function add_note($conn, $type) { $validate = array('asset_id' => array('validation' => 'OSS_HEX', 'e_message' => 'illegal:' . _('Asset ID')), 'txt' => array('validation' => 'OSS_TEXT, OSS_PUNC_EXT', 'e_message' => 'illegal:' . _('Note text'))); $validation_errors = validate_form_fields('POST', $validate); if (is_array($validation_errors) && !empty($validation_errors)) { Av_exception::throw_error(Av_exception::USER_ERROR, _('Error! Note could not be added')); } $asset_id = POST('asset_id'); $txt = POST('txt'); // Check Asset Type $asset_types = array('asset' => 'asset_host', 'network' => 'asset_net', 'group' => 'asset_group', 'net_group' => 'net_group'); // Note type $type_tr = array('group' => 'host_group', 'network' => 'net', 'asset' => 'host', 'net_group' => 'net_group'); $class_name = $asset_types[$type]; $asset_type = $type_tr[$type]; // Check Asset Permission if (method_exists($class_name, 'is_allowed') && !$class_name::is_allowed($conn, $asset_id)) { $error = sprintf(_('Error! %s is not allowed'), ucwords($type)); Av_exception::throw_error(Av_exception::USER_ERROR, $error); } $note_id = Notes::insert($conn, $asset_type, gmdate('Y-m-d H:i:s'), $asset_id, $txt); if (intval($note_id) > 0) { $tz = Util::get_timezone(); $data['msg'] = _('Note added successfully'); $data['id'] = $note_id; $data['note'] = $txt; $data['date'] = gmdate('Y-m-d H:i:s', Util::get_utc_unixtime(gmdate('Y-m-d H:i:s')) + 3600 * $tz); $data['user'] = Session::get_session_user(); $data['editable'] = 1; } else { Av_exception::throw_error(Av_exception::USER_ERROR, _('Error! Note could not be added')); } return $data; }
function calc_events_trend($conn) { $tz = Util::get_timezone(); $timetz = gmdate("U") + 3600 * $tz - 3600; $values = SIEM_trend($conn); $data = array(); $label = array(); for ($i = 0; $i < 60; $i++) { //Data $h = gmdate("i", $timetz + 60 * $i); $h = preg_replace("/^0/", '', $h); $data[] = $values[$h] != "" ? $values[$h] : 0; //Label $label[] = gmdate("Y-m-d H:i", $timetz + 60 * $i); } return array($label, $data); }
/** * * License: * * Copyright (c) 2003-2006 ossim.net * Copyright (c) 2007-2013 AlienVault * All rights reserved. * * This package is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; version 2 dated June, 1991. * You may not use, modify or distribute this program under any other version * of the GNU General Public License. * * This package is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this package; if not, write to the Free Software * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, * MA 02110-1301 USA * * * On Debian GNU/Linux systems, the complete text of the GNU General * Public License can be found in `/usr/share/common-licenses/GPL-2'. * * Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt * */ function normalize_date($from_date, $to_date) { // Format correction $from_date = preg_replace("/(\\d\\d)\\/(\\d\\d)\\/(\\d\\d\\d\\d)/", "\\3-\\2-\\1", $from_date); $to_date = preg_replace("/(\\d\\d)\\/(\\d\\d)\\/(\\d\\d\\d\\d)/", "\\3-\\2-\\1", $to_date); // Timezone correction $tz = Util::get_timezone(); if ($tz != 0) { $from_date = gmdate("Y-m-d H:i:s", Util::get_utc_unixtime("{$from_date} 00:00:00") + -3600 * $tz); $to_date = gmdate("Y-m-d H:i:s", Util::get_utc_unixtime("{$to_date} 23:59:59") + -3600 * $tz); } if (!preg_match("/\\d+\\:\\d+:\\d+/", $from_date)) { $from_date .= " 00:00:00"; } if (!preg_match("/\\d+\\:\\d+:\\d+/", $to_date)) { $to_date .= " 23:59:59"; } return array($from_date, $to_date); }
function SIEM_trend($conn) { require_once '../../dashboard/sections/widgets/data/sensor_filter.php'; $tz = Util::get_timezone(); $tzc = Util::get_tzc($tz); $data = array(); $fringe = gmdate('U') - 86400; $fringe = gmdate('Y-m-d H:00:00', $fringe); $ctx_where = Session::get_ctx_where() != '' ? " AND ctx IN (" . Session::get_ctx_where() . ")" : ""; list($join, $where) = make_asset_filter('event'); $sql = "SELECT sum(cnt) as num_events, convert_tz(timestamp,'+00:00','{$tzc}') as hour\n\t\t\t\tFROM alienvault_siem.ac_acid_event acid_event {$join}\n\t\t\t\tWHERE 1=1 {$where} {$ctx_where} AND timestamp >= '{$fringe}' \n\t\t\t\tGROUP BY hour\n\t\t\t\tORDER BY timestamp ASC"; $rg = $conn->Execute($sql); if (!$rg) { print $conn->ErrorMsg(); } else { while (!$rg->EOF) { $data[$rg->fields['hour']] = $rg->fields['num_events']; $rg->MoveNext(); } } return $data; }
function DisplayProcessing() { global $self; global $ListNOption; global $TopNOption; global $OutputFormatOption; global $IPStatOption; global $IPStatOrder; global $LimitScale; require_once 'av_init.php'; $geoloc = new Geolocation("/usr/share/geoip/GeoLiteCity.dat"); $db_aux = new ossim_db(); $conn_aux = $db_aux->connect(); $aux_ri_interfaces = Remote_interface::get_list($conn_aux, "WHERE status = 1"); $ri_list = $aux_ri_interfaces[0]; $ri_total = $aux_ri_interfaces[1]; $ri_data = array(); if ($ri_total > 0) { foreach ($ri_list as $r_interface) { $ri_data[] = array("name" => $r_interface->get_name(), "id" => "web_interfaces", "target" => "_blank", "url" => $r_interface->get_ip()); } } $type = $detail_opts['type'] == "flows" ? 0 : ($detail_opts['type'] == "packets" ? 1 : 2); if ($ri_total >= 0) { echo '<a name="processing"></a>'; } $detail_opts = $_SESSION['detail_opts']; $process_form = $_SESSION['process_form']; ?> <table style='width:100%;margin-top:15px;margin-bottom:5px;border:none'><tr> <td class='nobborder'><b><?php echo _("Netflow Processing"); ?> </b></td> <td class='noborder nfsen_menu'> <a href='javascript:lastsessions()'><?php echo _("List last 500 sessions"); ?> </a> | <a href='javascript:launch("2","<?php echo $type; ?> ")'><?php echo _("Top 10 Src IPs"); ?> </a> | <a href='javascript:launch("3","<?php echo $type; ?> ")'><?php echo _("Top 10 Dst IPs"); ?> </a> | <a href='javascript:launch("5","<?php echo $type; ?> ")'><?php echo _("Top 10 Src Port"); ?> </a> | <a href='javascript:launch("6","<?php echo $type; ?> ")'><?php echo _("Top 10 Dst Port"); ?> </a> | <a href='javascript:launch("13","<?php echo $type; ?> ")'><?php echo _("Top 10 Proto"); ?> </a> </td></tr></table> <form action="<?php echo $self; ?> " onSubmit="return ValidateProcessForm()" id="FlowProcessingForm" method="POST" laction="<?php echo $self; ?> "> <?php if (preg_match("/^\\d+\$/", $_SESSION['tend'])) { ?> <input type="hidden" name="tend" value="<?php echo intval($_SESSION['tend']); ?> " /> <?php } if (preg_match("/^\\d+\$/", $_SESSION['tleft'])) { ?> <input type="hidden" name="tleft" value="<?php echo intval($_SESSION['tleft']); ?> " /> <?php } if (preg_match("/^\\d+\$/", $_SESSION['tright'])) { ?> <input type="hidden" name="tright" value="<?php echo intval($_SESSION['tright']); ?> " /> <?php } if ($_SESSION["detail_opts"]["cursor_mode"] != "") { ?> <input type="hidden" name="cursor_mode" value="<?php echo Util::htmlentities($_SESSION["detail_opts"]["cursor_mode"]); ?> " /> <?php } if ($_SESSION["detail_opts"]["wsize"] != "") { ?> <input type="hidden" name="wsize" value="<?php echo Util::htmlentities($_SESSION["detail_opts"]["wsize"]); ?> " /> <?php } if ($_SESSION["detail_opts"]["logscale"] != "") { ?> <input type="hidden" name="logscale" value="<?php echo Util::htmlentities($_SESSION["detail_opts"]["logscale"]); ?> " /> <?php } if ($_SESSION["detail_opts"]["linegraph"] != "") { ?> <input type="hidden" name="linegraph" value="<?php echo Util::htmlentities($_SESSION["detail_opts"]["linegraph"]); ?> " /> <?php } ?> <input type="hidden" name="login" value="<?php echo Util::htmlentities($_SESSION["_remote_login"]); ?> " /> <table class='nfsen_filters'> <tr> <th class="thold"><?php echo _("Source"); ?> </th> <th class="thold"><?php echo _("Filter"); ?> </th> <th class="thold"><?php echo _("Options"); ?> </th> </tr> <tr> <td style='vertical-align:top'> <select name="srcselector[]" id='SourceSelector' size="6" style="width: 100%" multiple='multiple'> <?php foreach ($process_form['srcselector'] as $selected_channel) { $_tmp[$selected_channel] = 1; } $i = 0; foreach ($_SESSION['profileinfo']['channel'] as $channel) { $channel_name = $channel['name']; $checked = array_key_exists($channel['id'], $_tmp) ? 'selected' : ''; echo "<OPTION value='" . Util::htmlentities($channel['id']) . "' {$checked}>{$channel_name}</OPTION>\n"; } ?> </select> <div style='margin: 5px auto'> <input class="small av_b_secondary" type="button" name="JSbutton2" value="All Sources" onClick="SelectAllSources()"/> </div> </td> <td style="vertical-align:top;"> <textarea name="filter" id="filter" multiline="true" wrap="phisical" rows="6" cols="50" maxlength="10240"><?php if (is_array($process_form)) { $display_filter = array_key_exists('editfilter', $process_form) ? $process_form['editfilter'] : $process_form['filter']; } else { $display_filter = array(); } if (count($display_filter) < 1 && GET('ip') != "" && GET('ip2') != "") { $display_filter[0] = "(src ip " . GET('ip') . " and dst ip " . GET('ip2') . ") or (src ip " . GET('ip2') . " and dst ip " . GET('ip') . ")"; } elseif (count($display_filter) < 1 && GET('ip') != "") { $display_filter[0] = "src ip " . GET('ip') . " or dst ip " . GET('ip'); } elseif (preg_match("/(\\d+\\.\\d+\\.\\d+\\.\\d+)/", $display_filter[0]) && GET('ip') != "" && GET('ip2') != "") { $ip1 = GET('ip'); $ip2 = GET('ip2'); $filter = "(src ip {$ip1} and dst ip {$ip2}) or (src ip {$ip2} and dst ip {$ip1})"; $display_filter[0] = preg_replace("/\\(src ip \\d+\\.\\d+\\.\\d+\\.\\d+ and dst ip \\d+\\.\\d+\\.\\d+\\.\\d+\\) or \\(src ip \\d+\\.\\d+\\.\\d+\\.\\d+ and dst ip \\d+\\.\\d+\\.\\d+\\.\\d+\\)/", $filter, $display_filter[0]); $display_filter[0] = preg_replace("/src ip \\d+\\.\\d+\\.\\d+\\.\\d+ or dst ip \\d+\\.\\d+\\.\\d+\\.\\d+/", $filter, $display_filter[0]); } elseif (preg_match("/(\\d+\\.\\d+\\.\\d+\\.\\d+)/", $display_filter[0]) && GET('ip') != "") { $filter = "src ip " . GET('ip') . " or dst ip " . GET('ip'); $display_filter[0] = preg_replace("/\\(src ip \\d+\\.\\d+\\.\\d+\\.\\d+ and dst ip \\d+\\.\\d+\\.\\d+\\.\\d+\\) or \\(src ip \\d+\\.\\d+\\.\\d+\\.\\d+ and dst ip \\d+\\.\\d+\\.\\d+\\.\\d+\\)/", $filter, $display_filter[0]); $display_filter[0] = preg_replace("/src ip \\d+\\.\\d+\\.\\d+\\.\\d+ or dst ip \\d+\\.\\d+\\.\\d+\\.\\d+/", $filter, $display_filter[0]); } foreach ($display_filter as $line) { print str_replace("&", "&", Util::htmlentities(stripslashes($line))) . "\n"; } ?> </textarea> <?php $deletefilter_display_style = is_array($process_form) && array_key_exists('editfilter', $process_form) ? '' : 'style="display:none;"'; ?> <input type="image" name="filter_delete" id="filter_delete" title="<?php echo _("Delete filter"); ?> " align="right" onClick="HandleFilter(3)" value="" src="icons/trash.png" <?php echo $deletefilter_display_style; ?> > <!-- <input type="image" name="filter_save" id="filter_save" title="Save filter" align="right" onClick="HandleFilter(2)" value="" src="icons/save.png"> --> <input type="hidden" name="filter_name" id="filter_name" value="none"> <div style='margin: 5px auto'> <span id="filter_span">and</span> <select name="DefaultFilter" id="DefaultFilter" onChange="HandleFilter(0)" size="1"> <?php print "<option value='-1' label='none'><none></option>\n"; foreach ($_SESSION['DefaultFilters'] as $name) { $checked = $process_form['DefaultFilter'] == $name ? 'selected' : ''; print "<option value='" . Util::htmlentities($name) . "' {$checked}>" . Util::htmlentities($name) . "</option>\n"; } $editfilter_display_style = 'style="display:none;"'; foreach ($_SESSION['DefaultFilters'] as $name) { if ($process_form['DefaultFilter'] == $name) { $editfilter_display_style = ''; } } ?> </select> <input type="image" name="filter_save" id="filter_save" title="<?php echo _("Save filter"); ?> " onClick="HandleFilter(2)" value="" src="icons/save.png" border="0" align="absmiddle"> <input type="image" name="filter_edit" id="filter_edit" title="Edit filter" <?php echo $editfilter_display_style; ?> onClick="HandleFilter(1)" value="" src="icons/edit.png"> </div> <script language="Javascript" type="text/javascript"> var DefaultFilters = new Array(); <?php foreach ($_SESSION['DefaultFilters'] as $name) { print "DefaultFilters.push('" . Util::htmlentities($name) . "');\n"; } if (array_key_exists('editfilter', $process_form)) { print "edit_filter = '" . Util::htmlentities($process_form['DefaultFilter']) . "';\n"; } ?> </script> </td> <!-- Options start here --> <td style='padding: 0px;vertical-align:top;border:none;'> <table border="0" id="ProcessOptionTable" style="font-size:14px;font-weight:bold;width:100%;border:none"> <tr> <td class='TDnfprocLabel' style='white-space:nowrap'> <?php $i = 0; foreach (array('List Flows', 'Stat TopN') as $s) { $checked = $process_form['modeselect'] == $i ? 'checked' : ''; print "<input type='radio' onClick='SwitchOptionTable({$i})' name='modeselect' id='modeselect{$i}' value='{$i}' {$checked}>{$s} "; $i++; } $list_display_style = $process_form['modeselect'] == 0 ? '' : 'style="display:none;"'; $stat_display_style = $process_form['modeselect'] == 0 ? 'style="display:none;"' : ''; $formatselect_display_opts = $process_form['modeselect'] == 1 && $process_form['stattype'] != 0 ? 'style="display:none;"' : ''; ?> </td> <td class='TDnfprocControl' > <table class='noborder' style='margin: auto;'> <tr> <td class='nobborder'><input class="small av_b_secondary" type="button" name="JSbutton1" value="<?php echo _("Clear Form"); ?> " onClick="ResetProcessingForm()"/></td> <td class='nobborder'><input class="small" type="submit" name="process" value="<?php echo _("Process"); ?> " id="process_button" onClick="clean_remote_data();form_ok=true;" size="1"/></td> <?php if (count($RemoteInterfacesData) > 0 && !isset($_POST['login'])) { ?> <td class='nobborder'><input type="button" name="remote_process" value="<?php echo _("Remote Process"); ?> " id="remote_process_button" onclick="$('#rinterfaces').toggle()"/> <div id='container_rmp' style='position:relative;'> <div id="rinterfaces" style="position:absolute; top:0; right:0;display:none; margin:1px 0px 0px 2px; text-align:right;"> <?php foreach ($RemoteInterfacesData as $data) { $short_name = strlen($data['name']) > 12 ? substr($data['name'], 0, 12) . "..." : $data['name']; ?> <input type="button" onclick="remote_interface('<?php echo $data["url"]; ?> ')" style="width:180px; font-size: 11px;" title="<?php echo $data["name"] . " [" . $data["url"] . "]"; ?> " value="<?php echo $short_name . " [" . $data["url"] . "]"; ?> "/><br /> <?php } ?> </div> </div> </td> <?php } ?> </tr> </table> </td> </tr> <tr id="listNRow" <?php echo $list_display_style; ?> > <td class='TDnfprocLabel'><?php echo _("Limit to"); ?> :</td> <td class='TDnfprocControl'> <select name="listN" id="listN" style="margin-left:1" size="1"> <?php for ($i = 0; $i < count($ListNOption); $i++) { $checked = $process_form['listN'] == $i ? 'selected' : ''; print "<OPTION value='{$i}' {$checked}>" . $ListNOption[$i] . "</OPTION>\n"; } ?> </select><?php echo _("Flows"); ?> <br> </td> </tr> <tr id="topNRow" <?php echo $stat_display_style; ?> > <td class='TDnfprocLabel'><?php echo _("Top"); ?> :</td> <td class='TDnfprocControl'> <select name="topN" id="TopN" size="1"> <?php for ($i = 0; $i < count($TopNOption); $i++) { $checked = $process_form['topN'] == $i ? 'selected' : ''; print "<OPTION value='{$i}' {$checked}>" . $TopNOption[$i] . "</OPTION>\n"; } ?> </select> </td> </tr> <tr id="stattypeRow" <?php echo $stat_display_style; ?> > <td class="TDnfprocLabel"><?php echo _("Stat"); ?> :</td> <td class="TDnfprocControl"> <select name="stattype" id="StatTypeSelector" onChange="ShowHideOptions()" size="1"> <?php for ($i = 0; $i < count($IPStatOption); $i++) { $checked = $process_form['stattype'] == $i ? 'selected' : ''; print "<OPTION value='{$i}' {$checked}>" . $IPStatOption[$i] . "</OPTION>\n"; } ?> </select> order by <select name='statorder' id="statorder" size='1'> <?php for ($i = 0; $i < count($IPStatOrder); $i++) { $checked = $process_form['statorder'] == $i ? 'selected' : ''; print "<OPTION value='{$i}' {$checked}>" . $IPStatOrder[$i] . "</OPTION>\n"; } ?> </select> </td> </tr> <tr id="AggregateRow" <?php echo $formatselect_display_opts; ?> > <td class='TDnfprocLabel'><?php echo _("Aggregate"); ?> </td> <td class='TDnfprocControl'> <input type="checkbox" name="aggr_bidir" id="aggr_bidir" value="checked" onClick="ToggleAggregate();" style="margin-left:1" <?php echo Util::htmlentities($process_form['aggr_bidir']); ?> > <?php echo _("bi-directional"); ?> <br> <input type="checkbox" name="aggr_proto" id="aggr_proto" value="checked" style="margin-left:1" <?php echo Util::htmlentities($process_form['aggr_proto']); ?> > <?php echo _("proto"); ?