function host_row_basic($host, $conn, $criterias, $has_criterias, $networks, $hosts_ips, $i) { require_once "classes/Sensor.inc"; $color = $i % 2 == 0 ? "#F2F2F2" : "#FFFFFF"; $ip = $host->get_ip(); $host_name = $ip != $host->get_hostname() ? $host->get_hostname() . " ({$ip})" : $ip; $gi = geoip_open("/usr/share/geoip/GeoIP.dat", GEOIP_STANDARD); $country = strtolower(geoip_country_code_by_addr($gi, $ip)); $country_name = geoip_country_name_by_addr($gi, $ip); geoip_close($gi); if ($country) { $country_img = " <img src=\"../pixmaps/flags/" . $country . ".png\" alt=\"{$country_name}\" title=\"{$country_name}\">"; } else { $country_img = ""; } //$homelan = (Net::isIpInNet($ip, $networks) || in_array($ip, $hosts_ips)) ? " <a href=\"javascript:;\" class=\"scriptinfo\" style=\"text-decoration:none\" ip=\"".$ip."\"><img src=\"../forensics/images/homelan.png\" border=0></a>" : ""; // Network require_once 'classes/Net.inc'; $netname = Net::GetClosestNet($conn, $ip); if ($netname != false) { $ips = Net::get_ips_by_name($conn, $netname); $net = "<b>{$netname}</b> ({$ips})"; } else { $net = "<i>" . _("Asset Unknown") . "</i>"; } // Inventory $os_data = Host_os::get_ip_data($conn, $ip); if ($os_data["os"] != "") { $os = $os_data["os"]; $os_pixmap = Host_os::get_os_pixmap($conn, $ip); } else { $os = _("OS Unknown"); $os_pixmap = ""; } require_once 'classes/Host_services.inc'; $services = Host_services::get_ip_data($conn, $ip, 0); $services_arr = array(); foreach ($services as $serv) { $services_arr[$serv['service']]++; } // Vulnerabilities require_once 'classes/Status.inc'; list($vuln_list, $num_vuln, $vuln_highrisk, $vuln_risknum) = Status::get_vul_events($conn, $ip); $vuln_list_str = ""; $v = 0; foreach ($vuln_list as $vuln) { if ($v++ < 20) { $vuln_list_str .= $vuln['name'] . "<br>"; } } $vuln_list_str = str_replace("\"", "", $vuln_list_str); $vuln_caption = $num_vuln > 0 ? ' class="greybox_caption" data="' . $vuln_list_str . '"' : ' class="greybox"'; // Incidents $sql = "SELECT count(*) as num FROM alarm WHERE src_ip=INET_ATON(\"{$ip}\") OR dst_ip=INET_ATON(\"{$ip}\")"; if (!($rs =& $conn->Execute($sql))) { $num_alarms = _("Error in Query: {$sql}"); } else { if (!$rs->EOF) { $num_alarms = $rs->fields['num']; } } if ($num_alarms > 0) { $alarm_link = '<a href="../control_panel/alarm_console.php?&hide_closed=1&hmenu=Alarms&smenu=Alarms&src_ip=' . $ip . '&dst_ip=' . $ip . '" target="main"><b>' . $num_alarms . '</b></a>'; } else { $alarm_link = '<b>' . $num_alarms . '</b>'; } $sql = "SELECT count(*) as num FROM incident_alarm WHERE src_ips=\"{$ip}\" OR dst_ips=\"{$ip}\""; if (!($rs =& $conn->Execute($sql))) { $num_tickets = _("Error in Query: {$sql}"); } else { if (!$rs->EOF) { $num_tickets = $rs->fields['num']; } } if ($num_tickets > 0) { $tickets_link = '<a href="../incidents/index.php?status=Open&hmenu=Tickets&smenu=Tickets&with_text=' . $ip . '" target="main"><b>' . $num_tickets . '</b></a>'; } else { $tickets_link = '<b>' . $num_tickets . '</b>'; } // Events list($sim_events, $sim_foundrows, $sim_highrisk, $sim_risknum, $sim_date) = Status::get_SIM_light($ip, $ip); if ($sim_foundrows > 0) { $sim_link = '<a href="../forensics/base_qry_main.php?