Пример #1
0
*
* On Debian GNU/Linux systems, the complete text of the GNU General
* Public License can be found in `/usr/share/common-licenses/GPL-2'.
*
* Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt
*
*/
require_once 'av_init.php';
Session::logcheck("analysis-menu", "ControlPanelAlarms");
$db = new ossim_db(TRUE);
$conn = $db->connect();
$mssp = Session::show_entities();
list($count_tags, $tags) = Tag::get_tags_by_type($conn, 'alarm');
$intents = Alarm::get_intents($conn);
$sensors = Av_sensor::get_list($conn, array(), FALSE, TRUE);
$_groups_data = Asset_group::get_list($conn);
$asset_groups = $_groups_data[0];
//Autocomplete
$autocomplete_keys = array('hosts');
$hosts_str = Autocomplete::get_autocomplete($conn, $autocomplete_keys);
$db->close();
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
	<title> <?php 
echo _('AlienVault ' . (Session::is_pro() ? 'USM' : 'OSSIM'));
?>
 </title>
    <meta http-equiv="Content-Type" content="text/html;charset=iso-8859-1"/>
Пример #2
0
require_once 'av_init.php';
Session::logcheck('environment-menu', 'PolicyHosts');
/****************************************************
 ******************** Host Data *********************
 ****************************************************/
//Database connection
$db = new ossim_db();
$conn = $db->connect();
$id = GET('id');
$msg = GET('msg');
ossim_valid($id, OSS_HEX, 'illegal:' . _('Asset group ID'));
if (ossim_error()) {
    echo ossim_error(_('Error! Asset group not found'));
    exit;
}
$asset_group = new Asset_group($id);
$asset_group->can_i_edit($conn);
$asset_group->load_from_db($conn);
//Getting group data
$id = $asset_group->get_id();
$name = $asset_group->get_name();
$owner = $asset_group->get_owner();
$descr = $asset_group->get_descr();
$threshold_a = $asset_group->get_threshold('a');
$threshold_c = $asset_group->get_threshold('c');
$nagios = Asset_group_scan::is_plugin_in_group($conn, $id, 2007);
//Closing database connection
$db->close();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
Пример #3
0
         if (!check_any($dest_host->get_host_id())) {
             $dest .= ($dest == "" ? "" : "<br/>") . "<img src='../pixmaps/theme/host.png' align=absbottom /> " . Asset_host::get_name_by_id($conn, $dest_host->get_host_id());
         }
     }
 }
 if ($dest_net_list = $policy->get_nets($conn, 'dest')) {
     foreach ($dest_net_list as $dest_net) {
         if (!check_any($dest_net->get_net_id())) {
             $dest .= ($dest == "" ? "" : "<br/>") . "<img src='../pixmaps/theme/net.png' align=absbottom /> " . Asset_net::get_name_by_id($conn, $dest_net->get_net_id());
         }
     }
 }
 if ($dest_host_list = $policy->get_host_groups($conn, 'dest')) {
     foreach ($dest_host_list as $dest_host_group) {
         if (!check_any($dest_host_group->get_host_group_id())) {
             $dest .= ($dest == "" ? "" : "<br/>") . "<img src='../pixmaps/theme/host_group.png' align=absbottom /> " . Asset_group::get_name_by_id($conn, $dest_host_group->get_host_group_id());
         }
     }
 }
 if ($dest_net_list = $policy->get_net_groups($conn, 'dest')) {
     foreach ($dest_net_list as $dest_net_group) {
         if (!check_any($dest_net_group->get_net_group_id())) {
             $dest .= ($dest == "" ? "" : "<br/>") . "<img src='../pixmaps/theme/net_group.png' align=absbottom /> " . Net_group::get_name_by_id($conn, $dest_net_group->get_net_group_id());
         }
     }
 }
 if (empty($dest)) {
     $dest = "<img src='../pixmaps/theme/host.png' align=absbottom />" . _('ANY');
 }
 $xml .= "<cell><![CDATA[" . $dest . "]]></cell>";
 //Ports source
Пример #4
0
function main_page($viewall, $sortby, $sortdir)
{
    global $uroles, $username, $dbconn;
    global $arruser, $user, $rs_page;
    $dbconn->SetFetchMode(ADODB_FETCH_BOTH);
    $tz = Util::get_timezone();
    if ($sortby == "") {
        $sortby = "id";
    }
    if ($sortdir == "") {
        $sortdir = "DESC";
    }
    $sql_order = "order by {$sortby} {$sortdir}";
    if (Session::menu_perms("environment-menu", "EventsVulnerabilitiesScan")) {
        ?>
		<div style="width:50%; position: relative; height: 5px; float:left">

			<div style="width:100%; position: absolute; top: -41px;left:0px;">
    			<div style="float:left; height:28px; margin:5px 5px 0px 0px;">
    				<a class="button" href="<?php 
        echo Menu::get_menu_url(AV_MAIN_PATH . '/vulnmeter/sched.php?action=create_scan&hosts_alive=1&scan_locally=1', 'environment', 'vulnerabilities', 'scan_jobs');
        ?>
">
                            <?php 
        echo _("New Scan Job");
