function get_policy_entities($conn)
{
$entities = $entities_all = array();
$entities_all = Acl::get_entities_to_assign($conn);
foreach ($entities_all as $k => $v) {
if (Acl::is_logical_entity($conn, $k)) {
$parent_id = Acl::get_logical_ctx_id($conn, $k);
$parent_id = $parent_id[0];
// first
$parent_name = Acl::get_entity_name($conn, $parent_id);
$entities[$parent_id] = $parent_name;
} else {
$entities[$k] = $v;
}
}
asort($entities);
return $entities;
}
function get_policy_entities($conn)
{
$entities = $entities_all = array();
$ctx_pro = '';
$entities_all = Acl::get_entities_to_assign($conn);
foreach ($entities_all as $k => $v) {
if (Acl::is_logical_entity($conn, $k)) {
$parent_id = Acl::get_logical_ctx_id($conn, $k);
$parent_id = $parent_id[0];
// first
$parent_name = Acl::get_entity_name($conn, $parent_id);
if (!empty($parent_id)) {
$entities[$parent_id] = $parent_name;
}
} else {
$entities[$k] = $v;
}
}
asort($entities);
$ctx_pro = array_shift(array_keys($entities));
return array($entities, $ctx_pro);
}
<?php
} else {
?>
<tr>
<td class="left noborder" id='td_entities'>
<input type="hidden" name="num_entities_check" id="num_entities_check" value="<?php
if (!Session::is_pro()) {
echo "1";
}
?>
"/>
<select multiple="multiple" size="11" name="entities[]" class='vfield' id="entities">
<?php
if (is_array($sensor_entities)) {
foreach ($sensor_entities as $entity_id => $entity_name) {
if (Acl::is_logical_entity($conn, $entity_id)) {
continue;
}
?>
<option value="<?php
echo $entity_id;
?>
"><?php
echo $entity_name;
?>
</option>
<?php
}
}
?>
</select>
//menu template list
list($templates, $num_templates) = Session::get_templates($conn);
if (count($templates) < 1) {
$templates[0] = array('id' => '', 'name' => '- No templates found -');
}
$menus = array();
foreach ($templates as $template) {
$menus[$template['id']] = $template['name'];
}
//Entity list
$entities_all = Acl::get_entities_to_assign($conn);
if (is_array($entities_all) && count($entities_all) > 0) {
$default_entities['optgroup2'] = _('Entities');
foreach ($entities_all as $k => $v) {
$default_entities[$k] = $v;
if (!Acl::is_logical_entity($conn, $k)) {
$entities[$k] = $v;
}
}
} else {
$entities[''] = '- ' . _('No entities found') . ' -';
}
asort($entities);
}
$CONFIG = array('Ossim Framework' => array('title' => Session::is_pro() ? _('USM Framework') : _('Ossim Framework'), 'desc' => _('PHP Configuration (graphs, acls, database api) and links to other applications'), 'advanced' => 1, 'section' => 'alarms', 'conf' => array('use_resolv' => array('type' => array('0' => _('No'), '1' => _('Yes')), 'help' => '', 'desc' => _('Resolve IPs'), 'section' => 'alarms', 'advanced' => 1), 'nfsen_in_frame' => array('type' => array('0' => _('No'), '1' => _('Yes')), 'help' => '', 'desc' => _('Open Remote Netflow in the same frame'), 'advanced' => 1), 'md5_salt' => array('type' => 'text', 'help' => '', 'desc' => _('MD5 salt for passwords'), 'advanced' => 1), 'internet_connection' => array('type' => array('0' => _('No'), '1' => _('Yes'), '2' => _('Force Yes')), 'help' => _("You can configure if you have an internet connection available so that you can load external libraries.<br/><ul><li>No: It will not load external libraries.</li><li>Yes: It will check if we have internet connection and if so, it will load external libraries.</li><li>Force Yes: It will always try to load external libraries.