[0] != "") {
        $hostwhere = "UNHEX('" . implode("',UNHEX('", explode(",", $hostid[0])) . "')";
        if ($hostid[2] == "both") {
            $criteria_sql .= " AND (acid_event.src_host {$op} ({$hostwhere}) {$and_or} acid_event.dst_host {$op} ({$hostwhere}))";
        } else {
            $criteria_sql .= " AND acid_event." . $hostid[2] . "_host {$op} ({$hostwhere})";
        }
    }
    /* Network ID */
    if ($netid[0] != "") {
        // src_net, dst_net fields
        $netwhere = "UNHEX('" . implode("',UNHEX('", explode(",", $netid[0])) . "')";
        if ($netid[2] == "both") {
            $criteria_sql .= " AND (acid_event.src_net in ({$netwhere}) OR acid_event.dst_net in ({$netwhere}))";
        } else {
            $criteria_sql .= " AND acid_event." . $netid[2] . "_host in ({$netwhere})";
        }
    }
    /* ********************** IP Criteria ********************************************** */
    /* IP Addresses */
    $tmp2 = "";
    for ($i = 0; $i < $ip_addr_cnt; $i++) {
        $tmp = "";
        if (isset($ip_addr[$i][3]) && $ip_addr[$i][1] != " " && $ip_addr[$i][1] != "") {
            if ($ip_addr[$i][3] != "" && $ip_addr[$i][4] != "" && $ip_addr[$i][5] != "" && $ip_addr[$i][6] != "") {
                /* if use illegal 256.256.256.256 address then
                 *  this is the special case where need to search for portscans
                 */
                if ($ip_addr[$i][3] == "256" && $ip_addr[$i][4] == "256" && $ip_addr[$i][5] == "256" && $ip_addr[$i][6] == "256") {
                    $tmp = $tmp . " acid_event." . $ip_addr[$i][1] . " IS NULL" . " ";
                } else {
                    if ($ip_addr[$i][10] == "") {
                        $tmp = $tmp . " acid_event." . $ip_addr[$i][1] . $ip_addr[$i][2] . "unhex('" . baseIP2hex($ip_addr[$i][3] . "." . $ip_addr[$i][4] . "." . $ip_addr[$i][5] . "." . $ip_addr[$i][6]) . "') ";
                    } else {
                        $mask = getIPMask($ip_addr[$i][3] . "." . $ip_addr[$i][4] . "." . $ip_addr[$i][5] . "." . $ip_addr[$i][6], $ip_addr[$i][10]);
                        if ($ip_addr[$i][2] == "!=") {
                            $tmp_op = " NOT ";
                        } else {
                            $tmp_op = "";
                        }
                        $tmp = $tmp . $tmp_op . " acid_event." . $ip_addr[$i][1] . ">= unhex('" . baseIP2hex($mask[0]) . "') AND acid_event." . $ip_addr[$i][1] . "<= unhex('" . baseIP2hex($mask[1]) . "')";
                    }
                }
            }
            /* if have chosen the address type to be both source and destination */
            if (ereg("ip_both", $tmp)) {
                $tmp_src = ereg_replace("ip_both", "ip_src", $tmp);
                $tmp_dst = ereg_replace("ip_both", "ip_dst", $tmp);
                if ($ip_addr[$i][2] == '=') {
                    $tmp = "(" . $tmp_src . ') OR (' . $tmp_dst . ')';
                } else {
                    $tmp = "(" . $tmp_src . ') AND (' . $tmp_dst . ')';
                }
            }
            $aux_op = $ip_addr_cnt > 0 ? $ip_addr[$i][9] == "AND" || $ip_addr[$i][9] == "OR" ? $ip_addr[$i][9] : "AND" : "";
            if ($tmp != "") {
                $tmp = $ip_addr[$i][0] . "(" . $tmp . ")" . $ip_addr[$i][8] . $aux_op;
            }
        } else {
            if (isset($ip_addr[$i][3]) && $ip_addr[$i][3] != "" || $ip_addr[$i][1] != " " && $ip_addr[$i][1] != "") {
                /* IP_addr_type, but MALFORMED IP address */
                if ($ip_addr[$i][1] != " " && $ip_addr[$i][1] != "" && $ip_addr[$i][3] == "" && ($ip_addr[$i][4] != "" || $ip_addr[$i][5] != "" || $ip_addr[$i][6] != "")) {
                    ErrorMessage("<B>" . gettext("Criteria warning:") . "</B> " . gettext("Invalid IP address criteria") . " ' *." . $ip_addr[$i][4] . "." . $ip_addr[$i][5] . "." . $ip_addr[$i][6] . " '");
                }
                /* ADDRESS, but NO IP_addr_type was given */
                if (isset($ip_addr[$i][3]) && $ip_addr[$i][1] == " " && $ip_addr[$i][1] == "") {
                    ErrorMessage("<B>" . gettext("Criteria warning:") . "</B> " . gettext("A IP address of") . " '" . $ip_addr[$i][3] . "." . $ip_addr[$i][4] . "." . $ip_addr[$i][5] . "." . $ip_addr[$i][6] . "' " . gettext("was entered for as a criteria value, but the type of address (e.g. source, destination) was not specified."));
                }
                /* IP_addr_type IS FILLED, but no ADDRESS */
                if ($ip_addr[$i][1] != " " && $ip_addr[$i][1] != "" && $ip_addr[$i][1] != "" && $ip_addr[$i][3] == "") {
                    ErrorMessage("<B>" . gettext("Criteria warning:") . "</B> " . gettext("An IP address of type") . " '" . $ip_addr[$i][1] . "' " . gettext("was selected (at #") . $i . ") " . gettext("indicating that an IP address should be a criteria, but no address on which to match was specified."));
                }
            }
        }
        $tmp2 = $tmp2 . $tmp;
        if ($i > 0 && ($ip_addr[$i - 1][9] != 'OR' && $ip_addr[$i - 1][9] != 'AND') && $ip_addr[$i - 1][3] != "") {
            ErrorMessage("<B>" . gettext("Criteria warning:") . "</B> " . gettext("Multiple IP address criteria entered without a boolean operator (e.g. AND, OR) between IP Criteria") . " #{$i} and #" . ($i + 1) . ".");
        }
    }
    if ($tmp2 != "") {
        BalanceBrackets($tmp2);
        $criteria_sql = $criteria_sql . " AND ( " . $tmp2 . " )";
        $use_ac = false;
    } else {
        $cs->criteria['ip_addr']->SetFormItemCnt(0);
    }
    /* IP Fields */
    if (FieldRows2sql($ip_field, $ip_field_cnt, $criteria_sql) == 0) {
        $cs->criteria['ip_field']->SetFormItemCnt(0);
    } else {
        $use_ac = false;
    }
    /* CTX */
    if ($ctx != "") {
        $criteria_sql .= " AND acid_event.ctx = UNHEX('{$ctx}')";
    }
    /* Layer-4 encapsulation */
    if ($layer4 == "TCP") {
        $criteria_sql = $criteria_sql . " AND acid_event.ip_proto= '6'";
        $use_ac = false;
    } else {
        if ($layer4 == "UDP") {
            $criteria_sql = $criteria_sql . " AND acid_event.ip_proto= '17'";
            $use_ac = false;
        } else {
            if ($layer4 == "ICMP") {
                $criteria_sql = $criteria_sql . " AND acid_event.ip_proto= '1'";
                $use_ac = false;
            } else {
                if ($layer4 == "RawIP") {
                    $criteria_sql = $criteria_sql . " AND acid_event.ip_proto= '255'";
                    $use_ac = false;
                } else {
                    $cs->criteria['layer4']->Set("");
                }
            }
        }
    }
    /* Join the iphdr table if necessary */
    if (!$cs->criteria['ip_field']->isEmpty()) {
        $join_sql = $ip_join_sql . $join_sql;
    }
    /* ********************** TCP Criteria ********************************************** */
    if ($layer4 == "TCP") {
        $proto_tmp = "";
        /* TCP Ports */
        if (FieldRows2sql($tcp_port, $tcp_port_cnt, $proto_tmp) == 0) {
            $cs->criteria['tcp_port']->SetFormItemCnt(0);
        }
        $criteria_sql = $criteria_sql . $proto_tmp;
        $proto_tmp = "";
        // ****************** DEPRECATED: TCP Flags TCP Fields ********************
        /* TCP Flags */
        /*
        if (isset($tcp_flags) && sizeof($tcp_flags) == 8) {
            if ($tcp_flags[0] == "contains" || $tcp_flags[0] == "is") {
                $flag_tmp = $tcp_flags[1] + $tcp_flags[2] + $tcp_flags[3] + $tcp_flags[4] + $tcp_flags[5] + $tcp_flags[6] + $tcp_flags[7] + $tcp_flags[8];
                if ($tcp_flags[0] == "is") $proto_tmp = $proto_tmp . ' AND tcp_flags=' . $flag_tmp;
                else if ($tcp_flags[0] == "contains") $proto_tmp = $proto_tmp . ' AND (tcp_flags & ' . $flag_tmp . ' = ' . $flag_tmp . " )";
                else $proto_tmp = "";
            }
        }
        */
        /* TCP Fields */
        //if (FieldRows2sql($tcp_field, $tcp_field_cnt, $proto_tmp) == 0) $cs->criteria['tcp_field']->SetFormItemCnt(0);
        /* TCP Options
         *  - not implemented
         */
        //if (!$cs->criteria['tcp_port']->isEmpty() || !$cs->criteria['tcp_flags']->isEmpty() || !$cs->criteria['tcp_field']->isEmpty()) {
        //************************************************************************
        if (!$cs->criteria['tcp_port']->isEmpty()) {
            $criteria_sql = $criteria_sql . $proto_tmp;
            // DEPRECATED tcp_join_sql
            //if (!$cs->criteria['tcp_flags']->isEmpty() || !$cs->criteria['tcp_field']->isEmpty()) $join_sql = $tcp_join_sql . $join_sql;
        }
    }
    /* ********************** UDP Criteria ********************************************* */
    if ($layer4 == "UDP") {
        $proto_tmp = "";
        /* UDP Ports */
        if (FieldRows2sql($udp_port, $udp_port_cnt, $proto_tmp) == 0) {
            $cs->criteria['udp_port']->SetFormItemCnt(0);
        }
        $criteria_sql = $criteria_sql . $proto_tmp;
        $proto_tmp = "";
        // ********************** DEPRECATED UDP Fields *************************
        /* UDP Fields */
        //if (FieldRows2sql($udp_field, $udp_field_cnt, $proto_tmp) == 0) $cs->criteria['udp_field']->SetFormItemCnt(0);
        //if (!$cs->criteria['udp_port']->isEmpty() || !$cs->criteria['udp_field']->isEmpty()) {
        // **********************************************************************
        if (!$cs->criteria['udp_port']->isEmpty()) {
            $criteria_sql = $criteria_sql . $proto_tmp;
            // DEPRECATED udp_join_sql
            //if (!$cs->criteria['udp_field']->isEmpty()) $join_sql = $udp_join_sql . $join_sql;
        }
    }
    // DEPRECATED: ICMP
    /* ********************** ICMP Criteria ******************************************** */
    /*
    if ($layer4 == "ICMP") {
        $proto_tmp = "";
        // ICMP Fields
        if (FieldRows2sql($icmp_field, $icmp_field_cnt, $proto_tmp) == 0) $cs->criteria['icmp_field']->SetFormItemCnt(0);
        if (!$cs->criteria['icmp_field']->isEmpty()) {
            $criteria_sql = $criteria_sql . $proto_tmp;
            $join_sql = $icmp_join_sql . $join_sql;
        }
    }
    */
    /* ********************** Packet Scan Criteria ************************************* */
    if ($layer4 == "RawIP") {
        $proto_tmp = "";
        /* RawIP Fields */
        if (FieldRows2sql($rawip_field, $rawip_field_cnt, $proto_tmp) == 0) {
            $cs->criteria['rawip_field']->SetFormItemCnt(0);
        }
        if (!$cs->criteria['rawip_field']->isEmpty()) {
            $criteria_sql = $criteria_sql . $proto_tmp;
            $join_sql = $rawip_join_sql . $join_sql;
        }
    }
    /* ********************** Payload Criteria ***************************************** */
    //$tmp_payload = "";
    if (DataRows2sql($data, $data_cnt, $data_encode, $tmp_payload) == 0) {
        $cs->criteria['data']->SetFormItemCnt(0);
    } else {
        $use_ac = false;
    }
    //echo "<br><br><br>";
    //print_r($data);
    //print_r("data_cnt: [".$data_cnt."]");
    //print_r($cs->criteria['data']->isEmpty());
    //print_r("criteria_ sql: [".$criteria_sql."]");
    //print_r("tmp_payload: [".$tmp_payload."]");
    //print_r($data);
    if (!$cs->criteria['data']->isEmpty()) {
        $sql = "SELECT acid_event.*, HEX(acid_event.ctx) AS ctx, HEX(acid_event.src_host) AS src_host, HEX(acid_event.dst_host) AS dst_host, HEX(acid_event.src_net) AS src_net, HEX(acid_event.dst_net) AS dst_net, extra_data.* FROM acid_event";
        if (!preg_match("/extra_data/", $data_join_sql)) {
            $data_join_sql .= ",extra_data ";
        }
        $criteria_sql = $criteria_sql . $tmp_payload;
        $use_ac = false;
    }
    // special distinct for idm_username
    if (preg_match("/idm_data/", $data_join_sql)) {
        $sql = preg_replace("/^SELECT/", "SELECT DISTINCT", $sql);
    }
    if ($sig_join) {
        $join_sql = $join_sql . $sig_join_sql;
    }
    $join_sql = $join_sql . $data_join_sql;
    $csql[0] = $join_sql;
    // Ready to ac_acid_event
    $criteria1_sql = $criteria_sql . preg_replace("/ \\d\\d:\\d\\d:\\d\\d/", "", str_replace("timestamp", "day", $real_time_meta));
    $criteria1_sql = preg_replace("/AND\\s+\\)/", " )", preg_replace("/OR\\s+\\)/", " )", $criteria1_sql));
    // Ready to ac_acid_event next day
    $criteria2_sql = $criteria_sql . preg_replace("/ \\d\\d:\\d\\d:\\d\\d/", "", str_replace("timestamp", "day", $time_meta));
    $criteria2_sql = preg_replace("/AND\\s+\\)/", " )", preg_replace("/OR\\s+\\)/", " )", $criteria2_sql));
    // to acid_event
    $criteria_sql = $criteria_sql . $time_meta;
    $criteria_sql = preg_replace("/AND\\s+\\)/", " )", preg_replace("/OR\\s+\\)/", " )", $criteria_sql));
    $csql[1] = $criteria_sql;
    $csql[2] = $perms_sql . preg_replace("/ \\d\\d:\\d\\d:\\d\\d/", "", str_replace("timestamp", "day", $time_meta));
    // $real_time_criteria
    $csql[3] = $use_ac;
    // true if we use ac_acid_event instead acid_event
    $csql[4] = $criteria1_sql;
    $csql[5] = $criteria2_sql;
    $db_aux->close();
    //print_r($csql);
    return $csql;
}
コード例 #4
0
ファイル: settings.php プロジェクト: jhbsz/ossimTest
    case "saveprefs":
        saveprefs($sid);
        break;
    case "update":
        $stype = "";
        if (intval($user) != -1) {
            $stype = $user;
        } elseif (intval($entity) != -1) {
            $stype = $entity;
        }
        if ($stype == "") {
            $stype = Session::get_session_user();
        }
        update_profile($sid, $sname, $sdescription, $stype, $sautoenable, $auto_cat_status, $auto_fam_status, $tracker);
        break;
    case "updateusers":
        update_users($sid, $users);
        break;
    case "viewconfig":
        view_config($sid);
        break;
    default:
        select_profile();
        break;
}
echo "   </td></tr>";
echo "   </table>";
echo "</td></tr>";
echo "</table>";
$db->close($dbconn);
require_once 'footer.php';
コード例 #5
0
echo _('Reference SID Name');
?>
</th>
				<td id="sid2" class="left">
					<span style='font-style:italic;'><?php 
echo _('Please, select Reference Data Source Name');
?>
</span>
				</td>
			</tr>
			
			<tr>
				<td colspan="2" class="noborder" style="padding: 10px;">
					<input type="button" id='back' name='back' class='av_b_secondary' onclick="document.location.href='pluginref.php'" value="<?php 
echo _("Back");
?>
"/>
					<input type="submit" id='send' name='send' value="<?php 
echo $button_text;
?>
"/>
				</td>
			</tr>
		</table>
	</form>	
</body>
</html>

<?php 
$db->close();
コード例 #6
0
ファイル: vars_session.php プロジェクト: jhbsz/ossimTest
        if (preg_match("/^(_|alarms_|back_list|current_cview|views|ports_cache|acid_|report_|graph_radar|siem_event|deletetask|mdspw).*/", $k)) {
            unset($session_data[$k]);
        }
    }
    $_SESSION['views']['default']['data'] = $session_data;
    $config->set($login, 'custom_views', $_SESSION['views'], 'php', 'siem');
}
if ($_GET["search_str"] == "search term") {
    unset($_GET["search_str"]);
}
// resolv host2ip if needed
if ($_GET["search_str"] != "" && preg_match("/.*IP/", $_GET["submit"]) && !preg_match("/\\d+\\.\\d+(\\.\\d+\\.\\d+)?/", $_GET["search_str"])) {
    include_once "classes/Host.inc";
    $_GET["search_str"] = Host::hostname2ip($conn_aux, $_GET["search_str"], true);
}
$db_aux->close($conn_aux);
if ($_SESSION['view_name_changed']) {
    $_GET['custom_view'] = $_SESSION['view_name_changed'];
    $_SESSION['view_name_changed'] = "";
    $_SESSION['norefresh'] = 1;
} else {
    $_SESSION['norefresh'] = "";
}
$custom_view = $_GET['custom_view'];
if ($custom_view != "") {
    $_SESSION['current_cview'] = $custom_view;
    if (is_array($_SESSION['views'][$custom_view]['data'])) {
        foreach ($_SESSION['views'][$custom_view]['data'] as $skey => $sval) {
            if (!preg_match("/^(_|alarms_|back_list|current_cview|views|ports_cache|acid_|report_|graph_radar|siem_event|deletetask|mdspw).*/", $skey)) {
                $_SESSION[$skey] = $sval;
            } else {
コード例 #7
0
}
// Conversion: Searching by IP, but Host selected
if ($_GET["search_str"] != "" && in_array($_GET["submit"], $host_submit) && preg_match("/^\\!?\\d+\\.\\d+\\.\\d+\\.\\d+\$/", $_GET["search_str"])) {
    $_GET['submit'] = str_replace(" Host", " IP", $_GET['submit']);
}
// Hostname
if ($_GET["search_str"] != "" && in_array($_GET["submit"], $host_submit) && !preg_match("/\\d+\\.\\d+\\.\\d+\\.\\d+/", $_GET["search_str"])) {
    $negated_op = preg_match('/^\\!/', $_GET["search_str"]) ? 'NOT IN' : 'IN';
    $_GET["search_str"] = Util::htmlentities(preg_replace("/[^0-9A-Za-z\\!\\-\\_\\.]/", "", $_GET["search_str"]));
    // htmlentities for fortify test
    $hids = Asset_host::get_id_by_name($conn_aux, $_GET["search_str"]);
    $htype = $_GET["submit"] == _("Src or Dst Host") ? "both" : ($_GET["submit"] == _("Src Host") ? "src" : "dst");
    $_SESSION["hostid"] = array(array_shift(array_keys($hids)), $_GET["search_str"], $htype, $negated_op);
    unset($_GET["search_str"]);
}
$db_aux->close();
if ($_SESSION['view_name_changed']) {
    $_GET['custom_view'] = $_SESSION['view_name_changed'];
    $_SESSION['view_name_changed'] = "";
    $_SESSION['norefresh'] = 1;
} else {
    $_SESSION['norefresh'] = "";
}
$custom_view = $_GET['custom_view'];
ossim_valid($custom_view, OSS_NULLABLE, OSS_ALPHA, OSS_SPACE, OSS_PUNC, "Invalid: custom_view");
if (ossim_error()) {
    die(ossim_error());
}
if ($custom_view != "") {
    $_SESSION['current_cview'] = Util::htmlentities($custom_view);
    if (is_array($_SESSION['views'][$custom_view]['data'])) {
コード例 #8
0
ファイル: nfsen.php プロジェクト: AntBean/alienvault-ossim
function SendHeader($established)
{
    global $self, $m_opt, $sm_opt, $h_opt;
    global $TabList;
    header("Content-type: text/html; charset=ISO-8859-1");
    ?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
	<meta http-equiv="Cache-Control" content="no-cache"/>
	<meta http-equiv="Pragma" content="no-cache"/>
	<link rel="stylesheet" type="text/css" href="../style/av_common.css?t=<?php 
    echo Util::get_css_id();
    ?>
">
	<link rel="stylesheet" type="text/css" href="../style/nfsen/nfsen.css">

	<script type="text/javascript" src="/ossim/js/jquery.min.js"></script>
	<script type='text/javascript' src="/ossim/js/notification.js"></script>
	<script type='text/javascript' src='/ossim/js/utils.js'></script>

<?php 
    include '../host_report_menu.php';
    if (!$established) {
        return;
    }
    $_tab = array_key_exists('tab', $_SESSION) ? $_SESSION['tab'] : 0;
    if (array_key_exists('tleft', $_SESSION)) {
        $str = $TabList[$_tab] == 'Details' ? strftime("%b %d %Y - %H:%M", $_SESSION['tleft']) : 'Overview';
    } else {
        $str = '';
    }
    ?>
    <title>
    <?php 
    if ($_REQUEST["login"]) {
        $name = strip_tags($_POST["name"]);
        $_SESSION["_nfsen_title"] = $name . " - Network Traffic";
    } elseif (empty($_SESSION["_nfsen_title"])) {
        $_SESSION["_nfsen_title"] = _("NFSEN");
    }
    echo Util::htmlentities($_SESSION["_nfsen_title"]) . _(' - Profile');
    ?>
 <?php 
    echo Util::htmlentities($_SESSION['profile']) . " {$str}";
    ?>
</title>

    <?php 
    $refresh = $_SESSION['refresh'];
    if ($TabList[$_tab] != 'Details' && $refresh > 0) {
        print "<meta HTTP-EQUIV='Refresh' CONTENT='" . Util::htmlentities($refresh) . "; URL=" . Util::htmlentities($self) . "?bookmark=" . Util::htmlentities($_SESSION['bookmark']) . "&bypassexpirationupdate=1'>\n";
    }
    if ($TabList[$_tab] == 'Details') {
        ?>
	   <link rel="stylesheet" type="text/css" href="../style/nfsen/detail.css">
	<?php 
    }
    if ($TabList[$_tab] == 'Stats') {
        ?>
	   <link rel="stylesheet" type="text/css" href="../style/nfsen/profileadmin.css">
	<?php 
    }
    if ($TabList[$_tab] == 'Alerts') {
        ?>
	   <link rel="stylesheet" type="text/css" href="../style/nfsen/alerting.css">
	   <?php 
    }
    ?>

	<script type="text/javascript" src="js/global.js"></script>
	<script type="text/javascript" src="js/menu.js"></script>
    <script type="text/javascript" src="../js/jquery.simpletip.js"></script>
    
