function delete_nfsen_source($data)
{
if (!Session::am_i_admin()) {
$return['error'] = TRUE;
$return['msg'] = _('Action not authorized');
return $return;
}
require_once '../sensor/nfsen_functions.php';
$sensor = $data['sensor'];
ossim_valid($sensor, OSS_ALPHA, 'illegal:' . _('Nfsen Source'));
if (ossim_error()) {
$info_error = _('Error') . ': ' . ossim_get_error();
ossim_clean_error();
$return['error'] = TRUE;
$return['msg'] = $info_error;
return $return;
}
$res = delete_nfsen($sensor);
if ($res['status'] == 'success') {
$return['error'] = FALSE;
$return['msg'] = _('Source deleted successfully');
//To forcer load variables in session again
unset($_SESSION['tab']);
} else {
$return['error'] = TRUE;
$return['msg'] = $res['data'];
}
return $return;
}
function check_ossim_error()
{
if (ossim_error()) {
$error = ossim_get_error();
ossim_clean_error();
Av_exception::throw_error(Av_exception::USER_ERROR, $error);
}
}
function check_ossim_error($throw_excep = TRUE)
{
if (ossim_error()) {
$error = ossim_get_error();
ossim_clean_error();
if ($throw_excep) {
Av_exception::throw_error(Av_exception::USER_ERROR, $error);
} else {
Util::response_bad_request($error);
}
}
}
function modify_plugingroup_plugin($conn, $data)
{
$plugin_group = $data['plugin_group'];
$plugin_id = $data['plugin_id'];
$sids_str = $data['plugin_sids'];
ossim_valid($plugin_id, OSS_DIGIT, 'illegal:' . _("Plugin ID"));
ossim_valid($plugin_group, OSS_HEX, 'illegal:' . _("Plugin GroupID"));
if (ossim_error()) {
$info_error = "Error: " . ossim_get_error();
ossim_clean_error();
$return['error'] = true;
$return['msg'] = $info_error;
return $return;
}
$total_sel = 1;
if (is_array($sids_str)) {
$total_sel = count($sids_str);
$sids_str = implode(',', $sids_str);
}
if ($sids_str !== '') {
list($valid, $data) = Plugin_sid::validate_sids_str($sids_str);
if (!$valid) {
$return['error'] = true;
$return['msg'] = _("Error for data source ") . $plugin_id . ': ' . $data;
return $return;
}
if ($sids_str == "ANY") {
$sids_str = "0";
} else {
$total = Plugin_sid::get_sidscount_by_id($conn, $plugin_id);
$sids_str = $total_sel == $total ? "0" : $sids_str;
}
Plugin_group::edit_plugin($conn, $plugin_group, $plugin_id, $sids_str);
}
$return['error'] = false;
$return['output'] = '';
return $return;
}
function modify_deploy_hosts($wizard, $data)
{
$os = $data['os'];
$hosts = $data['hosts'];
$username = $data['username'];
$password = $data['password'];
$domain = $data['domain'];
ossim_valid($os, "windows|linux", 'illegal:' . _('Deploy Option'));
ossim_valid($hosts, OSS_HEX, 'illegal:' . _('Host'));
ossim_valid($username, OSS_USER_2, 'illegal:' . _('Username'));
ossim_valid($password, OSS_PASSWORD, 'illegal:' . _('Password'));
ossim_valid($domain, OSS_NOECHARS, OSS_ALPHA, OSS_PUNC_EXT, OSS_NULLABLE, 'illegal:' . _('Domain'));
if (ossim_error()) {
$response['error'] = TRUE;
$response['msg'] = ossim_get_error();
ossim_clean_error();
return $response;
}
$domain = $os == 'windows' ? $domain : '';
//Encrypting password to save it in the object
$pass_c = Util::encrypt($password, Util::get_system_uuid());
//First we clean the deploy info stored in the object
$wizard->clean_step_data();
//Saving the info to achieve the deploy
$wizard->set_step_data('deploy_os', $os);
$wizard->set_step_data('deploy_username', $username);
$wizard->set_step_data('deploy_password', $pass_c);
$wizard->set_step_data('deploy_domain', $domain);
$wizard->set_step_data('deploy_hosts', $hosts);
//Setting the deploy step to 1 (Inicialized)
$wizard->set_step_data('deploy_step', 1);
//Saving wizard status
$wizard->save_status();
$response['error'] = FALSE;
return $response;
}
$info_error = '<div>' . _('We Found the following errors') . ':</div><div style="padding:10px;">' . implode('<br/>', $validation_errors) . '</div>';
}
}
}
//Form actions
if (empty($step)) {
unset($_SESSION['_al_new']);
$sensor_id = GET('sensor');
ossim_valid($sensor_id, OSS_HEX, 'illegal:' . _('Sensor'));
if (!ossim_error()) {
