<th><?php
echo _("Vuln Scanner");
?>
</th>
<th><?php
echo _("Nmap Scan");
?>
</th>
<th><?php
echo _("Load");
?>
</th>
</tr>
<?php
// get available sensors
$_list_data = Av_sensor::get_list($conn);
$all_sensors = $_list_data[0];
// remote nmap
$rscan = new Remote_scan('', '');
$rscan->available_scan();
$ids = array();
if (is_array($rscan->get_sensors()) && count(array_keys($rscan->get_sensors())) > 0) {
$agents = $rscan->get_sensors();
foreach ($agents as $asid => $agent) {
$ids[] = $asid;
}
}
$withnmapforced = 0;
if (valid_hex32($scan_server) && !$hosts_alive && $sensor_id != "") {
$ids = array_merge(array($sensor_id), $ids);
$withnmapforced = 1;
?>
</label>
</td>
</tr>
<tr>
<td class="center noborder">
<input type="hidden" name="entities[]" id="entities" class='vfield' value="<?php
echo Session::get_default_ctx();
?>
"/>
<input type="hidden" name="num_entities_check" id="num_entities_check" value=""/>
<br>
<select name="neighborsensor" class='vfield' id="neighborsensor" style="width:150px">
<?php
list($s_list, $s_total) = Av_sensor::get_list($conn, array(), FALSE, TRUE);
$empty = 1;
foreach ($s_list as $s_id => $s_data) {
if ($s_data['properties']['version'] != 'unknown') {
echo "<option value='" . $s_id . "'>" . $s_data['name'] . "\n";
$empty = 0;
}
}
if ($empty) {
echo "<option value='00000000000000000000000000000000'>" . _('Local sensor') . "\n";
}
?>
</select>
</td>
<td class="center noborder" style="padding-left:10px">
<input type="hidden" class='vfield' style="width:120px" name="newcontext" value="<?php
* Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt
*
*/
require_once 'av_init.php';
Session::logcheck('environment-menu', 'PolicyHosts');
session_write_close();
/****************************************************
********************* Tooltips *********************
****************************************************/
$t_location = '<div>' . _("You can type any location (address, country, city, ...)") . '</div>';
//Database connection
$db = new ossim_db();
$conn = $db->connect();
//Getting all sensors
$filters = array('order_by' => "priority DESC");
list($all_sensors, $s_total) = Av_sensor::get_list($conn, $filters, FALSE, TRUE);
//Common Context
$ctx = Asset_host::get_common_ctx($conn);
//Closing database connection
$db->close();
?>
<div id="bk_tg_container">
<div id='tg_av_info'></div>
<div class="legend">
<?php
echo _('Only filled values will be updated');
?>
</div>
}
}
break;
}
ossim_valid($sid, OSS_DIGIT, OSS_NULLABLE, 'illegal:' . _("Sid"));
if (ossim_error()) {
die(_("Invalid Parameter Sid"));
}
if (isset($_POST['authorized_users'])) {
foreach ($_POST['authorized_users'] as $user) {
$users[] = Util::htmlentities(escape_sql(trim($user), $dbconn), ENT_QUOTES);
}
}
$sIDs = array();
if (Vulnerabilities::scanner_type() == 'omp') {
list($sensor_list, $total) = Av_sensor::get_list($dbconn);
foreach ($sensor_list as $sensor_id => $sensor_data) {
if (intval($sensor_data['properties']['has_vuln_scanner']) == 1) {
$sIDs[] = array('name' => $sensor_data['name'], 'id' => $sensor_id);
}
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title> <?php
echo gettext("Vulnmeter");
?>
</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>
}
if ($flag_status == 1) {
if ($flag_reconfig) {
$status_message = _('Your new configuration will be applied once AlienVault Reconfig completes. This might take several minutes.');
} else {
$status_message = _('Configuration successfully updated');
}
} elseif ($flag_status == 2) {
$status_message = $error_string;
}
//Connect to db */
$db = new ossim_db();
$conn = $db->connect();
$product = Session::is_pro() ? "USM" : "OSSIM";
//Sensor List
$_list_data = Av_sensor::get_list($conn, array('order_by' => 'name ASC'));
$all_sensors = $_list_data[0];
$sensor_list = array('0' => 'First available sensor');
foreach ($all_sensors as $sensor_id => $sensor) {
$sensor_list[$sensor['name']] = $sensor['name'] . ' [' . $sensor['ip'] . ']';
}
$default_entities['optgroup1'] = _('Users');
$users = Session::get_list($conn);
foreach ($users as $usr) {
$default_entities[$usr->get_login()] = $usr->get_name();
}
if (Session::is_pro()) {
//menu template list
list($templates, $num_templates) = Session::get_templates($conn);
if (count($templates) < 1) {
$templates[0] = array('id' => '', 'name' => '- No templates found -');
function sensor_list($conn, $page, $search)
{
$filters = array();
$filters['limit'] = get_query_limits($page);
if ($search != '') {
$search = utf8_decode($search);
$search = escape_sql($search, $conn);
$filters['where'] = " name LIKE '%{$search}%' OR inet6_ntoa(ip) LIKE '%{$search}%'";
}
$filters['order_by'] = 'name ASC';
try {
list($sensors, $total) = Av_sensor::get_list($conn, $filters, TRUE, TRUE);
} catch (Exception $e) {
$return['error'] = TRUE;
$return['msg'] = $e->getMessage();
return $return;
}
//If we have at least one element...
if ($total > 0) {
//Getting the nets already selected in the filter.
$selected = get_selected_values(14);
}
$list = array();
//Going through the list to format the elements properly:
foreach ($sensors as $id => $sensor) {
$_chk = $selected[$id] != '' ? TRUE : FALSE;
$_sensor = array('id' => $id, 'name' => $sensor['name'], 'extra' => $sensor['ip'], 'checked' => $_chk);
$list[$id] = $_sensor;
}
$data['total'] = intval($total);
$data['list'] = $list;
$return['error'] = FALSE;
$return['data'] = $data;
return $return;
}
}
break;
case 'get_sensor_ip':
$result = Av_sensor::get_ip_by_id($dbconn, $asset);
break;
case 'get_system_uuid':
$result = Util::get_encryption_key();
break;
case 'get_varhex':
$result = bin2hex(inet_pton($asset));
break;
case 'insert_host':
list($hostip, $ctx, $hostname, $aliases) = explode('|', base64_decode($asset));
$hostid = key(Asset_host::get_id_by_ips($dbconn, $hostip, $ctx));
if (!Asset_host::is_in_db($dbconn, $hostid)) {
list($sensor_list, $total) = Av_sensor::get_list($dbconn, array('where' => "acl_sensors.entity_id=UNHEX('{$ctx}')"));
$sensors = array_keys($sensor_list);
try {
$hostid = Util::uuid();
Util::disable_perm_triggers($dbconn, TRUE);
$host = new Asset_host($dbconn, $hostid);
$host->set_name($hostname);
$host->set_ctx($ctx);
$host_ip = array();
$ips[$hostip] = array('ip' => $hostip, 'mac' => NULL);
$host->set_ips($ips);
$host->set_sensors($sensors);
$host->set_fqdns($aliases);
$host->save_in_db($dbconn);
} catch (Exception $e) {
$result = 'Impossible to save the host';
function tab_discovery()
{
global $component, $uroles, $editdata, $scheduler, $username, $useremail, $dbconn, $disp, $enScanRequestImmediate, $enScanRequestRecur, $timeout, $smethod, $SVRid, $sid, $ip_list, $ip_exceptions_list, $schedule_type, $ROYEAR, $ROday, $ROMONTH, $time_hour, $time_min, $dayofweek, $dayofmonth, $sname, $user, $entity, $hosts_alive, $scan_locally, $version, $nthweekday, $semail, $not_resolve, $time_interval, $ssh_credential, $smb_credential, $net_id;
global $pluginOptions, $enComplianceChecks, $profileid;
$conf = $GLOBALS["CONF"];
$users = Session::get_users_to_assign($dbconn);
$entities_to_assign = Session::get_entities_to_assign($dbconn);
$pre_scan_locally_status = $conf->get_conf("nessus_pre_scan_locally");
$user_selected = $user;
$entity_selected = $entity;
$SVRid_selected = $SVRid;
$sid_selected = $sid != "" ? $sid : $editdata['meth_VSET'];
$timeout_selected = $editdata["meth_TIMEOUT"];
