function isConnectedToFacebook() { if (SESSION("state") and SESSION("state") === REQUEST("state")) { return true; } return false; }
function run($template) { $dbuser = new User(); if (isREQUEST("logout")) { $dbuser->logout(); } if (isREQUEST("user") && isREQUEST("password")) { $usr = $dbuser->logout()->login(REQUEST("user"), REQUEST("password")); } if (!($usr = $dbuser->logedin())) { $template->view("login"); return; } $template->add("usr", $usr); // für die User Infos oben Rechts //$t = new Termin(); //$template->add("byuser", $t->allbyuser($usr["id"])); //$template->add("bymitglied", $t->allbymitglieder($usr["id"])); $template->view("user"); }
exit; } /* echo '<pre style="white-space: pre;">'; print_r($_SESSION['_scan']); echo '</pre>'; */ //All sensors $filters = array('where' => "sensor.id = acl_sensors.sensor_id AND acl_sensors.entity_id = UNHEX('{$ctx}')"); $all_sensors = Av_sensor::get_basic_list($conn, $filters); //Closing database connection $db->close(); $asset_value = 2; $threshold_c = 30; $threshold_a = 30; $num_ips = REQUEST('ips'); $msg = GET('msg'); ossim_valid($num_ips, OSS_DIGIT, 'illegal:' . _('Scanned IPs')); if (ossim_error()) { echo ossim_error(_('Error! Scan data not found or unallowed')); exit; } $ips = array(); for ($i = 0; $i < $num_ips; $i++) { if (ossim_valid(POST("ip_{$i}"), OSS_IP_ADDR, 'illegal:' . _('IP address'))) { $ips[] = POST("ip_{$i}"); ossim_clean_error(); } } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
$db = new ossim_db(); $conn = $db->connect(); $conn->SetFetchMode(ADODB_FETCH_BOTH); // check the number of plugins $query = 'select count(*) as total_plugins from vuln_nessus_plugins'; $result = $conn->execute($query); if ($result->fields['total_plugins'] == 0) { die('<h2>Please run updateplugins.pl script first before using web interface.</h2>'); } $tz = Util::get_timezone(); $force = FALSE; $close = FALSE; // get parameters $parameters = array('action', 'job_name', 'targets', 'schedule_type', 'ROYEAR', 'ROMONTH', 'ROday', 'time_hour', 'time_min', 'dayofweek', 'dayofmonth', 'timeout', 'SVRid', 'sid', 'targets', 'job_id', 'sched_id', 'user', 'entity', 'hosts_alive', 'scan_locally', 'nthweekday', 'nthdayofweek', 'time_interval', 'biyear', 'bimonth', 'biday', 'not_resolve', 'send_email', 'ssh_credential', 'smb_credential', 'hosts_alive', '$scan_locally', 'not_resolve', 'type', 'total_assets'); foreach ($parameters as $variable) { ${$variable} = REQUEST($variable); } $hosts_alive = intval($hosts_alive); $scan_locally = intval($scan_locally); $not_resolve = intval($not_resolve); $send_email = intval($send_email); $total_assets = intval($total_assets); $scheduled_status = $_REQUEST['status'] != '' ? intval($_REQUEST['status']) : 1; // enable scheduled jobs by default ossim_valid($action, 'create_scan', 'save_scan', OSS_NULLABLE, 'Illegal:' . _('Action')); if (ossim_error()) { die(_('Invalid Action Parameter')); } $selected = Filter_list::get_total_selection($conn, $type); if ($selected > Filter_list::MAX_VULNS_ITEMS) { $msg = _('Vulnerability scans can only be performed on %s assets at a time. Please select less assets and try again.');
ossim_valid($action_id, OSS_HEX, OSS_NULLABLE, 'illegal:' . _('Action ID')); if (ossim_error()) { die(ossim_error()); } list($db, $conn) = Ossim_db::get_conn_db(); $action_list = Action::get_list($conn, " AND id = UNHEX('{$action_id}')"); if (is_array($action_list)) { $action = $action_list[0]; } if (!is_null($action)) { $action_type = $action->get_action_type(); $ctx = $action->get_ctx(); $cond = Util::htmlentities($action->get_cond()); $on_risk = $action->is_on_risk(); $name = $action->get_name(); if (REQUEST('descr')) { $description = $descr; } else { $description = $action->get_descr(); } } else { $action_type = ""; $cond = "True"; $on_risk = 0; $description = ""; $name = ""; } } $update = intval(GET('update')); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
