示例#1
0
function delete_nfsen_source($data)
{
    if (!Session::am_i_admin()) {
        $return['error'] = TRUE;
        $return['msg'] = _('Action not authorized');
        return $return;
    }
    require_once '../sensor/nfsen_functions.php';
    $sensor = $data['sensor'];
    ossim_valid($sensor, OSS_ALPHA, 'illegal:' . _('Nfsen Source'));
    if (ossim_error()) {
        $info_error = _('Error') . ': ' . ossim_get_error();
        ossim_clean_error();
        $return['error'] = TRUE;
        $return['msg'] = $info_error;
        return $return;
    }
    $res = delete_nfsen($sensor);
    if ($res['status'] == 'success') {
        $return['error'] = FALSE;
        $return['msg'] = _('Source deleted successfully');
        //To forcer load variables in session again
        unset($_SESSION['tab']);
    } else {
        $return['error'] = TRUE;
        $return['msg'] = $res['data'];
    }
    return $return;
}
示例#2
0
function check_ossim_error()
{
    if (ossim_error()) {
        $error = ossim_get_error();
        ossim_clean_error();
        Av_exception::throw_error(Av_exception::USER_ERROR, $error);
    }
}
示例#3
0
function check_ossim_error($throw_excep = TRUE)
{
    if (ossim_error()) {
        $error = ossim_get_error();
        ossim_clean_error();
        if ($throw_excep) {
            Av_exception::throw_error(Av_exception::USER_ERROR, $error);
        } else {
            Util::response_bad_request($error);
        }
    }
}
示例#4
0
function modify_plugingroup_plugin($conn, $data)
{
    $plugin_group = $data['plugin_group'];
    $plugin_id = $data['plugin_id'];
    $sids_str = $data['plugin_sids'];
    ossim_valid($plugin_id, OSS_DIGIT, 'illegal:' . _("Plugin ID"));
    ossim_valid($plugin_group, OSS_HEX, 'illegal:' . _("Plugin GroupID"));
    if (ossim_error()) {
        $info_error = "Error: " . ossim_get_error();
        ossim_clean_error();
        $return['error'] = true;
        $return['msg'] = $info_error;
        return $return;
    }
    $total_sel = 1;
    if (is_array($sids_str)) {
        $total_sel = count($sids_str);
        $sids_str = implode(',', $sids_str);
    }
    if ($sids_str !== '') {
        list($valid, $data) = Plugin_sid::validate_sids_str($sids_str);
        if (!$valid) {
            $return['error'] = true;
            $return['msg'] = _("Error for data source ") . $plugin_id . ': ' . $data;
            return $return;
        }
        if ($sids_str == "ANY") {
            $sids_str = "0";
        } else {
            $total = Plugin_sid::get_sidscount_by_id($conn, $plugin_id);
            $sids_str = $total_sel == $total ? "0" : $sids_str;
        }
        Plugin_group::edit_plugin($conn, $plugin_group, $plugin_id, $sids_str);
    }
    $return['error'] = false;
    $return['output'] = '';
    return $return;
}
示例#5
0
function modify_deploy_hosts($wizard, $data)
{
    $os = $data['os'];
    $hosts = $data['hosts'];
    $username = $data['username'];
    $password = $data['password'];
    $domain = $data['domain'];
    ossim_valid($os, "windows|linux", 'illegal:' . _('Deploy Option'));
    ossim_valid($hosts, OSS_HEX, 'illegal:' . _('Host'));
    ossim_valid($username, OSS_USER_2, 'illegal:' . _('Username'));
    ossim_valid($password, OSS_PASSWORD, 'illegal:' . _('Password'));
    ossim_valid($domain, OSS_NOECHARS, OSS_ALPHA, OSS_PUNC_EXT, OSS_NULLABLE, 'illegal:' . _('Domain'));
    if (ossim_error()) {
        $response['error'] = TRUE;
        $response['msg'] = ossim_get_error();
        ossim_clean_error();
        return $response;
    }
    $domain = $os == 'windows' ? $domain : '';
    //Encrypting password to save it in the object
    $pass_c = Util::encrypt($password, Util::get_system_uuid());
    //First we clean the deploy info stored in the object
    $wizard->clean_step_data();
    //Saving the info to achieve the deploy
    $wizard->set_step_data('deploy_os', $os);
    $wizard->set_step_data('deploy_username', $username);
    $wizard->set_step_data('deploy_password', $pass_c);
    $wizard->set_step_data('deploy_domain', $domain);
    $wizard->set_step_data('deploy_hosts', $hosts);
    //Setting the deploy step to 1 (Inicialized)
    $wizard->set_step_data('deploy_step', 1);
    //Saving wizard status
    $wizard->save_status();
    $response['error'] = FALSE;
    return $response;
}
示例#6
0
            $info_error = '<div>' . _('We Found the following errors') . ':</div><div style="padding:10px;">' . implode('<br/>', $validation_errors) . '</div>';
        }
    }
}
//Form actions
if (empty($step)) {
    unset($_SESSION['_al_new']);
    $sensor_id = GET('sensor');
    ossim_valid($sensor_id, OSS_HEX, 'illegal:' . _('Sensor'));
    if (!ossim_error()) {
