diff --git a/extras/pandora_update_version.sh b/extras/pandora_update_version.sh index 6d486a253c..1953c7c834 100755 --- a/extras/pandora_update_version.sh +++ b/extras/pandora_update_version.sh @@ -56,6 +56,7 @@ AGENT_WIN_RC_FILE="$CODEHOME/pandora_agents/win32/versioninfo.rc" SATELLITE_FILE="$PANDHOME_ENT/satellite_server/satellite_server.pl" PERL_PLUGIN_FILES="$PANDHOME_ENT/pandora_plugins/NGINX/nginx_requests_queued.pl \ $PANDHOME_ENT/pandora_plugins/Sybase/sybase_plugin.pl \ +$PANDHOME_ENT/pandora_plugins/JMX/pandora_plugin_jmx.pl \ $PANDHOME_ENT/pandora_plugins/MarkLogic/pandora_marklogic.pl \ $PANDHOME_ENT/pandora_plugins/Apache/pandora_apache.pl \ $PANDHOME_ENT/pandora_plugins/Oracle/Database/pandora_oracle.pl \ @@ -66,6 +67,7 @@ $PANDHOME_ENT/pandora_plugins/Informix/informix.pl \ $PANDHOME_ENT/pandora_plugins/Ruckus/ruckus.pl \ $PANDHOME_ENT/pandora_plugins/UX/pandora_ux.pl \ $PANDHOME_ENT/pandora_plugins/JMX/pandora_plugin_jmx.pl \ +$PANDHOME_ENT/pandora_plugins/SNMP/dynamic_snmp.pl \ $PANDHOME_ENT/pandora_plugins/MySQL/pandora_mysql.pl \ $PANDHOME_ENT/pandora_server/util/plugin/vmware-plugin.pl " PLUGIN_LIB_FILE="$CODEHOME/pandora_server/lib/PandoraFMS/PluginTools.pm" diff --git a/pandora_agents/unix/DEBIAN/control b/pandora_agents/unix/DEBIAN/control index 1353032e27..aa45b0b23c 100644 --- a/pandora_agents/unix/DEBIAN/control +++ b/pandora_agents/unix/DEBIAN/control @@ -1,5 +1,5 @@ package: pandorafms-agent-unix -Version: 7.0NG.722-180509 +Version: 7.0NG.722-180522 Architecture: all Priority: optional Section: admin diff --git a/pandora_agents/unix/DEBIAN/make_deb_package.sh b/pandora_agents/unix/DEBIAN/make_deb_package.sh index 1d58b02f5b..a891688f34 100644 --- a/pandora_agents/unix/DEBIAN/make_deb_package.sh +++ b/pandora_agents/unix/DEBIAN/make_deb_package.sh @@ -14,7 +14,7 @@ # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. -pandora_version="7.0NG.722-180509" +pandora_version="7.0NG.722-180522" echo "Test if you has the tools for to make the packages." whereis dpkg-deb | cut -d":" -f2 | grep dpkg-deb > /dev/null diff --git a/pandora_agents/unix/pandora_agent b/pandora_agents/unix/pandora_agent index f19a4686c5..b5e245dc96 100755 --- a/pandora_agents/unix/pandora_agent +++ b/pandora_agents/unix/pandora_agent @@ -42,7 +42,7 @@ my $Sem = undef; my $ThreadSem = undef; use constant AGENT_VERSION => '7.0NG.722'; -use constant AGENT_BUILD => '180509'; +use constant AGENT_BUILD => '180522'; # Agent log default file size maximum and instances use constant DEFAULT_MAX_LOG_SIZE => 600000; diff --git a/pandora_agents/unix/pandora_agent.redhat.spec b/pandora_agents/unix/pandora_agent.redhat.spec index 946077f8aa..c86087f9c7 100644 --- a/pandora_agents/unix/pandora_agent.redhat.spec +++ b/pandora_agents/unix/pandora_agent.redhat.spec @@ -3,7 +3,7 @@ # %define name pandorafms_agent_unix %define version 7.0NG.722 -%define release 180509 +%define release 180522 Summary: Pandora FMS Linux agent, PERL version Name: %{name} diff --git a/pandora_agents/unix/pandora_agent.spec b/pandora_agents/unix/pandora_agent.spec index c60d45ddf8..e9706ca567 100644 --- a/pandora_agents/unix/pandora_agent.spec +++ b/pandora_agents/unix/pandora_agent.spec @@ -3,7 +3,7 @@ # %define name pandorafms_agent_unix %define version 7.0NG.722 -%define release 180509 +%define release 180522 Summary: Pandora FMS Linux agent, PERL version Name: %{name} diff --git a/pandora_agents/unix/pandora_agent_installer b/pandora_agents/unix/pandora_agent_installer index 59e9f2254e..545cccc233 100755 --- a/pandora_agents/unix/pandora_agent_installer +++ b/pandora_agents/unix/pandora_agent_installer @@ -10,7 +10,7 @@ # ********************************************************************** PI_VERSION="7.0NG.722" -PI_BUILD="180509" +PI_BUILD="180522" OS_NAME=`uname -s` FORCE=0 diff --git a/pandora_agents/win32/installer/pandora.mpi b/pandora_agents/win32/installer/pandora.mpi index b0778f767a..4d5d20319a 100644 --- a/pandora_agents/win32/installer/pandora.mpi +++ b/pandora_agents/win32/installer/pandora.mpi @@ -186,7 +186,7 @@ UpgradeApplicationID {} Version -{180509} +{180522} ViewReadme {Yes} diff --git a/pandora_agents/win32/pandora.cc b/pandora_agents/win32/pandora.cc index df2ff3a6c2..978947be91 100644 --- a/pandora_agents/win32/pandora.cc +++ b/pandora_agents/win32/pandora.cc @@ -30,7 +30,7 @@ using namespace Pandora; using namespace Pandora_Strutils; #define PATH_SIZE _MAX_PATH+1 -#define PANDORA_VERSION ("7.0NG.722(Build 180509)") +#define PANDORA_VERSION ("7.0NG.722(Build 180522)") string pandora_path; string pandora_dir; diff --git a/pandora_agents/win32/versioninfo.rc b/pandora_agents/win32/versioninfo.rc index cf3c37f6e9..e695181758 100644 --- a/pandora_agents/win32/versioninfo.rc +++ b/pandora_agents/win32/versioninfo.rc @@ -11,7 +11,7 @@ BEGIN VALUE "LegalCopyright", "Artica ST" VALUE "OriginalFilename", "PandoraAgent.exe" VALUE "ProductName", "Pandora FMS Windows Agent" - VALUE "ProductVersion", "(7.0NG.722(Build 180509))" + VALUE "ProductVersion", "(7.0NG.722(Build 180522))" VALUE "FileVersion", "1.0.0.0" END END diff --git a/pandora_console/DEBIAN/control