function jgraph_attack_graph($target, $hosts, $type = "Bar3D", $width = 450, $height = 250) { global $security_report; global $datapath; global $base_dir; if (!strcmp($target, "ip_src")) { if (!($fp = @fopen("{$base_dir}/tmp/ip_src.xml", "w"))) { print "Error: <b>{$datapath}</b> directory must exists and be <br/>\n"; print "writable by the user the webserver runs as"; exit; } } else { if (!($fp = @fopen("{$base_dir}/tmp/ip_dst.xml", "w"))) { print "Error: <b>{$datapath}</b> directory must exists and be <br/>\n"; print "writable by the user the webserver runs as"; exit; } } fwrite($fp, "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n" . "<CategoryDataset>\n <Series name=\"{$target}\">\n"); $list = $security_report->AttackHost($target, $hosts); foreach ($list as $l) { $ip = $l[0]; $occurrences = $l[1]; $hostname = Host::ip2hostname($security_report->ossim_conn, $ip); $os_pixmap = Host_os::get_os_pixmap($security_report->ossim_conn, $ip); if (strlen($hostname) > MAX_HOSTNAME_LEN) { $hostname = $ip; } fwrite($fp, " <Item>\n <Key>{$hostname}</Key>\n <Value>{$occurrences}</Value>\n </Item>\n"); } fwrite($fp, " </Series>\n</CategoryDataset>\n\n"); fclose($fp); echo "\n<applet archive=\"../java/jcommon-0.9.5.jar,../java/jfreechart-0.9.20.jar,../java/jossim-graph.jar\" code=\"net.ossim.graph.applet.OssimGraphApplet\" width=\"{$width}\" height=\"{$height}\" alt=\"You should see an applet, not this text.\">\n <param name=\"graphType\" value=\"{$type}\">"; if (!strcmp($target, "ip_src")) { echo " <param name=\"xmlDataUrl\" value=\"{$datapath}/ip_src.xml\">"; } else { echo " <param name=\"xmlDataUrl\" value=\"{$datapath}/ip_dst.xml\">"; } echo "\n <param name=\"alpha\" value=\"0.42f\">\n <param name=\"legend\" value=\"false\">\n <param name=\"tooltips\" value=\"false\">\n <param name=\"orientation\" value=\"HORIZONTAL\">\n</applet>\n"; }
function ip_max_occurrences($target, $date_from, $date_to) { global $NUM_HOSTS; global $security_report; global $report_type; /* ossim framework conf */ $conf = $GLOBALS["CONF"]; $acid_link = $conf->get_conf("acid_link"); $ossim_link = $conf->get_conf("ossim_link"); $acid_prefix = $conf->get_conf("event_viewer"); $report_graph_type = $conf->get_conf("report_graph_type"); if (!strcmp($target, "ip_src")) { if ($report_type == "alarm") { $target = "src_ip"; } $title = _("Attacker hosts"); } elseif (!strcmp($target, "ip_dst")) { if ($report_type == "alarm") { $target = "dst_ip"; } $title = _("Attacked hosts"); } $list = $security_report->AttackHost($security_report->ossim_conn, $target, $NUM_HOSTS, $report_type, $date_from, $date_to); if (count($list) == 0) { echo "<table align='center' class='nobborder'><tr><td class='nobborder'>" . _("No data available") . "</td></tr></table></body></html>"; exit(0); } ?> <table align="center" width="750" cellpadding="0" cellspacing="0" class="noborder"> <tr><td class="headerpr"><?php echo _("Top"); echo " {$NUM_HOSTS} {$title}"; ?> </td></tr> </table> <table align="center" width="750"> <tr><td style="padding-top:15px;" valign="top" class="nobborder"> <table align="center"> <tr> <th> <?php echo gettext("Host"); ?> </th> <th> <?php echo gettext("Occurrences"); ?> </th> </tr> <?php foreach ($list as $l) { $ip = $l[0]; $occurrences = number_format($l[1], 0, ",", "."); $hostname = Host::ip2hostname($security_report->ossim_conn, $ip); $os_pixmap = Host_os::get_os_pixmap($security_report->ossim_conn, $ip); if ($report_type == "alarm") { if ($target == "src_ip") { $link = "{$ossim_link}/control_panel/alarm_console.php?src_ip=" . $ip; } elseif ($target == "dst_ip") { $link = "{$ossim_link}/control_panel/alarm_console.php?dst_ip=" . $ip; } else { $link = "{$ossim_link}/control_panel/alarm_console.php?src_ip=" . $ip . "&dst_ip=" . $ip; } } else { $link = "{$acid_link}/" . $acid_prefix . "_stat_alerts.php?