if ($BUser->hasRole($roleneeded) == 0 && $Use_Auth_System == 1) { base_header("Location: " . $BASE_urlpath . "/index.php"); } $et = new EventTiming($debug_time_mode); // The below three lines were moved from line 87 because of the odd errors some users were having /* Connect to the Alert database */ $db = NewBASEDBConnection($DBlib_path, $DBtype); $db->baseDBConnect($db_connect_method, $alert_dbname, $alert_host, $alert_port, $alert_user, $alert_password); $cs = new CriteriaState("base_stat_country.php", "&addr_type=1"); $cs->ReadState(); /* Dump some debugging information on the shared state */ if ($debug_mode > 0) { PrintCriteriaState(); } $qs = new QueryState(); $qs->AddCannedQuery("most_frequent", $freq_num_uaddr, gettext("Most Frequent IP addresses"), "occur_d"); $qs->MoveView($submit); /* increment the view if necessary */ if ($addr_type == SOURCE_IP) { $page_title = gettext("Unique Source Address(es)"); $results_title = gettext("Src IP address"); $addr_type_name = "ip_src"; } else { if ($addr_type != DEST_IP) { ErrorMessage(gettext("CRITERIA ERROR: unknown address type -- assuming Dst address")); } $page_title = gettext("Unique Destination Address(es)"); $results_title = gettext("Dst IP address"); $addr_type_name = "ip_dst"; } if ($qs->isCannedQuery()) {
require "{$BASE_path}/includes/base_constants.inc.php"; require "{$BASE_path}/includes/base_include.inc.php"; include_once "{$BASE_path}/base_db_common.php"; include_once "{$BASE_path}/base_qry_common.php"; include_once "{$BASE_path}/base_stat_common.php"; $_SESSION["siem_default_group"] = "base_stat_ptypes.php?sort_order=occur_d"; $debug_time_mode >= 1 ? $et = new EventTiming($debug_time_mode) : ''; $cs = new CriteriaState("base_stat_ptypes.php"); $submit = ImportHTTPVar("submit", VAR_ALPHA | VAR_SPACE, array(gettext("Delete Selected"), gettext("Delete ALL on Screen"), _ENTIREQUERY)); $cs->ReadState(); // Check role out and redirect if needed -- Kevin $roleneeded = 10000; #$BUser = new BaseUser(); #if (($BUser->hasRole($roleneeded) == 0) && ($Use_Auth_System == 1)) base_header("Location: " . $BASE_urlpath . "/index.php"); $qs = new QueryState(); $qs->AddCannedQuery("most_frequent", $freq_num_alerts, gettext("Most Frequent Events"), "occur_d"); $qs->AddCannedQuery("last_alerts", $last_num_ualerts, gettext("Last Events"), "last_d"); $qs->MoveView($submit); /* increment the view if necessary */ $page_title = gettext("Event Listing"); /* Connect to the Alert database */ $db = NewBASEDBConnection($DBlib_path, $DBtype); $db->baseDBConnect($db_connect_method, $alert_dbname, $alert_host, $alert_port, $alert_user, $alert_password, 0, 1); if ($event_cache_auto_update == 1) { UpdateAlertCache($db); } $criteria_clauses = ProcessCriteria(); // Include base_header.php if ($qs->isCannedQuery()) { PrintBASESubHeader($page_title . ": " . $qs->GetCurrentCannedQueryDesc(), $page_title . ": " . $qs->GetCurrentCannedQueryDesc(), $cs->GetBackLink(), 1); } else {
$db = NewBASEDBConnection($DBlib_path, $DBtype); $db->baseDBConnect($db_connect_method, $alert_dbname, $alert_host, $alert_port, $alert_user, $alert_password, 0, 1); $cs = new CriteriaState("base_stat_uidm.php", "&addr_type={$addr_type}"); $cs->ReadState(); /* Dump some debugging information on the shared state */ // if ($debug_mode > 0) { // PrintCriteriaState(); // } //print_r($_SESSION['ip_addr']); if (!in_array($addr_type, array("userdomain", "username", "hostname", "domain"))) { $addr_type = "userdomain"; } $type_name = ucfirst(str_replace("userdomain", "user@domain", $addr_type)) . "s"; $page_title = _("Unique") . " " . _($type_name); $qs = new QueryState(); $qs->AddCannedQuery("most_frequent", $freq_num_uaddr, gettext("Most Frequent") . " " . _($type_name), "occur_d"); $qs->MoveView($submit); /* increment the view if necessary */ if ($event_cache_auto_update == 1) { UpdateAlertCache($db); } $criteria_clauses = ProcessCriteria(); // Include base_header.php if ($qs->isCannedQuery()) { PrintBASESubHeader($page_title . ": " . $qs->GetCurrentCannedQueryDesc(), $page_title . ": " . $qs->GetCurrentCannedQueryDesc(), $cs->GetBackLink(), 1); } else { PrintBASESubHeader($page_title, $page_title, $cs->GetBackLink(), 1); } $criteria = $criteria_clauses[0] . " " . $criteria_clauses[1]; if (preg_match("/user|domain/i", $addr_type)) { // from idm_data
