$hosts = array(); try { $_hosts_data = Asset_host::get_basic_list($conn); $hosts = $_hosts_data[1]; } catch (Exception $e) { $hosts = array(); } foreach ($hosts as $host) { $_ip = $host['ips']; $_hostname = $host['name']; if (Session::hostAllowed($conn, $_ip)) { //Load available hosts (Autocompleted) if ($_hostname != $_ip) { $h_list .= '{ txt:"' . $_hostname . ' [Host:' . $_ip . ']", id: "' . Asset_host_ips::ip2ulong($_ip) . '" },'; } else { $h_list .= '{ txt:"' . $_ip . '", id: "' . Asset_host_ips::ip2ulong($_ip) . '" },'; } } } // Protocol list if ($protocol_list = Protocol::get_list()) { echo "var protocols = new Array(" . count($protocol_list) . ")\n"; foreach ($protocol_list as $proto) { //$_SESSION[$id] = $plugin->get_name(); echo "protocols['proto_" . $proto['id'] . "'] = '" . $proto['name'] . "'\n"; //Load available protocols (Autocompleted) $p_list .= '{ txt: "Protocol:' . $proto['name'] . '", id: "' . $proto['id'] . '" },'; } } //Port list (Autocompleted) if ($port_list = Port::get_list($conn, " AND protocol_name='tcp'")) {
function draw_hosts_by_nets_os($conn, $data) { global $empty_tree; $tree = array(); $os = $data['os']; $id = $data['net']; ossim_valid($os, "windows|linux", 'illegal:' . _("Operating System")); ossim_valid($id, OSS_HEX, 'illegal:' . _("Network")); if (ossim_error()) { ossim_clean_error(); return $empty_tree; } $prm = array('%"' . $os . '%'); if ($id == '0') { $id_sql = ' AND n.id IS NULL'; } else { $id_sql = ' AND n.id = UNHEX(?)'; $prm[] = $id; } $sql = "SELECT DISTINCT hex(h.id) AS id , h.hostname AS name\n FROM host_properties hp, host h\n LEFT JOIN host_net_reference hn ON hn.host_id=h.id\n LEFT JOIN net n ON n.id=hn.net_id\n WHERE h.id=hp.host_id AND hp.property_ref=3 AND hp.value LIKE ? {$id_sql}"; //Always cached $rs = $conn->CacheExecute($sql, $prm); if (!$rs || $rs->EOF) { return $empty_tree; } while (!$rs->EOF) { $tooltip = 'IPs: ' . Asset_host_ips::get_ips_to_string($conn, $rs->fields['id']); $_aux = array('key' => 'host_' . $rs->fields['id'], 'title' => $rs->fields['name'], 'isFolder' => FALSE, 'icon' => FALSE, 'type' => 'host', 'host_id' => $rs->fields['id'], 'tooltip' => $tooltip); $tree[] = $_aux; $rs->MoveNext(); } return $tree; }
$sensor_ip = $system_info['data']['admin_ip']; } $ip_cidr = empty($sensor_ip) ? $agent['ip'] : $sensor_ip; } else { $agent_idm_data = Ossec_agent::get_idm_data($sensor_id, $agent['ip']); $agent_idm_ip = $agent_idm_data['ip']; if (empty($agent_idm_ip)) { try { $agent_idm_ip = Ossec_agent::get_last_ip($sensor_id, $agent); } catch (Exception $e) { } } $ip_cidr = Asset_host_ips::valid_ip($agent_idm_ip) ? $agent_idm_ip : $agent['ip']; } $data = array(); if (!preg_match('/Never connected/i', $agent['status']) && Asset_host_ips::valid_ip($ip_cidr)) { $data = Ossec_utilities::SIEM_trends_hids($conn, $ip_cidr); } $trend_plot = "<div style='color:gray; margin:15px; text-align:center;'>" . _('Trend chart not available') . "</div>"; if (is_array($data) && !empty($data)) { $trend = ''; $max = 7; for ($ii = $max - 1; $ii >= 0; $ii--) { $d = gmdate("j M", $timetz - 86400 * $ii); $trend[$d] = $data[$d] != '' ? $data[$d] : 0; } $i = 0; foreach ($trend as $k => $v) { $x[$k] = $i; $i++; }