&" . "num_result_rows=-1&" . "submit=Query+DB&" . "current_view=-1&" . "ip_addr[0][1]={$target}&" . "ip_addr[0][2]==&" . "ip_addr[0][3]={$ip}&" . "ip_addr_cnt=1&" . "sort_order=time_d"; } ?> <tr> <td><div id="<?php echo $ip; ?> ;<?php echo $hostname; ?> " class="HostReportMenu" style="display:inline"> <a title="<?php echo $ip; ?> " href="<?php echo $link; ?> "><?php echo $hostname; ?> </a></div> <?php echo $os_pixmap; ?> </td> <td><?php echo $occurrences; ?> </td> </tr> <?php } ?> </table> </td> <td valign="top" class="nobborder"> <?php if ($report_graph_type == "applets") { jgraph_attack_graph($target, $NUM_HOSTS); } else { ?> <img src="graphs/attack_graph.php?target=<?php echo $target; ?> &hosts=<?php echo $NUM_HOSTS; ?> &type=<?php echo $report_type; ?> &date_from=<?php echo urlencode($date_from); ?> &date_to=<?php echo urlencode($date_to); ?> " alt="attack_graph"/> <?php } ?> </td> </tr> </table> <?php }
echo "ANY"; } else { echo $port->get_port() . "<br/>"; } } } ?> </td> <!-- end dest ports --> <!-- sensors --> <td> <?php if (is_array($sensor_list = $response->get_sensors($conn))) { foreach ($sensor_list as $sensor) { echo Host::ip2hostname($conn, $sensor->get_host()) . "<br/>"; } } ?> </td> <!-- end sensors --> <!-- plugins --> <td> <?php if (is_array($plugin_list = $response->get_plugins($conn))) { foreach ($plugin_list as $plugin) { if ($plugin->get_plugin_id() == 0) { echo "ANY"; } else { echo $plugin->get_plugin_id() . "<br/>";
echo $risk_field; ?> <!-- sensor --> <td class="nobborder" style="background-color:<?php echo $bgcolor; ?> ;text-align:center"> <?php foreach ($sensors as $sensor) { ?> <a href="../sensor/sensor_plugins.php?hmenu=Sensors&smenu=Sensors&sensor=<?php echo $sensor; ?> " ><?php echo $no_resolv ? $sensor : Host::ip2hostname($conn, $sensor); ?> </a> <?php } if (!count($sensors)) { echo " "; } ?> </td> <!-- end sensor --> <td class="nobborder" style='background-color:<?php echo $bgcolor; ?> ;text-align: center' width='12%'><?php echo $s_since;
if ($plugin_list = Plugin::get_list($conn, "WHERE id = {$id}")) { $plugin_name = $plugin_list[0]->get_name(); } else { $plugin_name = $id; } echo "<tr>\n"; echo "<td>" . $plugin_name . "</td>\n"; echo "<td>" . $schedule->get_minute() . "</td>\n"; echo "<td>" . $schedule->get_hour() . "</td>\n"; echo "<td>" . $schedule->get_day_month() . "</td>\n"; echo "<td>" . $schedule->get_month() . "</td>\n"; echo "<td>" . $schedule->get_day_week() . "</td>\n"; echo "<td>"; foreach ($sensors as $sensor) { echo "Sensor: "; echo Host::ip2hostname($conn, $sensor->get_sensor_name()) . "<br>"; } foreach ($netgroups as $netgroup) { echo "NetGroups: "; echo $netgroup->get_netgroup_name() . "<br>"; } foreach ($hostgroups as $hostgroup) { echo "HostGroups: "; echo $hostgroup->get_hostgroup_name() . "<br>"; } foreach ($nets as $net) { echo "Nets: "; echo $net->get_net_name() . "<br>"; } foreach ($hosts as $host) { echo "Host: ";
$count = RRD_anomaly::get_list_count($conn); if ($event_list = RRD_anomaly::get_list($conn, $where_clause, "order by\nanomaly_time desc", "0", $count)) { foreach ($event_list as $event) { $ip = $event->get_ip(); ?> <tr> <th> <A HREF="<?php echo Sensor::get_sensor_link($conn, $ip) . "/{$ip}.html"; ?> " target="_blank" title="<?php echo $ip; ?> "> <?php echo Host::ip2hostname($conn, $ip); ?> </A></th><td> <?php echo $event->get_what(); ?> </td> <td> <?php echo $event->get_anomaly_time(); ?> </td> <td> <?php echo round($event->get_count() / $perl_interval); echo _("h."); ?> </td> <td><font color="red"><?php
