function isConnectedToFacebook()
{
if (SESSION("state") and SESSION("state") === REQUEST("state")) {
return true;
}
return false;
}
function run($template)
{
$dbuser = new User();
if (isREQUEST("logout")) {
$dbuser->logout();
}
if (isREQUEST("user") && isREQUEST("password")) {
$usr = $dbuser->logout()->login(REQUEST("user"), REQUEST("password"));
}
if (!($usr = $dbuser->logedin())) {
$template->view("login");
return;
}
$template->add("usr", $usr);
// für die User Infos oben Rechts
//$t = new Termin();
//$template->add("byuser", $t->allbyuser($usr["id"]));
//$template->add("bymitglied", $t->allbymitglieder($usr["id"]));
$template->view("user");
}
exit;
}
/*
echo '<pre style="white-space: pre;">';
print_r($_SESSION['_scan']);
echo '</pre>';
*/
//All sensors
$filters = array('where' => "sensor.id = acl_sensors.sensor_id AND acl_sensors.entity_id = UNHEX('{$ctx}')");
$all_sensors = Av_sensor::get_basic_list($conn, $filters);
//Closing database connection
$db->close();
$asset_value = 2;
$threshold_c = 30;
$threshold_a = 30;
$num_ips = REQUEST('ips');
$msg = GET('msg');
ossim_valid($num_ips, OSS_DIGIT, 'illegal:' . _('Scanned IPs'));
if (ossim_error()) {
echo ossim_error(_('Error! Scan data not found or unallowed'));
exit;
}
$ips = array();
for ($i = 0; $i < $num_ips; $i++) {
if (ossim_valid(POST("ip_{$i}"), OSS_IP_ADDR, 'illegal:' . _('IP address'))) {
$ips[] = POST("ip_{$i}");
ossim_clean_error();
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
$db = new ossim_db();
$conn = $db->connect();
$conn->SetFetchMode(ADODB_FETCH_BOTH);
// check the number of plugins
$query = 'select count(*) as total_plugins from vuln_nessus_plugins';
$result = $conn->execute($query);
if ($result->fields['total_plugins'] == 0) {
die('<h2>Please run updateplugins.pl script first before using web interface.</h2>');
}
$tz = Util::get_timezone();
$force = FALSE;
$close = FALSE;
// get parameters
$parameters = array('action', 'job_name', 'targets', 'schedule_type', 'ROYEAR', 'ROMONTH', 'ROday', 'time_hour', 'time_min', 'dayofweek', 'dayofmonth', 'timeout', 'SVRid', 'sid', 'targets', 'job_id', 'sched_id', 'user', 'entity', 'hosts_alive', 'scan_locally', 'nthweekday', 'nthdayofweek', 'time_interval', 'biyear', 'bimonth', 'biday', 'not_resolve', 'send_email', 'ssh_credential', 'smb_credential', 'hosts_alive', '$scan_locally', 'not_resolve', 'type', 'total_assets');
foreach ($parameters as $variable) {
${$variable} = REQUEST($variable);
}
$hosts_alive = intval($hosts_alive);
$scan_locally = intval($scan_locally);
$not_resolve = intval($not_resolve);
$send_email = intval($send_email);
$total_assets = intval($total_assets);
$scheduled_status = $_REQUEST['status'] != '' ? intval($_REQUEST['status']) : 1;
// enable scheduled jobs by default
ossim_valid($action, 'create_scan', 'save_scan', OSS_NULLABLE, 'Illegal:' . _('Action'));
if (ossim_error()) {
die(_('Invalid Action Parameter'));
}
$selected = Filter_list::get_total_selection($conn, $type);
if ($selected > Filter_list::MAX_VULNS_ITEMS) {
$msg = _('Vulnerability scans can only be performed on %s assets at a time. Please select less assets and try again.');
ossim_valid($action_id, OSS_HEX, OSS_NULLABLE, 'illegal:' . _('Action ID'));
if (ossim_error()) {
die(ossim_error());
}
list($db, $conn) = Ossim_db::get_conn_db();
$action_list = Action::get_list($conn, " AND id = UNHEX('{$action_id}')");
if (is_array($action_list)) {
$action = $action_list[0];
}
if (!is_null($action)) {
$action_type = $action->get_action_type();
$ctx = $action->get_ctx();
$cond = Util::htmlentities($action->get_cond());
$on_risk = $action->is_on_risk();
$name = $action->get_name();
if (REQUEST('descr')) {
$description = $descr;
} else {
$description = $action->get_descr();
}
} else {
$action_type = "";
$cond = "True";
$on_risk = 0;
$description = "";
$name = "";
}
}
$update = intval(GET('update'));
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
if (is_array($validation_errors) && !empty($validation_errors)) {
$data['status'] = 'error';
$data['data'] = $validation_errors;
}
echo json_encode($data);
exit;
}
$db = new ossim_db();
$conn = $db->connect();
$plugin_id = REQUEST('plugin_id');
$name = REQUEST('ds_name');
$sid = REQUEST('sid');
$reliability = REQUEST('reliability');
$priority = REQUEST('priority');
$category = REQUEST('category');
$subcategory = REQUEST('subcategory');
$validation_errors = validate_form_fields('POST', $validate);
$data['status'] = 'OK';
$list_categories = Category::get_list($conn);
if ($priority < 0 || $priority > 5) {
$validation_errors['priority'] = _('Priority must be between 0 and 5');
}
if ($reliability < 0 || $reliability > 10) {
$validation_errors['reliability'] = _('Reliability must be between 0 and 10');
}
$data['data'] = $validation_errors;
if (POST('ajax_validation_all') == TRUE) {
if (is_array($validation_errors) && !empty($validation_errors)) {
$data['status'] = 'error';
echo json_encode($data);
} else {
*
* You should have received a copy of the GNU General Public License
* along with this package; if not, write to the Free Software
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
* MA 02110-1301 USA
*
*
* On Debian GNU/Linux systems, the complete text of the GNU General
* Public License can be found in `/usr/share/common-licenses/GPL-2'.