if (!Ossec_utilities::is_sensor_allowed($conn, $sensor_id)) {
ossim_set_error(_('Error! Sensor not allowed'));
}
}
if (ossim_error()) {
$info_error = ossim_get_error();
} else {
$sensor_name = Av_sensor::get_name_by_id($conn, $sensor_id);
$_SESSION['_al_new']['sensor'] = $sensor_id;
$_SESSION['_al_new']['sensor_name'] = $sensor_name;
}
} elseif ($step == 1 || $step == 2 && !empty($back)) {
$hostname = $_SESSION['_al_new']['hostname'] = POST('hostname');
$ip = $_SESSION['_al_new']['ip'] = POST('ip');
$user = $_SESSION['_al_new']['user'] = POST('user');
$pass = $_SESSION['_al_new']['pass'] = POST('pass');
$passc = $_SESSION['_al_new']['passc'] = POST('passc');
$ppass = $_SESSION['_al_new']['ppass'] = POST('ppass');
$ppassc = $_SESSION['_al_new']['ppassc'] = POST('ppassc');
$use_su = $_SESSION['_al_new']['use_su'] = intval(POST('use_su'));
$descr = $_SESSION['_al_new']['descr'] = POST('descr');
* Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt
*
*/
require_once 'av_init.php';
require_once '../deploy_common.php';
//Checking perms
check_deploy_perms();
/* connect to db */
$db = new ossim_db(TRUE);
$conn = $db->connect();
$type = GET('type');
$id = GET('id');
ossim_valid($id, OSS_HEX, 'illegal:' . _("Network ID"));
ossim_valid($type, "network", "server", 'illegal:' . _("Asset Type"));
if (ossim_error()) {
$error_msg = "Error: " . ossim_get_error();
$error = true;
ossim_clean_error();
}
$type = $type == 'server' ? 1 : 4;
$sql = "SELECT distinct HEX(h.id) as id, h.hostname, MAX(DATE(ac.timestamp)) as log\n\t\t\t\tFROM alienvault.host_types t, alienvault.host_net_reference hn, alienvault.host h \n\t\t\t\tLEFT JOIN alienvault_siem.ac_acid_event ac ON ac.src_host = h.id\n\t\t\t\tWHERE h.id=hn.host_id AND h.id=t.host_id AND t.type=? AND hn.net_id=UNHEX(?)\n\t\t\t\tGROUP BY h.id\n\t\t\t\t";
$params = array($type, $id);
$asset_list = array();
if ($rs = $conn->Execute($sql, $params)) {
while (!$rs->EOF) {
try {
$ips = Asset_host_ips::get_ips_to_string($conn, $rs->fields['id']);
} catch (Exception $e) {
$ips = '';
}
$asset_list[] = array('id' => $rs->fields['id'], 'name' => $rs->fields["hostname"], 'ip' => $ips, 'log' => $rs->fields["log"]);
function insert_link($conn, $data)
{
$new_linkname = $data['link'];
$id_document = $data['id'];
$link_type = $data['type'];
ossim_valid($link_type, OSS_INPUT, 'Illegal:' . _('Link Type'));
ossim_valid($id_document, OSS_DIGIT, 'Illegal:' . _('Document ID'));
switch ($link_type) {
case 'directive':
ossim_valid($new_linkname, OSS_DIGIT, 'illegal:' . _('Directive'));
break;
case 'incident':
ossim_valid($new_linkname, OSS_DIGIT, 'illegal:' . _('Incident ID'));
break;
case 'plugin_sid':
$plugin = explode('##', $new_linkname);
ossim_valid($plugin[0], OSS_DIGIT, 'illegal:' . _('Plugin SID'));
ossim_valid($plugin[1], OSS_DIGIT, 'illegal:' . _('Plugin ID'));
break;
case 'host':
case 'host_group':
case 'net':
case 'net_group':
ossim_valid($new_linkname, OSS_HEX, 'illegal:' . _('Asset ID'));
break;
case 'taxonomy':
$tax = explode('##', $new_linkname);
ossim_valid($tax[0], OSS_DIGIT, 'illegal:' . _('Product Type'));
ossim_valid($tax[1], OSS_DIGIT, 'illegal:' . _('Category'));
ossim_valid($tax[2], OSS_DIGIT, 'illegal:' . _('Subcategory'));
break;
default:
$return['error'] = TRUE;
$return['msg'] = _('Invalid Link Type');
return $return;
}
if (ossim_error()) {
$info_error = _('Error') . ': ' . ossim_get_error();
ossim_clean_error();
$return['error'] = TRUE;
$return['msg'] = $info_error;
return $return;
}
$result = Repository::insert_relationships($conn, $id_document, $link_type, $new_linkname);
if (!empty($result)) {
$return['error'] = TRUE;
$return['msg'] = $result;
return $return;
}
if ($link_type == 'plugin_sid') {
$result = Repository::insert_snort_references($conn, $id_document, $plugin[1], $plugin[0]);
if (!empty($result)) {
$return['error'] = TRUE;
$return['msg'] = $result;
return $return;
}
}
$info_item['key'] = $new_linkname;
$info_item['id'] = $id_document;
$info_item['type'] = $link_type;
