* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, * MA 02110-1301 USA * * * On Debian GNU/Linux systems, the complete text of the GNU General * Public License can be found in `/usr/share/common-licenses/GPL-2'. * * Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt ****************************************************************************/ /** * Class and Function List: * Function list: * Classes list: */ require_once 'classes/Session.inc'; Session::logcheck("MenuMonitors", "MonitorsNetwork"); ?> <html> <head> <title> <?php echo gettext("OSSIM Framework"); ?> </title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <META HTTP-EQUIV="Pragma" CONTENT="no-cache"> <link rel="stylesheet" type="text/css" href="../style/style.css"/> </head> <body>
*/ /************************************************************************************/ /************************************************************************************/ /*** ***/ /*** IF YOU MODIFY THIS FILE, PLEASE CHECK IT WORKS RIGHT IN THE WELCOME WIZARD ***/ /*** ***/ /************************************************************************************/ /************************************************************************************/ /** * Function list: * - function print_form($msg_errors = '') * - function clean_iic($string) * - function import_assets_from_csv($filename, $iic, $ctx, $import_type) */ require_once 'av_init.php'; Session::logcheck('environment-menu', 'PolicyNetworks'); //Functions function print_form($import_type) { $config = array('networks' => array('contexts' => array('show_tree' => Session::show_entities(), 'default_value' => Session::get_default_ctx()), 'chk_iic' => array('show' => TRUE, 'checked' => FALSE), 'help' => array('Version 4.x.x' => array('format' => _('"Netname"*;"CIDRs(CIDR1,CIDR2,...)"*;"Description";"Asset value"*;"Net ID"'), 'example' => '"Net_1";"192.168.10.0/24,192.168.9.0/24";"' . _('Short description') . '";"2";"479D45C0BBF22B4458BD2F8EE09ECAC2"'), 'Version 3.x.x' => array('format' => _('"Netname"*;"CIDRs(CIDR1,CIDR2,...)"*;"Description";"Asset value";"Sensors(Sensor1,Sensor2,...)"*'), 'example' => '"Net_1";"192.168.10.0/24,192.168.9.0/24";"' . _('Short description') . '";"2";"192.168.10.2,192.168.10.3"'))), 'welcome_wizard_nets' => array('contexts' => array('show_tree' => FALSE, 'default_value' => Session::get_default_ctx()), 'chk_iic' => array('show' => FALSE, 'checked' => TRUE), 'help' => array('Version 4.x.x' => array('format' => _('"Netname"*;"CIDRs(CIDR1,CIDR2,...)"*;"Description"'), 'example' => '"Net_1";"192.168.10.0/24,192.168.9.0/24";"' . _('Short description') . '"')))); if (!array_key_exists($import_type, $config)) { echo ossim_error(_('Error! Import Type not found')); } else { ?> <div id='av_info'></div> <form name='form_csv' id='form_csv' method='POST' action='import_all_nets_ajax.php' enctype='multipart/form-data' target='iframe_upload'> <input type="hidden" name="ctx" id="ctx" value="<?php echo $config[$import_type]['contexts']['default_value']; ?>
* You should have received a copy of the GNU General Public License * along with this package; if not, write to the Free Software * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, * MA 02110-1301 USA * * * On Debian GNU/Linux systems, the complete text of the GNU General * Public License can be found in `/usr/share/common-licenses/GPL-2'. * * Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt * */ require_once 'av_init.php'; require_once 'ossim_db.inc'; require_once 'general.php'; Session::logcheck("analysis-menu", "EventsForensics"); $it_security = ""; $address = ""; $tlfn = ""; $tz = Util::get_timezone(); $date = gmdate("Y-m-d H:i:s", gmdate("U") + 3600 * $tz); $maintitle = $report_data['report_name']; $db = new ossim_db(); $conn = $db->connect(); $t_params = array(); $t_params[] = $user; $t_query = "SELECT dataV1, dataV2 \r\n\t\t FROM datawarehouse.report_data \r\n\t\t WHERE id_report_data_type=35 and user=?"; $conn->SetFetchMode(ADODB_FETCH_ASSOC); $t_rs = $conn->Execute($t_query, $t_params); if (!$t_rs) { $filter = '';
* GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this package; if not, write to the Free Software * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, * MA 02110-1301 USA * * * On Debian GNU/Linux systems, the complete text of the GNU General * Public License can be found in `/usr/share/common-licenses/GPL-2'. * * Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt * */ require_once 'av_init.php'; Session::logcheck('configuration-menu', 'CorrelationCrossCorrelation'); $action = 'insert'; $url_form = 'newpluginref.php'; $button_text = Util::js_entities(_("Create rule")); $plugin_id1 = REQUEST('plugin_id1'); $plugin_id2 = REQUEST('plugin_id2'); $plugin_sid1 = REQUEST('plugin_sid1'); $plugin_sid2 = REQUEST('plugin_sid2'); if ($plugin_id1 != '' || $plugin_id2 != '' || $plugin_sid1 != '' || $plugin_sid2 != '') { $action = 'modify'; $url_form = 'modifypluginref.php'; $button_text = Util::js_entities(_('Save rule')); ossim_valid($plugin_id1, OSS_DIGIT, 'illegal:' . _('Plugin ID1')); ossim_valid($plugin_id2, OSS_DIGIT, 'illegal:' . _('Plugin ID2')); ossim_valid($plugin_sid1, OSS_DIGIT, 'illegal:' . _('Plugin SID1')); ossim_valid($plugin_sid2, OSS_DIGIT, 'illegal:' . _('Plugin SID2'));
* GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this package; if not, write to the Free Software * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, * MA 02110-1301 USA * * * On Debian GNU/Linux systems, the complete text of the GNU General * Public License can be found in `/usr/share/common-licenses/GPL-2'. * * Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt * */ require_once 'av_init.php'; Session::logcheck('environment-menu', 'PolicyHosts'); //CPE Types $_cpe_types = array('os' => 'o', 'hardware' => 'h', 'software' => 'a'); $_cpe = GET('q'); $_cpe_type = GET('cpe_type'); ossim_valid($_cpe, OSS_NULLABLE, OSS_ALPHA, OSS_PUNC_EXT, 'illegal:' . _('CPE')); ossim_valid($_cpe_type, 'os | software | hardware', 'illegal:' . _('CPE Type')); if (ossim_error() || !array_key_exists($_cpe_type, $_cpe_types)) { exit; } $db = new Ossim_db(); $conn = $db->connect(); $_cpe = escape_sql($_cpe, $conn); $filters = array('where' => "`cpe` LIKE 'cpe:/" . $_cpe_types[$_cpe_type] . "%' AND `line` LIKE '%{$_cpe}%'", 'limit' => 20); $software = new Software($conn, $filters); $db->close();
* GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this package; if not, write to the Free Software * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, * MA 02110-1301 USA * * * On Debian GNU/Linux systems, the complete text of the GNU General * Public License can be found in `/usr/share/common-licenses/GPL-2'. * * Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt * */ require_once 'av_init.php'; Session::logcheck("dashboard-menu", "IPReputation"); $perms = array('admin' => Session::am_i_admin()); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html> <head> <title><?php echo _('Open Threat Exchange Configuration'); ?> </title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <meta http-equiv="Pragma" content="no-cache"/> <?php //CSS Files
* Public License can be found in `/usr/share/common-licenses/GPL-2'. * * Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt * */ /** * Function list: * - get_policy_entities * - message_ok() * - email_form() * - exec_form() * - ticket_form() * - submit() */ require_once 'av_init.php'; Session::logcheck('configuration-menu', 'PolicyActions'); function get_policy_entities($conn) { $entities = $entities_all = array(); $entities_all = Acl::get_entities_to_assign($conn); foreach ($entities_all as $k => $v) { if (Acl::is_logical_entity($conn, $k)) { $parent_id = Acl::get_logical_ctx_id($conn, $k); $parent_id = $parent_id[0]; // first $parent_name = Acl::get_entity_name($conn, $parent_id); $entities[$parent_id] = $parent_name; } else { $entities[$k] = $v; } }
* GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this package; if not, write to the Free Software * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, * MA 02110-1301 USA * * * On Debian GNU/Linux systems, the complete text of the GNU General * Public License can be found in `/usr/share/common-licenses/GPL-2'. * * Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt * */ require_once dirname(__FILE__) . '/../../conf/config.inc'; Session::logcheck('environment-menu', 'EventsHidsConfig'); $data['status'] = 'success'; $data['data'] = NULL; $file = $_SESSION['_current_file']; $sensor_id = POST('sensor_id'); $new_xml_data = $_POST['data']; $token = POST('token'); ossim_valid($sensor_id, OSS_HEX, 'illegal:' . _('Sensor ID')); ossim_valid($file, OSS_ALPHA, OSS_SCORE, OSS_DOT, 'illegal:' . _('File')); if (ossim_error()) { $data['status'] = 'error'; $data['data'] = ossim_get_error_clean(); } else { if (!Token::verify('tk_f_rules', $token)) { $data['status'] = 'error'; $data['data'] = Token::create_error_message();
* MA 02110-1301 USA * * * On Debian GNU/Linux systems, the complete text of the GNU General * Public License can be found in `/usr/share/common-licenses/GPL-2'. * * Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt ****************************************************************************/ /** * Class and Function List: * Function list: * Classes list: */ require_once 'classes/Session.inc'; require_once 'classes/Util.inc'; Session::logcheck("MenuPolicy", "PolicyHosts"); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title> <?php echo gettext("OSSIM Framework"); ?> </title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <meta http-equiv="Pragma" CONTENT="no-cache"/> <link rel="stylesheet" type="text/css" href="../style/style.css"/> </head> <body>
* GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this package; if not, write to the Free Software * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, * MA 02110-1301 USA * * * On Debian GNU/Linux systems, the complete text of the GNU General * Public License can be found in `/usr/share/common-licenses/GPL-2'. * * Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt * */ require_once 'av_init.php'; Session::logcheck("dashboard-menu", "ControlPanelExecutive"); $min_font_size = 10; $max_font_size = 35; $maximum_count = max(array_values($data)); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html lang="en"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <?php if (isset($widget_refresh) && $widget_refresh != 0) { echo '<meta http-equiv="refresh" content="' . $widget_refresh . '">'; } ?>
/***********************************************************/ /* See the README.txt and/or help files for more */ /* information on how to use & config. */ /* See the LICENSE.txt file for more information on the */ /* License this software is distributed under. */ /* */ /* This program is intended for use in an authorized */ /* manner only, and the author can not be held liable for */ /* anything done with this program, code, or items */ /* discovered with this program's use. */ /***********************************************************/ require_once 'av_init.php'; require_once 'config.php'; require_once 'functions.inc'; require_once 'ossim_sql.inc'; Session::logcheck("environment-menu", "EventsVulnerabilities"); $pageTitle = "Lookup"; $getParams = array("disp", "id", "op", "nid", "lookup", "eventid", "org", "site", "showlive", "last30"); $db = new ossim_db(); $conn = $db->connect(); switch ($_SERVER['REQUEST_METHOD']) { case "GET": foreach ($getParams as $gp) { if (isset($_GET[$gp])) { ${$gp} = Util::htmlentities(escape_sql(trim($_GET[$gp]), $conn)); } else { ${$gp} = ""; } } break; }
* GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this package; if not, write to the Free Software * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, * MA 02110-1301 USA * * * On Debian GNU/Linux systems, the complete text of the GNU General * Public License can be found in `/usr/share/common-licenses/GPL-2'. * * Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt * */ require_once 'av_init.php'; Session::logcheck("configuration-menu", "ConfigurationUserActionLog"); $update = isset($_POST['update']) && POST('update') != '' ? true : false; /* connect to db */ $db = new ossim_db(); $conn = $db->connect(); $status = true; $ua_items = array(); $ua_logged = array(); $ua_not_logged = array(); if ($log_conf_list = Log_config::get_list($conn, "")) { foreach ($log_conf_list as $log_conf) { $descr = preg_replace('|%.*?%|', " ", $log_conf->get_descr()); $descr = trim($descr) == '' ? _("Various") : $descr; $code = $log_conf->get_code(); $ua_items[$code] = array("descr" => $descr, "log" => $log_conf->get_log()); if ($log_conf->get_log()) {
* GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this package; if not, write to the Free Software * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, * MA 02110-1301 USA * * * On Debian GNU/Linux systems, the complete text of the GNU General * Public License can be found in `/usr/share/common-licenses/GPL-2'. * * Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt * */ require_once 'av_init.php'; Session::logcheck("configuration-menu", "PolicyServers"); $validate = array("id" => array("validation" => "OSS_HEX", "e_message" => 'illegal:' . _("ID")), "sname" => array("validation" => "OSS_ALPHA, OSS_PUNC", "e_message" => 'illegal:' . _("Name")), "ip" => array("validation" => "OSS_IP_ADDR", "e_message" => 'illegal:' . _("Ip")), "port" => array("validation" => "OSS_PORT", "e_message" => 'illegal:' . _("Port number")), "descr" => array("validation" => "OSS_ALL, OSS_NULLABLE", "e_message" => 'illegal:' . _("Description")), "correlate" => array("validation" => "OSS_ALPHA, OSS_NULLABLE", "e_message" => 'illegal:' . _("Correlation")), "cross_correlate" => array("validation" => "OSS_ALPHA, OSS_NULLABLE", "e_message" => 'illegal:' . _("Cross Correlation")), "store" => array("validation" => "OSS_ALPHA, OSS_NULLABLE", "e_message" => 'illegal:' . _("Store")), "reputation" => array("validation" => "OSS_ALPHA, OSS_NULLABLE", "e_message" => 'illegal:' . _("Reputation")), "qualify" => array("validation" => "OSS_ALPHA, OSS_NULLABLE", "e_message" => 'illegal:' . _("Qualify")), "resend_alarms" => array("validation" => "OSS_ALPHA, OSS_NULLABLE", "e_message" => 'illegal:' . _("Resend Alarms")), "resend_events" => array("validation" => "OSS_ALPHA, OSS_NULLABLE", "e_message" => 'illegal:' . _("Resend Events")), "sign" => array("validation" => "OSS_ALPHA, OSS_NULLABLE", "e_message" => 'illegal:' . _("Sign")), "multi" => array("validation" => "OSS_ALPHA, OSS_NULLABLE", "e_message" => 'illegal:' . _("Multilevel")), "sem" => array("validation" => "OSS_ALPHA, OSS_NULLABLE", "e_message" => 'illegal:' . _("Log")), "sim" => array("validation" => "OSS_ALPHA, OSS_NULLABLE", "e_message" => 'illegal:' . _("Security Events")), "alarm_to_syslog" => array("validation" => "OSS_ALPHA, OSS_NULLABLE", "e_message" => 'illegal:' . _("Alarm to Syslog")), "remoteadmin" => array("validation" => "OSS_ALPHA, OSS_PUNC, OSS_NULLABLE", "e_message" => 'illegal:' . _("Remote Admin")), "remotepass" => array("validation" => "OSS_PASSWORD, OSS_NULLABLE", "e_message" => 'illegal:' . _("Remote Password")), "remoteurl" => array("validation" => "OSS_ALPHA, OSS_PUNC, OSS_NULLABLE", "e_message" => 'illegal:' . _("Remote URL")), "setssh" => array("validation" => "OSS_DIGIT, OSS_NULLABLE", "e_message" => 'illegal:' . _("setssh"))); if (GET('ajax_validation') == TRUE) { $data['status'] = 'OK'; $validation_errors = array(); if (GET('name') == 'rservers[]' && !empty($_GET['rservers'])) { $rservers = $_GET['rservers']; foreach ($rservers as $rserver) { $rserver = explode('@', $rserver); $fwr_ser = $rserver[0]; $fwr_prio = $rserver[1]; ossim_valid($fwr_ser, OSS_HEX, 'illegal:' . _("Forward Servers")); ossim_valid($fwr_prio, OSS_DIGIT, 'illegal:' . _("Forward Priority")); if (ossim_error()) { $validation_errors['rservers[]'] = ossim_get_error_clean(); ossim_clean_error();
* along with this package; if not, write to the Free Software * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, * MA 02110-1301 USA * * * On Debian GNU/Linux systems, the complete text of the GNU General * Public License can be found in `/usr/share/common-licenses/GPL-2'. * * Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt * */ set_time_limit(180); ini_set('memory_limit', '1024M'); ini_set('session.bug_compat_warn', 'off'); require_once 'av_init.php'; Session::logcheck("analysis-menu", "IncidentsReport"); $by = GET('by'); ossim_valid($by, OSS_ALPHA, OSS_SPACE, OSS_SCORE, 'illegal:' . _("Target")); if (ossim_error()) { die(ossim_error()); } // Define colors $color_list = array('#D6302C', '#3933FC', 'green', 'yellow', 'pink', '#40E0D0', '#00008B', '#800080', '#FFA500', '#A52A2A', '#228B22', '#D3D3D3'); $conf = $GLOBALS["CONF"]; $jpgraph = $conf->get_conf("jpgraph_path"); require "{$jpgraph}/jpgraph.php"; require "{$jpgraph}/jpgraph_bar.php"; $db = new ossim_db(); $conn = $db->connect(); $shared = new DBA_shared(GET('shared')); if ($by == "ticketsByTypePerMonth") {
*/ /******************************************************************************* ** OSSIM Forensics Console ** Copyright (C) 2009 OSSIM/AlienVault ** Copyright (C) 2004 BASE Project Team ** Copyright (C) 2000 Carnegie Mellon University ** ** (see the file 'base_main.php' for license details) ** ** Built upon work by Roman Danyliw <*****@*****.**>, <*****@*****.**> ** Built upon work by the BASE Project Team <*****@*****.**> */ /* OSSIM session */ if ($use_ossim_session) { require_once 'classes/Session.inc'; Session::logcheck($ossim_acid_aco_section, $ossim_acid_aco, $ossim_login_path); } function GetSensorIDs($db) { $result = $db->baseExecute("SELECT sid FROM sensor;"); while ($myrow = $result->baseFetchRow()) { $sensor_ids[] = $myrow[0]; } $result->baseFreeRows(); return $sensor_ids; } function GetSensorName($sid, $db) { $name = ""; $multiple = preg_match("/\\,/", $sid) ? true : false; if ($multiple) {
* * * On Debian GNU/Linux systems, the complete text of the GNU General * Public License can be found in `/usr/share/common-licenses/GPL-2'. * * Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt * */ header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); header("Last-Modified: " . gmdate("D, d M Y H:i:s") . "GMT"); header("Cache-Control: no-cache, must-revalidate"); header("Pragma: no-cache"); require_once 'av_init.php'; $m_perms = array('analysis-menu', 'analysis-menu'); $sm_perms = array('EventsForensics', 'ControlPanelAlarms'); Session::logcheck($m_perms, $sm_perms); list($ip, $ctx) = explode('-', GET('ip')); ossim_valid($ip, OSS_IP_ADDR_0, 'illegal:' . _('Ip')); ossim_valid($ctx, OSS_HEX, OSS_NULLABLE, 'illegal:' . _('Ctx')); // Maybe nullable from Logger resolves if (ossim_error()) { die(ossim_error()); } $db = new ossim_db(); $conn = $db->connect(); $net = array_shift(Asset_host::get_closest_net($conn, $ip, $ctx)); if (is_array($net)) { if ($net['icon'] != '') { echo "<img class='asset_icon w16' src='data:image/png;base64," . base64_encode($net['icon']) . "' border='0'/> "; } echo '<strong>' . $net['name'] . '</strong> (' . $net['ips'] . ')';
* GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this package; if not, write to the Free Software * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, * MA 02110-1301 USA * * * On Debian GNU/Linux systems, the complete text of the GNU General * Public License can be found in `/usr/share/common-licenses/GPL-2'. * * Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt * */ require_once 'av_init.php'; Session::logcheck("configuration-menu", "CorrelationDirectives"); $directive_id = GET('directive_id'); $file = GET('file'); $engine_id = GET('engine_id'); $rule = GET('rule'); $mode = GET('mode'); ossim_valid($directive_id, OSS_DIGIT, 'illegal:' . _("Directive ID")); ossim_valid($file, OSS_ALPHA, OSS_DOT, OSS_SCORE, 'illegal:' . _("XML File")); ossim_valid($engine_id, OSS_HEX, OSS_SCORE, 'illegal:' . _("Engine ID")); ossim_valid($rule, OSS_DIGIT, '\\-', OSS_NULLABLE, 'illegal:' . _("Rule ID")); ossim_valid($mode, OSS_ALPHA, OSS_NULLABLE, 'illegal:' . _("Mode")); if (ossim_error()) { die(ossim_error()); } $directive_editor = new Directive_editor($engine_id); $filepath = file_exists($directive_editor->engine_path . "/" . $file) ? $directive_editor->engine_path . "/" . $file : $directive_editor->main_path . "/" . $file;
* GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this package; if not, write to the Free Software * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, * MA 02110-1301 USA * * * On Debian GNU/Linux systems, the complete text of the GNU General * Public License can be found in `/usr/share/common-licenses/GPL-2'. * * Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt * */ require_once 'av_init.php'; Session::logcheck("configuration-menu", "PolicyPolicy"); require_once 'policy_common.php'; ?> <html> <head> <title> <?php echo _("OSSIM Framework"); ?> </title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <META HTTP-EQUIV="Pragma" CONTENT="no-cache"> <link rel="stylesheet" type="text/css" href="../style/av_common.css?t=<?php echo Util::get_css_id();
* GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this package; if not, write to the Free Software * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, * MA 02110-1301 USA * * * On Debian GNU/Linux systems, the complete text of the GNU General * Public License can be found in `/usr/share/common-licenses/GPL-2'. * * Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt * */ require_once 'av_init.php'; Session::logcheck("configuration-menu", "Osvdb"); $sintax = new KDB_Sintax(); $labels_condition = $sintax->_labels_condition; $labels_actions = $sintax->_labels_actions; $labels_operators = $sintax->_labels_operators; $labels_variables = $sintax->_labels_variables; $labels_sections = $sintax->_labels_sections; $title_desc = _('Description'); $title_example = _('Example'); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html> <head> <title> <?php echo gettext("OSSIM Framework"); ?>
* * * On Debian GNU/Linux systems, the complete text of the GNU General * Public License can be found in `/usr/share/common-licenses/GPL-2'. * * Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt * * @package ossim-framework\Assets * @autor AlienVault INC * @license http://www.gnu.org/licenses/gpl-2.0.txt * @copyright 2003-2006 ossim.net * @copyright 2007-2013 AlienVault * @link https://www.alienvault.com/ */ require_once 'av_init.php'; Session::logcheck("environment-menu", "PolicyHosts"); // Close session write for real background loading session_write_close(); $group_id = GET('group_id'); $asset_type = GET('asset_type'); $maxrows = POST('iDisplayLength') != '' ? POST('iDisplayLength') : 15; $search_str = POST('sSearch') != '' ? POST('sSearch') : ''; $from = POST('iDisplayStart') != '' ? POST('iDisplayStart') : 0; $order = POST('iSortCol_0') != '' ? POST('iSortCol_0') : ''; $torder = POST('sSortDir_0'); $sec = POST('sEcho'); switch ($order) { case 0: $order = 'hostname'; break; /*
* GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this package; if not, write to the Free Software * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, * MA 02110-1301 USA * * * On Debian GNU/Linux systems, the complete text of the GNU General * Public License can be found in `/usr/share/common-licenses/GPL-2'. * * Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt * */ require_once 'av_init.php'; Session::logcheck("environment-menu", "ReportsWireless"); require_once 'Wireless.inc'; $sensor = GET('sensor'); $file = str_replace("../", "", GET('file')); ossim_valid($sensor, OSS_IP_ADDR, 'illegal: sensor'); ossim_valid($file, OSS_TEXT, 'illegal: file'); if (ossim_error()) { die(ossim_error()); } # sensor list with perms require_once 'ossim_db.inc'; $db = new ossim_db(); $conn = $db->connect(); if (!validate_sensor_perms($conn, $sensor, ", sensor_properties WHERE sensor.id=sensor_properties.sensor_id AND sensor_properties.has_kismet=1")) { echo ossim_error($_SESSION["_user"] . " have not privileges for {$sensor}"); $db->close();
* GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this package; if not, write to the Free Software * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, * MA 02110-1301 USA * * * On Debian GNU/Linux systems, the complete text of the GNU General * Public License can be found in `/usr/share/common-licenses/GPL-2'. * * Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt * */ require_once 'av_init.php'; Session::logcheck("analysis-menu", "IncidentsIncidents"); $id = GET('id'); $incident_id = GET('incident_id'); ossim_valid($id, OSS_DIGIT, 'illegal:' . _("Id")); ossim_valid($incident_id, OSS_DIGIT, 'illegal:' . _("Incident Id")); if (ossim_error()) { die(ossim_error()); } /* database connect */ $db = new ossim_db(); $conn = $db->connect(); list($output_name, $content) = Incident::get_custom_content($conn, $id, $incident_id); $conn->disconnect(); header("Pragma: public"); header("Expires: 0"); header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
/* http://inprotect.sourceforge.net/ */ /***********************************************************/ /* See the README.txt and/or help files for more */ /* information on how to use & config. */ /* See the LICENSE.txt file for more information on the */ /* License this software is distributed under. */ /* */ /* This program is intended for use in an authorized */ /* manner only, and the author can not be held liable for */ /* anything done with this program, code, or items */ /* discovered with this program's use. */ /***********************************************************/ require_once 'av_init.php'; require_once 'config.php'; require_once 'functions.inc'; Session::logcheck('environment-menu', 'EventsVulnerabilitiesScan'); $db = new ossim_db(); $conn = $db->connect(); $conn->SetFetchMode(ADODB_FETCH_BOTH); // check the number of plugins $query = 'select count(*) as total_plugins from vuln_nessus_plugins'; $result = $conn->execute($query); if ($result->fields['total_plugins'] == 0) { die('<h2>Please run updateplugins.pl script first before using web interface.</h2>'); } $tz = Util::get_timezone(); $force = FALSE; $close = FALSE; // get parameters $parameters = array('action', 'job_name', 'targets', 'schedule_type', 'ROYEAR', 'ROMONTH', 'ROday', 'time_hour', 'time_min', 'dayofweek', 'dayofmonth', 'timeout', 'SVRid', 'sid', 'targets', 'job_id', 'sched_id', 'user', 'entity', 'hosts_alive', 'scan_locally', 'nthweekday', 'nthdayofweek', 'time_interval', 'biyear', 'bimonth', 'biday', 'not_resolve', 'send_email', 'ssh_credential', 'smb_credential', 'hosts_alive', '$scan_locally', 'not_resolve', 'type', 'total_assets'); foreach ($parameters as $variable) {
$rg = $conn->CacheExecute($sqlgraph); if (!$rg) { print $conn->ErrorMsg(); } else { while (!$rg->EOF) { $data[] = $rg->fields["num_events"]; $label[] = inet_ntop($rg->fields["name"]); $links[] = $forensic_link . '&ip_addr[0][0]=+&ip_addr[0][1]=ip_src&ip_addr[0][2]=%3D&ip_addr[0][3]=' . inet_ntop($rg->fields["name"]) . '&ip_addr[0][8]=+&ip_addr[0][9]=+&ip_addr_cnt=1'; $rg->MoveNext(); } } $colors = get_widget_colors(count($data)); break; case "alarms": //Checking if we have permissions to go through this section Session::logcheck("analysis-menu", "ControlPanelAlarms"); //Filters of sensors. list($ajoin, $awhere) = Security_report::make_where_alarm($conn, '', '', array(), $assets_filters); $awhere = preg_replace('/AND \\(a\\.timestamp.*/', '', $awhere); //Limit of alarms to show in the widget. $limit = $chart_info['top'] != '' ? $chart_info['top'] : 5; //Sql Query //TO DO: Use parameters in the query. $sqlgraph = "select count(*) as num_events,p.name from alienvault.plugin_sid p, alienvault.alarm a {$ajoin} WHERE p.plugin_id=a.plugin_id AND p.sid=a.plugin_sid {$awhere} group by p.name order by num_events desc limit {$limit}"; $rg = $conn->CacheExecute($sqlgraph); if (!$rg) { print $conn->ErrorMsg(); } else { while (!$rg->EOF) { $data[] = $rg->fields["num_events"]; $name = Util::signaturefilter($rg->fields["name"]);
* GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this package; if not, write to the Free Software * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, * MA 02110-1301 USA * * * On Debian GNU/Linux systems, the complete text of the GNU General * Public License can be found in `/usr/share/common-licenses/GPL-2'. * * Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt * */ require_once 'av_init.php'; Session::logcheck("report-menu", "ReportsReportServer"); $year = GET('year') != "" ? intval(GET('year')) : date("Y"); $user = Session::get_session_user(); // define colors define('COLOR1', '#D6302C'); define('COLOR2', '#3933FC'); define('COLOR3', 'green'); define('COLOR4', 'yellow'); define('COLOR5', 'pink'); define('COLOR6', '#40E0D0'); define('COLOR7', '#00008B'); define('COLOR8', '#800080'); define('COLOR9', '#FFA500'); define('COLOR10', '#A52A2A'); define('COLOR11', '#228B22'); define('COLOR12', '#D3D3D3');
* * You should have received a copy of the GNU General Public License * along with this package; if not, write to the Free Software * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, * MA 02110-1301 USA * * * On Debian GNU/Linux systems, the complete text of the GNU General * Public License can be found in `/usr/share/common-licenses/GPL-2'. * * Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt * */ require_once 'av_init.php'; require_once 'os_report_common.php'; Session::logcheck('report-menu', 'ReportsReportServer'); $action = POST('action'); $data = POST('data'); if ($action == 'check_file') { $data = explode('###', base64_decode($data)); $report_name = trim($data[0]); $filename = trim($data[1]); ossim_valid($report_name, OSS_SCORE, OSS_NULLABLE, OSS_ALPHA, OSS_PUNC, 'illegal:' . _('Report name')); if (ossim_error()) { echo 'error###' . ossim_get_error_clean(); exit; } // Init PDF Report $pdfReport = new Pdf_report($report_name, 'P', 'A4', NULL, FALSE); if (isset($filename) && !empty($filename)) { ossim_valid($filename, OSS_FILENAME, 'illegal:' . _('Filename'));
/* */ /* This program is intended for use in an authorized */ /* manner only, and the author can not be held liable for */ /* anything done with this program, code, or items */ /* discovered with this program's use. */ /***********************************************************/ require_once 'classes/Session.inc'; require_once 'ossim_conf.inc'; require_once 'classes/OMP.inc'; require_once 'classes/Util.inc'; require_once 'functions.inc'; $conf = $GLOBALS["CONF"]; $version = $conf->get_conf("ossim_server_version", FALSE); $nessus_path = $conf->get_conf("nessus_path", FALSE); $pro = preg_match("/pro|demo/i", $version) ? true : false; Session::logcheck("MenuEvents", "EventsVulnerabilities"); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html> <head> <title> <?php echo gettext("Vulnmeter"); ?> </title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <meta http-equiv="Pragma" content="no-cache"> <link rel="stylesheet" type="text/css" href="../style/style.css"/> <script type="text/javascript" src="../js/jquery-1.3.2.min.js"></script> <script type="text/javascript" src="../js/jquery.simpletip.js"></script> <script type="text/javascript" src="../js/vulnmeter.js"></script> <?php
* * You should have received a copy of the GNU General Public License * along with this package; if not, write to the Free Software * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, * MA 02110-1301 USA * * * On Debian GNU/Linux systems, the complete text of the GNU General * Public License can be found in `/usr/share/common-licenses/GPL-2'. * * Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt * */ require_once 'av_init.php'; include_once 'riskmaps_functions.php'; Session::logcheck('dashboard-menu', 'BusinessProcesses'); $infolog = array('Indicator Risk Maps'); Log_action::log(49, $infolog); if (!Session::menu_perms('dashboard-menu', 'BusinessProcessesEdit')) { echo ossim_error(_("You don't have permissions to edit risk indicators")); exit; } $data = array('status' => 'success', 'data' => ''); $db = new ossim_db(); $conn = $db->connect(); $map = GET('map'); $ri_positions = GET('data'); $name = GET('alarm_name'); $icon = GET('icon'); $url = GET('url'); $ri_id = GET('id');
* GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this package; if not, write to the Free Software * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, * MA 02110-1301 USA * * * On Debian GNU/Linux systems, the complete text of the GNU General * Public License can be found in `/usr/share/common-licenses/GPL-2'. * * Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt * */ require_once 'av_init.php'; Session::logcheck('configuration-menu', 'PolicyServers'); $db = new ossim_db(); $conn = $db->connect(); $id = GET('id'); $ip = GET('ip'); $sname = GET('name'); $update = intval(GET('update')); $opensource = Session::is_pro() ? FALSE : TRUE; $mssp = intval($conf->get_conf("alienvault_mssp")); $local_id = $conf->get_conf("server_id"); ossim_valid($ip, OSS_IP_ADDR, OSS_NULLABLE, 'illegal:' . _('Server IP')); ossim_valid($sname, OSS_ALPHA, OSS_PUNC, OSS_NULLABLE, 'illegal:' . _('Server Name')); ossim_valid($id, OSS_HEX, OSS_NULLABLE, 'illegal:' . _('Server ID')); if (ossim_error()) { die(ossim_error()); }
* GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this package; if not, write to the Free Software * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, * MA 02110-1301 USA * * * On Debian GNU/Linux systems, the complete text of the GNU General * Public License can be found in `/usr/share/common-licenses/GPL-2'. * * Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt * */ require_once 'av_init.php'; Session::logcheck("environment-menu", "PolicyNetworks"); $validate = array('ngname' => array('validation' => 'OSS_NOECHARS, OSS_ALPHA, OSS_PUNC', 'e_message' => 'illegal:' . _('Group Name')), 'descr' => array('validation' => 'OSS_NULLABLE, OSS_ALL', 'e_message' => 'illegal:' . _('Description')), 'ctx' => array('validation' => 'OSS_HEX', 'e_message' => 'illegal:' . _('Entity')), 'nets[]' => array('validation' => 'OSS_ALPHA', 'e_message' => 'illegal:' . _('Networks')), 'rrd_profile' => array('validation' => 'OSS_ALPHA, OSS_NULLABLE, OSS_PUNC', 'e_message' => 'illegal:' . _('RRD Profile')), 'nagios' => array('validation' => 'OSS_NULLABLE, OSS_DIGIT', 'e_message' => 'illegal:' . _('Availability Monitoring'))); if (GET('ajax_validation') == TRUE) { $data['status'] = 'OK'; $validation_errors = validate_form_fields('GET', $validate); if (is_array($validation_errors) && !empty($validation_errors)) { $data['status'] = 'error'; $data['data'] = $validation_errors; } echo json_encode($data); exit; } if (!isset($_POST['ajax_validation_all']) || POST('ajax_validation_all') == FALSE) { if (!Token::verify('tk_ng_form', POST('token'))) { Token::show_error(); exit;