    <!-- JQuery TipTip: -->
    <link rel="stylesheet" type="text/css" href="/ossim/style/tipTip.css"/>
    <script type="text/javascript" src="/ossim/js/jquery.tipTip-ajax.js"></script>
    
	<script type="text/javascript">
		function postload() {

		     // menu.php postload
			 $('#interface').change(function() {                        
                 send($(this).val(), $('#interface option:selected').text());
             });
             
             <?php 
    if (isset($_POST['ip'])) {
        ?>
                 send('<?php 
        echo Util::htmlentities($_POST['ip']);
        ?>
', $('#interface option:selected').text());
                 <?php 
    }
    ?>
             // ************

             $('.scriptinfo').tipTip({
                 defaultPosition: "down",
                 content: function (e) {
                    
                    var ip_data = $(this).attr('data-title');
                        ip_data = ip_data.split('-');
                    
                    $.ajax({
                        url: '../alarm/alarm_netlookup.php?ip=' + ip_data[0],
                        success: function (response) {
                          e.content.html(response); // the var e is the callback function data (see above)
                        }
                    });
                    return '<?php 
    echo _("Searching") . "...";
    ?>
'; // We temporary show a Please wait text until the ajax success callback is called.
                 }
              });
  			
			$(".repinfo").tipTip({
				defaultPosition: 'left',
				content: function (e) { 
					return $(this).attr('txt');
				}
			});  
                
			$('#filter').on('keyup', function(e){
                $(this).val(function(i, val) {
					return val.replace(/[\t\r\b]/g, '');
				});
			});
										  
			<?php 
    if (GET('ip') != "") {
        ?>
				$("#process_button").click();
				<?php 
    }
    ?>
			
		}

		function lastsessions() {
			$('#modeselect0').click();
			$("#listN option[value='3']").attr('selected', 'selected');
			$("#process_button").click();
		}
		
		function launch(val,order) {
			$('#modeselect1').click();
			$("#TopN option[value='0']").attr('selected', 'selected');
			$("#StatTypeSelector option[value='"+val+"']").attr('selected', 'selected');
			$("#statorder option[value='"+order+"']").attr('selected', 'selected');
			$("#process_button").click();
		}
		
		function remote_interface(ip) {
			$("#FlowProcessingForm").attr("action", "menu.php");
			$("#FlowProcessingForm").attr("target", "menu_nfsen");
			$("#FlowProcessingForm").append("<input type='hidden' name='process' value='Process' />");
			$("#FlowProcessingForm").append("<input type='hidden' name='ip' value='"+ip+"' />");
			$("#FlowProcessingForm").submit();
		}
		
		function clean_remote_data() {
			$("#FlowProcessingForm").removeAttr("target");
			$("#FlowProcessingForm").attr("action", $("#FlowProcessingForm").attr("laction")); // set the local action
		}
	</script>	
</head>

<body>

<?php 
    $db_aux = new ossim_db();
    $conn_aux = $db_aux->connect();
    $aux_ri_interfaces = Remote_interface::get_list($conn_aux, "WHERE status = 1");
    $ri_list = $aux_ri_interfaces[0];
    $ri_total = $aux_ri_interfaces[1];
    $db_aux->close();
    if (Session::am_i_admin() && count($ri_total) > 0) {
        include 'menu.php';
    }
}
コード例 #9
0
ファイル: Alarm.php プロジェクト: AntBean/alienvault-ossim
                        </tr>
                        <tr>
                            <td style="' . $td_style . ' width: 27mm;" class="noborder"><strong>' . gettext("Source ports") . ':</strong></td>
                            <td colspan="3" style="' . $td_style . ' width: 66mm;" class="noborder">' . $value['SourcePorts'] . '</td>
                        </tr>
                        <tr>
                            <td style="' . $td_style . ' width: 27mm;"><strong>' . gettext("Destination ports") . ':</strong></td>
                            <td colspan="3" style="' . $td_style . ' width: 66mm;" class="noborder">' . $value['DestinationPorts'] . '</td>
                        </tr>
                        <tr>
                            <td style="' . $td_style . ' width: 27mm;"><strong>' . gettext("In charge") . ':</strong></td>
                            <td colspan="3" style="' . $td_style . ' width: 66mm;" class="noborder">' . Util::wordwrap($value['InCharge'], 35, "<br/>", true) . '</td> 
                        </tr>
                    </table>
                 </td>
                ');
            if ($c % 2 != 0) {
                $htmlPdfReport->set('</tr>');
            }
            $c++;
        }
        if ($c % 2 != 0) {
            $htmlPdfReport->set('
                <td></td>
            </tr>');
        }
        $htmlPdfReport->set('</table><br/><br/>');
    }
}
$db->close($conn1);
コード例 #10
0
ファイル: nfsenutil.php プロジェクト: jhbsz/ossimTest
function ReadProfile($profileswitch)
{
    // User sensors filtering
    require_once 'classes/Session.inc';
    require_once 'classes/Sensor.inc';
    require_once 'ossim_db.inc';
    $db_aux = new ossim_db();
    $conn_aux = $db_aux->connect();
    $sensors_list = Sensor::get_list($conn_aux);
    $db_aux->close($conn_aux);
    $opts['profile'] = $profileswitch;
    $profileinfo = nfsend_query("get-profile", $opts, 0);
    if (!is_array($profileinfo)) {
        return false;
    }
    if (!array_key_exists('description', $profileinfo)) {
        $profileinfo['description'] = array();
    }
    $channels = array();
    // in case it's a new profile with no channels associated yet
    if (!array_key_exists('channel', $profileinfo)) {
        $profileinfo['channel'] = $channels;
    }
    // Decode channel information
    foreach ($profileinfo['channel'] as $channel) {
        list($name, $sign, $colour, $order, $sourcelist) = explode(":", $channel);
        $has_perm = 0;
        foreach ($sensors_list as $s) {
            if ($name == $s->get_name()) {
                $has_perm = 1;
            }
        }
        if (Session::am_i_admin()) {
            $has_perm = 1;
        }
        if (!$has_perm) {
            continue;
        }
        $_tmp = array();
        $_tmp['name'] = $name;
        $_tmp['sign'] = $sign;
        $_tmp['colour'] = $colour;
        $_tmp['order'] = $order;
        $_tmp['sourcelist'] = $sourcelist;
        $channels[$name] = $_tmp;
    }
    $profileinfo['channel'] = $channels;
    return $profileinfo;
}
コード例 #11
0
function allowed_nfsen_section()
{
    if (Session::am_i_admin()) {
        return true;
    }
    require_once 'ossim_db.inc';
    $db = new ossim_db();
    $conn = $db->connect();
    $flag = true;
    // Decode channel information
    foreach ($_SESSION['profileinfo']['all_channels'] as $channel) {
        if (!Av_sensor::is_channel_allowed($conn, $channel)) {
            $flag = false;
            break;
        }
    }
    $db->close();
    return $flag;
}
コード例 #12
0
ファイル: common.php プロジェクト: jackpf/ossim-arc
/**
 * This function gets the SIEM trends in hours
 *
 * @param  $h                Number of hours of the trend
 * @param  $assets_filters   [Optional] Asset filter applied
 *
 * @return  An array with the result of the query that contains the data of the trend
 */
function SIEM_trends($h = 24, $assets_filters = '', $first_date = '')
{
    global $tz;
    //Cache file
    $file = '_siem_events_' . Session::get_session_user() . '_';
    $file .= md5($h . '_' . serialize($assets_filters));
    $data = Cache_file::get_asset_data($file, 300);
    if (is_array($data)) {
        return $data;
    }
    $db = new ossim_db(TRUE);
    $dbconn = $db->connect();
    $tzc = Util::get_tzc($tz);
    $data = array();
    //Filters of assets
    if (empty($assets_filters)) {
        $assets_filters['assets'] = array();
        $assets_filters['ctxs'] = array();
    }
    $query_where = Security_report::make_where($dbconn, gmdate("Y-m-d H:00:00", gmdate("U") - 3600 * $h), gmdate("Y-m-d H:59:59"), array(), $assets_filters);
    $sqlgraph = "SELECT SUM(cnt) AS num_events, hour(convert_tz(timestamp,'+00:00','{$tzc}')) AS intervalo, day(convert_tz(timestamp,'+00:00','{$tzc}')) AS suf \n        FROM alienvault_siem.ac_acid_event as acid_event WHERE 1=1 {$query_where} GROUP BY suf,intervalo";
    if ($first_date) {
        // Test if we have enough data in ac_acid_event
        $query = "select cnt from alienvault_siem.ac_acid_event where timestamp between '{$first_date}:00:00' and '{$first_date}:59:59' limit 1";
        $rg = $dbconn->CacheExecute($query);
        if (!$rg) {
            print $dbconn->ErrorMsg();
        }
        if ($rg->EOF) {
            // Test if we have enough data in acid_event
            $query = "select hex(id) from alienvault_siem.acid_event where timestamp between '{$first_date}:00:00' and '{$first_date}:59:59' limit 1";
            $rg = $dbconn->CacheExecute($query);
            if (!$rg) {
                print $dbconn->ErrorMsg();
            }
            if (!$rg->EOF) {
                $sqlgraph = "SELECT COUNT(acid_event.id) AS num_events, hour(convert_tz(timestamp,'+00:00','{$tzc}')) AS intervalo, day(convert_tz(timestamp,'+00:00','{$tzc}')) AS suf \n                    FROM alienvault_siem.acid_event WHERE 1=1 {$query_where} GROUP BY suf,intervalo";
            }
        }
    }
    $rg = $dbconn->CacheExecute($sqlgraph);
    if (!$rg) {
        print $dbconn->ErrorMsg();
    } else {
        while (!$rg->EOF) {
            $data[$rg->fields['suf'] . ' ' . $rg->fields['intervalo'] . 'h'] = $rg->fields['num_events'];
            $rg->MoveNext();
        }
    }
    $db->close();
    Cache_file::save_file($file, $data);
    return $data;
}
コード例 #13
0
ファイル: alarms_events.php プロジェクト: jhbsz/ossimTest
}
while (!$rs->EOF) {
    $values .= $rs->fields["num_events"] . ",";
    $name = Util::signaturefilter($rs->fields["name"]);
    if (strlen($name) > 35) {
        $name = substr($name, 0, 35) . "..";
    }
    $txts .= "'" . str_replace("'", "\\'", $name) . "',";
    $urls .= GET("type") == "alarms" ? str_replace("QQQ", $rs->fields["name"], $link) : str_replace("QQQ", $rs->fields["plugin_id"] . "%3B" . $rs->fields["sid"], $link);
    $rs->MoveNext();
}
$values = preg_replace("/,\$/", "", $values);
$txts = preg_replace("/,\$/", "", $txts);
$urls = preg_replace("/,\$/", "", $urls);
//
$db->close($conn);
$db->close($conn2);
//
?>
  
	<script class="code" type="text/javascript">
	
		var links = [<?php 
echo $urls;
?>
];

		function myClickHandler(ev, gridpos, datapos, neighbor, plot) {
            //mouseX = ev.pageX; mouseY = ev.pageY;
            url = links[neighbor.pointIndex];
            if (neighbor.seriesIndex==1) url = '../incidents/index.php?status=&hmenu=Tickets&smenu=Tickets';
コード例 #14
0
ファイル: host_report.php プロジェクト: jhbsz/ossimTest
				<td>
					<table style="background-color:#8F6259" height="100%" cellpadding="5">
						<tr><td style="font-size:18px;font-weight:bold;color:#EEEEEE;text-align:left;padding-left:10px"><?php 
echo gettext("Logger");
?>
</td></tr>
						<tr><td class="nobborder"><?php 
include "host_report_sem.php";
?>
</td></tr>
						<script type="text/javascript">$("#pbar").progressBar(99);$("#progressText").html('<b><?php 
echo gettext("Finishing");
?>
</b>...');</script>
				<?php 
ob_flush();
flush();
usleep(500000);
?>
					</table>
				</td>
			</tr>
		</table>
	</div>
</body>
</html>

<?php 
$db->close($conn);
$db->close($conn_snort);
ob_end_flush();
コード例 #15
0
ファイル: sec_report.php プロジェクト: jhbsz/ossimTest
function less_stable_services()
{
    global $NUM_HOSTS;
    /* opennms db connect */
    $opennms_db = new ossim_db();
    $opennms_conn = $opennms_db->opennms_connect();
    $query = OssimQuery("SELECT servicename, count(servicename) \n            FROM ifservices ifs, service s \n            WHERE ifs.serviceid = s.serviceid AND ifs.status = 'D' \n            GROUP BY servicename ORDER BY count(servicename) DESC \n            LIMIT {$NUM_HOSTS}");
    $rs =& $opennms_conn->Execute($query);
    if (!$rs) {
        print $opennms_conn->ErrorMsg();
    } else {
        ?>
        <h2><?php 
        echo _("Top");
        ?>
 <?php 
        echo "{$NUM_HOSTS}";
        ?>
 <?php 
        echo _("less stable services");
        ?>
</h2>
        <table align="center">
          <tr>
            <th> <?php 
        echo gettext("Service");
        ?>
 </th>
            <th> <?php 
        echo gettext("Ocurrences");
        ?>
 </th>
          </tr>
<?php 
        while (!$rs->EOF) {
            $service = $rs->fields["servicename"];
            $occurrences = number_format($rs->fields["count"], 0, ",", ".");
            ?>
          <tr>
            <td><?php 
            echo $service;
            ?>
</td>
            <td><?php 
            echo $occurrences;
            ?>
</td>
          </tr>
<?php 
            $rs->MoveNext();
        }
    }
    $opennms_db->close($opennms_conn);
    echo "</table><br/>\n";
}
コード例 #16
0
ファイル: details.php プロジェクト: jhbsz/ossimTest
function DisplayProcessing()
{
    global $self;
    global $ListNOption;
    global $TopNOption;
    global $OutputFormatOption;
    global $IPStatOption;
    global $IPStatOrder;
    global $LimitScale;
    require_once 'classes/Session.inc';
    require_once 'classes/Sensor.inc';
    require_once 'ossim_db.inc';
    $db_aux = new ossim_db();
    $conn_aux = $db_aux->connect();
    $sensors_list = Sensor::get_list($conn_aux);
    $db_aux->close($conn_aux);
    $detail_opts = $_SESSION['detail_opts'];
    $process_form = $_SESSION['process_form'];
    $type = $detail_opts['type'] == "flows" ? 0 : ($detail_opts['type'] == "packets" ? 1 : 2);
    ?>
	<a name="processing"></a>
   <table style='width:100%;margin-top:15px;margin-bottom:5px;border:none'><tr>
   <td class='nobborder'><b><?php 
    echo _("Netflow Processing");
    ?>
</b></td>
   <td class='noborder' style='text-align:center'>
    [ <a href='javascript:lastsessions()'><?php 
    echo _("List last 500 sessions");
    ?>
</a> ]
    &nbsp;[ <a href='javascript:launch("2","<?php 
    echo $type;
    ?>
")'><?php 
    echo _("Top 10 Src IPs");
    ?>
</a> ]
    &nbsp;[ <a href='javascript:launch("3","<?php 
    echo $type;
    ?>
")'><?php 
    echo _("Top 10 Dst IPs");
    ?>
</a> ]
    &nbsp;[ <a href='javascript:launch("5","<?php 
    echo $type;
    ?>
")'><?php 
    echo _("Top 10 Src Port");
    ?>
</a> ]
    &nbsp;[ <a href='javascript:launch("6","<?php 
    echo $type;
    ?>
")'><?php 
    echo _("Top 10 Dst Port");
    ?>
</a> ]
    &nbsp;[ <a href='javascript:launch("13","<?php 
    echo $type;
    ?>
")'><?php 
    echo _("Top 10 Proto");
    ?>
</a> ]
    </td></tr></table>

<form action="<?php 
    echo $self;
    ?>
" onSubmit="return ValidateProcessForm()" id="FlowProcessingForm" method="POST">
<TABLE border="0" cellspacing="3" cellpadding="3" style='font-size:14px;font-weight:bold;width:100%'>
<tr>
    <TD><?php 
    echo _("Source");
    ?>
:</TD>
    <TD><?php 
    echo _("Filter");
    ?>
:</TD>
    <TD><?php 
    echo _("Options");
    ?>
:</TD>
</tr>

<TR>
	<TD style='vertical-align:top;border:none'>
		<SELECT name="srcselector[]" id='SourceSelector' size="6" style="width: 100%" multiple>
<?php 
    foreach ($process_form['srcselector'] as $selected_channel) {
        $_tmp[$selected_channel] = 1;
    }
    $i = 0;
    foreach (array_keys($_SESSION['profileinfo']['channel']) as $channel) {
        $has_perm = 0;
        foreach ($sensors_list as $s) {
            if ($channel == $s->get_name()) {
                $has_perm = 1;
            }
        }
        if (Session::am_i_admin()) {
            $has_perm = 1;
        }
        if (!$has_perm) {
            continue;
        }
        $checked = array_key_exists($channel, $_tmp) ? 'selected' : '';
        print "<OPTION value='{$channel}' {$checked}>{$channel}</OPTION>\n";
    }
    ?>
		</SELECT><br>
		<INPUT class="lbutton" TYPE="button" NAME="JSbutton2" Value="<?php 
    echo _("All Sources");
    ?>
" onClick="SelectAllSources()">
	</TD>
	<td style="vertical-align:top;border:none">
		<textarea name="filter" id="filter" multiline="true" wrap="phisical" rows="6" cols="50"><?php 
    if (is_array($process_form)) {
        $display_filter = array_key_exists('editfilter', $process_form) ? $process_form['editfilter'] : $process_form['filter'];
    } else {
        $display_filter = array();
    }
    if (count($display_filter) < 1 && GET('ip') != "") {
        $display_filter[0] = "src ip " . GET('ip') . " or dst ip " . GET('ip');
    }
    foreach ($display_filter as $line) {
        print htmlspecialchars(stripslashes($line)) . "\n";
    }
    ?>
</textarea><br>
<?php 
    $deletefilter_display_style = is_array($process_form) && array_key_exists('editfilter', $process_form) ? '' : 'style="display:none;"';
    ?>
		<input type="image" name="filter_delete" id="filter_delete" title="<?php 
    echo _("Delete filter");
    ?>
" align="right"
			onClick="HandleFilter(3)" value="" src="icons/trash.png" <?php 
    echo $deletefilter_display_style;
    ?>
>
		<input type="hidden" name="filter_name" id="filter_name" value="none">
		<span id="filter_span">and
		<select name="DefaultFilter" id="DefaultFilter" onChange="HandleFilter(0)" size="1">
<?php 
    print "<option value='-1' label='none'>&lt;none&gt;</option>\n";
    foreach ($_SESSION['DefaultFilters'] as $name) {
        $checked = $process_form['DefaultFilter'] == $name ? 'selected' : '';
        print "<option value='{$name}' {$checked}>{$name}</option>\n";
    }
    $editfilter_display_style = 'style="display:none;"';
    foreach ($_SESSION['DefaultFilters'] as $name) {
        if ($process_form['DefaultFilter'] == $name) {
            $editfilter_display_style = '';
        }
    }
    ?>
		</select></span>
		<input type="image" name="filter_save" id="filter_save" title="<?php 
    echo _("Save filter");
    ?>
"
			onClick="HandleFilter(2)" 
			value="" src="icons/save.png" border="0" align="absmiddle">
		<input type="image" name="filter_edit" id="filter_edit" title="<?php 
    echo _("Edit filter");
    ?>
" <?php 
    echo $editfilter_display_style;
    ?>
			onClick="HandleFilter(1)" value="" src="icons/edit.png">
        <script language="Javascript" type="text/javascript">
            var DefaultFilters = new Array();
<?php 
    foreach ($_SESSION['DefaultFilters'] as $name) {
        print "DefaultFilters.push('{$name}');\n";
    }
    if (array_key_exists('editfilter', $process_form)) {
        print "edit_filter = '" . $process_form['DefaultFilter'] . "';\n";
    }
    ?>
        </script>
	</td>
	<!-- Options start here -->
	<td style='padding: 0px;vertical-align:top;border:none'>
 		<table border="0"id="ProcessOptionTable" style="font-size:14px;font-weight:bold;border:none;width:100%">
			<tr><td>
<?php 
    $i = 0;
    foreach (array('List Flows', 'Stat TopN') as $s) {
        $checked = $process_form['modeselect'] == $i ? 'checked' : '';
        print "<input type='radio' onClick='SwitchOptionTable({$i})' name='modeselect' id='modeselect{$i}' value='{$i}' {$checked}>{$s}&nbsp;";
        $i++;
    }
    $list_display_style = $process_form['modeselect'] == 0 ? '' : 'style="display:none;"';
    $stat_display_style = $process_form['modeselect'] == 0 ? 'style="display:none;"' : '';
    $formatselect_display_opts = $process_form['modeselect'] == 1 && $process_form['stattype'] != 0 ? 'style="display:none;"' : '';
    ?>
			</td>
			<td align="right" style="border:none">
				<input class="button" type="button" name="JSbutton1" value="<?php 
    echo _("Clear Form");
    ?>
" onClick="ResetProcessingForm()">
				<input class="button" type="submit" name="process" value="<?php 
    echo _("Process");
    ?>
" style="font-weight:bold" id="process_button" onClick="form_ok=true;" size="1">
			</td>
			</tr>
			<tr id="listNRow" <?php 
    echo $list_display_style;
    ?>
>
				<td class='TDnfprocLabel'><?php 
    echo _("Limit to");
    ?>
:</td>
				<td class='TDnfprocControl'>
					<select name="listN" id="listN" style="margin-left:1" size="1">
<?php 
    for ($i = 0; $i < count($ListNOption); $i++) {
        $checked = $process_form['listN'] == $i ? 'selected' : '';
        print "<OPTION value='{$i}' {$checked}>" . $ListNOption[$i] . "</OPTION>\n";
    }
    ?>
					</select> <?php 
    echo _("Flows");
    ?>
<br>
				</td>
			</tr>
			<tr id="topNRow" <?php 
    echo $stat_display_style;
    ?>
>
				<td class='TDnfprocLabel'><?php 
    echo _("Top");
    ?>
:</td>
				<td class='TDnfprocControl'> 
					<select name="topN" id="TopN" size="1">
<?php 
    for ($i = 0; $i < count($TopNOption); $i++) {
        $checked = $process_form['topN'] == $i ? 'selected' : '';
        print "<OPTION value='{$i}' {$checked}>" . $TopNOption[$i] . "</OPTION>\n";
    }
    ?>
					</select>
				</td>
			</tr>
			<tr id="stattypeRow" <?php 
    echo $stat_display_style;
    ?>
>
				<td class="TDnfprocLabel"><?php 
    echo _("Stat");
    ?>
:</td>
				<td class="TDnfprocControl">
					<select name="stattype" id="StatTypeSelector" onChange="ShowHideOptions()" size="1">
<?php 
    for ($i = 0; $i < count($IPStatOption); $i++) {
        $checked = $process_form['stattype'] == $i ? 'selected' : '';
        print "<OPTION value='{$i}' {$checked}>" . $IPStatOption[$i] . "</OPTION>\n";
    }
    ?>
					</select>
					<?php 
    echo _("order by");
    ?>
&nbsp;
					<select name='statorder' id="statorder" size='1'>
<?php 
    for ($i = 0; $i < count($IPStatOrder); $i++) {
        $checked = $process_form['statorder'] == $i ? 'selected' : '';
        print "<OPTION value='{$i}' {$checked}>" . $IPStatOrder[$i] . "</OPTION>\n";
    }
    ?>
					</select>					
				</td>
			</tr>
			<tr id="AggregateRow" <?php 
    echo $formatselect_display_opts;
    ?>
>
				<td class='TDnfprocLabel'><?php 
    echo _("Aggregate");
    ?>
</td>
				<td class='TDnfprocControl'>
					<input type="checkbox" name="aggr_proto" id="aggr_proto" value="checked" 
						style="margin-left:1" <?php 
    echo $process_form['aggr_proto'];
    ?>
>&nbsp;<?php 
    echo _("proto");
    ?>
<br>
					<input type="checkbox" name="aggr_srcport" id="aggr_srcport" value="checked" 
						style="margin-left:1" <?php 
    echo $process_form['aggr_srcport'];
    ?>
>&nbsp;<?php 
    echo _("srcPort");
    ?>
					<input type="checkbox" name="aggr_srcip" id="aggr_srcip" value="checked" 
						style="margin-left:1" <?php 
    echo $process_form['aggr_srcip'];
    ?>
>&nbsp;
    				<select name="aggr_srcselect" id="aggr_srcselect" onChange="NetbitEntry('src')" size="1">
<?php 
    $i = 0;
    foreach (array('srcIP', 'srcIPv4/', 'srcIPv6/') as $s) {
        $checked = $process_form['aggr_srcselect'] == $i ? 'selected' : '';
        print "<option value='{$i}' {$checked}>{$s}</option>\n";
        $i++;
    }
    $_style = $process_form['aggr_srcselect'] == 0 ? 'style="display:none"' : '';
    ?>
					</select>
					<input size="3" type="text" name="aggr_srcnetbits" id="aggr_srcnetbits" 
						value="<?php 
    echo $process_form['aggr_srcnetbits'];
    ?>
" <?php 
    echo $_style;
    ?>
><br>
					<input type="checkbox" name="aggr_dstport" id="aggr_dstport" value="checked" 
						style="margin-left:1" <?php 
    echo $process_form['aggr_dstport'];
    ?>
>&nbsp;<?php 
    echo _("dstPort");
    ?>
					<input type="checkbox" name="aggr_dstip" id="aggr_dstip" value="checked" 
						style="margin-left:1" <?php 
    echo $process_form['aggr_dstip'];
    ?>
>&nbsp;
    				<select name="aggr_dstselect" id="aggr_dstselect" onChange="NetbitEntry('dst')" size="1">
<?php 
    $i = 0;
    foreach (array('dstIP', 'dstIPv4/', 'dstIPv6/') as $s) {
        $checked = $process_form['aggr_dstselect'] == $i ? 'selected' : '';
        print "<option value='{$i}' {$checked}>{$s}</option>\n";
        $i++;
    }
    $_style = $process_form['aggr_dstselect'] == 0 ? 'style="display:none"' : '';
    ?>
					</select>
					<input size="3" type="text" name="aggr_dstnetbits" id="aggr_dstnetbits" 
						value="<?php 
    echo $process_form['aggr_dstnetbits'];
    ?>
" <?php 
    echo $_style;
    ?>
><br>
				</td>
			</tr>
			<tr id="timesortedRow" <?php 
    echo $list_display_style;
    ?>
>
				<td class='TDnfprocLabel'><?php 
    echo _("Sort");
    ?>
:</td>
				<td class='TDnfprocControl'>
					<input type="checkbox" name="timesorted" id="timesorted" value="checked" 
						style="margin-left:1" <?php 
    echo $process_form['timesorted'];
    ?>
>
					<?php 
    echo _("start time of flows");
    ?>
</td>
			</tr>
			<tr id="limitoutputRow" <?php 
    echo $stat_display_style;
    ?>
>
				<td class='TDnfprocLabel'><?php 
    echo _("Limit");
    ?>
:</td>
				<td class='TDnfprocControl'>
					<input type="checkbox" name="limitoutput" id="limitoutput" value="checked" style="margin-left:1" 
						size="1" <?php 
    echo $process_form['limitoutput'];
    ?>
>
					<select name="limitwhat" id="limitwhat" size="1">
<?php 
    $i = 0;
    foreach (array(gettext("Packets"), gettext("Traffic")) as $s) {
        $checked = $process_form['limitwhat'] == $i ? 'selected' : '';
        print "<option value='{$i}' {$checked}>{$s}</option>\n";
        $i++;
    }
    ?>
					</select>
					<select name="limithow" id="limithow" size="1">
<?php 
    $i = 0;
    foreach (array('&gt;', '&lt;') as $s) {
        $checked = $process_form['limithow'] == $i ? 'selected' : '';
        print "<option value='{$i}' {$checked}>{$s}</option>\n";
        $i++;
    }
    ?>
					</select>
					<input type="text" name="limitsize" id="limitsize" value="<?php 
    echo $process_form['limitsize'];
    ?>
" SIZE="6" MAXLENGTH="8">
					<select name="limitscale" id="limitscale" size="1" style="margin-left:1">
<?php 
    $i = 0;
    foreach ($LimitScale as $s) {
        $checked = $process_form['limitscale'] == $i ? 'selected' : '';
        print "<option value='{$i}' {$checked}>{$s}</option>\n";
        $i++;
    }
    ?>
					</select>
				</td>
			</tr>

