$nt->show(); Util::make_form("POST", "newsensorform.php?id={$sensor_id}&ip={$ip}&sname={$sname}"); exit; } $db = new ossim_db(); $conn = $db->connect(); $newcontext = POST('newcontext') != '' ? POST('newcontext') : $sname; if (POST('isolated') == 1 && $newcontext != '') { // Isolated sensor. Creating a new context first $new_context_uuid = Session::clone_default_ctx($conn, $newcontext); $entities = array($new_context_uuid); // Refresh current permissions $_SESSION['_user_vision'] = Acl::get_user_vision($conn); } elseif (POST('isolated') == 0 && preg_match("/[a-f\\d]{32}/i", POST('neighborsensor'))) { // Use selected sensor context $entities = array_keys(Av_sensor::get_ctx_by_id($conn, POST('neighborsensor'))); } try { $old = new Av_Sensor($sensor_id); $old->load_from_db($conn); $cproperties = $old->get_properties(); $new = new Av_Sensor($sensor_id); $new->set_properties($cproperties); $new->set_name($sname); $new->set_ip($ip); $new->set_priority($priority); $new->set_port($port); $new->set_tzone($tzone); $new->set_descr($descr); $new->set_rpass($rpass); foreach ($entities as $ctx) {
* * Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt * */ require_once 'av_init.php'; Session::logcheck('configuration-menu', 'PolicySensors'); $sensor_id = POST('sensor_id'); $nagios_user = POST('user'); $nagios_pass = POST('pass'); ossim_valid($sensor_id, OSS_HEX, 'illegal:' . _('Sensor ID')); ossim_valid($nagios_user, OSS_ALPHA, OSS_PUNC, OSS_SPACE, OSS_NULLABLE, 'illegal:' . _('Nagios User')); ossim_valid($nagios_pass, OSS_PASSWORD, OSS_NULLABLE, 'illegal:' . _('Nagios Password')); if (ossim_error()) { die(ossim_error()); } $db = new ossim_db(); $conn = $db->connect(); $sensor = Av_sensor::get_object($conn, $sensor_id); if (Util::is_fake_pass($nagios_pass)) { $nagios_options = $sensor->get_nagios_credentials($conn); $nagios_pass = $nagios_options['password']; } try { $url = $sensor->get_nagios_url($nagios_user, $nagios_pass); if ($url != '') { echo "<img src='../pixmaps/tick.png'/>"; } } catch (Exception $e) { echo preg_replace("/\\:.*/", '', $e->getMessage()); } $db->close();
// load the default values for the form if ($action == 'create_scan') { $conf = $GLOBALS['CONF']; $scan_locally = $conf->get_conf('nessus_pre_scan_locally'); $timeout = 28800; $hosts_alive = 1; } $hosts_alive_data = get_host_alive_attributes($hosts_alive, $targets); $scan_locally_checked = $scan_locally == 1 ? 'checked="checked"' : ''; $resolve_names_checked = $not_resolve == 1 ? 'checked="checked"' : ''; $email_notification = array(); $email_notification['no'] = $send_email == 0 ? 'checked="checked"' : ''; $email_notification['yes'] = $send_email == 1 ? 'checked="checked"' : ''; // load sensors $filters = array('where' => 'sensor_properties.has_vuln_scanner = 1'); list($all_sensors, $s_total) = Av_sensor::get_list($conn); foreach ($all_sensors as $_sensor_id => $sensor_data) { $all_sensors[$_sensor_id]['selected'] = $_sensor_id == $SVRid ? 'selected="selected"' : ''; } // load profiles $args = ''; if (!Session::am_i_admin()) { list($owners, $sqlowners) = Vulnerabilities::get_users_and_entities_filter($conn); $owners[] = '0'; $sql_perms .= " OR owner IN('" . implode("', '", $owners) . "')"; $args = "WHERE name='Default' OR name='Deep' OR name='Ultimate' " . $sql_perms; } $query = "SELECT id, name, description, owner, type FROM vuln_nessus_settings {$args} ORDER BY name"; $conn->SetFetchMode(ADODB_FETCH_BOTH); $result = $conn->execute($query); while (!$result->EOF) {
?> ...</span> </div> </div> <?php ob_flush(); $conf = $GLOBALS['CONF']; $acid_link = $conf->get_conf('acid_link'); $acid_prefix = $conf->get_conf('event_viewer'); $acid_main_link = str_replace('//', '/', $conf->get_conf('acid_link') . '/' . $acid_prefix . "_qry_main.php?clear_allcriteria=1&search=1&bsf=Query+DB&ossim_risk_a=+"); $db_sensor_list = array(); $list_no_active = array(); $aux_sensor_list = Av_sensor::get_basic_list($conn); if (is_array($aux_sensor_list)) { foreach ($aux_sensor_list as $aux_s_data) { $db_sensor_list[] = $aux_s_data['ip']; $db_sensor_rel[$aux_s_data['ip']] = $aux_s_data['name']; $list_no_active[$aux_s_data['ip']] = $aux_s_data['name']; } } list($sensor_list, $err) = server_get_sensors(); if ($err != '') { $info_error[] = $err; } if (!$sensor_list && empty($ip_get)) { $info_error[] = _("There aren't any sensors connected to OSSIM server"); } $ossim_conf = $GLOBALS['CONF'];
function get_notifications($conn) { $notifications = array(); if (Session::menu_perms('configuration-menu', 'PolicySensors')) { $new_sensors = Av_sensor::get_unregistered($conn); if (count($new_sensors) > 0) { $notif['msg'] = count($new_sensors) > 1 ? _('New Sensors Detected') : _('New Sensor Detected'); $notif['class'] = 'nl_sensors'; $notifications[$notif['class']] = $notif; } } if (Session::am_i_admin()) { $trial_days = calc_days_to_expire(); if ($trial_days !== FALSE) { $notif['msg'] = $trial_days == 0 ? _('Trial Version expired') : $trial_days . ' ' . _('Days Left of Free Trial'); $notif['class'] = 'nl_trial'; $notifications[$notif['class']] = $notif; } $new_updates = get_only_updates(); if ($new_updates == TRUE) { $notif['msg'] = _('New Updates Available'); $notif['class'] = 'nl_updates'; $notifications[$notif['class']] = $notif; } $unread = get_status_messages(); if ($unread) { $notif['msg'] = _('New Warnings & Errors'); $notif['class'] = 'nl_messages'; $notifications[$notif['class']] = $notif; } $otx = calc_otx_notif(); if ($otx === TRUE) { $notif['msg'] = _('Contribute to AlienVault OTX'); $notif['class'] = 'nl_otx'; $notifications[$notif['class']] = $notif; } $devices = calc_devices_total($conn); $max_dev = intval($_SESSION["_max_devices"]); //This val is loaded when the users log in. (session.inc) if ($max_dev > 0 && $devices > $max_dev) { $over = $devices - $max_dev; $notif['msg'] = _("License Violation - {$over} Assets Over"); $notif['class'] = 'nl_device_exceed'; $notifications[$notif['class']] = $notif; } } $return['error'] = FALSE; $return['output'] = $notifications; return $return; }
$res = $conn->query("SELECT id,name,value FROM acl_perm WHERE type='MENU'"); while ($rw = $res->fetchRow()) { $ret[$rw['name']][$rw['value']] = $rw['id']; } return $ret; } ini_set("include_path", ".:/usr/share/ossim/include:/usr/share/phpgacl"); $force_gacl = true; require_once 'av_init.php'; $gacl = $GLOBALS['ACL']; /* connect to db */ $db = new ossim_db(); $conn = $db->connect(); try { $net_list = Asset_net::get_all($conn); $sensor_list = Av_sensor::get_all($conn); } catch (Exception $e) { print $e->getMessage(); exit; } $permids = get_permids($conn); $users = Session::get_list($conn); foreach ($users as $user) { $nets = ""; $sensors = ""; $perms = array(); $login = $user->get_login(); if ($user->get_is_admin() || $login == ACL_DEFAULT_OSSIM_ADMIN) { continue; } // Skip admin user
* * Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt * */ /*******************************************************************************/ /* */ /* This script is called from nfsen packages to translate sensors uuid to name */ /* */ /*******************************************************************************/ set_include_path('/usr/share/ossim/include'); error_reporting(0); ini_set("display_errors", "0"); //This is used to avoid an error when there is not connection to mysql if (!isset($GLOBALS["CONF"])) { $GLOBALS["CONF"] = array(); require_once 'ossim_db.inc'; $db = new ossim_db(); unset($GLOBALS["CONF"]); } else { require_once 'ossim_db.inc'; $db = new ossim_db(); } $uuid = $argv[1]; if (@$db->test_connect()) { $conn = $db->connect(); $name = Av_sensor::get_nfsen_channel_name($conn, $uuid); $db->close(); } else { $name = empty($uuid) ? 'Unknown' : $uuid; } echo $name;
ossim_valid($destination, OSS_IP_CIDR, 'illegal:' . _('Destination cidr')); $destination_type = 'net'; } } if (ossim_error()) { $info_error[] = ossim_get_error(); ossim_clean_error(); } else { $tdestinations[] = $destination; } } } else { $tdestinations = array(); } // Launch scan $info_sensor = $sensors_status[Av_sensor::get_name_by_ip($dbconn, $sensor_ip)]; if ($sensor_ip != '' && $sensor_interface != '' && intval($timeout) > 0 && count($info_error) == 0 && ($info_sensor[0] == 0 || $info_sensor[0] == -1)) { $rlaunch_scan = $scan->launch_scan($tsources, $tdestinations, $sensor_ip, $sensor_interface, $timeout, $cap_size, $raw_filter); if ($rlaunch_scan["status"] === true) { $content = _('Launching capture... wait a few seconds'); $type = 'nf_success'; } else { $content = $rlaunch_scan['message']; $type = 'nf_warning'; } $jtimeout = 4000; } else { if ($info_sensor[0] != -1 && ($info_sensor[0] == 1 || $info_sensor[0] == 2)) { $content = _('The sensor is busy'); $type = 'nf_warning'; }
if ($taxonomy_list = $policy->get_taxonomy_conditions($conn)) { foreach ($taxonomy_list as $tax) { $tax_id = $tax->get_product_type_id() . "@" . $tax->get_category_id() . "@" . $tax->get_subcategory_id(); $tax_val = $filter['ptype'][$tax->get_product_type_id()] . " | " . $filter['cat'][$tax->get_category_id()] . " | " . $filter['subcat'][$tax->get_subcategory_id()]; $tax_filters[$tax_id] = $tax_val; $flag_events = false; } } } //SENSOR $sensor_exist = $policy->exist_sensors($conn); if ($sensor_list = $policy->get_sensors($conn)) { foreach ($sensor_list as $sensor) { if (!check_any($sensor->get_sensor_id())) { if ($sensor_exist[$sensor->get_sensor_id()] != 'false') { $sensors['sensor_' . $sensor->get_sensor_id()] = Av_sensor::get_name_by_id($conn, $sensor->get_sensor_id()); $flag_sensors = false; } } else { $sensors[$sensor->get_sensor_id()] = _('ANY'); } } } //Time Filters $policy_time = $policy->get_time($conn); $time_begin[0] = $policy_time->get_month_start(); $time_begin[1] = $policy_time->get_month_day_start(); $time_begin[2] = $policy_time->get_week_day_start(); $time_begin[3] = $policy_time->get_hour_start(); $time_begin[4] = $policy_time->get_minute_start(); $time_end[0] = $policy_time->get_month_end();
function DisplayProcessing() { global $self; global $ListNOption; global $TopNOption; global $OutputFormatOption; global $IPStatOption; global $IPStatOrder; global $LimitScale; require_once 'av_init.php'; $geoloc = new Geolocation("/usr/share/geoip/GeoLiteCity.dat"); $db_aux = new ossim_db(); $conn_aux = $db_aux->connect(); $aux_ri_interfaces = Remote_interface::get_list($conn_aux, "WHERE status = 1"); $ri_list = $aux_ri_interfaces[0]; $ri_total = $aux_ri_interfaces[1]; $ri_data = array(); if ($ri_total > 0) { foreach ($ri_list as $r_interface) { $ri_data[] = array("name" => $r_interface->get_name(), "id" => "web_interfaces", "target" => "_blank", "url" => $r_interface->get_ip()); } } $type = $detail_opts['type'] == "flows" ? 0 : ($detail_opts['type'] == "packets" ? 1 : 2); if ($ri_total >= 0) { echo '<a name="processing"></a>'; } $detail_opts = $_SESSION['detail_opts']; $process_form = $_SESSION['process_form']; ?> <table style='width:100%;margin-top:15px;margin-bottom:5px;border:none'><tr> <td class='nobborder'><b><?php echo _("Netflow Processing"); ?> </b></td> <td class='noborder nfsen_menu'> <a href='javascript:lastsessions()'><?php echo _("List last 500 sessions"); ?> </a> | <a href='javascript:launch("2","<?php echo $type; ?> ")'><?php echo _("Top 10 Src IPs"); ?> </a> | <a href='javascript:launch("3","<?php echo $type; ?> ")'><?php echo _("Top 10 Dst IPs"); ?> </a> | <a href='javascript:launch("5","<?php echo $type; ?> ")'><?php echo _("Top 10 Src Port"); ?> </a> | <a href='javascript:launch("6","<?php echo $type; ?> ")'><?php echo _("Top 10 Dst Port"); ?> </a> | <a href='javascript:launch("13","<?php echo $type; ?> ")'><?php echo _("Top 10 Proto"); ?> </a> </td></tr></table> <form action="<?php echo $self; ?> " onSubmit="return ValidateProcessForm()" id="FlowProcessingForm" method="POST" laction="<?php echo $self; ?> "> <?php if (preg_match("/^\\d+\$/", $_SESSION['tend'])) { ?> <input type="hidden" name="tend" value="<?php echo intval($_SESSION['tend']); ?> " /> <?php } if (preg_match("/^\\d+\$/", $_SESSION['tleft'])) { ?> <input type="hidden" name="tleft" value="<?php echo intval($_SESSION['tleft']); ?> " /> <?php } if (preg_match("/^\\d+\$/", $_SESSION['tright'])) { ?> <input type="hidden" name="tright" value="<?php echo intval($_SESSION['tright']); ?> " /> <?php } if ($_SESSION["detail_opts"]["cursor_mode"] != "") { ?> <input type="hidden" name="cursor_mode" value="<?php echo Util::htmlentities($_SESSION["detail_opts"]["cursor_mode"]); ?> " /> <?php } if ($_SESSION["detail_opts"]["wsize"] != "") { ?> <input type="hidden" name="wsize" value="<?php echo Util::htmlentities($_SESSION["detail_opts"]["wsize"]); ?> " /> <?php } if ($_SESSION["detail_opts"]["logscale"] != "") { ?> <input type="hidden" name="logscale" value="<?php echo Util::htmlentities($_SESSION["detail_opts"]["logscale"]); ?> " /> <?php } if ($_SESSION["detail_opts"]["linegraph"] != "") { ?> <input type="hidden" name="linegraph" value="<?php echo Util::htmlentities($_SESSION["detail_opts"]["linegraph"]); ?> " /> <?php } ?> <input type="hidden" name="login" value="<?php echo Util::htmlentities($_SESSION["_remote_login"]); ?