$ip_list_selected = str_replace("\\r\\n", "\n", str_replace(";;", "\n", $ip_list));
if (count($ip_exceptions_list) > 0) {
$ip_list_selected .= "\n" . implode("\n", $ip_exceptions_list);
}
$ROYEAR_selected = $ROYEAR;
$ROday_selected = $ROday;
$ROMONTH_selected = $ROMONTH;
$time_hour_selected = $time_hour;
$time_min_selected = $time_min;
$dayofweek_selected = $dayofweek;
$dayofmonth_selected = $dayofmonth;
$sname_selected = $sname;
if (preg_match("/^[a-f\\d]{32}\$/i", $net_id)) {
// Autofill new scan job from deployment
if (Asset_net::is_in_db($dbconn, $net_id)) {
$sname_selected = Asset_net::get_name_by_id($dbconn, $net_id);
$schedule_type = "M";
$ip_list = array();
$nips = explode(",", Asset_net::get_ips_by_id($dbconn, $net_id));
foreach ($nips as $nip) {
$ip_list[] = $net_id . "#" . trim($nip);
}
}
}
if ($schedule_type != "") {
$editdata['schedule_type'] = $schedule_type;
}
$cquery_like = "";
if ($component != "") {
$cquery_like = " AND component='{$component}'";
}
$today = date("Ymd");
$tyear = substr($today, 0, 4);
$nyear = $tyear + 1;
$tmonth = substr($today, 4, 2);
$tday = substr($today, 6, 2);
#SET VALUES UP IF EDIT SCHEDULER
if (isset($editdata['notify'])) {
$enotify = $editdata['notify'];
} else {
$enotify = "{$useremail}";
}
if (isset($editdata['time'])) {
list($time_hour, $time_min, $time_sec) = split(':', $editdata['time']);
$tz = Util::get_timezone();
$time_hour = $time_hour + $tz;
}
$arrTypes = array("N", "O", "D", "W", "M", "NW");
foreach ($arrTypes as $type) {
$sTYPE[$type] = "";
}
$arrJobTypes = array("C", "M", "R", "S");
foreach ($arrJobTypes as $type) {
$sjTYPE[$type] = "";
}
if (isset($editdata['schedule_type'])) {
$sTYPE[$editdata['schedule_type']] = "selected='selected'";
if ($editdata['schedule_type'] == 'D') {
$ni = 2;
} elseif ($editdata['schedule_type'] == 'O') {
$ni = 3;
} elseif ($editdata['schedule_type'] == 'W') {
$ni = 4;
} elseif ($editdata['schedule_type'] == 'NW') {
$ni = 6;
} else {
$ni = 5;
}
$show = "<br><script language=javascript>showLayer('idSched', {$ni});</script>";
} else {
if ($enScanRequestImmediate) {
$sTYPE['N'] = "selected='selected'";
$show = "<br><script language=javascript>showLayer('idSched', 1);</script>";
} else {
$sTYPE['O'] = "selected='selected'";
$show = "<br><script language=javascript>showLayer('idSched', 3);</script>";
}
}
if ($schedule_type != "") {
if ($schedule_type == "N") {
$show .= "<br><script language=javascript>showLayer('idSched', 1);</script>";
}
if ($schedule_type == "O") {
$show .= "<br><script language=javascript>showLayer('idSched', 3);</script>";
}
if ($schedule_type == "D") {
$show .= "<br><script language=javascript>showLayer('idSched', 2);</script>";
}
if ($schedule_type == "W") {
$show .= "<br><script language=javascript>showLayer('idSched', 4);</script>";
}
if ($schedule_type == "M") {
$show .= "<br><script language=javascript>showLayer('idSched', 5);</script>";
}
if ($schedule_type == "NW") {
$show .= "<br><script language=javascript>showLayer('idSched', 6);</script>";
}
}
if (isset($editdata['job_TYPE'])) {
$sjTYPE[$editdata['job_TYPE']] = "SELECTED";
} else {
$sjTYPE['M'] = "SELECTED";
}
if (isset($editdata['day_of_month'])) {
$dayofmonth = $editdata['day_of_month'];
}
if (isset($editdata['day_of_week'])) {
$day[$editdata['day_of_week']] = "SELECTED";
}
if ($dayofweek_selected != "") {
$day[$dayofweek_selected] = "SELECTED";
}
if (!$uroles['nessus']) {
$name = "sr-" . substr($username, 0, 6) . "-" . time();
$name = $editdata['name'] == "" ? $name : $editdata['name'];
$nameout = $name . "<input type=hidden style='width:210px' name='sname' value='{$name}'>";
} else {
$nameout = "<input type=text style='width:210px' name='sname' value='" . ($sname_selected != "" ? "{$sname_selected}" : "{$editdata['name']}") . "'>";
}
$discovery = "<input type=\"hidden\" name=\"save_scan\" value=\"1\">";
$discovery .= "<input type=\"hidden\" name=\"cred_type\" value=\"N\">";
$discovery .= "<table width=\"80%\" cellspacing=\"4\">";
$discovery .= "<tr>";
$discovery .= "<input type=\"hidden\" name=\"smethod\" value=\"{$smethod}\">";
$discovery .= "<td width=\"25%\" class='job_option'>" . Util::strong(_("Job Name") . ":") . "</td>";
$discovery .= "<td style=\"text-align:left;\">{$nameout}</td>";
$discovery .= "</tr>";
list($sensor_list, $total) = Av_sensor::get_list($dbconn);
$discovery .= "<tr>";
$discovery .= "<td class='job_option'>" . Util::strong(_("Select Server") . ":") . "</td>";
$discovery .= "<td style='text-align:left;'><select id='SVRid' style='width:212px' name='SVRid'>";
$discovery .= "<option value='Null'>" . _("First Available Server-Distributed") . "</option>";
foreach ($sensor_list as $_sensor_id => $sensor_data) {
if (intval($sensor_data['properties']['has_vuln_scanner']) == 1) {
$discovery .= "<option value=\"{$_sensor_id}\" ";
if ($editdata['email'] == $_sensor_id || $editdata['scan_ASSIGNED'] == $_sensor_id) {
$discovery .= " SELECTED";
}
if ($SVRid_selected == $_sensor_id) {
$discovery .= " SELECTED";
}
$discovery .= ">" . strtoupper($sensor_data['name']) . " [" . $sensor_data['ip'] . "] </option>";
}
}
$discovery .= <<<EOT
</select>
</td>
</tr>
<tr>
EOT;
$discovery .= "<td class='job_option'>" . Util::strong(_("Profile") . ":") . "</td>";
$discovery .= "<td style='text-align:left;'><select name='sid'>";
$query = "";
if ($username == "admin" || Session::am_i_admin()) {
$query = "SELECT distinct(t1.id), t1.name, t1.description \n FROM vuln_nessus_settings t1 WHERE deleted='0'\n ORDER BY t1.name";
} else {
if (Session::is_pro()) {
$users_and_entities = Acl::get_entities_to_assign($dbconn);
if (Acl::am_i_proadmin()) {
$users = Acl::get_my_users($dbconn, Session::get_session_user());
foreach ($users as $us) {
$users_and_entities[$us->get_login()] = $us->get_login();
}
$owner_list['0'] = '0';
$owner_list = array_keys($users_and_entities);
$owner_list = implode("','", $owner_list);
$query = "SELECT distinct(t1.id), t1.name, t1.description FROM vuln_nessus_settings t1\n WHERE deleted = '0' and (name='Default' or owner in ('" . $owner_list . "')) ORDER BY t1.name";
} else {
$owner_list['0'] = '0';
$owner_list[$username] = $username;
$owner_list = array_keys($users_and_entities);
$owner_list[] = Session::get_session_user();
$owner_list = implode("','", $owner_list);
$user_where = "owner in ('" . $owner_list . "')";
$query = "SELECT distinct(t1.id), t1.name, t1.description FROM vuln_nessus_settings t1\n WHERE deleted = '0' and (name='Default' or {$user_where}) ORDER BY t1.name";
}
} else {
$query = "SELECT distinct(t1.id), t1.name, t1.description FROM vuln_nessus_settings t1\n WHERE deleted = '0' and (name='Default' or owner in ('0','{$username}')) ORDER BY t1.name";
}
}
$dbconn->SetFetchMode(ADODB_FETCH_BOTH);
$result = $dbconn->execute($query);
$job_profiles = array();
$id_found = false;
$ipr = 0;
while (!$result->EOF) {
list($sid, $sname, $sdescription) = $result->fields;
if ($sid_selected == $sid) {
$id_found = true;
}
$job_profiles[$ipr]["sid"] = $sid;
$job_profiles[$ipr]["sname"] = $sname;
$job_profiles[$ipr]["sdescription"] = $sdescription;
$ipr++;
$result->MoveNext();
}
foreach ($job_profiles as $profile_data) {
$sid = $profile_data["sid"];
$sname = $profile_data["sname"];
$sdescription = $profile_data["sdescription"];
$discovery .= "<option value=\"{$sid}\" ";