*
* Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt
*
*/
require_once 'av_init.php';
$scan_types = array('nmap' => 5, 'ocs' => 3, 'wmi' => 4);
$s_type = REQUEST('s_type');
$s_type = empty($s_type) ? 'nmap' : $s_type;
if (!array_key_exists($s_type, $scan_types)) {
header("Location: " . AV_MAIN_ROOT_PATH . "/404.php");
exit;
}
//Save current scan type in memory
$_SESSION['av_inventory_type'] = $s_type;
// Logcheck by s_type
if ($s_type == 'ocs') {
Session::logcheck('configuration-menu', 'AlienVaultInventory');
} else {
Session::logcheck('environment-menu', 'AlienVaultInventory');
}
?>
*
* You should have received a copy of the GNU General Public License
* along with this package; if not, write to the Free Software
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
* MA 02110-1301 USA
*
*
* On Debian GNU/Linux systems, the complete text of the GNU General
* Public License can be found in `/usr/share/common-licenses/GPL-2'.
*
* Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt
*
*/
require_once dirname(__FILE__) . '/../../conf/config.inc';
Session::logcheck('environment-menu', 'EventsHidsConfig');
$sensor_id = REQUEST('sensor_id');
ossim_valid($sensor_id, OSS_HEX, 'illegal:' . _('Sensor ID'));
if (!ossim_error()) {
$db = new ossim_db();
$conn = $db->connect();
if (!Ossec_utilities::is_sensor_allowed($conn, $sensor_id)) {
$db->close();
$error_msg = sprintf(_("Sensor %s not allowed. Please check with your account admin for more information"), Av_sensor::get_name_by_id($conn, $sensor_id));
echo ossim_error($error_msg);
exit;
}
$db->close();
}
//Current sensor
$_SESSION['ossec_sensor'] = $sensor_id;
?>
?>
</title>
<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
<link rel="stylesheet" type="text/css" href="../style/style.css"/>
</head>
<body>
<?php
require_once 'ossim_db.inc';
require_once 'classes/Security.inc';
$id = REQUEST('id');
$sid = REQUEST('sid');
$priority = REQUEST('priority');
$reliability = REQUEST('reliability');
$name = REQUEST('name');
$category = REQUEST('category');
$subCategory = REQUEST('subCategory');
ossim_valid($id, OSS_ALPHA, 'illegal:' . _("id"));
ossim_valid($sid, OSS_ALPHA, 'illegal:' . _("sid"));
ossim_valid($priority, OSS_ALPHA, 'illegal:' . _("priority"));
ossim_valid($reliability, OSS_ALPHA, 'illegal:' . _("reliability"));
ossim_valid($name, OSS_ALPHA, OSS_PUNC_EXT, OSS_SCORE, OSS_SPACE, OSS_NULLABLE, 'illegal:' . _("name"));
ossim_valid($category, OSS_NULLABLE, OSS_ALPHA, 'illegal:' . _("category"));
ossim_valid($subCategory, OSS_NULLABLE, OSS_ALPHA, 'illegal:' . _("subCategory"));
//
if ($category == 'NULL') {
$category = NULL;
$subCategory = NULL;
} else {
if ($subCategory == 'NULL') {
$subCategory = NULL;
}
* Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt
****************************************************************************/
/**
* Class and Function List:
* Function list:
* Classes list:
*/
require_once 'classes/Session.inc';
require_once 'ossim_db.inc';
require_once 'classes/Action.inc';
require_once 'classes/Security.inc';
Session::logcheck("MenuIntelligence", "PolicyActions");
$error = false;
$action = POST('action');
$action_id = POST('id');
$action_type = REQUEST('action_type');
$cond = POST('cond');
$on_risk = POST('on_risk') == "" ? "0" : "1";
$descr = POST('descr');
$email_from = POST('email_from');
$email_to = POST('email_to');
$email_subject = POST('email_subject');
$email_message = POST('email_message');
$exec_command = POST('exec_command');
$v_exec_command = $v_email = "";
if ($action_type == "email") {
$v_exec_commad = ",OSS_NULLABLE";
} else {
if ($action_type == "exec") {
$v_email = ",OSS_NULLABLE";
} else {
* MA 02110-1301 USA
*
*
* On Debian GNU/Linux systems, the complete text of the GNU General
* Public License can be found in `/usr/share/common-licenses/GPL-2'.