        if (!Ossec_utilities::is_sensor_allowed($conn, $sensor_id)) {
            ossim_set_error(_('Error! Sensor not allowed'));
        }
    }
    if (ossim_error()) {
        $info_error = ossim_get_error();
    } else {
        $sensor_name = Av_sensor::get_name_by_id($conn, $sensor_id);
        $_SESSION['_al_new']['sensor'] = $sensor_id;
        $_SESSION['_al_new']['sensor_name'] = $sensor_name;
    }
} elseif ($step == 1 || $step == 2 && !empty($back)) {
    $hostname = $_SESSION['_al_new']['hostname'] = POST('hostname');
    $ip = $_SESSION['_al_new']['ip'] = POST('ip');
    $user = $_SESSION['_al_new']['user'] = POST('user');
    $pass = $_SESSION['_al_new']['pass'] = POST('pass');
    $passc = $_SESSION['_al_new']['passc'] = POST('passc');
    $ppass = $_SESSION['_al_new']['ppass'] = POST('ppass');
    $ppassc = $_SESSION['_al_new']['ppassc'] = POST('ppassc');
    $use_su = $_SESSION['_al_new']['use_su'] = intval(POST('use_su'));
    $descr = $_SESSION['_al_new']['descr'] = POST('descr');
示例#7
0
* Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt
*
*/
require_once 'av_init.php';
require_once '../deploy_common.php';
//Checking perms
check_deploy_perms();
/* connect to db */
$db = new ossim_db(TRUE);
$conn = $db->connect();
$type = GET('type');
$id = GET('id');
ossim_valid($id, OSS_HEX, 'illegal:' . _("Network ID"));
ossim_valid($type, "network", "server", 'illegal:' . _("Asset Type"));
if (ossim_error()) {
    $error_msg = "Error: " . ossim_get_error();
    $error = true;
    ossim_clean_error();
}
$type = $type == 'server' ? 1 : 4;
$sql = "SELECT distinct HEX(h.id) as id, h.hostname, MAX(DATE(ac.timestamp)) as log\n\t\t\t\tFROM alienvault.host_types t, alienvault.host_net_reference hn, alienvault.host h  \n\t\t\t\tLEFT JOIN alienvault_siem.ac_acid_event ac ON ac.src_host = h.id\n\t\t\t\tWHERE h.id=hn.host_id AND h.id=t.host_id AND t.type=? AND hn.net_id=UNHEX(?)\n\t\t\t\tGROUP BY h.id\n\t\t\t\t";
$params = array($type, $id);
$asset_list = array();
if ($rs = $conn->Execute($sql, $params)) {
    while (!$rs->EOF) {
        try {
            $ips = Asset_host_ips::get_ips_to_string($conn, $rs->fields['id']);
        } catch (Exception $e) {
            $ips = '';
        }
        $asset_list[] = array('id' => $rs->fields['id'], 'name' => $rs->fields["hostname"], 'ip' => $ips, 'log' => $rs->fields["log"]);
function insert_link($conn, $data)
{
    $new_linkname = $data['link'];
    $id_document = $data['id'];
    $link_type = $data['type'];
    ossim_valid($link_type, OSS_INPUT, 'Illegal:' . _('Link Type'));
    ossim_valid($id_document, OSS_DIGIT, 'Illegal:' . _('Document ID'));
    switch ($link_type) {
        case 'directive':
            ossim_valid($new_linkname, OSS_DIGIT, 'illegal:' . _('Directive'));
            break;
        case 'incident':
            ossim_valid($new_linkname, OSS_DIGIT, 'illegal:' . _('Incident ID'));
            break;
        case 'plugin_sid':
            $plugin = explode('##', $new_linkname);
            ossim_valid($plugin[0], OSS_DIGIT, 'illegal:' . _('Plugin SID'));
            ossim_valid($plugin[1], OSS_DIGIT, 'illegal:' . _('Plugin ID'));
            break;
        case 'host':
        case 'host_group':
        case 'net':
        case 'net_group':
            ossim_valid($new_linkname, OSS_HEX, 'illegal:' . _('Asset ID'));
            break;
        case 'taxonomy':
            $tax = explode('##', $new_linkname);
            ossim_valid($tax[0], OSS_DIGIT, 'illegal:' . _('Product Type'));
            ossim_valid($tax[1], OSS_DIGIT, 'illegal:' . _('Category'));
            ossim_valid($tax[2], OSS_DIGIT, 'illegal:' . _('Subcategory'));
            break;
        default:
            $return['error'] = TRUE;
            $return['msg'] = _('Invalid Link Type');
            return $return;
    }
    if (ossim_error()) {
        $info_error = _('Error') . ': ' . ossim_get_error();
        ossim_clean_error();
        $return['error'] = TRUE;
        $return['msg'] = $info_error;
        return $return;
    }
    $result = Repository::insert_relationships($conn, $id_document, $link_type, $new_linkname);
    if (!empty($result)) {
        $return['error'] = TRUE;
        $return['msg'] = $result;
        return $return;
    }
    if ($link_type == 'plugin_sid') {
        $result = Repository::insert_snort_references($conn, $id_document, $plugin[1], $plugin[0]);
        if (!empty($result)) {
            $return['error'] = TRUE;
            $return['msg'] = $result;
            return $return;
        }
    }
    $info_item['key'] = $new_linkname;
    $info_item['id'] = $id_document;
    $info_item['type'] = $link_type;
    $item_html = build_item_list($conn, $info_item);
