Пример #1
0
function add_note($conn, $type)
{
    $validate = array('asset_id' => array('validation' => 'OSS_HEX', 'e_message' => 'illegal:' . _('Asset ID')), 'txt' => array('validation' => 'OSS_TEXT, OSS_PUNC_EXT', 'e_message' => 'illegal:' . _('Note text')));
    $validation_errors = validate_form_fields('POST', $validate);
    if (is_array($validation_errors) && !empty($validation_errors)) {
        Av_exception::throw_error(Av_exception::USER_ERROR, _('Error! Note could not be added'));
    }
    $asset_id = POST('asset_id');
    $txt = POST('txt');
    // Check Asset Type
    $asset_types = array('asset' => 'asset_host', 'network' => 'asset_net', 'group' => 'asset_group', 'net_group' => 'net_group');
    // Note type
    $type_tr = array('group' => 'host_group', 'network' => 'net', 'asset' => 'host', 'net_group' => 'net_group');
    $class_name = $asset_types[$type];
    $asset_type = $type_tr[$type];
    // Check Asset Permission
    if (method_exists($class_name, 'is_allowed') && !$class_name::is_allowed($conn, $asset_id)) {
        $error = sprintf(_('Error! %s is not allowed'), ucwords($type));
        Av_exception::throw_error(Av_exception::USER_ERROR, $error);
    }
    $note_id = Notes::insert($conn, $asset_type, gmdate('Y-m-d H:i:s'), $asset_id, $txt);
    if (intval($note_id) > 0) {
        $tz = Util::get_timezone();
        $data['msg'] = _('Note added successfully');
        $data['id'] = $note_id;
        $data['note'] = $txt;
        $data['date'] = gmdate('Y-m-d H:i:s', Util::get_utc_unixtime(gmdate('Y-m-d H:i:s')) + 3600 * $tz);
        $data['user'] = Session::get_session_user();
        $data['editable'] = 1;
    } else {
        Av_exception::throw_error(Av_exception::USER_ERROR, _('Error! Note could not be added'));
    }
    return $data;
}
Пример #2
0
function load_layout($name_layout, $category = 'policy')
{
    $db = new ossim_db();
    $conn = $db->connect();
    $config = new User_config($conn);
    $login = Session::get_session_user();
    $data = $config->get($login, $name_layout, 'php', $category);
    return $data == null ? array() : $data;
}
Пример #3
0
function reorder_widgets($dbconn, $tab)
{
    $user = Session::get_session_user();
    ossim_valid($tab, OSS_DIGIT, 'illegal:' . _("Tab ID"));
    if (ossim_error()) {
        die(ossim_error());
    }
    $query = "UPDATE dashboard_widget_config set fil = (fil + 1) WHERE panel_id=? and user=? and col=0";
    $params = array($tab, $user);
    if (!$dbconn->Execute($query, $params)) {
        print $dbconn->ErrorMsg();
        return TRUE;
    } else {
        return FALSE;
    }
}
Пример #4
0
function check_report_availability($user_perm, $entity_perm, $creator, $wizard_perms)
{
    $me = Session::get_session_user();
    if (Session::am_i_admin() || $me == $creator || $wizard_perms['user_perms'][$creator] > 1) {
        return TRUE;
    } else {
        if ($user_perm >= 0) {
            if ($user_perm == "0" || $wizard_perms['user_perms'][$user_perm] > 1) {
                return TRUE;
            }
        } elseif ($entity_perm > 0) {
            if ($wizard_perms['entity_perms'][$entity_perm] >= 1) {
                return TRUE;
            }
        }
    }
    return FALSE;
}
Пример #5
0
function getSourceLocalSSIYear($conn, $date_from, $date_to)
{
    $where_range = whereYM($date_from, $date_to);
    $user = Session::get_session_user();
    $sql = "SELECT source, count(*) as volume from datawarehouse.ssi_user WHERE ssi_user.user = ? AND {$where_range} Group BY source;";
    //print_r($sql);
    $result = array();
    $rs = $conn->Execute($sql, array($user));
    if (!$rs) {
        Av_exception::write_log(Av_exception::DB_ERROR, $conn->ErrorMsg());
        return $result;
    }
    while (!$rs->EOF) {
        $result[] = $rs->fields;
        $rs->MoveNext();
    }
    return $result;
}
Пример #6
0
function mapAllowed($perms_arr, $version)
{
    if (Session::am_i_admin()) {
        return true;
    }
    $ret = false;
    foreach ($perms_arr as $perm => $val) {
        // ENTITY
        if (preg_match("/^\\d+\$/", $perm)) {
            if (preg_match("/pro|demo/i", $version) && $_SESSION['_user_vision']['entity'][$perm]) {
                $ret = true;
            }
            // USER
        } elseif (Session::get_session_user() == $perm) {
            $ret = true;
        }
    }
    return $ret;
}
Пример #7
0
function get_report_uuid()
{
    require_once 'classes/Session.inc';
    $uuid = Session::get_secure_id();
    $url = null;
    if (empty($uuid)) {
        $db = new ossim_db();
        $dbconn = $db->connect();
        $user = Session::get_session_user();
        $query = 'SELECT * FROM `users` WHERE login="******"';
        $result = $dbconn->Execute($query);
        if (is_array($result->fields) && !empty($result->fields)) {
            $pass = $result->fields["pass"];
            $uuid = sha1($user . "#" . $pass);
        } else {
            $uuid = false;
        }
    }
    return $uuid;
}
Пример #8
0
function gettabsavt($configs_dir, $cloud_instance = false)
{
    $user = Session::get_session_user();
    $tabsavt = array();
    if (is_dir($configs_dir)) {
        if ($dh = opendir($configs_dir)) {
            while (($file = readdir($dh)) !== false) {
                if (preg_match("/^{$user}.*\\.avt/", $file)) {
                    list($avt_id, $avt_values) = getavt($file, $configs_dir);
                    if (!$cloud_instance || $cloud_instance && $avt_id != 1004) {
                        // if cloud disable Compliance Tab
                        $tabsavt[$avt_id] = $avt_values;
                    }
                }
            }
            closedir($dh);
        }
    }
    return $tabsavt;
}
Пример #9
0
function get_report_data($id = NULL)
{
    $conf = $GLOBALS['CONF'];
    $conf = !$conf ? new Ossim_conf() : $conf;
    $y = strftime('%Y', time() - 24 * 60 * 60 * 30);
    $m = strftime('%m', time() - 24 * 60 * 60 * 30);
    $d = strftime('%d', time() - 24 * 60 * 60 * 30);
    $reports['asset_report'] = array('report_name' => _('Asset Details'), 'report_id' => 'asset_report', 'type' => 'external', 'link_id' => 'link_ar_asset', 'link' => '', 'parameters' => array(array('name' => _('Host Name/IP/Network'), 'id' => 'ar_asset', 'type' => 'asset', 'default_value' => '')), 'access' => Session::menu_perms('environment-menu', 'PolicyHosts') || Session::menu_perms('environment-menu', 'PolicyNetworks'), 'send_by_email' => 0);
    $status_values = array('All' => array('text' => _('All')), 'Open' => array('text' => _('Open')), 'Assigned' => array('text' => _('Assigned')), 'Studying' => array('text' => _('Studying')), 'Waiting' => array('text' => _('Waiting')), 'Testing' => array('text' => _('Testing')), 'Closed' => array('text' => _('Closed')));
    $types_values = array('ALL' => array('text' => _('ALL')), 'Expansion Virus' => array('text' => _('Expansion Virus')), 'Corporative Nets Attack' => array('text' => _('Corporative Nets Attack')), 'Policy Violation' => array('text' => _('Policy Violation')), 'Security Weakness' => array('text' => _('Security Weakness')), 'Net Performance' => array('text' => _('Net Performance')), 'Applications and Systems Failures' => array('text' => _('Applications and Systems Failures')), 'Anomalies' => array('text' => _('Anomalies')), 'Vulnerability' => array('text' => _('Vulnerability')));
    $priority_values = array('High' => _('High'), 'Medium' => _('Medium'), 'Low' => _('Low'));
    $reports['tickets_report'] = array('report_name' => _('Tickets Report'), 'report_id' => 'tickets_report', 'type' => 'pdf', 'subreports' => array('title_page' => array('id' => 'title_page', 'name' => _('Title Page'), 'report_file' => 'os_reports/Common/titlepage.php'), 'alarm' => array('id' => 'alarm', 'name' => _('Alarm'), 'report_file' => 'os_reports/Tickets/Alarm.php'), 'event' => array('id' => 'event', 'name' => _('Event'), 'report_file' => 'os_reports/Tickets/Event.php'), 'anomaly' => array('id' => 'anomaly', 'name' => _('Anomaly'), 'report_file' => 'os_reports/Tickets/Anomaly.php'), 'vulnerability' => array('id' => 'vulnerability', 'name' => _('Vulnerability'), 'report_file' => 'os_reports/Tickets/Vulnerability.php')), 'parameters' => array(array('name' => _('Date Range'), 'date_from_id' => 'tr_date_from', 'date_to_id' => 'tr_date_to', 'type' => 'date_range', 'default_value' => array('date_from' => $y . '-' . $m . '-' . $d, 'date_to' => date('Y') . '-' . date('m') . '-' . date('d'))), array('name' => _('Status'), 'id' => 'tr_status', 'type' => 'select', 'values' => $status_values), array('name' => _('Type'), 'id' => 'tr_type', 'type' => 'select', 'values' => $types_values), array('name' => _('Priority'), 'id' => 'tr_priority', 'type' => 'checkbox', 'values' => $priority_values)), 'access' => Session::menu_perms('analysis-menu', 'IncidentsIncidents'), 'send_by_email' => 1);