b/pandora_console/DEBIAN/control index 42f1670403..6ab6811d54 100644 --- a/pandora_console/DEBIAN/control +++ b/pandora_console/DEBIAN/control @@ -1,5 +1,5 @@ package: pandorafms-console -Version: 7.0NG.722-180509 +Version: 7.0NG.722-180522 Architecture: all Priority: optional Section: admin diff --git a/pandora_console/DEBIAN/make_deb_package.sh b/pandora_console/DEBIAN/make_deb_package.sh index cac280e543..53eae0dffd 100644 --- a/pandora_console/DEBIAN/make_deb_package.sh +++ b/pandora_console/DEBIAN/make_deb_package.sh @@ -14,7 +14,7 @@ # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. -pandora_version="7.0NG.722-180509" +pandora_version="7.0NG.722-180522" package_pear=0 package_pandora=1 diff --git a/pandora_console/ajax.php b/pandora_console/ajax.php index 261babb5aa..b3e9fff95f 100644 --- a/pandora_console/ajax.php +++ b/pandora_console/ajax.php @@ -46,8 +46,19 @@ if (isset ($_GET["loginhash"])) { } } +$public_hash = get_parameter('hash', false); + // Check user -//check_login (); +if ($public_hash === false) { + check_login(); +} else { + enterprise_include_once('include/functions_dashboard.php'); + if (dashboard_check_public_hash($public_hash) === false) { + db_pandora_audit("Invalid public hash", "Trying to access public dashboard"); + require ("general/noaccess.php"); + exit; + } +} define ('AJAX', true); diff --git a/pandora_console/extensions/agents_alerts.php b/pandora_console/extensions/agents_alerts.php index f5cad20d74..ccc1539fdc 100755 --- a/pandora_console/extensions/agents_alerts.php +++ b/pandora_console/extensions/agents_alerts.php @@ -83,7 +83,7 @@ function mainAgentsAlerts() { } } - $refr = get_parameter('refr', 30); // By default 30 seconds + $refr = (int) get_parameter('refr', 30); // By default 30 seconds $show_modules = (bool) get_parameter ("show_modules",0); $group_id = get_parameter('group_id', 0); $offset = get_parameter('offset', 0); diff --git a/pandora_console/extensions/agents_modules.php b/pandora_console/extensions/agents_modules.php index da8f1c5550..98dacdc7e5 100644 --- a/pandora_console/extensions/agents_modules.php +++ b/pandora_console/extensions/agents_modules.php @@ -14,7 +14,7 @@ // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. -$refr = get_parameter('refresh', 0); // By default 30 seconds +$refr = (int) get_parameter('refresh', 0); // By default 30 seconds function mainAgentsModules() { global $config; @@ -62,7 +62,7 @@ function mainAgentsModules() { $updated_time = $updated_info; $modulegroup = get_parameter('modulegroup', 0); - $refr = get_parameter('refresh', 0); // By default 30 seconds + $refr = (int) get_parameter('refresh', 0); // By default 30 seconds $recursion = get_parameter('recursion', 0); $group_id = (int)get_parameter('group_id', 0); diff --git a/pandora_console/general/header.php b/pandora_console/general/header.php index d08ab8ae16..acefd20a2b 100644 --- a/pandora_console/general/header.php +++ b/pandora_console/general/header.php @@ -461,14 +461,9 @@ config_check(); - refr_time = parseInt(""); - if (isNaN(refr_time)) { - refr_time = 0; - } - - t = new Date(); + var refr_time = ; + var t = new Date(); t.setTime (t.getTime () + parseInt()); $("#refrcounter").countdown ({until: t, diff --git a/pandora_console/godmode/admin_access_logs.php b/pandora_console/godmode/admin_access_logs.php index 8dce0c02a9..e7ad2031d4 100644 --- a/pandora_console/godmode/admin_access_logs.php +++ b/pandora_console/godmode/admin_access_logs.php @@ -17,171 +17,181 @@ global $config; -require_once ($config["homedir"] . '/include/functions_graph.php'); +require_once($config["homedir"] . '/include/functions_graph.php'); -check_login (); +check_login(); $enterprise_include = enterprise_include_once('godmode/admin_access_logs.php'); -if (! check_acl ($config['id_user'], 0, "PM")) { - db_pandora_audit( "ACL Violation", - "Trying to access event viewer"); - require ("general/noaccess.php"); +if (! check_acl($config['id_user'], 0, "PM")) { + db_pandora_audit("ACL Violation", "Trying to access audit view"); + require("general/noaccess.php"); exit; } -ui_print_page_header (__('%s audit', get_product_name())." » ".__('Review Logs'), "images/gm_log.png", false, "", true ); +$offset = (int) get_parameter("offset"); +$filter_type = (string) get_parameter("filter_type"); +$filter_user = (string) get_parameter("filter_user"); +$filter_text = (string) get_parameter("filter_text"); +$filter_period = get_parameter("filter_period", null); +$filter_period = ($filter_period !== null) ? (int) $filter_period : 24; +$filter_ip = (string) get_parameter("filter_ip"); -$offset = get_parameter ("offset", 0); -$tipo_log = get_parameter ("tipo_log", 'all'); -$user_filter = get_parameter('user_filter', 'all'); -$filter_text = get_parameter('filter_text', ''); -$filter_hours_old = get_parameter('filter_hours_old', 24); -$filter_ip = get_parameter('filter_ip', ''); +$filter_query = "&filter_type=" . $filter_type + . "&filter_user=" . $filter_user + . "&filter_text=" . $filter_text + . "&filter_period=" . $filter_period + . "&filter_ip=" . $filter_ip; -echo ""; -echo '
'; -echo '
'; -echo ''.__('Filter').'