if (is_array($validation_errors) && !empty($validation_errors)) { $data['status'] = 'error'; $data['data'] = $validation_errors; } echo json_encode($data); exit; } $db = new ossim_db(); $conn = $db->connect(); $plugin_id = REQUEST('plugin_id'); $name = REQUEST('ds_name'); $sid = REQUEST('sid'); $reliability = REQUEST('reliability'); $priority = REQUEST('priority'); $category = REQUEST('category'); $subcategory = REQUEST('subcategory'); $validation_errors = validate_form_fields('POST', $validate); $data['status'] = 'OK'; $list_categories = Category::get_list($conn); if ($priority < 0 || $priority > 5) { $validation_errors['priority'] = _('Priority must be between 0 and 5'); } if ($reliability < 0 || $reliability > 10) { $validation_errors['reliability'] = _('Reliability must be between 0 and 10'); } $data['data'] = $validation_errors; if (POST('ajax_validation_all') == TRUE) { if (is_array($validation_errors) && !empty($validation_errors)) { $data['status'] = 'error'; echo json_encode($data); } else {
* * You should have received a copy of the GNU General Public License * along with this package; if not, write to the Free Software * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, * MA 02110-1301 USA * * * On Debian GNU/Linux systems, the complete text of the GNU General * Public License can be found in `/usr/share/common-licenses/GPL-2'. * * Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt * */ require_once 'av_init.php'; $scan_types = array('nmap' => 5, 'ocs' => 3, 'wmi' => 4); $s_type = REQUEST('s_type'); $s_type = empty($s_type) ? 'nmap' : $s_type; if (!array_key_exists($s_type, $scan_types)) { header("Location: " . AV_MAIN_ROOT_PATH . "/404.php"); exit; } //Save current scan type in memory $_SESSION['av_inventory_type'] = $s_type; // Logcheck by s_type if ($s_type == 'ocs') { Session::logcheck('configuration-menu', 'AlienVaultInventory'); } else { Session::logcheck('environment-menu', 'AlienVaultInventory'); } ?>
* * You should have received a copy of the GNU General Public License * along with this package; if not, write to the Free Software * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, * MA 02110-1301 USA * * * On Debian GNU/Linux systems, the complete text of the GNU General * Public License can be found in `/usr/share/common-licenses/GPL-2'. * * Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt * */ require_once dirname(__FILE__) . '/../../conf/config.inc'; Session::logcheck('environment-menu', 'EventsHidsConfig'); $sensor_id = REQUEST('sensor_id'); ossim_valid($sensor_id, OSS_HEX, 'illegal:' . _('Sensor ID')); if (!ossim_error()) { $db = new ossim_db(); $conn = $db->connect(); if (!Ossec_utilities::is_sensor_allowed($conn, $sensor_id)) { $db->close(); $error_msg = sprintf(_("Sensor %s not allowed. Please check with your account admin for more information"), Av_sensor::get_name_by_id($conn, $sensor_id)); echo ossim_error($error_msg); exit; } $db->close(); } //Current sensor $_SESSION['ossec_sensor'] = $sensor_id; ?>
?> </title> <META HTTP-EQUIV="Pragma" CONTENT="no-cache"> <link rel="stylesheet" type="text/css" href="../style/style.css"/> </head> <body> <?php require_once 'ossim_db.inc'; require_once 'classes/Security.inc'; $id = REQUEST('id'); $sid = REQUEST('sid'); $priority = REQUEST('priority'); $reliability = REQUEST('reliability'); $name = REQUEST('name'); $category = REQUEST('category'); $subCategory = REQUEST('subCategory'); ossim_valid($id, OSS_ALPHA, 'illegal:' . _("id")); ossim_valid($sid, OSS_ALPHA, 'illegal:' . _("sid")); ossim_valid($priority, OSS_ALPHA, 'illegal:' . _("priority")); ossim_valid($reliability, OSS_ALPHA, 'illegal:' . _("reliability")); ossim_valid($name, OSS_ALPHA, OSS_PUNC_EXT, OSS_SCORE, OSS_SPACE, OSS_NULLABLE, 'illegal:' . _("name")); ossim_valid($category, OSS_NULLABLE, OSS_ALPHA, 'illegal:' . _("category")); ossim_valid($subCategory, OSS_NULLABLE, OSS_ALPHA, 'illegal:' . _("subCategory")); // if ($category == 'NULL') { $category = NULL; $subCategory = NULL; } else { if ($subCategory == 'NULL') { $subCategory = NULL; }
* Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt ****************************************************************************/ /** * Class and Function List: * Function list: * Classes list: */ require_once 'classes/Session.inc'; require_once 'ossim_db.inc'; require_once 'classes/Action.inc'; require_once 'classes/Security.inc'; Session::logcheck("MenuIntelligence", "PolicyActions"); $error = false; $action = POST('action'); $action_id = POST('id'); $action_type = REQUEST('action_type'); $cond = POST('cond'); $on_risk = POST('on_risk') == "" ? "0" : "1"; $descr = POST('descr'); $email_from = POST('email_from'); $email_to = POST('email_to'); $email_subject = POST('email_subject'); $email_message = POST('email_message'); $exec_command = POST('exec_command'); $v_exec_command = $v_email = ""; if ($action_type == "email") { $v_exec_commad = ",OSS_NULLABLE"; } else { if ($action_type == "exec") { $v_email = ",OSS_NULLABLE"; } else {
* MA 02110-1301 USA * * * On Debian GNU/Linux systems, the complete text of the GNU General * Public License can be found in `/usr/share/common-licenses/GPL-2'. * * Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt * */ require_once dirname(__FILE__) . '/../../conf/config.inc'; Session::logcheck('environment-menu', 'EventsHidsConfig'); $events_hids_config = Session::menu_perms('environment-menu', 'EventsHidsConfig'); $agent_data = explode('###', base64_decode(GET('agent_data'))); $_POST['agent_id'] = $agent_data[0]; $_POST['ip_cidr'] = $agent_data[1]; $_POST['sensor_id'] = REQUEST('sensor_id'); $agent_id = POST('agent_id'); $ip_cidr = POST('ip_cidr'); $sensor_id = POST('sensor_id'); $validate = array('sensor_id' => array('validation' => "OSS_HEX", 'e_message' => 'illegal:' . _('Sensor ID')), 'sensor_id' => array('validation' => "OSS_HEX", 'e_message' => 'illegal:' . _('Agent ID')), 'ip_cidr' => array('validation' => 'OSS_IP_ADDRCIDR', 'e_message' => 'illegal:' . _('Agent IP'))); if ($ip_cidr == 'any') { $validate['ip_cidr'] = array('validation' => 'any', 'e_message' => 'illegal:' . _('Agent IP')); } $validation_errors = validate_form_fields('POST', $validate); //Get Sensor IP for selected sensor if (empty($validation_errors)) { $db = new ossim_db(); $conn = $db->connect(); if (!Ossec_utilities::is_sensor_allowed($conn, $sensor_id)) { $db->close(); $validation_errors['sensor_id'] = sprintf(_("Sensor %s not allowed. Please check with your account admin for more information"), Av_sensor::get_name_by_id($conn, $sensor_id));
<META HTTP-EQUIV="Pragma" CONTENT="no-cache"> <link rel="stylesheet" type="text/css" href="../style/style.css"/> </head> <body> <?php include "../hmenu.php"; ?> <?php require_once 'classes/Security.inc'; $status = REQUEST('status'); $interactive = REQUEST('interactive'); $nsensors = REQUEST('nsensors'); $sensors = REQUEST('sensors'); $scheduler_id = REQUEST('scheduler_id'); ossim_valid($nsensors, OSS_ALPHA, OSS_NULLABLE, 'illegal:' . _("nsensors")); ossim_valid($status, OSS_ALPHA, OSS_NULLABLE, 'illegal:' . _("Status")); ossim_valid($scheduler_id, OSS_DIGIT, OSS_NULLABLE, 'illegal:' . _("Status")); if (ossim_error()) { die(ossim_error()); } require_once 'ossim_acl.inc'; require_once 'ossim_db.inc'; require_once 'classes/Sensor.inc'; require_once 'classes/Net_group_scan.inc'; require_once 'classes/Net_group.inc'; require_once 'classes/Net_scan.inc'; require_once 'classes/Host_group_scan.inc'; require_once 'classes/Host_group.inc'; require_once 'classes/Host_scan.inc';