&num_result_rows=-1&submit=Query+DB¤t_view=-1&sort_order=time_d&ip=' . $ip . '&date_range=week&hmenu=Forensics&smenu=Forensics" target="main"><b>' . $sim_foundrows . '</b></a>'; } else { $sim_link = '<b>' . $sim_foundrows . '</b>'; } // $txt_tmp1 = _('Events in the SIEM'); $txt_tmp2 = _('Events in the logger'); if ($_SESSION['inventory_search']['date_from'] != "" && $_SESSION['inventory_search']['date_from'] != '1700-01-01') { $start_week = $_SESSION['inventory_search']['date_from']; } else { $start_week = strftime("%Y-%m-%d", time() - 24 * 60 * 60 * 1); } if ($_SESSION['inventory_search']['date_to'] != "" && $_SESSION['inventory_search']['date_to'] != '3000-01-01') { $end = $_SESSION['inventory_search']['date_to']; } else { $end = strftime("%Y-%m-%d", time()); } if ($start_week == strftime("%Y-%m-%d", time() - 24 * 60 * 60 * 1) && $end == strftime("%Y-%m-%d", time())) { $txt_tmp1 .= _(' (Last Week)'); $txt_tmp2 .= _(' (Last Day)'); } $start_week_temp = $start_week; $start_week .= ' 00:00:00'; $end_temp = $end; $end .= ' 23:59:59'; // //$start_week = strftime("%Y-%m-%d %H:%M:%S", time() - (24 * 60 * 60 * 7)); //$end = strftime("%Y-%m-%d %H:%M:%S", time()); list($sem_events_week, $sem_foundrows_week, $sem_date, $sem_wplot_y, $sem_wplot_x) = Status::get_SEM("", $start_week, $end, "none", 1234, $ip); if ($sem_foundrows_week > 0) { $sem_link = '<a href="../sem/index.php?hmenu=SEM&smenu=SEM&query=' . urlencode($ip) . '&start=' . urlencode($start_week) . '" target="main"><b>' . $sem_foundrows_week . '</b></a>'; } else { $sem_link = '<b>' . $sem_foundrows_week . '</b>'; } // Anomalies list($event_list, $anm_foundrows, $anm_foundrows_week, $anm_date) = Status::get_anomalies($conn, $ip); // Ntp link $ntop_lnk = Sensor::get_sensor_link($conn, $ip); if (preg_match("/(\\d+\\.\\d+\\.\\d+\\.\\d+)/", $ntop_lnk, $fnd)) { $ntop_ip = $fnd[1]; } else { $ntop_ip = $ip; } // $row = '<tr bgcolor="' . $color . '"> <td class="nobborder" style="text-align:center;padding:2px"><a href="../report/host_report.php?host=' . $ip . '&star_date=' . $start_week_temp . '&end_date=' . $end_temp . '" id="' . $ip . ';' . $host->get_hostname() . '" class="HostReportMenu" style="color:#17457c;font-size:15px;text-align:left"><b>' . $host_name . '</b></font></a><br><font style="color:gray">' . $net . '</font></td> <td class="nobborder" style="text-align:center;padding:2px">' . $os . ' ' . $os_pixmap . '<br>' . implode("<br>", array_keys($services_arr)) . '</td> <td class="nobborder" style="text-align:center;padding:2px"><a href="../vulnmeter/index.php?value=' . $ip . '&type=hn&withoutmenu=1&hmenu=Vulnerabilities&smenu=Vulnerabilities" title="Top 20 ' . _("Vulnerabilities for") . ' ' . $ip . '"' . $vuln_caption . '>' . $num_vuln . '</a></td> <td class="nobborder" style="text-align:center;padding:2px">' . $alarm_link . ' ' . _("Alarms") . '<br>' . $tickets_link . ' ' . _("Tickets") . '</td> <td class="nobborder" style="padding:2px">' . $sim_link . ' ' . $txt_tmp1 . '<br>' . $sem_link . ' ' . $txt_tmp2 . '</td> <td class="nobborder" style="text-align:center;padding:2px"><a href="../control_panel/anomalies.php?withoutmenu=1" class="greybox" title="' . _("Anomalies") . '"><b>' . $anm_foundrows . '</b></a></td> <td class="nobborder" style="text-align:center;padding:2px"> <table class="transparent"> <tr> <td class="nobborder"><img src="../pixmaps/ntop_graph_thumb.gif" width="40"></td> <td class="nobborder"><a href="../ntop/index.php?opc=services&sensor=' . $ntop_ip . '&hmenu=Network&smenu=Profiles&link_ip=' . $ip . '" target="main">' . _("Traffic Sent/Rcvd") . '</a></td> </tr> </table> </td> </tr>'; // <td class="nobborder"><a href="'.Sensor::get_sensor_link($conn,$ip).'/hostTimeTrafficDistribution-'.$ip.'-65535.png?1" class="greybox">'._("Traffic Sent").'</a><br><a href="'.Sensor::get_sensor_link($conn,$ip).'/hostTimeTrafficDistribution-'.$ip.'-65535.png" class="greybox">'._("Traffic Rcvd").'</a></td> echo str_replace("\n", "", str_replace("\r", "", str_replace("'", "", $row))); }