</li></ul>This option requires to login again."), 'desc' => _('Internet Connection Availability'), 'advanced' => 1))), 'Metrics' => array('title' => _('Metrics'), 'desc' => _('Configure metric settings'), 'advanced' => 0, 'section' => 'metrics', 'conf' => array('recovery' => array('type' => 'text', 'help' => '', 'desc' => _('Recovery Ratio'), 'advanced' => 0, 'section' => 'metrics'), 'def_asset' => array('type' => 'text', 'help' => '', 'desc' => _('Default Asset value'), 'advanced' => 0, 'section' => 'metrics'), 'server_logger_if_priority' => array('type' => array('0' => 0, '1' => 1, '2' => 2, '3' => 3, '4' => 4, '5' => 5), 'help' => _("Store in SIEM if event�s priority >= this value") . ",<br> " . _('CLI action required:') . ' ' . _('Maintenance & Troubleshooting->Restart System Services->Restart AlienVault Server Service'), 'desc' => _('Security Events process priority threshold'), 'advanced' => 1, 'section' => 'metrics', 'disabled' => Session::is_pro() ? 0 : 1))), 'Ossim Framework' => array('title' => Session::is_pro() ? _('USM Framework') : _('Ossim Framework'), 'desc' => _('PHP Configuration (graphs, acls, database api) and links to other applications'), 'advanced' => 1, 'section' => 'alarms', 'conf' => array('use_resolv' => array('type' => array('0' => _('No'), '1' => _('Yes')), 'help' => '', 'desc' => _('Resolve IPs'), 'section' => 'alarms', 'advanced' => 1), 'nfsen_in_frame' => array('type' => array('0' => _('No'), '1' => _('Yes')), 'help' => '', 'desc' => _('Open Remote Netflow in the same frame'), 'advanced' => 1), 'md5_salt' => array('type' => 'text', 'help' => '', 'desc' => _('MD5 salt for passwords'), 'advanced' => 1), 'internet_connection' => array('type' => array('0' => _('No'), '1' => _('Yes'), '2' => _('Force Yes')), 'help' => _("You can configure if you have an internet connection available so that you can load external libraries.<br/><ul><li>No: It will not load external libraries.</li><li>Yes: It will check if we have internet connection and if so, it will load external libraries.</li><li>Force Yes: It will always try to load external libraries.</li></ul>This option requires to login again."), 'desc' => _('Internet Connection Availability'), 'advanced' => 1), 'framework_https_cert_plain' => array('type' => 'textarea', 'help' => _('PEM encoded X.509 certificate. Cut and paste the certificate including the "----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----" lines'), 'desc' => _('Web Server SSL Certificate (PEM format)'), 'advanced' => 1), 'framework_https_pem_plain' => array('type' => 'textarea', 'help' => _('PEM encoded private key. Cut and paste the private key including the "-----BEGIN RSA PRIVATE KEY-----" and "-----END RSA PRIVATE KEY-----" lines'), 'desc' => _('Web Server SSL Private Key (PEM format)'), 'advanced' => 1), 'framework_https_ca_cert_plain' => array('type' => 'textarea', 'help' => _('PEM encoded X.509 certificates. Cut and paste the certificates including the "----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----" lines'), 'desc' => _('Web Server SSL CA Certificates (PEM format) <i>[optional]</i>'), 'advanced' => 1))), 'IDM' => array('title' => _('IDM'), 'desc' => _('Configure IDM settings'), 'advanced' => 1, 'section' => 'idm', 'conf' => array('idm_user_login_timeout' => array('type' => 'text', 'help' => _('If a user does not log in a host after # hours the IDM will not enrich the events with that user log in information. Set a default session timeout for IDM User Login events. Value 0 disables this feature. The server will be restarted.'), 'desc' => _('IDM user login timeout'), 'advanced' => 1, 'section' => 'idm'))), 'Backup' => array('title' => _('Backup'), 'desc' => _('Backup configuration: backup database, directory, interval'), 'advanced' => 0, 'section' => 'siem,alarms,raw_logs', 'conf' => array('backup_store' => array('type' => array('0' => _('No'), '1' => _('Yes')), 'help' => _('Enable/Disable SIEM Events database backup.