diff --git a/INSTALL/MYSQL.sql b/INSTALL/MYSQL.sql index c47050f64..c7f4d9464 100755 --- a/INSTALL/MYSQL.sql +++ b/INSTALL/MYSQL.sql @@ -1,230 +1,234 @@ --- phpMyAdmin SQL Dump --- version 3.3.9.2 --- http://www.phpmyadmin.net --- --- Host: localhost --- Generation Time: Jun 14, 2012 at 09:57 AM --- Server version: 5.5.9 --- PHP Version: 5.3.6 - -SET SQL_MODE="NO_AUTO_VALUE_ON_ZERO"; - --- --- Database: `cydefsig` --- - --- -------------------------------------------------------- - --- --- Table structure for table `attributes` --- - -CREATE TABLE `attributes` ( - `id` int(11) NOT NULL AUTO_INCREMENT, - `event_id` int(11) NOT NULL, - `category` varchar(255) COLLATE utf8_bin NOT NULL, - `type` varchar(100) CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL, - `value1` text CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL, - `value2` text CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL, - `to_ids` tinyint(1) NOT NULL DEFAULT '1', - `uuid` varchar(40) COLLATE utf8_bin NOT NULL, - `revision` int(10) NOT NULL DEFAULT '0', - `private` tinyint(1) NOT NULL, - `cluster` tinyint(1) NOT NULL, - `communitie` tinyint(1) NOT NULL, - PRIMARY KEY (`id`), - KEY `event_id` (`event_id`), - KEY `value1_key` (`value1`(5)), - KEY `value2_key` (`value2`(5)) -) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin AUTO_INCREMENT=1 ; - --- -------------------------------------------------------- - --- --- Table structure for table `blacklist` --- - -CREATE TABLE `blacklist` ( - `id` int(11) NOT NULL AUTO_INCREMENT, - `name` varchar(254) NOT NULL, - PRIMARY KEY (`id`) -) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin AUTO_INCREMENT=1 ; - --- -------------------------------------------------------- - --- --- Table structure for table `bruteforces` --- - -CREATE TABLE `bruteforces` ( - `ip` varchar(255) COLLATE utf8_bin NOT NULL, - `username` varchar(255) COLLATE utf8_bin NOT NULL, - `expire` datetime NOT NULL -) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin; - --- -------------------------------------------------------- - --- --- Table structure for table `correlations` --- - -DROP TABLE IF EXISTS `correlations`; -CREATE TABLE `correlations` ( - `id` int(11) NOT NULL AUTO_INCREMENT, - `1_event_id` int(11) NOT NULL, - `1_attribute_id` int(11) NOT NULL, - `1_private` tinyint(1) NOT NULL, - `event_id` int(11) NOT NULL, - `attribute_id` int(11) NOT NULL, - `org` varchar(255) COLLATE utf8_bin NOT NULL, - `private` tinyint(1) NOT NULL, - `cluster` tinyint(1) NOT NULL, - `date` date NOT NULL, - PRIMARY KEY (`id`) -) ENGINE=MyISAM AUTO_INCREMENT=118 DEFAULT CHARSET=utf8 COLLATE=utf8_bin; - --- -------------------------------------------------------- - --- --- Table structure for table `events` --- - -CREATE TABLE `events` ( - `id` int(11) NOT NULL AUTO_INCREMENT, - `org` varchar(255) COLLATE utf8_bin NOT NULL, - `date` date NOT NULL, - `risk` enum('Undefined','Low','Medium','High') COLLATE utf8_bin NOT NULL, - `info` text CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL, - `user_id` int(11) NOT NULL, - `published` tinyint(1) NOT NULL DEFAULT '0', - `uuid` varchar(40) COLLATE utf8_bin NOT NULL, - `revision` int(10) NOT NULL DEFAULT '0', - `private` tinyint(1) NOT NULL, - `cluster` tinyint(1) NOT NULL, - `analysis` tinyint(4) NOT NULL, - `communitie` tinyint(1) NOT NULL, - `attribute_count` int(11) UNSIGNED DEFAULT NULL, - `hop_count` int(11) UNSIGNED DEFAULT 0, - PRIMARY KEY (`id`) -) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin AUTO_INCREMENT=1 ; - --- -------------------------------------------------------- - --- --- Table structure for table `roles` --- - -CREATE TABLE `roles` ( - `id` int(11) NOT NULL AUTO_INCREMENT, - `name` varchar(100) COLLATE utf8_bin NOT NULL, - `created` datetime NOT NULL, - `modified` datetime NOT NULL, - `perm_add` tinyint(1) NOT NULL, - `perm_modify` tinyint(1) NOT NULL, - `perm_modify_org` tinyint(1) NOT NULL, - `perm_publish` tinyint(1) NOT NULL, - `perm_sync` tinyint(1) NOT NULL, - `perm_full` tinyint(1) NOT NULL, - `perm_auth` tinyint(1) NOT NULL, - PRIMARY KEY (`id`) -) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin AUTO_INCREMENT=1 ; - --- -------------------------------------------------------- - --- --- Table structure for table `logs` --- - -CREATE TABLE `logs` ( - `id` int(11) NOT NULL AUTO_INCREMENT, - `title` varchar(255) COLLATE utf8_bin NOT NULL, - `created` datetime NOT NULL, - `model` varchar(20) COLLATE utf8_bin NOT NULL, - `model_id` int(11) NOT NULL, - `action` varchar(20) COLLATE utf8_bin NOT NULL, - `user_id` int(11) NOT NULL, - `change` varchar(255) COLLATE utf8_bin, - `email` varchar(255) COLLATE utf8_bin NOT NULL, - `org` varchar(255) COLLATE utf8_bin NOT NULL, - `description` varchar(255) COLLATE utf8_bin NOT NULL, - PRIMARY KEY (`id`) -) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin AUTO_INCREMENT=1 ; - --- -------------------------------------------------------- - --- --- Table structure for table `regexp` --- - -CREATE TABLE `regexp` ( - `id` int(11) NOT NULL AUTO_INCREMENT, - `regexp` varchar(255) COLLATE utf8_bin NOT NULL, - `replacement` varchar(255) COLLATE utf8_bin NOT NULL, - PRIMARY KEY (`id`) -) ENGINE=MyISAM AUTO_INCREMENT=16 DEFAULT CHARSET=utf8 COLLATE=utf8_bin; - --- -------------------------------------------------------- - --- --- Table structure for table `servers` --- - -CREATE TABLE `servers` ( - `id` int(11) NOT NULL AUTO_INCREMENT, - `url` varchar(255) COLLATE utf8_bin NOT NULL, - `authkey` varchar(40) COLLATE utf8_bin NOT NULL, - `org` varchar(255) COLLATE utf8_bin NOT NULL, - `organization` varchar(10) COLLATE utf8_bin NOT NULL, - `push` tinyint(1) NOT NULL, - `pull` tinyint(1) NOT NULL, - `lastpushedid` int(11) NOT NULL, - `lastpulledid` int(11) NOT