			<tr id="outputRow">
				<td class='TDnfprocLabel'><?php 
    echo _("Output");
    ?>
:</td>
				<td class='TDnfprocControl'>
					<span id="FormatSelect" <?php 
    echo $formatselect_display_opts;
    ?>
>
					<select name="output" id="output" onChange="CustomOutputFormat()"  style="margin-left:1" size="1">
<?php 
    foreach ($_SESSION['formatlist'] as $key => $value) {
        $checked = $process_form['output'] == $key ? 'selected' : '';
        print "<OPTION value='{$key}' {$checked}>{$key}</OPTION>\n";
    }
    $fmt = $_SESSION['formatlist'][$process_form['output']];
    if ($process_form['output'] == $fmt) {
        // built in format
        $space_display_style = '';
        $edit_display_style = 'style="display:none"';
    } else {
        $space_display_style = 'style="display:none"';
        $edit_display_style = '';
    }
    ?>
					</select>
    				<script language="Javascript" type="text/javascript">
						var fmts = new Hash();
<?php 
    foreach ($_SESSION['formatlist'] as $key => $value) {
        print "fmts.setItem('{$key}', '{$value}');\n";
    }
    ?>
					</script>
					<img src="icons/space.png" border="0" alt='space' id='space' <?php 
    echo $space_display_style;
    ?>
></img>
					<a href="#null" onClick="EditCustomFormat()"
						title="<?php 
    echo _("Edit format");
    ?>
" ><IMG SRC="icons/edit.png" name="fmt_doedit" id="fmt_doedit" border="0"
						<?php 
    echo $edit_display_style;
    ?>
 alt="<?php 
    echo _("Edit format");
    ?>
"></a>
					</span>
					<input type="checkbox" name="IPv6_long" id="IPv6_long" style="margin-left:1" value="checked" <?php 
    echo $process_form['IPv6_long'];
    ?>
>
					&nbsp;/ <?php 
    echo _("IPv6 long");
    $fmt_edit_display_style = $process_form['output'] == 'custom ...' ? '' : 'style="display:none"';
    ?>
					<span id="fmt_edit" <?php 
    echo $fmt_edit_display_style;
    ?>
>
					<br><?php 
    echo _("Enter custom output format");
    ?>
:<br>
					<input size="30" type="text" name="customfmt" id="customfmt" 
						value="<?php 
    echo htmlspecialchars(stripslashes($process_form['customfmt']));
    ?>
" >
					<input type="image" name="fmt_save" id="fmt_save" title="<?php 
    echo _("Save format");
    ?>
"
						onClick="SaveOutputFormat()" 
						value="" src="icons/save.png">
					<input type="image" name="fmt_delete" id="fmt_delete" title="<?php 
    echo _("Delete format");
    ?>
"
						onClick="DeleteOutputFormat()" 
						value="" src="icons/trash.png" <?php 
    echo $edit_display_style;
    ?>
>
					</span>
				</td>
			</tr>
		</table>
 	</td>
</tr>
<!--
<tr>
	<td></td><td></td>
	<td align="right" style="border:none">
		<input type="button" name="JSbutton1" value="<?php 
    echo _("Clear Form");
    ?>
" onClick="ResetProcessingForm()">
		<input type="submit" name="process" value="<?php 
    echo _("process");
    ?>
" id="process_button" onClick="form_ok=true;" size="1">
	</td>
</tr>
-->
</TABLE>
</form>

<div id="lookupbox">
	<div id="lookupbar" align="right" style="background-color:olivedrab"><img src="icons/close.png"
		onmouseover="this.style.cursor='pointer';" onClick="hidelookup()" title="<?php 
    echo _("Close lookup box");
    ?>
"></div>
	<iframe id="cframe" src="" frameborder="0" width=100% height=100%></iframe>
</div>


<?php 
    if (!array_key_exists('run', $_SESSION)) {
        return;
    }
    print "<div class='flowlist'>\n";
    $run = $_SESSION['run'];
    if ($run != null) {
        $filter = $process_form['filter'];
        if ($process_form['DefaultFilter'] != -1) {
            $cmd_opts['and_filter'] = $process_form['DefaultFilter'];
        }
        $cmd_opts['type'] = ($_SESSION['profileinfo']['type'] & 4) > 0 ? 'shadow' : 'real';
        $cmd_opts['profile'] = $_SESSION['profileswitch'];
        $cmd_opts['srcselector'] = implode(':', $process_form['srcselector']);
        print "<pre>\n";
        $pattern = '/(\\s*)([^\\s]+)/';
        $replacement = "\$1<a href='#null' onClick='lookup(\"\$2\", this, event)' title='lookup \$2'>\$2</a>";
        ClearMessages();
        $cmd_opts['args'] = "-T {$run}";
        $cmd_opts['filter'] = $filter;
        $titcol = "";
        if (preg_match("/ srcip/", $run)) {
            $titcol = _("Src IP");
        } elseif (preg_match("/ dstip/", $run)) {
            $titcol = _("Dst IP");
        } elseif (preg_match("/ srcport/", $run)) {
            $titcol = _("Src Port");
        } elseif (preg_match("/ dstport/", $run)) {
            $titcol = _("Dst Port");
        }
        $cmd_out = nfsend_query("run-nfdump", $cmd_opts);
        if (!is_array($cmd_out)) {
            ShowMessages();
        } else {
            require_once "classes/Host.inc";
            require_once "classes/Net.inc";
            require_once 'ossim_db.inc';
            require_once "ossim_conf.inc";
            $conf = $GLOBALS["CONF"];
            $solera = $conf->get_conf("solera_enable", FALSE) ? true : false;
            include "geoip.inc";
            $gi = geoip_open("/usr/share/geoip/GeoIP.dat", GEOIP_STANDARD);
            $db = new ossim_db();
            $conn = $db->connect();
            $sensors = $hosts = $ossim_servers = array();
            list($sensors, $hosts, $icons) = Host::get_ips_and_hostname($conn);
            /*$networks = "";
              $_nets = Net::get_all($conn);
              $_nets_ips = $_host_ips = $_host = array();
              foreach ($_nets as $_net) $_nets_ips[] = $_net->get_ips();
              $networks = implode(",",$_nets_ips);*/
            $hosts_ips = array_keys($hosts);
            /*
            				if ( array_key_exists('arg', $cmd_out) ) {
            					print "** nfdump " . $cmd_out['arg'] . "\n";
            				}
            				if ( array_key_exists('filter', $cmd_out) ) {
            					print "nfdump filter:\n";
            					foreach ( $cmd_out['filter'] as $line ) {
            						print "$line\n";
            					}
            				}
            				foreach ( $cmd_out['nfdump'] as $line ) {
            					print preg_replace($pattern, $replacement, $line) . "\n";
            				}
            				print "</pre>\n";*/
            # parse command line
            #2009-12-09 17:08:17.596    40.262 TCP        192.168.1.9:80    ->   217.126.167.80:51694 .AP.SF   0       70   180978        1    35960   2585     1
            $list = preg_match("/ \\-a  \\-A /", $cmd_out['arg']) ? 1 : 0;
            $regex = $list ? "/(\\d\\d\\d\\d\\-.*?\\s.*?)\\s+(.*?)\\s+(.*?)\\s+(.*?)\\s+->\\s+(.*?)\\s+(.*?)\\s+(.*?)\\s+(.*?)\\s+(.*?\\s*[KMG]?)\\s+(.*?)\\s+(.*?)\\s+(.*?)\\s+(.*)/" : "/(\\d\\d\\d\\d\\-.*?\\s.*?)\\s+(.*?)\\s+(.*?)\\s+(.*?)\\s+(.*?)\\s+(.*?)\\s+(.*?\\s*[KMGT]?)\\s+(.*?)\\s+(.*?)\\s+(.*)/";
            echo "<table style='width:100%;margin-bottom:5px''>";
            $geotools = false;
            if ($list && file_exists("../kml/GoogleEarth.php")) {
                $geotools = true;
                $geoips = array();
                echo "<tr><td class='nobborder'></td><td class='nobborder'></td><td class='nobborder'></td>";
                echo "<td class='center nobborder'>Geo Tools: <a href='' onclick='window.open(\"../kml/TourConfig.php?type=ip_src&ip=&flows=1\",\"Flows sources - Goggle Earth API\",\"width=1024,height=700,scrollbars=NO,toolbar=1\");return false'><img align='absmiddle' src='../pixmaps/google_earth_icon.png' border='0'></a>&nbsp;&nbsp;<a href='' onclick='window.open(\"../kml/IPGoogleMap.php?type=ip_src&ip=&flows=1\",\"Flows sources - Goggle Maps API\",\"width=1024,height=700,scrollbars=NO,toolbar=1\");return false'><img align='absmiddle' src='../pixmaps/google_maps_icon.png' border='0'></a></td>";
                echo "<td class='center nobborder'>Geo Tools: <a href='' onclick='window.open(\"../kml/TourConfig.php?type=ip_dst&ip=&flows=1\",\"Flows destinations - Goggle Earth API\",\"width=1024,height=700,scrollbars=NO,toolbar=1\");return false'><img align='absmiddle' src='../pixmaps/google_earth_icon.png' border='0'></a>&nbsp;&nbsp;<a href='' onclick='window.open(\"../kml/IPGoogleMap.php?type=ip_dst&ip=&flows=1\",\"Flows destinations - Goggle Maps API\",\"width=1024,height=700,scrollbars=NO,toolbar=1\");return false'><img align='absmiddle' src='../pixmaps/google_maps_icon.png' border='0'></a></td>";
                echo "</tr>";
            }
            echo $list ? "<tr>\n                    <th>" . _("Date flow start") . "</th>\n                    <th>" . _("Duration") . "</th>\n                    <th>" . _("Proto") . "</th>\n                    <th>" . _("Src IP Addr:Port") . "</th>\n                    <th>" . _("Dst IP Addr:Port") . "</th>\n                    <th>" . _("Flags") . "</th>\n                    <th>" . _("Tos") . "</th>\n                    <th>" . _("Packets") . "</th>\n                    <th>" . _("Bytes") . "</th>\n                    <th>" . _("pps") . "</th>\n                    <th>" . _("bps") . "</th>\n                    <th>" . _("Bpp") . "</th>\n                    <th>" . _("Flows") . "</th>\n                \t" . ($solera ? "<th></th>" : "") . "\n                    </tr>" : "<tr>\n                    <th>" . _("Date flow seen") . "</th>\n                    <th>" . _("Duration") . "</th>\n                    <th>" . _("Proto") . "</th>\n                    <th>" . $titcol . "</th>\n                    <th>" . _("Flows") . "</th>\n                    <th>" . _("Packets") . "</th>\n                    <th>" . _("Bytes") . "</th>\n                    <th>" . _("pps") . "</th>\n                    <th>" . _("bps") . "</th>\n                    <th>" . _("bpp") . "</th>\n                \t" . ($solera ? "<th></th>" : "") . "\n                    </tr>";
            $status = $errors = array();
            //print_r($cmd_out['nfdump']);
            foreach ($cmd_out['nfdump'] as $k => $line) {
                echo "<tr>\n";
                #capture status
                if (preg_match("/^(Summary|Time window|Total flows processed|Sys)\\:/", $line, $found)) {
                    $status[$found[1]] = str_replace($found[1] . ":", "", $line);
                }
                # capture errors
                if (preg_match("/ error /i", $line, $found)) {
                    $errors[] = $line;
                }
                # print results
                $line = preg_replace("/\\(\\s(\\d)/", "(\\1", $line);
                // Patch for ( 0.3)
                $line = preg_replace("/(\\d)\\s([KMG])/", "\\1\\2", $line);
                // Patch for 1.2 M(99.6)
                $start = $end = $proto = "";
                $ips = $ports = array();
                if (preg_match($regex, preg_replace('/\\s*/', ' ', $line), $found)) {
                    foreach ($found as $ki => $field) {
                        if ($ki > 0) {
                            $wrap = $ki == 1 ? "nowrap" : "";
                            $field = preg_replace("/(\\:\\d+)\\.0\$/", "\\1", $field);
                            if (preg_match("/(\\d+\\.\\d+\\.\\d+\\.\\d+)(.*)/", $field, $fnd)) {
                                # match ip (resolve and geolocalize)
                                $ip = $fnd[1];
                                $port = $fnd[2];
                                $name = $sensors[$ip] != "" ? $sensors[$ip] : ($hosts[$ip] != "" ? $hosts[$ip] : $ip);
                                $homelan = ($match_cidr = Net::is_ip_in_cache_cidr($conn, $ip)) || in_array($ip, $hosts_ips) ? " <a href='javascript:;' class='scriptinfo' style='text-decoration:none' ip='{$ip}'><img src=\"" . Host::get_homelan_icon($ip, $icons, $match_cidr, $conn) . "\" border=0></a>" : "";
                                $country = strtolower(geoip_country_code_by_addr($gi, $ip));
                                $country_name = geoip_country_name_by_addr($gi, $ip);
                                if ($country) {
                                    $country_img = " <img src=\"/ossim/pixmaps/flags/" . $country . ".png\" alt=\"" . _($country_name) . "\" title=\"" . _($country_name) . "\">";
                                } else {
                                    $country_img = "";
                                }
                                $field = "<a href='javascript:;' class='HostReportMenu' id='{$ip};{$name}'>{$name}</a>{$port} {$country_img} {$homelan}";
                                $wrap = "nowrap";
                                $ips[] = $ip;
                                if ($geotools) {
                                    if ($ki == 4) {
                                        $geoips['ip_src'][$ip]++;
                                    } elseif ($ki == 5) {
                                        $geoips['ip_dst'][$ip]++;
                                    }
                                }
                                $ports[] = str_replace(":", "", $port);
                            }
                            if (preg_match("/(\\d+-\\d+-\\d+ \\d+:\\d+:\\d+)(.*)/", $field, $fnd)) {
                                # match date
                                $start = $end = $fnd[1];
                            }
                            if (preg_match("/(TCP|UDP|ICMP|RAW)/", $field, $fnd)) {
                                # match date
                                $proto = strtolower($fnd[1]);
                            }
                            print "<td {$wrap}>{$field}</td>";
                        }
                    }
                    // solera deepsee integration
                    if ($solera) {
                        echo "<td><a href=\"javascript:;\" onclick=\"solera_deepsee('{$start}','{$end}','" . $ips[0] . "','" . $ports[0] . "','" . $ips[1] . "','" . $ports[1] . "','{$proto}')\"><img src='/ossim/pixmaps/solera.png' border='0' align='absmiddle'></a></td>";
                    }
                }
                echo "</tr>\n";
            }
            echo "</table>";
            if ($geotools) {
                foreach ($geoips as $type => $list) {
                    $ipsfile = fopen("/var/tmp/flowips_" . Session::get_session_user() . ".{$type}", "w");
                    foreach ($list as $ip => $val) {
                        fputs($ipsfile, "{$ip}\n");
                    }
                    fclose($ipsfile);
                }
            }
            #Summary: total flows: 20, total bytes: 7701, total packets: 133, avg bps: 60, avg pps: 0, avg bpp: 57
            #Time window: 2009-12-10 08:21:30 - 2009-12-10 08:38:26
            #Total flows processed: 21, Records skipped: 0, Bytes read: 1128
            #Sys: 0.000s flows/second: 0.0        Wall: 0.000s flows/second: 152173.9
            if (count($status) > 0) {
                echo "<table style='margin-bottom:5px;width:100%'>";
                foreach ($status as $key => $line) {
                    $line = preg_replace("/(Wall)\\:/", "<span class='th'>\\1</span>", $line);
                    $line = preg_replace("/\\,\\s+(.*?)\\:/", " <span class='th'>\\1</span>", $line);
                    echo "<tr><td class='nobborder'><span class='th'>{$key}</span>{$line}</td></tr>";
                }
                echo "</table>";
            }
            # stat() error '/home/dk/nfsen/profiles-data/live/device2/2009/12/10/nfcapd.200912100920': File not found!
            if (count($errors) > 0) {
                echo "<table style='margin-bottom:5px;width:100%'>";
                foreach ($errors as $key => $line) {
                    echo "<tr><td class='nobborder'><span class='th'>" . _("Error found") . "</span> {$line}</td></tr>";
                }
                echo "</table>";
            }
            $conn->disconnect();
        }
        #print "</pre>\n";
    }
    print "</div>\n";
    return;
}
コード例 #17
0
ファイル: kdb.php プロジェクト: AntBean/alienvault-ossim
    $db_kdb = new ossim_db();
    $conn_kdb = $db_kdb->connect();
    //Taxonomy
    $ptype = Product_type::get_product_type_by_plugin($conn_kdb, $plugin_id);
    $cat = Category::get_category_subcategory_by_plugin($conn_kdb, $plugin_id, $plugin_sid);
    $keyname = (empty($ptype['id']) ? 0 : $ptype['id']) . "##" . (empty($cat['cid']) ? 0 : $cat['cid']) . "##" . (empty($cat['scid']) ? 0 : $cat['scid']);
    $repository_list['taxonomy'] = Repository::get_repository_linked($conn_kdb, $keyname, 'taxonomy');
    //Directive
    if ($plugin_id == '1505') {
        $repository_list['directive'] = Repository::get_linked_by_directive($conn_kdb, $plugin_sid);
    }
    //Plugin SID
    $keyname = "{$plugin_sid}##{$plugin_id}";
    $repository_list['plugin_sid'] = Repository::get_repository_linked($conn_kdb, $keyname, 'plugin_sid');
    $docs = count($repository_list['directive']) + count($repository_list['plugin_sid']) + count($repository_list['taxonomy']);
    $db_kdb->close($conn_kdb);
}
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
	<title> <?php 
echo _('AlienVault ' . (Session::is_pro() ? 'USM' : 'OSSIM'));
?>
 </title>
	
	<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>
	<meta http-equiv="Pragma" content="no-cache"/>
	
