if (isset($_GET['get_data'])) {
//Setting up a high time limit.
set_time_limit(360);
$db = new ossim_db();
$conn = $db->connect();
//Setting up the file name with the hosts info
$file = uniqid('/tmp/export_all_host_' . date('Ymd_H-i-s') . '_');
$_SESSION['_csv_file_hosts'] = $file;
session_write_close();
$csv = array();
//Export a filtered list
$filters = array();
$session = session_id();
$tables = ', user_component_filter hc';
$filters = array('where' => "hc.asset_id=host.id AND hc.asset_type='asset' AND hc.session_id = '{$session}'", 'order_by' => 'host.hostname ASC');
$_host_list = Asset_host::get_list($conn, $tables, $filters);
foreach ($_host_list[0] as $host) {
$id = $host['id'];
//Description
$descr = $host['descr'];
$descr = mb_convert_encoding($descr, 'UTF-8', 'HTML-ENTITIES');
//Operating System
$os = Asset_host_properties::get_property_from_db($conn, $host['id'], 3);
$os = array_pop($os);
//Latitude/Longitude
$latitude = empty($host['location']['lat']) ? '' : $host['location']['lat'];
$longitude = empty($host['location']['lon']) ? '' : $host['location']['lon'];
//Devices
$str_devices = '';
$devices = Asset_host_devices::get_devices_to_string($conn, $id);
if (!empty($devices)) {
$db = new ossim_db();
$conn = $db->connect();
$filters = array('limit' => "{$from}, {$maxrows}", 'order_by' => "{$order} {$torder}");
if ($search_str != '') {
$filters['where'] = 'hostname LIKE "%' . $search_str . '%"';
}
// Get object from session
$asset_object = unserialize($_SESSION['asset_detail'][$group_id]);
if (!is_object($asset_object)) {
throw new Exception(_('Error retrieving the asset data from memory'));
}
// Get the hosts from another groups
if ($asset_type == 'othergroups') {
$where = " id NOT IN (SELECT host_id FROM host_group_reference WHERE host_group_id = UNHEX('" . $group_id . "')) ";
$filters['where'] = !empty($filters['where']) ? $where . ' AND ' . $filters['where'] : $where;
list($host_list, $total) = Asset_host::get_list($conn, '', $filters, $cache);
} else {
list($host_list, $total) = $asset_object->get_hosts($conn, $filters, FALSE);
}
// DATA
$data = array();
foreach ($host_list as $host_id => $host_data) {
$devices = Asset_host_devices::get_devices_to_string($conn, $host_id);
// Asset Group details format
if ($asset_type == 'group') {
try {
$asset_object->can_i_edit($conn);
$asset_object->can_delete_host($conn);
$delete_link = '<a href="javascript:;" onclick="del_asset_from_group(\'' . $host_id . '\');return false">';
$delete_link .= '<img class="delete_small tipinfo" txt="' . _('Remove this asset from group') . '" src="/ossim/pixmaps/delete.png" border="0"/>';
$delete_link .= '</a>';
function calc_devices_total($conn)
{
try {
$filter = array();
//Limit one bcz we only want the count
$filter['limit'] = '1';
//Retrieving the total number of hosts from the system.