    $return['error'] = FALSE;
    $return['data'] = $item_html;
    $return['msg'] = _('Link inserted successfully');
    return $return;
}
示例#9
0
        $res['data'] = md5($cidr);
    }
    echo json_encode($res);
    exit;
} elseif ($action == 'check_server') {
    $new_server = POST('new_server');
    $old_server = POST('old_server');
    $priority = POST('priority');
    ossim_valid($new_server, OSS_IP_ADDR, 'illegal:' . _('IP Address'));
    ossim_valid($priority, '0,1,2,3,4,5', 'illegal:' . _('Priority'));
    if (!empty($old_server)) {
        ossim_valid($old_server, OSS_IP_ADDR, 'illegal:' . _('IP Address'));
    }
    if (ossim_error()) {
        $res['status'] = 'error';
        $res['data'] = ossim_get_error();
        echo json_encode($res);
        exit;
    }
    session_start();
    $cnf_data = $_SESSION['sensor_cnf'];
    $server_ip = $cnf_data['server_ip']['value'];
    session_write_close();
    //Update master server
    if (!empty($old_server) && $old_server == $server_ip) {
        $res['status'] = 'success';
        $res['data']['id'] = md5($new_server);
        $res['data']['server_type'] = _('Server, Inventory');
        $res['data']['is_master'] = TRUE;
    } else {
        $res['status'] = 'success';
示例#10
0
function check_security($value, $match, $value2 = NULL, $userfriendly = false)
{
    require_once "classes/Security.inc";
    switch ($match) {
        case "text":
            ossim_valid($value, OSS_SPACE, OSS_ALPHA, OSS_SCORE, OSS_SLASH, OSS_DOT, 'illegal:' . _("{$match} value"));
            break;
        case "ip":
            // "LIKE" patch
            if (preg_match("/^\\d+\\.\\d+\\.\\d+\$/", $value)) {
                $value .= ".0";
            } elseif (preg_match("/^\\d+\\.\\d+\$/", $value)) {
                $value .= ".0.0";
            } elseif (preg_match("/^\\d+\$/", $value)) {
                $value .= ".0.0.0";
            }
            ossim_valid($value, OSS_IP_ADDR, 'illegal:' . _("{$match} value"));
            break;
        case "network":
            ossim_valid($value, OSS_IP_CIDR, 'illegal:' . _("{$match} value"));
            break;
        case "number":
            ossim_valid($value, OSS_DIGIT, 'illegal:' . _("{$match} value"));
            break;
        case "fixed":
            ossim_valid($value, OSS_SPACE, OSS_ALPHA, OSS_SCORE, OSS_SLASH, OSS_DOT, 'illegal:' . _("{$match} value"));
            //ossim_valid($value, OSS_ALPHA, OSS_SCORE, OSS_SLASH, 'illegal:' . _("$match value"));
            break;
        case "concat":
            ossim_valid($value, OSS_ALPHA, '-', 'illegal:' . _("{$match} value"));
            break;
        case "fixedText":
            ossim_valid($value2, OSS_SPACE, OSS_ALPHA, OSS_SCORE, OSS_SLASH, 'illegal:' . _("{$match} value"));
            ossim_valid($value, OSS_ALPHA, OSS_SCORE, OSS_SLASH, 'illegal:' . _("{$match} value"));
            break;
    }
    if (ossim_error()) {
        ?>
		<table class="noborder transparent" align="center" width="94%">
			<tr><td class='nobborder'><div class='ossim_error'><?php 
        echo ossim_get_error();
        ?>
</div></td></tr>
			<tr>
				<td class="nobborder" style="padding:10px 0;text-align:center">
					<?php 
        $location = $userfriendly ? "/ossim/inventorysearch/userfriendly.php" : "/ossim/inventorysearch/inventory_search.php";
        ?>
					<input type="button" value="Back" onclick="document.location.href='<?php 
        echo $location;
        ?>
'" class="button"/>
				</td>
			</tr>
		</table>
	<?php 
        exit;
    }
}
//DataTables Pagination and search Params
$maxrows = POST('iDisplayLength') != '' ? POST('iDisplayLength') : 10;
$from = POST('iDisplayStart') != '' ? POST('iDisplayStart') : 0;
$order = POST('iSortCol_0') != '' ? POST('iSortCol_0') : '';
$torder = POST('sSortDir_0');
$sec = POST('sEcho');
$search = utf8_decode(POST('search'));
$torder = !strcasecmp($torder, 'asc') ? 0 : 1;
ossim_valid($maxrows, OSS_DIGIT, 'illegal: iDisplayLength');
ossim_valid($from, OSS_DIGIT, 'illegal: iDisplayStart');
ossim_valid($order, OSS_ALPHA, 'illegal: iSortCol_0');
ossim_valid($torder, OSS_DIGIT, 'illegal: sSortDir_0');
ossim_valid($sec, OSS_DIGIT, 'illegal: sEcho');
ossim_valid($search, OSS_NOECHARS, OSS_ALPHA, OSS_NET_NAME, OSS_NULLABLE, 'illegal: search');
if (ossim_error()) {
    echo ossim_get_error();
    $response['sEcho'] = intval($sec);
    $response['iTotalRecords'] = 0;
    $response['iTotalDisplayRecords'] = 0;
    $response['aaData'] = array();
    echo json_encode($response);
    exit;
}
$filters = array();
$tables = '';
// Order by column
switch ($order) {
    case 0:
        $order = 'name';
        break;
    default:
示例#12
0