NULL, - PRIMARY KEY (`id`) -) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin AUTO_INCREMENT=1 ; - --- -------------------------------------------------------- - --- --- Table structure for table `users` --- - -CREATE TABLE `users` ( - `id` int(11) NOT NULL AUTO_INCREMENT, - `password` varchar(40) COLLATE utf8_bin NOT NULL, - `org` varchar(255) COLLATE utf8_bin NOT NULL, - `email` varchar(255) COLLATE utf8_bin NOT NULL, - `autoalert` tinyint(1) NOT NULL, - `authkey` varchar(40) COLLATE utf8_bin NOT NULL, - `invited_by` int(11) NOT NULL, - `gpgkey` longtext COLLATE utf8_bin NOT NULL, - `nids_sid` int(15) NOT NULL, - `termsaccepted` tinyint(1) NOT NULL, - `change_pw` tinyint(1) NOT NULL, - `newsread` date NOT NULL, - `role_id` int(11) NOT NULL, - PRIMARY KEY (`id`), - KEY `email` (`email`) -) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin AUTO_INCREMENT=2 ; - --- -------------------------------------------------------- - --- --- Table structure for table `whitelist` --- - -CREATE TABLE `whitelist` ( - `id` int(11) NOT NULL AUTO_INCREMENT, - `name` varchar(254) NOT NULL, - PRIMARY KEY (`id`) -) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin AUTO_INCREMENT=1 ; - - --- --- Dumping data for table `attributes` --- - --- Dumping data for table `users` --- - -INSERT INTO `users` (`id`, `password`, `org`, `email`, `autoalert`, `authkey`, `invited_by`, `gpgkey`, `nids_sid`, `termsaccepted`, `newsread`, `role_id`) VALUES(1, 'babc86e0869015b3f0b4d48ca48700d3a9d1b9d7', 'ADMIN', 'admin@admin.test', 0, 'vlf4o42bYSVVWLm28jLB85my4HBZWXTri8vGdySb', 1, '', 4000000, 0, '2012-03-13', ''); -INSERT INTO `regexp` (`id`, `regexp`, `replacement`) VALUES (1,'/C:.Users.(\\w+).AppData.Local.Temp./','%TEMP%\\\\'),(3,'/C:.Users.(\\w+).AppData.Local./','%LOCALAPPDATA%\\\\'),(4,'/C:.Users.(\\w+).AppData.Roaming./','%APPDATA%\\\\'),(5,'/C:.Users.(\\w+)./','%UserProfile%\\\\'),(6,'/C:.Documents and Settings.(\\w+) (\\w+)./','%UserProfile%\\\\'),(7,'/C:.DOCUME~1.(\\w+)./','%UserProfile%\\\\'),(8,'/C:.Documents and Settings.All Users/','%AllUsersProfile%'),(9,'/.REGISTRY.USER.S(-[0-9]{1}){2}-[0-9]{2}(-[0-9]{9}){1}(-[0-9]{10}){1}-[0-9]{9}-[0-9]{4}/','HKCU'),(10,'@.REGISTRY.USER.S(-[0-9]{1}){2}-[0-9]{2}(-[0-9]{10}){2}-[0-9]{9}-[0-9]{4}@','HKCU'),(11,'@.REGISTRY.USER.S(-[0-9]{1}){2}-[0-9]{2}(-[0-9]{10}){3}-[0-9]{4}@','HKCU'),(13,'@.REGISTRY.MACHINE.@','HKLM\\\\'),(14,'@.Registry.Machine.@','HKLM\\\\'),(15,'','not allowed'),(16,'/not allowed/',''),(26,'/%AppData\\\\\\\\/','%AppData%'),(27,'/%APPDATA%/','%AppData%'),(20,'','replacements to uniform the data'),(25,'/%allusers%/','%AllUsers%'),(28,'/%APPDATA%/','%AppData%'),(29,'/%LocalSettings&\\\\\\\\/','%LocalSettings%'),(30,'/%Programfiles%/','%ProgramFiles%'),(31,'/%systemroot%/','%SystemRoot%'),(32,'/%Temp\\\\\\\\/','%TEMP%'),(33,'/%Temp%/','%TEMP%'),(34,'/%temp%/','%TEMP%'),(35,'/%UserProfile\\\\\\\\/','%UserProfile%'),(36,'/%userprofile%/','%UserProfile%'),(37,'/%Windir%/','%windir%'),(38,'/%WINDIR%/','%windir%'); +-- phpMyAdmin SQL Dump +-- version 3.3.9.2 +-- http://www.phpmyadmin.net +-- +-- Host: localhost +-- Generation Time: Jun 14, 2012 at 09:57 AM +-- Server version: 5.5.9 +-- PHP Version: 5.3.6 + +SET SQL_MODE="NO_AUTO_VALUE_ON_ZERO"; + +-- +-- Database: `cydefsig` +-- + +-- -------------------------------------------------------- + +-- +-- Table structure for table `attributes` +-- + +CREATE TABLE `attributes` ( + `id` int(11) NOT NULL AUTO_INCREMENT, + `event_id` int(11) NOT NULL, + `category` varchar(255) COLLATE utf8_bin NOT NULL, + `type` varchar(100) CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL, + `value1` text CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL, + `value2` text CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL, + `to_ids` tinyint(1) NOT NULL DEFAULT '1', + `uuid` varchar(40) COLLATE utf8_bin NOT NULL, + `revision` int(10) NOT NULL DEFAULT '0', + `private` tinyint(1) NOT NULL, + `cluster` tinyint(1) NOT NULL, + `communitie` tinyint(1) NOT NULL, + `dist_change` int(11) NOT NULL DEFAULT '0', + PRIMARY KEY (`id`), + KEY `event_id` (`event_id`), + KEY `value1_key` (`value1`(5)), + KEY `value2_key` (`value2`(5)) +) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin AUTO_INCREMENT=1 ; + +-- -------------------------------------------------------- + +-- +-- Table structure for table `blacklist` +-- + +CREATE TABLE `blacklist` ( + `id` int(11) NOT NULL AUTO_INCREMENT, + `name` varchar(254) NOT NULL, + PRIMARY KEY (`id`) +) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin AUTO_INCREMENT=1 ; + +-- -------------------------------------------------------- + +-- +-- Table structure for table `bruteforces` +-- + +CREATE TABLE `bruteforces` ( + `ip` varchar(255) COLLATE utf8_bin NOT NULL, + `username` varchar(255) COLLATE utf8_bin NOT NULL, + `expire` datetime NOT NULL +) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin; + +-- -------------------------------------------------------- + +-- +-- Table structure for table `correlations` +-- + +DROP TABLE IF EXISTS `correlations`; +CREATE TABLE `correlations` ( + `id` int(11) NOT NULL AUTO_INCREMENT, + `1_event_id` int(11) NOT NULL, + `1_attribute_id` int(11) NOT NULL, + `1_private` tinyint(1) NOT NULL, + `event_id` int(11) NOT NULL, + `attribute_id` int(11) NOT NULL, + `org` varchar(255) COLLATE utf8_bin NOT NULL, + `private` tinyint(1) NOT NULL, + `cluster` tinyint(1) NOT NULL, + `date` date NOT NULL, + PRIMARY KEY (`id`) +) ENGINE=MyISAM AUTO_INCREMENT=118 DEFAULT CHARSET=utf8 COLLATE=utf8_bin; + +-- -------------------------------------------------------- + +-- +-- Table structure for table `events` +-- + +CREATE TABLE `events` ( + `id` int(11) NOT NULL AUTO_INCREMENT, + `org` varchar(255) COLLATE utf8_bin NOT