function get_user_icon($login, $pro) { ${$pixmaps} = '../pixmaps/user-green.png'; $db = new ossim_db(); $conn = $db->connect(); $user = Session::get_list($conn, "WHERE login='******'"); if ($pro) { // Pro-version if ($login == ACL_DEFAULT_OSSIM_ADMIN || $user[0]->get_is_admin()) { $pixmaps = '../pixmaps/user-gadmin.png'; } elseif (Acl::is_proadmin($conn, $user[0]->get_login())) { $pixmaps = '../pixmaps/user-business.png'; } } else { // Open Source if ($login == ACL_DEFAULT_OSSIM_ADMIN || $user[0]->get_is_admin()) { $pixmaps = "../pixmaps/user-gadmin.png"; } } $db->close(); return $pixmaps; }
function get_user_icon($login, $pro) { require_once 'ossim_db.inc'; $db = new ossim_db(); $dbconn = $db->connect(); $user = Session::get_list($dbconn, "WHERE login='******'"); if ($pro) { // Pro-version if ($login == ACL_DEFAULT_OSSIM_ADMIN || $user[0]->get_is_admin()) { return "../pixmaps/user-gadmin.png"; } elseif (Acl::is_proadmin($dbconn, $user[0]->get_login())) { return "../pixmaps/user-business.png"; } else { return "../pixmaps/user-green.png"; } } else { // Opensource if ($login == ACL_DEFAULT_OSSIM_ADMIN || $user[0]->get_is_admin()) { return "../pixmaps/user-gadmin.png"; } else { return "../pixmaps/user-green.png"; } } }
* @var String */ $plugin = ''; /** * application root path * * @var string */ define('APP_ROOT', realpath(dirname(__FILE__) . '/../')); if (file_exists(APP_ROOT . '/config.php')) { include_once APP_ROOT . '/config.php'; } /*if (defined('PSI_DEFAULT_LANG')) { $lang = PSI_DEFAULT_LANG; }*/ $admin_data = Session::get_list($dbconn, "WHERE login='******'"); preg_match("/(.*)_.*/", $admin_data[0]->get_language(), $found); $lang = $found[1]; if (isset($_GET['lang'])) { if (file_exists(APP_ROOT . '/language/' . trim(htmlspecialchars(basename($_GET['lang']))) . '.xml')) { $lang = basename($_GET['lang']); } } $plugin = isset($_GET['plugin']) ? trim(htmlspecialchars(basename($_GET['plugin']))) : null; if ($plugin == null) { if (file_exists(APP_ROOT . '/language/' . $lang . '.xml')) { echo file_get_contents(APP_ROOT . '/language/' . $lang . '.xml'); } else { echo file_get_contents(APP_ROOT . '/language/en.xml'); } } else {
ini_set("include_path", ".:/usr/share/ossim/include:/usr/share/phpgacl"); $force_gacl = true; require_once 'av_init.php'; $gacl = $GLOBALS['ACL']; /* connect to db */ $db = new ossim_db(); $conn = $db->connect(); try { $net_list = Asset_net::get_all($conn); $sensor_list = Av_sensor::get_all($conn); } catch (Exception $e) { print $e->getMessage(); exit; } $permids = get_permids($conn); $users = Session::get_list($conn); foreach ($users as $user) { $nets = ""; $sensors = ""; $perms = array(); $login = $user->get_login(); if ($user->get_is_admin() || $login == ACL_DEFAULT_OSSIM_ADMIN) { continue; } // Skip admin user $query = "SELECT * FROM users WHERE login=?"; $params = array($login); if (!($rs =& $conn->Execute($query, $params))) { print $conn->ErrorMsg(); exit; } else {
} $db = new ossim_db(); $conn = $db->connect(); /* check params */ if (!POST("user") || !POST("pass1") || !POST("pass2")) { require_once "ossim_error.inc"; $error = new OssimError(); $error->display("FORM_MISSING_FIELDS"); } if (!Session::am_i_admin() && ($_SESSION["_user"] != $user && !POST("oldpass"))) { require_once "ossim_error.inc"; $error = new OssimError(); $error->display("FORM_MISSING_FIELDS"); } /* check for old password if not actual user or admin */ if ($_SESSION["_user"] != $user && !Session::am_i_admin() && !is_array($user_list = Session::get_list($conn, "WHERE login = '******' and pass = '******'"))) { require_once "ossim_error.inc"; $error = new OssimError(); $error->display("BAD_OLD_PASSWORD"); } /* check passwords */ if (0 != strcmp($pass1, $pass2)) { require_once "ossim_error.inc"; $error = new OssimError(); $error->display("PASSWORDS_MISMATCH"); } /* only the user himself or the admin can change passwords */ if (POST('user') != $_SESSION["_user"] && !Session::am_i_admin()) { die(ossim_error(_("To change the password for other user is not allowed"))); } /* check OK, insert into DB */