$s_data = Ossec_utilities::get_sensors($conn); $hids_sensors = $s_data['sensors']; foreach ($assets_w_os as $asset_id => $a_data) { $deployment_stats[$asset_id] = array('status' => 'success', 'data' => ''); //Getting HIDS sensor and Windows IP $sensor_id = NULL; $hids_agents = Asset_host::get_related_hids_agents($conn, $asset_id); $aux_ip_address = explode(',', $a_data['ips']); $aux_ip_address = array_flip($aux_ip_address); $default_ip_address = array_pop(array_keys($aux_ip_address)); if (is_array($hids_agents) && !empty($hids_agents)) { //Case 1: HIDS Agents was previously deployed $hids_agent = array_pop($hids_agents); $sensor_id = $hids_agent['sensor_id']; $agent_id = $hids_agent['agent_id']; if (Asset_host_ips::valid_ip($hids_agent['ip_cidr']) && array_key_exists($hids_agent['ip_cidr'], $aux_ip_address)) { $ip_address = $hids_agent['ip_cidr']; } else { $ip_address = $default_ip_address; } } else { //Case 2: Not HIDS Agent deployed $asset_sensors = Asset_host_sensors::get_sensors_by_id($conn, $asset_id); foreach ($asset_sensors as $asset_sensor_id => $s_data) { //Checking HIDS Sensor $cnd_1 = Ossec_utilities::is_sensor_allowed($conn, $asset_sensor_id) == TRUE; $cnd_2 = !empty($asset_sensors[$asset_sensor_id]); if ($cnd_1 && $cnd_2) { $sensor_id = $asset_sensor_id; break; }
$id = GET('id'); ossim_valid($id, OSS_HEX, 'illegal:' . _("Network ID")); ossim_valid($type, "network", "server", 'illegal:' . _("Asset Type")); if (ossim_error()) { $error_msg = "Error: " . ossim_get_error(); $error = true; ossim_clean_error(); } $type = $type == 'server' ? 1 : 4; $sql = "SELECT distinct HEX(h.id) as id, h.hostname, MAX(DATE(ac.timestamp)) as log\n\t\t\t\tFROM alienvault.host_types t, alienvault.host_net_reference hn, alienvault.host h \n\t\t\t\tLEFT JOIN alienvault_siem.ac_acid_event ac ON ac.src_host = h.id\n\t\t\t\tWHERE h.id=hn.host_id AND h.id=t.host_id AND t.type=? AND hn.net_id=UNHEX(?)\n\t\t\t\tGROUP BY h.id\n\t\t\t\t"; $params = array($type, $id); $asset_list = array(); if ($rs = $conn->Execute($sql, $params)) { while (!$rs->EOF) { try { $ips = Asset_host_ips::get_ips_to_string($conn, $rs->fields['id']); } catch (Exception $e) { $ips = ''; } $asset_list[] = array('id' => $rs->fields['id'], 'name' => $rs->fields["hostname"], 'ip' => $ips, 'log' => $rs->fields["log"]); $rs->MoveNext(); } } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html> <head> <title> <?php echo _("OSSIM Framework"); ?> </title>
ossim_valid($agent_id, OSS_DIGIT, 'illegal:' . _('Agent ID')); ossim_valid($sensor_id, OSS_HEX, 'illegal:' . _('Sensor ID')); if ($agent_ip != 'any') { ossim_valid($agent_ip, OSS_IP_CIDR_0, 'illegal:' . _('Agent IP')); } if (!ossim_error()) { $db = new ossim_db(); $conn = $db->connect(); if (!Ossec_utilities::is_sensor_allowed($conn, $sensor_id)) { Av_exception::throw_error(Av_exception::USER_ERROR, _('Error! Sensor not allowed')); } $db->close(); } $more_info = Ossec_agent::get_info($sensor_id, $agent_id); $last_scan_dates = ''; if (Asset_host_ips::valid_ip($agent_ip)) { $last_scan_dates = Ossec_agent::get_last_scans($sensor_id, $agent_ip); } if (is_array($more_info) && !empty($more_info)) { $syscheck_date = empty($last_scan_dates['syscheck']) ? $more_info[7] : $last_scan_dates['syscheck']; $rootcheck_date = empty($last_scan_dates['rootcheck']) ? $more_info[8] : $last_scan_dates['rootcheck']; ?> <table class='t_agent_mi'> <tr><td colspan='2' style='text-align: center;'><?php echo _('Agent information'); ?> </td></tr> <tr> <td><?php echo _('Agent ID'); ?>