* Public License can be found in `/usr/share/common-licenses/GPL-2'. * * Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt * */ require_once 'av_init.php'; Session::logcheck("configuration-menu", "Osvdb"); // DB connect $db = new ossim_db(); $conn = $db->connect(); // Get upload dir from ossim config file $user = $_SESSION["_user"]; $conf = $GLOBALS["CONF"]; $uploads_dir = $conf->get_conf("repository_upload_dir"); $id_document = GET('id_document') != "" ? GET('id_document') : (POST('id_document') != "" ? POST('id_document') : ""); $go_back = intval(REQUEST("go_back")); $error = FALSE; $info_error = NULL; if (empty($_FILES) && empty($_POST) && empty($_GET)) { $msg = "The server was unable to handle that much POST data (" . $_SERVER['CONTENT_LENGTH'] . " bytes) due to its current configuration"; echo ossim_error(_($msg)); exit; } if (!ossim_valid($id_document, OSS_DIGIT, 'illegal:' . _("Document ID"))) { echo ossim_error(_("Document ID not allowed")); exit; } if (!is_dir($uploads_dir)) { echo ossim_error(_("Upload directory does not exist") . " <strong>{$uploads_dir}</strong><br>" . _("Please, Check OSSIM configuration options."), AV_WARNING); exit; }
$asset = $conf->get_conf("def_asset") != "" ? $conf->get_conf("def_asset") : "2"; $rrd_profile = "None"; $scan = REQUEST('scan'); $ip = REQUEST('ip'); $num_ips = REQUEST('ips'); $type_action = REQUEST('action'); ossim_valid($ip, OSS_IP_ADDR, OSS_NULLABLE, 'illegal:' . _("Ip")); ossim_valid($ips, OSS_DIGIT, OSS_NULLABLE, 'illegal:' . _("Hosts")); ossim_valid($scan, OSS_ALPHA, OSS_NULLABLE, 'illegal:' . _("Scan")); ossim_valid($type_action, "duplicate", OSS_NULLABLE, 'illegal:' . _("Action")); if (ossim_error()) { die(ossim_error()); } if (!empty($scan)) { $groupname = isset($_REQUEST['groupname']) ? REQUEST('groupname') : $_SESSION['_host']['groupname']; $ip = REQUEST('target'); $action = "../netscan/scan_db.php"; $submit_function = "submit_form()"; for ($i = 0; $i < $num_ips; $i++) { $item_ip = "ip_{$i}"; $ips_address[] = isset($_SESSION['_host'][$item_ip]) ? $_SESSION['_host'][$item_ip] : POST($item_ip); } } else { $action = "newhost.php"; $submit_function = "check_host()"; } if (isset($_SESSION['_host'])) { $hostname = $_SESSION['_host']['hostname']; $ip = $_SESSION['_host']['ip']; $fqdns = $_SESSION['_host']['fqdns']; $descr = $_SESSION['_host']['descr'];
$groupType = REQUEST('groupType'); ossim_valid($action, OSS_ALPHA, OSS_NULLABLE, 'illegal:' . _("Action")); ossim_valid($id, OSS_DIGIT, OSS_NULLABLE, 'illegal:' . _("ID")); ossim_valid($minute, OSS_CRONTAB, 'illegal:' . _("Minute")); ossim_valid($hour, OSS_CRONTAB, 'illegal:' . _("Hour")); ossim_valid($day_month, OSS_CRONTAB, 'illegal:' . _("Day of month")); ossim_valid($month, OSS_CRONTAB, 'illegal:' . _("Month")); ossim_valid($day_week, OSS_CRONTAB, 'illegal:' . _("Day of week")); if (ossim_error()) { die(ossim_error()); } if ($groupType == "sensor") { $sensors = array(); for ($i = 0; $i < $nsensors; $i++) { if (REQUEST("sensor{$i}") != null) { array_push($sensors, REQUEST("sensor{$i}")); } } if (!count($sensors)) { die(ossim_error(_("At least one Sensor required"))); } } else { $netgroup_array = POST("netgroupList"); $hostgroup_array = POST("hostgroupList"); $net_array = POST("netList"); $host_array = POST("hostList"); if (!count($netgroup_array) and !count($hostgroup_array) and !count($net_array) and !count($host_array)) { die(ossim_error(_("At least one Netgroup/Hostgroup/Net/Host required"))); } } Plugin_scheduler::insert($conn, $plugin, $minute, $hour, $day_month, $month, $day_week, $sensors, $netgroup_array, $hostgroup_array, $net_array, $host_array, $groupType);
$fullname = REQUEST('fullname'); //Bookmark string $bookmark = REQUEST('bookmark_string'); $pass = trim($pass); $pass1 = trim($pass1); $email = trim($email); $fullname = trim($fullname); if ($fullname == '') { $fullname = 'AlienVault admin'; } $company = REQUEST('company'); $location = REQUEST('search_location'); $lat = REQUEST('latitude'); $lng = REQUEST('longitude'); $country = REQUEST('country'); $track_usage_information = intval(REQUEST('track_usage_information')); ossim_valid($embed, 'true', OSS_NULLABLE, 'illegal:' . _('Embed')); ossim_valid($user, OSS_USER, OSS_NULLABLE, 'illegal:' . _('User name')); ossim_valid($mobile, OSS_LETTER, OSS_NULLABLE, 'illegal:' . _('Mobile')); ossim_valid($accepted, OSS_NULLABLE, 'yes', 'no', 'illegal:' . _('First login')); ossim_valid($email, OSS_MAIL_ADDR, OSS_NULLABLE, 'illegal:' . _('E-mail')); ossim_valid($fullname, OSS_ALPHA, OSS_PUNC, OSS_AT, OSS_NULLABLE, 