$acid_link = Util::get_acid_events_link($since, $date, "time_a"); echo "\n <a href=\"{$acid_link}\">\n <font color=\"black\">{$since}</font>\n </a>\n "; ?> </td> <td style="padding-left:3px;padding-right:3px" class="center nobborder"> <?php $acid_link = Util::get_acid_events_link($since, $date, "time_d"); echo "\n <a href=\"{$acid_link}\">\n <font color=\"black\">{$date}</font></a>\n "; ?> </td> <?php $src_link = "../forensics/base_stat_ipaddr.php?clear_allcriteria=1&ip={$src_ip}&hmenu=Forensics&smenu=Forensics"; $dst_link = "../forensics/base_stat_ipaddr.php?clear_allcriteria=1&ip={$dst_ip}&hmenu=Forensics&smenu=Forensics"; $src_name = $no_resolv ? $src_ip : Host::ip2hostname($conn, $src_ip); $dst_name = $no_resolv ? $dst_ip : Host::ip2hostname($conn, $dst_ip); $src_img = Host_os::get_os_pixmap($conn, $src_ip); $dst_img = Host_os::get_os_pixmap($conn, $dst_ip); $src_country = strtolower(geoip_country_code_by_addr($gi, $src_ip)); $src_country_name = geoip_country_name_by_addr($gi, $src_ip); $src_country_img = "<img src=\"/ossim/pixmaps/flags/" . $src_country . ".png\" title=\"" . $src_country_name . "\">"; $dst_country = strtolower(geoip_country_code_by_addr($gi, $dst_ip)); $dst_country_name = geoip_country_name_by_addr($gi, $dst_ip); $dst_country_img = "<img src=\"/ossim/pixmaps/flags/" . $dst_country . ".png\" title=\"" . $dst_country_name . "\">"; ?> <!-- src & dst hosts --> <td nowrap style="text-align:center;padding-left:3px;padding-right:3px" class="nobborder"> <div id="<?php echo $src_ip; ?> ;<?php
$sensor_where = ""; if (Session::allowedSensors() != "") { $user_sensors = explode(",", Session::allowedSensors()); $snortsensors = Event_viewer::GetSensorSids($conn); $sensor_str = ""; foreach ($user_sensors as $user_sensor) { if (count($snortsensors[$user_sensor]) > 0) { $sensor_str .= $sensor_str != "" ? "," . implode(",", $snortsensors[$user_sensor]) : implode(",", $snortsensors[$user_sensor]); } } if ($sensor_str == "") { $sensor_str = "0"; } $sensor_where = " AND sid in (" . $sensor_str . ")"; } $hostname = Host::ip2hostname($conn_ossim, $host); if ($hostname != $host) { $title = $hostname . "({$host})"; } else { $title = $host; } $_SESSION['host_report'] = $host; if (preg_match("/\\/\\d+/", $host)) { $exp = CIDR::expand_CIDR($host, "SHORT", "IP"); $src_s_range = $exp[0]; $src_e_range = end($exp); $ip_where = "ip_src>=INET_ATON('{$src_s_range}') AND ip_src<=INET_ATON('{$src_e_range}') and"; } elseif ($host == 'any') { $ip_where = ""; } else { $ip_where = "ip_src=INET_ATON('{$host}') and";
if ($type == "event" && is_array($SS_Attack) && count($SS_Attack) > 0) { $list = $SS_Attack; } elseif ($type == "alarm" && is_array($SA_Attack) && count($SA_Attack) > 0) { $list = $SA_Attack; } else { $list = $security_report->AttackHost($security_report->ossim_conn, $target, $limit, $type, $date_from, $date_to); } $datax = $datay = array(); $gorientation = "h"; foreach ($list as $key => $l) { if ($key >= 10) { // ponemos un límite de resultados para la gráfica //break; $gorientation = "v"; } $datax[] = Host::ip2hostname($security_report->ossim_conn, $l[0]); $datay[] = $l[1]; } require_once 'ossim_conf.inc'; $conf = $GLOBALS["CONF"]; $jpgraph = $conf->get_conf("jpgraph_path"); require_once "{$jpgraph}/jpgraph.php"; require_once "{$jpgraph}/jpgraph_bar.php"; // Setup the graph. if ($gorientation == "v") { $y = 30 + count($list) * 21; } else { $y = 250; } $graph = new Graph(400, $y, "auto"); $graph->img->SetMargin(60, 20, 30, 100);