> " /> <table class='nfsen_filters'> <tr> <th class="thold"><?php echo _("Source"); ?> </th> <th class="thold"><?php echo _("Filter"); ?> </th> <th class="thold"><?php echo _("Options"); ?> </th> </tr> <tr> <td style='vertical-align:top'> <select name="srcselector[]" id='SourceSelector' size="6" style="width: 100%" multiple='multiple'> <?php foreach ($process_form['srcselector'] as $selected_channel) { $_tmp[$selected_channel] = 1; } $i = 0; foreach ($_SESSION['profileinfo']['channel'] as $channel) { $channel_name = $channel['name']; $checked = array_key_exists($channel['id'], $_tmp) ? 'selected' : ''; echo "<OPTION value='" . Util::htmlentities($channel['id']) . "' {$checked}>{$channel_name}</OPTION>\n"; } ?> </select> <div style='margin: 5px auto'> <input class="small av_b_secondary" type="button" name="JSbutton2" value="All Sources" onClick="SelectAllSources()"/> </div> </td> <td style="vertical-align:top;"> <textarea name="filter" id="filter" multiline="true" wrap="phisical" rows="6" cols="50" maxlength="10240"><?php if (is_array($process_form)) { $display_filter = array_key_exists('editfilter', $process_form) ? $process_form['editfilter'] : $process_form['filter']; } else { $display_filter = array(); } if (count($display_filter) < 1 && GET('ip') != "" && GET('ip2') != "") { $display_filter[0] = "(src ip " . GET('ip') . " and dst ip " . GET('ip2') . ") or (src ip " . GET('ip2') . " and dst ip " . GET('ip') . ")"; } elseif (count($display_filter) < 1 && GET('ip') != "") { $display_filter[0] = "src ip " . GET('ip') . " or dst ip " . GET('ip'); } elseif (preg_match("/(\\d+\\.\\d+\\.\\d+\\.\\d+)/", $display_filter[0]) && GET('ip') != "" && GET('ip2') != "") { $ip1 = GET('ip'); $ip2 = GET('ip2'); $filter = "(src ip {$ip1} and dst ip {$ip2}) or (src ip {$ip2} and dst ip {$ip1})"; $display_filter[0] = preg_replace("/\\(src ip \\d+\\.\\d+\\.\\d+\\.\\d+ and dst ip \\d+\\.\\d+\\.\\d+\\.\\d+\\) or \\(src ip \\d+\\.\\d+\\.\\d+\\.\\d+ and dst ip \\d+\\.\\d+\\.\\d+\\.\\d+\\)/", $filter, $display_filter[0]); $display_filter[0] = preg_replace("/src ip \\d+\\.\\d+\\.\\d+\\.\\d+ or dst ip \\d+\\.\\d+\\.\\d+\\.\\d+/", $filter, $display_filter[0]); } elseif (preg_match("/(\\d+\\.\\d+\\.\\d+\\.\\d+)/", $display_filter[0]) && GET('ip') != "") { $filter = "src ip " . GET('ip') . " or dst ip " . GET('ip'); $display_filter[0] = preg_replace("/\\(src ip \\d+\\.\\d+\\.\\d+\\.\\d+ and dst ip \\d+\\.\\d+\\.\\d+\\.\\d+\\) or \\(src ip \\d+\\.\\d+\\.\\d+\\.\\d+ and dst ip \\d+\\.\\d+\\.\\d+\\.\\d+\\)/", $filter, $display_filter[0]); $display_filter[0] = preg_replace("/src ip \\d+\\.\\d+\\.\\d+\\.\\d+ or dst ip \\d+\\.\\d+\\.\\d+\\.\\d+/", $filter, $display_filter[0]); } foreach ($display_filter as $line) { print str_replace("&", "&", Util::htmlentities(stripslashes($line))) . "\n"; } ?> </textarea> <?php $deletefilter_display_style = is_array($process_form) && array_key_exists('editfilter', $process_form) ? '' : 'style="display:none;"'; ?> <input type="image" name="filter_delete" id="filter_delete" title="<?php echo _("Delete filter"); ?> " align="right" onClick="HandleFilter(3)" value="" src="icons/trash.png" <?php echo $deletefilter_display_style; ?> > <!-- <input type="image" name="filter_save" id="filter_save" title="Save filter" align="right" onClick="HandleFilter(2)" value="" src="icons/save.png"> --> <input type="hidden" name="filter_name" id="filter_name" value="none"> <div style='margin: 5px auto'> <span id="filter_span">and</span> <select name="DefaultFilter" id="DefaultFilter" onChange="HandleFilter(0)" size="1"> <?php print "<option value='-1' label='none'><none></option>\n"; foreach ($_SESSION['DefaultFilters'] as $name) { $checked = $process_form['DefaultFilter'] == $name ? 'selected' : ''; print "<option value='" . Util::htmlentities($name) . "' {$checked}>" . Util::htmlentities($name) . "</option>\n"; } $editfilter_display_style = 'style="display:none;"'; foreach ($_SESSION['DefaultFilters'] as $name) { if ($process_form['DefaultFilter'] == $name) { $editfilter_display_style = ''; } } ?> </select> <input type="image" name="filter_save" id="filter_save" title="<?php echo _("Save filter"); ?> " onClick="HandleFilter(2)" value="" src="icons/save.png" border="0" align="absmiddle"> <input type="image" name="filter_edit" id="filter_edit" title="Edit filter" <?php echo $editfilter_display_style; ?> onClick="HandleFilter(1)" value="" src="icons/edit.png"> </div> <script language="Javascript" type="text/javascript"> var DefaultFilters = new Array(); <?php foreach ($_SESSION['DefaultFilters'] as $name) { print "DefaultFilters.push('" . Util::htmlentities($name) . "');\n"; } if (array_key_exists('editfilter', $process_form)) { print "edit_filter = '" . Util::htmlentities($process_form['DefaultFilter']) . "';\n"; } ?> </script> </td> <!-- Options start here --> <td style='padding: 0px;vertical-align:top;border:none;'> <table border="0" id="ProcessOptionTable" style="font-size:14px;font-weight:bold;width:100%;border:none"> <tr> <td class='TDnfprocLabel' style='white-space:nowrap'> <?php $i = 0; foreach (array('List Flows', 'Stat TopN') as $s) { $checked = $process_form['modeselect'] == $i ? 'checked' : ''; print "<input type='radio' onClick='SwitchOptionTable({$i})' name='modeselect' id='modeselect{$i}' value='{$i}' {$checked}>{$s} "; $i++; } $list_display_style = $process_form['modeselect'] == 0 ? '' : 'style="display:none;"'; $stat_display_style = $process_form['modeselect'] == 0 ? 'style="display:none;"' : ''; $formatselect_display_opts = $process_form['modeselect'] == 1 && $process_form['stattype'] != 0 ? 'style="display:none;"' : ''; ?> </td> <td class='TDnfprocControl' > <table class='noborder' style='margin: auto;'> <tr> <td class='nobborder'><input class="small av_b_secondary" type="button" name="JSbutton1" value="<?php echo _("Clear Form"); ?> " onClick="ResetProcessingForm()"/></td> <td class='nobborder'><input class="small" type="submit" name="process" value="<?php echo _("Process"); ?> " id="process_button" onClick="clean_remote_data();form_ok=true;" size="1"/></td> <?php if (count($RemoteInterfacesData) > 0 && !isset($_POST['login'])) { ?> <td class='nobborder'><input type="button" name="remote_process" value="<?php echo _("Remote Process"); ?> " id="remote_process_button" onclick="$('#rinterfaces').toggle()"/> <div id='container_rmp' style='position:relative;'> <div id="rinterfaces" style="position:absolute; top:0; right:0;display:none; margin:1px 0px 0px 2px; text-align:right;"> <?php foreach ($RemoteInterfacesData as $data) { $short_name = strlen($data['name']) > 12 ? substr($data['name'], 0, 12) . "..." : $data['name']; ?> <input type="button" onclick="remote_interface('<?php echo $data["url"]; ?> ')" style="width:180px; font-size: 11px;" title="<?php echo $data["name"] . " [" . $data["url"] . "]"; ?> " value="<?php echo $short_name . " [" . $data["url"] . "]"; ?> "/><br /> <?php } ?> </div> </div> </td> <?php } ?> </tr> </table> </td> </tr> <tr id="listNRow" <?php echo $list_display_style; ?> > <td class='TDnfprocLabel'><?php echo _("Limit to"); ?> :</td> <td class='TDnfprocControl'> <select name="listN" id="listN" style="margin-left:1" size="1"> <?php for ($i = 0; $i < count($ListNOption); $i++) { $checked = $process_form['listN'] == $i ? 'selected' : ''; print "<OPTION value='{$i}' {$checked}>" . $ListNOption[$i] . "</OPTION>\n"; } ?> </select><?php echo _("Flows"); ?> <br> </td> </tr> <tr id="topNRow" <?php echo $stat_display_style; ?> > <td class='TDnfprocLabel'><?php echo _("Top"); ?> :</td> <td class='TDnfprocControl'> <select name="topN" id="TopN" size="1"> <?php for ($i = 0; $i < count($TopNOption); $i++) { $checked = $process_form['topN'] == $i ? 'selected' : ''; print "<OPTION value='{$i}' {$checked}>" . $TopNOption[$i] . "</OPTION>\n"; } ?> </select> </td> </tr> <tr id="stattypeRow" <?php echo $stat_display_style; ?> > <td class="TDnfprocLabel"><?php echo _("Stat"); ?> :</td> <td class="TDnfprocControl"> <select name="stattype" id="StatTypeSelector" onChange="ShowHideOptions()" size="1"> <?php for ($i = 0; $i < count($IPStatOption); $i++) { $checked = $process_form['stattype'] == $i ? 'selected' : ''; print "<OPTION value='{$i}' {$checked}>" . $IPStatOption[$i] . "</OPTION>\n"; } ?> </select> order by <select name='statorder' id="statorder" size='1'> <?php for ($i = 0; $i < count($IPStatOrder); $i++) { $checked = $process_form['statorder'] == $i ? 'selected' : ''; print "<OPTION value='{$i}' {$checked}>" . $IPStatOrder[$i] . "</OPTION>\n"; } ?> </select> </td> </tr> <tr id="AggregateRow" <?php echo $formatselect_display_opts; ?> > <td class='TDnfprocLabel'><?php echo _("Aggregate"); ?> </td> <td class='TDnfprocControl'> <input type="checkbox" name="aggr_bidir" id="aggr_bidir" value="checked" onClick="ToggleAggregate();" style="margin-left:1" <?php echo Util::htmlentities($process_form['aggr_bidir']); ?> > <?php echo _("bi-directional"); ?> <br> <input type="checkbox" name="aggr_proto" id="aggr_proto" value="checked" style="margin-left:1" <?php echo Util::htmlentities($process_form['aggr_proto']); ?> > <?php echo _("proto"); ?> <br> <input type="checkbox" name="aggr_srcport" id="aggr_srcport" value="checked" style="margin-left:1" <?php echo Util::htmlentities($process_form['aggr_srcport']); ?> > <?php echo _("srcPort"); ?> <input type="checkbox" name="aggr_srcip" id="aggr_srcip" value="checked" style="margin-left:1" <?php echo Util::htmlentities($process_form['aggr_srcip']); ?> > <select name="aggr_srcselect" id="aggr_srcselect" onChange="NetbitEntry('src')" size="1"> <?php $i = 0; foreach (array('srcIP', 'srcIPv4/', 'srcIPv6/') as $s) { $checked = $process_form['aggr_srcselect'] == $i ? 'selected' : ''; print "<option value='{$i}' {$checked}>{$s}</option>\n"; $i++; } $_style = $process_form['aggr_srcselect'] == 0 ? 'style="display:none"' : ''; ?> </select> <input size="3" type="text" name="aggr_srcnetbits" id="aggr_srcnetbits" value="<?php echo Util::htmlentities($process_form['aggr_srcnetbits']); ?> " <?php echo $_style; ?> ><br> <input type="checkbox" name="aggr_dstport" id="aggr_dstport" value="checked" style="margin-left:1" <?php echo Util::htmlentities($process_form['aggr_dstport']); ?> > <?php echo _("dstPort"); ?> <input type="checkbox" name="aggr_dstip" id="aggr_dstip" value="checked" style="margin-left:1" <?php echo Util::htmlentities($process_form['aggr_dstip']); ?> > <select name="aggr_dstselect" id="aggr_dstselect" onChange="NetbitEntry('dst')" size="1"> <?php $i = 0; foreach (array('dstIP', 'dstIPv4/', 'dstIPv6/') as $s) { $checked = $process_form['aggr_dstselect'] == $i ? 'selected' : ''; print "<option value='{$i}' {$checked}>{$s}</option>\n"; $i++; } $_style = $process_form['aggr_dstselect'] == 0 ? 'style="display:none"' : ''; ?> </select> <input size="3" type="text" name="aggr_dstnetbits" id="aggr_dstnetbits" value="<?php echo Util::htmlentities($process_form['aggr_dstnetbits']); ?> " <?php echo $_style; ?> ><br> </td> </tr> <tr id="timesortedRow" <?php echo $list_display_style; ?> > <td class='TDnfprocLabel'><?php echo _("Sort"); ?> :</td> <td class='TDnfprocControl'> <input type="checkbox" name="timesorted" id="timesorted" value="checked" style="margin-left:1" <?php echo Util::htmlentities($process_form['timesorted']); ?> > <?php echo _("start time of flows"); ?> </td> </tr> <tr id="limitoutputRow" <?php echo $stat_display_style; ?> > <td class='TDnfprocLabel'><?php echo _("Limit"); ?> :</td> <td class='TDnfprocControl'> <input type="checkbox" name="limitoutput" id="limitoutput" value="checked" style="margin-left:1" size="1" <?php echo Util::htmlentities($process_form['limitoutput']); ?> > <select name="limitwhat" id="limitwhat" size="1"> <?php $i = 0; foreach (array(gettext("Packets"), gettext("Traffic")) as $s) { $checked = $process_form['limitwhat'] == $i ? 'selected' : ''; print "<option value='{$i}' {$checked}>{$s}</option>\n"; $i++; } ?> </select> <select name="limithow" id="limithow" size="1"> <?php $i = 0; foreach (array('>', '<') as $s) { $checked = $process_form['limithow'] == $i ? 'selected' : ''; print "<option value='{$i}' {$checked}>{$s}</option>\n"; $i++; } ?> </select> <input type="text" name="limitsize" id="limitsize" value="<?php echo Util::htmlentities($process_form['limitsize']); ?> " SIZE="6" MAXLENGTH="8"> <select name="limitscale" id="limitscale" size="1" style="margin-left:1"> <?php $i = 0; foreach ($LimitScale as $s) { $checked = $process_form['limitscale'] == $i ? 'selected' : ''; print "<option value='{$i}' {$checked}>{$s}</option>\n"; $i++; } ?> </select> </td> </tr> <tr id="outputRow"> <td class='TDnfprocLabel'><?php echo _("Output"); ?> :</td> <td class='TDnfprocControl'> <span id="FormatSelect" <?php echo $formatselect_display_opts; ?> > <select name="output" id="output" onChange="CustomOutputFormat()" style="margin-left:1" size="1"> <?php foreach ($_SESSION['formatlist'] as $key => $value) { $checked = $process_form['output'] == $key ? 