From e4ed319bcc37cf2d55aa4cba793d104e20882d37 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?F=C3=A9lix=20Su=C3=A1rez?= <felix.suarez@pandorafms.com>
Date: Sun, 4 Jun 2023 09:04:50 -0600
Subject: [PATCH 01/26] Correct comments in Tentacle Server Conf.

---
 pandora_server/conf/tentacle_server.conf.new | 24 ++++++++++----------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/pandora_server/conf/tentacle_server.conf.new b/pandora_server/conf/tentacle_server.conf.new
index 1acf082ca2..4fa307e0e8 100644
--- a/pandora_server/conf/tentacle_server.conf.new
+++ b/pandora_server/conf/tentacle_server.conf.new
@@ -5,10 +5,10 @@
 # Tentacle have IANA assigned port tpc/41121 as official port.
 ##########################################################################
 
-# [-a] IPv4 address to listen on. Several IPs cam be selected separating if by comma.
+# [-a] IPv4 address to listen on. Several IP adresses can be selected separated by commas.
 addresses 0.0.0.0
 
-# [-p] Port to listen on
+# [-p] Port number to listen on.
 port 41121
 
 # [-c] Maximum number of simultaneous connections
@@ -17,19 +17,19 @@ port 41121
 # [-d] Run as daemon. 1 true, 0 false
 daemon 1
 
-# [-i] Enable insecure mode
-# insecure 0
+# [-I] Enable insecure mode. 1 true, 0 false.
+#insecure 0
 
-# Filters (regexp:dir;regexp:dir...)
-filters .*\.conf:conf;.*\.md5:md5;.*\.zip:collections;.*\.lock:trans;.*\.rcmd:commands
+# [-i] Filters (regexp:dir;regexp:dir...).
+filters ..conf:conf;..md5:md5;.*\.zip:collections;.*\.lock:trans;.*\.rcmd:commands
 
 # [-m] Maximum file size allowed by the server in bytes
-#max_size 2000000
+# max_size 2000000
 
-# [-o] Accept files with a repeated name
+# [-o] Accept files with a repeated name. 1 true, 0 false.
 # overwrite 0
 
-# [-q] Do not output error messages.
+# [-q] No output error messages. 1 true, 0 false.
 # quiet 0
 
 # [-r] Number of retries for socket read/write operations
@@ -38,10 +38,10 @@ filters .*\.conf:conf;.*\.md5:md5;.*\.zip:collections;.*\.lock:trans;.*\.rcmd:co
 # [-s] Storage directory
 directory /var/spool/pandora/data_in
 
-# [-b] Address to proxy client requests to
+# [-b] IP address proxy client requests to.
 # proxy_ip 127.0.0.1
 
-# [-g] Port to proxy client requests to
+# [-g] Port number proxy client requests to.
 # proxy_port 41121
 
 # [-t] Timeout for socket read/write operations in seconds
@@ -71,5 +71,5 @@ log_file /dev/null
 # [-w] SSL password. Set to 1 to ask for password by command line
 # ssl_password 0
 
-# [-T] Use libwrap library (Authen::Libwrap perl module)
+# [-T] Use libwrap library (Authen::Libwrap perl module). 1 true, 0 false.
 # use_libwrap 0
\ No newline at end of file

From 936d9cac4c93b7af022bd4c829d0e74bc0ff5027 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?F=C3=A9lix=20Su=C3=A1rez?= <felix.suarez@pandorafms.com>
Date: Mon, 5 Jun 2023 08:48:15 -0600
Subject: [PATCH 02/26] Set the filter as it was originally

---
 pandora_server/conf/tentacle_server.conf.new | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pandora_server/conf/tentacle_server.conf.new b/pandora_server/conf/tentacle_server.conf.new
index 4fa307e0e8..a7cec8fd2c 100644
--- a/pandora_server/conf/tentacle_server.conf.new
+++ b/pandora_server/conf/tentacle_server.conf.new
@@ -21,7 +21,7 @@ daemon 1
 #insecure 0
 
 # [-i] Filters (regexp:dir;regexp:dir...).
-filters ..conf:conf;..md5:md5;.*\.zip:collections;.*\.lock:trans;.*\.rcmd:commands
+filters .*\.conf:conf;.*\.md5:md5;.*\.zip:collections;.*\.lock:trans;.*\.rcmd:commands
 
 # [-m] Maximum file size allowed by the server in bytes
 # max_size 2000000

From 4ed724edccfbbca7216fdb6748fdac17b8fc0a3f Mon Sep 17 00:00:00 2001
From: "felix.suarez" <felix.suarez@pandorafms.com>
Date: Thu, 23 Nov 2023 12:15:55 -0600
Subject: [PATCH 03/26] Add SSL valitations for Cipher and Version

---
 tentacle/conf/tentacle_server.conf.new |  8 ++++-
 tentacle/tentacle_server               | 47 ++++++++++++++++++++++++--
 2 files changed, 51 insertions(+), 4 deletions(-)

diff --git a/tentacle/conf/tentacle_server.conf.new b/tentacle/conf/tentacle_server.conf.new
index 1acf082ca2..390369995f 100644
--- a/tentacle/conf/tentacle_server.conf.new
+++ b/tentacle/conf/tentacle_server.conf.new
@@ -72,4 +72,10 @@ log_file /dev/null
 # ssl_password 0
 
 # [-T] Use libwrap library (Authen::Libwrap perl module)
-# use_libwrap 0
\ No newline at end of file
+# use_libwrap 0
+
+# [-z] Restrict to a specific ssl version
+# ssl_version TLSv1_3
+
+# [-u] Restrict to a specific ssl cipher
+# ssl_cipher AES256-SHA
diff --git a/tentacle/tentacle_server b/tentacle/tentacle_server
index 6d503e0053..cf9b521cdd 100755
--- a/tentacle/tentacle_server
+++ b/tentacle/tentacle_server
@@ -187,6 +187,12 @@ my $t_proxy_ip = undef;
 # Port to proxy client requests to
 my $t_proxy_port = 41121;
 
+# Allowed SSL Cipher 
+my $t_ssl_cipher= '';
+
+# Allowed SSL Version 
+my $t_ssl_version= '';
+
 # Proxy socket
 my $t_proxy_socket;
 
@@ -230,7 +236,7 @@ sub print_help {
 	print ("\t-p port\t\tPort to listen on (default $t_port).\n");
 	print ("\t-q\t\tQuiet. Do now print error messages.\n");
 	print ("\t-r number\tNumber of retries for network opertions (default $t_retries).\n");
-	print ("\t-S (install|uninstall|run) Manage the win32 service.\n");
+	print ("\t-S \t\t(install|uninstall|run) Manage the win32 service.\n");
 	print ("\t-t time\t\tTime-out for network operations in seconds (default ${t_timeout}s).\n");
 	print ("\t-v\t\tBe verbose (display errors).\n");
 	print ("\t-V\t\tBe verbose on hard way (display errors and other info).\n");
@@ -239,7 +245,9 @@ sub print_help {
 	print ("\t-b ip_address\tProxy requests to the given address.\n");
 	print ("\t-g port\t\tProxy requests to the given port.\n");
 	print ("\t-T\t\tEnable tcpwrappers support.\n");
-	print ("\t  \t\t(To use this option, 'Authen::Libwrap' should be installed.)\n\n");
+	print ("\t  \t\t(To use this option, 'Authen::Libwrap' should be installed.)\n");
+	print ("\t-z\t\tRestrict to a specific SSL Version.\n");
+	print ("\t-u\t\tRestrict to a specific SSL Cipher.\n\n");
 }
 
 ################################################################################
@@ -287,7 +295,7 @@ sub parse_options {
 	my @t_addresses_tmp;
 
 	# Get options
-	if (getopts ('a:b:c:de:f:F:g:hIi:k:l:m:op:qr:s:S:t:TvVwx:', \%opts) == 0 || defined ($opts{'h'})) {
+	if (getopts ('a:b:c:de:f:F:g:hIi:k:l:m:op:qr:s:S:t:TvVwx:zu:', \%opts) == 0 || defined ($opts{'h'})) {
 		print_help ();
 		exit 1;
 	}
@@ -547,6 +555,18 @@ sub parse_options {
 		}
 	}
 
+	# Specific SSL Version
+	$token_value = get_config_value($opts{'z'}, $CONF->{'ssl_version'});
+	if (defined ($token_value)) {
+		$t_ssl_version = $token_value;
+	}	
+
+	# Specific SSL Cipher
+	$token_value = get_config_value($opts{'u'}, $CONF->{'ssl_cipher'});
+	if (defined ($token_value)) {
+		$t_ssl_cipher = $token_value;
+	}
+
 	# Win32 service management
 	if (defined ($opts{'S'})) {
 		my $service_action = $opts{'S'};
@@ -817,9 +837,30 @@ sub start_ssl {
 		error ($err);
 	}
 
+	validate_ssl();
+
 	print_log ("SSL started for " . $t_client_socket->sockhost ());
 }
 
+################################################################################
+## SUB validate_ssl
+## Validate that a socket has a defined ssl version and cipher.
+################################################################################
+sub validate_ssl{
+	my $ssl_version = $t_client_socket->get_ssl_version();
+	my $ssl_cipher = $t_client_socket->get_cipher();
+
+	if($t_ssl_version && $ssl_version ne $t_ssl_version){
+		$t_client_socket->close();
+		error ("Invalid SSL Version " . $ssl_version . ", expected version is " . $t_ssl_version . ".");
+	}
+
+	if($t_ssl_cipher && $ssl_cipher ne $t_ssl_cipher){
+		$t_client_socket->close();
+		error ("Invalid SSL Cipher " . $ssl_cipher . ", expected cipher is " . $t_ssl_cipher . ".");
+	}
+}
+
 ################################################################################
 ## SUB accept_connections
 ## Manage incoming connections.

From 245154ce21e8ae1cdba4daf1f436dd737d576a58 Mon Sep 17 00:00:00 2001
From: "felix.suarez" <felix.suarez@pandorafms.com>
Date: Fri, 24 Nov 2023 09:37:20 -0600
Subject: [PATCH 04/26] Pass version and cipher as args instead of validating
 afterwards.

