#11126 new view vulnerability scanner

pandora_console/extras/mr/66.sql

@@ -203,4 +203,9 @@ ALTER TABLE `treport_content`  ADD COLUMN `status_of_check` TINYTEXT;
 
 ALTER TABLE `tservice` ADD COLUMN `enable_horizontal_tree` TINYINT NOT NULL DEFAULT 0;
 
+INSERT IGNORE INTO `tmodule_inventory` (`id_module_inventory`, `id_os`, `name`, `description`, `interpreter`, `data_format`, `code`, `block_mode`,`script_mode`) VALUES (43,1,'Vulnerabilities','Plugin for security scan','','Package;Version;CVE','',0,2);
+
+ALTER TABLE `tagente` ADD COLUMN `vul_scan_enabled` TINYINT NOT NULL DEFAULT 0;
+ALTER TABLE `tagente` ADD COLUMN `vul_scan_interval` INT NOT NULL DEFAULT 300;
+
 COMMIT;

pandora_console/godmode/agentes/configurar_agente.php

@@ -610,6 +610,12 @@ if ($id_agente) {
         $agent_wizard['active'] = false;
     }
 
+    // Vulnerabilities tab.
+    $vulnerabilities = enterprise_hook('vulnerabilities_tab');
+    if ($vulnerabilities === ENTERPRISE_NOT_HOOK) {
+        $vulnerabilities = '';
+    }
+
     if (check_acl_one_of_groups($config['id_user'], $all_groups, 'AW') === true) {
         if ($has_remote_conf !== false) {
             $agent_name = agents_get_name($id_agente);
@@ -642,24 +648,26 @@ if ($id_agente) {
                 'collection'           => $collectiontab,
                 'group'                => $grouptab,
                 'gis'                  => $gistab,
+                'vulnerabilities'      => $vulnerabilities,
                 'agent_wizard'         => $agent_wizard,
             ];
         } else {
             $onheader = [
-                'view'         => $viewtab,
+                'view'            => $viewtab,
-                'separator'    => '',
+                'separator'       => '',
-                'main'         => $maintab,
+                'main'            => $maintab,
-                'module'       => $moduletab,
+                'module'          => $moduletab,
-                'ncm'          => $ncm_tab,
+                'ncm'             => $ncm_tab,
-                'alert'        => $alerttab,
+                'alert'           => $alerttab,
-                'template'     => $templatetab,
+                'template'        => $templatetab,
-                'inventory'    => $inventorytab,
+                'inventory'       => $inventorytab,
-                'pluginstab'   => $pluginstab,
+                'pluginstab'      => $pluginstab,
-                'policy'       => (enterprise_installed() === true) ? $policyTab : '',
+                'policy'          => (enterprise_installed() === true) ? $policyTab : '',
-                'collection'   => $collectiontab,
+                'collection'      => $collectiontab,
-                'group'        => $grouptab,
+                'group'           => $grouptab,
-                'gis'          => $gistab,
+                'gis'             => $gistab,
-                'agent_wizard' => $agent_wizard,
+                'vulnerabilities' => $vulnerabilities,
+                'agent_wizard'    => $agent_wizard,
             ];
         }
 
@@ -760,6 +768,11 @@ if ($id_agente) {
             $help_header = 'gis_tab';
         break;
 
+        case 'vulnerabilities':
+            $tab_name = __('Vulnerabilities');
+            $help_header = 'vulnerabilities_tab';
+        break;
+
         case 'incident':
             $tab_name = __('Incidents');
         break;
@@ -2363,6 +2376,29 @@ if ($updateGIS === true) {
     }
 }
 
+// UPDATE VULNERABILITIES.
+$updateVul = (bool) get_parameter('update_vulnerabilities', 0);
+if ($updateVul === true) {
+    $vul_scan_enabled = get_parameter('vul_scan_enabled', 0);
+    $vul_scan_interval = (int) get_parameter_post('vul_scan_interval', SECONDS_5MINUTES);
+    $idAgente = get_parameter('id_agente');
+
+    $result = db_process_sql_update(
+        'tagente',
+        [
+            'vul_scan_enabled'  => $vul_scan_enabled,
+            'vul_scan_interval' => $vul_scan_interval,
+        ],
+        ['id_agente' => $idAgente]
+    );
+
+    ui_print_result_message(
+        $result,
+        __('Successfully updated'),
+        __('Could not be updated')
+    );
+}
+
 // -----------------------------------
 // Load page depending on tab selected
 // -----------------------------------
@@ -2401,6 +2437,10 @@ switch ($tab) {
         include 'agent_conf_gis.php';
     break;
 