        ?>
    				</a>
    			</div>

    			<div style="float:left;height:28px;margin:5px 5px 0px -2px;">
    				<a class="greybox button av_b_secondary" href="import_nbe.php" title="<?php 
        echo _("Import nbe file");
        ?>
">
    				        <?php 
        echo _("Import nbe file");
        ?>
    				</a>
    			</div>
			</div>

		</div>

		<?php 
    }
    if (intval($_GET['page']) != 0) {
        $page = intval($_GET['page']);
    } else {
        $page = 1;
    }
    $pagesize = 10;
    if ($username == "admin") {
        $query = "SELECT count(id) as num FROM vuln_jobs WHERE status !='R'";
    } else {
        $query = "SELECT count(id) as num FROM vuln_jobs where username='******' WHERE status !='R'";
    }
    $result = $dbconn->Execute($query);
    $jobCount = $result->fields["num"];
    $num_pages = ceil($jobCount / $pagesize);
    //echo "num_pages:[".$num_pages."]";
    //echo "jobCount:[".$jobCount."]";
    //echo "page:[".$page."]";
    if (Vulnerabilities::scanner_type() == "omp") {
        // We can display scan status with OMP protocol
        echo Vulnerabilities::get_omp_running_scans($dbconn, $rs_page);
    } else {
        // Nessus
        all_jobs(0, 10, "R");
    }
    ?>

<?php 
    $schedulejobs = _("Scheduled Jobs");
    echo <<<EOT

   <table style='margin-top:20px;' class='w100 transparent'><tr><td class='sec_title'>{$schedulejobs}</td></tr></table>
   <table summary="Job Schedules" class='w100 table_list'>
EOT;
    if ($sortdir == "ASC") {
        $sortdir = "DESC";
    } else {
        $sortdir = "ASC";
    }
    $arr = array("name" => "Name", "schedule_type" => "Schedule Type", "time" => "Time", "next_CHECK" => "Next Scan", "enabled" => "Status");
    // modified by hsh to return all scan schedules
    if (empty($arruser)) {
        $query = "SELECT t2.name as profile, t1.meth_TARGET, t1.id, t1.name, t1.schedule_type, t1.meth_VSET, t1.meth_TIMEOUT, t1.username, t1.enabled, t1.next_CHECK, t1.email\n              FROM vuln_job_schedule t1 LEFT JOIN vuln_nessus_settings t2 ON t1.meth_VSET=t2.id ";
    } else {
        $query = "SELECT t2.name as profile, t1.meth_TARGET, t1.id, t1.name, t1.schedule_type, t1.meth_VSET, t1.meth_TIMEOUT, t1.username, t1.enabled, t1.next_CHECK, t1.email\n              FROM vuln_job_schedule t1 LEFT JOIN vuln_nessus_settings t2 ON t1.meth_VSET=t2.id WHERE username in ({$user}) ";
    }
    $query .= $sql_order;
    $result = $dbconn->execute($query);
    if ($result->EOF) {
        echo "<tr><td class='empty_results' height='20' style='text-align:center;'>" . _("No Scheduled Jobs") . "</td></tr>";
    }
    if (!$result->EOF) {
        echo "<tr>";
        foreach ($arr as $order_by => $value) {
            echo "<th><a href=\"manage_jobs.php?sortby={$order_by}&sortdir={$sortdir}\">" . _($value) . "</a></th>";
        }
        if (Session::menu_perms("environment-menu", "EventsVulnerabilitiesScan")) {
            echo "<th>" . _("Action") . "</th></tr>";
        }
    }
    $colors = array("#FFFFFF", "#EEEEEE");
    $color = 0;
    while (!$result->EOF) {
        list($profile, $targets, $schedid, $schedname, $schedtype, $sid, $timeout, $user, $schedstatus, $nextscan, $servers) = $result->fields;
        $name = Av_sensor::get_name_by_id($dbconn, $servers);
        $servers = $name != '' ? $name : _('First Available Sensor');
        $targets_to_resolve = explode("\n", $targets);
        $ttargets = array();
        foreach ($targets_to_resolve as $id_ip) {
            if (preg_match("/^([a-f\\d]{32})#\\d+\\.\\d+\\.\\d+\\.\\d+\\/\\d{1,2}/i", $id_ip, $found) && Asset_net::is_in_db($dbconn, $found[1])) {
                $ttargets[] = preg_replace("/^([a-f\\d]{32})#/i", "", $id_ip) . " (" . Asset_net::get_name_by_id($dbconn, $found[1]) . ")";
            } else {
                if (preg_match("/^([a-f\\d]{32})#\\d+\\.\\d+\\.\\d+\\.\\d+/i", $id_ip, $found) && Asset_host::is_in_db($dbconn, $found[1])) {
                    $ttargets[] = preg_replace("/^([a-f\\d]{32})#/i", "", $id_ip) . " (" . Asset_host::get_name_by_id($dbconn, $found[1]) . ")";
                } else {
                    if (preg_match("/^([a-f\\d]{32})#hostgroup/i", $id_ip, $found)) {
                        $hostgroup_name = Asset_group::get_name_by_id($dbconn, $found[1]);
                        $ttargets[] = $hostgroup_name == _('Unknown') ? _('Unknown hostgroup') : $hostgroup_name;
                    } else {
                        if (preg_match("/^([a-f\\d]{32})#netgroup/i", $id_ip, $found)) {
                            $netgroup_name = Net_group::get_name_by_id($dbconn, $found[1]);