$validate['ip_cidr'] = array('validation' => 'any', 'e_message' => 'illegal:' . _('Agent IP')); } $validation_errors = validate_form_fields('POST', $validate); if (empty($validation_errors['sensor_id'])) { $db = new ossim_db(); $conn = $db->connect(); if (!Ossec_utilities::is_sensor_allowed($conn, $sensor_id)) { $validation_errors['sensor_id'] = _('Error! Sensor not allowed'); } $db->close(); } if (empty($validation_errors)) { //IDM Info $agent_idm_data = Ossec_agent::get_idm_data($sensor_id, $agent_ip); if (empty($agent_idm_data)) { $agent = array('ip' => $agent_ip, 'name' => $agent_name); $last_ip = Ossec_agent::get_last_ip($sensor_id, $agent); if (Asset_host_ips::valid_ip($last_ip)) { $agent_idm_data = array('userdomain' => '-', 'ip' => $last_ip); } else { $agent_idm_data = array('userdomain' => '-', 'ip' => '-'); } } $data['status'] = 'success'; $data['data'] = $agent_idm_data; } else { $data['status'] = 'error'; $data['data'] = $validation_errors; } echo json_encode($data); exit;
$error = Token::create_error_message(); Util::response_bad_request($error_msg); } $warning_msg = ''; //Validate IP/CIDR if ($ip_cidr != 'any' && $ip_cidr != '0.0.0.0/0') { if (Asset_host_ips::valid_ip($ip_cidr)) { //Agent IP/CIDR is an IP address $asset_ips = Asset_host_ips::get_ips_to_string($conn, $asset_id); if (preg_match('/' . $ip_cidr . '/', $asset_ips) == FALSE) { $warning_msg = _('The asset IP and IP/CIDR do not match'); } } else { //Agent IP/CIDR is an CIDR $ip_range = CIDR::expand_cidr($ip_cidr, 'SHORT', 'LONG'); $asset_ips_obj = new Asset_host_ips($asset_id); $asset_ips_obj->load_from_db($conn); $asset_ips = $asset_ips_obj->get_ips(); $valid_ip_range = FALSE; foreach ($asset_ips as $a_data) { $ip = Asset_host_ips::ip2ulong($a_data['ip']); if ($ip >= $ip_range[0] && $ip <= $ip_range[1]) { $valid_ip_range = TRUE; break; } } if ($valid_ip_range == FALSE) { $warning_msg = _('The selected asset IP is out of the IP/CIDR range'); } } }
if ($agent_status > 1) { if (Asset_host::is_in_db($conn, $asset_id)) { $data = Ossec_utilities::hids_trend_by_id($conn, $asset_id); } else { if ($ip_cidr == '127.0.0.1') { // Getting default sensor IP $sensor_ip = Av_sensor::get_ip_by_id($conn, $sensor_id); $ip_cidr = empty($sensor_ip) ? $ip_cidr : $sensor_ip; } else { try { $agent = array('name' => $agent_name, 'ip_cidr' => $ip_cidr); $ip_cidr = Ossec_agent::get_last_ip($sensor_id, $agent); } catch (Exception $e) { } } if (Asset_host_ips::valid_ip($ip_cidr)) { $data = Ossec_utilities::hids_trend_by_ip($conn, $ip_cidr); } } } $trend_plot = "<div style='color:gray; margin:15px; text-align:center;'>" . _('Trend chart not available') . "</div>"; if (is_array($data) && !empty($data)) { $trend = ''; $max = 7; for ($ii = $max - 1; $ii >= 0; $ii--) { $d = gmdate("j M", $timetz - 86400 * $ii); $trend[$d] = $data[$d] != '' ? $data[$d] : 0; } $i = 0; foreach ($trend as $k => $v) { $x[$k] = $i;
function deploy_agents($conn, $wizard) { //Aux variable that is returned $data = array(); //If we have already initialized the deploy, we return true to check the status $started = $wizard->get_step_data('deploy_initialized'); if ($started === TRUE) { $response['error'] = FALSE; $response['data'] = $data; return $response; } //Retrieving the params $os = $wizard->get_step_data('deploy_os'); $username = $wizard->get_step_data('deploy_username'); $domain = $wizard->get_step_data('deploy_domain'); //Getting the array of hosts $hosts = $wizard->get_step_data('deploy_hosts'); $hosts = is_array($hosts) ? $hosts : array(); //Getting the password and decrypting $password = $wizard->get_step_data('deploy_password'); $password = Util::decrypt($password, Util::get_system_uuid()); $total_ip = 0; //Performing linux deployment --> Agentless if ($os == 'linux') { $sensor_id = get_sensor_id(); $deploy = 0; //Num of successful deployments --> Initially 0 //Arguments for the agentless entries $arguments = '/etc /usr/bin /usr/sbin /bin /sbin'; foreach ($hosts as $h) { $ips = Asset_host_ips::get_ips_to_string($conn, $h); $ips = explode(',', $ips); $hostname = Asset_host::get_name_by_id($conn, $h); foreach ($ips as $ip) { try { //Adding Aggentless Ossec_agentless::save_in_db($conn, $ip, $sensor_id, $hostname, $username, $password, '', FALSE, ''); //Adding Aggentless Entries Ossec_agentless::add_monitoring_entry($conn, $ip, $sensor_id, 'ssh_integrity_check_bsd', 3600, 'periodic', $arguments); Ossec_agentless::add_monitoring_entry($conn, $ip, $sensor_id, 'ssh_integrity_check_linux', 3600, 'periodic', $arguments); $deploy++; } catch (Exception $e) { Av_exception::write_log(Av_exception::USER_ERROR, $e->getMessage()); } $total_ip++; } } //Saving the number of the successful deployments $wizard->set_step_data('deploy_success', $deploy); } elseif ($os == 'windows') { $jobs = array(); foreach ($hosts as $h) { $ips = Asset_host_ips::get_ips_to_string($conn, $h); $ips = explode(',', $ips); foreach ($ips as $ip) { try { //Adding job to deploy ossec. $name = 'Windows-' . str_replace('.', '-', $ip); $job = Welcome_wizard::launch_ossec_deploy($name, $ip, $username, $domain, $password); $jid = md5($h . $ip); $jobs[$jid] = array('job_id' => $job['job_id'], 'agent' => $name . '(' . $ip . ')'); } catch (Exception $e) { Av_exception::write_log(Av_exception::USER_ERROR, $e->getMessage()); } $total_ip++; } } //Saving the jobs IDs in the wizard object $wizard->set_step_data('deploy_jobs', $jobs); } $total_ip = $total_ip > count($hosts) ? $total_ip : count($hosts); $data['total_ips'] = $total_ip; //Setting the total of ips. $wizard->set_step_data('deploy_total_ips', $total_ip); //Setting to true the flag that warns that the deploy has been already initialized. $wizard->set_step_data('deploy_initialized', TRUE); //Saving the wizard status $wizard->save_status(); $response['error'] = FALSE; $response['data'] = $data; return $response; }
} if (Token::verify($tk_key, $token) == FALSE) { $db->close(); $error = Token::create_error_message(); Util::response_bad_request($error); } $data['status'] = 'success'; $data['data'] = _('Your changes have been saved'); if ($delete_all == TRUE) { if (!valid_hex32($asset_id)) { $db->close(); Util::response_bad_request(_('Error! Asset ID not allowed. Your changes could not be saved')); } else { try { if ($action == 'delete_properties') { Asset_host_ips::delete_all_from_db($conn, $asset_id, TRUE); Asset_host_properties::delete_all_from_db($conn, $asset_id); } elseif ($action == 'delete_software') { Asset_host_software::delete_all_from_db($conn, $asset_id); } else { Asset_host_services::delete_all_from_db($conn, $asset_id, TRUE); } } catch (Exception $e) { $db->close(); Util::response_bad_request($e->getMessage()); } } } else { if (is_array($p_list) && !empty($p_list)) { foreach ($p_list as $p_values) { try {
$domain = POST('domain'); //Extra validations if (empty($validation_errors)) { //Checking Asset ID if (Asset_host::is_allowed($conn, $asset_id) == FALSE) { $validation_errors['asset_id'] = _('You do not have permission to deploy HIDS agent to this asset. Please check with your account admin for more information'); } //Checking HIDS Sensor $cnd_1 = Ossec_utilities::is_sensor_allowed($conn, $sensor_id) == FALSE; $asset_sensors = Asset_host_sensors::get_sensors_by_id($conn, $asset_id); $cnd_2 = empty($asset_sensors[$sensor_id]); if ($cnd_1 || $cnd_2) { $validation_errors['sensor_id'] = sprintf(_("Sensor %s not allowed. Please check with your account admin for more information"), Av_sensor::get_name_by_id($conn, $sensor_id)); } //Checking IP Address $aux_asset_ips = Asset_host_ips::get_ips_to_string($conn, $asset_id); if (preg_match('/' . $ip_address . '/', $aux_asset_ips) == FALSE) { $validation_errors['ip_address'] = _("The IP address you enter is not valid. Please check your asset and network settings and try again"); } } break; case 'deploy_agentless': /*********************************************** ******************* TO DO ****************** ************************************************/ break; } //AJAX validator: Return validation results if (POST('ajax_validation_all') == TRUE) { if (is_array($validation_errors) && !empty($validation_errors)) { $data['status'] = 'error';
if (empty($validation_errors)) { $current_user = '******'; $current_ip = '-'; //Current user if (valid_hex32($asset_id)) { $q_filters = array('limit' => "1"); list($users, $total_users) = Asset_host_properties::get_users_by_host($conn, $asset_id, $filters); if ($total_users > 0) { $_current_user = array_pop($users[$asset_id]); if (!empty($_current_user)) { $current_user = $_current_user['user']; $current_user .= !empty($_current_user['domain']) ? '@' . $_current_user['domain'] : ''; } } } //Current IP $agent = array('ip_cidr' => $agent_ip, 'name' => $agent_name); $_current_ip = Ossec_agent::get_last_ip($sensor_id, $agent); if (Asset_host_ips::valid_ip($_current_ip)) { $current_ip = $_current_ip; } $agent_idm_data = array('current_ip' => $current_ip, 'current_user' => $current_user); $data['status'] = 'success'; $data['data'] = $agent_idm_data; } else { $data['status'] = 'error'; $data['data'] = $validation_errors; } $db->close(); echo json_encode($data); exit;
function draw_html_content($conn, $ri_data, $edit_mode = FALSE) { $ri_html = ''; if ($ri_data['type'] == 'indicator') { //Allowed host types $host_types = array('host', 'server', 'sensor'); //Getting indicator values if (preg_match("/view\\.php\\?map\\=([a-fA-F0-9]*)/", $ri_data['url'], $found)) { // Linked to another map: loop by this map indicators list($r_value, $v_value, $a_value, $ri_data['asset_id'], $related_sensor, , $ips, $in_assets) = get_map_values($conn, $found[1], $ri_data['asset_id'], $ri_data['asset_type'], $host_types); } else { // Asset Values list(, $related_sensor, , $ips, $in_assets) = get_assets($conn, $ri_data['asset_id'], $ri_data['asset_type'], $host_types); list($r_value, $v_value, $a_value) = get_values($conn, $host_types, $ri_data['asset_type'], $ri_data['asset_id'], FALSE); } // Getting indacator links if ($edit_mode == TRUE) { $linked_url = "javascript:void(0);"; $r_url = "javascript:void(0);"; $v_url = "javascript:void(0);"; $a_url = "javascript:void(0);"; } else { // Risk link $alarm_query = ''; if ($ri_data['asset_type'] == 'host') { $alarm_query .= "&host_id=" . $ri_data['asset_id']; } elseif ($ri_data['asset_type'] == 'net') { $alarm_query .= "&net_id=" . $ri_data['asset_id']; } elseif ($ri_data['asset_type'] == 'sensor') { $alarm_query .= "&sensor_query=" . $ri_data['asset_id']; } elseif ($ri_data['asset_type'] == 'host_group' || $ri_data['asset_type'] == 'hostgroup') { $alarm_query .= "&asset_group=" . $ri_data['asset_id']; } $r_url = Menu::get_menu_url("/ossim/alarm/alarm_console.php?hide_closed=1" . $alarm_query, 'analysis', 'alarms', 'alarms'); // Vulnerability link if ($ri_data['asset_type'] == 'host_group' || $ri_data['asset_type'] == 'hostgroup') { $v_data = ''; if (valid_hex32($ri_data['asset_id'])) { $_group_object = Asset_group::get_object($conn, $ri_data['asset_id']); if ($_group_object != NULL) { $_assets_aux = $_group_object->get_hosts($conn, '', array(), TRUE); foreach ($_assets_aux[0] as $_host_data) { if ($v_data != '') { $v_data .