'illegal:' . _('Full Name')); ossim_valid($company, OSS_ALPHA, OSS_PUNC_EXT, OSS_NULLABLE, 'illegal:' . _('Company Name')); ossim_valid($location, OSS_ALPHA, OSS_PUNC_EXT, OSS_NULLABLE, 'illegal:' . _('Location')); ossim_valid($lat, OSS_DIGIT, OSS_DOT, OSS_SCORE, OSS_NULLABLE, 'illegal:' . _('Latitude')); ossim_valid($lng, OSS_DIGIT, OSS_DOT, OSS_SCORE, OSS_NULLABLE, 'illegal:' . _('Longitude')); ossim_valid($country, OSS_LETTER, OSS_NULLABLE, 'illegal:' . _('Country')); ossim_valid($track_usage_information, OSS_BINARY, 'illegal:' . _('Track Usage Information')); if (ossim_error()) { echo ossim_error(); exit;
* * Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt * */ require_once 'av_init.php'; require_once 'languages.inc'; Session::logcheck('configuration-menu', 'ConfigurationUsers'); // Load column layout require_once '../conf/layout.php'; $category = 'policy'; $name_layout = 'host_layout'; $layout = load_layout($name_layout, $category); $db = new ossim_db(); $conn = $db->connect(); $action = REQUEST('action'); $user_id = REQUEST('user_id'); $language = POST('language'); if (ossim_error()) { die(ossim_error()); } $proadmin = Session::am_i_admin() || Session::is_pro() && Acl::am_i_proadmin(); // admin user or pro admin /* Allowed actions: - Enable/disable user - Expire session - Change language */ if ($action != "" && $user_id != '') { $myself = Session::get_session_user(); ossim_valid($user_id, OSS_USER, 'illegal:' . _('User ID'));
$_POST["email_to"] = str_replace(_("email;email;email"), "", $_POST["email_to"]); $action = POST('action'); $action_id = POST('id'); $action_type = REQUEST('action_type'); $cond = POST('cond'); $on_risk = POST('on_risk') == "" ? "0" : "1"; $name = POST('action_name'); $descr = POST('descr'); $email_from = POST('email_from'); $email_to = POST('email_to'); $email_subject = POST('email_subject'); $email_message = POST('email_message'); $exec_command = POST('exec_command'); $tuser = POST('transferred_user'); $tentity = POST('transferred_entity'); $old_name = REQUEST('old_name'); if ($pro) { $ctx = POST('ctx'); } else { $ctx = Session::get_default_ctx(); } $v_exec_command = $v_email = ""; if ($action_type == "1") { $v_exec_commad = ",OSS_NULLABLE"; $v_ticket_u = ",OSS_NULLABLE"; $v_ticket_e = ",OSS_NULLABLE"; } else { if ($action_type == "2") { $v_email = ",OSS_NULLABLE"; $v_ticket_u = ",OSS_NULLABLE"; $v_ticket_e = ",OSS_NULLABLE";
} if ($_GET['name'] == 'task_period') { $task_period = intval(GET($_GET['name'])); if ($task_period < 1800) { $data['status'] = 'error'; $data['data'][$_GET['name']] = _('Invalid time between scans') . '. <br/>' . _('Entered value') . ": '<strong>" . Util::htmlentities($task_period) . "</strong>' (1800(s) " . _("minimum") . ")"; } } } echo json_encode($data); exit; } else { if (POST('mode') == 'insert' || POST('mode') == 'update' || GET('mode') == 'delete') { //Check Token if (!isset($_POST['ajax_validation_all']) || POST('ajax_validation_all') == FALSE) { if (!Token::verify('tk_form_task', REQUEST('token'))) { Token::show_error(); exit; } } } $validation_errors = validate_form_fields('POST', $validate); if (empty($validation_errors['task_params'])) { if ($_SESSION['av_inventory_type'] == 'nmap') { $task_params = POST('task_params'); $task_sensor = POST('task_sensor'); if (!Asset_net::is_cidr_in_my_nets($conn, $task_params)) { $validation_errors['task_params'] = _('Network not allowed') . '. Check your asset filter. <br/>' . _('Entered value') . ": <strong>'" . Util::htmlentities($task_params) . "</strong>'"; } else { if (!Asset_net::check_cidr_by_sensor($conn, $task_params, $task_sensor)) { $validation_errors['task_params'] = _("You can't scan the specified network using this sensor");