if ($sid_selected == $sid) {
if ($sdescription != "") {
$discovery .= "selected>{$sname} - {$sdescription}</option>";
} else {
$discovery .= "selected>{$sname}</option>";
}
} else {
if ($sdescription != "") {
$discovery .= (preg_match("/default/i", $sname) && !$id_found ? 'selected="selected"' : "") . ">{$sname} - {$sdescription}</option>";
} else {
$discovery .= (preg_match("/default/i", $sname) && !$id_found ? 'selected="selected"' : "") . ">{$sname}</option>";
}
}
}
$discovery .= "</select>  <a href=\"" . Menu::get_menu_url('settings.php', 'environment', 'vulnerabilities', 'scan_jobs') . "\">[" . _("EDIT PROFILES") . "]</a></td>";
$discovery .= "</tr>";
$discovery .= "<tr>";
$discovery .= "<td class='job_option' style='vertical-align: top;'><div>" . Util::strong(_("Schedule Method") . ":") . "</div></td>";
$discovery .= "<td style='text-align:left'><div><select name='schedule_type' id='scheduleM'>";
$discovery .= "<option value='N' {$sTYPE['N']}>" . _("Immediately") . "</option>";
$discovery .= "<option value='O' {$sTYPE['O']}>" . _("Run Once") . "</option>";
$discovery .= "<option value='D' {$sTYPE['D']}>" . _("Daily") . "</option>";
$discovery .= "<option value='W' {$sTYPE['W']}>" . _("Day of the Week") . "</option>";
$discovery .= "<option value='M' {$sTYPE['M']}>" . _("Day of the Month") . "</option>";
$discovery .= "<option value='NW' {$sTYPE['NW']}>" . _("N<sup>th</sup> weekday of the month") . "</option>";
$discovery .= "</select></div></tr>";
$smethods = array("O", "D", "W", "M", "NW");
$smethodtr_display = in_array($editdata['schedule_type'], $smethods) ? "" : "style='display:none'";
$discovery .= "<tr {$smethodtr_display} id='smethodtr'><td> </td>";
$discovery .= <<<EOT
</td>
<td><div>
<div id="idSched1" class="forminput">
</div>
EOT;
// div to select start day
$discovery .= "<div id=\"idSched8\" class=\"forminput\">";
$discovery .= "<table cellspacing=\"2\" cellpadding=\"0\" width=\"100%\">";
$discovery .= "<tr><th width='35%'>" . _("Begin in") . "</th><td class='noborder' nowrap='nowrap'>" . gettext("Year") . " <select name='biyear'>";
$discovery .= "<option value=\"{$tyear}\" selected>{$tyear}</option>";
$discovery .= "<option value=\"{$nyear}\" >{$nyear}</option>";
$discovery .= "</select> " . gettext("Month") . " <select name='bimonth'>";
for ($i = 1; $i <= 12; $i++) {
$discovery .= "<option value=\"{$i}\" ";
if ($i == $tmonth) {
$discovery .= "selected";
}
$discovery .= ">{$i}</option>";
}
$discovery .= "</select> " . gettext("Day") . " <select name=\"biday\">";
for ($i = 1; $i <= 31; $i++) {
$discovery .= "<option value=\"{$i}\" ";
if ($i == $tday) {
$discovery .= "selected";
}
$discovery .= ">{$i}</option>";
}
$discovery .= "</select></td>";
$discovery .= "</tr>";
$discovery .= "</table>";
$discovery .= "</div>";
$discovery .= <<<EOT
<div id="idSched3" class="forminput">
<table cellspacing="2" cellpadding="0" width="100%">
EOT;
$discovery .= "<tr><th width='35%'>" . _("Day") . "</th><td colspan='6' class='noborder' nowrap='nowrap'>" . gettext("Year") . " <select name='ROYEAR'>";
$discovery .= "<option value=\"{$tyear}\" " . ($ROYEAR_selected == "" || $ROYEAR_selected == $tyear ? "selected" : "") . ">{$tyear}</option>";
$discovery .= "<option value=\"{$nyear}\" " . ($ROYEAR_selected == $nyear ? "selected" : "") . ">{$nyear}</option>";
$discovery .= "</select> " . gettext("Month") . " <select name='ROMONTH'>";
for ($i = 1; $i <= 12; $i++) {
$discovery .= "<option value=\"{$i}\" ";
if ($i == $tmonth && $ROMONTH_selected == "" || $ROMONTH_selected == $i) {
$discovery .= "selected";
}
$discovery .= ">{$i}</option>";
}
$discovery .= "</select> " . gettext("Day") . " <select name=\"ROday\">";
for ($i = 1; $i <= 31; $i++) {
$discovery .= "<option value=\"{$i}\" ";
if ($i == $tday && $ROday_selected == "" || $ROday_selected == $i) {
$discovery .= "selected";
}
$discovery .= ">{$i}</option>";
}
$discovery .= <<<EOT
</select></td>
</tr>
</table>
</div>
<div id="idSched4" class="forminput" >
<table width="100%">
<tr>
EOT;
$discovery .= "<th align=\"right\" width=\"35%\">" . _("Weekly") . "</th><td colspan=\"2\" class=\"noborder\">";
$discovery .= "<select name=\"dayofweek\">";
$discovery .= "<option value=\"Su\" SELECTED >" . gettext("Select week day to run") . "</option>";
$discovery .= "<option value=\"Su\" {$day['Su']} >" . gettext("Sunday") . "</option>";
$discovery .= "<option value=\"Mo\" {$day['Mo']} >" . gettext("Monday") . "</option>";
$discovery .= "<option value=\"Tu\" {$day['Tu']} >" . gettext("Tuesday") . "</option>";
$discovery .= "<option value=\"We\" {$day['We']} >" . gettext("Wednesday") . "</option>";
$discovery .= "<option value=\"Th\" {$day['Th']} >" . gettext("Thursday") . "</option>";
$discovery .= "<option value=\"Fr\" {$day['Fr']} >" . gettext("Friday") . "</option>";
$discovery .= "<option value=\"Sa\" {$day['Sa']} >" . gettext("Saturday") . "</option>";
$discovery .= "</select>";
$discovery .= "</td>";
$discovery .= <<<EOT
</tr>
</table>
</div>
<div id="idSched5" class="forminput">
<table width="100%">
<tr>
EOT;
$discovery .= "<th width='35%'>" . gettext("Select Day") . "</td>";
$discovery .= <<<EOT
<td colspan="2" class="noborder"><select name="dayofmonth">"
EOT;
for ($i = 1; $i <= 31; $i++) {
$discovery .= "<option value=\"{$i}\"";
if ($dayofmonth == $i && $dayofmonth_selected == "" || $dayofmonth_selected == $i) {
$discovery .= " selected";
}
$discovery .= ">{$i}</option>";
}
$discovery .= <<<EOT
</select></td>
</tr>
</table>
</div>
<div id="idSched6" class="forminput">
<table width="100%">
<tr>
EOT;
$discovery .= "<th width=\"35%\">" . gettext("Day of week") . "</th><td colspan=\"2\" class=\"noborder\">";
$discovery .= "<select name=\"nthdayofweek\">";
$discovery .= "<option value=\"Su\" SELECTED >" . gettext("Select week day to run") . "</option>";
$discovery .= "<option value=\"Su\" {$day['Su']} >" . gettext("Sunday") . "</option>";
$discovery .= "<option value=\"Mo\" {$day['Mo']} >" . gettext("Monday") . "</option>";
$discovery .= "<option value=\"Tu\" {$day['Tu']} >" . gettext("Tuesday") . "</option>";
$discovery .= "<option value=\"We\" {$day['We']} >" . gettext("Wednesday") . "</option>";
$discovery .= "<option value=\"Th\" {$day['Th']} >" . gettext("Thursday") . "</option>";
$discovery .= "<option value=\"Fr\" {$day['Fr']} >" . gettext("Friday") . "</option>";
$discovery .= "<option value=\"Sa\" {$day['Sa']} >" . gettext("Saturday") . "</option>";
$discovery .= "</select>";
$discovery .= "</td>";
$discovery .= <<<EOT
</tr>
</table>
<br>
<table width="100%">
<tr>
EOT;
$discovery .= "<th align='right'>" . gettext("N<sup>th</sup> weekday") . "</th><td colspan='2' class='noborder'>";
$discovery .= "<select name='nthweekday'>";
$discovery .= "<option value='1'>" . gettext("Select nth weekday to run") . "</option>";
$discovery .= "<option value='1'" . ($dayofmonth == 1 ? " selected" : "") . ">" . gettext("First") . "</option>";
$discovery .= "<option value='2'" . ($dayofmonth == 2 ? " selected" : "") . ">" . gettext("Second") . "</option>";
$discovery .= "<option value='3'" . ($dayofmonth == 3 ? " selected" : "") . ">" . gettext("Third") . "</option>";
$discovery .= "<option value='4'" . ($dayofmonth == 4 ? " selected" : "") . ">" . gettext("Fourth") . "</option>";
$discovery .= "<option value='5'" . ($dayofmonth == 5 ? " selected" : "") . ">" . gettext("Fifth") . "</option>";