= ','; } $v_data .= $_host_data[2]; // IP } } } } else { $v_data = $ips; } $v_url = Menu::get_menu_url("/ossim/vulnmeter/index.php?value={$v_data}&type=hn", 'environment', 'vulnerabilities', 'overview'); // Availability link if (!empty($related_sensor)) { $conf = $GLOBALS['CONF']; $conf = !$conf ? new Ossim_conf() : $conf; $nagios_link = $conf->get_conf('nagios_link'); $scheme = empty($_SERVER['HTTPS']) ? 'http://' : 'https://'; $path = !empty($nagios_link) ? $nagios_link : '/nagios3/'; $port = !empty($_SERVER['SERVER_PORT']) ? ':' . $_SERVER['SERVER_PORT'] : ""; $nagios_url = $scheme . $related_sensor . $port . $path; if ($ri_data['asset_type'] == 'host') { $hostname = Asset_host::get_name_by_id($conn, $ri_data['asset_id']); if (preg_match('/\\,/', $ips)) { $hostname .= '_' . preg_replace('/\\,.*/', '', $ips); } $a_url = Menu::get_menu_url("/ossim/nagios/index.php?sensor={$related_sensor}&nagios_link=" . urlencode($nagios_url . "cgi-bin/status.cgi?host=" . $hostname), 'environment', 'availability'); } else { $a_url = Menu::get_menu_url("/ossim/nagios/index.php?sensor={$related_sensor}&nagios_link=" . urlencode($nagios_url . "cgi-bin/status.cgi?hostgroup=all"), 'environment', 'availability'); } } else { $a_url = 'javascript:void(0);'; } //Report link or map link if ($ri_data['url'] == 'REPORT') { $linked_url = "javascript:void(0);"; if ($ri_data['asset_type'] == 'sensor') { try { //Special case 1: Sensors don't have detail view $sensor_ip = Av_sensor::get_ip_by_id($conn, $ri_data['asset_id']); if (Asset_host_ips::valid_ip($sensor_ip)) { $filters = array('where' => "host.id = hi.host_id AND hi.ip = INET6_ATON('{$sensor_ip}')\n AND hi.host_id = hs.host_id AND hs.sensor_id = UNHEX('" . $ri_data['asset_id'] . "')"); list($hosts, $total) = Asset_host::get_list($conn, ', host_sensor_reference hs, host_ip hi', $filters); if ($total == 1) { $ri_data['asset_id'] = key($hosts); $linked_url = Menu::get_menu_url("/ossim/av_asset/common/views/detail.php?asset_id=" . $ri_data['asset_id'], 'environment', 'assets', 'assets'); } elseif ($total > 1) { $linked_url = Menu::get_menu_url("/ossim/av_asset/asset/index.php?filter_id=11&filter_value={$sensor_ip}", 'environment', 'assets', 'assets'); } } } catch (Exception $e) { } } elseif ($ri_data['asset_type'] == 'net_group' || $ri_data['asset_type'] == 'netgroup') { //Special case 2: Net groups don't have detail view $_sm_option = 'assets'; $_h_option = 'network_groups'; $linked_url = Menu::get_menu_url("/ossim/netgroup/netgroup_form.php?id=" . $ri_data['asset_id'], 'environment', $_sm_option, $_h_option); } else { if ($ri_data['asset_type'] == 'host') { $_sm_option = 'assets'; $_h_option = 'assets'; } elseif ($ri_data['asset_type'] == 'host_group' || $ri_data['asset_type'] == 'hostgroup') { $_sm_option = 'assets'; $_h_option = 'asset_groups'; } else { $_sm_option = 'assets'; $_h_option = 'networks'; } $linked_url = Menu::get_menu_url("/ossim/av_asset/common/views/detail.php?asset_id=" . $ri_data['asset_id'], 'environment', $_sm_option, $_h_option); } } else { $linked_url = $ri_data['url'] != '' ? Menu::get_menu_url($ri_data['url'], 'dashboard', 'riskmaps', 'overview') : "javascript:void(0);"; } } //Special image when linked asset has been removed if ($ri_data['asset_type'] != '' && !$in_assets) { $ri_data['icon'] = "/ossim/pixmaps/marker--exclamation.png"; $ri_data['icon_size'] = "16"; $ri_data['icon_bg'] = 'transparent'; } $ri_data['icon_size'] = $ri_data['icon_size'] >= 0 || $ri_data['icon_size'] == -1 ? $ri_data['icon_size'] : ''; $ri_html .