'selected' : ''; print "<OPTION value='" . Util::htmlentities($key) . "' {$checked}>" . Util::htmlentities($key) . "</OPTION>\n"; } $fmt = $_SESSION['formatlist'][$process_form['output']]; if ($process_form['output'] == $fmt) { // built in format $space_display_style = ''; $edit_display_style = 'style="display:none"'; } else { $space_display_style = 'style="display:none"'; $edit_display_style = ''; } ?> </select> <script language="Javascript" type="text/javascript"> var fmts = new Hash(); <?php foreach ($_SESSION['formatlist'] as $key => $value) { print "fmts.setItem('" . Util::htmlentities($key) . "', '" . Util::htmlentities($value) . "');\n"; } ?> </script> <img src="icons/space.png" border="0" alt='space' id='space' <?php echo $space_display_style; ?> /> <a href="#null" onClick="EditCustomFormat()" title="<?php echo _("Edit format"); ?> " ><IMG SRC="icons/edit.png" name="fmt_doedit" id="fmt_doedit" border="0" <?php echo $edit_display_style; ?> alt="Edit format"></a> </span> <input type="checkbox" name="IPv6_long" id="IPv6_long" style="margin-left:1" value="checked" <?php echo Util::htmlentities($process_form['IPv6_long']); ?> > / <?php echo _("IPv6 long"); ?> <?php $fmt_edit_display_style = $process_form['output'] == 'custom ...' ? '' : 'style="display:none"'; ?> <span id="fmt_edit" <?php echo $fmt_edit_display_style; ?> > <br><?php echo _("Enter custom output format"); ?> :<br> <input size="30" type="text" name="customfmt" id="customfmt" value="<?php echo Util::htmlentities($process_form['customfmt']); ?> " > <input type="image" name="fmt_save" id="fmt_save" title="<?php echo _("Save format"); ?> " onClick="SaveOutputFormat()" value="" src="icons/save.png"> <input type="image" name="fmt_delete" id="fmt_delete" title="<?php echo _("Delete format"); ?> " onClick="DeleteOutputFormat()" value="" src="icons/trash.png" <?php echo $edit_display_style; ?> > </span> </td> </tr> </table> </td> </tr> <!-- <tr> <td></td><td></td> <td align="right" style="border:none"> <input type="button" name="JSbutton1" value="<?php echo _("Clear Form"); ?> " onClick="ResetProcessingForm()"> <input type="submit" name="process" value="<?php echo _("process"); ?> " id="process_button" onClick="form_ok=true;" size="1"> </td> </tr> --> </table> </form> <div id="lookupbox"> <div id="lookupbar" align="right" style="background-color:olivedrab"><img src="icons/close.png" onmouseover="this.style.cursor='pointer';" onClick="hidelookup()" title="Close lookup box"></div> <iframe id="cframe" src="" frameborder="0" scrolling="auto" width="100%" height="166"></iframe> </div> <?php if (!array_key_exists('run', $_SESSION)) { return; } print "<div class='flowlist'>\n"; $run = $_SESSION['run']; if ($run != null) { $filter = $process_form['filter']; if ($process_form['DefaultFilter'] != -1) { $cmd_opts['and_filter'] = $process_form['DefaultFilter']; } $cmd_opts['type'] = ($_SESSION['profileinfo']['type'] & 4) > 0 ? 'shadow' : 'real'; $cmd_opts['profile'] = $_SESSION['profileswitch']; $cmd_opts['srcselector'] = implode(':', $process_form['srcselector']); #print "<pre>\n"; $patterns = array(); $replacements = array(); $patterns[0] = '/(\\s*)([^\\s]+)/'; $replacements[0] = "\$1<a href='#null' onClick='lookup(\"\$2\", this, event)' title='lookup \$2'>\$2</a>"; // gets HAP4NfSens plugin id. returns -1 if HAP4NfSen is not installed. function getHAP4NfSenId() { $plugins = GetPlugins(); for ($i = 0; $i < count($plugins); $i++) { $plugin = $plugins[$i]; if ($plugin == "HAP4NfSen") { return $i; } } return -1; } ClearMessages(); $cmd_opts['args'] = "-T {$run}"; $cmd_opts['filter'] = $filter; $titcol = get_tit_col($run); $cmd_out = nfsend_query("run-nfdump", $cmd_opts); if (!is_array($cmd_out)) { ShowMessages(); } else { $conf = $GLOBALS["CONF"]; $solera = $conf->get_conf("solera_enable", FALSE) ? true : false; $db = new ossim_db(); $conn = $db->connect(); $sensors = $hosts = $ossim_servers = array(); $tz = Util::get_timezone(); list($hosts, $host_ids) = Asset_host::get_basic_list($conn, array(), TRUE); $entities = Session::get_all_entities($conn); $_sensors = Av_sensor::get_basic_list($conn); foreach ($_sensors as $s_id => $s) { $sensors[$s['ip']] = $s['name']; } /*$hap4nfsen_id = getHAP4NfSenId(); if ($hap4nfsen_id >= 0) { // ICMP "port" filter are no currently supported by the HAP4NfSen plugin function isChecked(&$form, $name) { // helper function used to find out, if an option is checked return $form[$name]=="checked"; } $ip_and_port_columns = preg_match('/(flow records)/i', $IPStatOption[$process_form['stattype']]) && ((isChecked($process_form,'aggr_srcip') && isChecked($process_form,'aggr_srcport')) || (isChecked($process_form,'aggr_dstip') && isChecked($process_form,'aggr_dstport'))); $ip_contains_port = $_SESSION["process_form"]["modeselect"]=='0' || !preg_match('/[ip|flow_records]/i', $IPStatOption[$process_form['stattype']]) || (preg_match('/(flow records)/i', $IPStatOption[$process_form['stattype']]) && !( // no boxes checked isChecked($process_form,'aggr_srcip') || isChecked($process_form,'aggr_srcport') || isChecked($process_form,'aggr_dstip') || isChecked($process_form,'aggr_dstport'))); $_SESSION["plugin"][$hap4nfsen_id]["cmd_opts"] = $cmd_opts; $hap_pic = "<img src=\"plugins/HAP4NfSen/graphviz.png\" valign=\"middle\" border=\"0\" alt=\"HAP\" />"; $default_pattern = array_pop($patterns); $default_replacement = array_pop($replacements); if ($ip_contains_port) { // matches cases like ip:port $max_prot_length = 5; // max. port length = 5 chars(highest port number = 65535) for ($i=$max_prot_length;$i>=1;$i--) { $diff = ($max_prot_length-$i); // difference between actual and max port length $ip_port_pattern_icmp = "/(\s*)([^\s|^:]+)(:)(0\s{4}|\d\.\d\s{2}|\d{2}\.\d\|\d\.\d{2}\s|\d{2}\.\d{2})/"; $ip_port_pattern_normal = "/(\s*)([^\s|^:]+)(:)([\d|\.]{{$i}})(\s{{$diff}})/"; $spaces = ''; for ($k=0;$k<$diff;$k++) {$spaces = $spaces . ' ';} // spaces required to align hap viewer icons array_push($patterns, $ip_port_pattern_icmp); array_push($replacements, $default_replacement . "$3$4 <a href=\"nfsen.php?tab=5&sub_tab=" . $hap4nfsen_id . "&ip=$2&mode=new\" title='HAP graphlet for $2'>$hap_pic</a> "); array_push($patterns, $ip_port_pattern_normal); array_push($replacements, $default_replacement . "$3$4$spaces <a href=\"nfsen.php?tab=5&sub_tab=" . $hap4nfsen_id . "&ip=$2&port=$4&mode=new\" title='HAP graphlet for $2 on port $4'>$hap_pic</a> "); } array_push($patterns, '/(\sIP\sAddr:Port)/i'); array_push($replacements, "$1 $hap_pic"); } else { if ($ip_and_port_columns) { // matches cases when both ip and port are available but are located in separate columns // ICMP verion $ip_and_port_pattern = "/(\s*)([^\s]+)(\s+)(0|\d\.\d)/"; $ip_and_port_replacement = "$1$2$3$4 " . "<a href=\"nfsen.php?tab=5&sub_tab=" . $hap4nfsen_id . "&ip=$2&mode=new\" title='HAP graphlet for $2'>$hap_pic</a>"; array_push($patterns, $ip_and_port_pattern); array_push($replacements, $ip_and_port_replacement); // non-ICMP version with port filter $ip_and_port_pattern = "/(\s*)([^\s]+)(\s*)([\d|.]+)/"; $ip_and_port_replacement = "$1$2$3$4 " . "<a href=\"nfsen.php?tab=5&sub_tab=" . $hap4nfsen_id . "&ip=$2&port=$4&mode=new\" title='HAP graphlet for $2 on port $4'>$hap_pic</a>"; array_push($patterns, $ip_and_port_pattern); array_push($replacements, $ip_and_port_replacement); array_push($patterns, '/(\s\s(Src\sIP\sAddr\s*Src\sPt|Dst\sIP\sAddr\s*Dst\sPt))/i'); array_push($replacements, "$1 $hap_pic"); } else { // matches all other cases array_push($patterns, $default_pattern); array_push($replacements, $default_replacement . " <a href=\"nfsen.php?tab=5&sub_tab=" . $hap4nfsen_id . "&ip=$2&mode=new\" title='HAP graphlet for $2'>$hap_pic</a>"); array_push($patterns, '/(\s(|\s(Src|Dst))\sIP\sAddr)/i'); array_push($replacements, "$1 $hap_pic"); } } } if ( array_key_exists('arg', $cmd_out) ) { print "** nfdump " . $cmd_out['arg'] . "\n"; } if ( array_key_exists('filter', $cmd_out) ) { print "nfdump filter:\n"; foreach ( $cmd_out['filter'] as $line ) { print "$line\n"; } } foreach ( $cmd_out['nfdump'] as $line ) { print preg_replace($patterns, $replacements, $line) . "\n"; }*/ # parse command line #2009-12-09 17:08:17.596 40.262 TCP 192.168.1.9:80 -> 217.126.167.80:51694 .AP.SF 0 70 180978 1 35960 2585 1 $list = preg_match("/\\-o extended/", $cmd_out['arg']) ? 1 : 0; $regex = $list ? "/(\\d\\d\\d\\d\\-.*?\\s.*?)\\s+(.*?)\\s+(.*?)\\s+(.*?)\\s+->\\s+(.*?)\\s+(.*?)\\s+(.*?)\\s+(.*?)\\s+(.*?\\s*[KMG]?)\\s+(.*?)\\s+(.*?)\\s+(.*?)\\s+(.*)/" : "/(\\d\\d\\d\\d\\-.*?\\s.*?)\\s+(.*?)\\s+(.*?)\\s+(.*?)\\s+(.*?)\\s+(.*?)\\s+(.*?\\s*[KMGT]?)\\s+(.*?)\\s+(.*?)\\s+(.*)/"; echo '<div class="nfsen_list_title">' . _('Flows Info') . '</div>'; echo "<table class='table_list'>"; $geotools = false; if ($list && file_exists("../kml/GoogleEarth.php")) { $geotools = true; $geoips = array(); $geotools_src = " <a href='' onclick='window.open(\"../kml/TourConfig.php?type=ip_src&ip=&flows=1\",\"Flows sources - Goggle Earth API\",\"width=1024,height=700,scrollbars=NO,toolbar=1\");return false'><img align='absmiddle' src='../pixmaps/google_earth_icon.png' border='0'></a> <a href='' onclick='window.open(\"../kml/IPGoogleMap.php?type=ip_src&ip=&flows=1\",\"Flows sources - Goggle Maps API\",\"width=1024,height=700,scrollbars=NO,toolbar=1\");return false'><img align='absmiddle' src='../pixmaps/google_maps_icon.png' border='0'></a>"; $geotools_dst = " <a href='' onclick='window.open(\"../kml/TourConfig.php?type=ip_dst&ip=&flows=1\",\"Flows destinations - Goggle Earth API\",\"width=1024,height=700,scrollbars=NO,toolbar=1\");return false'><img align='absmiddle' src='../pixmaps/google_earth_icon.png' border='0'></a> <a href='' onclick='window.open(\"../kml/IPGoogleMap.php?type=ip_dst&ip=&flows=1\",\"Flows destinations - Goggle Maps API\",\"width=1024,height=700,scrollbars=NO,toolbar=1\");return false'><img align='absmiddle' src='../pixmaps/google_maps_icon.png' border='0'></a>"; } echo $list ? "\n \n <tr>\n <th>" . _("Date flow start") . "<br><span style='font-size:8px'>" . Util::timezone($tz) . "</style></th>\n <th>" . _("Duration") . "</th>\n <th>" . _("Proto") . "</th>\n <th>" . _("Src IP Addr:Port") . "{$geotools_src}</th>\n <th>" . _("Dst IP Addr:Port") . "{$geotools_dst}</th>\n <th>" . _("Flags") . "</th>\n <th>" . _("Tos") . "</th>\n <th>" . _("Packets") . "</th>\n <th>" . _("Bytes") . "</th>\n <th>" . _("pps") . "</th>\n <th>" . _("bps") . "</th>\n <th>" . _("Bpp") . "</th>\n <th>" . _("Flows") . "</th>\n \t" . ($solera ? "<th></th>" : "") . "\n </tr>" : "<tr>\n <th>" . _("Date flow seen") . "<br><span style='font-size:8px'>" . Util::timezone($tz) . "</style></th>\n <th>" . _("Duration") . "</th>\n <th>" . _("Proto") . "</th>\n <th>" . $titcol . "</th>\n <th>" . _("Flows") . "(%)</th>\n <th>" . _("Packets") . "(%)</th>\n <th>" . _("Bytes") . "(%)</th>\n <th>" . _("pps") . "</th>\n <th>" . _("bps") . "</th>\n <th>" . _("Bpp") . "</th>\n \t" . ($solera ? "<th></th>" : "") . "\n </tr>"; $status = $errors = array(); $rep = new Reputation(); //print_r($cmd_out['arg']); //print_r($cmd_out['nfdump']); foreach ($cmd_out['nfdump'] as $k => $line) { #capture status if (preg_match("/^(Summary|Time window|Total flows processed|Sys)\\:/", $line, $found)) { $status[$found[1]] = str_replace($found[1] . ":", "", $line); } # capture errors if (preg_match("/ error /i", $line, $found)) { if (preg_match("/stat\\(\\) error/i", $line)) { $errors[] = _('The netflow information you are trying to access either has not been processed yet or does not exist. Please check your date filters.'); Av_exception::write_log(Av_exception::USER_ERROR, $line); } else { $errors[] = $line; } } # print results $line = preg_replace("/\\(\\s(\\d)/", "(\\1", $line); // Patch for ( 0.3) $line = preg_replace("/(\\d)\\s*([KMGT])/", "\\1\\2", $line); // Patch for 1.2 M(99.6) $line = preg_replace("/(\\d+)(TCP|UDP|ICMP|IGMP)\\s/", "\\1 \\2 ", $line); // Patch for 9.003TCP $start = $end = $proto = ""; $ips = $ports = array(); if (preg_match($regex, preg_replace('/\\s*/', ' ', $line), $found)) { echo "<tr class='tr_flow_data'>\n"; foreach ($found as $ki => $field) { if ($ki > 0) { $wrap = $ki == 1 ? "nowrap" : ""; $field = Util::htmlentities(preg_replace("/(\\:\\d+)\\.0\$/", "\\1", $field)); if (preg_match("/(\\d+\\.\\d+\\.\\d+\\.\\d+)(.*)/", $field, $fnd)) { # match ip (resolve and geolocalize) $ip = $fnd[1]; $port = $fnd[2]; list($name, $ctx, $host_id) = GetDataFromSingleIp($ip, $hosts); if ($name == "" && $sensors[$ip] != "") { $name = $sensors[$ip]; } $output = Asset_host::get_extended_name($conn, $geoloc, $ip, $ctx, $host_id, ''); $homelan = $output['is_internal'] || $name != "" && $name != $ip; $icon = $output['html_icon']; # reputation info if (!is_array($_SESSION["_repinfo_ips"][$ip])) { $_SESSION["_repinfo_ips"][$ip] = $rep->get_data_by_ip($ip); } $rep_icon = Reputation::getrepimg($_SESSION["_repinfo_ips"][$ip][0], $_SESSION["_repinfo_ips"][$ip][1], $_SESSION["_repinfo_ips"][$ip][2], $ip); $rep_bgcolor = Reputation::getrepbgcolor($_SESSION["_repinfo_ips"][$ip][0]); $style_aux = $homelan ? 