function set_default_map($conn, $id)
{
    ossim_valid($id, OSS_HEX, 'illegal:' . _('Map'));
    if (ossim_error()) {
        $info_error = "Error: " . ossim_get_error();
        ossim_clean_error();
        $return['error'] = TRUE;
        $return['msg'] = $info_error;
        return $return;
    }
    if (!is_map_editable($conn, $id)) {
        $return['error'] = TRUE;
        $return['msg'] = _("You do not have permission to edit this map");
        return $return;
    }
    $login = Session::get_session_user();
    $config = new User_config($conn);
    $config->set($login, "riskmap", $id, 'simple', "main");
    $return['error'] = FALSE;
    $return['msg'] = _("Default map changed successfully");
    return $return;
}
示例#13
0
 $err_msn = array('dir' => _('Directory/File monitored'), 'ign' => _('Directory/File ignored'), 'went' => _('Windows registry entry'), 'regi' => _('Registry ignore'));
 $keys = array();
 $indexes = array('dir' => 0, 'ign' => 0, 'went' => 0, 'regi' => 0);
 foreach ($_POST as $k => $v) {
     if ($v == '') {
         continue;
     }
     foreach ($regex as $i => $r) {
         if (preg_match("/{$r}/", $k, $match)) {
             $indexes[$i] = $indexes[$i]++;
             //Auto-remove '\' to avoid a syntax error
             $v = preg_replace('/\\\\+$/', '', $v);
             $keys[$i][$match[1]] = $v;
             ossim_valid($v, OSS_ALPHA, OSS_PUNC_EXT, OSS_SLASH, OSS_NULLABLE, 'illegal:' . $err_msn[$i]);
             if (ossim_error()) {
                 $info_error[] = ossim_get_error() . '. Input num. ' . $indexes[$i];
                 ossim_clean_error();
             }
             break;
         }
     }
 }
 if (!empty($info_error)) {
     $data['status'] = 'error';
     $data['data'] = implode('<br/>', $info_error);
     echo json_encode($data);
     exit;
 }
 if (is_array($keys['dir']) && !empty($keys['dir'])) {
     foreach ($keys['dir'] as $k => $v) {
         $node_sys .= '<directories';
示例#14
0
function build_crumb($data)
{
    Session::logcheck("dashboard-menu", "ControlPanelExecutiveEdit");
    $type = $data['type'];
    $step = $data['step'];
    $titles = array();
    $pro = Session::is_pro();
    ossim_valid($type, OSS_DIGIT, 'illegal:' . _("Breadcrumb"));
    ossim_valid($step, OSS_DIGIT, 'illegal:' . _("Step"));
    if (ossim_error()) {
        $info_error = "Error: " . ossim_get_error();
        ossim_clean_error();
        $return['error'] = TRUE;
        $return['msg'] = $info_error;
        return $return;
    }
    switch ($type) {
        case 1:
            $titles = array(1 => utf8_encode(_("Select Type")), 2 => utf8_encode(_("Select Category")), 4 => utf8_encode(_("Customize Widget")), 5 => utf8_encode(_("Save Widget")));
            if ($pro) {
                $titles[3] = utf8_encode(_("Select Assets"));
            }
            break;
        case 2:
            $titles = array(1 => utf8_encode(_("Select Type")), 2 => utf8_encode(_("Insert Rss URL")), 4 => utf8_encode(_("Customize Widget")), 5 => utf8_encode(_("Save Widget")));
            break;
        case 3:
            $titles = array(1 => utf8_encode(_("Select Type")), 2 => utf8_encode(_("Insert Image URL")), 4 => utf8_encode(_("Customize Widget")), 5 => utf8_encode(_("Save Widget")));
            break;
        case 4:
            $titles = array(1 => utf8_encode(_("Select Type")), 2 => utf8_encode(_("Select Report")), 4 => utf8_encode(_("Customize Widget")), 5 => utf8_encode(_("Save Widget")));
            break;
        case 5:
            $titles = array(1 => utf8_encode(_("Select Type")), 2 => utf8_encode(_("Select OSSIM URL")), 4 => utf8_encode(_("Customize Widget")), 5 => utf8_encode(_("Save Widget")));
            break;
        case 6:
            $titles = array(1 => utf8_encode(_("Select Type")), 4 => utf8_encode(_("Customize Widget")), 5 => utf8_encode(_("Save Widget")));
            if ($pro) {
                $titles[3] = utf8_encode(_("Select Assets"));
            }
            break;
        case 7:
            $titles = array(1 => utf8_encode(_("Select Type")), 4 => utf8_encode(_("Customize Widget")), 5 => utf8_encode(_("Save Widget")));
            break;
    }
    $breadcrumb = "";
    ksort($titles);
    foreach ($titles as $i => $title) {
        if ($i > $step) {
            break;
        }
        if ($i == $step) {
            $class = "class='current'";
            $link = "#";
        } else {
            $class = "";
            $link = "wizard.php?backbc=1&step={$i}";
        }
        $breadcrumb .= "<li id='step{$i}' {$class}>\n\t\t\t\t\t\t\t<a href='{$link}'>" . $title . "</a>\n\t\t\t\t\t\t</li>";
    }
    $return['error'] = FALSE;
    $return['msg'] = $breadcrumb;
    return $return;