	 <?php 
コード例 #18
0
ファイル: import_all_hosts.php プロジェクト: jackpf/ossim-arc
function import_assets_from_csv($filename, $iic, $ctx, $import_type)
{
    //Process status
    $summary = array('general' => array('status' => '', 'data' => '', 'statistics' => array('total' => 0, 'warnings' => 0, 'errors' => 0, 'saved' => 0)), 'by_hosts' => array());
    $db = new ossim_db();
    $conn = $db->connect();
    $str_data = file_get_contents($filename);
    if ($str_data === FALSE) {
        $summary['general']['status'] = 'error';
        $summary['general']['data']['errors'] = _('Failed to read data from CSV file');
        $summary['general']['statistics']['errors'] = 1;
        return $summary;
    }
    $array_data = preg_split('/\\n|\\r/', $str_data);
    foreach ($array_data as $k => $v) {
        if (trim($v) != '') {
            $data[] = explode('";"', trim($v));
        }
    }
    /*************************************************************************************************************************************
     * From asset section:
     *  - Version 4.x.x or higher: "IP (IP1,IP2,...)";"Hostname";"FQDNs(FQDN1,FQDN2,...)";"Description";"Asset value";"Operating System";
     *                   "Latitude";"Longitude";"Host ID";"External Asset";"Device Types(Type1,Type2,...)"
     *
     *  - Version 3.x.x: "IP"*;"Hostname";"FQDNs(FQDN1,FQDN2,...)";"Description";"Asset value";"Sensors(Sensor1,Sensor2,...)";
     *                   "Operating System";"Latitude";"Longitude"
     *
     * From welcome wizard:
     *  - Version 4.x.x or higher: "IP (IP1,IP2,...)";"Hostname";"Description";"Operating System";"Device Type(Type1,Type2,...)"
     *
     **************************************************************************************************************************************/
    //Check file size
    if (count($data) <= 0 || count($data) == 1 && preg_match('/IP/', $data[0][0])) {
        $summary['general']['status'] = 'error';
        $summary['general']['data'] = _('CSV file is empty');
        $summary['general']['statistics']['errors'] = 1;
        return $summary;
    }
    //Check importation type and headers
    $csv_headers = array();
    if ($import_type == 'hosts') {
        if (preg_match('/Operating System/', $data[0][5]) || preg_match('/Sensors/', $data[0][5])) {
            $csv_headers = array_shift($data);
        } else {
            $summary['general']['status'] = 'error';
            $summary['general']['data'] = _('Headers not found');
            $summary['general']['statistics']['errors'] = 1;
            return $summary;
        }
    }
    //Setting total hosts to import
    $summary['general']['statistics']['total'] = count($data);
    //Getting all Operating System
    $all_os = Properties::get_all_os();
    //Getting devices types
    $all_devices = array();
    $aux_all_devices = Devices::get_all_for_filter($conn);
    $_all_devices = $aux_all_devices[0];
    foreach ($_all_devices as $d_data) {
        $d_key = $d_data['type_name'];
        $d_key .= $d_data['subtype_id'] != 0 ? ':' . $d_data['subtype_name'] : '';
        $all_devices[$d_key] = $d_data['type_id'] . ':' . $d_data['subtype_id'];
    }
    //Allowed sensors
    $filters = array('where' => "acl_sensors.entity_id = UNHEX('{$ctx}')");
    $a_sensors = Av_sensor::get_basic_list($conn, $filters);
    $sensor_ids = array_keys($a_sensors);
    if (count($sensor_ids) == 0) {
        $summary['general']['status'] = 'error';
        $s_error_msg = Session::is_pro() ? _('There is no sensors for this context') : _('There is no sensors for this IP address');
        $summary['general']['data'] = $s_error_msg;
        $summary['general']['statistics']['errors'] = 1;
        return $summary;
    }
    Util::disable_perm_triggers($conn, TRUE);
    foreach ($data as $k => $v) {
        //Clean previous errors
        ossim_clean_error();
        $num_line = $k + 1;
        //Set default status
        $summary['by_hosts'][$num_line]['status'] = 'error';
        //Check file format
        $cnd_1 = $import_type == 'hosts' && count($v) < 9;
        $cnd_2 = $import_type == 'welcome_wizard_hosts' && count($v) < 5;
        if ($cnd_1 || $cnd_2) {
            $summary['by_hosts'][$num_line]['errors']['Format'] = _('Number of fields is incorrect');
            $summary['general']['statistics']['errors']++;
            continue;
        }
        //Clean values
        $param = array();
        $index = 0;
        $max_index = count($v) - 1;
        foreach ($v as $field) {
            $parameter = trim($field);
            if ($index == 0) {
                $pattern = '/^\\"|^\'/';
                $param[] = preg_replace($pattern, '', $parameter);
            } else {
                if ($index == $max_index) {
                    $pattern = '/\\"$|\'$/';
                    $param[] = preg_replace($pattern, '', $parameter);
                } else {
                    $param[] = $parameter;
                }
            }
            $index++;
        }
        //Values
        $is_in_db = FALSE;
        $host_id = '';
        $sensors = $sensor_ids;
        $csv_ips = preg_replace("/\\s+/", '', $param[0]);
        if (!empty($param[1])) {
            $name = $param[1];
        } else {
            $aux_name = str_replace(' ', '', $csv_ips);
            $aux_name = str_replace(',', '-', $aux_name);
            $name = Asset_host::get_autodetected_name($aux_name);
        }
        if ($import_type == 'hosts') {
            $fqdns = $param[2];
            $descr = $param[3];
            $asset_value = !empty($param[4]) ? $param[4] : 2;
            if (preg_match('/Host ID/', $csv_headers[8])) {
                $os = $param[5];
                $latitude = floatval($param[6]);
                $longitude = floatval($param[7]);
                $external = empty($param[9]) ? 0 : intval($param[9]);
                $csv_devices = $param[10];
            } else {
                $os = $param[6];
                $latitude = floatval($param[7]);
                $longitude = floatval($param[8]);
                $external = 0;
                $csv_devices = '';
            }
        } else {
            $descr = $param[2];
            $os = $param[3];
            $latitude = 0;
            $longitude = 0;
            $asset_value = 2;
            $external = 0;
            $csv_devices = $param[4];
        }
        //Permissions
        $can_i_create_assets = Session::can_i_create_assets();
        $can_i_modify_ips = TRUE;
        //IPs
        if (!ossim_valid($csv_ips, OSS_IP_ADDR, 'illegal:' . _('IP'))) {
            $summary['by_hosts'][$num_line]['errors']['IP'] = ossim_get_error_clean();
            $summary['general']['statistics']['errors']++;
            continue;
        }
        //Check Host ID: Is there a host registered in the System?
        $host_ids = Asset_host::get_id_by_ips($conn, $csv_ips, $ctx);
        $host_id = key($host_ids);
        if (!empty($host_id)) {
            $is_in_db = TRUE;
        } else {
            $host_id = Util::uuid();
        }
        // Special case: Forced Host ID [Version 4.x.x or higher]
        if ($import_type == 'hosts' && preg_match('/Host ID/', $csv_headers[8]) && valid_hex32($param[8])) {
            $csv_hosts_id = strtoupper($param[8]);
            if ($is_in_db == TRUE && $csv_hosts_id != $host_id) {
                $id_error_msg = _('Host is already registered in the System with another Host ID');
                $summary['by_hosts'][$num_line]['errors']['Host'] = $id_error_msg;
                $summary['general']['statistics']['errors']++;
                continue;
            } else {
                if ($is_in_db == FALSE) {
                    $host_id = $csv_hosts_id;
                    // Save host ID to insert it
                }
            }
        }
        //Hostname
        if (!empty($iic)) {
            $name = clean_iic($name);
        }
        if (!ossim_valid($name, OSS_HOST_NAME, 'illegal:' . _('Hostname'))) {
            ossim_clean_error();
            $name = Asset_host::create_valid_name($name);
            $warning_msg = _('Hostname does not match with RFC 1123 specifications') . '<br/>' . _('Hostname will be replaced by') . ": <strong>{$name}</strong>";
            $summary['by_hosts'][$num_line]['warnings']['Hostname'] = $warning_msg;
            $summary['by_hosts'][$num_line]['status'] = 'warning';
            $summary['general']['statistics']['warnings']++;
            if (!ossim_valid($name, OSS_HOST_NAME, 'illegal:' . _('Hostname'))) {
                unset($summary['by_hosts'][$num_line]['warnings']);
                $summary['general']['statistics']['warnings']--;
                $summary['by_hosts'][$num_line]['status'] = 'error';
                $summary['by_hosts'][$num_line]['errors']['Hostname'] = ossim_get_error_clean();
                $summary['general']['statistics']['errors']++;
                continue;
            }
        }
        //Description
        if (!ossim_valid($descr, OSS_NULLABLE, OSS_ALL, 'illegal:' . _('Description'))) {
            $summary['by_hosts'][$num_line]['errors']['Description'] = ossim_get_error_clean();
            $summary['general']['statistics']['errors']++;
            continue;
        } else {
            if (mb_detect_encoding($descr . ' ', 'UTF-8,ISO-8859-1') == 'UTF-8') {
                $descr = mb_convert_encoding($descr, 'HTML-ENTITIES', 'UTF-8');
            }
        }
        //Operating System
        $os_pattern = '/' . preg_quote(implode('|', $all_os), '/') . '/';
        $os_pattern = str_replace('\\|', '|', $os_pattern);
        if (!empty($os) && !preg_match($os_pattern, $os)) {
            $warning_msg = _('Operating System unknown');
            $summary['by_hosts'][$num_line]['warnings']['Operating System'] = $warning_msg;
            $summary['by_hosts'][$num_line]['status'] = 'warning';
            $summary['general']['statistics']['warnings']++;
            $os = 'Unknown';
        }
        //Devices Types
        $devices = array();
        $unallowed_devices = array();
        if (!empty($csv_devices)) {
            $aux_devices = explode(',', $csv_devices);
            if (is_array($aux_devices) && !empty($aux_devices)) {
                foreach ($aux_devices as $d_name) {
                    $d_name = trim($d_name);
                    if (array_key_exists($d_name, $all_devices)) {
                        $devices[] = $all_devices[$d_name];
                    } else {
                        $unallowed_devices[] = $d_name;
                    }
                }
                if (!empty($unallowed_devices)) {
                    $warning_msg = _('Some devices could not be added (Type and/or subtype unknown)') . ': ' . implode(',', $unallowed_devices);
                    $summary['by_hosts'][$num_line]['warnings']['Devices'] = $warning_msg;
                    $summary['by_hosts'][$num_line]['status'] = 'warning';
                    $summary['general']['statistics']['warnings']++;
                }
            }
        }
        //Sensor
        if ($is_in_db == FALSE) {
            //Only update host sensors with unregistered hosts
            if ($import_type == 'hosts' && preg_match('/Sensors/', $csv_headers[5])) {
                //Special case: Sensors in CSV file //[Version 3.x.x]
                $sensors = array();
                $_sensors = explode(',', $param[4]);
                if (is_array($_sensors) && !empty($_sensors)) {
                    $_sensors = array_flip($_sensors);
                    if (is_array($a_sensors) && !empty($a_sensors)) {
                        foreach ($a_sensors as $s_id => $s_data) {
                            if (array_key_exists($s_data['ip'], $_sensors)) {
                                $sensors[] = $s_id;
                            }
                        }
                    }
                }
                if (!is_array($sensors) || empty($sensors)) {
                    $s_error_msg = Session::is_pro() ? _('There is no sensors for this context') : _('There is no sensors for this IP address');
                    $summary['by_hosts'][$num_line]['errors']['Sensors'] = $s_error_msg;
                    $summary['general']['statistics']['errors']++;
                    continue;
                }
            }
        }
        /***********************************************************
         ********** Only for importation from host section **********
         ***********************************************************/
        if ($import_type == 'hosts') {
            //FQDNs
            if (!ossim_valid($fqdns, OSS_FQDNS, OSS_NULLABLE, 'illegal:' . _('FQDN/Aliases'))) {
                $summary['by_hosts'][$num_line]['errors']['FQDN/Aliases'] = ossim_get_error_clean();
                $summary['general']['statistics']['errors']++;
                continue;
            }
            //Asset
            if (!ossim_valid($asset_value, OSS_DIGIT, 'illegal:' . _('Asset value'))) {
                $summary['by_hosts'][$num_line]['errors']['Asset value'] = ossim_get_error_clean();
                $summary['general']['statistics']['errors']++;
                continue;
            }
            //Latitude
            if (!empty($latitude)) {
                if (!ossim_valid(trim($latitude), OSS_NULLABLE, OSS_DIGIT, OSS_DOT, '\\-', 'illegal:' . _('Latitude'))) {
                    $summary['by_hosts'][$num_line]['errors']['Latitude'] = ossim_get_error_clean();
                    $summary['general']['statistics']['errors']++;
                    continue;
                }
            }
            //Longitude
            if (!empty($longitude)) {
                if (!ossim_valid(trim($longitude), OSS_NULLABLE, OSS_DIGIT, OSS_DOT, '\\-', 'illegal:' . _('Longitude'))) {
                    $summary['by_hosts'][$num_line]['errors']['Longitude'] = ossim_get_error_clean();
                    $summary['general']['statistics']['errors']++;
                    continue;
                }
            }
        }
        //Insert/Update host in database
        if (count($summary['by_hosts'][$num_line]['errors']) == 0) {
            try {
                $host = new Asset_host($conn, $host_id);
                if ($is_in_db == TRUE) {
                    $host->load_from_db($conn, $host_id);
                    $can_i_modify_ips = Asset_host::can_i_modify_ips($conn, $host_id);
                } else {
                    if ($can_i_create_assets == FALSE) {
                        $n_error_msg = _('Host') . ' ' . $name . ' ' . _("not allowed. You don't have permissions to import this host");
                        $summary['by_hosts'][$num_line]['errors']['Net'] = $n_error_msg;
                        $summary['general']['statistics']['errors']++;
                        continue;
                    }
                }
                //Check IPs
                if ($can_i_modify_ips == TRUE) {
                    $aux_ips = explode(',', $csv_ips);
                    foreach ($aux_ips as $ip) {
                        $host_ids = Asset_host::get_id_by_ips($conn, $ip, $ctx);
                        unset($host_ids[$host_id]);
                        if (!empty($host_ids)) {
                            $c_error_msg = _('IP') . ' ' . $csv_ips . ' ' . _("not allowed. IP {$ip} already exists for this entity");
                            $summary['by_hosts'][$num_line]['errors']['IP'] = $c_error_msg;
                            $summary['general']['statistics']['errors']++;
                            break;
                        } else {
                            $cnd_1 = Session::get_net_where() != '' && !Session::only_ff_net();
                            $cnd_2 = Asset_host::is_ip_in_cache_cidr($conn, $ip, $ctx, TRUE);
                            if ($cnd_1 && !$cnd_2) {
                                $c_error_msg = sprintf(_("Error! The IP %s is not allowed. Please check with your account admin for more information"), $csv_ips);
                                $summary['by_hosts'][$num_line]['errors']['IP'] = $c_error_msg;
                                $summary['general']['statistics']['errors']++;
                                break;
                            }
                        }
                    }
                } else {
                    $c_error_msg = _('Host') . ' ' . $name . ': ' . _("IP address not allowed. IP address cannot be modified");
                    $summary['by_hosts'][$num_line]['status'] = 'warning';
                    $summary['general']['warnings']['errors']++;
                    $summary['by_hosts'][$num_line]['warnings']['IP'] = $c_error_msg;
                }
                //Setting new values
                if (count($summary['by_hosts'][$num_line]['errors']) == 0) {
                    $host->set_ctx($ctx);
                    $host->set_name($name);
                    $host->set_descr($descr);
                    if ($is_in_db == FALSE) {
                        if ($can_i_modify_ips == TRUE) {
                            if (is_array($aux_ips) && !empty($aux_ips)) {
                                $ips = array();
                                foreach ($aux_ips as $ip) {
                                    $ips[$ip] = array('ip' => $ip, 'mac' => NULL);
                                }
                                $host->set_ips($ips);
                            }
                        }
                        $host->set_sensors($sensors);
                    }
                    if (!empty($fqdns)) {
                        $host->set_fqdns($fqdns);
                    }
                    $host->set_external($external);
                    $host->set_location($latitude, $longitude);
                    $host->set_asset_value($asset_value);
                    $host->set_devices($devices);
                    $host->save_in_db($conn, FALSE);
                    //Save Operating System
                    if (!empty($os)) {
                        Asset_host_properties::save_property_in_db($conn, $host_id, 3, $os, 2);
                    }
                    $summary['general']['statistics']['saved']++;
                    $summary['by_hosts'][$num_line]['data'] = $is_in_db == TRUE ? _('Asset updated') : _('New asset inserted');
                    //Keep warnings
                    if ($summary['by_hosts'][$num_line]['status'] != 'warning') {
                        $summary['by_hosts'][$num_line]['status'] = 'success';
                    }
                }
            } catch (Exception $e) {
                $summary['by_hosts'][$num_line]['errors']['Database error'] = $e->getMessage();
                $summary['general']['statistics']['errors']++;
            }
        }
    }
    if ($summary['general']['statistics']['saved'] > 0) {
        if ($summary['general']['statistics']['errors'] == 0) {
            $summary['general']['status'] = 'success';
            $summary['general']['data'] = _('All assets have been successfully imported ');
        } else {
            $summary['general']['status'] = 'warning';
            $summary['general']['data'] = _('Some assets cannot be imported');
        }
        Util::disable_perm_triggers($conn, FALSE);
        try {
            Asset_host::report_changes($conn, 'hosts');
        } catch (Exception $e) {
            Av_exception::write_log(Av_exception::USER_ERROR, $e->getMessage());
        }
    } else {
        $summary['general']['statistics']['errors'] = count($data);
        //CSV file is not empty, but all lines are wrong
        if (empty($summary['general']['status'])) {
            $summary['general']['status'] = 'error';
            $summary['general']['data'] = _('Assets cannot be imported');
        }
    }
    @$conn->Execute("REPLACE INTO alienvault.host_net_reference SELECT host.id,net_id FROM alienvault.host, alienvault.host_ip, alienvault.net_cidrs WHERE host.id = host_ip.host_id AND host_ip.ip >= net_cidrs.begin AND host_ip.ip <= net_cidrs.end");
    $db->close();
    return $summary;
}
コード例 #19
0
ファイル: utils.php プロジェクト: jhbsz/ossimTest
function SIEM_trends_hids($agent_ip)
{
    include_once '../panel/sensor_filter.php';
    require_once 'classes/Plugin.inc';
    require_once 'classes/Util.inc';
    require_once 'ossim_db.inc';
    $tz = Util::get_timezone();
    $tzc = Util::get_tzc($tz);
    $data = array();
    $plugins = $plugins_sql = "";
    $db = new ossim_db();
    $dbconn = $db->connect();
    $sensor_where = make_sensor_filter($dbconn);
    // Ossec filter
    $oss_p_id_name = Plugin::get_id_and_name($dbconn, "WHERE name LIKE 'ossec%'");
    $plugins = implode(",", array_flip($oss_p_id_name));
    $plugins_sql = "AND acid_event.plugin_id in ({$plugins})";
    // Agent ip filter
    $agent_where = make_sid_filter($dbconn, $agent_ip);
    if ($agent_where == "") {
        $agent_where = "0";
    }
    $sqlgraph = "SELECT COUNT(acid_event.sid) as num_events, day(convert_tz(timestamp,'+00:00','{$tzc}')) as intervalo, monthname(convert_tz(timestamp,'+00:00','{$tzc}')) as suf FROM snort.acid_event LEFT JOIN ossim.plugin ON acid_event.plugin_id=plugin.id WHERE sid in ({$agent_where}) AND timestamp BETWEEN '" . gmdate("Y-m-d 00:00:00", gmdate("U") - 604800) . "' AND '" . gmdate("Y-m-d 23:59:59") . "' {$plugins_sql} {$sensor_where} GROUP BY suf,intervalo ORDER BY suf,intervalo";
    //print $sqlgraph;
    if (!($rg =& $dbconn->Execute($sqlgraph))) {
        return false;
    } else {
        while (!$rg->EOF) {
            $hours = $rg->fields["intervalo"] . " " . substr($rg->fields["suf"], 0, 3);
            $data[$hours] = $rg->fields["num_events"];
            $rg->MoveNext();
        }
    }
    $db->close($dbconn);
    return $data;
}
コード例 #20
0
if (!isset($_SESSION["_user"])) {
    $ossim_link = $conf->get_conf("ossim_link", FALSE);
    $login_location = $ossim_link . '/session/login.php';
    header("Location: {$login_location}");
    exit;
}
// Solera API
$_SESSION["_solera"] = $conf->get_conf("solera_enable", FALSE) ? true : false;
//
// Get Host names to translate IP -> Host Name
require_once "ossim_db.inc";
$dbo = new ossim_db();
// Multiple Database Server selector
$conn = $dbo->connect();
$database_servers = Databases::get_list($conn);
$dbo->close();
//
if (is_array($_SESSION["server"]) && $_SESSION["server"][0] != "") {
    $dbo->enable_cache();
    $conn = $dbo->custom_connect($_SESSION["server"][0], $_SESSION["server"][2], $_SESSION["server"][3]);
} else {
    $dbo->enable_cache();
    $conn = $dbo->connect();
}
include_once "{$BASE_path}/base_common.php";
$sensors = $hosts = $ossim_servers = array();
$sensors = Av_sensor::get_basic_list($conn, array(), TRUE);
list($hosts, $host_ids) = Asset_host::get_basic_list($conn, array(), TRUE);
$entities = Session::get_all_entities($conn);
$rep_activities = Reputation::get_reputation_activities($conn, "ORDER BY descr", $db_memcache);
$rep_severities = array("ANY", "High", "Medium", "Low");
コード例 #21
0
ファイル: PCI-DSS.php プロジェクト: jackpf/ossim-arc
  * PCI Version, if 3.0 then this variable is predefined in PCI-DSS3.php
  * The code is shared with this only diference
  */
 $pci_version = $pci_version != '' ? $pci_version : '';
 $sql_year = "STR_TO_DATE( CONCAT( a.year, '-', a.month, '-', a.day ) , '%Y-%m-%d' ) >= '{$date_from}' AND STR_TO_DATE( CONCAT( a.year, '-', a.month, '-', a.day ) , '%Y-%m-%d' ) <= '{$date_to}'";
 //create
 require_once 'ossim_db.inc';
 $db1 = new ossim_db();
 $conn1 = $db1->connect();
 // Check if PCI database exists
 if (!pci_database_available($conn1, "PCI{$pci_version}")) {
     $htmlPdfReport->pageBreak();
     $htmlPdfReport->setBookmark($title);
     $htmlPdfReport->set($htmlPdfReport->newTitle($title, "", "", null));
     $htmlPdfReport->set('<table align="center" width="750" cellpadding="0" cellspacing="0"><tr><td>' . _('Database not found') . ': PCI' . $pci_version . '</td></tr></table><br/><br/>');
     $db1->close();
 } else {
     tmp_insert($conn1, "PCI{$pci_version}.R01_FW_Config");
     tmp_insert($conn1, "PCI{$pci_version}.R02_Vendor_default");
     tmp_insert($conn1, "PCI{$pci_version}.R03_Stored_cardholder");
     tmp_insert($conn1, "PCI{$pci_version}.R04_Data_encryption");
     tmp_insert($conn1, "PCI{$pci_version}.R05_Antivirus");
     tmp_insert($conn1, "PCI{$pci_version}.R06_System_app");
     tmp_insert($conn1, "PCI{$pci_version}.R07_Access_control");
     tmp_insert($conn1, "PCI{$pci_version}.R08_UniqueID");
     tmp_insert($conn1, "PCI{$pci_version}.R09_Physical_Access");
     tmp_insert($conn1, "PCI{$pci_version}.R10_Monitoring");
     tmp_insert($conn1, "PCI{$pci_version}.R11_Security_test");
     tmp_insert($conn1, "PCI{$pci_version}.R12_IS_Policy");
     $sql = "SELECT * FROM ( SELECT * FROM\n    (select 'R1 Firewall Config','R01_FW_Config', count(*) as volume from datawarehouse.ssi_user a where\n    a.sid in (SELECT sid from datawarehouse.tmp_user WHERE user='******' and section='R01_FW_Config') AND a.user='******' AND " . $sql_year . " ) AS A5\n    UNION SELECT * FROM\n    (select 'R2 Vendor Default','R02_Vendor_default', count(*) as volume from datawarehouse.ssi_user a where\n    a.sid in (SELECT sid from datawarehouse.tmp_user WHERE user='******' and section='R02_Vendor_default') AND a.user='******' AND " . $sql_year . " ) AS A6\n    UNION SELECT * FROM\n    (select 'R3 Stored Cardholder','R03_Stored_cardholder', count(*) as volume from datawarehouse.ssi_user a where\n    a.sid in (SELECT sid from datawarehouse.tmp_user WHERE user='******' and section='R03_Stored_cardholder') AND a.user='******' AND " . $sql_year . " ) AS A7\n    UNION SELECT * FROM\n    (select 'R4 Data Encryption','R04_Data_encryption', count(*) as volume from datawarehouse.ssi_user a where\n    a.sid in (SELECT sid from datawarehouse.tmp_user WHERE user='******' and section='R04_Data_encryption') AND a.user='******' AND " . $sql_year . " ) AS A8\n    UNION SELECT * FROM\n    (select 'R5 Antivirus','R05_Antivirus', count(*) as volume from datawarehouse.ssi_user a where\n    a.sid in (SELECT sid from datawarehouse.tmp_user WHERE user='******' and section='R05_Antivirus') AND a.user='******' AND " . $sql_year . " ) AS A9\n    UNION SELECT * FROM\n    (select 'R6 System Appplication','R06_System_app', count(*) as volume from datawarehouse.ssi_user a where\n    a.sid in (SELECT sid from datawarehouse.tmp_user WHERE user='******' and section='R06_System_app') AND a.user='******' AND " . $sql_year . " ) AS A10\n    UNION SELECT * FROM\n    (select 'R7 Access Control','R07_Access_control', count(*) as volume from datawarehouse.ssi_user a where\n    a.sid in (SELECT sid from datawarehouse.tmp_user WHERE user='******' and section='R07_Access_control') AND a.user='******' AND " . $sql_year . " ) AS A11\n    UNION SELECT * FROM\n    (select 'R8 Unique ID','R08_UniqueID', count(*) as volume from datawarehouse.ssi_user a where\n    a.sid in (SELECT sid from datawarehouse.tmp_user WHERE user='******' and section='R08_UniqueID') AND a.user='******' AND " . $sql_year . " ) AS A12\n    UNION SELECT * FROM\n    (select 'R9 Physical Access','R09_Physical_Access', count(*) as volume from datawarehouse.ssi_user a where\n    a.sid in (SELECT sid from datawarehouse.tmp_user WHERE user='******' and section='R09_Physical_Access') AND a.user='******' AND " . $sql_year . " ) AS A13\n    UNION SELECT * FROM\n    (select 'R10 Monitoring','R10_Monitoring', count(*) as volume from datawarehouse.ssi_user a where\n    a.sid in (SELECT sid from datawarehouse.tmp_user WHERE user='******' and section='R10_Monitoring') AND a.user='******' AND " . $sql_year . " ) AS A14\n    UNION SELECT * FROM\n    (select 'R11 Security Tests','R11_Security_test', count(*) as volume from datawarehouse.ssi_user a where\n    a.sid in (SELECT sid from datawarehouse.tmp_user WHERE user='******' and section='R11_Security_test') AND a.user='******' AND " . $sql_year . " ) AS A15\n    UNION SELECT * FROM\n    (select 'R12 IS Policy','R12_IS_Policy', count(*) as volume from datawarehouse.ssi_user a where\n    a.sid in (SELECT sid from datawarehouse.tmp_user WHERE user='******' and section='R12_IS_Policy') AND a.user='******' AND " . $sql_year . " ) AS A15\n    ) AS alliso;";
     $rs = $conn1->Execute($sql);
コード例 #22
0
ファイル: details.php プロジェクト: jackpf/ossim-arc
function DisplayProcessing()
{
    global $self;
    global $ListNOption;
    global $TopNOption;
    global $OutputFormatOption;
    global $IPStatOption;
    global $IPStatOrder;
    global $LimitScale;
    require_once 'av_init.php';
    $geoloc = new Geolocation("/usr/share/geoip/GeoLiteCity.dat");
    $db_aux = new ossim_db();
    $conn_aux = $db_aux->connect();
    $aux_ri_interfaces = Remote_interface::get_list($conn_aux, "WHERE status = 1");
    $ri_list = $aux_ri_interfaces[0];
    $ri_total = $aux_ri_interfaces[1];
    $ri_data = array();
    if ($ri_total > 0) {
        foreach ($ri_list as $r_interface) {
            $ri_data[] = array("name" => $r_interface->get_name(), "id" => "web_interfaces", "target" => "_blank", "url" => $r_interface->get_ip());
        }
    }
    $type = $detail_opts['type'] == "flows" ? 0 : ($detail_opts['type'] == "packets" ? 1 : 2);
    if ($ri_total >= 0) {
        echo '<a name="processing"></a>';
    }
    $detail_opts = $_SESSION['detail_opts'];
    $process_form = $_SESSION['process_form'];
    ?>
    <table style='width:100%;margin-top:15px;margin-bottom:5px;border:none'><tr>
    <td class='nobborder'><b><?php 
    echo _("Netflow Processing");
    ?>
</b></td>
    <td class='noborder nfsen_menu'>
        <a href='javascript:lastsessions()'><?php 
    echo _("List last 500 sessions");
    ?>
</a> |
        &nbsp;<a href='javascript:launch("2","<?php 
    echo $type;
    ?>
")'><?php 
    echo _("Top 10 Src IPs");
    ?>
</a> |
        &nbsp;<a href='javascript:launch("3","<?php 
    echo $type;
    ?>
")'><?php 
    echo _("Top 10 Dst IPs");
    ?>
</a> |
        &nbsp;<a href='javascript:launch("5","<?php 
    echo $type;
    ?>
")'><?php 
    echo _("Top 10 Src Port");
    ?>
</a> |
        &nbsp;<a href='javascript:launch("6","<?php 
    echo $type;
    ?>
")'><?php 
    echo _("Top 10 Dst Port");
    ?>
</a> |
        &nbsp;<a href='javascript:launch("13","<?php 
    echo $type;
    ?>
")'><?php 
    echo _("Top 10 Proto");
    ?>
</a>
    </td></tr></table>