$item_html = build_item_list($conn, $info_item);
$return['error'] = FALSE;
$return['data'] = $item_html;
$return['msg'] = _('Link inserted successfully');
return $return;
}
$res['data'] = md5($cidr);
}
echo json_encode($res);
exit;
} elseif ($action == 'check_server') {
$new_server = POST('new_server');
$old_server = POST('old_server');
$priority = POST('priority');
ossim_valid($new_server, OSS_IP_ADDR, 'illegal:' . _('IP Address'));
ossim_valid($priority, '0,1,2,3,4,5', 'illegal:' . _('Priority'));
if (!empty($old_server)) {
ossim_valid($old_server, OSS_IP_ADDR, 'illegal:' . _('IP Address'));
}
if (ossim_error()) {
$res['status'] = 'error';
$res['data'] = ossim_get_error();
echo json_encode($res);
exit;
}
session_start();
$cnf_data = $_SESSION['sensor_cnf'];
$server_ip = $cnf_data['server_ip']['value'];
session_write_close();
//Update master server
if (!empty($old_server) && $old_server == $server_ip) {
$res['status'] = 'success';
$res['data']['id'] = md5($new_server);
$res['data']['server_type'] = _('Server, Inventory');
$res['data']['is_master'] = TRUE;
} else {
$res['status'] = 'success';
function check_security($value, $match, $value2 = NULL, $userfriendly = false)
{
require_once "classes/Security.inc";
switch ($match) {
case "text":
ossim_valid($value, OSS_SPACE, OSS_ALPHA, OSS_SCORE, OSS_SLASH, OSS_DOT, 'illegal:' . _("{$match} value"));
break;
case "ip":
// "LIKE" patch
if (preg_match("/^\\d+\\.\\d+\\.\\d+\$/", $value)) {
$value .= ".0";
} elseif (preg_match("/^\\d+\\.\\d+\$/", $value)) {
$value .= ".0.0";
} elseif (preg_match("/^\\d+\$/", $value)) {
$value .= ".0.0.0";
}
ossim_valid($value, OSS_IP_ADDR, 'illegal:' . _("{$match} value"));
break;
case "network":
ossim_valid($value, OSS_IP_CIDR, 'illegal:' . _("{$match} value"));
break;
case "number":
ossim_valid($value, OSS_DIGIT, 'illegal:' . _("{$match} value"));
break;
case "fixed":
ossim_valid($value, OSS_SPACE, OSS_ALPHA, OSS_SCORE, OSS_SLASH, OSS_DOT, 'illegal:' . _("{$match} value"));
//ossim_valid($value, OSS_ALPHA, OSS_SCORE, OSS_SLASH, 'illegal:' . _("$match value"));
break;
case "concat":
ossim_valid($value, OSS_ALPHA, '-', 'illegal:' . _("{$match} value"));
break;
case "fixedText":
ossim_valid($value2, OSS_SPACE, OSS_ALPHA, OSS_SCORE, OSS_SLASH, 'illegal:' . _("{$match} value"));
ossim_valid($value, OSS_ALPHA, OSS_SCORE, OSS_SLASH, 'illegal:' . _("{$match} value"));
break;
}
if (ossim_error()) {
?>
<table class="noborder transparent" align="center" width="94%">
<tr><td class='nobborder'><div class='ossim_error'><?php
echo ossim_get_error();
?>
</div></td></tr>
<tr>
<td class="nobborder" style="padding:10px 0;text-align:center">
<?php
$location = $userfriendly ? "/ossim/inventorysearch/userfriendly.php" : "/ossim/inventorysearch/inventory_search.php";
?>
<input type="button" value="Back" onclick="document.location.href='<?php
echo $location;
?>
'" class="button"/>
</td>
</tr>
</table>
<?php
exit;
}
}
//DataTables Pagination and search Params
$maxrows = POST('iDisplayLength') != '' ? POST('iDisplayLength') : 10;
$from = POST('iDisplayStart') != '' ? POST('iDisplayStart') : 0;
$order = POST('iSortCol_0') != '' ? POST('iSortCol_0') : '';
$torder = POST('sSortDir_0');
$sec = POST('sEcho');
$search = utf8_decode(POST('search'));
$torder = !strcasecmp($torder, 'asc') ? 0 : 1;
ossim_valid($maxrows, OSS_DIGIT, 'illegal: iDisplayLength');
ossim_valid($from, OSS_DIGIT, 'illegal: iDisplayStart');
ossim_valid($order, OSS_ALPHA, 'illegal: iSortCol_0');
ossim_valid($torder, OSS_DIGIT, 'illegal: sSortDir_0');
ossim_valid($sec, OSS_DIGIT, 'illegal: sEcho');
ossim_valid($search, OSS_NOECHARS, OSS_ALPHA, OSS_NET_NAME, OSS_NULLABLE, 'illegal: search');
if (ossim_error()) {
echo ossim_get_error();
$response['sEcho'] = intval($sec);
$response['iTotalRecords'] = 0;
$response['iTotalDisplayRecords'] = 0;
$response['aaData'] = array();
echo json_encode($response);
exit;
}
$filters = array();
$tables = '';
// Order by column
switch ($order) {
case 0:
$order = 'name';
break;
default:
function set_default_map($conn, $id)
{
ossim_valid($id, OSS_HEX, 'illegal:' . _('Map'));
if (ossim_error()) {
$info_error = "Error: " . ossim_get_error();
ossim_clean_error();
$return['error'] = TRUE;
$return['msg'] = $info_error;
return $return;
}
if (!is_map_editable($conn, $id)) {
$return['error'] = TRUE;
$return['msg'] = _("You do not have permission to edit this map");
return $return;
}
$login = Session::get_session_user();
$config = new User_config($conn);
$config->set($login, "riskmap", $id, 'simple', "main");
$return['error'] = FALSE;
$return['msg'] = _("Default map changed successfully");
return $return;
}
$err_msn = array('dir' => _('Directory/File monitored'), 'ign' => _('Directory/File ignored'), 'went' => _('Windows registry entry'), 'regi' => _('Registry ignore'));
$keys = array();
$indexes = array('dir' => 0, 'ign' => 0, 'went' => 0, 'regi' => 0);
foreach ($_POST as $k => $v) {
if ($v == '') {
continue;
}
foreach ($regex as $i => $r) {
if (preg_match("/{$r}/", $k, $match)) {
$indexes[$i] = $indexes[$i]++;
//Auto-remove '\' to avoid a syntax error
$v = preg_replace('/\\\\+$/', '', $v);
$keys[$i][$match[1]] = $v;
ossim_valid($v, OSS_ALPHA, OSS_PUNC_EXT, OSS_SLASH, OSS_NULLABLE, 'illegal:' . $err_msn[$i]);
if (ossim_error()) {
$info_error[] = ossim_get_error() . '. Input num. ' . $indexes[$i];
ossim_clean_error();
}
break;
}
}
}
if (!empty($info_error)) {
$data['status'] = 'error';
$data['data'] = implode('<br/>', $info_error);
echo json_encode($data);
exit;
}
if (is_array($keys['dir']) && !empty($keys['dir'])) {
foreach ($keys['dir'] as $k => $v) {
$node_sys .= '<directories';
function build_crumb($data)
{
Session::logcheck("dashboard-menu", "ControlPanelExecutiveEdit");
$type = $data['type'];
$step = $data['step'];
$titles = array();
$pro = Session::is_pro();
ossim_valid($type, OSS_DIGIT, 'illegal:' . _("Breadcrumb"));
ossim_valid($step, OSS_DIGIT, 'illegal:' . _("Step"));
if (ossim_error()) {
$info_error = "Error: " . ossim_get_error();
ossim_clean_error();
$return['error'] = TRUE;
$return['msg'] = $info_error;
return $return;
}
switch ($type) {
case 1:
$titles = array(1 => utf8_encode(_("Select Type")), 2 => utf8_encode(_("Select Category")), 4 => utf8_encode(_("Customize Widget")), 5 => utf8_encode(_("Save Widget")));
if ($pro) {
$titles[3] = utf8_encode(_("Select Assets"));
}
break;
case 2:
$titles = array(1 => utf8_encode(_("Select Type")), 2 => utf8_encode(_("Insert Rss URL")), 4 => utf8_encode(_("Customize Widget")), 5 => utf8_encode(_("Save Widget")));
break;
case 3:
$titles = array(1 => utf8_encode(_("Select Type")), 2 => utf8_encode(_("Insert Image URL")), 4 => utf8_encode(_("Customize Widget")), 5 => utf8_encode(_("Save Widget")));
break;
case 4:
$titles = array(1 => utf8_encode(_("Select Type")), 2 => utf8_encode(_("Select Report")), 4 => utf8_encode(_("Customize Widget")), 5 => utf8_encode(_("Save Widget")));
break;
case 5:
$titles = array(1 => utf8_encode(_("Select Type")), 2 => utf8_encode(_("Select OSSIM URL")), 4 => utf8_encode(_("Customize Widget")), 5 => utf8_encode(_("Save Widget")));
break;
case 6:
$titles = array(1 => utf8_encode(_("Select Type")), 4 => utf8_encode(_("Customize Widget")), 5 => utf8_encode(_("Save Widget")));
if ($pro) {
$titles[3] = utf8_encode(_("Select Assets"));
}
break;
case 7:
$titles = array(1 => utf8_encode(_("Select Type")), 4 => utf8_encode(_("Customize Widget")), 5 => utf8_encode(_("Save Widget")));
break;
}
$breadcrumb = "";
ksort($titles);
foreach ($titles as $i => $title) {
if ($i > $step) {
break;
}
if ($i == $step) {
$class = "class='current'";
$link = "#";
} else {
$class = "";
$link = "wizard.php?backbc=1&step={$i}";
}
$breadcrumb .= "<li id='step{$i}' {$class}>\n\t\t\t\t\t\t\t<a href='{$link}'>" . $title . "</a>\n\t\t\t\t\t\t</li>";
}
$return['error'] = FALSE;
$return['msg'] = $breadcrumb;
return $return;
}
$info_error = '<div>' . _('We Found the following errors') . ':</div><div style="padding:10px;">' . implode('<br/>', $validation_errors) . '</div>';