}
示例#15
0
            $info_error = '<div>' . _('We Found the following errors') . ':</div><div style="padding:10px;">' . implode('<br/>', $validation_errors) . '</div>';
        }
    }
}
//Form actions
ossim_valid($ip, OSS_IP_ADDR, 'illegal:' . _('Ip Address'));
ossim_valid($sensor_id, OSS_HEX, 'illegal:' . _('Sensor'));
$db = new ossim_db();
$conn = $db->connect();
if (!ossim_error()) {
    if (!Ossec_utilities::is_sensor_allowed($conn, $sensor_id)) {
        ossim_set_error(_('Error! Sensor not allowed'));
    }
}
if (ossim_error()) {
    $critical_error = ossim_get_error();
    ossim_clean_error();
} else {
    $agentless = Ossec_agentless::get_object($conn, $sensor_id, $ip);
    if (is_object($agentless) && !empty($agentless)) {
        $ip = $agentless->get_ip();
        $hostname = $agentless->get_hostname();
        $user = $agentless->get_user();
        $pass = Util::fake_pass($agentless->get_pass());
        $passc = $pass;
        $ppass = Util::fake_pass($agentless->get_ppass());
        $use_su = $agentless->get_use_su();
        $ppassc = $ppass;
        $descr = $agentless->get_descr();
        $sensor_name = Av_sensor::get_name_by_id($conn, $sensor_id);
        $_SESSION['_al_new']['sensor'] = $sensor_id;
示例#16
0
function delete_alarm($conn, $data)
{
    $id = $data['id'];
    //Validating ID before closing the alarm
    ossim_valid($id, OSS_HEX, 'illegal:' . _("Backlog ID"));
    if (ossim_error()) {
        $info_error = "Error: " . ossim_get_error();
        ossim_clean_error();
        $return['error'] = TRUE;
        $return['msg'] = $info_error;
        return $return;
    }
    //Opening the alarm
    Alarm::delete_backlog($conn, $id);
    $return['error'] = FALSE;
    $return['msg'] = _('Alarm deleted successfully');
    return $return;
}
示例#17
0
*
*
* On Debian GNU/Linux systems, the complete text of the GNU General
* Public License can be found in `/usr/share/common-licenses/GPL-2'.
*
* Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt
*
*/
require_once 'av_init.php';
Session::logcheck("configuration-menu", "Osvdb");
$user = $_SESSION["_user"];
$error = false;
$id_document = GET('id_document');
ossim_valid($id_document, OSS_DIGIT, 'illegal:' . _("Id_document"));
if (ossim_error()) {
    $error_txt = ossim_get_error();
    $error = true;
} else {
    $db = new ossim_db();
    $conn = $db->connect();
    Repository::delete($conn, $id_document);
    $db->close();
}
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
	<title> <?php 
echo gettext("OSSIM Framework");
?>
示例#18
0
             $s_data = array();
             //Asset ID
             $s_data['asset_id'] = $asset_id;
             $s_data['nagios'] = $nagios;
             $s_data['ip'] = $s_values['s_ip'];
             $s_data['port'] = $s_values['s_port'];
             $s_data['protocol'] = $s_values['s_protocol'];
             $p_function = 'Asset_host_services::toggle_nagios';
             //Validate service values
             foreach ($validate as $v_key => $v_data) {
                 $parameters = $v_data['validation'];
                 array_unshift($parameters, $s_data[$v_key]);
                 array_push($parameters, $v_data['e_message']);
                 call_user_func_array('ossim_valid', $parameters);
                 if (ossim_error()) {
                     $exp_msg = ossim_get_error();
                     Av_exception::throw_error(Av_exception::USER_ERROR, $exp_msg);
                 }
             }
             //Update Nagios
             $parameters = array();
             $parameters = array_values($s_data);
             //Adding BD connection
             array_unshift($parameters, $conn);
             call_user_func_array($p_function, $parameters);
         } catch (Exception $e) {
             $data['status'] = 'error';
         }
     }
 }
 if ($data['status'] == 'error') {
if (ossim_error()) {
    $info_error[] = ossim_get_error();
    $error = true;
}
$vuser = POST('user');
$ventity = POST('entity');
$title = POST('title');
$doctext = POST('doctext');
$keywords = POST('keywords');
if (isset($title) || isset($doctext)) {
    ossim_valid($vuser, OSS_USER, OSS_NULLABLE, 'illegal:' . _("User"));
    ossim_valid($ventity, OSS_HEX, OSS_NULLABLE, 'illegal:' . _("Entity"));
    ossim_valid($title, OSS_TEXT, 'illegal:' . _("Tittle"));
    ossim_valid($keywords, OSS_TEXT, OSS_NULLABLE, 'illegal:' . _("Keywords"));
    if (ossim_error()) {
        $info_error[] = ossim_get_error();
        ossim_clean_error();
        $error = true;
    }
    if ($doctext == "") {
        $info_error[] = _("Error in the 'text' field (missing required field)");
        $error = true;
    }
    if ($error == false) {