NULL, + `date` date NOT NULL, + `risk` enum('Undefined','Low','Medium','High') COLLATE utf8_bin NOT NULL, + `info` text CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL, + `user_id` int(11) NOT NULL, + `published` tinyint(1) NOT NULL DEFAULT '0', + `uuid` varchar(40) COLLATE utf8_bin NOT NULL, + `revision` int(10) NOT NULL DEFAULT '0', + `private` tinyint(1) NOT NULL, + `cluster` tinyint(1) NOT NULL, + `analysis` tinyint(4) NOT NULL, + `communitie` tinyint(1) NOT NULL, + `attribute_count` int(11) UNSIGNED DEFAULT NULL, + `hop_count` int(11) UNSIGNED DEFAULT 0, + `dist_change` int(11) NOT NULL DEFAULT '0' + PRIMARY KEY (`id`) +) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin AUTO_INCREMENT=1 ; + +-- -------------------------------------------------------- + +-- +-- Table structure for table `roles` +-- + +CREATE TABLE `roles` ( + `id` int(11) NOT NULL AUTO_INCREMENT, + `name` varchar(100) COLLATE utf8_bin NOT NULL, + `created` datetime NOT NULL, + `modified` datetime NOT NULL, + `perm_add` tinyint(1) NOT NULL DEFAULT 0, + `perm_modify` tinyint(1) NOT NULL DEFAULT 0, + `perm_modify_org` tinyint(1) NOT NULL DEFAULT 0, + `perm_publish` tinyint(1) NOT NULL DEFAULT 0, + `perm_sync` tinyint(1) NOT NULL DEFAULT 0, + `perm_full` tinyint(1) NOT NULL DEFAULT 0, + `perm_audit` tinyint(1) NOT NULL DEFAULT 0, + `perm_admin` tinyint(1) NOT NULL DEFAULT 0, + `perm_auth` tinyint(1) NOT NULL DEFAULT 0, + PRIMARY KEY (`id`) +) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin AUTO_INCREMENT=1 ; + +-- -------------------------------------------------------- + +-- +-- Table structure for table `logs` +-- + +CREATE TABLE `logs` ( + `id` int(11) NOT NULL AUTO_INCREMENT, + `title` varchar(255) COLLATE utf8_bin NOT NULL, + `created` datetime NOT NULL, + `model` varchar(20) COLLATE utf8_bin NOT NULL, + `model_id` int(11) NOT NULL, + `action` varchar(20) COLLATE utf8_bin NOT NULL, + `user_id` int(11) NOT NULL, + `change` varchar(255) COLLATE utf8_bin, + `email` varchar(255) COLLATE utf8_bin NOT NULL, + `org` varchar(255) COLLATE utf8_bin NOT NULL, + `description` varchar(255) COLLATE utf8_bin NOT NULL, + PRIMARY KEY (`id`) +) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin AUTO_INCREMENT=1 ; + +-- -------------------------------------------------------- + +-- +-- Table structure for table `regexp` +-- + +CREATE TABLE `regexp` ( + `id` int(11) NOT NULL AUTO_INCREMENT, + `regexp` varchar(255) COLLATE utf8_bin NOT NULL, + `replacement` varchar(255) COLLATE utf8_bin NOT NULL, + PRIMARY KEY (`id`) +) ENGINE=MyISAM AUTO_INCREMENT=16 DEFAULT CHARSET=utf8 COLLATE=utf8_bin; + +-- -------------------------------------------------------- + +-- +-- Table structure for table `servers` +-- + +CREATE TABLE `servers` ( + `id` int(11) NOT NULL AUTO_INCREMENT, + `url` varchar(255) COLLATE utf8_bin NOT NULL, + `authkey` varchar(40) COLLATE utf8_bin NOT NULL, + `org` varchar(255) COLLATE utf8_bin NOT NULL, + `organization` varchar(10) COLLATE utf8_bin NOT NULL, + `push` tinyint(1) NOT NULL, + `pull` tinyint(1) NOT NULL, + `lastpushedid` int(11) NOT NULL, + `lastpulledid` int(11) NOT NULL, + PRIMARY KEY (`id`) +) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin AUTO_INCREMENT=1 ; + +-- -------------------------------------------------------- + +-- +-- Table structure for table `users` +-- + +CREATE TABLE `users` ( + `id` int(11) NOT NULL AUTO_INCREMENT, + `password` varchar(40) COLLATE utf8_bin NOT NULL, + `org` varchar(255) COLLATE utf8_bin NOT NULL, + `email` varchar(255) COLLATE utf8_bin NOT NULL, + `autoalert` tinyint(1) NOT NULL, + `authkey` varchar(40) COLLATE utf8_bin NOT NULL, + `invited_by` int(11) NOT NULL, + `gpgkey` longtext COLLATE utf8_bin NOT NULL, + `nids_sid` int(15) NOT NULL, + `termsaccepted` tinyint(1) NOT NULL, + `change_pw` tinyint(1) NOT NULL, + `newsread` date NOT NULL, + `role_id` int(11) NOT NULL, + PRIMARY KEY (`id`), + KEY `email` (`email`) +) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin AUTO_INCREMENT=2 ; + +-- -------------------------------------------------------- + +-- +-- Table structure for table `whitelist` +-- + +CREATE TABLE `whitelist` ( + `id` int(11) NOT NULL AUTO_INCREMENT, + `name` varchar(254) NOT NULL, + PRIMARY KEY (`id`) +) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin AUTO_INCREMENT=1 ; + + +-- +-- Dumping data for table `attributes` +-- + +-- Dumping data for table `users` +-- + +INSERT INTO `users` (`id`, `password`, `org`, `email`, `autoalert`, `authkey`, `invited_by`, `gpgkey`, `nids_sid`, `termsaccepted`, `newsread`, `role_id`) VALUES(1, 'babc86e0869015b3f0b4d48ca48700d3a9d1b9d7', 'ADMIN', 'admin@admin.test', 0, 'vlf4o42bYSVVWLm28jLB85my4HBZWXTri8vGdySb', 1, '', 4000000, 0, '2012-03-13', ''); +INSERT INTO `regexp` (`id`, `regexp`, `replacement`) VALUES (1,'/C:.Users.(\\w+).AppData.Local.Temp./','%TEMP%\\\\'),(3,'/C:.Users.(\\w+).AppData.Local./','%LOCALAPPDATA%\\\\'),(4,'/C:.Users.(\\w+).AppData.Roaming./','%APPDATA%\\\\'),(5,'/C:.Users.(\\w+)./','%UserProfile%\\\\'),(6,'/C:.Documents and Settings.(\\w+) (\\w+)./','%UserProfile%\\\\'),(7,'/C:.DOCUME~1.(\\w+)./','%UserProfile%\\\\'),(8,'/C:.Documents and Settings.All Users/','%AllUsersProfile%'),(9,'/.REGISTRY.USER.S(-[0-9]{1}){2}-[0-9]{2}(-[0-9]{9}){1}(-[0-9]{10}){1}-[0-9]{9}-[0-9]{4}/','HKCU'),(10,'@.REGISTRY.USER.S(-[0-9]{1}){2}-[0-9]{2}(-[0-9]{10}){2}-[0-9]{9}-[0-9]{4}@','HKCU'),(11,'@.REGISTRY.USER.S(-[0-9]{1}){2}-[0-9]{2}(-[0-9]{10}){3}-[0-9]{4}@','HKCU'),(13,'@.REGISTRY.MACHINE.@','HKLM\\\\'),(14,'@.Registry.Machine.