}
}
}
//Form actions
ossim_valid($ip, OSS_IP_ADDR, 'illegal:' . _('Ip Address'));
ossim_valid($sensor_id, OSS_HEX, 'illegal:' . _('Sensor'));
$db = new ossim_db();
$conn = $db->connect();
if (!ossim_error()) {
if (!Ossec_utilities::is_sensor_allowed($conn, $sensor_id)) {
ossim_set_error(_('Error! Sensor not allowed'));
}
}
if (ossim_error()) {
$critical_error = ossim_get_error();
ossim_clean_error();
} else {
$agentless = Ossec_agentless::get_object($conn, $sensor_id, $ip);
if (is_object($agentless) && !empty($agentless)) {
$ip = $agentless->get_ip();
$hostname = $agentless->get_hostname();
$user = $agentless->get_user();
$pass = Util::fake_pass($agentless->get_pass());
$passc = $pass;
$ppass = Util::fake_pass($agentless->get_ppass());
$use_su = $agentless->get_use_su();
$ppassc = $ppass;
$descr = $agentless->get_descr();
$sensor_name = Av_sensor::get_name_by_id($conn, $sensor_id);
$_SESSION['_al_new']['sensor'] = $sensor_id;
function delete_alarm($conn, $data)
{
$id = $data['id'];
//Validating ID before closing the alarm
ossim_valid($id, OSS_HEX, 'illegal:' . _("Backlog ID"));
if (ossim_error()) {
$info_error = "Error: " . ossim_get_error();
ossim_clean_error();
$return['error'] = TRUE;
$return['msg'] = $info_error;
return $return;
}
//Opening the alarm
Alarm::delete_backlog($conn, $id);
$return['error'] = FALSE;
$return['msg'] = _('Alarm deleted successfully');
return $return;
}
*
*
* On Debian GNU/Linux systems, the complete text of the GNU General
* Public License can be found in `/usr/share/common-licenses/GPL-2'.
*
* Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt
*
*/
require_once 'av_init.php';
Session::logcheck("configuration-menu", "Osvdb");
$user = $_SESSION["_user"];
$error = false;
$id_document = GET('id_document');
ossim_valid($id_document, OSS_DIGIT, 'illegal:' . _("Id_document"));
if (ossim_error()) {
$error_txt = ossim_get_error();
$error = true;
} else {
$db = new ossim_db();
$conn = $db->connect();
Repository::delete($conn, $id_document);
$db->close();
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title> <?php
echo gettext("OSSIM Framework");
?>
$s_data = array();
//Asset ID
$s_data['asset_id'] = $asset_id;
$s_data['nagios'] = $nagios;
$s_data['ip'] = $s_values['s_ip'];
$s_data['port'] = $s_values['s_port'];
$s_data['protocol'] = $s_values['s_protocol'];
$p_function = 'Asset_host_services::toggle_nagios';
//Validate service values
foreach ($validate as $v_key => $v_data) {
$parameters = $v_data['validation'];
array_unshift($parameters, $s_data[$v_key]);
array_push($parameters, $v_data['e_message']);
call_user_func_array('ossim_valid', $parameters);
if (ossim_error()) {
$exp_msg = ossim_get_error();
Av_exception::throw_error(Av_exception::USER_ERROR, $exp_msg);
}
}
//Update Nagios
$parameters = array();
$parameters = array_values($s_data);
//Adding BD connection
array_unshift($parameters, $conn);
call_user_func_array($p_function, $parameters);
} catch (Exception $e) {
$data['status'] = 'error';
}
}
}
if ($data['status'] == 'error') {
if (ossim_error()) {
$info_error[] = ossim_get_error();
$error = true;
}
$vuser = POST('user');
$ventity = POST('entity');
$title = POST('title');
$doctext = POST('doctext');
$keywords = POST('keywords');
if (isset($title) || isset($doctext)) {
ossim_valid($vuser, OSS_USER, OSS_NULLABLE, 'illegal:' . _("User"));
ossim_valid($ventity, OSS_HEX, OSS_NULLABLE, 'illegal:' . _("Entity"));
ossim_valid($title, OSS_TEXT, 'illegal:' . _("Tittle"));
ossim_valid($keywords, OSS_TEXT, OSS_NULLABLE, 'illegal:' . _("Keywords"));
if (ossim_error()) {
$info_error[] = ossim_get_error();
ossim_clean_error();
$error = true;
}
if ($doctext == "") {
$info_error[] = _("Error in the 'text' field (missing required field)");
$error = true;
}
if ($error == false) {
$parser = new KDB_Parser();
$parser->proccess_file($doctext, $id_document);
$info_error = $parser->is_valid();
if (count($info_error) > 0) {
