$post = FALSE; switch ($_SERVER['REQUEST_METHOD']) { case "GET": foreach ($getParams as $gp) { if (isset($_GET[$gp])) { ${$gp} = Util::htmlentities(escape_sql(trim($_GET[$gp]), $conn)); } else { ${$gp} = ""; } } break; case "POST": $post = TRUE; foreach ($postParams as $pp) { if (isset($_POST[$pp])) { ${$pp} = Util::htmlentities(escape_sql(trim($_POST[$pp]), $conn)); } else { ${$pp} = ""; } } break; } $offset = intval($offset); // latest results table $roffset = intval($roffset); // reports table $sreport = intval($sreport); // to show reports //for autocomplete input $autocomplete_keys = array('hosts_ips', 'nets_cidrs', 'sensors'); $assets = Autocomplete::get_autocomplete($dbconn, $autocomplete_keys);
default: ossim_set_error(_("Error in the 'Quick Search Field' field (missing required field)")); } } ossim_valid($sensor, OSS_HEX, 'illegal:' . _('Sensor')); ossim_valid($sortname, ",", OSS_ALPHA, OSS_SCORE, OSS_NULLABLE, 'illegal:' . _('Order Name')); ossim_valid($sortorder, OSS_LETTER, OSS_SCORE, OSS_NULLABLE, 'illegal:' . _('Sort Order')); ossim_valid($field, OSS_ALPHA, OSS_PUNC, OSS_NULLABLE, 'illegal:' . _('Field')); ossim_valid($page, OSS_DIGIT, 'illegal:' . _('Page')); ossim_valid($rp, OSS_DIGIT, 'illegal:' . _('Rp')); if (ossim_error()) { $db->close(); echo "<rows>\n<page>1</page>\n<total>0</total>\n</rows>\n"; exit; } $sensor = escape_sql($sensor, $conn); $sortname = !empty($sortname) ? $sortname : "hostname"; $sortname = $sortname == 'ip' ? "INET_ATON(ip)" : $sortname; $sortorder = !empty($sortorder) && strtolower($sortorder) == 'desc' ? 'DESC' : 'ASC'; $order = $sortname . " " . $sortorder; $start = ($page - 1) * $rp; $limit = "LIMIT {$start}, {$rp}"; /* Storing the sensor in session to remember the selection in the sensor combo */ $_SESSION['ossec_sensor'] = $sensor; Ossec_agentless::syncronize_ossec_agentless($conn, $sensor); $extra = !empty($where) ? $where . " ORDER BY {$order} {$limit}" : " ORDER BY {$order} {$limit}"; list($agentless_list, $total) = Ossec_agentless::get_list($conn, $sensor, $extra); $xml = "<rows>\n"; $xml .= "<page>{$page}</page>\n"; $xml .= "<total>{$total}</total>\n"; foreach ($agentless_list as $agentless) {
if (empty($order)) $order = POST('sortname'); if (!empty($order)) $order.= (POST('sortorder') == "asc") ? "" : " desc"; */ $search = GET('query'); if (empty($search)) { $search = POST('query'); } $field = POST('qtype'); //ossim_valid($order, OSS_ALPHA, OSS_SPACE, OSS_SCORE, OSS_NULLABLE, 'illegal:' . _("order")); ossim_valid($page, OSS_DIGIT, 'illegal:' . _("page")); ossim_valid($rp, OSS_DIGIT, 'illegal:' . _("rp")); ossim_valid($search, OSS_ALPHA, OSS_PUNC, OSS_NULLABLE, 'illegal:' . _("search")); ossim_valid($field, OSS_ALPHA, OSS_PUNC, OSS_NULLABLE, 'illegal:' . _("field")); if (!empty($search)) { $search = mb_detect_encoding($search . " ", 'UTF-8,ISO-8859-1') == 'UTF-8' ? Util::utf8entities($search) : $search; $search = escape_sql($search, $conn); switch ($field) { case "plugin_sid": $where .= ",plugin_sid WHERE plugin_sid.plugin_id=plugin_reference.plugin_id AND plugin_sid.sid=plugin_reference.plugin_sid AND plugin_sid.name like '%" . $search . "%'"; break; case "plugin_id": $where .= ",plugin WHERE plugin.id=plugin_reference.plugin_id AND plugin.name like '%" . $search . "%'"; break; case "reference_sid": $where .= ",plugin_sid WHERE plugin_sid.plugin_id=plugin_reference.reference_id AND plugin_sid.sid=plugin_reference.reference_sid AND plugin_sid.name like '%" . $search . "%'"; break; case "reference_id": $where .= ",plugin WHERE plugin.id=plugin_reference.reference_id AND plugin.name like '%" . $search . "%'"; break; default: ossim_set_error(_("Error in the 'Quick Search Field' field (missing required field)"));
} else { $company = POST('company'); $department = POST('department'); if ($mode == 'insert') { unset($validate["template_id"]); } } $validation_errors = validate_form_fields('POST', $validate); //Extended validation if (empty($validation_errors['login'])) { //Checking permissions to create or modify users if ($mode == 'insert') { if (!$am_i_admin && !$am_i_proadmin) { $validation_errors['login'] = _("You don't have permission to create users"); } else { $s_login = escape_sql($login, $conn, FALSE); $u_list = Session::get_list($conn, "WHERE login='******'"); if (count($u_list) > 0) { $validation_errors['login'] = _('User login already exists') . '. <br/>' . _('Entered value') . ": '<strong>" . Util::htmlentities($login) . "</strong>'"; } } } else { $condition_1 = $am_i_admin && $login != AV_DEFAULT_ADMIN || $is_my_profile; $condition_2 = $am_i_proadmin && Session::userAllowed($login) == 2; if (!($condition_1 || $condition_2)) { $validation_errors['login'] = _("You don't have permission to modify this user"); } } } //Checking password field requirements if (empty($validation_errors['pass'])) {
function get_version_list($conn, $data) { $response = array(); $model = $data['model']; ossim_valid($model, OSS_NULLABLE, OSS_ALPHA, OSS_PUNC_EXT, 'illegal:' . _("Model")); check_ossim_error(); if (empty($model)) { $items = array(); } else { $model = escape_sql($model, $conn); $items = Software::get_versions_by_cpe($conn, $model, TRUE); } $response['error'] = FALSE; $response['data']['items'] = $items; return $response; }
/** * @param $sql * @param array $values * @return array|bool */ function get_records($sql, $values = array()) { $connection = connect(); if ($connection === FALSE) { return FALSE; } $escaped_sql = escape_sql($connection, $sql, $values); $arr = array(); $result = mysqli_query($connection, $escaped_sql); if ($result === FALSE) { return FALSE; } while ($obj = mysqli_fetch_assoc($result)) { $arr[] = $obj; } mysqli_close($connection); return $arr; }
function plugin_list($conn, $page, $search) { $filters = array(); $filters['limit'] = get_query_limits($page); if ($search != '') { $search = utf8_decode($search); $search = escape_sql($search, $conn); $filters['where'] = " (plugin.name LIKE '%{$search}%' OR plugin.description LIKE '%{$search}%')"; } try { list($plugins, $total) = Asset_host_scan::get_all_plugins($conn, '', $filters, TRUE); } catch (Exception $e) { $return['error'] = TRUE; $return['msg'] = $e->getMessage(); return $return; } if ($total > 0) { $selected = get_selected_values(25); } $list = array(); // Special filter "No Plugin Enabled" PID = 0 if (count($plugins) > 0 && $search == '') { $_chk = $selected[0] != '' ? TRUE : FALSE; $_plugin = array('id' => 0, 'name' => _('No Plugin Enabled'), 'class' => 'italic exclusive', 'checked' => $_chk); $list[] = $_plugin; } //Going through the list to format the elements properly: foreach ($plugins as $p_id => $p_data) { $_chk = $selected[$p_id] != '' ? TRUE : FALSE; $_plugin = array('id' => $p_id, 'name' => ucwords($p_data['name']), 'title' => $p_data['description'], 'checked' => $_chk); $list[] = $_plugin; } $data['total'] = intval($total); $data['list'] = $list; $return['error'] = FALSE; $return['data'] = $data; return $return; }