* * On Debian GNU/Linux systems, the complete text of the GNU General * Public License can be found in `/usr/share/common-licenses/GPL-2'. * * Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt * */ require_once dirname(__FILE__) . '/../../conf/config.inc'; Session::logcheck('environment-menu', 'EventsHidsConfig'); session_write_close(); $validation_errors = array(); $sensor_id = POST('sensor_id'); $asset_id = POST('asset_id'); $token = POST('token'); $_REQUEST['ip_cidr'] = strtolower(REQUEST('ip_cidr')); $ip_cidr = REQUEST('ip_cidr'); $validate = array('sensor_id' => array('validation' => "OSS_HEX", 'e_message' => 'illegal:' . _('Sensor ID')), 'asset_id' => array('validation' => "OSS_HEX", 'e_message' => 'illegal:' . _('Asset')), 'ip_cidr' => array('validation' => 'OSS_IP_ADDRCIDR', 'e_message' => 'illegal:' . _('IP/CIDR'))); if ($ip_cidr == 'any') { $validate['ip_cidr'] = array('validation' => 'any', 'e_message' => 'illegal:' . _('IP/CIDR')); } $db = new ossim_db(); $conn = $db->connect(); //Check Token if (!Token::verify('tk_f_agents', $token)) { $error = Token::create_error_message(); Util::response_bad_request($error); } $validation_errors = validate_form_fields('POST', $validate); //Extra validations if (empty($validation_errors['sensor_id']) && !Ossec_utilities::is_sensor_allowed($conn, $sensor_id)) { $validation_errors['sensor_id'] = sprintf(_("Sensor %s not allowed. Please check with your account admin for more information"), Av_sensor::get_name_by_id($conn, $sensor_id));
$last_pass_change = date('Y-m-d H:i:s'); $first_login = 0; $is_admin = 0; $sel_assets = array(); $sel_sensors = array(); $template_id = ''; if ($pro) { $entities = array(); } else { $company = ''; $departament = ''; } //Parameters $greybox = REQUEST('greybox'); $duplicate = GET('duplicate') != '' ? TRUE : FALSE; $login = REQUEST('login'); $msg = GET('msg'); $load_cookies = $_GET['load_cookies']; //Check login if ($login != '') { ossim_valid($login, OSS_USER, 'illegal:' . _('User name')); } // Session parameters $myself = Session::get_session_user(); $am_i_admin = Session::am_i_admin(); $is_default_admin = $login == AV_DEFAULT_ADMIN ? TRUE : FALSE; $am_i_proadmin = $pro && Acl::am_i_proadmin() ? TRUE : FALSE; $is_my_profile = $login == $myself && !$duplicate ? TRUE : FALSE; ossim_valid($greybox, OSS_DIGIT, OSS_NULLABLE, 'illegal:' . _('Greybox')); if (ossim_error()) { echo ossim_error();
// grullist nr5MpjEYAvWnVuY8 require_once "config/config.php"; require_once "libs/get_post.lib.php"; require_once "libs/user.class.php"; require_once "libs/termin.class.php"; $u = new User(); if (isREQUEST("user") && isREQUEST("passwd")) { $u->login(REQUEST("user"), REQUEST("passwd")); } if ($usr = $u->logedin()) { $ret = array(); switch (REQUEST("action", REQUEST("a", ""))) { case "user": $ret = $usr; break; case "dateadd": $t = new Termin(); $ret = $t->dateadd(REQUEST("t"), $usr["id"], REQUEST("z")); break; case "vote": $t = new Termin(); $ret = $t->vote(REQUEST("t"), $usr["id"], REQUEST("z"), REQUEST("v")); break; default: $ret = array("error" => "action: " . (isset($_GET["action"]) ? $_GET["action"] : "undefined")); } echo json_encode($ret); } else { header("HTTP/1.0 401 Unauthorized"); echo json_encode(array("error" => "401")); }
$scan_types = array('nmap' => 5, 'ocs' => 3, 'wmi' => 4); $frequencies = array('3600' => 'Hourly', '86400' => 'Daily', '604800' => 'Weekly', '2419200' => 'Monthly'); $s_type = REQUEST('s_type'); $s_type = empty($s_type) ? $_SESSION['av_inventory_type'] : $s_type; if (!array_key_exists($s_type, $scan_types)) { header("Location: " . AV_MAIN_ROOT_PATH . "/404.php"); exit; } // Logcheck by s_type if ($s_type == 'ocs') { Session::logcheck('configuration-menu', 'AlienVaultInventory'); } else { Session::logcheck('environment-menu', 'AlienVaultInventory'); } //Getting data $task_id = intval(REQUEST('task_id')); ossim_valid($id, OSS_DIGIT, OSS_NULLABLE, 'illegal:' . _('Task ID')); if (ossim_error()) { ossim_error(); exit; } $db = new ossim_db(); $conn = $db->connect(); if (!empty($task_id)) { try { $task_obj = Inventory::get_object($conn, $task_id); $name = $task_obj['task_name']; $sensor_id = $task_obj['task_sensor']; $params = $task_obj['task_params']; $period = $task_obj['task_period']; } catch (Exception $e) {