} } elseif ($ref == 'Vulnerability') { $vulnerability_list = $incident->get_vulnerabilities($conn); foreach ($vulnerability_list as $vulnerability_data) { // Osvdb starting $nessus_id = $vulnerability_data->get_nessus_id(); $osvdb_id = Osvdb::get_osvdbid_by_nessusid($conn, $nessus_id); if ($osvdb_id) { $nessus_id = "<a href=\"osvdb.php?id=" . $osvdb_id . "\">" . $nessus_id . "</a>"; } // Osvdb end // Add name and kdb link require_once "classes/Host.inc"; require_once "classes/Repository.inc"; $txt_temp = ''; $hostname_temp = Host::ip2hostname($conn, $vulnerability_data->get_ip()); if ($hostname_temp != $vulnerability_data->get_ip()) { $txt_temp .= $hostname_temp . ' - '; } if ($linkedocs = Repository::have_linked_documents($conn, $vulnerability_data->get_ip(), 'host')) { $txt_temp .= "<a href=\"javascript:;\" onclick=\"GB_edit('../repository/repository_list.php?keyname=" . urlencode($vulnerability_data->get_ip()) . "&type=host')\" class='blue' target='main'>[" . $linkedocs . "] " . _('Knowledge DB') . "</a>"; } if ($txt_temp != '') { $txt_temp = ' (' . $txt_temp . ')'; } echo "<strong>IP:</strong> " . $vulnerability_data->get_ip() . $txt_temp . "<br>"; echo "<strong>Port:</strong> " . $vulnerability_data->get_port() . "<br/>"; echo "<strong>Scanner ID:</strong> " . $nessus_id . "<br/>"; echo "<strong>Risk:</strong> " . $vulnerability_data->get_risk() . "<br/>"; echo "<strong>Description:</strong> " . Osvdb::sanity($vulnerability_data->get_description()) . "<br/>"; }
$alarm_name = Util::translate_alarm($conn, $alarm_name, $alarm); $alarm_name_orig = $alarm_name; if ($backlog_id != 0) { $events_link = "events.php?backlog_id={$backlog_id}"; $alarm_name = $events_link; } else { $events_link = $_SERVER["SCRIPT_NAME"]; $alarm_link = Util::get_acid_pair_link($date, $alarm->get_src_ip(), $alarm->get_dst_ip()); $alarm_name = $alarm_link; } $src_ip = $alarm->get_src_ip(); $dst_ip = $alarm->get_dst_ip(); $src_port = Port::port2service($conn, $alarm->get_src_port()); $dst_port = Port::port2service($conn, $alarm->get_dst_port()); $sensors = $alarm->get_sensors(); $risk = $alarm->get_risk(); $src_link = "report/index.php?host={$src_ip}§ion=events"; $dst_link = "report/index.php?host={$dst_ip}§ion=events"; $src_name = Host::ip2hostname($conn, $src_ip); $dst_name = Host::ip2hostname($conn, $dst_ip); $event_id = $alarm->get_event_id(); $status = $alarm->get_status(); echo "\n <entry>\n <title>\n Alarm: {$alarm_name_orig} Risk: {$risk}</title>\n <id>http://" . $_SERVER['SERVER_ADDR'] . "/" . urlencode($alarm_name) . "</id>\n <link href=\"http://" . $_SERVER['SERVER_ADDR'] . "/" . urlencode($alarm_name) . "\"/>\n <summary>{$alarm_name_orig}</summary>\n <content type=\"application/xhtml+xml\" xml:space=\"preserve\">\n <div xmlns=\"http://www.w3.org/1999/xhtml\">\n <strong>Alarm:</strong> {$alarm_name_orig}<br/>\n <strong>Risk:</strong> {$risk}<br/>\n <strong>Date:</strong> {$since}<br/>\n"; foreach ($sensors as $sensor) { echo "\n <strong>Sensor:</strong>\n <a href=\"http://" . $_SERVER['SERVER_ADDR'] . "/ossim/sensor/sensor_plugins.php?sensor={$sensor}\" >{$sensor}</a>\n (" . Host::ip2hostname($conn, $sensor) . ")<br/>\n "; } echo "\n <strong>Source IP:</strong>\n <a href=\"http://" . $_SERVER['SERVER_ADDR'] . "/ossim/" . urlencode($src_link) . "\">{$src_ip}</a><br/>\n <strong>Destination IP:</strong>\n <a href=\"http://" . $_SERVER['SERVER_ADDR'] . "/ossim/" . urlencode($dst_link) . "\">{$dst_ip}</a><br/>\n </div>\n </content>\n <author>\n <name>\nOSSIM at " . $_SERVER['SERVER_ADDR'] . "\n </name>\n </author>\n <updated>" . Util::timestamp2RFC1459($alarm->get_timestamp()) . "</updated>\n </entry>\n"; } } echo "</feed>\n"; $db->close($conn);