*
* Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt
*
*/
require_once dirname(__FILE__) . '/../../conf/config.inc';
Session::logcheck('environment-menu', 'EventsHidsConfig');
$events_hids_config = Session::menu_perms('environment-menu', 'EventsHidsConfig');
$agent_data = explode('###', base64_decode(GET('agent_data')));
$_POST['agent_id'] = $agent_data[0];
$_POST['ip_cidr'] = $agent_data[1];
$_POST['sensor_id'] = REQUEST('sensor_id');
$agent_id = POST('agent_id');
$ip_cidr = POST('ip_cidr');
$sensor_id = POST('sensor_id');
$validate = array('sensor_id' => array('validation' => "OSS_HEX", 'e_message' => 'illegal:' . _('Sensor ID')), 'sensor_id' => array('validation' => "OSS_HEX", 'e_message' => 'illegal:' . _('Agent ID')), 'ip_cidr' => array('validation' => 'OSS_IP_ADDRCIDR', 'e_message' => 'illegal:' . _('Agent IP')));
if ($ip_cidr == 'any') {
$validate['ip_cidr'] = array('validation' => 'any', 'e_message' => 'illegal:' . _('Agent IP'));
}
$validation_errors = validate_form_fields('POST', $validate);
//Get Sensor IP for selected sensor
if (empty($validation_errors)) {
$db = new ossim_db();
$conn = $db->connect();
if (!Ossec_utilities::is_sensor_allowed($conn, $sensor_id)) {
$db->close();
$validation_errors['sensor_id'] = sprintf(_("Sensor %s not allowed. Please check with your account admin for more information"), Av_sensor::get_name_by_id($conn, $sensor_id));
<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
<link rel="stylesheet" type="text/css" href="../style/style.css"/>
</head>
<body>
<?php
include "../hmenu.php";
?>
<?php
require_once 'classes/Security.inc';
$status = REQUEST('status');
$interactive = REQUEST('interactive');
$nsensors = REQUEST('nsensors');
$sensors = REQUEST('sensors');
$scheduler_id = REQUEST('scheduler_id');
ossim_valid($nsensors, OSS_ALPHA, OSS_NULLABLE, 'illegal:' . _("nsensors"));
ossim_valid($status, OSS_ALPHA, OSS_NULLABLE, 'illegal:' . _("Status"));
ossim_valid($scheduler_id, OSS_DIGIT, OSS_NULLABLE, 'illegal:' . _("Status"));
if (ossim_error()) {
die(ossim_error());
}
require_once 'ossim_acl.inc';
require_once 'ossim_db.inc';
require_once 'classes/Sensor.inc';
require_once 'classes/Net_group_scan.inc';
require_once 'classes/Net_group.inc';
require_once 'classes/Net_scan.inc';
require_once 'classes/Host_group_scan.inc';
require_once 'classes/Host_group.inc';
require_once 'classes/Host_scan.inc';
* Public License can be found in `/usr/share/common-licenses/GPL-2'.
