From 4589a7c298de516a1503b0c29ce08210da8bf799 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Gonz=C3=A1lez?= Date: Thu, 12 May 2022 18:31:24 +0200 Subject: [PATCH 1/3] Added control for WMI binary --- pandora_console/godmode/setup/performance.php | 10 ++++++++++ .../include/class/AgentWizard.class.php | 18 +++++++++++++----- pandora_console/include/functions_config.php | 8 ++++++++ pandora_console/include/functions_wmi.php | 6 +++--- 4 files changed, 34 insertions(+), 8 deletions(-) diff --git a/pandora_console/godmode/setup/performance.php b/pandora_console/godmode/setup/performance.php index ad74c490c2..a2851b568c 100644 --- a/pandora_console/godmode/setup/performance.php +++ b/pandora_console/godmode/setup/performance.php @@ -661,6 +661,16 @@ $tip = ui_print_help_tip( true ); +$table_other->data[$i][0] = __('WMI binary'); +$table_other->data[$i++][1] = html_print_input_text( + 'wmiBinary', + $config['wmiBinary'], + '', + 50, + 10, + true +); + if (enterprise_installed() === true) { $table_other->data[$i][0] = __('PhantomJS cache cleanup ').$tip; $table_other->data[$i++][1] = html_print_input( diff --git a/pandora_console/include/class/AgentWizard.class.php b/pandora_console/include/class/AgentWizard.class.php index 2d7f2f37da..0cf4afaeab 100644 --- a/pandora_console/include/class/AgentWizard.class.php +++ b/pandora_console/include/class/AgentWizard.class.php @@ -278,6 +278,13 @@ class AgentWizard extends HTML */ private $extraArguments = ''; + /** + * Binary of wmic. + * + * @var string + */ + private $wmiBinary = ''; + /** * Constructor @@ -291,7 +298,7 @@ class AgentWizard extends HTML // Check access. check_login(); - if (!check_acl($config['id_user'], 0, 'AR')) { + if ((bool) check_acl($config['id_user'], 0, 'AR') === false) { db_pandora_audit( AUDIT_LOG_ACL_VIOLATION, 'Trying to access event viewer' @@ -311,6 +318,7 @@ class AgentWizard extends HTML $this->idAgent = get_parameter('id_agente', ''); $this->idPolicy = get_parameter('id', ''); $this->targetIp = get_parameter('targetIp', ''); + $this->wmiBinary = $config['wmiBinary']; if (empty($this->idAgent) === false) { $array_aux = db_get_all_rows_sql( @@ -1044,7 +1052,7 @@ class AgentWizard extends HTML $oidExplore = '.1.3.6.1.2.1.1.2.0'; } - // Explore general or interfaces + // Explore general or interfaces. $receivedOid = $this->snmpWalkValues( $oidExplore, false, @@ -1080,7 +1088,7 @@ class AgentWizard extends HTML // Capture the parameters. // Call WMI Explorer function. $this->wmiCommand = wmi_compose_query( - 'wmic', + $this->wmiBinary, $this->usernameWMI, $this->passwordWMI, $this->targetIp, @@ -5717,7 +5725,7 @@ class AgentWizard extends HTML $(this).removeClass('hidden'); return; } - + if (this.id.match(regex)) { $(this).removeClass('hidden'); } else { @@ -5729,7 +5737,7 @@ class AgentWizard extends HTML $(this).addClass('hidden'); } } - + if (filter_up == true) { if ($(this).attr('operstatus') != 1) { $(this).addClass('hidden'); diff --git a/pandora_console/include/functions_config.php b/pandora_console/include/functions_config.php index 07537de173..b730d9cfe0 100644 --- a/pandora_console/include/functions_config.php +++ b/pandora_console/include/functions_config.php @@ -928,6 +928,10 @@ function config_update_config() $error_update[] = __('SNMP walk binary path (fallback for v1)'); } + if (config_update_value('wmiBinary', get_parameter('wmiBinary'), true) === false) { + $error_update[] = __('Default WMI Binary'); + } + $pjs = get_parameter('phantomjs_cache_interval'); switch ($pjs) { case $config['phantomjs_cache_interval']: @@ -2088,6 +2092,10 @@ function config_process_config() config_update_value('snmpwalk_fallback', 'snmpwalk'); } + if (isset($config['wmiBinary']) === false) { + config_update_value('wmiBinary', 'pandorawmic'); + } + if (!isset($config['event_purge'])) { config_update_value('event_purge', 15); } diff --git a/pandora_console/include/functions_wmi.php b/pandora_console/include/functions_wmi.php index 7148233957..7f01e3f2bd 100644 --- a/pandora_console/include/functions_wmi.php +++ b/pandora_console/include/functions_wmi.php @@ -32,13 +32,13 @@ function wmi_compose_query($wmi_client, $user, $password, $host, $namespace='') { $wmi_command = ''; - if (!empty($password)) { - $wmi_command = $wmi_client.' -U "'.