<form action="<?php 
    echo $self;
    ?>
" onSubmit="return ValidateProcessForm()" id="FlowProcessingForm" method="POST" laction="<?php 
    echo $self;
    ?>
">
<?php 
    if (preg_match("/^\\d+\$/", $_SESSION['tend'])) {
        ?>
    <input type="hidden" name="tend" value="<?php 
        echo intval($_SESSION['tend']);
        ?>
" />
<?php 
    }
    if (preg_match("/^\\d+\$/", $_SESSION['tleft'])) {
        ?>
    <input type="hidden" name="tleft" value="<?php 
        echo intval($_SESSION['tleft']);
        ?>
" />
<?php 
    }
    if (preg_match("/^\\d+\$/", $_SESSION['tright'])) {
        ?>
    <input type="hidden" name="tright" value="<?php 
        echo intval($_SESSION['tright']);
        ?>
" />
<?php 
    }
    if ($_SESSION["detail_opts"]["cursor_mode"] != "") {
        ?>
    <input type="hidden" name="cursor_mode" value="<?php 
        echo Util::htmlentities($_SESSION["detail_opts"]["cursor_mode"]);
        ?>
" />
<?php 
    }
    if ($_SESSION["detail_opts"]["wsize"] != "") {
        ?>
    <input type="hidden" name="wsize" value="<?php 
        echo Util::htmlentities($_SESSION["detail_opts"]["wsize"]);
        ?>
" />
<?php 
    }
    if ($_SESSION["detail_opts"]["logscale"] != "") {
        ?>
    <input type="hidden" name="logscale" value="<?php 
        echo Util::htmlentities($_SESSION["detail_opts"]["logscale"]);
        ?>
" />
<?php 
    }
    if ($_SESSION["detail_opts"]["linegraph"] != "") {
        ?>
    <input type="hidden" name="linegraph" value="<?php 
        echo Util::htmlentities($_SESSION["detail_opts"]["linegraph"]);
        ?>
" />
<?php 
    }
    ?>
<input type="hidden" name="login" value="<?php 
    echo Util::htmlentities($_SESSION["_remote_login"]);
    ?>
" />
<table class='nfsen_filters'>
	<tr>
		<th class="thold"><?php 
    echo _("Source");
    ?>
</th>
		<th class="thold"><?php 
    echo _("Filter");
    ?>
</th>
		<th class="thold"><?php 
    echo _("Options");
    ?>
</th>
	</tr>

	<tr>
		<td style='vertical-align:top'>
			<select name="srcselector[]" id='SourceSelector' size="6" style="width: 100%" multiple='multiple'>
			<?php 
    foreach ($process_form['srcselector'] as $selected_channel) {
        $_tmp[$selected_channel] = 1;
    }
    $i = 0;
    foreach ($_SESSION['profileinfo']['channel'] as $channel) {
        $channel_name = $channel['name'];
        $checked = array_key_exists($channel['id'], $_tmp) ? 'selected' : '';
        echo "<OPTION value='" . Util::htmlentities($channel['id']) . "' {$checked}>{$channel_name}</OPTION>\n";
    }
    ?>
			</select>
			<div style='margin: 5px auto'>
				<input class="small av_b_secondary" type="button" name="JSbutton2" value="All Sources" onClick="SelectAllSources()"/>
			</div>
		</td>
	
		<td style="vertical-align:top;">
			<textarea name="filter" id="filter" multiline="true" wrap="phisical" rows="6" cols="50" maxlength="10240"><?php 
    if (is_array($process_form)) {
        $display_filter = array_key_exists('editfilter', $process_form) ? $process_form['editfilter'] : $process_form['filter'];
    } else {
        $display_filter = array();
    }
    if (count($display_filter) < 1 && GET('ip') != "" && GET('ip2') != "") {
        $display_filter[0] = "(src ip " . GET('ip') . " and dst ip " . GET('ip2') . ") or (src ip " . GET('ip2') . " and dst ip " . GET('ip') . ")";
    } elseif (count($display_filter) < 1 && GET('ip') != "") {
        $display_filter[0] = "src ip " . GET('ip') . " or dst ip " . GET('ip');
    } elseif (preg_match("/(\\d+\\.\\d+\\.\\d+\\.\\d+)/", $display_filter[0]) && GET('ip') != "" && GET('ip2') != "") {
        $ip1 = GET('ip');
        $ip2 = GET('ip2');
        $filter = "(src ip {$ip1} and dst ip {$ip2}) or (src ip {$ip2} and dst ip {$ip1})";
        $display_filter[0] = preg_replace("/\\(src ip \\d+\\.\\d+\\.\\d+\\.\\d+ and dst ip \\d+\\.\\d+\\.\\d+\\.\\d+\\) or \\(src ip \\d+\\.\\d+\\.\\d+\\.\\d+ and dst ip \\d+\\.\\d+\\.\\d+\\.\\d+\\)/", $filter, $display_filter[0]);
        $display_filter[0] = preg_replace("/src ip \\d+\\.\\d+\\.\\d+\\.\\d+ or dst ip \\d+\\.\\d+\\.\\d+\\.\\d+/", $filter, $display_filter[0]);
    } elseif (preg_match("/(\\d+\\.\\d+\\.\\d+\\.\\d+)/", $display_filter[0]) && GET('ip') != "") {
        $filter = "src ip " . GET('ip') . " or dst ip " . GET('ip');
        $display_filter[0] = preg_replace("/\\(src ip \\d+\\.\\d+\\.\\d+\\.\\d+ and dst ip \\d+\\.\\d+\\.\\d+\\.\\d+\\) or \\(src ip \\d+\\.\\d+\\.\\d+\\.\\d+ and dst ip \\d+\\.\\d+\\.\\d+\\.\\d+\\)/", $filter, $display_filter[0]);
        $display_filter[0] = preg_replace("/src ip \\d+\\.\\d+\\.\\d+\\.\\d+ or dst ip \\d+\\.\\d+\\.\\d+\\.\\d+/", $filter, $display_filter[0]);
    }
    foreach ($display_filter as $line) {
        print str_replace("&amp;", "&", Util::htmlentities(stripslashes($line))) . "\n";
    }
    ?>
</textarea>
			<?php 
    $deletefilter_display_style = is_array($process_form) && array_key_exists('editfilter', $process_form) ? '' : 'style="display:none;"';
    ?>
			
			<input type="image" name="filter_delete" id="filter_delete" title="<?php 
    echo _("Delete filter");
    ?>
" align="right"
				onClick="HandleFilter(3)" value="" src="icons/trash.png" <?php 
    echo $deletefilter_display_style;
    ?>
>
			<!-- <input type="image" name="filter_save" id="filter_save" title="Save filter" align="right"
				onClick="HandleFilter(2)" 
				value="" src="icons/save.png"> -->
			<input type="hidden" name="filter_name" id="filter_name" value="none">
			<div style='margin: 5px auto'>
				<span id="filter_span">and</span>
				<select name="DefaultFilter" id="DefaultFilter" onChange="HandleFilter(0)" size="1">
				<?php 
    print "<option value='-1' label='none'>&lt;none&gt;</option>\n";
    foreach ($_SESSION['DefaultFilters'] as $name) {
        $checked = $process_form['DefaultFilter'] == $name ? 'selected' : '';
        print "<option value='" . Util::htmlentities($name) . "' {$checked}>" . Util::htmlentities($name) . "</option>\n";
    }
    $editfilter_display_style = 'style="display:none;"';
    foreach ($_SESSION['DefaultFilters'] as $name) {
        if ($process_form['DefaultFilter'] == $name) {
            $editfilter_display_style = '';
        }
    }
    ?>
				</select>
				
				<input type="image" name="filter_save" id="filter_save" title="<?php 
    echo _("Save filter");
    ?>
"
					onClick="HandleFilter(2)" value="" src="icons/save.png" border="0" align="absmiddle"> 		
				
				<input type="image" name="filter_edit" id="filter_edit" title="Edit filter" <?php 
    echo $editfilter_display_style;
    ?>
					onClick="HandleFilter(1)" value="" src="icons/edit.png">
			</div>
			
			<script language="Javascript" type="text/javascript">
				var DefaultFilters = new Array();
				<?php 
    foreach ($_SESSION['DefaultFilters'] as $name) {
        print "DefaultFilters.push('" . Util::htmlentities($name) . "');\n";
    }
    if (array_key_exists('editfilter', $process_form)) {
        print "edit_filter = '" . Util::htmlentities($process_form['DefaultFilter']) . "';\n";
    }
    ?>
			</script>
		</td>
		<!-- Options start here -->
		<td style='padding: 0px;vertical-align:top;border:none;'>
			<table border="0" id="ProcessOptionTable" style="font-size:14px;font-weight:bold;width:100%;border:none">
				<tr>
					<td class='TDnfprocLabel' style='white-space:nowrap'>
					<?php 
    $i = 0;
    foreach (array('List Flows', 'Stat TopN') as $s) {
        $checked = $process_form['modeselect'] == $i ? 'checked' : '';
        print "<input type='radio' onClick='SwitchOptionTable({$i})' name='modeselect' id='modeselect{$i}' value='{$i}' {$checked}>{$s}&nbsp;";
        $i++;
    }
    $list_display_style = $process_form['modeselect'] == 0 ? '' : 'style="display:none;"';
    $stat_display_style = $process_form['modeselect'] == 0 ? 'style="display:none;"' : '';
    $formatselect_display_opts = $process_form['modeselect'] == 1 && $process_form['stattype'] != 0 ? 'style="display:none;"' : '';
    ?>
				   </td>
				   
				   <td class='TDnfprocControl' >
						<table class='noborder' style='margin: auto;'>
							<tr>
								<td class='nobborder'><input class="small av_b_secondary" type="button" name="JSbutton1" value="<?php 
    echo _("Clear Form");
    ?>
" onClick="ResetProcessingForm()"/></td>
								<td class='nobborder'><input class="small" type="submit" name="process" value="<?php 
    echo _("Process");
    ?>
" id="process_button" onClick="clean_remote_data();form_ok=true;" size="1"/></td>
								<?php 
    if (count($RemoteInterfacesData) > 0 && !isset($_POST['login'])) {
        ?>
									<td class='nobborder'><input type="button" name="remote_process" value="<?php 
        echo _("Remote Process");
        ?>
" id="remote_process_button" onclick="$('#rinterfaces').toggle()"/>
										<div id='container_rmp' style='position:relative;'>
											<div id="rinterfaces" style="position:absolute; top:0; right:0;display:none; margin:1px 0px 0px 2px; text-align:right;">
												<?php 
        foreach ($RemoteInterfacesData as $data) {
            $short_name = strlen($data['name']) > 12 ? substr($data['name'], 0, 12) . "..." : $data['name'];
            ?>
													<input type="button" onclick="remote_interface('<?php 
            echo $data["url"];
            ?>
')" style="width:180px; font-size: 11px;" title="<?php 
            echo $data["name"] . " [" . $data["url"] . "]";
            ?>
" value="<?php 
            echo $short_name . " [" . $data["url"] . "]";
            ?>
"/><br />
													<?php 
        }
        ?>
											</div>
										</div>
									</td>
									<?php 
    }
    ?>
							</tr>
						</table>
					</td>			
				</tr>
				
				<tr id="listNRow" <?php 
    echo $list_display_style;
    ?>
>
					<td class='TDnfprocLabel'><?php 
    echo _("Limit to");
    ?>
:</td>
					<td class='TDnfprocControl'>
						<select name="listN" id="listN" style="margin-left:1" size="1">
						<?php 
    for ($i = 0; $i < count($ListNOption); $i++) {
        $checked = $process_form['listN'] == $i ? 'selected' : '';
        print "<OPTION value='{$i}' {$checked}>" . $ListNOption[$i] . "</OPTION>\n";
    }
    ?>
						</select><?php 
    echo _("Flows");
    ?>
<br>
					</td>
				</tr>
				
				<tr id="topNRow" <?php 
    echo $stat_display_style;
    ?>
>
					<td class='TDnfprocLabel'><?php 
    echo _("Top");
    ?>
:</td>
					<td class='TDnfprocControl'> 
						<select name="topN" id="TopN" size="1">
							<?php 
    for ($i = 0; $i < count($TopNOption); $i++) {
        $checked = $process_form['topN'] == $i ? 'selected' : '';
        print "<OPTION value='{$i}' {$checked}>" . $TopNOption[$i] . "</OPTION>\n";
    }
    ?>
						</select>
					</td>
				</tr>
				
				<tr id="stattypeRow" <?php 
    echo $stat_display_style;
    ?>
>
					<td class="TDnfprocLabel"><?php 
    echo _("Stat");
    ?>
:</td>
					<td class="TDnfprocControl">
						<select name="stattype" id="StatTypeSelector" onChange="ShowHideOptions()" size="1">
						<?php 
    for ($i = 0; $i < count($IPStatOption); $i++) {
        $checked = $process_form['stattype'] == $i ? 'selected' : '';
        print "<OPTION value='{$i}' {$checked}>" . $IPStatOption[$i] . "</OPTION>\n";
    }
    ?>
						</select>
						order by&nbsp;
						<select name='statorder' id="statorder" size='1'>
						<?php 
    for ($i = 0; $i < count($IPStatOrder); $i++) {
        $checked = $process_form['statorder'] == $i ? 'selected' : '';
        print "<OPTION value='{$i}' {$checked}>" . $IPStatOrder[$i] . "</OPTION>\n";
    }
    ?>
						</select>					
					</td>
				</tr>
				
				<tr id="AggregateRow" <?php 
    echo $formatselect_display_opts;
    ?>
>
					<td class='TDnfprocLabel'><?php 
    echo _("Aggregate");
    ?>
</td>
					<td class='TDnfprocControl'>
						<input type="checkbox" name="aggr_bidir" id="aggr_bidir" value="checked" onClick="ToggleAggregate();"
							style="margin-left:1" <?php 
    echo Util::htmlentities($process_form['aggr_bidir']);
    ?>
>&nbsp;<?php 
    echo _("bi-directional");
    ?>
<br>
						<input type="checkbox" name="aggr_proto" id="aggr_proto" value="checked" 
							style="margin-left:1" <?php 
    echo Util::htmlentities($process_form['aggr_proto']);
    ?>
>&nbsp;<?php 
    echo _("proto");
    ?>
<br>
						<input type="checkbox" name="aggr_srcport" id="aggr_srcport" value="checked" 
							style="margin-left:1" <?php 
    echo Util::htmlentities($process_form['aggr_srcport']);
    ?>
>&nbsp;<?php 
    echo _("srcPort");
    ?>
						<input type="checkbox" name="aggr_srcip" id="aggr_srcip" value="checked" 
							style="margin-left:1" <?php 
    echo Util::htmlentities($process_form['aggr_srcip']);
    ?>
>&nbsp;
						<select name="aggr_srcselect" id="aggr_srcselect" onChange="NetbitEntry('src')" size="1">
							<?php 
    $i = 0;
    foreach (array('srcIP', 'srcIPv4/', 'srcIPv6/') as $s) {
        $checked = $process_form['aggr_srcselect'] == $i ? 'selected' : '';
        print "<option value='{$i}' {$checked}>{$s}</option>\n";
        $i++;
    }
    $_style = $process_form['aggr_srcselect'] == 0 ? 'style="display:none"' : '';
    ?>
						</select>
						<input size="3" type="text" name="aggr_srcnetbits" id="aggr_srcnetbits" 
							value="<?php 
    echo Util::htmlentities($process_form['aggr_srcnetbits']);
    ?>
" <?php 
    echo $_style;
    ?>
><br>
						<input type="checkbox" name="aggr_dstport" id="aggr_dstport" value="checked" 
							style="margin-left:1" <?php 
    echo Util::htmlentities($process_form['aggr_dstport']);
    ?>
>&nbsp;<?php 
    echo _("dstPort");
    ?>
						<input type="checkbox" name="aggr_dstip" id="aggr_dstip" value="checked" 
							style="margin-left:1" <?php 
    echo Util::htmlentities($process_form['aggr_dstip']);
    ?>
>&nbsp;
						<select name="aggr_dstselect" id="aggr_dstselect" onChange="NetbitEntry('dst')" size="1">
							<?php 
    $i = 0;
    foreach (array('dstIP', 'dstIPv4/', 'dstIPv6/') as $s) {
        $checked = $process_form['aggr_dstselect'] == $i ? 'selected' : '';
        print "<option value='{$i}' {$checked}>{$s}</option>\n";
        $i++;
    }
    $_style = $process_form['aggr_dstselect'] == 0 ? 'style="display:none"' : '';
    ?>
						</select>
						<input size="3" type="text" name="aggr_dstnetbits" id="aggr_dstnetbits" 
							value="<?php 
    echo Util::htmlentities($process_form['aggr_dstnetbits']);
    ?>
" <?php 
    echo $_style;
    ?>
><br>
					</td>
				</tr>
				