list($hosts, $total) = Asset_host::get_list($conn, '', $filter);
} catch (Exception $e) {
$total = 0;
}
return intval($total);
}
$maxrows = $maxrows > 50 ? 50 : $maxrows;
$torder = $torder == 1 ? 'ASC' : 'DESC';
$to = $maxrows;
$user = Session::get_session_user();
//Get list params
$filters = array();
$tables = '';
$filters['order_by'] = $order . ' ' . $torder;
$filters['limit'] = $from . ', ' . $to;
$filters['where'] = '';
if (!$all_list) {
$tables = ', user_host_filter hf';
$filters['where'] = "hf.asset_id=host.id AND hf.login='******'";
}
try {
list($assets, $total) = Asset_host::get_list($conn, $tables, $filters);
} catch (Exception $e) {
$response = array();
$response['sEcho'] = $sec;
$response['iTotalRecords'] = 0;
$response['iTotalDisplayRecords'] = 0;
$response['aaData'] = array();
$response['iDisplayStart'] = 0;
echo json_encode($response);
die;
}
$detail = '<img class="detail_img" src="' . AV_PIXMAPS_DIR . '/show_details.png"/>';
$results = array();
foreach ($assets as $_id => $asset_data) {
// Alarms
$alarms = Asset_host::has_alarms($conn, $_id);
exit;
}
//Performimg action
if (is_array($validation_errors) && !empty($validation_errors)) {
$error_msg = '<div style="padding-left:5px">' . _('The following errors occurred') . ":</div>\n <div style='padding: 5px 5px 5px 15px;'>" . implode('<br/>', $validation_errors) . '</div>';
$db->close();
Util::response_bad_request($error_msg);
}
try {
$data['status'] = 'success';
$data['data'] = _('Your request has been processed');
//Getting assets with Windows OS
$tables = ', host_properties hp, user_component_filter f';
$filters = array('where' => 'hp.host_id=host.id AND hp.property_ref=3 AND (hp.value LIKE "windows%" OR hp.value LIKE "microsoft%")
AND f.asset_id = host.id AND f.asset_type="asset" AND f.session_id = "' . session_id() . '"');
list($assets_w_os, $total_windows) = Asset_host::get_list($conn, $tables, $filters, FALSE);
$total_deployed = 0;
$deployment_stats = array();
if ($total_windows > 0) {
//HIDS sensors
$s_data = Ossec_utilities::get_sensors($conn);
$hids_sensors = $s_data['sensors'];
foreach ($assets_w_os as $asset_id => $a_data) {
$deployment_stats[$asset_id] = array('status' => 'success', 'data' => '');
//Getting HIDS sensor and Windows IP
$sensor_id = NULL;
$hids_agents = Asset_host::get_related_hids_agents($conn, $asset_id);
$aux_ip_address = explode(',', $a_data['ips']);
$aux_ip_address = array_flip($aux_ip_address);
$default_ip_address = array_pop(array_keys($aux_ip_address));
if (is_array($hids_agents) && !empty($hids_agents)) {
/************************************************************************************************/
/*** This file is includen in step_loader.php hence the wizard object is defined in $wizard ***/
/*** database connection is stored in $conn ***/
/************************************************************************************************/
/************************************************************************************************/
if (!$wizard instanceof Welcome_wizard) {
throw new Exception('There was an unexpected error');
}
$tables = ', host_properties hp';
$filters_w['where'] = " hp.host_id=host.id AND hp.property_ref=3 AND hp.value LIKE '%\"windows%'";
$filters_w['limit'] = '1';
$filter_l = $filters_w;
$filters_l['where'] = " hp.host_id=host.id AND hp.property_ref=3 AND hp.value LIKE '%\"linux%'";
try {