$discovery .= "<option value='6'" . ($dayofmonth == 6 ? " selected" : "") . ">" . gettext("Sixth") . "</option>";
$discovery .= "<option value='7'" . ($dayofmonth == 7 ? " selected" : "") . ">" . gettext("Seventh") . "</option>";
$discovery .= "<option value='8'" . ($dayofmonth == 8 ? " selected" : "") . ">" . gettext("Eighth") . "</option>";
$discovery .= "<option value='9'" . ($dayofmonth == 9 ? " selected" : "") . ">" . gettext("Ninth") . "</option>";
$discovery .= "<option value='10'" . ($dayofmonth == 10 ? " selected" : "") . ">" . gettext("Tenth") . "</option>";
$discovery .= <<<EOT
</select>
</td>
</tr>
</table>
</div>
EOT;
$discovery .= "<div id='idSched7' class='forminput' style=margin-bottom:3px;>";
$discovery .= "<table width='100%'>";
$discovery .= "<tr>";
$discovery .= "<th width='35%'>" . _("Frequency") . "</th>";
$discovery .= "<td width='100%' style='text-align:center;' class='nobborder'>";
$discovery .= "<span style='margin-right:5px;'>" . _("Every") . "</span>";
$discovery .= "<select name='time_interval'>";
for ($itime = 1; $itime <= 30; $itime++) {
$discovery .= "<option value='" . $itime . "'" . ($editdata['time_interval'] == $itime ? " selected" : "") . ">" . $itime . "</option>";
}
$discovery .= "</select>";
$discovery .= "<span id='days' style='margin-left:5px'>" . _("day(s)") . "</span><span id='weeks' style='margin-left:5px'>" . _("week(s)") . "</span>";
$discovery .= "</td>";
$discovery .= "</tr>";
$discovery .= "</table>";
$discovery .= "</div>";
$discovery .= <<<EOT
<div id="idSched2" class="forminput">
<table width="100%">
EOT;
$discovery .= "<tr>";
$discovery .= "<th rowspan='2' align='right' width='35%'>" . gettext("Time") . "</td>";
$discovery .= "<td align='right'>" . gettext("Hour") . "</td>";
$discovery .= <<<EOT
<td align="left" class="noborder"><select name="time_hour">
EOT;
for ($i = 0; $i <= 23; $i++) {
$discovery .= "<option value=\"{$i}\"";
if ($time_hour == $i && $time_hour_selected == "" || $time_hour_selected == $i) {
$discovery .= " selected";
}
$discovery .= ">{$i}</option>";
}
$discovery .= "</select></td><td align='right'>" . gettext("Minutes") . "</td>\n <td class='noborder' align='left'><select name='time_min'>";
for ($i = 0; $i < 60; $i = $i + 15) {
$discovery .= "<option value=\"{$i}\"";
if ($time_min == $i && $time_min_selected == "" || $time_min_selected == $i) {
$discovery .= " selected";
}
$discovery .= ">{$i}</option>";
}
$discovery .= <<<EOT
</select></td>
</tr>
</table>
</div>
</tr>
EOT;
$discovery .= "<tr>";
$discovery .= "\t\t<td class='madvanced'><a class='section'><img id='advanced_arrow' border='0' align='absmiddle' src='../pixmaps/arrow_green.gif'>" . _("ADVANCED") . "</a></td>";
$discovery .= "\t\t<td> </td>";
$discovery .= "</tr>";
if ($_SESSION["scanner"] == "omp") {
$credentials = Vulnerabilities::get_credentials($dbconn, 'ssh');
preg_match("/(.*)\\|(.*)/", $editdata["credentials"], $found);
$discovery .= "<tr class='advanced'>";
$discovery .= "<td class='job_option'>" . Util::strong(_("SSH Credential:")) . "</td>";
$discovery .= "<td style='text-align:left'><select id='ssh_credential' name='ssh_credential'>";
$discovery .= "<option value=''>--</option>";
foreach ($credentials as $cred) {
$login_text = $cred["login"];
if ($cred["login"] == '0') {
$login_text = _("All");
} elseif (valid_hex32($cred["login"])) {
$login_text = Session::get_entity_name($dbconn, $cred["login"]);
}
$selected = $found[1] == $cred["name"] . "#" . $cred["login"] || $cred["name"] . "#" . $cred["login"] == $ssh_credential ? " selected='selected'" : "";
$discovery .= "<option value='" . $cred["name"] . "#" . $cred["login"] . "' {$selected}>" . $cred["name"] . " (" . $login_text . ")</option>";
}
$discovery .= "</select></td>";
$discovery .= "</tr>";
$credentials = Vulnerabilities::get_credentials($dbconn, 'smb');
$discovery .= "<tr class='advanced'>";
$discovery .= "<td class='job_option'>" . Util::strong(_("SMB Credential:")) . "</td>";
$discovery .= "<td style='text-align:left'><select id='smb_credential' name='smb_credential'>";
$discovery .= "<option value=''>--</option>";
foreach ($credentials as $cred) {
$login_text = $cred["login"];
if ($cred["login"] == '0') {
$login_text = _("All");
} elseif (valid_hex32($cred["login"])) {
$login_text = Session::get_entity_name($dbconn, $cred["login"]);
}
$selected = $found[2] == $cred["name"] . "#" . $cred["login"] || $cred["name"] . "#" . $cred["login"] == $smb_credential ? " selected='selected'" : "";
$discovery .= "<option value='" . $cred["name"] . "#" . $cred["login"] . "' {$selected}>" . $cred["name"] . " (" . $login_text . ")</option>";
}
$discovery .= "</select></td>";
$discovery .= "</tr>";
}
$discovery .= "<tr class='job_option advanced'>";
$discovery .= "<td class='job_option'>" . Util::strong(_("Timeout:")) . "</td>";
$discovery .= "<td style=\"text-align:left;\" nowrap><input type='text' style='width:80px' name='timeout' value='" . ($timeout_selected == "" ? "{$timeout}" : "{$timeout_selected}") . "'>";
$discovery .= "<font color='black'> " . _("Max scan run time in seconds") . " </font></td>";
$discovery .= "</tr>";
$discovery .= "<tr class='advanced'><td class='job_option'>" . Util::strong(_("Send an email notification:"));
$discovery .= "</td>";
$discovery .= "<td style=\"text-align:left;\">";
$discovery .= "<input type=\"radio\" name=\"semail\" value=\"0\"" . (count($editdata) <= 1 && intval($semail) == 0 || intval($editdata['meth_Wfile']) == 0 ? " checked" : "") . "/>" . _("No");
$discovery .= "<input type=\"radio\" name=\"semail\" value=\"1\"" . (count($editdata) <= 1 && intval($semail) == 1 || intval($editdata['meth_Wfile']) == 1 ? " checked" : "") . "/>" . _("Yes");
$discovery .= "</td></tr>";
$discovery .= "<tr class='advanced'>\n\t\t\t\t\t\t<td class='job_option'>" . Util::strong(_("Scan job visible for:")) . "</td>\n\t\t\t\t\t\t<td style='text-align: left'>\n\t\t\t\t\t\t\t<table cellspacing='0' cellpadding='0' class='transparent' style='margin: 5px 0px;'>\n\t\t\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t\t\t<td class='nobborder'><span style='margin-right:3px'>" . _('User:'******'nobborder'>\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t<select name='user' id='user' onchange=\"switch_user('user');return false;\">";
$num_users = 0;
foreach ($users as $k => $v) {
$login = $v->get_login();
$selected = $editdata["username"] == $login || $user_selected == $login ? "selected='selected'" : "";
$options .= "<option value='" . $login . "' {$selected}>{$login}</option>\n";
$num_users++;
}
if ($num_users == 0) {
$discovery .= "<option value='' style='text-align:center !important;'>- " . _("No users found") . " -</option>";
} else {
$discovery .= "<option value='' style='text-align:center !important;'>- " . _("Select one user") . " -</option>\n";
$discovery .= $options;
}
$discovery .= "\t\t\t\t\t\t</select>\n\t\t\t\t\t\t\t\t\t</td>";
if (!empty($entities_to_assign)) {
$discovery .= "\t \t\t\t<td style='text-align:center; border:none; !important'><span style='padding:5px;'>" . _("OR") . "<span></td>\n\t\t\t\t\t\t\t\t\t<td class='nobborder'><span style='margin-right:3px'>" . _("Entity:") . "</span></td>\n\t\t\t\t\t\t\t\t\t<td class='nobborder'>\t\n\t\t\t\t\t\t\t\t\t\t<select name='entity' id='entity' onchange=\"switch_user('entity');return false;\">\n\t\t\t\t\t\t\t\t\t\t\t<option value='' style='text-align:center !important;'>-" . _("Select one entity") . "-</option>";