                            $ttargets[] = $netgroup_name == _('Unknown') ? _('Unknown netgroup') : $netgroup_name;
                        } else {
                            $ttargets[] = preg_replace("/[a-f\\d]{32}/i", "", $id_ip);
                        }
                    }
                }
            }
        }
        $targets = implode("<BR/>", $ttargets);
        $tz = intval($tz);
        $nextscan = gmdate("Y-m-d H:i:s", Util::get_utc_unixtime($nextscan) + 3600 * $tz);
        preg_match("/\\d+\\-\\d+\\-\\d+\\s(\\d+:\\d+:\\d+)/", $nextscan, $found);
        $time = $found[1];
        switch ($schedtype) {
            case "N":
                $stt = _("Once (Now)");
                break;
            case "O":
                $stt = _("Once");
                break;
            case "D":
                $stt = _("Daily");
                break;
            case "W":
                $stt = _("Weekly");
                break;
            case "M":
                $stt = _("Monthly");
                break;
            case "Q":
                $stt = _("Quarterly");
                break;
            case "H":
                $stt = _("On Hold");
                break;
            case "NW":
                $stt = _("N<sup>th</sup> week of the month");
                break;
            default:
                $stt = "&nbsp;";
                break;
        }
        switch ($schedstatus) {
            case "1":
                $itext = _("Disable Scheduled Job");
                $isrc = "images/stop_task.png";
                $ilink = "manage_jobs.php?disp=setstatus&schedid={$schedid}&enabled=0";
                break;
            default:
                $itext = _("Enable Scheduled Job");
                $isrc = "images/play_task.png";
                $ilink = "manage_jobs.php?disp=setstatus&schedid={$schedid}&enabled=1";
                break;
        }
        if (!Session::menu_perms("environment-menu", "EventsVulnerabilitiesScan")) {
            $ilink = "javascript:return false;";
        }
        if ($schedstatus) {
            $txt_enabled = "<td><a href=\"{$ilink}\"><font color=\"green\">" . _("Enabled") . "</font></a></td>";
        } else {
            $txt_enabled = "<td><a href=\"{$ilink}\"><font color=\"red\">" . _("Disabled") . "</font></a></td>";
        }
        require_once 'classes/Security.inc';
        if (valid_hex32($user)) {
            $user = Session::get_entity_name($dbconn, $user);
        }
        echo "<tr bgcolor=\"" . $colors[$color % 2] . "\">";
        if ($profile == "") {
            $profile = _("Default");
        }
        echo "<td><span class=\"tip\" title=\"<b>" . _("Owner") . ":</b> {$user}<br><b>" . _("Sensor") . ":</b> {$servers}<br /><b>" . _("Scheduled Job ID") . ":</b> {$schedid}<br><b>" . _("Profile") . ":</b> {$profile}<br><b>" . _("Targets") . ":</b><br>" . $targets . "\">{$schedname}</span></td>";
        ?>
    <td><?php 
        echo $stt;
        ?>
</td>
    <td><?php 
        echo $time;
        ?>
</td>
    <td><?php 
        echo $nextscan;
        ?>
</td>
<?php 
        echo <<<EOT
    {$txt_enabled}
    <td style="padding-top:2px;"><a href="{$ilink}"><img alt="{$itext}" src="{$isrc}" border=0 title="{$itext}"></a>&nbsp;
EOT;
        if (Session::menu_perms("environment-menu", "EventsVulnerabilitiesScan")) {
            echo "<a href='" . Menu::get_menu_url(AV_MAIN_PATH . '/vulnmeter/sched.php?action=edit_sched&sched_id=' . $schedid . '&status=' . intval($schedstatus), 'environment', 'vulnerabilities', 'scan_jobs') . "'><img src='images/pencil.png' title='" . _("Edit Scheduled") . "'></a>&nbsp;";
            echo "<a href='manage_jobs.php?disp=delete&amp;schedid={$schedid}' onclick='return confirmDelete();'><img src='images/delete.gif' title='" . gettext("Delete Scheduled") . "'></a>";
        }
        echo "</td>";
        echo <<<EOT
</tr>
EOT;
        $result->MoveNext();
        $color++;
    }
    echo <<<EOT
</table>
EOT;
    ?>
<br />
<?php 
    $out = all_jobs(($page - 1) * $pagesize, $pagesize);
    ?>
<table width="100%" align="center" class="transparent" cellspacing="0" cellpadding="0">
    <tr>
        <td class="nobborder" valign="top" style="padding-top:5px;">
            <div class="fright">
                <?php 
    if ($out != 0 && $num_pages != 1) {
        $page_url = "manage_jobs.php";
        if ($page == 1 && $page == $num_pages) {
            echo '<a href="" class="link_paginate_disabled" onclick="return false">< ' . _("PREVIOUS") . '</a>';