list($asset_w, $total_w) = Asset_host::get_list($conn, $tables, $filters_w, TRUE);
list($asset_l, $total_l) = Asset_host::get_list($conn, $tables, $filters_l, TRUE);
} catch (Exception $e) {
die($e->getMessage());
}
$step = intval($wizard->get_step_data('deploy_step'));
$deploy_tabs = array();
if ($total_w > 0) {
$deploy_tabs['windows'] = _('Windows') . ' (' . $total_w . ')';
}
if ($total_l > 0) {
$deploy_tabs['linux'] = _('UNIX / LINUX') . ' (' . $total_l . ')';
}
$flag_empty = $total_l + $total_w > 0 ? FALSE : TRUE;
$button_class = 'disabled';
$first_tab = key($deploy_tabs);
?>
/************************************************************************************************/
/************************************************************************************************/
/*** This file is includen in step_loader.php hence the wizard object is defined in $wizard ***/
/*** database connection is stored in $conn ***/
/************************************************************************************************/
/************************************************************************************************/
if (!$wizard instanceof Welcome_wizard) {
throw new Exception("There was an error, the Welcome_wizard object doesn't exist");
}
$system_list = Av_center::get_avc_list($conn);
$admin_ip = @$system_list['data'][strtolower(Util::get_system_uuid())]['admin_ip'];
$table = ', host_types ht, host_ip hip';
$f = array();
$f['where'] = " host.id=ht.host_id AND ht.type=4 AND hip.host_id=host.id AND hip.ip!=inet6_aton('{$admin_ip}')";
try {
list($hosts, $total) = Asset_host::get_list($conn, $table, $f, FALSE);
$active_plugins = Plugin::get_plugins_by_assets();
} catch (Exception $e) {
$total = 0;
Av_exception::write_log(Av_exception::USER_ERROR, $e->getMessage());
}
if ($total > 0) {
try {
$vendors = Software::get_hardware_vendors();
} catch (Exception $e) {
$vendors = array();
Av_exception::write_log(Av_exception::USER_ERROR, $e->getMessage());
}
$device_list = array();
foreach ($hosts as $asset_id => $host) {
$plugin_list = array();
function draw_html_content($conn, $ri_data, $edit_mode = FALSE)
{
$ri_html = '';
if ($ri_data['type'] == 'indicator') {
//Allowed host types
$host_types = array('host', 'server', 'sensor');
//Getting indicator values
if (preg_match("/view\\.php\\?map\\=([a-fA-F0-9]*)/", $ri_data['url'], $found)) {
// Linked to another map: loop by this map indicators
list($r_value, $v_value, $a_value, $ri_data['asset_id'], $related_sensor, , $ips, $in_assets) = get_map_values($conn, $found[1], $ri_data['asset_id'], $ri_data['asset_type'], $host_types);
} else {
// Asset Values
list(, $related_sensor, , $ips, $in_assets) = get_assets($conn, $ri_data['asset_id'], $ri_data['asset_type'], $host_types);
list($r_value, $v_value, $a_value) = get_values($conn, $host_types, $ri_data['asset_type'], $ri_data['asset_id'], FALSE);
}
// Getting indacator links
if ($edit_mode == TRUE) {
$linked_url = "javascript:void(0);";
$r_url = "javascript:void(0);";
$v_url = "javascript:void(0);";
$a_url = "javascript:void(0);";
} else {
// Risk link
$alarm_query = '';
if ($ri_data['asset_type'] == 'host') {
$alarm_query .= "&host_id=" . $ri_data['asset_id'];
} elseif ($ri_data['asset_type'] == 'net') {
$alarm_query .= "&net_id=" . $ri_data['asset_id'];
} elseif ($ri_data['asset_type'] == 'sensor') {
$alarm_query .= "&sensor_query=" . $ri_data['asset_id'];
