Exemplo n.º 1
                    $curid = $rs->fields['id'];
            $id = Av_report::get_new_report_module_id($conn);
            if ($curid > 0) {
                $sql = "UPDATE custom_report_types SET name=?,type='Custom Security Events',file='SIEM/CustomList.php',inputs='Number of Events:top:text:OSS_DIGIT:25:1000',custom_report_types.sql=? WHERE id=?";
                $params = array($name, "{$query1};{$query2};{$columns}", $curid);
            } else {
                $sql = "INSERT INTO custom_report_types (id,name,type,file,inputs,custom_report_types.sql) VALUES (?,?,'Custom Security Events','SIEM/CustomList.php','Number of Events:top:text:OSS_DIGIT:25:1000',?)";
                $params = array($id, $name, "{$query1};{$query2};{$columns}");
            if ($conn->Execute($sql, $params)) {
                $msg = $curid > 0 ? _("Report Module") . " <b>'Custom Security Events - {$name}'</b> " . _("successfully updated") : _("Report Module successfully created as") . " <b>'Custom Security Events - {$name}'</b>";
                $msg_type = 'nf_success';
            } else {
                Av_exception::write_log(Av_exception::DB_ERROR, $conn->ErrorMsg());
                $msg = _("Error creating a new report type.");
                $msg_type = 'nf_error';
        } else {
            $msg = _("Error creating a new report type.");
            $msg_type = 'nf_error';
$tags = get_tags($idm_enabled);
if ($opensource) {
Exemplo n.º 2
function DisplayProcessing()
    global $self;
    global $ListNOption;
    global $TopNOption;
    global $OutputFormatOption;
    global $IPStatOption;
    global $IPStatOrder;
    global $LimitScale;
    require_once 'av_init.php';
    $geoloc = new Geolocation("/usr/share/geoip/GeoLiteCity.dat");
    $db_aux = new ossim_db();
    $conn_aux = $db_aux->connect();
    $aux_ri_interfaces = Remote_interface::get_list($conn_aux, "WHERE status = 1");
    $ri_list = $aux_ri_interfaces[0];
    $ri_total = $aux_ri_interfaces[1];
    $ri_data = array();
    if ($ri_total > 0) {
        foreach ($ri_list as $r_interface) {
            $ri_data[] = array("name" => $r_interface->get_name(), "id" => "web_interfaces", "target" => "_blank", "url" => $r_interface->get_ip());
    $type = $detail_opts['type'] == "flows" ? 0 : ($detail_opts['type'] == "packets" ? 1 : 2);
    if ($ri_total >= 0) {
        echo '<a name="processing"></a>';
    $detail_opts = $_SESSION['detail_opts'];
    $process_form = $_SESSION['process_form'];
    <table style='width:100%;margin-top:15px;margin-bottom:5px;border:none'><tr>
    <td class='nobborder'><b><?php 
    echo _("Netflow Processing");
    <td class='noborder nfsen_menu'>
        <a href='javascript:lastsessions()'><?php 
    echo _("List last 500 sessions");
</a> |
        &nbsp;<a href='javascript:launch("2","<?php 
    echo $type;
    echo _("Top 10 Src IPs");
</a> |
        &nbsp;<a href='javascript:launch("3","<?php 
    echo $type;
    echo _("Top 10 Dst IPs");
</a> |
        &nbsp;<a href='javascript:launch("5","<?php 
    echo $type;
    echo _("Top 10 Src Port");
</a> |
        &nbsp;<a href='javascript:launch("6","<?php 
    echo $type;
    echo _("Top 10 Dst Port");
</a> |
        &nbsp;<a href='javascript:launch("13","<?php 
    echo $type;
    echo _("Top 10 Proto");

<form action="<?php 
    echo $self;
" onSubmit="return ValidateProcessForm()" id="FlowProcessingForm" method="POST" laction="<?php 
    echo $self;
    if (preg_match("/^\\d+\$/", $_SESSION['tend'])) {
    <input type="hidden" name="tend" value="<?php 
        echo intval($_SESSION['tend']);
" />
    if (preg_match("/^\\d+\$/", $_SESSION['tleft'])) {
    <input type="hidden" name="tleft" value="<?php 
        echo intval($_SESSION['tleft']);
" />
    if (preg_match("/^\\d+\$/", $_SESSION['tright'])) {
    <input type="hidden" name="tright" value="<?php 
        echo intval($_SESSION['tright']);
" />
    if ($_SESSION["detail_opts"]["cursor_mode"] != "") {
    <input type="hidden" name="cursor_mode" value="<?php 
        echo Util::htmlentities($_SESSION["detail_opts"]["cursor_mode"]);
" />
    if ($_SESSION["detail_opts"]["wsize"] != "") {
    <input type="hidden" name="wsize" value="<?php 
        echo Util::htmlentities($_SESSION["detail_opts"]["wsize"]);
" />
    if ($_SESSION["detail_opts"]["logscale"] != "") {
    <input type="hidden" name="logscale" value="<?php 
        echo Util::htmlentities($_SESSION["detail_opts"]["logscale"]);
" />
    if ($_SESSION["detail_opts"]["linegraph"] != "") {
    <input type="hidden" name="linegraph" value="<?php 
        echo Util::htmlentities($_SESSION["detail_opts"]["linegraph"]);
" />
<input type="hidden" name="login" value="<?php 
    echo Util::htmlentities($_SESSION["_remote_login"]);
" />
<table class='nfsen_filters'>
		<th class="thold"><?php 
    echo _("Source");
		<th class="thold"><?php 
    echo _("Filter");
		<th class="thold"><?php 
    echo _("Options");

		<td style='vertical-align:top'>
			<select name="srcselector[]" id='SourceSelector' size="6" style="width: 100%" multiple='multiple'>
    foreach ($process_form['srcselector'] as $selected_channel) {
        $_tmp[$selected_channel] = 1;
    $i = 0;
    foreach ($_SESSION['profileinfo']['channel'] as $channel) {
        $channel_name = $channel['name'];
        $checked = array_key_exists($channel['id'], $_tmp) ? 'selected' : '';
        echo "<OPTION value='" . Util::htmlentities($channel['id']) . "' {$checked}>{$channel_name}</OPTION>\n";
			<div style='margin: 5px auto'>
				<input class="small av_b_secondary" type="button" name="JSbutton2" value="All Sources" onClick="SelectAllSources()"/>
		<td style="vertical-align:top;">
			<textarea name="filter" id="filter" multiline="true" wrap="phisical" rows="6" cols="50" maxlength="10240"><?php 
    if (is_array($process_form)) {
        $display_filter = array_key_exists('editfilter', $process_form) ? $process_form['editfilter'] : $process_form['filter'];
    } else {
        $display_filter = array();
    if (count($display_filter) < 1 && GET('ip') != "" && GET('ip2') != "") {
        $display_filter[0] = "(src ip " . GET('ip') . " and dst ip " . GET('ip2') . ") or (src ip " . GET('ip2') . " and dst ip " . GET('ip') . ")";
    } elseif (count($display_filter) < 1 && GET('ip') != "") {
        $display_filter[0] = "src ip " . GET('ip') . " or dst ip " . GET('ip');
    } elseif (preg_match("/(\\d+\\.\\d+\\.\\d+\\.\\d+)/", $display_filter[0]) && GET('ip') != "" && GET('ip2') != "") {
        $ip1 = GET('ip');
        $ip2 = GET('ip2');
        $filter = "(src ip {$ip1} and dst ip {$ip2}) or (src ip {$ip2} and dst ip {$ip1})";
        $display_filter[0] = preg_replace("/\\(src ip \\d+\\.\\d+\\.\\d+\\.\\d+ and dst ip \\d+\\.\\d+\\.\\d+\\.\\d+\\) or \\(src ip \\d+\\.\\d+\\.\\d+\\.\\d+ and dst ip \\d+\\.\\d+\\.\\d+\\.\\d+\\)/", $filter, $display_filter[0]);
        $display_filter[0] = preg_replace("/src ip \\d+\\.\\d+\\.\\d+\\.\\d+ or dst ip \\d+\\.\\d+\\.\\d+\\.\\d+/", $filter, $display_filter[0]);
    } elseif (preg_match("/(\\d+\\.\\d+\\.\\d+\\.\\d+)/", $display_filter[0]) && GET('ip') != "") {
        $filter = "src ip " . GET('ip') . " or dst ip " . GET('ip');
        $display_filter[0] = preg_replace("/\\(src ip \\d+\\.\\d+\\.\\d+\\.\\d+ and dst ip \\d+\\.\\d+\\.\\d+\\.\\d+\\) or \\(src ip \\d+\\.\\d+\\.\\d+\\.\\d+ and dst ip \\d+\\.\\d+\\.\\d+\\.\\d+\\)/", $filter, $display_filter[0]);
        $display_filter[0] = preg_replace("/src ip \\d+\\.\\d+\\.\\d+\\.\\d+ or dst ip \\d+\\.\\d+\\.\\d+\\.\\d+/", $filter, $display_filter[0]);
    foreach ($display_filter as $line) {
        print str_replace("&amp;", "&", Util::htmlentities(stripslashes($line))) . "\n";
    $deletefilter_display_style = is_array($process_form) && array_key_exists('editfilter', $process_form) ? '' : 'style="display:none;"';
			<input type="image" name="filter_delete" id="filter_delete" title="<?php 
    echo _("Delete filter");
" align="right"
				onClick="HandleFilter(3)" value="" src="icons/trash.png" <?php 
    echo $deletefilter_display_style;
			<!-- <input type="image" name="filter_save" id="filter_save" title="Save filter" align="right"
				value="" src="icons/save.png"> -->
			<input type="hidden" name="filter_name" id="filter_name" value="none">
			<div style='margin: 5px auto'>
				<span id="filter_span">and</span>
				<select name="DefaultFilter" id="DefaultFilter" onChange="HandleFilter(0)" size="1">
    print "<option value='-1' label='none'>&lt;none&gt;</option>\n";
    foreach ($_SESSION['DefaultFilters'] as $name) {
        $checked = $process_form['DefaultFilter'] == $name ? 'selected' : '';
        print "<option value='" . Util::htmlentities($name) . "' {$checked}>" . Util::htmlentities($name) . "</option>\n";
    $editfilter_display_style = 'style="display:none;"';
    foreach ($_SESSION['DefaultFilters'] as $name) {
        if ($process_form['DefaultFilter'] == $name) {
            $editfilter_display_style = '';
				<input type="image" name="filter_save" id="filter_save" title="<?php 
    echo _("Save filter");
					onClick="HandleFilter(2)" value="" src="icons/save.png" border="0" align="absmiddle"> 		
				<input type="image" name="filter_edit" id="filter_edit" title="Edit filter" <?php 
    echo $editfilter_display_style;
					onClick="HandleFilter(1)" value="" src="icons/edit.png">
			<script language="Javascript" type="text/javascript">
				var DefaultFilters = new Array();
    foreach ($_SESSION['DefaultFilters'] as $name) {
        print "DefaultFilters.push('" . Util::htmlentities($name) . "');\n";
    if (array_key_exists('editfilter', $process_form)) {
        print "edit_filter = '" . Util::htmlentities($process_form['DefaultFilter']) . "';\n";
		<!-- Options start here -->
		<td style='padding: 0px;vertical-align:top;border:none;'>
			<table border="0" id="ProcessOptionTable" style="font-size:14px;font-weight:bold;width:100%;border:none">
					<td class='TDnfprocLabel' style='white-space:nowrap'>
    $i = 0;
    foreach (array('List Flows', 'Stat TopN') as $s) {
        $checked = $process_form['modeselect'] == $i ? 'checked' : '';
        print "<input type='radio' onClick='SwitchOptionTable({$i})' name='modeselect' id='modeselect{$i}' value='{$i}' {$checked}>{$s}&nbsp;";
    $list_display_style = $process_form['modeselect'] == 0 ? '' : 'style="display:none;"';
    $stat_display_style = $process_form['modeselect'] == 0 ? 'style="display:none;"' : '';
    $formatselect_display_opts = $process_form['modeselect'] == 1 && $process_form['stattype'] != 0 ? 'style="display:none;"' : '';
				   <td class='TDnfprocControl' >
						<table class='noborder' style='margin: auto;'>