<td> </td> <td> <A HREF="<?php echo Sensor::get_sensor_link($conn, $anom_services_ip["ip"]) . "/" . $anom_services_ip["ip"] . ".html"; ?> " target="_blank" title="<?php echo $anom_services_ip["ip"]; ?> "> <?php echo Host::ip2hostname($conn, $anom_services_ip["ip"]); ?> </A> </td> <td colspan="1"><?php echo Host::ip2hostname($conn, $anom_services_ip["sensor"], true); ?> </td> <td colspan="1"><?php echo $anom_services_ip["port"]; ?> </td> <td colspan="1"><font color="red"><?php echo $anom_services_ip["service"] . "/" . getprotobynumber($anom_services_ip["protocol"]) . " [" . $anom_services_ip["version"] . "]"; ?> </font></td> <td colspan="1"><?php echo $anom_services_ip["old_service"] . "/" . getprotobynumber($anom_services_ip["old_protocol"]) . " [" . $anom_services_ip["old_version"] . "]"; ?> </td> <td colspan="1"><?php
echo _("Device"); ?> </th> <th><?php echo _("Date"); ?> </th> <th><?php echo _("Last SIEM Event"); ?> </th> </tr> <?php } foreach ($events as $event) { $hostname = Host::ip2hostname($conn, $event["ip"]); if ($event["ip"] != $hostname) { $hostname = $event["ip"] . " [{$hostname}]"; } $ago = TimeAgo(strtotime($event["event_date"]), time()); ?> <tr class="trc" txt="<?php echo strtotime($event["event_date"]); ?> "> <td class="small nobborder center" width="16px"><img src="" border="0"></td> <td class="small nobborder"><b><?php echo $hostname; ?> </b> </td> <td class="small nobborder center"><?php
if ($need_extradata && !array_key_exists("username", $myrow)) { $rs_ed = $qs->ExecuteOutputQueryNoCanned("SELECT * FROM extra_data WHERE sid=" . $myrow["sid"] . " AND cid=" . $myrow["cid"], $db); while ($row_ed = $rs_ed->baseFetchRow()) { foreach ($row_ed as $k => $v) { $myrow[$k] = $v; } } $rs_ed->baseFreeRows(); } // // SID, CID, PLUGIN_* $cell_data['SID'] = $myrow["sid"]; $cell_align['SID'] = "center"; $cell_data['SENSOR'] = $sensornames[$myrow["sid"]] != "" ? $sensornames[$myrow["sid"]] : gettext("unknown"); if (preg_match("/\\d+\\.\\d+\\.\\d+\\.\\d+/", $cell_data['SENSOR'])) { $cell_data['SENSOR'] = '<A alt="' . $cell_data['SENSOR'] . '" title="' . $cell_data['SENSOR'] . '" HREF="base_stat_ipaddr.php?ip=' . $cell_data['SENSOR'] . '&netmask=32">' . Host::ip2hostname($_conn, $cell_data['SENSOR'], true) . '</A>'; } $cell_align['SENSOR'] = "center"; $cell_data['CID'] = $myrow["cid"]; $cell_align['CID'] = "center"; $cell_data['PLUGIN_ID'] = $myrow["plugin_id"]; $cell_align['PLUGIN_ID'] = "center"; $cell_data['PLUGIN_SID'] = $myrow["plugin_sid"]; $cell_align['PLUGIN_SID'] = "center"; if (in_array("PLUGIN_NAME", $_SESSION['views'][$_SESSION['current_cview']]['cols']) || in_array("PLUGIN_DESC", $_SESSION['views'][$_SESSION['current_cview']]['cols'])) { list($cell_data['PLUGIN_NAME'], $cell_data['PLUGIN_DESC']) = GetPluginNameDesc($myrow["plugin_id"], $db); $cell_align['PLUGIN_NAME'] = $cell_align['PLUGIN_DESC'] = "left"; } if (in_array("PLUGIN_SOURCE_TYPE", $_SESSION['views'][$_SESSION['current_cview']]['cols'])) { $cell_data['PLUGIN_SOURCE_TYPE'] = $opensource ? _("Only in Profesional version") : GetSourceType($myrow["plugin_id"], $db); $cell_align['PLUGIN_SOURCE_TYPE'] = "center";
</td> <td width="128" style='background-color:#FFFFE3;border-radius: 3px; -moz-border-radius: 3px; -webkit-border-radius: 3px;border: 1px solid #F0E68C;'> <?php echo _("Info"); ?> </td></tr> <?php $tp = intval(count($vulns) / $maxpag); $tp += count($vulns) % $maxpag == 0 ? 0 : 1; $to = $pag * $maxpag; $from = $to - $maxpag; $ips_to_show = array(); $i = 1; foreach ($vulns as $key => $value) { if ($i > $from && $i <= $to) { $name = Host::ip2hostname($dbconn, $key); $ips_to_show[] = $key . "|" . $name; ?> <tr> <td style="text-align:center"><?php echo $key; ?> </td> <td style="text-align:center"><?php echo $name; ?> </td> <?php $image = get_image($value[1]); ?> <td style="text-align:center"><?php