<br/>The events out of active window will be stored in backup files'), 'desc' => _('Enable SIEM database backup'), 'advanced' => 1), 'frameworkd_backup_storage_days_lifetime' => array('type' => 'text', 'help' => _('Number of Backup files (One file per day of Siem events) are stored in hard-disk'), 'desc' => _('Number of Backup files to keep in the filesystem'), 'section' => 'siem', 'advanced' => 0), 'backup_day' => array('type' => 'text', 'help' => _('Number of days Siem events are stored in SQL Database<br/>(0 value means no backup)'), 'desc' => _('Events to keep in the Database (Number of days)'), 'section' => 'siem', 'advanced' => 0), 'backup_events' => array('type' => 'text', 'help' => _('Maximum number of events stored in SQL Database<br/>(0 value means no limit)'), 'desc' => _('Events to keep in the Database (Number of events)'), 'section' => 'siem', 'advanced' => 0), 'backup_hour' => array('type' => 'text', 'id' => 'backup_timepicker', 'help' => _('Backup start time in format HH:MM'), 'desc' => _('Backup start time'), 'advanced' => 0), 'backup_netflow' => array('type' => 'text', 'help' => _('Number of days to store flows on netflows for'), 'desc' => _('Active Netflow Window'), 'advanced' => 0), 'alarms_expire' => array('type' => array('yes' => _('Yes'), 'no' => _('No')), 'section' => 'alarms', 'help' => _('Keep alarms on database or expire by Lifetime value'), 'desc' => _('Alarms Expire'), 'onchange' => 'change_alarms_lifetime(this.value)', 'value' => $conf->get_conf('alarms_lifetime') > 0 ? 'yes' : 'no', 'advanced' => 0), 'alarms_lifetime' => array('type' => 'text', 'section' => 'alarms', 'id' => 'alarms_lifetime', 'help' => _('Number of days to keep alarms for (0 never expires)'), 'desc' => _('Alarms Lifetime'), 'style' => $conf->get_conf('alarms_lifetime') > 0 ? '' : 'color:gray', 'advanced' => 0), 'logger_expire' => array('type' => array('yes' => _('Yes'), 'no' => _('No')), 'section' => 'raw_logs', 'id' => 'logger_expiration', 'help' => _('Keep logs on Logger storage or expire by Lifetime value'), 'desc' => _('Logger Expiration'), 'onchange' => 'change_logger_lifetime(this.value)', 'value' => $conf->get_conf('logger_storage_days_lifetime') > 0 ? 'yes' : 'no', 'advanced' => 0, 'disabled' => Session::is_pro() ? 0 : 1), 'logger_storage_days_lifetime' => array('type' => 'text', 'section' => 'raw_logs', 'id' => 'logger_storage_days_lifetime', 'help' => _('Number of days to keep Logs for (0 never expires)'), 'desc' => _('Active Logger Window'), 'onchange' => 'check_logger_lifetime(this.value)', 'style' => $conf->get_conf('logger_storage_days_lifetime') > 0 ? '' : 'color:gray', 'advanced' => 0, 'disabled' => Session::is_pro() ? 0 : 1))), 'Vulnerability Scanner' => array('title' => _('Vulnerability Scanner'), 'desc' => _('Vulnerability Scanner configuration'), 'advanced' => 0, 'section' => 'vulnerabilities', 'conf' => array('nessus_user' => array('type' => 'text', 'help' => '', 'desc' => _('Scanner Login'), 'advanced' => 1, 'section' => 'vulnerabilities'), 'nessus_pass' => array('type' => 'password', 'help' => '', 'desc' => _('Scanner Password'), 'advanced' => 1, 'section' => 'vulnerabilities'), 'nessus_host' => array('type' => 'text', 'help' => _('Only for non distributed scans'), 'desc' => _('Scanner host'), 'advanced' => 1, 'section' => 'vulnerabilities'), 'nessus_port' => array('type' => 'text', 'help' => _('Defaults to port 9390'), 'desc' => _('Scanner port'), 'advanced' => 1, 'section' => 'vulnerabilities'), 'nessus_pre_scan_locally' => array('type' => array('0' => _('No'), '1' => _('Yes')), 'help' => _('Do not pre-scan from scanning sensor'), 'desc' => _('Enable Pre-Scan locally'), 'advanced' => 1, 'section' => 'vulnerabilities'), 'vulnerability_incident_threshold' => array('type' => array('1' => 'Info', '2' => 'Low', '5' => 'Medium', '6' => 'High', '11' => _('Disabled')), 'help' => _('Any vulnerability with a higher risk level than this value will automatically generate a vulnerability ticket.'), 'desc' => _('Vulnerability Ticket Threshold'), 'advanced' => 0, 'section' => 'vulnerabilities'))), 'User Log' => array('title' => _('User activity'), 'desc' => _('User action logging'), 'advanced' => 0, 'section' => 'userlog', 'conf' => array('session_timeout' => array('type' => 