'style="font-weight:bold"' : ''; $bold_aux1 = $homelan ? '<b>' : ''; $bold_aux2 = $homelan ? '<b>' : ''; $field = '<div id="' . $ip . ';' . Util::htmlentities($name) . ';' . $host_id . '" id2="' . $ip . ';' . $ip . '" ctx="' . $ctx . '" class="HostReportMenu">' . $icon . ' <a ' . $style_aux . ' href="javascript:;">' . Util::htmlentities($name) . '</a>' . $bold_aux1 . $port . $bold_aux2 . ' ' . $rep_icon . '</div>'; $wrap = "nowrap style='{$rep_bgcolor}'"; $ips[] = $ip; if ($geotools) { if ($ki == 4) { $geoips['ip_src'][$ip]++; } elseif ($ki == 5) { $geoips['ip_dst'][$ip]++; } } $ports[] = str_replace(":", "", $port); } if (preg_match("/(\\d+-\\d+-\\d+ \\d+:\\d+:\\d+)(.*)/", $field, $fnd)) { # match date $start = $end = $fnd[1]; $time = strtotime($fnd[1]); $field = Util::htmlentities(gmdate("Y-m-d H:i:s", $time + 3600 * $tz) . "." . $fnd[2]); } if (preg_match("/(TCP|UDP|ICMP|RAW)/", $field, $fnd)) { # match date $proto = strtolower($fnd[1]); } print "<td {$wrap}>{$field}</td>"; } } // solera deepsee integration if ($solera) { echo "<td><a href=\"javascript:;\" onclick=\"solera_deepsee('" . Util::htmlentities($start) . "','" . Util::htmlentities($end) . "','" . Util::htmlentities($ips[0]) . "','" . Util::htmlentities($ports[0]) . "','" . Util::htmlentities($ips[1]) . "','" . Util::htmlentities($ports[1]) . "','" . Util::htmlentities($proto) . "')\"><img src='/ossim/pixmaps/solera.png' border='0' align='absmiddle'></a></td>"; } echo "</tr>\n"; } } echo "</table>"; if ($geotools) { foreach ($geoips as $type => $list) { $ipsfile = fopen("/var/tmp/flowips_" . Session::get_session_user() . ".{$type}", "w"); foreach ($list as $ip => $val) { fputs($ipsfile, "{$ip}\n"); } fclose($ipsfile); } } #Summary: total flows: 20, total bytes: 7701, total packets: 133, avg bps: 60, avg pps: 0, avg bpp: 57 #Time window: 2009-12-10 08:21:30 - 2009-12-10 08:38:26 #Total flows processed: 21, Records skipped: 0, Bytes read: 1128 #Sys: 0.000s flows/second: 0.0 Wall: 0.000s flows/second: 152173.9 if (count($status) > 0) { echo "<table class='transparent' style='margin-bottom:5px;width:100%'>"; foreach ($status as $key => $line) { $line = preg_replace("/(Wall)\\:/", "<span class='th_summary'>\\1</span>", $line); $line = preg_replace("/\\,\\s+(.*?)\\:/", " <span class='th_summary'>\\1</span>", $line); echo "<tr>\n <td class='nobborder' style='padding: 4px;'>\n <span class='th_summary'>{$key}</span>\n {$line}\n </td>\n </tr>"; } echo "</table>"; } # stat() error '/home/dk/nfsen/profiles-data/live/device2/2009/12/10/nfcapd.200912100920': File not found! if (count($errors) > 0) { foreach ($errors as $line) { echo "<div class='details_error'>" . _("ERROR FOUND: ") . "{$line}</div>"; } } $conn->disconnect(); } #print "</pre>\n"; } print "</div>\n"; $db_aux->close(); $geoloc->close(); return; }
function schedule_scan($conn, $wizard, $data) { $step = intval($wizard->get_step_data('scan_step')); $nets = $wizard->get_step_data('scan_nets'); if ($step != 3 || count($nets) < 1) { $response['error'] = TRUE; $response['msg'] = _('Asset Scan not valid to schedule'); return $response; } $sched = $data['sch_opt']; ossim_valid($sched, OSS_DIGIT, 'illegal:' . _("Schedule Option")); if (ossim_error()) { $response['error'] = TRUE; $response['msg'] = ossim_get_error(); ossim_clean_error(); $wizard->set_step_data('scan_nets', -1); return $response; } if ($sched == 1) { $period = 86400; } elseif ($sched == 2) { $period = 604800; } else { $period = 2419200; } $sensor_id = Av_sensor::get_default_sensor($conn); $name = _('Default_wizard_scan'); $type = 5; $targets = array(); foreach ($nets as $cidrs) { $cidrs = explode(' ', $cidrs); foreach ($cidrs as $cidr) { $targets[$cidr] = $cidr; } } $targets = implode(' ', $targets); $params = $targets . '#-T3 -A -sS -F'; Inventory::insert($conn, $sensor_id, $name, $type, $period, $params, $targets); $response['error'] = FALSE; $response['data'] = array(); return $response; }
* Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt * */ require_once 'av_init.php'; Session::logcheck('environment-menu', 'PolicyHosts'); session_write_close(); /**************************************************** ********************* Tooltips ********************* ****************************************************/ $t_location = '<div>' . _("You can type any location (address, country, city, ...)") . '</div>'; //Database connection $db = new ossim_db(); $conn = $db->connect(); //Getting all sensors $filters = array('order_by' => "priority DESC"); list($all_sensors, $s_total) = Av_sensor::get_list($conn, $filters, FALSE, TRUE); //Common Context $ctx = Asset_host::get_common_ctx($conn); //Closing database connection $db->close(); ?> <div id="bk_tg_container"> <div id='tg_av_info'></div> <div class="legend"> <?php echo _('Only filled values will be updated'); ?> </div>
$dbo = new ossim_db(); // Multiple Database Server selector $conn = $dbo->connect(); $database_servers = Databases::get_list($conn); $dbo->close(); // if (is_array($_SESSION["server"]) && $_SESSION["server"][0] != "") { $dbo->enable_cache(); $conn = $dbo->custom_connect($_SESSION["server"][0], $_SESSION["server"][2], $_SESSION["server"][3]); } else { $dbo->enable_cache(); $conn = $dbo->connect(); } include_once "{$BASE_path}/base_common.php"; $sensors = $hosts = $ossim_servers = array(); $sensors = Av_sensor::get_basic_list($conn, array(), TRUE); list($hosts, $host_ids) = Asset_host::get_basic_list($conn, array(), TRUE); $entities = Session::get_all_entities($conn); $rep_activities = Reputation::get_reputation_activities($conn, "ORDER BY descr", $db_memcache); $rep_severities = array("ANY", "High", "Medium", "Low"); // // added default home host/lan to SESSION[ip_addr] // if ($_GET["addhomeips"] == "src" || $_GET["addhomeips"] == "dst") { $_nets = Asset_net::get_all($conn, TRUE); // adding all not external lans $local_ips = array(); $total_ips = 0; foreach ($_nets as $current_net) { $cirds = explode(",", $current_net['ips']); foreach ($cirds as $cidr) {
function sensor_list($conn, $page, $search) { $filters = array(); $filters['limit'] = get_query_limits($page); if ($search != '') { $search = utf8_decode($search); $search = escape_sql($search, $conn); $filters['where'] = " name LIKE '%{$search}%' OR inet6_ntoa(ip) LIKE '%{$search}%'"; } $filters['order_by'] = 'name ASC'; try { list($sensors, $total) = Av_sensor::get_list($conn, $filters, TRUE, TRUE); } catch (Exception $e) { $return['error'] = TRUE; $return['msg'] = $e->getMessage(); return $return; } //If we have at least one element... if ($total > 0) { //Getting the nets already selected in the filter. $selected = get_selected_values(14); } $list = array(); //Going through the list to format the elements properly: foreach ($sensors as $id => $sensor) { $_chk = $selected[$id] != '' ? TRUE : FALSE; $_sensor = array('id' => $id, 'name' => $sensor['name'], 'extra' => $sensor['ip'], 'checked' => $_chk); $list[$id] = $_sensor; } $data['total'] = intval($total); $data['list'] = $list; $return['error'] = FALSE; $return['data'] = $data; return $return; }
//Validating icon format and size $icon = ''; if (is_uploaded_file($_FILES['icon']['tmp_name'])) { $icon = file_get_contents($_FILES['icon']['tmp_name']); } if ($icon != '') { $image = @imagecreatefromstring($icon); if (!$image || imagesx($image) > 400 || imagesy($image) > 400) { $validation_errors['icon'] = _('Image format is not allowed'); } } //Validating Sensors if (is_array($sensors) && !empty($sensors)) { foreach ($sensors as $sensor) { if (!Av_sensor::is_allowed($conn, $sensor)) { $validation_errors['sboxs[]'] .= sprintf(_("Error! Sensor %s cannot be assigned to this asset"), Av_sensor::get_name_by_id($conn, $sensor)) . "<br/>"; } } } $db->close(); } $data['status'] = 'OK'; $data['data'] = $validation_errors; if (POST('ajax_validation_all') == TRUE) { if (is_array($validation_errors) && !empty($validation_errors)) { $data['status'] = 'error'; } echo json_encode($data); exit; } else { if (is_array($validation_errors) && !empty($validation_errors)) {
* On Debian GNU/Linux systems, the complete text of the GNU General * Public License can be found in `/usr/share/common-licenses/GPL-2'. * * Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt * */ require_once dirname(__FILE__) . '/../../conf/config.inc'; Session::logcheck('environment-menu', 'EventsHidsConfig'); $sensor_id = REQUEST('sensor_id'); ossim_valid($sensor_id, OSS_HEX, 'illegal:' . _('Sensor ID')); if (!ossim_error()) { $db = new ossim_db(); $conn = $db->connect(); if (!Ossec_utilities::is_sensor_allowed($conn, $sensor_id)) { $db->close(); $error_msg = sprintf(_("Sensor %s not allowed. Please check with your account admin for more information"), Av_sensor::get_name_by_id($conn, $sensor_id)); echo ossim_error($error_msg); exit; } $db->close(); } //Current sensor $_SESSION['ossec_sensor'] = $sensor_id; ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title><?php echo _('OSSIM Framework'); ?>
$sname = POST('sname'); $ip = POST('ip'); $priority = POST('priority'); $port = POST('port'); $tzone = POST('tzone'); $descr = POST('descr'); $location = POST('location'); $entities = POST('entities'); $validation_errors = validate_form_fields('POST', $validate); if (empty($validation_errors['ip'])) { if (preg_match('/,/', $ip)) { $validation_errors['ip'] = _('Invalid IP address. Format allowed') . ": nnn.nnn.nnn.nnn <br/>" . _('Entered IP') . ": '<strong>" . Util::htmlentities($ip) . "</strong>'"; } else { $db = new ossim_db(); $conn = $db->connect(); $aux_id = Av_sensor::get_id_by_ip($conn, $ip); $db->close(); if (!empty($aux_id)) { $validation_errors['ip'] = _('Error! IP address associated with another sensor'); } } } $data['status'] = 'OK'; $data['data'] = $validation_errors; if (POST('ajax_validation_all') == TRUE) { if (is_array($validation_errors) && !empty($validation_errors)) { $data['status'] = 'error'; echo json_encode($data); } else { $data['status'] = 'OK'; echo json_encode($data);
<table class='t_sc'> <tr> <th class='_label'><?php display_label($cnf_data['sensor_interfaces']); ?> </th> <td class='_data'> <div id='c_ifaces'> <?php $id = $cnf_data['sensor_interfaces']['id']; $s_ifaces = $cnf_data['sensor_interfaces']['value']; $s_ifaces = array_flip($s_ifaces); //Interfaces $interfaces = array(); try { $interfaces = Av_sensor::get_interfaces($system_id); } catch (Exception $e) { } ?> <select class='vfield multiselect' id='<?php echo $id; ?> ' name='<?php echo $id . "[]"; ?> ' multiple='multiple'> <?php foreach ($interfaces as $iface) { $i_name = $iface['name']; $id_iface = md5($i_name);
$db = new ossim_db(); $conn = $db->connect(); if (!empty($task_id)) { try { $task_obj = Inventory::get_object($conn, $task_id); $name = $task_obj['task_name']; $sensor_id = $task_obj['task_sensor']; $params = $task_obj['task_params']; $period = $task_obj['task_period']; } catch (Exception $e) { echo ossim_error($e->getMessage()); exit; } } //Sensors $sensors = Av_sensor::get_basic_list($conn); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html> <head> <title><?php echo _('OSSIM Framework'); ?> </title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <meta http-equiv="Pragma" content="no-cache"> <?php //CSS Files $_files = array(array('src' => 'av_common.css?t=' . Util::get_css_id(), 'def_path' => TRUE), array('src' => 'jquery-ui.css', 'def_path' => TRUE), array('src' => 'tipTip.css', 'def_path' => TRUE));
$type = 'other'; break; default: die(_('Wrong type')); } $limit = $limit < 1 || $limit > 7 ? 1 : $limit; $end = time(); $begind = $end - $limit * 86400; //86400 belongs to 24 hours in seconds --> 24*60*60 $nfsen_sensors = get_nfsen_sensors(); $sensor_list = ''; foreach ($nfsen_sensors as $flow_id => $sdata) { if (!Av_sensor::is_channel_allowed($conn, $flow_id)) { continue; } $sname = Av_sensor::get_nfsen_channel_name($conn, $flow_id); $sensor_list .= "{$flow_id};{$sname}:"; } $sensor_list = preg_replace('/:$/i', '', $sensor_list); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html lang="en"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <?php //If the refresh is enabled, we set it up in the meta. if (isset($winfo['refresh']) && $winfo['refresh'] != 0) { echo '<meta http-equiv="refresh" content="' . $winfo['refresh'] . '">'; } ?> <title><?php
* */ require_once 'av_init.php'; require_once 'get_sensors.php'; Session::logcheck('configuration-menu', 'PolicySensors'); $av_menu = @unserialize($_SESSION['av_menu']); // Load column layout require_once '../conf/layout.php'; $category = 'policy'; $name_layout = 'sensors_layout'; $layout = load_layout($name_layout, $category); $active_sensors = "<div id=\"c_active_sensor\"><a href=\"sensor.php?onlyactive=1\"><div id=\"active_sensors\" class=\"bold\" style=\"color: green;\"> - </div></a></div>"; $total_sensors = "<a href=\"sensor.php\"><div id=\"total_sensors\" class=\"bold\" style=\"color: black;\"> - </div></a>"; $db = new ossim_db(); $conn = $db->connect(); $unregistered_sensors = Av_sensor::get_unregistered($conn); $db->close(); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title><?php echo _('OSSIM Framework'); ?> </title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <meta http-equiv="Pragma" content="no-cache"/> <meta http-equiv="X-UA-Compatible" content="IE=7" /> <link rel="stylesheet" type="text/css" href="../style/av_common.css?t=<?php echo Util::get_css_id();