> <br> <input type="checkbox" name="aggr_srcport" id="aggr_srcport" value="checked" style="margin-left:1" <?php echo Util::htmlentities($process_form['aggr_srcport']); ?> > <?php echo _("srcPort"); ?> <input type="checkbox" name="aggr_srcip" id="aggr_srcip" value="checked" style="margin-left:1" <?php echo Util::htmlentities($process_form['aggr_srcip']); ?> > <select name="aggr_srcselect" id="aggr_srcselect" onChange="NetbitEntry('src')" size="1"> <?php $i = 0; foreach (array('srcIP', 'srcIPv4/', 'srcIPv6/') as $s) { $checked = $process_form['aggr_srcselect'] == $i ? 'selected' : ''; print "<option value='{$i}' {$checked}>{$s}</option>\n"; $i++; } $_style = $process_form['aggr_srcselect'] == 0 ? 'style="display:none"' : ''; ?> </select> <input size="3" type="text" name="aggr_srcnetbits" id="aggr_srcnetbits" value="<?php echo Util::htmlentities($process_form['aggr_srcnetbits']); ?> " <?php echo $_style; ?> ><br> <input type="checkbox" name="aggr_dstport" id="aggr_dstport" value="checked" style="margin-left:1" <?php echo Util::htmlentities($process_form['aggr_dstport']); ?> > <?php echo _("dstPort"); ?> <input type="checkbox" name="aggr_dstip" id="aggr_dstip" value="checked" style="margin-left:1" <?php echo Util::htmlentities($process_form['aggr_dstip']); ?> > <select name="aggr_dstselect" id="aggr_dstselect" onChange="NetbitEntry('dst')" size="1"> <?php $i = 0; foreach (array('dstIP', 'dstIPv4/', 'dstIPv6/') as $s) { $checked = $process_form['aggr_dstselect'] == $i ? 'selected' : ''; print "<option value='{$i}' {$checked}>{$s}</option>\n"; $i++; } $_style = $process_form['aggr_dstselect'] == 0 ? 'style="display:none"' : ''; ?> </select> <input size="3" type="text" name="aggr_dstnetbits" id="aggr_dstnetbits" value="<?php echo Util::htmlentities($process_form['aggr_dstnetbits']); ?> " <?php echo $_style; ?> ><br> </td> </tr> <tr id="timesortedRow" <?php echo $list_display_style; ?> > <td class='TDnfprocLabel'><?php echo _("Sort"); ?> :</td> <td class='TDnfprocControl'> <input type="checkbox" name="timesorted" id="timesorted" value="checked" style="margin-left:1" <?php echo Util::htmlentities($process_form['timesorted']); ?> > <?php echo _("start time of flows"); ?> </td> </tr> <tr id="limitoutputRow" <?php echo $stat_display_style; ?> > <td class='TDnfprocLabel'><?php echo _("Limit"); ?> :</td> <td class='TDnfprocControl'> <input type="checkbox" name="limitoutput" id="limitoutput" value="checked" style="margin-left:1" size="1" <?php echo Util::htmlentities($process_form['limitoutput']); ?> > <select name="limitwhat" id="limitwhat" size="1"> <?php $i = 0; foreach (array(gettext("Packets"), gettext("Traffic")) as $s) { $checked = $process_form['limitwhat'] == $i ? 'selected' : ''; print "<option value='{$i}' {$checked}>{$s}</option>\n"; $i++; } ?> </select> <select name="limithow" id="limithow" size="1"> <?php $i = 0; foreach (array('>', '<') as $s) { $checked = $process_form['limithow'] == $i ? 'selected' : ''; print "<option value='{$i}' {$checked}>{$s}</option>\n"; $i++; } ?> </select> <input type="text" name="limitsize" id="limitsize" value="<?php echo Util::htmlentities($process_form['limitsize']); ?> " SIZE="6" MAXLENGTH="8"> <select name="limitscale" id="limitscale" size="1" style="margin-left:1"> <?php $i = 0; foreach ($LimitScale as $s) { $checked = $process_form['limitscale'] == $i ? 'selected' : ''; print "<option value='{$i}' {$checked}>{$s}</option>\n"; $i++; } ?> </select> </td> </tr> <tr id="outputRow"> <td class='TDnfprocLabel'><?php echo _("Output"); ?> :</td> <td class='TDnfprocControl'> <span id="FormatSelect" <?php echo $formatselect_display_opts; ?> > <select name="output" id="output" onChange="CustomOutputFormat()" style="margin-left:1" size="1"> <?php foreach ($_SESSION['formatlist'] as $key => $value) { $checked = $process_form['output'] == $key ? 'selected' : ''; print "<OPTION value='" . Util::htmlentities($key) . "' {$checked}>" . Util::htmlentities($key) . "</OPTION>\n"; } $fmt = $_SESSION['formatlist'][$process_form['output']]; if ($process_form['output'] == $fmt) { // built in format $space_display_style = ''; $edit_display_style = 'style="display:none"'; } else { $space_display_style = 'style="display:none"'; $edit_display_style = ''; } ?> </select> <script language="Javascript" type="text/javascript"> var fmts = new Hash(); <?php foreach ($_SESSION['formatlist'] as $key => $value) { print "fmts.setItem('" . Util::htmlentities($key) . "', '" . Util::htmlentities($value) . "');\n"; } ?> </script> <img src="icons/space.png" border="0" alt='space' id='space' <?php echo $space_display_style; ?> /> <a href="#null" onClick="EditCustomFormat()" title="<?php echo _("Edit format"); ?> " ><IMG SRC="icons/edit.png" name="fmt_doedit" id="fmt_doedit" border="0" <?php echo $edit_display_style; ?> alt="Edit format"></a> </span> <input type="checkbox" name="IPv6_long" id="IPv6_long" style="margin-left:1" value="checked" <?php echo Util::htmlentities($process_form['IPv6_long']); ?> > / <?php echo _("IPv6 long"); ?> <?php $fmt_edit_display_style = $process_form['output'] == 'custom ...' ? '' : 'style="display:none"'; ?> <span id="fmt_edit" <?php echo $fmt_edit_display_style; ?> > <br><?php echo _("Enter custom output format"); ?> :<br> <input size="30" type="text" name="customfmt" id="customfmt" value="<?php echo Util::htmlentities($process_form['customfmt']); ?> " > <input type="image" name="fmt_save" id="fmt_save" title="<?php echo _("Save format"); ?> " onClick="SaveOutputFormat()" value="" src="icons/save.png"> <input type="image" name="fmt_delete" id="fmt_delete" title="<?php echo _("Delete format"); ?> " onClick="DeleteOutputFormat()" value="" src="icons/trash.png" <?php echo $edit_display_style; ?> > </span> </td> </tr> </table> </td> </tr> <!-- <tr> <td></td><td></td> <td align="right" style="border:none"> <input type="button" name="JSbutton1" value="<?php echo _("Clear Form"); ?> " onClick="ResetProcessingForm()"> <input type="submit" name="process" value="<?php echo _("process"); ?> " id="process_button" onClick="form_ok=true;" size="1"> </td> </tr> --> </table> </form> <div id="lookupbox"> <div id="lookupbar" align="right" style="background-color:olivedrab"><img src="icons/close.png" onmouseover="this.style.cursor='pointer';" onClick="hidelookup()" title="Close lookup box"></div> <iframe id="cframe" src="" frameborder="0" scrolling="auto" width="100%" height="166"></iframe> </div> <?php if (!array_key_exists('run', $_SESSION)) { return; } print "<div class='flowlist'>\n"; $run = $_SESSION['run']; if ($run != null) { $filter = $process_form['filter']; if ($process_form['DefaultFilter'] != -1) { $cmd_opts['and_filter'] = $process_form['DefaultFilter']; } $cmd_opts['type'] = ($_SESSION['profileinfo']['type'] & 4) > 0 ? 'shadow' : 'real'; $cmd_opts['profile'] = $_SESSION['profileswitch']; $cmd_opts['srcselector'] = implode(':', $process_form['srcselector']); #print "<pre>\n"; $patterns = array(); $replacements = array(); $patterns[0] = '/(\\s*)([^\\s]+)/'; $replacements[0] = "\$1<a href='#null' onClick='lookup(\"\$2\", this, event)' title='lookup \$2'>\$2</a>"; // gets HAP4NfSens plugin id. returns -1 if HAP4NfSen is not installed. function getHAP4NfSenId() { $plugins = GetPlugins(); for ($i = 0; $i < count($plugins); $i++) { $plugin = $plugins[$i]; if ($plugin == "HAP4NfSen") { return $i; } } return -1; } ClearMessages(); $cmd_opts['args'] = "-T {$run}"; $cmd_opts['filter'] = $filter; $titcol = get_tit_col($run); $cmd_out = nfsend_query("run-nfdump", $cmd_opts); if (!is_array($cmd_out)) { ShowMessages(); } else { $conf = $GLOBALS["CONF"]; $solera = $conf->get_conf("solera_enable", FALSE) ? true : false; $db = new ossim_db(); $conn = $db->connect(); $sensors = $hosts = $ossim_servers = array(); $tz = Util::get_timezone(); list($hosts, $host_ids) = Asset_host::get_basic_list($conn, array(), TRUE); $entities = Session::get_all_entities($conn); $_sensors = Av_sensor::get_basic_list($conn); foreach ($_sensors as $s_id => $s) { $sensors[$s['ip']] = $s['name']; } /*$hap4nfsen_id = getHAP4NfSenId(); if ($hap4nfsen_id >= 0) { // ICMP "port" filter are no currently supported by the HAP4NfSen plugin function isChecked(&$form, $name) { // helper function used to find out, if an option is checked return $form[$name]=="checked"; } $ip_and_port_columns = preg_match('/(flow records)/i', $IPStatOption[$process_form['stattype']]) && ((isChecked($process_form,'aggr_srcip') && isChecked($process_form,'aggr_srcport')) || (isChecked($process_form,'aggr_dstip') && isChecked($process_form,'aggr_dstport'))); $ip_contains_port = $_SESSION["process_form"]["modeselect"]=='0' || !preg_match('/[ip|flow_records]/i', $IPStatOption[$process_form['stattype']]) || (preg_match('/(flow records)/i', $IPStatOption[$process_form['stattype']]) && !( // no boxes checked isChecked($process_form,'aggr_srcip') || isChecked($process_form,'aggr_srcport') || isChecked($process_form,'aggr_dstip') || isChecked($process_form,'aggr_dstport'))); $_SESSION["plugin"][$hap4nfsen_id]["cmd_opts"] = $cmd_opts; $hap_pic = "<img src=\"plugins/HAP4NfSen/graphviz.png\" valign=\"middle\" border=\"0\" alt=\"HAP\" />"; $default_pattern = array_pop($patterns); $default_replacement = array_pop($replacements); if ($ip_contains_port) { // matches cases like ip:port $max_prot_length = 5; // max. port length = 5 chars(highest port number = 65535) for ($i=$max_prot_length;$i>=1;$i--) { $diff = ($max_prot_length-$i); // difference between actual and max port length $ip_port_pattern_icmp = "/(\s*)([^\s|^:]+)(:)(0\s{4}|\d\.\d\s{2}|\d{2}\.\d\|\d\.\d{2}\s|\d{2}\.\d{2})/"; $ip_port_pattern_normal = "/(\s*)([^\s|^:]+)(:)([\d|\.]{{$i}})(\s{{$diff}})/"; $spaces = ''; for ($k=0;$k<$diff;$k++) {$spaces = $spaces . ' ';} // spaces required to align hap viewer icons array_push($patterns, $ip_port_pattern_icmp); array_push($replacements, $default_replacement . "$3$4 <a href=\"nfsen.php?tab=5&sub_tab=" . $hap4nfsen_id . "&ip=$2&mode=new\" title='HAP graphlet for $2'>$hap_pic</a> "); array_push($patterns, $ip_port_pattern_normal); array_push($replacements, $default_replacement . "$3$4$spaces <a href=\"nfsen.php?tab=5&sub_tab=" . $hap4nfsen_id . "&ip=$2&port=$4&mode=new\" title='HAP graphlet for $2 on port $4'>$hap_pic</a> "); } array_push($patterns, '/(\sIP\sAddr:Port)/i'); array_push($replacements, "$1 $hap_pic"); } else { if ($ip_and_port_columns) { // matches cases when both ip and port are available but are located in separate columns // ICMP verion $ip_and_port_pattern = "/(\s*)([^\s]+)(\s+)(0|\d\.\d)/"; $ip_and_port_replacement = "$1$2$3$4 " . "<a href=\"nfsen.php?tab=5&sub_tab=" . $hap4nfsen_id . "&ip=$2&mode=new\" title='HAP graphlet for $2'>$hap_pic</a>"; array_push($patterns, $ip_and_port_pattern); array_push($replacements, $ip_and_port_replacement); // non-ICMP version with port filter $ip_and_port_pattern = "/(\s*)([^\s]+)(\s*)([\d|.]+)/"; $ip_and_port_replacement = "$1$2$3$4 " . "<a href=\"nfsen.php?tab=5&sub_tab=" . $hap4nfsen_id . "&ip=$2&port=$4&mode=new\" title='HAP graphlet for $2 on port $4'>$hap_pic</a>"; array_push($patterns, $ip_and_port_pattern); array_push($replacements, $ip_and_port_replacement); array_push($patterns, '/(\s\s(Src\sIP\sAddr\s*Src\sPt|Dst\sIP\sAddr\s*Dst\sPt))/i'); array_push($replacements, "$1 $hap_pic"); } else { // matches all other cases array_push($patterns, $default_pattern); array_push($replacements, $default_replacement . " <a href=\"nfsen.php?tab=5&sub_tab=" . $hap4nfsen_id . "&ip=$2&mode=new\" title='HAP graphlet for $2'>$hap_pic</a>"); array_push($patterns, '/(\s(|\s(Src|Dst))\sIP\sAddr)/i'); array_push($replacements, "$1 $hap_pic"); } } } if ( array_key_exists('arg', $cmd_out) ) { print "** nfdump " . $cmd_out['arg'] . "\n"; } if ( array_key_exists('filter', $cmd_out) ) { print "nfdump filter:\n"; foreach ( $cmd_out['filter'] as $line ) { print "$line\n"; } } foreach ( $cmd_out['nfdump'] as $line ) { print preg_replace($patterns, $replacements, $line) . "\n"; }*/ # parse command line #2009-12-09 17:08:17.596 40.262 TCP 192.168.1.9:80 -> 217.126.167.80:51694 .AP.SF 0 70 180978 1 35960 2585 1 $list = preg_match("/\\-o extended/", $cmd_out['arg']) ? 1 : 0; $regex = $list ? "/(\\d\\d\\d\\d\\-.*?\\s.*?)\\s+(.*?)\\s+(.*?)\\s+(.*?)\\s+->\\s+(.*?)\\s+(.*?)\\s+(.*?)\\s+(.*?)\\s+(.*?\\s*[KMG]?)\\s+(.*?)\\s+(.*?)\\s+(.*?)\\s+(.*)/" : "/(\\d\\d\\d\\d\\-.*?\\s.*?)\\s+(.*?)\\s+(.*?)\\s+(.*?)\\s+(.*?)\\s+(.*?)\\s+(.*?\\s*[KMGT]?)\\s+(.*?)\\s+(.*?)\\s+(.*)/"; echo '<div class="nfsen_list_title">' . _('Flows Info') . '</div>'; echo "<table class='table_list'>"; $geotools = false; if ($list && file_exists("../kml/GoogleEarth.php")) { $geotools = true; $geoips = array(); $geotools_src = " <a href='' onclick='window.open(\"../kml/TourConfig.php?type=ip_src&ip=&flows=1\",\"Flows sources - Goggle Earth API\",\"width=1024,height=700,scrollbars=NO,toolbar=1\");return false'><img align='absmiddle' src='../pixmaps/google_earth_icon.png' border='0'></a> <a href='' onclick='window.open(\"../kml/IPGoogleMap.php?type=ip_src&ip=&flows=1\",\"Flows sources - Goggle Maps API\",\"width=1024,height=700,scrollbars=NO,toolbar=1\");return false'><img align='absmiddle' src='../pixmaps/google_maps_icon.png' border='0'></a>"; $geotools_dst = " <a href='' onclick='window.open(\"../kml/TourConfig.php?type=ip_dst&ip=&flows=1\",\"Flows destinations - Goggle Earth API\",\"width=1024,height=700,scrollbars=NO,toolbar=1\");return false'><img align='absmiddle' src='../pixmaps/google_earth_icon.png' border='0'></a> <a href='' onclick='window.open(\"../kml/IPGoogleMap.php?type=ip_dst&ip=&flows=1\",\"Flows destinations - Goggle Maps API\",\"width=1024,height=700,scrollbars=NO,toolbar=1\");return false'><img align='absmiddle' src='../pixmaps/google_maps_icon.png' border='0'></a>"; } echo $list ? "\n \n <tr>\n <th>" . _("Date flow start") . "<br><span style='font-size:8px'>" . Util::timezone($tz) . "</style></th>\n <th>" . _("Duration") . "</th>\n <th>" . _("Proto") . "</th>\n <th>" . _("Src IP Addr:Port") . "{$geotools_src}</th>\n <th>" . _("Dst IP Addr:Port") . "{$geotools_dst}</th>\n <th>" . _("Flags") . "</th>\n <th>" . _("Tos") . "</th>\n <th>" . _("Packets") . "</th>\n <th>" . _("Bytes") . "</th>\n <th>" . _("pps") . "</th>\n <th>" . _("bps") . "</th>\n <th>" . _("Bpp") . "</th>\n <th>" . _("Flows") . "</th>\n \t" . ($solera ? "<th></th>" : "") . "\n </tr>" : "<tr>\n <th>" . _("Date flow seen") . "<br><span style='font-size:8px'>" . Util::timezone($tz) . "</style></th>\n <th>" . _("Duration") . "</th>\n <th>" . _("Proto") . "</th>\n <th>" . $titcol . "</th>\n <th>" . _("Flows") . "(%)</th>\n <th>" . _("Packets") . "(%)</th>\n <th>" . _("Bytes") . "(%)</th>\n <th>" . _("pps") . "</th>\n <th>" . _("bps") . "</th>\n <th>" . _("Bpp") . "</th>\n \t" . ($solera ? "<th></th>" : "") . "\n </tr>"; $status = $errors = array(); $rep = new Reputation(); //print_r($cmd_out['arg']); //print_r($cmd_out['nfdump']); foreach ($cmd_out['nfdump'] as $k => $line) { #capture status if (preg_match("/^(Summary|Time window|Total flows processed|Sys)\\:/", $line, $found)) { $status[$found[1]] = str_replace($found[1] . ":", "", $line); } # capture errors if (preg_match("/ error /i", $line, $found)) { if (preg_match("/stat\\(\\) error/i", $line)) { $errors[] = _('The netflow information you are trying to access either has not been processed yet or does not exist. Please check your date filters.'); Av_exception::write_log(Av_exception::USER_ERROR, $line); } else { $errors[] = $line; } } # print results $line = preg_replace("/\\(\\s(\\d)/", "(\\1", $line); // Patch for ( 0.3) $line = preg_replace("/(\\d)\\s*([KMGT])/", "\\1\\2", $line); // Patch for 1.2 M(99.6) $line = preg_replace("/(\\d+)(TCP|UDP|ICMP|IGMP)\\s/", "\\1 \\2 ", $line); // Patch for 9.003TCP $start = $end = $proto = ""; $ips = $ports = array(); if (preg_match($regex, preg_replace('/\\s*/', ' ', $line), $found)) { echo "<tr class='tr_flow_data'>\n"; foreach ($found as $ki => $field) { if ($ki > 0) { $wrap = $ki == 1 ? "nowrap" : ""; $field = Util::htmlentities(preg_replace("/(\\:\\d+)\\.0\$/", "\\1", $field)); if (preg_match("/(\\d+\\.\\d+\\.\\d+\\.\\d+)(.*)/", $field, $fnd)) { # match ip (resolve and geolocalize) $ip = $fnd[1]; $port = $fnd[2]; list($name, $ctx, $host_id) = GetDataFromSingleIp($ip, $hosts); if ($name == "" && $sensors[$ip] != "") { $name = $sensors[$ip]; } $output = Asset_host::get_extended_name($conn, $geoloc, $ip, $ctx, $host_id, ''); $homelan = $output['is_internal'] || $name != "" && $name != $ip; $icon = $output['html_icon']; # reputation info if (!is_array($_SESSION["_repinfo_ips"][$ip])) { $_SESSION["_repinfo_ips"][$ip] = $rep->get_data_by_ip($ip); } $rep_icon = Reputation::getrepimg($_SESSION["_repinfo_ips"][$ip][0], $_SESSION["_repinfo_ips"][$ip][1], $_SESSION["_repinfo_ips"][$ip][2], $ip); $rep_bgcolor = Reputation::getrepbgcolor($_SESSION["_repinfo_ips"][$ip][0]); $style_aux = $homelan ? 