---
 tentacle/tentacle_server | 41 ++++++++++++----------------------------
 1 file changed, 12 insertions(+), 29 deletions(-)

diff --git a/tentacle/tentacle_server b/tentacle/tentacle_server
index cf9b521cdd..b6d6ae7b08 100755
--- a/tentacle/tentacle_server
+++ b/tentacle/tentacle_server
@@ -295,7 +295,7 @@ sub parse_options {
 	my @t_addresses_tmp;
 
 	# Get options
-	if (getopts ('a:b:c:de:f:F:g:hIi:k:l:m:op:qr:s:S:t:TvVwx:zu:', \%opts) == 0 || defined ($opts{'h'})) {
+	if (getopts ('a:b:c:de:f:F:g:hIi:k:l:m:op:qr:s:S:t:TvVwx:z:u:', \%opts) == 0 || defined ($opts{'h'})) {
 		print_help ();
 		exit 1;
 	}
@@ -808,13 +808,19 @@ sub stop_server {
 sub start_ssl {
 	my $err;
 
+	my %ssl_args = (
+		SSL_cert_file => $t_ssl_cert,
+		SSL_key_file => $t_ssl_key,
+		SSL_passwd_cb => sub {return $t_ssl_pwd},
+		SSL_server => 1,
+		SSL_cipher_list => $t_ssl_cipher // '',
+		SSL_version     => $t_ssl_version // '',
+	);
+
 	if ($t_ssl_ca eq '') {
 		IO::Socket::SSL->start_SSL (
 			$t_client_socket,
-			SSL_cert_file => $t_ssl_cert,
-			SSL_key_file => $t_ssl_key,
-			SSL_passwd_cb => sub {return $t_ssl_pwd},
-			SSL_server => 1,
+			%ssl_args,
 			# Verify peer
 			SSL_verify_mode => 0x01,
 		);
@@ -822,11 +828,8 @@ sub start_ssl {
 	else {
 		IO::Socket::SSL->start_SSL (
 			$t_client_socket,
+			%ssl_args,
 			SSL_ca_file => $t_ssl_ca,
-			SSL_cert_file => $t_ssl_cert,
-			SSL_key_file => $t_ssl_key,
-			SSL_passwd_cb => sub {return $t_ssl_pwd},
-			SSL_server => 1,
 			# Fail verification if no peer certificate exists
 			SSL_verify_mode => 0x03,
 		);
@@ -837,29 +840,9 @@ sub start_ssl {
 		error ($err);
 	}
 
-	validate_ssl();
-
 	print_log ("SSL started for " . $t_client_socket->sockhost ());
 }
 
-################################################################################
-## SUB validate_ssl
-## Validate that a socket has a defined ssl version and cipher.
-################################################################################
-sub validate_ssl{
-	my $ssl_version = $t_client_socket->get_ssl_version();
-	my $ssl_cipher = $t_client_socket->get_cipher();
-
-	if($t_ssl_version && $ssl_version ne $t_ssl_version){
-		$t_client_socket->close();
-		error ("Invalid SSL Version " . $ssl_version . ", expected version is " . $t_ssl_version . ".");
-	}
-
-	if($t_ssl_cipher && $ssl_cipher ne $t_ssl_cipher){
-		$t_client_socket->close();
-		error ("Invalid SSL Cipher " . $ssl_cipher . ", expected cipher is " . $t_ssl_cipher . ".");
-	}
-}
 
 ################################################################################
 ## SUB accept_connections

From 251bf60d5eeaf5b0a08e85fda4b1698d6686f801 Mon Sep 17 00:00:00 2001
From: "felix.suarez" <felix.suarez@pandorafms.com>
Date: Tue, 26 Dec 2023 15:47:42 -0600
Subject: [PATCH 05/26] Add warning time to CLI create

---
 pandora_server/util/pandora_manage.pl | 61 ++++++++++++++-------------
 1 file changed, 32 insertions(+), 29 deletions(-)

diff --git a/pandora_server/util/pandora_manage.pl b/pandora_server/util/pandora_manage.pl
index 678bcdabfb..976654a610 100755
--- a/pandora_server/util/pandora_manage.pl
+++ b/pandora_server/util/pandora_manage.pl
@@ -145,12 +145,12 @@ sub help_screen{
 	help_screen_line('--agent_update_custom_fields', '<id_agent> <type_field> <field_to_change> <new_value>', "Update an agent custom field. The fields can be \n\t  the following: Serial number, Department ... and types can be 0 text and 1 combo ");
 
 	print "\nMODULES:\n\n" unless $param ne '';
-	help_screen_line('--create_data_module', "<module_name> <module_type> <agent_name> [<description> <module_group> \n\t  <min> <max> <post_process> <interval> <warning_min> <warning_max> <critical_min> <critical_max> \n\t <history_data> <definition_file> <warning_str> <critical_str>\n\t  <unknown_events> <ff_threshold> <each_ff> <ff_threshold_normal>\n\t  <ff_threshold_warning> <ff_threshold_critical> <ff_timeout> <warning_inverse> <critical_inverse>\n\t <critical_instructions> <warning_instructions> <unknown_instructions> <use_alias> <ignore_unknown>]", 'Add data server module to agent');
-	help_screen_line('--create_web_module', "<module_name> <module_type> <agent_name> [<description> <module_group> \n\t  <min> <max> <post_process> <interval> <warning_min> <warning_max> <critical_min> <critical_max> \n\t <history_data> <retries> <requests> <agent_browser_id> <auth_server> <auth_realm> <definition_file>\n\t <proxy_url> <proxy_auth_login> <proxy_auth_password> <warning_str> <critical_str>\n\t  <unknown_events> <ff_threshold> <each_ff> <ff_threshold_normal>\n\t  <ff_threshold_warning> <ff_threshold_critical> <ff_timeout> <warning_inverse> <critical_inverse>\n\t <critical_instructions> <warning_instructions> <unknown_instructions> <use_alias> <ignore_unknown>].\n\t The valid data types are web_data, web_proc, web_content_data or web_content_string", 'Add web server module to agent');
-	help_screen_line('--create_network_module', "<module_name> <module_type> <agent_name> <module_address> \n\t  [<module_port> <description> <module_group> <min> <max> <post_process> <interval> \n\t  <warning_min> <warning_max> <critical_min> <critical_max> <history_data> <ff_threshold>\n\t  <warning_str> <critical_str> <unknown_events> <each_ff>\n\t  <ff_threshold_normal> <ff_threshold_warning> <ff_threshold_critical> <timeout> <retries>\n\t <critical_instructions> <warning_instructions> <unknown_instructions>\n\t <warning_inverse> <critical_inverse> <use_alias> <ignore_unknown>]", 'Add not snmp network module to agent');
+	help_screen_line('--create_data_module', "<module_name> <module_type> <agent_name> [<description> <module_group> \n\t  <min> <max> <post_process> <interval> <warning_min> <warning_max> <critical_min> <critical_max> \n\t <history_data> <definition_file> <warning_str> <critical_str>\n\t  <unknown_events> <ff_threshold> <each_ff> <ff_threshold_normal>\n\t  <ff_threshold_warning> <ff_threshold_critical> <ff_timeout> <warning_inverse> <critical_inverse>\n\t <critical_instructions> <warning_instructions> <unknown_instructions> <use_alias> <ignore_unknown> <warning_time>]", 'Add data server module to agent');
+	help_screen_line('--create_web_module', "<module_name> <module_type> <agent_name> [<description> <module_group> \n\t  <min> <max> <post_process> <interval> <warning_min> <warning_max> <critical_min> <critical_max> \n\t <history_data> <retries> <requests> <agent_browser_id> <auth_server> <auth_realm> <definition_file>\n\t <proxy_url> <proxy_auth_login> <proxy_auth_password> <warning_str> <critical_str>\n\t  <unknown_events> <ff_threshold> <each_ff> <ff_threshold_normal>\n\t  <ff_threshold_warning> <ff_threshold_critical> <ff_timeout> <warning_inverse> <critical_inverse>\n\t <critical_instructions> <warning_instructions> <unknown_instructions> <use_alias> <ignore_unknown> <warning_time>].\n\t The valid data types are web_data, web_proc, web_content_data or web_content_string", 'Add web server module to agent');
+	help_screen_line('--create_network_module', "<module_name> <module_type> <agent_name> <module_address> \n\t  [<module_port> <description> <module_group> <min> <max> <post_process> <interval> \n\t  <warning_min> <warning_max> <critical_min> <critical_max> <history_data> <ff_threshold>\n\t  <warning_str> <critical_str> <unknown_events> <each_ff>\n\t  <ff_threshold_normal> <ff_threshold_warning> <ff_threshold_critical> <timeout> <retries>\n\t <critical_instructions> <warning_instructions> <unknown_instructions>\n\t <warning_inverse> <critical_inverse> <use_alias> <ignore_unknown> <warning_time>]", 'Add not snmp network module to agent');
 	help_screen_line('--create_snmp_module', "<module_name> <module_type> <agent_name> <module_address> <module_port>\n\t  <version> [<community> <oid> <description> <module_group> <min> <max> <post_process> <interval>\n\t   <warning_min> <warning_max> <critical_min> <critical_max> <history_data> \n\t  <snmp3_priv_method> <snmp3_priv_pass> <snmp3_sec_level> <snmp3_auth_method> \n\t  <snmp3_auth_user> <snmp3_auth_pass> <ff_threshold> <warning_str> \n\t  <critical_str> <unknown_events> <each_ff> <ff_threshold_normal>\n\t  <ff_threshold_warning> <ff_threshold_critical> <timeout> <retries> <use_alias> <ignore_unknown>]
-	\n\t <critical_instructions> <warning_instructions> <unknown_instructions>\n\t <warning_inverse> <critical_inverse>]", 'Add snmp network module to agent');
-	help_screen_line('--create_plugin_module', "<module_name> <module_type> <agent_name> <module_address> \n\t  <module_port> <plugin_name> <user> <password> <parameters> [<description> \n\t  <module_group> <min> <max> <post_process> <interval> <warning_min> <warning_max> <critical_min> \n\t  <critical_max> <history_data> <ff_threshold> <warning_str> <critical_str>\n\t  <unknown_events> <each_ff> <ff_threshold_normal> <ff_threshold_warning>\n\t  <ff_threshold_critical> <timeout> \n\t <critical_instructions> <warning_instructions> <unknown_instructions>\n\t <warning_inverse> <critical_inverse> <use_alias> <ignore_unknown>]", 'Add plug-in module to agent');
+	\n\t <critical_instructions> <warning_instructions> <unknown_instructions>\n\t <warning_inverse> <critical_inverse> <warning_time>]", 'Add snmp network module to agent');
+	help_screen_line('--create_plugin_module', "<module_name> <module_type> <agent_name> <module_address> \n\t  <module_port> <plugin_name> <user> <password> <parameters> [<description> \n\t  <module_group> <min> <max> <post_process> <interval> <warning_min> <warning_max> <critical_min> \n\t  <critical_max> <history_data> <ff_threshold> <warning_str> <critical_str>\n\t  <unknown_events> <each_ff> <ff_threshold_normal> <ff_threshold_warning>\n\t  <ff_threshold_critical> <timeout> \n\t <critical_instructions> <warning_instructions> <unknown_instructions>\n\t <warning_inverse> <critical_inverse> <use_alias> <ignore_unknown> <warning_time>]", 'Add plug-in module to agent');
     help_screen_line('--get_module_group', '[<module_group_name>]', 'Dysplay all module groups');
     help_screen_line('--create_module_group', '<module_group_name>');
     help_screen_line('--module_group_synch', "<server_name1|server_name2|server_name3...> [<return_type>]", 'Synchronize metaconsole module groups');
@@ -1655,21 +1655,21 @@ sub cli_create_data_module($) {
 		$min,$max,$post_process, $interval, $warning_min, $warning_max, $critical_min,
 		$critical_max, $history_data, $definition_file, $configuration_data, $warning_str, $critical_str, $enable_unknown_events,
 	    $ff_threshold, $each_ff, $ff_threshold_normal, $ff_threshold_warning, $ff_threshold_critical, $ff_timeout, 
-	    $warning_inverse, $critical_inverse, $critical_instructions, $warning_instructions, $unknown_instructions, $use_alias, $ignore_unknown);
+	    $warning_inverse, $critical_inverse, $critical_instructions, $warning_instructions, $unknown_instructions, $use_alias, $ignore_unknown, $warning_time);
 	
 	if ($in_policy == 0) {
 		($module_name, $module_type, $agent_name, $description, $module_group, 
 		$min,$max,$post_process, $interval, $warning_min, $warning_max, $critical_min,
 		$critical_max, $history_data, $definition_file, $warning_str, $critical_str, $enable_unknown_events, $ff_threshold,
-		$each_ff, $ff_threshold_normal, $ff_threshold_warning, $ff_threshold_critical, $ff_timeout, 
-	    $warning_inverse, $critical_inverse, $critical_instructions, $warning_instructions, $unknown_instructions, $use_alias, $ignore_unknown) = @ARGV[2..32];
+		$each_ff, $ff_threshold_normal, $ff_threshold_warning, $ff_threshold_critical, $ff_timeout,$warning_inverse, $critical_inverse,  
+	    $critical_instructions, $warning_instructions, $unknown_instructions, $use_alias, $ignore_unknown, $warning_time) = @ARGV[2..33];
 	}
 	else {
 		($policy_name, $module_name, $module_type, $description, $module_group, 
 		$min,$max,$post_process, $interval, $warning_min, $warning_max, $critical_min,
 		$critical_max, $history_data, $configuration_data, $warning_str, $critical_str, $enable_unknown_events, $ff_threshold,
 		$each_ff, $ff_threshold_normal, $ff_threshold_warning, $ff_threshold_critical, $ff_timeout, 
-	    $warning_inverse, $critical_inverse, $critical_instructions, $warning_instructions, $unknown_instructions, $ignore_unknown) = @ARGV[2..32];
+	    $warning_inverse, $critical_inverse, $critical_instructions, $warning_instructions, $unknown_instructions, $ignore_unknown, $warning_time) = @ARGV[2..33];
 	}
  