'; +$csv_url = ui_get_full_url(false, false, false, false) + . 'index.php?sec=gextensions&sec2=godmode/audit_log_csv' + . $filter_query; +$csv_img = html_print_image("images/csv_mc.png", true, array ("title" => __('Export to CSV'))); +$header_buttons = array( + 'csv' => array( + 'active' => false, + 'text' => '' . $csv_img . '' + ) +); -$rows = db_get_all_rows_sql ("SELECT DISTINCT(accion) - FROM tsesion"); -if (empty ($rows)) { - $rows = array (); -} -$actions = array (); +ui_print_page_header(__('%s audit', get_product_name()) . " » " . __('Review Logs'), "images/gm_log.png", false, "", true, $header_buttons); -foreach ($rows as $row) { - $actions[$row["accion"]] = $row["accion"]; -} -echo '
'; -$table = null; -$table->width = '100%'; +$table = new stdClass(); +$table->class = "databox filters"; +$table->cellstyle = array(); +$table->cellstyle[0] = array(); +$table->cellstyle[1] = array(); +$table->cellstyle[0][0] = "text-align: right;"; +$table->cellstyle[0][1] = "text-align: left;"; +$table->cellstyle[0][2] = "text-align: right;"; +$table->cellstyle[0][3] = "text-align: left;"; +$table->cellstyle[0][4] = "text-align: right;"; +$table->cellstyle[0][5] = "text-align: left;"; +$table->cellstyle[1][0] = "text-align: right;"; +$table->cellstyle[1][1] = "text-align: left;"; +$table->cellstyle[1][2] = "text-align: right;"; +$table->cellstyle[1][3] = "text-align: left;"; +$table->cellstyle[1][5] = "text-align: right;"; $table->data = array(); -$table->data[0][0] = __('Action'); -$table->data[0][1] = html_print_select ($actions, 'tipo_log', $tipo_log, '', __('All'), 'all', true); -$table->data[1][0] = __('User'); -$table->data[1][1] = html_print_select_from_sql('SELECT id_user, id_user AS text FROM tusuario', 'user_filter', $user_filter, '', __('All'), 'all', true); -$table->data[2][0] = __('Free text for search (*)'); -$table->data[2][1] = html_print_input_text('filter_text', $filter_text, __('Free text for search (*)'), 20, 40, true); -$table->data[3][0] = __('Max. hours old'); -$table->data[3][1] = html_print_input_text('filter_hours_old', $filter_hours_old, __('Max. hours old'), 3, 6, true); -$table->data[4][0] = __('IP'); -$table->data[4][1] = html_print_input_text('filter_ip', $filter_ip, __('IP'), 15, 15, true); -$table->data[5][0] = ''; -$table->data[5][1] = html_print_submit_button(__('Filter'), 'filter', false, 'class="sub search" style="float: right;"', true); -html_print_table($table); -echo '
'; -echo '
'; -echo '
'; -echo graphic_user_activity(300, 140); +$data = array(); -echo '
'; -echo '
 
'; -echo '
'; +$data[0] = "" . __('Search') . ""; +$data[1] = html_print_input_text("filter_text", $filter_text, __("Free text for search (*)"), 20, 40, true); +$data[2] = "" . __("Max. hours old") . ""; +$data[3] = html_print_input_text("filter_period", $filter_period, __("Max. hours old"), 3, 6, true); +$data[4] = "" . __("IP") . ""; +$data[5] = html_print_input_text("filter_ip", $filter_ip, __("IP"), 15, 15, true); -$filter = 'WHERE 1 = 1'; +$table->data[0] = $data; +$data = array(); -if ($tipo_log != 'all') { - $filter .= sprintf (" AND accion = '%s'", $tipo_log); -} -switch ($config['dbtype']) { - case "mysql": - if ($user_filter != 'all') { - $filter .= sprintf(' AND id_usuario = "%s"', $user_filter); - } - - $filter .= ' AND (accion LIKE "%' . $filter_text . '%" OR descripcion LIKE "%' . $filter_text . '%")'; - - if ($filter_ip != '') { - $filter .= sprintf(' AND ip_origen LIKE "%s"', $filter_ip); - } - break; - case "postgresql": - case "oracle": - if ($user_filter != 'all') { - $filter .= sprintf(' AND id_usuario = \'%s\'', $user_filter); - } - - $filter .= ' AND (accion LIKE \'%' . $filter_text . '%\' OR descripcion LIKE \'%' . $filter_text . '%\')'; - - if ($filter_ip != '') { - $filter .= sprintf(' AND ip_origen LIKE \'%s\'', $filter_ip); - } - break; +$actions_sql = "SELECT DISTINCT(accion), accion AS text FROM tsesion"; +$data[0] = "" . __("Action") . ""; +$data[1] = html_print_select_from_sql($actions_sql, "filter_type", $filter_type, "", __("All"), "", true); + +$users_sql = "SELECT id_user, id_user AS text FROM tusuario"; +$data[2] = "" . __("User") . ""; +$data[3] = html_print_select_from_sql($users_sql, "filter_user", $filter_user, "", __("All"), "", true); + +$data[4] = ""; +$data[5] = html_print_submit_button(__("Filter"), "filter", false, 'class="sub search"', true); + +$table->data[1] = $data; + +$form = '
'; +$form .= html_print_table($table, true); +$form .= '