    $reports['alarm_report'] = array('report_name' => _('Alarms Report'), 'report_id' => 'alarm_report', 'type' => 'pdf', 'subreports' => array('title_page' => array('id' => 'title_page', 'name' => _('Title Page'), 'report_file' => 'os_reports/Common/titlepage.php'), 'top_attacker_host' => array('id' => 'top_attacker_host', 'name' => _('Top 10 Attacker Host'), 'report_file' => 'os_reports/Alarms/AttackerHosts.php'), 'top_attacked_host' => array('id' => 'top_attacked_host', 'name' => _('Top 10 Attacked Host'), 'report_file' => 'os_reports/Alarms/AttackedHosts.php'), 'used_port' => array('id' => 'used_port', 'name' => _('Top 10 Used Ports'), 'report_file' => 'os_reports/Alarms/UsedPorts.php'), 'top_events' => array('id' => 'top_events', 'name' => _('Top 15 Alarms'), 'report_file' => 'os_reports/Alarms/TopAlarms.php'), 'events_by_risk' => array('id' => 'events_by_risk', 'name' => _('Top 15 Alarms by Risk'), 'report_file' => 'os_reports/Alarms/TopAlarmsByRisk.php')), 'parameters' => array(array('name' => _('Date Range'), 'date_from_id' => 'ar_date_from', 'date_to_id' => 'ar_date_to', 'type' => 'date_range', 'default_value' => array('date_from' => $y . '-' . $m . '-' . $d, 'date_to' => date('Y') . '-' . date('m') . '-' . date('d')))), 'access' => Session::menu_perms('analysis-menu', 'ControlPanelAlarms'), 'send_by_email' => 1);
    $reports['bc_pci_report'] = array('report_name' => _('Business & Compliance ISO PCI Report'), 'report_id' => 'bc_pci_report', 'type' => 'pdf', 'subreports' => array('title_page' => array('id' => 'title_page', 'name' => _('Title Page'), 'report_file' => 'os_reports/Common/titlepage.php'), 'threat_overview' => array('id' => 'threat_overview', 'name' => _('Threat overview'), 'report_file' => 'os_reports/BusinessAndComplianceISOPCI/ThreatOverview.php'), 'bri_risks' => array('id' => 'bri_risks', 'name' => _('Business real impact risks'), 'report_file' => 'os_reports/BusinessAndComplianceISOPCI/BusinessPotentialImpactsRisks.php'), 'ciap_impact' => array('id' => 'ciap_impact', 'name' => _('C.I.A Potential impact'), 'report_file' => 'os_reports/BusinessAndComplianceISOPCI/CIAPotentialImpactsRisks.php'), 'pci_dss' => array('id' => 'pci_dss', 'name' => _('PCI-DSS 2.0'), 'report_file' => 'os_reports/BusinessAndComplianceISOPCI/PCI-DSS.php'), 'pci_dss3' => array('id' => 'pci_dss3', 'name' => _('PCI-DSS 3.0'), 'report_file' => 'os_reports/BusinessAndComplianceISOPCI/PCI-DSS3.php'), 'trends' => array('id' => 'trends', 'name' => _('Trends'), 'report_file' => 'os_reports/BusinessAndComplianceISOPCI/Trends.php'), 'iso27002_p_impact' => array('id' => 'iso27002_p_impact', 'name' => _('ISO27002 Potential impact'), 'report_file' => 'os_reports/BusinessAndComplianceISOPCI/ISO27002PotentialImpact.php'), 'iso27001' => array('id' => 'iso27001', 'name' => _('ISO27001'), 'report_file' => 'os_reports/BusinessAndComplianceISOPCI/ISO27001.php')), 'parameters' => array(array('name' => _('Date Range'), 'date_from_id' => 'bc_pci_date_from', 'date_to_id' => 'bc_pci_date_to', 'type' => 'date_range', 'default_value' => array('date_from' => $y . '-' . $m . '-' . $d, 'date_to' => date('Y') . '-' . date('m') . '-' . date('d')))), 'access' => Session::menu_perms('report-menu', 'ReportsReportServer'), 'send_by_email' => 1);
    $reports['siem_report'] = array('report_name' => _('SIEM Events'), 'report_id' => 'siem_report', 'type' => 'pdf', 'subreports' => array('title_page' => array('id' => 'title_page', 'name' => _('Title Page'), 'report_file' => 'os_reports/Common/titlepage.php'), 'top_attacker_host' => array('id' => 'top_attacker_host', 'name' => _('Top 10 Attacker Host'), 'report_file' => 'os_reports/Siem/AttackerHosts.php'), 'top_attacked_host' => array('id' => 'top_attacked_host', 'name' => _('Top 10 Attacked Host'), 'report_file' => 'os_reports/Siem/AttackedHosts.php'), 'used_port' => array('id' => 'used_port', 'name' => _('Top 10 Used Ports'), 'report_file' => 'os_reports/Siem/UsedPorts.php'), 'top_events' => array('id' => 'top_events', 'name' => _('Top 15 Events'), 'report_file' => 'os_reports/Siem/TopEvents.php'), 'events_by_risk' => array('id' => 'events_by_risk', 'name' => _('Top 15 Events by Risk'), 'report_file' => 'os_reports/Siem/TopEventsByRisk.php')), 'parameters' => array(array('name' => _('Date Range'), 'date_from_id' => 'sr_date_from', 'date_to_id' => 'sr_date_to', 'type' => 'date_range', 'default_value' => array('date_from' => $y . '-' . $m . '-' . $d, 'date_to' => date('Y') . '-' . date('m') . '-' . date('d')))), 'access' => Session::menu_perms('analysis-menu', 'EventsForensics'), 'send_by_email' => 1);
    $reports['vulnerabilities_report'] = array('report_name' => _('Vulnerabilities Report'), 'report_id' => 'vulnerabilities_report', 'type' => 'external', 'target' => '_blank', 'link_id' => 'link_vr', 'link' => Menu::get_menu_url('../vulnmeter/lr_respdf.php?ipl=all&scantype=M', 'environment', 'vulnerabilities', 'overview'), 'access' => Session::menu_perms('analysis-menu', 'EventsVulnerabilities'), 'send_by_email' => 0);
    $reports['th_vuln_db'] = array('report_name' => _('Threats & Vulnerabilities Database'), 'report_id' => 'th_vuln_db', 'type' => 'external', 'link_id' => 'link_tvd', 'link' => Menu::get_menu_url('../vulnmeter/threats-db.php', 'environment', 'vulnerabilities', 'threat_database'), 'access' => Session::menu_perms('analysis-menu', 'EventsVulnerabilities'), 'send_by_email' => 0);
    $reports['ticket_status'] = array('report_name' => _('Tickets Status'), 'report_id' => 'ticket_status', 'type' => 'external', 'link_id' => 'link_tr', 'link' => Menu::get_menu_url('../report/incidentreport.php', 'analysis', 'tickets', 'tickets'), 'access' => Session::menu_perms('analysis-menu', 'IncidentsIncidents'), 'send_by_email' => 0);
    $db = new ossim_db();
    $conn = $db->connect();
    $user = Session::get_session_user();
    $session_list = Session::get_list($conn, 'ORDER BY login');
    if (preg_match('/pro|demo/', $conf->get_conf('ossim_server_version')) && !Session::am_i_admin()) {
        $myusers = Acl::get_my_users($conn, Session::get_session_user());
        if (count($myusers) > 0) {
            $is_pro_admin = 1;
        }
    }
    // User Log lists
    if (Session::am_i_admin()) {
        $user_values[''] = array('text' => _('All'));
        if ($session_list) {
            foreach ($session_list as $session) {
                $login = $session->get_login();
                $user_values[$login] = $login == $user ? array('text' => $login, 'selected' => TRUE) : array('text' => $login);
            }
        }
    } elseif ($is_pro_admin) {
        foreach ($myusers as $myuser) {
            $user_values[$myuser['login']] = array('text' => $myuser['login']);
            $user_values[$user] = array('text' => $user, 'selected' => TRUE);
        }
    } else {
        $user_values[$user] = array('text' => $user);
    }
    $code_list = Log_config::get_list($conn, 'ORDER BY descr');
    $action_values[''] = array('text' => _('All'));
    if ($code_list) {
        foreach ($code_list as $code_log) {
            $code_aux = $code_log->get_code();
            $action_values[$code_aux] = array('text' => '[' . sprintf("%02d", $code_aux) . '] ' . _(preg_replace('|%.*?%|', " ", $code_log->get_descr())));
        }
    }
    $reports['user_activity'] = array('report_name' => _('User Activity Report'), 'report_id' => 'user_activity', 'type' => 'external', 'link_id' => 'link_ua', 'link' => Menu::get_menu_url('../userlog/user_action_log.php', 'settings', 'settings', 'user_activity'), 'parameters' => array(array('name' => _('User'), 'id' => 'ua_user', 'type' => 'select', 'values' => $user_values), array('name' => _('Action'), 'id' => 'ua_action', 'type' => 'select', 'values' => $action_values)), 'access' => Session::menu_perms('settings-menu', 'ToolsUserLog'), 'send_by_email' => 0);