'style="font-weight:bold"' : ''; $bold_aux1 = $homelan ? '<b>' : ''; $bold_aux2 = $homelan ? '<b>' : ''; $field = '<div id="' . $ip . ';' . Util::htmlentities($name) . ';' . $host_id . '" id2="' . $ip . ';' . $ip . '" ctx="' . $ctx . '" class="HostReportMenu">' . $icon . ' <a ' . $style_aux . ' href="javascript:;">' . Util::htmlentities($name) . '</a>' . $bold_aux1 . $port . $bold_aux2 . ' ' . $rep_icon . '</div>'; $wrap = "nowrap style='{$rep_bgcolor}'"; $ips[] = $ip; if ($geotools) { if ($ki == 4) { $geoips['ip_src'][$ip]++; } elseif ($ki == 5) { $geoips['ip_dst'][$ip]++; } } $ports[] = str_replace(":", "", $port); } if (preg_match("/(\\d+-\\d+-\\d+ \\d+:\\d+:\\d+)(.*)/", $field, $fnd)) { # match date $start = $end = $fnd[1]; $time = strtotime($fnd[1]); $field = Util::htmlentities(gmdate("Y-m-d H:i:s", $time + 3600 * $tz) . "." . $fnd[2]); } if (preg_match("/(TCP|UDP|ICMP|RAW)/", $field, $fnd)) { # match date $proto = strtolower($fnd[1]); } print "<td {$wrap}>{$field}</td>"; } } // solera deepsee integration if ($solera) { echo "<td><a href=\"javascript:;\" onclick=\"solera_deepsee('" . Util::htmlentities($start) . "','" . Util::htmlentities($end) . "','" . Util::htmlentities($ips[0]) . "','" . Util::htmlentities($ports[0]) . "','" . Util::htmlentities($ips[1]) . "','" . Util::htmlentities($ports[1]) . "','" . Util::htmlentities($proto) . "')\"><img src='/ossim/pixmaps/solera.png' border='0' align='absmiddle'></a></td>"; } echo "</tr>\n"; } } echo "</table>"; if ($geotools) { foreach ($geoips as $type => $list) { $ipsfile = fopen("/var/tmp/flowips_" . Session::get_session_user() . ".{$type}", "w"); foreach ($list as $ip => $val) { fputs($ipsfile, "{$ip}\n"); } fclose($ipsfile); } } #Summary: total flows: 20, total bytes: 7701, total packets: 133, avg bps: 60, avg pps: 0, avg bpp: 57 #Time window: 2009-12-10 08:21:30 - 2009-12-10 08:38:26 #Total flows processed: 21, Records skipped: 0, Bytes read: 1128 #Sys: 0.000s flows/second: 0.0 Wall: 0.000s flows/second: 152173.9 if (count($status) > 0) { echo "<table class='transparent' style='margin-bottom:5px;width:100%'>"; foreach ($status as $key => $line) { $line = preg_replace("/(Wall)\\:/", "<span class='th_summary'>\\1</span>", $line); $line = preg_replace("/\\,\\s+(.*?)\\:/", " <span class='th_summary'>\\1</span>", $line); echo "<tr>\n <td class='nobborder' style='padding: 4px;'>\n <span class='th_summary'>{$key}</span>\n {$line}\n </td>\n </tr>"; } echo "</table>"; } # stat() error '/home/dk/nfsen/profiles-data/live/device2/2009/12/10/nfcapd.200912100920': File not found! if (count($errors) > 0) { foreach ($errors as $line) { echo "<div class='details_error'>" . _("ERROR FOUND: ") . "{$line}</div>"; } } $conn->disconnect(); } #print "</pre>\n"; } print "</div>\n"; $db_aux->close(); $geoloc->close(); return; }
function main_page($viewall, $sortby, $sortdir) { global $uroles, $username, $dbconn, $hosts; global $arruser, $user; $tz = Util::get_timezone(); if ($sortby == "") { $sortby = "id"; } if ($sortdir == "") { $sortdir = "DESC"; } /* if ( $uroles['admin'] ) { if($viewall == 1) { echo " <a href='manage_jobs.php'>View My Schedules</a> | "; } else { echo " <a href='manage_jobs.php?viewall=1'>View All Schedules</a> | "; } } else { $viewall = "1"; }*/ //echo "<a href='sched.php?op=reoccuring'>New Schedule</a> |<br><br>"; $sql_order = "order by {$sortby} {$sortdir}"; // if($viewall == 1) { // $url_sortby="<a href=\"manage_jobs.php?viewall=1&sortby="; // } else { // $url_sortby="<a href=\"manage_jobs.php?sortby="; // } echo "<center>"; status($arruser, $user); echo "<br>"; echo "<form>"; echo "<input type=\"button\" onclick=\"document.location.href='sched.php?smethod=schedule&hosts_alive=1&scan_locally=1'\" value=\"" . _("New Scan Job") . "\" class=\"button\">"; echo " "; echo "<input type=\"button\" onclick=\"document.location.href='sched.php?smethod=inmediately&hosts_alive=1&scan_locally=1'\" value=\"" . _("Run Scan Now") . "\" class=\"button\">"; echo "</form>"; echo "</center>"; echo "<br>"; $schedulejobs = _("Scheduled Jobs"); echo <<<EOT <center> <table cellspacing="0" cellpadding="0" border="0" width="90%"><tr><td class="headerpr" style="border:0;">{$schedulejobs}</td></tr></table> <table cellspacing="2" width="90%" summary="Job Schedules" border=0 cellspacing="0" cellpadding="0"> EOT; if ($sortdir == "ASC") { $sortdir = "DESC"; } else { $sortdir = "ASC"; } $arr = array(_("Name"), _("Schedule Type"), _("Time"), _("Next Scan"), _("Status")); // modified by hsh to return all scan schedules if (in_array("admin", $arruser)) { $query = "SELECT t2.name as profile, t1.meth_TARGET, t1.id, t1.name, t1.schedule_type, t1.meth_VSET, t1.meth_TIMEOUT, t1.username, t1.enabled, t1.next_CHECK, t1.email\n FROM vuln_job_schedule t1 LEFT JOIN vuln_nessus_settings t2 ON t1.meth_VSET=t2.id "; } else { $query = "SELECT t2.name as profile, t1.meth_TARGET, t1.id, t1.name, t1.schedule_type, t1.meth_VSET, t1.meth_TIMEOUT, t1.username, t1.enabled, t1.next_CHECK, t1.email\n FROM vuln_job_schedule t1 LEFT JOIN vuln_nessus_settings t2 ON t1.meth_VSET=t2.id WHERE username in ('{$user}') "; } // if($viewall == 1) { // list all schedules // } else { // view only logged in users schedules // $query .= "where username='******' "; // } $query .= $sql_order; $result = $dbconn->execute($query); if ($result->EOF) { echo "<tr><td height='20' class='nobborder' style='text-align:center;'>" . _("No Scheduled Jobs") . "</td></tr>"; } if (!$result->EOF) { echo "<tr>"; foreach ($arr as $value) { echo "<th><a href=\"manage_jobs.php?sortby={$value}&sortdir={$sortdir}\">{$value}</a></th>"; } echo "<th>" . _("Action") . "</th></tr>"; } while (!$result->EOF) { list($profile, $targets, $schedid, $schedname, $schedtype, $sid, $timeout, $user, $schedstatus, $nextscan, $servers) = $result->fields; $tz = intval($tz); $nextscan = gmdate("Y-m-d H:i:s", Util::get_utc_unixtime($dbconn, $nextscan) + 3600 * $tz); preg_match("/\\d+\\-\\d+\\-\\d+\\s(\\d+:\\d+:\\d+)/", $nextscan, $found); $time = $found[1]; switch ($schedtype) { case "N": $stt = _("Once (Now)"); break; case "O": $stt = _("Once"); break; case "D": $stt = _("Daily"); break; case "W": $stt = _("Weekly"); break; case "M": $stt = _("Monthly"); break; case "Q": $stt = _("Quarterly"); break; case "H": $stt = _("On Hold"); break; case "NW": $stt = _("N<sup>th</sup> weekday of the month"); break; default: $stt = " "; break; } switch ($schedstatus) { case "1": $itext = _("Disable Scheduled Job"); $isrc = "images/stop2.png"; $ilink = "manage_jobs.php?disp=setstatus&schedid={$schedid}&enabled=0"; break; default: $itext = _("Enable Scheduled Job"); $isrc = "images/play.png"; $ilink = "manage_jobs.php?disp=setstatus&schedid={$schedid}&enabled=1"; break; } if ($schedstatus) { $txt_enabled = "<td><a href=\"{$ilink}\"><font color=\"green\">" . _("Enabled") . "</font></a></td>"; } else { $txt_enabled = "<td><a href=\"{$ilink}\"><font color=\"red\">" . _("Disabled") . "</font></a></td>"; } if (preg_match('/^\\d+$/', $user)) { list($entities_all, $num_entities) = Acl::get_entities($dbconn, $user); $user = $entities_all[$user]['name']; } echo <<<EOT <tr> EOT; if ($profile == "") { $profile = _("Default"); } echo "<td><a style=\"text-decoration:none;\" href=\"javascript:;\" txt=\"<b>" . _("Owner") . ":</b> {$user}<br><b>" . _("Server") . ":</b> {$servers}<br /><b>" . _("Scheduled Job ID") . ":</b> {$schedid}<br><b>" . _("Profile") . ":</b> {$profile}<br><b>" . _("Targets") . ":</b><br>" . tooltip_hosts($targets, $hosts) . "\" class=\"scriptinfo\">{$schedname}</a></td>"; ?> <td><?php echo $stt; ?> </td> <td><?php echo $time; ?> </td> <td><?php echo $nextscan; ?> </td> <?php echo <<<EOT {$txt_enabled} <td style="padding-top:2px;"><a href="{$ilink}"><img alt="{$itext}" src="{$isrc}" border=0 title="{$itext}"></a> EOT; echo "<a href='sched.php?disp=edit_sched&sched_id={$schedid}&hmenu=Vulnerabilities&smenu=Jobs'><img src='images/pencil.png' title='" . gettext("Edit Scheduled") . "'></a> "; echo "<a href='manage_jobs.php?disp=delete&schedid={$schedid}' onclick='return confirmDelete();'><img src='images/delete.gif' title='" . gettext("Delete Scheduled") . "'></a></td>"; echo <<<EOT </tr> EOT; $result->MoveNext(); } echo <<<EOT </table></center> EOT; echo "<br>"; if ($_GET['page'] != "") { $page = $_GET['page']; } else { $page = 1; } $pagesize = 10; if ($username == "admin") { $query = "SELECT count(id) as num FROM vuln_jobs"; } else { $query = "SELECT count(id) as num FROM vuln_jobs where username='******'"; } $result = $dbconn->Execute($query); $jobCount = $result->fields["num"]; $num_pages = ceil($jobCount / $pagesize); //echo "num_pages:[".$num_pages."]"; //echo "jobCount:[".$jobCount."]"; //echo "page:[".$page."]"; all_jobs(0, 10, "R"); // only running jobs ?> <br /> <?php $out = all_jobs(($page - 1) * $pagesize, $pagesize); ?> <table width="90%" align="center" class="transparent"> <tr><td style="text-align:center;padding-top:5px;" class="nobborder"> <a href="javascript:;" onclick="$('#legend').toggle();$('#message_show').toggle();$('#message_hide').toggle();" colspan="2"><img src="../pixmaps/arrow_green.gif" align="absmiddle" border="0"> <span id="message_show"><?php echo _("Show legend"); ?> </span> <span id="message_hide" style="display:none"><?php echo _("Hide legend"); ?> </span> </a> </td> <td class="nobborder" valign="top" style="padding-top:5px;"> <?php if ($out != 0 && $num_pages != 1) { if ($page == 1 && $page == $num_pages) { echo '<center><< ' . _("First") . ' <' . _(" Previous") . ' [' . $page . ' ' . _("of") . ' ' . $num_pages . '] ' . _("Next") . ' > ' . _("Last") . ' >></center>'; } elseif ($page == 1) { echo '<center><< ' . _("First") . ' < ' . _("Previous") . ' [' . $page . ' ' . _("of") . ' ' . $num_pages . '] <a href="manage_jobs.php?page=' . ($page + 1) . '">' . _("Next") . ' ></a> <a href="manage_jobs.php?page=' . $num_pages . '">' . _("Last") . ' >></a></center>'; } elseif ($page == $num_pages) { echo '<center><a href="manage_jobs.php?page=1"><< ' . _("First") . '</a> <a href="manage_jobs.php?page=' . ($page - 1) . '">< ' . _("Previous") . '</a> [' . $page . ' ' . _("of") . ' ' . $num_pages . '] ' . _("Next") . '> ' . _("Last") . ' >></center>'; } else { echo '<center><a href="manage_jobs.php?page=1"><< ' . _("First") . '</a> <a href="manage_jobs.php?page=' . ($page - 1) . '">< ' . _("Previous") . '</a> [' . $page . ' ' . _("of") . ' ' . $num_pages . '] <a href="manage_jobs.php?page=' . ($page + 1) . '">' . _("Next") . ' ></a> <a href="manage_jobs.php?page=' . $num_pages . '">' . _("Last") . ' >></a></center>'; } //echo "<br>"; } ?> </td> </tr> <tr> <td width="110" class="nobborder"> <table width="100%" cellpadding="3" cellspacing="3" id="legend" style="display:none;"> <tr> <th colspan="2" style="padding-right: 3px;"> <div style="float: left; width: 60%; text-align: right;padding-top:3px;"><b><?php echo _("Legend"); ?> </b></div> <div style="float: right; width: 18%; padding-top: 2px; padding-bottom: 2px; text-align: right;"><a style="cursor: pointer; text-align: right;" onclick="$('#legend').toggle();$('#message_show').toggle();$('#message_hide').toggle();"><img src="../pixmaps/cross-circle-frame.png" alt="Close" title="Close" align="absmiddle" border="0"></a></div> </th> </tr> <tr> <td bgcolor="#EFFFF7" style="border:1px solid #999999" width="25%"></td><td class="nobborder" width="75%" style="text-align:left;padding-left:7px;"><?php echo _("Completed"); ?> </td> </tr> <tr> <td bgcolor="#EFE1E0" style="border:1px solid #999999" width="25%"></td><td class="nobborder" width="75%" style="text-align:left;padding-left:7px;"><?php echo _("Failed"); ?> </td> </tr> <tr> <td bgcolor="#D1E7EF" style="border:1px solid #999999" width="25%"></td><td class="nobborder" width="75%" style="text-align:left;padding-left:7px;"><?php echo _("Running"); ?> </td> </tr> <tr> <td bgcolor="#DFF7FF" style="border:1px solid #999999" width="25%"></td><td class="nobborder" width="75%" style="text-align:left;padding-left:7px;"><?php echo _("Scheduled"); ?> </td> </tr> <tr> <td bgcolor="#FFFFDF" style="border:1px solid #999999" width="25%"></td><td class="nobborder" width="75%" style="text-align:left;padding-left:7px;"><?php echo _("Timeout"); ?> </td> </tr> </table> </td> <td class="nobborder"> </td> </tr> </table> <?php }
function main_page($viewall, $sortby, $sortdir) { global $uroles, $username, $dbconn, $hosts; global $arruser, $user; $dbconn->SetFetchMode(ADODB_FETCH_BOTH); $tz = Util::get_timezone(); if ($sortby == "") { $sortby = "id"; } if ($sortdir == "") { $sortdir = "DESC"; } $sql_order = "order by {$sortby} {$sortdir}"; if (Session::menu_perms("environment-menu", "EventsVulnerabilitiesScan")) { ?> <div style="width:50%; position: relative; height: 5px; float:left"> <div style="width:100%; position: absolute; top: -41px;left:0px;"> <div style="float:left; height:28px; margin:5px 5px 0px 0px;"> <a class="button" href="<?php echo Menu::get_menu_url(AV_MAIN_PATH . '/vulnmeter/sched.php?smethod=schedule&hosts_alive=1&scan_locally=1', 'environment', 'vulnerabilities', 'scan_jobs'); ?> "> <?php echo _("New Scan Job"); ?> </a> </div> <div style="float:left;height:28px;margin:5px 5px 0px -2px;"> <a class="greybox button av_b_secondary" href="import_nbe.php" title="<?php echo _("Import nbe file"); ?> "> <?php echo _("Import nbe file"); ?> </a> </div> </div> </div> <?php } if (intval($_GET['page']) != 0) { $page = intval($_GET['page']); } else { $page = 1; } $pagesize = 10; if ($username == "admin") { $query = "SELECT count(id) as num FROM vuln_jobs"; } else { $query = "SELECT count(id) as num FROM vuln_jobs where username='******'"; } $result = $dbconn->Execute($query); $jobCount = $result->fields["num"]; $num_pages = ceil($jobCount / $pagesize); //echo "num_pages:[".$num_pages."]"; //echo "jobCount:[".$jobCount."]"; //echo "page:[".$page."]"; if (Vulnerabilities::scanner_type() == "omp") { // We can display scan status with OMP protocol echo Vulnerabilities::get_omp_running_scans($dbconn); } else { // Nessus all_jobs(0, 10, "R"); } ?> <?php $schedulejobs = _("Scheduled Jobs"); echo <<<EOT <table style='margin-top:20px;' class='w100 transparent'><tr><td class='sec_title'>{$schedulejobs}</td></tr></table> <table summary="Job Schedules" class='w100 table_list'> EOT; if ($sortdir == "ASC") { $sortdir = "DESC"; } else { $sortdir = "ASC"; } $arr = array("name" => "Name", "schedule_type" => "Schedule Type", "time" => "Time", "next_CHECK" => "Next Scan", "enabled" => "Status"); // modified by hsh to return all scan schedules if (empty($arruser)) { $query = "SELECT t2.name as profile, t1.meth_TARGET, t1.id, t1.name, t1.schedule_type, t1.meth_VSET, t1.meth_TIMEOUT, t1.username, t1.enabled, t1.next_CHECK, t1.email\n FROM vuln_job_schedule t1 LEFT JOIN vuln_nessus_settings t2 ON t1.meth_VSET=t2.id "; } else { $query = "SELECT t2.name as profile, t1.meth_TARGET, t1.id, t1.name, t1.schedule_type, t1.meth_VSET, t1.meth_TIMEOUT, t1.username, t1.enabled, t1.next_CHECK, t1.email\n FROM vuln_job_schedule t1 LEFT JOIN vuln_nessus_settings t2 ON t1.meth_VSET=t2.id WHERE username in ({$user}) "; } $query .= $sql_order; $result = $dbconn->execute($query); if ($result->EOF) { echo "<tr><td class='empty_results' height='20' style='text-align:center;'>" . _("No Scheduled Jobs") . "</td></tr>"; } if (!$result->EOF) { echo "<tr>"; foreach ($arr as $order_by => $value) { echo "<th><a href=\"manage_jobs.php?sortby={$order_by}&sortdir={$sortdir}\">" . _($value) . "</a></th>"; } if (Session::menu_perms("environment-menu", "EventsVulnerabilitiesScan")) { echo "<th>" . _("Action") . "</th></tr>"; } } $colors = array("#FFFFFF", "#EEEEEE"); $color = 0; while (!$result->EOF) { list($profile, $targets, $schedid, $schedname, $schedtype, $sid, $timeout, $user, $schedstatus, $nextscan, $servers) = $result->fields; $name = Av_sensor::get_name_by_id($dbconn, $servers); $servers = $name != '' ? $name : "unknown"; $targets_to_resolve = explode("\n", $targets); $ttargets = array(); foreach ($targets_to_resolve as $id_ip) { if (preg_match("/^([a-f\\d]{32})#\\d+\\.\\d+\\.\\d+\\.\\d+\\/\\d{1,2}/i", $id_ip, $found) && Asset_net::is_in_db($dbconn, $found[1])) { $ttargets[] = preg_replace("/^([a-f\\d]{32})#/i", "", $id_ip) . " (" . Asset_net::get_name_by_id($dbconn, $found[1]) . ")"; } else { if (preg_match("/^([a-f\\d]{32})#\\d+\\.\\d+\\.\\d+\\.