            echo '<a class="lmargin link_paginate_disabled" href="" onclick="return false">' . _("NEXT") . ' ></a>';
        } elseif ($page == 1) {
            echo '<a href="" class="link_paginate_disabled" onclick="return false">< ' . _("PREVIOUS") . '</a>';
            echo '<a class="lmargin" href="' . $page_url . '?page=' . ($page + 1) . '&rs_page=' . $rs_page . '">' . _("NEXT") . ' ></a>&nbsp;';
        } elseif ($page == $num_pages) {
            echo '<a href="' . $page_url . '?page=' . ($page - 1) . '&rs_page=' . $rs_page . '">< ' . _("PREVIOUS") . '</a>';
            echo '<a class="lmargin link_paginate_disabled" href="" onclick="return false">' . _("NEXT") . ' ></a>';
        } else {
            echo '<a href="' . $page_url . '?page=' . ($page - 1) . '&rs_page=' . $rs_page . '">< ' . _("PREVIOUS") . '</a><a class="lmargin" href="' . $page_url . '?page=' . ($page + 1) . '&rs_page=' . $rs_page . '">' . _("NEXT") . ' ></a>';
        }
    }
    ?>
            </div>
        </td>
    </tr>
    </table>
<?php 
}
Пример #5
0
function get_group_info($conn, $group_id)
{
    $group = Asset_group::get_object($conn, $group_id);
    $data = array('id' => $group_id, 'name' => $group->get_name(), 'owner' => $group->get_owner(), 'descr' => html_entity_decode($group->get_descr(), ENT_QUOTES, 'UTF-8'));
    return $data;
}
Пример #6
0
function GetOssimHostsFromHostGroups($hostgroup)
{
    $db = new ossim_db();
    $conn = $db->connect();
    $pg = array();
    try {
        $asset_group = new Asset_group($hostgroup);
        $asset_group->load_from_db($conn);
        $_hosts = $asset_group->get_hosts($conn, array(), TRUE);
        $hosts = $_hosts[0];
    } catch (Exception $e) {
        echo $e->getMessage();
        return $pg;
    }
    foreach ($hosts as $hg) {
        $pg[] = $hg[2];
        //  Array ( [0] => ID [1] => CTX [2] => IP [3] => Name )
    }
    $db->close();
    return $pg;
}
Пример #7
0
    // sensors permissions
    $ttargets[$target]['sensors_perms'] = $sperm;
    // sensors permissions
    $ttargets[$target]['vuln_scanner'] = $vs;
    // Nmap status
    $ttargets[$target]['nmap_scan'] = $snmap;
    // Load
    $ttargets[$target]['load'] = $load;
}
// group targets by group and sensors
$result = array();
foreach ($ttargets as $target => $target_data) {
    if (Av_sensor::is_in_db($conn, $target_data['sensor']) == TRUE) {
        if (!empty($target_data['hostgroup_id'])) {
            $result_key = $target_data['hostgroup_id'] . '#hostgroup#' . $target_data['sensor'];
            $result[$result_key]['name'] = Asset_group::get_name_by_id($conn, $target_data['hostgroup_id']);
        } else {
            if (!empty($target_data['netgroup_id'])) {
                $result_key = $target_data['netgroup_id'] . '#netgroup#' . $target_data['sensor'];
                $result[$result_key]['name'] = Net_group::get_name_by_id($conn, $target_data['netgroup_id']);
            } else {
                $result_key = $target . '#' . $target_data['sensor'];
                $result[$result_key]['name'] = $target_data['name'];
            }
        }
        $result[$result_key]['ips'][] = $target;
        $result[$result_key]['sensor'] = $target_data['sensor'];
        $result[$result_key]['sperm'] = empty($result[$result_key]['sperm']) || $result[$result_key]['sperm'] == 1 ? $target_data['sperm'] : $result[$result_key]['sperm'];
        $result[$result_key]['perm'] = empty($result[$result_key]['perm']) || $result[$result_key]['perm'] == 1 ? $target_data['perm'] : $result[$result_key]['perm'];
        $result[$result_key]['vs'] = empty($result[$result_key]['vs']) || $result[$result_key]['vs'] == 1 ? $target_data['vs'] : $result[$result_key]['vs'];
        $result[$result_key]['snmap'] = empty($result[$result_key]['snmap']) || $result[$result_key]['snmap'] == 1 ? $target_data['snmap'] : $result[$result_key]['snmap'];
Пример #8
0
function group_list($conn, $page, $search)
{
    $filters = array();
    $filters['limit'] = get_query_limits($page);
    if ($search != '') {
        $search = utf8_decode($search);
        $search = escape_sql($search, $conn);
        $filters['where'] = " name LIKE '%{$search}%'";
    }
    $filters['order_by'] = 'name ASC';
    try {
        list($groups, $total) = Asset_group::get_list($conn, '', $filters, TRUE);
    } catch (Exception $e) {
        $return['error'] = TRUE;
        $return['msg'] = $e->getMessage();
        return $return;
    }
    //If we have at least one element...
    if ($total > 0) {
        //Getting the nets already selected in the filter.