$user.'"%"'.$password.'"'; + if (empty($password) === false) { + $wmi_command = $wmi_client.' -U \''.$user.'\'%\''.$password.'\''; } else { $wmi_command = $wmi_client.' -U "'.$user.'"'; } - if (!empty($namespace)) { + if (empty($namespace) === false) { $namespace = str_replace('"', "'", $namespace); $wmi_command .= ' --namespace="'.$namespace.'"'; } From 275fd2ed19a565b770ff74cd6ee5a42143bf07af Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Gonz=C3=A1lez?= Date: Mon, 20 Jun 2022 16:20:49 +0200 Subject: [PATCH 2/3] Fix minor issues related with pandorawmic --- pandora_console/godmode/setup/performance.php | 2 +- .../include/class/AgentWizard.class.php | 75 +++++++++++-------- 2 files changed, 44 insertions(+), 33 deletions(-) diff --git a/pandora_console/godmode/setup/performance.php b/pandora_console/godmode/setup/performance.php index a2851b568c..1246cd8abc 100644 --- a/pandora_console/godmode/setup/performance.php +++ b/pandora_console/godmode/setup/performance.php @@ -667,7 +667,7 @@ $table_other->data[$i++][1] = html_print_input_text( $config['wmiBinary'], '', 50, - 10, + 50, true ); diff --git a/pandora_console/include/class/AgentWizard.class.php b/pandora_console/include/class/AgentWizard.class.php index 0cf4afaeab..7cc44f2d4b 100644 --- a/pandora_console/include/class/AgentWizard.class.php +++ b/pandora_console/include/class/AgentWizard.class.php @@ -2814,7 +2814,7 @@ class AgentWizard extends HTML // Unpack the query filters. $queryFilters = json_decode($module['query_filters'], true); // Name of query filter field. - $fieldValueName = $fieldSet[$queryFilters['field']]; + $fieldValueName = (empty($fieldSet[$queryFilters['field']]) === false) ? $fieldSet[$queryFilters['field']] : '1'; // Evaluate type of scan and execution. if ($module['scan_type'] == SCAN_TYPE_FIXED) { @@ -2900,6 +2900,7 @@ class AgentWizard extends HTML $dataCombined = array_combine($columnsList, $rowList); // Change the macros for values. foreach ($dataCombined as $macroKey => $macroValue) { + $macroKey = trim($macroKey); if (preg_match('/_'.$macroKey.'_/', $valueOperation) !== 0) { $valueOperation = preg_replace( '/_'.$macroKey.'_/', @@ -3003,6 +3004,7 @@ class AgentWizard extends HTML ); // Change the macros for values. foreach ($dataCombined as $macroKey => $macroValue) { + $macroKey = trim($macroKey); if (preg_match('/_'.$macroKey.'_/', $valueOperation) !== 0) { $valueOperation = preg_replace( '/_'.$macroKey.'_/', @@ -3030,39 +3032,48 @@ class AgentWizard extends HTML } } - // Create the final table with all of data received. - foreach ($moduleBlocks as $module) { - // Prepare the blocks. If its new, create a new index. - if (key_exists($module['group'], $blockTables) === false) { - $blockTables[$module['group']] = [ - 'name' => $module['group_name'], - 'data' => [], - ]; + // If we not retrieve information (P.E. connection refused). + if (empty($moduleBlocks) === true) { + $this->message['type'][] = 'warning'; + $this->message['message'][] = __( + 'No information could be retrieved.' + ); + $this->showMessage(); + } else { + // Create the final table with all of data received. + foreach ($moduleBlocks as $module) { + // Prepare the blocks. If its new, create a new index. + if (key_exists($module['group'], $blockTables) === false) { + $blockTables[$module['group']] = [ + 'name' => $module['group_name'], + 'data' => [], + ]; + } + + // Add the module info in the block. + $blockTables[$module['group']]['data'][] = $module; + if (isset($blockTables[$module['group']]['activeModules']) === false + && (int) $module['module_enabled'] === 1 + ) { + $blockTables[$module['group']]['activeModules'] = 2; + } else if (isset($blockTables[$module['group']]['activeModules']) === true + && (int) $module['module_enabled'] === 0 + ) { + $blockTables[$module['group']]['activeModules'] = 1; + } } - // Add the module info in the block. - $blockTables[$module['group']]['data'][] = $module; - if (isset($blockTables[$module['group']]['activeModules']) === false - && (int) $module['module_enabled'] === 1 - ) { - $blockTables[$module['group']]['activeModules'] = 