    $reports['geographic_report'] = array('report_name' => _('Geographic Report'), 'report_id' => 'geographic_report', 'type' => 'pdf', 'subreports' => array('title_page' => array('id' => 'title_page', 'name' => _('Title Page'), 'report_file' => 'os_reports/Common/titlepage.php'), 'geographic_report' => array('id' => 'geographic_report', 'name' => _('Geographic Report'), 'report_file' => 'os_reports/Various/Geographic.php')), 'parameters' => array(array('name' => _('Date Range'), 'date_from_id' => 'gr_date_from', 'date_to_id' => 'gr_date_to', 'type' => 'date_range', 'default_value' => array('date_from' => $y . '-' . $m . '-' . $d, 'date_to' => date('Y') . '-' . date('m') . '-' . date('d')))), 'access' => Session::menu_perms('analysis-menu', 'EventsForensics'), 'send_by_email' => 1);
    //Sensor list
    $sensor_values[''] = array('text' => ' -- ' . _('Sensors no found') . ' -- ');
    $filters = array('order_by' => 'name');
    $sensor_list = Av_sensor::get_basic_list($conn, $filters);
    $filters = array('order_by' => 'priority desc');
    list($sensor_list, $sensor_total) = Av_sensor::get_list($conn, $filters);
    if ($sensor_total > 0) {
        $sensor_values = array();
        foreach ($sensor_list as $s) {
            $properties = $s['properties'];
            if ($properties['has_nagios']) {
                $sensor_values[$s['ip']] = array('text' => $s['name']);
            }
        }
    }
    /* Nagios link */
    $nagios_link = $conf->get_conf('nagios_link');
    $scheme = empty($_SERVER['HTTPS']) ? 'http://' : 'https://';
    $path = !empty($nagios_link) ? $nagios_link : '/nagios3/';
    $port = !empty($_SERVER['SERVER_PORT']) ? ':' . $_SERVER['SERVER_PORT'] : "";
    $nagios = $port . $path;
    $section_values = array(urlencode($nagios . 'cgi-bin/trends.cgi') => array('text' => _('Trends')), urlencode($nagios . 'cgi-bin/avail.cgi') => array('text' => _('Availability')), urlencode($nagios . 'cgi-bin/histogram.cgi') => array('text' => _('Event Histogram')), urlencode($nagios . 'cgi-bin/history.cgi?host=all') => array('text' => _('Event History')), urlencode($nagios . 'cgi-bin/summary.cgi') => array('text' => _('Event Summary')), urlencode($nagios . 'cgi-bin/notifications.cgi') => array('text' => _('Notifications')), urlencode($nagios . 'cgi-bin/showlog.cgi') => array('text' => _('Performance Info')));
    $reports['availability_report'] = array('report_name' => _('Availability Report'), 'report_id' => 'availability_report', 'type' => 'external', 'link_id' => 'link_avr', 'click' => "nagios_link('avr_nagios_link', 'avr_sensor', 'avr_section');", 'parameters' => array(array('name' => _('Sensor'), 'id' => 'avr_sensor', 'type' => 'select', 'values' => $sensor_values), array('name' => 'Nagioslink', 'id' => 'avr_nagios_link', 'type' => 'hidden', 'default_value' => urlencode($scheme)), array('name' => _('Section'), 'id' => 'avr_section', 'type' => 'select', 'values' => $section_values)), 'access' => Session::menu_perms('environment-menu', 'MonitorsAvailability'), 'send_by_email' => 0);
    $db->close();
    if ($id == NULL) {
        ksort($reports);
        return $reports;
    } else {
        return !empty($reports[$id]) ? $reports[$id] : array();
    }
}
Пример #10
0
//Regional settings
require_once 'classes/locale.inc';
//Set language
ossim_set_lang();
//Sessions (users, activity, permissions, etc)
require_once 'classes/session.inc';
//Security functions
require_once 'classes/Security.inc';
//Check IDS Security
ids();
//Check session status
//No check in these cases (Scheduled reports and migration)
if (!preg_match('/AV Report Scheduler/', $_SERVER['HTTP_USER_AGENT']) && !preg_match('/migration/', $_SERVER['REQUEST_URI'])) {
    Session::is_expired();
}
if (Session::get_session_user() != '') {
    //Set menu options
    $m_opt = REQUEST('m_opt');
    $sm_opt = REQUEST('sm_opt');
    $h_opt = REQUEST('h_opt');
    $l_opt = REQUEST('l_opt');
    ossim_valid($m_opt, OSS_LETTER, OSS_DIGIT, OSS_SCORE, OSS_NULLABLE, 'illegal:' . _('Menu option'));
    ossim_valid($sm_opt, OSS_LETTER, OSS_DIGIT, OSS_SCORE, OSS_NULLABLE, 'illegal:' . _('Submenu option'));
    ossim_valid($h_opt, OSS_LETTER, OSS_DIGIT, OSS_SCORE, OSS_NULLABLE, 'illegal:' . _('Hmenu option'));
    ossim_valid($l_opt, OSS_LETTER, OSS_DIGIT, OSS_SCORE, OSS_NULLABLE, 'illegal:' . _('Lmenu option'));
    //Chenck menu options
    if (ossim_error()) {
        header('Location: ' . AV_MAIN_PATH . '/session/login.php?action=logout');
    }
    $av_menu = @unserialize($_SESSION['av_menu']);
    //Check menu object
*/
require_once 'av_init.php';
Session::logcheck('environment-menu', 'PolicyHosts');
function is_allowed_format($type_uf)
{
    $types = '/force-download|octet-stream|text|csv|plain|spreadsheet|excel|comma-separated-values/';
    if (preg_match($types, $type_uf) == FALSE) {
        return FALSE;
    } else {
        return TRUE;
    }
}
$import_type = POST('import_type');
$ctx = POST('ctx');
$path = '../tmp/';
$current_user = md5(Session::get_session_user());
$file_csv = $path . $current_user . '_assets_import.csv';
if ($import_type != 'hosts' && $import_type != 'welcome_wizard_hosts') {
    ?>
	<script type='text/javascript'>
		parent.show_error('<?php 
    echo _('Error! Import Type not found');
    ?>
');
	</script>
	<?php 
    exit;
}
if (!isset($_POST['ctx']) || empty($_POST['ctx'])) {
    ?>
	<script type='text/javascript'>
Пример #12
0
 if ($munin_link == '') {
     $munin_link = "/munin/";
 }
 $server_ip = Util::get_default_admin_ip();
 if ($server_ip == '') {
     $server_ip = $ossim_conf->get_conf('frameworkd_address');
 }
 $protocol = 'http';
 if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') {
     $protocol = 'https';
 }
 $port = "";
 if (isset($_SERVER['SERVER_PORT']) && $_SERVER['SERVER_PORT'] != "80" && $_SERVER['SERVER_PORT'] != '443') {
     $port = ":" . $_SERVER['SERVER_PORT'];
 }
 $current_user = Session::get_session_user();
 if ($ip == $server_ip) {
     $munin_url = $protocol . '://' . $_SERVER['SERVER_NAME'] . $port . $munin_link;
     $munin_url = str_replace('localhost', $ip, $munin_url);
     $testmunin = $protocol . '://' . $ip . '/munin/';
 } else {
     $munin_url = $protocol . '://' . $ip . $port . $munin_link;
     $testmunin = $munin_url;
 }
 // check valid munin url
 $default_opts = array('http' => array('header' => "Cookie: PHPSESSID=" . $_COOKIE["PHPSESSID"]));
 $resource = stream_context_get_default($default_opts);
 $data = @file($testmunin, FILE_SKIP_EMPTY_LINES, $resource);
 $munin_valid = TRUE;
 if (is_array($data)) {
     foreach ($data as $line) {
Пример #13
0
function edit_autoenable($sid)
{
    global $dbconn, $username, $version;
    navbar($sid);
    $query = "select id, name, description, autoenable, type, owner, update_host_tracker\n      FROM vuln_nessus_settings where id={$sid}";
    $dbconn->SetFetchMode(ADODB_FETCH_BOTH);
    $result = $dbconn->execute($query);
    echo <<<EOT
<form method="post" action="settings.php" id="profile_config">
<input type="hidden" name="type" value="update">
<input type="hidden" name="sid" value="{$sid}">
EOT;
    list($sid, $sname, $sdescription, $sautoenable, $stype, $sowner, $tracker) = $result->fields;
    $sname = mb_convert_encoding($sname, 'ISO-8859-1', 'UTF-8');
    //if($stype=='G') { $stc = "checked"; }  else { $stc = ""; }
    if (valid_hex32($sowner)) {
        $user_entity = $sowner;
    } else {
        $user = $sowner;
    }
    $old_user = $sowner;
    if ($tracker == '1') {
        $cktracker = "checked";
    } else {
        $cktracker = "";
    }
    echo <<<EOT
<input type="hidden" name="old_owner" value="{$old_user}">
<input type="hidden" name="old_name" value="{$sname}">
<center>
<table cellspacing="2" cellpadding="4">
<tr>
EOT;
    echo "<th>" . _("Name") . ":</th>";
    echo '
   <td><input type="text" name="sname" value="' . $sname . '" size=50/>
</tr>
<tr>
';
    echo "<th>" . _("Description") . ":</th>";
    echo '
   <td><input type="text" name="sdescription" value="' . $sdescription . '" size=50/></td>
</tr>';
    $users = Session::get_users_to_assign($dbconn);
    $entities = Session::am_i_admin() || $pro && Acl::am_i_proadmin() ? Session::get_entities_to_assign($dbconn) : null;
    ?>
    <tr>
        <th><?php 
    echo _("Make this profile available for");
    ?>
:</th>
        <td>
            <table cellspacing="0" cellpadding="0" align='center' class="transparent">
                <tr>
                    <td class='nobborder'><span style='margin-right:3px'><?php 
    echo _("User:"******"user" style="width:150px" id="user" onchange="switch_user('user');return false;" >