$class_name = $asset_types[$_POST['asset_type']]; // Check Asset Permission if (method_exists($class_name, 'is_allowed') && !$class_name::is_allowed($conn, $asset_id)) { $error = sprintf(_('Error! %s is not allowed'), ucwords($asset_type)); Av_exception::throw_error(Av_exception::USER_ERROR, $error); } $asset_object = $class_name::get_object($conn, $asset_id); if (array_key_exists($order, $orders_by_columns)) { $order = $orders_by_columns[$order]; } else { $order = "lr.risk"; } // Property filter $filters = array('limit' => "{$from}, {$maxrows}", 'order_by' => "{$order} {$torder}"); if ($search_str != '') { $search_str = escape_sql($search_str, $conn); $filters['where'] = 'p.name LIKE "%' . $search_str . '%"'; } list($vulns, $total) = $asset_object->get_vulnerabilities($conn, '', $filters); } else { Av_exception::throw_error(Av_exception::USER_ERROR, _('Error retrieving information')); } } catch (Exception $e) { $db->close(); Util::response_bad_request($e->getMessage()); } // DATA $data = array(); foreach ($vulns as $_asset_id => $asset_vulns) { $_host_aux = Asset_host::get_object($conn, $_asset_id); foreach ($asset_vulns as $vuln) {
require_once 'av_init.php'; Session::logcheck("environment-menu", "PolicyHosts"); // Close session write for real background loading session_write_close(); $asset_id = GET('asset_id'); $service = GET('service'); $port = GET('port'); ossim_valid($asset_id, OSS_HEX, 'illegal: ' . _('Asset ID')); ossim_valid($service, OSS_ALPHA, OSS_PUNC_EXT, 'illegal: ' . _('Service name')); ossim_valid($port, OSS_DIGIT, 'illegal: ' . _('Port number')); if (ossim_error()) { throw new Exception(ossim_get_error_clean()); } $db = new ossim_db(); $conn = $db->connect(); $filters = array('where' => "h.id = UNHEX('{$asset_id}') AND host_services.port = {$port} AND host_services.service = '" . escape_sql($service, $conn) . "'"); $_list_data = Asset_host_services::get_list($conn, $filters); $services = $_list_data[0]; if (empty($services[$asset_id][0])) { $db->close(); throw new Exception(_('Service not found')); } $service_data = $services[$asset_id][0]; $_host_aux = Asset_host::get_object($conn, $asset_id); $_ips_aux = array_keys($_host_aux->get_ips()->get_ips()); $_ctx_aux = $_host_aux->get_ctx(); $vulns = Asset_host_services::get_vulns_by_service($conn, $_ips_aux, $_ctx_aux, $service, $port); // Not matching with software_cpe, but cpe found in version field if ($service_data['cpe'] == '' && preg_match('/cpe\\:/', $service_data['version'])) { $service_data['cpe'] = $service_data['version']; $service_data['version'] = '';
$selection_type = POST('selection_type'); $selection_filter = POST('selection_filter'); $s_list = POST('items'); $db = new ossim_db(); $conn = $db->connect(); if ($selection_type == 'filter') { if (empty($selection_filter)) { $toggle_all = TRUE; } else { ossim_valid($selection_filter, OSS_INPUT, 'illegal: ' . _('Selection filter')); if (ossim_error()) { $db->close(); Util::response_bad_request(ossim_get_error_clean()); } //Getting properties $selection_filter = escape_sql($selection_filter, $conn); //Create asset object $asset_host = new Asset_host($conn, $asset_id); $filters = array('where' => 'AND service LIKE "%' . $selection_filter . '%"'); list($s_list, ) = $asset_host->get_services($conn, $filters); } } $data['status'] = 'success'; $data['data'] = _('Your changes have been saved'); if ($toggle_all == TRUE) { if (!valid_hex32($asset_id)) { $db->close(); Util::response_bad_request(_('Error! Asset ID not allowed. Your changes could not be saved')); } else { try { Asset_host_services::toggle_nagios($conn, $asset_id, $nagios);
function service_list($conn, $page, $search) { $return['error'] = TRUE; $return['msg'] = ''; $filters = array(); $filters['limit'] = get_query_limits($page); $filters['order_by'] = 'port'; if ($search != '') { $search = utf8_decode($search); $search = escape_sql($search, $conn); $filters['where'] = " (s.port LIKE '%{$search}%' OR p.name LIKE '%{$search}%' OR s.service LIKE '%{$search}%') "; } try { list($services, $total) = Asset_host_services::get_services_available($conn, $filters, TRUE); } catch (Exception $e) { $return['error'] = TRUE; $return['msg'] = $e->getMessage(); return $return; } if ($total > 0) { $selected = get_selected_values(10); } $list = array(); //Going through the list to format the elements properly: foreach ($services as $service) { $_serv = array(); $id = $service['port'] . ';' . $service['protocol'] . ';' . $service['service']; $md5 = md5($id); $name = $service['port'] . '/' . $service['prot_name'] . ' (' . $service['service'] . ')'; $_chk = $selected[$md5] != '' ? TRUE : FALSE; $_serv = array('id' => $id, 'name' => Util::utf8_encode2($name), 'checked' => $_chk); $list[$md5] = $_serv; } $data['total'] = intval($total); $data['list'] = $list; $return['error'] = FALSE; $return['data'] = $data; return $return; }
</div> <?php } } elseif ($rule->category) { // Can not redeclare class Category. Must do queries... $query = "SELECT name FROM category WHERE id = " . $rule->category; $rs = $conn->Execute($query); if (!$rs) { echo "<i>" . _("Category Unknown") . "</i>"; } else { if (!$rs->EOF) { echo _("Category") . ": <strong>" . $rs->fields['name'] . "</strong>"; } } if ($rule->subcategory) { $p_subc = escape_sql($rule->subcategory, $conn); $query = "SELECT name FROM subcategory WHERE cat_id=" . intval($rule->category) . " AND id IN({$p_subc})"; $rs = $conn->Execute($query); if (!$rs) { echo "/<i>" . _("SubCategory Unknown") . "</i>"; } else { $subcat = array(); while (!$rs->EOF) { $subcat[] = $rs->fields['name']; $rs->MoveNext(); } echo "/<strong>" . implode(', ', $subcat) . "</strong>"; } } } ?>