$error = true;
}
}
$dates_list = GET("dates_list") != '' ? explode(',', GET("dates_list")) : array();
$nomerge = GET("nomerge") != "" ? GET("nomerge") : "merge";
// $_GET['merge'] is empty, always merge by default
$filter_by = GET('filter_by');
// Disable filter (Entity/User) to prevent framework error
// Note: remove filter_by parameter when the select boxes are removed from UI
$filter_by = '';
ossim_valid($action, "insert", "delete", "status", 'illegal:' . _("Action"));
ossim_valid($nomerge, OSS_ALPHA, OSS_NULLABLE, 'illegal:' . _("nomerge"));
ossim_valid($filter_by, OSS_NULLABLE, OSS_DIGIT, OSS_USER, 'illegal:' . _("filter_by"));
foreach ($dates_list as $_date) {
ossim_valid($_date, OSS_DIGIT, 'illegal:' . _("Date"));
}
if (ossim_error()) {
$response['status'] = 'error';
$response['message'] = ossim_get_error();
} else {
switch ($action) {
// Restore button
case 'insert':
if (Token::verify('tk_insert_events', GET('token')) == FALSE) {
$response['status'] = 'error';
$response['message'] = Token::create_error_message();
} elseif (count($dates_list) > 0) {
$launch_status = Backup::Insert($dates_list, $filter_by, $nomerge);
if ($launch_status > 0) {
$response['status'] = 'success';
$response['message'] = _('The backup process is inserting events...');
} else {
$response['status'] = 'error';
$response['message'] = _('Sorry, operation was not completed due to an error when restoring events');
}
$value = strtoupper($value);
} elseif ($attrib == "filename") {
ossim_valid($value, OSS_NULLABLE, OSS_ALPHA, OSS_SLASH, OSS_DIGIT, OSS_DOT, OSS_COLON, '\\!,', 'illegal:' . _("file name"));
} elseif ($attrib == "username") {
ossim_valid($value, OSS_NULLABLE, OSS_USER, OSS_PUNC_EXT, 'illegal:' . _("user name"));
} elseif ($attrib == "password") {
ossim_valid($value, OSS_NULLABLE, OSS_PASSWORD, 'illegal:' . _("password"));
} elseif (preg_match("/^userdata\\d+\$/", $attrib)) {
ossim_valid($value, OSS_NULLABLE, OSS_ALPHA, OSS_PUNC_EXT, 'illegal:' . _("userdata1"));
} else {
echo json_encode(array("error" => 1, "msg" => _("Attribute not found"), "current_value" => $current_value, "new_value" => $value));
exit;
}
if (ossim_error()) {
echo json_encode(array("error" => 1, "msg" => ossim_get_error(), "current_value" => $current_value, "new_value" => $value));
exit;
} elseif ($another_error != "") {
echo json_encode(array("error" => 1, "msg" => $another_error, "current_value" => $current_value, "new_value" => $value));
exit;
}
if ($directive_editor->save_rule_attrib($rule, $dir_id, $file, $attrib, $value)) {
if ($attrib == "password") {
$value = preg_replace("/./", "*", $value);
}
// Hide password field
if ($attrib == "timeout" && $value == "") {
$value = "None";
}
if ($attrib == "protocol" && $value == "") {
$value = "ANY";
function modify_device_host($conn, $data)
{
$id = $data['id'];
$type = $data['type'];
$subtype = $data['subtype'];
ossim_valid($id, OSS_HEX, 'illegal:' . _("Host ID"));
ossim_valid($type, OSS_DIGIT, OSS_NULLABLE, 'illegal:' . _("Device Type"));
ossim_valid($subtype, OSS_DIGIT, OSS_NULLABLE, 'illegal:' . _("Device Subtype"));
if (ossim_error()) {
$info_error = "Error: " . ossim_get_error();
ossim_clean_error();
$return['error'] = true;
$return['msg'] = $info_error;
return $return;
}
if (empty($type)) {
$sql = "DELETE FROM host_types WHERE host_id = UNHEX(?)";
$params = array($id);
} else {
$sql = "DELETE FROM host_types WHERE host_id = UNHEX(?)";
$params = array($id);
$conn->Execute($sql, $params);
$sql = "REPLACE INTO host_types (host_id, type, subtype) VALUES (UNHEX(?), ?, ?)";
$params = array($id, $type, $subtype);
}
if ($conn->Execute($sql, $params) === false) {
$return['error'] = true;
$return['msg'] = $conn->ErrorMsg();
} else {
Util::memcacheFlush(false);
$return['error'] = false;
$return['data'] = _('Device Property Modified Successfully');
}
return $return;
}
*
*
* On Debian GNU/Linux systems, the complete text of the GNU General
* Public License can be found in `/usr/share/common-licenses/GPL-2'.