foreach ($entities_to_assign as $k => $v) {
$selected = $editdata["username"] == $k || $entity_selected == $k ? "selected='selected'" : "";
$discovery .= "<option value='{$k}' {$selected}>{$v}</option>";
}
$discovery .= "\t\t\t\t\t</select>\n\t\t\t\t\t\t\t\t\t</td>";
}
$discovery .= " \t \t</tr>\n\t\t\t\t\t\t\t</table>\n\t\t\t\t\t\t</td>\n\t\t\t\t\t</tr>";
$discovery .= "<tr><td valign=\"top\" width=\"15%\" class=\"job_option noborder\"><br>";
// conditions to exclude IPs
$condition1 = count($editdata) <= 1 && intval($hosts_alive) == 1 ? TRUE : FALSE;
$condition2 = preg_match('/' . EXCLUDING_IP2 . '/', trim($editdata["meth_TARGET"]));
$condition3 = intval($editdata['meth_CRED']) == 1 ? TRUE : FALSE;
$condition4 = count($ip_exceptions_list) > 0 ? TRUE : FALSE;
$host_alive_check = $condition1 || $condition2 || $condition3 || $condition4 ? ' checked' : '';
$host_alive_status = $condition2 || $condition4 ? ' disabled=\\"disabled\\"' : '';
$discovery .= "<input onclick=\"toggle_scan_locally()\" type=\"checkbox\" id=\"hosts_alive\" name=\"hosts_alive\" value=\"1\"" . $host_alive_check . $host_alive_status . ">" . Util::strong(_("Only scan hosts that are alive")) . "<br>(" . Util::strong(_("greatly speeds up the scanning process")) . ")<br><br>";
$discovery .= "<input type=\"checkbox\" id=\"scan_locally\" name=\"scan_locally\" value=\"1\"" . ($pre_scan_locally_status == 0 ? " disabled=\"disabled\"" : "") . ($pre_scan_locally_status == 1 && (intval($editdata['authorized']) == 1 || intval($scan_locally) == 1) ? " checked" : "") . ">" . Util::strong(_("Pre-Scan locally")) . "<br>(" . Util::strong(_("do not pre-scan from scanning sensor")) . ")<br><br>";
$discovery .= "<input type=\"checkbox\" id=\"not_resolve\" name=\"not_resolve\" value=\"1\" " . ($editdata['resolve_names'] === "0" || $not_resolve == "1" ? "checked=\"checked\"" : "") . "/>" . Util::strong(_("Do not resolve names"));
$discovery .= <<<EOT
</td>
EOT;
$discovery .= ' <td class="noborder" valign="top">';
$discovery .= ' <table width="100%" class="transparent" cellspacing="0" cellpadding="0">';
$discovery .= ' <tr>';
$discovery .= ' <td class="nobborder" style="vertical-align: top;text-align:left;padding:10px 0px 0px 0px;">';
$discovery .= ' <table class="transparent" cellspacing="4">';
$discovery .= ' <tr>';
$discovery .= ' <td class="nobborder" style="text-align:left;"><input class="greyfont" type="text" id="searchBox" value="' . _("Type here to search assets (Hosts/Networks)") . '" /></td>';
$discovery .= ' </tr>';
$discovery .= ' <tr>';
$discovery .= ' <td class="nobborder"><select id="targets" name="targets[]" multiple="multiple">';
if (!empty($editdata["meth_TARGET"])) {
$ip_list = explode("\n", trim($editdata["meth_TARGET"]));
}
if (!empty($ip_list)) {
foreach ($ip_list as $asset) {
if (preg_match("/([a-f\\d]+)#(.*)/i", $asset, $found)) {
if (Asset_host::is_in_db($dbconn, $found[1])) {
$_asset_name = Asset_host::get_name_by_id($dbconn, $found[1]) . " (" . $found[2] . ")";
} else {
$_asset_name = Asset_net::get_name_by_id($dbconn, $found[1]) . " (" . $found[2] . ")";
}
$discovery .= '<option value="' . $asset . '">' . $_asset_name . '</option>';
} else {
$discovery .= '<option value="' . $asset . '">' . $asset . '</option>';
}
}
foreach ($ip_exceptions_list as $asset) {
$discovery .= '<option value="' . $asset . '">' . $asset . '</option>';
}
}
$discovery .= ' </select></td>';
$discovery .= ' </tr>';
$discovery .= ' <tr>';
$discovery .= ' <td class="nobborder" style="text-align:right"><input type="button" value=" [X] " id="delete_target" class="av_b_secondary small"/>';
$discovery .= ' <input type="button" style="margin-right:0px;"value="Delete all" id="delete_all" class="av_b_secondary small"/></td>';
$discovery .= ' </tr>';
$discovery .= ' </table>';
$discovery .= ' </td>';
$discovery .= ' <td class="nobborder" width="450px;" style="vertical-align: top;padding:0px 0px 0px 5px;">';
$discovery .= ' <div id="vtree" style="text-align:left;width:100%;"></div>';
$discovery .= ' </td>';
$discovery .= ' </tr>';
$discovery .= ' </table>';
$discovery .= ' </td>';
$discovery .= '</tr>';
$discovery .= '</table>';
$discovery .= '</tr></td></table>';
$discovery .= $show;
return $discovery;
}
}
if (POST('action') == "close_alarm") {
if (check_uniqueid($prev_unique_id, $param_unique_id)) {
Alarm::close($conn, POST('alarm'));
} else {
die(ossim_error("Can't do this action for security reasons."));
}
}
if (POST('action') == "delete_alarm") {
if (check_uniqueid($prev_unique_id, $param_unique_id)) {
Alarm::delete($conn, POST('alarm'));
} else {
die(ossim_error("Can't do this action for security reasons."));
}
}
$sensors = Av_sensor::get_list($conn, array(), FALSE, TRUE);
//Autocompleted
$autocomplete_keys = array('hosts');
$hosts_str = Autocomplete::get_autocomplete($conn, $autocomplete_keys);
$db_groups = Alarm_groups::get_dbgroups($conn);
list($alarm_group, $count) = Alarm_groups::get_grouped_alarms($conn, $group_type, $show_options, $hide_closed, $date_from, $date_to, $src_ip, $dst_ip, $sensor_query, $query, $directive_id, $intent, $num_events, $num_events_op, $tag, "LIMIT {$inf}, {$rows}", true);
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title> <?php
echo _("Control Panel");
?>
</title>
<meta http-equiv="Pragma" content="no-cache"/>
function get_assets($conn, $id, $type, $host_types)
{
$filters = array('where' => 'sensor_properties.has_nagios = 1', 'order_by' => 'priority desc');
list($nagios_list, $nagios_total) = Av_sensor::get_list($conn, $filters);
$sensor = NULL;
$sensors = array();
$type = strtolower($type);
$id = strtoupper($id);
// in_assets first
$in_assets = is_in_assets($conn, $id, $type);
//Host, sensor or server
if (in_array($type, $host_types)) {
$table = $type;
if ($type == 'host') {
$what = 'host_id';
$table = 'host_ip';
} else {
$what = 'id';
}
$query = "SELECT INET6_NTOA(ip) AS ip FROM {$table} WHERE {$what} = UNHEX(?) LIMIT 1";
$params = array($id);
$rs = $conn->Execute($query, $params);
if ($rs) {
$ips = $rs->fields['ip'];
}
// Related sensors
if ($type == 'host') {
$sensors = Asset_host_sensors::get_sensors_by_id($conn, $id);
} elseif ($type == 'sensor') {
$sensors[$id] = $ips;
} else {
$s_id = Av_sensor::get_id_by_ip($conn, Util::get_default_admin_ip());
$sensors[$s_id] = Util::get_default_admin_ip();
}
} elseif ($type == 'net') {
$query = "SELECT ips FROM net WHERE id = UNHEX(?)";
$params = array($id);
$rs = $conn->Execute($query, $params);
if ($rs) {
$ips = $rs->fields['ips'];
}
// Related sensors
$sensors = Asset_net_sensors::get_sensors_by_id($conn, $id);
} elseif ($type == 'net_group' || $type == 'netgroup') {
$query = "SELECT hex(ngr.net_id) as net_id, n.ips FROM net_group_reference AS ngr, net AS n\n WHERE ngr.net_group_id = UNHEX(?) AND ngr.net_id = n.id";
$net_ids = array($id);
$params = $net_ids;
$rs = $conn->Execute($query, $params);
if ($rs) {
$ipng = array();
if (!$rs->EOF) {
$net_ids = array();
}
while (!$rs->EOF) {
$ipng[] = $rs->fields['ips'];
$net_ids[] = $rs->fields['net_id'];
$rs->MoveNext();
}
$ips = count($ipng) > 0 ? implode(",", $ipng) : "'0.0.0.0/0'";
if (count($ipng) == 0) {
$in_assets = 0;
