$conn = $db->connect(); //Agents trends if ($agent['ip'] == '127.0.0.1') { // Get default system uuid $system_id = Util::get_system_uuid(); $system_info = Av_center::get_system_info_by_id($conn, $system_id); if ($system_info['status'] == 'success') { $sensor_ip = $system_info['data']['admin_ip']; } $ip_cidr = empty($sensor_ip) ? $agent['ip'] : $sensor_ip; } else { $agent_idm_data = Ossec_agent::get_idm_data($sensor_id, $agent['ip']); $agent_idm_ip = $agent_idm_data['ip']; if (empty($agent_idm_ip)) { try { $agent_idm_ip = Ossec_agent::get_last_ip($sensor_id, $agent); } catch (Exception $e) { } } $ip_cidr = Asset_host_ips::valid_ip($agent_idm_ip) ? $agent_idm_ip : $agent['ip']; } $data = array(); if (!preg_match('/Never connected/i', $agent['status']) && Asset_host_ips::valid_ip($ip_cidr)) { $data = Ossec_utilities::SIEM_trends_hids($conn, $ip_cidr); } $trend_plot = "<div style='color:gray; margin:15px; text-align:center;'>" . _('Trend chart not available') . "</div>"; if (is_array($data) && !empty($data)) { $trend = ''; $max = 7; for ($ii = $max - 1; $ii >= 0; $ii--) { $d = gmdate("j M", $timetz - 86400 * $ii);
$e_msg = _('Error! Sensor not allowed'); Av_exception::throw_error(Av_exception::USER_ERROR, $e_msg); } } else { $e_msg = ossim_get_error_clean(); Av_exception::throw_error(Av_exception::USER_ERROR, $e_msg); } $agents = Ossec_agent::get_list($sensor_id); $data = array(); if (is_array($agents) && !empty($agents)) { foreach ($agents as $agent_id => $a_data) { if (empty($a_data)) { continue; } $a_unique_id = md5($agent_id); $agent_actions = Ossec_agent::get_actions($agent_id, $a_data); if (!empty($a_data['host_id'])) { $asset_name = Asset_host::get_name_by_id($conn, $a_data['host_id']); } else { $asset_name = '-'; } //Normalize status description (See asset list filters) if ($a_data['status']['id'] == 1) { $a_data['status']['descr'] = 'Disconnected'; } $t_data = array("DT_RowId" => 'cont_agent_' . $agent_id, "DT_RowData" => array('agent_key' => $a_unique_id, 'asset_id' => $a_data['host_id'], 'agent_status' => $a_data['status']), '', $agent_id, $a_data['name'], $asset_name, $a_data['ip_cidr'], "-", "-", $a_data['status']['descr'], $agent_actions); $data[] = $t_data; } } } catch (Exception $e) { $db->close();
ossim_valid($sensor_id, OSS_HEX, 'illegal:' . _('Sensor ID')); if ($agent_ip != 'any') { ossim_valid($agent_ip, OSS_IP_CIDR_0, 'illegal:' . _('Agent IP')); } if (!ossim_error()) { $db = new ossim_db(); $conn = $db->connect(); if (!Ossec_utilities::is_sensor_allowed($conn, $sensor_id)) { Av_exception::throw_error(Av_exception::USER_ERROR, _('Error! Sensor not allowed')); } $db->close(); } $more_info = Ossec_agent::get_info($sensor_id, $agent_id); $last_scan_dates = ''; if (Asset_host_ips::valid_ip($agent_ip)) { $last_scan_dates = Ossec_agent::get_last_scans($sensor_id, $agent_ip); } if (is_array($more_info) && !empty($more_info)) { $syscheck_date = empty($last_scan_dates['syscheck']) ? $more_info[7] : $last_scan_dates['syscheck']; $rootcheck_date = empty($last_scan_dates['rootcheck']) ? $more_info[8] : $last_scan_dates['rootcheck']; ?> <table class='t_agent_mi'> <tr><td colspan='2' style='text-align: center;'><?php echo _('Agent information'); ?> </td></tr> <tr> <td><?php echo _('Agent ID'); ?> :</td>