} elseif ($ri_data['asset_type'] == 'host_group' || $ri_data['asset_type'] == 'hostgroup') {
$alarm_query .= "&asset_group=" . $ri_data['asset_id'];
}
$r_url = Menu::get_menu_url("/ossim/alarm/alarm_console.php?hide_closed=1" . $alarm_query, 'analysis', 'alarms', 'alarms');
// Vulnerability link
if ($ri_data['asset_type'] == 'host_group' || $ri_data['asset_type'] == 'hostgroup') {
$v_data = '';
if (valid_hex32($ri_data['asset_id'])) {
$_group_object = Asset_group::get_object($conn, $ri_data['asset_id']);
if ($_group_object != NULL) {
$_assets_aux = $_group_object->get_hosts($conn, '', array(), TRUE);
foreach ($_assets_aux[0] as $_host_data) {
if ($v_data != '') {
$v_data .= ',';
}
$v_data .= $_host_data[2];
// IP
}
}
}
} else {
$v_data = $ips;
}
$v_url = Menu::get_menu_url("/ossim/vulnmeter/index.php?value={$v_data}&type=hn", 'environment', 'vulnerabilities', 'overview');
// Availability link
if (!empty($related_sensor)) {
$conf = $GLOBALS['CONF'];
$conf = !$conf ? new Ossim_conf() : $conf;
$nagios_link = $conf->get_conf('nagios_link');
$scheme = empty($_SERVER['HTTPS']) ? 'http://' : 'https://';
$path = !empty($nagios_link) ? $nagios_link : '/nagios3/';
$port = !empty($_SERVER['SERVER_PORT']) ? ':' . $_SERVER['SERVER_PORT'] : "";
$nagios_url = $scheme . $related_sensor . $port . $path;
if ($ri_data['asset_type'] == 'host') {
$hostname = Asset_host::get_name_by_id($conn, $ri_data['asset_id']);
if (preg_match('/\\,/', $ips)) {
$hostname .= '_' . preg_replace('/\\,.*/', '', $ips);
}
$a_url = Menu::get_menu_url("/ossim/nagios/index.php?sensor={$related_sensor}&nagios_link=" . urlencode($nagios_url . "cgi-bin/status.cgi?host=" . $hostname), 'environment', 'availability');
} else {
$a_url = Menu::get_menu_url("/ossim/nagios/index.php?sensor={$related_sensor}&nagios_link=" . urlencode($nagios_url . "cgi-bin/status.cgi?hostgroup=all"), 'environment', 'availability');
}
} else {
$a_url = 'javascript:void(0);';
}
//Report link or map link
if ($ri_data['url'] == 'REPORT') {
$linked_url = "javascript:void(0);";
if ($ri_data['asset_type'] == 'sensor') {
try {
//Special case 1: Sensors don't have detail view
$sensor_ip = Av_sensor::get_ip_by_id($conn, $ri_data['asset_id']);
if (Asset_host_ips::valid_ip($sensor_ip)) {
$filters = array('where' => "host.id = hi.host_id AND hi.ip = INET6_ATON('{$sensor_ip}')\n AND hi.host_id = hs.host_id AND hs.sensor_id = UNHEX('" . $ri_data['asset_id'] . "')");
list($hosts, $total) = Asset_host::get_list($conn, ', host_sensor_reference hs, host_ip hi', $filters);
if ($total == 1) {
$ri_data['asset_id'] = key($hosts);
$linked_url = Menu::get_menu_url("/ossim/av_asset/common/views/detail.php?asset_id=" . $ri_data['asset_id'], 'environment', 'assets', 'assets');
} elseif ($total > 1) {
$linked_url = Menu::get_menu_url("/ossim/av_asset/asset/index.php?filter_id=11&filter_value={$sensor_ip}", 'environment', 'assets', 'assets');
}
}
} catch (Exception $e) {
}
} elseif ($ri_data['asset_type'] == 'net_group' || $ri_data['asset_type'] == 'netgroup') {
//Special case 2: Net groups don't have detail view
$_sm_option = 'assets';
$_h_option = 'network_groups';
$linked_url = Menu::get_menu_url("/ossim/netgroup/netgroup_form.php?id=" . $ri_data['asset_id'], 'environment', $_sm_option, $_h_option);
} else {
if ($ri_data['asset_type'] == 'host') {
$_sm_option = 'assets';
$_h_option = 'assets';