                            <?php 
    $num_users = 0;
    $current_user = Session::get_session_user();
    if (!Session::am_i_admin()) {
        $user = $user == "" && $entity == "" ? $current_user : $user;
    }
    foreach ($users as $k => $v) {
        $login = $v->get_login();
        $selected = $login == $user ? "selected='selected'" : "";
        $options .= "<option value='" . $login . "' {$selected}>{$login}</option>\n";
        $num_users++;
    }
    if ($num_users == 0) {
        echo "<option value='-1' style='text-align:center !important;'>- " . _("No users found") . " -</option>";
    } else {
        echo "<option value='-1' style='text-align:center !important;'>- " . _("Select users") . " -</option>";
        if (Session::am_i_admin()) {
            $default_selected = ($user == "" || intval($user) == 0) && $entity == "" ? "selected='selected'" : "";
            echo "<option value='0' {$default_selected}>" . _("ALL") . "</option>\n";
        }
        echo $options;
    }
    ?>
                        </select>
                    </td>

                    <?php 
    if (!empty($entities)) {
        ?>
                    <td style='text-align:center; border:none; !important'><span style='padding:5px;'><?php 
        echo _("OR");
        ?>
<span></td>

                    <td class='nobborder'><span style='margin-right:3px'><?php 
        echo _("Entity:");
        ?>
</span></td>
                    <td class='nobborder'>
                        <select name="entity" style="width:170px" id="entity" onchange="switch_user('entity');return false;">
                            <option value="-1" style='text-align:center !important;'>- <?php 
        echo _("Entity not assigned");
        ?>
 -</option>
                            <?php 
        foreach ($entities as $k => $v) {
            $selected = $k == $user_entity ? "selected='selected'" : "";
            echo "<option value='{$k}' {$selected}>{$v}</option>";
        }
        ?>
                        </select>
                    </td>
                        <?php 
    }
    ?>
                </tr>
            </table>
        </td>
    </tr>

<?php 
    echo "<tr style='display:none'>";
    echo "<th>" . _("Link scans run by this profile in Network Hosts") . "<br>" . _("Purpose so that Network Hosts can be tracking full/perfered audits") . ".</th>";
    echo "<td class='left'><input type='checkbox' name='tracker' {$cktracker}/><font color='red'>" . _("Update Host Tracker \"Network Hosts\" Status") . "</font></input></td>";
    echo "</tr>";
    echo "<tr>\n<th valign='top' style='background-position:top center;'>" . _("Autoenable options") . ":</th>\n<td class='nobborder' style='text-align:center'><SELECT name=\"sautoenable\" onChange=\"showEnableBy();return false;\">";
    //echo "<option value=\"N\"";
    //   if ($sautoenable=="N") { echo " selected";}
    //   echo ">None";
    echo "<option value=\"C\"";
    if ($sautoenable == "C") {
        echo " selected";
    }
    echo ">" . _("Autoenable by category") . "<option value=\"F\"";
    if ($sautoenable == "F") {
        echo " selected";
    }
    echo ">" . _("Autoenable by family") . "</select>";
    echo "<div id=\"cat2\"" . ($sautoenable == "C" ? "" : "style=\"display:none;\"") . ">";
    echo "<BR><B>" . _("Autoenable plugins in categories") . ":</B><BR><BR>";
    $query = "SELECT t1.cid, t2.name, t1.status FROM vuln_nessus_settings_category as t1,\n   vuln_nessus_category as t2\n     where t1.sid={$sid}\n   and t1.cid=t2.id\n     order by t2.name";
    // var_dump($query);
    $dbconn->SetFetchMode(ADODB_FETCH_BOTH);
    $result = $dbconn->execute($query);
    echo <<<EOT
<table bordercolor="#6797BF" border="0" cellspacing="2" cellpadding="0">
EOT;
    echo "<tr><th>" . _("Name") . "</th>";
    echo "<th>" . _("Enable All") . "</th>";
    echo "<th>" . _("Enable New") . "</th>";
    echo "<th>" . _("Disable New") . "</th>";
    echo "<th>" . _("Disable All") . "</th>";
    echo "<th>" . _("Intelligent") . "</th></tr>";
    while (!$result->EOF) {
        list($cid, $name, $status) = $result->fields;
        echo "<tr><td style=\"text-align:left;padding-left:3px;\">" . strtoupper($name) . "</td>";
        echo "<td><input type=\"radio\" name=\"c_{$cid}\" value=\"1\" ";
        if ($status == 1) {
            echo "checked";
        }
        echo "></td><td><input type=\"radio\" name=\"c_{$cid}\" value=\"2\" ";
        if ($status == 2) {
            echo "checked";
        }
        echo "></td><td><input type=\"radio\" name=\"c_{$cid}\" value=\"3\" ";
        if ($status == 3) {
            echo "checked";
        }
        echo "></td>";
        echo "<td><input type=\"radio\" name=\"c_{$cid}\" value=\"4\" ";
        if ($status == 4) {
            echo "checked";
        }
        echo "></td>";
        echo "<td><input type=\"radio\" name=\"c_{$cid}\" value=\"5\" ";
        if ($status == 5) {
            echo "checked";
        }
        echo "></td></tr>";
        $result->MoveNext();
    }
    echo "</table><BR>";
    echo "</div>";
    echo "<div id=\"fam2\"" . ($sautoenable == "F" ? "" : "style=\"display:none;\"") . ">";
    $query = "select t1.fid, t2.name, t1.status\n     from vuln_nessus_settings_family as t1,\n   vuln_nessus_family as t2\n     where t1.sid={$sid}\n   and t1.fid=t2.id\n     order by t2.name";
    $dbconn->SetFetchMode(ADODB_FETCH_BOTH);
    $result = $dbconn->execute($query);
    echo "<BR><B>" . _("Autoenable plugins in families") . ":<BR><BR></B>";
    echo <<<EOT
<table bordercolor="#6797BF" border="0" cellspacing="2" cellpadding="0">
EOT;
    echo "<tr><th>" . _("Name") . "</th>";
    echo "<th>" . _("Enable All") . "</th>";
    echo "<th>" . _("Enable New") . "</th>";
    echo "<th>" . _("Disable New") . "</th>";
    echo "<th>" . _("Disable All") . "</th>";
    echo "<th>" . _("Intelligent") . "</th></tr>";
    while (!$result->EOF) {
        list($fid, $name, $status) = $result->fields;
        echo "<tr><td style=\"text-align:left;padding-left:3px;\">{$name}</td>";
        echo "<td><input type=\"radio\" name=\"f_{$fid}\" value=\"1\" ";
        if ($status == 1) {
            echo "checked";
        }
        echo "></td>";
        echo "<td><input type=\"radio\" name=\"f_{$fid}\" value=\"2\" ";
        if ($status == 2) {
            echo "checked";
        }
        echo "></td>";
        echo "<td><input type=\"radio\" name=\"f_{$fid}\" value=\"3\" ";
        if ($status == 3) {
            echo "checked";
        }
        echo "></td>";
        echo "<td><input type=\"radio\" name=\"f_{$fid}\" value=\"4\" ";
        if ($status == 4) {
            echo "checked";
        }
        echo "></td>";
        echo "<td><input type=\"radio\" name=\"f_{$fid}\" value=\"5\" ";
        if ($status == 5) {
            echo "checked";
        }
        echo "></td></tr>";
        $result->MoveNext();
    }
    echo "</table></div></td></tr></table></center><br/>";
    echo "<input type='button' id='update_button' value='" . _("Update") . "' class='button update_profile'><br/><br/></form>";
}
Пример #14
0


/* Deklarasi class UserAuth
 * Class Name : UserAuth
 * Location :root_path/function/userAuth/user_func.php
 * Warning !!! Jangan buat nama variabel sama dengan nama variabel ini
 */

$USERAUTH = new UserAuth();


$SESSION = new Session();

/* Ambil session user */
$UserSession = $SESSION->get_session_user();


if (isset($_POST['login']))
{
	$dataVar = array ('username'=>$_POST['username'], 'password'=>md5($_POST['password']), 'token' => 0);
					
	$dataValid = $DBVAR->form_validation($dataVar);
	if (is_array($dataValid))
	{
		$dataLogin = $USERAUTH->check_login_user($dataValid);
		if ($dataLogin == true)
		{
			//header ("location:$url_rewrite");
			echo "<script>window.location.href='$url_rewrite';</script>script>";
		}
<?php
include "../../../config/config.php";

$USERAUTH = new UserAuth();

$SESSION = new Session();

$menu_id = 28;
$SessionUser = $SESSION->get_session_user();
$USERAUTH->FrontEnd_check_akses_menu($menu_id, $SessionUser);