'; +ui_toggle($form, __("Filter"), "", false); + +// ui_toggle(graphic_user_activity(400, 150), __("Chart")); + +$filter = "1=1"; + +if (!empty($filter_type)) { + $filter .= sprintf (" AND accion = '%s'", $filter_type); } -if ($filter_hours_old != 0) { +if (!empty($filter_user)) { + $filter .= sprintf(" AND id_usuario = '%s'", $filter_user); +} + +if (!empty($filter_text)) { + $filter .= sprintf(" AND (accion LIKE '%%%s%%' OR descripcion LIKE '%%%s%%')", $filter_text, $filter_text); +} + +if (!empty($filter_ip)) { + $filter .= sprintf(" AND ip_origen LIKE '%%%s%%'", $filter_ip); +} + +if (!empty($filter_period)) { switch ($config["dbtype"]) { case "mysql": - $filter .= ' AND fecha >= DATE_ADD(NOW(), INTERVAL -' . $filter_hours_old . ' HOUR)'; + $filter .= ' AND fecha >= DATE_ADD(NOW(), INTERVAL -' . $filter_period . ' HOUR)'; break; case "postgresql": - $filter .= ' AND fecha >= NOW() - INTERVAL \'' . $filter_hours_old . ' HOUR \''; + $filter .= ' AND fecha >= NOW() - INTERVAL \'' . $filter_period . ' HOUR \''; break; case "oracle": - $filter .= ' AND fecha >= (SYSTIMESTAMP - INTERVAL \'' . $filter_hours_old . '\' HOUR)'; + $filter .= ' AND fecha >= (SYSTIMESTAMP - INTERVAL \'' . $filter_period . '\' HOUR)'; break; } } -$sql = "SELECT COUNT(*) FROM tsesion " . $filter; -$count = db_get_sql ($sql); -$url = "index.php?sec=godmode&sec2=godmode/admin_access_logs&tipo_log=".$tipo_log."&user_filter=".$user_filter."&filter_text=".$filter_text."&filter_hours_old=".$filter_hours_old."&filter_ip=".$filter_ip; - -ui_pagination ($count, $url); +$count_sql = sprintf("SELECT COUNT(*) FROM tsesion WHERE %s", $filter); +$count = (int) db_get_value_sql($count_sql); +$url = "index.php?sec=godmode&sec2=godmode/admin_access_logs" . $filter_query; +ui_pagination($count, $url); switch ($config["dbtype"]) { case "mysql": - $sql = sprintf ("SELECT * + $sql = sprintf( + "SELECT * FROM tsesion - %s + WHERE %s ORDER BY fecha DESC - LIMIT %d, %d", $filter, $offset, $config["block_size"]); + LIMIT %d, %d", + $filter, $offset, $config["block_size"] + ); break; case "postgresql": - $sql = sprintf ("SELECT * + $sql = sprintf( + "SELECT * FROM tsesion - %s + WHERE %s ORDER BY fecha DESC - LIMIT %d OFFSET %d", $filter, $config["block_size"], $offset); + LIMIT %d OFFSET %d", + $filter, $config["block_size"], $offset + ); break; case "oracle": $set = array(); $set['limit'] = $config["block_size"]; $set['offset'] = $offset; - $sql = sprintf ("SELECT * + $sql = sprintf( + "SELECT * FROM tsesion - %s - ORDER BY fecha DESC", $filter); - $result = oracle_recode_query ($sql, $set); + WHERE %s + ORDER BY fecha DESC", + $filter + ); + $result = oracle_recode_query($sql, $set); break; } -$result = db_get_all_rows_sql ($sql); - -// Delete rnum row generated by oracle_recode_query() function -if (($config["dbtype"] == 'oracle') && ($result !== false)) { - for ($i=0; $i < count($result); $i++) { - unset($result[$i]['rnum']); - } -} - -if (empty ($result)) { - $result = array (); -} +$result = db_get_all_rows_sql($sql); +if (empty($result)) $result = array(); $table = new stdClass(); $table->cellpadding = 4; $table->cellspacing = 4; $table->width = '100%'; $table->class = "databox data"; -$table->size = array (); -$table->data = array (); -$table->head = array (); +$table->size = array(); +$table->data = array(); +$table->head = array(); $table->align = array(); $table->rowclass = array(); @@ -192,9 +202,6 @@ $table->head[3] = __('Source IP'); $table->head[4] = __('Comments'); if ($enterprise_include !== ENTERPRISE_NOT_HOOK) { $table->head[5] = enterprise_hook('tableHeadEnterpriseAudit', array('title1')); -} - -if ($enterprise_include !== ENTERPRISE_NOT_HOOK) { $table->head[6] = enterprise_hook('tableHeadEnterpriseAudit', array('title2')); } @@ -204,106 +211,47 @@ $table->size[3] = 100; $table->size[4] = 200; if ($enterprise_include !== ENTERPRISE_NOT_HOOK) { $table->size[5] = enterprise_hook('tableHeadEnterpriseAudit', array('size1')); -} -if ($enterprise_include !== ENTERPRISE_NOT_HOOK) { $table->size[6] = enterprise_hook('tableHeadEnterpriseAudit', array('size2')); -} - - -if ($enterprise_include !== ENTERPRISE_NOT_HOOK) { $table->align[5] = enterprise_hook('tableHeadEnterpriseAudit', array('align')); -} -if ($enterprise_include !== ENTERPRISE_NOT_HOOK) { $table->align[6] = enterprise_hook('tableHeadEnterpriseAudit', array('align2')); } $table->colspan = array(); $table->rowstyle = array(); - $rowPair = true; $iterator = 0; // Get data foreach ($result as $row) { - if ($rowPair) - $table->rowclass[$iterator] = 'rowPair'; - else - $table->rowclass[$iterator] = 'rowOdd'; - $rowPair = !