$cnd_2 = !empty($asset_sensors[$asset_sensor_id]); if ($cnd_1 && $cnd_2) { $sensor_id = $asset_sensor_id; break; } } $agent_id = NULL; $ip_address = $default_ip_address; } if ($sensor_id === NULL) { $deployment_stats[$asset_id]['status'] = 'error'; $deployment_stats[$asset_id]['data'] = _('Error! No HIDS sensor related to asset'); continue; } $d_data = array('asset_id' => $asset_id, 'w_ip' => $ip_address, 'w_user' => $user, 'w_password' => $pass, 'w_domain' => $domain, 'agent_id' => $agent_id); $res = Ossec_agent::deploy_windows_agent($sensor_id, $d_data); $job_id = $res['job_id']; if (valid_hex32($job_id, TRUE) == FALSE) { $deployment_stats[$asset_id]['status'] = 'warning'; $deployment_stats[$asset_id]['data'] = _('Warning! Deployment job cannot be launched'); } else { $total_deployed++; } } if ($total_deployed == $total_windows) { $data = array('status' => 'success', 'data' => _('Deployment job/s scheduled successfully. <br/>Check out the <span class="bold" id="go_to_mc">Message Center</span> for more details')); } else { if ($total_deployed == 0) { $data = array('status' => 'warning', 'data' => _('Unable to deploy HIDS agents due to an internal error. Please try again'), 'stats' => $deployment_stats); } else {
} } if (is_array($validation_errors) && !empty($validation_errors)) { $data['status'] = 'error'; if (POST('ajax_validation_all') == TRUE) { $data['data'] = $validation_errors; } else { $data['data'] = '<div>' . _('We Found the following errors') . ":</div>\n <div style='padding: 10px;'>" . implode('<br/>', $validation_errors) . '</div>'; } } else { if (POST('ajax_validation_all') == TRUE) { $data['status'] = 'OK'; $data['data'] = _('Automatic deployment data checked successfully'); } else { $d_data = array('ossec_server_ip' => $ossec_server_ip, 'sensor_ip' => POST('sensor_ip'), 'agent_ip' => POST('agent_ip')); if ($os_type == 'windows') { $d_data['domain'] = POST('domain'); $d_data['user'] = POST('user'); $d_data['password'] = POST('pass'); } try { $data['status'] = 'success'; $data['data'] = Ossec_agent::execute_deployment_action($d_data, 'deploy', $os_type); } catch (Exception $e) { $data['status'] = 'warning'; $data['data'] = $e->getMessage(); } } } echo json_encode($data); exit;
$timetz = gmdate("U") + 3600 * $tz; // time to generate dates with timezone correction //HIDS trend $data = array(); if ($agent_status > 1) { if (Asset_host::is_in_db($conn, $asset_id)) { $data = Ossec_utilities::hids_trend_by_id($conn, $asset_id); } else { if ($ip_cidr == '127.0.0.1') { // Getting default sensor IP $sensor_ip = Av_sensor::get_ip_by_id($conn, $sensor_id); $ip_cidr = empty($sensor_ip) ? $ip_cidr : $sensor_ip; } else { try { $agent = array('name' => $agent_name, 'ip_cidr' => $ip_cidr); $ip_cidr = Ossec_agent::get_last_ip($sensor_id, $agent); } catch (Exception $e) { } } if (Asset_host_ips::valid_ip($ip_cidr)) { $data = Ossec_utilities::hids_trend_by_ip($conn, $ip_cidr); } } } $trend_plot = "<div style='color:gray; margin:15px; text-align:center;'>" . _('Trend chart not available') . "</div>"; if (is_array($data) && !empty($data)) { $trend = ''; $max = 7; for ($ii = $max - 1; $ii >= 0; $ii--) { $d = gmdate("j M", $timetz - 86400 * $ii); $trend[$d] = $data[$d] != '' ? $data[$d] : 0;