$ips = $_ips->get_ips(); //Checking HIDS Sensor $cnd_1 = Ossec_utilities::is_sensor_allowed($conn, $sensor_id) == FALSE; $asset_sensors = Asset_host_sensors::get_sensors_by_id($conn, $asset_id); $cnd_2 = empty($asset_sensors[$sensor_id]); if ($cnd_1 || $cnd_2) { $validation_errors['sensor_id'] = sprintf(_("Sensor %s not allowed. Please check with your account admin for more information"), Av_sensor::get_name_by_id($conn, $sensor_id)); } else { $system_ids = Av_center::get_system_id_by_component($conn, $sensor_id); $res = Av_center::get_system_info_by_id($conn, $system_ids['non-canonical']); if ($res['status'] == 'success') { //We use this function to calculate sensor name because in HA environments there are two systems for one Sensor ID if (empty($res['data']['ha_ip'])) { $sensor_name = $res['data']['name']; } else { $sensor_name = Av_sensor::get_name_by_id($conn, $sensor_id); } $sensor_ip = $res['data']['current_ip']; if (Ossec_utilities::get_default_sensor_id() == $sensor_id && empty($res['data']['ha_ip'])) { $sensor_ip = $res['data']['admin_ip']; } $sensor_ip_txt = $sensor_ip . ' [' . $sensor_name . ']'; } //Getting Agent information $_aux_agent = Asset_host::get_related_hids_agents($conn, $asset_id, $sensor_id); $agent_key = md5(strtoupper($sensor_id) . '#' . $agent_id); $agent = $_aux_agent[$agent_key]; if (empty($agent)) { $validation_errors['agent_id'] = _('Error! Agent information cannot be retrieved from system'); } else { $agent_descr = $agent['name'] . ' (' . $agent['ip_cidr'] . ')';
?> </label> </td> </tr> <tr> <td class="center noborder"> <input type="hidden" name="entities[]" id="entities" class='vfield' value="<?php echo Session::get_default_ctx(); ?> "/> <input type="hidden" name="num_entities_check" id="num_entities_check" value=""/> <br> <select name="neighborsensor" class='vfield' id="neighborsensor" style="width:150px"> <?php list($s_list, $s_total) = Av_sensor::get_list($conn, array(), FALSE, TRUE); $empty = 1; foreach ($s_list as $s_id => $s_data) { if ($s_data['properties']['version'] != 'unknown') { echo "<option value='" . $s_id . "'>" . $s_data['name'] . "\n"; $empty = 0; } } if ($empty) { echo "<option value='00000000000000000000000000000000'>" . _('Local sensor') . "\n"; } ?> </select> </td> <td class="center noborder" style="padding-left:10px"> <input type="hidden" class='vfield' style="width:120px" name="newcontext" value="<?php
} } break; } ossim_valid($sid, OSS_DIGIT, OSS_NULLABLE, 'illegal:' . _("Sid")); if (ossim_error()) { die(_("Invalid Parameter Sid")); } if (isset($_POST['authorized_users'])) { foreach ($_POST['authorized_users'] as $user) { $users[] = Util::htmlentities(escape_sql(trim($user), $dbconn), ENT_QUOTES); } } $sIDs = array(); if (Vulnerabilities::scanner_type() == 'omp') { list($sensor_list, $total) = Av_sensor::get_list($dbconn); foreach ($sensor_list as $sensor_id => $sensor_data) { if (intval($sensor_data['properties']['has_vuln_scanner']) == 1) { $sIDs[] = array('name' => $sensor_data['name'], 'id' => $sensor_id); } } } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html> <head> <title> <?php echo gettext("Vulnmeter"); ?> </title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>
function get_report_data($id = NULL) { $conf = $GLOBALS['CONF']; $conf = !$conf ? new Ossim_conf() : $conf; $y = strftime('%Y', time() - 24 * 60 * 60 * 30); $m = strftime('%m', time() - 24 * 60 * 60 * 30); $d = strftime('%d', time() - 24 * 60 * 60 * 30); $reports['asset_report'] = array('report_name' => _('Asset Details'), 'report_id' => 'asset_report', 'type' => 'external', 'link_id' => 'link_ar_asset', 'link' => '', 'parameters' => array(array('name' => _('Host Name/IP/Network'), 'id' => 'ar_asset', 'type' => 'asset', 'default_value' => '')), 'access' => Session::menu_perms('environment-menu', 'PolicyHosts') || Session::menu_perms('environment-menu', 'PolicyNetworks'), 'send_by_email' => 0); $status_values = array('All' => array('text' => _('All')), 'Open' => array('text' => _('Open')), 'Assigned' => array('text' => _('Assigned')), 'Studying' => array('text' => _('Studying')), 'Waiting' => array('text' => _('Waiting')), 'Testing' => array('text' => _('Testing')), 'Closed' => array('text' => _('Closed'))); $types_values = array('ALL' => array('text' => _('ALL')), 'Expansion Virus' => array('text' => _('Expansion Virus')), 'Corporative Nets Attack' => array('text' => _('Corporative Nets Attack')), 'Policy Violation' => array('text' => _('Policy Violation')), 'Security Weakness' => array('text' => _('Security Weakness')), 'Net Performance' => array('text' => _('Net Performance')), 'Applications and Systems Failures' => array('text' => _('Applications and Systems Failures')), 'Anomalies' => array('text' => _('Anomalies')), 'Vulnerability' => array('text' => _('Vulnerability'))); $priority_values = array('High' => _('High'), 'Medium' => _('Medium'), 'Low' => _('Low')); $reports['tickets_report'] = array('report_name' => _('Tickets Report'), 'report_id' => 'tickets_report', 'type' => 'pdf', 'subreports' => array('title_page' => array('id' => 'title_page', 'name' => _('Title Page'), 'report_file' => 'os_reports/Common/titlepage.php'), 'alarm' => array('id' => 'alarm', 'name' => _('Alarm'), 'report_file' => 'os_reports/Tickets/Alarm.php'), 'event' => array('id' => 'event', 'name' => _('Event'), 'report_file' => 'os_reports/Tickets/Event.php'), 'anomaly' => array('id' => 'anomaly', 'name' => _('Anomaly'), 'report_file' => 'os_reports/Tickets/Anomaly.php'), 'vulnerability' => array('id' => 'vulnerability', 'name' => _('Vulnerability'), 'report_file' => 'os_reports/Tickets/Vulnerability.php')), 'parameters' => array(array('name' => _('Date Range'), 'date_from_id' => 'tr_date_from', 'date_to_id' => 'tr_date_to', 'type' => 'date_range', 'default_value' => array('date_from' => $y . '-' . $m . '-' . $d, 'date_to' => date('Y') . '-' . date('m') . '-' . date('d'))), array('name' => _('Status'), 'id' => 'tr_status', 'type' => 'select', 'values' => $status_values), array('name' => _('Type'), 'id' => 'tr_type', 'type' => 'select', 'values' => $types_values), array('name' => _('Priority'), 'id' => 'tr_priority', 'type' => 'checkbox', 'values' => $priority_values)), 'access' => Session::menu_perms('analysis-menu', 'IncidentsIncidents'), 'send_by_email' => 1); $reports['alarm_report'] = array('report_name' => _('Alarms Report'), 'report_id' => 'alarm_report', 'type' => 'pdf', 'subreports' => array('title_page' => array('id' => 'title_page', 'name' => _('Title Page'), 'report_file' => 'os_reports/Common/titlepage.php'), 'top_attacker_host' => array('id' => 'top_attacker_host', 'name' => _('Top 10 Attacker Host'), 'report_file' => 'os_reports/Alarms/AttackerHosts.php'), 'top_attacked_host' => array('id' => 'top_attacked_host', 'name' => _('Top 10 Attacked Host'), 'report_file' => 'os_reports/Alarms/AttackedHosts.php'), 'used_port' => array('id' => 'used_port', 'name' => _('Top 10 Used Ports'), 'report_file' => 'os_reports/Alarms/UsedPorts.php'), 'top_events' => array('id' => 'top_events', 'name' => _('Top 15 Alarms'), 'report_file' => 'os_reports/Alarms/TopAlarms.php'), 'events_by_risk' => array('id' => 'events_by_risk', 'name' => _('Top 15 Alarms by Risk'), 'report_file' => 'os_reports/Alarms/TopAlarmsByRisk.php')), 'parameters' => array(array('name' => _('Date Range'), 'date_from_id' => 'ar_date_from', 'date_to_id' => 'ar_date_to', 'type' => 'date_range', 'default_value' => array('date_from' => $y . '-' . $m . '-' . $d, 'date_to' => date('Y') . '-' . date('m') . '-' . date('d')))), 'access' => Session::menu_perms('analysis-menu', 'ControlPanelAlarms'), 'send_by_email' => 1); $reports['bc_pci_report'] = array('report_name' => _('Business & Compliance ISO PCI Report'), 'report_id' => 'bc_pci_report', 'type' => 'pdf', 'subreports' => array('title_page' => array('id' => 'title_page', 'name' => _('Title Page'), 'report_file' => 'os_reports/Common/titlepage.php'), 'threat_overview' => array('id' => 'threat_overview', 'name' => _('Threat overview'), 'report_file' => 'os_reports/BusinessAndComplianceISOPCI/ThreatOverview.php'), 'bri_risks' => array('id' => 'bri_risks', 'name' => _('Business real impact risks'), 'report_file' => 'os_reports/BusinessAndComplianceISOPCI/BusinessPotentialImpactsRisks.php'), 'ciap_impact' => array('id' => 'ciap_impact', 'name' => _('C.I.A Potential impact'), 'report_file' => 'os_reports/BusinessAndComplianceISOPCI/CIAPotentialImpactsRisks.php'), 'pci_dss' => array('id' => 'pci_dss', 'name' => _('PCI-DSS 2.0'), 'report_file' => 'os_reports/BusinessAndComplianceISOPCI/PCI-DSS.php'), 'pci_dss3' => array('id' => 'pci_dss3', 'name' => _('PCI-DSS 3.0'), 'report_file' => 'os_reports/BusinessAndComplianceISOPCI/PCI-DSS3.php'), 'trends' => array('id' => 'trends', 'name' => _('Trends'), 'report_file' => 'os_reports/BusinessAndComplianceISOPCI/Trends.php'), 'iso27002_p_impact' => array('id' => 'iso27002_p_impact', 'name' => _('ISO27002 Potential impact'), 'report_file' => 'os_reports/BusinessAndComplianceISOPCI/ISO27002PotentialImpact.php'), 'iso27001' => array('id' => 'iso27001', 'name' => _('ISO27001'), 'report_file' => 'os_reports/BusinessAndComplianceISOPCI/ISO27001.php')), 'parameters' => array(array('name' => _('Date Range'), 'date_from_id' => 'bc_pci_date_from', 'date_to_id' => 'bc_pci_date_to', 'type' => 'date_range', 'default_value' => array('date_from' => $y . '-' . $m . '-' . $d, 'date_to' => date('Y') . '-' . date('m') . '-' . date('d')))), 'access' => Session::menu_perms('report-menu', 'ReportsReportServer'), 'send_by_email' => 1); $reports['siem_report'] = array('report_name' => _('SIEM Events'), 'report_id' => 'siem_report', 'type' => 'pdf', 'subreports' => array('title_page' => array('id' => 'title_page', 'name' => _('Title Page'), 'report_file' => 'os_reports/Common/titlepage.php'), 'top_attacker_host' => array('id' => 'top_attacker_host', 'name' => _('Top 10 Attacker Host'), 'report_file' => 'os_reports/Siem/AttackerHosts.php'), 'top_attacked_host' => array('id' => 'top_attacked_host', 'name' => _('Top 10 Attacked Host'), 'report_file' => 'os_reports/Siem/AttackedHosts.php'), 'used_port' => array('id' => 'used_port', 'name' => _('Top 10 Used Ports'), 'report_file' => 'os_reports/Siem/UsedPorts.php'), 'top_events' => array('id' => 'top_events', 'name' => _('Top 15 Events'), 'report_file' => 'os_reports/Siem/TopEvents.php'), 'events_by_risk' => array('id' => 'events_by_risk', 'name' => _('Top 15 Events by Risk'), 'report_file' => 'os_reports/Siem/TopEventsByRisk.php')), 'parameters' => array(array('name' => _('Date Range'), 'date_from_id' => 'sr_date_from', 'date_to_id' => 'sr_date_to', 'type' => 'date_range', 'default_value' => array('date_from' => $y . '-' . $m . '-' . $d, 'date_to' => date('Y') . '-' . date('m') . '-' . date('d')))), 'access' => Session::menu_perms('analysis-menu', 'EventsForensics'), 'send_by_email' => 1); $reports['vulnerabilities_report'] = array('report_name' => _('Vulnerabilities Report'), 'report_id' => 'vulnerabilities_report', 'type' => 'external', 'target' => '_blank', 'link_id' => 'link_vr', 'link' => Menu::get_menu_url('../vulnmeter/lr_respdf.php?ipl=all&scantype=M', 'environment', 'vulnerabilities', 'overview'), 'access' => Session::menu_perms('analysis-menu', 'EventsVulnerabilities'), 'send_by_email' => 0); $reports['th_vuln_db'] = array('report_name' => _('Threats & Vulnerabilities Database'), 'report_id' => 'th_vuln_db', 'type' => 'external', 'link_id' => 'link_tvd', 'link' => Menu::get_menu_url('../vulnmeter/threats-db.php', 'environment', 'vulnerabilities', 'threat_database'), 'access' => Session::menu_perms('analysis-menu', 'EventsVulnerabilities'), 'send_by_email' => 0); $reports['ticket_status'] = array('report_name' => _('Tickets Status'), 'report_id' => 'ticket_status', 'type' => 'external', 'link_id' => 'link_tr', 'link' => Menu::get_menu_url('../report/incidentreport.php', 'analysis', 'tickets', 'tickets'), 'access' => Session::menu_perms('analysis-menu', 'IncidentsIncidents'), 'send_by_email' => 0); $db = new ossim_db(); $conn = $db->connect(); $user = Session::get_session_user(); $session_list = Session::get_list($conn, 'ORDER BY login'); if (preg_match('/pro|demo/', $conf->get_conf('ossim_server_version')) && !Session::am_i_admin()) { $myusers = Acl::get_my_users($conn, Session::get_session_user()); if (count($myusers) > 0) { $is_pro_admin = 1; } } // User Log lists if (Session::am_i_admin()) { $user_values[''] = array('text' => _('All')); if ($session_list) { foreach ($session_list as $session) { $login = $session->get_login(); $user_values[$login] = $login == $user ? array('text' => $login, 'selected' => TRUE) : array('text' => $login); } } } elseif ($is_pro_admin) { foreach ($myusers as $myuser) { $user_values[$myuser['login']] = array('text' => $myuser['login']); $user_values[$user] = array('text' => $user, 'selected' => TRUE); } } else { $user_values[$user] = array('text' => $user); } $code_list = Log_config::get_list($conn, 'ORDER BY descr'); $action_values[''] = array('text' => _('All')); if ($code_list) { foreach ($code_list as $code_log) { $code_aux = $code_log->get_code(); $action_values[$code_aux] = array('text' => '[' . sprintf("%02d", $code_aux) . '] ' . _(preg_replace('|%.