@','HKLM\\\\'),(15,'','not allowed'),(16,'/not allowed/',''),(26,'/%AppData\\\\\\\\/','%AppData%'),(27,'/%APPDATA%/','%AppData%'),(20,'','replacements to uniform the data'),(25,'/%allusers%/','%AllUsers%'),(28,'/%APPDATA%/','%AppData%'),(29,'/%LocalSettings&\\\\\\\\/','%LocalSettings%'),(30,'/%Programfiles%/','%ProgramFiles%'),(31,'/%systemroot%/','%SystemRoot%'),(32,'/%Temp\\\\\\\\/','%TEMP%'),(33,'/%Temp%/','%TEMP%'),(34,'/%temp%/','%TEMP%'),(35,'/%UserProfile\\\\\\\\/','%UserProfile%'),(36,'/%userprofile%/','%UserProfile%'),(37,'/%Windir%/','%windir%'),(38,'/%WINDIR%/','%windir%'); diff --git a/app/Config/Schema/schema_0.2.3.php b/app/Config/Schema/schema_0.2.3.php index 2327c1203..68e48ca56 100755 --- a/app/Config/Schema/schema_0.2.3.php +++ b/app/Config/Schema/schema_0.2.3.php @@ -1,147 +1,147 @@ - array('type' => 'integer', 'null' => false, 'default' => null, 'key' => 'primary'), - 'event_id' => array('type' => 'integer', 'null' => false, 'default' => null, 'key' => 'index'), - 'type' => array('type' => 'string', 'null' => false, 'default' => null, 'length' => 100, 'collate' => 'utf8_unicode_ci', 'charset' => 'utf8'), - 'category' => array('type' => 'string', 'null' => false, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'), - 'value1' => array('type' => 'text', 'null' => true, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'), - 'to_ids' => array('type' => 'boolean', 'null' => false, 'default' => '1'), - 'uuid' => array('type' => 'string', 'null' => false, 'default' => null, 'length' => 40, 'key' => 'index', 'collate' => 'utf8_bin', 'charset' => 'utf8'), - 'revision' => array('type' => 'integer', 'null' => false, 'default' => '0', 'length' => 10), - 'private' => array('type' => 'boolean', 'null' => false, 'default' => null), - 'value2' => array('type' => 'text', 'null' => true, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'), - 'cluster' => array('type' => 'boolean', 'null' => false, 'default' => null), - 'communitie' => array('type' => 'boolean', 'null' => false, 'default' => null), - 'indexes' => array('PRIMARY' => array('column' => 'id', 'unique' => 1), 'event_id' => array('column' => 'event_id', 'unique' => 0), 'uuid' => array('column' => 'uuid', 'unique' => 0)), - 'tableParameters' => array('charset' => 'utf8', 'collate' => 'utf8_bin', 'engine' => 'MyISAM') - ); - - public $bruteforces = array( - 'ip' => array('type' => 'string', 'null' => false, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'), - 'username' => array('type' => 'string', 'null' => false, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'), - 'expire' => array('type' => 'datetime', 'null' => false, 'default' => null), - 'indexes' => array(), - 'tableParameters' => array('charset' => 'utf8', 'collate' => 'utf8_bin', 'engine' => 'MyISAM') - ); - - public $correlations = array( - 'id' => array('type' => 'integer', 'null' => false, 'default' => null, 'key' => 'primary'), - '1_event_id' => array('type' => 'integer', 'null' => false, 'default' => null, 'key' => 'index'), - '1_attribute_id' => array('type' => 'integer', 'null' => false, 'default' => null, 'key' => 'index'), - '1_private' => array('type' => 'boolean', 'null' => false, 'default' => '0'), - 'event_id' => array('type' => 'integer', 'null' => false, 'default' => null, 'key' => 'index'), - 'attribute_id' => array('type' => 'integer', 'null' => false, 'default' => null, 'key' => 'index'), - 'org' => array('type' => 'string', 'null' => false, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'), - 'private' => array('type' => 'boolean', 'null' => false, 'default' => null), - 'cluster' => array('type' => 'boolean', 'null' => false, 'default' => null), - 'indexes' => array('PRIMARY' => array('column' => 'id', 'unique' => 1), 'uuid' => array('column' => 'uuid', 'unique' => 0), 'info' => array('column' => 'info', 'unique' => 0)), - 'tableParameters' => array('charset' => 'utf8', 'collate' => 'utf8_bin', 'engine' => 'MyISAM') - ); - - public $events = array( - 'id' => array('type' => 'integer', 'null' => false, 'default' => null, 'key' => 'primary'), - 'org' => array('type' => 'string', 'null' => false, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'), - 'date' => array('type' => 'date', 'null' => false, 'default' => null), - //'risk' ENUM - 'info' => array('type' => 'text', 'null' => false, 'default' => null, 'key' => 'index', 'collate' => 'utf8_unicode_ci', 'charset' => 'utf8'), - 'user_id' => array('type' => 'integer', 'null' => false, 'default' => null), - //'alerted' => array('type' => 'boolean', 'null' => false, 'default' => '0'), - 'uuid' => array('type' => 'string', 'null' => false, 'default' => null, 'length' => 40, 'key' => 'index', 'collate' => 'utf8_bin', 'charset' => 'utf8'), - 'private' => array('type' => 'boolean', 'null' => false, 'default' => null), - 'published' => array('type' => 'boolean', 'null' => false, 'default' => '0'), - 'revision' => array('type' => 'boolean', 'null' => false, 'default' => null), - 'cluster' => array('type' => 'boolean', 'null' => false, 'default' => null), - 'communitie' => array('type' => 'boolean', 'null' => false, 'default' => null), - 'attribute_count' => array('type' => 'integer', 'null' => false, 'default' => null, 'length' => 11), - 'hop_count' => array('type' => 'integer', 'null' => false, 'default' => '0', 'length' => 11), - 'indexes' => array('PRIMARY' => array('column' => 'id', 'unique' => 1), 'uuid' => array('column' => 'uuid', 'unique' => 0), 'info' => array('column' => 'info', 'unique' => 0)), - 'tableParameters' => array('charset' => 'utf8', 'collate' => 'utf8_bin', 'engine' => 'MyISAM') - ); - - public $logs = array( - 'id' => array('type' => 'integer', 'null' => false, 'default' => null, 'key' => 'primary'), - 'title' => array('type' => 'string', 'null' => true, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'), - 'created' => array('type' => 'datetime', 'null' => true, 'default' => null), - 'model' => array('type' => 'string', 'null' => true, 'default' => null, 