$rowPair; $iterator++; + + $table->rowclass[] = $rowPair ? "rowPair" : "rowOdd"; + $rowPair = !$rowPair; - $data = array (); - switch ($config['dbtype']) { - case "mysql": - case "postgresql": - $data[0] = $row["id_usuario"]; - break; - case "oracle": - $data[0] = $row["id_usuario"]; - break; - } - $data[1] = ui_print_session_action_icon ($row['accion'], true); - $data[1] .= $row["accion"]; - $data[2] = ui_print_help_tip($row['fecha'], true) . ui_print_timestamp($row['utimestamp'], true); - switch ($config['dbtype']) { - case "mysql": - case "postgresql": - $data[3] = $row["ip_origen"]; - break; - case "oracle": - $data[3] = $row["ip_origen"]; - break; - } - $data[4] = io_safe_output($row["descripcion"]); - if ($enterprise_include !== ENTERPRISE_NOT_HOOK) { - switch ($config['dbtype']) { - case "mysql": - case "postgresql": - $data[5] = enterprise_hook('cell1EntepriseAudit', array($row['id_sesion'])); - break; - case "oracle": - $data[5] = enterprise_hook('cell1EntepriseAudit', array($row['id_sesion'])); - break; - } - } - if ($enterprise_include !== ENTERPRISE_NOT_HOOK) { - switch ($config['dbtype']) { - case "mysql": - case "postgresql": - $data[6] = enterprise_hook('cell2EntepriseAudit', array($row['id_sesion'])); - break; - case "oracle": - $data[6] = enterprise_hook('cell2EntepriseAudit', array($row['id_sesion'])); - break; - } - } - array_push ($table->data, $data); - + $data = array(); + $data[0] = $row["id_usuario"]; + $data[1] = ui_print_session_action_icon($row["accion"], true) . $row["accion"]; + $data[2] = ui_print_help_tip($row["fecha"], true) . ui_print_timestamp($row["utimestamp"], true); + $data[3] = $row["ip_origen"]; + $data[4] = $row["descripcion"]; if ($enterprise_include !== ENTERPRISE_NOT_HOOK) { - switch ($config['dbtype']) { - case "mysql": - case "postgresql": - rowEnterpriseAudit($table, $iterator, $row['id_sesion']); - break; - case "oracle": - rowEnterpriseAudit($table, $iterator, $row['id_sesion']); - break; - } + $data[5] = enterprise_hook("cell1EntepriseAudit", array($row["id_sesion"])); + $data[6] = enterprise_hook("cell2EntepriseAudit", array($row["id_sesion"])); + } + + $table->data[] = $data; + + if ($enterprise_include !== ENTERPRISE_NOT_HOOK) { + rowEnterpriseAudit($table, $iterator, $row["id_sesion"]); } } -html_print_table ($table); - -echo '
'; -echo '' . - html_print_button (__('Export to CSV '), 'export_csv', false, '', 'class=sub upd', true, false). ''; -echo '
'; +html_print_table($table); if ($enterprise_include !== ENTERPRISE_NOT_HOOK) { enterprise_hook('enterpriseAuditFooter'); } + ?> diff --git a/pandora_console/godmode/audit_log_csv.php b/pandora_console/godmode/audit_log_csv.php index b5020bc9a4..b09b90f827 100644 --- a/pandora_console/godmode/audit_log_csv.php +++ b/pandora_console/godmode/audit_log_csv.php @@ -12,22 +12,19 @@ $ownDir = dirname(__FILE__) . '/'; $ownDir = str_replace("\\", "/", $ownDir); -require_once ($ownDir.'../include/config.php'); +require_once($ownDir . "../include/config.php"); + +require_once($config["homedir"] . "/include/functions.php"); +require_once($config["homedir"] . "/include/functions_db.php"); +require_once($config["homedir"] . "/include/auth/mysql.php"); global $config; -require_once ($config["homedir"]."/include/functions.php"); -require_once ($config["homedir"]."/include/functions_db.php"); -require_once ($config["homedir"]."/include/auth/mysql.php"); -error_reporting(E_ALL); -ini_set("display_errors", 1); - -if (! isset ($_SESSION["id_usuario"])) { - session_start (); - session_write_close (); +if (! isset($_SESSION["id_usuario"])) { + session_start(); + session_write_close(); } - // Login check if (!isset($_SESSION["id_usuario"])) { $config['id_user'] = null; @@ -36,94 +33,56 @@ else { $config['id_user'] = $_SESSION["id_usuario"]; } -if (!check_login()) { - db_pandora_audit("ACL Violation", "Trying to access graph builder"); - include ($config["homedir"]."/general/noaccess.php"); - return; -} +check_login(); -if (! check_acl ($config['id_user'], 0, "PM")) { - db_pandora_audit( "ACL Violation", - "Trying to access event viewer"); - require ("general/noaccess.php"); +if (! check_acl($config['id_user'], 0, "PM")) { + db_pandora_audit("ACL Violation", "Trying to access audit CSV export"); + require("general/noaccess.php"); exit; } -$tipo_log = get_parameter ("tipo_log", 'all'); -$user_filter = get_parameter('user_filter', 'all'); -$filter_text = get_parameter('filter_text', ''); -$filter_hours_old = get_parameter('filter_hours_old', 24); -$filter_ip = get_parameter('filter_ip', ''); +$filter_type = (string) get_parameter("filter_type"); +$filter_user = (string) get_parameter("filter_user"); +$filter_text = (string) get_parameter("filter_text"); +$filter_period = get_parameter("filter_period", null); +$filter_period = ($filter_period !