*?%|', " ", $code_log->get_descr()))); } } $reports['user_activity'] = array('report_name' => _('User Activity Report'), 'report_id' => 'user_activity', 'type' => 'external', 'link_id' => 'link_ua', 'link' => Menu::get_menu_url('../userlog/user_action_log.php', 'settings', 'settings', 'user_activity'), 'parameters' => array(array('name' => _('User'), 'id' => 'ua_user', 'type' => 'select', 'values' => $user_values), array('name' => _('Action'), 'id' => 'ua_action', 'type' => 'select', 'values' => $action_values)), 'access' => Session::menu_perms('settings-menu', 'ToolsUserLog'), 'send_by_email' => 0); $reports['geographic_report'] = array('report_name' => _('Geographic Report'), 'report_id' => 'geographic_report', 'type' => 'pdf', 'subreports' => array('title_page' => array('id' => 'title_page', 'name' => _('Title Page'), 'report_file' => 'os_reports/Common/titlepage.php'), 'geographic_report' => array('id' => 'geographic_report', 'name' => _('Geographic Report'), 'report_file' => 'os_reports/Various/Geographic.php')), 'parameters' => array(array('name' => _('Date Range'), 'date_from_id' => 'gr_date_from', 'date_to_id' => 'gr_date_to', 'type' => 'date_range', 'default_value' => array('date_from' => $y . '-' . $m . '-' . $d, 'date_to' => date('Y') . '-' . date('m') . '-' . date('d')))), 'access' => Session::menu_perms('analysis-menu', 'EventsForensics'), 'send_by_email' => 1); //Sensor list $sensor_values[''] = array('text' => ' -- ' . _('Sensors no found') . ' -- '); $filters = array('order_by' => 'name'); $sensor_list = Av_sensor::get_basic_list($conn, $filters); $filters = array('order_by' => 'priority desc'); list($sensor_list, $sensor_total) = Av_sensor::get_list($conn, $filters); if ($sensor_total > 0) { $sensor_values = array(); foreach ($sensor_list as $s) { $properties = $s['properties']; if ($properties['has_nagios']) { $sensor_values[$s['ip']] = array('text' => $s['name']); } } } /* Nagios link */ $nagios_link = $conf->get_conf('nagios_link'); $scheme = empty($_SERVER['HTTPS']) ? 'http://' : 'https://'; $path = !empty($nagios_link) ? $nagios_link : '/nagios3/'; $port = !empty($_SERVER['SERVER_PORT']) ? ':' . $_SERVER['SERVER_PORT'] : ""; $nagios = $port . $path; $section_values = array(urlencode($nagios . 'cgi-bin/trends.cgi') => array('text' => _('Trends')), urlencode($nagios . 'cgi-bin/avail.cgi') => array('text' => _('Availability')), urlencode($nagios . 'cgi-bin/histogram.cgi') => array('text' => _('Event Histogram')), urlencode($nagios . 'cgi-bin/history.cgi?host=all') => array('text' => _('Event History')), urlencode($nagios . 'cgi-bin/summary.cgi') => array('text' => _('Event Summary')), urlencode($nagios . 'cgi-bin/notifications.cgi') => array('text' => _('Notifications')), urlencode($nagios . 'cgi-bin/showlog.cgi') => array('text' => _('Performance Info'))); $reports['availability_report'] = array('report_name' => _('Availability Report'), 'report_id' => 'availability_report', 'type' => 'external', 'link_id' => 'link_avr', 'click' => "nagios_link('avr_nagios_link', 'avr_sensor', 'avr_section');", 'parameters' => array(array('name' => _('Sensor'), 'id' => 'avr_sensor', 'type' => 'select', 'values' => $sensor_values), array('name' => 'Nagioslink', 'id' => 'avr_nagios_link', 'type' => 'hidden', 'default_value' => urlencode($scheme)), array('name' => _('Section'), 'id' => 'avr_section', 'type' => 'select', 'values' => $section_values)), 'access' => Session::menu_perms('environment-menu', 'MonitorsAvailability'), 'send_by_email' => 0); $db->close(); if ($id == NULL) { ksort($reports); return $reports; } else { return !empty($reports[$id]) ? $reports[$id] : array(); } }
$flag_events = false; } } if ($flag_events) { $event_types = "<b>" . _('DS Groups') . ":</b><br>" . $plugingroups; } else { $event_types = "<b>" . _('Taxonomy') . ":</b><br>" . $taxonomy; } $xml .= "<cell><![CDATA[" . $event_types . "]]></cell>"; if ($engine != 'engine') { $sensors = ""; $sensor_exist = $policy->exist_sensors($conn); if ($sensor_list = $policy->get_sensors($conn)) { foreach ($sensor_list as $sensor) { if (!check_any($sensor->get_sensor_id())) { $sensors .= ($sensors == "" ? "" : "<br/>") . Av_sensor::get_name_by_id($conn, $sensor->get_sensor_id()); if ($sensor_exist[$sensor->get_sensor_id()] == 'false') { $sensors = '<div title="' . _('sensor non-existent') . '">' . $sensors; $sensors .= '<a href="newpolicyform.php?id=' . $id . '&sensorNoExist=true#tabs-5"><img style="vertical-align: middle" src="../pixmaps/tables/cross-small-circle.png" /></a></div>'; } } } } if (empty($sensors)) { $sensors = "<font color='#AAAAAA'><b>ANY</b></font>"; } $xml .= "<cell><![CDATA[" . $sensors . "]]></cell>"; } if ($policy_time = $policy->get_time($conn)) { $tzone = $policy_time->get_timezone(); $begin_range = "";
function main_page($viewall, $sortby, $sortdir) { global $uroles, $username, $dbconn, $hosts; global $arruser, $user; $dbconn->SetFetchMode(ADODB_FETCH_BOTH); $tz = Util::get_timezone(); if ($sortby == "") { $sortby = "id"; } if ($sortdir == "") { $sortdir = "DESC"; } $sql_order = "order by {$sortby} {$sortdir}"; if (Session::menu_perms("environment-menu", "EventsVulnerabilitiesScan")) { ?> <div style="width:50%; position: relative; height: 5px; float:left"> <div style="width:100%; position: absolute; top: -41px;left:0px;"> <div style="float:left; height:28px; margin:5px 5px 0px 0px;"> <a class="button" href="<?php echo Menu::get_menu_url(AV_MAIN_PATH . '/vulnmeter/sched.php?smethod=schedule&hosts_alive=1&scan_locally=1', 'environment', 'vulnerabilities', 'scan_jobs'); ?> "> <?php echo _("New Scan Job"); ?> </a> </div> <div style="float:left;height:28px;margin:5px 5px 0px -2px;"> <a class="greybox button av_b_secondary" href="import_nbe.php" title="<?php echo _("Import nbe file"); ?> "> <?php echo _("Import nbe file"); ?> </a> </div> </div> </div> <?php } if (intval($_GET['page']) != 0) { $page = intval($_GET['page']); } else { $page = 1; } $pagesize = 10; if ($username == "admin") { $query = "SELECT count(id) as num FROM vuln_jobs"; } else { $query = "SELECT count(id) as num FROM vuln_jobs where username='******'"; } $result = $dbconn->Execute($query); $jobCount = $result->fields["num"]; $num_pages = ceil($jobCount / $pagesize); //echo "num_pages:[".$num_pages."]"; //echo "jobCount:[".$jobCount."]"; //echo "page:[".$page."]"; if (Vulnerabilities::scanner_type() == "omp") { // We can display scan status with OMP protocol echo Vulnerabilities::get_omp_running_scans($dbconn); } else { // Nessus all_jobs(0, 10, "R"); } ?> <?php $schedulejobs = _("Scheduled Jobs"); echo <<<EOT <table style='margin-top:20px;' class='w100 transparent'><tr><td class='sec_title'>{$schedulejobs}</td></tr></table> <table summary="Job Schedules" class='w100 table_list'> EOT; if ($sortdir == "ASC") { $sortdir = "DESC"; } else { $sortdir = "ASC"; } $arr = array("name" => "Name", "schedule_type" => "Schedule Type", "time" => "Time", "next_CHECK" => "Next Scan", "enabled" => "Status"); // modified by hsh to return all scan schedules if (empty($arruser)) { $query = "SELECT t2.name as profile, t1.meth_TARGET, t1.id, t1.name, t1.schedule_type, t1.meth_VSET, t1.meth_TIMEOUT, t1.username, t1.enabled, t1.next_CHECK, t1.email\n FROM vuln_job_schedule t1 LEFT JOIN vuln_nessus_settings t2 ON t1.meth_VSET=t2.id "; } else { $query = "SELECT t2.name as profile, t1.meth_TARGET, t1.id, t1.name, t1.schedule_type, t1.meth_VSET, t1.meth_TIMEOUT, t1.username, t1.enabled, t1.next_CHECK, t1.email\n FROM vuln_job_schedule t1 LEFT JOIN vuln_nessus_settings t2 ON t1.meth_VSET=t2.id WHERE username in ({$user}) "; } $query .= $sql_order; $result = $dbconn->execute($query); if ($result->EOF) { echo "<tr><td class='empty_results' height='20' style='text-align:center;'>" . _("No Scheduled Jobs") . "</td></tr>"; } if (!$result->EOF) { echo "<tr>"; foreach ($arr as $order_by => $value) { echo "<th><a href=\"manage_jobs.php?sortby={$order_by}&sortdir={$sortdir}\">" . _($value) . "</a></th>"; } if (Session::menu_perms("environment-menu", "EventsVulnerabilitiesScan")) { echo "<th>" . _("Action") . "</th></tr>"; } } $colors = array("#FFFFFF", "#EEEEEE"); $color = 0; while (!$result->EOF) { list($profile, $targets, $schedid, $schedname, $schedtype, $sid, $timeout, $user, $schedstatus, $nextscan, $servers) = $result->fields; $name = Av_sensor::get_name_by_id($dbconn, $servers); $servers = $name != '' ? $name : "unknown"; $targets_to_resolve = explode("\n", $targets); $ttargets = array(); foreach ($targets_to_resolve as $id_ip) { if (preg_match("/^([a-f\\d]{32})#\\d+\\.\\d+\\.\\d+\\.\\d+\\/\\d{1,2}/i", $id_ip, $found) && Asset_net::is_in_db($dbconn, $found[1])) { $ttargets[] = preg_replace("/^([a-f\\d]{32})#/i", "", $id_ip) . " (" . Asset_net::get_name_by_id($dbconn, $found[1]) . ")"; } else { if (preg_match("/^([a-f\\d]{32})#\\d+\\.\\d+\\.\\d+\\.\\d+/i", $id_ip, $found) && Asset_host::is_in_db($dbconn, $found[1])) { $ttargets[] = preg_replace("/^([a-f\\d]{32})#/i", "", $id_ip) . " (" . Asset_host::get_name_by_id($dbconn, $found[1]) . ")"; } else { $ttargets[] = preg_replace("/[a-f\\d]{32}/i", "", $id_ip); } } } $targets = implode("<BR/>", $ttargets); $tz = intval($tz); $nextscan = gmdate("Y-m-d H:i:s", Util::get_utc_unixtime($nextscan) + 3600 * $tz); preg_match("/\\d+\\-\\d+\\-\\d+\\s(\\d+:\\d+:\\d+)/", $nextscan, $found); $time = $found[1]; switch ($schedtype) { case "N": $stt = _("Once (Now)"); break; case "O": $stt = _("Once"); break; case "D": $stt = _("Daily"); break; case "W": $stt = _("Weekly"); break; case "M": $stt = _("Monthly"); break; case "Q": $stt = _("Quarterly"); break; case "H": $stt = _("On Hold"); break; case "NW": $stt = _("N<sup>th</sup> weekday of the month"); break; default: $stt = " "; break; } switch ($schedstatus) { case "1": $itext = _("Disable Scheduled Job"); $isrc = "images/stop_task.png"; $ilink = "manage_jobs.php?disp=setstatus&schedid={$schedid}&enabled=0"; break; default: $itext = _("Enable Scheduled Job"); $isrc = "images/play_task.png"; $ilink = "manage_jobs.php?disp=setstatus&schedid={$schedid}&enabled=1"; break; } if (!Session::menu_perms("environment-menu", "EventsVulnerabilitiesScan")) { $ilink = "javascript:return false;"; } if ($schedstatus) { $txt_enabled = "<td><a href=\"{$ilink}\"><font color=\"green\">" . _("Enabled") . "</font></a></td>"; } else { $txt_enabled = "<td><a href=\"{$ilink}\"><font color=\"red\">" . _("Disabled") . "</font></a></td>"; } require_once 'classes/Security.inc'; if (valid_hex32($user)) { $user = Session::get_entity_name($dbconn, $user); } echo "<tr bgcolor=\"" . $colors[$color % 2] . "\">"; if ($profile == "") { $profile = _("Default"); } echo "<td><span class=\"tip\" title=\"<b>" . _("Owner") . ":</b> {$user}<br><b>" . _("Server") . ":</b> {$servers}<br /><b>" . _("Scheduled Job ID") . ":</b> {$schedid}<br><b>" . _("Profile") . ":</b> {$profile}<br><b>" . _("Targets") . ":</b><br>" . $targets . "\">{$schedname}</span></td>"; ?> <td><?php echo $stt; ?> </td> <td><?php echo $time; ?> </td> <td><?php echo $nextscan; ?> </td> <?php echo <<<EOT {$txt_enabled} <td style="padding-top:2px;"><a href="{$ilink}"><img alt="{$itext}" src="{$isrc}" border=0 title="{$itext}"></a> EOT; if (Session::menu_perms("environment-menu", "EventsVulnerabilitiesScan")) { echo "<a href='" . Menu::get_menu_url(AV_MAIN_PATH . '/vulnmeter/sched.php?disp=edit_sched&sched_id=' . $schedid, 'environment', 'vulnerabilities', 'scan_jobs') . "'><img src='images/pencil.png' title='" . _("Edit Scheduled") . "'></a> "; echo "<a href='manage_jobs.php?disp=delete&schedid={$schedid}' onclick='return confirmDelete();'><img src='images/delete.gif' title='" . gettext("Delete Scheduled") . "'></a>"; } echo "</td>"; echo <<<EOT </tr> EOT; $result->MoveNext(); $color++; } echo <<<EOT </table> EOT; ?> <br /> <?php $out = all_jobs(($page - 1) * $pagesize, $pagesize); ?> <table width="100%" align="center" class="transparent" cellspacing="0" cellpadding="0"> <tr> <td class="nobborder" valign="top" style="padding-top:5px;"> <div class="fright"> <?php if ($out != 0 && $num_pages != 1) { $page_url = "manage_jobs.php"; if ($page == 1 && $page == $num_pages) { echo '<a href="" class="link_paginate_disabled" onclick="return false">< ' . _("PREVIOUS") . '</a>'; echo '<a class="lmargin link_paginate_disabled" href="" onclick="return false">' . _("NEXT") . ' ></a>'; } elseif ($page == 1) { echo '<a href="" class="link_paginate_disabled" onclick="return false">< ' . _("PREVIOUS") . '</a>'; echo '<a class="lmargin" href="' . $page_url . '?page=' . ($page + 1) . '">' . _("NEXT") . ' ></a> '; } elseif ($page == $num_pages) { echo '<a href="' . $page_url . '?page=' . ($page - 1) . '">< ' . _("PREVIOUS") . '</a>'; echo '<a class="lmargin link_paginate_disabled" href="" onclick="return false">' . _("NEXT") . ' ></a>'; } else { echo '<a href="' . $page_url . '?page=' . ($page - 1) . '">< ' . _("PREVIOUS") . '</a><a class="lmargin" href="' . $page_url . '?page=' . ($page + 1) . '">' . _("NEXT") . ' ></a>'; } } ?> </div> </td> </tr> </table> <?php }