								<td class='nobborder'><input class="small av_b_secondary" type="button" name="JSbutton1" value="<?php 
    echo _("Clear Form");
" onClick="ResetProcessingForm()"/></td>
								<td class='nobborder'><input class="small" type="submit" name="process" value="<?php 
    echo _("Process");
" id="process_button" onClick="clean_remote_data();form_ok=true;" size="1"/></td>
    if (count($RemoteInterfacesData) > 0 && !isset($_POST['login'])) {
									<td class='nobborder'><input type="button" name="remote_process" value="<?php 
        echo _("Remote Process");
" id="remote_process_button" onclick="$('#rinterfaces').toggle()"/>
										<div id='container_rmp' style='position:relative;'>
											<div id="rinterfaces" style="position:absolute; top:0; right:0;display:none; margin:1px 0px 0px 2px; text-align:right;">
        foreach ($RemoteInterfacesData as $data) {
            $short_name = strlen($data['name']) > 12 ? substr($data['name'], 0, 12) . "..." : $data['name'];
													<input type="button" onclick="remote_interface('<?php 
            echo $data["url"];
')" style="width:180px; font-size: 11px;" title="<?php 
            echo $data["name"] . " [" . $data["url"] . "]";
" value="<?php 
            echo $short_name . " [" . $data["url"] . "]";
"/><br />
				<tr id="listNRow" <?php 
    echo $list_display_style;
					<td class='TDnfprocLabel'><?php 
    echo _("Limit to");
					<td class='TDnfprocControl'>
						<select name="listN" id="listN" style="margin-left:1" size="1">
    for ($i = 0; $i < count($ListNOption); $i++) {
        $checked = $process_form['listN'] == $i ? 'selected' : '';
        print "<OPTION value='{$i}' {$checked}>" . $ListNOption[$i] . "</OPTION>\n";
    echo _("Flows");
				<tr id="topNRow" <?php 
    echo $stat_display_style;
					<td class='TDnfprocLabel'><?php 
    echo _("Top");
					<td class='TDnfprocControl'> 
						<select name="topN" id="TopN" size="1">
    for ($i = 0; $i < count($TopNOption); $i++) {
        $checked = $process_form['topN'] == $i ? 'selected' : '';
        print "<OPTION value='{$i}' {$checked}>" . $TopNOption[$i] . "</OPTION>\n";
				<tr id="stattypeRow" <?php 
    echo $stat_display_style;
					<td class="TDnfprocLabel"><?php 
    echo _("Stat");
					<td class="TDnfprocControl">
						<select name="stattype" id="StatTypeSelector" onChange="ShowHideOptions()" size="1">
    for ($i = 0; $i < count($IPStatOption); $i++) {
        $checked = $process_form['stattype'] == $i ? 'selected' : '';
        print "<OPTION value='{$i}' {$checked}>" . $IPStatOption[$i] . "</OPTION>\n";
						order by&nbsp;
						<select name='statorder' id="statorder" size='1'>
    for ($i = 0; $i < count($IPStatOrder); $i++) {
        $checked = $process_form['statorder'] == $i ? 'selected' : '';
        print "<OPTION value='{$i}' {$checked}>" . $IPStatOrder[$i] . "</OPTION>\n";
				<tr id="AggregateRow" <?php 
    echo $formatselect_display_opts;
					<td class='TDnfprocLabel'><?php 
    echo _("Aggregate");
					<td class='TDnfprocControl'>
						<input type="checkbox" name="aggr_bidir" id="aggr_bidir" value="checked" onClick="ToggleAggregate();"
							style="margin-left:1" <?php 
    echo Util::htmlentities($process_form['aggr_bidir']);
    echo _("bi-directional");
						<input type="checkbox" name="aggr_proto" id="aggr_proto" value="checked" 
							style="margin-left:1" <?php 
    echo Util::htmlentities($process_form['aggr_proto']);
    echo _("proto");
						<input type="checkbox" name="aggr_srcport" id="aggr_srcport" value="checked" 
							style="margin-left:1" <?php 
    echo Util::htmlentities($process_form['aggr_srcport']);
    echo _("srcPort");
						<input type="checkbox" name="aggr_srcip" id="aggr_srcip" value="checked" 
							style="margin-left:1" <?php 
    echo Util::htmlentities($process_form['aggr_srcip']);
						<select name="aggr_srcselect" id="aggr_srcselect" onChange="NetbitEntry('src')" size="1">
    $i = 0;
    foreach (array('srcIP', 'srcIPv4/', 'srcIPv6/') as $s) {
        $checked = $process_form['aggr_srcselect'] == $i ? 'selected' : '';
        print "<option value='{$i}' {$checked}>{$s}</option>\n";
    $_style = $process_form['aggr_srcselect'] == 0 ? 'style="display:none"' : '';
						<input size="3" type="text" name="aggr_srcnetbits" id="aggr_srcnetbits" 
    echo Util::htmlentities($process_form['aggr_srcnetbits']);
" <?php 
    echo $_style;
						<input type="checkbox" name="aggr_dstport" id="aggr_dstport" value="checked" 
							style="margin-left:1" <?php 
    echo Util::htmlentities($process_form['aggr_dstport']);
    echo _("dstPort");
						<input type="checkbox" name="aggr_dstip" id="aggr_dstip" value="checked" 
							style="margin-left:1" <?php 
    echo Util::htmlentities($process_form['aggr_dstip']);
						<select name="aggr_dstselect" id="aggr_dstselect" onChange="NetbitEntry('dst')" size="1">
    $i = 0;
    foreach (array('dstIP', 'dstIPv4/', 'dstIPv6/') as $s) {
        $checked = $process_form['aggr_dstselect'] == $i ? 'selected' : '';
        print "<option value='{$i}' {$checked}>{$s}</option>\n";
    $_style = $process_form['aggr_dstselect'] == 0 ? 'style="display:none"' : '';
						<input size="3" type="text" name="aggr_dstnetbits" id="aggr_dstnetbits" 
    echo Util::htmlentities($process_form['aggr_dstnetbits']);
" <?php 
    echo $_style;
				<tr id="timesortedRow" <?php 
    echo $list_display_style;
					<td class='TDnfprocLabel'><?php 
    echo _("Sort");
					<td class='TDnfprocControl'>
						<input type="checkbox" name="timesorted" id="timesorted" value="checked" 
							style="margin-left:1" <?php 
    echo Util::htmlentities($process_form['timesorted']);
    echo _("start time of flows");
				<tr id="limitoutputRow" <?php 
    echo $stat_display_style;
					<td class='TDnfprocLabel'><?php 
    echo _("Limit");
					<td class='TDnfprocControl'>
						<input type="checkbox" name="limitoutput" id="limitoutput" value="checked" style="margin-left:1" 
							size="1" <?php 
    echo Util::htmlentities($process_form['limitoutput']);
						<select name="limitwhat" id="limitwhat" size="1">
    $i = 0;
    foreach (array(gettext("Packets"), gettext("Traffic")) as $s) {
        $checked = $process_form['limitwhat'] == $i ? 'selected' : '';
        print "<option value='{$i}' {$checked}>{$s}</option>\n";
						<select name="limithow" id="limithow" size="1">
    $i = 0;
    foreach (array('&gt;', '&lt;') as $s) {
        $checked = $process_form['limithow'] == $i ? 'selected' : '';
        print "<option value='{$i}' {$checked}>{$s}</option>\n";
						<input type="text" name="limitsize" id="limitsize" value="<?php 
    echo Util::htmlentities($process_form['limitsize']);
						<select name="limitscale" id="limitscale" size="1" style="margin-left:1">
    $i = 0;
    foreach ($LimitScale as $s) {
        $checked = $process_form['limitscale'] == $i ? 'selected' : '';
        print "<option value='{$i}' {$checked}>{$s}</option>\n";

				<tr id="outputRow">
					<td class='TDnfprocLabel'><?php 
    echo _("Output");
					<td class='TDnfprocControl'>
						<span id="FormatSelect" <?php 
    echo $formatselect_display_opts;
						<select name="output" id="output" onChange="CustomOutputFormat()"  style="margin-left:1" size="1">
    foreach ($_SESSION['formatlist'] as $key => $value) {
        $checked = $process_form['output'] == $key ? 'selected' : '';
        print "<OPTION value='" . Util::htmlentities($key) . "' {$checked}>" . Util::htmlentities($key) . "</OPTION>\n";
    $fmt = $_SESSION['formatlist'][$process_form['output']];
    if ($process_form['output'] == $fmt) {
        // built in format
        $space_display_style = '';
        $edit_display_style = 'style="display:none"';
    } else {
        $space_display_style = 'style="display:none"';
        $edit_display_style = '';
						<script language="Javascript" type="text/javascript">
							var fmts = new Hash();
    foreach ($_SESSION['formatlist'] as $key => $value) {
        print "fmts.setItem('" . Util::htmlentities($key) . "', '" . Util::htmlentities($value) . "');\n";
						<img src="icons/space.png" border="0" alt='space' id='space' <?php 
    echo $space_display_style;
						<a href="#null" onClick="EditCustomFormat()"
    echo _("Edit format");
" ><IMG SRC="icons/edit.png" name="fmt_doedit" id="fmt_doedit" border="0" 
    echo $edit_display_style;
 alt="Edit format"></a>
						<input type="checkbox" name="IPv6_long" id="IPv6_long" style="margin-left:1" value="checked" <?php 
    echo Util::htmlentities($process_form['IPv6_long']);
						&nbsp;/ <?php 
    echo _("IPv6 long");
    $fmt_edit_display_style = $process_form['output'] == 'custom ...' ? '' : 'style="display:none"';
						<span id="fmt_edit" <?php 
    echo $fmt_edit_display_style;
    echo _("Enter custom output format");
						<input size="30" type="text" name="customfmt" id="customfmt" 
    echo Util::htmlentities($process_form['customfmt']);
" >
						<input type="image" name="fmt_save" id="fmt_save" title="<?php 
    echo _("Save format");
							value="" src="icons/save.png">
						<input type="image" name="fmt_delete" id="fmt_delete" title="<?php 
    echo _("Delete format");
							value="" src="icons/trash.png" <?php 
    echo $edit_display_style;
	<td align="right" style="border:none">
		<input type="button" name="JSbutton1" value="<?php 
    echo _("Clear Form");
" onClick="ResetProcessingForm()">
		<input type="submit" name="process" value="<?php 
    echo _("process");
" id="process_button" onClick="form_ok=true;" size="1">

<div id="lookupbox">
	<div id="lookupbar" align="right" style="background-color:olivedrab"><img src="icons/close.png"
		onmouseover="this.style.cursor='pointer';" onClick="hidelookup()" title="Close lookup box"></div>
	<iframe id="cframe" src="" frameborder="0" scrolling="auto" width="100%" height="166"></iframe>

    if (!array_key_exists('run', $_SESSION)) {
    print "<div class='flowlist'>\n";
    $run = $_SESSION['run'];
    if ($run != null) {
        $filter = $process_form['filter'];
        if ($process_form['DefaultFilter'] != -1) {
            $cmd_opts['and_filter'] = $process_form['DefaultFilter'];
        $cmd_opts['type'] = ($_SESSION['profileinfo']['type'] & 4) > 0 ? 'shadow' : 'real';
        $cmd_opts['profile'] = $_SESSION['profileswitch'];
        $cmd_opts['srcselector'] = implode(':', $process_form['srcselector']);
        #print "<pre>\n";
        $patterns = array();
        $replacements = array();
        $patterns[0] = '/(\\s*)([^\\s]+)/';
        $replacements[0] = "\$1<a href='#null' onClick='lookup(\"\$2\", this, event)' title='lookup \$2'>\$2</a>";
        // gets HAP4NfSens plugin id. returns -1 if HAP4NfSen is not installed.