				<tr id="timesortedRow" <?php 
    echo $list_display_style;
    ?>
>
					<td class='TDnfprocLabel'><?php 
    echo _("Sort");
    ?>
:</td>
					<td class='TDnfprocControl'>
						<input type="checkbox" name="timesorted" id="timesorted" value="checked" 
							style="margin-left:1" <?php 
    echo Util::htmlentities($process_form['timesorted']);
    ?>
>
						<?php 
    echo _("start time of flows");
    ?>
</td>
				</tr>
				
				<tr id="limitoutputRow" <?php 
    echo $stat_display_style;
    ?>
>
					<td class='TDnfprocLabel'><?php 
    echo _("Limit");
    ?>
:</td>
					<td class='TDnfprocControl'>
						<input type="checkbox" name="limitoutput" id="limitoutput" value="checked" style="margin-left:1" 
							size="1" <?php 
    echo Util::htmlentities($process_form['limitoutput']);
    ?>
>
						<select name="limitwhat" id="limitwhat" size="1">
						<?php 
    $i = 0;
    foreach (array(gettext("Packets"), gettext("Traffic")) as $s) {
        $checked = $process_form['limitwhat'] == $i ? 'selected' : '';
        print "<option value='{$i}' {$checked}>{$s}</option>\n";
        $i++;
    }
    ?>
						</select>
						<select name="limithow" id="limithow" size="1">
						<?php 
    $i = 0;
    foreach (array('&gt;', '&lt;') as $s) {
        $checked = $process_form['limithow'] == $i ? 'selected' : '';
        print "<option value='{$i}' {$checked}>{$s}</option>\n";
        $i++;
    }
    ?>
						</select>
						<input type="text" name="limitsize" id="limitsize" value="<?php 
    echo Util::htmlentities($process_form['limitsize']);
    ?>
" SIZE="6" MAXLENGTH="8">
						<select name="limitscale" id="limitscale" size="1" style="margin-left:1">
						<?php 
    $i = 0;
    foreach ($LimitScale as $s) {
        $checked = $process_form['limitscale'] == $i ? 'selected' : '';
        print "<option value='{$i}' {$checked}>{$s}</option>\n";
        $i++;
    }
    ?>
						</select>
					</td>
				</tr>

				<tr id="outputRow">
					<td class='TDnfprocLabel'><?php 
    echo _("Output");
    ?>
:</td>
					<td class='TDnfprocControl'>
						<span id="FormatSelect" <?php 
    echo $formatselect_display_opts;
    ?>
>
						<select name="output" id="output" onChange="CustomOutputFormat()"  style="margin-left:1" size="1">
						<?php 
    foreach ($_SESSION['formatlist'] as $key => $value) {
        $checked = $process_form['output'] == $key ? 'selected' : '';
        print "<OPTION value='" . Util::htmlentities($key) . "' {$checked}>" . Util::htmlentities($key) . "</OPTION>\n";
    }
    $fmt = $_SESSION['formatlist'][$process_form['output']];
    if ($process_form['output'] == $fmt) {
        // built in format
        $space_display_style = '';
        $edit_display_style = 'style="display:none"';
    } else {
        $space_display_style = 'style="display:none"';
        $edit_display_style = '';
    }
    ?>
						</select>
						<script language="Javascript" type="text/javascript">
							var fmts = new Hash();
						<?php 
    foreach ($_SESSION['formatlist'] as $key => $value) {
        print "fmts.setItem('" . Util::htmlentities($key) . "', '" . Util::htmlentities($value) . "');\n";
    }
    ?>
						</script>
						<img src="icons/space.png" border="0" alt='space' id='space' <?php 
    echo $space_display_style;
    ?>
/>
						<a href="#null" onClick="EditCustomFormat()"
							title="<?php 
    echo _("Edit format");
    ?>
" ><IMG SRC="icons/edit.png" name="fmt_doedit" id="fmt_doedit" border="0" 
							<?php 
    echo $edit_display_style;
    ?>
 alt="Edit format"></a>
						</span>
						<input type="checkbox" name="IPv6_long" id="IPv6_long" style="margin-left:1" value="checked" <?php 
    echo Util::htmlentities($process_form['IPv6_long']);
    ?>
>
						&nbsp;/ <?php 
    echo _("IPv6 long");
    ?>
						<?php 
    $fmt_edit_display_style = $process_form['output'] == 'custom ...' ? '' : 'style="display:none"';
    ?>
						<span id="fmt_edit" <?php 
    echo $fmt_edit_display_style;
    ?>
>
						<br><?php 
    echo _("Enter custom output format");
    ?>
:<br>
						<input size="30" type="text" name="customfmt" id="customfmt" 
							value="<?php 
    echo Util::htmlentities($process_form['customfmt']);
    ?>
" >
						<input type="image" name="fmt_save" id="fmt_save" title="<?php 
    echo _("Save format");
    ?>
" 
							onClick="SaveOutputFormat()" 
							value="" src="icons/save.png">
						<input type="image" name="fmt_delete" id="fmt_delete" title="<?php 
    echo _("Delete format");
    ?>
" 
							onClick="DeleteOutputFormat()" 
							value="" src="icons/trash.png" <?php 
    echo $edit_display_style;
    ?>
>
						</span>
					</td>
				</tr>
			</table>
		</td>
	</tr>
<!--
<tr>
	<td></td><td></td>
	<td align="right" style="border:none">
		<input type="button" name="JSbutton1" value="<?php 
    echo _("Clear Form");
    ?>
" onClick="ResetProcessingForm()">
		<input type="submit" name="process" value="<?php 
    echo _("process");
    ?>
" id="process_button" onClick="form_ok=true;" size="1">
	</td>
</tr>
-->
</table>
</form>

<div id="lookupbox">
	<div id="lookupbar" align="right" style="background-color:olivedrab"><img src="icons/close.png"
		onmouseover="this.style.cursor='pointer';" onClick="hidelookup()" title="Close lookup box"></div>
	<iframe id="cframe" src="" frameborder="0" scrolling="auto" width="100%" height="166"></iframe>
</div>


<?php 
    if (!array_key_exists('run', $_SESSION)) {
        return;
    }
    print "<div class='flowlist'>\n";
    $run = $_SESSION['run'];
    if ($run != null) {
        $filter = $process_form['filter'];
        if ($process_form['DefaultFilter'] != -1) {
            $cmd_opts['and_filter'] = $process_form['DefaultFilter'];
        }
        $cmd_opts['type'] = ($_SESSION['profileinfo']['type'] & 4) > 0 ? 'shadow' : 'real';
        $cmd_opts['profile'] = $_SESSION['profileswitch'];
        $cmd_opts['srcselector'] = implode(':', $process_form['srcselector']);
        #print "<pre>\n";
        $patterns = array();
        $replacements = array();
        $patterns[0] = '/(\\s*)([^\\s]+)/';
        $replacements[0] = "\$1<a href='#null' onClick='lookup(\"\$2\", this, event)' title='lookup \$2'>\$2</a>";
        // gets HAP4NfSens plugin id. returns -1 if HAP4NfSen is not installed.
        function getHAP4NfSenId()
        {
            $plugins = GetPlugins();
            for ($i = 0; $i < count($plugins); $i++) {
                $plugin = $plugins[$i];
                if ($plugin == "HAP4NfSen") {
                    return $i;
                }
            }
            return -1;
        }
        ClearMessages();
        $cmd_opts['args'] = "-T {$run}";
        $cmd_opts['filter'] = $filter;
        $titcol = get_tit_col($run);
        $cmd_out = nfsend_query("run-nfdump", $cmd_opts);
        if (!is_array($cmd_out)) {
            ShowMessages();
        } else {
            $conf = $GLOBALS["CONF"];
            $solera = $conf->get_conf("solera_enable", FALSE) ? true : false;
            $db = new ossim_db();
            $conn = $db->connect();
            $sensors = $hosts = $ossim_servers = array();
            $tz = Util::get_timezone();
            list($hosts, $host_ids) = Asset_host::get_basic_list($conn, array(), TRUE);
            $entities = Session::get_all_entities($conn);
            $_sensors = Av_sensor::get_basic_list($conn);
            foreach ($_sensors as $s_id => $s) {
                $sensors[$s['ip']] = $s['name'];
            }
            /*$hap4nfsen_id = getHAP4NfSenId();
                    	        if ($hap4nfsen_id >= 0) {
            					// ICMP "port" filter are no currently supported by the HAP4NfSen plugin
            					function isChecked(&$form, $name) { // helper function used to find out, if an option is checked
            						return $form[$name]=="checked";
            					}
            					$ip_and_port_columns = preg_match('/(flow records)/i', $IPStatOption[$process_form['stattype']]) &&
            						((isChecked($process_form,'aggr_srcip') && isChecked($process_form,'aggr_srcport')) ||
            						(isChecked($process_form,'aggr_dstip') && isChecked($process_form,'aggr_dstport')));
            					$ip_contains_port =  $_SESSION["process_form"]["modeselect"]=='0' || !preg_match('/[ip|flow_records]/i', $IPStatOption[$process_form['stattype']]) ||
            								(preg_match('/(flow records)/i', $IPStatOption[$process_form['stattype']]) && !( // no boxes checked
            								isChecked($process_form,'aggr_srcip') || isChecked($process_form,'aggr_srcport') ||
            								isChecked($process_form,'aggr_dstip') || isChecked($process_form,'aggr_dstport')));
                    	                        $_SESSION["plugin"][$hap4nfsen_id]["cmd_opts"] = $cmd_opts;
            					$hap_pic = "<img src=\"plugins/HAP4NfSen/graphviz.png\" valign=\"middle\" border=\"0\" alt=\"HAP\" />";
            					$default_pattern = array_pop($patterns);
            					$default_replacement = array_pop($replacements);
            					if ($ip_contains_port) { // matches cases like ip:port
            						$max_prot_length = 5; // max. port length = 5 chars(highest port number = 65535)
            						for ($i=$max_prot_length;$i>=1;$i--) {
            							$diff = ($max_prot_length-$i); // difference between actual and max port length
            							$ip_port_pattern_icmp = "/(\s*)([^\s|^:]+)(:)(0\s{4}|\d\.\d\s{2}|\d{2}\.\d\|\d\.\d{2}\s|\d{2}\.\d{2})/";
            							$ip_port_pattern_normal = "/(\s*)([^\s|^:]+)(:)([\d|\.]{{$i}})(\s{{$diff}})/";
            							$spaces = '';
            							for ($k=0;$k<$diff;$k++) {$spaces = $spaces . ' ';} // spaces required to align hap viewer icons
                                                            	array_push($patterns, $ip_port_pattern_icmp);
            							array_push($replacements,  $default_replacement .
            								"$3$4 <a href=\"nfsen.php?tab=5&sub_tab=" . $hap4nfsen_id . "&ip=$2&mode=new\" title='HAP graphlet for $2'>$hap_pic</a> ");
            							array_push($patterns, $ip_port_pattern_normal);
                                                            	array_push($replacements,  $default_replacement .
            								"$3$4$spaces <a href=\"nfsen.php?tab=5&sub_tab=" . $hap4nfsen_id . "&ip=$2&port=$4&mode=new\" title='HAP graphlet for $2 on port $4'>$hap_pic</a> ");
            						}
            						array_push($patterns, '/(\sIP\sAddr:Port)/i');
                                                    	array_push($replacements, "$1  $hap_pic");
            					} else {
            						if ($ip_and_port_columns) { // matches cases when both ip and port are available but are located in separate columns
            							// ICMP verion
            							$ip_and_port_pattern = "/(\s*)([^\s]+)(\s+)(0|\d\.\d)/";
            							$ip_and_port_replacement = "$1$2$3$4 " .
            								"<a href=\"nfsen.php?tab=5&sub_tab=" . $hap4nfsen_id . "&ip=$2&mode=new\" title='HAP graphlet for $2'>$hap_pic</a>";
            							array_push($patterns, $ip_and_port_pattern);
            							array_push($replacements, $ip_and_port_replacement);
            							// non-ICMP version with port filter
                                                                    $ip_and_port_pattern = "/(\s*)([^\s]+)(\s*)([\d|.]+)/";
                                                                    $ip_and_port_replacement = "$1$2$3$4 " .
                                                                            "<a href=\"nfsen.php?tab=5&sub_tab=" . $hap4nfsen_id . "&ip=$2&port=$4&mode=new\" title='HAP graphlet for $2 on port $4'>$hap_pic</a>";
                                                                    array_push($patterns, $ip_and_port_pattern);
                                                                    array_push($replacements, $ip_and_port_replacement);
            							array_push($patterns, '/(\s\s(Src\sIP\sAddr\s*Src\sPt|Dst\sIP\sAddr\s*Dst\sPt))/i');
                                                                    array_push($replacements, "$1 $hap_pic");
            						} else { // matches all other cases
            							array_push($patterns, $default_pattern);
                                                    		array_push($replacements,  $default_replacement . 
            								" <a href=\"nfsen.php?tab=5&sub_tab=" . $hap4nfsen_id . "&ip=$2&mode=new\" title='HAP graphlet for $2'>$hap_pic</a>");
            							array_push($patterns, '/(\s(|\s(Src|Dst))\sIP\sAddr)/i');
                                                            	array_push($replacements, "$1 $hap_pic");
            						}
            					}
            	                        }
            