        $parser = new KDB_Parser();
        $parser->proccess_file($doctext, $id_document);
        $info_error = $parser->is_valid();
        if (count($info_error) > 0) {
            $error = true;
        }
    }
示例#20
0
$dates_list = GET("dates_list") != '' ? explode(',', GET("dates_list")) : array();
$nomerge = GET("nomerge") != "" ? GET("nomerge") : "merge";
// $_GET['merge'] is empty, always merge by default
$filter_by = GET('filter_by');
// Disable filter (Entity/User) to prevent framework error
// Note: remove filter_by parameter when the select boxes are removed from UI
$filter_by = '';
ossim_valid($action, "insert", "delete", "status", 'illegal:' . _("Action"));
ossim_valid($nomerge, OSS_ALPHA, OSS_NULLABLE, 'illegal:' . _("nomerge"));
ossim_valid($filter_by, OSS_NULLABLE, OSS_DIGIT, OSS_USER, 'illegal:' . _("filter_by"));
foreach ($dates_list as $_date) {
    ossim_valid($_date, OSS_DIGIT, 'illegal:' . _("Date"));
}
if (ossim_error()) {
    $response['status'] = 'error';
    $response['message'] = ossim_get_error();
} else {
    switch ($action) {
        // Restore button
        case 'insert':
            if (Token::verify('tk_insert_events', GET('token')) == FALSE) {
                $response['status'] = 'error';
                $response['message'] = Token::create_error_message();
            } elseif (count($dates_list) > 0) {
                $launch_status = Backup::Insert($dates_list, $filter_by, $nomerge);
                if ($launch_status > 0) {
                    $response['status'] = 'success';
                    $response['message'] = _('The backup process is inserting events...');
                } else {
                    $response['status'] = 'error';
                    $response['message'] = _('Sorry, operation was not completed due to an error when restoring events');
示例#21
0
    }
    $value = strtoupper($value);
} elseif ($attrib == "filename") {
    ossim_valid($value, OSS_NULLABLE, OSS_ALPHA, OSS_SLASH, OSS_DIGIT, OSS_DOT, OSS_COLON, '\\!,', 'illegal:' . _("file name"));
} elseif ($attrib == "username") {
    ossim_valid($value, OSS_NULLABLE, OSS_USER, OSS_PUNC_EXT, 'illegal:' . _("user name"));
} elseif ($attrib == "password") {
    ossim_valid($value, OSS_NULLABLE, OSS_PASSWORD, 'illegal:' . _("password"));
} elseif (preg_match("/^userdata\\d+\$/", $attrib)) {
    ossim_valid($value, OSS_NULLABLE, OSS_ALPHA, OSS_PUNC_EXT, 'illegal:' . _("userdata1"));
} else {
    echo json_encode(array("error" => 1, "msg" => _("Attribute not found"), "current_value" => $current_value, "new_value" => $value));
    exit;
}
if (ossim_error()) {
    echo json_encode(array("error" => 1, "msg" => ossim_get_error(), "current_value" => $current_value, "new_value" => $value));
    exit;
} elseif ($another_error != "") {
    echo json_encode(array("error" => 1, "msg" => $another_error, "current_value" => $current_value, "new_value" => $value));
    exit;
}
if ($directive_editor->save_rule_attrib($rule, $dir_id, $file, $attrib, $value)) {
    if ($attrib == "password") {
        $value = preg_replace("/./", "*", $value);
    }
    // Hide password field
    if ($attrib == "timeout" && $value == "") {
        $value = "None";
    }
    if ($attrib == "protocol" && $value == "") {
        $value = "ANY";
示例#22
0
function modify_device_host($conn, $data)
{
    $id = $data['id'];
    $type = $data['type'];
    $subtype = $data['subtype'];
    ossim_valid($id, OSS_HEX, 'illegal:' . _("Host ID"));
    ossim_valid($type, OSS_DIGIT, OSS_NULLABLE, 'illegal:' . _("Device Type"));
    ossim_valid($subtype, OSS_DIGIT, OSS_NULLABLE, 'illegal:' . _("Device Subtype"));
    if (ossim_error()) {
        $info_error = "Error: " . ossim_get_error();
        ossim_clean_error();
        $return['error'] = true;
        $return['msg'] = $info_error;
        return $return;
    }
    if (empty($type)) {
        $sql = "DELETE FROM host_types WHERE host_id = UNHEX(?)";
        $params = array($id);
    } else {
        $sql = "DELETE FROM host_types WHERE host_id = UNHEX(?)";
        $params = array($id);
        $conn->Execute($sql, $params);
        $sql = "REPLACE INTO host_types (host_id, type, subtype) VALUES (UNHEX(?), ?, ?)";
        $params = array($id, $type, $subtype);
    }
    if ($conn->Execute($sql, $params) === false) {
        $return['error'] = true;
        $return['msg'] = $conn->ErrorMsg();
    } else {
        Util::memcacheFlush(false);
        $return['error'] = false;
        $return['data'] = _('Device Property Modified Successfully');
    }
    return $return;
}
示例#23
0
*
*
* On Debian GNU/Linux systems, the complete text of the GNU General
* Public License can be found in `/usr/share/common-licenses/GPL-2'.