== null) ? (int) $filter_period : 24; +$filter_ip = (string) get_parameter("filter_ip"); -$filter = 'WHERE 1 = 1'; +$filter = "1=1"; -if ($tipo_log != 'all') { - $filter .= " AND accion = '$tipo_log'"; -} -switch ($config['dbtype']) { - case "mysql": - if ($user_filter != 'all') { - $filter .= sprintf(' AND id_usuario = "%s"', $user_filter); - } - - $filter .= ' AND (accion LIKE "%' . $filter_text . '%" OR descripcion LIKE "%' . $filter_text . '%")'; - - if ($filter_ip != '') { - $filter .= sprintf(' AND ip_origen LIKE "%s"', $filter_ip); - } - break; - case "postgresql": - case "oracle": - if ($user_filter != 'all') { - $filter .= sprintf(' AND id_usuario = \'%s\'', $user_filter); - } - - $filter .= ' AND (accion LIKE \'%' . $filter_text . '%\' OR descripcion LIKE \'%' . $filter_text . '%\')'; - - if ($filter_ip != '') { - $filter .= sprintf(' AND ip_origen LIKE \'%s\'', $filter_ip); - } - break; +if (!empty($filter_type)) { + $filter .= sprintf (" AND accion = '%s'", $filter_type); } -if ($filter_hours_old != 0) { +if (!empty($filter_user)) { + $filter .= sprintf(" AND id_usuario = '%s'", $filter_user); +} + +if (!empty($filter_text)) { + $filter .= sprintf(" AND (accion LIKE '%%%s%%' OR descripcion LIKE '%%%s%%')", $filter_text, $filter_text); +} + +if (!empty($filter_ip)) { + $filter .= sprintf(" AND ip_origen LIKE '%%%s%%'", $filter_ip); +} + +if (!empty($filter_period)) { switch ($config["dbtype"]) { case "mysql": - $filter .= ' AND fecha >= DATE_ADD(NOW(), INTERVAL -' . $filter_hours_old . ' HOUR)'; + $filter .= ' AND fecha >= DATE_ADD(NOW(), INTERVAL -' . $filter_period . ' HOUR)'; break; case "postgresql": - $filter .= ' AND fecha >= NOW() - INTERVAL \'' . $filter_hours_old . ' HOUR \''; + $filter .= ' AND fecha >= NOW() - INTERVAL \'' . $filter_period . ' HOUR \''; break; case "oracle": - $filter .= ' AND fecha >= (SYSTIMESTAMP - INTERVAL \'' . $filter_hours_old . '\' HOUR)'; + $filter .= ' AND fecha >= (SYSTIMESTAMP - INTERVAL \'' . $filter_period . '\' HOUR)'; break; } } -switch ($config["dbtype"]) { - case "mysql": - $sql = sprintf ("SELECT * - FROM tsesion - %s - ORDER BY fecha DESC", $filter); - break; - case "postgresql": - $sql = sprintf ("SELECT * - FROM tsesion - %s - ORDER BY fecha DESC", $filter); - break; - case "oracle": - $sql = sprintf ("SELECT * - FROM tsesion - %s - ORDER BY fecha DESC", $filter); - $result = oracle_recode_query ($sql, $set); - break; -} +$sql = sprintf( "SELECT * FROM tsesion WHERE %s ORDER BY fecha DESC", $filter); +$result = db_get_all_rows_sql($sql); -$result = db_get_all_rows_sql ($sql); - -print_audit_csv ($result); +print_audit_csv($result); ?> diff --git a/pandora_console/include/ajax/graph.ajax.php b/pandora_console/include/ajax/graph.ajax.php index 090a79f61e..ed1651ee3c 100644 --- a/pandora_console/include/ajax/graph.ajax.php +++ b/pandora_console/include/ajax/graph.ajax.php @@ -225,7 +225,7 @@ if ($get_graphs){ $homeurl = ui_get_full_url(false, false, false, false); $graph_conf = db_get_row('tgraph', 'id_graph', $value['id_graph']); - + if($graph_conf['stacked'] == 4 || $graph_conf['stacked'] == 9){ $height = 50; } else if ($graph_conf['stacked'] == 5){ @@ -262,7 +262,7 @@ if ($get_graphs){ $labels, false, false, - true, + $graph_conf['percentil'] == 1, false, false, $value['fullscale'] diff --git a/pandora_console/include/ajax/module.php b/pandora_console/include/ajax/module.php index 10b181baee..a98d65ed1e 100755 --- a/pandora_console/include/ajax/module.php +++ b/pandora_console/include/ajax/module.php @@ -1084,7 +1084,7 @@ if ($list_modules) { $win_handle=dechex(crc32($module["id_agente_modulo"].$module["nombre"])); // Try to display the SNMP module realtime graph - $rt_button .