function search($page, $kw, $cve, $family, $risk, $start_date, $end_date) { global $dbconn; $dbconn->SetFetchMode(ADODB_FETCH_BOTH); $Limit = 20; $risks = array("7" => _("Info"), "6" => _("Low"), "3" => _("Medium"), "2" => _("High"), "1" => _("Serious")); $query = "SELECT name FROM vuln_nessus_family WHERE id={$family}"; $result = $dbconn->execute($query); list($family_name) = $result->fields; if ($kw == "") { $txt_kw = "All"; } else { $txt_kw = $kw; } if ($cve == "") { $txt_cve = "All"; } else { $txt_cve = $cve; } if ($family_name == "") { $txt_family = "All"; } else { $txt_family = $family_name; } if ($risk == "") { $txt_risk = "All"; } else { $txt_risk = $risks[$risk]; } if ($start_date == "") { $txt_start_date = "All"; } else { $txt_start_date = $start_date; } if ($end_date == "") { $txt_end_date = "All"; } else { $txt_end_date = $end_date; } echo ' <table style="margin-top:10px;" class="t_width noborder"> <tr> <td class="table_header"> <div class="c_back_button"> <input type="button" class="av_b_back" onclick="document.location.href=\'threats-db.php?start_date=' . urlencode($start_date) . '&end_date=' . urlencode($end_date) . '&kw=' . urlencode($kw) . '&risk=' . urlencode($risk) . '&scve=' . urlencode($cve) . '\';return false;"/> </div> <div class="sec_title"> ' . _("Search results for this criteria") . ' </div> </td> </tr> </table> <table cellpadding="0" cellspacing="0" class="transparent" align="center" width="100%"> <tr><th>' . gettext("Start Date") . '</th><th>' . gettext("End Date") . '</th><th>' . gettext("Keywords") . '</th><th>' . gettext("CVE Id") . '</th><th>' . gettext("Family") . '</th><th>' . gettext("Risk Factor") . '</th></tr> <tr> <td class="nobborder" style="text-align:center;">' . Util::htmlentities($txt_start_date) . '</td> <td class="nobborder" style="text-align:center;">' . Util::htmlentities($txt_end_date) . '</td> <td class="nobborder" style="text-align:center;">' . Util::htmlentities($txt_kw) . '</td> <td class="nobborder" style="text-align:center;">' . Util::htmlentities($txt_cve) . '</td> <td class="nobborder" style="text-align:center;">' . Util::htmlentities($txt_family) . '</td> <td class="nobborder" style="text-align:center;">' . Util::htmlentities($txt_risk) . '</td> </tr> </table> <br> <table class="table_list"> '; $query_filter = "WHERE 1=1 "; if ($kw != "") { $skw = escape_sql($kw, $dbconn); $query_filter .= "AND ( t1.summary LIKE '%{$skw}%' OR t1.cve_id LIKE '%{$skw}%' OR t2.name LIKE '%{$skw}%' OR CONCAT(t2.name, ' - ', t1.summary) LIKE '%{$skw}%' )"; } if ($cve != "") { $cve2 = preg_replace("/cve-/i", "CVE ", $cve); $query_filter .= "AND ( t1.cve_id LIKE '%{$cve}%' OR t1.cve_id LIKE '%{$cve2}%')"; } if ($family != "") { $query_filter .= "AND t1.family = '{$family}'"; } if ($risk != "") { $query_filter .= "AND t1.risk = '{$risk}'"; } if ($start_date != "") { $query_filter .= " AND CONVERT(t1.created,UNSIGNED) >= " . str_replace("-", "", $start_date) . "000000"; } if ($end_date != "") { $query_filter .= " AND CONVERT(t1.created,UNSIGNED) <= " . str_replace("-", "", $end_date) . "235959"; } $query_filter = ltrim($query_filter, "AND "); if ($query_filter == "") { $query_filter = "1"; } if (!preg_match("/t2/", $query_filter)) { $query = "SELECT count( t1.id ) FROM vuln_nessus_plugins t1 {$query_filter}"; } else { $query = "SELECT count( t1.id ) FROM vuln_nessus_plugins t1 LEFT JOIN vuln_nessus_family t2 ON t1.family = t2.id {$query_filter}"; } $result = $dbconn->execute($query); list($numrec) = $result->fields; if ($numrec > 0) { $numpages = intval($numrec / $Limit); } else { $numpages = 1; } if ($numrec % $Limit) { $numpages++; } // add one page if remainder if ($page > 0) { $previous = $page - 1; } else { $previous = -1; } if ($numpages > $page) { $next = $page + 1; } else { $next = -1; } $offset = ($page - 1) * $Limit; $query = "SELECT t1.cve_id, t1.id, t1.risk, t1.created, t2.name, t1.summary \n FROM vuln_nessus_plugins t1 LEFT JOIN vuln_nessus_family t2 on t1.family=t2.id\n {$query_filter} LIMIT {$offset},{$Limit}"; //echo "query=$query<br>"; $result = $dbconn->execute($query); if (!$result->EOF) { echo <<<EOT <form action="threats-db.php" method="post"> <INPUT TYPE=HIDDEN NAME="disp" VALUE="search"> <INPUT TYPE=HIDDEN NAME="page" VALUE="{$page}"> <INPUT TYPE=HIDDEN NAME="kw" VALUE="{$kw}"> <INPUT TYPE=HIDDEN NAME="family" VALUE="{$family}"> <INPUT TYPE=HIDDEN NAME="risk" VALUE="{$risk}"> <INPUT TYPE=HIDDEN NAME="start_date" VALUE="{$start_date}"> <INPUT TYPE=HIDDEN NAME="end_date" VALUE="{$end_date}"> <INPUT TYPE=HIDDEN NAME="cve" VALUE="{$cve}"> <table id="results-table" class="table_list" cellpadding="0" cellspacing="0" width="100%" align="center"> EOT; echo "<tr><th sort:format=\"int\" align=\"center\">" . gettext("ID") . "</th>"; echo "<th sort:format=\"int\" align=\"center\">" . gettext("Risk") . "</th>"; echo "<th sort:format=\"int\" align=\"center\">" . gettext("Defined On") . "</th>"; echo "<th sort:format=\"str\" align=\"left\">" . gettext("Threat Family & Summary") . "</th>"; echo "<th>" . gettext("CVE Id") . "</th>"; echo "</tr>"; $color = 0; while (!$result->EOF) { list($cve_id, $pid, $prisk, $pcreated, $pfamily, $psummary) = $result->fields; //<a href=\"lookup.php?id=$pid\" atest=\"ids\">$pid</a> $dt_pcreated = gen_strtotime($pcreated, ""); echo "<tr>\n <td sort:by=\"18606\" style=\"padding:3px\" align=\"center\" valign=\"top\">\n <a href='javascript:;' style='text-decoration:none;' lid='" . $pid . "' class='scriptinfo'>" . $pid . "</a>\n </td>\n <td sort:by=\"4\" align=\"center\" valign=\"top\">\n <img src=\"./images/risk" . $prisk . ".gif\" style=\"margin-top:3px;width: 25px; height: 10px; border: 1px solid\" />\n </td>\n <td sort:by=\"1120546800\" align=\"center\" valign=\"top\">\n {$dt_pcreated}\n </td>\n <td style=\"text-align:left;\" sort:by=\"Gentoo Local Checks\" valign=\"top\">\n <strong>{$pfamily}</strong> - {$psummary}\n </td>\n <td>"; if ($cve_id == "") { echo "-"; } else { $listcves = explode(",", $cve_id); foreach ($listcves as $c) { $c = trim($c); $c = preg_replace("/cve\\s+/i", "CVE-", $c); echo "<a href='http://www.cvedetails.com/cve/{$c}/' target='_blank'>{$c}</a><br>"; } } echo "</td></tr>"; $result->MoveNext(); $color++; } echo '</table>'; $istatus = $next > 0 ? '' : 'disabled="disabled"'; $dstatus = $previous > 0 ? '' : 'disabled="disabled"'; echo '<input type="submit" name="increment" value="' . _("Next >") . '" class="av_b_transparent fright" ' . $istatus . '>'; echo '<input type="submit" name="decrement" value="' . _("< Previous") . '" class="av_b_transparent fright"' . $dstatus . '>'; echo "</form>"; } else { echo "<div class=\"center\"><a href=\"threats-db.php?start_date={$start_date}&end_date={$end_date}&kw={$kw}&risk={$risk}&scve={$cve}\">" . _("No results found, try to change the search parameters") . "</a></div>"; } echo "</td></tr></table></center>"; }