'length' => 20, 'collate' => 'utf8_bin', 'charset' => 'utf8'), - 'model_id' => array('type' => 'integer', 'null' => true, 'default' => null), - 'action' => array('type' => 'string', 'null' => true, 'default' => null, 'length' => 20, 'collate' => 'utf8_bin', 'charset' => 'utf8'), - 'user_id' => array('type' => 'integer', 'null' => true, 'default' => null), - 'change' => array('type' => 'string', 'null' => true, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'), - 'email' => array('type' => 'string', 'null' => true, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'), - 'org' => array('type' => 'string', 'null' => true, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'), - 'description' => array('type' => 'string', 'null' => true, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'), - 'indexes' => array('PRIMARY' => array('column' => 'id', 'unique' => 1)), - 'tableParameters' => array('charset' => 'utf8', 'collate' => 'utf8_bin', 'engine' => 'MyISAM') - ); - - public $regex = array( - 'id' => array('type' => 'integer', 'null' => false, 'default' => null, 'key' => 'primary'), - 'regex' => array('type' => 'string', 'null' => false, 'default' => null, 'length' => 255, 'collate' => 'utf8_bin', 'charset' => 'utf8'), - 'replacement' => array('type' => 'string', 'null' => false, 'default' => null, 'length' => 255, 'collate' => 'utf8_bin', 'charset' => 'utf8'), - 'indexes' => array('PRIMARY' => array('column' => 'id', 'unique' => 1)), - 'tableParameters' => array('charset' => 'utf8', 'collate' => 'utf8_bin', 'engine' => 'MyISAM') - ); - - public $roles = array( - 'id' => array('type' => 'integer', 'null' => false, 'default' => null, 'key' => 'primary'), - 'name' => array('type' => 'string', 'null' => false, 'default' => null, 'length' => 100, 'collate' => 'latin1_swedish_ci', 'charset' => 'latin1'), - 'created' => array('type' => 'datetime', 'null' => true, 'default' => null), - 'modified' => array('type' => 'datetime', 'null' => true, 'default' => null), - 'perm_add' => array('type' => 'boolean', 'null' => true, 'default' => null), - 'perm_modify' => array('type' => 'boolean', 'null' => true, 'default' => null), - 'perm_publish' => array('type' => 'boolean', 'null' => true, 'default' => null), - 'perm_full' => array('type' => 'boolean', 'null' => true, 'default' => null), - 'perm_auth' => array('type' => 'boolean', 'null' => true, 'default' => null), - 'indexes' => array('PRIMARY' => array('column' => 'id', 'unique' => 1)), - 'tableParameters' => array('charset' => 'latin1', 'collate' => 'latin1_swedish_ci', 'engine' => 'InnoDB') - ); - - public $servers = array( - 'id' => array('type' => 'integer', 'null' => false, 'default' => null, 'key' => 'primary'), - 'url' => array('type' => 'string', 'null' => false, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'), - 'authkey' => array('type' => 'string', 'null' => false, 'default' => null, 'length' => 40, 'collate' => 'utf8_bin', 'charset' => 'utf8'), - 'org' => array('type' => 'string', 'null' => false, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'), - 'organization' => array('type' => 'string', 'null' => false, 'default' => null, 'length' => 10, 'collate' => 'utf8_bin', 'charset' => 'utf8'), - 'push' => array('type' => 'boolean', 'null' => false, 'default' => null), - 'pull' => array('type' => 'boolean', 'null' => false, 'default' => null), - 'lastpulledid' => array('type' => 'integer', 'null' => false, 'default' => null), - 'lastpushedid' => array('type' => 'integer', 'null' => false, 'default' => null), - 'indexes' => array('PRIMARY' => array('column' => 'id', 'unique' => 1)), - 'tableParameters' => array('charset' => 'utf8', 'collate' => 'utf8_bin', 'engine' => 'MyISAM') - ); - - public $users = array( - 'id' => array('type' => 'integer', 'null' => false, 'default' => null, 'key' => 'primary'), - 'password' => array('type' => 'string', 'null' => false, 'default' => null, 'length' => 40, 'key' => 'index', 'collate' => 'utf8_bin', 'charset' => 'utf8'), - 'org' => array('type' => 'string', 'null' => false, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'), - 'email' => array('type' => 'string', 'null' => false, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'), - 'autoalert' => array('type' => 'boolean', 'null' => false, 'default' => null), - 'authkey' => array('type' => 'string', 'null' => false, 'default' => null, 'length' => 40, 'collate' => 'utf8_bin', 'charset' => 'utf8'), - 'invited_by' => array('type' => 'integer', 'null' => false, 'default' => null), - 'gpgkey' => array('type' => 'text', 'null' => false, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'), - 'nids_sid' => array('type' => 'integer', 'null' => false, 'default' => null, 'length' => 15), - 'termsaccepted' => array('type' => 'boolean', 'null' => false, 'default' => null), - 'newsread' => array('type' => 'date', 'null' => false, 'default' => null), - 'role_id' => array('type' => 'integer', 'null' => true, 'default' => null), - 'indexes' => array('PRIMARY' => array('column' => 'id', 'unique' => 1), 'username' => array('column' => 'password', 'unique' => 0)), - 'tableParameters' => array('charset' => 'utf8', 'collate' => 'utf8_bin', 'engine' => 'MyISAM') - ); - - public $whitelists = array( - 'id' => array('type' => 'integer', 'null' => false, 'default' => null, 'key' => 'primary'), - 'name' => array('type' => 'text', 'null' => false, 'default' => null, 'key' => 'index', 'collate' => 'utf8_unicode_ci', 'charset' => 'utf8'), - 'indexes' => array('PRIMARY' => array('column' => 'id', 'unique' => 1)), - 'tableParameters' => array('charset' => 'utf8', 'collate' => 'utf8_bin', 'engine' => 'MyISAM') - ); -} + array('type' => 'integer', 'null' => false, 'default' => null, 'key' => 'primary'), + 'event_id' => array('type' => 