}
}
// Related sensors
foreach ($net_ids as $net_id) {
$_sensors_aux = Asset_net_sensors::get_sensors_by_id($conn, $net_id);
foreach ($_sensors_aux as $sensor_id => $sensor_data) {
$sensors[$sensor_id] = $sensor_data['ip'];
}
}
} elseif ($type == 'host_group' || $type == 'hostgroup') {
$query = "SELECT hex(hg.host_id) as host_id, INET6_NTOA(hi.ip) AS ip FROM host_group_reference hg, host_ip hi\n WHERE hi.host_id=hg.host_id AND hg.host_group_id = UNHEX(?)";
$host_ids = array($id);
$params = $host_ids;
$rs = $conn->Execute($query, $params);
if ($rs) {
$iphg = array();
if (!$rs->EOF) {
$host_ids = array();
}
while (!$rs->EOF) {
$iphg[] = "'" . $rs->fields['ip'] . "'";
$host_ids[] = $rs->fields['host_id'];
$rs->MoveNext();
}
$ips = count($iphg) > 0 ? implode(',', $iphg) : "'0.0.0.0'";
if (count($iphg) == 0) {
$in_assets = 0;
}
}
// Related sensors
foreach ($host_ids as $host_id) {
$_sensors_aux = Asset_host_sensors::get_sensors_by_id($conn, $host_id);
foreach ($_sensors_aux as $sensor_id => $sensor_data) {
$sensors[$sensor_id] = $sensor_data['ip'];
}
}
}
//Getting first Nagios sensor (By priority)
if ($nagios_total > 0) {
foreach ($nagios_list as $n_sensor_id => $n_sensor_data) {
if (array_key_exists($n_sensor_id, $sensors)) {
$sensor = $n_sensor_data['ip'];
break;
}
}
}
return array($id, $sensor, $type, $ips, $in_assets);
}
****************************************************/
$host_id = '';
$sensor = 'local';
$scan_type = 'fast';
$ttemplate = 'T3';
$scan_ports = '1-65535';
$autodetected = 1;
$rdns = 1;
//Database connection
$db = new ossim_db();
$conn = $db->connect();
/****************************************************
********************* Sensors ***********************
****************************************************/
$filters = array('where' => 'sensor_properties.version <> ""', 'order_by' => 'sensor.name, priority DESC');
$sensor_list = Av_sensor::get_list($conn, $filters);
$sensor_list = $sensor_list[0];
/****************************************************
******************** Search Box ********************
****************************************************/
$autocomplete_keys = array('hosts', 'nets');
$assets = Autocomplete::get_autocomplete($conn, $autocomplete_keys);
/****************************************************
******************** Clear Scan ********************
****************************************************/
//Results will be deleted when a custom scan is executed or when an user forces it
if (intval($_REQUEST['clearscan']) == 1 || $_REQUEST['action'] == 'custom_scan') {
try {
//Delete scan task from Redis
$av_scan = Av_scan::get_object_from_file($scan_file);
if (is_object($av_scan) && !empty($av_scan)) {
*
*/
require_once 'av_init.php';
Session::logcheck("environment-menu", "MonitorsNetwork");
$interface = GET('interface');
$proto = GET('proto');
ossim_valid($interface, OSS_ALPHA, OSS_PUNC, OSS_NULLABLE, 'illegal:' . _('Interface'));
ossim_valid($proto, OSS_ALPHA, OSS_NULLABLE, 'illegal:' . _('Protocol'));
if (ossim_error()) {
die(ossim_error());
}
$db = new ossim_db();
$conn = $db->connect();
$filters = array('where' => 'sensor_properties.has_ntop = 1', 'order_by' => 'priority DESC');
$ntop_list = array();
list($aux_ntop_list, $_total) = Av_sensor::get_list($conn, $filters);
if ($_total > 0) {
foreach ($aux_ntop_list as $s_id => $s) {
try {
$i_faces = Av_sensor::get_interfaces($s['ip']);
if (is_array($i_faces) && !empty($i_faces)) {
$ntop_list[$s_id] = $s;
$ntop_list[$s_id]['i_faces'] = $i_faces;
}
} catch (Exception $e) {
}
}
//Sensor by default
if ($sensor == '') {
$s_id = key($ntop_list);
$sensor = $ntop_list[$s_id]['ip'];
Util::disable_perm_triggers($conn, TRUE);
$save = 0;
$info_error = array();
if ($action == 'insert') {
$data = array();
foreach ($_POST as $key => $value) {
if (preg_match("/^ip(.+)/", $key, $found)) {
ossim_valid(POST("{$key}"), OSS_IP_ADDR, 'illegal:' . _('Ip'));
$num = $found[1];
if (POST("ctx{$num}") == '') {
$ctx = Session::get_default_ctx();
} else {
$ctx = POST("ctx{$num}");
ossim_valid($ctx, OSS_HEX, 'illegal:' . _('Ctx'));
}
list($sensor_list, $total) = Av_sensor::get_list($conn, array('where' => "sensor.id = acl_sensors.sensor_id AND acl_sensors.entity_id = UNHEX('{$ctx}')"));
$sensors = array_keys($sensor_list);
if (POST("name{$num}") == '') {
$hostname = POST("{$key}");
} else {
$hostname = POST("name{$num}");
ossim_valid($hostname, OSS_HOST_NAME, 'illegal:' . _('Hostname'));
}
$fqdns = '';
if (POST("fqdn{$num}") != '') {
$fqdns = POST("fqdn{$num}");
ossim_valid($fqdns, OSS_FQDNS, OSS_NULLABLE, 'illegal:' . _('FQDN'));
}
$data[POST("{$key}")] = array('hostname' => $hostname, 'fqdns' => $fqdns);
if (ossim_error()) {
$info_error[] = ossim_get_error();
function get_report_data($id = NULL)
{
$conf = $GLOBALS['CONF'];
$conf = !$conf ? new Ossim_conf() : $conf;
$y = strftime('%Y', time() - 24 * 60 * 60 * 30);
$m = strftime('%m', time() - 24 * 60 * 60 * 30);
$d = strftime('%d', time() - 24 * 60 * 60 * 30);
$reports['asset_report'] = array('report_name' => _('Asset Details'), 'report_id' => 'asset_report', 'type' => 'external', 'link_id' => 'link_ar_asset', 'link' => '', 'parameters' => array(array('name' => _('Host Name/IP/Network'), 'id' => 'ar_asset', 'type' => 'asset', 'default_value' => '')), 'access' => Session::menu_perms('environment-menu', 'PolicyHosts') || Session::menu_perms('environment-menu', 'PolicyNetworks'), 'send_by_email' => 0);
$status_values = array('All' => array('text' => _('All')), 'Open' => array('text' => _('Open')), 'Assigned' => array('text' => _('Assigned')), 'Studying' => array('text' => _('Studying')), 'Waiting' => array('text' => _('Waiting')), 'Testing' => array('text' => _('Testing')), 'Closed' => array('text' => _('Closed')));
$types_values = array('ALL' => array('text' => _('ALL')), 'Expansion Virus' => array('text' => _('Expansion Virus')), 'Corporative Nets Attack' => array('text' => _('Corporative Nets Attack')), 'Policy Violation' => array('text' => _('Policy Violation')), 'Security Weakness' => array('text' => _('Security Weakness')), 'Net Performance' => array('text' => _('Net Performance')), 'Applications and Systems Failures' => array('text' => _('Applications and Systems Failures')), 'Anomalies' => array('text' => _('Anomalies')), 'Vulnerability' => array('text' => _('Vulnerability')));
$priority_values = array('High' => _('High'), 'Medium' => _('Medium'), 'Low' => _('Low'));
$reports['tickets_report'] = array('report_name' => _('Tickets Report'), 'report_id' => 'tickets_report', 'type' => 'pdf', 'subreports' => array('title_page' => array('id' => 'title_page', 'name' => _('Title Page'), 'report_file' => 'os_reports/Common/titlepage.php'), 'alarm' => array('id' => 'alarm', 'name' => _('Alarm'), 'report_file' => 'os_reports/Tickets/Alarm.php'), 'event' => array('id' => 'event', 'name' => _('Event'), 'report_file' => 'os_reports/Tickets/Event.php'), 'anomaly' => array('id' => 'anomaly', 'name' => _('Anomaly'), 'report_file' => 'os_reports/Tickets/Anomaly.php'), 'vulnerability' => array('id' => 'vulnerability', 'name' => _('Vulnerability'), 'report_file' => 'os_reports/Tickets/Vulnerability.php')), 'parameters' => array(array('name' => _('Date Range'), 'date_from_id' => 'tr_date_from', 'date_to_id' => 'tr_date_to', 'type' => 'date_range', 'default_value' => array('date_from' => $y . '-' . $m . '-' . $d, 'date_to' => date('Y') . '-' . date('m') . '-' . date('d'))), array('name' => _('Status'), 'id' => 'tr_status', 'type' => 'select', 'values' => $status_values), array('name' => _('Type'), 'id' => 'tr_type', 'type' => 'select', 'values' => $types_values), array('name' => _('Priority'), 'id' => 'tr_priority', 'type' => 'checkbox', 'values' => $priority_values)), 'access' => Session::menu_perms('analysis-menu', 'IncidentsIncidents'), 'send_by_email' => 1);