'text', 'help' => _('Expired timeout for current session in minutes. (0=unlimited)'), 'desc' => _('Session Timeout (minutes)'), 'advanced' => 0, 'section' => 'userlog'), 'user_life_time' => array('type' => 'text', 'help' => _('Expired life time for current user in days. (0=never expires)'), 'desc' => _('User Life Time (days)'), 'advanced' => 0, 'section' => 'userlog'), 'user_action_log' => array('type' => array('0' => _('No'), '1' => _('Yes')), 'help' => '', 'desc' => _('Enable User Log'), 'advanced' => 0, 'section' => 'userlog'), 'log_syslog' => array('type' => array('0' => _('No'), '1' => _('Yes')), 'help' => '', 'desc' => _('Log to syslog'), 'advanced' => 0, 'section' => 'userlog'), 'track_usage_information' => array('type' => array('0' => _('No'), '1' => _('Yes')), 'more' => sprintf(' <a href="%s" target="_blank" class="terms">%s</a>', '/ossim/av_routing.php?action_type=EXT_TRACK_USAGE_INFORMATION', _('Learn more')), 'help' => sprintf(_('Shares performance, usage, system and customization data about your deployment with AlienVault to help us make %s better'), $product), 'desc' => sprintf(_('Send anonymous usage statistics and system data to AlienVault to improve %s'), $product), 'advanced' => 0, 'section' => 'userlog'))), 'Login' => array('title' => _('Login methods/options'), 'desc' => _('Setup main login methods/options'), 'advanced' => 1, 'section' => 'users', 'conf' => array('remote_key' => array('type' => 'password', 'help' => _('To apply this change restart your session'), 'desc' => _('Remote login key'), 'advanced' => 1, 'section' => 'users'), 'login_enable_ldap' => array('type' => array('yes' => _('Yes'), 'no' => _('No')), 'help' => '', 'desc' => _('Enable LDAP for login'), 'advanced' => 1, 'section' => 'users'), 'login_ldap_server' => array('type' => 'text', 'help' => 'LDAP server IP or host name', 'desc' => _('LDAP server address'), 'advanced' => 1, 'section' => 'users'), 'login_ldap_port' => array('type' => 'text', 'help' => 'TCP port to connect LDAP server<br/>By default the port is 389 or 636 if you use SSL', 'id' => 'ldap_port', 'desc' => _('LDAP server port'), 'advanced' => 1, 'section' => 'users'), 'login_ldap_ssl' => array('type' => array('yes' => _('Yes'), 'no' => _('No')), 'help' => _('use LDAP server SSL?'), 'desc' => _('LDAP server SSL'), 'onchange' => 'change_ldap_port(this.value)', 'advanced' => 1, 'section' => 'users'), 'login_ldap_tls' => array('type' => array('yes' => _('Yes'), 'no' => _('No')), 'help' => _('use LDAP server with TLS?'), 'desc' => _('LDAP server TLS'), 'advanced' => 1, 'section' => 'users'), 'login_ldap_baseDN' => array('type' => 'text', 'help' => 'Example: dc=local,dc=domain,dc=net', 'desc' => _('LDAP server baseDN'), 'advanced' => 1, 'section' => 'users'), 'login_ldap_filter_to_search' => array('type' => 'text', 'help' => _('Filter to search the users for ossim in LDAP<br />Example for LDAP:<br/> (&(cn=%u)(objectClass=account)) <b>or</b> (uid=%u) <b>or</b> (&(cn=%u)(objectClass=OrganizationalPerson))<br/>Example for AD:<br/> (&(sAMAccountName=%u)(objectCategory=person)) <b>or</b> (userPrincipalName=%u) %u is the user'), 'desc' => _('LDAP server filter for LDAP users'), 'advanced' => 1, 'section' => 'users'), 'login_ldap_bindDN' => array('type' => 'text', 'help' => _('Account to search the user in LDAP <br/>Example: user@example.com'), 'desc' => _('LDAP Username'), 'advanced' => 1, 'section' => 'users'), 'login_ldap_valid_pass' => array('type' => 'password', 'help' => _('Password of Ldap Username'), 'desc' => _('LDAP password for Username'), 'advanced' => 1, 'section' => 'users'), 'login_ldap_require_a_valid_ossim_user' => array('type' => array('yes' => _('Yes'), 'no' => _('No')), 'help' => '', 'desc' => _('Require a valid ossim user for login?'), 'advanced' => 1, 'onchange' => Session::is_pro() ? 