= "<input type='hidden' name='dataname" . $ri_data['id'] . "' id='dataname" . $ri_data['id'] . "' value='" . $ri_data['name'] . "'/>\n <input type='hidden' name='datatype" . $ri_data['id'] . "' id='datatype" . $ri_data['id'] . "' value='" . $ri_data['asset_type'] . "'/>\n <input type='hidden' name='type_name" . $ri_data['id'] . "' id='type_name" . $ri_data['id'] . "' value='" . $ri_data['asset_id'] . "'/>\n <input type='hidden' name='type_name_show" . $ri_data['id'] . "' id='type_name_show" . $ri_data['id'] . "' value='" . $ri_data['asset_name'] . "'/>\n <input type='hidden' name='dataurl" . $ri_data['id'] . "' id='dataurl" . $ri_data['id'] . "' value='" . $ri_data['url'] . "'/>\n <input type='hidden' name='dataicon" . $ri_data['id'] . "' id='dataicon" . $ri_data['id'] . "' value='" . $ri_data['icon'] . "'/>\n <input type='hidden' name='dataiconsize" . $ri_data['id'] . "' id='dataiconsize" . $ri_data['id'] . "' value='" . $ri_data['icon_size'] . "'/>\n <input type='hidden' name='dataiconbg" . $ri_data['id'] . "' id='dataiconbg" . $ri_data['id'] . "' value='" . $ri_data['icon_bg'] . "'/>"; $ri_html .= '<table width="100%" border="0" cellspacing="0" cellpadding="1" style="padding:2px; background-color:' . $ri_data['icon_bg'] . '; text-align:center; margin-left:2px; margin-right:2px">'; if (!preg_match("/#NONAME/", $ri_data['name'])) { $ri_html .= '<tr> <td align="center" nowrap="nowrap"> <a href="' . $linked_url . '" class="ne"><i>' . $ri_data['name'] . '</i></a> </td> </tr>'; } if ($ri_data['icon_size'] != -1) { $ri_data['icon_size'] = $ri_data['icon_size'] > 0 ? 'width="' . $ri_data['icon_size'] . '"' : ''; $ri_html .= '<tr> <td align="center" style="white-space: nowrap;"> <a href="' . $linked_url . '" class="ne"> <img src="' . $ri_data['icon'] . '" ' . $ri_data['icon_size'] . ' border="0"/> </a> </td> </tr>'; } $ri_html .= '<tr align="center"> <td style="margin-left:2px; margin-right:2px">'; if ($ri_data['icon_size'] == -1 && preg_match("/#NONAME/", $ri_data['name'])) { $ri_html .= '<table border="0" cellspacing="0" cellpadding="2" style="text-align:center; margin:auto;"> <tr> <td><a class="ne11" href="' . $r_url . '"><img src="images/' . $r_value . '.gif" border="0"/></a></td> <td><a class="ne11" href="' . $v_url . '"><img src="images/' . $v_value . '.gif" border="0"/></a></td> <td><a class="ne11" href="' . $a_url . '"><img src="images/' . $a_value . '.gif" border="0"/></a></td> </tr> </table>'; } else { $ri_html .= ' <table border="0" cellspacing="0" cellpadding="2" style="text-align:center; margin:auto;"> <tr> <td><a class="ne11" href="' . $r_url . '">R</a></td> <td><a class="ne11" href="' . $v_url . '">V</a></td> <td><a class="ne11" href="' . $a_url . '">A</a></td> </tr> <tr> <td><img src="images/' . $r_value . '.gif" border="0"/></td> <td><img src="images/' . $v_value . '.gif" border="0"/></td> <td><img src="images/' . $a_value . '.gif" border="0"/></td> </tr> </table>'; } $ri_html .= ' </td> </tr>'; if ($edit_mode == TRUE) { $ri_html .= ' <tr align="center"> <td class="noborder"> <div id="indicator_edit" style="float:left;" onclick="load_indicator_info(this);"> <img src="images/edit.png" title="' . _("Edit Indicator") . '" class="ind_help" height="15px" border="0"/> </div> <div id="indicator_trash" style="float:right;" onclick="delete_indicator(this);"> <img src="../pixmaps/trash.png" title="' . _("Delete Indicator") . '" class="ind_help" height="15px" border="0"/> </div> </td> </tr>'; } $ri_html .