?>

<?php ob_start(); ?>
<html>
<?php

        include "$path/header.php";
        include "$path/title.php";
        ?>    
<body>
            <?php
        
            include "$path/menu.php";
            open_connection();
            echo '<pre>';
            //print_r($_POST);
            echo '</pre>';
            echo '<pre>';
            //print_r($dataArr);
            echo '</pre>';
Пример #16
0
function echochildrens($entities, $parent_id, $entities_admin)
{
    /* Connect to db */
    $db = new ossim_db();
    $conn = $db->connect();
    $users_by_entity = Acl::get_users_by_entity($conn, $parent_id);
    $me = Session::get_session_user();
    $entities_types = Acl::get_entities_types($conn);
    $length_name = !empty($_GET['length_name']) ? GET('length_name') : 30;
    echo ",children:[";
    $is_editable = $parent_id != "" && (!empty($users_by_entity[$me]) || Session::am_i_admin() || !empty($entities_admin[$me]));
    if ($is_editable) {
        echo "{title:'<font style=\"font-weight:normal\">" . _("All Assets") . "</font>', url:'AllAssets', key:'e_" . $parent_id . "_allassets', icon:'../../pixmaps/menu/assets.gif', isFolder:false, expand:true,";
        echo "children:[ ";
        echo "{ key:'e_" . $parent_id . "_net', isFolder:true, isLazy:true, icon:'../../pixmaps/theme/net.png', title:'" . _("Networks") . "'},";
        echo "{ key:'e_" . $parent_id . "_sensor', isFolder:true, isLazy:true, icon:'../../pixmaps/theme/server.png', title:'" . _("Sensors") . "'}";
        echo "]}";
    }
    $children = Acl::get_entity_childs($conn, $parent_id);
    if (!empty($children)) {
        $flag = false;
        foreach ($children as $index => $child_id) {
            $icon = "../../pixmaps/theme/any.png";
            $child = $entities[0][$child_id];
            $entity_allowed = Acl::entityAllowed($child_id);
            $child_key = "e_" . $child_id;
            $child_sn = strlen($child['name']) > $length_name ? substr($child['name'], 0, $length_name) . "..." : $child['name'];
            $child_name = Util::htmlentities($child['name']);
            $chil_ent_admin = $entities_admin;
            $chil_ent_admin[$child['admin_user']] = $child_id;
            if ($child['parent_id'] == $parent_id) {
                $title = "<font style=\"font-weight:bold;\">" . Util::htmlentities($child_sn) . "</font> <font style=\"color:gray\">[" . $entities_types[$child['type']]['name'] . "]</font>";
                $tooltip = Util::htmlentities($child['name']) . " [" . $entities_types[$child['type']]['name'] . "]";
                if ($flag || $is_editable) {
                    echo ",";
                }
                $flag = true;
                echo "{title:'" . $title . "', tooltip:'{$tooltip}', noLink: true, url:'" . $child_url . "', key:'" . $child_key . "', icon:'{$icon}', expand:true, name:'{$child_name}'";
                echochildrens($entities, $child_id, $withusers, $entities_admin, $length_name);
                echo "}";
            }
        }
    }
    echo "]";
}
Пример #17
0
function set_default_map($conn, $id)
{
    ossim_valid($id, OSS_HEX, 'illegal:' . _('Map'));
    if (ossim_error()) {
        $info_error = "Error: " . ossim_get_error();
        ossim_clean_error();
        $return['error'] = TRUE;
        $return['msg'] = $info_error;
        return $return;
    }
    if (!is_map_editable($conn, $id)) {
        $return['error'] = TRUE;
        $return['msg'] = _("You do not have permission to edit this map");
        return $return;
    }
    $login = Session::get_session_user();
    $config = new User_config($conn);
    $config->set($login, "riskmap", $id, 'simple', "main");
    $return['error'] = FALSE;
    $return['msg'] = _("Default map changed successfully");
    return $return;
}
Пример #18
0
* along with this package; if not, write to the Free Software
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
* MA  02110-1301  USA
*
*
* On Debian GNU/Linux systems, the complete text of the GNU General
* Public License can be found in `/usr/share/common-licenses/GPL-2'.
*
* Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt
*
*/
Session::logcheck("report-menu", "ReportsReportServer");
if (!Session::is_pro()) {
    die(_('Report section is only available in professional version'));
}
$me = Session::get_session_user();
$db = new ossim_db();
$dbconn = $db->connect();
$creports = array();
$result = $dbconn->Execute("SELECT login, name, value FROM user_config where category LIKE 'custom_report%' ORDER BY name ASC");
//Wizard Perms
$wizard_perms = Av_report::get_report_permissions($dbconn);
while (!$result->EOF) {
    $available = false;
    $unserializedata = unserialize($result->fields["value"]);
    $user_perm = $unserializedata["user"];
    $entity_perm = $unserializedata["entity"];
    $available = Av_report::check_report_availability($result->fields["login"], $user_perm, $entity_perm, $wizard_perms);
    if ($available == true) {
        $creports[] = $result->fields;
    }
Пример #19
0
$users = array();
$allowed_users = array();
if (Session::am_i_admin() || $pro && Acl::am_i_proadmin()) {
    if (Session::am_i_admin()) {
        $users_list = Session::get_list($conn, 'ORDER BY login');
    } else {
        $users_list = Acl::get_my_users($conn, Session::get_session_user());
    }
    if (is_array($users_list) && !empty($users_list)) {
        foreach ($users_list as $v) {
            $users[] = is_object($v) ? $v->get_login() : $v['login'];
        }
        $where = "WHERE login in ('" . implode("','", $users) . "')";
    }
} else {
    $where = "WHERE login = '******'";
}
$allowed_users = Session_activity::get_list($conn, $where . ' ORDER BY activity DESC');
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
	<head>
		<title><?php 
echo _('Opened Sessions');
?>
 </title>
		<meta http-equiv="Pragma" content="no-cache"/>
	    <link rel="stylesheet" type="text/css" href="/ossim/style/jquery-ui-1.7.custom.css"/>
	    <link rel="stylesheet" type="text/css" href="/ossim/style/av_common.css?t=<?php 
echo Util::get_css_id();
?>
Пример #20
0
            case 'up':
                $directive_editor->up($dom, $rule, &$tab_rules, $direct);
                break;
            case 'down':
                $directive_editor->down($dom, $rule, &$tab_rules, $direct);
                break;
        }
        $directive_editor->save_xml($filepath, $dom, "DOMXML");
    }
}
// Get columns
$columns = array("name" => _("Name"), "reliability" => _("Reliability"), "time_out" => _("Timeout"), "occurrence" => _("Occurrence"), "from" => _("From"), "to" => _("To"), "plugin_id" => _("Data Source"), "plugin_sid" => _("Event Type"), "sensor" => _("Sensor"), "protocol" => _("Protocol"), "sticky_different" => _("Sticky Dif"), "username" => _("Username"), "password" => _("Pass"), "userdata1" => _("Userdata1"), "userdata2" => _("Userdata2"), "userdata3" => _("Userdata3"), "userdata4" => _("Userdata4"), "userdata5" => _("Userdata5"), "userdata6" => _("Userdata6"), "userdata7" => _("Userdata7"), "userdata8" => _("Userdata8"), "userdata9" => _("Userdata9"));
$db = new ossim_db();
$conn = $db->connect();
$config = new User_config($conn);
$columns_arr = $config->get(Session::get_session_user(), 'directive_editor_cols', 'php', 'directives');
if (count($columns_arr) < 1) {
    $columns_arr = array("name", "reliability", "time_out", "occurrence", "from", "to", "plugin_id", "plugin_sid");
}
$rules = $directive_editor->get_rules($directive_id, $file);
?>
<table width="100%" cellspacing="0">
	<tr><td><table class="transparent" cellpadding="0" cellspacing="0"><tr><td style="padding:3px;text-align:left"><a href="" onclick="toggle_directive_rulelist(<?php 
echo $directive_id;
?>
);return false" class='uppercase'><img id="rulelist_arrow_<?php 
echo $directive_id;
?>
" src="../pixmaps/arrow_green_down.gif" align="absmiddle" border="0"/> <b><?php 
echo _("Rules");
?>
Пример #21
0
        echo _("Delete");
        ?>
'/>                     
                        <?php 
    }
    ?>
				</div>				
			</td>
			<td class="nobborder" width='75%' height="100px" align='center'>
					<!-- side note -->
					