*
* Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt
*
*/
//Config File
require_once dirname(__FILE__) . '/../../../../config.inc';
require_once 'data/sections/configuration/utilities.php';
session_write_close();
$system_id = POST('system_id');
ossim_valid($system_id, OSS_DIGIT, OSS_LETTER, '-', 'illegal:' . _('System ID'));
if (ossim_error()) {
    $config_nt = array('content' => ossim_get_error(), 'options' => array('type' => 'nf_error', 'cancel_button' => FALSE), 'style' => 'margin: auto; width: 90%; text-align: center;');
    $nt = new Notification('nt_1', $config_nt);
    $nt->show();
    exit;
}
/**************************************************************
*****************  Sensor Configuraton Data  *****************
***************************************************************/
$db = new ossim_db();
$conn = $db->connect();
$sensor_cnf = Av_center::get_sensor_configuration($system_id);
if ($sensor_cnf['status'] == 'error') {
    $config_nt = array('content' => _('Error retrieving information. Please, try again'), 'options' => array('type' => 'nf_error', 'cancel_button' => FALSE), 'style' => 'margin: 100px auto; width: 550px; text-align: center;');
    $nt = new Notification('nt_1', $config_nt);
    $nt->show();
} else {
示例#24
0
*
* On Debian GNU/Linux systems, the complete text of the GNU General
* Public License can be found in `/usr/share/common-licenses/GPL-2'.
*
* Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt
*
*/
//Config File
require_once dirname(__FILE__) . '/../../../config.inc';
session_write_close();
$system_id = POST('system_id');
$confirm = intval(POST('confirm'));
ossim_valid($system_id, OSS_UUID, 'illegal:' . _('System ID'));
if (ossim_error()) {
    $data['status'] = 'error';
    $data['data'] = ossim_get_error();
} else {
    //Getting system status
    $local_id = strtolower(Util::get_system_uuid());
    try {
        $db = new ossim_db();
        $conn = $db->connect();
        $ha_enabled = Av_center::is_ha_enabled($conn, $system_id);
        $db->close();
    } catch (Exception $e) {
        $db->close();
        $data['status'] = 'error';
        $data['data'] = $e->getMessage();
        echo json_encode($data);
    }
    $can_be_removed = $system_id != $local_id && $ha_enabled == FALSE ? TRUE : FALSE;
        while ($myrow = $result->baseFetchRow()) {
            if ($ids != "") {
                $ids .= ",";
            }
            $ids .= $myrow[0];
        }
        if ($ids != "") {
            $sql = "DELETE FROM sig_reference WHERE ref_id in ({$ids})";
            $qs->ExecuteOutputQueryNoCanned($sql, $db_snort);
        }
        $sql = "DELETE FROM reference_system WHERE ref_system_id={$delete}";
        $qs->ExecuteOutputQueryNoCanned($sql, $db_snort);
        $sql = "DELETE FROM reference WHERE ref_system_id={$delete}";
        $qs->ExecuteOutputQueryNoCanned($sql, $db_snort);
    } else {
        $error_msg = ossim_get_error();
        ossim_clean_error();
    }
}
$sql = "SELECT * FROM reference_system";
$result = $qs->ExecuteOutputQuery($sql, $db_snort);
$ref_types = array();
while ($myrow = $result->baseFetchRow()) {
    $ref_types[] = $myrow;
}
?>

<!-- <?php 
echo gettext("Forensics Console " . $BASE_installID) . $BASE_VERSION;
?>
 -->
示例#26
0
$asset = POST('asset');
$nat = POST('nat');
$sensors = isset($_POST['sboxs']) && !empty($_POST['sboxs']) ? Util::clean_array(POST('sboxs')) : array();
$nagios = POST('nagios');
$rrd_profile = POST('rrd_profile');
$threshold_a = POST('threshold_a');
$threshold_c = POST('threshold_c');
if (is_numeric($ips)) {
    for ($i = 0; $i < $ips; $i++) {
        $item_ip = "ip_{$i}";
        ${$item_ip} = POST($item_ip);
        $num = $i + 1;
        $hostname = "Host {$num}";
        ossim_valid(${$item_ip}, OSS_IP_ADDR, OSS_NULLABLE, 'illegal:' . _($hostname));
        if (ossim_error()) {
            $message_error[] = ossim_get_error();
            $error = true;
            $invalid_hosts = true;
            ossim_clean_error();
        } else {
            if (!empty(${$item_ip})) {
                $num_hosts++;
            }
        }
    }
}
$num_sensors = count($sensors);
$validate = array("ips" => array("validation" => "OSS_DIGIT", "e_message" => 'illegal:' . _("Hosts")), "groupname" => array("validation" => "OSS_SCORE, OSS_INPUT, OSS_NULLABLE", "e_message" => 'illegal:' . _("Group name")), "descr" => array("validation" => "OSS_TEXT, OSS_NULLABLE, OSS_AT", "e_message" => 'illegal:' . _("Description")), "asset" => array("validation" => "OSS_DIGIT", "e_message" => 'illegal:' . _("Asset")), "nat" => array("validation" => "OSS_NULLABLE, OSS_IP_ADDR", "e_message" => 'illegal:' . _("Nat")), "sboxs" => array("validation" => "OSS_SCORE, OSS_INPUT, OSS_AT", "e_message" => 'illegal:' . _("Sensors")), "rrd_profile" => array("validation" => "OSS_INPUT, OSS_NULLABLE", "e_message" => 'illegal:' . _("RRD Profile")), "threshold_a" => array("validation" => "OSS_DIGIT", "e_message" => 'illegal:' . _("Threshold A")), "threshold_c" => array("validation" => "OSS_DIGIT", "e_message" => 'illegal:' . _("Threshold C")), "nagios" => array("validation" => "OSS_NULLABLE, OSS_DIGIT", "e_message" => 'illegal:' . _("Nagios")));