if ($num_agents == 1) { $agent = array_pop($hids_agents); $d_data['agent_id'] = $agent['agent_id']; } else { $e_msg = _('Unable to deploy HIDS agent. This asset already has an agent deployed. If you want to deploy a new agent, please review <a class="bold_red" href="https://www.alienvault.com/help/redirect/usm/connect_agent" target="_blank">how to manage agent connections</a> and try again'); Av_exception::throw_error(Av_exception::USER_ERROR, $e_msg); } } $res = Ossec_agent::deploy_windows_agent($sensor_id, $d_data); $job_id = $res['job_id']; $attempts = 0; $max_attempts = 80; $data = Ossec_agent::check_deployment_status($job_id); while ($data['status'] == 'in_progress' && $attempts < $max_attempts) { sleep(3); $data = Ossec_agent::check_deployment_status($job_id); $attempts++; } if ($attempts >= $max_attempts) { $e_msg = _('Connection has timed out. Please deploy the HIDS agent again'); Av_exception::throw_error(Av_exception::USER_ERROR, $e_msg); } else { if ($data['status'] != 'success') { $e_msg = $data['data'] . "<br/><br/>" . $data['help']; Av_exception::throw_error(Av_exception::USER_ERROR, $e_msg); } } break; case 3: //Deploy Agentless /************************************************
$copy_cf = str_replace($pattern, $unique_id, $copy_cf); } else { if (preg_match("/<\\s*agent_config\\s*>/", $copy_cf)) { $copy_cf = preg_replace("/<\\/\\s*agent_config\\s*>/", "{$unique_id}</agent_config>", $copy_cf, 1); } else { $copy_cf = "<agent_config>{$unique_id}</agent_config>"; } } $copy_cf = preg_replace("/{$unique_id}/", $node_sys, $copy_cf); $conf_data = Ossec_utilities::formatXmlString($copy_cf); try { $data = Ossec_agent::set_configuration_file($sensor_id, $conf_data); } catch (Exception $e) { $data['status'] = 'error'; $data['data'] = $e->getMessage(); } echo json_encode($data); } elseif ($tab == '#tab3') { try { $conf_data = html_entity_decode(base64_decode($_POST['data']), ENT_QUOTES, 'UTF-8'); $data = Ossec_agent::set_configuration_file($sensor_id, $conf_data); } catch (Exception $e) { $data['status'] = 'error'; $data['data'] = $e->getMessage(); } echo json_encode($data); } else { $data['status'] = 'error'; $data['data'] = _('Error! Illegal action'); echo json_encode($data); }
?> <script type='text/javascript'> parent.hide_loading_box(); parent.$("#c_info").html(parent.notify_error('<?php echo _('Error! Sensor not allowed'); ?> ')); parent.$("#c_info").fadeIn(4000); parent.window.scrollTo(0,0); parent.$('#c_ossec_agent').remove(); </script> <?php exit; } try { $agent_path = Ossec_agent::download_agent($sensor_id, $agent_id, $agent_type); } catch (Exception $e) { $e_data = $e->getMessage(); $errors = preg_match('/Error!/', $e_data) ? $e_data : _('Error!') . '<br/>' . $e_data; ?> <script type='text/javascript'> var content = "<div style='padding-left:5px; text-align: left;'><?php echo $errors; ?> </div>"; parent.hide_loading_box(); parent.$("#c_info").html(parent.notify_error(content)); parent.$("#c_info").fadeIn(4000);
} ?> </tbody> </table> <div class='cont_savet2'> <input type='button' class='small' id='send_6' value='<?php echo _('Save'); ?> ' onclick="save_agent_conf();"/> </div> </div> </form> <?php } catch (Exception $e) { echo "2###" . _('We found the followings errors:') . "<div style='padding-left: 15px; text-align:left;'>" . $e->getMessage() . "</div>"; } } else { if ($tab == '#tab3') { try { $conf_data = Ossec_agent::get_configuration_file($sensor_id); echo "1###" . $conf_data['data']; } catch (Exception $e) { echo "2###" . _('We found the followings errors:') . "<div style='padding-left: 15px; text-align:left;'>" . $e->getMessage() . "</div>"; } } else { echo "2###" . _('We found the followings errors') . ": <div style='padding-left: 15px; text-align:left;'>" . _('Illegal action') . "</div>"; } } }