					<div id="ncontainer">
						<div class="paper">
							<div class="tape"></div>
							<div class='note_txt <?php 
    echo Session::get_session_user() == $note->get_user() ? "editInPlace" : "";
    ?>
' note='<?php 
    echo $note->get_id();
    ?>
'>
								<?php 
    echo nl2br(Util::htmlentities($note->get_txt()));
    ?>
							</div>
							<div class="left-shadow"></div>
							<div class="right-shadow"></div>
						</div><!--end paper-->
					</div><!--end container-->
					<!-- side note -->				 
			</td>
Пример #22
0
 if ($chk_parameters['error'] == TRUE) {
     echo "error###<div style='padding-left: 15px; text-align:left;'>" . _('We found the followings errors') . ':</div>';
     echo "<div style='padding-left: 15px; text-align:left;'>";
     echo "<div style='padding-left: 30px;'>" . implode('</div><div style="padding-left: 30px;">', $chk_parameters['error_msg']) . "</div>";
     echo "</div>";
     exit;
 }
 Session::logcheck('report-menu', 'ReportsReportServer');
 $TBackground = "#7B7B7B";
 $TForeground = "#FFFFFF";
 $SBackground = "#8CC221";
 $SForeground = "#FFFFFF";
 // Load css
 $styleCss = array('Title' => array('Background' => $TBackground, 'Foreground' => $TForeground), 'Subtitle' => array('Background' => $SBackground, 'Foreground' => $SForeground));
 // Make header - footer with replacements
 $footerContent = array('left' => 'User: '******' / [[date_y]]-[[date_m]]-[[date_d]] [[date_h]]:[[date_i]]:[[date_s]]', 'right' => 'Page [[page_cu]] / [[page_nb]]');
 $report_data = $section == 'forensics' ? get_freport_data($report_id) : get_report_data($report_id);
 // Init PDF Report
 $pdfReport = new Pdf_report($report_id, 'P', 'A4', NULL, FALSE);
 // Init html2pdf document
 //$header = ucwords(str_replace('_',' ',$pdfReport->getName()));
 $htmlPdfReport = new Pdf_html($report_id, $report_data['report_name'], Session::is_pro() ? 'default.png' : 'ossim.png', '', $styleCss, $footerContent);
 // Include php per each sub-report
 $runorder = 1;
 // Close session to stop() feature
 $dDB['_shared'] = new DBA_shared($report_id);
 $dDB['_shared']->truncate();
 session_write_close();
 foreach ($report_data['subreports'] as $r_key => $r_data) {
     //PDF Report with hidden modules
     if (!isset($_POST['sr_' . $r_data['id']]) && $report_id == $r_data["id"] && file_exists($r_data['report_file'])) {
Пример #23
0
function QueryOssimSignatureTmpTable($q, $cmd, $cmp)
{
    global $db;
    $ids = "";
    /*
     * Prepare search string:
     * - html_entity_decode() The string here is with htmlentities, chars like &quot; must be "
     * - escape_sql()
     */
    $q = html_entity_decode($q, ENT_QUOTES, 'ISO-8859-1');
    $q = escape_sql($q, $db->DB);
    if (preg_match("/.* OR .*|.* AND .*/", $q)) {
        $or_str = $cmd == "=" ? "' OR plugin_sid.name = '" : "%' OR plugin_sid.name LIKE '%";
        $and_str = $cmd == "=" ? "' AND plugin_sid.name = '" : "%' AND plugin_sid.name LIKE '%";
        $q = str_replace(" OR ", $or_str, $q);
        $q = str_replace(" AND ", $and_str, $q);
    }
    $q = parenthesis_encode($q);
    $op = $cmd == "=" ? "plugin_sid.name = '{$q}'" : "plugin_sid.name LIKE '%" . $q . "%'";
    // apply ! operator
    $op = str_replace(" = '!", " != '", $op);
    $op = str_replace(" LIKE '%!", " NOT LIKE '%", $op);
    $_user = Session::get_session_user();
    $db->DB->Execute('CREATE TABLE IF NOT EXISTS alienvault_siem.plugins_join (id int(11) NOT NULL, sid int(11) NOT NULL, login VARCHAR(64) NOT NULL, PRIMARY KEY (id,sid,login)) ENGINE=MEMORY');
    $db->DB->Execute('DELETE FROM alienvault_siem.plugins_join WHERE login=?', array($_user));
    $sql = "INSERT IGNORE INTO alienvault_siem.plugins_join SELECT plugin_id,sid,? FROM alienvault.plugin_sid WHERE {$op}";
    if (file_exists('/tmp/debug_siem')) {
        error_log("TMP TABLE:{$sql}\n", 3, "/tmp/siem");
    }
    $db->DB->Execute($sql, array($_user));
    $plugin_join = " INNER JOIN alienvault_siem.plugins_join ON acid_event.plugin_id=plugins_join.id AND acid_event.plugin_sid=plugins_join.sid AND plugins_join.login='******'";
    return $plugin_join;
}
Пример #24
0
} else {
    $company = '';
    $departament = '';
}
//Parameters
$greybox = REQUEST('greybox');
$duplicate = GET('duplicate') != '' ? TRUE : FALSE;
$login = REQUEST('login');
$msg = GET('msg');
$load_cookies = $_GET['load_cookies'];
//Check login
if ($login != '') {
    ossim_valid($login, OSS_USER, 'illegal:' . _('User name'));
}
// Session parameters
$myself = Session::get_session_user();
$am_i_admin = Session::am_i_admin();
$is_default_admin = $login == AV_DEFAULT_ADMIN ? TRUE : FALSE;
$am_i_proadmin = $pro && Acl::am_i_proadmin() ? TRUE : FALSE;
$is_my_profile = $login == $myself && !$duplicate ? TRUE : FALSE;
ossim_valid($greybox, OSS_DIGIT, OSS_NULLABLE, 'illegal:' . _('Greybox'));
if (ossim_error()) {
    echo ossim_error();
    exit;
}
if ($is_default_admin && $duplicate == TRUE) {
    echo ossim_error(_('The user admin can not be duplicated'));
    exit;
}
if ($login != '') {
    if ($login == AV_DEFAULT_ADMIN && $myself != AV_DEFAULT_ADMIN) {
Пример #25
0
if (!isset($_SESSION["_user"])) {
    require_once "ossim_conf.inc";
    $conf = $GLOBALS["CONF"];
    $ossim_link = $conf->get_conf("ossim_link", FALSE);
    $login_location = $ossim_link . '/session/login.php';
    header("Location: {$login_location}");
    exit;
}
require_once "classes/Util.inc";
// Timezone correction
$tz = Util::get_timezone();
$timetz = gmdate("U") + 3600 * $tz;
// time to generate dates with timezone correction
// Custom Views
require_once 'classes/User_config.inc';
$login = Session::get_session_user();
$db_aux = new ossim_db();
$conn_aux = $db_aux->connect();
$config = new User_config($conn_aux);
$_SESSION['views'] = $config->get($login, 'custom_views', 'php', "siem");
// First save of default view (important!)
if ($_SESSION['views']['default'] == "") {
    $_SESSION['views']['default']['cols'] = array('SIGNATURE', 'DATE', 'IP_PORTSRC', 'IP_PORTDST', 'ASSET', 'PRIORITY', 'RELIABILITY', 'RISK', 'IP_PROTO');
    $session_data = $_SESSION;
    foreach ($_SESSION as $k => $v) {
        if (preg_match("/^(_|alarms_|back_list|current_cview|views|ports_cache|acid_|report_|graph_radar|siem_event|deletetask|mdspw).*/", $k)) {
            unset($session_data[$k]);
        }
    }
    $_SESSION['views']['default']['data'] = $session_data;
    $config->set($login, 'custom_views', $_SESSION['views'], 'php', 'siem');
Пример #26
0
         $query_temp['dayCompromiseNet'] = $pdf->MetricsNoPDF('day', 'compromise', 'net', $filter, $dates_filter['max_c_date']);
         $data['data'] = $query_temp['dayCompromiseNet'];
         createTable($data, &$htmlPdfReport);
     }
     $htmlPdfReport->set('</table>');
 }
 $htmlPdfReport->pageBreak();
 $htmlPdfReport->set($htmlPdfReport->newTitle($subreport_name . ' - ' . _('Last Day (Attack)'), $date_from, $date_to, NULL));
 //User
 $htmlPdfReport->set('<table class="tableTitle w100" style="margin-top:3px;"><tr><td class="w100">' . _('Global') . '</td></tr></table>');
 $htmlPdfReport->set('<table class="w100">');
 $query_temp['dayAttackGlobal'] = $pdf->MetricsNoPDF('day', 'attack', 'global', '', $dates_filter['max_a_date'], $param['user']);
 if ($query_temp['dayAttackGlobal'][1][1] == '') {
     $query_temp['dayAttackGlobal'] = array($query_temp['dayAttackGlobal'][0]);
 }
 $data['asset'] = Session::get_session_user();
 $data['date'] = ' - ';
 $data['data'] = $query_temp['dayAttackGlobal'];
 createTable($data, &$htmlPdfReport);
 $htmlPdfReport->set('</table>');
 //Hosts
 if (count($param['hosts']) > 0) {
     $htmlPdfReport->set('<table class="tableTitle w100" style="margin-top:5px;"><tr><td class="w100">' . _('Hosts') . '</td></tr></table>');
     $htmlPdfReport->set('<table class="w100">');
     foreach ($param['hosts'] as $host_id => $host_data) {
         $host_ip = $host_data[2];
         $data['asset'] = $host_ip;
         $data['date'] = ' - ';
         $filter = "AND id = '{$host_id}'";
         $query_temp['dayAttackHost'] = $pdf->MetricsNoPDF('day', 'attack', 'host', $filter, $dates_filter['max_a_date']);
         $data['data'] = $query_temp['dayAttackHost'];
Пример #27
0
function select_profile()
{
    global $sid, $username, $dbconn, $version, $nessus_path;
    $used_sids = array();
    if (preg_match("/omp\\s*\$/i", $nessus_path)) {
        $omp = new OMP();
        $used_sids = $omp->get_used_sids();
    }
    $entities_nt = array();
    $query = "SELECT ae.id as eid, ae.name as ename, aet.name as etype FROM acl_entities AS ae, acl_entities_types AS aet WHERE ae.type = aet.id";
    $result_entities = $dbconn->Execute($query);
    while (!$result_entities->EOF) {
        $entities_nt[$result_entities->fields['eid']] = $result_entities->fields['ename'] . " [" . $result_entities->fields['etype'] . "]";
        $result_entities->MoveNext();
    }
    $query = "";
    $normal_user_pro = false;
    if ($username == "admin") {
        $query = "SELECT id, name, description, owner, type FROM vuln_nessus_settings \n                    WHERE deleted != '1' ORDER BY name";
    } else {
        if (preg_match("/pro|demo/i", $version)) {
            if (Acl::am_i_proadmin()) {
                $pro_users = array();
                $entities_list = array();
                //list($entities_admin,$num) = Acl::get_entities_admin($dbconn,Session::get_session_user());
                //$entities_list = array_keys($entities_admin);