= get_module_realtime_link_graph($module); + $rt_button = get_module_realtime_link_graph($module); if (!empty($rt_button)) $data[8] = $rt_button . "  "; # Show events for boolean modules by default. diff --git a/pandora_console/include/ajax/update_manager.ajax.php b/pandora_console/include/ajax/update_manager.ajax.php index 839695b841..b6f2769ef6 100644 --- a/pandora_console/include/ajax/update_manager.ajax.php +++ b/pandora_console/include/ajax/update_manager.ajax.php @@ -15,6 +15,14 @@ global $config; +check_login (); + +if (! check_acl ($config['id_user'], 0, "PM") && ! is_user_admin ($config['id_user'])) { + db_pandora_audit("ACL Violation", "Trying to access update Management"); + require ("general/noaccess.php"); + return; +} + require_once($config['homedir'] . "/include/functions_update_manager.php"); require_once($config['homedir'] . "/include/functions_graph.php"); enterprise_include_once("include/functions_update_manager.php"); diff --git a/pandora_console/include/config_process.php b/pandora_console/include/config_process.php index 3f66d1ee20..c0dd651384 100644 --- a/pandora_console/include/config_process.php +++ b/pandora_console/include/config_process.php @@ -22,7 +22,7 @@ /** * Pandora build version and version */ -$build_version = 'PC180509'; +$build_version = 'PC180522'; $pandora_version = 'v7.0NG.722'; // Do not overwrite default timezone set if defined. diff --git a/pandora_console/include/functions.php b/pandora_console/include/functions.php index d0d4fd30da..24db5de2cc 100644 --- a/pandora_console/include/functions.php +++ b/pandora_console/include/functions.php @@ -2162,6 +2162,18 @@ function is_snapshot_data ($data) { return is_image_data($data); } +/** + * Check if text is too long to put it into a black screen + * + * @param string Data value + * @return bool True if black window should be displayed + */ +function is_text_to_black_string ($data) { + if (is_image_data($data)) return false; + // Consider large text if data is greater than 200 characters + return ((int)strlen($data)) > 200; +} + /** * Create an invisible div with a provided ID and value to * can retrieve it from javascript with function get_php_value(name) diff --git a/pandora_console/include/functions_io.php b/pandora_console/include/functions_io.php index c3d7b7b2b4..058003215f 100755 --- a/pandora_console/include/functions_io.php +++ b/pandora_console/include/functions_io.php @@ -396,7 +396,7 @@ function __ ($string /*, variable arguments */) { return $tranlateString; } } - elseif (enterprise_installed && + elseif (enterprise_installed() && isset($config['translate_string_extension_installed']) && $config['translate_string_extension_installed'] == 1 && array_key_exists('translate_string.php', $extensions)) { diff --git a/pandora_console/include/functions_ui.php b/pandora_console/include/functions_ui.php index bc09f5eceb..f2f8c81f61 100755 --- a/pandora_console/include/functions_ui.php +++ b/pandora_console/include/functions_ui.php @@ -3764,12 +3764,11 @@ function ui_print_module_string_value($value, $id_agente_module, if ($is_web_content_string) { $value = io_safe_input($value); } - - - + $is_snapshot = is_snapshot_data($value); - - if (($config['command_snapshot']) && ($is_snapshot)) { + $is_large_image = is_text_to_black_string ($value); + + if (($config['command_snapshot']) && ($is_snapshot || $is_large_image)) { $handle = "snapshot" . "_" . $id_agente_module; $url = 'include/procesos.php?agente=' . $id_agente_module; $win_handle = dechex(crc32($handle)); @@ -3778,7 +3777,7 @@ function ui_print_module_string_value($value, $id_agente_module, "id=" . $id_agente_module . "&refr=" . $current_interval . "&label=" . rawurlencode(urlencode(io_safe_output($module_name))) . "','" . $win_handle . "', 700,480)"; - if (is_image_data($value)) { + if ($is_snapshot) { $salida = '' . html_print_image("images/photo.png", true, array("border" => '0', diff --git a/pandora_console/include/javascript/functions_pandora_networkmap.js b/pandora_console/include/javascript/functions_pandora_networkmap.js index 2e0fa2f3d9..7edc029f68 100644 --- a/pandora_console/include/javascript/functions_pandora_networkmap.js +++ b/pandora_console/include/javascript/functions_pandora_networkmap.js @@ -213,7 +213,7 @@ function update_fictional_node(id_db_node) { graph.nodes[i].networkmap_id = networkmap_to_link; $("#id_node_" + i + networkmap_id + " title").html(name); - $("#id_node_" + i + networkmap_id + " tspan").html(name); + $("#id_node_" + i + networkmap_id + " tspan").html(ellipsize(name, 30)); } }); @@ -251,7 +251,7 @@ function update_node_name(id_db_node) { graph.nodes[i]['raw_text'] = data['raw_text']; $("#id_node_" + i + networkmap_id + " title").html(data['raw_text']); - $("#id_node_" + i + networkmap_id + " tspan").html(data['raw_text']); + $("#id_node_" + i + networkmap_id + " tspan").html(ellipsize(data['raw_text'], 