2; - } else if (isset($blockTables[$module['group']]['activeModules']) === true - && (int) $module['module_enabled'] === 0 - ) { - $blockTables[$module['group']]['activeModules'] = 1; - } + // General Default monitoring. + html_print_div( + [ + 'class' => 'wizard wizard-result', + 'style' => 'margin-top: 20px;', + 'content' => $this->toggleTableModules($blockTables), + ] + ); + // Add Create Modules form. + $this->createModulesForm(); } - - // General Default monitoring. - html_print_div( - [ - 'class' => 'wizard wizard-result', - 'style' => 'margin-top: 20px;', - 'content' => $this->toggleTableModules($blockTables), - ] - ); - // Add Create Modules form. - $this->createModulesForm(); } @@ -5544,13 +5555,13 @@ class AgentWizard extends HTML string $unit='', ?int $type=0 ) { + $output = ''; try { // Avoid non-numeric or arithmetic chars for security reasons. if (preg_match('/(([^0-9\s\+\-\*\/\(\).,])+)/', $operation) === 1) { throw new Exception(sprintf(__("The operation '%s' is not permitted. Review for remote components."), $operation)); } else { // Get the result of the operation and set it. - $output = ''; eval('$output = '.$operation.';'); // If this module has unit, attach to current value. $output = $this->replacementUnit( From 38ecfd5b62f51c61efbadfff51042226f4ff5d1e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Gonz=C3=A1lez?= Date: Wed, 22 Jun 2022 14:25:08 +0200 Subject: [PATCH 3/3] Added message for control return code in WMI --- .../include/class/AgentWizard.class.php | 39 +++++++++++-------- 1 file changed, 23 insertions(+), 16 deletions(-) diff --git a/pandora_console/include/class/AgentWizard.class.php b/pandora_console/include/class/AgentWizard.class.php index 7cc44f2d4b..382fa2fca9 100644 --- a/pandora_console/include/class/AgentWizard.class.php +++ b/pandora_console/include/class/AgentWizard.class.php @@ -1098,19 +1098,26 @@ class AgentWizard extends HTML // the host is Windows (and allow WMI). $commandQuery = $this->wmiCommand; $commandQuery .= ' "SELECT Caption FROM Win32_ComputerSystem"'; - // Execute the wmic command. + // Declare the vars. $result = []; - exec($commandQuery, $result); - $execCorrect = true; + $returnVar = 0; $tmpError = ''; - - // Look for the response if we have ERROR messages. - foreach ($result as $info) { - if (preg_match('/ERROR:/', $info) !== 0) { - $execCorrect = false; - $tmpError = strrchr($info, 'ERROR:'); - break; + $execCorrect = true; + // Execute the command. + exec($commandQuery, $result, $returnVar); + // Only is valid if return code is 0. + if ($returnVar === 0) { + // Look for the response if we have ERROR messages. + foreach ($result as $info) { + if (preg_match('/ERROR:/', $info) !== 0) { + $execCorrect = false; + $tmpError = strrchr($info, 'ERROR:'); + break; + } } + } else { + $tmpError = sprintf('Return Code %s', $returnVar); + $execCorrect = false; } // FOUND ERRORS: TIMEOUT. @@ -2849,13 +2856,13 @@ class AgentWizard extends HTML // If name of the module have a macro. $moduleBlocks[$k]['name'] = $this->macroFilter( - $module['name'], + io_safe_output($module['name']), $columnsList, $rowList ); // Description can have macros too. $moduleBlocks[$k]['description'] = $this->macroFilter( - $module['description'], + io_safe_output($module['description']), $columnsList, $rowList ); @@ -2867,7 +2874,7 @@ class AgentWizard extends HTML ); foreach ($columnsList as $columnKey => $columnValue) { - $macros['macros']['_'.$columnValue.'_'] = $rowList[$columnKey]; + $macros['macros']['_'.trim($columnValue).'_'] = $rowList[trim($columnKey)]; } $moduleBlocks[$k]['macros'] = json_encode($macros); @@ -2946,19 +2953,19 @@ class AgentWizard extends HTML $rowList = explode('|', $rowContent); // If name of the module have a macro. $newModule['name'] = $this->macroFilter( - $module['name'], + io_safe_output($module['name']), $columnsList, $rowList ); // Description can have macros too. $newModule['description'] = $this->macroFilter( - $module['description'], + io_safe_output($module['description']), $columnsList, $rowList ); $newModule['query_filters'] = $this->macroFilter( - $module['query_filters'], + io_safe_output($module['query_filters']), $columnsList, $rowList );