 	my $module_name_def;
@@ -1887,6 +1887,7 @@ sub cli_create_data_module($) {
 	$parameters{'warning_instructions'} = $warning_instructions unless !defined ($warning_instructions);
 	$parameters{'unknown_instructions'} = $unknown_instructions unless !defined ($unknown_instructions);
 	$parameters{'ignore_unknown'} = $ignore_unknown unless !defined ($ignore_unknown);
+	$parameters{'warning_time'} = $warning_time unless !defined ($warning_time);
 
 	if ($in_policy == 0) {
 		if (defined $use_alias and $use_alias eq 'use_alias') {
@@ -1918,7 +1919,7 @@ sub cli_create_web_module($) {
 		$critical_max, $history_data, $retries, $requests, $agent_browser_id, $auth_server, $auth_realm, 
 		$definition_file, $proxy_url, $proxy_auth_login, $proxy_auth_password, $configuration_data, $warning_str, $critical_str, $enable_unknown_events,
 	    $ff_threshold, $each_ff, $ff_threshold_normal, $ff_threshold_warning, $ff_threshold_critical, $ff_timeout, 
-	    $warning_inverse, $critical_inverse, $critical_instructions, $warning_instructions, $unknown_instructions, $use_alias, $ignore_unknown);
+	    $warning_inverse, $critical_inverse, $critical_instructions, $warning_instructions, $unknown_instructions, $use_alias, $ignore_unknown, $warning_time);
 	
 	if ($in_policy == 0) {
 		($module_name, $module_type, $agent_name, $description, $module_group, 
@@ -1926,7 +1927,7 @@ sub cli_create_web_module($) {
 		$critical_max, $history_data, $retries, $requests, $agent_browser_id, $auth_server, $auth_realm, 
 		$definition_file, $proxy_url, $proxy_auth_login, $proxy_auth_password, $warning_str, $critical_str, 
 		$enable_unknown_events, $ff_threshold, $each_ff, $ff_threshold_normal, $ff_threshold_warning, $ff_threshold_critical, $ff_timeout, 
-	    $warning_inverse, $critical_inverse, $critical_instructions, $warning_instructions, $unknown_instructions, $use_alias, $ignore_unknown) = @ARGV[2..40];
+	    $warning_inverse, $critical_inverse, $critical_instructions, $warning_instructions, $unknown_instructions, $use_alias, $ignore_unknown, $warning_time) = @ARGV[2..41];
 	}
 	else {
 		($policy_name, $module_name, $module_type, $description, $module_group, 
@@ -1934,7 +1935,7 @@ sub cli_create_web_module($) {
 		$critical_max, $history_data, $retries, $requests, $agent_browser_id, $auth_server, $auth_realm, $configuration_data, $proxy_url,
 		 $proxy_auth_login, $proxy_auth_password, $warning_str, $critical_str, 
 		$enable_unknown_events, $ff_threshold, $each_ff, $ff_threshold_normal, $ff_threshold_warning, $ff_threshold_critical, $ff_timeout, 
-	    $warning_inverse, $critical_inverse, $critical_instructions, $warning_instructions, $unknown_instructions, $ignore_unknown) = @ARGV[2..39];
+	    $warning_inverse, $critical_inverse, $critical_instructions, $warning_instructions, $unknown_instructions, $ignore_unknown, $warning_time) = @ARGV[2..40];
 	}
 	
 	my $module_name_def;
@@ -2163,7 +2164,7 @@ sub cli_create_web_module($) {
 	$parameters{'ip_target'} = $auth_server unless !defined ($auth_server);
 	$parameters{'snmp_community'} = $auth_realm unless !defined ($auth_realm);
 	$parameters{'ignore_unknown'} = $ignore_unknown unless !defined ($ignore_unknown);
-	
+	$parameters{'warning_time'} = $warning_time unless !defined ($warning_time);
 	
 	
 	if ($in_policy == 0) {
@@ -2365,7 +2366,7 @@ sub cli_create_network_module($) {
 	$module_group, $min, $max, $post_process, $interval, $warning_min, $warning_max, $critical_min,
 	$critical_max, $history_data, $ff_threshold, $warning_str, $critical_str, $enable_unknown_events, $each_ff,
 	$ff_threshold_normal, $ff_threshold_warning, $ff_threshold_critical, $timeout, $retries, $critical_instructions, 
-	$warning_instructions, $unknown_instructions, $warning_inverse, $critical_inverse, $use_alias, $ignore_unknown);
+	$warning_instructions, $unknown_instructions, $warning_inverse, $critical_inverse, $use_alias, $ignore_unknown, $warning_time);
 	
 	if ($in_policy == 0) {
 		($module_name, $module_type, $agent_name, $module_address, $module_port, $description, 
@@ -2373,7 +2374,7 @@ sub cli_create_network_module($) {
 		$critical_max, $history_data, $ff_threshold, $warning_str, $critical_str, $enable_unknown_events,
 		$each_ff, $ff_threshold_normal, $ff_threshold_warning,
 		$ff_threshold_critical, $timeout, $retries,$critical_instructions, $warning_instructions, $unknown_instructions,
-		$warning_inverse, $critical_inverse, $use_alias, $ignore_unknown) = @ARGV[2..34];
+		$warning_inverse, $critical_inverse, $use_alias, $ignore_unknown, $warning_time) = @ARGV[2..35];
 	}
 	else {
 		($policy_name, $module_name, $module_type, $module_port, $description, 
@@ -2381,7 +2382,7 @@ sub cli_create_network_module($) {
 		$critical_max, $history_data, $ff_threshold, $warning_str, $critical_str, $enable_unknown_events,
 		$each_ff, $ff_threshold_normal, $ff_threshold_warning,
 		$ff_threshold_critical, $timeout, $retries, $critical_instructions, $warning_instructions, $unknown_instructions,
-		$warning_inverse, $critical_inverse, $ignore_unknown) = @ARGV[2..34];
+		$warning_inverse, $critical_inverse, $ignore_unknown, $warning_time) = @ARGV[2..35];
 	}
 
 	my $module_name_def;
@@ -2518,7 +2519,7 @@ sub cli_create_network_module($) {
 	$parameters{'critical_inverse'} = $critical_inverse unless !defined ($critical_inverse);
 	$parameters{'warning_inverse'} = $warning_inverse unless !defined ($warning_inverse);
 	$parameters{'ignore_unknown'} = $ignore_unknown unless !defined ($ignore_unknown);
-
+	$parameters{'warning_time'} = $warning_time unless !defined ($warning_time);
 	
 	if ($in_policy == 0) {
 		if (defined $use_alias and $use_alias eq 'use_alias') {
@@ -2550,7 +2551,7 @@ sub cli_create_snmp_module($) {
 		$warning_max, $critical_min, $critical_max, $history_data, $snmp3_priv_method, $snmp3_priv_pass,
 		$snmp3_sec_level, $snmp3_auth_method, $snmp3_auth_user, $snmp3_auth_pass, $ff_threshold, $warning_str, $critical_str, $enable_unknown_events,
 	    $each_ff, $ff_threshold_normal, $ff_threshold_warning, $ff_threshold_critical, $timeout, $retries,
-		$critical_instructions, $warning_instructions, $unknown_instructions, $warning_inverse, $critical_inverse, $use_alias, $ignore_unknown);
+		$critical_instructions, $warning_instructions, $unknown_instructions, $warning_inverse, $critical_inverse, $use_alias, $ignore_unknown, $warning_time);
 	
 	if ($in_policy == 0) {
 		($module_name, $module_type, $agent_name, $module_address, $module_port, $version, $community, 
@@ -2558,7 +2559,7 @@ sub cli_create_snmp_module($) {
 		$warning_max, $critical_min, $critical_max, $history_data, $snmp3_priv_method, $snmp3_priv_pass,
 		$snmp3_sec_level, $snmp3_auth_method, $snmp3_auth_user, $snmp3_auth_pass, $ff_threshold, $warning_str, $critical_str, $enable_unknown_events,
 		$each_ff, $ff_threshold_normal, $ff_threshold_warning, $ff_threshold_critical, $timeout, $retries,
-		$critical_instructions, $warning_instructions, $unknown_instructions, $warning_inverse, $critical_inverse, $use_alias, $ignore_unknown) = @ARGV[2..43];
+		$critical_instructions, $warning_instructions, $unknown_instructions, $warning_inverse, $critical_inverse, $use_alias, $ignore_unknown, $warning_time) = @ARGV[2..44];
 	}
 	else {
 		($policy_name, $module_name, $module_type, $module_port, $version, $community, 
@@ -2566,7 +2567,7 @@ sub cli_create_snmp_module($) {
 		$warning_max, $critical_min, $critical_max, $history_data, $snmp3_priv_method, $snmp3_priv_pass,
 		$snmp3_sec_level, $snmp3_auth_method, $snmp3_auth_user, $snmp3_auth_pass, $ff_threshold, $warning_str, $critical_str, $enable_unknown_events,
 		$each_ff, $ff_threshold_normal, $ff_threshold_warning, $ff_threshold_critical, $timeout, $retries,
-		$critical_instructions, $warning_instructions, $unknown_instructions, $warning_inverse, $critical_inverse, $ignore_unknown) = @ARGV[2..41];
+		$critical_instructions, $warning_instructions, $unknown_instructions, $warning_inverse, $critical_inverse, $ignore_unknown, $warning_time) = @ARGV[2..42];
 	}
 	
 	my $module_name_def;
@@ -2708,7 +2709,8 @@ sub cli_create_snmp_module($) {
 	$parameters{'critical_inverse'} = $critical_inverse unless !defined ($critical_inverse);
 	$parameters{'warning_inverse'} = $warning_inverse unless !defined ($warning_inverse);
 	$parameters{'ignore_unknown'} = $ignore_unknown unless !defined ($ignore_unknown);
-	
+	$parameters{'warning_time'} = $warning_time unless !defined ($warning_time);
+
 	if ($in_policy == 0) {
 		if (defined $use_alias and $use_alias eq 'use_alias') {
 			foreach my $id (@id_agents) {
@@ -2736,7 +2738,7 @@ sub cli_create_plugin_module($) {
 		$interval, $warning_min, $warning_max, $critical_min, $critical_max, $history_data, 
 		$ff_threshold, $warning_str, $critical_str, $enable_unknown_events,
 	    $each_ff, $ff_threshold_normal, $ff_threshold_warning, $ff_threshold_critical, $timeout,
-		$critical_instructions, $warning_instructions, $unknown_instructions, $warning_inverse, $critical_inverse, $use_alias, $ignore_unknown);
+		$critical_instructions, $warning_instructions, $unknown_instructions, $warning_inverse, $critical_inverse, $use_alias, $ignore_unknown, $warning_time);
 	