+    case 'vulnerabilities':
+        include enterprise_include('godmode/agentes/vulnerabilities_editor.php');
+    break;
+
     case 'incident':
         include 'agent_incidents.php';
     break;

pandora_console/operation/agentes/ver_agente.php

@@ -1857,7 +1857,6 @@ $external_tools['text'] = html_print_menu_button(
 $external_tools['active'] = ($tab === 'external_tools');
 
 if (enterprise_installed() === true && security_hardening_installed() === true) {
-    // External Tools tab.
     $security_hardening['text'] = html_print_menu_button(
         [
             'href'  => 'index.php?sec=estado&sec2=operation/agentes/ver_agente&tab=security_hardening&id_agente='.$id_agente,
@@ -1870,6 +1869,19 @@ if (enterprise_installed() === true && security_hardening_installed() === true)
     $security_hardening['active'] = ($tab === 'security_hardening');
 }
 
+if (enterprise_installed() === true) {
+    $vulnerabilities['text'] = html_print_menu_button(
+        [
+            'href'  => 'index.php?sec=estado&sec2=operation/agentes/ver_agente&tab=vulnerabilities&id_agente='.$id_agente,
+            'image' => 'images/vulnerability_scan@svg.svg',
+            'title' => __('Vulnerabilities'),
+        ],
+        true
+    );
+
+    $vulnerabilities['active'] = ($tab === 'vulnerabilities');
+}
+
 $onheader = [
     'manage'             => ($managetab ?? null),
     'main'               => ($maintab ?? null),
@@ -1888,6 +1900,7 @@ $onheader = [
     'ncm_view'           => ($ncm_tab ?? null),
     'external_tools'     => ($external_tools ?? null),
     'security_hardening' => ($security_hardening ?? null),
+    'vulnerabilities'    => ($vulnerabilities ?? null),
     'incident'           => ($incidenttab ?? null),
     'omnishell'          => ($omnishellTab ?? null),
 ];
@@ -2072,6 +2085,10 @@ switch ($tab) {
         $tab_name = __('Security hardening');
     break;
 
+    case 'vulnerabilities':
+        $tab_name = __('Vulnerabilities');
+    break;
+
     default:
         $tab_name = '';
         $help_header = '';
@@ -2221,6 +2238,10 @@ switch ($tab) {
         enterprise_include('operation/agentes/security_hardening.php');
     break;
 
+    case 'vulnerabilities':
+        enterprise_include('operation/agentes/vulnerabilities.php');
+    break;
+
     case 'extension':
         $found = false;
         foreach ($config['extensions'] as $extension) {

pandora_console/pandoradb.sql

@@ -91,6 +91,8 @@ CREATE TABLE IF NOT EXISTS `tagente` (
   `satellite_server` INT NOT NULL DEFAULT 0,
   `fixed_ip` TINYINT NOT NULL DEFAULT 0,
   `disabled_by_downtime` TINYINT NOT NULL DEFAULT 0,
+  `vul_scan_enabled` TINYINT NOT NULL DEFAULT 0,
+  `vul_scan_interval` INT NOT NULL DEFAULT 300,
   PRIMARY KEY  (`id_agente`),
   KEY `nombre` (`nombre`(255)),
   KEY `direccion` (`direccion`),

pandora_console/pandoradb_data.sql

@@ -2824,6 +2824,7 @@ INSERT INTO `tmodule_inventory` (`id_module_inventory`, `id_os`, `name`, `descri
 
 INSERT INTO `tmodule_inventory` (`id_module_inventory`, `id_os`, `name`, `description`, `interpreter`, `data_format`, `code`, `block_mode`,`script_mode`) VALUES (42,9,'Security','Hardening plugin for security compliance analysis','','ID;STATUS','',0,2);
 
+INSERT INTO `tmodule_inventory` (`id_module_inventory`, `id_os`, `name`, `description`, `interpreter`, `data_format`, `code`, `block_mode`,`script_mode`) VALUES (43,1,'Vulnerabilities','Plugin for security scan','','Package;Version;CVE','',0,2);
 
 --
 -- Dumping data for table `tconfig_os_version`