* along with this package; if not, write to the Free Software * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, * MA 02110-1301 USA * * * On Debian GNU/Linux systems, the complete text of the GNU General * Public License can be found in `/usr/share/common-licenses/GPL-2'. * * Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt * */ require_once 'av_init.php'; Session::logcheck("analysis-menu", "ControlPanelAlarms"); $q = strtolower(GET("q")); ossim_valid($q, OSS_TEXT, 'illegal:' . _("Query")); // Empty results when error in validation if (ossim_error()) { exit; } $db = new ossim_db(); $conn = $db->connect(); $q = escape_sql($q, $conn); $sql = "SELECT DISTINCT sid, plugin_id, name FROM plugin_sid WHERE lower(name) LIKE '%{$q}%';"; if (!($rs = $conn->Execute($sql))) { Av_exception::throw_error(Av_exception::DB_ERROR, $conn->ErrorMsg()); } else { while (!$rs->EOF) { echo $rs->fields["plugin_id"] . "-" . $rs->fields["sid"] . "###" . $rs->fields["name"] . "\n"; $rs->MoveNext(); } }
ossim_valid($asset_filter, OSS_NULLABLE, OSS_NOECHARS, OSS_ALPHA, OSS_SCORE, OSS_PUNC, '()', 'illegal:' . _('Asset filter')); ossim_valid($sensor_id, OSS_HEX, 'illegal:' . _('Sensor ID')); if (!ossim_error()) { $_assets = array(); $db = new ossim_db(); $conn = $db->connect(); $q_where = "hsr.host_id = host.id AND hsr.sensor_id=UNHEX('{$sensor_id}')\n AND NOT exists (select 1 FROM hids_agents ha WHERE ha.host_id = host.id)"; if (!empty($asset_filter)) { $pos = strpos($asset_filter, ' '); if ($pos === FALSE) { $asset_filter = escape_sql($asset_filter, $conn, TRUE); $asset_name = $asset_filter; $asset_ip = $asset_filter; $q_where .= " AND (host.hostname LIKE '%{$asset_name}%' OR INET6_NTOA(hi.ip) LIKE '%{$asset_ip}%')"; } else { $aux_asset_filter = explode(' ', $asset_filter, 2); $asset_name = $aux_asset_filter[0]; $asset_ip = str_replace(array('(', ')'), '', $aux_asset_filter[1]); $asset_name = escape_sql($asset_name, $conn, TRUE); $asset_ip = escape_sql($asset_ip, $conn, TRUE); $q_where .= " AND (host.hostname LIKE '%{$asset_name}%' AND INET6_NTOA(hi.ip) LIKE '%{$asset_ip}%')"; } } $q_filters = array('where' => $q_where, 'limit' => 20); $_assets = Asset_host::get_list_tree($conn, ', host_sensor_reference hsr', $q_filters); $db->close(); $assets = array(); foreach ($_assets as $asset_id => $asset_data) { echo $asset_id . '###' . $asset_data[2] . '###' . $asset_data[3] . '###' . $asset_data[3] . ' (' . $asset_data[2] . ")\n"; } }
function ProcessCriteria() { global $db, $join_sql, $perms_sql, $where_sql, $criteria_sql, $sql, $debug_mode, $caller, $DBtype; /* XXX-SEC */ global $cs, $timetz; /* the JOIN criteria */ $ip_join_sql = " LEFT JOIN iphdr ON acid_event.sid=iphdr.sid AND acid_event.cid=iphdr.cid "; // *************** DEPRECATED: TCP UDP ICMP join ********************* //$tcp_join_sql = " LEFT JOIN tcphdr ON acid_event.sid=tcphdr.sid AND acid_event.cid=tcphdr.cid "; //$udp_join_sql = " LEFT JOIN udphdr ON acid_event.sid=udphdr.sid AND acid_event.cid=udphdr.cid "; //$icmp_join_sql = " LEFT JOIN icmphdr ON acid_event.sid=icmphdr.sid AND acid_event.cid=icmphdr.cid "; $rawip_join_sql = " LEFT JOIN iphdr ON acid_event.sid=iphdr.sid AND acid_event.cid=iphdr.cid "; $sig_join_sql = " LEFT JOIN alienvault.plugin_sid ON acid_event.plugin_id=plugin_sid.plugin_id AND acid_event.plugin_sid=plugin_sid.sid "; $sig_join = false; $sig_join_tmp = ""; $data_join_sql = ""; //SQL_CALC_FOUND_ROWS $sql = "SELECT acid_event.*, HEX(acid_event.ctx) AS ctx, HEX(acid_event.src_host) AS src_host, HEX(acid_event.dst_host) AS dst_host, HEX(acid_event.src_net) AS src_net, HEX(acid_event.dst_net) AS dst_net FROM acid_event"; $where_sql = " WHERE "; //$where_sql = ""; // $criteria_sql = " acid_event.sid > 0"; // Initially show last 24hours events if ($_GET['time_range'] == "") { $criteria_sql = " ( timestamp >='" . gmdate("Y-m-d", $timetz) . "' ) "; } else { $criteria_sql = " 1 "; } //$criteria_sql = " ( timestamp <= CURDATE() ) "; //$criteria_sql = " 1 "; $join_sql = ""; $use_ac = true; // Use ac_acid_event or not $sfilter = false; $criteria_sql_ac = $criteria_sql; /* ********************** Meta Criteria ******************************************** */ $sig = $cs->criteria['sig']->criteria; $sig_type = $cs->criteria['sig']->sig_type; $sig_class = $cs->criteria['sig_class']->criteria; $sig_priority = $cs->criteria['sig_priority']->criteria; $ag = $cs->criteria['ag']->criteria; $sensor = $cs->criteria['sensor']->criteria; $sensor_op = $cs->criteria['sensor']->param ? "not in" : "in"; $plugin = $cs->criteria['plugin']->criteria; $plugingroup = $cs->criteria['plugingroup']->criteria; $networkgroup = $cs->criteria['networkgroup']->criteria; $userdata = $cs->criteria['userdata']->criteria; $idm_username = $cs->criteria['idm_username']->criteria; $idm_hostname = $cs->criteria['idm_hostname']->criteria; $idm_domain = $cs->criteria['idm_domain']->criteria; $sourcetype = $cs->criteria['sourcetype']->criteria; $category = $cs->criteria['category']->criteria; $rep = $cs->criteria['rep']->criteria; $otx = $cs->criteria['otx']->criteria; $time = $cs->criteria['time']->GetUTC(); $real_time = $cs->criteria['time']->criteria; //print_r($time); $time_cnt = $cs->criteria['time']->GetFormItemCnt(); $hostid = $cs->criteria['hostid']->criteria; $netid = $cs->criteria['netid']->criteria; $ctx = $cs->criteria['ctx']->criteria; $device = $cs->criteria['device']->criteria; $ip_addr = $cs->criteria['ip_addr']->criteria; $ip_addr_cnt = $cs->criteria['ip_addr']->GetFormItemCnt(); $layer4 = $cs->criteria['layer4']->criteria; $ip_field = $cs->criteria['ip_field']->criteria; $ip_field_cnt = $cs->criteria['ip_field']->GetFormItemCnt(); $tcp_port = $cs->criteria['tcp_port']->criteria; $tcp_port_cnt = $cs->criteria['tcp_port']->GetFormItemCnt(); // DEPRECATED tcp flags //$tcp_flags = $cs->criteria['tcp_flags']->criteria; //$tcp_field = $cs->criteria['tcp_field']->criteria; //$tcp_field_cnt = $cs->criteria['tcp_field']->GetFormItemCnt(); $udp_port = $cs->criteria['udp_port']->criteria; $udp_port_cnt = $cs->criteria['udp_port']->GetFormItemCnt(); // DEPRECATED udp field icmp field //$udp_field = $cs->criteria['udp_field']->criteria; //$udp_field_cnt = $cs->criteria['udp_field']->GetFormItemCnt(); //$icmp_field = $cs->criteria['icmp_field']->criteria; //$icmp_field_cnt = $cs->criteria['icmp_field']->GetFormItemCnt(); $rawip_field = $cs->criteria['rawip_field']->criteria; $rawip_field_cnt = $cs->criteria['rawip_field']->GetFormItemCnt(); $data = $cs->criteria['data']->criteria; $data_cnt = $cs->criteria['data']->GetFormItemCnt(); $data_encode = $cs->criteria['data']->data_encode; //$data_encode[0] = "ascii"; $data_encode[1] = "hex"; /* OSSIM */ $ossim_type = $cs->criteria['ossim_type']->criteria; $ossim_priority = $cs->criteria['ossim_priority']->criteria; $ossim_reliability = $cs->criteria['ossim_reliability']->criteria; $ossim_asset_dst = $cs->criteria['ossim_asset_dst']->criteria; $ossim_risk_a = $cs->criteria['ossim_risk_a']->criteria; $tmp_meta = ""; /* Sensor */ if ($sensor != "" && $sensor != " ") { $tmp_meta = $tmp_meta . " AND acid_event.device_id {$sensor_op} ( " . preg_replace("/^\\!