$_aux_agents = Asset_host::get_related_hids_agents($conn, $asset_id, $sensor_id); $agent_key = md5(strtoupper($sensor_id) . '#' . $agent_id); unset($_aux_agents[$agent_key]); if (!empty($_aux_agents)) { $validation_errors['asset_id'] = sprintf(_("Unable to connect HIDS agent to '%s'. This asset already has an agent deployed. If you want to deploy a new agent, please review <a class=\"bold_red\" href=\"https://www.alienvault.com/help/redirect/usm/connect_agent\" target=\"_blank\">how to manage agent connections</a> and try again"), Asset_host::get_name_by_id($conn, $asset_id)); } $db->close(); } if (is_array($validation_errors) && !empty($validation_errors)) { $validation_errors['html_errors'] = "<div style='text-align: left;'>" . _('The following errors occurred') . ":</div>\n <div style='padding-left:15px; text-align: left;'>" . implode('<br/>', $validation_errors) . "</div>"; $data['status'] = 'error'; $data['data'] = $validation_errors; } else { $data['status'] = 'success'; $data['data'] = _('Your changes have been saved'); try { Ossec_agent::link_to_asset($sensor_id, $agent_id, $asset_id); $db = new ossim_db(); $conn = $db->connect(); $agents = Asset_host::get_related_hids_agents($conn, $asset_id, $sensor_id); $agent_key = md5(strtoupper($sensor_id) . '#' . $agent_id); $agent_info = array('ip_cidr' => $agents[$agent_key]['ip_cidr'], 'host_id' => $asset_id); $data['asset'] = array('id' => $asset_id, 'name' => Asset_host::get_name_by_id($conn, $asset_id), 'actions' => Ossec_agent::get_actions($agent_id, $agent_info)); $db->close(); } catch (Exception $e) { $data['status'] = 'error'; $data['data'] = _('An unexpected error occurred. Unable to connect asset to HIDS agent. Please try again') . '.<br/><br/>' . sprintf(_('Reason: %s'), $e->getMessage()); } } echo json_encode($data); exit;
$data['status'] = 'error'; $data['data'] = $validation_errors; } else { $ret = NULL; $data['status'] = 'success'; try { $new_agent = Ossec_agent::create($sensor_id, $agent_name, $ip_cidr, $asset_id); //If ossec-remoted is not running, we have to restart Ossec Server $ossec_status = Ossec_control::execute_action($sensor_id, 'status'); if ('UP' !== $ossec_status['general_status']['ossec-remoted']) { Ossec_control::execute_action($sensor_id, 'restart'); } if (is_array($new_agent) && !empty($new_agent)) { $agent_id = $new_agent['id']; $agent_info = array('name' => $new_agent['name'], 'ip_cidr' => $new_agent['ip_cidr'], 'status' => $new_agent['status']); $agent_actions = Ossec_agent::get_actions($agent_id, $new_agent); $data['data'] = _("HIDS agent has been created. To deploy the agent, please choose one of the options under the 'Actions' column") . "###" . $agent_id . "###"; $a_unique_id = md5($agent_id); if (valid_hex32($new_agent['host_id'])) { $db = new Ossim_db(); $conn = $db->connect(); $asset_name = Asset_host::get_name_by_id($conn, $new_agent['host_id']); $db->close(); } else { $asset_name = '-'; } //Normalize status description (See asset list filters) if ($new_agent['status']['id'] == 1) { $new_agent['status']['descr'] = 'Disconnected'; } $agent_elem = array("DT_RowId" => 'cont_agent_' . $agent_id, "DT_RowData" => array('agent_key' => $a_unique_id, 'asset_id' => $new_agent['host_id'], 'agent_status' => $new_agent['status']), '', $agent_id, $new_agent['name'], $asset_name, $new_agent['ip_cidr'], "-", "-", $new_agent['status']['descr'], $agent_actions);