        function getHAP4NfSenId()
            $plugins = GetPlugins();
            for ($i = 0; $i < count($plugins); $i++) {
                $plugin = $plugins[$i];
                if ($plugin == "HAP4NfSen") {
                    return $i;
            return -1;
        $cmd_opts['args'] = "-T {$run}";
        $cmd_opts['filter'] = $filter;
        $titcol = get_tit_col($run);
        $cmd_out = nfsend_query("run-nfdump", $cmd_opts);
        if (!is_array($cmd_out)) {
        } else {
            $conf = $GLOBALS["CONF"];
            $solera = $conf->get_conf("solera_enable", FALSE) ? true : false;
            $db = new ossim_db();
            $conn = $db->connect();
            $sensors = $hosts = $ossim_servers = array();
            $tz = Util::get_timezone();
            list($hosts, $host_ids) = Asset_host::get_basic_list($conn, array(), TRUE);
            $entities = Session::get_all_entities($conn);
            $_sensors = Av_sensor::get_basic_list($conn);
            foreach ($_sensors as $s_id => $s) {
                $sensors[$s['ip']] = $s['name'];
            /*$hap4nfsen_id = getHAP4NfSenId();
                    	        if ($hap4nfsen_id >= 0) {
            					// ICMP "port" filter are no currently supported by the HAP4NfSen plugin
            					function isChecked(&$form, $name) { // helper function used to find out, if an option is checked
            						return $form[$name]=="checked";
            					$ip_and_port_columns = preg_match('/(flow records)/i', $IPStatOption[$process_form['stattype']]) &&
            						((isChecked($process_form,'aggr_srcip') && isChecked($process_form,'aggr_srcport')) ||
            						(isChecked($process_form,'aggr_dstip') && isChecked($process_form,'aggr_dstport')));
            					$ip_contains_port =  $_SESSION["process_form"]["modeselect"]=='0' || !preg_match('/[ip|flow_records]/i', $IPStatOption[$process_form['stattype']]) ||
            								(preg_match('/(flow records)/i', $IPStatOption[$process_form['stattype']]) && !( // no boxes checked
            								isChecked($process_form,'aggr_srcip') || isChecked($process_form,'aggr_srcport') ||
            								isChecked($process_form,'aggr_dstip') || isChecked($process_form,'aggr_dstport')));
                    	                        $_SESSION["plugin"][$hap4nfsen_id]["cmd_opts"] = $cmd_opts;
            					$hap_pic = "<img src=\"plugins/HAP4NfSen/graphviz.png\" valign=\"middle\" border=\"0\" alt=\"HAP\" />";
            					$default_pattern = array_pop($patterns);
            					$default_replacement = array_pop($replacements);
            					if ($ip_contains_port) { // matches cases like ip:port
            						$max_prot_length = 5; // max. port length = 5 chars(highest port number = 65535)
            						for ($i=$max_prot_length;$i>=1;$i--) {
            							$diff = ($max_prot_length-$i); // difference between actual and max port length
            							$ip_port_pattern_icmp = "/(\s*)([^\s|^:]+)(:)(0\s{4}|\d\.\d\s{2}|\d{2}\.\d\|\d\.\d{2}\s|\d{2}\.\d{2})/";
            							$ip_port_pattern_normal = "/(\s*)([^\s|^:]+)(:)([\d|\.]{{$i}})(\s{{$diff}})/";
            							$spaces = '';
            							for ($k=0;$k<$diff;$k++) {$spaces = $spaces . ' ';} // spaces required to align hap viewer icons
                                                            	array_push($patterns, $ip_port_pattern_icmp);
            							array_push($replacements,  $default_replacement .
            								"$3$4 <a href=\"nfsen.php?tab=5&sub_tab=" . $hap4nfsen_id . "&ip=$2&mode=new\" title='HAP graphlet for $2'>$hap_pic</a> ");
            							array_push($patterns, $ip_port_pattern_normal);
                                                            	array_push($replacements,  $default_replacement .
            								"$3$4$spaces <a href=\"nfsen.php?tab=5&sub_tab=" . $hap4nfsen_id . "&ip=$2&port=$4&mode=new\" title='HAP graphlet for $2 on port $4'>$hap_pic</a> ");
            						array_push($patterns, '/(\sIP\sAddr:Port)/i');
                                                    	array_push($replacements, "$1  $hap_pic");
            					} else {
            						if ($ip_and_port_columns) { // matches cases when both ip and port are available but are located in separate columns
            							// ICMP verion
            							$ip_and_port_pattern = "/(\s*)([^\s]+)(\s+)(0|\d\.\d)/";
            							$ip_and_port_replacement = "$1$2$3$4 " .
            								"<a href=\"nfsen.php?tab=5&sub_tab=" . $hap4nfsen_id . "&ip=$2&mode=new\" title='HAP graphlet for $2'>$hap_pic</a>";
            							array_push($patterns, $ip_and_port_pattern);
            							array_push($replacements, $ip_and_port_replacement);
            							// non-ICMP version with port filter
                                                                    $ip_and_port_pattern = "/(\s*)([^\s]+)(\s*)([\d|.]+)/";
                                                                    $ip_and_port_replacement = "$1$2$3$4 " .
                                                                            "<a href=\"nfsen.php?tab=5&sub_tab=" . $hap4nfsen_id . "&ip=$2&port=$4&mode=new\" title='HAP graphlet for $2 on port $4'>$hap_pic</a>";
                                                                    array_push($patterns, $ip_and_port_pattern);
                                                                    array_push($replacements, $ip_and_port_replacement);
            							array_push($patterns, '/(\s\s(Src\sIP\sAddr\s*Src\sPt|Dst\sIP\sAddr\s*Dst\sPt))/i');
                                                                    array_push($replacements, "$1 $hap_pic");
            						} else { // matches all other cases
            							array_push($patterns, $default_pattern);
                                                    		array_push($replacements,  $default_replacement . 