$me = null; } $gi = geoip_open("/usr/share/geoip/GeoIP.dat", GEOIP_STANDARD); $s_country = strtolower(geoip_country_code_by_addr($gi, $user->get_ip())); $s_country_name = geoip_country_name_by_addr($gi, $user->get_ip()); $geo_code = get_country($s_country, $s_country_name); $flag = !empty($geo_code) ? "<img src='" . $geo_code . "' border='0' align='top'/>" : ""; $logon_date = gmdate("Y-m-d H:i:s", Util::get_utc_unixtime($dbconn, $user->get_logon_date()) + 3600 * Util::get_timezone()); $activity_date = Util::get_utc_unixtime($dbconn, $user->get_activity()); $style = Session_activity::is_expired($activity_date) ? "background:#EFE1E0;" : "background:#EFFFF7;"; $expired = Session_activity::is_expired($activity_date) ? "<span style='color:red'>(" . _("Expired") . ")</span>" : ""; $agent = explode("###", $user->get_agent()); if ($agent[1] == "av report scheduler") { $agent = array("AV Report Scheduler", "wget"); } echo " <tr style='{$style}' id='" . $user->get_id() . "'>\n\t\t\t\t\t\t\t\t\t<td class='ops_user' {$me}><img class='user_icon' src='" . get_user_icon($user->get_login(), $pro) . "' alt='" . _("User icon") . "' title='" . _("User icon") . "' align='absmiddle'/> " . $user->get_login() . "</td>\n\t\t\t\t\t\t\t\t\t<td class='ops_ip'>" . $user->get_ip() . "</td>\n\t\t\t\t\t\t\t\t\t<td class='ops_host'>" . Host::ip2hostname($dbconn, $user->get_ip()) . $flag . "</td>\n\t\t\t\t\t\t\t\t\t<td class='ops_agent'><a txt='" . htmlentities($agent[1]) . "' class='info_agent'>" . htmlentities($agent[0]) . "</a></td>\n\t\t\t\t\t\t\t\t\t<td class='ops_id'>" . $user->get_id() . " {$expired}</td>\n\t\t\t\t\t\t\t\t\t<td class='ops_logon'>" . $logon_date . "</td>\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t<td class='ops_activity'>" . _(TimeAgo($activity_date, gmdate("U"))) . "</td>\n\t\t\t\t\t\t\t\t\t<td class='ops_actions'>{$action}</td>\t\n\t\t\t\t\t\t\t\t</tr>"; } } else { echo "<tr><td colspan='8' id='no_sessions' class='nobborder'><div class='ossim_info'>" . _("No active sessions") . "</td></tr>"; } ?> </tbody> </table> </div> </body> </html> <?php $db->close($dbconn);
function showWindowContents() { require_once 'ossim_db.inc'; require_once 'classes/Event_viewer.inc'; $dbname = $this->get('cloud_db'); $link = $this->get('cloud_link'); $max_len = $this->get('cloud_tag_max_len'); $resolv_hostname = $this->get('cloud_resolv_ip'); if (ossim_error()) { die(ossim_error()); } $method = $dbname == 'snort' ? 'snort_connect' : 'connect'; $db = new ossim_db(); $conn = $db->{$method}(); // User sensor filtering $sensor_where = ""; if (Session::allowedSensors() != "") { $user_sensors = explode(",", Session::allowedSensors()); $snortsensors = Event_viewer::GetSensorSids($conn); $sensor_str = ""; foreach ($user_sensors as $user_sensor) { if (count($snortsensors[$user_sensor]) > 0) { $sensor_str .= $sensor_str != "" ? "," . implode(",", $snortsensors[$user_sensor]) : implode(",", $snortsensors[$user_sensor]); } } if ($sensor_str == "") { $sensor_str = "0"; } $sensor_where = " sid in (" . $sensor_str . ")"; } $sql = $this->get('cloud_sql'); if (!preg_match('/^\\s*\\(?\\s*SELECT\\s/i', $sql) || preg_match('/\\sFOR\\s+UPDATE/i', $sql) || preg_match('/\\sINTO\\s+OUTFILE/i', $sql) || preg_match('/\\sLOCK\\s+IN\\s+SHARE\\s+MODE/i', $sql)) { return _("SQL Query invalid due security reasons"); } if ($sensor_where != "") { if (preg_match("/where/", $sql)) { $sql = str_replace("where", "where " . $sensor_where . " AND ", $sql); } else { $sql = str_replace("GROUP BY", "where " . $sensor_where . " GROUP BY", $sql); } } //echo "Ejecutando en $dbname: $sql"; if (!($rs = $conn->Execute($sql))) { return "Error was: " . $conn->ErrorMsg() . "\n\nQuery was: " . $sql; } if ($resolv_hostname) { require_once "classes/Host.inc"; } $tags = array(); while (!