[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ossec-dev] OSSEC Web UI code cleanup patch
- To: ossec-dev@xxxxxxxxxxxxxxxx
- Subject: [ossec-dev] OSSEC Web UI code cleanup patch
- From: "Chris Abernethy" <brownoxford@xxxxxxxxx>
- Date: Thu, 27 Sep 2007 16:50:27 -0400
- Authentication-results: mx.google.com; spf=pass (google.com: domain of brownoxford@xxxxxxxxx designates 64.233.184.239 as permitted sender) smtp.mail=brownoxford@xxxxxxxxx; dkim=pass (test mode) header.i=@xxxxxxxxx
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type; bh=hj5eGT/EkxbClCFgXh1JVvS7ij6cRzr+XOzk+O5BMcs=; b=YdB1y+QK6wKtm+fgP7JA/B73O9RXwrZK1xcNoFcJFe1OiKDx/pqFgUy5DYHbnSe+kOaLA7w/9zzgzI/0zrIt9atuc8MNFMEvEL8Km/zY/fRn7yqJ/0dFW/aCS8XuDV4yCT/lBFw0CmTYI81K4rTAzROX4kAq6qQpNdx/ZPqqwzE=
This patch is strictly for code cleanup in the
lib/ossec_{categories,formats}.php files to make it easier to read and
modify the arrays.
Index: lib/ossec_formats.php
===================================================================
RCS file: /usr/cvsroot/ossec-ui/oswui/lib/ossec_formats.php,v
retrieving revision 1.1
diff -u -r1.1 ossec_formats.php
--- lib/ossec_formats.php 22 Mar 2007 01:11:35 -0000 1.1
+++ lib/ossec_formats.php 27 Sep 2007 20:37:29 -0000
@@ -9,93 +9,66 @@
* License (version 2) as published by the FSF - Free Software
* Foundation
*/
-
-/* Log format categories */
-$log_categories{"Syslog"}
- {"Syslog (all)"} = "syslog";
-$log_categories{"Syslog"}
- {"Sshd"} = "sshd";
-$log_categories{"Syslog"}
- {"Arpwatch"} = "arpwatch";
-
-$log_categories{"Syslog"}
- {"Ftpd"} = "ftpd";
-$log_categories{"Syslog"}
- {"Pam Unix"} = "pam";
-$log_categories{"Syslog"}
- {"Proftpd"} = "proftpd";
-$log_categories{"Syslog"}
- {"Pure-ftpd"} = "pure-ftpd";
-$log_categories{"Syslog"}
- {"Vsftpd"} = "vsftpd";
-
-$log_categories{"Syslog"}
- {"Sendmail"} = "sendmail";
-$log_categories{"Syslog"}
- {"Postfix"} = "postfix";
-$log_categories{"Syslog"}
- {"Imapd"} = "imapd";
-$log_categories{"Syslog"}
- {"Vpopmail"} = "vpopmail";
-$log_categories{"Syslog"}
- {"Spamd"} = "spamd";
-$log_categories{"Syslog"}
- {"Horde IMP"} = "horde";
-
-$log_categories{"Syslog"}
- {"Smbd"} = "smbd";
-$log_categories{"Syslog"}
- {"NFS"} = "nfs";
-$log_categories{"Syslog"}
- {"Xinetd"} = "xinetd";
-$log_categories{"Syslog"}
- {"Kernel"} = "kernel";
-
-$log_categories{"Syslog"}
- {"Su"} = "su";
-$log_categories{"Syslog"}
- {"Cron"} = "cron";
-$log_categories{"Syslog"}
- {"Sudo"} = "sudo";
-
-$log_categories{"Syslog"}
- {"PPTP"} = "pptp";
-$log_categories{"Syslog"}
- {"Named"} = "named";
-
-$log_categories{"Firewall"}
- {"Firewall"} = "firewall|pix";
-$log_categories{"Firewall"}
- {"Pix"} = "pix";
-$log_categories{"Firewall"}
- {"Netscreen"} = "netscreenfw";
-
-
-$log_categories{"Microsoft"}
- {"Microsoft (all)"} = "windows|msftp|exchange";
-$log_categories{"Microsoft"}
- {"Windows"} = "windows";
-$log_categories{"Microsoft"}
- {"MS Ftp"} = "msftp";
-$log_categories{"Microsoft"}
- {"Exchange"} = "exchange";
-
-
-$log_categories{"Web logs"}
- {"Web logs (all)"} = "web-log";
-$log_categories{"Squid"}
- {"Squid (all)"} = "squid";
-
-$log_categories{"Security devices"}
- {"Security devices (all)"} = "symantec|cisco_vpn|ids";
-$log_categories{"Security devices"}
- {"Cisco VPN"} = "Cisco VPN";
-$log_categories{"Security devices"}
- {"Symantec AV"} = "symantec";
-$log_categories{"Security devices"}
- {"NIDS"} = "ids";
+// Log format categories
+
+$log_categories_new = array(
+ "Syslog" => array(
+ "Syslog (all)" => "syslog"
+ , "Sshd" => "sshd"
+ , "Arpwatch" => "arpwatch"
+ , "Ftpd" => "ftpd"
+ , "Pam Unix" => "pam"
+ , "Proftpd" => "proftpd"
+ , "Pure-ftpd" => "pure-ftpd"
+ , "Vsftpd" => "vsftpd"
+ , "Sendmail" => "sendmail"
+ , "Postfix" => "postfix"
+ , "Imapd" => "imapd"
+ , "Vpopmail" => "vpopmail"
+ , "Spamd" => "spamd"
+ , "Horde IMP" => "horde"
+ , "Smbd" => "smbd"
+ , "NFS" => "nfs"
+ , "Xinetd" => "xinetd"
+ , "Kernel" => "kernel"
+ , "Su" => "su"
+ , "Cron" => "cron"
+ , "Sudo" => "sudo"
+ , "PPTP" => "pptp"
+ , "Named" => "named"
+ ),
+
+ "Firewall" => array(
+ "Firewall" => "firewall|pix"
+ , "Pix" => "pix"