 	if ($in_policy == 0) {
 		($module_name, $module_type, $agent_name, $module_address, $module_port, $plugin_name,
@@ -2744,7 +2746,7 @@ sub cli_create_plugin_module($) {
 			$interval, $warning_min, $warning_max, $critical_min, $critical_max, $history_data, 
 			$ff_threshold, $warning_str, $critical_str, $enable_unknown_events,
 		$each_ff, $ff_threshold_normal, $ff_threshold_warning, $ff_threshold_critical, $timeout,
-		$critical_instructions, $warning_instructions, $unknown_instructions, $warning_inverse, $critical_inverse, $use_alias, $ignore_unknown) = @ARGV[2..37];
+		$critical_instructions, $warning_instructions, $unknown_instructions, $warning_inverse, $critical_inverse, $use_alias, $ignore_unknown, $warning_time) = @ARGV[2..38];
 	}
 	else {
 		($policy_name, $module_name, $module_type, $module_port, $plugin_name,
@@ -2752,7 +2754,7 @@ sub cli_create_plugin_module($) {
 			$interval, $warning_min, $warning_max, $critical_min, $critical_max, $history_data, 
 			$ff_threshold, $warning_str, $critical_str, $enable_unknown_events,
 		$each_ff, $ff_threshold_normal, $ff_threshold_warning, $ff_threshold_critical, $timeout,
-		$critical_instructions, $warning_instructions, $unknown_instructions, $warning_inverse, $critical_inverse, $ignore_unknown) = @ARGV[2..35];
+		$critical_instructions, $warning_instructions, $unknown_instructions, $warning_inverse, $critical_inverse, $ignore_unknown, $warning_time) = @ARGV[2..36];
 	}
 
 	my $module_name_def;
@@ -2909,7 +2911,8 @@ sub cli_create_plugin_module($) {
 	$parameters{'critical_inverse'} = $critical_inverse unless !defined ($critical_inverse);
 	$parameters{'warning_inverse'} = $warning_inverse unless !defined ($warning_inverse);
 	$parameters{'ignore_unknown'} = $ignore_unknown unless !defined ($ignore_unknown);
-	
+	$parameters{'warning_time'} = $warning_time unless !defined ($warning_time);
+
 	if ($in_policy == 0) {
 		if (defined $use_alias and $use_alias eq 'use_alias') {
 			foreach my $id (@id_agents) {
@@ -7816,7 +7819,7 @@ sub pandora_manage_main ($$$) {
 			cli_delete_agent();
 		}
 		elsif ($param eq '--create_data_module') {
-			param_check($ltotal, 31, 24);
+			param_check($ltotal, 32, 25);
 			cli_create_data_module(0);
 		}
 		elsif ($param eq '--create_web_module') {
@@ -7845,7 +7848,7 @@ sub pandora_manage_main ($$$) {
 			cli_create_snmp_module(0);
 		}
 		elsif ($param eq '--create_plugin_module') {
-			param_check($ltotal, 37, 20);
+			param_check($ltotal, 38, 21);
 			cli_create_plugin_module(0);
 		}
 		elsif ($param eq '--delete_module') {
@@ -8033,7 +8036,7 @@ sub pandora_manage_main ($$$) {
 			cli_create_policy();
 		}
 		elsif ($param eq '--create_policy_data_module') {
-			param_check($ltotal, 30, 21);
+			param_check($ltotal, 31, 22);
 			cli_create_data_module(1);
 		}
 		elsif ($param eq '--create_policy_web_module') {
@@ -8049,7 +8052,7 @@ sub pandora_manage_main ($$$) {
 			cli_create_snmp_module(1);
 		}
 		elsif ($param eq '--create_policy_plugin_module') {
-			param_check($ltotal, 35, 19);
+			param_check($ltotal, 36, 20);
 			cli_create_plugin_module(1);
 		}
 		elsif ($param eq '--create_alert_template') {

From 0c13fe6902934bc12f66a724aad3000509e4b143 Mon Sep 17 00:00:00 2001
From: "felix.suarez" <felix.suarez@pandorafms.com>
Date: Wed, 27 Dec 2023 11:09:44 -0600
Subject: [PATCH 06/26] Add warning_time to create API

---
 pandora_console/include/functions_api.php | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/pandora_console/include/functions_api.php b/pandora_console/include/functions_api.php
index 7417a48125..f75f20bca8 100644
--- a/pandora_console/include/functions_api.php
+++ b/pandora_console/include/functions_api.php
@@ -3677,6 +3677,7 @@ function api_set_create_network_module($id, $thrash1, $other, $thrash3)
         'warning_inverse'       => $other['data'][29],
         'ff_type'               => $other['data'][30],
         'ignore_unknown'        => $other['data'][32],
+        'warning_time'          => $other['data'][33],
     ];
 
     if (! $values['descripcion']) {
@@ -3956,6 +3957,7 @@ function api_set_create_plugin_module($id, $thrash1, $other, $thrash3)
         'warning_inverse'       => $other['data'][34],
         'ff_type'               => $other['data'][35],
         'ignore_unknown'        => $other['data'][37],
+        'warning_time'          => $other['data'][38],
     ];
 
     $plugin = db_get_row('tplugin', 'id', $values['id_plugin']);
@@ -4245,6 +4247,7 @@ function api_set_create_data_module($id, $thrash1, $other, $thrash3)
         'warning_inverse'       => $other['data'][25],
         'ff_type'               => $other['data'][26],
         'ignore_unknown'        => $other['data'][27],
+        'warning_time'          => $other['data'][28],
     ];
 
     if (! $values['descripcion']) {
@@ -4909,6 +4912,7 @@ function api_set_create_snmp_module($id, $thrash1, $other, $thrash3)
             'min_ff_event_critical' => $other['data'][33],
             'ff_type'               => $other['data'][34],
             'ignore_unknown'        => $other['data'][36],
+            'warning_time'          => $other['data'][37],
         ];
     } else {
         $values = [
@@ -4942,6 +4946,7 @@ function api_set_create_snmp_module($id, $thrash1, $other, $thrash3)
             'min_ff_event_critical' => $other['data'][27],
             'ff_type'               => $other['data'][28],
             'ignore_unknown'        => $other['data'][29],
+            'warning_time'          => $other['data'][30],
         ];
     }
 

From 6d1f2331d5504cb7d773f9d9396ddb1b37dad284 Mon Sep 17 00:00:00 2001
From: "felix.suarez" <felix.suarez@pandorafms.com>
Date: Wed, 27 Dec 2023 12:37:04 -0600
Subject: [PATCH 07/26] Add warning_time to update API

---
 pandora_console/include/functions_api.php | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/pandora_console/include/functions_api.php b/pandora_console/include/functions_api.php
index f75f20bca8..b2b706da87 100644
--- a/pandora_console/include/functions_api.php
+++ b/pandora_console/include/functions_api.php
@@ -3843,6 +3843,7 @@ function api_set_update_network_module($id_module, $thrash1, $other, $thrash3)
         'policy_linked',
         'ff_type',
         'ignore_unknown',
+        'warning_time',
     ];
 
     $values = [];
@@ -4120,6 +4121,7 @@ function api_set_update_plugin_module($id_module, $thrash1, $other, $thrash3)
         'policy_linked',
         'ff_type',
         'ignore_unknown',
+        'warning_time',
     ];
 
     $values = [];
@@ -4771,6 +4773,7 @@ function api_set_update_data_module($id_module, $thrash1, $other, $thrash3)
         'policy_linked',
         'ff_type',
         'ignore_unknown',
+        'warning_time',
     ];
 
     $values = [];
@@ -5116,6 +5119,7 @@ function api_set_update_snmp_module($id_module, $thrash1, $other, $thrash3)
             'policy_linked',
             'ff_type',
             'ignore_unknown',
+            'warning_time',
         ];
     } else {
         $snmp_module_fields = [
@@ -5149,6 +5153,7 @@ function api_set_update_snmp_module($id_module, $thrash1, $other, $thrash3)
             'policy_linked',
             'ff_type',
             'ignore_unknown',
+            'warning_time',
         ];
     }
 
@@ -7997,6 +8002,7 @@ function api_set_update_data_module_policy($id, $thrash1, $other, $thrash3)
         'disabled_types_event',
         'module_macros',
         'ignore_unknown',
+        'warning_time',
     ];
 
     $cont = 0;
@@ -8239,6 +8245,7 @@ function api_set_update_network_module_policy($id, $thrash1, $other, $thrash3)
         'disabled_types_event',
         'module_macros',
         'ignore_unknown',
+        'warning_time',
     ];
 
     $cont = 0;
@@ -8483,6 +8490,7 @@ function api_set_update_plugin_module_policy($id, $thrash1, $other, $thrash3)
         'macros',
         'module_macros',
         'ignore_unknown',
+        'warning_time',
     ];
 
     $cont = 0;
@@ -8966,6 +8974,7 @@ function api_set_update_snmp_module_policy($id, $thrash1, $other, $thrash3)
             'plugin_user',
             'plugin_pass',
             'ignore_unknown',
+            'warning_time',
         ];
     } else {
         $fields_snmp_module = [
@@ -8991,6 +9000,7 @@ function api_set_update_snmp_module_policy($id, $thrash1, $other, $thrash3)
             'custom_id',
             'description',
             'ignore_unknown',
+            'warning_time',
         ];
     }
 

From 3287ab2ee43ea7a97ad96354d586bcdb2a11e3e7 Mon Sep 17 00:00:00 2001
From: Daniel Cebrian <daniel.cebrian@pandorafms.com>
Date: Wed, 3 Jan 2024 17:06:20 +0100
Subject: [PATCH 08/26] #11165 new popup for command whois in netflow

---
 pandora_console/include/functions_netflow.php | 47 ++++++++++++++
 .../operation/network/network_report.php      | 64 +++++++++++++++++++
 2 files changed, 111 insertions(+)

diff --git a/pandora_console/include/functions_netflow.php b/pandora_console/include/functions_netflow.php
index bc8495969f..b78be40301 100644
--- a/pandora_console/include/functions_netflow.php
+++ b/pandora_console/include/functions_netflow.php
@@ -2293,3 +2293,50 @@ function netflow_build_map_data($start_date, $end_date, $top, $aggregate, $advan
         array_merge($relations, $orphan_hosts)
     );
 }
+
+
+/**
+ * Run whois command and return all results as array.
+ *
+ * @param integer $ip Ip for search info with command whois.
+ *
+ * @return array
+ */
+function command_whois($ip)
+{
+    $command = 'whois '.$ip;
+    $result = '';
+    exec($command, $result);
+    if (empty($result) === false && is_array($result) === true) {
+        $resultArray = parse_whois_output($result);
+    } else {
+        $resultArray = [];
+    }
+
+    return $resultArray;
+}
+
+
+/**
+ * Parse the result of command whois to array.
+ *
+ * @param array $lines Lines result of command whois.
+ *
+ * @return array
+ */
+function parse_whois_output($lines)
+{
+    $resultArray = [];
+    if (is_array($lines) === true) {
+        foreach ($lines as $line) {
+            $parts = explode(':', $line, 2);
+            if (count($parts) === 2 && strpos($line, '#') !== 0) {
+                $key = trim($parts[0]);
+                $value = trim($parts[1]);
+                $resultArray[$key] = $value;
+            }
+        }
+    }
+
+    return $resultArray;
+}
diff --git a/pandora_console/operation/network/network_report.php b/pandora_console/operation/network/network_report.php
index 66847f4c1b..bc72602fd0 100644
--- a/pandora_console/operation/network/network_report.php
+++ b/pandora_console/operation/network/network_report.php
@@ -41,7 +41,10 @@ if (! check_acl($config['id_user'], 0, 'AR')) {
 
 // Ajax callbacks.
 if (is_ajax() === true) {
+    include_once $config['homedir'].'/include/functions_netflow.php';
     $get_filter_values = get_parameter('get_filter_values', 0);
+    $whois = (bool) get_parameter('whois', 0);
+
     // Get values of the current network filter.
     if ($get_filter_values) {
         $id = get_parameter('id');
@@ -51,6 +54,34 @@ if (is_ajax() === true) {
         echo json_encode($filter_values);
     }
 