*
* Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt
*
*/
//Config File
require_once dirname(__FILE__) . '/../../../../config.inc';
require_once 'data/sections/configuration/utilities.php';
session_write_close();
$system_id = POST('system_id');
ossim_valid($system_id, OSS_DIGIT, OSS_LETTER, '-', 'illegal:' . _('System ID'));
if (ossim_error()) {
$config_nt = array('content' => ossim_get_error(), 'options' => array('type' => 'nf_error', 'cancel_button' => FALSE), 'style' => 'margin: auto; width: 90%; text-align: center;');
$nt = new Notification('nt_1', $config_nt);
$nt->show();
exit;
}
/**************************************************************
***************** Sensor Configuraton Data *****************
***************************************************************/
$db = new ossim_db();
$conn = $db->connect();
$sensor_cnf = Av_center::get_sensor_configuration($system_id);
if ($sensor_cnf['status'] == 'error') {
$config_nt = array('content' => _('Error retrieving information. Please, try again'), 'options' => array('type' => 'nf_error', 'cancel_button' => FALSE), 'style' => 'margin: 100px auto; width: 550px; text-align: center;');
$nt = new Notification('nt_1', $config_nt);
$nt->show();
} else {
*
* On Debian GNU/Linux systems, the complete text of the GNU General
* Public License can be found in `/usr/share/common-licenses/GPL-2'.
*
* Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt
*
*/
//Config File
require_once dirname(__FILE__) . '/../../../config.inc';
session_write_close();
$system_id = POST('system_id');
$confirm = intval(POST('confirm'));
ossim_valid($system_id, OSS_UUID, 'illegal:' . _('System ID'));
if (ossim_error()) {
$data['status'] = 'error';
$data['data'] = ossim_get_error();
} else {
//Getting system status
$local_id = strtolower(Util::get_system_uuid());
try {
$db = new ossim_db();
$conn = $db->connect();
$ha_enabled = Av_center::is_ha_enabled($conn, $system_id);
$db->close();
} catch (Exception $e) {
$db->close();
$data['status'] = 'error';
$data['data'] = $e->getMessage();
echo json_encode($data);
}
$can_be_removed = $system_id != $local_id && $ha_enabled == FALSE ? TRUE : FALSE;
while ($myrow = $result->baseFetchRow()) {
if ($ids != "") {
$ids .= ",";
}
$ids .= $myrow[0];
}
if ($ids != "") {
$sql = "DELETE FROM sig_reference WHERE ref_id in ({$ids})";
$qs->ExecuteOutputQueryNoCanned($sql, $db_snort);
}
$sql = "DELETE FROM reference_system WHERE ref_system_id={$delete}";
$qs->ExecuteOutputQueryNoCanned($sql, $db_snort);
$sql = "DELETE FROM reference WHERE ref_system_id={$delete}";
$qs->ExecuteOutputQueryNoCanned($sql, $db_snort);
} else {
$error_msg = ossim_get_error();
ossim_clean_error();
}
}
$sql = "SELECT * FROM reference_system";
$result = $qs->ExecuteOutputQuery($sql, $db_snort);
$ref_types = array();
while ($myrow = $result->baseFetchRow()) {
$ref_types[] = $myrow;
}
?>
<!-- <?php
echo gettext("Forensics Console " . $BASE_installID) . $BASE_VERSION;
?>
-->
$asset = POST('asset');
$nat = POST('nat');
$sensors = isset($_POST['sboxs']) && !empty($_POST['sboxs']) ? Util::clean_array(POST('sboxs')) : array();
$nagios = POST('nagios');
$rrd_profile = POST('rrd_profile');
$threshold_a = POST('threshold_a');
$threshold_c = POST('threshold_c');
if (is_numeric($ips)) {
for ($i = 0; $i < $ips; $i++) {
$item_ip = "ip_{$i}";
${$item_ip} = POST($item_ip);
$num = $i + 1;
$hostname = "Host {$num}";
ossim_valid(${$item_ip}, OSS_IP_ADDR, OSS_NULLABLE, 'illegal:' . _($hostname));
if (ossim_error()) {
$message_error[] = ossim_get_error();
$error = true;
$invalid_hosts = true;
ossim_clean_error();
} else {
if (!empty(${$item_ip})) {
$num_hosts++;
}
}
}
}
$num_sensors = count($sensors);
$validate = array("ips" => array("validation" => "OSS_DIGIT", "e_message" => 'illegal:' . _("Hosts")), "groupname" => array("validation" => "OSS_SCORE, OSS_INPUT, OSS_NULLABLE", "e_message" => 'illegal:' . _("Group name")), "descr" => array("validation" => "OSS_TEXT, OSS_NULLABLE, OSS_AT", "e_message" => 'illegal:' . _("Description")), "asset" => array("validation" => "OSS_DIGIT", "e_message" => 'illegal:' . _("Asset")), "nat" => array("validation" => "OSS_NULLABLE, OSS_IP_ADDR", "e_message" => 'illegal:' . _("Nat")), "sboxs" => array("validation" => "OSS_SCORE, OSS_INPUT, OSS_AT", "e_message" => 'illegal:' . _("Sensors")), "rrd_profile" => array("validation" => "OSS_INPUT, OSS_NULLABLE", "e_message" => 'illegal:' . _("RRD Profile")), "threshold_a" => array("validation" => "OSS_DIGIT", "e_message" => 'illegal:' . _("Threshold A")), "threshold_c" => array("validation" => "OSS_DIGIT", "e_message" => 'illegal:' . _("Threshold C")), "nagios" => array("validation" => "OSS_NULLABLE, OSS_DIGIT", "e_message" => 'illegal:' . _("Nagios")));