+ , "Netscreen" => "netscreenfw"
+ ),
+
+ "Microsoft" => array(
+ "Microsoft (all)" => "windows|msftp|exchange"
+ , "Windows" => "windows"
+ , "MS Ftp" => "msftp"
+ , "Exchange" => "exchange"
+ ),
+
+ "Web logs" => array(
+ "Web logs (all)" => "web-log"
+ ),
+
+ "Squid" => array(
+ "Squid (all)" => "squid"
+ ),
+
+ "Security devices" => array(
+ "Security devices (all)" => "symantec|cisco_vpn|ids"
+ , "Cisco VPN" => "Cisco VPN"
+ , "Symantec AV" => "symantec"
+ , "NIDS" => "ids"
+ )
+
+);
+
+/* EOF */
-
-/* EOF */
?>
Index: lib/ossec_categories.php
===================================================================
RCS file: /usr/cvsroot/ossec-ui/oswui/lib/ossec_categories.php,v
retrieving revision 1.4
diff -u -r1.4 ossec_categories.php
--- lib/ossec_categories.php 1 Mar 2007 03:42:13 -0000 1.4
+++ lib/ossec_categories.php 27 Sep 2007 20:37:29 -0000
@@ -9,126 +9,86 @@
* License (version 2) as published by the FSF - Free Software
* Foundation
*/
-
-/* Reconnaissance categories */
-$global_categories{"Reconnaissance"}
- {"Reconnaissance (all)"} =
- "connection_attempt|web_scan|recon";
-$global_categories{"Reconnaissance"}
- {"Connection attempt"} = "connection_attempt";
-$global_categories{"Reconnaissance"}
- {"Web scan"} = "web_scan";
-$global_categories{"Reconnaissance"}
- {"Generic scan"} = "recon";
-
-/* Authentication control categories */
-$global_categories{"Authentication Control"}
- {"Authentication Control (all)"} =
- "authentication|invalid_login|adduser|policy_changed|".
- "account_changed";
-$global_categories{"Authentication Control"}
- {"Authentication Success"} = "authentication_success";
-$global_categories{"Authentication Control"}
- {"Authentication Failure"} = "authentication_failed";
-$global_categories{"Authentication Control"}
- {"Invalid login"} = "invalid_login";
-$global_categories{"Authentication Control"}
- {"Multiple auth failures"} = "authentication_failures";
-$global_categories{"Authentication Control"}
- {"User account modified"} = "adduser|account_changed";
-$global_categories{"Authentication Control"}
- {"Policy changed"} = "policy_changed";
-
-/* Attack */
-$global_categories{"Attack/Misuse"}
- {"Attack/Misuse (all)"} =
- "exploit_attempt|invalid_access|attack|spam|".
- "sql_injection|rootcheck";
-$global_categories{"Attack/Misuse"}
- {"Worm"} = "automatic_attack";
-$global_categories{"Attack/Misuse"}
- {"Virus"} = "virus";
-$global_categories{"Attack/Misuse"}
- {"Automatic attack"} = "automatic_attack";
-$global_categories{"Attack/Misuse"}
- {"Exploit pattern"} = "exploit_attempt";
-$global_categories{"Attack/Misuse"}
- {"Invalid access"} = "invalid_access";
-$global_categories{"Attack/Misuse"}
- {"Spam"} = "spam";
-$global_categories{"Attack/Misuse"}
- {"Multiple Spams"} = "multiple_spam";
-$global_categories{"Attack/Misuse"}
- {"SQL Injection"} = "sql_injection";
-$global_categories{"Attack/Misuse"}
- {"Generic Attack"} = "attack";
-$global_categories{"Attack/Misuse"}
- {"Rootkit detection"} = "rootcheck";
-
-/* Access control */
-$global_categories{"Access Control"}
- {"Access Control (all)"} =
- "access|unknown_resource|drop|client";
-$global_categories{"Access Control"}
- {"Access denied"} = "access_denied";
-$global_categories{"Access Control"}
- {"Access allowed"} = "access_allowed";
-$global_categories{"Access Control"}
- {"Invalid access"} = "unknown_resource";
-$global_categories{"Access Control"}
- {"Firewall Drop"} = "firewall_drop";
-$global_categories{"Access Control"}
- {"Multiple fw drops"} = "multiple_drops";
-$global_categories{"Access Control"}
- {"Client mis-configuration"} = "client_misconfig";
-$global_categories{"Access Control"}
- {"Client error"} = "client_error";
-
-/* Network control */
-$global_categories{"Network Control"}
- {"Network Control (all)"} =
- "new_host|ip_spoof";
-$global_categories{"Network Control"}
- {"New host detected"} = "new_host";
-$global_categories{"Network Control"}
- {"Possible ARP spoof"} = "ip_spoof";
-
-/* System monitor */
-$global_categories{"System Monitor"}
- {"System Monitor (all)"} =
- "service|system|logs|invalid_request|promisc|".