+    if ($whois) {
+        $ip = get_parameter('ip');
+        $info = command_whois($ip);
+        $output = '';
+        if (is_array($info) === true && count($info) > 0) {
+            $table = new \stdClass();
+            $table->class = 'details_table dataTable info_table';
+            $table->data = [];
+            $row = 0;
+            foreach ($info as $key => $value) {
+                $table->data[$row][0] = $key;
+                $table->data[$row][1] = $value;
+                $row++;
+            }
+
+            $output = html_print_table($table, true);
+        } else {
+            $output = ui_print_info_message(__('No data found'));
+        }
+
+        html_print_div(
+            [
+                'content' => $output,
+                'style'   => 'max-height: 600px;',
+            ],
+        );
+    }
+
     return;
 }
 
@@ -462,6 +493,7 @@ foreach ($data as $item) {
             array_merge($hidden_main_link, ['main_value' => $item['host']]),
             'image'
         );
+        $row['main'] .= html_print_input_image('whois', 'images/eye.png', 'whois', '', true, ['onclick' => 'whois(\''.$item['host'].'\')']);
     }
 
     $row['main'] .= '</div>';
@@ -572,6 +604,13 @@ html_print_div(
         'style'   => 'position: initial;',
     ]
 );
+
+html_print_div(
+    [
+        'id'    => 'modal_whois',
+        'class' => 'invisible',
+    ]
+);
 ?>
 <script>
 $(document).ready(function(){
@@ -654,4 +693,29 @@ function nf_view_click_period() {
     document.getElementById('period_container').style.display = !is_period ? 'none' : 'flex';
     document.getElementById('end_date_container').style.display = is_period ? 'none' : 'flex';
 }
+
+function whois(ip) {
+    load_modal({
+        target: $('#modal_whois'),
+        url: '<?php echo ui_get_full_url('ajax.php', false, false, false); ?>',
+        modal: {
+            title: '<?php echo __('Details'); ?>',
+            ok: '<?php echo __('Ok'); ?>',
+        },
+        extradata: [
+            {
+                name: "ip",
+                value: ip,
+            },
+            {
+                name: "whois",
+                value: 1,
+            }
+        ],
+        onshow: {
+            page: '<?php echo $config['homedir'].'/operation/network/network_report'; ?>',
+            width: 800,
+        }
+    });
+}
 </script>

From e99c7be6b80778e4c3dfa8e58952d01c6b307f40 Mon Sep 17 00:00:00 2001
From: Daniel Cebrian <daniel.cebrian@pandorafms.com>
Date: Wed, 3 Jan 2024 17:58:23 +0100
Subject: [PATCH 09/26] #12034 fixed empty screen in public link

---
 pandora_console/include/lib/Dashboard/Manager.php | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/pandora_console/include/lib/Dashboard/Manager.php b/pandora_console/include/lib/Dashboard/Manager.php
index 720045dccc..08765b5eba 100644
--- a/pandora_console/include/lib/Dashboard/Manager.php
+++ b/pandora_console/include/lib/Dashboard/Manager.php
@@ -311,6 +311,15 @@ class Manager implements PublicLogin
 
         if ($this->dashboardId !== 0) {
             $this->dashboardFields = $this->get();
+            if (is_array($this->dashboardFields) === true && count($this->dashboardFields) === 0) {
+                db_pandora_audit(
+                    AUDIT_LOG_HACK_ATTEMPT,
+                    'Trying to access to dashboard that not exist'
+                );
+                include 'general/noaccess.php';
+                exit;
+            }
+
             $this->cells = Cell::getCells($this->dashboardId);
         }
 

From 6091071f03c7ef93ddc91e0af067daa5451d7974 Mon Sep 17 00:00:00 2001
From: Jonathan <jonathan.leon@pandorafms.com>
Date: Tue, 30 Jan 2024 10:11:53 +0100
Subject: [PATCH 10/26] #12718 fix error on signature package ums

---
 .../update_manager_client/lib/UpdateManager/Client.php     | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/pandora_console/update_manager_client/lib/UpdateManager/Client.php b/pandora_console/update_manager_client/lib/UpdateManager/Client.php
index 0931297fdc..5431c0b58c 100644
--- a/pandora_console/update_manager_client/lib/UpdateManager/Client.php
+++ b/pandora_console/update_manager_client/lib/UpdateManager/Client.php
@@ -2383,7 +2383,7 @@ class Client
 
             // Retrieve package from UMS.
             $this->notify(0, 'Downloading server update '.$version);
-            $this->post(
+            $package = $this->post(
                 [
                     'action'    => 'get_server_package',
                     'arguments' => ['version' => $version],
@@ -2407,6 +2407,11 @@ class Client
                 return false;
             }
 
+            if (empty($package) === true) {
+                $this->lastError = 'Error on Package from UMS';
+                return false;
+            }
+
             if ($this->propagateUpdates === true) {
                 $this->saveSignature(
                     $signature,

From c008aee180e3b2bb1fedc95f0b28f716ca78bf13 Mon Sep 17 00:00:00 2001
From: Jonathan <jonathan.leon@pandorafms.com>
Date: Tue, 30 Jan 2024 12:01:20 +0100
Subject: [PATCH 11/26] #12815 modules search space entity

---
 pandora_console/godmode/agentes/module_manager.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pandora_console/godmode/agentes/module_manager.php b/pandora_console/godmode/agentes/module_manager.php
index b4cd0e2351..c3772c00d3 100644
--- a/pandora_console/godmode/agentes/module_manager.php
+++ b/pandora_console/godmode/agentes/module_manager.php
@@ -575,7 +575,7 @@ $where = sprintf('delete_pending = 0 AND id_agente = %s', $id_agente);
 $search_string_entities = io_safe_input($search_string);
 
 $basic_where = sprintf(
-    "(REPLACE(nombre, '&#x20;', ' ')  LIKE '%%%s%%' OR REPLACE(nombre, '&#x20;', ' ') LIKE '%%%s%%' OR REPLACE(descripcion, '&#x20;', ' ') LIKE '%%%s%%' OR REPLACE(descripcion, '&#x20;', ' ') LIKE '%%%s%%') AND",
+    "(nombre LIKE '%%%s%%' OR nombre LIKE '%%%s%%' OR descripcion LIKE '%%%s%%' OR descripcion LIKE '%%%s%%') AND",
     $search_string,
     $search_string_entities,
     $search_string,

From f430d3ce9f646f797348426320d126e855abf414 Mon Sep 17 00:00:00 2001
From: Jonathan <jonathan.leon@pandorafms.com>
Date: Tue, 30 Jan 2024 14:53:48 +0100
Subject: [PATCH 12/26] #12797 fix select2

---
 pandora_console/include/class/ExtensionsDiscovery.class.php | 1 +
 pandora_console/include/javascript/extensions_discovery.js  | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/pandora_console/include/class/ExtensionsDiscovery.class.php b/pandora_console/include/class/ExtensionsDiscovery.class.php
index 84528c5bb1..b9b5d0ebf2 100644
--- a/pandora_console/include/class/ExtensionsDiscovery.class.php
+++ b/pandora_console/include/class/ExtensionsDiscovery.class.php
@@ -452,6 +452,7 @@ class ExtensionsDiscovery extends Wizard
      */
     public function run()
     {
+        ui_require_javascript_file('select2.min');
         ui_require_javascript_file('extensions_discovery');
         $_iniFile = $this->loadIni();
         if ($_iniFile === false) {
diff --git a/pandora_console/include/javascript/extensions_discovery.js b/pandora_console/include/javascript/extensions_discovery.js
index 15b8bfa60b..6dbef136c8 100644
--- a/pandora_console/include/javascript/extensions_discovery.js
+++ b/pandora_console/include/javascript/extensions_discovery.js
@@ -4,7 +4,7 @@ $(document).ready(() => {
   $("#_credentials_").select2({
     closeOnSelect: true
   });
-
+  var interval;
   if (interval === "0") {
     setTimeout(() => {
       $("#mode_interval")

From 2531de8cb0a4d2446b72670ce391e58faccee025 Mon Sep 17 00:00:00 2001
From: Daniel Cebrian <daniel.cebrian@pandorafms.com>
Date: Tue, 30 Jan 2024 14:58:04 +0100
Subject: [PATCH 13/26] #12034 fixed page not access when dashboard is deleted

---
 pandora_console/include/lib/Dashboard/Manager.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pandora_console/include/lib/Dashboard/Manager.php b/pandora_console/include/lib/Dashboard/Manager.php
index a7df33dce5..946097b207 100644
--- a/pandora_console/include/lib/Dashboard/Manager.php
+++ b/pandora_console/include/lib/Dashboard/Manager.php
@@ -311,7 +311,7 @@ class Manager implements PublicLogin
 
         if ($this->dashboardId !== 0) {
             $this->dashboardFields = $this->get();
-            if (is_array($this->dashboardFields) === true && count($this->dashboardFields) === 0) {
+            if ($this->deleteDashboard === false && is_array($this->dashboardFields) === true && count($this->dashboardFields) === 0) {
                 db_pandora_audit(
                     AUDIT_LOG_HACK_ATTEMPT,
                     'Trying to access to dashboard that not exist'

From 727ee659ae9875402505b0416bf8c370a4f5b45b Mon Sep 17 00:00:00 2001
From: Jonathan <jonathan.leon@pandorafms.com>
Date: Tue, 30 Jan 2024 15:37:04 +0100
Subject: [PATCH 14/26] #12791 fix wizard welcome

---
 pandora_console/general/header.php | 33 +++++++++++++++++++++++++++++-
 1 file changed, 32 insertions(+), 1 deletion(-)

diff --git a/pandora_console/general/header.php b/pandora_console/general/header.php
index 5ad89d8d31..35b994fead 100644
--- a/pandora_console/general/header.php
+++ b/pandora_console/general/header.php
@@ -1021,11 +1021,14 @@ echo sprintf('<div id="header_table" class="header_table_%s">', $menuTypeClass);
                 modal: {
                     title: "<?php echo __('Welcome to').' '.io_safe_output(get_product_name()); ?>",
                     cancel: '<?php echo __('Do not show anymore'); ?>',
-                    ok: '<?php echo __('Close'); ?>'
+                    ok: '<?php echo __('Close'); ?>',
+                    overlay: true,
+                    overlayExtraClass: 'welcome-overlay',
                 },
                 onshow: {
                     page: 'include/ajax/welcome_window',
                     method: 'loadWelcomeWindow',
+                    width: 1000,
                 },
                 oncancel: {
                     page: 'include/ajax/welcome_window',
@@ -1043,6 +1046,34 @@ echo sprintf('<div id="header_table" class="header_table_%s">', $menuTypeClass);
                             }
                         })
                     }
+                },
+                onload: () => {
+                    $(document).ready(function () {
+                        var buttonpane = $("div[aria-describedby='welcome_modal_window'] .ui-dialog-buttonpane.ui-widget-content.ui-helper-clearfix");
+                        $(buttonpane).append(`
+                        <div class="welcome-wizard-buttons">
+                            <label>
+                                <input type="checkbox" class="welcome-wizard-do-not-show" value="1" />
+                                <?php echo __('Do not show anymore'); ?>
+                            </label>
+                            <button class="close-wizard-button"><?php echo __('Close wizard'); ?></button>
+                        </div>
+                        `);
+
+                        var closeWizard = $("button.close-wizard-button");
+
+                        $(closeWizard).click(function (e) {
+                            var close = $("div[aria-describedby='welcome_modal_window'] button.sub.ok.submit-next.ui-button");
+                            var cancel = $("div[aria-describedby='welcome_modal_window'] button.sub.upd.submit-cancel.ui-button");
+                            var checkbox = $("div[aria-describedby='welcome_modal_window'] .welcome-wizard-do-not-show:checked").length;
+
+                            if (checkbox === 1) {
+                                $(cancel).click();
+                            } else {
+                                $(close).click()
+                            }
+                        });
+                    });
                 }
             });
         });

From 0df437992620576bb80c57f29d13c08ef0904f43 Mon Sep 17 00:00:00 2001
From: "alejandro.campos@artica.es" <alejandro.campos@artica.es>
Date: Tue, 30 Jan 2024 17:47:43 +0100
Subject: [PATCH 15/26] fixed database ncm info