= '</table>'; } elseif ($ri_data['type'] == 'rectangle') { $ri_html = "<input type='hidden' name='dataname" . $ri_data['id'] . "' id='dataname" . $ri_data['id'] . "' value='" . $ri_data['name'] . "'/>\n\n <input type='hidden' name='dataurl" . $ri_data['id'] . "' id='dataurl" . $ri_data['id'] . "' value='" . $ri_data['url'] . "'/>\n"; if ($edit_mode == TRUE) { $ri_html .= '<div class="itcanberesized" style="position:absolute; bottom:0px; right:0px; cursor:nw-resize;"> <img src="../pixmaps/resize.gif" border="0"/> </div>'; } $ri_html .= '<table border="0" cellspacing="0" cellpadding="0" width="100%" height="100%" style="border:0px;"> <tr> <td style="border:1px dotted black" valign="bottom">'; if ($edit_mode == TRUE) { $ri_html .= '<div id="indicator_edit" style="float:left;padding:2px;" onclick="load_indicator_info(this);"> <img src="images/edit.png" title="' . _("Edit Rectangle") . '" class="ind_help" height="15px" border="0"/> </div> <div id="indicator_trash" style="float:right;padding:2px;" onclick="delete_indicator(this);"> <img src="../pixmaps/trash.png" title="' . _("Delete Rectangle") . '" class="ind_help" height="15px" border="0"/> </div>'; } $ri_html .= ' </td> </tr> </table>'; } return $ri_html; }
$validate = array('host_id' => array('validation' => 'OSS_HEX', 'e_message' => 'illegal:' . _('Host ID')), 'sensor' => array('validation' => 'OSS_LETTER', 'e_message' => 'illegal:' . _('Sensor')), 'scan_type' => array('validation' => 'OSS_LETTER', 'e_message' => 'illegal:' . _('Scan Mode')), 'timing_template' => array('validation' => 'OSS_TIMING_TEMPLATE', 'e_message' => 'illegal:' . _('Timing Template')), 'autodetected' => array('validation' => 'OSS_BINARY', 'e_message' => 'illegal:' . _('Autodetected services and OS')), 'rdns' => array('validation' => 'OSS_BINARY', 'e_message' => 'illegal:' . _('Reverse DNS '))); $validation_errors = validate_form_fields('POST', $validate); //Extra validations if (empty($validation_errors)) { if (!array_key_exists(POST('scan_type'), $scan_types)) { $validation_errors['status'] = 'error'; $validation_errors['scan_type'] = _('Error! Scan type not allowed'); } if (!array_key_exists(POST('timing_template'), $time_templates)) { $validation_errors['status'] = 'error'; $validation_errors['timing_template'] = _('Error! Timing template not allowed'); } if (empty($validation_errors)) { $host_id = POST('host_id'); $_hostname = Asset_host::get_name_by_id($conn, $host_id); $_host_ips = Asset_host_ips::get_ips_to_string($conn, $host_id); $sensor = POST('sensor'); $scan_type = POST('scan_type'); $ttemplate = POST('timing_template'); $autodetected = POST('autodetected'); $rdns = POST('rdns'); } } } //Close DB connection $db->close(); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html> <head>
$asset_type = REQUEST('asset_type'); //Database connection $db = new ossim_db(); $conn = $db->connect(); if ($edition_type == 'single') { // Single edition $id = GET('id'); $_ip = GET('ip'); $_ctx = GET('ctx'); //Getting host by IP and CTX if (empty($id) && !empty($_ctx) && !empty($_ip)) { $entity_type = Session::get_entity_type($conn, $_ctx); $entity_type = strtolower($entity_type); //Sometimes CTX is an engine instead of context $_ctx = $entity_type == 'context' ? $_ctx : Session::get_default_ctx(); if (Asset_host_ips::valid_ip($_ip) && valid_hex32($_ctx)) { $aux_ids = Asset_host::get_id_by_ips($conn, $_ip, $_ctx); $aux_id = key($aux_ids); if (Asset_host::is_in_db($conn, $aux_id)) { $id = $aux_id; } } else { unset($_ip); unset($_ctx); } } if (!empty($id) && Asset_host::is_in_db($conn, $id)) { ossim_valid($id, OSS_HEX, 'illegal:' . _('Asset ID')); if (ossim_error()) { echo ossim_error(_('Error! Asset not found')); exit;