- "syscheck|config_changed";
-$global_categories{"System Monitor"}
- {"Service start"} = "service_start";
-$global_categories{"System Monitor"}
- {"Service in Risk"} = "service_availability";
-$global_categories{"System Monitor"}
- {"System error"} = "system_error";
-$global_categories{"System Monitor"}
- {"Shutdown"} = "system_shutdown";
-$global_categories{"System Monitor"}
- {"Logs removed"} = "logs_cleared";
-$global_categories{"System Monitor"}
- {"Invalid request"} = "invalid_request";
-$global_categories{"System Monitor"}
- {"Promiscuous mode detected"} = "promisc";
-$global_categories{"System Monitor"}
- {"Configuration changed"} = "config_changed";
-$global_categories{"System Monitor"}
- {"Integrity Checking"} = "syscheck";
-$global_categories{"System Monitor"}
- {"File modification"} = "syscheck";
-
-
-/* Policy violation */
-$global_categories{"Policy Violation"}
- {"Policy Violation (all)"} =
- "login_";
-$global_categories{"Policy Violation"}
- {"Login time violation"} = "login_time";
-$global_categories{"Policy Violation"}
- {"Login day violation"} = "login_day";
+$global_categories = array(
+
+ // Reconnaissance categories
+ "Reconnaissance" => array(
+ "Reconnaissance (all)" => "connection_attempt|web_scan|recon"
+ , "Connection attempt" => "connection_attempt"
+ , "Web scan" => "web_scan"
+ , "Generic scan" => "recon"
+ ),
+
+ // Authentication control categories
+ "Authentication Control" => array(
+ "Authentication Control (all)" => "authentication|invalid_login|adduser|policy_changed|account_changed"
+ , "Authentication Success" => "authentication_success"
+ , "Authentication Failure" => "authentication_failed"
+ , "Invalid login" => "invalid_login"
+ , "Multiple auth failures" => "authentication_failures"
+ , "User account modified" => "adduser|account_changed"
+ , "Policy changed" => "policy_changed"
+ ),
+
+ // Attack
+ "Attack/Misuse" => array(
+ "Attack/Misuse (all)" => "exploit_attempt|invalid_access|attack|spam|sql_injection|rootcheck"
+ , "Worm" => "automatic_attack"
+ , "Virus" => "virus"
+ , "Automatic attack" => "automatic_attack"
+ , "Exploit pattern" => "exploit_attempt"
+ , "Invalid access" => "invalid_access"
+ , "Spam" => "spam"
+ , "Multiple Spams" => "multiple_spam"
+ , "SQL Injection" => "sql_injection"
+ , "Generic Attack" => "attack"
+ , "Rootkit detection" => "rootcheck"
+ ),
+
+ // Access control
+ "Access Control" => array(
+ "Access Control (all)" => "access|unknown_resource|drop|client"
+ , "Access denied" => "access_denied"
+ , "Access allowed" => "access_allowed"
+ , "Invalid access" => "unknown_resource"
+ , "Firewall Drop" => "firewall_drop"
+ , "Multiple fw drops" => "multiple_drops"
+ , "Client mis-configuration" => "client_misconfig"
+ , "Client error" => "client_error"
+ ),
+
+ // Network control
+ "Network Control" => array(
+ "Network Control (all)" => "new_host|ip_spoof"
+ , "New host detected" => "new_host"
+ , "Possible ARP spoof" => "ip_spoof"
+ ),
+
+ // System monitor
+ "System Monitor" => array(
+ "System Monitor (all)" => "service|system|logs|invalid_request|promisc|syscheck|config_changed"
+ , "Service start" => "service_start"
+ , "Service in Risk" => "service_availability"
+ , "System error" => "system_error"
+ , "Shutdown" => "system_shutdown"
+ , "Logs removed" => "logs_cleared"
+ , "Invalid request" => "invalid_request"
+ , "Promiscuous mode detected" => "promisc"
+ , "Configuration changed" => "config_changed"
+ , "Integrity Checking" => "syscheck"
+ , "File modification" => "syscheck"
+ ),
+
+ // Policy violation
+ "Policy Violation" => array(
+ "Policy Violation (all)" => "login_"
+ , "Login time violation" => "login_time"
+ , "Login day violation" => "login_day"
+ )
+
+);
+
+/* EOF */
-/* EOF */
?>
OSSEC home |
Main Index |
Thread Index
OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.