30)); } }); @@ -773,7 +773,7 @@ function edit_node(data_node, dblClick) { $("#dialog_node_edit") .dialog("option", "title", - dialog_node_edit_title.replace("%s", node_selected['text'])); // It doesn't eval the possible XSS so it's ok + dialog_node_edit_title.replace("%s", ellipsize(node_selected['text'], 40))); // It doesn't eval the possible XSS so it's ok $("#dialog_node_edit").dialog("open"); if (node_selected.id_agent == undefined || node_selected.id_agent == -2) { @@ -3656,7 +3656,9 @@ function draw_elements_graph() { }) .append("tspan") .attr("style", "font-size: " + font_size + "px !important; font-family:Verdana; text-align:center; text-anchor:middle; fill:#000000") - .text(function (d) { return get_node_name_ov(d) }) + .text(function (d) { + return ellipsize(get_node_name_ov(d), 30); + }) .classed('dragable_node', true) //own dragable .on("click", selected_node) .on("contextmenu", function (d) { show_menu("node", d); }); diff --git a/pandora_console/include/javascript/pandora.js b/pandora_console/include/javascript/pandora.js index 6b0274229e..4aaf466876 100644 --- a/pandora_console/include/javascript/pandora.js +++ b/pandora_console/include/javascript/pandora.js @@ -1626,4 +1626,11 @@ function display_confirm_dialog ( "Confirm": ok_function_clean } }); -} \ No newline at end of file +} + +function ellipsize (str, max, ellipse) { + if (max == null) max = 140; + if (ellipse == null) ellipse = "…"; + + return str.trim().length > max ? str.substr(0, max).trim() + ellipse : str; +} diff --git a/pandora_console/include/javascript/pandora_events.js b/pandora_console/include/javascript/pandora_events.js index bd9b6cfcb6..16d2ad4e0c 100644 --- a/pandora_console/include/javascript/pandora_events.js +++ b/pandora_console/include/javascript/pandora_events.js @@ -361,13 +361,8 @@ function perform_response(target, response_id) { timeout: 10000, dataType: 'html', success: function (data) { - if (data == '') { - $('#response_out').html('Unreachable host'); - } - else { - var out = data.replace(/[\n|\r]/g, "
"); - $('#response_out').html(out); - } + var out = data.replace(/[\n|\r]/g, "
"); + $('#response_out').html(out); $('#response_loading_command').hide(); $('#re_exec_command').show(); } diff --git a/pandora_console/install.php b/pandora_console/install.php index bd8901ac85..a2111071f1 100755 --- a/pandora_console/install.php +++ b/pandora_console/install.php @@ -71,7 +71,7 @@
session = $_SESSION; session_write_close(); + + require_once($this->getConfig('homedir') . '/include/functions.php'); + require_once($this->getConfig('homedir') . '/include/functions_io.php'); } public static function getInstance() { @@ -51,29 +54,14 @@ class System { } public function getRequest($name, $default = null) { - $return = $default; - - if (isset($_POST[$name])) { - $return = $_POST[$name]; - } - else { - if (isset($_GET[$name])) { - $return = $_GET[$name]; - } - } - - return $return; + return get_parameter($name, $default); } public function safeOutput($value) { - require_once($this->getConfig('homedir') . '/include/functions_io.php'); - return io_safe_output($value); } public function safeInput($value) { - require_once($this->getConfig('homedir') . '/include/functions_io.php'); - return io_safe_input($value); } diff --git a/pandora_console/mobile/include/user.class.php b/pandora_console/mobile/include/user.class.php index e596f4c1cd..ba16b537cf 100644 --- a/pandora_console/mobile/include/user.class.php +++ b/pandora_console/mobile/include/user.class.php @@ -74,7 +74,6 @@ class User { if (($user == null) && ($password == null)) { $user = $system->getRequest('user', null); - $user = $system->safeInput($user); $password = $system->getRequest('password', null); } @@ -141,6 +140,7 @@ class User { } if (empty($code)) { $code = $system->getRequest('auth_code', null); + $code = $system->safeOutput($code); } if (!empty($user) && !empty($code)) { diff --git a/pandora_console/mobile/operation/module_graph.php b/pandora_console/mobile/operation/module_graph.php index 1f152bc34f..d5335af1e1 100644 --- a/pandora_console/mobile/operation/module_graph.php +++ b/pandora_console/mobile/operation/module_graph.php @@ -278,6 +278,14 @@ class ModuleGraph { private function javascript_code() { ob_start(); + + global $config; + if ($config['flash_charts']) { + //Include the javascript for the js charts library + echo include_javascript_dependencies_flot_graph(true); + ui_require_javascript_file('pandora', 'include/javascript/',true); + } + ?>