*
* Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt
*
*/
require_once 'av_init.php';
Session::logcheck("configuration-menu", "Osvdb");
// DB connect
$db = new ossim_db();
$conn = $db->connect();
// Get upload dir from ossim config file
$user = $_SESSION["_user"];
$conf = $GLOBALS["CONF"];
$uploads_dir = $conf->get_conf("repository_upload_dir");
$id_document = GET('id_document') != "" ? GET('id_document') : (POST('id_document') != "" ? POST('id_document') : "");
$go_back = intval(REQUEST("go_back"));
$error = FALSE;
$info_error = NULL;
if (empty($_FILES) && empty($_POST) && empty($_GET)) {
$msg = "The server was unable to handle that much POST data (" . $_SERVER['CONTENT_LENGTH'] . " bytes) due to its current configuration";
echo ossim_error(_($msg));
exit;
}
if (!ossim_valid($id_document, OSS_DIGIT, 'illegal:' . _("Document ID"))) {
echo ossim_error(_("Document ID not allowed"));
exit;
}
if (!is_dir($uploads_dir)) {
echo ossim_error(_("Upload directory does not exist") . " <strong>{$uploads_dir}</strong><br>" . _("Please, Check OSSIM configuration options."), AV_WARNING);
exit;
}
$asset = $conf->get_conf("def_asset") != "" ? $conf->get_conf("def_asset") : "2";
$rrd_profile = "None";
$scan = REQUEST('scan');
$ip = REQUEST('ip');
$num_ips = REQUEST('ips');
$type_action = REQUEST('action');
ossim_valid($ip, OSS_IP_ADDR, OSS_NULLABLE, 'illegal:' . _("Ip"));
ossim_valid($ips, OSS_DIGIT, OSS_NULLABLE, 'illegal:' . _("Hosts"));
ossim_valid($scan, OSS_ALPHA, OSS_NULLABLE, 'illegal:' . _("Scan"));
ossim_valid($type_action, "duplicate", OSS_NULLABLE, 'illegal:' . _("Action"));
if (ossim_error()) {
die(ossim_error());
}
if (!empty($scan)) {
$groupname = isset($_REQUEST['groupname']) ? REQUEST('groupname') : $_SESSION['_host']['groupname'];
$ip = REQUEST('target');
$action = "../netscan/scan_db.php";
$submit_function = "submit_form()";
for ($i = 0; $i < $num_ips; $i++) {
$item_ip = "ip_{$i}";
$ips_address[] = isset($_SESSION['_host'][$item_ip]) ? $_SESSION['_host'][$item_ip] : POST($item_ip);
}
} else {
$action = "newhost.php";
$submit_function = "check_host()";
}
if (isset($_SESSION['_host'])) {
$hostname = $_SESSION['_host']['hostname'];
$ip = $_SESSION['_host']['ip'];
$fqdns = $_SESSION['_host']['fqdns'];
$descr = $_SESSION['_host']['descr'];
$groupType = REQUEST('groupType');
ossim_valid($action, OSS_ALPHA, OSS_NULLABLE, 'illegal:' . _("Action"));
ossim_valid($id, OSS_DIGIT, OSS_NULLABLE, 'illegal:' . _("ID"));
ossim_valid($minute, OSS_CRONTAB, 'illegal:' . _("Minute"));
ossim_valid($hour, OSS_CRONTAB, 'illegal:' . _("Hour"));
ossim_valid($day_month, OSS_CRONTAB, 'illegal:' . _("Day of month"));
ossim_valid($month, OSS_CRONTAB, 'illegal:' . _("Month"));
ossim_valid($day_week, OSS_CRONTAB, 'illegal:' . _("Day of week"));
if (ossim_error()) {
die(ossim_error());
}
if ($groupType == "sensor") {
$sensors = array();
for ($i = 0; $i < $nsensors; $i++) {
if (REQUEST("sensor{$i}") != null) {
array_push($sensors, REQUEST("sensor{$i}"));
}
}
if (!count($sensors)) {
die(ossim_error(_("At least one Sensor required")));
}
} else {
$netgroup_array = POST("netgroupList");
$hostgroup_array = POST("hostgroupList");
$net_array = POST("netList");
$host_array = POST("hostList");
if (!count($netgroup_array) and !count($hostgroup_array) and !count($net_array) and !count($host_array)) {
die(ossim_error(_("At least one Netgroup/Hostgroup/Net/Host required")));
}
}
Plugin_scheduler::insert($conn, $plugin, $minute, $hour, $day_month, $month, $day_week, $sensors, $netgroup_array, $hostgroup_array, $net_array, $host_array, $groupType);
$fullname = REQUEST('fullname');
//Bookmark string
$bookmark = REQUEST('bookmark_string');
$pass = trim($pass);
$pass1 = trim($pass1);
$email = trim($email);
$fullname = trim($fullname);
if ($fullname == '') {
$fullname = 'AlienVault admin';
}
$company = REQUEST('company');
$location = REQUEST('search_location');
$lat = REQUEST('latitude');
$lng = REQUEST('longitude');
$country = REQUEST('country');
$track_usage_information = intval(REQUEST('track_usage_information'));
ossim_valid($embed, 'true', OSS_NULLABLE, 'illegal:' . _('Embed'));
ossim_valid($user, OSS_USER, OSS_NULLABLE, 'illegal:' . _('User name'));