<th> <strong><?php echo _('Scanner IP'); ?> </strong> </th> <th> <strong><?php echo _('Scanner connection'); ?> </strong> </th> </tr> <?php foreach ($ctest as $k => $v) { $sensor_ip = Av_sensor::get_ip_by_id($conn, $k); if ($v == '') { echo '<tr><td class="nobborder" style="text-align:center;padding:0px 10px;">' . $sensor_ip . '</td>'; echo '<td class="nobborder" style="text-align:center;padding:0px 10px;"><img class="vcheck_' . md5($sensor_ip) . '" src="../pixmaps/tick.png" border="0" /></td></tr>'; } else { $nf_type = "nf_error"; echo "<tr><td class='nobborder sstatus' >" . $sensor_ip . "</td>"; echo "<td width='300' class='nobborder sstatus' >"; if (preg_match("/Failed to acquire socket/", $v)) { $v = 'Unable to connect to vulnerability scanner. If the system has been updated recently the vulnerability scanner is rebuilding its database. Please wait a few minutes.'; $nf_type = 'nf_warning'; } $config_nt = array('content' => _($v), 'options' => array('type' => $nf_type, 'cancel_button' => false), 'style' => 'width: 80%; margin: 10px auto; text-align: left;'); $nt = new Notification('nt_2', $config_nt); $nt->show(); echo '</td></tr>';
function import_assets_from_csv($filename, $iic, $ctx, $import_type) { //Process status $summary = array('general' => array('status' => '', 'data' => '', 'statistics' => array('total' => 0, 'warnings' => 0, 'errors' => 0, 'saved' => 0)), 'by_nets' => array()); $db = new ossim_db(); $conn = $db->connect(); $str_data = file_get_contents($filename); if ($str_data === FALSE) { $summary['general']['status'] = 'error'; $summary['general']['data']['errors'] = _('Failed to read data from CSV file'); $summary['general']['statistics']['errors'] = 1; return $summary; } $array_data = preg_split('/\\n|\\r/', $str_data); foreach ($array_data as $k => $v) { if (trim($v) != '') { $data[] = explode('";"', trim($v)); } } set_time_limit(360); /********************************************************************************************************************* * From net section: * - Version 4.x.x: "Netname"*;"CIDRs(CIDR1,CIDR2,...)"*;"Description";"Asset value"*;"Net ID" * - Version 3.x.x: "Netname"*;"CIDRs(CIDR1,CIDR2,...)"*;"Description";"Asset value";"Sensors(Sensor1,Sensor2,...)"* * * From welcome wizard: * - Version 4.x.x: "Netname"*;"CIDRs(CIDR1,CIDR2,...)"*;"Description" * *********************************************************************************************************************/ //Check file size if (count($data) <= 0 || count($data) == 1 && preg_match('/Netname/', $data[0][0])) { $summary['general']['status'] = 'error'; $summary['general']['data'] = _('CSV file is empty'); $summary['general']['statistics']['errors'] = 1; return $summary; } //Check importation type and headers $csv_headers = array(); if ($import_type == 'networks') { if (preg_match('/Net ID/', $data[0][4]) || preg_match('/Sensors/', $data[0][4])) { $csv_headers = array_shift($data); } else { $summary['general']['status'] = 'error'; $summary['general']['data'] = _('Headers not found'); $summary['general']['statistics']['errors'] = 1; return $summary; } } //Setting total nets to import $summary['general']['statistics']['total'] = count($data); //Allowed sensors $filters = array('where' => "acl_sensors.entity_id = UNHEX('{$ctx}')"); $a_sensors = Av_sensor::get_basic_list($conn, $filters); $sensor_ids = array_keys($a_sensors); if (count($sensor_ids) == 0) { $summary['general']['status'] = 'error'; $s_error_msg = Session::is_pro() ? _('There is no sensor for this context') : _('There is no sensor for this net'); $summary['general']['data'] = $s_error_msg; $summary['general']['statistics']['errors'] = 1; return $summary; } Util::disable_perm_triggers($conn, TRUE); foreach ($data as $k => $v) { //Clean previous errors ossim_clean_error(); $num_line = $k + 1; //Set default status $summary['by_nets'][$num_line]['status'] = 'error'; //Check file format $cnd_1 = $import_type == 'networks' && count($v) < 5; $cnd_2 = $import_type == 'welcome_wizard_nets' && count($v) < 3; if ($cnd_1 || $cnd_2) { $summary['by_nets'][$num_line]['errors']['Format'] = _('Number of fields is incorrect'); $summary['general']['statistics']['errors']++; continue; } //Clean values $param = array(); foreach ($v as $field) { $parameter = trim($field); $pattern = '/^\\"|\\"$|^\'|\'$/'; $param[] = preg_replace($pattern, '', $parameter); } //Values $is_in_db = FALSE; $net_id = ''; $name = $param[0]; $cidrs = preg_replace("/[\n\r\t]+/", '', $param[1]); $descr = $param[2]; $asset_value = $param[3] == '' ? 2 : intval($param[3]); $sensors = $sensor_ids; //Permissions $can_i_create_assets = Session::can_i_create_assets(); $can_i_modify_ips = TRUE; //CIDRs if (!ossim_valid($cidrs, OSS_IP_CIDR, 'illegal:' . _('CIDR'))) { $summary['by_nets'][$num_line]['errors']['CIDRs'] = ossim_get_error_clean(); $summary['general']['statistics']['errors']++; continue; } //Check Net ID �Is there a net registered in the System? $net_ids = Asset_net::get_id_by_ips($conn, $cidrs, $ctx); $net_id = key($net_ids); if (!empty($net_id)) { $is_in_db = TRUE; } else { $net_id = Util::uuid(); } // Special case: Forced Net ID [Version 4.x.x] if ($import_type == 'networks' && preg_match('/Net ID/', $csv_headers[4])) { $csv_net_id = strtoupper($param[4]); if ($is_in_db == TRUE && $csv_net_id != $net_id) { $id_error_msg = _('Net is already registered in the System with another Net ID'); $summary['by_nets'][$num_line]['errors']['Net'] = $id_error_msg; $summary['general']['statistics']['errors']++; continue; } } //Netname if (!empty($iic)) { $name = clean_iic($name); } if (!ossim_valid($name, OSS_NOECHARS, OSS_NET_NAME, 'illegal:' . _('Netname'))) { ossim_clean_error(); $name = clean_iic($name); $name = clean_echars($name); $warning_msg = _('Netname has invalid characters') . '<br/>' . _('Netname will be replaced by') . ": <strong>{$name}</strong>"; $summary['by_nets'][$num_line]['warnings']['Netname'] = $warning_msg; $summary['by_nets'][$num_line]['status'] = 'warning'; $summary['general']['statistics']['warnings']++; if (!ossim_valid($name, OSS_NOECHARS, OSS_NET_NAME, 'illegal:' . _('Netname'))) { unset($summary['by_nets'][$num_line]['warnings']); $summary['general']['statistics']['warnings']--; $summary['by_nets'][$num_line]['status'] = 'error'; $summary['by_nets'][$num_line]['errors']['Netname'] = ossim_get_error_clean(); $summary['general']['statistics']['errors']++; continue; } } //Description if (!ossim_valid($descr, OSS_NULLABLE, OSS_AT, OSS_TEXT, '\\t', 'illegal:' . _('Description'))) { $summary['by_nets'][$num_line]['errors']['Description'] = ossim_get_error_clean(); $summary['general']['statistics']['errors']++; continue; } else { if (mb_detect_encoding($descr . ' ', 'UTF-8,ISO-8859-1') == 'UTF-8') { $descr = mb_convert_encoding($descr, 'HTML-ENTITIES', 'UTF-8'); } } //Sensor if ($is_in_db == FALSE) { //Only update net sensors with unregistered nets if ($import_type == 'networks' && preg_match('/Sensors/', $csv_headers[4])) { //Special case: Sensors in CSV file //[Version 3.x.x] $sensors = array(); $_sensors = explode(',', $param[4]); if (is_array($_sensors) && !empty($_sensors)) { $_sensors = array_flip($_sensors); if (is_array($a_sensors) && !empty($a_sensors)) { foreach ($a_sensors as $s_id => $s_data) { if (array_key_exists($s_data['ip'], $_sensors)) { $sensors[] = $s_id; } } } } if (!is_array($sensors) || empty($sensors)) { $s_error_msg = Session::is_pro() ? _('There is no sensors for this context') : _('There is no sensors for this IP'); $summary['by_nets'][$num_line]['errors']['Sensors'] = $s_error_msg; $summary['general']['statistics']['errors']++; continue; } } } /*********************************************************** ********** Only for importation from net section ********** ***********************************************************/ if ($import_type == 'networks') { //Asset if (!ossim_valid($asset_value, OSS_DIGIT, 'illegal:' . _('Asset value'))) { $summary['by_nets'][$num_line]['errors']['Asset value'] = ossim_get_error_clean(); $summary['general']['statistics']['errors']++; continue; } } //Insert/Update net in database if (count($summary['by_nets'][$num_line]['errors']) == 0) { try { $net = new Asset_net($net_id); if ($is_in_db == TRUE) { $net->load_from_db($conn, $net_id); $can_i_modify_ips = Asset_net::can_i_modify_ips($conn, $net_id); } else { if ($can_i_create_assets == FALSE) { $n_error_msg = _('Net') . ' ' . $name . ' ' . _("not allowed. You don't have permissions to import this net"); $summary['by_nets'][$num_line]['errors']['Net'] = $n_error_msg; $summary['general']['statistics']['errors']++; continue; } } //Check CIDRs if ($can_i_modify_ips == TRUE) { $aux_cidr = explode(',', $cidrs); foreach ($aux_cidr as $cidr) { $net_ids = Asset_net::get_id_by_ips($conn, $cidr, $ctx); unset($net_ids[$net_id]); if (!empty($net_ids)) { $c_error_msg = _('CIDR') . ' ' . $cidrs . ' ' . _("not allowed. CIDR {$cidr} already exists for this entity"); $summary['by_nets'][$num_line]['errors']['CIDRs'] = $c_error_msg; $summary['general']['statistics']['errors']++; break; } else { if (Session::get_net_where() != '') { if (!Asset_net::is_cidr_in_my_nets($conn, $cidr, $ctx)) { $c_error_msg = _('CIDR') . ' ' . $cidrs . ' ' . _("not allowed. CIDR {$cidr} out of range. Check your asset filter"); $summary['by_nets'][$num_line]['errors']['CIDRs'] = $c_error_msg; $summary['general']['statistics']['errors']++; break; } } } } } else { $c_error_msg = _('Net') . ' ' . $name . ': ' . _("CIDRs not allowed. CIDRs wasn't be modified"); $summary['by_nets'][$num_line]['status'] = 'warning'; $summary['general']['warnings']['errors']++; $summary['by_nets'][$num_line]['warnings']['CIDRs'] = $c_error_msg; } //Setting new values if (count($summary['by_nets'][$num_line]['errors']) == 0) { $net->set_ctx($ctx); $net->set_name($name); $net->set_descr($descr); if ($is_in_db == FALSE) { if ($can_i_modify_ips == TRUE) { $net->set_ips($cidrs); } $net->set_sensors($sensors); } $net->set_asset_value($asset_value); $net->save_in_db($conn, FALSE); $summary['general']['statistics']['saved']++; $summary['by_nets'][$num_line]['data'] = $is_in_db == TRUE ? _('Net updated') : _('New new inserted'); //Keep warnings if ($summary['by_nets'][$num_line]['status'] != 'warning') { $summary['by_nets'][$num_line]['status'] = 'success'; } } } catch (Exception $e) { $summary['by_nets'][$num_line]['errors']['Database error'] = $e->getMessage(); $summary['general']['statistics']['errors']++; } } } if ($summary['general']['statistics']['saved'] > 0) { if ($summary['general']['statistics']['errors'] == 0) { $summary['general']['status'] = 'success'; $summary['general']['data'] = _('All nets have been imported successfully'); } else { $summary['general']['status'] = 'warning'; $summary['general']['data'] = _('Some nets could not be imported successfully'); } Util::disable_perm_triggers($conn, FALSE); try { Asset_net::report_changes($conn, 'nets'); } catch (Exception $e) { error_log($e->getMessage(), 0); } } else { $summary['general']['statistics']['errors'] = count($data); //CSV file is not empty, but all lines are wrong if (empty($summary['general']['status'])) { $summary['general']['status'] = 'error'; $summary['general']['data'] = _('Nets could not be imported'); } } $db->close(); return $summary; }