        $selected = get_selected_values(18);
    }
    $list = array();
    //Going through the list to format the elements properly:
    foreach ($groups as $id => $group) {
        $_chk = $selected[$id] != '' ? TRUE : FALSE;
        $_grp = array('id' => $id, 'name' => $group->get_name(), 'checked' => $_chk);
        $list[$id] = $_grp;
    }
    $data['total'] = intval($total);
    $data['list'] = $list;
    $return['error'] = FALSE;
    $return['data'] = $data;
    return $return;
}
Пример #9
0
 * Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt
 *
 */
require_once 'av_init.php';
$group_id = POST('group_id') != '' ? POST('group_id') : GET('group_id');
$num_assets = POST('num_assets');
$error_msg = '';
ossim_valid($group_id, OSS_HEX, 'illegal: Group ID');
ossim_valid($num_assets, OSS_DIGIT, OSS_NULLABLE, 'illegal: Num of assets');
if (ossim_error()) {
    die(ossim_error());
}
// Database Object
$db = new ossim_db();
$conn = $db->connect();
$group = Asset_group::get_object($conn, $group_id);
$group->can_i_edit($conn);
// Form is submited: Add to group
if ($num_assets > 0) {
    for ($i = 0; $i < $num_assets; $i++) {
        if (valid_hex32(POST('host' . $i))) {
            $assets[] = POST('host' . $i);
        }
    }
    try {
        $group->add_host($conn, $assets);
    } catch (Exception $e) {
        $error_msg = $e->getMessage();
    }
    if ($error_msg == '') {
        $msg = 'saved';
Пример #10
0
         $data['general']['data'] = _('Hosts saved successfully');
         foreach ($data['by_host'] as $h_key => $h_data) {
             if ($h_data['status'] == 'warning') {
                 $data['general']['status'] = 'warning';
                 $data['general']['data'] = _('Hosts saved with warnings');
                 break;
             }
         }
     } else {
         $data['general']['status'] = 'warning';
         $data['general']['data'] = _('Warning! Some hosts could not be saved');
     }
     //Create a Asset Group
     if (!empty($group_name)) {
         $new_group_id = Util::uuid();
         $group = new Asset_group($new_group_id);
         $group->set_name($group_name);
         $group->set_ctx($ctx);
         $group->save_in_db($conn);
         $group->save_assets_from_list($conn, $data['general']['hosts_in_group']);
     }
 }
 /*
 echo '<pre style="white-space: pre;">';
     print_r($data);
     print_r($scan_results);   
 echo '</pre>';         
 */
 //Showing scan results
 ?>
    
Пример #11
0
    $deploy_agent = Session::logcheck_bool('environment-menu', 'EventsHidsConfig');
} else {
    if (Asset_net::is_in_db($conn, $id)) {
        $asset_type = 'network';
        Session::logcheck('environment-menu', 'PolicyNetworks');
        $breadcrumb = array('section' => _('Networks'), 'current' => _('Network Details'));
        $edit = Asset_net::can_i_modify_ips($conn, $id);
        $delete = Asset_net::can_delete($conn, $id);
        $p_plugin = Session::am_i_admin();
        $deploy_agent = FALSE;
    } else {
        if (Asset_group::is_in_db($conn, $id)) {
            $asset_type = 'group';
            Session::logcheck('environment-menu', 'PolicyHosts');
            $breadcrumb = array('section' => _('Groups'), 'current' => _('Group Details'));
            $gobj = new Asset_group($id);
            try {
                $edit = $gobj->can_i_edit($conn);
            } catch (Exception $err) {
                $edit = FALSE;
            }
            try {
                $delete = $gobj->can_delete_group($conn);
            } catch (Exception $err) {
                $delete = FALSE;
            }
            $p_plugin = Session::am_i_admin();
            $deploy_agent = FALSE;
        } else {
            $error = _('Invalid Asset ID');
            Av_exception::throw_error(Av_exception::USER_ERROR, $error);
    exit;
}
$db = new ossim_db();
$conn = $db->connect();
// Load the current asset object in session same as in index.php
// Host
if (Asset_host::is_in_db($conn, $asset_id)) {
    if (Asset_host::is_allowed($conn, $asset_id)) {
        $asset_object = Asset_host::get_object($conn, $asset_id);
        $reloaded = TRUE;
    }
} elseif (Asset_net::is_in_db($conn, $asset_id)) {
    if (Asset_net::is_allowed($conn, $asset_id)) {
        $asset_object = Asset_net::get_object($conn, $asset_id);
        $reloaded = TRUE;
    }
} elseif (Asset_group::is_in_db($conn, $asset_id)) {
    $asset_object = Asset_group::get_object($conn, $asset_id);
    $reloaded = TRUE;
}
// Save session object only if is already saved (it means the user has perms)
if (!empty($_SESSION['asset_detail'][$asset_id]) && $reloaded) {
    $_SESSION['asset_detail'][$asset_id] = serialize($asset_object);
    $response['session_updated'] = TRUE;
} else {
    $response['session_updated'] = FALSE;
}
echo json_encode($response);
$db->close();
/* End of file reload_session_object.php */
/* Location: ./asset_details/ajax/reload_session_object.php */
Пример #13
0
</title>
    	<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>
    	<meta http-equiv="Pragma" content="no-cache">
    	<link type="text/css" rel="stylesheet" href="../style/av_common.css?t=<?php 
echo Util::get_css_id();
?>
"/>
    </head>
    
    <body>
    <?php 
if ($data['status'] != 'error') {
    try {
        $db = new ossim_db();
        $conn = $db->connect();
        $asset_group = new Asset_group($id);
        $asset_group->load_from_db($conn);
        $asset_group->set_name($name);
        $asset_group->set_owner($owner);
        $asset_group->set_descr($descr);
        $asset_group->set_threshold($threshold_a, 'a');
        $asset_group->set_threshold($threshold_c, 'c');
        $asset_group->save_in_db($conn);