ossim_valid($mobile, OSS_LETTER, OSS_NULLABLE, 'illegal:' . _('Mobile'));
ossim_valid($accepted, OSS_NULLABLE, 'yes', 'no', 'illegal:' . _('First login'));
ossim_valid($email, OSS_MAIL_ADDR, OSS_NULLABLE, 'illegal:' . _('E-mail'));
ossim_valid($fullname, OSS_ALPHA, OSS_PUNC, OSS_AT, OSS_NULLABLE, 'illegal:' . _('Full Name'));
ossim_valid($company, OSS_ALPHA, OSS_PUNC_EXT, OSS_NULLABLE, 'illegal:' . _('Company Name'));
ossim_valid($location, OSS_ALPHA, OSS_PUNC_EXT, OSS_NULLABLE, 'illegal:' . _('Location'));
ossim_valid($lat, OSS_DIGIT, OSS_DOT, OSS_SCORE, OSS_NULLABLE, 'illegal:' . _('Latitude'));
ossim_valid($lng, OSS_DIGIT, OSS_DOT, OSS_SCORE, OSS_NULLABLE, 'illegal:' . _('Longitude'));
ossim_valid($country, OSS_LETTER, OSS_NULLABLE, 'illegal:' . _('Country'));
ossim_valid($track_usage_information, OSS_BINARY, 'illegal:' . _('Track Usage Information'));
if (ossim_error()) {
echo ossim_error();
exit;
*
* Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt
*
*/
require_once 'av_init.php';
require_once 'languages.inc';
Session::logcheck('configuration-menu', 'ConfigurationUsers');
// Load column layout
require_once '../conf/layout.php';
$category = 'policy';
$name_layout = 'host_layout';
$layout = load_layout($name_layout, $category);
$db = new ossim_db();
$conn = $db->connect();
$action = REQUEST('action');
$user_id = REQUEST('user_id');
$language = POST('language');
if (ossim_error()) {
die(ossim_error());
}
$proadmin = Session::am_i_admin() || Session::is_pro() && Acl::am_i_proadmin();
// admin user or pro admin
/* Allowed actions:
- Enable/disable user
- Expire session
- Change language
*/
if ($action != "" && $user_id != '') {
$myself = Session::get_session_user();
ossim_valid($user_id, OSS_USER, 'illegal:' . _('User ID'));
$_POST["email_to"] = str_replace(_("email;email;email"), "", $_POST["email_to"]);
$action = POST('action');
$action_id = POST('id');
$action_type = REQUEST('action_type');
$cond = POST('cond');
$on_risk = POST('on_risk') == "" ? "0" : "1";
$name = POST('action_name');
$descr = POST('descr');
$email_from = POST('email_from');
$email_to = POST('email_to');
$email_subject = POST('email_subject');
$email_message = POST('email_message');
$exec_command = POST('exec_command');
$tuser = POST('transferred_user');
$tentity = POST('transferred_entity');
$old_name = REQUEST('old_name');
if ($pro) {
$ctx = POST('ctx');
} else {
$ctx = Session::get_default_ctx();
}
$v_exec_command = $v_email = "";
if ($action_type == "1") {
$v_exec_commad = ",OSS_NULLABLE";
$v_ticket_u = ",OSS_NULLABLE";
$v_ticket_e = ",OSS_NULLABLE";
} else {
if ($action_type == "2") {
$v_email = ",OSS_NULLABLE";
$v_ticket_u = ",OSS_NULLABLE";
$v_ticket_e = ",OSS_NULLABLE";
}
if ($_GET['name'] == 'task_period') {
$task_period = intval(GET($_GET['name']));
if ($task_period < 1800) {
$data['status'] = 'error';
$data['data'][$_GET['name']] = _('Invalid time between scans') . '. <br/>' . _('Entered value') . ": '<strong>" . Util::htmlentities($task_period) . "</strong>' (1800(s) " . _("minimum") . ")";
}
}
}
echo json_encode($data);
exit;
} else {
if (POST('mode') == 'insert' || POST('mode') == 'update' || GET('mode') == 'delete') {
//Check Token
if (!isset($_POST['ajax_validation_all']) || POST('ajax_validation_all') == FALSE) {
if (!Token::verify('tk_form_task', REQUEST('token'))) {
Token::show_error();
exit;
}
}
}
$validation_errors = validate_form_fields('POST', $validate);
if (empty($validation_errors['task_params'])) {
if ($_SESSION['av_inventory_type'] == 'nmap') {
$task_params = POST('task_params');
$task_sensor = POST('task_sensor');
if (!Asset_net::is_cidr_in_my_nets($conn, $task_params)) {
$validation_errors['task_params'] = _('Network not allowed') . '. Check your asset filter. <br/>' . _('Entered value') . ": <strong>'" . Util::htmlentities($task_params) . "</strong>'";
} else {
if (!Asset_net::check_cidr_by_sensor($conn, $task_params, $task_sensor)) {
$validation_errors['task_params'] = _("You can't scan the specified network using this sensor");
*
* On Debian GNU/Linux systems, the complete text of the GNU General
* Public License can be found in `/usr/share/common-licenses/GPL-2'.