---
 pandora_console/extras/mr/68.sql | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/pandora_console/extras/mr/68.sql b/pandora_console/extras/mr/68.sql
index 254cb2e7c1..b7aff681a9 100644
--- a/pandora_console/extras/mr/68.sql
+++ b/pandora_console/extras/mr/68.sql
@@ -10,5 +10,7 @@ ALTER TABLE `tusuario` CHANGE COLUMN `metaconsole_data_section` `metaconsole_dat
 
 ALTER TABLE `tmensajes` ADD COLUMN `icon_notification` VARCHAR(250) NULL DEFAULT NULL AFTER `url`;
 
+UPDATE `tncm_template` SET `vendors` = CONCAT('["', TRIM(BOTH '"' FROM TRIM(BOTH ']' FROM TRIM(BOTH '[' FROM vendors))), '"]'), `models` = CONCAT('["', TRIM(BOTH '"' FROM TRIM(BOTH ']' FROM TRIM(BOTH '[' FROM models))), '"]');
+UPDATE `tncm_agent_data_template` SET `vendors` = CONCAT('["', TRIM(BOTH '"' FROM TRIM(BOTH ']' FROM TRIM(BOTH '[' FROM vendors))), '"]'), `models` = CONCAT('["', TRIM(BOTH '"' FROM TRIM(BOTH ']' FROM TRIM(BOTH '[' FROM models))), '"]');
 
 COMMIT;
\ No newline at end of file

From 60d2733066b04a2fc0ca5e65ef2b7f38bfb4bd9f Mon Sep 17 00:00:00 2001
From: Daniel Cebrian <daniel.cebrian@pandorafms.com>
Date: Tue, 30 Jan 2024 18:22:20 +0100
Subject: [PATCH 16/26] #12794 fixed login when user use external login

---
 pandora_console/godmode/users/configure_user.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pandora_console/godmode/users/configure_user.php b/pandora_console/godmode/users/configure_user.php
index 2344116cb1..668216d330 100644
--- a/pandora_console/godmode/users/configure_user.php
+++ b/pandora_console/godmode/users/configure_user.php
@@ -770,7 +770,7 @@ if ($update_user) {
         $id_user = (string) get_parameter('id_user', '');
 
         if ($password_new != '') {
-            if ($config['auth'] !== 'mysql') {
+            if ($config['auth'] !== 'mysql' && $values['local_user'] === false) {
                 ui_print_error_message(__('It is not possible to change the password because external authentication is being used'));
             } else {
                 $correct_password = false;

From 137488ee8c42df573453dbe4fe8ffb7e4596c642 Mon Sep 17 00:00:00 2001
From: Daniel Cebrian <daniel.cebrian@pandorafms.com>
Date: Wed, 31 Jan 2024 10:05:36 +0100
Subject: [PATCH 17/26] #12798 fixed unauth sql injection in grafana

---
 pandora_console/extensions/grafana/query.php  | 3 +++
 pandora_console/extensions/grafana/search.php | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/pandora_console/extensions/grafana/query.php b/pandora_console/extensions/grafana/query.php
index 3c7a843542..ac54d98161 100644
--- a/pandora_console/extensions/grafana/query.php
+++ b/pandora_console/extensions/grafana/query.php
@@ -23,6 +23,9 @@ if ($headers['Authorization']) {
 
     list($user, $password) = explode(':', base64_decode($headers['Authorization']));
 
+    // Prevent sql injection.
+    $user = mysqli_real_escape_string($config['dbconnection'], $user);
+
     // Check user login
     $user_in_db = process_user_login($user, $password, true);
 
diff --git a/pandora_console/extensions/grafana/search.php b/pandora_console/extensions/grafana/search.php
index 9193dd290e..82b670398b 100644
--- a/pandora_console/extensions/grafana/search.php
+++ b/pandora_console/extensions/grafana/search.php
@@ -24,6 +24,9 @@ if ($headers['Authorization']) {
 
     list($user, $password) = explode(':', base64_decode($headers['Authorization']));
 
+    // Prevent sql injection.
+    $user = mysqli_real_escape_string($config['dbconnection'], $user);
+
     // Check user login
     $user_in_db = process_user_login($user, $password, true);
 

From 8bf37940724ed9418f27292ae6d3b1dc2050a260 Mon Sep 17 00:00:00 2001
From: Daniel Cebrian <daniel.cebrian@pandorafms.com>
Date: Wed, 31 Jan 2024 15:02:20 +0100
Subject: [PATCH 18/26] #12824 fixed create agent view

---
 .../godmode/agentes/agent_manager.php            | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/pandora_console/godmode/agentes/agent_manager.php b/pandora_console/godmode/agentes/agent_manager.php
index 80a480dd12..283610e06a 100644
--- a/pandora_console/godmode/agentes/agent_manager.php
+++ b/pandora_console/godmode/agentes/agent_manager.php
@@ -507,14 +507,16 @@ if (enterprise_installed()) {
     // Read configuration file.
     $files = config_agents_get_agent_config_filenames($id_agente);
     $file_name = $files['conf'];
-    $agent_config = file_get_contents($file_name);
-    $encoding = 'UTF-8';
-    $agent_config_utf8 = mb_convert_encoding($agent_config, 'UTF-8', $encoding);
-    if ($agent_config_utf8 !== false) {
-        $agent_config = $agent_config_utf8;
-    }
+    if (empty($file_name) === false) {
+        $agent_config = file_get_contents($file_name);
+        $encoding = 'UTF-8';
+        $agent_config_utf8 = mb_convert_encoding($agent_config, 'UTF-8', $encoding);
+        if ($agent_config_utf8 !== false) {
+            $agent_config = $agent_config_utf8;
+        }
 
-    $broker = str_contains($agent_config, '#broker active');
+        $broker = str_contains($agent_config, '#broker active');
+    }
 }
 
 if ($broker === false) {

From b026a248e36e581fbada0a84162c08adb659913c Mon Sep 17 00:00:00 2001
From: Jonathan <jonathan.leon@pandorafms.com>
Date: Wed, 31 Jan 2024 15:40:44 +0100
Subject: [PATCH 19/26] #12805 ipam change permisions AW/PM

---
 pandora_console/godmode/menu.php | 47 ++++++++++++++++++++++----------
 1 file changed, 32 insertions(+), 15 deletions(-)

diff --git a/pandora_console/godmode/menu.php b/pandora_console/godmode/menu.php
index a77e63b95b..3505e7cf2c 100644
--- a/pandora_console/godmode/menu.php
+++ b/pandora_console/godmode/menu.php
@@ -518,7 +518,18 @@ if ($access_console_node === true) {
 }
 
 
-if ((bool) check_acl($config['id_user'], 0, 'PM') === true || (bool) check_acl($config['id_user'], 0, 'DM') === true) {
+if ((bool) check_acl($config['id_user'], 0, 'AW') === true) {
+    $show_ipam = false;
+    $ipam = db_get_all_rows_sql('SELECT users_operator FROM tipam_network');
+    foreach ($ipam as $row) {
+        if (str_contains($row['users_operator'], '-1') || str_contains($row['users_operator'], $config['id_user'])) {
+            $show_ipam = true;
+            break;
+        }
+    }
+}
+
+if ((bool) check_acl($config['id_user'], 0, 'PM') === true || (bool) check_acl($config['id_user'], 0, 'DM') === true || $show_ipam === true) {
     $menu_godmode['gextensions']['text'] = __('Admin tools');
     $menu_godmode['gextensions']['sec2'] = 'godmode/extensions';
     $menu_godmode['gextensions']['id'] = 'god-extensions';
@@ -535,8 +546,6 @@ if ((bool) check_acl($config['id_user'], 0, 'PM') === true || (bool) check_acl($
             $sub['tools/diagnostics']['text'] = __('Diagnostic info');
             $sub['tools/diagnostics']['id'] = 'diagnostic_info';
             enterprise_hook('omnishell');
-            enterprise_hook('ipam_submenu');
-
             $sub['godmode/setup/news']['text'] = __('Site news');
             $sub['godmode/setup/news']['id'] = 'site_news';
         }
@@ -558,9 +567,15 @@ if ((bool) check_acl($config['id_user'], 0, 'PM') === true || (bool) check_acl($
         }
     }
 
-    $sub['godmode/events/configuration_sounds']['text'] = __('Acoustic console setup');
-    $sub['godmode/events/configuration_sounds']['id'] = 'Acoustic console setup';
-    $sub['godmode/events/configuration_sounds']['pages'] = ['godmode/events/configuration_sounds'];
+    if (((bool) check_acl($config['id_user'], 0, 'PM') === true && $access_console_node === true) || $show_ipam === true) {
+        enterprise_hook('ipam_submenu');
+    }
+
+    if ((bool) check_acl($config['id_user'], 0, 'PM') === true || (bool) check_acl($config['id_user'], 0, 'DM') === true) {
+        $sub['godmode/events/configuration_sounds']['text'] = __('Acoustic console setup');
+        $sub['godmode/events/configuration_sounds']['id'] = 'Acoustic console setup';
+        $sub['godmode/events/configuration_sounds']['pages'] = ['godmode/events/configuration_sounds'];
+    }
 
     $menu_godmode['gextensions']['sub'] = $sub;
 }
@@ -638,16 +653,18 @@ if ($access_console_node === true) {
         }
 
         // Complete the submenu.
-        $extension_view = [];
-        $extension_view['godmode/extensions']['id'] = 'extension_manager_view';
-        $extension_view['godmode/extensions']['text'] = __('Extension manager view');
-        $extension_submenu = array_merge($extension_view, $sub2);
+        if (users_is_admin($config['id_user']) === true) {
+            $extension_view = [];
+            $extension_view['godmode/extensions']['id'] = 'extension_manager_view';
+            $extension_view['godmode/extensions']['text'] = __('Extension manager view');
+            $extension_submenu = array_merge($extension_view, $sub2);
 
-        $sub['godmode/extensions']['sub2'] = $extension_submenu;
-        $sub['godmode/extensions']['text'] = __('Extension manager');
-        $sub['godmode/extensions']['id'] = 'extension_manager';
-        $sub['godmode/extensions']['type'] = 'direct';
-        $sub['godmode/extensions']['subtype'] = 'nolink';
+            $sub['godmode/extensions']['sub2'] = $extension_submenu;
+            $sub['godmode/extensions']['text'] = __('Extension manager');
+            $sub['godmode/extensions']['id'] = 'extension_manager';
+            $sub['godmode/extensions']['type'] = 'direct';
+            $sub['godmode/extensions']['subtype'] = 'nolink';
+        }
 
         if (is_array($menu_godmode['gextensions']['sub']) === true) {
             $submenu = array_merge($menu_godmode['gextensions']['sub'], $sub);

From 5feb11c547e2eb54a939c9c6a028a2542dd2fefd Mon Sep 17 00:00:00 2001
From: Daniel Cebrian <daniel.cebrian@pandorafms.com>
Date: Wed, 31 Jan 2024 16:34:25 +0100
Subject: [PATCH 20/26] 9992 added email test dialog in metaconsole