            								" <a href=\"nfsen.php?tab=5&sub_tab=" . $hap4nfsen_id . "&ip=$2&mode=new\" title='HAP graphlet for $2'>$hap_pic</a>");
            							array_push($patterns, '/(\s(|\s(Src|Dst))\sIP\sAddr)/i');
                                                            	array_push($replacements, "$1 $hap_pic");
            				if ( array_key_exists('arg', $cmd_out) ) {
            					print "** nfdump " . $cmd_out['arg'] . "\n";
            				if ( array_key_exists('filter', $cmd_out) ) {
            					print "nfdump filter:\n";
            					foreach ( $cmd_out['filter'] as $line ) {
            						print "$line\n";
            				foreach ( $cmd_out['nfdump'] as $line ) {
            					print preg_replace($patterns, $replacements, $line) . "\n";
            # parse command line
            #2009-12-09 17:08:17.596    40.262 TCP    -> .AP.SF   0       70   180978        1    35960   2585     1
            $list = preg_match("/\\-o extended/", $cmd_out['arg']) ? 1 : 0;
            $regex = $list ? "/(\\d\\d\\d\\d\\-.*?\\s.*?)\\s+(.*?)\\s+(.*?)\\s+(.*?)\\s+->\\s+(.*?)\\s+(.*?)\\s+(.*?)\\s+(.*?)\\s+(.*?\\s*[KMG]?)\\s+(.*?)\\s+(.*?)\\s+(.*?)\\s+(.*)/" : "/(\\d\\d\\d\\d\\-.*?\\s.*?)\\s+(.*?)\\s+(.*?)\\s+(.*?)\\s+(.*?)\\s+(.*?)\\s+(.*?\\s*[KMGT]?)\\s+(.*?)\\s+(.*?)\\s+(.*)/";
            echo '<div class="nfsen_list_title">' . _('Flows Info') . '</div>';
            echo "<table class='table_list'>";
            $geotools = false;
            if ($list && file_exists("../kml/GoogleEarth.php")) {
                $geotools = true;
                $geoips = array();
                $geotools_src = " <a href='' onclick='window.open(\"../kml/TourConfig.php?type=ip_src&ip=&flows=1\",\"Flows sources - Goggle Earth API\",\"width=1024,height=700,scrollbars=NO,toolbar=1\");return false'><img align='absmiddle' src='../pixmaps/google_earth_icon.png' border='0'></a>&nbsp;&nbsp;<a href='' onclick='window.open(\"../kml/IPGoogleMap.php?type=ip_src&ip=&flows=1\",\"Flows sources - Goggle Maps API\",\"width=1024,height=700,scrollbars=NO,toolbar=1\");return false'><img align='absmiddle' src='../pixmaps/google_maps_icon.png' border='0'></a>";
                $geotools_dst = " <a href='' onclick='window.open(\"../kml/TourConfig.php?type=ip_dst&ip=&flows=1\",\"Flows destinations - Goggle Earth API\",\"width=1024,height=700,scrollbars=NO,toolbar=1\");return false'><img align='absmiddle' src='../pixmaps/google_earth_icon.png' border='0'></a>&nbsp;&nbsp;<a href='' onclick='window.open(\"../kml/IPGoogleMap.php?type=ip_dst&ip=&flows=1\",\"Flows destinations - Goggle Maps API\",\"width=1024,height=700,scrollbars=NO,toolbar=1\");return false'><img align='absmiddle' src='../pixmaps/google_maps_icon.png' border='0'></a>";
            echo $list ? "\n                \n                <tr>\n                    <th>" . _("Date flow start") . "<br><span style='font-size:8px'>" . Util::timezone($tz) . "</style></th>\n                    <th>" . _("Duration") . "</th>\n                    <th>" . _("Proto") . "</th>\n                    <th>" . _("Src IP Addr:Port") . "{$geotools_src}</th>\n                    <th>" . _("Dst IP Addr:Port") . "{$geotools_dst}</th>\n                    <th>" . _("Flags") . "</th>\n                    <th>" . _("Tos") . "</th>\n                    <th>" . _("Packets") . "</th>\n                    <th>" . _("Bytes") . "</th>\n                    <th>" . _("pps") . "</th>\n                    <th>" . _("bps") . "</th>\n                    <th>" . _("Bpp") . "</th>\n                    <th>" . _("Flows") . "</th>\n                \t" . ($solera ? "<th></th>" : "") . "\n                    </tr>" : "<tr>\n                    <th>" . _("Date flow seen") . "<br><span style='font-size:8px'>" . Util::timezone($tz) . "</style></th>\n                    <th>" . _("Duration") . "</th>\n                    <th>" . _("Proto") . "</th>\n                    <th>" . $titcol . "</th>\n                    <th>" . _("Flows") . "(%)</th>\n                    <th>" . _("Packets") . "(%)</th>\n                    <th>" . _("Bytes") . "(%)</th>\n                    <th>" . _("pps") . "</th>\n                    <th>" . _("bps") . "</th>\n                    <th>" . _("Bpp") . "</th>\n                \t" . ($solera ? "<th></th>" : "") . "\n                    </tr>";
            $status = $errors = array();
            $rep = new Reputation();
            foreach ($cmd_out['nfdump'] as $k => $line) {
                #capture status
                if (preg_match("/^(Summary|Time window|Total flows processed|Sys)\\:/", $line, $found)) {
                    $status[$found[1]] = str_replace($found[1] . ":", "", $line);
                # capture errors
                if (preg_match("/ error /i", $line, $found)) {
                    if (preg_match("/stat\\(\\) error/i", $line)) {
                        $errors[] = _('The netflow information you are trying to access either has not been processed yet or does not exist. Please check your date filters.');
                        Av_exception::write_log(Av_exception::USER_ERROR, $line);
                    } else {
                        $errors[] = $line;
                # print results
                $line = preg_replace("/\\(\\s(\\d)/", "(\\1", $line);
                // Patch for ( 0.3)
                $line = preg_replace("/(\\d)\\s*([KMGT])/", "\\1\\2", $line);
                // Patch for 1.2 M(99.6)
                $line = preg_replace("/(\\d+)(TCP|UDP|ICMP|IGMP)\\s/", "\\1 \\2 ", $line);
                // Patch for 9.003TCP
                $start = $end = $proto = "";
                $ips = $ports = array();
                if (preg_match($regex, preg_replace('/\\s*/', ' ', $line), $found)) {
                    echo "<tr class='tr_flow_data'>\n";
                    foreach ($found as $ki => $field) {
                        if ($ki > 0) {
                            $wrap = $ki == 1 ? "nowrap" : "";
                            $field = Util::htmlentities(preg_replace("/(\\:\\d+)\\.0\$/", "\\1", $field));
                            if (preg_match("/(\\d+\\.\\d+\\.\\d+\\.\\d+)(.*)/", $field, $fnd)) {
                                # match ip (resolve and geolocalize)
                                $ip = $fnd[1];
                                $port = $fnd[2];
                                list($name, $ctx, $host_id) = GetDataFromSingleIp($ip, $hosts);
                                if ($name == "" && $sensors[$ip] != "") {
                                    $name = $sensors[$ip];
                                $output = Asset_host::get_extended_name($conn, $geoloc, $ip, $ctx, $host_id, '');
                                $homelan = $output['is_internal'] || $name != "" && $name != $ip;
                                $icon = $output['html_icon'];
                                # reputation info
                                if (!is_array($_SESSION["_repinfo_ips"][$ip])) {
                                    $_SESSION["_repinfo_ips"][$ip] = $rep->get_data_by_ip($ip);
                                $rep_icon = Reputation::getrepimg($_SESSION["_repinfo_ips"][$ip][0], $_SESSION["_repinfo_ips"][$ip][1], $_SESSION["_repinfo_ips"][$ip][2], $ip);
                                $rep_bgcolor = Reputation::getrepbgcolor($_SESSION["_repinfo_ips"][$ip][0]);
                                $style_aux = $homelan ? 'style="font-weight:bold"' : '';
                                $bold_aux1 = $homelan ? '<b>' : '';
                                $bold_aux2 = $homelan ? '<b>' : '';
                                $field = '<div id="' . $ip . ';' . Util::htmlentities($name) . ';' . $host_id . '" id2="' . $ip . ';' . $ip . '" ctx="' . $ctx . '" class="HostReportMenu">' . $icon . ' <a ' . $style_aux . ' href="javascript:;">' . Util::htmlentities($name) . '</a>' . $bold_aux1 . $port . $bold_aux2 . ' ' . $rep_icon . '</div>';
                                $wrap = "nowrap style='{$rep_bgcolor}'";
                                $ips[] = $ip;
                                if ($geotools) {
                                    if ($ki == 4) {
                                    } elseif ($ki == 5) {
                                $ports[] = str_replace(":", "", $port);
                            if (preg_match("/(\\d+-\\d+-\\d+ \\d+:\\d+:\\d+)(.*)/", $field, $fnd)) {
                                # match date
                                $start = $end = $fnd[1];
                                $time = strtotime($fnd[1]);
                                $field = Util::htmlentities(gmdate("Y-m-d H:i:s", $time + 3600 * $tz) . "." . $fnd[2]);
                            if (preg_match("/(TCP|UDP|ICMP|RAW)/", $field, $fnd)) {
                                # match date
                                $proto = strtolower($fnd[1]);
                            print "<td {$wrap}>{$field}</td>";
                    // solera deepsee integration
                    if ($solera) {
                        echo "<td><a href=\"javascript:;\" onclick=\"solera_deepsee('" . Util::htmlentities($start) . "','" . Util::htmlentities($end) . "','" . Util::htmlentities($ips[0]) . "','" . Util::htmlentities($ports[0]) . "','" . Util::htmlentities($ips[1]) . "','" . Util::htmlentities($ports[1]) . "','" . Util::htmlentities($proto) . "')\"><img src='/ossim/pixmaps/solera.png' border='0' align='absmiddle'></a></td>";
                    echo "</tr>\n";
            echo "</table>";
            if ($geotools) {
                foreach ($geoips as $type => $list) {
                    $ipsfile = fopen("/var/tmp/flowips_" . Session::get_session_user() . ".{$type}", "w");
                    foreach ($list as $ip => $val) {
                        fputs($ipsfile, "{$ip}\n");
            #Summary: total flows: 20, total bytes: 7701, total packets: 133, avg bps: 60, avg pps: 0, avg bpp: 57
            #Time window: 2009-12-10 08:21:30 - 2009-12-10 08:38:26
            #Total flows processed: 21, Records skipped: 0, Bytes read: 1128
            #Sys: 0.000s flows/second: 0.0        Wall: 0.000s flows/second: 152173.9
            if (count($status) > 0) {
                echo "<table class='transparent' style='margin-bottom:5px;width:100%'>";
                foreach ($status as $key => $line) {
                    $line = preg_replace("/(Wall)\\:/", "<span class='th_summary'>\\1</span>", $line);
                    $line = preg_replace("/\\,\\s+(.*?)\\:/", " <span class='th_summary'>\\1</span>", $line);
                    echo "<tr>\n                                    <td class='nobborder' style='padding: 4px;'>\n                                        <span class='th_summary'>{$key}</span>\n                                        {$line}\n                                    </td>\n                                  </tr>";
                echo "</table>";