\\d+/i", $id_ip, $found) && Asset_host::is_in_db($dbconn, $found[1])) { $ttargets[] = preg_replace("/^([a-f\\d]{32})#/i", "", $id_ip) . " (" . Asset_host::get_name_by_id($dbconn, $found[1]) . ")"; } else { $ttargets[] = preg_replace("/[a-f\\d]{32}/i", "", $id_ip); } } } $targets = implode("<BR/>", $ttargets); $tz = intval($tz); $nextscan = gmdate("Y-m-d H:i:s", Util::get_utc_unixtime($nextscan) + 3600 * $tz); preg_match("/\\d+\\-\\d+\\-\\d+\\s(\\d+:\\d+:\\d+)/", $nextscan, $found); $time = $found[1]; switch ($schedtype) { case "N": $stt = _("Once (Now)"); break; case "O": $stt = _("Once"); break; case "D": $stt = _("Daily"); break; case "W": $stt = _("Weekly"); break; case "M": $stt = _("Monthly"); break; case "Q": $stt = _("Quarterly"); break; case "H": $stt = _("On Hold"); break; case "NW": $stt = _("N<sup>th</sup> weekday of the month"); break; default: $stt = " "; break; } switch ($schedstatus) { case "1": $itext = _("Disable Scheduled Job"); $isrc = "images/stop_task.png"; $ilink = "manage_jobs.php?disp=setstatus&schedid={$schedid}&enabled=0"; break; default: $itext = _("Enable Scheduled Job"); $isrc = "images/play_task.png"; $ilink = "manage_jobs.php?disp=setstatus&schedid={$schedid}&enabled=1"; break; } if (!Session::menu_perms("environment-menu", "EventsVulnerabilitiesScan")) { $ilink = "javascript:return false;"; } if ($schedstatus) { $txt_enabled = "<td><a href=\"{$ilink}\"><font color=\"green\">" . _("Enabled") . "</font></a></td>"; } else { $txt_enabled = "<td><a href=\"{$ilink}\"><font color=\"red\">" . _("Disabled") . "</font></a></td>"; } require_once 'classes/Security.inc'; if (valid_hex32($user)) { $user = Session::get_entity_name($dbconn, $user); } echo "<tr bgcolor=\"" . $colors[$color % 2] . "\">"; if ($profile == "") { $profile = _("Default"); } echo "<td><span class=\"tip\" title=\"<b>" . _("Owner") . ":</b> {$user}<br><b>" . _("Server") . ":</b> {$servers}<br /><b>" . _("Scheduled Job ID") . ":</b> {$schedid}<br><b>" . _("Profile") . ":</b> {$profile}<br><b>" . _("Targets") . ":</b><br>" . $targets . "\">{$schedname}</span></td>"; ?> <td><?php echo $stt; ?> </td> <td><?php echo $time; ?> </td> <td><?php echo $nextscan; ?> </td> <?php echo <<<EOT {$txt_enabled} <td style="padding-top:2px;"><a href="{$ilink}"><img alt="{$itext}" src="{$isrc}" border=0 title="{$itext}"></a> EOT; if (Session::menu_perms("environment-menu", "EventsVulnerabilitiesScan")) { echo "<a href='" . Menu::get_menu_url(AV_MAIN_PATH . '/vulnmeter/sched.php?disp=edit_sched&sched_id=' . $schedid, 'environment', 'vulnerabilities', 'scan_jobs') . "'><img src='images/pencil.png' title='" . _("Edit Scheduled") . "'></a> "; echo "<a href='manage_jobs.php?disp=delete&schedid={$schedid}' onclick='return confirmDelete();'><img src='images/delete.gif' title='" . gettext("Delete Scheduled") . "'></a>"; } echo "</td>"; echo <<<EOT </tr> EOT; $result->MoveNext(); $color++; } echo <<<EOT </table> EOT; ?> <br /> <?php $out = all_jobs(($page - 1) * $pagesize, $pagesize); ?> <table width="100%" align="center" class="transparent" cellspacing="0" cellpadding="0"> <tr> <td class="nobborder" valign="top" style="padding-top:5px;"> <div class="fright"> <?php if ($out != 0 && $num_pages != 1) { $page_url = "manage_jobs.php"; if ($page == 1 && $page == $num_pages) { echo '<a href="" class="link_paginate_disabled" onclick="return false">< ' . _("PREVIOUS") . '</a>'; echo '<a class="lmargin link_paginate_disabled" href="" onclick="return false">' . _("NEXT") . ' ></a>'; } elseif ($page == 1) { echo '<a href="" class="link_paginate_disabled" onclick="return false">< ' . _("PREVIOUS") . '</a>'; echo '<a class="lmargin" href="' . $page_url . '?page=' . ($page + 1) . '">' . _("NEXT") . ' ></a> '; } elseif ($page == $num_pages) { echo '<a href="' . $page_url . '?page=' . ($page - 1) . '">< ' . _("PREVIOUS") . '</a>'; echo '<a class="lmargin link_paginate_disabled" href="" onclick="return false">' . _("NEXT") . ' ></a>'; } else { echo '<a href="' . $page_url . '?page=' . ($page - 1) . '">< ' . _("PREVIOUS") . '</a><a class="lmargin" href="' . $page_url . '?page=' . ($page + 1) . '">' . _("NEXT") . ' ></a>'; } } ?> </div> </td> </tr> </table> <?php }
function SIEM_trends_hids($agent_ip) { include_once '../panel/sensor_filter.php'; require_once 'classes/Plugin.inc'; require_once 'classes/Util.inc'; require_once 'ossim_db.inc'; $tz = Util::get_timezone(); $tzc = Util::get_tzc($tz); $data = array(); $plugins = $plugins_sql = ""; $db = new ossim_db(); $dbconn = $db->connect(); $sensor_where = make_sensor_filter($dbconn); // Ossec filter $oss_p_id_name = Plugin::get_id_and_name($dbconn, "WHERE name LIKE 'ossec%'"); $plugins = implode(",", array_flip($oss_p_id_name)); $plugins_sql = "AND acid_event.plugin_id in ({$plugins})"; // Agent ip filter $agent_where = make_sid_filter($dbconn, $agent_ip); if ($agent_where == "") { $agent_where = "0"; } $sqlgraph = "SELECT COUNT(acid_event.sid) as num_events, day(convert_tz(timestamp,'+00:00','{$tzc}')) as intervalo, monthname(convert_tz(timestamp,'+00:00','{$tzc}')) as suf FROM snort.acid_event LEFT JOIN ossim.plugin ON acid_event.plugin_id=plugin.id WHERE sid in ({$agent_where}) AND timestamp BETWEEN '" . gmdate("Y-m-d 00:00:00", gmdate("U") - 604800) . "' AND '" . gmdate("Y-m-d 23:59:59") . "' {$plugins_sql} {$sensor_where} GROUP BY suf,intervalo ORDER BY suf,intervalo"; //print $sqlgraph; if (!($rg =& $dbconn->Execute($sqlgraph))) { return false; } else { while (!$rg->EOF) { $hours = $rg->fields["intervalo"] . " " . substr($rg->fields["suf"], 0, 3); $data[$hours] = $rg->fields["num_events"]; $rg->MoveNext(); } } $db->close($dbconn); return $data; }
function GetTimeProfile2($start_date, $end_date, $time_sep, $join, $where) { global $db, $cnt, $label_lst, $value_lst, $value_POST_lst, $debug_mode; // Timezone $tz = Util::get_timezone(); $tzc = Util::get_tzc($tz); $precision = $time_sep[0]; // group by date_format(timestamp, "%Y%m%d %H") switch ($precision) { case "hour": $format = "%Y%m%d %H"; break; case "day": $format = "%Y%m%d"; break; case "month": default: $format = "%Y%m"; break; } if ($where != "") { $sql = "select date_format(convert_tz(timestamp,'+00:00','{$tzc}'), \"{$format}\") as date, count(convert_tz(timestamp,'+00:00','{$tzc}')) as count from acid_event {$join} {$where} group by date"; } else { $sql = "select date_format(convert_tz(timestamp,'+00:00','{$tzc}'), \"{$format}\") as date, count(convert_tz(timestamp,'+00:00','{$tzc}')) as count from acid_event where timestamp between \"{$start_date}\" and \"{$end_date}\" + interval 1 day group by date"; } if ($debug_mode > 0) { echo $sql; } $result = $db->baseExecute($sql); while ($myrow = $result->baseFetchRow()) { $date_str = $myrow["date"]; $count = $myrow["count"]; $i_year = substr($date_str, 0, 4); $i_month = ""; $i_day = ""; $i_hour = ""; switch ($precision) { case "hour": $i_month = substr($date_str, 4, 2); $i_day = substr($date_str, 6, 2); $i_hour = substr($date_str, 9, 2); StoreAlertNum2($count, $i_month . "/" . $i_day . "/" . $i_year . " " . $i_hour . ":00:00 - " . $i_hour . ":59:59", $time_sep, $i_year, $i_month, $i_day, $i_hour); break; case "day": $i_month = substr($date_str, 4, 2); $i_day = substr($date_str, 6, 2); StoreAlertNum2($count, $i_month . "/" . $i_day . "/" . $i_year, $time_sep, $i_year, $i_month, $i_day, $i_hour); break; case "month": default: $i_month = substr($date_str, 4, 2); StoreAlertNum2($count, $i_month . "/" . $i_year, $time_sep, $i_year, $i_month, $i_day, $i_hour); $format = "%Y%m"; break; } } $result->baseFreeRows(); }
<td class="ne"><?php echo _("Number of IPs in the database"); ?> </td> <td class="grb"> <?php echo Util::number_format_locale($total, 0); ?> </td> </tr> <tr> <td class="ne"><?php echo _("Latest update"); ?> </td> <td class="grb"> <?php echo gmdate("Y-m-d H:i:s", filemtime($reputation->rep_file) + 3600 * Util::get_timezone()); ?> </td> </tr> </table> </div> <div class='otx_p_middle'> <div class='otx_p_title'><?php echo _("Malicious IPs by Activity"); ?> </div> <div id="chart" style="width:400px; height:220px"></div> </div> <div class='otx_p_right'>
// } arsort($countries); // Not found if (count($countries) == 0) { echo "<tr><td><table class='transparent' style='width:100%'><tr><td colspan='5' style='padding:6px'><b>"._("No external IP addresses were found in the SIEM events")."</b></td></tr></table></td></tr>\n"; } // Results else { echo '<br/><TABLE class="table_list">'; echo '<tr><th style="text-align:left" width="25%">Country</th> <th width="15%">' . gettext("Events") . " # <span class='idminfo' txt='".Util::timezone(Util::get_timezone())."'>(*)</span>". '</th> <th width="10%">' . gettext("Unique Src. #") . '</th> <th width="10%">' . gettext("Unique Dst. #") . '</th> <th></th></TR>'; $max_cnt = 1; $i = 0; foreach ($countries as $country=>$num) { if ($max_cnt == 1 && $num > 0) $max_cnt = $num; $data = $country_acc[$country]; if ($data['srcnum']+$data['dstnum'] == 0) $entry_width = 0; else $entry_width = round($data['events'] / $max_cnt * 100); if ($data['code']=="") $data['code']="unknown"; ?> <tr> <td style="padding:7px;text-align:left"><?=$data['flag']." ".$country?></td>
function submit_scan($op, $sched_id, $sname, $notify_email, $schedule_type, $ROYEAR, $ROMONTH, $ROday, $time_hour, $time_min, $dayofweek, $dayofmonth, $timeout, $SVRid, $sid, $tarSel, $ip_list, $ip_exceptions_list, $ip_start, $ip_end, $named_list, $cidr, $subnet, $system, $cred_type, $credid, $acc, $domain, $accpass, $acctype, $passtype, $passstore, $wpolicies, $wfpolicies, $upolicies, $custadd_type, $cust_plugins, $is_enabled, $hosts_alive, $scan_locally, $nthweekday, $semail, $not_resolve) { global $wdaysMap, $daysMap, $allowscan, $uroles, $username, $schedOptions, $adminmail, $mailfrom, $dbk, $dbconn; require_once "classes/Util.inc"; $tz = Util::get_timezone(); if (empty($ROYEAR)) { $ROYEAR = gmdate("Y"); } if (empty($ROMONTH)) { $ROMONTH = gmdate("m"); } if (empty($ROday)) { $ROday = gmdate("d"); } list($_y, $_m, $_d, $_h, $_u, $_s, $_time) = Util::get_utc_from_date($dbconn, "{$ROYEAR}-{$ROMONTH}-{$ROday} {$time_hour}:{$time_min}:00", $tz); $ROYEAR = $_y; $ROMONTH = $_m; $ROday = $_d; $time_hour = $_h; $time_min = $_u; if ($not_resolve == "1") { $resolve_names = 0; } else { $resolve_names = 1; } $notify_email = str_replace(";", ",", $notify_email); $requested_run = ""; $jobType = "M"; $recurring = False; $targets = array(); $time_value = ""; $profile_desc = getProfileName($sid); $target_list = ""; $need_authorized = ""; $request = ""; $plugs_list = "NULL"; $fk_name = "NULL"; $target_list = "NULL"; $tmp_target_list = ""; $jobs_names = array(); $sjobs_names = array(); //$I3crID = getCredentialId ( $cred_type, $passstore, $credid, $acc, $domain, $accpass, $acctype, $passtype ); $I3crID = ""; if ($hosts_alive == "1") { // option: Only scan hosts that are alive $I3crID = "1"; } else { $I3crID = "0"; } if ($custadd_type == "") { $custadd_type = "N"; } if ($custadd_type != "N" && $cust_plugins != "") { $plugs_list = ""; $vals = preg_split("/\\s+|\r\n|,|;/", $cust_plugins); foreach ($vals as $v) { $v = trim($v); if (strlen($v) > 0) { $plugs_list .= $v . "\n"; } } $plugs_list = "'" . $plugs_list . "'"; } /* echo <<<EOT <h3>Job Details:</h3> <center> <table> <tr><th align="right">Job Name</th><td>$sname</td></tr> <tr><th align="right">Notify</th><td>$notify_email</td></tr> <tr><th align="right">Timeout</th><td>$timeout</td></tr> <tr><th align="right">Profile</th><td>$profile_desc</td></tr> <tr><th></th><td> </td></tr> <tr><th align="right">Schedule Info</th><td> </td></tr> EOT;*/ //$arrTime = localtime((int)gmdate('U'), true); $arrTime = explode(":", gmdate('Y:m:d:w:H:i:s')); $year = $arrTime[0]; $mon = $arrTime[1]; $mday = $arrTime[2]; $wday = $arrTime[3]; $hour = $arrTime[4]; $min = $arrTime[5]; $sec = $arrTime[6]; $timenow = $hour . $min . $sec; if ($time_hour) { $hour = $time_hour; } if ($time_min) { $min = $time_min; } #echo "hour=$hour<br>"; #$hour = $hour - $tz_offset; #echo "offset=$tz_offset<br>hour=$hour<br>"; #if ( $hour < "0" ) { echo "change 1<br>"; $hour = $hour + 24; } #if ( $hour >= "24" ) { echo "change 2<br>"; $hour = $hour - 24; } #echo "hour_changed=$hour<br>"; $run_wday = $wdaysMap[$dayofweek]; #echo "run_day=$run_wday<br>dayofweek=$dayofweek<br>"; $run_time = sprintf("%02d%02d%02d", $time_hour, $time_min, "00"); $run_mday = $dayofmonth; $time_value = "{$time_hour}:{$time_min}:00"; //echo "schedule_type: ".$schedule_type; //echo "$run_time : $timenow\n"; exit(); $ndays = array("Sunday", "Monday", "Tuesday", "Wednesday", "Thursday", "Friday", "Saturday"); switch ($schedule_type) { case "N": $requested_run = gmdate("YmdHis"); $sched_message = "No reccurring Jobs Necessary"; break; case "O": $requested_run = sprintf("%04d%02d%02d%06d", $ROYEAR, $ROMONTH, $ROday, $run_time); $sched_message = "No reccurring Jobs Necessary"; //var_dump($schedule_type); $recurring = True; $reccur_type = "Run Once"; break; case "D": if ($run_time > $timenow) { $next_day = $year . $mon . $mday; } else { $next_day = gmdate("Ymd", strtotime("+1 day GMT", gmdate("U"))); } // next day $requested_run = sprintf("%08d%06d", $next_day, $run_time); $recurring = True; $sched_message = "Schedule Reccurring"; $reccur_type = "Daily"; break; case "W": if ($run_wday == $wday && $run_time > $timenow) { $next_day = $year . $mon . $mday; } else { $next_day = gmdate("Ymd", strtotime("next " . $ndays[$run_wday] . " GMT", gmdate("U"))); } // next week $requested_run = sprintf("%08d%06d", $next_day, $run_time); $recurring = True; $sched_message = "Schedule Reccurring"; $reccur_type = "Weekly"; break; case "M": if ($run_mday > $mday || $run_mday == $mday && $run_time > $timenow) { $next_day = $year . $mon . ($run_mday < 10 ? "0" : "") . $run_mday; // this month #echo "date selected is in the future<br>"; } else { $next_day = sprintf("%06d%02d", gmdate("Ym", strtotime("next month GMT", gmdate("U"))), $run_mday); #$next_day = gmdate("Ymd", mktime(0, 0, 0, date("m")+1, $run_mday, date("y"))); // next month #echo "date selected is in the past<br>"; } #echo "run_mday=$run_mday mday=$mday rtime=$run_time now=$timenow next_day=$next_day<br>"; $requested_run = sprintf("%08d%06d", $next_day, $run_time); $recurring = True; $sched_message = "Schedule Reccurring"; $reccur_type = "Montly"; break; case "NW": $dayweektonum = array("Mo" => 1, "Tu" => 2, "We" => 3, "Th" => 4, "Fr" => 5, "Sa" => 6, "Su" => 7); $next_day = nthweekdaymonth($year, gmdate("n"), 1, $dayweektonum[$dayofweek], $nthweekday); $requested_run = sprintf("%08d%06d", $next_day, $run_time); $dayofmonth = $nthweekday; $recurring = True; $sched_message = "Schedule Reccurring"; $reccur_type = "Nth weekday of the month"; break; default: break; } //if ( $schedule_type != "N" ){ //$requested_run = switchTime_TimeZone( $requested_run, "server" ); //} /* echo <<<EOT <tr><th align="right">Type</th><td>$schedOptions[$schedule_type]</td></tr> <tr><th align="right">First Occurrence</th><td>$requested_run</td></tr> <tr><th align="right">Recurring</th><td>$sched_message</td></tr> <tr><th align="right"> </th><td></td></tr> <tr><th colspan="2">Target Selection</th></tr> EOT;*/ switch ($tarSel) { case "1": #SINGLE $vals = preg_split("/\\s+|\r\n|;/", $ip_list); foreach ($vals as $v) { $v = trim($v); if (strlen($v) > 0) { array_push($targets, $v); } } break; case "2": #IP RANGE if ($ip_start || $ip_end) { if ($ip_start && $ip_end) { $targets = range2List($ip_start, $ip_end); } else { // echo "<tr><td colspan=2>incomplete target list</td></tr>"; } } break; case "3": #NAMED TARGET $vals = preg_split("/\\s+|\n|,|;/", $named_list); foreach ($vals as $v) { $v = trim($v); if (strlen($v) > 0) { $ip = gethostbyname($v); if (strlen($ip) > 0) { array_push($targets, $ip); } else { // echo "<tr><td colspan=2>$v Name could not be resolved</td></tr>"; } } } break; case "4": #SUBNET array_push($targets, $cidr); break; case "5": if ($uroles['auditAll'] && $subnet == "ALL") { array_push($targets, "all_live_subnets"); } else { array_push($targets, $subnet); } $fk_name = "'" . $subnet . "'"; break; case "6": #$query = "SELECT isso_email, admin_sys, admin_dba, admin_network from vuln_systems WHERE acronym='$system'"; #$result = $dbconn->Execute($query); #list( $isso_poc, $poc_sa, $poc_dba, $poc_network ) = $result->fields; $all_pocs = $isso_poc; if ($all_pocs != "" && $poc_sa != "") { $all_pocs .= ", {$poc_sa}"; } if ($all_pocs != "" && $poc_dba != "") { $all_pocs .= ", {$poc_dba}"; } if ($all_pocs != "" && $poc_network != "") { $all_pocs .= ", {$poc_network}"; } $notify_email = $all_pocs; $fk_name = "'" . $system . "'"; break; default: #INPUT FILE break; } if ($tarSel < "4") { foreach ($targets as $hostip) { if (!