---
 .../godmode/setup/setup_general.php           | 112 ------------------
 pandora_console/include/functions_html.php    |  49 ++++++++
 pandora_console/include/javascript/pandora.js |  57 +++++++++
 3 files changed, 106 insertions(+), 112 deletions(-)

diff --git a/pandora_console/godmode/setup/setup_general.php b/pandora_console/godmode/setup/setup_general.php
index 46a91e27c6..3366fcc6f8 100644
--- a/pandora_console/godmode/setup/setup_general.php
+++ b/pandora_console/godmode/setup/setup_general.php
@@ -960,60 +960,6 @@ echo '<legend>'.__('Mail configuration').'</legend>';
     );
 
     echo '</form>';
-
-
-    /**
-     * Print the modal window for the summary of each alerts group
-     *
-     * @param string $id Id.
-     *
-     * @return void
-     */
-    function print_email_test_modal_window($id)
-    {
-        // Email config table.
-        $table_mail_test = new stdClass();
-        $table_mail_test->width = '100%';
-        $table_mail_test->class = 'filter-table-adv';
-        $table_mail_test->data = [];
-
-        $table_mail_test->data[0][] = html_print_label_input_block(
-            __('Address'),
-            html_print_input_text(
-                'email_test_address',
-                '',
-                '',
-                35,
-                100,
-                true
-            )
-        );
-
-        $table_mail_test->data[1][] = '&nbsp&nbsp<span id="email_test_sent_message" class="invisible"><b>Email sent</b></span><span id="email_test_failure_message" class=invisible"><b>Email could not be sent</b></span>';
-
-        // $table_mail_test->colspan[2][0] = 2;
-        $submitButton = html_print_div(
-            [
-                'class'   => 'action-buttons-right-forced',
-                'content' => html_print_button(
-                    __('Send'),
-                    'email_test',
-                    false,
-                    '',
-                    [
-                        'icon' => 'cog',
-                        'mode' => 'mini',
-                    ],
-                    true
-                ),
-            ],
-            true
-        );
-
-        echo '<div id="email_test_'.$id.'" title="'.__('Check mail configuration').'" class="invisible">'.html_print_table($table_mail_test, true).$submitButton.'</div>';
-    }
-
-
     ?>
 <script type="text/javascript">
 function show_timezone () {
@@ -1033,62 +979,6 @@ function show_timezone () {
     });
 }
 
-function show_email_test(id) {
-    $('#email_test_sent_message').hide();
-    $('#email_test_failure_message').hide();
-
-    $("#email_test_"+id).dialog({
-        resizable: true,
-        draggable: true,
-        modal: true,
-        width: 450,
-        overlay: {
-            opacity: 0.5,
-            background: "black"
-        }
-    });
-}
-
-function perform_email_test () {
-    $('#email_test_sent_message').hide();
-    $('#email_test_failure_message').hide();
-
-    var test_address = $('#text-email_test_address').val();
-    params = {
-        email_smtpServer : $('#text-email_smtpServer').val(),
-        email_smtpPort : $('#text-email_smtpPort').val(),
-        email_username : $('#text-email_username').val(),
-        email_password : $('#password-email_password').val(),
-        email_encryption : $( "#email_encryption option:selected" ).val(),
-        email_from_dir : $('#text-email_from_dir').val(),
-        email_from_name : $('#text-email_from_name').val()
-    };
-
-    $.ajax({
-        type: "POST",
-        url: "ajax.php",
-        data : {
-                    page: "godmode/setup/setup_general",
-                    test_address: test_address,
-                    params: params
-                },
-        dataType: "json",
-        success: function(data) {
-            if (parseInt(data) === 1) {
-                $('#email_test_sent_message').show();
-                $('#email_test_failure_message').hide();
-            } else {
-                $('#email_test_failure_message').show();
-                $('#email_test_sent_message').hide();
-            }
-        },
-        error: function() {
-            $('#email_test_failure_message').show();
-            $('#email_test_sent_message').hide();
-        },
-    });
-}
-
 $(document).ready (function () {
 
     $("#zone").attr("hidden", true);
@@ -1146,8 +1036,6 @@ $(document).ready (function () {
         }
     })
 
-    $('#button-email_test').click(perform_email_test);
-
     $("#right_iblacklist").click (function () {
         jQuery.each($("select[name='inventory_changes_blacklist_out[]'] option:selected"), function (key, value) {
             imodule_name = $(value).html();
diff --git a/pandora_console/include/functions_html.php b/pandora_console/include/functions_html.php
index 580802fc94..3a4ca01ebb 100644
--- a/pandora_console/include/functions_html.php
+++ b/pandora_console/include/functions_html.php
@@ -7691,3 +7691,52 @@ function html_print_wizard_diagnosis(
         echo $output;
     }
 }
+
+
+/**
+ * Print the modal window for the summary of each alerts group
+ *
+ * @param string $id Id.
+ *
+ * @return void
+ */
+function print_email_test_modal_window($id)
+{
+    // Email config table.
+    $table_mail_test = new stdClass();
+    $table_mail_test->width = '100%';
+    $table_mail_test->class = 'filter-table-adv';
+    $table_mail_test->data = [];
+    $table_mail_test->data[0][] = html_print_label_input_block(
+        __('Address'),
+        html_print_input_text(
+            'email_test_address',
+            '',
+            '',
+            35,
+            100,
+            true
+        )
+    );
+    $table_mail_test->data[1][] = '&nbsp&nbsp<span id="email_test_sent_message" class="invisible"><b>Email sent</b></span><span id="email_test_failure_message" class=invisible"><b>Email could not be sent</b></span>';
+    // $table_mail_test->colspan[2][0] = 2;
+    $submitButton = html_print_div(
+        [
+            'class'   => 'action-buttons-right-forced',
+            'content' => html_print_button(
+                __('Send'),
+                'email_test',
+                false,
+                'perform_email_test()',
+                [
+                    'icon' => 'cog',
+                    'mode' => 'mini',
+                ],
+                true
+            ),
+        ],
+        true
+    );
+
+    echo '<div id="email_test_'.$id.'" title="'.__('Check mail configuration').'" class="invisible">'.html_print_table($table_mail_test, true).$submitButton.'</div>';
+}
diff --git a/pandora_console/include/javascript/pandora.js b/pandora_console/include/javascript/pandora.js
index 8d7bf3a1b2..2c39e69288 100644
--- a/pandora_console/include/javascript/pandora.js
+++ b/pandora_console/include/javascript/pandora.js
@@ -2621,3 +2621,60 @@ function christmas_click(flagEasternEgg) {
     }, 120000);
   }
 }
+
+function perform_email_test() {
+  $("#email_test_sent_message").hide();
+  $("#email_test_failure_message").hide();
+
+  var test_address = $("#text-email_test_address").val();
+  var params = {
+    email_smtpServer: $("#text-email_smtpServer").val(),
+    email_smtpPort: $("#text-email_smtpPort").val(),
+    email_username: $("#text-email_username").val(),
+    email_password: $("#password-email_password").val(),
+    email_encryption: $("#email_encryption option:selected").val(),
+    email_from_dir: $("#text-email_from_dir").val(),
+    email_from_name: $("#text-email_from_name").val()
+  };
+
+  $.ajax({
+    type: "POST",
+    url: "ajax.php",
+    data: {
+      page: "godmode/setup/setup_general",
+      test_address: test_address,
+      params: params
+    },
+    dataType: "json",
+    success: function(data) {
+      if (parseInt(data) === 1) {
+        $("#email_test_sent_message").show();
+        $("#email_test_failure_message").hide();
+      } else {
+        console.log($("#email_test_failure_message"));
+        $("#email_test_failure_message").show();
+        $("#email_test_sent_message").hide();
+      }
+    },
+    error: function() {
+      $("#email_test_failure_message").show();
+      $("#email_test_sent_message").hide();
+    }
+  });
+}
+
+function show_email_test(id) {
+  $("#email_test_sent_message").hide();
+  $("#email_test_failure_message").hide();
+
+  $("#email_test_" + id).dialog({
+    resizable: true,
+    draggable: true,
+    modal: true,
+    width: 450,
+    overlay: {
+      opacity: 0.5,
+      background: "black"
+    }
+  });
+}

From eecf92657a0e288b200acaca9bdb1f6b3a6bba2a Mon Sep 17 00:00:00 2001
From: Jonathan <jonathan.leon@pandorafms.com>
Date: Wed, 31 Jan 2024 17:02:02 +0100
Subject: [PATCH 21/26] #12790 remove entities only name

---
 pandora_console/include/functions_visual_map.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pandora_console/include/functions_visual_map.php b/pandora_console/include/functions_visual_map.php
index f3d5752fe4..9415862686 100755
--- a/pandora_console/include/functions_visual_map.php
+++ b/pandora_console/include/functions_visual_map.php
@@ -3791,7 +3791,7 @@ function visual_map_get_user_layouts(
     $retval = [];
     foreach ($layouts as $layout) {
         if ($only_names) {
-            $retval[$layout['id']] = $layout['name'];
+            $retval[$layout['id']] = io_safe_output($layout['name']);
         } else {
             $retval[$layout['id']] = $layout;
         }

From 48d7a63eb1895955a2777f496017a212b80d69a7 Mon Sep 17 00:00:00 2001
From: Daniel Cebrian <daniel.cebrian@pandorafms.com>
Date: Thu, 1 Feb 2024 14:54:23 +0100
Subject: [PATCH 22/26] #12149 added post_max_size notification

---
 .../include/class/ConsoleSupervisor.php       | 32 ++++++++++++++++---
 .../include/class/Diagnostics.class.php       |  4 +++
 pandora_console/include/functions_menu.php    |  8 +++++
 .../include/functions_notifications.php       |  1 +
 4 files changed, 41 insertions(+), 4 deletions(-)

diff --git a/pandora_console/include/class/ConsoleSupervisor.php b/pandora_console/include/class/ConsoleSupervisor.php
index 9ae7b09921..cac8befb56 100644
--- a/pandora_console/include/class/ConsoleSupervisor.php
+++ b/pandora_console/include/class/ConsoleSupervisor.php
@@ -1671,6 +1671,10 @@ class ConsoleSupervisor
             ini_get('upload_max_filesize')
         );
 
+        $PHPpost_max_size = config_return_in_bytes(
+            ini_get('post_max_size')
+        );
+
         // PHP configuration.
         $PHPmax_input_time = ini_get('max_input_time');
         $PHPmemory_limit = config_return_in_bytes(ini_get('memory_limit'));
@@ -1678,6 +1682,7 @@ class ConsoleSupervisor
         $PHPsafe_mode = ini_get('safe_mode');
         $PHPdisable_functions = ini_get('disable_functions');
         $PHPupload_max_filesize_min = config_return_in_bytes('800M');
+        $PHPpost_max_size_min = config_return_in_bytes('800M');
         $PHPmemory_limit_min = config_return_in_bytes('800M');
         $PHPSerialize_precision = ini_get('serialize_precision');
 