        $_hosts_data_aux = $asset_group->get_hosts($conn, '', TRUE);
        $hosts = array_keys($_hosts_data_aux[0]);
        if (!empty($nagios)) {
            if (Asset_group_scan::is_plugin_in_group($conn, $id, 2007)) {
                Asset_group_scan::delete_plugin_from_db($conn, $id, 2007);
            }
            Asset_group_scan::save_plugin_in_db($conn, $id, 2007);
            foreach ($hosts as $host_id) {
Пример #14
0
//Config File
require_once 'av_init.php';
Session::logcheck_ajax('environment-menu', 'PolicyHosts');
//Validate Form token
$token = POST('token');
if (Token::verify('tk_delete_group_bulk', $token) == FALSE) {
    $error = Token::create_error_message();
    Util::response_bad_request($error);
}
session_write_close();
/* connect to db */
$db = new ossim_db(TRUE);
$conn = $db->connect();
try {
    $perm_add = Session::can_i_create_assets();
    if (!$perm_add) {
        $error = _('You do not have the correct permissions to delete groups. Please contact system administrator with any questions');
        Util::response_bad_request($error);
    }
    $app_name = Session::is_pro() ? 'AlienVault' : 'OSSIM';
    $num_assets = Filter_list::get_total_selection($conn, 'group');
    //Delete all filtered groups
    Asset_group::bulk_delete($conn);
    $data['status'] = 'OK';
    $data['data'] = sprintf(_('%s groups have been permanently deleted from %s'), $num_assets, $app_name);
} catch (Exception $e) {
    $db->close();
    Util::response_bad_request($e->getMessage());
}
$db->close();
echo json_encode($data);
Пример #15
0
                $asset_group = new Asset_group($group_id);
                $asset_group->save_assets_from_search($conn);
                $db->close();
                $data['status'] = 'success';
                $data['data'] = sprintf(_("%s assets have been added to group"), $num_assets);
            } catch (Exception $e) {
                Util::response_bad_request(_('Error! Selected assets could not be added') . ': ' . $e->getMessage());
            }
        }
        break;
    case 'delete_assets':
        $group_id = POST('asset_id');
        if (!valid_hex32($group_id)) {
            Util::response_bad_request(_('Error! Asset group ID not allowed. Selected assets could not be removed'));
        } else {
            try {
                $db = new ossim_db();
                $conn = $db->connect();
                $num_assets = Filter_list::get_total_selection($conn, 'asset');
                $asset_group = new Asset_group($group_id);
                $asset_group->delete_selected_assets($conn);
                $db->close();
                $data['status'] = 'success';
                $data['data'] = sprintf(_("%s assets have been deleted from group"), $num_assets);
            } catch (Exception $e) {
                Util::response_bad_request(_('Error! Selected assets could not be deleted') . ': ' . $e->getMessage());
            }
        }
        break;
}
echo json_encode($data);
Пример #16
0
/* connect to db */
$db = new ossim_db(TRUE);
$conn = $db->connect();
try {
    $filters = array();
    if ($search != '') {
        $search = escape_sql($search, $conn);
        $filters['where'] = " g.name LIKE '%{$search}%' OR g.owner LIKE '%{$search}%'";
    }
    $host_perm_where = Asset_host::get_perms_where();
    $net_perm_where = Asset_net::get_perms_where();
    if (!empty($host_perm_where) || !empty($net_perm_where)) {
        $exp_msg = _('You do not have permission to do this action');
        Av_exception::throw_error(Av_exception::USER_ERROR, $exp_msg);
    }
    //Delete all filtered groups
    Asset_group::delete_all_from_db($conn, $filters);
    $data['status'] = 'OK';
    $data['data'] = _('Groups deleted successfully');
} catch (Exception $e) {
    $error_msg = $e->getMessage();
    if (empty($error_msg)) {
        $error_msg = _('Sorry, operation was not completed due to an unknown error');
    }
    $data['status'] = 'error';
    $data['data'] = $error_msg;
}
$db->close();
echo json_encode($data);
/* End of file delete_all.php */
/* Location: ./group/ajax/delete_all.php */
Пример #17
0
function save_filter($conn, $filters, $data)
{
    //Getting the number of filters to be applied of the group
    $cont = $filters->get_num_filter_added();
    //We need at least one, otherwise we show an error.
    if ($cont < 1) {
        $return['error'] = TRUE;
        $return['msg'] = _('At least one filter needed');
        return $return;
    }
    $name = utf8_decode($data['name']);
    $descr = utf8_decode($data['descr']);
    ossim_valid($name, OSS_NOECHARS, OSS_ALPHA, OSS_PUNC, 'illegal:' . _('Group Name'));
    ossim_valid($descr, OSS_ALPHA, OSS_NULLABLE, OSS_PUNC, OSS_AT, OSS_NL, 'illegal:' . _('Description'));
    if (ossim_error()) {
        $response['error'] = TRUE;
        $response['msg'] = ossim_get_error();
        ossim_clean_error();
        return $response;
    }
    //Trying to save the filters, in case of error an exception will arise
    try {
        $new_id = Util::uuid();
        $ctx = Session::get_default_ctx();
        $group = new Asset_group($new_id);
        $group->set_name($name);
        $group->set_descr($descr);
        $group->set_ctx($ctx);
        $group->save_in_db($conn);
        $group->save_assets_from_search($conn);
        $filters->empty_filter_search($conn);
        $return['error'] = FALSE;
        $return['id'] = $new_id;
        $return['msg'] = 'ok';
        Asset_filter_list::delete_filters_from_session();
    } catch (Exception $e) {
        $return['error'] = TRUE;
        $return['msg'] = $e->getMessage();
    }
    return $return;
}
Пример #18
0
// Limit