            				if ( array_key_exists('arg', $cmd_out) ) {
            					print "** nfdump " . $cmd_out['arg'] . "\n";
            				}
            				if ( array_key_exists('filter', $cmd_out) ) {
            					print "nfdump filter:\n";
            					foreach ( $cmd_out['filter'] as $line ) {
            						print "$line\n";
            					}
            				}
            				foreach ( $cmd_out['nfdump'] as $line ) {
            					print preg_replace($patterns, $replacements, $line) . "\n";
            				}*/
            # parse command line
            #2009-12-09 17:08:17.596    40.262 TCP        192.168.1.9:80    ->   217.126.167.80:51694 .AP.SF   0       70   180978        1    35960   2585     1
            $list = preg_match("/\\-o extended/", $cmd_out['arg']) ? 1 : 0;
            $regex = $list ? "/(\\d\\d\\d\\d\\-.*?\\s.*?)\\s+(.*?)\\s+(.*?)\\s+(.*?)\\s+->\\s+(.*?)\\s+(.*?)\\s+(.*?)\\s+(.*?)\\s+(.*?\\s*[KMG]?)\\s+(.*?)\\s+(.*?)\\s+(.*?)\\s+(.*)/" : "/(\\d\\d\\d\\d\\-.*?\\s.*?)\\s+(.*?)\\s+(.*?)\\s+(.*?)\\s+(.*?)\\s+(.*?)\\s+(.*?\\s*[KMGT]?)\\s+(.*?)\\s+(.*?)\\s+(.*)/";
            echo '<div class="nfsen_list_title">' . _('Flows Info') . '</div>';
            echo "<table class='table_list'>";
            $geotools = false;
            if ($list && file_exists("../kml/GoogleEarth.php")) {
                $geotools = true;
                $geoips = array();
                $geotools_src = " <a href='' onclick='window.open(\"../kml/TourConfig.php?type=ip_src&ip=&flows=1\",\"Flows sources - Goggle Earth API\",\"width=1024,height=700,scrollbars=NO,toolbar=1\");return false'><img align='absmiddle' src='../pixmaps/google_earth_icon.png' border='0'></a>&nbsp;&nbsp;<a href='' onclick='window.open(\"../kml/IPGoogleMap.php?type=ip_src&ip=&flows=1\",\"Flows sources - Goggle Maps API\",\"width=1024,height=700,scrollbars=NO,toolbar=1\");return false'><img align='absmiddle' src='../pixmaps/google_maps_icon.png' border='0'></a>";
                $geotools_dst = " <a href='' onclick='window.open(\"../kml/TourConfig.php?type=ip_dst&ip=&flows=1\",\"Flows destinations - Goggle Earth API\",\"width=1024,height=700,scrollbars=NO,toolbar=1\");return false'><img align='absmiddle' src='../pixmaps/google_earth_icon.png' border='0'></a>&nbsp;&nbsp;<a href='' onclick='window.open(\"../kml/IPGoogleMap.php?type=ip_dst&ip=&flows=1\",\"Flows destinations - Goggle Maps API\",\"width=1024,height=700,scrollbars=NO,toolbar=1\");return false'><img align='absmiddle' src='../pixmaps/google_maps_icon.png' border='0'></a>";
            }
            echo $list ? "\n                \n                <tr>\n                    <th>" . _("Date flow start") . "<br><span style='font-size:8px'>" . Util::timezone($tz) . "</style></th>\n                    <th>" . _("Duration") . "</th>\n                    <th>" . _("Proto") . "</th>\n                    <th>" . _("Src IP Addr:Port") . "{$geotools_src}</th>\n                    <th>" . _("Dst IP Addr:Port") . "{$geotools_dst}</th>\n                    <th>" . _("Flags") . "</th>\n                    <th>" . _("Tos") . "</th>\n                    <th>" . _("Packets") . "</th>\n                    <th>" . _("Bytes") . "</th>\n                    <th>" . _("pps") . "</th>\n                    <th>" . _("bps") . "</th>\n                    <th>" . _("Bpp") . "</th>\n                    <th>" . _("Flows") . "</th>\n                \t" . ($solera ? "<th></th>" : "") . "\n                    </tr>" : "<tr>\n                    <th>" . _("Date flow seen") . "<br><span style='font-size:8px'>" . Util::timezone($tz) . "</style></th>\n                    <th>" . _("Duration") . "</th>\n                    <th>" . _("Proto") . "</th>\n                    <th>" . $titcol . "</th>\n                    <th>" . _("Flows") . "(%)</th>\n                    <th>" . _("Packets") . "(%)</th>\n                    <th>" . _("Bytes") . "(%)</th>\n                    <th>" . _("pps") . "</th>\n                    <th>" . _("bps") . "</th>\n                    <th>" . _("Bpp") . "</th>\n                \t" . ($solera ? "<th></th>" : "") . "\n                    </tr>";
            $status = $errors = array();
            $rep = new Reputation();
            //print_r($cmd_out['arg']);
            //print_r($cmd_out['nfdump']);
            foreach ($cmd_out['nfdump'] as $k => $line) {
                #capture status
                if (preg_match("/^(Summary|Time window|Total flows processed|Sys)\\:/", $line, $found)) {
                    $status[$found[1]] = str_replace($found[1] . ":", "", $line);
                }
                # capture errors
                if (preg_match("/ error /i", $line, $found)) {
                    if (preg_match("/stat\\(\\) error/i", $line)) {
                        $errors[] = _('The netflow information you are trying to access either has not been processed yet or does not exist. Please check your date filters.');
                        Av_exception::write_log(Av_exception::USER_ERROR, $line);
                    } else {
                        $errors[] = $line;
                    }
                }
                # print results
                $line = preg_replace("/\\(\\s(\\d)/", "(\\1", $line);
                // Patch for ( 0.3)
                $line = preg_replace("/(\\d)\\s*([KMGT])/", "\\1\\2", $line);
                // Patch for 1.2 M(99.6)
                $line = preg_replace("/(\\d+)(TCP|UDP|ICMP|IGMP)\\s/", "\\1 \\2 ", $line);
                // Patch for 9.003TCP
                $start = $end = $proto = "";
                $ips = $ports = array();
                if (preg_match($regex, preg_replace('/\\s*/', ' ', $line), $found)) {
                    echo "<tr class='tr_flow_data'>\n";
                    foreach ($found as $ki => $field) {
                        if ($ki > 0) {
                            $wrap = $ki == 1 ? "nowrap" : "";
                            $field = Util::htmlentities(preg_replace("/(\\:\\d+)\\.0\$/", "\\1", $field));
                            if (preg_match("/(\\d+\\.\\d+\\.\\d+\\.\\d+)(.*)/", $field, $fnd)) {
                                # match ip (resolve and geolocalize)
                                $ip = $fnd[1];
                                $port = $fnd[2];
                                list($name, $ctx, $host_id) = GetDataFromSingleIp($ip, $hosts);
                                if ($name == "" && $sensors[$ip] != "") {
                                    $name = $sensors[$ip];
                                }
                                $output = Asset_host::get_extended_name($conn, $geoloc, $ip, $ctx, $host_id, '');
                                $homelan = $output['is_internal'] || $name != "" && $name != $ip;
                                $icon = $output['html_icon'];
                                # reputation info
                                if (!is_array($_SESSION["_repinfo_ips"][$ip])) {
                                    $_SESSION["_repinfo_ips"][$ip] = $rep->get_data_by_ip($ip);
                                }
                                $rep_icon = Reputation::getrepimg($_SESSION["_repinfo_ips"][$ip][0], $_SESSION["_repinfo_ips"][$ip][1], $_SESSION["_repinfo_ips"][$ip][2], $ip);
                                $rep_bgcolor = Reputation::getrepbgcolor($_SESSION["_repinfo_ips"][$ip][0]);
                                $style_aux = $homelan ? 'style="font-weight:bold"' : '';
                                $bold_aux1 = $homelan ? '<b>' : '';
                                $bold_aux2 = $homelan ? '<b>' : '';
                                $field = '<div id="' . $ip . ';' . Util::htmlentities($name) . ';' . $host_id . '" id2="' . $ip . ';' . $ip . '" ctx="' . $ctx . '" class="HostReportMenu">' . $icon . ' <a ' . $style_aux . ' href="javascript:;">' . Util::htmlentities($name) . '</a>' . $bold_aux1 . $port . $bold_aux2 . ' ' . $rep_icon . '</div>';
                                $wrap = "nowrap style='{$rep_bgcolor}'";
                                $ips[] = $ip;
                                if ($geotools) {
                                    if ($ki == 4) {
                                        $geoips['ip_src'][$ip]++;
                                    } elseif ($ki == 5) {
                                        $geoips['ip_dst'][$ip]++;
                                    }
                                }
                                $ports[] = str_replace(":", "", $port);
                            }
                            if (preg_match("/(\\d+-\\d+-\\d+ \\d+:\\d+:\\d+)(.*)/", $field, $fnd)) {
                                # match date
                                $start = $end = $fnd[1];
                                $time = strtotime($fnd[1]);
                                $field = Util::htmlentities(gmdate("Y-m-d H:i:s", $time + 3600 * $tz) . "." . $fnd[2]);
                            }
                            if (preg_match("/(TCP|UDP|ICMP|RAW)/", $field, $fnd)) {
                                # match date
                                $proto = strtolower($fnd[1]);
                            }
                            print "<td {$wrap}>{$field}</td>";
                        }
                    }
                    // solera deepsee integration
                    if ($solera) {
                        echo "<td><a href=\"javascript:;\" onclick=\"solera_deepsee('" . Util::htmlentities($start) . "','" . Util::htmlentities($end) . "','" . Util::htmlentities($ips[0]) . "','" . Util::htmlentities($ports[0]) . "','" . Util::htmlentities($ips[1]) . "','" . Util::htmlentities($ports[1]) . "','" . Util::htmlentities($proto) . "')\"><img src='/ossim/pixmaps/solera.png' border='0' align='absmiddle'></a></td>";
                    }
                    echo "</tr>\n";
                }
            }
            echo "</table>";
            if ($geotools) {
                foreach ($geoips as $type => $list) {
                    $ipsfile = fopen("/var/tmp/flowips_" . Session::get_session_user() . ".{$type}", "w");
                    foreach ($list as $ip => $val) {
                        fputs($ipsfile, "{$ip}\n");
                    }
                    fclose($ipsfile);
                }
            }
            #Summary: total flows: 20, total bytes: 7701, total packets: 133, avg bps: 60, avg pps: 0, avg bpp: 57
            #Time window: 2009-12-10 08:21:30 - 2009-12-10 08:38:26
            #Total flows processed: 21, Records skipped: 0, Bytes read: 1128
            #Sys: 0.000s flows/second: 0.0        Wall: 0.000s flows/second: 152173.9
            if (count($status) > 0) {
                echo "<table class='transparent' style='margin-bottom:5px;width:100%'>";
                foreach ($status as $key => $line) {
                    $line = preg_replace("/(Wall)\\:/", "<span class='th_summary'>\\1</span>", $line);
                    $line = preg_replace("/\\,\\s+(.*?)\\:/", " <span class='th_summary'>\\1</span>", $line);
                    echo "<tr>\n                                    <td class='nobborder' style='padding: 4px;'>\n                                        <span class='th_summary'>{$key}</span>\n                                        {$line}\n                                    </td>\n                                  </tr>";
                }
                echo "</table>";
            }
            # stat() error '/home/dk/nfsen/profiles-data/live/device2/2009/12/10/nfcapd.200912100920': File not found!
            if (count($errors) > 0) {
                foreach ($errors as $line) {
                    echo "<div class='details_error'>" . _("ERROR FOUND: ") . "{$line}</div>";
                }
            }
            $conn->disconnect();
        }
        #print "</pre>\n";
    }
    print "</div>\n";
    $db_aux->close();
    $geoloc->close();
    return;
}
コード例 #23
0
ファイル: os_report_common.php プロジェクト: jackpf/ossim-arc
function get_report_data($id = NULL)
{
    $conf = $GLOBALS['CONF'];
    $conf = !$conf ? new Ossim_conf() : $conf;
    $y = strftime('%Y', time() - 24 * 60 * 60 * 30);
    $m = strftime('%m', time() - 24 * 60 * 60 * 30);
    $d = strftime('%d', time() - 24 * 60 * 60 * 30);
    $reports['asset_report'] = array('report_name' => _('Asset Details'), 'report_id' => 'asset_report', 'type' => 'external', 'link_id' => 'link_ar_asset', 'link' => '', 'parameters' => array(array('name' => _('Host Name/IP/Network'), 'id' => 'ar_asset', 'type' => 'asset', 'default_value' => '')), 'access' => Session::menu_perms('environment-menu', 'PolicyHosts') || Session::menu_perms('environment-menu', 'PolicyNetworks'), 'send_by_email' => 0);
    $status_values = array('All' => array('text' => _('All')), 'Open' => array('text' => _('Open')), 'Assigned' => array('text' => _('Assigned')), 'Studying' => array('text' => _('Studying')), 'Waiting' => array('text' => _('Waiting')), 'Testing' => array('text' => _('Testing')), 'Closed' => array('text' => _('Closed')));
    $types_values = array('ALL' => array('text' => _('ALL')), 'Expansion Virus' => array('text' => _('Expansion Virus')), 'Corporative Nets Attack' => array('text' => _('Corporative Nets Attack')), 'Policy Violation' => array('text' => _('Policy Violation')), 'Security Weakness' => array('text' => _('Security Weakness')), 'Net Performance' => array('text' => _('Net Performance')), 'Applications and Systems Failures' => array('text' => _('Applications and Systems Failures')), 'Anomalies' => array('text' => _('Anomalies')), 'Vulnerability' => array('text' => _('Vulnerability')));
    $priority_values = array('High' => _('High'), 'Medium' => _('Medium'), 'Low' => _('Low'));
    $reports['tickets_report'] = array('report_name' => _('Tickets Report'), 'report_id' => 'tickets_report', 'type' => 'pdf', 'subreports' => array('title_page' => array('id' => 'title_page', 'name' => _('Title Page'), 'report_file' => 'os_reports/Common/titlepage.php'), 'alarm' => array('id' => 'alarm', 'name' => _('Alarm'), 'report_file' => 'os_reports/Tickets/Alarm.php'), 'event' => array('id' => 'event', 'name' => _('Event'), 'report_file' => 'os_reports/Tickets/Event.php'), 'anomaly' => array('id' => 'anomaly', 'name' => _('Anomaly'), 'report_file' => 'os_reports/Tickets/Anomaly.php'), 'vulnerability' => array('id' => 'vulnerability', 'name' => _('Vulnerability'), 'report_file' => 'os_reports/Tickets/Vulnerability.php')), 'parameters' => array(array('name' => _('Date Range'), 'date_from_id' => 'tr_date_from', 'date_to_id' => 'tr_date_to', 'type' => 'date_range', 'default_value' => array('date_from' => $y . '-' . $m . '-' . $d, 'date_to' => date('Y') . '-' . date('m') . '-' . date('d'))), array('name' => _('Status'), 'id' => 'tr_status', 'type' => 'select', 'values' => $status_values), array('name' => _('Type'), 'id' => 'tr_type', 'type' => 'select', 'values' => $types_values), array('name' => _('Priority'), 'id' => 'tr_priority', 'type' => 'checkbox', 'values' => $priority_values)), 'access' => Session::menu_perms('analysis-menu', 'IncidentsIncidents'), 'send_by_email' => 1);
    $reports['alarm_report'] = array('report_name' => _('Alarms Report'), 'report_id' => 'alarm_report', 'type' => 'pdf', 'subreports' => array('title_page' => array('id' => 'title_page', 'name' => _('Title Page'), 'report_file' => 'os_reports/Common/titlepage.php'), 'top_attacker_host' => array('id' => 'top_attacker_host', 'name' => _('Top 10 Attacker Host'), 'report_file' => 'os_reports/Alarms/AttackerHosts.php'), 'top_attacked_host' => array('id' => 'top_attacked_host', 'name' => _('Top 10 Attacked Host'), 'report_file' => 'os_reports/Alarms/AttackedHosts.php'), 'used_port' => array('id' => 'used_port', 'name' => _('Top 10 Used Ports'), 'report_file' => 'os_reports/Alarms/UsedPorts.php'), 'top_events' => array('id' => 'top_events', 'name' => _('Top 15 Alarms'), 'report_file' => 'os_reports/Alarms/TopAlarms.php'), 'events_by_risk' => array('id' => 'events_by_risk', 'name' => _('Top 15 Alarms by Risk'), 'report_file' => 'os_reports/Alarms/TopAlarmsByRisk.php')), 'parameters' => array(array('name' => _('Date Range'), 'date_from_id' => 'ar_date_from', 'date_to_id' => 'ar_date_to', 'type' => 'date_range', 'default_value' => array('date_from' => $y . '-' . $m . '-' . $d, 'date_to' => date('Y') . '-' . date('m') . '-' . date('d')))), 'access' => Session::menu_perms('analysis-menu', 'ControlPanelAlarms'), 'send_by_email' => 1);
    $reports['bc_pci_report'] = array('report_name' => _('Business & Compliance ISO PCI Report'), 'report_id' => 'bc_pci_report', 'type' => 'pdf', 'subreports' => array('title_page' => array('id' => 'title_page', 'name' => _('Title Page'), 'report_file' => 'os_reports/Common/titlepage.php'), 'threat_overview' => array('id' => 'threat_overview', 'name' => _('Threat overview'), 'report_file' => 'os_reports/BusinessAndComplianceISOPCI/ThreatOverview.php'), 'bri_risks' => array('id' => 'bri_risks', 'name' => _('Business real impact risks'), 'report_file' => 'os_reports/BusinessAndComplianceISOPCI/BusinessPotentialImpactsRisks.php'), 'ciap_impact' => array('id' => 'ciap_impact', 'name' => _('C.I.A Potential impact'), 'report_file' => 'os_reports/BusinessAndComplianceISOPCI/CIAPotentialImpactsRisks.php'), 'pci_dss' => array('id' => 'pci_dss', 'name' => _('PCI-DSS 2.0'), 'report_file' => 'os_reports/BusinessAndComplianceISOPCI/PCI-DSS.php'), 'pci_dss3' => array('id' => 'pci_dss3', 'name' => _('PCI-DSS 3.0'), 'report_file' => 'os_reports/BusinessAndComplianceISOPCI/PCI-DSS3.php'), 'trends' => array('id' => 'trends', 'name' => _('Trends'), 'report_file' => 'os_reports/BusinessAndComplianceISOPCI/Trends.php'), 'iso27002_p_impact' => array('id' => 'iso27002_p_impact', 'name' => _('ISO27002 Potential impact'), 'report_file' => 'os_reports/BusinessAndComplianceISOPCI/ISO27002PotentialImpact.php'), 'iso27001' => array('id' => 'iso27001', 'name' => _('ISO27001'), 'report_file' => 'os_reports/BusinessAndComplianceISOPCI/ISO27001.php')), 'parameters' => array(array('name' => _('Date Range'), 'date_from_id' => 'bc_pci_date_from', 'date_to_id' => 'bc_pci_date_to', 'type' => 'date_range', 'default_value' => array('date_from' => $y . '-' . $m . '-' . $d, 'date_to' => date('Y') . '-' . date('m') . '-' . date('d')))), 'access' => Session::menu_perms('report-menu', 'ReportsReportServer'), 'send_by_email' => 1);
    $reports['siem_report'] = array('report_name' => _('SIEM Events'), 'report_id' => 'siem_report', 'type' => 'pdf', 'subreports' => array('title_page' => array('id' => 'title_page', 'name' => _('Title Page'), 'report_file' => 'os_reports/Common/titlepage.php'), 'top_attacker_host' => array('id' => 'top_attacker_host', 'name' => _('Top 10 Attacker Host'), 'report_file' => 'os_reports/Siem/AttackerHosts.php'), 'top_attacked_host' => array('id' => 'top_attacked_host', 'name' => _('Top 10 Attacked Host'), 'report_file' => 'os_reports/Siem/AttackedHosts.php'), 'used_port' => array('id' => 'used_port', 'name' => _('Top 10 Used Ports'), 'report_file' => 'os_reports/Siem/UsedPorts.php'), 'top_events' => array('id' => 'top_events', 'name' => _('Top 15 Events'), 'report_file' => 'os_reports/Siem/TopEvents.php'), 'events_by_risk' => array('id' => 'events_by_risk', 'name' => _('Top 15 Events by Risk'), 'report_file' => 'os_reports/Siem/TopEventsByRisk.php')), 'parameters' => array(array('name' => _('Date Range'), 'date_from_id' => 'sr_date_from', 'date_to_id' => 'sr_date_to', 'type' => 'date_range', 'default_value' => array('date_from' => $y . '-' . $m . '-' . $d, 'date_to' => date('Y') . '-' . date('m') . '-' . date('d')))), 'access' => Session::menu_perms('analysis-menu', 'EventsForensics'), 'send_by_email' => 1);
    $reports['vulnerabilities_report'] = array('report_name' => _('Vulnerabilities Report'), 'report_id' => 'vulnerabilities_report', 'type' => 'external', 'target' => '_blank', 'link_id' => 'link_vr', 'link' => Menu::get_menu_url('../vulnmeter/lr_respdf.php?ipl=all&scantype=M', 'environment', 'vulnerabilities', 'overview'), 'access' => Session::menu_perms('analysis-menu', 'EventsVulnerabilities'), 'send_by_email' => 0);
    $reports['th_vuln_db'] = array('report_name' => _('Threats & Vulnerabilities Database'), 'report_id' => 'th_vuln_db', 'type' => 'external', 'link_id' => 'link_tvd', 'link' => Menu::get_menu_url('../vulnmeter/threats-db.php', 'environment', 'vulnerabilities', 'threat_database'), 'access' => Session::menu_perms('analysis-menu', 'EventsVulnerabilities'), 'send_by_email' => 0);
    $reports['ticket_status'] = array('report_name' => _('Tickets Status'), 'report_id' => 'ticket_status', 'type' => 'external', 'link_id' => 'link_tr', 'link' => Menu::get_menu_url('../report/incidentreport.php', 'analysis', 'tickets', 'tickets'), 'access' => Session::menu_perms('analysis-menu', 'IncidentsIncidents'), 'send_by_email' => 0);
    $db = new ossim_db();
    $conn = $db->connect();
    $user = Session::get_session_user();
    $session_list = Session::get_list($conn, 'ORDER BY login');
    if (preg_match('/pro|demo/', $conf->get_conf('ossim_server_version')) && !Session::am_i_admin()) {
        $myusers = Acl::get_my_users($conn, Session::get_session_user());
        if (count($myusers) > 0) {
            $is_pro_admin = 1;
        }
    }
    // User Log lists
    if (Session::am_i_admin()) {
        $user_values[''] = array('text' => _('All'));
        if ($session_list) {
            foreach ($session_list as $session) {
                $login = $session->get_login();
                $user_values[$login] = $login == $user ? array('text' => $login, 'selected' => TRUE) : array('text' => $login);
            }
        }
    } elseif ($is_pro_admin) {
        foreach ($myusers as $myuser) {
            $user_values[$myuser['login']] = array('text' => $myuser['login']);
            $user_values[$user] = array('text' => $user, 'selected' => TRUE);
        }
    } else {
        $user_values[$user] = array('text' => $user);
    }
    $code_list = Log_config::get_list($conn, 'ORDER BY descr');
    $action_values[''] = array('text' => _('All'));
    if ($code_list) {
        foreach ($code_list as $code_log) {
            $code_aux = $code_log->get_code();
            $action_values[$code_aux] = array('text' => '[' . sprintf("%02d", $code_aux) . '] ' . _(preg_replace('|%.*?%|', " ", $code_log->get_descr())));
        }
    }
    $reports['user_activity'] = array('report_name' => _('User Activity Report'), 'report_id' => 'user_activity', 'type' => 'external', 'link_id' => 'link_ua', 'link' => Menu::get_menu_url('../userlog/user_action_log.php', 'settings', 'settings', 'user_activity'), 'parameters' => array(array('name' => _('User'), 'id' => 'ua_user', 'type' => 'select', 'values' => $user_values), array('name' => _('Action'), 'id' => 'ua_action', 'type' => 'select', 'values' => $action_values)), 'access' => Session::menu_perms('settings-menu', 'ToolsUserLog'), 'send_by_email' => 0);
    $reports['geographic_report'] = array('report_name' => _('Geographic Report'), 'report_id' => 'geographic_report', 'type' => 'pdf', 'subreports' => array('title_page' => array('id' => 'title_page', 'name' => _('Title Page'), 'report_file' => 'os_reports/Common/titlepage.php'), 'geographic_report' => array('id' => 'geographic_report', 'name' => _('Geographic Report'), 'report_file' => 'os_reports/Various/Geographic.php')), 'parameters' => array(array('name' => _('Date Range'), 'date_from_id' => 'gr_date_from', 'date_to_id' => 'gr_date_to', 'type' => 'date_range', 'default_value' => array('date_from' => $y . '-' . $m . '-' . $d, 'date_to' => date('Y') . '-' . date('m') . '-' . date('d')))), 'access' => Session::menu_perms('analysis-menu', 'EventsForensics'), 'send_by_email' => 1);
    //Sensor list
    $sensor_values[''] = array('text' => ' -- ' . _('Sensors no found') . ' -- ');
    $filters = array('order_by' => 'name');
    $sensor_list = Av_sensor::get_basic_list($conn, $filters);
    $filters = array('order_by' => 'priority desc');
    list($sensor_list, $sensor_total) = Av_sensor::get_list($conn, $filters);
    if ($sensor_total > 0) {
        $sensor_values = array();
        foreach ($sensor_list as $s) {
            $properties = $s['properties'];
            if ($properties['has_nagios']) {
                $sensor_values[$s['ip']] = array('text' => $s['name']);
            }
        }
    }
    /* Nagios link */
    $nagios_link = $conf->get_conf('nagios_link');
    $scheme = empty($_SERVER['HTTPS']) ? 'http://' : 'https://';
    $path = !empty($nagios_link) ? $nagios_link : '/nagios3/';
    $port = !empty($_SERVER['SERVER_PORT']) ? ':' . $_SERVER['SERVER_PORT'] : "";
    $nagios = $port . $path;
    $section_values = array(urlencode($nagios . 'cgi-bin/trends.cgi') => array('text' => _('Trends')), urlencode($nagios . 'cgi-bin/avail.cgi') => array('text' => _('Availability')), urlencode($nagios . 'cgi-bin/histogram.cgi') => array('text' => _('Event Histogram')), urlencode($nagios . 'cgi-bin/history.cgi?host=all') => array('text' => _('Event History')), urlencode($nagios . 'cgi-bin/summary.cgi') => array('text' => _('Event Summary')), urlencode($nagios . 'cgi-bin/notifications.cgi') => array('text' => _('Notifications')), urlencode($nagios . 'cgi-bin/showlog.cgi') => array('text' => _('Performance Info')));
    $reports['availability_report'] = array('report_name' => _('Availability Report'), 'report_id' => 'availability_report', 'type' => 'external', 'link_id' => 'link_avr', 'click' => "nagios_link('avr_nagios_link', 'avr_sensor', 'avr_section');", 'parameters' => array(array('name' => _('Sensor'), 'id' => 'avr_sensor', 'type' => 'select', 'values' => $sensor_values), array('name' => 'Nagioslink', 'id' => 'avr_nagios_link', 'type' => 'hidden', 'default_value' => urlencode($scheme)), array('name' => _('Section'), 'id' => 'avr_section', 'type' => 'select', 'values' => $section_values)), 'access' => Session::menu_perms('environment-menu', 'MonitorsAvailability'), 'send_by_email' => 0);
    $db->close();
    if ($id == NULL) {
        ksort($reports);
        return $reports;
    } else {
        return !empty($reports[$id]) ? $reports[$id] : array();
    }
}
コード例 #24
0
ファイル: custom_cloud.php プロジェクト: jhbsz/ossimTest
 function showWindowContents()
 {
     require_once 'ossim_db.inc';
     require_once 'classes/Event_viewer.inc';
     $dbname = $this->get('cloud_db');
     $link = $this->get('cloud_link');
     $max_len = $this->get('cloud_tag_max_len');
     $resolv_hostname = $this->get('cloud_resolv_ip');
     if (ossim_error()) {
         die(ossim_error());
     }
     $method = $dbname == 'snort' ? 'snort_connect' : 'connect';
     $db = new ossim_db();
     $conn = $db->{$method}();
     // User sensor filtering
     $sensor_where = "";
     if (Session::allowedSensors() != "") {
         $user_sensors = explode(",", Session::allowedSensors());
         $snortsensors = Event_viewer::GetSensorSids($conn);
         $sensor_str = "";
         foreach ($user_sensors as $user_sensor) {
             if (count($snortsensors[$user_sensor]) > 0) {
                 $sensor_str .= $sensor_str != "" ? "," . implode(",", $snortsensors[$user_sensor]) : implode(",", $snortsensors[$user_sensor]);
             }
         }
         if ($sensor_str == "") {
             $sensor_str = "0";
         }
         $sensor_where = " sid in (" . $sensor_str . ")";
     }
     $sql = $this->get('cloud_sql');
     if (!preg_match('/^\\s*\\(?\\s*SELECT\\s/i', $sql) || preg_match('/\\sFOR\\s+UPDATE/i', $sql) || preg_match('/\\sINTO\\s+OUTFILE/i', $sql) || preg_match('/\\sLOCK\\s+IN\\s+SHARE\\s+MODE/i', $sql)) {
         return _("SQL Query invalid due security reasons");
     }
     if ($sensor_where != "") {
         if (preg_match("/where/", $sql)) {
             $sql = str_replace("where", "where " . $sensor_where . " AND ", $sql);
         } else {
             $sql = str_replace("GROUP BY", "where " . $sensor_where . " GROUP BY", $sql);
         }
     }
     //echo "Ejecutando en $dbname: $sql";
     if (!($rs = $conn->Execute($sql))) {
         return "Error was: " . $conn->ErrorMsg() . "\n\nQuery was: " . $sql;
     }
     if ($resolv_hostname) {
         require_once "classes/Host.inc";
     }
     $tags = array();
     while (!$rs->EOF) {
         if ($resolv_hostname) {
             $tag_names[$rs->fields[0]] = Host::ip2hostname($conn, $rs->fields[0], $is_sensor = false, $force_no_dns = true);
         }
         $tags[$rs->fields[0]] = $rs->fields[1];
         $rs->MoveNext();
     }
     $db->close($conn);
     if (!count($tags)) {
         return "";
     }
     // Default font sizes
     $min_font_size = 8;
     $max_font_size = 35;
     $minimum_count = min(array_values($tags));
     $maximum_count = max(array_values($tags));
     $spread = $maximum_count - $minimum_count;
     if ($spread == 0) {
         $spread = 1;
     }
     if ($link == '') {
         $link = '#';
     }
     $cloud_html = '';
     $cloud_tags = array();
     // create an array to hold tag code
     foreach ($tags as $tag => $count) {
         $local_link = str_replace("_TAG_", $tag, $link);
         $local_name = $tag;
         if ($resolv_hostname) {
             $local_name = $tag_names[$tag];
         }
         if ($max_len > 0) {
             $tag = substr($tag, 0, $max_len);
         }
         $size = count($tags) == 1 ? $max_font_size : $min_font_size + ($count - $minimum_count) * ($max_font_size - $min_font_size) / $spread;
         $cloud_tags[] = '<a style="font-size: ' . floor($size) . 'px' . '" class="tag_cloud" href="' . htmlspecialchars($local_link) . '" title="\'' . $tag . '\' returned a count of ' . $count . '">' . htmlspecialchars(stripslashes($local_name)) . '</a>&nbsp;';
     }
     $cloud_html = join("\n", $cloud_tags) . "\n";
     return $cloud_html;
 }
コード例 #25
0
ファイル: event_trends.php プロジェクト: jhbsz/ossimTest
function Logger_trends()
{
    require_once "forensics_stats.inc";
    require_once "../sem/process.inc";
    require_once 'ossim_db.inc';
    global $tz;
    $data = array();
    $db = new ossim_db();
    $dbconn = $db->connect();
    // Get remote logger servers
    list($logger_servers, $ip_to_name, $ip_list, $fcolors, $bcolors, $from_remote, $logger_colors) = get_logger_servers($dbconn);
    $db->close($dbconn);
    foreach ($logger_servers as $ip) {
        if ($ip != "127.0.0.1") {
            $cmd = "sudo /usr/share/ossim/www/sem/fetchremote_graph.pl panel {$tz} {$ip}";
            //echo $cmd;
            exec($cmd, $aux);
            foreach ($aux as $line) {
                if (preg_match("/(.*);(.*)\\=(.*)/", $line, $fnd)) {
                    // 9 12h;192.168.10.1=703
                    if (Session::sensorAllowed($fnd[2])) {
                        $data[$fnd[1]] = trim($fnd[3]);
                    }
                }
            }
        }
    }
    // local server
    $today = gmdate("j");
    $beforeyesterday = gmdate("j", strtotime("-2 day"));
    $yesterday = gmdate("j", strtotime("-1 day"));
    $tomorrow = gmdate("j", strtotime("+1 day"));
    $csy = get_day_csv(gmdate("Y", strtotime("-1 day")), gmdate("m", strtotime("-1 day")), gmdate("d", strtotime("-1 day")));
    $csv = get_day_csv(gmdate("Y"), gmdate("m"), gmdate("d"));
    //print_r($csy); print_r($csv);
    foreach ($csy as $key => $value) {
        $tzhour = $key + $tz;
        $day = $yesterday;
        if ($tzhour < 0) {
            $tzhour += 24;
            $day = $beforeyesterday;
        } elseif ($tzhour > 23) {
            $tzhour -= 24;
            $day = $today;
        }
        $data[$day . " " . $tzhour . "h"] += $value;
    }
    foreach ($csv as $key => $value) {
        $tzhour = $key + $tz;
        $day = $today;
        if ($tzhour < 0) {
            $tzhour += 24;
            $day = $yesterday;
        } elseif ($tzhour > 23) {
            $tzhour -= 24;
            $day = $tomorrow;
        }
        $data[$day . " " . $tzhour . "h"] += $value;
    }
    //print_r($data);
    return $data;
}
コード例 #26
0
function GetOssimHostsFromHostGroups($hostgroup)
{
    $db = new ossim_db();
    $conn = $db->connect();
    $pg = array();
    try {
        $asset_group = new Asset_group($hostgroup);
        $asset_group->load_from_db($conn);
        $_hosts = $asset_group->get_hosts($conn, array(), TRUE);
        $hosts = $_hosts[0];
    } catch (Exception $e) {
        echo $e->getMessage();
        return $pg;
    }
    foreach ($hosts as $hg) {
        $pg[] = $hg[2];
        //  Array ( [0] => ID [1] => CTX [2] => IP [3] => Name )
    }
    $db->close();
    return $pg;
}
コード例 #27
0
function import_assets_from_csv($filename, $iic, $ctx, $import_type)
{
    //Process status
    $summary = array('general' => array('status' => '', 'data' => '', 'statistics' => array('total' => 0, 'warnings' => 0, 'errors' => 0, 'saved' => 0)), 'by_nets' => array());
    $db = new ossim_db();
    $conn = $db->connect();
    $str_data = file_get_contents($filename);
    if ($str_data === FALSE) {
        $summary['general']['status'] = 'error';
        $summary['general']['data']['errors'] = _('Failed to read data from CSV file');
        $summary['general']['statistics']['errors'] = 1;
        return $summary;
    }
    $array_data = preg_split('/\\n|\\r/', $str_data);
    foreach ($array_data as $k => $v) {
        if (trim($v) != '') {
            $data[] = explode('";"', trim($v));
        }
    }
    set_time_limit(360);
    /*********************************************************************************************************************
     * From net section:
     *  - Version 4.x.x: "Netname"*;"CIDRs(CIDR1,CIDR2,...)"*;"Description";"Asset value"*;"Net ID"
     *  - Version 3.x.x: "Netname"*;"CIDRs(CIDR1,CIDR2,...)"*;"Description";"Asset value";"Sensors(Sensor1,Sensor2,...)"*
     *
     * From welcome wizard:
     *  - Version 4.x.x: "Netname"*;"CIDRs(CIDR1,CIDR2,...)"*;"Description"   
     *
     *********************************************************************************************************************/
    //Check file size
    if (count($data) <= 0 || count($data) == 1 && preg_match('/Netname/', $data[0][0])) {
        $summary['general']['status'] = 'error';
        $summary['general']['data'] = _('CSV file is empty');
        $summary['general']['statistics']['errors'] = 1;
        return $summary;
    }
    //Check importation type and headers
    $csv_headers = array();
    if ($import_type == 'networks') {
        if (preg_match('/Net ID/', $data[0][4]) || preg_match('/Sensors/', $data[0][4])) {
            $csv_headers = array_shift($data);
        } else {
            $summary['general']['status'] = 'error';
            $summary['general']['data'] = _('Headers not found');
            $summary['general']['statistics']['errors'] = 1;
            return $summary;
        }
    }
    //Setting total nets to import
    $summary['general']['statistics']['total'] = count($data);
    //Allowed sensors
    $filters = array('where' => "acl_sensors.entity_id = UNHEX('{$ctx}')");
    $a_sensors = Av_sensor::get_basic_list($conn, $filters);
    $sensor_ids = array_keys($a_sensors);
    if (count($sensor_ids) == 0) {
        $summary['general']['status'] = 'error';
        $s_error_msg = Session::is_pro() ? _('There is no sensor for this context') : _('There is no sensor for this net');
        $summary['general']['data'] = $s_error_msg;
        $summary['general']['statistics']['errors'] = 1;
        return $summary;
    }
    Util::disable_perm_triggers($conn, TRUE);
    foreach ($data as $k => $v) {
        //Clean previous errors
        ossim_clean_error();
        $num_line = $k + 1;
        //Set default status
        $summary['by_nets'][$num_line]['status'] = 'error';
        //Check file format
        $cnd_1 = $import_type == 'networks' && count($v) < 5;
        $cnd_2 = $import_type == 'welcome_wizard_nets' && count($v) < 3;
        if ($cnd_1 || $cnd_2) {
            $summary['by_nets'][$num_line]['errors']['Format'] = _('Number of fields is incorrect');
            $summary['general']['statistics']['errors']++;
            continue;
        }
        //Clean values
        $param = array();
        foreach ($v as $field) {
            $parameter = trim($field);
            $pattern = '/^\\"|\\"$|^\'|\'$/';
            $param[] = preg_replace($pattern, '', $parameter);
        }
        //Values
        $is_in_db = FALSE;
        $net_id = '';
        $name = $param[0];
        $cidrs = preg_replace("/[\n\r\t]+/", '', $param[1]);
        $descr = $param[2];
        $asset_value = $param[3] == '' ? 2 : intval($param[3]);
        $sensors = $sensor_ids;
        //Permissions
        $can_i_create_assets = Session::can_i_create_assets();
        $can_i_modify_ips = TRUE;
        //CIDRs
        if (!ossim_valid($cidrs, OSS_IP_CIDR, 'illegal:' . _('CIDR'))) {
            $summary['by_nets'][$num_line]['errors']['CIDRs'] = ossim_get_error_clean();
            $summary['general']['statistics']['errors']++;
            continue;
        }
        //Check Net ID �Is there a net registered in the System?
        $net_ids = Asset_net::get_id_by_ips($conn, $cidrs, $ctx);
        $net_id = key($net_ids);
        if (!empty($net_id)) {
            $is_in_db = TRUE;
        } else {
            $net_id = Util::uuid();
        }
        // Special case: Forced Net ID [Version 4.x.x]
        if ($import_type == 'networks' && preg_match('/Net ID/', $csv_headers[4])) {
            $csv_net_id = strtoupper($param[4]);
            if ($is_in_db == TRUE && $csv_net_id != $net_id) {
                $id_error_msg = _('Net is already registered in the System with another Net ID');
                $summary['by_nets'][$num_line]['errors']['Net'] = $id_error_msg;
                $summary['general']['statistics']['errors']++;
                continue;
            }
        }
        //Netname
        if (!empty($iic)) {
            $name = clean_iic($name);
        }
        if (!ossim_valid($name, OSS_NOECHARS, OSS_NET_NAME, 'illegal:' . _('Netname'))) {
            ossim_clean_error();
            $name = clean_iic($name);
            $name = clean_echars($name);
            $warning_msg = _('Netname has invalid characters') . '<br/>' . _('Netname will be replaced by') . ": <strong>{$name}</strong>";
            $summary['by_nets'][$num_line]['warnings']['Netname'] = $warning_msg;
            $summary['by_nets'][$num_line]['status'] = 'warning';
            $summary['general']['statistics']['warnings']++;
            if (!ossim_valid($name, OSS_NOECHARS, OSS_NET_NAME, 'illegal:' . _('Netname'))) {
                unset($summary['by_nets'][$num_line]['warnings']);
                $summary['general']['statistics']['warnings']--;
                $summary['by_nets'][$num_line]['status'] = 'error';
                $summary['by_nets'][$num_line]['errors']['Netname'] = ossim_get_error_clean();
                $summary['general']['statistics']['errors']++;
                continue;
            }
        }
        //Description
        if (!ossim_valid($descr, OSS_NULLABLE, OSS_AT, OSS_TEXT, '\\t', 'illegal:' . _('Description'))) {
            $summary['by_nets'][$num_line]['errors']['Description'] = ossim_get_error_clean();
            $summary['general']['statistics']['errors']++;
            continue;
        } else {
            if (mb_detect_encoding($descr . ' ', 'UTF-8,ISO-8859-1') == 'UTF-8') {
                $descr = mb_convert_encoding($descr, 'HTML-ENTITIES', 'UTF-8');
            }
        }
        //Sensor
        if ($is_in_db == FALSE) {
            //Only update net sensors with unregistered nets
            if ($import_type == 'networks' && preg_match('/Sensors/', $csv_headers[4])) {
                //Special case: Sensors in CSV file //[Version 3.x.x]
                $sensors = array();
                $_sensors = explode(',', $param[4]);
                if (is_array($_sensors) && !empty($_sensors)) {
                    $_sensors = array_flip($_sensors);
                    if (is_array($a_sensors) && !empty($a_sensors)) {
                        foreach ($a_sensors as $s_id => $s_data) {
                            if (array_key_exists($s_data['ip'], $_sensors)) {
                                $sensors[] = $s_id;
                            }
                        }
                    }
                }
                if (!is_array($sensors) || empty($sensors)) {
                    $s_error_msg = Session::is_pro() ? _('There is no sensors for this context') : _('There is no sensors for this IP');
                    $summary['by_nets'][$num_line]['errors']['Sensors'] = $s_error_msg;
                    $summary['general']['statistics']['errors']++;
                    continue;
                }
            }
        }
        /***********************************************************
         ********** Only for importation from net section **********
         ***********************************************************/
        if ($import_type == 'networks') {
            //Asset
            if (!ossim_valid($asset_value, OSS_DIGIT, 'illegal:' . _('Asset value'))) {
                $summary['by_nets'][$num_line]['errors']['Asset value'] = ossim_get_error_clean();
                $summary['general']['statistics']['errors']++;
                continue;
            }
        }
        //Insert/Update net in database
        if (count($summary['by_nets'][$num_line]['errors']) == 0) {
            try {
                $net = new Asset_net($net_id);
                if ($is_in_db == TRUE) {
                    $net->load_from_db($conn, $net_id);
                    $can_i_modify_ips = Asset_net::can_i_modify_ips($conn, $net_id);
                } else {
                    if ($can_i_create_assets == FALSE) {
                        $n_error_msg = _('Net') . ' ' . $name . ' ' . _("not allowed. You don't have permissions to import this net");
                        $summary['by_nets'][$num_line]['errors']['Net'] = $n_error_msg;
                        $summary['general']['statistics']['errors']++;
                        continue;
                    }
                }
                //Check CIDRs
                if ($can_i_modify_ips == TRUE) {
                    $aux_cidr = explode(',', $cidrs);
                    foreach ($aux_cidr as $cidr) {
                        $net_ids = Asset_net::get_id_by_ips($conn, $cidr, $ctx);
                        unset($net_ids[$net_id]);
                        if (!empty($net_ids)) {
                            $c_error_msg = _('CIDR') . ' ' . $cidrs . ' ' . _("not allowed. CIDR {$cidr} already exists for this entity");
                            $summary['by_nets'][$num_line]['errors']['CIDRs'] = $c_error_msg;
                            $summary['general']['statistics']['errors']++;
                            break;
                        } else {
                            if (Session::get_net_where() != '') {
                                if (!Asset_net::is_cidr_in_my_nets($conn, $cidr, $ctx)) {
                                    $c_error_msg = _('CIDR') . ' ' . $cidrs . ' ' . _("not allowed. CIDR {$cidr} out of range. Check your asset filter");
                                    $summary['by_nets'][$num_line]['errors']['CIDRs'] = $c_error_msg;
                                    $summary['general']['statistics']['errors']++;
                                    break;
                                }
                            }
                        }
                    }
                } else {
                    $c_error_msg = _('Net') . ' ' . $name . ': ' . _("CIDRs not allowed. CIDRs wasn't be modified");
                    $summary['by_nets'][$num_line]['status'] = 'warning';
                    $summary['general']['warnings']['errors']++;
                    $summary['by_nets'][$num_line]['warnings']['CIDRs'] = $c_error_msg;
                }
                //Setting new values
                if (count($summary['by_nets'][$num_line]['errors']) == 0) {
                    $net->set_ctx($ctx);
                    $net->set_name($name);
                    $net->set_descr($descr);
                    if ($is_in_db == FALSE) {
                        if ($can_i_modify_ips == TRUE) {
                            $net->set_ips($cidrs);
                        }
                        $net->set_sensors($sensors);
                    }
                    $net->set_asset_value($asset_value);
                    $net->save_in_db($conn, FALSE);
                    $summary['general']['statistics']['saved']++;
                    $summary['by_nets'][$num_line]['data'] = $is_in_db == TRUE ? _('Net updated') : _('New new inserted');
                    //Keep warnings
                    if ($summary['by_nets'][$num_line]['status'] != 'warning') {
                        $summary['by_nets'][$num_line]['status'] = 'success';
                    }
                }
            } catch (Exception $e) {
                $summary['by_nets'][$num_line]['errors']['Database error'] = $e->getMessage();
                $summary['general']['statistics']['errors']++;
            }
        }
    }
    if ($summary['general']['statistics']['saved'] > 0) {
        if ($summary['general']['statistics']['errors'] == 0) {
            $summary['general']['status'] = 'success';
            $summary['general']['data'] = _('All nets have been imported successfully');
        } else {
            $summary['general']['status'] = 'warning';
            $summary['general']['data'] = _('Some nets could not be imported successfully');
        }
        Util::disable_perm_triggers($conn, FALSE);
        try {
            Asset_net::report_changes($conn, 'nets');
        } catch (Exception $e) {
            error_log($e->getMessage(), 0);
        }
    } else {
        $summary['general']['statistics']['errors'] = count($data);
        //CSV file is not empty, but all lines are wrong
        if (empty($summary['general']['status'])) {
            $summary['general']['status'] = 'error';
            $summary['general']['data'] = _('Nets could not be imported');
        }
    }
    $db->close();
    return $summary;
}
コード例 #28
0
function PrintPredefinedViews()
{
    global $opensource;
    $current_str = $_SESSION['current_cview'] != "default" && $_SESSION['current_cview'] != "" ? Util::htmlentities($_SESSION['current_cview']) : _("Default");
    // Get default view
    require_once "ossim_conf.inc";
    $conf = $GLOBALS["CONF"];
    $idm_enabled = $conf->get_conf("enable_idm") == 1 && Session::is_pro() ? true : false;
    $login = Session::get_session_user();
    $db_aux = new ossim_db(true);
    $conn_aux = $db_aux->connect();
    $config = new User_config($conn_aux);
    $default_view = $config->get($login, 'custom_view_default', 'php', "siem") != "" ? $config->get($login, 'custom_view_default', 'php', "siem") : ($idm_enabled ? 'IDM' : 'default');
    $db_aux->close($conn_aux);
    ?>
    <button id="views_link" class="button av_b_secondary">
        <?php 
    echo _('Change View');
    ?>
 &nbsp;&#x25be;
    </button>