$reports['alarm_report'] = array('report_name' => _('Alarms Report'), 'report_id' => 'alarm_report', 'type' => 'pdf', 'subreports' => array('title_page' => array('id' => 'title_page', 'name' => _('Title Page'), 'report_file' => 'os_reports/Common/titlepage.php'), 'top_attacker_host' => array('id' => 'top_attacker_host', 'name' => _('Top 10 Attacker Host'), 'report_file' => 'os_reports/Alarms/AttackerHosts.php'), 'top_attacked_host' => array('id' => 'top_attacked_host', 'name' => _('Top 10 Attacked Host'), 'report_file' => 'os_reports/Alarms/AttackedHosts.php'), 'used_port' => array('id' => 'used_port', 'name' => _('Top 10 Used Ports'), 'report_file' => 'os_reports/Alarms/UsedPorts.php'), 'top_events' => array('id' => 'top_events', 'name' => _('Top 15 Alarms'), 'report_file' => 'os_reports/Alarms/TopAlarms.php'), 'events_by_risk' => array('id' => 'events_by_risk', 'name' => _('Top 15 Alarms by Risk'), 'report_file' => 'os_reports/Alarms/TopAlarmsByRisk.php')), 'parameters' => array(array('name' => _('Date Range'), 'date_from_id' => 'ar_date_from', 'date_to_id' => 'ar_date_to', 'type' => 'date_range', 'default_value' => array('date_from' => $y . '-' . $m . '-' . $d, 'date_to' => date('Y') . '-' . date('m') . '-' . date('d')))), 'access' => Session::menu_perms('analysis-menu', 'ControlPanelAlarms'), 'send_by_email' => 1);
$reports['bc_pci_report'] = array('report_name' => _('Business & Compliance ISO PCI Report'), 'report_id' => 'bc_pci_report', 'type' => 'pdf', 'subreports' => array('title_page' => array('id' => 'title_page', 'name' => _('Title Page'), 'report_file' => 'os_reports/Common/titlepage.php'), 'threat_overview' => array('id' => 'threat_overview', 'name' => _('Threat overview'), 'report_file' => 'os_reports/BusinessAndComplianceISOPCI/ThreatOverview.php'), 'bri_risks' => array('id' => 'bri_risks', 'name' => _('Business real impact risks'), 'report_file' => 'os_reports/BusinessAndComplianceISOPCI/BusinessPotentialImpactsRisks.php'), 'ciap_impact' => array('id' => 'ciap_impact', 'name' => _('C.I.A Potential impact'), 'report_file' => 'os_reports/BusinessAndComplianceISOPCI/CIAPotentialImpactsRisks.php'), 'pci_dss' => array('id' => 'pci_dss', 'name' => _('PCI-DSS 2.0'), 'report_file' => 'os_reports/BusinessAndComplianceISOPCI/PCI-DSS.php'), 'pci_dss3' => array('id' => 'pci_dss3', 'name' => _('PCI-DSS 3.0'), 'report_file' => 'os_reports/BusinessAndComplianceISOPCI/PCI-DSS3.php'), 'trends' => array('id' => 'trends', 'name' => _('Trends'), 'report_file' => 'os_reports/BusinessAndComplianceISOPCI/Trends.php'), 'iso27002_p_impact' => array('id' => 'iso27002_p_impact', 'name' => _('ISO27002 Potential impact'), 'report_file' => 'os_reports/BusinessAndComplianceISOPCI/ISO27002PotentialImpact.php'), 'iso27001' => array('id' => 'iso27001', 'name' => _('ISO27001'), 'report_file' => 'os_reports/BusinessAndComplianceISOPCI/ISO27001.php')), 'parameters' => array(array('name' => _('Date Range'), 'date_from_id' => 'bc_pci_date_from', 'date_to_id' => 'bc_pci_date_to', 'type' => 'date_range', 'default_value' => array('date_from' => $y . '-' . $m . '-' . $d, 'date_to' => date('Y') . '-' . date('m') . '-' . date('d')))), 'access' => Session::menu_perms('report-menu', 'ReportsReportServer'), 'send_by_email' => 1);
$reports['siem_report'] = array('report_name' => _('SIEM Events'), 'report_id' => 'siem_report', 'type' => 'pdf', 'subreports' => array('title_page' => array('id' => 'title_page', 'name' => _('Title Page'), 'report_file' => 'os_reports/Common/titlepage.php'), 'top_attacker_host' => array('id' => 'top_attacker_host', 'name' => _('Top 10 Attacker Host'), 'report_file' => 'os_reports/Siem/AttackerHosts.php'), 'top_attacked_host' => array('id' => 'top_attacked_host', 'name' => _('Top 10 Attacked Host'), 'report_file' => 'os_reports/Siem/AttackedHosts.php'), 'used_port' => array('id' => 'used_port', 'name' => _('Top 10 Used Ports'), 'report_file' => 'os_reports/Siem/UsedPorts.php'), 'top_events' => array('id' => 'top_events', 'name' => _('Top 15 Events'), 'report_file' => 'os_reports/Siem/TopEvents.php'), 'events_by_risk' => array('id' => 'events_by_risk', 'name' => _('Top 15 Events by Risk'), 'report_file' => 'os_reports/Siem/TopEventsByRisk.php')), 'parameters' => array(array('name' => _('Date Range'), 'date_from_id' => 'sr_date_from', 'date_to_id' => 'sr_date_to', 'type' => 'date_range', 'default_value' => array('date_from' => $y . '-' . $m . '-' . $d, 'date_to' => date('Y') . '-' . date('m') . '-' . date('d')))), 'access' => Session::menu_perms('analysis-menu', 'EventsForensics'), 'send_by_email' => 1);
$reports['vulnerabilities_report'] = array('report_name' => _('Vulnerabilities Report'), 'report_id' => 'vulnerabilities_report', 'type' => 'external', 'target' => '_blank', 'link_id' => 'link_vr', 'link' => Menu::get_menu_url('../vulnmeter/lr_respdf.php?ipl=all&scantype=M', 'environment', 'vulnerabilities', 'overview'), 'access' => Session::menu_perms('analysis-menu', 'EventsVulnerabilities'), 'send_by_email' => 0);
$reports['th_vuln_db'] = array('report_name' => _('Threats & Vulnerabilities Database'), 'report_id' => 'th_vuln_db', 'type' => 'external', 'link_id' => 'link_tvd', 'link' => Menu::get_menu_url('../vulnmeter/threats-db.php', 'environment', 'vulnerabilities', 'threat_database'), 'access' => Session::menu_perms('analysis-menu', 'EventsVulnerabilities'), 'send_by_email' => 0);
$reports['ticket_status'] = array('report_name' => _('Tickets Status'), 'report_id' => 'ticket_status', 'type' => 'external', 'link_id' => 'link_tr', 'link' => Menu::get_menu_url('../report/incidentreport.php', 'analysis', 'tickets', 'tickets'), 'access' => Session::menu_perms('analysis-menu', 'IncidentsIncidents'), 'send_by_email' => 0);
$db = new ossim_db();
$conn = $db->connect();
$user = Session::get_session_user();
$session_list = Session::get_list($conn, 'ORDER BY login');
if (preg_match('/pro|demo/', $conf->get_conf('ossim_server_version')) && !Session::am_i_admin()) {
$myusers = Acl::get_my_users($conn, Session::get_session_user());
if (count($myusers) > 0) {
$is_pro_admin = 1;
}
}
// User Log lists
if (Session::am_i_admin()) {
$user_values[''] = array('text' => _('All'));
if ($session_list) {
foreach ($session_list as $session) {
$login = $session->get_login();
$user_values[$login] = $login == $user ? array('text' => $login, 'selected' => TRUE) : array('text' => $login);
}
}
} elseif ($is_pro_admin) {
foreach ($myusers as $myuser) {
$user_values[$myuser['login']] = array('text' => $myuser['login']);
$user_values[$user] = array('text' => $user, 'selected' => TRUE);
}
} else {
$user_values[$user] = array('text' => $user);
}
$code_list = Log_config::get_list($conn, 'ORDER BY descr');
$action_values[''] = array('text' => _('All'));
if ($code_list) {
foreach ($code_list as $code_log) {