/", "", $sensor) . " )"; } else { $cs->criteria['sensor']->Set(""); } /* Device */ if ($device != "") { $_ip = bin2hex(inet_pton($device)); $tmp_meta .= " AND acid_event.device_id IN (SELECT id FROM device WHERE device_ip=UNHEX('" . $_ip . "'))"; } /* Plugin */ if ($plugin != "" && $plugin != " ") { if (preg_match("/(\\d+)\\-(\\d+)/", $plugin, $match)) { $tmp_meta = $tmp_meta . " AND acid_event.plugin_id between " . $match[1] . " and " . $match[2]; } else { $tmp_meta = $tmp_meta . " AND acid_event.plugin_id in (" . $plugin . ")"; } $sfilter = true; } /* Plugin Group */ if ($plugingroup != "" && $plugingroup != " ") { $pg_ids = QueryOssimPluginGroup($plugingroup); if ($pg_ids != "") { $tmp_meta = $tmp_meta . " AND ({$pg_ids}) "; } else { $tmp_meta = $tmp_meta . " AND (acid_event.plugin_id=-1 AND acid_event.plugin_sid=-1)"; } $sfilter = true; } /* Network Group */ if ($networkgroup != "" && $networkgroup != " ") { $ng_ids = QueryOssimNetworkGroup($networkgroup); if ($ng_ids != "") { $tmp_meta = $tmp_meta . " AND ({$ng_ids}) "; $use_ac = false; } } /* User Data */ //echo "User Data:$userdata"; $rpl = array('EQ' => '=', 'NE' => '!=', 'LT' => '<', 'LOE' => '<=', 'GT' => '>', 'GOE' => '>='); if (trim($userdata[2]) != "") { $q_like = $userdata[1] == 'like' ? TRUE : FALSE; $_q = parenthesis_encode(escape_sql($userdata[2], $db->DB, $q_like)); $sql = "SELECT acid_event.*, HEX(acid_event.ctx) AS ctx, HEX(acid_event.src_host) AS src_host, \n HEX(acid_event.dst_host) AS dst_host, HEX(acid_event.src_net) AS src_net, \n HEX(acid_event.dst_net) AS dst_net,extra_data.* \n FROM acid_event"; $data_join_sql .= ",extra_data "; $_nq = is_numeric($_q) ? $_q : "'" . $_q . "'"; $flt = "extra_data." . $userdata[0] . " " . strtr($userdata[1], $rpl) . " " . ($userdata[1] == "like" ? "'%" . $_q . "%'" : $_nq); $tmp_meta .= " AND acid_event.id=extra_data.event_id AND ({$flt})"; $use_ac = FALSE; } /* IDM */ if (trim($idm_username[0]) != '' || trim($idm_domain[0]) != '') { $data_join_sql .= ",idm_data "; $tmp_meta .= " AND acid_event.id=idm_data.event_id"; $use_ac = FALSE; } if ($idm_username[0] != '') { $_q = parenthesis_encode(escape_sql($idm_username[0], $db->DB)); if ($idm_username[1] == "both") { $tmpcrit = "idm_data.username='******'"; } else { $tmpcrit = "(idm_data.username='******' AND idm_data.from_src=" . ($idm_username[1] == "src" ? "1" : "0") . ")"; } $tmp_meta .= " AND {$tmpcrit}"; } if ($idm_domain[0] != '') { $_q = parenthesis_encode(escape_sql($idm_domain[0], $db->DB)); if ($idm_domain[1] == "both") { $tmpcrit = "idm_data.domain='" . $_q . "'"; } else { $tmpcrit = "(idm_data.domain='" . $_q . "' AND idm_data.from_src=" . ($idm_domain[1] == "src" ? "1" : "0") . ")"; } $tmp_meta .= " AND {$tmpcrit}"; } if ($idm_hostname[0] != '') { $_q = parenthesis_encode(escape_sql($idm_hostname[0], $db->DB)); if ($idm_hostname[1] == "both") { $tmpcrit = "(acid_event.src_hostname='" . $_q . "' OR acid_event.dst_hostname='" . $_q . "')"; } else { $tmpcrit = "acid_event." . $idm_hostname[1] . "_hostname='" . $_q . "'"; } $tmp_meta .= " AND {$tmpcrit}"; $use_ac = FALSE; } /* OTX */ $otx_data = trim($otx[0]) != "" || trim($otx[1]) != "" ? true : false; if ($otx_data) { $data_join_sql .= ",otx_data"; $tmp_meta .= " AND acid_event.id=otx_data.event_id"; $use_ac = false; } # Pulse id if (trim($otx[0]) != "") { $tmp_meta .= " AND otx_data.pulse_id=unhex('" . $otx[0] . "')"; } /* Reputation */ $rep_data = trim($rep[0]) != "" || trim($rep[1]) != "" ? true : false; if ($rep_data) { $data_join_sql .= ",reputation_data"; $tmp_meta .= " AND acid_event.id=reputation_data.event_id"; $use_ac = false; } # Reputation Activity if (intval($rep[0])) { $aname = GetActivityName(intval($rep[0]), $db); $tmp_meta .= " AND (reputation_data.rep_act_src like '%" . str_replace("'", "\\'", $aname) . "%' OR reputation_data.rep_act_dst like '%" . str_replace("'", "\\'", $aname) . "%')"; } # Reputation Severity if (trim($rep[1]) != "") { switch ($rep[1]) { case "High": $tmpcrit = "(reputation_data.rep_prio_src>6 OR reputation_data.rep_prio_dst>6)"; break; case "Medium": $tmpcrit = "(reputation_data.rep_prio_src in (3,4,5,6) OR reputation_data.rep_prio_dst in (3,4,5,6))"; break; case "Low": $tmpcrit = "(reputation_data.rep_prio_src in (0,1,2) OR reputation_data.rep_prio_dst in (0,1,2))"; break; default: $tmpcrit = "(reputation_data.rep_prio_src>0 OR reputation_data.rep_prio_dst>0)"; } $tmp_meta .= " AND {$tmpcrit}"; } /* Source Type */ if (trim($sourcetype) != "") { $tmp_meta = $tmp_meta . " AND acid_event.plugin_id in (" . GetPluginListBySourceType($sourcetype) . ")"; } /* Category */ if ($category[0] != 0) { $sig_join = true; $tmp_meta = $tmp_meta . GetPluginListByCategory($category); } /* Signature */ if (isset($sig[0]) && $sig[0] != " " && $sig[0] != "" && (isset($sig[1]) && $sig[1] != "")) { if ($sig_type == 1) { // sending sig[1]=plugin_id;plugin_sid $sfilter = true; $pidsid = preg_split("/[\\s;]+/", $sig[1]); $tmp_meta = $tmp_meta . " AND (acid_event.plugin_id=" . intval($pidsid[0]) . " AND acid_event.plugin_sid=" . intval($pidsid[1]) . ")"; } else { // free string //$sig_join_tmp = QueryOssimSignatureTmpTable($sig[1], $sig[0], $sig[2]); $sig_ids = QueryOssimSignature($sig[1], $sig[0], $sig[2], $db->DB); $sig_join = true; $tmp_meta = $tmp_meta . " AND ({$sig_ids})"; } } else { $cs->criteria['sig']->Set(""); } /* * OSSIM Code */ /* OSSIM Type */ if ($ossim_type[1] != " " && $ossim_type[1] != "" && $ossim_type[1] != "0") { $tmp_meta = $tmp_meta . " AND acid_event.ossim_type = '" . $ossim_type[1] . "'"; $use_ac = false; } else { if ($ossim_type[1] == "0") { $tmp_meta = $tmp_meta . " AND (acid_event.ossim_type is null OR acid_event.ossim_type = '0')"; $use_ac = false; } else { $cs->criteria['ossim_type']->Set(""); } } /* OSSIM Priority */ if ($ossim_priority[1] != " " && $ossim_priority[1] != "" && $ossim_priority[1] != "0") { $tmp_meta = $tmp_meta . " AND acid_event.ossim_priority " . $ossim_priority[0] . " '" . $ossim_priority[1] . "'"; $use_ac = false; } else { if ($ossim_priority[1] == "0") { $use_ac = false; $tmp_meta = $ossim_priority[0] == "=" ? $tmp_meta . " AND (acid_event.ossim_priority is null OR acid_event.ossim_priority = '0')" : ($tmp_meta = $tmp_meta . " AND acid_event.ossim_priority " . $ossim_priority[0] . " '" . $ossim_priority[1] . "'"); } else { $cs->criteria['ossim_priority']->Set(""); } } /* OSSIM Reliability */ if ($ossim_reliability[1] != " " && $ossim_reliability[1] != "" && $ossim_reliability[1] != "0") { $tmp_meta = $tmp_meta . " AND acid_event.ossim_reliability " . $ossim_reliability[0] . " '" . $ossim_reliability[1] . "'"; $use_ac = false; } else { if ($ossim_reliability[1] == "0") { $tmp_meta = $ossim_reliability[0] == "=" ? $tmp_meta . " AND (acid_event.ossim_reliability is null OR acid_event.ossim_reliability = '0')" : $tmp_meta . " AND acid_event.ossim_reliability " . $ossim_reliability[0] . " '" . $ossim_reliability[1] . "'"; $use_ac = false; } else { $cs->criteria['ossim_reliability']->Set(""); } } /* OSSIM Asset DST */ if ($ossim_asset_dst[1] != " " && $ossim_asset_dst[1] != "" && $ossim_asset_dst[1] != "0") { $tmp_meta = $tmp_meta . " AND acid_event.ossim_asset_dst " . $ossim_asset_dst[0] . " '" . $ossim_asset_dst[1] . "'"; $use_ac = false; } else { if ($ossim_asset_dst[1] == "0") { $tmp_meta = $ossim_asset_dst[0] == "=" ? $tmp_meta . " AND (acid_event.ossim_asset_dst is null OR acid_event.ossim_asset_dst = '0')" : $tmp_meta . " AND acid_event.ossim_asset_dst " . $ossim_asset_dst[0] . " '" . $ossim_asset_dst[1] . "'"; $use_ac = false; } else { $cs->criteria['ossim_asset_dst']->Set(""); } } /* OSSIM Risk A */ if ($ossim_risk_a != " " && $ossim_risk_a != "" && $ossim_risk_a != "0") { if ($ossim_risk_a == "low") { //$tmp_meta = $tmp_meta." AND ossim_risk_a >= 1 AND ossim_risk_a <= 4 "; $tmp_meta = $tmp_meta . " AND acid_event.ossim_risk_a = 0 "; $use_ac = false; } else { if ($ossim_risk_a == "medium") { //$tmp_meta = $tmp_meta." AND ossim_risk_a >= 5 AND ossim_risk_a <= 7 "; $tmp_meta = $tmp_meta . " AND acid_event.ossim_risk_a = 1 "; $use_ac = false; } else { if ($ossim_risk_a == "high") { //$tmp_meta = $tmp_meta." AND ossim_risk_a >= 8 AND ossim_risk_a <= 10 "; $tmp_meta = $tmp_meta . " AND acid_event.ossim_risk_a > 1 "; $use_ac = false; } } } } else { $cs->criteria['ossim_risk_a']->Set(""); } /* Date/Time */ $time_meta = ""; $real_time_meta = ""; DateTimeRows2sql($real_time, $time_cnt, $real_time_meta); // Time without utc conversion if (DateTimeRows2sql($time, $time_cnt, $time_meta) == 0) { $cs->criteria['time']->SetFormItemCnt(0); } $criteria_sql = $criteria_sql . $tmp_meta; $criteria_sql_ac .= $use_ac && !$sig_join ? preg_replace("/( \\d\\d):\\d\\d:\\d\\d/", "\\1:00:00", $tmp_meta) : preg_replace("/( \\d\\d):\\d\\d:\\d\\d/", "\\1:00:00", $time_meta); $use_ac = time_can_use_ac($real_time) ? $use_ac : FALSE; /* ********************** PERMS ************************ */ // Allowed CTX's y Asset Filter $perms_sql = GetPerms(); $idfilter = !empty($perms_sql) ? true : false; $criteria_sql .= $perms_sql; $criteria_sql_ac .= $perms_sql; /* Host ID */ $op = $hostid[3] != '' ? $hostid[3] : 'IN'; $and_or = $op == 'NOT IN' ? 'AND' : 'OR'; // src_host, dst_host fields if ($hostid[0] != "") { $hostwhere = "UNHEX('" . implode("',UNHEX('", explode(",", $hostid[0])) . "')"; if ($hostid[2] == "both") { $criteria_sql .= " AND (acid_event.src_host {$op} ({$hostwhere}) {$and_or} acid_event.dst_host {$op} ({$hostwhere}))"; $criteria_sql_ac .= " AND (acid_event.src_host {$op} ({$hostwhere}) {$and_or} acid_event.dst_host {$op} ({$hostwhere}))"; } else { $criteria_sql .= " AND acid_event." . $hostid[2] . "_host {$op} ({$hostwhere})"; $criteria_sql_ac .= " AND acid_event." . $hostid[2] . "_host {$op} ({$hostwhere})"; } $idfilter = true; } /* Network ID */ // src_net, dst_net fields if ($netid[0] != "") { $netwhere = "UNHEX('" . implode("',UNHEX('", explode(",", $netid[0])) . "')"; if ($netid[2] == "both") { $criteria_sql .= " AND (acid_event.src_net in ({$netwhere}) OR acid_event.dst_net in ({$netwhere}))"; $criteria_sql_ac .= " AND (acid_event.src_net in ({$netwhere}) OR acid_event.dst_net in ({$netwhere}))"; } else { $criteria_sql .= " AND acid_event." . $netid[2] . "_host in ({$netwhere})"; $criteria_sql_ac .= " AND acid_event." . $netid[2] . "_host in ({$netwhere})"; } $idfilter = true; } /* ********************** IP Criteria ********************************************** */ /* IP Addresses */ $ipfilter = false; $tmp2 = ""; for ($i = 0; $i < $ip_addr_cnt; $i++) { $tmp = ""; if (isset($ip_addr[$i][3]) && $ip_addr[$i][1] != " " && $ip_addr[$i][1] != "") { if ($ip_addr[$i][3] != "" && $ip_addr[$i][4] != "" && $ip_addr[$i][5] != "" && $ip_addr[$i][6] != "") { /* if use illegal 256.256.256.256 address then * this is the special case where need to search for portscans */ if ($ip_addr[$i][3] == "256" && $ip_addr[$i][4] == "256" && $ip_addr[$i][5] == "256" && $ip_addr[$i][6] == "256") { $tmp = $tmp . " acid_event." . $ip_addr[$i][1] . " IS NULL" . " "; } else { if ($ip_addr[$i][10] == "") { $tmp = $tmp . " acid_event." . $ip_addr[$i][1] . $ip_addr[$i][2] . "unhex('" . baseIP2hex($ip_addr[$i][3] . "." . $ip_addr[$i][4] . "." . $ip_addr[$i][5] . "." . $ip_addr[$i][6]) . "') "; } else { $mask = getIPMask($ip_addr[$i][3] . "." . $ip_addr[$i][4] . "." . $ip_addr[$i][5] . "." . $ip_addr[$i][6], $ip_addr[$i][10]); if ($ip_addr[$i][2] == "!