'integer', 'null' => false, 'default' => null, 'key' => 'index'), + 'type' => array('type' => 'string', 'null' => false, 'default' => null, 'length' => 100, 'collate' => 'utf8_unicode_ci', 'charset' => 'utf8'), + 'category' => array('type' => 'string', 'null' => false, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'), + 'value1' => array('type' => 'text', 'null' => true, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'), + 'to_ids' => array('type' => 'boolean', 'null' => false, 'default' => '1'), + 'uuid' => array('type' => 'string', 'null' => false, 'default' => null, 'length' => 40, 'key' => 'index', 'collate' => 'utf8_bin', 'charset' => 'utf8'), + 'revision' => array('type' => 'integer', 'null' => false, 'default' => '0', 'length' => 10), + 'private' => array('type' => 'boolean', 'null' => false, 'default' => null), + 'value2' => array('type' => 'text', 'null' => true, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'), + 'cluster' => array('type' => 'boolean', 'null' => false, 'default' => null), + 'communitie' => array('type' => 'boolean', 'null' => false, 'default' => null), + 'indexes' => array('PRIMARY' => array('column' => 'id', 'unique' => 1), 'event_id' => array('column' => 'event_id', 'unique' => 0), 'uuid' => array('column' => 'uuid', 'unique' => 0)), + 'tableParameters' => array('charset' => 'utf8', 'collate' => 'utf8_bin', 'engine' => 'MyISAM') + ); + + public $bruteforces = array( + 'ip' => array('type' => 'string', 'null' => false, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'), + 'username' => array('type' => 'string', 'null' => false, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'), + 'expire' => array('type' => 'datetime', 'null' => false, 'default' => null), + 'indexes' => array(), + 'tableParameters' => array('charset' => 'utf8', 'collate' => 'utf8_bin', 'engine' => 'MyISAM') + ); + + public $correlations = array( + 'id' => array('type' => 'integer', 'null' => false, 'default' => null, 'key' => 'primary'), + '1_event_id' => array('type' => 'integer', 'null' => false, 'default' => null, 'key' => 'index'), + '1_attribute_id' => array('type' => 'integer', 'null' => false, 'default' => null, 'key' => 'index'), + '1_private' => array('type' => 'boolean', 'null' => false, 'default' => '0'), + 'event_id' => array('type' => 'integer', 'null' => false, 'default' => null, 'key' => 'index'), + 'attribute_id' => array('type' => 'integer', 'null' => false, 'default' => null, 'key' => 'index'), + 'org' => array('type' => 'string', 'null' => false, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'), + 'private' => array('type' => 'boolean', 'null' => false, 'default' => null), + 'cluster' => array('type' => 'boolean', 'null' => false, 'default' => null), + 'indexes' => array('PRIMARY' => array('column' => 'id', 'unique' => 1), 'uuid' => array('column' => 'uuid', 'unique' => 0), 'info' => array('column' => 'info', 'unique' => 0)), + 'tableParameters' => array('charset' => 'utf8', 'collate' => 'utf8_bin', 'engine' => 'MyISAM') + ); + + public $events = array( + 'id' => array('type' => 'integer', 'null' => false, 'default' => null, 'key' => 'primary'), + 'org' => array('type' => 'string', 'null' => false, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'), + 'date' => array('type' => 'date', 'null' => false, 'default' => null), + //'risk' ENUM + 'info' => array('type' => 'text', 'null' => false, 'default' => null, 'key' => 'index', 'collate' => 'utf8_unicode_ci', 'charset' => 'utf8'), + 'user_id' => array('type' => 'integer', 'null' => false, 'default' => null), + //'alerted' => array('type' => 'boolean', 'null' => false, 'default' => '0'), + 'uuid' => array('type' => 'string', 'null' => false, 'default' => null, 'length' => 40, 'key' => 'index', 'collate' => 'utf8_bin', 'charset' => 'utf8'), + 'private' => array('type' => 'boolean', 'null' => false, 'default' => null), + 'published' => array('type' => 'boolean', 'null' => false, 'default' => '0'), + 'revision' => array('type' => 'boolean', 'null' => false, 'default' => null), + 'cluster' => array('type' => 'boolean', 'null' => false, 'default' => null), + 'communitie' => array('type' => 'boolean', 'null' => false, 'default' => null), + 'attribute_count' => array('type' => 'integer', 'null' => false, 'default' => null, 'length' => 11), + 'hop_count' => array('type' => 'integer', 'null' => false, 'default' => '0', 'length' => 11), + 'indexes' => array('PRIMARY' => array('column' => 'id', 'unique' => 1), 'uuid' => array('column' => 'uuid', 'unique' => 0), 'info' => array('column' => 'info', 'unique' => 0)), + 'tableParameters' => array('charset' => 'utf8', 'collate' => 'utf8_bin', 'engine' => 'MyISAM') + ); + + public $logs = array( + 'id' => array('type' => 'integer', 'null' => false, 'default' => null, 'key' => 'primary'), + 'title' => array('type' => 'string', 'null' => true, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'), + 'created' => array('type' => 'datetime', 'null' => true, 'default' => null), + 'model' => array('type' => 'string', 'null' => true, 'default' => null, 'length' => 20, 'collate' => 'utf8_bin', 'charset' => 'utf8'), + 'model_id' => array('type' => 'integer', 'null' => true, 'default' => null), + 'action' => array('type' => 'string', 'null' => true, 'default' => null, 'length' => 20, 'collate' => 'utf8_bin', 'charset' => 'utf8'), + 'user_id' => array('type' => 'integer', 'null' => true, 'default' => null), + 'change' => array('type' => 'string', 'null' => true, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'), + 'email' => array('type' => 'string', 'null' => true, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'), + 'org' => array('type' => 'string', 'null' => true, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'), + 