                $entities_list = Acl::get_user_entities($current_user);
                $users = Acl::get_my_users($dbconn, Session::get_session_user());
                foreach ($users as $us) {
                    $pro_users[] = $us["login"];
                }
                $query = "SELECT id, name, description, owner, type FROM vuln_nessus_settings \n                      WHERE deleted != '1' and (name='Default' or owner in ('0','" . implode("', '", array_merge($entities_list, $pro_users)) . "')) ORDER BY name";
            } else {
                $tmp = array();
                $entities = Acl::get_user_entities($username);
                foreach ($entities as $entity) {
                    $tmp[] = "'" . $entity . "'";
                }
                if (count($tmp) > 0) {
                    $user_where = "owner in ('0','{$username}'," . implode(", ", $tmp) . ")";
                } else {
                    $user_where = "owner in ('0','{$username}')";
                }
                $query = "SELECT id, name, description, owner, type FROM vuln_nessus_settings \n                          WHERE deleted != '1' and (name='Default' or {$user_where}) ORDER BY name";
                $normal_user_pro = true;
            }
        } else {
            $query = "SELECT id, name, description, owner, type FROM vuln_nessus_settings \n                          WHERE deleted != '1' and (name='Default' or owner in ('0','{$username}')) ORDER BY name";
        }
    }
    //var_dump($query);
    $result = $dbconn->execute($query);
    //echo $query;
    echo "<CENTER>";
    echo "<table cellspacing=\"0\" cellpadding=\"0\" border=\"0\" width=\"800\"><tr><td class=\"headerpr\" style=\"border:0;\">" . _("Vulnerability Scan Profiles") . "</td></tr></table>";
    echo "<table cellspacing=\"0\" cellpadding=\"0\" border=\"0\" width=\"800\"><tr><td class=\"noborder\">";
    echo "<p>";
    echo _("Please select a profile to edit") . ":";
    echo "</p>";
    echo "<table align='center'>";
    echo "<tr>";
    if ($username == "admin" || Session::am_i_admin()) {
        echo "<th>" . _("Available for") . "</th>";
    }
    echo "   <th>" . _("Profile") . "</th>";
    echo "   <th>" . _("Description") . "</th>";
    echo "   <th>" . _("Action") . "</th>";
    echo "</tr>";
    while (!$result->EOF) {
        //<td>$sowner</td>
        //<td>$stype</td>
        list($sid, $sname, $sdescription, $sowner, $stype) = $result->fields;
        echo "<tr>";
        if ($username == "admin" || Session::am_i_admin()) {
            if ($sowner == "0") {
                echo "<td>" . _("All") . "</td>";
            } elseif (is_numeric($sowner)) {
                echo "<td style='padding:0px 2px 0px 2px;'>" . $entities_nt[$sowner] . "</td>";
            } else {
                echo "<td>" . html_entity_decode($sowner) . "</td>";
            }
        }
        echo "<td>" . html_entity_decode($sname) . "</td>";
        echo "<td>" . html_entity_decode($sdescription) . "</td>";
        echo "<td>";
        //var_dump($normal_user_pro);
        //var_dump($sowner);
        //var_dump($username);
        //var_dump($used_sids);
        if ($normal_user_pro && $sowner != $username && $sname != "Default") {
            echo "&nbsp";
        } elseif ($username == "admin" || Session::am_i_admin()) {
            if (!in_array($sid, $used_sids)) {
                echo "<a href=\"settings.php?disp=edit&amp;&amp;sid={$sid}\"><img src=\"images/pencil.png\"></a>";
                echo "<a href=\"settings.php?disp=edit&amp;op=delete&amp;sid={$sid}\" onclick=\"return confirmDelete();\"><img src=\"images/delete.gif\"></a>";
            } else {
                echo "<img src=\"images/pencil.png\" title=\"" . _("This profile is being used by a running job now") . "\" style=\"filter:alpha(opacity=50);-moz-opacity:0.5;-khtml-opacity: 0.5;opacity: 0.5;\">";
                echo "<img src=\"images/delete.gif\" title=\"" . _("This profile is being used by a running job now") . "\" style=\"filter:alpha(opacity=50);-moz-opacity:0.5;-khtml-opacity: 0.5;opacity: 0.5;\">";
            }
        } elseif ($sname == "Default") {
            echo "[" . _("edit by admin") . "]";
        } elseif ($sname != "Default") {
            if (!in_array($sid, $used_sids)) {
                echo "<a href=\"settings.php?disp=edit&amp;&amp;sid={$sid}\"><img src=\"images/pencil.png\"></a>";
                echo "<a href=\"settings.php?disp=edit&amp;op=delete&amp;sid={$sid}\" onclick=\"return confirmDelete();\"><img src=\"images/delete.gif\"></a>";
            } else {
                echo "<img title=\"" . _("This profile is being used by a running job now") . "\" style=\"filter:alpha(opacity=50);-moz-opacity:0.5;-khtml-opacity: 0.5;opacity: 0.5;\" src=\"images/pencil.png\">";
                echo "<img title=\"" . _("This profile is being used by a running job now") . "\" style=\"filter:alpha(opacity=50);-moz-opacity:0.5;-khtml-opacity: 0.5;opacity: 0.5;\" src=\"images/delete.gif\">";
            }
        }
        echo "</td>";
        echo "</tr>";
        $result->MoveNext();
    }
    echo "</table>";
    echo "<center>";
    echo "<p>";
    echo "<form>";
    echo "<input type=button onclick=\"document.location.href='settings.php?disp=new'\" value=\"" . _("Create New Profile") . "\" class=\"button\">&nbsp;&nbsp;&nbsp;&nbsp;";
    if ($username == "admin" || Session::am_i_admin()) {
        echo "<input type=button onclick=\"document.location.href='defaults.php'\" value=\"" . _("Edit default profile") . "\" class=\"button\">";
    }
    echo "</form>";
    echo "</p>";
    echo "</center>";
    echo "<br><br>";
    echo "</td></tr></table></center>";
    // end else
}
Пример #28
0
* You should have received a copy of the GNU General Public License
* along with this package; if not, write to the Free Software
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
* MA  02110-1301  USA
*
*
* On Debian GNU/Linux systems, the complete text of the GNU General
* Public License can be found in `/usr/share/common-licenses/GPL-2'.
*
* Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt
*
*/
require_once 'av_init.php';
Session::logcheck("report-menu", "ReportsReportServer");
$year = GET('year') != "" ? intval(GET('year')) : date("Y");
$user = Session::get_session_user();
// define colors
define('COLOR1', '#D6302C');
define('COLOR2', '#3933FC');
define('COLOR3', 'green');
define('COLOR4', 'yellow');
define('COLOR5', 'pink');
define('COLOR6', '#40E0D0');
define('COLOR7', '#00008B');
define('COLOR8', '#800080');
define('COLOR9', '#FFA500');
define('COLOR10', '#A52A2A');
define('COLOR11', '#228B22');
define('COLOR12', '#D3D3D3');
//
require_once 'ossim_db.inc';
Пример #29
0
    // users
    $users = array();
    if (Session::am_i_admin()) {
        $users_list = Session::get_list($conn_ossim);
        foreach ($users_list as $user_data) {
            $users[] = $user_data->login;
        }
    } else {
        $users_list = Acl::get_my_users($conn_ossim, Session::get_session_user());
        foreach ($users_list as $user_data) {
            $users[] = $user_data["login"];
        }
    }
    // entities
    list($entities_all, $num_entities) = Acl::get_entities($conn_ossim);
    list($entities_admin, $num) = Acl::get_entities_admin($conn_ossim, Session::get_session_user());
    $entities_list = array_keys($entities_admin);
}
$db->close($conn);
$db->close($conn_ossim);
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
	<head>
		<title><?php 
echo _('Backup');
?>
</title>
 		<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>
  		<meta http-equiv="Pragma" content="no-cache">
  		<link rel="stylesheet" type="text/css" href="../style/style.css"/>
Пример #30
-2
function submit_scan($SVRid, $job_name, $ssh_credential, $smb_credential, $schedule_type, $not_resolve, $user, $entity, $targets, $scheduled_status, $hosts_alive, $sid, $send_email, $timeout, $scan_locally, $dayofweek, $dayofmonth, $ROYEAR, $ROMONTH, $ROday, $time_hour, $time_min, $time_interval, $sched_id, $biyear, $bimonth, $biday, $nthweekday, $tz, $daysMap)
{
    $db = new ossim_db();
    $dbconn = $db->connect();
    $credentials = $ssh_credential . '|' . $smb_credential;
    $username = valid_hex32($entity) ? $entity : $user;
    if (empty($username)) {
        $username = Session::get_session_user();
    }
    $btime_hour = $time_hour;
    // save local time
    $btime_min = $time_min;
    $bbiyear = $biyear;
    $bbimonth = $bimonth;
    $bbiday = $biday;
    if ($schedule_type == 'O') {
        // date and time for run once
        if (empty($ROYEAR)) {
            $ROYEAR = gmdate('Y');
        }
        if (empty($ROMONTH)) {
            $ROMONTH = gmdate('m');
        }
        if (empty($ROday)) {
            $ROday = gmdate('d');
        }
        list($_y, $_m, $_d, $_h, $_u, $_s, $_time) = Util::get_utc_from_date($dbconn, "{$ROYEAR}-{$ROMONTH}-{$ROday} {$time_hour}:{$time_min}:00", $tz);
        $ROYEAR = $_y;
        $ROMONTH = $_m;
        $ROday = $_d;
        $time_hour = $_h;
        $time_min = $_u;
    } else {
        if (in_array($schedule_type, array('D', 'W', 'M', 'NW'))) {
            // date and time for Daily, Day of Week, Day of month, Nth weekday of month
            list($b_y, $b_m, $b_d, $b_h, $b_u, $b_s, $b_time) = Util::get_utc_from_date($dbconn, "{$biyear}-{$bimonth}-{$biday} {$time_hour}:{$time_min}:00", $tz);
            $biyear = $b_y;