$allowscan && !inrange($hostip, $dbconn)) { $need_authorized .= $hostip . "\n"; } $tmp_target_list .= $hostip . "\n"; //echo "<tr><td colspan=2>$hostip</td></tr>"; } if ($need_authorized != "") { //echo "<tr><th colspan=2><font color=red>NOT IN APPROVED ZONE</font></th></tr>"; $html_needs_auth = str_replace("\n", "<br>", $need_authorized); //echo "<tr><td colspan=2>$html_needs_auth</td></tr>"; } } elseif ($tarSel == "4") { $tmp_target_list = $cidr; //echo "<tr><td colspan=2>$cidr</td></tr>"; } elseif ($tarSel == "6") { $jobType = "S"; if ($recurring == True) { #$tmp_target_list=""; #DO NOT PUT THE LIST OF IP'S IN UNTIL THE JOB STARTS FOR REOCCURING ( LIST MAY BE FREQUENT TO CHANGE ) } else { /*$query = "SELECT hostip from vuln_systems t1 LEFT JOIN vuln_system_hosts t2 on t2.sysID = t1.id WHERE t1.acronym='$system'"; $result = $dbconn->Execute($query); while ( !$result->EOF ) { list($hostip) = $result->fields; if ( strlen($hostip)>0) { $tmp_target_list .= "$hostip\n"; array_push($targets, $hostip ); } $result->MoveNext(); }*/ } // echo "<tr><td colspan=2>$system</td></tr>"; } else { $jobType = "C"; $tmp_target_list = $subnet; // echo "<tr><td colspan=2>$subnet</td></tr>"; } if (!($tarSel == "6" && $recurring == True) && count($targets) == 0) { // echo "<p><center><font color=red>Missing Host Selection or BAD LIST:$targets[0]<br><br></font>" // ."[ <a href=\"javascript:history.go(-1)\">Go Back</a> ]</center></p>"; //logAccess( "USER $username Fubared: Missing Host Selection or BAD LIST:$targets[0]" ); require_once "footer.php"; exit; } elseif (!$sname) { // echo "<p><center><font color=red>Missing or BAD SNAME:[$sname]<br><br></font>" // ."[ <a href=\"javascript:history.go(-1)\">Go Back</a> ]</center></p>"; //logAccess( "USER $username Fubared something on job name [$sname]" ); require_once "footer.php"; exit; } if ($subnet == "" or $subnet == "0") { $subnet = "Null"; } else { $subnet = "'{$subnet}'"; } if ($SVRid == "" or $SVRid == "Null") { $SVRid = "Null"; } else { $SVRid = "'{$SVRid}'"; } if ($tmp_target_list != "") { $target_list = "'" . $tmp_target_list . "'"; } $arrChecks = array("w" => $wpolicies, "f" => $wfpolicies, "u" => $upolicies); $arrAudits = array('w', 'f', 'u'); foreach ($arrChecks as $check => $policydata) { $i = 1; $audit_data = ""; if ($policydata) { if ($i <= 5) { foreach ($policydata as $policy) { $audit_data .= "{$policy}\n"; $i++; } } } if ($audit_data != "") { $arrAudits[$check] = "'{$audit_data}'"; } else { $arrAudits[$check] = "NULL"; } } $insert_time = gmdate("YmdHis"); // if ( $need_authorized != "" || !($uroles['nessus']) ) { // $jobType="R"; #REQUEST JOB // #DO not wrap $subnet / $SVRid with ticks '' as 'Null' is not Null // $query = "INSERT INTO vuln_jobs ( name, fk_name, username, job_TYPE, meth_SCHED, meth_TARGET, meth_CRED, // meth_VSET, meth_CUSTOM, meth_CPLUGINS, meth_Wcheck, meth_Wfile, meth_Ucheck, meth_TIMEOUT, scan_ASSIGNED, scan_SUBMIT, // scan_next, scan_PRIORITY, status, notify ) VALUES ( '$sname', $fk_name, '$username', '$jobType', '$schedule_type', $target_list, $I3crID, // '$sid', '$custadd_type', $plugs_list, $arrAudits[w], $arrAudits[f], $arrAudits[u], '$timeout', $SVRid, '$insert_time', // '$requested_run', '3' , 'H', '$notify_email' )"; // $request = "for Approval"; // $subject = "Scan request [$sname]"; // $message = "HELLO SOC TEAM, \tThe following User [ $username ] has requested a scan against:\n" // ." $target_list\n\nPlease Promptly Accept/Reject the request!" // ."Thank You\n\nThe SOC TEAM!\n"; // mail($adminmail, $subject, $message, "From: $mailfrom\nX-Mailer: PHP/" . phpversion()); // echo "needs authorization<br>"; //logAccess( "USER $username Submitted Scan Request [$sname]" ); // } else { require_once "classes/Host_sensor_reference.inc"; require_once "classes/Net_sensor_reference.inc"; require_once "classes/Net.inc"; require_once "classes/Scan.inc"; require_once "classes/Sensor.inc"; //Check Permissions $allowed = array(); $notallowed = array(); $ftargets = explode("\\r\\n", $target_list); foreach ($ftargets as $ftarget) { $ftarget = preg_replace("/\r|\n|\t|\\s|\\'/", "", $ftarget); $unresolved = !preg_match("/\\d+\\.\\d+\\.\\d+\\.\\d+/", $ftarget) && $not_resolve ? true : false; if (preg_match("/\\//", $ftarget) && Session::netAllowed($dbconn, Net::get_name_by_ip($dbconn, $ftarget))) { //, $username $allowed[] = $ftarget; } else { if (Session::hostAllowed($dbconn, $ftarget) || $unresolved) { // , $username $allowed[] = $ftarget; } else { $notallowed[] = $ftarget; } } } if (count($allowed) > 0) { $forced_server = ""; $all_sensors = array(); $sensor_list = Sensor::get_all($dbconn, "", false); foreach ($sensor_list as $s) { $all_sensors[$s->get_ip()] = $s->get_name(); } // force scanner if ($SVRid != "Null") { $query = "SELECT hostname FROM vuln_nessus_servers WHERE id={$SVRid}"; $result = $dbconn->execute($query); list($forced_server) = $result->fields; } elseif ($not_resolve) { $result = $dbconn->Execute("SELECT name,hostname FROM vuln_nessus_servers WHERE enabled=1"); while (!$result->EOF) { list($name, $hostname) = $result->fields; if (Session::sensorAllowed($hostname)) { $all_sensors[$hostname] = $name; } $result->MoveNext(); } } // remote nmap $rscan = new RemoteScan("", ""); if ($rscan->available_scan()) { $reports = $rscan->get_scans(); $ids = is_array($reports) ? array_keys($reports) : array(); } else { $ids = array(); } //if ($forced_server!="") $ids = array_merge(array($forced_server),$ids); //$tsjobs = explode("\\r\\n", $target_list); $sgr = array(); $unables = array(); $tsjobs = $allowed; foreach ($tsjobs as $tjobs) { $tjobs = preg_replace("/\r|\n|\t|\\s|\\'/", "", $tjobs); $unresolved = !preg_match("/\\d+\\.\\d+\\.\\d+\\.\\d+/", $tjobs) && $not_resolve ? true : false; if (preg_match("/\\//", $tjobs)) { $sensor = Net_sensor_reference::get_list_array($dbconn, $tjobs); } else { $sensor = Host_sensor_reference::get_list_array($dbconn, $tjobs); } if ($forced_server != "") { $sensor = array_merge(array($forced_server), $sensor); } if ($unresolved || Session::am_i_admin() && count($sensor) == 0 && $forced_server == "") { if ($unresolved) { foreach ($all_sensors as $sip => $unused) { $sensor[] = $sip; } } else { $local_ip = `grep framework_ip /etc/ossim/ossim_setup.conf | cut -f 2 -d "="`; $local_ip = trim($local_ip); $results = $dbconn->Execute("SELECT name FROM vuln_nessus_servers WHERE hostname like '{$local_ip}'"); if ($results->fields["name"] != "") { $sensor[] = $local_ip; } } } // reorder sensors with load if ($forced_server != "") { $sensor = Sensor::reorder_sensors($dbconn, $sensor); } // select best sensor with available nmap and vulnmeter $selected = array(); foreach ($sensor as $sen) { $properties = Sensor::get_properties($dbconn, $sen); $withnmap = in_array($all_sensors[$sen], $ids) || !$hosts_alive || $unresolved; //echo "$sen:".$all_sensors[$sen].":$withnmap || $scan_locally:".$properties["has_vuln_scanner"]." || $SVRid:$forced_server<br>\n"; if ((Session::sensorAllowed($sen) || $forced_server != "") && ($withnmap || $scan_locally) && ($properties["has_vuln_scanner"] || $forced_server != "")) { //$selected = ($SVRid!="Null" && $all_sensors[$sen]!="") ? $all_sensors[$sen] : $sen; //echo "sel:$selected<br>\n"; //break; $selected[] = $forced_server != "" ? $forced_server : $sen; } } if (count($selected) > 0) { $sgr[implode(",", array_unique($selected))][] = $tjobs; } else { $unables[] = $tjobs; } } $query = array(); /* if($tz!=0) { list ($y,$m,$d,$h,$u,$s,$time) = Util::get_utc_from_date($dbconn, $requested_run, $tz); $requested_run = $y.$m.$d.$h.$u.$s; }*/ if ($op == "editrecurring" && $sched_id > 0) { $query[] = "DELETE FROM vuln_job_schedule WHERE id='{$sched_id}'"; $i = 1; foreach ($sgr as $notify_sensor => $targets) { $target_list = implode("\n", $targets); $target_list .= "\n" . implode("\n", $ip_exceptions_list); $query[] = "INSERT INTO vuln_job_schedule ( name, username, fk_name, job_TYPE, schedule_type, day_of_week, day_of_month, \n time, email, meth_TARGET, meth_CRED, meth_VSET, meth_CUSTOM, meth_CPLUGINS, meth_Wcheck, meth_Wfile, \n meth_Ucheck, meth_TIMEOUT, scan_ASSIGNED, next_CHECK, createdate, enabled, resolve_names ) VALUES ( '{$sname}', '{$username}', '" . Session::get_session_user() . "', '{$jobType}',\n '{$schedule_type}', '{$dayofweek}', '{$dayofmonth}', '{$time_value}', '{$notify_sensor}', '{$target_list}',\n {$I3crID}, '{$sid}', '{$custadd_type}', {$plugs_list}, {$arrAudits['w']}, {$semail}, '{$scan_locally}',\n '{$timeout}', {$SVRid}, '{$requested_run}', '{$insert_time}', '1', '{$resolve_names}' ) "; $sjobs_names[] = $sname . $i; $i++; } } elseif ($recurring) { $i = 1; foreach ($sgr as $notify_sensor => $targets) { $target_list = implode("\n", $targets); $target_list .= "\n" . implode("\n", $ip_exceptions_list); $query[] = "INSERT INTO vuln_job_schedule ( name, username, fk_name, job_TYPE, schedule_type, day_of_week, day_of_month, \n time, email, meth_TARGET, meth_CRED, meth_VSET, meth_CUSTOM, meth_CPLUGINS, meth_Wcheck, meth_Wfile, \n meth_Ucheck, meth_TIMEOUT, scan_ASSIGNED, next_CHECK, createdate, enabled, resolve_names ) VALUES ( '{$sname}', '{$username}', '" . Session::get_session_user() . "', '{$jobType}',\n '{$schedule_type}', '{$dayofweek}', '{$dayofmonth}', '{$time_value}', '{$notify_sensor}', '{$target_list}',\n {$I3crID}, '{$sid}', '{$custadd_type}', {$plugs_list}, {$arrAudits['w']}, {$semail}, '{$scan_locally}',\n '{$timeout}', {$SVRid}, '{$requested_run}', '{$insert_time}', '1', '{$resolve_names}' ) "; $sjobs_names[] = $sname . $i; $i++; } } else { $i = 1; foreach ($sgr as $notify_sensor => $targets) { $target_list = implode("\n", $targets); $target_list .= "\n" . implode("\n", $ip_exceptions_list); $query[] = "INSERT INTO vuln_jobs ( name, username, fk_name, job_TYPE, meth_SCHED, meth_TARGET, meth_CRED,\n meth_VSET, meth_CUSTOM, meth_CPLUGINS, meth_Wcheck, meth_Wfile, meth_Ucheck, meth_TIMEOUT, scan_ASSIGNED,\n scan_SUBMIT, scan_next, scan_PRIORITY, status, notify, authorized, author_uname, resolve_names ) VALUES ( '{$sname}',\n '{$username}', '" . Session::get_session_user() . "', '{$jobType}', '{$schedule_type}', '{$target_list}', {$I3crID}, '{$sid}', '{$custadd_type}', {$plugs_list},\n {$arrAudits['w']}, {$semail}, {$arrAudits['u']}, '{$timeout}', {$SVRid}, '{$insert_time}', '{$requested_run}', '3',\n 'S', '{$notify_sensor}', '{$scan_locally}', 'ACL', '{$resolve_names}' ) "; $jobs_names[] = $sname . $i; $i++; } } $query_insert_time = gen_strtotime($insert_time, ""); foreach ($query as $sql) { $error_updating = false; $error_inserting = false; $sql = str_replace(", ',", ", '',", str_replace("''", "'", $sql)); if ($dbconn->execute($sql) === false) { echo _("Error creating scan job") . ": " . $dbconn->ErrorMsg(); if ($op == "editrecurring") { $error_updating = true; } else { $error_creating = true; } } else { if ($op == "editrecurring" && !$error_updating) { echo "<br><center>" . _("Successfully Updated Recurring Job") . "</center>"; if (count($notallowed) == 0 && count($unables) == 0) { ?> <script type="text/javascript"> //<![CDATA[ document.location.href='manage_jobs.php?hmenu=Vulnerabilities&smenu=Jobs'; //]]> </script><?php } //logAccess( "Updated Recurring Job [ $jid ]" ); } elseif (!$error_creating) { echo "<br><center>" . _("Successfully Submitted Job") . " {$request}</center>"; //logAccess( "Submitted Job [ $jid ] $request" ); foreach ($jobs_names as $job_name) { $infolog = array($job_name); Log_action::log(66, $infolog); } foreach ($sjobs_names as $job_name) { $infolog = array($job_name); Log_action::log(67, $infolog); } if (count($notallowed) == 0 && count($unables) == 0) { ?> <script type="text/javascript"> //<![CDATA[ document.location.href='manage_jobs.php?hmenu=Vulnerabilities&smenu=Jobs'; //]]> </script><?php } } else { echo "<br><center>" . _("Failed Job Creation") . "</center>"; //logAccess( "Failed Job Creation" ); if (count($notallowed) == 0 && count($unables) == 0) { ?> <script type="text/javascript"> //<![CDATA[ document.location.href='manage_jobs.php?hmenu=Vulnerabilities&smenu=Jobs'; //]]> </script><?php } } } } } //end count($alowed)>0 if (count($notallowed) > 0 || count($unables) > 0) { echo "<center>"; echo "<table class=\"noborder\" width=\"400\" style=\"background-color:transparent;\">"; echo "<tr><td class=\"nobborder\" style=\"text-align:left;\"><b>" . _("Errors Found") . ":</b></td></tr>"; if (count($notallowed) > 0) { if (!preg_match("/^\\d+\$/", $username)) { echo "<tr><td class=\"nobborder\" style=\"text-align:left;\">" . _("User") . " <b>{$username}</b> " . _("is not allowed for the following targets") . ":</td></tr>"; } else { $entity_query = "SELECT name FROM acl_entities WHERE id={$username}"; $result = $dbconn->execute($entity_query); list($username) = $result->fields; echo "<tr><td class=\"nobborder\" style=\"text-align:left;\">" . _("Entiy") . " <b>{$username}</b> " . _("is not allowed for the following targets") . ":</td></tr>"; } foreach ($notallowed as $target) { echo "<tr><td class=\"nobborder\" style=\"text-align:left;padding-left:5px;\">- <b>{$target}</b></tr>"; } echo "<tr height=\"30\"><td class=\"nobborder\"> </td></tr>"; } if (count($unables) > 0) { echo "<tr><td class=\"nobborder\" style=\"text-align:left;\">" . _("No remote vulnerability scanners available for the following targets") . ":</td></tr>"; foreach ($unables as $target) { echo "<tr><td class=\"nobborder\" style=\"text-align:left;padding-left:5px;\">- <b>{$target}</b></tr>"; } echo "<tr height=\"30\"><td class=\"nobborder\"> </td></tr>"; } echo "<tr><td class=\"nobborder\" style=\"text-align:center;\">"; echo "<form action=\"sched.php\" method=\"post\">"; ?> <input type="hidden" name="sname" value="<?php echo $sname; ?> "/> <?php $SVRid = str_replace("'", "", $SVRid); ?> <input type="hidden" name="SVRid" value="<?php echo $SVRid; ?> "/> <input type="hidden" name="sid" value="<?php echo $sid; ?> "/> <input type="hidden" name="timeout" value="<?php echo $timeout; ?> "/> <input type="hidden" name="schedule_type" value="<?php echo $schedule_type; ?> "/> <input type="hidden" name="ROYEAR" value="<?php echo $ROYEAR; ?> "/> <input type="hidden" name="ROMONTH" value="<?php echo $ROMONTH; ?> "/> <input type="hidden" name="ROday" value="<?php echo $ROday; ?> "/> <input type="hidden" name="time_hour" value="<?php echo $time_hour; ?> "/> <input type="hidden" name="time_min" value="<?php echo $time_min; ?> "/> <input type="hidden" name="dayofweek" value="<?php echo $dayofweek; ?> "/> <input type="hidden" name="nthweekday" value="<?php echo $nthweekday; ?> "/> <input type="hidden" name="dayofmonth" value="<?php echo $dayofmonth; ?> "/> <input type="hidden" name="ip_list" value="<?php echo str_replace("\\r\\n", ";;", $ip_list); ?> "/> <?php if (is_numeric($username)) { ?> <input type="hidden" name="entity" value="<?php echo $username; ?> "/> <?php } else { ?> <input type="hidden" name="user" value="<?php echo $username; ?> "/> <?php } ?> <input type="hidden" name="hosts_alive" value="<?php echo $hosts_alive; ?> "/> <input type="hidden" name="scan_locally" value="<?php echo $scan_locally; ?> "/> <input type="hidden" name="semail" value="<?php echo $semail; ?> "/> <input type="hidden" name="not_resolve" value="<?php echo $not_resolve; ?> "/> <?php echo "<input type=\"submit\" value=\"" . _("Back") . "\" class=\"button\"/> "; echo "<input value=\"" . _("Continue") . "\" class=\"button\" type=\"button\" onclick=\"document.location.href='manage_jobs.php?hmenu=Vulnerabilities&smenu=Jobs'\"></form>"; echo "</td></tr>"; echo "</table>"; echo "</center>"; } echo "</b></center>"; }