=") { $tmp_op = " NOT "; } else { $tmp_op = ""; } $tmp = $tmp . $tmp_op . " acid_event." . $ip_addr[$i][1] . ">= unhex('" . baseIP2hex($mask[0]) . "') AND acid_event." . $ip_addr[$i][1] . "<= unhex('" . baseIP2hex($mask[1]) . "')"; } } } /* if have chosen the address type to be both source and destination */ if (preg_match("/ip_both/", $tmp)) { $tmp_src = preg_replace("/ip_both/", "ip_src", $tmp); $tmp_dst = preg_replace("/ip_both/", "ip_dst", $tmp); if ($ip_addr[$i][2] == '=') { $tmp = "(" . $tmp_src . ') OR (' . $tmp_dst . ')'; } else { $tmp = "(" . $tmp_src . ') AND (' . $tmp_dst . ')'; } } $aux_op = $ip_addr_cnt > 0 ? $ip_addr[$i][9] == "AND" || $ip_addr[$i][9] == "OR" ? $ip_addr[$i][9] : "AND" : ""; if ($tmp != "") { $tmp = $ip_addr[$i][0] . "(" . $tmp . ")" . $ip_addr[$i][8] . $aux_op; } } else { if (isset($ip_addr[$i][3]) && $ip_addr[$i][3] != "" || $ip_addr[$i][1] != " " && $ip_addr[$i][1] != "") { /* IP_addr_type, but MALFORMED IP address */ if ($ip_addr[$i][1] != " " && $ip_addr[$i][1] != "" && $ip_addr[$i][3] == "" && ($ip_addr[$i][4] != "" || $ip_addr[$i][5] != "" || $ip_addr[$i][6] != "")) { ErrorMessage("<B>" . gettext("Criteria warning:") . "</B> " . gettext("Invalid IP address criteria") . " ' *." . $ip_addr[$i][4] . "." . $ip_addr[$i][5] . "." . $ip_addr[$i][6] . " '"); } /* ADDRESS, but NO IP_addr_type was given */ if (isset($ip_addr[$i][3]) && $ip_addr[$i][1] == " " && $ip_addr[$i][1] == "") { ErrorMessage("<B>" . gettext("Criteria warning:") . "</B> " . gettext("A IP address of") . " '" . $ip_addr[$i][3] . "." . $ip_addr[$i][4] . "." . $ip_addr[$i][5] . "." . $ip_addr[$i][6] . "' " . gettext("was entered for as a criteria value, but the type of address (e.g. source, destination) was not specified.")); } /* IP_addr_type IS FILLED, but no ADDRESS */ if ($ip_addr[$i][1] != " " && $ip_addr[$i][1] != "" && $ip_addr[$i][1] != "" && $ip_addr[$i][3] == "") { ErrorMessage("<B>" . gettext("Criteria warning:") . "</B> " . gettext("An IP address of type") . " '" . $ip_addr[$i][1] . "' " . gettext("was selected (at #") . $i . ") " . gettext("indicating that an IP address should be a criteria, but no address on which to match was specified.")); } } } $tmp2 = $tmp2 . $tmp; if ($i > 0 && ($ip_addr[$i - 1][9] != 'OR' && $ip_addr[$i - 1][9] != 'AND') && $ip_addr[$i - 1][3] != "") { ErrorMessage("<B>" . gettext("Criteria warning:") . "</B> " . gettext("Multiple IP address criteria entered without a boolean operator (e.g. AND, OR) between IP Criteria") . " #{$i} and #" . ($i + 1) . "."); } } if ($tmp2 != "") { BalanceBrackets($tmp2); $criteria_sql = $criteria_sql . " AND ( " . $tmp2 . " )"; $ipfilter = true; //$use_ac = false; } else { $cs->criteria['ip_addr']->SetFormItemCnt(0); } /* IP Fields */ if (FieldRows2sql($ip_field, $ip_field_cnt, $criteria_sql) == 0) { $cs->criteria['ip_field']->SetFormItemCnt(0); } else { $use_ac = false; } /* CTX */ if ($ctx != "") { $criteria_sql .= " AND acid_event.ctx = UNHEX('{$ctx}')"; $criteria_sql_ac .= " AND acid_event.ctx = UNHEX('{$ctx}')"; } /* Layer-4 encapsulation */ if ($layer4 == "TCP") { $criteria_sql = $criteria_sql . " AND acid_event.ip_proto= '6'"; $use_ac = false; } else { if ($layer4 == "UDP") { $criteria_sql = $criteria_sql . " AND acid_event.ip_proto= '17'"; $use_ac = false; } else { if ($layer4 == "ICMP") { $criteria_sql = $criteria_sql . " AND acid_event.ip_proto= '1'"; $use_ac = false; } else { if ($layer4 == "RawIP") { $criteria_sql = $criteria_sql . " AND acid_event.ip_proto= '255'"; $use_ac = false; } else { $cs->criteria['layer4']->Set(""); } } } } /* Join the iphdr table if necessary */ if (!$cs->criteria['ip_field']->isEmpty()) { $join_sql = $ip_join_sql . $join_sql; } /* ********************** TCP Criteria ********************************************** */ if ($layer4 == "TCP") { $proto_tmp = ""; /* TCP Ports */ if (FieldRows2sql($tcp_port, $tcp_port_cnt, $proto_tmp) == 0) { $cs->criteria['tcp_port']->SetFormItemCnt(0); } $criteria_sql = $criteria_sql . $proto_tmp; $proto_tmp = ""; // ****************** DEPRECATED: TCP Flags TCP Fields ******************** /* TCP Flags */ /* if (isset($tcp_flags) && sizeof($tcp_flags) == 8) { if ($tcp_flags[0] == "contains" || $tcp_flags[0] == "is") { $flag_tmp = $tcp_flags[1] + $tcp_flags[2] + $tcp_flags[3] + $tcp_flags[4] + $tcp_flags[5] + $tcp_flags[6] + $tcp_flags[7] + $tcp_flags[8]; if ($tcp_flags[0] == "is") $proto_tmp = $proto_tmp . ' AND tcp_flags=' . $flag_tmp; else if ($tcp_flags[0] == "contains") $proto_tmp = $proto_tmp . ' AND (tcp_flags & ' . $flag_tmp . ' = ' . $flag_tmp . " )"; else $proto_tmp = ""; } } */ /* TCP Fields */ //if (FieldRows2sql($tcp_field, $tcp_field_cnt, $proto_tmp) == 0) $cs->criteria['tcp_field']->SetFormItemCnt(0); /* TCP Options * - not implemented */ //if (!$cs->criteria['tcp_port']->isEmpty() || !$cs->criteria['tcp_flags']->isEmpty() || !$cs->criteria['tcp_field']->isEmpty()) { //************************************************************************ if (!$cs->criteria['tcp_port']->isEmpty()) { $criteria_sql = $criteria_sql . $proto_tmp; // DEPRECATED tcp_join_sql //if (!$cs->criteria['tcp_flags']->isEmpty() || !$cs->criteria['tcp_field']->isEmpty()) $join_sql = $tcp_join_sql . $join_sql; } } /* ********************** UDP Criteria ********************************************* */ if ($layer4 == "UDP") { $proto_tmp = ""; /* UDP Ports */ if (FieldRows2sql($udp_port, $udp_port_cnt, $proto_tmp) == 0) { $cs->criteria['udp_port']->SetFormItemCnt(0); } $criteria_sql = $criteria_sql . $proto_tmp; $proto_tmp = ""; // ********************** DEPRECATED UDP Fields ************************* /* UDP Fields */ //if (FieldRows2sql($udp_field, $udp_field_cnt, $proto_tmp) == 0) $cs->criteria['udp_field']->SetFormItemCnt(0); //if (!$cs->criteria['udp_port']->isEmpty() || !$cs->criteria['udp_field']->isEmpty()) { // ********************************************************************** if (!$cs->criteria['udp_port']->isEmpty()) { $criteria_sql = $criteria_sql . $proto_tmp; // DEPRECATED udp_join_sql //if (!$cs->criteria['udp_field']->isEmpty()) $join_sql = $udp_join_sql . $join_sql; } } // DEPRECATED: ICMP /* ********************** ICMP Criteria ******************************************** */ /* if ($layer4 == "ICMP") { $proto_tmp = ""; // ICMP Fields if (FieldRows2sql($icmp_field, $icmp_field_cnt, $proto_tmp) == 0) $cs->criteria['icmp_field']->SetFormItemCnt(0); if (!$cs->criteria['icmp_field']->isEmpty()) { $criteria_sql = $criteria_sql . $proto_tmp; $join_sql = $icmp_join_sql . $join_sql; } } */ /* ********************** Packet Scan Criteria ************************************* */ if ($layer4 == "RawIP") { $proto_tmp = ""; /* RawIP Fields */ if (FieldRows2sql($rawip_field, $rawip_field_cnt, $proto_tmp) == 0) { $cs->criteria['rawip_field']->SetFormItemCnt(0); } if (!$cs->criteria['rawip_field']->isEmpty()) { $criteria_sql = $criteria_sql . $proto_tmp; $join_sql = $rawip_join_sql . $join_sql; } } /* ********************** Payload Criteria ***************************************** */ //$tmp_payload = ""; if (DataRows2sql($data, $data_cnt, $data_encode, $tmp_payload, $db->DB) == 0) { $cs->criteria['data']->SetFormItemCnt(0); } else { $use_ac = false; } //echo "<br><br><br>"; //print_r($data); //print_r("data_cnt: [".$data_cnt."]"); //print_r($cs->criteria['data']->isEmpty()); //print_r("criteria_ sql: [".$criteria_sql."]"); //print_r("tmp_payload: [".