$is_my_profile = $login == $myself && !$duplicate ? TRUE : FALSE; ossim_valid($greybox, OSS_DIGIT, OSS_NULLABLE, 'illegal:' . _('Greybox')); if (ossim_error()) { echo ossim_error(); exit; } if ($is_default_admin && $duplicate == TRUE) { echo ossim_error(_('The user admin can not be duplicated')); exit; } if ($login != '') { if ($login == AV_DEFAULT_ADMIN && $myself != AV_DEFAULT_ADMIN) { $user = ''; } else { $s_login = escape_sql($login, $conn, FALSE); $user_list = Session::get_list($conn, "WHERE login='******'", '', FALSE, TRUE); $user = $user_list[0]; } if (is_object($user) && !empty($user)) { $user = $user_list[0]; $uuid = $user->get_uuid(); $login = $duplicate == TRUE ? $login . '_duplicated' : $login; $user_name = $user->get_name(); $email = $user->get_email(); $language = $user->get_language(); $tzone = $user->get_tzone(); $template_id = $user->get_template_id(); $login_method = $user->get_login_method(); $login_method = $login_method == 'ldap' ? 'ldap' : 'pass'; $last_pass_change = $user->last_pass_change(); $is_admin = $user->get_is_admin();
if (isset($_POST['user_id'])) { $user_id = POST('user_id'); $language = POST('language'); ossim_valid($user_id, OSS_USER, 'illegal:' . _("user_id")); ossim_valid($language, OSS_ALPHA, OSS_PUNC, OSS_AT, OSS_NULLABLE, 'illegal:' . _("Language")); if (ossim_error()) { die(ossim_error()); } $_SESSION['_user_language'] = $language; Session::changelang($conn, $user_id, $language); if ($user_id == Session::get_session_user()) { ?> <script type="text/javascript">top.topmenu.location = '../top.php?option=7&soption=1';</script><?php } } if ($session_list = Session::get_list($conn, "ORDER BY {$order}")) { foreach ($session_list as $session) { $login = $session->get_login(); if (!Session::am_i_admin() && $login != Session::get_session_user()) { continue; } $name = $session->get_name(); $email = $session->get_email(); $enabled = $session->get_enabled(); $pass = "******"; $company = $session->get_company(); $department = $session->get_department(); $language = $session->get_language(); $is_admin = $session->get_is_admin(); $color = $i++ % 2 == 0 ? "bgcolor='#f2f2f2'" : ""; ?>
</head> <body>' . '<table width="100%" cellspacing="0" cellpadding="0" style="border:0px;">' . '<tr><td width="75">' . _('Id:') . '</td><td>' . $result->fields["id"] . '</td></tr>' . '<tr><td width="75">' . _('Title:') . '</td><td>' . $result->fields["title"] . '</td></tr>' . '<tr><td width="75">' . _('Date:') . '</td><td>' . $result->fields["date"] . '</td></tr>' . '<tr><td width="75">' . _('Ref:') . '</td><td>' . $result->fields["ref"] . '</td></tr>' . '<tr><td width="75">' . _('Type id:') . '</td><td>' . $result->fields["type_id"] . '</td></tr>' . '<tr><td width="75">' . _('Priority:') . '</td><td>' . $result->fields["priority"] . '</td></tr>' . '<tr><td width="75">' . _('Last update:') . '</td><td>' . $result->fields["last_update"] . '</td></tr>' . '<tr><td width="75">' . _('In charge:') . '</td><td>' . $in_charge . '</td></tr>' . '<tr><td width="75">' . _('Submitter:') . '</td><td>' . $result->fields["submitter"] . '</td></tr>' . '</table>' . '</body> </html>'; if (!valid_hex32($result->fields["in_charge"])) { $user_data = Session::get_list($conn, "WHERE login='******'", "", TRUE); if (is_object($user_data[0])) { if ($user_data[0]->get_email() != '') { Util::send_email($conn, $user_data[0]->get_email(), $subject, $body); } } } else { // In_charge is a entity $entity_data = Acl::get_entity($conn, $result->fields["in_charge"], FALSE, FALSE); if ($entity_data["admin_user"] != "") { // exists pro admin $pro_admin_data = Session::get_list($conn, "WHERE login='******'", "", TRUE); if ($pro_admin_data[0]->get_email() != '') { Util::send_email($conn, $pro_admin_data[0]->get_email(), $subject, $body); } } else { // Doesn't exit pro admin $users_list = Acl::get_users_by_entity($conn, $result->fields["in_charge"]); foreach ($users_list as $user) { if ($user["email"] != '') { Util::send_email($conn, $user['email'], $subject, $body); } } } } $result->MoveNext(); }
function get_json_users($conn) { require_once 'av_init.php'; $json_users = NULL; $users_list = Session::get_list($conn, "ORDER BY login"); if (is_array($users_list) && !empty($users_list)) { foreach ($users_list as $user) { $json_users .= '{ txt:"' . $user->get_name() . ' [' . _("User") . ']", id: "' . $user->get_login() . '" },'; } } return $json_users; }
ossim_valid($perms, OSS_ALPHA, OSS_PUNC, OSS_NULLABLE, 'illegal:' . _("Permissions")); if (ossim_error()) { die(ossim_error()); } function check_perms($user, $mainmenu, $submenu) { $gacl = $GLOBALS['ACL']; return $gacl->acl_check($mainmenu, $submenu, ACL_DEFAULT_USER_SECTION, $user); } require_once 'classes/Session.inc'; require_once 'classes/Net.inc'; require_once 'classes/Sensor.inc'; require_once 'ossim_db.inc'; $db = new ossim_db(); $conn = $db->connect(); if ($user_list = Session::get_list($conn, "WHERE login = '******'")) { $user = $user_list[0]; } $net_list = Net::get_all($conn); $sensor_list = Sensor::get_all($conn, "ORDER BY name ASC"); ?> <form name="fnewuser" id="fnewuser" method="post" action="duplicateuser.php"> <table align="center"> <input type="hidden" name="insert" value="insert" /> <tr> <th> <?php echo _("User login") . required(); ?> </th>
" style="width:80px;"/> <div id="widget" style="display:inline;"> <a href="javascript:;"><img src="../pixmaps/calendar.png" id='imgcalendar' border="0" align="absmiddle" style="padding-bottom:1px" /></a> <div id="widgetCalendar" style="position:absolute;top:11;z-index:10"></div> </div> </td> </tr> </table> </td> <td class="nobborder" style="padding:5px;"> <select name="user"> <?php $selected = $user == "" ? "selected='selected'" : ""; echo "<option {$selected} value=''>" . _("All") . "</option>"; if ($session_list = Session::get_list($conn, "ORDER BY login")) { foreach ($session_list as $session) { $login = $session->get_login(); $selected = $login == $user ? "selected='selected'" : ""; echo "<option {$selected} value='{$login}'>{$login}</option>"; } } ?> </select> </td> <td class="nobborder" style="padding:5px;"> <select name="code"> <?php $selected = $code == "" ? "selected='selected'" : ""; echo "<option {$selected} value=''>" . _("All") . "</option>";
} } if (ossim_error()) { $db->close(); echo "<rows>\n<page>1</page>\n<total>0</total>\n</rows>\n"; exit; } if (!empty($order)) { $order .= POST('sortorder') == 'asc' ? '' : ' desc'; } else { $order = 'name'; } $start = ($page - 1) * $rp; $limit = "LIMIT {$start}, {$rp}"; $xml = ""; $user_list = Session::get_list($conn, $where, "ORDER BY {$order} {$limit}"); if ($user_list[0]) { $total = $user_list[0]->get_foundrows(); if ($total == 0) { $total = count($user_list); } } else { $total = 0; } $xml .= "<rows>\n"; $xml .= "<page>{$page}</page>\n"; $xml .= "<total>{$total}</total>\n"; foreach ($user_list as $user) { $login = $user->get_login(); if ($login == AV_DEFAULT_ADMIN && $myself != AV_DEFAULT_ADMIN) { continue;
$in_charge = Session::get_list($conn, "WHERE login='******'"); $in_charge = count($in_charge) == 1 ? $in_charge[0] : false; $in_charge_name = format_user($in_charge); } if (!empty($transferred)) { if (preg_match("/^\\d+\$/", $transferred)) { $querye = "SELECT ae.name as ename, aet.name as etype FROM acl_entities AS ae, acl_entities_types AS aet WHERE ae.type = aet.id AND ae.id={$transferred}"; $resulte = $conn->execute($querye); list($entity_name, $entity_type) = $resulte->fields; if (!empty($entity_name) && !empty($entity_type)) { $transferred_name = $entity_name . " [" . $entity_type . "]"; } else { $transferred = false; } } else { $transferred = Session::get_list($conn, "WHERE login='******'"); $transferred = count($transferred) == 1 ? $transferred[0] : false; $transferred_name = format_user($transferred); } } else { $transferred = false; } $descrip = $ticket->get_description(); $action = $ticket->get_action(); $status = $ticket->get_status(); $prio = $ticket->get_priority(); $prio_str = Incident::get_priority_string($prio); $prio_box = Incident::get_priority_in_html($prio); if ($attach = $ticket->get_attachment($conn)) { $file_id = $attach->get_id(); $file_name = $attach->get_name();
$company = POST('company'); $department = POST('department'); if ($mode == 'insert') { unset($validate["template_id"]); } } $validation_errors = validate_form_fields('POST', $validate); //Extended validation if (empty($validation_errors['login'])) { //Checking permissions to create or modify users if ($mode == 'insert') { if (!$am_i_admin && !$am_i_proadmin) { $validation_errors['login'] = _("You don't have permission to create users"); } else { $s_login = escape_sql($login, $conn, FALSE); $u_list = Session::get_list($conn, "WHERE login='******'"); if (count($u_list) > 0) { $validation_errors['login'] = _('User login already exists') . '. <br/>' . _('Entered value') . ": '<strong>" . Util::htmlentities($login) . "</strong>'"; } } } else { $condition_1 = $am_i_admin && $login != AV_DEFAULT_ADMIN || $is_my_profile; $condition_2 = $am_i_proadmin && Session::userAllowed($login) == 2; if (!($condition_1 || $condition_2)) { $validation_errors['login'] = _("You don't have permission to modify this user"); } } } //Checking password field requirements if (empty($validation_errors['pass'])) { //Checking current password
$resend_event = 0; $sign = 0; $sem = 0; $sim = 1; $rep = 0; if ($group == "") { $group = '00000000000000000000000000000000'; } $desc = ""; $flag_events = true; $flag_sensors = true; $flag_reputation = true; $flag_servers = false; $flag_event_prio = true; $flag_time = true; $user_list = Session::get_list($conn, "WHERE login='******'"); $user = $user_list[0]; //Getting timezone $utz = $login != "" ? $user->get_tzone() : ""; if ($utz == "0" || $utz == "") { $utz = 'UTC'; } if (preg_match("/Localtime/", $utz)) { $utz = trim(`head -1 /etc/timezone`); } //This is the default timezone, It's needed to save in case u delete the time range condition $default_tz = $utz; $sources = $dests = $ports = $plugingroups = $sensors = $targets = $actions = array(); $rep_filters = $tax_filters = $event_filters = $server_fwd_filters = array(); $filter = get_filters_names($conn); if ($id != "") {
} // Insert while ($file = $dir->read()) { if (preg_match("/^insert\\-(.+)\\.sql\\.gz/", $file, $found)) { if (!in_array($found[1], $delete)) { $insert[] = $found[1]; } } } rsort($insert); $dir->close(); if ($pro) { // users $users = array(); if (Session::am_i_admin()) { $users_list = Session::get_list($conn_ossim); foreach ($users_list as $user_data) { $users[] = $user_data->login; } } else { $users_list = Acl::get_my_users($conn_ossim, Session::get_session_user()); foreach ($users_list as $user_data) { $users[] = $user_data["login"]; } } // entities list($entities_all, $num_entities) = Acl::get_entities($conn_ossim); list($entities_admin, $num) = Acl::get_entities_admin($conn_ossim, Session::get_session_user()); $entities_list = array_keys($entities_admin); } $db->close($conn);
$pass1 = GET('pass1'); $pass2 = GET('pass2'); $oldpass = GET('oldpass'); ossim_valid($pass1, OSS_ALPHA, OSS_PUNC_EXT, OSS_NULLABLE, 'illegal:' . _("Password")); ossim_valid($pass2, OSS_ALPHA, OSS_PUNC_EXT, OSS_NULLABLE, 'illegal:' . _("Password")); ossim_valid($oldpass, OSS_ALPHA, OSS_NULLABLE, 'illegal:' . _("Current Password")); if (ossim_error()) { die(ossim_error()); } if ($pass1 != "") { /* check passwords */ if (0 != strcmp($pass1, $pass2)) { $msg = _("Passwords mismatches"); } elseif (strlen($pass1) < 5) { $msg = _("Minimum password length is 5 characters."); } elseif (count($user_list = Session::get_list($conn, "WHERE login = '******' and pass = '******'")) < 1) { $msg = _("Current password is not correct"); } elseif ($pass1 == $oldpass) { $msg = _("You must change your old password."); } else { if (preg_match("/pro|demo/i", $conf->get_conf("ossim_server_version", FALSE))) { Acl::changepass($conn, $user, $pass1); } else { Session::changepass($conn, $user, $pass1); } header("location:../index.php"); } } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml">
function get_report_data($id = NULL) { $conf = $GLOBALS['CONF']; $conf = !$conf ? new Ossim_conf() : $conf; $y = strftime('%Y', time() - 24 * 60 * 60 * 30); $m = strftime('%m', time() - 24 * 60 * 60 * 30); $d = strftime('%d', time() - 24 * 60 * 60 * 30); $reports['asset_report'] = array('report_name' => _('Asset Details'), 'report_id' => 'asset_report', 'type' => 'external', 'link_id' => 'link_ar_asset', 'link' => '', 'parameters' => array(array('name' => _('Host Name/IP/Network'), 'id' => 'ar_asset', 'type' => 'asset', 'default_value' => '')), 'access' => Session::menu_perms('environment-menu', 'PolicyHosts') || Session::menu_perms('environment-menu', 'PolicyNetworks'), 'send_by_email' => 0); $status_values = array('All' => array('text' => _('All')), 'Open' => array('text' => _('Open')), 'Assigned' => array('text' => _('Assigned')), 'Studying' => array('text' => _('Studying')), 'Waiting' => array('text' => _('Waiting')), 'Testing' => array('text' => _('Testing')), 'Closed' => array('text' => _('Closed'))); $types_values = array('ALL' => array('text' => _('ALL')), 'Expansion Virus' => array('text' => _('Expansion Virus')), 'Corporative Nets Attack' => array('text' => _('Corporative Nets Attack')), 'Policy Violation' => array('text' => _('Policy Violation')), 'Security Weakness' => array('text' => _('Security Weakness')), 'Net Performance' => array('text' => _('Net Performance')), 'Applications and Systems Failures' => array('text' => _('Applications and Systems Failures')), 'Anomalies' => array('text' => _('Anomalies')), 'Vulnerability' => array('text' => _('Vulnerability'))); $priority_values = array('High' => _('High'), 'Medium' => _('Medium'), 'Low' => _('Low')); $reports['tickets_report'] = array('report_name' => _('Tickets Report'), 'report_id' => 'tickets_report', 'type' => 'pdf', 'subreports' => array('title_page' => array('id' => 'title_page', 'name' => _('Title Page'), 'report_file' => 'os_reports/Common/titlepage.php'), 'alarm' => array('id' => 'alarm', 'name' => _('Alarm'), 'report_file' => 'os_reports/Tickets/Alarm.php'), 'event' => array('id' => 'event', 'name' => _('Event'), 'report_file' => 'os_reports/Tickets/Event.php'), 'anomaly' => array('id' => 'anomaly', 'name' => _('Anomaly'), 'report_file' => 'os_reports/Tickets/Anomaly.php'), 'vulnerability' => array('id' => 'vulnerability', 'name' => _('Vulnerability'), 'report_file' => 'os_reports/Tickets/Vulnerability.php')), 'parameters' => array(array('name' => _('Date Range'), 'date_from_id' => 'tr_date_from', 'date_to_id' => 'tr_date_to', 'type' => 'date_range', 'default_value' => array('date_from' => $y . '-' . $m . '-' . $d, 'date_to' => date('Y') . '-' . date('m') . '-' . date('d'))), array('name' => _('Status'), 'id' => 'tr_status', 'type' => 'select', 'values' => $status_values), array('name' => _('Type'), 'id' => 'tr_type', 'type' => 'select', 'values' => $types_values), array('name' => _('Priority'), 'id' => 'tr_priority', 'type' => 'checkbox', 'values' => $priority_values)), 'access' => Session::menu_perms('analysis-menu', 'IncidentsIncidents'), 'send_by_email' => 1); $reports['alarm_report'] = array('report_name' => _('Alarms Report'), 'report_id' => 'alarm_report', 'type' => 'pdf', 'subreports' => array('title_page' => array('id' => 'title_page', 'name' => _('Title Page'), 'report_file' => 'os_reports/Common/titlepage.php'), 'top_attacker_host' => array('id' => 'top_attacker_host', 'name' => _('Top 10 Attacker Host'), 'report_file' => 'os_reports/Alarms/AttackerHosts.php'), 'top_attacked_host' => array('id' => 'top_attacked_host', 'name' => _('Top 10 Attacked Host'), 'report_file' => 'os_reports/Alarms/AttackedHosts.php'), 'used_port' => array('id' => 'used_port', 'name' => _('Top 10 Used Ports'), 'report_file' => 'os_reports/Alarms/UsedPorts.php'), 'top_events' => array('id' => 'top_events', 'name' => _('Top 15 Alarms'), 'report_file' => 'os_reports/Alarms/TopAlarms.php'), 'events_by_risk' => array('id' => 'events_by_risk', 'name' => _('Top 15 Alarms by Risk'), 'report_file' => 'os_reports/Alarms/TopAlarmsByRisk.php')), 'parameters' => array(array('name' => _('Date Range'), 'date_from_id' => 'ar_date_from', 'date_to_id' => 'ar_date_to', 'type' => 'date_range', 'default_value' => array('date_from' => $y . '-' . $m . '-' . $d, 'date_to' => date('Y') . '-' . date('m') . '-' . date('d')))), 'access' => Session::menu_perms('analysis-menu', 'ControlPanelAlarms'), 'send_by_email' => 1); $reports['bc_pci_report'] = array('report_name' => _('Business & Compliance ISO PCI Report'), 'report_id' => 'bc_pci_report', 'type' => 'pdf', 'subreports' => array('title_page' => array('id' => 'title_page', 'name' => _('Title Page'), 'report_file' => 'os_reports/Common/titlepage.php'), 'threat_overview' => array('id' => 'threat_overview', 'name' => _('Threat overview'), 'report_file' => 'os_reports/BusinessAndComplianceISOPCI/ThreatOverview.php'), 'bri_risks' => array('id' => 'bri_risks', 'name' => _('Business real impact risks'), 'report_file' => 'os_reports/BusinessAndComplianceISOPCI/BusinessPotentialImpactsRisks.php'), 'ciap_impact' => array('id' => 'ciap_impact', 'name' => _('C.I.A Potential impact'), 'report_file' => 'os_reports/BusinessAndComplianceISOPCI/CIAPotentialImpactsRisks.php'), 'pci_dss' => array('id' => 'pci_dss', 'name' => _('PCI-DSS 2.0'), 'report_file' => 'os_reports/BusinessAndComplianceISOPCI/PCI-DSS.php'), 'pci_dss3' => array('id' => 'pci_dss3', 'name' => _('PCI-DSS 3.0'), 'report_file' => 'os_reports/BusinessAndComplianceISOPCI/PCI-DSS3.php'), 'trends' => array('id' => 'trends', 'name' => _('Trends'), 'report_file' => 'os_reports/BusinessAndComplianceISOPCI/Trends.php'), 'iso27002_p_impact' => array('id' => 'iso27002_p_impact', 'name' => _('ISO27002 Potential impact'), 'report_file' => 'os_reports/BusinessAndComplianceISOPCI/ISO27002PotentialImpact.php'), 'iso27001' => array('id' => 'iso27001', 'name' => _('ISO27001'), 'report_file' => 'os_reports/BusinessAndComplianceISOPCI/ISO27001.php')), 'parameters' => array(array('name' => _('Date Range'), 'date_from_id' => 'bc_pci_date_from', 'date_to_id' => 'bc_pci_date_to', 'type' => 'date_range', 'default_value' => array('date_from' => $y . '-' . $m . '-' . $d, 'date_to' => date('Y') . '-' . date('m') . '-' . date('d')))), 'access' => Session::menu_perms('report-menu', 'ReportsReportServer'), 'send_by_email' => 1); $reports['siem_report'] = array('report_name' => _('SIEM Events'), 'report_id' => 'siem_report', 'type' => 'pdf', 'subreports' => array('title_page' => array('id' => 'title_page', 'name' => _('Title Page'), 'report_file' => 'os_reports/Common/titlepage.php'), 'top_attacker_host' => array('id' => 'top_attacker_host', 'name' => _('Top 10 Attacker Host'), 'report_file' => 'os_reports/Siem/AttackerHosts.php'), 'top_attacked_host' => array('id' => 'top_attacked_host', 'name' => _('Top 10 Attacked Host'), 'report_file' => 'os_reports/Siem/AttackedHosts.php'), 'used_port' => array('id' => 'used_port', 'name' => _('Top 10 Used Ports'), 'report_file' => 'os_reports/Siem/UsedPorts.php'), 'top_events' => array('id' => 'top_events', 'name' => _('Top 15 Events'), 'report_file' => 'os_reports/Siem/TopEvents.php'), 'events_by_risk' => array('id' => 'events_by_risk', 'name' => _('Top 15 Events by Risk'), 'report_file' => 'os_reports/Siem/TopEventsByRisk.php')), 'parameters' => array(array('name' => _('Date Range'), 'date_from_id' => 'sr_date_from', 'date_to_id' => 'sr_date_to', 'type' => 'date_range', 'default_value' => array('date_from' => $y . '-' . $m . '-' . $d, 'date_to' => date('Y') . '-' . date('m') . '-' . date('d')))), 'access' => Session::menu_perms('analysis-menu', 'EventsForensics'), 'send_by_email' => 1); $reports['vulnerabilities_report'] = array('report_name' => _('Vulnerabilities Report'), 'report_id' => 'vulnerabilities_report', 'type' => 'external', 'target' => '_blank', 'link_id' => 'link_vr', 'link' => Menu::get_menu_url('../vulnmeter/lr_respdf.php?ipl=all&scantype=M', 'environment', 'vulnerabilities', 'overview'), 'access' => Session::menu_perms('analysis-menu', 'EventsVulnerabilities'), 'send_by_email' => 0); $reports['th_vuln_db'] = array('report_name' => _('Threats & Vulnerabilities Database'), 'report_id' => 'th_vuln_db', 'type' => 'external', 'link_id' => 'link_tvd', 'link' => Menu::get_menu_url('../vulnmeter/threats-db.php', 'environment', 'vulnerabilities', 'threat_database'), 'access' => Session::menu_perms('analysis-menu', 'EventsVulnerabilities'), 'send_by_email' => 0); $reports['ticket_status'] = array('report_name' => _('Tickets Status'), 'report_id' => 'ticket_status', 'type' => 'external', 'link_id' => 'link_tr', 'link' => Menu::get_menu_url('../report/incidentreport.php', 'analysis', 'tickets', 'tickets'), 'access' => Session::menu_perms('analysis-menu', 'IncidentsIncidents'), 'send_by_email' => 0); $db = new ossim_db(); $conn = $db->connect(); $user = Session::get_session_user(); $session_list = Session::get_list($conn, 'ORDER BY login'); if (preg_match('/pro|demo/', $conf->get_conf('ossim_server_version')) && !Session::am_i_admin()) { $myusers = Acl::get_my_users($conn, Session::get_session_user()); if (count($myusers) > 0) { $is_pro_admin = 1; } } // User Log lists if (Session::am_i_admin()) { $user_values[''] = array('text' => _('All')); if ($session_list) { foreach ($session_list as $session) { $login = $session->get_login(); $user_values[$login] = $login == $user ? array('text' => $login, 'selected' => TRUE) : array('text' => $login); } } } elseif ($is_pro_admin) { foreach ($myusers as $myuser) { $user_values[$myuser['login']] = array('text' => $myuser['login']); $user_values[$user] = array('text' => $user, 'selected' => TRUE); } } else { $user_values[$user] = array('text' => $user); } $code_list = Log_config::get_list($conn, 'ORDER BY descr'); $action_values[''] = array('text' => _('All')); if ($code_list) { foreach ($code_list as $code_log) { $code_aux = $code_log->get_code(); $action_values[$code_aux] = array('text' => '[' . sprintf("%02d", $code_aux) . '] ' . _(preg_replace('|%.*?%|', " ", $code_log->get_descr()))); } } $reports['user_activity'] = array('report_name' => _('User Activity Report'), 'report_id' => 'user_activity', 'type' => 'external', 'link_id' => 'link_ua', 'link' => Menu::get_menu_url('../userlog/user_action_log.php', 'settings', 'settings', 'user_activity'), 'parameters' => array(array('name' => _('User'), 'id' => 'ua_user', 'type' => 'select', 'values' => $user_values), array('name' => _('Action'), 'id' => 'ua_action', 'type' => 'select', 'values' => $action_values)), 'access' => Session::menu_perms('settings-menu', 'ToolsUserLog'), 'send_by_email' => 0); $reports['geographic_report'] = array('report_name' => _('Geographic Report'), 'report_id' => 'geographic_report', 'type' => 'pdf', 'subreports' => array('title_page' => array('id' => 'title_page', 'name' => _('Title Page'), 'report_file' => 'os_reports/Common/titlepage.php'), 'geographic_report' => array('id' => 'geographic_report', 'name' => _('Geographic Report'), 'report_file' => 'os_reports/Various/Geographic.php')), 'parameters' => array(array('name' => _('Date Range'), 'date_from_id' => 'gr_date_from', 'date_to_id' => 'gr_date_to', 'type' => 'date_range', 'default_value' => array('date_from' => $y . '-' . $m . '-' . $d, 'date_to' => date('Y') . '-' . date('m') . '-' . date('d')))), 'access' => Session::menu_perms('analysis-menu', 'EventsForensics'), 'send_by_email' => 1); //Sensor list $sensor_values[''] = array('text' => ' -- ' . _('Sensors no found') . ' -- '); $filters = array('order_by' => 'name'); $sensor_list = Av_sensor::get_basic_list($conn, $filters); $filters = array('order_by' => 'priority desc'); list($sensor_list, $sensor_total) = Av_sensor::get_list($conn, $filters); if ($sensor_total > 0) { $sensor_values = array(); foreach ($sensor_list as $s) { $properties = $s['properties']; if ($properties['has_nagios']) { $sensor_values[$s['ip']] = array('text' => $s['name']); } } } /* Nagios link */ $nagios_link = $conf->get_conf('nagios_link'); $scheme = empty($_SERVER['HTTPS']) ? 'http://' : 'https://'; $path = !empty($nagios_link) ? $nagios_link : '/nagios3/'; $port = !empty($_SERVER['SERVER_PORT']) ? ':' . $_SERVER['SERVER_PORT'] : ""; $nagios = $port . $path; $section_values = array(urlencode($nagios . 'cgi-bin/trends.cgi') => array('text' => _('Trends')), urlencode($nagios . 'cgi-bin/avail.cgi') => array('text' => _('Availability')), urlencode($nagios . 'cgi-bin/histogram.cgi') => array('text' => _('Event Histogram')), urlencode($nagios . 'cgi-bin/history.cgi?host=all') => array('text' => _('Event History')), urlencode($nagios . 'cgi-bin/summary.cgi') => array('text' => _('Event Summary')), urlencode($nagios . 'cgi-bin/notifications.cgi') => array('text' => _('Notifications')), urlencode($nagios . 'cgi-bin/showlog.cgi') => array('text' => _('Performance Info'))); $reports['availability_report'] = array('report_name' => _('Availability Report'), 'report_id' => 'availability_report', 'type' => 'external', 'link_id' => 'link_avr', 'click' => "nagios_link('avr_nagios_link', 'avr_sensor', 'avr_section');", 'parameters' => array(array('name' => _('Sensor'), 'id' => 'avr_sensor', 'type' => 'select', 'values' => $sensor_values), array('name' => 'Nagioslink', 'id' => 'avr_nagios_link', 'type' => 'hidden', 'default_value' => urlencode($scheme)), array('name' => _('Section'), 'id' => 'avr_section', 'type' => 'select', 'values' => $section_values)), 'access' => Session::menu_perms('environment-menu', 'MonitorsAvailability'), 'send_by_email' => 0); $db->close(); if ($id == NULL) { ksort($reports); return $reports; } else { return !empty($reports[$id]) ? $reports[$id] : array(); } }
$id = POST('id'); $my_session = session_id(); $db = new ossim_db(); $dbconn = $db->connect(); if ($id == $my_session) { $data['status'] = 'error'; $data['data'] = _("Autologout is not allowed"); echo json_encode($data); exit; } //Now, we are gonna check if we can force the logout of the user: $allowed_users = array(); $flag_delete = false; if (Session::am_i_admin() || $pro && Acl::am_i_proadmin()) { if (Session::am_i_admin()) { $users_list = Session::get_list($dbconn, "ORDER BY login"); } else { $users_list = Acl::get_my_users($dbconn, Session::get_session_user()); } if (is_array($users_list) && !empty($users_list)) { foreach ($users_list as $k => $v) { $users[] = is_object($v) ? $v->get_login() : $v["login"]; } $where = "WHERE login in ('" . implode("','", $users) . "')"; } } else { $where = "WHERE login = '******'"; } $allowed_users = Session_activity::get_list($dbconn, $where . " ORDER BY activity desc"); foreach ($allowed_users as $user) { if ($user->get_id() == $id) {