function submit_scan($vuln_op, $sched_id, $sname, $notify_email, $schedule_type, $ROYEAR, $ROMONTH, $ROday, $time_hour, $time_min, $dayofweek, $dayofmonth, $timeout, $SVRid, $sid, $tarSel, $ip_list, $ip_exceptions_list, $ip_start, $ip_end, $named_list, $cidr, $subnet, $system, $cred_type, $credid, $acc, $domain, $accpass, $acctype, $passtype, $passstore, $wpolicies, $wfpolicies, $upolicies, $custadd_type, $cust_plugins, $is_enabled, $hosts_alive, $scan_locally, $nthweekday, $semail, $not_resolve, $time_interval, $biyear, $bimonth, $biday, $ssh_credential = "", $smb_credential = "") { global $wdaysMap, $daysMap, $allowscan, $uroles, $username, $schedOptions, $adminmail, $mailfrom, $dbk, $dbconn; // credentials $credentials = $ssh_credential . "|" . $smb_credential; $btime_hour = $time_hour; // save local time $btime_min = $time_min; $bbiyear = $biyear; $bbimonth = $bimonth; $bbiday = $biday; $tz = Util::get_timezone(); if ($schedule_type == "O") { // date and time for run once if (empty($ROYEAR)) { $ROYEAR = gmdate("Y"); } if (empty($ROMONTH)) { $ROMONTH = gmdate("m"); } if (empty($ROday)) { $ROday = gmdate("d"); } list($_y, $_m, $_d, $_h, $_u, $_s, $_time) = Util::get_utc_from_date($dbconn, "{$ROYEAR}-{$ROMONTH}-{$ROday} {$time_hour}:{$time_min}:00", $tz); $ROYEAR = $_y; $ROMONTH = $_m; $ROday = $_d; $time_hour = $_h; $time_min = $_u; } else { if ($schedule_type == "D" || $schedule_type == "W" || $schedule_type == "M" || $schedule_type == "NW") { // date and time for Daily, Day of Week, Day of month, Nth weekday of month list($b_y, $b_m, $b_d, $b_h, $b_u, $b_s, $b_time) = Util::get_utc_from_date($dbconn, "{$biyear}-{$bimonth}-{$biday} {$time_hour}:{$time_min}:00", $tz); $biyear = $b_y; $bimonth = $b_m; $biday = $b_d; $time_hour = $b_h; $time_min = $b_u; } } if ($not_resolve == "1") { $resolve_names = 0; } else { $resolve_names = 1; } $notify_email = str_replace(";", ",", $notify_email); $requested_run = ""; $jobType = "M"; $recurring = False; $targets = array(); $time_value = ""; $profile_desc = getProfileName($sid); $target_list = ""; $need_authorized = ""; $request = ""; $plugs_list = "NULL"; $fk_name = "NULL"; $target_list = "NULL"; $tmp_target_list = ""; $jobs_names = array(); $sjobs_names = array(); $I3crID = ""; if ($hosts_alive == "1") { // option: Only scan hosts that are alive $I3crID = "1"; } else { $I3crID = "0"; } // if ( $custadd_type == "" ) { $custadd_type = "N"; } // if ( $custadd_type != "N" && $cust_plugins != "" ) { // $plugs_list=""; // $vals=preg_split( "/\s+|\r\n|,|;/", $cust_plugins ); // foreach($vals as $v) { // $v=trim($v); // if ( strlen($v)>0 ) { // $plugs_list .= $v . "\n"; // } // } // $plugs_list = "'".$plugs_list."'"; // } if ($schedule_type != "N") { // current datetime in UTC $arrTime = explode(":", gmdate('Y:m:d:w:H:i:s')); $year = $arrTime[0]; $mon = $arrTime[1]; $mday = $arrTime[2]; $wday = $arrTime[3]; $hour = $arrTime[4]; $min = $arrTime[5]; $sec = $arrTime[6]; $timenow = $hour . $min . $sec; $run_wday = $wdaysMap[$dayofweek]; $run_time = sprintf("%02d%02d%02d", $time_hour, $time_min, "00"); $run_mday = $dayofmonth; $time_value = "{$time_hour}:{$time_min}:00"; $ndays = array("Sunday", "Monday", "Tuesday", "Wednesday", "Thursday", "Friday", "Saturday"); $begin_in_seconds = mktime($bihour, $bimin, 0, $bimonth, $biday, $biyear); // selected datetime by user in UTC $current_in_seconds = mktime($hour, $min, 0, $mon, $mday, $year); // current datetime in UTC if (strlen($bimonth) == 1) { $bimonth = "0" . $bimonth; } if (strlen($biday) == 1) { $biday = "0" . $biday; } } switch ($schedule_type) { case "N": $requested_run = gmdate("YmdHis"); $sched_message = "No reccurring Jobs Necessary"; break; case "O": $requested_run = sprintf("%04d%02d%02d%06d", $ROYEAR, $ROMONTH, $ROday, $run_time); //error_log("O-> $requested_run\n" ,3,"/tmp/sched.log"); $sched_message = "No reccurring Jobs Necessary"; $recurring = True; $reccur_type = "Run Once"; break; case "D": if ($begin_in_seconds > $current_in_seconds) { $next_day = $biyear . $bimonth . $biday; // selected date by user } else { if ($run_time > $timenow) { $next_day = $year . $mon . $mday; } else { $next_day = gmdate("Ymd", strtotime("+1 day GMT", gmdate("U"))); } // next day } $requested_run = sprintf("%08d%06d", $next_day, $run_time); //error_log("D-> $requested_run\n" ,3,"/tmp/sched.log"); $recurring = True; $sched_message = "Schedule Reccurring"; $reccur_type = "Daily"; break; case "W": if ($begin_in_seconds > $current_in_seconds) { // if it is a future date $wday = date("w", mktime(0, 0, 0, $bimonth, $biday, $biyear)); // make week day for begin day if ($run_wday == $wday) { $next_day = $biyear . $bimonth . $biday; // selected date by user } else { $next_day = gmdate("Ymd", strtotime("next " . $ndays[$run_wday] . " GMT", mktime(0, 0, 0, $bimonth, $biday, $biyear))); } } else { if ($run_wday == $wday && $run_time > $timenow || $run_wday > $wday) { $next_day = $year . $mon . $mday; } else { $next_day = gmdate("Ymd", strtotime("next " . $ndays[$run_wday] . " GMT", gmdate("U"))); } // next week } preg_match("/(\\d{4})(\\d{2})(\\d{2})/", $next_day, $found); list($b_y, $b_m, $b_d, $b_h, $b_u, $b_s, $b_time) = Util::get_utc_from_date($dbconn, $found[1] . "-" . $found[2] . "-" . $found[3] . " {$btime_hour}:{$btime_min}:00", $tz); $requested_run = sprintf("%04d%02d%02d%02d%02d%02d", $b_y, $b_m, $b_d, $b_h, $b_u, "00"); //error_log("W-> $requested_run\n" ,3,"/tmp/sched.log"); $recurring = True; $sched_message = "Schedule Reccurring"; $reccur_type = "Weekly"; break; case "M": if ($begin_in_seconds > $current_in_seconds) { // if it is a future date if ($run_mday >= $biday) { $next_day = $biyear . $bimonth . ($run_mday < 10 ? "0" : "") . $run_mday; // this month } else { $next_day = sprintf("%06d%02d", gmdate("Ym", strtotime("next month GMT", mktime(0, 0, 0, $bimonth, $biday, $biyear))), $run_mday); } } else { if ($run_mday > $mday || $run_mday == $mday && $run_time > $timenow) { $next_day = $year . $mon . ($run_mday < 10 ? "0" : "") . $run_mday; // this month } else { $next_day = sprintf("%06d%02d", gmdate("Ym", strtotime("next month GMT", gmdate("U"))), $run_mday); } } preg_match("/(\\d{4})(\\d{2})(\\d{2})/", $next_day, $found); list($b_y, $b_m, $b_d, $b_h, $b_u, $b_s, $b_time) = Util::get_utc_from_date($dbconn, $found[1] . "-" . $found[2] . "-" . $found[3] . " {$btime_hour}:{$btime_min}:00", $tz); $requested_run = sprintf("%04d%02d%02d%02d%02d%02d", $b_y, $b_m, $b_d, $b_h, $b_u, "00"); //error_log("M-> $requested_run $begin_in_seconds $current_in_seconds\n" ,3,"/tmp/sched.log"); $recurring = True; $sched_message = "Schedule Reccurring"; $reccur_type = "Montly"; break; case "NW": if ($begin_in_seconds > $current_in_seconds) { // if it is a future date $array_time = array('month' => $bbimonth, 'day' => $bbiday, 'year' => $bbiyear); $requested_run = weekday_month(strtolower($daysMap[$dayofweek]), $nthweekday, $btime_hour, $btime_min, $array_time); } else { $requested_run = weekday_month(strtolower($daysMap[$dayofweek]), $nthweekday, $btime_hour, $btime_min); } preg_match("/(\\d{4})(\\d{2})(\\d{2})(\\d{2})(\\d{2})(\\d{2})/", $requested_run, $found); list($b_y, $b_m, $b_d, $b_h, $b_u, $b_s, $b_time) = Util::get_utc_from_date($dbconn, $found[1] . "-" . $found[2] . "-" . $found[3] . " " . $found[4] . ":" . $found[5] . ":00", $tz); $requested_run = sprintf("%04d%02d%02d%02d%02d%02d", $b_y, $b_m, $b_d, $b_h, $b_u, "00"); //error_log("NW-> $requested_run\n" ,3,"/tmp/sched.log"); $dayofmonth = $nthweekday; $recurring = True; $sched_message = "Schedule Reccurring"; $reccur_type = "Nth weekday of the month"; break; default: break; } $insert_time = gmdate("YmdHis"); if (!empty($_SESSION["_vuln_targets"]) && count($_SESSION["_vuln_targets"]) > 0) { $arr_ctx = array(); $sgr = array(); foreach ($_SESSION["_vuln_targets"] as $target_selected => $server_id) { $sgr[$server_id][] = $target_selected; if (preg_match("/^\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\/\\d{1,2}\$/i", $target_selected)) { $related_ctxs = array_values(Asset_net::get_id_by_ips($dbconn, $target_selected)); if (is_array($related_ctxs) && count($related_ctxs) > 0) { $arr_ctx[$target_selected] = key(array_shift($related_ctxs)); } } else { if (preg_match("/^\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\$/i", $target_selected)) { $related_ctxs = array_values(Asset_host::get_id_by_ips($dbconn, $target_selected)); if (is_array($related_ctxs) && count($related_ctxs) > 0) { $arr_ctx[$target_selected] = key(array_shift($related_ctxs)); // to assign a ctx for a IP } } else { if (valid_hostname($target_selected) || valid_fqdns($target_selected)) { $filters = array('where' => "hostname like '{$target_selected}' OR fqdns like '{$target_selected}'"); $_hosts_data = Asset_host::get_basic_list($dbconn, $filters); $host_list = $_hosts_data[1]; if (count($host_list) > 0) { $first_host = array_shift($host_list); $hips = explode(",", $first_host['ips']); foreach ($hips as $hip) { $hip = trim($hip); $arr_ctx[$hip] = $first_host['ctx']; } } } } } } ossim_clean_error(); unset($_SESSION["_vuln_targets"]); // clean scan targets $query = array(); $IP_ctx = array(); foreach ($arr_ctx as $aip => $actx) { $IP_ctx[] = $actx . "#" . $aip; } if ($vuln_op == "editrecurring" && $sched_id > 0) { $query[] = "DELETE FROM vuln_job_schedule WHERE id='{$sched_id}'"; $i = 1; foreach ($sgr as $notify_sensor => $targets) { $target_list = implode("\n", $targets); $target_list .= "\n" . implode("\n", $ip_exceptions_list); $query[] = "INSERT INTO vuln_job_schedule ( name, username, fk_name, job_TYPE, schedule_type, day_of_week, day_of_month, \n time, email, meth_TARGET, meth_CRED, meth_VSET, meth_CUSTOM, meth_CPLUGINS, meth_Wfile, \n meth_Ucheck, meth_TIMEOUT, next_CHECK, createdate, enabled, resolve_names, time_interval, IP_ctx, credentials) VALUES ( '{$sname}', '{$username}', '" . Session::get_session_user() . "', '{$jobType}',\n '{$schedule_type}', '{$dayofweek}', '{$dayofmonth}', '{$time_value}', '{$notify_sensor}', '{$target_list}',\n {$I3crID}, '{$sid}', '{$custadd_type}', {$plugs_list}, {$semail}, '{$scan_locally}',\n '{$timeout}', '{$requested_run}', '{$insert_time}', '1', '{$resolve_names}' ,'{$time_interval}', '" . implode("\n", $IP_ctx) . "', '{$credentials}') "; $sjobs_names[] = $sname . $i; $i++; } } elseif ($recurring) { $i = 1; foreach ($sgr as $notify_sensor => $targets) { $target_list = implode("\n", $targets); $target_list .= "\n" . implode("\n", $ip_exceptions_list); $query[] = "INSERT INTO vuln_job_schedule ( name, username, fk_name, job_TYPE, schedule_type, day_of_week, day_of_month, \n time, email, meth_TARGET, meth_CRED, meth_VSET, meth_CUSTOM, meth_CPLUGINS, meth_Wfile, \n meth_Ucheck, meth_TIMEOUT, scan_ASSIGNED, next_CHECK, createdate, enabled, resolve_names, time_interval, IP_ctx, credentials) VALUES ( '{$sname}', '{$username}', '" . Session::get_session_user() . "', '{$jobType}',\n '{$schedule_type}', '{$dayofweek}', '{$dayofmonth}', '{$time_value}', '{$notify_sensor}', '{$target_list}',\n {$I3crID}, '{$sid}', '{$custadd_type}', {$plugs_list}, {$semail}, '{$scan_locally}',\n '{$timeout}', '{$SVRid}', '{$requested_run}', '{$insert_time}', '1', '{$resolve_names}' , '{$time_interval}', '" . implode("\n", $IP_ctx) . "', '{$credentials}') "; $sjobs_names[] = $sname . $i; $i++; } } else { $i = 1; foreach ($sgr as $notify_sensor => $targets) { $target_list = implode("\n", $targets); $target_list .= "\n" . implode("\n", $ip_exceptions_list); $query[] = "INSERT INTO vuln_jobs ( name, username, fk_name, job_TYPE, meth_SCHED, meth_TARGET, meth_CRED,\n meth_VSET, meth_CUSTOM, meth_CPLUGINS, meth_Wfile, meth_TIMEOUT, scan_ASSIGNED,\n scan_SUBMIT, scan_next, scan_PRIORITY, status, notify, authorized, author_uname, resolve_names, credentials ) VALUES ( '{$sname}',\n '{$username}', '" . Session::get_session_user() . "', '{$jobType}', '{$schedule_type}', '{$target_list}', {$I3crID}, '{$sid}', '{$custadd_type}', {$plugs_list},\n {$semail}, '{$timeout}', '{$SVRid}', '{$insert_time}', '{$requested_run}', '3',\n 'S', '{$notify_sensor}', '{$scan_locally}', '" . implode("\n", $IP_ctx) . "', '{$resolve_names}' , '{$credentials}') "; // echo "$query1"; // die(); $jobs_names[] = $sname . $i; $i++; } } $query_insert_time = gen_strtotime($insert_time, ""); foreach ($query as $sql) { $error_updating = false; $error_inserting = false; if ($dbconn->execute($sql) === false) { echo _("Error creating scan job") . ": " . $dbconn->ErrorMsg(); if ($vuln_op == "editrecurring") { $error_updating = true; } else { $error_creating = true; } } else { $config_nt = array('content' => "", 'options' => array('type' => "nf_success", 'cancel_button' => false), 'style' => 'width: 40%; margin: 20px auto; text-align: center;'); if ($vuln_op == "editrecurring" && !$error_updating) { $config_nt["content"] = _("Successfully Updated Recurring Job"); $nt = new Notification('nt_1', $config_nt); $nt->show(); } elseif (!$error_creating) { $config_nt["content"] = _("Successfully Submitted Job"); $nt = new Notification('nt_1', $config_nt); $nt->show(); //logAccess( "Submitted Job [ $jid ] $request" ); foreach ($jobs_names as $job_name) { $infolog = array($job_name); Log_action::log(66, $infolog); } foreach ($sjobs_names as $job_name) { $infolog = array($job_name); Log_action::log(67, $infolog); } } else { echo "<br><center>" . _("Failed Job Creation") . "</center>"; } ?> <script type="text/javascript"> //<![CDATA[ document.location.href='<?php echo Menu::get_menu_url(AV_MAIN_PATH . '/vulnmeter/manage_jobs.php', 'environment', 'vulnerabilities', 'scan_jobs'); ?> '; //]]> </script> <?php } } } // count($_SESSION["_vuln_targets"])>0 echo "</b></center>"; }
function reportsummary() { //GENERATE REPORT SUMMARY global $user, $border, $report_id, $scantime, $scantype, $fp, $nfp, $output, $filterip, $query_risk, $dbconn, $pluginid; global $treport, $sid, $ipl; $tz = Util::get_timezone(); $htmlsummary = ""; if ($treport == "latest" || $ipl != "") { $query = "SELECT t2.id, t1.username, t1.name, t2.name, t2.description, t4.hostname as host_name \n FROM vuln_nessus_latest_reports t1\n LEFT JOIN vuln_nessus_settings t2 on t1.sid=t2.id\n LEFT JOIN host t4 ON t4.ip=inet_ntoa(t1.report_id)\n WHERE " . ($ipl != "all" ? "t1.report_id in ({$report_id}) and " : "") . "t1.sid in ({$sid}) AND t1.username in ('{$user}')\n order by t1.scantime DESC"; } else { $query = "SELECT t2.id, t1.username, t1.name, t2.name, t2.description \n FROM vuln_jobs t1\n LEFT JOIN vuln_nessus_settings t2 on t1.meth_VSET=t2.id\n WHERE t1.report_id in ({$report_id}) AND t1.username in('{$user}')\n order by t1.SCAN_END DESC"; } $result = $dbconn->execute($query); //print_r($query); if ($treport == "latest" || $ipl != "") { //list( $id_profile, $query_uid, $job_name, $profile_name, $profile_desc, $host_name ) =$result->fields; $lprofiles = array(); $tmp_profiles = array(); while (list($id_profile, $query_uid, $job_name, $profile_name, $profile_desc, $host_name) = $result->fields) { if ($host_name != "" && $host_name != long2ip($report_id)) { $phost_name = "{$host_name} (" . long2ip($report_id) . ")"; } else { $phost_name = long2ip($report_id); } $lprofiles[] = "{$profile_name} - {$profile_desc}"; $tmp_profiles[] = $id_profile; $result->MoveNext(); } $profiles = implode("<br>", $lprofiles); $id_profile = implode(", ", $tmp_profiles); } else { list($id_profile, $query_uid, $job_name, $profile_name, $profile_desc) = $result->fields; if ($job_name == "") { // imported report $query_imported_report = "SELECT name FROM vuln_nessus_reports WHERE scantime='{$scantime}'"; $result_imported_report = $dbconn->execute($query_imported_report); $job_name = $result_imported_report->fields["name"]; } } if ($tz == 0) { $localtime = gen_strtotime($scantime, ""); } else { $localtime = gmdate("Y-m-d H:i:s", Util::get_utc_unixtime($dbconn, $scantime) + 3600 * $tz); } $htmlsummary .= "<table border=\"5\" width=\"900\"><tr><th class=\"noborder\" valign=\"top\" style=\"text-align:left;font-size:12px;\" nowrap>\n \n <b>" . _("Scan time") . ":</b></th><td class=\"noborder\" style=\"text-align:left;padding-left:10px;\">" . $localtime . " </td>"; //Generated date $gendate = date("Y-m-d H:i:s"); $htmlsummary .= "<th class=\"noborder\" valign=\"top\" style=\"text-align:left;font-size:12px;\" nowrap>\n <b>" . _("Generated") . ":</b></th><td class=\"noborder\" style=\"text-align:left;padding-left:10px;\">{$gendate}</td></tr>"; if ($ipl != "all") { if ($treport == "latest" || $ipl != "") { $htmlsummary .= "<tr><th class=\"noborder\" valign=\"top\" style=\"text-align:left;font-size:12px;\" nowrap>\n <b>" . (count($lprofiles) > 1 ? _("Profiles") : _("Profile")) . ":</b></th><td class=\"noborder\" style=\"text-align:left;padding-left:10px;\">"; $htmlsummary .= "{$profiles} </td>\n <th class=\"noborder\" valign=\"top\" style=\"text-align:left;font-size:12px;\" nowrap>\n <b>" . ($treport == "latest" || $ipl != "" ? _("Host - IP") : _("Job Name")) . ":</b></th><td class=\"noborder\" valign=\"top\" style=\"text-align:left;padding-left:10px;\">" . ($treport == "latest" || $ipl != "" ? "{$phost_name}" : "{$job_name}") . "</td></tr>"; } else { $htmlsummary .= "<tr><th class=\"noborder\" valign=\"top\" style=\"text-align:left;font-size:12px;\" nowrap>\n <b>" . _("Profile") . ":</b></th><td class=\"noborder\" style=\"text-align:left;padding-left:10px;\">"; $htmlsummary .= "{$profile_name} - {$profile_desc} </td>\n <th class=\"noborder\" valign=\"top\" style=\"text-align:left;font-size:12px;\" nowrap>\n <b>" . _("Job Name") . ":</b></th><td class=\"noborder\" style=\"text-align:left;padding-left:10px;\">{$job_name}</td></tr>"; } } $htmlsummary .= "</table>"; /* if($pluginid!="") { if($fp!=""){ $dbconn->execute("UPDATE vuln_nessus_settings_plugins SET enabled='N' WHERE sid in ($id_profile) and id='$pluginid'"); } else { $dbconn->execute("UPDATE vuln_nessus_settings_plugins SET enabled='Y' WHERE sid in ($id_profile) and id='$pluginid'"); } } */ return "<center>" . $htmlsummary . "</center>"; }