function register($template) { $dbuser = new User(); if (isREQUEST("logout")) { $dbuser->logout(); } if (isREQUEST("user") && isREQUEST("password")) { $usr = $dbuser->logout()->login(REQUEST("user"), REQUEST("password")); if (!$usr) { $template->add("error", "Login fehlgeschlagen"); } } if ($usr = $dbuser->logedin()) { $template->redirect("."); return; } // Alle Angaben korrekt? if (!isREQUEST("email") || !preg_match("/[a-z0-9-]*@[a-z0-9-]*\\.[a-z]*/i", REQUEST("email"))) { $template->add("regerror", "EMail nicht angegeben oder falsch"); $template->view("login"); return; } if (!isREQUEST("nick")) { $template->add("regerror", "Nick nicht angegeben"); $template->view("login"); return; } if (!isREQUEST("password1") || !isREQUEST("password2") || REQUEST("password1") != REQUEST("password2")) { $template->add("regerror", "Passswort nicht angegeben oder ungleich"); $template->view("login"); return; } // Existiert der Benuter schon? if ($dbuser->exist(REQUEST("nick"), REQUEST("email"))) { $template->add("regerror", "Nick oder Mail existieren schon"); $template->view("login"); return; } // Benutzer anlegen $activationpass = str_shuffle(md5(rand())); $dbuser->create(REQUEST("nick"), REQUEST("email"), REQUEST("password1"), $activationpass); $mail = new Mail(); global $CONFIG; $mail->userActivation(REQUEST("nick"), REQUEST("email"), $CONFIG["ServerDir"] . "?activate=" . $activationpass); $template->add("regsuccess", "Mail wurde versandt"); $template->view("login"); }
require_once 'classes/session.inc'; //Security functions require_once 'classes/Security.inc'; //Check IDS Security ids(); //Check session status //No check in these cases (Scheduled reports and migration) if (!preg_match('/AV Report Scheduler/', $_SERVER['HTTP_USER_AGENT']) && !preg_match('/migration/', $_SERVER['REQUEST_URI'])) { Session::is_expired(); } if (Session::get_session_user() != '') { //Set menu options $m_opt = REQUEST('m_opt'); $sm_opt = REQUEST('sm_opt'); $h_opt = REQUEST('h_opt'); $l_opt = REQUEST('l_opt'); ossim_valid($m_opt, OSS_LETTER, OSS_DIGIT, OSS_SCORE, OSS_NULLABLE, 'illegal:' . _('Menu option')); ossim_valid($sm_opt, OSS_LETTER, OSS_DIGIT, OSS_SCORE, OSS_NULLABLE, 'illegal:' . _('Submenu option')); ossim_valid($h_opt, OSS_LETTER, OSS_DIGIT, OSS_SCORE, OSS_NULLABLE, 'illegal:' . _('Hmenu option')); ossim_valid($l_opt, OSS_LETTER, OSS_DIGIT, OSS_SCORE, OSS_NULLABLE, 'illegal:' . _('Lmenu option')); //Chenck menu options if (ossim_error()) { header('Location: ' . AV_MAIN_PATH . '/session/login.php?action=logout'); } $av_menu = @unserialize($_SESSION['av_menu']); //Check menu object if (!is_object($av_menu) || empty($av_menu)) { $db = new ossim_db(); $conn = $db->connect(); $av_menu = new Menu($conn); $db->close();
?> </a> | <a href="main.php"><?php echo _('No'); ?> </a> </p> <?php exit; } $config = new Config(); $config->reset(); header('Location: ' . $_SERVER['SCRIPT_NAME'] . '?word=' . $word . '§ion=' . $section); exit; } $default_open = REQUEST('open'); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html> <head> <title> <?php echo _('Advanced Configuration'); ?> </title> <meta http-equiv="Pragma" content="no-cache"/> <?php //CSS Files $_files = array(array('src' => 'av_common.css', 'def_path' => TRUE), array('src' => 'jquery-ui.css', 'def_path' => TRUE), array('src' => 'tipTip.css', 'def_path' => TRUE), array('src' => 'jquery.timepicker.css', 'def_path' => TRUE)); Util::print_include_files($_files, 'css'); //JS Files