// Solve error when payload is searched cnt = 1 // if ($_GET{"data"} { // 0 // } { // 2 // } != "") $cs->criteria['data']->criteria_cnt = 1; if ($_GET["data"][0][2] != "") { $cs->criteria['data']->criteria_cnt = 1; } $submit = gettext("Query DB"); /* restore the real submit value */ $_POST['submit'] = $submit; } $cs->ReadState(); $qs = new QueryState(); $qs->AddCannedQuery("last_tcp", $last_num_alerts, gettext("Last TCP Events"), "time_d"); $qs->AddCannedQuery("last_udp", $last_num_alerts, gettext("Last UDP Events"), "time_d"); $qs->AddCannedQuery("last_icmp", $last_num_alerts, gettext("Last ICMP Events"), "time_d"); $qs->AddCannedQuery("last_any", $last_num_alerts, gettext("Last Events"), "time_d"); $page_title = gettext("Query Results"); //$sqlcalls = ($submit == "Query DB" || $submit == gettext("Query DB") || $submit == gettext("Query+DB") || $submit == gettext("Delete Selected") || $submit == gettext("Delete ALL on Screen") || $submit == gettext("Delete Entire Query") || $qs->isCannedQuery() || ($qs->GetCurrentSort() != "" && $qs->GetCurrentSort() != "none" && $_SERVER["QUERY_STRING"]!="new=1")) ? TRUE : FALSE; //if ($sqlcalls) //{ $criteria_clauses = ProcessCriteria(); //} // Include base_header.php if ($qs->isCannedQuery()) { if (!array_key_exists("minimal_view", $_GET)) { PrintBASESubHeader($page_title . ": " . $qs->GetCurrentCannedQueryDesc(), $page_title . ": " . $qs->GetCurrentCannedQueryDesc(), $cs->GetBackLink(), 1); } else { PrintBASESubHeader($page_title . ": " . $qs->GetCurrentCannedQueryDesc(), $page_title . ": " . $qs->GetCurrentCannedQueryDesc(), "", 1);
$db = NewBASEDBConnection($DBlib_path, $DBtype); /* FIXME: OSSIM */ /* This used to break the port filters, have to look deeply on this maybe changing db_connect_method in base_conf.php */ $port_type = ImportHTTPVar("port_type", VAR_DIGIT); $proto = ImportHTTPVar("proto", VAR_DIGIT | VAR_PUNC); $export = intval(ImportHTTPVar("export", VAR_DIGIT)); // Called from report_launcher.php $db->baseDBConnect($db_connect_method, $alert_dbname, $alert_host, $alert_port, $alert_user, $alert_password, 0, 1); $cs = new CriteriaState("base_stat_ports.php", "&port_type={$port_type}&proto={$proto}"); $cs->ReadState(); // Check role out and redirect if needed -- Kevin $roleneeded = 10000; $port_proto = "TCP"; $qs = new QueryState(); $qs->AddCannedQuery("most_frequent", $freq_num_uports, gettext("Most Frequent Ports"), "occur_d"); $qs->AddCannedQuery("last_ports", $last_num_uports, gettext("Last Ports"), "last_d"); $submit = ImportHTTPVar("submit", VAR_ALPHA | VAR_SPACE, array(gettext("Delete Selected"), gettext("Delete ALL on Screen"), _ENTIREQUERY)); $qs->MoveView($submit); /* increment the view if necessary */ $page_title = ""; switch ($proto) { case TCP: $page_title = gettext("Unique") . " TCP "; $displaytitle = $port_type == SOURCE_PORT ? gettext("Displaying source tcp ports %d-%d of <b>%s</b> matching your selection.") : gettext("Displaying destination tcp ports %d-%d of <b>%s</b> matching your selection."); break; case UDP: $page_title = gettext("Unique") . " UDP "; $displaytitle = $port_type == SOURCE_PORT ? gettext("Displaying source udp ports %d-%d of <b>%s</b> matching your selection.") : gettext("Displaying destination udp ports %d-%d of <b>%s</b> matching your selection."); break; case -1: