[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ossec-cvs] ossec-hids: search.php (HEAD) [davelowe]

To: ossec-cvs@xxxxxxxxx
Subject: [ossec-cvs] ossec-hids: search.php (HEAD) [davelowe]
From: OSSEC CVS <cvs-commit@xxxxxxxxx>
Date: Fri, 10 Aug 2007 04:22:32 -0300 (ADT)
Content-transfer-encoding: 8bit
Module name:	ossec-hids
Changes by:	davelowe	07/08/10 04:22:30

Modified files:
	search.php

Log message:
Merged dcids previous search code, not working yet.

Index: search.php
===================================================================
RCS file: /usr/cvsroot/ossec-ui/ossec/Site/search.php,v
diff -u -r1.1 -r1.2
--- search.php	9 Aug 2007 10:02:10 -0000	1.1
+++ search.php	10 Aug 2007 07:22:30 -0000	1.2
@@ -1,17 +1,270 @@
-<!-- BEGIN SEARCH -->
-<div id="layerSolo" class="layerSolo">
-<div class=headerCenter>Search for Events</div>
 <?php
+/* @(#) $Id$ */
+
+/* Copyright (C) 2006 Daniel B. Cid <dcid@xxxxxxxxx>
+ * All right reserved.
+ *
+ * This program is a free software; you can redistribute it
+ * and/or modify it under the terms of the GNU General Public
+ * License (version 2) as published by the FSF - Free Software
+ * Foundation
+ */
+       
+echo '<div id="layerSolo" class="layerSolo">';
+
 /* OS PHP init */
 if (!function_exists('os_handle_start'))
 {
-    echo "<b id='red'>You are not allowed direct access.</b><br />\n";
+    echo "<b id='red'>You are not allowed direct access.</b><br /></div>\n";
     return(1);
 }
 
+/* Starting handle */
+$ossec_handle = os_handle_start($ossec_dir);
+if($ossec_handle == NULL)
+{
+    echo "Unable to access ossec directory.\n";
+    echo "</div>";
+    exit(1);
+}
+
 /* Initializing some variables */
 $u_final_time = time(0);
 $u_init_time = $u_final_time - $ossec_search_time;
+$u_level = $ossec_search_level;
+$u_pattern = "";
+$u_rule = "";
+$u_srcip = "";
+$u_user = "";
+$u_location = "";
+
+
+$USER_pattern = NULL;
+$LOCATION_pattern = NULL;
+$USER_group = NULL;
+$USER_log = NULL;
+$USER_rule = NULL;
+$USER_srcip = NULL;
+$USER_user = NULL;
+$USER_page = 1;
+$USER_searchid = 0;
+$USER_monitoring = 0;
+$used_stored = 0;
+
+
+/* Getting search id */
+if(isset($_POST['searchid']))
+{
+    if(is_numeric($_POST['searchid']))
+    {
+        $USER_searchid = $_POST['searchid'];
+    }
+}
+
+
+$rt_sk = "";
+$sv_sk = 'checked="checked"';
+if(isset($_POST['monitoring']) && ($_POST['monitoring'] == 1))
+{
+    $rt_sk = 'checked="checked"';
+    $sv_sk = "";
+
+    /* Cleaning up time */
+    $USER_final = $u_final_time;
+    $USER_init = $u_init_time;
+    $USER_monitoring = 1;
+
+    /* Cleaning up fields */
+    $_POST['search'] = "Search";
+    unset($_POST['initdate']);
+    unset($_POST['finaldate']);
+
+    /* Deleting search */
+    if($USER_searchid != 0)
+    {
+        os_cleanstored($USER_searchid);
+    }
+}
+
+
+/* Reading user input -- being very careful parsing it */
+$datepattern = "/^([0-9]{4})-([0-9]{2})-([0-9]{2}) ([0-9]{2}):([0-9]{2})$/";
+if(isset($_POST['initdate']))
+{             
+    if(preg_match($datepattern, $_POST['initdate'], $regs))
+    {
+        $USER_init = mktime($regs[4], $regs[5], 0,$regs[2],$regs[3],$regs[1]);
+        $u_init_time = $USER_init;
+    }
+}
+if(isset($_POST['finaldate']))
+{             
+    if(preg_match($datepattern, $_POST['finaldate'], $regs) == true)
+    {
+        $USER_final = mktime($regs[4], $regs[5], 0,$regs[2],$regs[3],$regs[1]);
+        $u_final_time = $USER_final;
+    }
+}
+if(isset($_POST['level']))
+{             
+    if((is_numeric($_POST['level'])) && 
+        ($_POST['level'] > 0) &&
+        ($_POST['level'] < 16))
+    {
+        $USER_level = $_POST['level'];
+        $u_level = $USER_level;
+    }
+}
+if(isset($_POST['page']))
+{
+    if((is_numeric($_POST['page'])) &&
+        ($_POST['page'] > 0) &&
+        ($_POST['page'] <= 999))
+    {
+        $USER_page = $_POST['page'];
+    }
+}
+
+
+$strpattern = "/^[0-9a-zA-Z. _|^!-()?]{1,128}$/";
+$intpattern = "/^[0-9]{1,8}$/";
+
+if(isset($_POST['strpattern']))
+{
+   if(preg_match($strpattern, $_POST['strpattern']) == true)
+   {
+       $USER_pattern = $_POST['strpattern'];
+       $u_pattern = $USER_pattern;
+   }
+}
+
+
+/* Getting location */
+if(isset($_POST['locationpattern']))
+{
+    $lcpattern = "/^[0-9a-zA-Z. _|^!>\/\\-]{1,156}$/";    
+    if(preg_match($lcpattern, $_POST['locationpattern']) == true)
+    {
+        $LOCATION_pattern = $_POST['locationpattern'];
+        $u_location = $LOCATION_pattern;
+    }
+}
+
+
+/* Group pattern */
+if(isset($_POST['grouppattern']))
+{
+    if($_POST['grouppattern'] == "ALL")
+    {
+        $USER_group = NULL;
+    }
+    else if(preg_match($strpattern,$_POST['grouppattern']) == true)
+    {
+        $USER_group = $_POST['grouppattern'];
+    }
+}
+
+/* Group pattern */
+if(isset($_POST['logpattern']))
+{
+    if($_POST['logpattern'] == "ALL")
+    {
+        $USER_log = NULL;
+    }
+    else if(preg_match($strpattern,$_POST['logpattern']) == true)
+    {
+        $USER_log = $_POST['logpattern'];
+    }
+}
+
+
+/* Rule pattern */
+if(isset($_POST['rulepattern']))
+{
+   if(preg_match($strpattern, $_POST['rulepattern']) == true)
+   {
+       $USER_rule = $_POST['rulepattern'];
+       $u_rule = $USER_rule;
+   }
+}
+
+
+/* Src ip pattern */
+if(isset($_POST['srcippattern']))
+{
+   if(preg_match($strpattern, $_POST['srcippattern']) == true)
+   {
+       $USER_srcip = $_POST['srcippattern'];
+       $u_srcip = $USER_srcip;
+   }
+}
+
+
+/* User pattern */
+if(isset($_POST['userpattern']))
+{
+   if(preg_match($strpattern, $_POST['userpattern']) == true)
+   {
+       $USER_user = $_POST['userpattern'];
+       $u_user = $USER_user;
+   }
+}
+
+
+/* Maximum number of alerts */
+if(isset($_POST['max_alerts_per_page']))
+{
+    if(preg_match($intpattern, $_POST['max_alerts_per_page']) == true)
+    {
+        if(($_POST['max_alerts_per_page'] > 200) &&
+           ($_POST['max_alerts_per_page'] < 10000))
+        {
+            $ossec_max_alerts_per_page = $_POST['max_alerts_per_page'];
+        }
+    }
+}    
+
+
+
+/* Getting search id  -- should be enough to avoid duplicates */
+if($_POST['search'] == "Search")
+{
+    /* Creating new search id */
+    $USER_searchid = posix_getpid().$curr_time.rand();
+        
+    $USER_page = 1;
+}
+else if($_POST['search'] == "<< First")
+{
+    $USER_page = 1;
+}
+else if($_POST['search'] == "< Prev")
+{
+    if($USER_page > 1)
+    {
+        $USER_page--;
+    }
+}
+else if($_POST['search'] == "Next >")
+{
+    $USER_page++;
+}
+else if($_POST['search'] == "Last >>")
+{
+    $USER_page = 999;
+}
+else if($_POST['search'] == "")
+{
+}
+else
+{
+    echo "<b id='red'>Invalid search. </b><br />\n";
+    return;
+}
+
+
+//echo '<a href="?f=sf">Firewall Search</a> - <a href="?f=s">Alerts Search</a>';
+echo "<h1>Alert search options:</h1>\n";
 
 /* Search forms */
 echo '
@@ -71,7 +324,6 @@
 /* Str pattern */
 echo '</tr><tr><td>Pattern:</td>
 <td><input type="text" name="strpattern" size="16" value="'.$u_pattern.'" class="formText" /></td>';
-
 /* Log formats */
 echo '<td>
      Log formats: </td><td><select name="logpattern" class="formText">';
@@ -128,6 +380,7 @@
 </tr>';
 echo '</table></form>';
 
+/* Java script for date */
 echo '
 <script type="text/javascript">
 Calendar.setup({
@@ -145,12 +398,152 @@
 timeFormat     :    "24"
 });
 </script>
+
 ';
 
+echo "<h1>Results:</h1>\n";
+
+if(!isset($USER_init) || !isset($USER_final) || !isset($USER_level))
+{
+    echo "<b>No search performed.</b><br />\n";
+    echo "</div>";
+    return(1);
+}
+echo "RES";
+$output_list = NULL;
 
 
-?>
-</div>
+/* Getting stored alerts */
+if($_POST['search'] != "Search")
+{
+    $output_list = os_getstoredalerts($ossec_handle, $USER_searchid);
+    $used_stored = 1;
+}
+
+/* Searching for new ones */
+else
+{
+    /* Getting alerts */
+    $output_list = os_searchalerts($ossec_handle, $USER_searchid,
+                                   $USER_init, $USER_final, 
+                                   $ossec_max_alerts_per_page,
+                                   $USER_level,$USER_rule, $LOCATION_pattern,
+                                   $USER_pattern, $USER_group,
+                                   $USER_srcip, $USER_user,
+                                   $USER_log);
+}
+
+if($output_list == NULL || $output_list[1] == NULL)
+{
+    if($used_stored == 1)
+    {
+        echo "<b id='red'>Nothing returned (search expired). </b><br />\n";
+    }
+    else
+    {
+        echo "<b id='red'>Nothing returned. </b><br />\n";
+    }
+    echo "</div>";
+    return(1);
+}
+
+
+/* Checking for no return */
+if(!isset($output_list[0]{'count'}))
+{
+    echo "<b id='red'>Nothing returned. </b><br />\n";
+    echo "</div>";
+    return(1);
+}
+
+
+/* Checking maximum page size */
+if($USER_page >= $output_list[0]{'pg'})
+{
+    $USER_page = $output_list[0]{'pg'};
+}
+
+/* Page 1 will become the latest and the latest, page 1 */
+$real_page = ($output_list[0]{'pg'} + 1) - $USER_page;
+
+
+echo "<b>Total alerts found: </b>".$output_list[0]{'count'}."<br />";
 
-<!-- END SEARCH -->
+if($output_list[0]{'pg'} > 1)
+{
+    echo "<b>Output divided in </b>".
+         $output_list[0]{'pg'}." pages.<br />";
+
+    echo '<br /><form name="dopage" method="post" action="index.php?f=s">';
+}
 
+
+if($output_list[0]{'pg'} > 1)
+{
+    echo '
+        <input type="submit" name="search" value="<< First" class="button"
+               class="formText" />
+                   
+        <input type="submit" name="search" value="< Prev" class="button"
+               class="formText" />
+         ';
+
+    echo 'Page <b>'.$USER_page.'</b> ('.$output_list[0]{$real_page}.' alerts)';
+}
+
+/* Currently page */
+echo '
+    <tr><td>                    
+    <input type="hidden" name="initdate" 
+           value="'.date('Y-m-d H:i', $u_init_time).'" /> 
+    <input type="hidden" name="finaldate" 
+           value="'.date('Y-m-d H:i', $u_final_time).'" /> 
+    <input type="hidden" name="rulepattern" value="'.$u_rule.'" />
+    <input type="hidden" name="srcippattern" value="'.$u_srcip.'" />
+    <input type="hidden" name="userpattern" value="'.$u_user.'" />
+    <input type="hidden" name="locationpattern" value="'.$u_location.'" />
+    <input type="hidden" name="level" value="'.$u_level.'" />
+    <input type="hidden" name="page" value="'.$USER_page.'" />
+    <input type="hidden" name="searchid" value="'.$USER_searchid.'" />
+    <input type="hidden" name="monitoring" value="'.$USER_monitoring.'" />
+    <input type="hidden" name="max_alerts_per_page" 
+                         value="'.$ossec_max_alerts_per_page.'" />';
+
+
+if($output_list[0]{'pg'} > 1)
+{    
+echo '    
+    &nbsp;&nbsp;
+    <input type="submit" name="search" value="Next >" class="button"
+           class="formText" />
+     <input type="submit" name="search" value="Last >>" class="button"
+           class="formText" />      
+    </form>
+';
+}
+
+
+/* Checking if page exists */
+if(!isset($output_list[0]{$real_page}) || 
+   (strlen($output_list[$real_page]) < 5) ||
+   (!file_exists($output_list[$real_page])))
+{
+    echo "<b id='red'>Nothing returned (or search expired). </b><br /></div>\n";
+    return(1);
+}
+
+echo "<br /><br />";
+
+
+/* Printing page */
+$fp = fopen($output_list[$real_page], "r");
+if($fp)
+{
+    while(!feof($fp))
+    {
+        echo fgets($fp);
+    }
+}
+echo '</div>';
+/* EOF */
+?>
Follow-Ups:
- [ossec-cvs] ossec-hids: search.php (HEAD) [davelowe]
  - From: OSSEC CVS
Prev by Date: [ossec-cvs] ossec-hids: header.html (HEAD) [davelowe]
Next by Date: [ossec-cvs] ossec-hids: cal.css (HEAD) [davelowe]
Previous by thread: [ossec-cvs] ossec-hids: header.html (HEAD) [davelowe]
Next by thread: [ossec-cvs] ossec-hids: search.php (HEAD) [davelowe]
Index(es):
- Date
- Thread
OSSEC home | Main Index | Thread Index
OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.