if (GET('ajax_validation') == true) {
$validation_errors = validate_form_fields('GET', $validate);
if ($validation_errors == 1) {
//Config File
require_once 'av_init.php';
Session::logcheck_ajax('environment-menu', 'PolicyHosts');
$asset_type = POST('asset_type');
$token = POST('token');
$action = POST('action');
// Validate Form token
if (Token::verify('tk_toggle_monitoring', POST('token')) == FALSE) {
$error = Token::create_error_message();
Util::response_bad_request($error);
}
session_write_close();
ossim_valid($asset_type, OSS_LETTER, 'illegal: ' . _('Asset Type'));
ossim_valid($action, 'enable', 'disable', 'illegal: ' . _('Action'));
if (ossim_error()) {
$error = ossim_get_error();
Util::response_bad_request($error);
}
/* connect to db */
$db = new ossim_db(TRUE);
$conn = $db->connect();
$data = array();
try {
$_class_name = $asset_type == 'group' ? 'Asset_group_scan' : 'Asset_host_scan';
if ($action == 'enable') {
$success = $_class_name::bulk_enable_monitoring($conn);
} else {
$success = $_class_name::bulk_disable_monitoring($conn);
}
if ($success == FALSE) {
if ($action == 'enable') {
function change_disable_option($data)
{
$panel = $data['panel'];
$user = $data['user'];
ossim_valid($panel, OSS_DIGIT, 'illegal:' . _("Tab"));
ossim_valid($user, OSS_USER, 'illegal:' . _("User"));
if (ossim_error()) {
$info_error = "Error: " . ossim_get_error();
ossim_clean_error();
$return['error'] = TRUE;
$return['msg'] = $info_error;
return $return;
}
if (!get_user_valid($user)) {
$return['error'] = TRUE;
$return['msg'] = _('You do not have permission to modify this tab');
return $return;
}
try {
$tab = new Dashboard_tab($panel, $user);
$tab->set_visible(1 - intval($tab->is_visible()));
$tab->save_db();
} catch (Exception $e) {
$return['error'] = TRUE;
$return['msg'] = $e->getMessage();
return $return;
}
$return['error'] = FALSE;
$return['msg'] = _("Visibility Option Changed Successfully");
return $return;
}
* <------------------------ END OF THE FUNCTIONS ------------------------>
*
*/
/*
*
* <------------------------- BODY OF THE SCRIPT ------------------------->
*
*/
$action = POST("action");
//Action to perform.
$data = POST("data");
//Data related to the action.
ossim_valid($action, OSS_INPUT, 'illegal:' . _("Action"));
if (ossim_error()) {
$response['error'] = TRUE;
$response['msg'] = ossim_get_error();
ossim_clean_error();
echo json_encode($response);
die;
}
//Default values for the response.
$response['error'] = TRUE;
$response['msg'] = _('Error when processing the request');
//checking if it is an ajax request
if (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest') {
//Checking token
if (!Token::verify('tk_welcome_wizard', GET('token'))) {
$response['error'] = TRUE;
$response['msg'] = _('Invalid Action');
} else {
//Getting the object with the filters. Unserialize needed.
function schedule_scan($conn, $wizard, $data)
{
$step = intval($wizard->get_step_data('scan_step'));
$nets = $wizard->get_step_data('scan_nets');
if ($step != 3 || count($nets) < 1) {
$response['error'] = TRUE;
$response['msg'] = _('Asset Scan not valid to schedule');
return $response;
}
$sched = $data['sch_opt'];
ossim_valid($sched, OSS_DIGIT, 'illegal:' . _("Schedule Option"));
if (ossim_error()) {
$response['error'] = TRUE;
$response['msg'] = ossim_get_error();
ossim_clean_error();
$wizard->set_step_data('scan_nets', -1);
return $response;
}
if ($sched == 1) {
$period = 86400;
} elseif ($sched == 2) {
$period = 604800;
} else {
$period = 2419200;
}
$sensor_id = Av_sensor::get_default_sensor($conn);
$name = _('Default_wizard_scan');
$type = 5;
$targets = array();
foreach ($nets as $cidrs) {
$cidrs = explode(' ', $cidrs);
foreach ($cidrs as $cidr) {
$targets[$cidr] = $cidr;
}
}
$targets = implode(' ', $targets);
$params = $targets . '#-T3 -A -sS -F';
Inventory::insert($conn, $sensor_id, $name, $type, $period, $params, $targets);
$response['error'] = FALSE;
$response['data'] = array();
return $response;
}