'description' => array('type' => 'string', 'null' => true, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'), + 'indexes' => array('PRIMARY' => array('column' => 'id', 'unique' => 1)), + 'tableParameters' => array('charset' => 'utf8', 'collate' => 'utf8_bin', 'engine' => 'MyISAM') + ); + + public $regex = array( + 'id' => array('type' => 'integer', 'null' => false, 'default' => null, 'key' => 'primary'), + 'regex' => array('type' => 'string', 'null' => false, 'default' => null, 'length' => 255, 'collate' => 'utf8_bin', 'charset' => 'utf8'), + 'replacement' => array('type' => 'string', 'null' => false, 'default' => null, 'length' => 255, 'collate' => 'utf8_bin', 'charset' => 'utf8'), + 'indexes' => array('PRIMARY' => array('column' => 'id', 'unique' => 1)), + 'tableParameters' => array('charset' => 'utf8', 'collate' => 'utf8_bin', 'engine' => 'MyISAM') + ); + + public $roles = array( + 'id' => array('type' => 'integer', 'null' => false, 'default' => null, 'key' => 'primary'), + 'name' => array('type' => 'string', 'null' => false, 'default' => null, 'length' => 100, 'collate' => 'latin1_swedish_ci', 'charset' => 'latin1'), + 'created' => array('type' => 'datetime', 'null' => true, 'default' => null), + 'modified' => array('type' => 'datetime', 'null' => true, 'default' => null), + 'perm_add' => array('type' => 'boolean', 'null' => true, 'default' => null), + 'perm_modify' => array('type' => 'boolean', 'null' => true, 'default' => null), + 'perm_publish' => array('type' => 'boolean', 'null' => true, 'default' => null), + 'perm_full' => array('type' => 'boolean', 'null' => true, 'default' => null), + 'perm_auth' => array('type' => 'boolean', 'null' => true, 'default' => null), + 'indexes' => array('PRIMARY' => array('column' => 'id', 'unique' => 1)), + 'tableParameters' => array('charset' => 'latin1', 'collate' => 'latin1_swedish_ci', 'engine' => 'InnoDB') + ); + + public $servers = array( + 'id' => array('type' => 'integer', 'null' => false, 'default' => null, 'key' => 'primary'), + 'url' => array('type' => 'string', 'null' => false, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'), + 'authkey' => array('type' => 'string', 'null' => false, 'default' => null, 'length' => 40, 'collate' => 'utf8_bin', 'charset' => 'utf8'), + 'org' => array('type' => 'string', 'null' => false, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'), + 'organization' => array('type' => 'string', 'null' => false, 'default' => null, 'length' => 10, 'collate' => 'utf8_bin', 'charset' => 'utf8'), + 'push' => array('type' => 'boolean', 'null' => false, 'default' => null), + 'pull' => array('type' => 'boolean', 'null' => false, 'default' => null), + 'lastpulledid' => array('type' => 'integer', 'null' => false, 'default' => null), + 'lastpushedid' => array('type' => 'integer', 'null' => false, 'default' => null), + 'indexes' => array('PRIMARY' => array('column' => 'id', 'unique' => 1)), + 'tableParameters' => array('charset' => 'utf8', 'collate' => 'utf8_bin', 'engine' => 'MyISAM') + ); + + public $users = array( + 'id' => array('type' => 'integer', 'null' => false, 'default' => null, 'key' => 'primary'), + 'password' => array('type' => 'string', 'null' => false, 'default' => null, 'length' => 40, 'key' => 'index', 'collate' => 'utf8_bin', 'charset' => 'utf8'), + 'org' => array('type' => 'string', 'null' => false, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'), + 'email' => array('type' => 'string', 'null' => false, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'), + 'autoalert' => array('type' => 'boolean', 'null' => false, 'default' => null), + 'authkey' => array('type' => 'string', 'null' => false, 'default' => null, 'length' => 40, 'collate' => 'utf8_bin', 'charset' => 'utf8'), + 'invited_by' => array('type' => 'integer', 'null' => false, 'default' => null), + 'gpgkey' => array('type' => 'text', 'null' => false, 'default' => null, 'collate' => 'utf8_bin', 'charset' => 'utf8'), + 'nids_sid' => array('type' => 'integer', 'null' => false, 'default' => null, 'length' => 15), + 'termsaccepted' => array('type' => 'boolean', 'null' => false, 'default' => null), + 'newsread' => array('type' => 'date', 'null' => false, 'default' => null), + 'role_id' => array('type' => 'integer', 'null' => true, 'default' => null), + 'indexes' => array('PRIMARY' => array('column' => 'id', 'unique' => 1), 'username' => array('column' => 'password', 'unique' => 0)), + 'tableParameters' => array('charset' => 'utf8', 'collate' => 'utf8_bin', 'engine' => 'MyISAM') + ); + + public $whitelists = array( + 'id' => array('type' => 'integer', 'null' => false, 'default' => null, 'key' => 'primary'), + 'name' => array('type' => 'text', 'null' => false, 'default' => null, 'key' => 'index', 'collate' => 'utf8_unicode_ci', 'charset' => 'utf8'), + 'indexes' => array('PRIMARY' => array('column' => 'id', 'unique' => 1)), + 'tableParameters' => array('charset' => 'utf8', 'collate' => 'utf8_bin', 'engine' => 'MyISAM') + ); +} diff --git a/app/Config/bootstrap.default.php b/app/Config/bootstrap.default.php index 5873225f9..47dafc02e 100755 --- a/app/Config/bootstrap.default.php +++ b/app/Config/bootstrap.default.php @@ -114,28 +114,28 @@ Configure::write('CyDefSIG.footerpart1', 'Powered by CyDefSIG'); Configure::write('CyDefSIG.footerpart2', '© Belgian Defense CERT & NCIRC'); Configure::write('CyDefSIG.footer', Configure::read('CyDefSIG.footerpart1') . ' ' . Configure::read('CyDefSIG.footerpart2')); Configure::write('CyDefSIG.footerversion', Configure::read('CyDefSIG.footerpart1') . ' version ' . Configure::read('CyDefSIG.version') . ' ' . Configure::read('CyDefSIG.footerpart2')); -Configure::write('CyDefSIG.org', 'BE MOD'); // if sync this will be Event.org content on the peer side -Configure::write('CyDefSIG.logo', 