if ($matches[2] != $matches[3]) { $where = $matches[1] . " AND timestamp BETWEEN('" . $matches[2] . "') AND ('" . $matches[3] . "') " . $matches[4]; } else { $where = $matches[1] . " AND timestamp >= '" . $matches[2] . "' " . $matches[4]; } } $qs->SetActionSQL($from . $where); $et->Mark("Initialization"); $qs->RunAction($submit, PAGE_STAT_UADDR, $db); $et->Mark("Alert Action"); /* Setup the Query Results Table */ $qro = new QueryResultsOutput("base_stat_otx.php?caller=" . $caller); $qro->AddTitle(_('OTX Pulse')); $events_title = _("Events"). " # <span class='idminfo' txt='".Util::timezone(Util::get_timezone())."'>(*)</span>"; $qro->AddTitle("<span id='total_title'>$events_title</span>", "occur_a", " ", " ORDER BY num_events ASC, num_iocs ASC", "occur_d", " ", " ORDER BY num_events DESC, num_iocs DESC"); $qro->AddTitle(_("Indicators #") , "ioc_a", " ", " ORDER BY num_iocs ASC", "ioc_d", " ", " ORDER BY num_iocs DESC"); $qro->AddTitle(' '); $sort_sql = $qro->GetSortSQL($qs->GetCurrentSort() , $qs->GetCurrentCannedQuerySort()); $sql = "SELECT SQL_CALC_FOUND_ROWS hex(otx_data.pulse_id) as pulse, COUNT(distinct otx_data.event_id) as num_events, COUNT(distinct otx_data.ioc_hash) as num_iocs ". $sort_sql[0] . $from . $where . " GROUP BY pulse_id " . $sort_sql[1]; // use accumulate tables only with timestamp criteria if (file_exists('/tmp/debug_siem')) { error_log("STATS OTX:$sql\n", 3, "/tmp/siem"); } /* Run the Query again for the actual data (with the LIMIT) */
$et->Mark("Initialization"); $qs->RunAction($submit, PAGE_STAT_UADDR, $db); $et->Mark("Alert Action"); /* Run the query to determine the number of rows (No LIMIT)*/ //$cnt_sql = "SELECT count(DISTINCT $addr_type_name) " . $from . $where; $et->Mark("Counting Result size"); /* Setup the Query Results Table */ $qro = new QueryResultsOutput("base_stat_uaddr.php?caller=" . $caller . "&addr_type=" . $addr_type); $qro->AddTitle(" "); $qro->AddTitle($results_title, "addr_a", " ", " ORDER BY {$addr_type_name} ASC", "addr_d", " ", " ORDER BY {$addr_type_name} DESC"); $qro->AddTitle(gettext("OTX")); if ($resolve_IP == 1) { $qro->AddTitle("FQDN"); } $qro->AddTitle(Session::show_entities() ? gettext("Context") : gettext("Sensor")); $qro->AddTitle(gettext("Events") . " # <span class='idminfo' txt='" . Util::timezone(Util::get_timezone()) . "'>(*)</span>", "occur_a", " ", " ORDER BY num_events ASC", "occur_d", " ", " ORDER BY num_events DESC"); $qro->AddTitle(gettext("Unique Events"), "sig_a", " ", " ORDER BY num_sig ASC", "sig_d", " ", " ORDER BY num_sig DESC"); if ($addr_type == DEST_IP) { $displaytitle = gettext("Displaying unique destination addresses %d-%d of <b>%s</b> matching your selection."); $qro->AddTitle(gettext("Unique Src. Contacted."), "saddr_a", " ", " ORDER BY num_sip ASC", "saddr_d", " ", " ORDER BY num_sip DESC"); } else { $displaytitle = gettext("Displaying unique source addresses %d-%d of <b>%s</b> matching your selection."); $qro->AddTitle(gettext("Unique Dst. Contacted"), "daddr_a", " ", " ORDER BY num_dip ASC", "daddr_d", " ", " ORDER BY num_dip DESC"); } if (file_exists("../kml/GoogleEarth.php")) { $qro->AddTitle(gettext("Geo Tools") . " <a href='' onclick='window.open(\"../kml/TourConfig.php?type={$addr_type_name}&ip={$currentIP}\",\"IP {$currentIP} " . ($addr_type == 2 ? _("sources") : _("destinations")) . " - Goggle Earth API\",\"width=1024,height=700,scrollbars=NO,toolbar=1\");return false'><img title='" . _("Geolocation Tour") . "' align='absmiddle' src='../pixmaps/google_earth_icon.png' border='0'></a> <a href='' onclick='window.open(\"../kml/IPGoogleMap.php?type={$addr_type_name}&ip={$currentIP}\",\"IP {$currentIP} " . ($addr_type == 2 ? _("sources") : _("destinations")) . " - Goggle Maps API\",\"width=1024,height=700,scrollbars=NO,toolbar=1\");return false'><img title='" . _("Geolocation Map") . "' align='absmiddle' src='../pixmaps/google_maps_icon.png' border='0'></a>", "geotools"); } if (!Session::am_i_admin()) { $displaytitle = preg_replace("/\\. <b>.*/", ".", $displaytitle); } $sort_sql = $qro->GetSortSQL($qs->GetCurrentSort(), $qs->GetCurrentCannedQuerySort());
echo $from_str; ?> ...');</script><?php $perc[$current_server] = 100; } } // Order only if remote fetch if ($from_remote) { arsort($result); } ?> <script type="text/javascript">$("#loading").hide();</script><?php fclose($fp); $time2 = microtime(true); $totaltime = round($time2 - $time1, 2); $tz = GET("tzone") != "" ? $tzone : Util::get_timezone(); $txtzone = Util::timezone($tz); ?> <div id="processcontent" style="display:none"> <?php if (has_results($num_lines)) { ?> <table width="100%" class="noborder" style="background-color:transparent;"> <tr> <td width="20%" class="nobborder" nowrap><img src="../pixmaps/arrow_green.gif" align="absmiddle"><?php print _("Time Range") . ": <b>{$start_query} <-> {$end_query}</b> {$txtzone}"; ?> </td> <td class="center nobborder"> <?php if ($from_remote) {
?> </div> <div id='r_desc'><?php echo $release_info['description']; ?> </div> </div> </div> <?php } ?> <div id='c_latest_update'> <?php if (!empty($res_si['last_update']) && $res_si['last_update'] != 'unknown') { $last_update = gmdate('Y-m-d H:i:s', strtotime($res_si['last_update'] . ' GMT') + 3600 * Util::get_timezone()); echo "<span class='bold'>" . _('Latest System Update') . ": <span style='color:#4F8A10'>" . $last_update . "</span></span>"; } else { echo "<span class='bold'>" . _('Latest System Update') . ": <span style='color:#00529B'> -- </span></span>"; } ?> </div> <div id='c_info_pkg'> <table class='t_info_pkg table_data' cellspacing='0' cellpadding='0'> <?php if (is_array($packages_info) && !empty($packages_info)) { ?> <thead> <tr>
function build_legend($days) { if ($days < 1) { return array(); } $tz = Util::get_timezone(); $legend = array(); for ($i = $days - 1; $i >= 0; $i--) { $legend[] = gmdate('Y-m-d', time() + 3600 * $tz - 86400 * $i); } return $legend; }
<?php if (!empty($allowed_users) && is_array($allowed_users)) { foreach ($allowed_users as $user) { if ($user->get_id() == $my_session) { $me = "style='font-weight: bold;'"; $action = "<img class='info_logout dis_logout' src='../pixmaps/menu/logout.gif' alt='" . $user->get_login() . "' title='" . $user->get_login() . "'/>"; } else { $action = "<a onclick=\"logout('" . $user->get_id() . "');\">\n\t\t\t\t\t\t\t <img class='info_logout' src='../pixmaps/menu/logout.gif' alt='" . _('Logout') . " " . $user->get_login() . "' title='" . _('Logout') . " " . $user->get_login() . "'/>\n\t\t\t\t\t\t\t </a>"; $me = NULL; } $_country_aux = $geoloc->get_country_by_host($conn, $user->get_ip()); $s_country = strtolower($_country_aux[0]); $s_country_name = $_country_aux[1]; $geo_code = get_country($s_country); $flag = !empty($geo_code) ? "<img src='" . $geo_code . "' border='0' align='top'/>" : ''; $logon_date = gmdate('Y-m-d H:i:s', Util::get_utc_unixtime($user->get_logon_date()) + 3600 * Util::get_timezone()); $activity_date = Util::get_utc_unixtime($user->get_activity()); $background = Session_activity::is_expired($activity_date) ? 'background:#FFD8D6;' : ''; $expired = Session_activity::is_expired($activity_date) ? "<span style='color:red'>(" . _('Expired') . ")</span>" : ""; $agent = explode('###', $user->get_agent()); if ($agent[1] == 'av report scheduler') { $agent = array('AV Report Scheduler', 'wget'); } $host = @array_shift(Asset_host::get_name_by_ip($conn, $user->get_ip())); $host = $host == '' ? $user->get_ip() : $host; echo " <tr id='" . $user->get_id() . "'>\n\t\t\t\t\t\t\t\t\t<td class='ops_user' {$me}><img class='user_icon' src='" . get_user_icon($user->get_login(), $pro) . "' alt='" . _('User icon') . "' title='" . _('User icon') . "' align='absmiddle'/> " . $user->get_login() . "</td>\n\t\t\t\t\t\t\t\t\t<td class='ops_ip'>" . $user->get_ip() . "</td>\n\t\t\t\t\t\t\t\t\t<td class='ops_host'>" . $host . $flag . "</td>\n\t\t\t\t\t\t\t\t\t<td class='ops_agent'><a title='" . htmlentities($agent[1]) . "' class='info_agent'>" . htmlentities($agent[0]) . "</a></td>\n\t\t\t\t\t\t\t\t\t<td class='ops_id'>" . $user->get_id() . " {$expired}</td>\n\t\t\t\t\t\t\t\t\t<td class='ops_logon'>" . $logon_date . "</td>\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t<td class='ops_activity'>" . _(TimeAgo($activity_date, gmdate('U'))) . "</td>\n\t\t\t\t\t\t\t\t\t<td class='ops_actions'>{$action}</td>\t\n\t\t\t\t\t\t\t\t</tr>"; } } ?> </tbody> </table>
function GetUTC() { /* convert to UTC time for sql */ require_once "classes/Util.inc"; $tz = Util::get_timezone(); $utc_criteria = $this->criteria; for ($i = 0; $i < $this->criteria_cnt; $i++) { if ($this->criteria[$i][4] != " " && $this->criteria[$i][4] != "") { $y = $this->criteria[$i][4]; $m = $this->criteria[$i][2] != " " && $this->criteria[$i][2] != "" ? $this->criteria[$i][2] : "01"; $d = $this->criteria[$i][3] != " " && $this->criteria[$i][3] != "" ? $this->criteria[$i][3] : "01"; $h = $this->criteria[$i][5] != " " && $this->criteria[$i][5] != "" ? $this->criteria[$i][5] : "00"; $u = $this->criteria[$i][6] != " " && $this->criteria[$i][6] != "" ? $this->criteria[$i][6] : "00"; $s = $this->criteria[$i][7] != " " && $this->criteria[$i][7] != "" ? $this->criteria[$i][7] : "00"; ///$time = gmmktime($h,$u,$s,$m,$d,$y)+(3600*$tz); //echo "$y-$m-$d $h:$u:$s ="; list($y, $m, $d, $h, $u, $s, $time) = Util::get_utc_from_date($this->db, "{$y}-{$m}-{$d} {$h}:{$u}:{$s}", $tz); //echo "$y-$m-$d $h:$u:$s == $time\n<br>"; $utc_criteria[$i][4] = $y; $utc_criteria[$i][2] = $m; $utc_criteria[$i][3] = $d; $utc_criteria[$i][5] = $h; $utc_criteria[$i][6] = $u; $utc_criteria[$i][7] = $s; } } return $utc_criteria; }
function list_reports($type, $value, $sortby, $sortdir, $widget_mode) { global $allres, $roffset, $pageSize, $dbconn; global $user, $arruser; $dbconn->SetFetchMode(ADODB_FETCH_BOTH); $filteredView = FALSE; $selRadio = array("", "", "", ""); $query_onlyuser = ""; $url_filter = ""; if (!empty($arruser)) { $query_onlyuser = "******"; } if (!empty($sortby)) { $or_sortby = $sortby; } else { $or_sortby = ""; } if (!empty($sortdir)) { $or_sortdir = $sortdir; } else { $or_sortdir = ""; } if ($sortby == "jobname") { $sortby = "t2.name"; } else { if ($sortby == "profile") { $sortby = "t3.name"; } } if ($sortby == "") { $sortby = "scantime"; } if ($sortdir == "" && !preg_match("/(ASC|DESC)\$/i", $sortby)) { $sortdir = "DESC"; } $queryw = ""; $queryl = ""; $leftjoin = ""; if ($type == "net") { $leftjoin = "LEFT JOIN vuln_nessus_results t5 ON t5.report_id=t1.report_id"; } $querys = "SELECT distinct t1.sid as sid, t1.report_id, t4.name as jobname, t4.scan_submit, t4.meth_target, t1.scantime,\n t1.username, t1.scantype, t1.report_key, t1.report_type as report_type, t3.name as profile, t4.id as jobid, t4.meth_SCHED, t1.name as report_name\n FROM vuln_nessus_reports t1\n LEFT JOIN vuln_jobs t2 ON t1.report_id=t2.report_id\n LEFT JOIN vuln_nessus_settings t3 ON t1.sid=t3.id\n LEFT JOIN vuln_jobs t4 on t1.report_id = t4.report_id {$leftjoin}\n WHERE t1.deleted = '0' AND t1.scantime IS NOT NULL "; //Set up the SQL query based on the search form input (if any) switch ($type) { case "scantime": $selRadio[0] = "CHECKED"; $utc_data = Util::get_utc_from_date($dbconn, $value, Util::get_timezone()); $q = $utc_data[6]; $q = str_replace("-", "", $q); $q = str_replace(":", "", $q); $q = str_replace(" ", "", $q); $queryw = " AND t1.scantime LIKE '%{$q}%' {$query_onlyuser} order by {$sortby} {$sortdir}"; $queryl = " limit {$roffset},{$pageSize}"; $stext = "<b>" . _("Search for Date/Time") . "</b> = '*{$value}*'"; $url_filter = "&type={$type}&value={$value}"; break; case "jobname": $selRadio[1] = "CHECKED"; $q = strtolower($value); $queryw = " AND t1.name LIKE '%{$q}%' {$query_onlyuser} order by {$sortby} {$sortdir}"; $queryl = " limit {$roffset},{$pageSize}"; $stext = "<b>" . _("Search for Job Name") . "</b> = '*" . html_entity_decode($q) . "*'"; $url_filter = "&type={$type}&value={$value}"; break; case "fk_name": $selRadio[2] = "CHECKED"; $q = strtolower($value); $queryw = " AND t1.fk_name LIKE '%{$q}%' {$query_onlyuser} order by {$sortby} {$sortdir}"; $queryl = " limit {$roffset},{$pageSize}"; $stext = _("Search for Subnet/CIDR") . " = '*{$q}*'"; $url_filter = "&type={$type}&value={$value}"; break; case "username": $selRadio[3] = "CHECKED"; $q = strtolower($value); $queryw = " AND t1.username LIKE '%{$q}%' {$query_onlyuser} order by {$sortby} {$sortdir}"; $queryl = " limit {$roffset},{$pageSize}"; $stext = "<b>" . _("Search for user") . "</b> = '*{$q}*'"; $url_filter = "&type={$type}&value={$value}"; break; case "net": $selRadio[4] = "CHECKED"; if (!preg_match("/\\//", $value)) { $q = $value; } else { $tokens = explode("/", $value); $bytes = explode(".", $tokens[0]); if ($tokens[1] == "24") { $q = $bytes[0] . "." . $bytes[1] . "." . $bytes[2] . "."; } else { if ($tokens[1] == "16") { $q = $bytes[0] . "." . $bytes[1] . "."; } else { if ($tokens[1] == "8") { $q = $bytes[0] . "."; } else { if ((int) $tokens[1] > 24) { $q = $bytes[0] . "." . $bytes[1] . "." . $bytes[2] . "." . $bytes[3]; } } } } } $queryw = " AND (t4.meth_TARGET LIKE '%{$q}%' OR t5.hostIP LIKE '%{$q}%') {$query_onlyuser} order by {$sortby} {$sortdir}"; $queryl = " limit {$roffset},{$pageSize}"; if (!preg_match("/\\//", $value)) { $stext = "<b>" . _("Search for Host") . "</b> = '*" . html_entity_decode($q) . "*'"; } else { $stext = "<b>" . _("Search for Subnet/CIDR") . "</b> = '*{$q}*'"; } $url_filter = "&type={$type}&value={$value}"; break; default: $selRadio[1] = "CHECKED"; $viewAll = FALSE; $queryw = "{$query_onlyuser} order by {$sortby} {$sortdir}"; $queryl = " limit {$roffset},{$pageSize}"; $stext = ""; break; } $reportCount = 0; if (!$filteredView) { $queryc = "SELECT count(t1.report_id)\n FROM vuln_nessus_reports t1 LEFT JOIN vuln_jobs t2 on t1.report_id = t2.report_id\n LEFT JOIN vuln_nessus_settings t3 ON t1.sid=t3.id\n WHERE t1.deleted = '0'"; $reportCount = $dbconn->GetOne($queryc . $queryw); $previous = $roffset - $pageSize; if ($previous < 0) { $previous = 0; } $last = intval($reportCount / $pageSize) * $pageSize; if ($last < 0) { $last = 0; } $next = $roffset + $pageSize; $pageEnd = $roffset + $pageSize; $value = html_entity_decode($value); $w_val = intval($widget_mode); //echo "<center><table cellspacing=\"0\" cellpadding=\"0\" border=\"0\" width=\"100%\"><tr><td class=\"headerpr\" style=\"border:0;\">"._("Reports")."</td></tr></table></center>"; // output the search form echo "<table cellspacing='0' cellpadding='0' class='w100 transparent'>"; echo "<tr><td class='sec_title'>" . _("Scan Reports Details") . "</td></tr>"; echo "<tr><td style='padding-top:12px;' class='transparent'>"; echo ' <center> <form name="hostSearch" action="index.php" method="GET"> <input type="hidden" name="widget_mode" value="' . $w_val . '"> <input type="text" length="25" name="rvalue" id="rvalue" value="' . Util::htmlentities($value) . '">'; echo "\n<input type=\"radio\" name=\"type\" value=\"scantime\" {$selRadio['0']}>" . _("Date") . "/" . _("Time") . "\n<input type=\"radio\" name=\"type\" value=\"jobname\" {$selRadio['1']}>" . _("Job Name") . "\n<input type=\"radio\" name=\"type\" value=\"net\" {$selRadio['4']}>" . _("Host") . "/" . _("Net") . "\n"; echo <<<EOT <input type="hidden" name="sortby" value="{$sortby}"> <input type="hidden" name="allres" value="{$allres}"> <input type="hidden" name="op" value="search"> EOT; echo "<input type=\"submit\" name=\"submit\" value=\"" . _("Find") . "\" id=\"reports_find_button\" class=\"av_b_secondary small\">"; echo <<<EOT </form> </center> </p> EOT; } else { // get the search result count $queryc = "SELECT count( report_id ) FROM vuln_nessus_reports WHERE t1.deleted = '0' "; $scount = $dbconn->GetOne($queryc . $queryw); echo "<p>{$scount} report"; if ($scount != 1) { echo "s"; } else { } echo " " . _("found matching search criteria") . " | "; echo " <a href='index.php' alt='" . _("View All Reports") . "'>" . _("View All Reports") . "</a></p>"; } echo "<p>"; echo $stext; echo "</p>"; echo "</td></tr></table>"; // get the hosts to display //print_r($querys.$queryw.