*
* Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt
*
*/
require_once dirname(__FILE__) . '/../../conf/config.inc';
Session::logcheck('environment-menu', 'EventsHidsConfig');
session_write_close();
$validation_errors = array();
$sensor_id = POST('sensor_id');
$asset_id = POST('asset_id');
$token = POST('token');
$_REQUEST['ip_cidr'] = strtolower(REQUEST('ip_cidr'));
$ip_cidr = REQUEST('ip_cidr');
$validate = array('sensor_id' => array('validation' => "OSS_HEX", 'e_message' => 'illegal:' . _('Sensor ID')), 'asset_id' => array('validation' => "OSS_HEX", 'e_message' => 'illegal:' . _('Asset')), 'ip_cidr' => array('validation' => 'OSS_IP_ADDRCIDR', 'e_message' => 'illegal:' . _('IP/CIDR')));
if ($ip_cidr == 'any') {
$validate['ip_cidr'] = array('validation' => 'any', 'e_message' => 'illegal:' . _('IP/CIDR'));
}
$db = new ossim_db();
$conn = $db->connect();
//Check Token
if (!Token::verify('tk_f_agents', $token)) {
$error = Token::create_error_message();
Util::response_bad_request($error);
}
$validation_errors = validate_form_fields('POST', $validate);
//Extra validations
if (empty($validation_errors['sensor_id']) && !Ossec_utilities::is_sensor_allowed($conn, $sensor_id)) {
$validation_errors['sensor_id'] = sprintf(_("Sensor %s not allowed. Please check with your account admin for more information"), Av_sensor::get_name_by_id($conn, $sensor_id));
$last_pass_change = date('Y-m-d H:i:s');
$first_login = 0;
$is_admin = 0;
$sel_assets = array();
$sel_sensors = array();
$template_id = '';
if ($pro) {
$entities = array();
} else {
$company = '';
$departament = '';
}
//Parameters
$greybox = REQUEST('greybox');
$duplicate = GET('duplicate') != '' ? TRUE : FALSE;
$login = REQUEST('login');
$msg = GET('msg');
$load_cookies = $_GET['load_cookies'];
//Check login
if ($login != '') {
ossim_valid($login, OSS_USER, 'illegal:' . _('User name'));
}
// Session parameters
$myself = Session::get_session_user();
$am_i_admin = Session::am_i_admin();
$is_default_admin = $login == AV_DEFAULT_ADMIN ? TRUE : FALSE;
$am_i_proadmin = $pro && Acl::am_i_proadmin() ? TRUE : FALSE;
$is_my_profile = $login == $myself && !$duplicate ? TRUE : FALSE;
ossim_valid($greybox, OSS_DIGIT, OSS_NULLABLE, 'illegal:' . _('Greybox'));
if (ossim_error()) {
echo ossim_error();
// grullist nr5MpjEYAvWnVuY8
require_once "config/config.php";
require_once "libs/get_post.lib.php";
require_once "libs/user.class.php";
require_once "libs/termin.class.php";
$u = new User();
if (isREQUEST("user") && isREQUEST("passwd")) {
$u->login(REQUEST("user"), REQUEST("passwd"));
}
if ($usr = $u->logedin()) {
$ret = array();
switch (REQUEST("action", REQUEST("a", ""))) {
case "user":
$ret = $usr;
break;
case "dateadd":
$t = new Termin();
$ret = $t->dateadd(REQUEST("t"), $usr["id"], REQUEST("z"));
break;
case "vote":
$t = new Termin();
$ret = $t->vote(REQUEST("t"), $usr["id"], REQUEST("z"), REQUEST("v"));
break;
default:
$ret = array("error" => "action: " . (isset($_GET["action"]) ? $_GET["action"] : "undefined"));
}
echo json_encode($ret);
} else {
header("HTTP/1.0 401 Unauthorized");
echo json_encode(array("error" => "401"));
}
$scan_types = array('nmap' => 5, 'ocs' => 3, 'wmi' => 4);
$frequencies = array('3600' => 'Hourly', '86400' => 'Daily', '604800' => 'Weekly', '2419200' => 'Monthly');
$s_type = REQUEST('s_type');
$s_type = empty($s_type) ? $_SESSION['av_inventory_type'] : $s_type;
if (!array_key_exists($s_type, $scan_types)) {
header("Location: " . AV_MAIN_ROOT_PATH . "/404.php");
exit;
}
// Logcheck by s_type
if ($s_type == 'ocs') {
Session::logcheck('configuration-menu', 'AlienVaultInventory');
} else {
Session::logcheck('environment-menu', 'AlienVaultInventory');
}
//Getting data
$task_id = intval(REQUEST('task_id'));
ossim_valid($id, OSS_DIGIT, OSS_NULLABLE, 'illegal:' . _('Task ID'));
if (ossim_error()) {
ossim_error();
exit;
}
$db = new ossim_db();
$conn = $db->connect();
if (!empty($task_id)) {
try {
$task_obj = Inventory::get_object($conn, $task_id);
$name = $task_obj['task_name'];
$sensor_id = $task_obj['task_sensor'];
$params = $task_obj['task_params'];
$period = $task_obj['task_period'];
} catch (Exception $e) {
function register($template)
{
$dbuser = new User();
if (isREQUEST("logout")) {
$dbuser->logout();
}
if (isREQUEST("user") && isREQUEST("password")) {
$usr = $dbuser->logout()->login(REQUEST("user"), REQUEST("password"));
if (!$usr) {
$template->add("error", "Login fehlgeschlagen");
}
}
if ($usr = $dbuser->logedin()) {
$template->redirect(".");
return;
}
// Alle Angaben korrekt?