$maxrows = $maxrows > 50 ? 50 : $maxrows;
//Session ID
$session = session_id();
//list params
$filters = array();
$tables = '';
$filters['order_by'] = $order . ' ' . $torder;
$filters['limit'] = $from . ', ' . $maxrows;
if (!$all_list) {
    $tables = ', user_host_filter hf';
    $filters['where'] = "hf.asset_id=g.id AND hf.session_id='{$session}'";
}
try {
    // Get Groups
    list($groups, $total) = Asset_group::get_list($conn, $tables, $filters);
    $results = array();
    foreach ($groups as $group) {
        // Alarms
        $alarms = $group->has_alarms($conn);
        $alarms_icon = $alarms ? "<img src='" . AV_PIXMAPS_DIR . "/assets_tick_gray.png'/>" : '-';
        // Vulns
        list($vulns_list, $vulns) = $group->get_vulnerabilities($conn);
        $vulns_icon = $vulns > 0 ? "<img src='" . AV_PIXMAPS_DIR . "/assets_tick_gray.png'/>" : '-';
        // Events
        $events = $group->has_events($conn);
        $events_icon = $events ? "<img src='" . AV_PIXMAPS_DIR . "/assets_tick_gray.png'/>" : '-';
        // COLUMNS
        $_res = array();
        $_res['DT_RowId'] = $group->get_id();
        $_res[] = '';
Пример #19
0
*
*/
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . "GMT");
header("Cache-Control: no-cache, must-revalidate");
header("Pragma: no-cache");
require_once 'av_init.php';
$group_id = GET('id');
ossim_valid($group_id, OSS_HEX, OSS_NULLABLE, 'illegal:' . _("Group ID"));
if (ossim_error()) {
    die(ossim_error());
}
$db = new ossim_db(TRUE);
$conn = $db->connect();
try {
    $group = new Asset_group($group_id);
    $group->load_from_db($conn);
} catch (Exception $e) {
    echo _('Impossible to load the group info');
    die;
}
?>
<div id='tray_container'>

    <div class="tray_triangle"></div>

    <div id='tray_host_owner' class='tray_section'>
        <div class='tray_title'>
            <?php 
echo _('Owner');
?>
        $order = 'g.name';
}
// Order direction
$torder = $torder == 1 ? 'ASC' : 'DESC';
// Limit
$maxrows = $maxrows > 50 ? 50 : $maxrows;
// Search where
if ($search != "") {
    $search = escape_sql($search, $conn);
    $filters['where'] = " g.name LIKE '%{$search}%' OR g.owner LIKE '%{$search}%'";
}
$filters['order_by'] = $order . ' ' . $torder;
$filters['limit'] = $from . ', ' . $maxrows;
try {
    // Get Groups
    list($groups, $total) = Asset_group::get_list($conn, '', $filters, TRUE);
    $detail = "<img class='detail_img' src='" . AV_PIXMAPS_DIR . "/show_details.png'/>";
    $results = array();
    foreach ($groups as $group) {
        // Alarms
        $alarms = $group->has_alarms($conn);
        $alarms_icon = $alarms ? "<img src='" . AV_PIXMAPS_DIR . "/assets_tick_gray.png'/>" : '-';
        // Vulns
        $vulns = $group->get_vulnerability_number($conn, $group->get_id());
        $vulns_icon = $vulns > 0 ? "<img src='" . AV_PIXMAPS_DIR . "/assets_tick_gray.png'/>" : '-';
        // Events
        $events = $group->has_events($conn);
        $events_icon = $events ? "<img src='" . AV_PIXMAPS_DIR . "/assets_tick_gray.png'/>" : '-';
        // COLUMNS
        $_res = array();
        $_res['DT_RowId'] = $group->get_id();
Пример #21
0
            $vars['_HOST_DESC'] = $host->get_descr();
        }
        break;
    case 'net':
        try {
            $net = Asset_net::get_object($conn, $keyname);
        } catch (Exception $e) {
            $net = NULL;
        }
        if (is_object($net)) {
            $vars['_NET_CIDR'] = $net->get_ips();
            $vars['_NET_NAME'] = $net->get_name();
        }
        break;
    case 'host_group':
        $vars['_HG_NAME'] = Asset_group::get_name_by_id($conn, $keyname);
        break;
    case 'net_group':
        $vars['_NG_NAME'] = Net_group::get_name_by_id($conn, $keyname);
        break;
}
if (count($repository_list) > 0) {
    $parser = new KDB_Parser();
    $parser->load_session_vars($vars);
    ?>
	<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
	<html>
	<head>
		<title> <?php 
    echo gettext("OSSIM Framework");
    ?>
Пример #22
0
     foreach ($dest_host_list as $dest_host) {
         if (check_any($dest_host->get_host_id())) {
             $dests[$dest_host->get_host_id()] = _("ANY");
         } else {
             $dests['host_' . $dest_host->get_host_id()] = _("HOST") . ": " . Asset_host::get_name_by_id($conn, $dest_host->get_host_id());
         }
     }
 }
 if ($dest_net_list = $policy->get_nets($conn, 'dest')) {
     foreach ($dest_net_list as $dest_net) {
         $dests['net_' . $dest_net->get_net_id()] = check_any($dest_net->get_net_id()) ? _("ANY") : _("NETWORK") . ": " . Asset_net::get_name_by_id($conn, $dest_net->get_net_id());
     }
 }
 if ($dest_host_list = $policy->get_host_groups($conn, 'dest')) {
     foreach ($dest_host_list as $dest_host_group) {
         $dests['hostgroup_' . $dest_host_group->get_host_group_id()] = check_any($dest_host_group->get_host_group_id()) ? _("ANY") : _("HOST_GROUP") . ": " . Asset_group::get_name_by_id($conn, $dest_host_group->get_host_group_id());
     }
 }
 if ($dest_net_list = $policy->get_net_groups($conn, 'dest')) {
     foreach ($dest_net_list as $dest_net_group) {
         $dests['netgroup_' . $dest_net_group->get_net_group_id()] = check_any($dest_net_group->get_net_group_id()) ? _("ANY") : _("NETWORK_GROUP") . ": " . Net_group::get_name_by_id($conn, $dest_net_group->get_net_group_id());
     }
 }
 //PORTS
 //source
 if ($port_list = $policy->get_ports($conn, 'source')) {
     foreach ($port_list as $port_group) {
         $ports_source[$port_group->get_port_id()] = check_any($port_group->get_port_id()) ? _("ANY") : Port_group::get_name_by_id($conn, $port_group->get_port_id());
     }
 }