            # stat() error '/home/dk/nfsen/profiles-data/live/device2/2009/12/10/nfcapd.200912100920': File not found!
            if (count($errors) > 0) {
                foreach ($errors as $line) {
                    echo "<div class='details_error'>" . _("ERROR FOUND: ") . "{$line}</div>";
        #print "</pre>\n";
    print "</div>\n";
Exemplo n.º 3
 function baseExecute($sql, $start_row = 0, $num_rows = -1, $die_on_error = true, $params = array())
     if (preg_match("/\\s+(WHERE|AND)\\s+1\\s*=\\s*1\\s*\$/i", $sql)) {
         $sql = preg_replace("/(WHERE|AND)\\s+1\\s*=\\s*1\\s*\$/i", "", $sql);
     global $debug_mode, $sql_trace_mode;
     /* ** Begin DB specific SQL fix-up ** */
     if ($this->DB_type == "mssql") {
         $sql = preg_replace("/''/i", "NULL", $sql);
     $this->lastSQL = $sql;
     $limit_str = "";
     $cache_secs = preg_match("/FOUND_ROWS/i", $sql) ? -1 : $this->DB_memcache;
     //file_put_contents("/tmp/fr", "$cache_secs-$sql\n", FILE_APPEND);
     /* Check whether need to add a LIMIT / TOP / ROWNUM clause */
     if ($num_rows == -1) {
         // If we have $params we must force not-cache
         if ($this->DB_memcache > 0 && count($params) == 0) {
             $rs = new baseRS($this->DB->CacheExecute($cache_secs, $sql), $this->DB_type);
         } else {
             $rs = new baseRS($this->DB->Execute($sql, $params), $this->DB_type);
     } else {
         if ($this->DB_type == "mysql" || $this->DB_type == "mysqli" || $this->DB_type == "mysqlt" || $this->DB_type == "maxsql") {
             //echo "Objeto DB:".var_dump($this->DB)."<br>";
             //echo "<br>EJECUTANDO($cache_secs): ".$sql . " LIMIT " . $start_row . ", " . $num_rows." en ".$this->DB_type."<br>";
             if ($this->DB_memcache > 0) {
                 $tmprow = $this->DB->CacheExecute($cache_secs, $sql . " LIMIT " . $start_row . ", " . $num_rows);
             } else {
                 $tmprow = $this->DB->Execute($sql . " LIMIT " . $start_row . ", " . $num_rows);
             $rs = new baseRS($tmprow, $this->DB_type);
             $limit_str = " LIMIT " . $start_row . ", " . $num_rows;
             //echo "<br>ROW:";
             //echo "<br>ERROR MSG: " . $this->baseErrorMessage(). "<br>";
         } else {
             if ($this->DB_type == "oci8") {
                 $rs = new baseRS($this->DB->Execute($sql), $this->DB_type);
                 $limit_str = " LIMIT " . $start_row . ", " . $num_rows;
             } else {
                 if ($this->DB_type == "postgres") {
                     $rs = new baseRS($this->DB->Execute($sql . " LIMIT " . $num_rows . " OFFSET " . $start_row), $this->DB_type);
                     $limit_str = " LIMIT " . $num_rows . " OFFSET " . $start_row;
                 } else {
                     if ($this->DB_memcache > 0) {
                         $rs = new baseRS($this->DB->CacheExecute($cache_secs, $sql), $this->DB_type);
                     } else {
                         $rs = new baseRS($this->DB->Execute($sql), $this->DB_type);
                     $i = 0;
                     while ($i < $start_row && $rs) {
                         if (!$rs->row->EOF) {
     if ($sql_trace_mode > 0) {
         fputs($this->sql_trace, $sql . "{$limit_str}\n");
     if ((!$rs || $this->baseErrorMessage() != "") && $die_on_error) {
         Av_exception::write_log(Av_exception::DB_ERROR, $this->DB->ErrorMsg());
         echo '</TABLE></TABLE></TABLE><CENTER><span style="font-size:11px;color:#555555"><B><br>' . gettext("Unable to query the database to retrieve some table information. Try fewer conditions.") . '</B></span></CENTER><script>$("#actions_link").prop("disabled",true);</script>';
     } else {
         return $rs;
Exemplo n.º 4
function check_deploy_status($conn, $wizard)
    $data = array();
    $os = $wizard->get_step_data('deploy_os');
    //Linux Deployment Status --> Apply Configuration
    if ($os == 'linux') {
        $sensor_id = get_sensor_id();
        $error_apply = FALSE;
        try {
            list($agentless_list, $al_total) = Ossec_agentless::get_list($conn, $sensor_id, ' AND status = 1');
            if ($al_total > 0) {
                Ossec_agentless::save_in_config($conn, $sensor_id, $agentless_list);
            //Enabling agentless
            Ossec_control::execute_action($sensor_id, 'enable_al');
            //Restarting ossec
            Ossec_control::execute_action($sensor_id, 'restart');
            // Delete "/var/tmp/.reload_<sensor_id>" file in order to hide the "Apply Changes" button
            @unlink('/var/tmp/.reload_' . $sensor_id);
        } catch (Exception $e) {
            $error_apply = $e->getMessage();
        //If there was an error applying the configuration we show the error
        if ($error_apply !== FALSE) {
            $error_apply_msg = _('Error Applying Agentless Configuration');
            set_scan_error_message($wizard, $error_apply_msg);
            Av_exception::write_log(Av_exception::USER_ERROR, $error_apply);
            $response['error'] = TRUE;
            return $response;
        //If everything was right, the percent is 100% and the remaining is 0
        $data['finish'] = TRUE;
        $data['percent'] = 100;
        $data['remaining'] = 0;
        //Setting the deployment status to 3 --> Finished
        $wizard->set_step_data('deploy_step', 3);
    } elseif ($os == 'windows') {
        $jobs = $wizard->get_step_data('deploy_jobs');
        //If the array of jobs IDs is empty, we are finished
        if (!is_array($jobs) || count($jobs) == 0) {
            $data['finish'] = TRUE;
            $data['percent'] = 100;
            $data['remaining'] = 0;
            //Setting the deployment status to 3 --> Finished
            $wizard->set_step_data('deploy_step', 3);
        } else {
            $succes = 0;
            //Going through the jobs
            foreach ($jobs as $id => $job) {
                try {
                    //Getting the status of the job
                    $state = Welcome_wizard::current_jobs($job['job_id']);
                    if ($state['job_status'] == 'task-succeeded') {
                        //If it is success, we count it and we delete it from the jobs array
                        if ($state['job_result'][0] === TRUE) {
                        } elseif ($state['job_result'][0] === FALSE) {
                            Av_exception::write_log(Av_exception::USER_ERROR, $job['agent'] . ': ' . $state['job_result'][1]);
                    } elseif ($state['job_status'] == 'task-failed' || $state['job_status'] == 'task-revoked') {
                        $_msg = $job['agent'] . ': ' . _("Couldn't complete windows OSSEC agent deploy: ") . $state['job_status'];
                        Av_exception::write_log(Av_exception::USER_ERROR, $_msg);
                } catch (Exception $e) {
                    //In case of critical error we delete from the array to avoid loops
                    Av_exception::write_log(Av_exception::USER_ERROR, $job['agent'] . ': ' . $e->getMessage());
            //IF after checking the status, the array is empty, we are finished
            if (!is_array($jobs) || count($jobs) == 0) {
                $data['finish'] = TRUE;
                $data['percent'] = 100;
                $data['remaining'] = 0;
                //Setting the deployment status to 3 --> Finished
                $wizard->set_step_data('deploy_step', 3);
            } else {
                //Total number of host that were selected to be deployed
                $total = $wizard->get_step_data('deploy_total_ips');
                $total = $total < 1 ? 1 : $total;
                //Number of host left to be deployed --> Pending jobs
                $current = count($jobs);
                //Percentage of the remaining hosts
                $pending = $total - $current;
                $percent = round(100 * ($pending / $total));
                $data['finish'] = FALSE;
                $data['percent'] = $percent;
                $data['remaining'] = $current;
            //Updating the number of host successfully deployed
            $deployed = $wizard->get_step_data('deploy_success');
            $deployed += $succes;
            $wizard->set_step_data('deploy_success', $deployed);
            //Updating the array of jobs left
            $wizard->set_step_data('deploy_jobs', $jobs);
    //Saving wizard status
    $response['error'] = FALSE;
    $response['data'] = $data;
    return $response;
Exemplo n.º 5
function import_assets_from_csv($filename, $iic, $ctx, $import_type)
    //Process status
    $summary = array('general' => array('status' => '', 'data' => '', 'statistics' => array('total' => 0, 'warnings' => 0, 'errors' => 0, 'saved' => 0)), 'by_hosts' => array());
    $db = new ossim_db();
    $conn = $db->connect();
    $str_data = file_get_contents($filename);
    if ($str_data === FALSE) {
        $summary['general']['status'] = 'error';
        $summary['general']['data']['errors'] = _('Failed to read data from CSV file');
        $summary['general']['statistics']['errors'] = 1;
        return $summary;
    $array_data = preg_split('/\\n|\\r/', $str_data);
    foreach ($array_data as $k => $v) {
        if (trim($v) != '') {
            $data[] = explode('";"', trim($v));
     * From asset section:
     *  - Version 4.x.x or higher: "IP (IP1,IP2,...)";"Hostname";"FQDNs(FQDN1,FQDN2,...)";"Description";"Asset value";"Operating System";
     *                   "Latitude";"Longitude";"Host ID";"External Asset";"Device Types(Type1,Type2,...)"
     *  - Version 3.x.x: "IP"*;"Hostname";"FQDNs(FQDN1,FQDN2,...)";"Description";"Asset value";"Sensors(Sensor1,Sensor2,...)";
     *                   "Operating System";"Latitude";"Longitude"
     * From welcome wizard:
     *  - Version 4.x.x or higher: "IP (IP1,IP2,...)";"Hostname";"Description";"Operating System";"Device Type(Type1,Type2,...)"