if (GET('ajax_validation') == true) {
    $validation_errors = validate_form_fields('GET', $validate);
    if ($validation_errors == 1) {
示例#27
0
//Config File
require_once 'av_init.php';
Session::logcheck_ajax('environment-menu', 'PolicyHosts');
$asset_type = POST('asset_type');
$token = POST('token');
$action = POST('action');
// Validate Form token
if (Token::verify('tk_toggle_monitoring', POST('token')) == FALSE) {
    $error = Token::create_error_message();
    Util::response_bad_request($error);
}
session_write_close();
ossim_valid($asset_type, OSS_LETTER, 'illegal: ' . _('Asset Type'));
ossim_valid($action, 'enable', 'disable', 'illegal: ' . _('Action'));
if (ossim_error()) {
    $error = ossim_get_error();
    Util::response_bad_request($error);
}
/* connect to db */
$db = new ossim_db(TRUE);
$conn = $db->connect();
$data = array();
try {
    $_class_name = $asset_type == 'group' ? 'Asset_group_scan' : 'Asset_host_scan';
    if ($action == 'enable') {
        $success = $_class_name::bulk_enable_monitoring($conn);
    } else {
        $success = $_class_name::bulk_disable_monitoring($conn);
    }
    if ($success == FALSE) {
        if ($action == 'enable') {
示例#28
0
function change_disable_option($data)
{
    $panel = $data['panel'];
    $user = $data['user'];
    ossim_valid($panel, OSS_DIGIT, 'illegal:' . _("Tab"));
    ossim_valid($user, OSS_USER, 'illegal:' . _("User"));
    if (ossim_error()) {
        $info_error = "Error: " . ossim_get_error();
        ossim_clean_error();
        $return['error'] = TRUE;
        $return['msg'] = $info_error;
        return $return;
    }
    if (!get_user_valid($user)) {
        $return['error'] = TRUE;
        $return['msg'] = _('You do not have permission to modify this tab');
        return $return;
    }
    try {
        $tab = new Dashboard_tab($panel, $user);
        $tab->set_visible(1 - intval($tab->is_visible()));
        $tab->save_db();
    } catch (Exception $e) {
        $return['error'] = TRUE;
        $return['msg'] = $e->getMessage();
        return $return;
    }
    $return['error'] = FALSE;
    $return['msg'] = _("Visibility Option Changed Successfully");
    return $return;
}
示例#29
0
* <------------------------   END OF THE FUNCTIONS   ------------------------> 
*
*/
/*
*
* <-------------------------   BODY OF THE SCRIPT   -------------------------> 
*
*/
$action = POST("action");
//Action to perform.
$data = POST("data");
//Data related to the action.
ossim_valid($action, OSS_INPUT, 'illegal:' . _("Action"));
if (ossim_error()) {
    $response['error'] = TRUE;
    $response['msg'] = ossim_get_error();
    ossim_clean_error();
    echo json_encode($response);
    die;
}
//Default values for the response.
$response['error'] = TRUE;
$response['msg'] = _('Error when processing the request');
//checking if it is an ajax request
if (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest') {
    //Checking token
    if (!Token::verify('tk_welcome_wizard', GET('token'))) {
        $response['error'] = TRUE;
        $response['msg'] = _('Invalid Action');
    } else {
        //Getting the object with the filters. Unserialize needed.
示例#30
0
function schedule_scan($conn, $wizard, $data)
{
    $step = intval($wizard->get_step_data('scan_step'));
    $nets = $wizard->get_step_data('scan_nets');
    if ($step != 3 || count($nets) < 1) {
        $response['error'] = TRUE;
        $response['msg'] = _('Asset Scan not valid to schedule');
        return $response;
    }
    $sched = $data['sch_opt'];
    ossim_valid($sched, OSS_DIGIT, 'illegal:' . _("Schedule Option"));
    if (ossim_error()) {
        $response['error'] = TRUE;
        $response['msg'] = ossim_get_error();
        ossim_clean_error();
        $wizard->set_step_data('scan_nets', -1);
        return $response;
    }
    if ($sched == 1) {
        $period = 86400;
    } elseif ($sched == 2) {
        $period = 604800;
    } else {
        $period = 2419200;
    }
    $sensor_id = Av_sensor::get_default_sensor($conn);
    $name = _('Default_wizard_scan');
    $type = 5;
    $targets = array();
    foreach ($nets as $cidrs) {
        $cidrs = explode(' ', $cidrs);
        foreach ($cidrs as $cidr) {
            $targets[$cidr] = $cidr;
        }
    }
    $targets = implode(' ', $targets);
    $params = $targets . '#-T3 -A -sS -F';
    Inventory::insert($conn, $sensor_id, $name, $type, $period, $params, $targets);
    $response['error'] = FALSE;
    $response['data'] = array();
    return $response;
}