@@ -1728,7 +1733,7 @@ class ConsoleSupervisor
                     'message'           => sprintf(
                         __('Recommended value is %s'),
                         '-1 ('.__('Unlimited').')'
-                    ).'<br><br>'.__('Please, change it on your PHP configuration file (php.ini) or contact with administrator (Do not forget to restart Apache process after)'),
+                    ).'<br>'.__('Please, change it on your PHP configuration file (php.ini) or contact with administrator (Do not forget to restart Apache process after)'),
                     'url'               => $url,
                     'icon_notification' => self::ICON_INFORMATION,
                 ]
@@ -1753,7 +1758,7 @@ class ConsoleSupervisor
                     'message'           => sprintf(
                         __('Recommended value is: %s'),
                         '0 ('.__('Unlimited').')'
-                    ).'<br><br>'.__('Please, change it on your PHP configuration file (php.ini) or contact with administrator (Dont forget restart apache process after changes)'),
+                    ).'<br>'.__('Please, change it on your PHP configuration file (php.ini) or contact with administrator (Dont forget restart apache process after changes)'),
                     'url'               => $url,
                     'icon_notification' => self::ICON_INFORMATION,
                 ]
@@ -1778,7 +1783,7 @@ class ConsoleSupervisor
                     'message'           => sprintf(
                         __('Recommended value is: %s'),
                         sprintf(__('%s or greater'), '800M')
-                    ).'<br><br>'.__('Please, change it on your PHP configuration file (php.ini) or contact with administrator (Dont forget restart apache process after changes)'),
+                    ).'<br>'.__('Please, change it on your PHP configuration file (php.ini) or contact with administrator (Dont forget restart apache process after changes)'),
                     'url'               => $url,
                     'icon_notification' => self::ICON_INFORMATION,
                 ]
@@ -1808,7 +1813,7 @@ class ConsoleSupervisor
                     'message'           => sprintf(
                         __('Recommended value is: %s'),
                         sprintf(__('%s or greater'), $recommended_memory)
-                    ).'<br><br>'.__('Please, change it on your PHP configuration file (php.ini) or contact with administrator'),
+                    ).'<br>'.__('Please, change it on your PHP configuration file (php.ini) or contact with administrator'),
                     'url'               => $url,
                     'icon_notification' => self::ICON_INFORMATION,
                 ]
@@ -1915,6 +1920,25 @@ class ConsoleSupervisor
         } else {
             $this->cleanNotifications('NOTIF.PHP.VERSION.SUPPORT');
         }
+
+        if ($PHPpost_max_size < $PHPpost_max_size_min && (int) $PHPpost_max_size !== -1) {
+            $url = 'https://www.php.net/manual/en/ini.core.php#ini.post-max-size';
+            $this->notify(
+                [
+                    'type'              => 'NOTIF.PHP.POST_MAX_SIZE',
+                    'title'             => __('PHP POST MAX SIZE'),
+                    'message'           => sprintf(
+                        __('Recommended value is: %s'),
+                        sprintf(__('%sM or greater'), ($PHPpost_max_size_min / 1024 / 1024))
+                    ).'<br>'.__('Please, change it on your PHP configuration file (php.ini) or contact with administrator'),
+                    'url'               => $url,
+                    'icon_notification' => self::ICON_HEADSUP,
+                ]
+            );
+        } else {
+            $this->cleanNotifications('NOTIF.PHP.POST_MAX_SIZE');
+        }
+
     }
 
 
diff --git a/pandora_console/include/class/Diagnostics.class.php b/pandora_console/include/class/Diagnostics.class.php
index 9d4a3b2901..4120bbd2e9 100644
--- a/pandora_console/include/class/Diagnostics.class.php
+++ b/pandora_console/include/class/Diagnostics.class.php
@@ -533,6 +533,10 @@ class Diagnostics extends Wizard
                     'name'  => __('PHP Memory limit'),
                     'value' => ini_get('memory_limit'),
                 ],
+                'postMaxSize'      => [
+                    'name'  => __('PHP Post max size'),
+                    'value' => ini_get('post_max_size'),
+                ],
                 'sessionLifetime'  => [
                     'name'  => __('Session cookie lifetime'),
                     'value' => ini_get('session.cookie_lifetime'),
diff --git a/pandora_console/include/functions_menu.php b/pandora_console/include/functions_menu.php
index 37d4e11c38..6a0d424836 100644
--- a/pandora_console/include/functions_menu.php
+++ b/pandora_console/include/functions_menu.php
@@ -1230,6 +1230,14 @@ if (is_ajax()) {
                                         <p style="font-size: 10pt;">'.$php_sys->data->memoryLimit->value.'</p>
                                     </th>
                                 </tr>
+                                <tr>
+                                <th style="width: 35%;">
+                                    <p><span>'.$php_sys->data->postMaxSize->name.'</span></p>
+                                </th>
+                                <th style="width: 65%;">
+                                    <p style="font-size: 10pt;">'.$php_sys->data->postMaxSize->value.'</p>
+                                </th>
+                            </tr>
                                 <tr>
                                     <th style="width: 35%;">
                                         <p><span>'.$php_sys->data->sessionLifetime->name.'</span></p>
diff --git a/pandora_console/include/functions_notifications.php b/pandora_console/include/functions_notifications.php
index 61330b66f7..141d3ae8cc 100644
--- a/pandora_console/include/functions_notifications.php
+++ b/pandora_console/include/functions_notifications.php
@@ -133,6 +133,7 @@ function notifications_get_subtypes(?string $source=null)
             'NOTIF.PHP.INPUT_TIME',
             'NOTIF.PHP.EXECUTION_TIME',
             'NOTIF.PHP.UPLOAD_MAX_FILESIZE',
+            'NOTIF.PHP.POST_MAX_SIZE',
             'NOTIF.PHP.MEMORY_LIMIT',
             'NOTIF.PHP.DISABLE_FUNCTIONS',
             'NOTIF.PHP.CHROMIUM',

From 64698c49511ce22288c66b747f283febbed67ea6 Mon Sep 17 00:00:00 2001
From: Daniel Cebrian <daniel.cebrian@pandorafms.com>
Date: Thu, 1 Feb 2024 15:38:52 +0100
Subject: [PATCH 23/26] #12149 upload max file size in about and diagnostic
 info

---
 .../include/class/Diagnostics.class.php          | 16 ++++++++++------
 pandora_console/include/functions_menu.php       | 10 +++++++++-
 2 files changed, 19 insertions(+), 7 deletions(-)

diff --git a/pandora_console/include/class/Diagnostics.class.php b/pandora_console/include/class/Diagnostics.class.php
index 4120bbd2e9..52fab8f914 100644
--- a/pandora_console/include/class/Diagnostics.class.php
+++ b/pandora_console/include/class/Diagnostics.class.php
@@ -517,27 +517,31 @@ class Diagnostics extends Wizard
         $result = [
             'error' => false,
             'data'  => [
-                'phpVersion'       => [
+                'phpVersion'        => [
                     'name'  => __('PHP Version'),
                     'value' => phpversion(),
                 ],
-                'maxExecutionTime' => [
+                'maxExecutionTime'  => [
                     'name'  => __('PHP Max execution time'),
                     'value' => ini_get('max_execution_time'),
                 ],
-                'maxInputTime'     => [
+                'maxInputTime'      => [
                     'name'  => __('PHP Max input time'),
                     'value' => ini_get('max_input_time'),
                 ],
-                'memoryLimit'      => [
+                'memoryLimit'       => [
                     'name'  => __('PHP Memory limit'),
                     'value' => ini_get('memory_limit'),
                 ],
-                'postMaxSize'      => [
+                'postMaxSize'       => [
                     'name'  => __('PHP Post max size'),
                     'value' => ini_get('post_max_size'),
                 ],
-                'sessionLifetime'  => [
+                'uploadMaxFilesize' => [
+                    'name'  => __('PHP Upload max file size'),
+                    'value' => ini_get('upload_max_filesize'),
+                ],
+                'sessionLifetime'   => [
                     'name'  => __('Session cookie lifetime'),
                     'value' => ini_get('session.cookie_lifetime'),
                 ],
diff --git a/pandora_console/include/functions_menu.php b/pandora_console/include/functions_menu.php
index 6a0d424836..aa19f58ded 100644
--- a/pandora_console/include/functions_menu.php
+++ b/pandora_console/include/functions_menu.php
@@ -1237,7 +1237,15 @@ if (is_ajax()) {
                                 <th style="width: 65%;">
                                     <p style="font-size: 10pt;">'.$php_sys->data->postMaxSize->value.'</p>
                                 </th>
-                            </tr>
+                                </tr>
+                                <tr>
+                                <th style="width: 35%;">
+                                    <p><span>'.$php_sys->data->uploadMaxFilesize->name.'</span></p>
+                                </th>
+                                <th style="width: 65%;">
+                                    <p style="font-size: 10pt;">'.$php_sys->data->uploadMaxFilesize->value.'</p>
+                                </th>
+                                </tr>
                                 <tr>
                                     <th style="width: 35%;">
                                         <p><span>'.$php_sys->data->sessionLifetime->name.'</span></p>

From d8fdb22c891252eb5c2364a7deb45d4db0cc9779 Mon Sep 17 00:00:00 2001
From: Daniel Cebrian <daniel.cebrian@pandorafms.com>
Date: Fri, 2 Feb 2024 10:47:36 +0100
Subject: [PATCH 24/26] #12810 change value status license in diagnostics

---
 .../include/class/Diagnostics.class.php       | 25 ++++++++++++++++++-
 .../include/functions_update_manager.php      | 19 --------------
 2 files changed, 24 insertions(+), 20 deletions(-)

diff --git a/pandora_console/include/class/Diagnostics.class.php b/pandora_console/include/class/Diagnostics.class.php
index 9d4a3b2901..1b76652a6c 100644
--- a/pandora_console/include/class/Diagnostics.class.php
+++ b/pandora_console/include/class/Diagnostics.class.php
@@ -483,7 +483,7 @@ class Diagnostics extends Wizard
                 ],
                 'isEnterprise'  => [
                     'name'  => __('Enterprise installed'),
-                    'value' => (enterprise_installed()) ? __('true') : __('false'),
+                    'value' => $this->getStatusLicense(),
                 ],
                 'customerKey'   => [
                     'name'  => __('Update Key'),
@@ -505,6 +505,29 @@ class Diagnostics extends Wizard
     }
 
 
+    /**
+     * Return status of license.
+     *
+     * @return string
+     */
+    private function getStatusLicense():string
+    {
+        global $config;
+
+        if (enterprise_installed() === true) {
+            if (isset($config['license_mode'])
+                && (int) $config['license_mode'] === 0
+            ) {
+                return __('FREE/TRIAL');
+            } else {
+                return __('LICENCED');
+            }
+        } else {
+            return __('OpenSource');
+        }
+    }
+
+
     /**
      * PHP Status.
      *
diff --git a/pandora_console/include/functions_update_manager.php b/pandora_console/include/functions_update_manager.php
index f78b94d188..5c41828e11 100755
--- a/pandora_console/include/functions_update_manager.php
+++ b/pandora_console/include/functions_update_manager.php
@@ -98,25 +98,6 @@ function update_manager_get_current_package()
 }
 
 
-/**
- * Check if a trial license is in use.
- *
- * @return boolean true if a trial license is in use, false otherwise.
- */
-function update_manager_verify_trial()
-{
-    global $config;
-
-    if (isset($config['license_licensed_to'])
-        && strstr($config['license_licensed_to'], 'info@pandorafms.com') !== false
-    ) {
-        return true;
-    }
-
-    return false;
-}
-
-
 /**
  * Checks if there are packages available to be installed.
  *

From 3e40558443045db8652c589a427c9eccb9f6c62c Mon Sep 17 00:00:00 2001
From: Daniel Cebrian <daniel.cebrian@pandorafms.com>
Date: Fri, 2 Feb 2024 10:55:57 +0100
Subject: [PATCH 25/26] #12810 fixed license_mode status

---
 pandora_console/include/class/Diagnostics.class.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pandora_console/include/class/Diagnostics.class.php b/pandora_console/include/class/Diagnostics.class.php
index 1b76652a6c..17ded9a8eb 100644
--- a/pandora_console/include/class/Diagnostics.class.php
+++ b/pandora_console/include/class/Diagnostics.class.php
@@ -516,7 +516,7 @@ class Diagnostics extends Wizard
 
         if (enterprise_installed() === true) {
             if (isset($config['license_mode'])
-                && (int) $config['license_mode'] === 0
+                && (int) $config['license_mode'] === 1
             ) {
                 return __('FREE/TRIAL');
             } else {

From c6cb0c8747c3bf9956c23575500b450b382c50ce Mon Sep 17 00:00:00 2001
From: Daniel Cebrian <daniel.cebrian@pandorafms.com>
Date: Fri, 2 Feb 2024 12:14:49 +0100
Subject: [PATCH 26/26] #12810 changed text licensed in info status

---
 pandora_console/include/class/Diagnostics.class.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pandora_console/include/class/Diagnostics.class.php b/pandora_console/include/class/Diagnostics.class.php
index 17ded9a8eb..b097bbba48 100644
--- a/pandora_console/include/class/Diagnostics.class.php
+++ b/pandora_console/include/class/Diagnostics.class.php
@@ -520,7 +520,7 @@ class Diagnostics extends Wizard
             ) {
                 return __('FREE/TRIAL');
             } else {
-                return __('LICENCED');
+                return __('LICENSED');
             }
         } else {
             return __('OpenSource');