$code_aux = $code_log->get_code();
$action_values[$code_aux] = array('text' => '[' . sprintf("%02d", $code_aux) . '] ' . _(preg_replace('|%.*?%|', " ", $code_log->get_descr())));
}
}
$reports['user_activity'] = array('report_name' => _('User Activity Report'), 'report_id' => 'user_activity', 'type' => 'external', 'link_id' => 'link_ua', 'link' => Menu::get_menu_url('../userlog/user_action_log.php', 'settings', 'settings', 'user_activity'), 'parameters' => array(array('name' => _('User'), 'id' => 'ua_user', 'type' => 'select', 'values' => $user_values), array('name' => _('Action'), 'id' => 'ua_action', 'type' => 'select', 'values' => $action_values)), 'access' => Session::menu_perms('settings-menu', 'ToolsUserLog'), 'send_by_email' => 0);
$reports['geographic_report'] = array('report_name' => _('Geographic Report'), 'report_id' => 'geographic_report', 'type' => 'pdf', 'subreports' => array('title_page' => array('id' => 'title_page', 'name' => _('Title Page'), 'report_file' => 'os_reports/Common/titlepage.php'), 'geographic_report' => array('id' => 'geographic_report', 'name' => _('Geographic Report'), 'report_file' => 'os_reports/Various/Geographic.php')), 'parameters' => array(array('name' => _('Date Range'), 'date_from_id' => 'gr_date_from', 'date_to_id' => 'gr_date_to', 'type' => 'date_range', 'default_value' => array('date_from' => $y . '-' . $m . '-' . $d, 'date_to' => date('Y') . '-' . date('m') . '-' . date('d')))), 'access' => Session::menu_perms('analysis-menu', 'EventsForensics'), 'send_by_email' => 1);
//Sensor list
$sensor_values[''] = array('text' => ' -- ' . _('Sensors no found') . ' -- ');
$filters = array('order_by' => 'name');
$sensor_list = Av_sensor::get_basic_list($conn, $filters);
$filters = array('order_by' => 'priority desc');
list($sensor_list, $sensor_total) = Av_sensor::get_list($conn, $filters);
if ($sensor_total > 0) {
$sensor_values = array();
foreach ($sensor_list as $s) {
$properties = $s['properties'];
if ($properties['has_nagios']) {
$sensor_values[$s['ip']] = array('text' => $s['name']);
}
}
}
/* Nagios link */
$nagios_link = $conf->get_conf('nagios_link');
$scheme = empty($_SERVER['HTTPS']) ? 'http://' : 'https://';
$path = !empty($nagios_link) ? $nagios_link : '/nagios3/';
$port = !empty($_SERVER['SERVER_PORT']) ? ':' . $_SERVER['SERVER_PORT'] : "";
$nagios = $port . $path;
$section_values = array(urlencode($nagios . 'cgi-bin/trends.cgi') => array('text' => _('Trends')), urlencode($nagios . 'cgi-bin/avail.cgi') => array('text' => _('Availability')), urlencode($nagios . 'cgi-bin/histogram.cgi') => array('text' => _('Event Histogram')), urlencode($nagios . 'cgi-bin/history.cgi?host=all') => array('text' => _('Event History')), urlencode($nagios . 'cgi-bin/summary.cgi') => array('text' => _('Event Summary')), urlencode($nagios . 'cgi-bin/notifications.cgi') => array('text' => _('Notifications')), urlencode($nagios . 'cgi-bin/showlog.cgi') => array('text' => _('Performance Info')));
$reports['availability_report'] = array('report_name' => _('Availability Report'), 'report_id' => 'availability_report', 'type' => 'external', 'link_id' => 'link_avr', 'click' => "nagios_link('avr_nagios_link', 'avr_sensor', 'avr_section');", 'parameters' => array(array('name' => _('Sensor'), 'id' => 'avr_sensor', 'type' => 'select', 'values' => $sensor_values), array('name' => 'Nagioslink', 'id' => 'avr_nagios_link', 'type' => 'hidden', 'default_value' => urlencode($scheme)), array('name' => _('Section'), 'id' => 'avr_section', 'type' => 'select', 'values' => $section_values)), 'access' => Session::menu_perms('environment-menu', 'MonitorsAvailability'), 'send_by_email' => 0);
$db->close();
if ($id == NULL) {
ksort($reports);
return $reports;
} else {
return !empty($reports[$id]) ? $reports[$id] : array();
}
}
*
*
* On Debian GNU/Linux systems, the complete text of the GNU General
* Public License can be found in `/usr/share/common-licenses/GPL-2'.
*
* Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt
*
*/
require_once 'av_init.php';
Session::logcheck('environment-menu', 'MonitorsAvailability');
$db = new ossim_db();
$conn = $db->connect();
$conf = $GLOBALS['CONF'];
$nagios_default = parse_url($conf->get_conf('nagios_link'));
$filters = array('order_by' => 'priority desc');
list($sensor_list, $sensor_total) = Av_sensor::get_list($conn, $filters);
$scheme = isset($nagios_default['scheme']) ? $nagios_default['scheme'] : 'http';
$path = isset($nagios_default['path']) ? $nagios_default['path'] : '/nagios3/';
$path = str_replace('//', '/', $path);
$port = isset($nagios_default['port']) ? ':' . $nagios_default['port'] : '';
$flag_opts = TRUE;
$flag_login = FALSE;
if ($path[0] != '/') {
$path = '/' . $path;
}
$sensors_nagios = array();
$ng_selected = -1;
//Retrieving the sensor list with nagios activated.
if (is_array($sensor_list)) {
foreach ($sensor_list as $sid => $s) {
$properties = $s['properties'];
// load the default values for the form
if ($action == 'create_scan') {
$conf = $GLOBALS['CONF'];
$scan_locally = $conf->get_conf('nessus_pre_scan_locally');
$timeout = 28800;
$hosts_alive = 1;
}
$hosts_alive_data = get_host_alive_attributes($hosts_alive, $targets);
$scan_locally_checked = $scan_locally == 1 ? 'checked="checked"' : '';
$resolve_names_checked = $not_resolve == 1 ? 'checked="checked"' : '';
$email_notification = array();
$email_notification['no'] = $send_email == 0 ? 'checked="checked"' : '';
$email_notification['yes'] = $send_email == 1 ? 'checked="checked"' : '';
// load sensors
$filters = array('where' => 'sensor_properties.has_vuln_scanner = 1');
list($all_sensors, $s_total) = Av_sensor::get_list($conn);
foreach ($all_sensors as $_sensor_id => $sensor_data) {
$all_sensors[$_sensor_id]['selected'] = $_sensor_id == $SVRid ? 'selected="selected"' : '';
}
// load profiles
$args = '';
if (!Session::am_i_admin()) {
list($owners, $sqlowners) = Vulnerabilities::get_users_and_entities_filter($conn);
$owners[] = '0';
$sql_perms .= " OR owner IN('" . implode("', '", $owners) . "')";
$args = "WHERE name='Default' OR name='Deep' OR name='Ultimate' " . $sql_perms;
}
$query = "SELECT id, name, description, owner, type FROM vuln_nessus_settings {$args} ORDER BY name";
$conn->SetFetchMode(ADODB_FETCH_BOTH);
$result = $conn->execute($query);
while (!$result->EOF) {
}
$sensor_stack = array();
$sensor_stack_off = array();
$sensor_configured_stack = array();
if (count($sensor_list) > 0) {
foreach ($sensor_list as $sensor => $plugins) {
if (in_array($sensor, $sensor_stack)) {
continue;
}
array_push($sensor_stack, $sensor);
}
}
$active_sensors = 0;
$total_sensors = 0;
$filters = array('where' => $where, 'order_by' => $order, 'limit' => $limit);
list($sensor_list, $total) = Av_sensor::get_list($conn, $filters, FALSE, TRUE);
$xml = '';
$xml .= "<rows>\n";
$xml .= "<page>{$page}</page>\n";
$xml .= "<total>{$total}</total>\n";
foreach ($sensor_list as $sensor_id => $s_data) {
$ip = $s_data['ip'];
//The sensor is not active and we want only the active sensors
if (!in_array($ip, $sensor_stack) && $onlyactive > 0) {
continue;
}
if (in_array($ip, $sensor_stack) && $onlyactive < 0) {
continue;
}
$xml .= "<row id='{$sensor_id}'>";
$xml .= "<cell><![CDATA[" . "<a style='font-weight:bold;' href=\"./interfaces.php?sensor_id=" . $sensor_id . "\">{$ip}</a>" . "]]></cell>";