} $data['data'] .= "</tbody>\n </table>"; } else { $config_nt = array('content' => _($header) . " <span style='font-weight: bold;'>" . _('No results') . "</span>", 'options' => array('type' => 'nf_info', 'cancel_button' => FALSE), 'style' => 'width: 80%; margin: 20px auto; text-align: left;'); $nt = new Notification('nt_1', $config_nt); $data['data'] = $nt->show(FALSE); } } catch (Exception $e) { $data['status'] = 'error'; $data['data'] = _('Error! Modified registry files could not be extracted for this agent'); } break; case 'rootcheck': try { $data['status'] = 'success'; $res = Ossec_agent::launch_rootcheck($sensor_id, $id); $header = _('Policy and auditing database'); if (count($res) > 0) { $data['data'] = "<div style='font-weight: bold; font-size: 11px; padding: 10px 0px;'>" . _($header) . ":</div>\n <table class='table_files table_data' id='tf'>\n <thead>\n <tr>\n <th class='cf_type'>" . _('Type') . "</th>\n <th class='cf_date'>" . _('Last Date') . "</th>\n <th class='cf_date'>" . _('First Date') . "</th>\n <th>" . _('Event') . "</th>\n </tr>\n </thead>\n \n <tbody>"; $days = 0; $dates = array(); foreach ($res as $line) { $r_data = explode(',', $line); if (!empty($r_data)) { if (empty($dates[$r_data[1]])) { $dates[$data[1]] = $r_data[1]; $days = $days + 1; $color = $days % 2 == 0 ? 'class="odd"' : 'class="even"'; } $data['data'] .= "<tr {$color}>\n <td class='cf_type'>" . $r_data[0] . "</td>\n <td class='cf_date'>" . $r_data[1] . "</td>\n <td class='cf_date'>" . $r_data[2] . "</td>\n <td class='cf_path'>" . $r_data[3] . "</td>\n </tr>"; }
$conn = $db->connect(); $res = Av_center::get_system_info_by_ip($conn, $d_data['sensor_ip']); if ($res['status'] == 'success') { $sensor_id = $res['data']['sensor_id']; if (!Ossec_utilities::is_sensor_allowed($conn, $sensor_id)) { $data['status'] = 'error'; $data['data'] = _('Error! Sensor not allowed'); } } else { $data['status'] = 'error'; $data['data'] = _('Error! Unable to validate sensor IP'); } if ($data['status'] == 'error') { $db->close(); echo json_encode($data); exit; } $db->close(); try { if ($order == 'status') { $data = Ossec_agent::check_deployment_status($d_data, $os_type); } else { $data = Ossec_agent::execute_deployment_action($d_data, $order, $os_type); } } catch (Exception $e) { $data['status'] = 'warning'; $data['data'] = $e->getMessage(); } echo json_encode($data); exit; }
if (!Ossec_utilities::is_sensor_allowed($conn, $sensor_id)) { $validation_errors['sensor_id'] = _('Unable to deploy HIDS agent. The selected sensor is not allowed. Please update the sensor in asset details and try again'); } } if (is_array($validation_errors) && !empty($validation_errors)) { $data['status'] = 'error'; if (POST('ajax_validation_all') == TRUE) { $data['data'] = $validation_errors; } else { $data['data'] = '<div>' . _('The following errors occurred') . ":</div>\n <div style='padding: 10px;'>" . implode('<br/>', $validation_errors) . '</div>'; } } else { if (POST('ajax_validation_all') == TRUE) { $data['status'] = 'OK'; $data['data'] = _('HIDS data successfully checked'); } else { $asset_id = POST('asset_id'); $sensor_id = POST('sensor_id'); $agent_id = POST('agent_id'); try { $d_data = array('asset_id' => $asset_id, 'w_ip' => POST('asset_ip'), 'w_user' => POST('user'), 'w_password' => POST('pass'), 'w_domain' => POST('domain'), 'agent_id' => $agent_id); $data['status'] = 'success'; $data['data'] = Ossec_agent::deploy_windows_agent($sensor_id, $d_data); } catch (Exception $e) { $data['status'] = 'error'; $data['data'] = $e->getMessage(); } } } $db->close(); echo json_encode($data);