    //Check file size
    if (count($data) <= 0 || count($data) == 1 && preg_match('/IP/', $data[0][0])) {
        $summary['general']['status'] = 'error';
        $summary['general']['data'] = _('CSV file is empty');
        $summary['general']['statistics']['errors'] = 1;
        return $summary;
    //Check importation type and headers
    $csv_headers = array();
    if ($import_type == 'hosts') {
        if (preg_match('/Operating System/', $data[0][5]) || preg_match('/Sensors/', $data[0][5])) {
            $csv_headers = array_shift($data);
        } else {
            $summary['general']['status'] = 'error';
            $summary['general']['data'] = _('Headers not found');
            $summary['general']['statistics']['errors'] = 1;
            return $summary;
    //Setting total hosts to import
    $summary['general']['statistics']['total'] = count($data);
    //Getting all Operating System
    $all_os = Properties::get_all_os();
    //Getting devices types
    $all_devices = array();
    $aux_all_devices = Devices::get_all_for_filter($conn);
    $_all_devices = $aux_all_devices[0];
    foreach ($_all_devices as $d_data) {
        $d_key = $d_data['type_name'];
        $d_key .= $d_data['subtype_id'] != 0 ? ':' . $d_data['subtype_name'] : '';
        $all_devices[$d_key] = $d_data['type_id'] . ':' . $d_data['subtype_id'];
    //Allowed sensors
    $filters = array('where' => "acl_sensors.entity_id = UNHEX('{$ctx}')");
    $a_sensors = Av_sensor::get_basic_list($conn, $filters);
    $sensor_ids = array_keys($a_sensors);
    if (count($sensor_ids) == 0) {
        $summary['general']['status'] = 'error';
        $s_error_msg = Session::is_pro() ? _('There is no sensors for this context') : _('There is no sensors for this IP address');
        $summary['general']['data'] = $s_error_msg;
        $summary['general']['statistics']['errors'] = 1;
        return $summary;
    Util::disable_perm_triggers($conn, TRUE);
    foreach ($data as $k => $v) {
        //Clean previous errors
        $num_line = $k + 1;
        //Set default status
        $summary['by_hosts'][$num_line]['status'] = 'error';
        //Check file format
        $cnd_1 = $import_type == 'hosts' && count($v) < 9;
        $cnd_2 = $import_type == 'welcome_wizard_hosts' && count($v) < 5;
        if ($cnd_1 || $cnd_2) {
            $summary['by_hosts'][$num_line]['errors']['Format'] = _('Number of fields is incorrect');
        //Clean values
        $param = array();
        $index = 0;
        $max_index = count($v) - 1;
        foreach ($v as $field) {
            $parameter = trim($field);
            if ($index == 0) {
                $pattern = '/^\\"|^\'/';
                $param[] = preg_replace($pattern, '', $parameter);
            } else {
                if ($index == $max_index) {
                    $pattern = '/\\"$|\'$/';
                    $param[] = preg_replace($pattern, '', $parameter);
                } else {
                    $param[] = $parameter;
        $is_in_db = FALSE;
        $host_id = '';
        $sensors = $sensor_ids;
        $csv_ips = preg_replace("/\\s+/", '', $param[0]);
        if (!empty($param[1])) {
            $name = $param[1];
        } else {
            $aux_name = str_replace(' ', '', $csv_ips);
            $aux_name = str_replace(',', '-', $aux_name);
            $name = Asset_host::get_autodetected_name($aux_name);
        if ($import_type == 'hosts') {
            $fqdns = $param[2];
            $descr = $param[3];
            $asset_value = !empty($param[4]) ? $param[4] : 2;
            if (preg_match('/Host ID/', $csv_headers[8])) {
                $os = $param[5];
                $latitude = floatval($param[6]);
                $longitude = floatval($param[7]);
                $external = empty($param[9]) ? 0 : intval($param[9]);
                $csv_devices = $param[10];
            } else {
                $os = $param[6];
                $latitude = floatval($param[7]);
                $longitude = floatval($param[8]);
                $external = 0;
                $csv_devices = '';
        } else {
            $descr = $param[2];
            $os = $param[3];
            $latitude = 0;
            $longitude = 0;
            $asset_value = 2;
            $external = 0;
            $csv_devices = $param[4];
        $can_i_create_assets = Session::can_i_create_assets();
        $can_i_modify_ips = TRUE;
        if (!ossim_valid($csv_ips, OSS_IP_ADDR, 'illegal:' . _('IP'))) {
            $summary['by_hosts'][$num_line]['errors']['IP'] = ossim_get_error_clean();
        //Check Host ID: Is there a host registered in the System?
        $host_ids = Asset_host::get_id_by_ips($conn, $csv_ips, $ctx);
        $host_id = key($host_ids);
        if (!empty($host_id)) {
            $is_in_db = TRUE;
        } else {
            $host_id = Util::uuid();
        // Special case: Forced Host ID [Version 4.x.x or higher]
        if ($import_type == 'hosts' && preg_match('/Host ID/', $csv_headers[8]) && valid_hex32($param[8])) {
            $csv_hosts_id = strtoupper($param[8]);
            if ($is_in_db == TRUE && $csv_hosts_id != $host_id) {
                $id_error_msg = _('Host is already registered in the System with another Host ID');
                $summary['by_hosts'][$num_line]['errors']['Host'] = $id_error_msg;
            } else {
                if ($is_in_db == FALSE) {
                    $host_id = $csv_hosts_id;
                    // Save host ID to insert it
        if (!empty($iic)) {
            $name = clean_iic($name);
        if (!ossim_valid($name, OSS_HOST_NAME, 'illegal:' . _('Hostname'))) {
            $name = Asset_host::create_valid_name($name);
            $warning_msg = _('Hostname does not match with RFC 1123 specifications') . '<br/>' . _('Hostname will be replaced by') . ": <strong>{$name}</strong>";
            $summary['by_hosts'][$num_line]['warnings']['Hostname'] = $warning_msg;
            $summary['by_hosts'][$num_line]['status'] = 'warning';
            if (!ossim_valid($name, OSS_HOST_NAME, 'illegal:' . _('Hostname'))) {
                $summary['by_hosts'][$num_line]['status'] = 'error';
                $summary['by_hosts'][$num_line]['errors']['Hostname'] = ossim_get_error_clean();
        if (!ossim_valid($descr, OSS_NULLABLE, OSS_ALL, 'illegal:' . _('Description'))) {
            $summary['by_hosts'][$num_line]['errors']['Description'] = ossim_get_error_clean();
        } else {
            if (mb_detect_encoding($descr . ' ', 'UTF-8,ISO-8859-1') == 'UTF-8') {
                $descr = mb_convert_encoding($descr, 'HTML-ENTITIES', 'UTF-8');
        //Operating System
        $os_pattern = '/' . preg_quote(implode('|', $all_os), '/') . '/';
        $os_pattern = str_replace('\\|', '|', $os_pattern);
        if (!empty($os) && !preg_match($os_pattern, $os)) {
            $warning_msg = _('Operating System unknown');
            $summary['by_hosts'][$num_line]['warnings']['Operating System'] = $warning_msg;
            $summary['by_hosts'][$num_line]['status'] = 'warning';
            $os = 'Unknown';
        //Devices Types
        $devices = array();
        $unallowed_devices = array();
        if (!empty($csv_devices)) {
            $aux_devices = explode(',', $csv_devices);
            if (is_array($aux_devices) && !empty($aux_devices)) {
                foreach ($aux_devices as $d_name) {
                    $d_name = trim($d_name);
                    if (array_key_exists($d_name, $all_devices)) {
                        $devices[] = $all_devices[$d_name];
                    } else {
                        $unallowed_devices[] = $d_name;
                if (!empty($unallowed_devices)) {
                    $warning_msg = _('Some devices could not be added (Type and/or subtype unknown)') . ': ' . implode(',', $unallowed_devices);
                    $summary['by_hosts'][$num_line]['warnings']['Devices'] = $warning_msg;
                    $summary['by_hosts'][$num_line]['status'] = 'warning';
        if ($is_in_db == FALSE) {
            //Only update host sensors with unregistered hosts
            if ($import_type == 'hosts' && preg_match('/Sensors/', $csv_headers[5])) {
                //Special case: Sensors in CSV file //[Version 3.x.x]
                $sensors = array();
                $_sensors = explode(',', $param[4]);
                if (is_array($_sensors) && !empty($_sensors)) {
                    $_sensors = array_flip($_sensors);
                    if (is_array($a_sensors) && !empty($a_sensors)) {
                        foreach ($a_sensors as $s_id => $s_data) {
                            if (array_key_exists($s_data['ip'], $_sensors)) {
                                $sensors[] = $s_id;
                if (!is_array($sensors) || empty($sensors)) {
                    $s_error_msg = Session::is_pro() ? _('There is no sensors for this context') : _('There is no sensors for this IP address');
                    $summary['by_hosts'][$num_line]['errors']['Sensors'] = $s_error_msg;
         ********** Only for importation from host section **********
        if ($import_type == 'hosts') {
            if (!ossim_valid($fqdns, OSS_FQDNS, OSS_NULLABLE, 'illegal:' . _('FQDN/Aliases'))) {
                $summary['by_hosts'][$num_line]['errors']['FQDN/Aliases'] = ossim_get_error_clean();
            if (!ossim_valid($asset_value, OSS_DIGIT, 'illegal:' . _('Asset value'))) {
                $summary['by_hosts'][$num_line]['errors']['Asset value'] = ossim_get_error_clean();
            if (!empty($latitude)) {
                if (!ossim_valid(trim($latitude), OSS_NULLABLE, OSS_DIGIT, OSS_DOT, '\\-', 'illegal:' . _('Latitude'))) {
                    $summary['by_hosts'][$num_line]['errors']['Latitude'] = ossim_get_error_clean();
            if (!empty($longitude)) {
                if (!ossim_valid(trim($longitude), OSS_NULLABLE, OSS_DIGIT, OSS_DOT, '\\-', 'illegal:' . _('Longitude'))) {
                    $summary['by_hosts'][$num_line]['errors']['Longitude'] = ossim_get_error_clean();
        //Insert/Update host in database
        if (count($summary['by_hosts'][$num_line]['errors']) == 0) {
            try {
                $host = new Asset_host($conn, $host_id);
                if ($is_in_db == TRUE) {
                    $host->load_from_db($conn, $host_id);
                    $can_i_modify_ips = Asset_host::can_i_modify_ips($conn, $host_id);
                } else {
                    if ($can_i_create_assets == FALSE) {
                        $n_error_msg = _('Host') . ' ' . $name . ' ' . _("not allowed. You don't have permissions to import this host");