$queryl); $result = $dbconn->GetArray($querys . $queryw . $queryl); if ($result === false) { $errMsg[] = _("Error getting results") . ": " . $dbconn->ErrorMsg(); $error++; dispSQLError($errMsg, $error); } else { $tdata = array(); foreach ($result as $data) { $data['vSerious'] = 0; $data['vHigh'] = 0; $data['vMed'] = 0; $data['vLow'] = 0; $data['vInfo'] = 0; $vulns_in_report = false; // query for reports for each IP $perms_where = Asset_host::get_perms_where('host.', TRUE); if (!empty($perms_where)) { $query_risk = "SELECT count(lr.risk) as count, lr.risk, lr.hostIP, lr.ctx\n FROM vuln_nessus_results lr, host, host_ip hi\n WHERE host.id=hi.host_id AND inet6_ntoa(hi.ip)=lr.hostIP {$perms_where} AND report_id in (?) AND falsepositive='N'\n GROUP BY lr.risk, lr.hostIP, lr.ctx"; } else { $query_risk = "SELECT count(lr.risk) as count, lr.risk, lr.hostIP, lr.ctx\n FROM vuln_nessus_results lr\n WHERE report_id in (?) AND falsepositive='N'\n GROUP BY lr.risk, lr.hostIP, lr.ctx"; } $result_risk = $dbconn->Execute($query_risk, array($data['report_id'])); while (!$result_risk->EOF) { $vulns_in_report = TRUE; if ($result_risk->fields["risk"] == 7) { $data['vInfo'] += $result_risk->fields['count']; } else { if ($result_risk->fields["risk"] == 6) { $data['vLow'] += $result_risk->fields['count']; } else { if ($result_risk->fields["risk"] == 3) { $data['vMed'] += $result_risk->fields['count']; } else { if ($result_risk->fields["risk"] == 2) { $data['vHigh'] += $result_risk->fields['count']; } else { if ($result_risk->fields["risk"] == 1) { $data['vSerious'] += $result_risk->fields['count']; } } } } } $result_risk->MoveNext(); } $data['clink'] = "respdfc.php?scantime=" . $data['scantime'] . "&scantype=" . $data['scantype'] . "&key=" . $data['report_key'] . $more; $data['plink'] = "respdf.php?scantime=" . $data['scantime'] . "&scantype=" . $data['scantype'] . "&key=" . $data['report_key'] . $more; $data['hlink'] = "reshtml.php?disp=html&output=full&scantime=" . $data['scantime'] . "&scantype=" . $data['scantype'] . $more; $data['rerun'] = "sched.php?action=rerun_scan&job_id=" . $data['jobid'] . $more; $data['xlink'] = "rescsv.php?scantime=" . $data['scantime'] . "&scantype=" . $data['scantype'] . "&key=" . $data['report_key'] . $more; $data['xbase'] = "restextsummary.php?scantime=" . $data['scantime'] . "&scantype=" . $data['scantype'] . $more . "&key=" . $data['report_key']; $list = array(); if ($data["report_type"] == "I") { $perms_where = Asset_host::get_perms_where('host.', TRUE); $dbconn->execute("CREATE TEMPORARY TABLE tmph (id binary(16) NOT NULL,ip varchar(64) NOT NULL,ctx binary(16) NOT NULL, PRIMARY KEY ( id, ip ));"); $dbconn->execute("REPLACE INTO tmph SELECT id, inet6_ntoa(ip), ctx FROM host, host_ip WHERE host.id=host_ip.host_id {$perms_where};"); $result_import = $dbconn->execute("SELECT DISTINCT hostIP, HEX(vuln_nessus_results.ctx) as ctx, hex(id) as host_id FROM vuln_nessus_results LEFT JOIN tmph ON tmph.ctx=vuln_nessus_results.ctx AND hostIP=tmph.ip WHERE report_id = " . $data['report_id']); while (!$result_import->EOF) { if (valid_hex32($result_import->fields["host_id"])) { $list[] = $result_import->fields["host_id"] . "#" . $result_import->fields["hostIP"]; } else { $list[] = $result_import->fields["hostIP"]; } $result_import->MoveNext(); } $dbconn->execute("DROP TABLE tmph;"); } else { $list = explode("\n", trim($data['meth_target'])); } //var_dump($list); if (count($list) == 1) { $list[0] = trim($list[0]); $asset = resolve_asset($dbconn, $list[0], true); $data['target'] = "<span class='tip' title='" . clean_id($list[0]) . "'>" . $asset . "</span>"; } elseif (count($list) == 2) { $list[0] = trim($list[0]); $asset = resolve_asset($dbconn, $list[0], true); $list[0] = "<span class='tip' title='" . clean_id($list[0]) . "'>" . $asset . "</span>"; $list[1] = trim($list[1]); $asset = resolve_asset($dbconn, $list[1], true); $list[1] = "<span class='tip' title='" . clean_id($list[1]) . "'>" . $asset . "</span>"; $data['target'] = $list[0] . ', ' . $list[1]; } else { $list[0] = trim($list[0]); $asset = resolve_asset($dbconn, $list[0], true); $list[0] = "<span class='tip' title='" . clean_id($list[0]) . "'>" . $asset . "</span>"; $list[count($list) - 1] = trim($list[count($list) - 1]); $asset = resolve_asset($dbconn, $list[count($list) - 1], true); $list[count($list) - 1] = "<span class='tip' title='" . clean_id($list[count($list) - 1]) . "'>" . $asset . "</span>"; $data['target'] = $list[0] . " ... " . $list[count($list) - 1]; } if ($data["report_type"] == "I") { $data["jobname"] = $data["report_name"]; } if ($data['vSerious'] == 0 && $data['vHigh'] == 0 && $data['vMed'] == 0 && $data['vLow'] == 0 && $data['vInfo'] == 0 && $vulns_in_report) { $data['vSerious'] = "-"; $data['vHigh'] = "-"; $data['vMed'] = "-"; $data['vLow'] = "-"; $data['vInfo'] = "-"; } $data['target'] = preg_replace("/[0-9a-f]{32}#/i", "", $data['target']); $tdata[] = $data; } if ($sortdir == "ASC") { $sortdir = "DESC"; } else { $sortdir = "ASC"; } $url = $_SERVER['SCRIPT_NAME'] . "?offset=0&sortby=%var%&sortdir={$sortdir}" . $url_filter; $fieldMapLinks = array(); $fieldMapLinks = array(gettext("HTML Results") => array('url' => '%param%', 'param' => 'hlink', 'target' => 'main', 'icon' => 'images/html.png'), gettext("PDF Results") => array('url' => '%param%', 'param' => 'plink', 'target' => '_blank', 'icon' => 'images/pdf.png'), gettext("EXCEL Results") => array('url' => '%param%', 'param' => 'xlink', 'target' => '_blank', 'icon' => 'images/page_white_excel.png')); $fieldMap = array("Date/Time" => array('var' => 'scantime', 'link' => $url), "Job Name" => array('var' => 'jobname', 'link' => $url), "Targets" => array('var' => 'target', 'link' => $url), "Profile" => array('var' => 'profile', 'link' => $url), "Serious" => array('var' => 'vSerious', 'link' => $url), "High" => array('var' => 'vHigh', 'link' => $url), "Medium" => array('var' => 'vMed', 'link' => $url), "Low" => array('var' => 'vLow', 'link' => $url), "Info" => array('var' => 'vInfo', 'link' => $url), "Links" => $fieldMapLinks); if (count($tdata) > 0) { drawTable($fieldMap, $tdata, "Hosts", get_hosts($dbconn)); } else { ?> <table class="table_list"> <tr><td class="nobborder" style="text-align:center;padding: 8px 0px 0px 0px;"><strong><?php echo _("No reports found"); ?> </strong><br/><br/></td></tr> </table> <?php } } // draw the pager again, if viewing all hosts if ($last != 0) { ?> <div class="fright tmargin"> <?php if ($next > $pageSize) { ?> <a href="index.php?sreport=1&<?php echo "sortdir={$or_sortdir}&roffset={$previous}&sortby={$or_sortby}{$url_filter}"; ?> " class="pager">< <?php echo _("PREVIOUS"); ?> </a> <?php } else { ?> <a class='link_paginate_disabled' href="" onclick='return false'>< <?php echo _("PREVIOUS"); ?> </a> <?php } if ($next <= $last) { ?> <a class='lmargin' href="index.php?sreport=1&<?php echo "sortdir={$or_sortdir}&roffset={$next}&sortby={$or_sortby}{$url_filter}"; ?> "> <?php echo _("NEXT"); ?> ></a> <?php } else { ?> <a class='link_paginate_disabled lmargin' href="" onclick='return false'><?php echo _("NEXT"); ?> ></a> <?php } ?> </div> <?php } else { echo "<p> </p>"; } }
<?php if (!empty($allowed_users)) { foreach ($allowed_users as $user) { if ($user->get_id() == $my_session) { $me = "style='font-weight: bold;'"; $action = "<img class='dis_logout' src='../pixmaps/menu/logout.gif' alt='" . $user->get_login() . "' title='" . $user->get_login() . "'/>"; } else { $action = "<a onclick=\"logout('" . $user->get_id() . "');\"><img src='../pixmaps/menu/logout.gif' alt='" . _("Logout") . " " . $user->get_login() . "' title='" . _("Forced logout") . " " . $user->get_login() . "'/></a>"; $me = null; } $gi = geoip_open("/usr/share/geoip/GeoIP.dat", GEOIP_STANDARD); $s_country = strtolower(geoip_country_code_by_addr($gi, $user->get_ip())); $s_country_name = geoip_country_name_by_addr($gi, $user->get_ip()); $geo_code = get_country($s_country, $s_country_name); $flag = !empty($geo_code) ? "<img src='" . $geo_code . "' border='0' align='top'/>" : ""; $logon_date = gmdate("Y-m-d H:i:s", Util::get_utc_unixtime($dbconn, $user->get_logon_date()) + 3600 * Util::get_timezone()); $activity_date = Util::get_utc_unixtime($dbconn, $user->get_activity()); $style = Session_activity::is_expired($activity_date) ? "background:#EFE1E0;" : "background:#EFFFF7;"; $expired = Session_activity::is_expired($activity_date) ? "<span style='color:red'>(" . _("Expired") . ")</span>" : ""; $agent = explode("###", $user->get_agent()); if ($agent[1] == "av report scheduler") { $agent = array("AV Report Scheduler", "wget"); } echo " <tr style='{$style}' id='" . $user->get_id() . "'>\n\t\t\t\t\t\t\t\t\t<td class='ops_user' {$me}><img class='user_icon' src='" . get_user_icon($user->get_login(), $pro) . "' alt='" . _("User icon") . "' title='" . _("User icon") . "' align='absmiddle'/> " . $user->get_login() . "</td>\n\t\t\t\t\t\t\t\t\t<td class='ops_ip'>" . $user->get_ip() . "</td>\n\t\t\t\t\t\t\t\t\t<td class='ops_host'>" . Host::ip2hostname($dbconn, $user->get_ip()) . $flag . "</td>\n\t\t\t\t\t\t\t\t\t<td class='ops_agent'><a txt='" . htmlentities($agent[1]) . "' class='info_agent'>" . htmlentities($agent[0]) . "</a></td>\n\t\t\t\t\t\t\t\t\t<td class='ops_id'>" . $user->get_id() . " {$expired}</td>\n\t\t\t\t\t\t\t\t\t<td class='ops_logon'>" . $logon_date . "</td>\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t<td class='ops_activity'>" . _(TimeAgo($activity_date, gmdate("U"))) . "</td>\n\t\t\t\t\t\t\t\t\t<td class='ops_actions'>{$action}</td>\t\n\t\t\t\t\t\t\t\t</tr>"; } } else { echo "<tr><td colspan='8' id='no_sessions' class='nobborder'><div class='ossim_info'>" . _("No active sessions") . "</td></tr>"; } ?> </tbody> </table>
function range_graphic($trdata) { require_once "classes/Util.inc"; $tz = Util::get_timezone(); $timerange = $trdata[2]; switch ($timerange) { case "today": $desde = strtotime(gmdate("Y-m-d 00:00:00") . " GMT"); $suf = "h"; $jump = 3600; $noprint = 2; $interval = "G"; $key = "G"; $hasta = gmdate("U") + 3600 * $tz; // time to generate dates with timezone correction break; case "day": $desde = gmdate("U") + 3600 * $tz - 24 * 3600; $suf = ""; $jump = 3600; $noprint = 3; $interval = "G\\h jM"; $key = "G j"; $hasta = gmdate("U") + 3600 * $tz; break; case "day2": $desde = gmdate("U") + 3600 * $tz - 48 * 3600; $suf = ""; $jump = 3600; $noprint = 6; $interval = "G\\h jM"; $key = "G j"; $hasta = gmdate("U") + 3600 * $tz; break; case "week": $desde = gmdate("U") + 3600 * $tz - 7 * 24 * 3600; $suf = ""; $jump = 86400; $noprint = 1; $interval = "j M"; $key = "j F"; $hasta = gmdate("U") + 3600 * $tz; break; case "weeks": $desde = gmdate("U") + 3600 * $tz - 2 * 7 * 24 * 3600; $suf = ""; $jump = 86400; $noprint = 3; $interval = "j M"; $key = "j F"; $hasta = gmdate("U") + 3600 * $tz; break; case "month": $desde = gmdate("U") + 3600 * $tz - 31 * 24 * 3600; $suf = ""; $jump = 86400; $noprint = 3; $interval = "j M"; $key = "j F"; $hasta = gmdate("U") + 3600 * $tz; break; case "range": $desde = $trdata[0]; $hasta = $trdata[1]; // time_range calc $diff = $hasta - $desde; if ($diff > 2678400) { // more than 1 month $suf = ""; $jump = 0; $noprint = 2; $interval = "M-Y"; $key = "F Y"; } elseif ($diff > 1296000) { // more than 7 days $suf = ""; $jump = 86400; $noprint = 3; $interval = "j M"; $key = "j F"; } elseif ($diff > 604800) { // more than 7 days $suf = ""; $jump = 86400; $noprint = 2; $interval = "j M"; $key = "j F"; } elseif ($diff >= 86400) { // more than 1 day $suf = ""; $jump = 86400; $noprint = 1; $interval = "j M"; $key = "j F"; } elseif ($diff < 86400) { $suf = "h"; $jump = 3600; $noprint = 2; $interval = "G"; $key = "G"; } else { $suf = ""; $jump = 3600; $noprint = 3; $interval = "G\\h jM"; $key = "G j"; } break; default: $desde = gmdate("U") + 3600 * $tz - 365 * 24 * 3600; $suf = ""; $jump = 0; $noprint = 2; $interval = "M-Y"; $key = "F Y"; $hasta = gmdate("U") + 3600 * $tz + 28 * 24 * 3600; } // $x = $y = $ticks = $labels = array(); $d = $desde; $xx = 0; while ($d <= $hasta) { $now = trim(gmdate($key, $d) . " " . $suf); $x["{$now}"] = $ticks["{$now}"] = $xx++; $y["{$now}"] = 0; // default value 0 $labels["{$now}"] = $xx % $noprint == 0 ? gmdate($interval, $d) . $suf : ""; if ($jump == 0) { $d += date("t", $d) * 86400; } else { $d += $jump; } // next date } //var_dump($x); //var_dump($labels); return array($x, $y, $ticks, $labels); }
function reportsummary() { //GENERATE REPORT SUMMARY global $user, $border, $report_id, $scantime, $scantype, $fp, $nfp, $output, $filterip, $query_risk, $dbconn, $pluginid; global $treport, $sid, $ipl; $tz = Util::get_timezone(); $htmlsummary = ''; $user_filter = $user != '' ? "AND t1.username in ({$user})" : ""; $query = "SELECT t2.id, t1.username, t1.name as job_name, t2.name as profile_name, t2.description \n FROM vuln_jobs t1\n LEFT JOIN vuln_nessus_settings t2 on t1.meth_VSET=t2.id\n WHERE t1.report_id in ({$report_id}) {$user_filter}\n order by t1.SCAN_END DESC"; $result = $dbconn->execute($query); $id_profile = $result->fields['id']; $query_uid = $result->fields['username']; $job_name = $result->fields['jobname']; $profile_name = $result->fields['profile_name']; $profile_desc = $result->fields['description']; if ($job_name == '') { // imported report $query_imported_report = "SELECT name FROM vuln_nessus_reports WHERE scantime='{$scantime}'"; $result_imported_report = $dbconn->execute($query_imported_report); $job_name = $result_imported_report->fields["name"]; } if ($tz == 0) { $localtime = gen_strtotime($scantime, ""); } else { $localtime = gmdate("Y-m-d H:i:s", Util::get_utc_unixtime($scantime) + 3600 * $tz); } $htmlsummary .= "<table border=\"5\" width=\"900\" style=\"margin: 9px 0px 0px 0px;\"><tr><th class=\"noborder\" valign=\"top\" style=\"text-align:left;font-size:12px;\" nowrap>\n \n <b>" . _("Scan time") . ":</b></th><td class=\"noborder\" style=\"text-align:left;padding-left:9px;\">" . $localtime . " </td>"; //Generated date $gendate = gmdate("Y-m-d H:i:s", gmdate("U") + 3600 * $tz); $htmlsummary .= "<th class=\"noborder\" valign=\"top\" style=\"text-align:left;font-size:12px;\" nowrap>\n <b>" . _("Generated") . ":</b></th><td class=\"noborder\" style=\"text-align:left;padding-left:10px;\">{$gendate}</td></tr>"; $htmlsummary .= "<tr><th class=\"noborder\" valign=\"top\" style=\"text-align:left;font-size:12px;\" nowrap>\n <b>" . _("Profile") . ":</b></th><td class=\"noborder\" style=\"text-align:left;padding-left:10px;\">"; $htmlsummary .= "{$profile_name} - {$profile_desc} </td>\n <th class=\"noborder\" valign=\"top\" style=\"text-align:left;font-size:12px;\" nowrap>\n <b>" . _("Job Name") . ":</b></th><td class=\"noborder\" style=\"text-align:left;padding-left:10px;\">{$job_name}</td></tr>"; $htmlsummary .= "</table>"; return "<center>" . $htmlsummary . "</center>"; }
* * * On Debian GNU/Linux systems, the complete text of the GNU General * Public License can be found in `/usr/share/common-licenses/GPL-2'. * * Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt * */ require_once 'av_init.php'; require_once 'ossim_db.inc'; require_once 'general.php'; Session::logcheck("analysis-menu", "EventsForensics"); $it_security = ""; $address = ""; $tlfn = ""; $tz = Util::get_timezone(); $date = gmdate("Y-m-d H:i:s", gmdate("U") + 3600 * $tz); $maintitle = $report_data['report_name']; $db = new ossim_db(); $conn = $db->connect(); $t_params = array(); $t_params[] = $user; $t_query = "SELECT dataV1, dataV2 \r\n\t\t FROM datawarehouse.report_data \r\n\t\t WHERE id_report_data_type=35 and user=?"; $conn->SetFetchMode(ADODB_FETCH_ASSOC); $t_rs = $conn->Execute($t_query, $t_params); if (!$t_rs) { $filter = ''; } else { $filter = ' <table class="w100" cellspacing="0" cellpadding="0"> <tr>
$status = new System_status(); list($message_list, $total) = $status->get_status_messages($filters, $pagination); } catch (Exception $e) { $response['sEcho'] = $sec; $response['iTotalRecords'] = 0; $response['iTotalDisplayRecords'] = 0; $response['error'] = $e->getMessage(); $response['aaData'] = array(); echo json_encode($response); exit; } $data = array(); foreach ($message_list as $message) { $res = array(); $res['DT_RowId'] = $message['message_id'] . '_' . $message['component_id']; $res['viewed'] = $message['viewed']; $res['ctime'] = gmdate("Y-m-d H:i:s", strtotime($message['creation_time'])); $date = gmdate("Y-m-d H:i:s", strtotime(preg_replace('/GMT/', '', $message['creation_time'])) + 3600 * Util::get_timezone()); $res[] = $date; $res[] = $message['level']; $res[] = $message['component_type']; $res[] = $message['component_name']; $res[] = $message['component_ip']; $res[] = $message['description']; $data[] = $res; } $response['sEcho'] = $sec; $response['iTotalRecords'] = $total; $response['iTotalDisplayRecords'] = $total; $response['aaData'] = $data; echo json_encode($response);