* * On Debian GNU/Linux systems, the complete text of the GNU General * Public License can be found in `/usr/share/common-licenses/GPL-2'. * * Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt * */ require_once 'av_init.php'; Session::logcheck('configuration-menu', 'CorrelationCrossCorrelation'); $action = 'insert'; $url_form = 'newpluginref.php'; $button_text = Util::js_entities(_("Create rule")); $plugin_id1 = REQUEST('plugin_id1'); $plugin_id2 = REQUEST('plugin_id2'); $plugin_sid1 = REQUEST('plugin_sid1'); $plugin_sid2 = REQUEST('plugin_sid2'); if ($plugin_id1 != '' || $plugin_id2 != '' || $plugin_sid1 != '' || $plugin_sid2 != '') { $action = 'modify'; $url_form = 'modifypluginref.php'; $button_text = Util::js_entities(_('Save rule')); ossim_valid($plugin_id1, OSS_DIGIT, 'illegal:' . _('Plugin ID1')); ossim_valid($plugin_id2, OSS_DIGIT, 'illegal:' . _('Plugin ID2')); ossim_valid($plugin_sid1, OSS_DIGIT, 'illegal:' . _('Plugin SID1')); ossim_valid($plugin_sid2, OSS_DIGIT, 'illegal:' . _('Plugin SID2')); if (ossim_error()) { echo ossim_error(); exit; } } $db = new ossim_db(); $conn = $db->connect();
$buff = ereg_replace("ntop_link=([^\n]*)", "ntop_link={$ntop_link}", $buff); $buff = ereg_replace("opennms_link=([^\n]*)", "opennms_link={$opennms_link}", $buff); $buff = ereg_replace("mrtg_link=([^\n]*)", "mrtg_link={$mrtg_link}", $buff); $buff = ereg_replace("graph_link=([^\n]*)", "graph_link={$graph_link}", $buff); if (!($fd = fopen($location, "w"))) { echo gettext("Error opening file") . " \n"; } fwrite($fd, $buff); fclose($fd); system("scp {$OSSIM_FILE} root@{$ip}:{$REMOTE_PATH}/ossim.conf"); echo "<p> " . gettext("Sensor edit completed") . " </p>\n"; } elseif (POST('ossimload')) { system("scp {$OSSIM_FILE_DEFAULT} root@{$ip}:{$REMOTE_PATH}/ossim.conf"); system("cp {$OSSIM_FILE_DEFAULT} {$OSSIM_FILE}"); echo "<p> " . gettext("Default values loaded") . " </p>\n"; } elseif (REQUEST('spade')) { if (!($fd = fopen($SPADE_FILE, 'r+'))) { echo gettext("Error opening") . " {$SPADE_FILE} " . gettext("file") . " \n"; exit; } while (!feof($fd)) { $line = fgets($fd, 4096); if (preg_match("/^var SPADEDIR ([^\n]*)/", $line, $regs)) { $spadedir = $regs[1]; } if (preg_match("/preprocessor spade:/", $line, $regs)) { if (preg_match("/dest=([^\\s]+)/", $line, $regs)) { $spade_dest = $regs[1]; } if (preg_match("/logfile=([^\\s]+)/", $line, $regs)) { $spade_logfile = $regs[1];
} } else { $summary['general']['statistics']['errors'] = count($data); //CSV file is not empty, but all lines are wrong if (empty($summary['general']['status'])) { $summary['general']['status'] = 'error'; $summary['general']['data'] = _('Nets could not be imported'); } } $db->close(); return $summary; } /**************************************************** ******************** Import data ******************* ****************************************************/ $import_type = REQUEST('import_type'); $import_type = empty($import_type) ? 'networks' : $import_type; if ($_POST['import_assets'] == 1) { $data['status'] = 'error'; $data['data'] = NULL; $file_csv = $_SESSION['file_csv']; unset($_SESSION['file_csv']); $iic = POST('iic'); $ctx = POST('ctx'); if (Session::is_pro()) { if (!valid_hex32($ctx) || Acl::entityAllowed($ctx) < 1) { $data['data'] = empty($ctx) ? _('You must select an entity') : _('Entity not allowed'); echo json_encode($data); exit; } } else {
* You should have received a copy of the GNU General Public License * along with this package; if not, write to the Free Software * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, * MA 02110-1301 USA * * * On Debian GNU/Linux systems, the complete text of the GNU General * Public License can be found in `/usr/share/common-licenses/GPL-2'. * * Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt * */ require_once 'av_init.php'; Session::logcheck_by_asset_type('asset'); Session::logcheck('environment-menu', 'EventsHidsConfig'); $action = REQUEST('action'); $allowed_action = array('show_unsupported' => 1, 'remove_unsupported' => 2, 'deploy_all_agents' => 3); if (empty($allowed_action[$action])) { Util::response_bad_request(_('Error! Action not allowed')); } $db = new Ossim_db(); $conn = $db->connect(); switch ($action) { case 'show_unsupported': $data['status'] = 'success'; $data['data'] = _('Your request has been processed'); try { //Number of assets in the system list($assets, $total_assets) = Asset_host::get_list($conn, '', array('limit' => 1)); //Number of selected assets $total_selected = Filter_list::get_total_selection($conn, 'asset');