    <div id="custom_views" class="dropdown dropdown-secondary dropdown-close dropdown-tip dropdown-anchor-right dropdown-scrolling" style='display:none'>
        <ul id="custom_views_ul" class="dropdown-menu">
            <?php 
    if (Session::am_i_admin()) {
        ?>
            <li><a href="#" onclick="GB_show('<?php 
        echo _("Edit Current View");
        ?>
','/forensics/custom_view_edit.php?edit=1',480,700);$('#custom_views').hide();return false"><?php 
        echo _("Edit Current View");
        ?>
&nbsp;</a></li>
            <li><a href="#" onclick="GB_show('<?php 
        echo _("Create new custom view");
        ?>
','/forensics/custom_view_edit.php',480,700);$('#custom_views').hide();return false"><?php 
        echo _("Create New View");
        ?>
&nbsp;</a></li>
            <?php 
    }
    foreach ($_SESSION['views'] as $name => $attr) {
        $dname = $name == "default" ? "Default" : $name;
        $selected = $_SESSION['current_cview'] == $name ? "&#x25BA;&nbsp;" : "";
        ?>
                <li><a href="#" onclick="change_view('<?php 
        echo Util::htmlentities($name);
        ?>
');$('#custom_views').hide()"><?php 
        echo $selected . Util::htmlentities($dname);
        ?>
&nbsp;</a></li>
            <?php 
    }
    ?>
        </ul>
    </div>

    <?php 
}
コード例 #29
0
ファイル: titlepage.php プロジェクト: alienfault/ossim
				<table class="w100" cellpadding="0" cellspacing="0">';
    while (!$t_rs->EOF) {
        $filter .= '<tr>
										<td class="nobborder" style="margin-left: 50px; text-align:left;" valign="middle">' . $t_rs->fields['dataV1'] . '</td>
										<td class="nobborder" style="text-align:left; width:120mm" valign="middle">' . $t_rs->fields['dataV2'] . '</td>
									</tr>';
        $t_rs->MoveNext();
    }
    $filter .= '
									
				</table>
			</td>
		</tr>
	</table>';
}
$db->close($conn);
// Font size of Title dinamic by text length
if (strlen($maintitle) > 40) {
    $font_size1 = "20";
    $font_size2 = "28";
} elseif (strlen($maintitle) > 25) {
    $font_size1 = "25";
    $font_size2 = "36";
} else {
    $font_size1 = "30";
    $font_size2 = "42";
}
$report_title = '<table class="w100" style="height:155mm" cellpadding="0" cellspacing="0">
						 <tr>
							<td style="width:180mm;height:165mm;text-align:center;font-size:' . $font_size2 . 'pt;">' . utf8_encode($maintitle) . '</td>
						 </tr>
コード例 #30
0
ファイル: 5.0.0.php プロジェクト: jackpf/ossim-arc
 function end_upgrade($logfile)
 {
     $conn = new ossim_db();
     $db = $conn->connect();
     //
     // PROPERTIES
     //
     $properties = array();
     $db->StartTrans();
     $rs = $db->Execute("SELECT hex(host_id) as id,property_ref,last_modified,source_id,value,extra,tzone FROM alienvault.host_properties WHERE property_ref>0");
     while (!$rs->EOF) {
         $properties[] = $rs->fields;
         $rs->MoveNext();
     }
     $db->Execute("DELETE FROM alienvault.host_properties");
     @file_put_contents($logfile, $db->ErrorMsg(), FILE_APPEND);
     foreach ($properties as $prop) {
         $values = json_decode($prop['value'], true);
         $sql = "INSERT IGNORE INTO alienvault.host_properties (host_id, property_ref, last_modified, source_id, value, extra, tzone) VALUES (UNHEX(?), ? ,? ,? ,? ,? ,?)";
         if (json_last_error() === JSON_ERROR_NONE && is_array($values)) {
             foreach ($values as $value) {
                 if ($prop['property_ref'] == 3) {
                     $value = preg_replace("/\\b(\\w+)\\s+\\1\\b/i", "\$1", preg_replace("/(.*?):(.*)/", "\$1 \$2", $value));
                 } elseif ($prop['property_ref'] == 8) {
                     $value = preg_replace("/\\|/", "@", $value);
                 }
                 $params = array($prop['id'], $prop['property_ref'], $prop['last_modified'], $prop['source_id'], $value, $prop['extra'], $prop['tzone']);
                 $db->Execute($sql, $params);
                 @file_put_contents($logfile, $db->ErrorMsg(), FILE_APPEND);
                 if ($prop['property_ref'] == 3) {
                     break;
                     // Only the first OS
                 }
             }
         } else {
             if ($prop['property_ref'] == 3) {
                 $prop['value'] = preg_replace("/\\b(\\w+)\\s+\\1\\b/i", "\$1", preg_replace("/(.*?):(.*)/", "\$1 \$2", $prop['value']));
             } elseif ($prop['property_ref'] == 8) {
                 $prop['value'] = preg_replace("/\\|/", "@", $prop['value']);
             }
             $params = array($prop['id'], $prop['property_ref'], $prop['last_modified'], $prop['source_id'], $prop['value'], $prop['extra'], $prop['tzone']);
             $db->Execute($sql, $params);
             @file_put_contents($logfile, $db->ErrorMsg(), FILE_APPEND);
         }
     }
     if (!$db->CompleteTrans()) {
         @file_put_contents($logfile, $db->ErrorMsg(), FILE_APPEND);
         return 1;
     }
     $db->Execute("DELETE FROM alienvault.host_properties WHERE value like 'unknown%'");
     @file_put_contents($logfile, $db->ErrorMsg(), FILE_APPEND);
     // HOST SOFTWARE CPE
     $cpes = array();
     $db->StartTrans();
     $rs = $db->Execute("SELECT DISTINCT cpe FROM host_software");
     while (!$rs->EOF) {
         $cpes[] = $rs->fields['cpe'];
         $rs->MoveNext();
     }
     foreach ($cpes as $cpe) {
         $params = array(Asset_host_software::get_software_name_by_cpe($db, $cpe), $cpe);
         $db->Execute("UPDATE host_software SET banner=? WHERE cpe=?", $params);
         @file_put_contents($logfile, $db->ErrorMsg(), FILE_APPEND);
     }
     if (!$db->CompleteTrans()) {
         @file_put_contents($logfile, $db->ErrorMsg(), FILE_APPEND);
         return 1;
     }
     //
     // VULN_JOB_ASSET
     //
     $jobs = array();
     $db->StartTrans();
     $rs = $db->Execute("SELECT id,meth_TARGET FROM alienvault.vuln_job_schedule");
     while (!$rs->EOF) {
         $jobs[] = array('id' => $rs->fields['id'], 'targets' => explode("\n", $rs->fields['meth_TARGET']));
         $rs->MoveNext();
     }
     foreach ($jobs as $job) {
         $db->Execute("DELETE FROM alienvault.vuln_job_assets WHERE job_id=? AND job_type=0", array($job['id']));
         @file_put_contents($logfile, $db->ErrorMsg(), FILE_APPEND);
         foreach ($job['targets'] as $target) {
             if (preg_match("/(.*)#(.*)/", $target, $matches)) {
                 // ADD ASSET_ID
                 $sql = "INSERT IGNORE INTO alienvault.vuln_job_assets (job_id, job_type, asset_id) VALUES (?, 0, UNHEX(?))";
                 $params = array($job['id'], $matches[1]);
                 $db->Execute($sql, $params);
                 @file_put_contents($logfile, $db->ErrorMsg(), FILE_APPEND);
                 if (preg_match("/\\/\\d+/", $matches[2])) {
                     // NETWORK MEMBERS
                     $sql = "INSERT IGNORE INTO alienvault.vuln_job_assets (job_id, job_type, asset_id) SELECT ?, 0, host_id FROM host_net_reference WHERE net_id=UNHEX(?)";
                     $params = array($job['id'], $matches[1]);
                     $db->Execute($sql, $params);
                     @file_put_contents($logfile, $db->ErrorMsg(), FILE_APPEND);
                 }
             }
         }
     }
     if (!$db->CompleteTrans()) {
         @file_put_contents($logfile, $db->ErrorMsg(), FILE_APPEND);
         return 1;
     }
     $conn->close();
     return 0;
 }