            $bimonth = $b_m;
            $biday = $b_d;
            $time_hour = $b_h;
            $time_min = $b_u;
        }
    }
    $resolve_names = $not_resolve == '1' ? 0 : 1;
    if ($schedule_type != 'N') {
        // current datetime in UTC
        $arrTime = explode(":", gmdate('Y:m:d:w:H:i:s'));
        $year = $arrTime[0];
        $mon = $arrTime[1];
        $mday = $arrTime[2];
        $wday = $arrTime[3];
        $hour = $arrTime[4];
        $min = $arrTime[5];
        $sec = $arrTime[6];
        $timenow = $hour . $min . $sec;
        $run_wday = $daysMap[$dayofweek]['number'];
        $run_time = sprintf('%02d%02d%02d', $time_hour, $time_min, '00');
        $run_mday = $dayofmonth;
        $time_value = "{$time_hour}:{$time_min}:00";
        $ndays = array('Sunday', 'Monday', 'Tuesday', 'Wednesday', 'Thursday', 'Friday', 'Saturday');
        $begin_in_seconds = Util::get_utc_unixtime("{$biyear}-{$bimonth}-{$biday} {$time_hour}:{$time_min}:00") - 3600 * $tz;
        $current_in_seconds = gmdate('U');
        // current datetime in UTC
        if (strlen($bimonth) == 1) {
            $bimonth = '0' . $bimonth;
        }
        if (strlen($biday) == 1) {
            $biday = '0' . $biday;
        }
    }
    switch ($schedule_type) {
        case 'N':
            $requested_run = gmdate('YmdHis');
            break;
        case 'O':
            $requested_run = sprintf('%04d%02d%02d%06d', $ROYEAR, $ROMONTH, $ROday, $run_time);
            break;
        case 'D':
            if ($begin_in_seconds > $current_in_seconds) {
                $next_day = $biyear . $bimonth . $biday;
                // selected date by user
            } else {
                if ($run_time > $timenow) {
                    $next_day = $year . $mon . $mday;
                    // today
                } else {
                    $next_day = gmdate("Ymd", strtotime("+1 day GMT", gmdate("U")));
                    // next day
                }
            }
            $requested_run = sprintf("%08d%06d", $next_day, $run_time);
            break;
        case 'W':
            if ($begin_in_seconds > $current_in_seconds) {
                // if it is a future date
                $wday = date("w", mktime(0, 0, 0, $bimonth, $biday, $biyear));
                // make week day for begin day
                if ($run_wday == $wday) {
                    $next_day = $biyear . $bimonth . $biday;
                    // selected date by user
                } else {
                    $next_day = gmdate("Ymd", strtotime("next " . $ndays[$run_wday] . " GMT", mktime(0, 0, 0, $bimonth, $biday, $biyear)));
                }
            } else {
                if ($run_wday == $wday && $run_time > $timenow) {
                    $next_day = $year . $mon . $mday;
                    // today
                } else {
                    $next_day = gmdate("Ymd", strtotime("next " . $ndays[$run_wday] . " GMT", gmdate("U")));
                    // next week
                }
            }
            preg_match("/(\\d{4})(\\d{2})(\\d{2})/", $next_day, $found);
            list($b_y, $b_m, $b_d, $b_h, $b_u, $b_s, $b_time) = Util::get_utc_from_date($dbconn, $found[1] . "-" . $found[2] . "-" . $found[3] . " {$btime_hour}:{$btime_min}:00", $tz);
            $requested_run = sprintf("%04d%02d%02d%02d%02d%02d", $b_y, $b_m, $b_d, $b_h, $b_u, "00");
            break;
        case 'M':
            if ($begin_in_seconds > $current_in_seconds) {
                // if it is a future date
                if ($run_mday >= $biday) {
                    $next_day = $biyear . $bimonth . ($run_mday < 10 ? "0" : "") . $run_mday;
                    // this month
                } else {
                    $next_day = sprintf("%06d%02d", gmdate("Ym", strtotime("next month GMT", mktime(0, 0, 0, $bimonth, $biday, $biyear))), $run_mday);
                }
            } else {
                if ($run_mday > $mday || $run_mday == $mday && $run_time > $timenow) {
                    $next_day = $year . $mon . ($run_mday < 10 ? "0" : "") . $run_mday;
                    // this month
                } else {
                    $next_day = sprintf("%06d%02d", gmdate("Ym", strtotime("next month GMT", gmdate("U"))), $run_mday);
                }
            }
            preg_match("/(\\d{4})(\\d{2})(\\d{2})/", $next_day, $found);
            list($b_y, $b_m, $b_d, $b_h, $b_u, $b_s, $b_time) = Util::get_utc_from_date($dbconn, $found[1] . "-" . $found[2] . "-" . $found[3] . " {$btime_hour}:{$btime_min}:00", $tz);
            $requested_run = sprintf("%04d%02d%02d%02d%02d%02d", $b_y, $b_m, $b_d, $b_h, $b_u, "00");
            break;
        case 'NW':
            if ($begin_in_seconds > $current_in_seconds) {
                // if it is a future date
                $array_time = array('month' => $bbimonth, 'day' => $bbiday, 'year' => $bbiyear);
                $requested_run = weekday_month(strtolower($daysMap[$dayofweek]['text']), $nthweekday, $btime_hour, $btime_min, $array_time);
            } else {
                $requested_run = weekday_month(strtolower($daysMap[$dayofweek]['text']), $nthweekday, $btime_hour, $btime_min);
            }
            preg_match("/(\\d{4})(\\d{2})(\\d{2})(\\d{2})(\\d{2})(\\d{2})/", $requested_run, $found);
            list($b_y, $b_m, $b_d, $b_h, $b_u, $b_s, $b_time) = Util::get_utc_from_date($dbconn, $found[1] . "-" . $found[2] . "-" . $found[3] . " " . $found[4] . ":" . $found[5] . ":00", $tz);
            $requested_run = sprintf("%04d%02d%02d%02d%02d%02d", $b_y, $b_m, $b_d, $b_h, $b_u, "00");
            $dayofmonth = $nthweekday;
            break;
        default:
            break;
    }
    $insert_time = gmdate('YmdHis');
    if (!empty($_SESSION['_vuln_targets']) && count($_SESSION['_vuln_targets']) > 0) {
        $sgr = array();
        foreach ($_SESSION['_vuln_targets'] as $target_selected => $server_id) {
            $sgr[$server_id][] = $target_selected;
        }
        ossim_clean_error();
        unset($_SESSION['_vuln_targets']);
        // clean scan targets
        $resolve_names = $not_resolve == '1' ? 0 : 1;
        $queries = array();
        $bbimonth = strlen($bbimonth) == 1 ? '0' . $bbimonth : $bbimonth;
        $bbiday = strlen($bbiday) == 1 ? '0' . $bbiday : $bbiday;
        $qc = 0;
        if ($schedule_type == 'N') {
            foreach ($sgr as $notify_sensor => $target_list) {
                $target_list = implode("\n", $target_list);
                $params = array($job_name, $username, Session::get_session_user(), $schedule_type, $target_list, $hosts_alive, $sid, $send_email, $timeout, $SVRid, $insert_time, $requested_run, '3', 'S', $notify_sensor, $scan_locally, '', $resolve_names, $credentials);
                $queries[$qc]['query'] = 'INSERT INTO vuln_jobs ( name, username, fk_name, meth_SCHED, meth_TARGET,  meth_CRED,
                    meth_VSET, meth_Wfile, meth_TIMEOUT, scan_ASSIGNED,
                    scan_SUBMIT, scan_next, scan_PRIORITY, status, notify, authorized, author_uname, resolve_names, credentials )
                    VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)';
                $queries[$qc]['params'] = $params;
                $qc++;
            }
        } else {
            $params = array($bbiyear . $bbimonth . $bbiday, $job_name, $username, Session::get_session_user(), $schedule_type, $dayofweek, $dayofmonth, $time_value, implode("\n", $targets), $hosts_alive, $sid, $send_email, $scan_locally, $timeout, $requested_run, $insert_time, strval($scheduled_status), $resolve_names, $time_interval, '', $credentials, $SVRid);
            $queries[$qc]['query'] = 'INSERT INTO vuln_job_schedule ( begin, name, username, fk_name, schedule_type, day_of_week, day_of_month, time, meth_TARGET, meth_CRED, meth_VSET, meth_Wfile,  meth_Ucheck, meth_TIMEOUT, next_CHECK, createdate, enabled, resolve_names, time_interval, IP_ctx, credentials, email)
                                     VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?) ';
            $queries[$qc]['params'] = $params;
            $qc++;
        }
        $execute_errors = array();
        foreach ($queries as $id => $sql_data) {
            $rs = $dbconn->execute($sql_data['query'], $sql_data['params']);
            if ($rs === FALSE) {
                $execute_errors[] = $dbconn->ErrorMsg();
            }
        }
        if (empty($execute_errors) && $schedule_type != 'N') {
            // We have to update the vuln_job_assets
            if (intval($sched_id) == 0) {
                $query = ossim_query('SELECT LAST_INSERT_ID() as sched_id');
                $rs = $dbconn->Execute($query);
                if (!$rs) {
                    Av_exception::throw_error(Av_exception::DB_ERROR, $dbconn->ErrorMsg());
                } else {
                    $sched_id = $rs->fields['sched_id'];
                }
            }
            Vulnerabilities::update_vuln_job_assets($dbconn, 'insert', $sched_id, 0);
        }
        $config_nt = array('content' => '', 'options' => array('type' => 'nf_success', 'cancel_button' => FALSE), 'style' => 'width: 40%; margin: 20px auto; text-align: center;');
        $config_nt['content'] = empty($execute_errors) ? _('Successfully Submitted Job') : _('Error creating scan job:') . implode('<br>', $execute_errors);
        $nt = new Notification('nt_1', $config_nt);
        $nt->show();
        $dbconn->close();
    }
}