} elseif ($ri_data['asset_type'] == 'host_group' || $ri_data['asset_type'] == 'hostgroup') {
$_sm_option = 'assets';
$_h_option = 'asset_groups';
} else {
$_sm_option = 'assets';
$_h_option = 'networks';
}
$linked_url = Menu::get_menu_url("/ossim/av_asset/common/views/detail.php?asset_id=" . $ri_data['asset_id'], 'environment', $_sm_option, $_h_option);
}
} else {
$linked_url = $ri_data['url'] != '' ? Menu::get_menu_url($ri_data['url'], 'dashboard', 'riskmaps', 'overview') : "javascript:void(0);";
}
}
//Special image when linked asset has been removed
if ($ri_data['asset_type'] != '' && !$in_assets) {
$ri_data['icon'] = "/ossim/pixmaps/marker--exclamation.png";
$ri_data['icon_size'] = "16";
$ri_data['icon_bg'] = 'transparent';
}
$ri_data['icon_size'] = $ri_data['icon_size'] >= 0 || $ri_data['icon_size'] == -1 ? $ri_data['icon_size'] : '';
$ri_html .= "<input type='hidden' name='dataname" . $ri_data['id'] . "' id='dataname" . $ri_data['id'] . "' value='" . $ri_data['name'] . "'/>\n <input type='hidden' name='datatype" . $ri_data['id'] . "' id='datatype" . $ri_data['id'] . "' value='" . $ri_data['asset_type'] . "'/>\n <input type='hidden' name='type_name" . $ri_data['id'] . "' id='type_name" . $ri_data['id'] . "' value='" . $ri_data['asset_id'] . "'/>\n <input type='hidden' name='type_name_show" . $ri_data['id'] . "' id='type_name_show" . $ri_data['id'] . "' value='" . $ri_data['asset_name'] . "'/>\n <input type='hidden' name='dataurl" . $ri_data['id'] . "' id='dataurl" . $ri_data['id'] . "' value='" . $ri_data['url'] . "'/>\n <input type='hidden' name='dataicon" . $ri_data['id'] . "' id='dataicon" . $ri_data['id'] . "' value='" . $ri_data['icon'] . "'/>\n <input type='hidden' name='dataiconsize" . $ri_data['id'] . "' id='dataiconsize" . $ri_data['id'] . "' value='" . $ri_data['icon_size'] . "'/>\n <input type='hidden' name='dataiconbg" . $ri_data['id'] . "' id='dataiconbg" . $ri_data['id'] . "' value='" . $ri_data['icon_bg'] . "'/>";
$ri_html .= '<table width="100%" border="0" cellspacing="0" cellpadding="1" style="padding:2px; background-color:' . $ri_data['icon_bg'] . '; text-align:center; margin-left:2px; margin-right:2px">';
if (!preg_match("/#NONAME/", $ri_data['name'])) {
$ri_html .= '<tr>
<td align="center" nowrap="nowrap">
<a href="' . $linked_url . '" class="ne"><i>' . $ri_data['name'] . '</i></a>
</td>
</tr>';
}
if ($ri_data['icon_size'] != -1) {
$ri_data['icon_size'] = $ri_data['icon_size'] > 0 ? 'width="' . $ri_data['icon_size'] . '"' : '';
$ri_html .= '<tr>
<td align="center" style="white-space: nowrap;">
<a href="' . $linked_url . '" class="ne">
<img src="' . $ri_data['icon'] . '" ' . $ri_data['icon_size'] . ' border="0"/>
</a>
</td>
</tr>';
}
$ri_html .= '<tr align="center">
<td style="margin-left:2px; margin-right:2px">';
if ($ri_data['icon_size'] == -1 && preg_match("/#NONAME/", $ri_data['name'])) {
$ri_html .= '<table border="0" cellspacing="0" cellpadding="2" style="text-align:center; margin:auto;">
<tr>
<td><a class="ne11" href="' . $r_url . '"><img src="images/' . $r_value . '.gif" border="0"/></a></td>
<td><a class="ne11" href="' . $v_url . '"><img src="images/' . $v_value . '.gif" border="0"/></a></td>
<td><a class="ne11" href="' . $a_url . '"><img src="images/' . $a_value . '.gif" border="0"/></a></td>
</tr>
</table>';
} else {
$ri_html .= '