** Built upon work by Roman Danyliw <*****@*****.**>, <*****@*****.**> ** Built upon work by the BASE Project Team <*****@*****.**> */ header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); header("Last-Modified: " . gmdate("D, d M Y H:i:s") . "GMT"); header("Cache-Control: no-cache, must-revalidate"); header("Pragma: no-cache"); require_once 'classes/Session.inc'; Session::logcheck("MenuEvents", "EventsForensics"); // $ip = GET('ip'); ossim_valid($ip, OSS_IP_ADDR, 'illegal:' . _("ip")); if (ossim_error()) { die(ossim_error()); } // require_once 'classes/Net.inc'; require_once 'ossim_db.inc'; $db = new ossim_db(); $conn = $db->connect(); $netname = Net::GetClosestNet($conn, $ip); if ($netname != false) { list($ips, $icon) = Net::get_ips_by_name($conn, $netname, true); if ($icon != "") { echo "<img src='data:image/png;base64," . base64_encode($icon) . "' border='0'> "; } echo "<b>{$netname}</b> ({$ips})"; } else { echo "<b>{$ip}</b> not found in home networks"; } $db->close($conn);
// No perms over the host's network $threshold_a = $conf_threshold; $threshold_c = $conf_threshold; if (count($groups_belong['nets']) < 1) { $rs->MoveNext(); continue; // Host doesn't belong to any network /* } elseif ($net === null) { $threshold_a = $conf_threshold; $threshold_c = $conf_threshold; // User got perms */ } else { // threshold inheritance (for multiple nets get the closest) $closest_net = Net::GetClosestNet($conn, $ip); foreach ($groups_belong['nets'] as $net_name_aux => $net) { if ($net_name_aux == $closest_net) { $net_threshold_a = $net['threshold_a']; $net_threshold_c = $net['threshold_c']; $net_belong = $net_name_aux; $group_belong = $net['group']; } } if ($net_belong == "") { $net_belong = $net_name_aux; $group_belong = $net['group']; } $threshold_a = $rs->fields['threshold_a'] ? $rs->fields['threshold_a'] : $net_threshold_a; $threshold_c = $rs->fields['threshold_c'] ? $rs->fields['threshold_c'] : $net_threshold_c; }
Session::logcheck("MenuPolicy", "5DSearch"); require_once 'classes/Host.inc'; require_once 'classes/User_config.inc'; require_once 'ossim_db.inc'; require_once 'ossim_conf.inc'; include "functions.php"; $new = GET('new') == "1" ? 1 : 0; $ip = GET('ip'); ossim_valid($ip, OSS_IP_ADDR, OSS_NULLABLE, 'illegal:' . _("ip")); if (ossim_error()) { die(ossim_error()); } // Database Object $db = new ossim_db(); $conn = $db->connect(); $net_search = Net::GetClosestNet($conn, $ip, 1); // Get Networks list($_sensors, $_hosts) = Host::get_ips_and_hostname($conn, true); $_nets = Net::get_all($conn, true); $networks = $hosts = ""; foreach ($_nets as $_net) { $networks .= '{ txt:"' . $_net->get_name() . ' [' . $_net->get_ips() . ']", id: "' . $_net->get_ips() . '" },'; } foreach ($_hosts as $_ip => $_hostname) { if ($_hostname != $_ip) { $hosts .= '{ txt:"' . $_ip . ' [' . $_hostname . ']", id: "' . $_ip . '" },'; } else { $hosts .= '{ txt:"' . $_ip . '", id: "' . $_ip . '" },'; } } // Get Services and OS