$tmp_payload."]"); //print_r($data); if (!$cs->criteria['data']->isEmpty()) { $sql = "SELECT acid_event.*, HEX(acid_event.ctx) AS ctx, HEX(acid_event.src_host) AS src_host, HEX(acid_event.dst_host) AS dst_host, HEX(acid_event.src_net) AS src_net, HEX(acid_event.dst_net) AS dst_net, extra_data.* FROM acid_event"; if (!preg_match("/extra_data/", $data_join_sql)) { $data_join_sql .= ",extra_data "; } $criteria_sql = $criteria_sql . $tmp_payload; $use_ac = false; } if ($sig_join) { $join_sql = $join_sql . $sig_join_sql; } $join_sql = $join_sql . $data_join_sql; $csql[0] = $join_sql; // special distinct for idm_username if ($otx_data || preg_match("/idm_data/", $join_sql)) { $sql = preg_replace("/^SELECT/", "SELECT DISTINCT", $sql); } // Ready to ac_acid_event //$criteria1_sql = $criteria_sql . preg_replace("/ \d\d:\d\d:\d\d/","",str_replace("timestamp","day",$real_time_meta)); $criteria1_sql = $criteria_sql . $real_time_meta; $criteria1_sql = preg_replace("/AND\\s+\\)/", " )", preg_replace("/OR\\s+\\)/", " )", $criteria1_sql)); // Ready to ac_acid_event next day //$criteria2_sql = $criteria_sql . preg_replace("/ \d\d:\d\d:\d\d/","",str_replace("timestamp","day",$time_meta)); $criteria2_sql = $criteria_sql . $time_meta; $criteria2_sql = preg_replace("/AND\\s+\\)/", " )", preg_replace("/OR\\s+\\)/", " )", $criteria2_sql)); // to acid_event $criteria_sql = $criteria_sql . $time_meta; $criteria_sql = preg_replace("/AND\\s+\\)/", " )", preg_replace("/OR\\s+\\)/", " )", $criteria_sql)); $csql[1] = $criteria_sql; //$csql[2] = $perms_sql . preg_replace("/ \d\d:\d\d:\d\d/","",str_replace("timestamp","day",$time_meta)); // $real_time_criteria $csql[2] = $perms_sql . $time_meta; $csql[3] = $use_ac; // true if we use ac_acid_event instead acid_event $csql[4] = $criteria1_sql; $csql[5] = $criteria2_sql; $csql[6] = $sfilter; $csql[7] = $ipfilter; $csql[8] = $idfilter; $csql[9] = $criteria_sql_ac; //print_r($csql); return $csql; }
$report_key = Util::htmlentities(escape_sql(trim($_GET['key']), $dbconn)); } else { $report_key = ""; } if (isset($_GET['critical'])) { $critical = Util::htmlentities(escape_sql(trim($_GET['critical']), $dbconn)); } else { $critical = "0"; } if (isset($_GET['filterip'])) { $filterip = Util::htmlentities(escape_sql(trim($_GET['filterip']), $dbconn)); } else { $filterip = ""; } if (isset($_GET['scansubmit'])) { $scansubmit = Util::htmlentities(escape_sql(trim($_GET['scansubmit']), $dbconn)); } else { $scansubmit = ""; } break; } if ($critical) { $query_critical = "AND risk <= '{$critical}'"; } $dbconn->SetFetchMode(ADODB_FETCH_BOTH); $version = $conf->get_conf("ossim_server_version"); list($arruser, $user) = Vulnerabilities::get_users_and_entities_filter($dbconn); $ipl = $_GET['ipl']; $treport = $_GET['treport']; $key = $_GET['key']; $ctx = $_GET['ctx'];
/* discovered with this program's use. */ /***********************************************************/ require_once 'av_init.php'; require_once 'config.php'; require_once 'functions.inc'; require_once 'ossim_sql.inc'; Session::logcheck("environment-menu", "EventsVulnerabilities"); $pageTitle = "Lookup"; $getParams = array("disp", "id", "op", "nid", "lookup", "eventid", "org", "site", "showlive", "last30"); $db = new ossim_db(); $conn = $db->connect(); switch ($_SERVER['REQUEST_METHOD']) { case "GET": foreach ($getParams as $gp) { if (isset($_GET[$gp])) { ${$gp} = Util::htmlentities(escape_sql(trim($_GET[$gp]), $conn)); } else { ${$gp} = ""; } } break; } $db->close(); function subtractTime($hours = 0, $minutes = 0, $seconds = 0, $months = 0, $days = 0, $years = 0) { $totalHours = date("H") - $hours; $totalMinutes = date("i") - $minutes; $totalSeconds = date("s") - $seconds; $totalMonths = date("m") - $months; $totalDays = date("d") - $days; $totalYears = date("Y") - $years;
foreach ($postParams as $pp) { if (isset($_POST[$pp])) { ${$pp} = Util::htmlentities(escape_sql(trim(POST($pp)), $dbconn), ENT_QUOTES); } else { ${$pp} = ""; } } break; } ossim_valid($sid, OSS_DIGIT, OSS_NULLABLE, 'illegal:' . _("Sid")); if (ossim_error()) { die(_("Invalid Parameter Sid")); } if (isset($_POST['authorized_users'])) { foreach ($_POST['authorized_users'] as $user) { $users[] = Util::htmlentities(escape_sql(trim($user), $dbconn), ENT_QUOTES); } } $sIDs = array(); if (Vulnerabilities::scanner_type() == 'omp') { list($sensor_list, $total) = Av_sensor::get_list($dbconn); foreach ($sensor_list as $sensor_id => $sensor_data) { if (intval($sensor_data['properties']['has_vuln_scanner']) == 1) { $sIDs[] = array('name' => $sensor_data['name'], 'id' => $sensor_id); } } } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html> <head>
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, * MA 02110-1301 USA * * * On Debian GNU/Linux systems, the complete text of the GNU General * Public License can be found in `/usr/share/common-licenses/GPL-2'. * * Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt * */ require_once 'av_init.php'; Session::logcheck('environment-menu', 'PolicyHosts'); //CPE Types $_cpe_types = array('os' => 'o', 'hardware' => 'h', 'software' => 'a'); $_cpe = GET('q'); $_cpe_type = GET('cpe_type'); ossim_valid($_cpe, OSS_NULLABLE, OSS_ALPHA, OSS_PUNC_EXT, 'illegal:' . _('CPE')); ossim_valid($_cpe_type, 'os | software | hardware', 'illegal:' . _('CPE Type')); if (ossim_error() || !array_key_exists($_cpe_type, $_cpe_types)) { exit; } $db = new Ossim_db(); $conn = $db->connect(); $_cpe = escape_sql($_cpe, $conn); $filters = array('where' => "`cpe` LIKE 'cpe:/" . $_cpe_types[$_cpe_type] . "%' AND `line` LIKE '%{$_cpe}%'", 'limit' => 20); $software = new Software($conn, $filters); $db->close(); foreach ($software->get_software() as $cpe_info) { echo $cpe_info['cpe'] . '###' . $cpe_info['line'] . "\n"; } /* End of file search_cpe.php */
require_once 'functions.inc'; require_once 'ossim_sql.inc'; $myhostname=""; $getParams = array('schedid', 'sortby', 'sortdir', 'viewall', 'setstatus', 'enabled', 'job_id'); $hosts = array(); //$hosts = host_ip_name($dbconn); switch ($_SERVER['REQUEST_METHOD']) { case "GET" : foreach($getParams as $gp) { if (isset($_GET[$gp])) { $$gp=Util::htmlentities(escape_sql(trim($_GET[$gp]), $dbconn)); } else { $$gp=""; } } $range_start = ""; $range_end = ""; break; } # Handle $disp var separate due to a invalid return value with htmlentities $disp = GET('disp'); ossim_valid($disp, 'play_task', 'pause_task', 'stop_task', 'resume_task', 'delete_task', OSS_NULLABLE, 'Illegal:'._('Disp')); if (ossim_error())