'change_ldap_need_user(this.value)' : '', 'section' => 'users'), 'login_create_not_existing_user_entity' => array('type' => $entities, 'help' => '', 'id' => 'user_entity', 'desc' => _('Entity for new user'), 'advanced' => 1, 'section' => 'users'), 'login_create_not_existing_user_menu' => array('type' => $menus, 'help' => '', 'id' => 'user_menu', 'desc' => _('Menus for new user'), 'advanced' => 1, 'section' => 'users'))), 'Passpolicy' => array('title' => _('Password policy'), 'desc' => _('Setup login password policy options'), 'advanced' => 1, 'section' => 'users', 'conf' => array('pass_length_min' => array('type' => 'text', 'help' => _('Number (default = 7)'), 'desc' => _('Minimum password length'), 'advanced' => 1, 'section' => 'users'), 'pass_length_max' => array('type' => 'text', 'help' => _('Number (default = 32)'), 'desc' => _('Maximum password length'), 'advanced' => 1, 'section' => 'users'), 'pass_history' => array('type' => 'text', 'help' => _('Number (default = 0) -> 0 disable'), 'desc' => _('Password history'), 'advanced' => 1, 'section' => 'users'), 'pass_complex' => array('type' => array('yes' => _('Yes'), 'no' => _('No')), 'help' => _('3 of these group of characters -> lowercase, uppercase, numbers and special characters'), 'desc' => _('Complexity'), 'advanced' => 1, 'section' => 'users'), 'pass_expire_min' => array('type' => 'text', 'help' => _('The minimum password lifetime prevents users from circumventing') . '<br/>' . _('the requirement to change passwords by doing five password changes<br> in a minute to return to the currently expiring password. (0 to disable) (default 0)'), 'desc' => _('Minimum password lifetime in minutes'), 'advanced' => 1, 'section' => 'users'), 'pass_expire' => array('type' => 'text', 'help' => _('After these days the login ask for new password. (0 to disable) (default 0)'), 'desc' => _('Maximum password lifetime in days'), 'advanced' => 1, 'section' => 'users'), 'failed_retries' => array('type' => 'text', 'help' => _('Number of failed attempts prior to lockout'), 'desc' => _('Failed logon attempts'), 'advanced' => 1, 'section' => 'users'), 'unlock_user_interval' => array('type' => 'text', 'help' => _('Account lockout duration in minutes (0 = never auto-unlock)'), 'desc' => _('Account lockout duration'), 'advanced' => 1, 'section' => 'users'))), 'IncidentGeneration' => array('title' => _('Tickets'), 'desc' => _('Tickets parameters'), 'advanced' => 0, 'section' => 'tickets,alarms', 'conf' => array('alarms_generate_incidents' => array('type' => array('yes' => _('Yes'), 'no' => _('No')), 'help' => _('Enabling this option will lead to automatic ticket generation <br/>upon arrival of alarms.'), 'desc' => _('Open Tickets for new alarms automatically?'), 'section' => 'tickets,alarms', 'advanced' => 0), 'incidents_incharge_default' => array('type' => $default_entities, 'help' => _('The automatic ticket generation will use the selected in-charge user or entity. Admin user by default'), 'desc' => _('Automatic ticket generation default in-charge user/entity'), 'section' => 'tickets,alarms', 'advanced' => 0), 'tickets_send_mail' => array('type' => array('yes' => _('Yes'), 'no' => _('No')), 'help' => '', 'desc' => _('Send email notification'), 'section' => 'tickets', 'advanced' => 0), 'tickets_max_days' => array('type' => 'text', 'help' => '', 'desc' => _('Maximum days for email notification'), 'advanced' => 0, 'section' => 'tickets'), 'tickets_template_link' => array('type' => 'link', 'value' => "<a target='" . (POST('section') != '' || GET('section') != '' ? '_parent' : 'main') . "' href='/ossim/conf/emailtemplate.php'>" . _('Click here') . '</a>', 'help' => '', 'desc' => _('Email Template for tickets'), 'advanced' => 0, 'section' => 'tickets'))));
ksort($CONFIG);
function custom_actions($api_client, $var, $value)
{
global $restart_server;
$value = trim($value);
switch ($var) {