<table border="0" cellspacing="0" cellpadding="2" style="text-align:center; margin:auto;">
<tr>
<td><a class="ne11" href="' . $r_url . '">R</a></td>
<td><a class="ne11" href="' . $v_url . '">V</a></td>
<td><a class="ne11" href="' . $a_url . '">A</a></td>
</tr>
<tr>
<td><img src="images/' . $r_value . '.gif" border="0"/></td>
<td><img src="images/' . $v_value . '.gif" border="0"/></td>
<td><img src="images/' . $a_value . '.gif" border="0"/></td>
</tr>
</table>';
}
$ri_html .= ' </td>
</tr>';
if ($edit_mode == TRUE) {
$ri_html .= '
<tr align="center">
<td class="noborder">
<div id="indicator_edit" style="float:left;" onclick="load_indicator_info(this);">
<img src="images/edit.png" title="' . _("Edit Indicator") . '" class="ind_help" height="15px" border="0"/>
</div>
<div id="indicator_trash" style="float:right;" onclick="delete_indicator(this);">
<img src="../pixmaps/trash.png" title="' . _("Delete Indicator") . '" class="ind_help" height="15px" border="0"/>
</div>
</td>
</tr>';
}
$ri_html .= '</table>';
} elseif ($ri_data['type'] == 'rectangle') {
$ri_html = "<input type='hidden' name='dataname" . $ri_data['id'] . "' id='dataname" . $ri_data['id'] . "' value='" . $ri_data['name'] . "'/>\n\n <input type='hidden' name='dataurl" . $ri_data['id'] . "' id='dataurl" . $ri_data['id'] . "' value='" . $ri_data['url'] . "'/>\n";
if ($edit_mode == TRUE) {
$ri_html .= '<div class="itcanberesized" style="position:absolute; bottom:0px; right:0px; cursor:nw-resize;">
<img src="../pixmaps/resize.gif" border="0"/>
</div>';
}
$ri_html .= '<table border="0" cellspacing="0" cellpadding="0" width="100%" height="100%" style="border:0px;">
<tr>
<td style="border:1px dotted black" valign="bottom">';
if ($edit_mode == TRUE) {
$ri_html .= '<div id="indicator_edit" style="float:left;padding:2px;" onclick="load_indicator_info(this);">
<img src="images/edit.png" title="' . _("Edit Rectangle") . '" class="ind_help" height="15px" border="0"/>
</div>
<div id="indicator_trash" style="float:right;padding:2px;" onclick="delete_indicator(this);">
<img src="../pixmaps/trash.png" title="' . _("Delete Rectangle") . '" class="ind_help" height="15px" border="0"/>
</div>';
}
$ri_html .= ' </td>
</tr>
</table>';
}
return $ri_html;
}
echo ossim_error(_('Error! Net not found'));
exit;
}
//Export hosts from net
if (isset($_GET['get_data'])) {
//Setting up a high time limit.
set_time_limit(360);
$db = new ossim_db();
$conn = $db->connect();
//Setting up the file name with the hosts info
$file = uniqid("/tmp/export_hosts_from_net_{$net_id}" . date('Ymd_H-i-s') . '_');
$_SESSION["_csv_file_hosts_from_net_{$net_id}"] = $file;
session_write_close();
$csv = array();
$filters = array('where' => "host_net_reference.net_id = UNHEX('{$net_id}') AND host.id = host_net_reference.host_id");
$_host_list = Asset_host::get_list($conn, ', host_net_reference', $filters);
foreach ($_host_list[0] as $host) {
$id = $host['id'];
//Description
$descr = $host['descr'];
//Operating System
$os = Asset_host_properties::get_property_from_db($conn, $host['id'], 3);
$os = array_pop($os);
//Latitude/Longitude
$latitude = empty($host['location']['lat']) ? '' : $host['location']['lat'];
$longitude = empty($host['location']['lon']) ? '' : $host['location']['lon'];
//Devices
$str_devices = '';
$devices = Asset_host_devices::get_devices_to_string($conn, $id);
if (!empty($devices)) {
$str_devices = str_replace('<br/>', ',', $devices);