if (!isREQUEST("email") || !preg_match("/[a-z0-9-]*@[a-z0-9-]*\\.[a-z]*/i", REQUEST("email"))) {
$template->add("regerror", "EMail nicht angegeben oder falsch");
$template->view("login");
return;
}
if (!isREQUEST("nick")) {
$template->add("regerror", "Nick nicht angegeben");
$template->view("login");
return;
}
if (!isREQUEST("password1") || !isREQUEST("password2") || REQUEST("password1") != REQUEST("password2")) {
$template->add("regerror", "Passswort nicht angegeben oder ungleich");
$template->view("login");
return;
}
// Existiert der Benuter schon?
if ($dbuser->exist(REQUEST("nick"), REQUEST("email"))) {
$template->add("regerror", "Nick oder Mail existieren schon");
$template->view("login");
return;
}
// Benutzer anlegen
$activationpass = str_shuffle(md5(rand()));
$dbuser->create(REQUEST("nick"), REQUEST("email"), REQUEST("password1"), $activationpass);
$mail = new Mail();
global $CONFIG;
$mail->userActivation(REQUEST("nick"), REQUEST("email"), $CONFIG["ServerDir"] . "?activate=" . $activationpass);
$template->add("regsuccess", "Mail wurde versandt");
$template->view("login");
}
require_once 'classes/session.inc';
//Security functions
require_once 'classes/Security.inc';
//Check IDS Security
ids();
//Check session status
//No check in these cases (Scheduled reports and migration)
if (!preg_match('/AV Report Scheduler/', $_SERVER['HTTP_USER_AGENT']) && !preg_match('/migration/', $_SERVER['REQUEST_URI'])) {
Session::is_expired();
}
if (Session::get_session_user() != '') {
//Set menu options
$m_opt = REQUEST('m_opt');
$sm_opt = REQUEST('sm_opt');
$h_opt = REQUEST('h_opt');
$l_opt = REQUEST('l_opt');
ossim_valid($m_opt, OSS_LETTER, OSS_DIGIT, OSS_SCORE, OSS_NULLABLE, 'illegal:' . _('Menu option'));
ossim_valid($sm_opt, OSS_LETTER, OSS_DIGIT, OSS_SCORE, OSS_NULLABLE, 'illegal:' . _('Submenu option'));
ossim_valid($h_opt, OSS_LETTER, OSS_DIGIT, OSS_SCORE, OSS_NULLABLE, 'illegal:' . _('Hmenu option'));
ossim_valid($l_opt, OSS_LETTER, OSS_DIGIT, OSS_SCORE, OSS_NULLABLE, 'illegal:' . _('Lmenu option'));
//Chenck menu options
if (ossim_error()) {
header('Location: ' . AV_MAIN_PATH . '/session/login.php?action=logout');
}
$av_menu = @unserialize($_SESSION['av_menu']);
//Check menu object
if (!is_object($av_menu) || empty($av_menu)) {
$db = new ossim_db();
$conn = $db->connect();
$av_menu = new Menu($conn);
$db->close();
?>
</a> |
<a href="main.php"><?php
echo _('No');
?>
</a>
</p>
<?php
exit;
}
$config = new Config();
$config->reset();
header('Location: ' . $_SERVER['SCRIPT_NAME'] . '?word=' . $word . '§ion=' . $section);
exit;
}
$default_open = REQUEST('open');
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title> <?php
echo _('Advanced Configuration');
?>
</title>
<meta http-equiv="Pragma" content="no-cache"/>
<?php
//CSS Files
$_files = array(array('src' => 'av_common.css', 'def_path' => TRUE), array('src' => 'jquery-ui.css', 'def_path' => TRUE), array('src' => 'tipTip.css', 'def_path' => TRUE), array('src' => 'jquery.timepicker.css', 'def_path' => TRUE));
Util::print_include_files($_files, 'css');
//JS Files
*
* On Debian GNU/Linux systems, the complete text of the GNU General
* Public License can be found in `/usr/share/common-licenses/GPL-2'.