function import_assets_from_csv($filename, $iic, $ctx, $import_type) { //Process status $summary = array('general' => array('status' => '', 'data' => '', 'statistics' => array('total' => 0, 'warnings' => 0, 'errors' => 0, 'saved' => 0)), 'by_hosts' => array()); $db = new ossim_db(); $conn = $db->connect(); $str_data = file_get_contents($filename); if ($str_data === FALSE) { $summary['general']['status'] = 'error'; $summary['general']['data']['errors'] = _('Failed to read data from CSV file'); $summary['general']['statistics']['errors'] = 1; return $summary; } $array_data = preg_split('/\\n|\\r/', $str_data); foreach ($array_data as $k => $v) { if (trim($v) != '') { $data[] = explode('";"', trim($v)); } } /************************************************************************************************************************************* * From asset section: * - Version 4.x.x or higher: "IP (IP1,IP2,...)";"Hostname";"FQDNs(FQDN1,FQDN2,...)";"Description";"Asset value";"Operating System"; * "Latitude";"Longitude";"Host ID";"External Asset";"Device Types(Type1,Type2,...)" * * - Version 3.x.x: "IP"*;"Hostname";"FQDNs(FQDN1,FQDN2,...)";"Description";"Asset value";"Sensors(Sensor1,Sensor2,...)"; * "Operating System";"Latitude";"Longitude" * * From welcome wizard: * - Version 4.x.x or higher: "IP (IP1,IP2,...)";"Hostname";"Description";"Operating System";"Device Type(Type1,Type2,...)" * **************************************************************************************************************************************/ //Check file size if (count($data) <= 0 || count($data) == 1 && preg_match('/IP/', $data[0][0])) { $summary['general']['status'] = 'error'; $summary['general']['data'] = _('CSV file is empty'); $summary['general']['statistics']['errors'] = 1; return $summary; } //Check importation type and headers $csv_headers = array(); if ($import_type == 'hosts') { if (preg_match('/Operating System/', $data[0][5]) || preg_match('/Sensors/', $data[0][5])) { $csv_headers = array_shift($data); } else { $summary['general']['status'] = 'error'; $summary['general']['data'] = _('Headers not found'); $summary['general']['statistics']['errors'] = 1; return $summary; } } //Setting total hosts to import $summary['general']['statistics']['total'] = count($data); //Getting all Operating System $all_os = Properties::get_all_os(); //Getting devices types $all_devices = array(); $aux_all_devices = Devices::get_all_for_filter($conn); $_all_devices = $aux_all_devices[0]; foreach ($_all_devices as $d_data) { $d_key = $d_data['type_name']; $d_key .= $d_data['subtype_id'] != 0 ? ':' . $d_data['subtype_name'] : ''; $all_devices[$d_key] = $d_data['type_id'] . ':' . $d_data['subtype_id']; } //Allowed sensors $filters = array('where' => "acl_sensors.entity_id = UNHEX('{$ctx}')"); $a_sensors = Av_sensor::get_basic_list($conn, $filters); $sensor_ids = array_keys($a_sensors); if (count($sensor_ids) == 0) { $summary['general']['status'] = 'error'; $s_error_msg = Session::is_pro() ? _('There is no sensors for this context') : _('There is no sensors for this IP address'); $summary['general']['data'] = $s_error_msg; $summary['general']['statistics']['errors'] = 1; return $summary; } Util::disable_perm_triggers($conn, TRUE); foreach ($data as $k => $v) { //Clean previous errors ossim_clean_error(); $num_line = $k + 1; //Set default status $summary['by_hosts'][$num_line]['status'] = 'error'; //Check file format $cnd_1 = $import_type == 'hosts' && count($v) < 9; $cnd_2 = $import_type == 'welcome_wizard_hosts' && count($v) < 5; if ($cnd_1 || $cnd_2) { $summary['by_hosts'][$num_line]['errors']['Format'] = _('Number of fields is incorrect'); $summary['general']['statistics']['errors']++; continue; } //Clean values $param = array(); $index = 0; $max_index = count($v) - 1; foreach ($v as $field) { $parameter = trim($field); if ($index == 0) { $pattern = '/^\\"|^\'/'; $param[] = preg_replace($pattern, '', $parameter); } else { if ($index == $max_index) { $pattern = '/\\"$|\'$/'; $param[] = preg_replace($pattern, '', $parameter); } else { $param[] = $parameter; } } $index++; } //Values $is_in_db = FALSE; $host_id = ''; $sensors = $sensor_ids; $csv_ips = preg_replace("/\\s+/", '', $param[0]); if (!empty($param[1])) { $name = $param[1]; } else { $aux_name = str_replace(' ', '', $csv_ips); $aux_name = str_replace(',', '-', $aux_name); $name = Asset_host::get_autodetected_name($aux_name); } if ($import_type == 'hosts') { $fqdns = $param[2]; $descr = $param[3]; $asset_value = !empty($param[4]) ? $param[4] : 2; if (preg_match('/Host ID/', $csv_headers[8])) { $os = $param[5]; $latitude = floatval($param[6]); $longitude = floatval($param[7]); $external = empty($param[9]) ? 0 : intval($param[9]); $csv_devices = $param[10]; } else { $os = $param[6]; $latitude = floatval($param[7]); $longitude = floatval($param[8]); $external = 0; $csv_devices = ''; } } else { $descr = $param[2]; $os = $param[3]; $latitude = 0; $longitude = 0; $asset_value = 2; $external = 0; $csv_devices = $param[4]; } //Permissions $can_i_create_assets = Session::can_i_create_assets(); $can_i_modify_ips = TRUE; //IPs if (!ossim_valid($csv_ips, OSS_IP_ADDR, 'illegal:' . _('IP'))) { $summary['by_hosts'][$num_line]['errors']['IP'] = ossim_get_error_clean(); $summary['general']['statistics']['errors']++; continue; } //Check Host ID: Is there a host registered in the System? $host_ids = Asset_host::get_id_by_ips($conn, $csv_ips, $ctx); $host_id = key($host_ids); if (!empty($host_id)) { $is_in_db = TRUE; } else { $host_id = Util::uuid(); } // Special case: Forced Host ID [Version 4.x.x or higher] if ($import_type == 'hosts' && preg_match('/Host ID/', $csv_headers[8]) && valid_hex32($param[8])) { $csv_hosts_id = strtoupper($param[8]); if ($is_in_db == TRUE && $csv_hosts_id != $host_id) { $id_error_msg = _('Host is already registered in the System with another Host ID'); $summary['by_hosts'][$num_line]['errors']['Host'] = $id_error_msg; $summary['general']['statistics']['errors']++; continue; } else { if ($is_in_db == FALSE) { $host_id = $csv_hosts_id; // Save host ID to insert it } } } //Hostname if (!empty($iic)) { $name = clean_iic($name); } if (!ossim_valid($name, OSS_HOST_NAME, 'illegal:' . _('Hostname'))) { ossim_clean_error(); $name = Asset_host::create_valid_name($name); $warning_msg = _('Hostname does not match with RFC 1123 specifications') . '<br/>' . _('Hostname will be replaced by') . ": <strong>{$name}</strong>"; $summary['by_hosts'][$num_line]['warnings']['Hostname'] = $warning_msg; $summary['by_hosts'][$num_line]['status'] = 'warning'; $summary['general']['statistics']['warnings']++; if (!ossim_valid($name, OSS_HOST_NAME, 'illegal:' . _('Hostname'))) { unset($summary['by_hosts'][$num_line]['warnings']); $summary['general']['statistics']['warnings']--; $summary['by_hosts'][$num_line]['status'] = 'error'; $summary['by_hosts'][$num_line]['errors']['Hostname'] = ossim_get_error_clean(); $summary['general']['statistics']['errors']++; continue; } } //Description if (!ossim_valid($descr, OSS_NULLABLE, OSS_ALL, 'illegal:' . _('Description'))) { $summary['by_hosts'][$num_line]['errors']['Description'] = ossim_get_error_clean(); $summary['general']['statistics']['errors']++; continue; } else { if (mb_detect_encoding($descr . ' ', 'UTF-8,ISO-8859-1') == 'UTF-8') { $descr = mb_convert_encoding($descr, 'HTML-ENTITIES', 'UTF-8'); } } //Operating System $os_pattern = '/' . preg_quote(implode('|', $all_os), '/') . '/'; $os_pattern = str_replace('\\|', '|', $os_pattern); if (!empty($os) && !preg_match($os_pattern, $os)) { $warning_msg = _('Operating System unknown'); $summary['by_hosts'][$num_line]['warnings']['Operating System'] = $warning_msg; $summary['by_hosts'][$num_line]['status'] = 'warning'; $summary['general']['statistics']['warnings']++; $os = 'Unknown'; } //Devices Types $devices = array(); $unallowed_devices = array(); if (!empty($csv_devices)) { $aux_devices = explode(',', $csv_devices); if (is_array($aux_devices) && !empty($aux_devices)) { foreach ($aux_devices as $d_name) { $d_name = trim($d_name); if (array_key_exists($d_name, $all_devices)) { $devices[] = $all_devices[$d_name]; } else { $unallowed_devices[] = $d_name; } } if (!empty($unallowed_devices)) { $warning_msg = _('Some devices could not be added (Type and/or subtype unknown)') . ': ' . implode(',', $unallowed_devices); $summary['by_hosts'][$num_line]['warnings']['Devices'] = $warning_msg; $summary['by_hosts'][$num_line]['status'] = 'warning'; $summary['general']['statistics']['warnings']++; } } } //Sensor if ($is_in_db == FALSE) { //Only update host sensors with unregistered hosts if ($import_type == 'hosts' && preg_match('/Sensors/', $csv_headers[5])) { //Special case: Sensors in CSV file //[Version 3.x.x] $sensors = array(); $_sensors = explode(',', $param[4]); if (is_array($_sensors) && !empty($_sensors)) { $_sensors = array_flip($_sensors); if (is_array($a_sensors) && !empty($a_sensors)) { foreach ($a_sensors as $s_id => $s_data) { if (array_key_exists($s_data['ip'], $_sensors)) { $sensors[] = $s_id; } } } } if (!is_array($sensors) || empty($sensors)) { $s_error_msg = Session::is_pro() ? _('There is no sensors for this context') : _('There is no sensors for this IP address'); $summary['by_hosts'][$num_line]['errors']['Sensors'] = $s_error_msg; $summary['general']['statistics']['errors']++; continue; } } } /*********************************************************** ********** Only for importation from host section ********** ***********************************************************/ if ($import_type == 'hosts') { //FQDNs if (!ossim_valid($fqdns, OSS_FQDNS, OSS_NULLABLE, 'illegal:' . _('FQDN/Aliases'))) { $summary['by_hosts'][$num_line]['errors']['FQDN/Aliases'] = ossim_get_error_clean(); $summary['general']['statistics']['errors']++; continue; } //Asset if (!ossim_valid($asset_value, OSS_DIGIT, 'illegal:' . _('Asset value'))) { $summary['by_hosts'][$num_line]['errors']['Asset value'] = ossim_get_error_clean(); $summary['general']['statistics']['errors']++; continue; } //Latitude if (!empty($latitude)) { if (!ossim_valid(trim($latitude), OSS_NULLABLE, OSS_DIGIT, OSS_DOT, '\\-', 'illegal:' . _('Latitude'))) { $summary['by_hosts'][$num_line]['errors']['Latitude'] = ossim_get_error_clean(); $summary['general']['statistics']['errors']++; continue; } } //Longitude if (!empty($longitude)) { if (!ossim_valid(trim($longitude), OSS_NULLABLE, OSS_DIGIT, OSS_DOT, '\\-', 'illegal:' . _('Longitude'))) { $summary['by_hosts'][$num_line]['errors']['Longitude'] = ossim_get_error_clean(); $summary['general']['statistics']['errors']++; continue; } } } //Insert/Update host in database if (count($summary['by_hosts'][$num_line]['errors']) == 0) { try { $host = new Asset_host($conn, $host_id); if ($is_in_db == TRUE) { $host->load_from_db($conn, $host_id); $can_i_modify_ips = Asset_host::can_i_modify_ips($conn, $host_id); } else { if ($can_i_create_assets == FALSE) { $n_error_msg = _('Host') . ' ' . $name . ' ' . _("not allowed. You don't have permissions to import this host"); $summary['by_hosts'][$num_line]['errors']['Net'] = $n_error_msg; $summary['general']['statistics']['errors']++; continue; } } //Check IPs if ($can_i_modify_ips == TRUE) { $aux_ips = explode(',', $csv_ips); foreach ($aux_ips as $ip) { $host_ids = Asset_host::get_id_by_ips($conn, $ip, $ctx); unset($host_ids[$host_id]); if (!empty($host_ids)) { $c_error_msg = _('IP') . ' ' . $csv_ips . ' ' . _("not allowed. IP {$ip} already exists for this entity"); $summary['by_hosts'][$num_line]['errors']['IP'] = $c_error_msg; $summary['general']['statistics']['errors']++; break; } else { $cnd_1 = Session::get_net_where() != '' && !Session::only_ff_net(); $cnd_2 = Asset_host::is_ip_in_cache_cidr($conn, $ip, $ctx, TRUE); if ($cnd_1 && !$cnd_2) { $c_error_msg = sprintf(_("Error! The IP %s is not allowed. Please check with your account admin for more information"), $csv_ips); $summary['by_hosts'][$num_line]['errors']['IP'] = $c_error_msg; $summary['general']['statistics']['errors']++; break; } } } } else { $c_error_msg = _('Host') . ' ' . $name . ': ' . _("IP address not allowed. IP address cannot be modified"); $summary['by_hosts'][$num_line]['status'] = 'warning'; $summary['general']['warnings']['errors']++; $summary['by_hosts'][$num_line]['warnings']['IP'] = $c_error_msg; } //Setting new values if (count($summary['by_hosts'][$num_line]['errors']) == 0) { $host->set_ctx($ctx); $host->set_name($name); $host->set_descr($descr); if ($is_in_db == FALSE) { if ($can_i_modify_ips == TRUE) { if (is_array($aux_ips) && !empty($aux_ips)) { $ips = array(); foreach ($aux_ips as $ip) { $ips[$ip] = array('ip' => $ip, 'mac' => NULL); } $host->set_ips($ips); } } $host->set_sensors($sensors); } if (!empty($fqdns)) { $host->set_fqdns($fqdns); } $host->set_external($external); $host->set_location($latitude, $longitude); $host->set_asset_value($asset_value); $host->set_devices($devices); $host->save_in_db($conn, FALSE); //Save Operating System if (!empty($os)) { Asset_host_properties::save_property_in_db($conn, $host_id, 3, $os, 2); } $summary['general']['statistics']['saved']++; $summary['by_hosts'][$num_line]['data'] = $is_in_db == TRUE ? _('Asset updated') : _('New asset inserted'); //Keep warnings if ($summary['by_hosts'][$num_line]['status'] != 'warning') { $summary['by_hosts'][$num_line]['status'] = 'success'; } } } catch (Exception $e) { $summary['by_hosts'][$num_line]['errors']['Database error'] = $e->getMessage(); $summary['general']['statistics']['errors']++; } } } if ($summary['general']['statistics']['saved'] > 0) { if ($summary['general']['statistics']['errors'] == 0) { $summary['general']['status'] = 'success'; $summary['general']['data'] = _('All assets have been successfully imported '); } else { $summary['general']['status'] = 'warning'; $summary['general']['data'] = _('Some assets cannot be imported'); } Util::disable_perm_triggers($conn, FALSE); try { Asset_host::report_changes($conn, 'hosts'); } catch (Exception $e) { Av_exception::write_log(Av_exception::USER_ERROR, $e->getMessage()); } } else { $summary['general']['statistics']['errors'] = count($data); //CSV file is not empty, but all lines are wrong if (empty($summary['general']['status'])) { $summary['general']['status'] = 'error'; $summary['general']['data'] = _('Assets cannot be imported'); } } @$conn->Execute("REPLACE INTO alienvault.host_net_reference SELECT host.id,net_id FROM alienvault.host, alienvault.host_ip, alienvault.net_cidrs WHERE host.id = host_ip.host_id AND host_ip.ip >= net_cidrs.begin AND host_ip.ip <= net_cidrs.end"); $db->close(); return $summary; }