                        $summary['by_hosts'][$num_line]['errors']['Net'] = $n_error_msg;
                //Check IPs
                if ($can_i_modify_ips == TRUE) {
                    $aux_ips = explode(',', $csv_ips);
                    foreach ($aux_ips as $ip) {
                        $host_ids = Asset_host::get_id_by_ips($conn, $ip, $ctx);
                        if (!empty($host_ids)) {
                            $c_error_msg = _('IP') . ' ' . $csv_ips . ' ' . _("not allowed. IP {$ip} already exists for this entity");
                            $summary['by_hosts'][$num_line]['errors']['IP'] = $c_error_msg;
                        } else {
                            $cnd_1 = Session::get_net_where() != '' && !Session::only_ff_net();
                            $cnd_2 = Asset_host::is_ip_in_cache_cidr($conn, $ip, $ctx, TRUE);
                            if ($cnd_1 && !$cnd_2) {
                                $c_error_msg = sprintf(_("Error! The IP %s is not allowed. Please check with your account admin for more information"), $csv_ips);
                                $summary['by_hosts'][$num_line]['errors']['IP'] = $c_error_msg;
                } else {
                    $c_error_msg = _('Host') . ' ' . $name . ': ' . _("IP address not allowed. IP address cannot be modified");
                    $summary['by_hosts'][$num_line]['status'] = 'warning';
                    $summary['by_hosts'][$num_line]['warnings']['IP'] = $c_error_msg;
                //Setting new values
                if (count($summary['by_hosts'][$num_line]['errors']) == 0) {
                    if ($is_in_db == FALSE) {
                        if ($can_i_modify_ips == TRUE) {
                            if (is_array($aux_ips) && !empty($aux_ips)) {
                                $ips = array();
                                foreach ($aux_ips as $ip) {
                                    $ips[$ip] = array('ip' => $ip, 'mac' => NULL);
                    if (!empty($fqdns)) {
                    $host->set_location($latitude, $longitude);
                    $host->save_in_db($conn, FALSE);
                    //Save Operating System
                    if (!empty($os)) {
                        Asset_host_properties::save_property_in_db($conn, $host_id, 3, $os, 2);
                    $summary['by_hosts'][$num_line]['data'] = $is_in_db == TRUE ? _('Asset updated') : _('New asset inserted');
                    //Keep warnings
                    if ($summary['by_hosts'][$num_line]['status'] != 'warning') {
                        $summary['by_hosts'][$num_line]['status'] = 'success';
            } catch (Exception $e) {
                $summary['by_hosts'][$num_line]['errors']['Database error'] = $e->getMessage();
    if ($summary['general']['statistics']['saved'] > 0) {
        if ($summary['general']['statistics']['errors'] == 0) {
            $summary['general']['status'] = 'success';
            $summary['general']['data'] = _('All assets have been successfully imported ');
        } else {
            $summary['general']['status'] = 'warning';
            $summary['general']['data'] = _('Some assets cannot be imported');
        Util::disable_perm_triggers($conn, FALSE);
        try {
            Asset_host::report_changes($conn, 'hosts');
        } catch (Exception $e) {
            Av_exception::write_log(Av_exception::USER_ERROR, $e->getMessage());
    } else {
        $summary['general']['statistics']['errors'] = count($data);
        //CSV file is not empty, but all lines are wrong
        if (empty($summary['general']['status'])) {
            $summary['general']['status'] = 'error';
            $summary['general']['data'] = _('Assets cannot be imported');
    @$conn->Execute("REPLACE INTO alienvault.host_net_reference SELECT host.id,net_id FROM alienvault.host, alienvault.host_ip, alienvault.net_cidrs WHERE host.id = host_ip.host_id AND host_ip.ip >= net_cidrs.begin AND host_ip.ip <= net_cidrs.end");
    return $summary;
Exemplo n.º 6
function get_map_objects($conn, $map, $map_array = array(), $obj_array = array())
    $query = "select * from risk_indicators where name <> 'rect' AND map = UNHEX(?)";
    $rs4 = $conn->Execute($query, array($map));
    if (!$rs4) {
        Av_exception::write_log(Av_exception::DB_ERROR, $conn->ErrorMsg());
    } else {
        while (!$rs4->EOF) {
            //It's a map
            if (preg_match("/view\\.php\\?map\\=([a-fA-F0-9]*)/", $rs4->fields['url'], $found)) {
                if (!$map_array[$found[1]]) {
                    list($map_array, $obj_array) = get_map_objects($conn, $found[1], $map_array, $obj_array);
            } else {
                if (!$obj_array[$rs4->fields['id']]) {
                    $obj_array[$rs4->fields['id']] = $rs4->fields;
    return array($map_array, $obj_array);
Exemplo n.º 7
        } else {
            foreach ($active_plugins[$asset_id_canonical] as $pdata) {
                $models = array();
                $versions = array();
                if ($pdata['vendor'] != '') {
                    try {
                        $models = Software::get_models_by_vendor($pdata['vendor']);
                    } catch (Exception $e) {
                        Av_exception::write_log(Av_exception::USER_ERROR, $e->getMessage());
                if ($pdata['model'] != '') {
                    try {
                        $versions = Software::get_versions_by_model($pdata['vendor'] . ':' . $pdata['model']);
                    } catch (Exception $e) {
                        Av_exception::write_log(Av_exception::USER_ERROR, $e->getMessage());
                $plugin_list[$asset_id][] = array('vendor' => $pdata['vendor'], 'model' => $pdata['vendor'] . ':' . $pdata['model'], 'version' => $pdata['vendor'] . ':' . $pdata['model'] . ':' . $pdata['version'], 'model_list' => $models, 'version_list' => $versions);
        $device_list[$asset_id] = array("name" => $host['name'], "ips" => Asset::format_to_print($host['ips']), "plugins" => $plugin_list[$asset_id]);
} else {
    $empty_msg = _('There are no network devices found. Return to the asset discovery step by clicking back to either discover or add network devices.');
/*  Subtitle Texts */
$subtitle_1 = '';
$subtitle_2 = '';
if ($total == 1) {
    $subtitle_1 = _('During the asset discovery scan we found 1 network device on your network');
Exemplo n.º 8
function import_assets_from_csv($filename, $iic, $ctx, $import_type)
    //Process status
    $summary = array('general' => array('status' => '', 'data' => '', 'statistics' => array('total' => 0, 'warnings' => 0, 'errors' => 0, 'saved' => 0)), 'by_nets' => array());
    $db = new ossim_db();
    $conn = $db->connect();
    $str_data = file_get_contents($filename);
    if ($str_data === FALSE) {
        $summary['general']['status'] = 'error';
        $summary['general']['data']['errors'] = _('Failed to read data from CSV file');
        $summary['general']['statistics']['errors'] = 1;
        return $summary;
    $array_data = preg_split('/\\n|\\r/', $str_data);
    foreach ($array_data as $k => $v) {
        if (trim($v) != '') {
            $data[] = explode('";"', trim($v));
     * From net section:
     *  - Version 4.x.x or higher: "Netname";"CIDRs(CIDR1,CIDR2,...)";"Description";"Asset value";"Net ID"
     *  - Version 3.x.x: "Netname";"CIDRs(CIDR1,CIDR2,...)";"Description";"Asset value";"Sensors(Sensor1,Sensor2,...)"
     * From welcome wizard:
     *  - Version 4.x.x or higher: "Netname";"CIDRs(CIDR1,CIDR2,...)";"Description"
    //Check file size
    if (count($data) <= 0 || count($data) == 1 && preg_match('/Netname/', $data[0][0])) {
        $summary['general']['status'] = 'error';
        $summary['general']['data'] = _('CSV file is empty');
        $summary['general']['statistics']['errors'] = 1;
        return $summary;
    //Check importation type and headers
    $csv_headers = array();
    if ($import_type == 'networks') {
        if (preg_match('/Net ID/', $data[0][4]) || preg_match('/Sensors/', $data[0][4])) {
            $csv_headers = array_shift($data);
        } else {
            $summary['general']['status'] = 'error';
            $summary['general']['data'] = _('Headers not found');
            $summary['general']['statistics']['errors'] = 1;
            return $summary;
    //Setting total nets to import
    $summary['general']['statistics']['total'] = count($data);
    //Allowed sensors
    $filters = array('where' => "acl_sensors.entity_id = UNHEX('{$ctx}')");
    $a_sensors = Av_sensor::get_basic_list($conn, $filters);
    $sensor_ids = array_keys($a_sensors);
    if (count($sensor_ids) == 0) {
        $summary['general']['status'] = 'error';
        $s_error_msg = Session::is_pro() ? _('There is no sensor for this context') : _('There is no sensor for this net');
        $summary['general']['data'] = $s_error_msg;
        $summary['general']['statistics']['errors'] = 1;
        return $summary;
    Util::disable_perm_triggers($conn, TRUE);
    foreach ($data as $k => $v) {
        //Clean previous errors
        $num_line = $k + 1;
        //Set default status
        $summary['by_nets'][$num_line]['status'] = 'error';
        //Check file format
        $cnd_1 = $import_type == 'networks' && count($v) < 5;
        $cnd_2 = $import_type == 'welcome_wizard_nets' && count($v) < 3;
        if ($cnd_1 || $cnd_2) {
            $summary['by_nets'][$num_line]['errors']['Format'] = _('Number of fields is incorrect');
        //Clean values
        $param = array();
        $index = 0;
        $max_index = count($v) - 1;
        foreach ($v as $field) {
            $parameter = trim($field);
            if ($index == 0) {
                $pattern = '/^\\"|^\'/';
                $param[] = preg_replace($pattern, '', $parameter);
            } else {
                if ($index == $max_index) {
                    $pattern = '/\\"$|\'$/';
                    $param[] = preg_replace($pattern, '', $parameter);
                } else {
                    $param[] = $parameter;
        $is_in_db = FALSE;
        $net_id = '';
        $name = $param[0];
        $cidrs = preg_replace("/[\n\r\t]+/", '', $param[1]);
        $descr = $param[2];
        $asset_value = $param[3] == '' ? 2 : intval($param[3]);
        $sensors = $sensor_ids;
        $can_i_create_assets = Session::can_i_create_assets();
        $can_i_modify_ips = TRUE;
        if (!ossim_valid($cidrs, OSS_IP_CIDR, 'illegal:' . _('CIDR'))) {
            $summary['by_nets'][$num_line]['errors']['CIDRs'] = ossim_get_error_clean();
        //Check Net ID: Is there a net registered in the System?