*
* Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt
*
*/
require_once 'av_init.php';
Session::logcheck('configuration-menu', 'CorrelationCrossCorrelation');
$action = 'insert';
$url_form = 'newpluginref.php';
$button_text = Util::js_entities(_("Create rule"));
$plugin_id1 = REQUEST('plugin_id1');
$plugin_id2 = REQUEST('plugin_id2');
$plugin_sid1 = REQUEST('plugin_sid1');
$plugin_sid2 = REQUEST('plugin_sid2');
if ($plugin_id1 != '' || $plugin_id2 != '' || $plugin_sid1 != '' || $plugin_sid2 != '') {
$action = 'modify';
$url_form = 'modifypluginref.php';
$button_text = Util::js_entities(_('Save rule'));
ossim_valid($plugin_id1, OSS_DIGIT, 'illegal:' . _('Plugin ID1'));
ossim_valid($plugin_id2, OSS_DIGIT, 'illegal:' . _('Plugin ID2'));
ossim_valid($plugin_sid1, OSS_DIGIT, 'illegal:' . _('Plugin SID1'));
ossim_valid($plugin_sid2, OSS_DIGIT, 'illegal:' . _('Plugin SID2'));
if (ossim_error()) {
echo ossim_error();
exit;
}
}
$db = new ossim_db();
$conn = $db->connect();
$buff = ereg_replace("ntop_link=([^\n]*)", "ntop_link={$ntop_link}", $buff);
$buff = ereg_replace("opennms_link=([^\n]*)", "opennms_link={$opennms_link}", $buff);
$buff = ereg_replace("mrtg_link=([^\n]*)", "mrtg_link={$mrtg_link}", $buff);
$buff = ereg_replace("graph_link=([^\n]*)", "graph_link={$graph_link}", $buff);
if (!($fd = fopen($location, "w"))) {
echo gettext("Error opening file") . " \n";
}
fwrite($fd, $buff);
fclose($fd);
system("scp {$OSSIM_FILE} root@{$ip}:{$REMOTE_PATH}/ossim.conf");
echo "<p> " . gettext("Sensor edit completed") . " </p>\n";
} elseif (POST('ossimload')) {
system("scp {$OSSIM_FILE_DEFAULT} root@{$ip}:{$REMOTE_PATH}/ossim.conf");
system("cp {$OSSIM_FILE_DEFAULT} {$OSSIM_FILE}");
echo "<p> " . gettext("Default values loaded") . " </p>\n";
} elseif (REQUEST('spade')) {
if (!($fd = fopen($SPADE_FILE, 'r+'))) {
echo gettext("Error opening") . " {$SPADE_FILE} " . gettext("file") . " \n";
exit;
}
while (!feof($fd)) {
$line = fgets($fd, 4096);
if (preg_match("/^var SPADEDIR ([^\n]*)/", $line, $regs)) {
$spadedir = $regs[1];
}
if (preg_match("/preprocessor spade:/", $line, $regs)) {
if (preg_match("/dest=([^\\s]+)/", $line, $regs)) {
$spade_dest = $regs[1];
}
if (preg_match("/logfile=([^\\s]+)/", $line, $regs)) {
$spade_logfile = $regs[1];
}
} else {
$summary['general']['statistics']['errors'] = count($data);
//CSV file is not empty, but all lines are wrong
if (empty($summary['general']['status'])) {
$summary['general']['status'] = 'error';
$summary['general']['data'] = _('Nets could not be imported');
}
}
$db->close();
return $summary;
}
/****************************************************
******************** Import data *******************
****************************************************/
$import_type = REQUEST('import_type');
$import_type = empty($import_type) ? 'networks' : $import_type;
if ($_POST['import_assets'] == 1) {
$data['status'] = 'error';
$data['data'] = NULL;
$file_csv = $_SESSION['file_csv'];
unset($_SESSION['file_csv']);
$iic = POST('iic');
$ctx = POST('ctx');
if (Session::is_pro()) {
if (!valid_hex32($ctx) || Acl::entityAllowed($ctx) < 1) {
$data['data'] = empty($ctx) ? _('You must select an entity') : _('Entity not allowed');
echo json_encode($data);
exit;
}
} else {
* You should have received a copy of the GNU General Public License
* along with this package; if not, write to the Free Software
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
* MA 02110-1301 USA
*
*
* On Debian GNU/Linux systems, the complete text of the GNU General
* Public License can be found in `/usr/share/common-licenses/GPL-2'.
*
* Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt
*
*/
require_once 'av_init.php';
Session::logcheck_by_asset_type('asset');
Session::logcheck('environment-menu', 'EventsHidsConfig');
$action = REQUEST('action');
$allowed_action = array('show_unsupported' => 1, 'remove_unsupported' => 2, 'deploy_all_agents' => 3);
if (empty($allowed_action[$action])) {
Util::response_bad_request(_('Error! Action not allowed'));
}
$db = new Ossim_db();
$conn = $db->connect();
switch ($action) {
case 'show_unsupported':
$data['status'] = 'success';
$data['data'] = _('Your request has been processed');
try {
//Number of assets in the system
list($assets, $total_assets) = Asset_host::get_list($conn, '', array('limit' => 1));
//Number of selected assets
$total_selected = Filter_list::get_total_selection($conn, 'asset');