$rs->EOF) { if ($resolv_hostname) { $tag_names[$rs->fields[0]] = Host::ip2hostname($conn, $rs->fields[0], $is_sensor = false, $force_no_dns = true); } $tags[$rs->fields[0]] = $rs->fields[1]; $rs->MoveNext(); } $db->close($conn); if (!count($tags)) { return ""; } // Default font sizes $min_font_size = 8; $max_font_size = 35; $minimum_count = min(array_values($tags)); $maximum_count = max(array_values($tags)); $spread = $maximum_count - $minimum_count; if ($spread == 0) { $spread = 1; } if ($link == '') { $link = '#'; } $cloud_html = ''; $cloud_tags = array(); // create an array to hold tag code foreach ($tags as $tag => $count) { $local_link = str_replace("_TAG_", $tag, $link); $local_name = $tag; if ($resolv_hostname) { $local_name = $tag_names[$tag]; } if ($max_len > 0) { $tag = substr($tag, 0, $max_len); } $size = count($tags) == 1 ? $max_font_size : $min_font_size + ($count - $minimum_count) * ($max_font_size - $min_font_size) / $spread; $cloud_tags[] = '<a style="font-size: ' . floor($size) . 'px' . '" class="tag_cloud" href="' . htmlspecialchars($local_link) . '" title="\'' . $tag . '\' returned a count of ' . $count . '">' . htmlspecialchars(stripslashes($local_name)) . '</a> '; } $cloud_html = join("\n", $cloud_tags) . "\n"; return $cloud_html; }
foreach ($source_host_list as $source_host_group) { $source .= ($source == "" ? "" : "<br/>") . "<img src='../pixmaps/theme/host_group.png' align=absbottom> " . $source_host_group->get_host_group_name(); } } if ($source_net_list = $policy->get_net_groups($conn, 'source')) { foreach ($source_net_list as $source_net_group) { $source .= ($source == "" ? "" : "<br/>" . "<img src='../pixmaps/theme/net_group.png' align=absbottom> ") . $source_net_group->get_net_group_name(); } } $source = preg_replace("/\\> any/", "> <font color='#AAAAAA'><b>ANY</b></font>", $source); $xml .= "<cell><![CDATA[" . $source . "]]></cell>"; // $dest = ""; if ($dest_host_list = $policy->get_hosts($conn, 'dest')) { foreach ($dest_host_list as $dest_host) { $dest .= ($dest == "" ? "" : "<br/>") . "<img src='../pixmaps/theme/host.png' align=absbottom> " . Host::ip2hostname($conn, $dest_host->get_host_ip()); } } if ($dest_net_list = $policy->get_nets($conn, 'dest')) { foreach ($dest_net_list as $dest_net) { $dest .= ($dest == "" ? "" : "<br/>") . "<img src='../pixmaps/theme/net.png' align=absbottom> " . $dest_net->get_net_name(); } } if ($dest_host_list = $policy->get_host_groups($conn, 'dest')) { foreach ($dest_host_list as $dest_host_group) { $dest .= ($dest == "" ? "" : "<br/>") . "<img src='../pixmaps/theme/host_group.png' align=absbottom> " . $dest_host_group->get_host_group_name(); } } if ($dest_net_list = $policy->get_net_groups($conn, 'dest')) { foreach ($dest_net_list as $dest_net_group) { $dest .= ($dest == "" ? "" : "<br/>") . "<img src='../pixmaps/theme/net_group.png' align=absbottom> " . $dest_net_group->get_net_group_name();
$ntop_link = preg_replace("/\\/\$/", "", $ntop_link); if ($fd = @fopen("{$ntop_link}/{$host}.html", "r")) { while (!feof($fd)) { $line = fgets($fd, 1024); /* * search for Sessions section */ if (eregi(">Active.*Sessions<", $line)) { $found = 1; } /* * begin to print at the begin of <table>... */ if ($found && eregi('<table', $line)) { $show = 1; $hostname = Host::ip2hostname($conn, $host); $os_pixmap = Host_os::get_os_pixmap($conn, $host); if (strcmp($hostname, $host)) { $hostname .= " ({$host})"; } echo "<HTML>\n <HEAD>\n <TITLE> \nEOF; \n echo gettext(\"Active TCP Sessions\");\necho <<<EOF\n </TITLE>\n <LINK REL=stylesheet HREF=\"{$ntop_link}/style.css\" type=\"text/css\">\n </HEAD>\n <BODY BGCOLOR=\"#FFFFFF\" LINK=blue VLINK=blue>\n <H2 align=\"center\">\n <a href=\"../report/index.php?section=usage&host={$host}\">{$hostname}</a>\n {$os_pixmap}\n </H2>\n<CENTER>"; } /* * </table> found, session section finished, stop printing */ if ($found && eregi('</table', $line)) { $show = 0; $found = 0; echo <<<EOF </CENTER> </TABLE>