        $net_ids = Asset_net::get_id_by_ips($conn, $cidrs, $ctx);
        $net_id = key($net_ids);
        if (!empty($net_id)) {
            $is_in_db = TRUE;
        } else {
            $net_id = Util::uuid();
        // Special case: Forced Net ID [Version 4.x.x or higher]
        if ($import_type == 'networks' && preg_match('/Net ID/', $csv_headers[4])) {
            $csv_net_id = strtoupper($param[4]);
            if ($is_in_db == TRUE && $csv_net_id != $net_id) {
                $id_error_msg = _('Net is already registered in the System with another Net ID');
                $summary['by_nets'][$num_line]['errors']['Net'] = $id_error_msg;
        if (!empty($iic)) {
            $name = clean_iic($name);
        if (!ossim_valid($name, OSS_NOECHARS, OSS_NET_NAME, 'illegal:' . _('Netname'))) {
            $name = clean_iic($name);
            $name = clean_echars($name);
            $warning_msg = _('Netname has invalid characters') . '<br/>' . _('Netname will be replaced by') . ": <strong>{$name}</strong>";
            $summary['by_nets'][$num_line]['warnings']['Netname'] = $warning_msg;
            $summary['by_nets'][$num_line]['status'] = 'warning';
            if (!ossim_valid($name, OSS_NOECHARS, OSS_NET_NAME, 'illegal:' . _('Netname'))) {
                $summary['by_nets'][$num_line]['status'] = 'error';
                $summary['by_nets'][$num_line]['errors']['Netname'] = ossim_get_error_clean();
        if (!ossim_valid($descr, OSS_NULLABLE, OSS_ALL, 'illegal:' . _('Description'))) {
            $summary['by_nets'][$num_line]['errors']['Description'] = ossim_get_error_clean();
        } else {
            if (mb_detect_encoding($descr . ' ', 'UTF-8,ISO-8859-1') == 'UTF-8') {
                $descr = mb_convert_encoding($descr, 'HTML-ENTITIES', 'UTF-8');
        if ($is_in_db == FALSE) {
            //Only update net sensors with unregistered nets
            if ($import_type == 'networks' && preg_match('/Sensors/', $csv_headers[4])) {
                //Special case: Sensors in CSV file //[Version 3.x.x]
                $sensors = array();
                $_sensors = explode(',', $param[4]);
                if (is_array($_sensors) && !empty($_sensors)) {
                    $_sensors = array_flip($_sensors);
                    if (is_array($a_sensors) && !empty($a_sensors)) {
                        foreach ($a_sensors as $s_id => $s_data) {
                            if (array_key_exists($s_data['ip'], $_sensors)) {
                                $sensors[] = $s_id;
                if (!is_array($sensors) || empty($sensors)) {
                    $s_error_msg = Session::is_pro() ? _('There is no sensors for this context') : _('There is no sensors for this IP');
                    $summary['by_nets'][$num_line]['errors']['Sensors'] = $s_error_msg;
         ********** Only for importation from net section **********
        if ($import_type == 'networks') {
            if (!ossim_valid($asset_value, OSS_DIGIT, 'illegal:' . _('Asset value'))) {
                $summary['by_nets'][$num_line]['errors']['Asset value'] = ossim_get_error_clean();
        //Insert/Update net in database
        if (count($summary['by_nets'][$num_line]['errors']) == 0) {
            try {
                $net = new Asset_net($net_id);
                if ($is_in_db == TRUE) {
                    $net->load_from_db($conn, $net_id);
                    $can_i_modify_ips = Asset_net::can_i_modify_ips($conn, $net_id);
                } else {
                    if ($can_i_create_assets == FALSE) {
                        $n_error_msg = _('Net') . ' ' . $name . ' ' . _("not allowed. You don't have permissions to import this net");
                        $summary['by_nets'][$num_line]['errors']['Net'] = $n_error_msg;
                //Check CIDRs
                if ($can_i_modify_ips == TRUE) {
                    $aux_cidr = explode(',', $cidrs);
                    foreach ($aux_cidr as $cidr) {
                        $net_ids = Asset_net::get_id_by_ips($conn, $cidr, $ctx);
                        if (!empty($net_ids)) {
                            $c_error_msg = _('CIDR') . ' ' . $cidrs . ' ' . _("not allowed. CIDR {$cidr} already exists for this entity");
                            $summary['by_nets'][$num_line]['errors']['CIDRs'] = $c_error_msg;
                        } else {
                            if (Session::get_net_where() != '') {
                                if (!Asset_net::is_cidr_in_my_nets($conn, $cidr, $ctx)) {
                                    $c_error_msg = sprintf(_("Error! The CIDR %s is not allowed. Please check with your account admin for more information"), $cidrs);
                                    $summary['by_nets'][$num_line]['errors']['CIDRs'] = $c_error_msg;
                } else {
                    $c_error_msg = _('Net') . ' ' . $name . ': ' . _("CIDRs not allowed. CIDRs cannot be modified");
                    $summary['by_nets'][$num_line]['status'] = 'warning';
                    $summary['by_nets'][$num_line]['warnings']['CIDRs'] = $c_error_msg;
                //Setting new values
                if (count($summary['by_nets'][$num_line]['errors']) == 0) {
                    if ($is_in_db == FALSE) {
                        if ($can_i_modify_ips == TRUE) {
                    $net->save_in_db($conn, FALSE);
                    $summary['by_nets'][$num_line]['data'] = $is_in_db == TRUE ? _('Net updated') : _('New new inserted');
                    //Keep warnings
                    if ($summary['by_nets'][$num_line]['status'] != 'warning') {
                        $summary['by_nets'][$num_line]['status'] = 'success';
            } catch (Exception $e) {
                $summary['by_nets'][$num_line]['errors']['Database error'] = $e->getMessage();
    if ($summary['general']['statistics']['saved'] > 0) {
        if ($summary['general']['statistics']['errors'] == 0) {
            $summary['general']['status'] = 'success';
            $summary['general']['data'] = _('All nets have been successfully imported');
        } else {
            $summary['general']['status'] = 'warning';
            $summary['general']['data'] = _('Some nets cannot be imported');
        Util::disable_perm_triggers($conn, FALSE);
        try {
            Asset_net::report_changes($conn, 'nets');
        } catch (Exception $e) {
            Av_exception::write_log(Av_exception::USER_ERROR, $e->getMessage());
    } else {
        $summary['general']['statistics']['errors'] = count($data);
        //CSV file is not empty, but all lines are wrong
        if (empty($summary['general']['status'])) {
            $summary['general']['status'] = 'error';
            $summary['general']['data'] = _('Nets cannot be imported');
    return $summary;
Exemplo n.º 9
ossim_valid($intent, OSS_DIGIT, OSS_NULLABLE, 'illegal:' . _("Intent"));
ossim_valid($directive_id, OSS_DIGIT, OSS_NULLABLE, 'illegal:' . _("Directive ID"));
ossim_valid($num_events, OSS_DIGIT, OSS_NULLABLE, 'illegal:' . _("Num Events"));
ossim_valid($num_events_op, OSS_ALPHA, OSS_NULLABLE, 'illegal:' . _("Num Events Operator"));
ossim_valid($tag, OSS_HEX, OSS_NULLABLE, 'illegal:' . _("Tag"));
ossim_valid($no_resolv, OSS_DIGIT, OSS_NULLABLE, 'illegal:' . _("No Resolv"));
ossim_valid($hide_closed, OSS_DIGIT, OSS_NULLABLE, 'illegal:' . _("Hide Closed"));
ossim_valid($show_options, OSS_DIGIT, OSS_NULLABLE, 'illegal:' . _("Show Options"));
if (ossim_error()) {
    $response['sEcho'] = $sec;
    $response['iTotalRecords'] = 0;
    $response['iTotalDisplayRecords'] = 0;
    $response['aaData'] = '';
    $error = ossim_get_error();
    Av_exception::write_log(Av_exception::USER_ERROR, $error);
    echo json_encode($response);
if (empty($show_options) || ($show_options < 1 || $show_options > 4)) {
    $show_options = 1;
$db = new ossim_db(TRUE);
$conn = $db->connect();
$db_groups = Alarm_groups::get_dbgroups($conn);
$criteria = array('group_type' => $group_type, 'show_options' => $show_options, 'hide_closed' => $hide_closed, 'from_date' => $date_from, 'to_date' => $date_to, 'ip_src' => $src_ip, 'ip_dst' => $dst_ip, 'asset_group' => $asset_group, 'sensor' => $sensor_query, 'query' => $alarm_name, 'directive_id' => $directive_id, 'intent' => $intent, 'num_events' => $num_events, 'num_events_op' => $num_events_op, 'tag' => $tag, 'limit' => "LIMIT {$offset}, {$limit}");
list($alarm_group, $total) = Alarm_groups::get_grouped_alarms($conn, $criteria, TRUE);
$results = array();
foreach ($alarm_group as $group) {
    $res = array();
    $group_id = $group['group_id'];
Exemplo n.º 10
function SIEM_trends_week($param = '')
    global $tz;
    $tzc = Util::get_tzc($tz);
    $data = array();
    $plugins = '';
    $plugins_sql = '';
    $db = new ossim_db(TRUE);
    $dbconn = $db->connect();
    $_asset_where = make_asset_filter();
    $asset_where = $_asset_where[1];
    $sensor_where = make_ctx_filter() . $asset_where;
    $tax_join = '';
    if (preg_match("/taxonomy\\=(.+)/", $param, $found)) {
        if ($found[1] == 'honeypot') {
            $tax_join = 'alienvault.plugin_sid p, ';
            $tax_where = 'AND acid_event.plugin_id = p.plugin_id AND acid_event.plugin_sid = p.sid AND p.category_id = 19';
        $param = '';
    } elseif ($param == 'ossec%') {
        $plugins_sql = 'AND acid_event.plugin_id between 7000 and 7999';
        $plugins = '7000-7999';
    $sqlgraph = "SELECT COUNT(acid_event.id) as num_events, day(convert_tz(timestamp,'+00:00','{$tzc}')) AS intervalo, monthname(convert_tz(timestamp,'+00:00','{$tzc}')) AS suf \n        FROM {$tax_join} alienvault_siem.acid_event \n        WHERE timestamp BETWEEN '" . gmdate("Y-m-d 00:00:00", gmdate("U") - 604800) . "' AND '" . gmdate("Y-m-d 23:59:59") . "' {$plugins_sql} {$sensor_where} {$tax_where} \n        GROUP BY suf, intervalo \n        ORDER BY suf, intervalo";
    if (!($rg =& $dbconn->CacheExecute($sqlgraph))) {
        Av_exception::write_log(Av_exception::DB_ERROR, $dbconn->ErrorMsg());
    } else {
        while (!$rg->EOF) {
            $hours = $rg->fields['intervalo'] . ' ' . substr($rg->fields['suf'], 0, 3);
            $data[$hours] = $rg->fields['num_events'];
    return $param != '' ? array($data, $plugins) : $data;
Exemplo n.º 11
function getSourceCoordYear($conn, $date_from = "", $date_to = "")
    $data = array();
    if ($date_from == "" || $date_to == "") {
        // Last Month by default
        $date_from = strftime("%Y-%m-%d", time() - 24 * 60 * 60 * 30);
        $date_to = strftime("%Y-%m-%d", time());
    $tab = getSourceRepartitionYear($conn, $date_from, $date_to);
    if (is_array($tab)) {
        foreach ($tab as $pays => $volume) {
            $sql = "select distinct(g.nom),g.abs,g.ord from datawarehouse.geo g, datawarehouse.ip2country i where UPPER(g.pays)=UPPER(i.a2) and i.country = ?;";
            $rs = $conn->Execute($sql, array($pays));
            if (!$rs) {
                Av_exception::write_log(Av_exception::DB_ERROR, $conn->ErrorMsg());
                return $data;
            $result = $rs->fields;
            if ($result['ord'] && $result['abs']) {
                array_push($data, array("nom" => $result['nom'], "abs" => $result['abs'], "ord" => $result['ord'], "volume" => $volume));
    return $data;
Exemplo n.º 12
// Close session write for real background loading
$db = new Ossim_db();
$conn = $db->connect();
$asset_id = GET('asset_id');
ossim_valid($asset_id, OSS_HEX, 'illegal: Asset ID');
if (ossim_error()) {
    echo 'gray';
// Get object from session
$asset_object = unserialize($_SESSION['asset_detail'][$asset_id]);
if (!is_object($asset_object)) {
    echo 'gray';
    Av_exception::write_log(Av_exception::USER_ERROR, _('Error retrieving the asset data from Memory'));
try {
    $hids = $asset_object->is_hids_enabled($conn);
    $hids = intval($hids);
    if ($hids == 2) {
        echo 'yellow';
    } elseif ($hids == 1) {
        echo 'green';
    } else {
        echo 'red';
} catch (Exception $e) {
    echo 'gray';