 //destiny
Пример #23
0
require_once 'av_init.php';
Session::logcheck('environment-menu', 'PolicyHosts');
/****************************************************
 ******************** Host Data *********************
 ****************************************************/
//Database connection
$db = new ossim_db();
$conn = $db->connect();
$id = GET('id');
$msg = GET('msg');
ossim_valid($id, OSS_HEX, 'illegal:' . _('Asset group ID'));
if (ossim_error()) {
    echo ossim_error(_('Error! Asset group not found'));
    exit;
}
$asset_group = new Asset_group($id);
$asset_group->can_i_edit($conn);
$asset_group->load_from_db($conn);
//Getting group data
$id = $asset_group->get_id();
$name = $asset_group->get_name();
$owner = $asset_group->get_owner();
$descr = $asset_group->get_descr();
$nagios = Asset_group_scan::is_plugin_in_group($conn, $id, 2007);
//Closing database connection
$db->close();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
    <title><?php 
Пример #24
0
        <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>
        <meta http-equiv="Pragma" content="no-cache">
        <?php 
//CSS Files
$_files = array(array('src' => 'av_common.css', 'def_path' => TRUE));
Util::print_include_files($_files, 'css');
?>
    </head>

    <body>
    <?php 
if ($data['status'] != 'error') {
    try {
        $db = new ossim_db();
        $conn = $db->connect();
        $asset_group = new Asset_group($id);
        $asset_group->load_from_db($conn);
        $asset_group->set_name($name);
        $asset_group->set_owner($owner);
        $asset_group->set_descr($descr);
        $asset_group->save_in_db($conn);
        $data['status'] = 'OK';
        $data['data'] = _('Your changes have been saved');
        $db->close();
    } catch (Exception $e) {
        $data['status'] = 'error';
        $data['data'] = array('php_exception' => $e->getMessage());
    }
}
if ($data['status'] == 'error') {
    $txt_error = '<div>' . _('The following errors occurred') . ":</div>\n                      <div style='padding: 10px;'>" . implode('<br/>', $data['data']) . '</div>';
Пример #25
0
function get_indicator_asset_name($conn, $type, $asset_id)
{
    $name = '';
    switch ($type) {
        case 'host':
            $name = Asset_host::get_name_by_id($conn, $asset_id);
            break;
        case 'net':
            $name = Asset_net::get_name_by_id($conn, $asset_id);
            break;
        case 'hostgroup':
        case 'host_group':
            $name = Asset_group::get_name_by_id($conn, $asset_id);
            break;
        case 'net_group':
        case 'netgroup':
            $name = Net_group::get_name_by_id($conn, $asset_id);
            break;
        case 'sensor':
            $name = Av_sensor::get_name_by_id($conn, $asset_id);
            break;
    }
    $name = empty($name) ? _('Unknown') : $name;
    return $name;
}
Пример #26
0
function get_targets($conn, $ip_list)
{
    $result = array();
    if (!empty($ip_list)) {
        if (is_array($ip_list) == FALSE) {
            $ip_list = explode("\n", trim($ip_list));
        }
        foreach ($ip_list as $asset) {
            $asset = trim($asset);
            if (preg_match('/^([a-f\\d]{32})#(\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\/\\d{1,2})$/i', $asset, $found)) {
                $_asset_name = Asset_net::is_in_db($conn, $found[1]) ? Asset_net::get_name_by_id($conn, $found[1]) : $found[2];
                $result[$asset] = $_asset_name;
            } else {
                if (preg_match('/^([a-f\\d]{32})#(\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3})$/i', $asset, $found)) {
                    $_asset_name = Asset_host::is_in_db($conn, $found[1]) ? Asset_host::get_name_by_id($conn, $found[1]) : $found[2];
                    $result[$asset] = $_asset_name;
                } else {
                    if (preg_match('/^([a-f\\d]{32})#hostgroup$/i', $asset, $found)) {
                        $result[$asset] = Asset_group::get_name_by_id($conn, $found[1]);
                    } else {
                        if (preg_match('/^([a-f\\d]{32})#netgroup$/i', $asset, $found)) {
                            $result[$asset] = Net_group::get_name_by_id($conn, $found[1]);
                        } else {
                            $result[$asset] = $asset;
                        }
                    }
                }
            }
        }
    }
    return $result;
}
Пример #27
0
if (Token::verify('tk_ag_form', POST('token')) == FALSE) {
    $data['status'] = 'error';
    $data['data'] = Token::create_error_message();
    echo json_encode($data);
    exit;
}
switch ($action) {
    case 'delete_group':
        $validate = array('asset_id' => array('validation' => 'OSS_HEX', 'e_message' => 'illegal:' . _('Asset Group ID')));
        $ag_id = POST('asset_id');
        $validation_errors = validate_form_fields('POST', $validate);
        if (is_array($validation_errors) && !empty($validation_errors)) {
            $data['status'] = 'error';
            $data['data'] = _('Error! Asset group ID not allowed.  Asset group could not be removed');
        } else {
            try {
                $db = new ossim_db();
                $conn = $db->connect();
                $asset_group = new Asset_group($ag_id);
                $asset_group->delete($conn);
                $db->close();
                $data['status'] = 'OK';
                $data['data'] = _('Asset group removed successfully');
            } catch (Exception $e) {
                $data['status'] = 'error';
                $data['data'] = _('Error!') . ' ' . $e->getMessage();
            }
        }
        break;
}
echo json_encode($data);