$withnmapforced = 1; } // targets foreach ($targets as $target) { if (preg_match("/^!/", $target)) { continue; } $unresolved = !preg_match("/\\d+\\.\\d+\\.\\d+\\.\\d+/", $target) && $not_resolve ? true : false; if (preg_match("/\\//", $target)) { // Net $name = Net::get_name_by_ip($conn, $target); $perm = Session::netAllowed($conn, $name); $sensors = Net::get_related_sensors($conn, $name); } else { // Host $name = $unresolved ? $target : Host::ip2hostname($conn, $target); $perm = $unresolved ? true : Session::hostAllowed($conn, $name); $sensors = Host::get_related_sensors($conn, $target); } if ($unresolved || Session::am_i_admin() && count($sensors) == 0 && $scan_server == "0") { if ($unresolved) { foreach ($all_sensors as $ip => $unused) { $sensors[] = $ip; } } else { $local_ip = `grep framework_ip /etc/ossim/ossim_setup.conf | cut -f 2 -d "="`; $local_ip = trim($local_ip); $result = $conn->Execute("SELECT name FROM vuln_nessus_servers WHERE hostname like '{$local_ip}'"); if ($result->fields["name"] != "") { $sensors[] = $local_ip; }
$current_a = get_current_metric($host_qualification_cache, $net_qualification_cache, $ip, 'host', 'attack'); $current_c = get_current_metric($host_qualification_cache, $net_qualification_cache, $ip, 'host', 'compromise'); $global_a += $current_a; $global_c += $current_c; // only show hosts over their threshold $max_a_level = round($rs->fields['max_a'] / $threshold_a); $current_a_level = round($current_a / $threshold_a); $max_c_level = round($rs->fields['max_c'] / $threshold_c); $current_c_level = round($current_c / $threshold_c); //* comment out this if you want to see all hosts if ($max_a_level <= 1 && $current_a_level <= 1 && $max_c_level <= 1 && $current_c_level <= 1) { $rs->MoveNext(); continue; } //*/ $name = Host::ip2hostname($conn, $ip); // $name = $rs->fields['hostname'] ? $rs->fields['hostname'] : $ip; if ($net_belong == "") { $ext_hosts[$ip] = array('name' => $name, 'threshold_a' => $threshold_a, 'threshold_c' => $threshold_c, 'max_c' => $rs->fields['max_c'], 'max_a' => $rs->fields['max_a'], 'max_c_date' => $rs->fields['max_c_date'], 'max_a_date' => $rs->fields['max_a_date'], 'current_a' => $current_a, 'current_c' => $current_c); } else { $data = array('name' => $name, 'threshold_a' => $threshold_a, 'threshold_c' => $threshold_c, 'max_c' => $rs->fields['max_c'], 'max_a' => $rs->fields['max_a'], 'max_c_date' => $rs->fields['max_c_date'], 'max_a_date' => $rs->fields['max_a_date'], 'current_a' => $current_a, 'current_c' => $current_c, 'network' => $net_belong, 'group' => $group_belong); $hosts[$ip] = $data; $networks[$net_belong]['hosts'][$ip] = $data; if ($group_belong) { $groups[$group_belong]['nets'][$net_belong]['hosts'][$ip] = $data; } //printr($data); } $rs->MoveNext(); } ?>
?> " target="_blank"> <font color="black"><?php echo $date; ?> </font> </a> </td> <?php $src_link = "../report/index.php?host={$src_ip}§ion=events"; $src_title = "<ul><li>" . gettext("Src Asset:") . " {$asset_src}</li><li>IP: {$src_ip}</li></ul>"; $dst_link = "../report/index.php?host={$dst_ip}§ion=events"; $dst_title = "<ul><li>" . gettext("Dst Asset:") . " {$asset_dst}</li><li>IP: {$dst_ip}</li></ul>"; $src_name = Host::ip2hostname($conn, $src_ip); $dst_name = Host::ip2hostname($conn, $dst_ip); $src_img = Host_os::get_os_pixmap($conn, $src_ip); $dst_img = Host_os::get_os_pixmap($conn, $dst_ip); ?> <!-- src & dst hosts --> <td bgcolor="#eeeeee" nowrap> <?php //echo "<a href=\"$src_link\" onMouseOver=\"showhint('$src_title', this, event, '200px')\" target=\"_blank\">$src_name</a>:$src_port $src_img"; ?> <div class="balloon"> <a href="<?php echo $src_link; ?> " <?php if (GET('box') == "1") { ?>