'orgs/MIL.be.png'); // used in Events::index for owned events +Configure::write('CyDefSIG.org', 'BE MOD'); // if sync this will be Event.org content on the peer side +Configure::write('CyDefSIG.logo', 'orgs/MIL.be.png'); // used in Events::index for owned events -Configure::write('CyDefSIG.showorg', 'true'); // show the name/flag of the organisation that uploaded the data -Configure::write('CyDefSIG.showowner', 'false'); // show the email of the owner that uploaded the data -Configure::write('CyDefSIG.sync', 'false'); // enable features related to syncing with other CyDefSIG instances -Configure::write('CyDefSIG.private', 'true'); // respect private to org or server. +Configure::write('CyDefSIG.showorg', 'true'); // show the name/flag of the organisation that uploaded the data +Configure::write('CyDefSIG.showowner', 'false'); // show the email of the owner that uploaded the data +Configure::write('CyDefSIG.sync', 'false'); // enable features related to syncing with other CyDefSIG instances +Configure::write('CyDefSIG.private', 'true'); // respect private to org or server. if ('true' == Configure::read('CyDefSIG.private')) { Configure::write('CyDefSIG.sync', 'true'); } -Configure::write('CyDefSIG.email', 'no-reply@sig.mil.be'); // email from for all the mails +Configure::write('CyDefSIG.email', 'no-reply@sig.mil.be'); // email from for all the mails -Configure::write('GnuPG.onlyencrypted', 'true'); // only allow encrypted email, do not allow plaintext mails +Configure::write('GnuPG.onlyencrypted', 'true'); // only allow encrypted email, do not allow plaintext mails Configure::write('GnuPG.email', 'no-reply@sig.mil.be'); Configure::write('GnuPG.password', 'ii3naxoK|o2a'); Configure::write('GnuPG.homedir', '/Users/chri/Documents/Work/Projects/201107-CyDefSIG/.gnupg/'); -Configure::write('SecureAuth.amount', 5); // the maximum amount of failed logins -Configure::write('SecureAuth.expire', 300); // the time-window for the maximum amount of logins in seconds +Configure::write('SecureAuth.amount', 5); // the maximum amount of failed logins +Configure::write('SecureAuth.expire', 300); // the time-window for the maximum amount of logins in seconds -Configure::write('CyDefSIG.correlation', 'db'); // correlation between attributes of events. +Configure::write('CyDefSIG.correlation', 'db'); // correlation between attributes of events. // possible values: // - default, like it was (this is depreciated, use 'db' instead) // - db, correlation in database diff --git a/app/Console/Command/PasswordShell.php b/app/Console/Command/PasswordShell.php index 7d33af2f1..da3d58ee0 100755 --- a/app/Console/Command/PasswordShell.php +++ b/app/Console/Command/PasswordShell.php @@ -27,7 +27,7 @@ class PasswordShell extends AppShell { $this->out(print_r($this->User->invalidFields(), true)); } - echo 'Updated ', PHP_EOL; + echo 'Updated ', PHP_EOL; exit; } } \ No newline at end of file diff --git a/app/Controller/AppController.php b/app/Controller/AppController.php index a1a790064..c2c26fdec 100755 --- a/app/Controller/AppController.php +++ b/app/Controller/AppController.php @@ -126,6 +126,7 @@ class AppController extends Controller { // These variables are required for every view $this->set('me', Sanitize::clean($this->Auth->user())); $this->set('isAdmin', $this->_isAdmin()); + $this->set('isSiteAdmin', $this->_isSiteAdmin()); // TODO ACL: 5: from Controller to Views $this->set('isAclAdd', $this->checkAcl('add')); @@ -170,6 +171,9 @@ class AppController extends Controller { return false; } +/** + * checks if the currently logged user is a site administrator + */ protected function _isSiteAdmin() { $org = $this->Auth->user('org'); if (isset($org) && $org === 'ADMIN') { @@ -178,6 +182,10 @@ class AppController extends Controller { return false; } + protected function _checkOrg() { + return $this->Auth->user('org'); + } + /** * Refreshes the Auth session with new/updated data * @return void @@ -371,10 +379,14 @@ class AppController extends Controller { throw new NotFoundException(); } - $this->generatePrivate(); + // Deprecated - generate Private sets the values for the 3 distribution fields on migration - however the new SQL scheme sets cluster + communitie + // to false, which means that private will become org only and non-private will become all communities - which is desired behaviour. + // $this->generatePrivate(); $this->generateCorrelation(); // TODO $this->generateCount(); - $this->generateHop($yourOrg); + // Deprecated - hop unused currently, also, it would generate hop count 1 for all local events created by other hosted orgs. + // $this->generateHop($yourOrg); + $this->generateArosAcos(); } public function generateArosAcos() { @@ -389,7 +401,7 @@ class AppController extends Controller { public function generateACL($inc) { if (!self::_isAdmin()) throw new NotFoundException(); - if($inc['Role']['permission'] == null) $inc['Role']['permission'] = 0; + if ($inc['Role']['permission'] == null) $inc['Role']['permission'] = 0; switch ($inc['Role']['permission']) { case '0': $permAdd = false; @@ -418,6 +430,7 @@ class AppController extends Controller { default: break; } + //$this->Acl->allow($inc, 'controllers/Events/add'); if ($permAdd) { $this->Acl->allow($inc, 'controllers/Events/add'); $this->Acl->allow($inc, 'controllers/Attributes/add'); @@ -453,12 +466,11 @@ class AppController extends Controller { $this->Acl->deny($inc, 'controllers/Logs'); } - if (isset($inc['Role']['perm_admin'])) { - if ($inc['Role']['perm_admin']) { + if (isset($inc['Role']['perm_admin']) && $inc['Role']['perm_admin']) { //$this->Acl->allow($inc, 'controllers/Logs'); - } } else { $this->Acl->deny($inc, 'controllers/Roles'); + //$this->Acl->deny($inc, 'controllers'); } if (isset($inc['Role']['perm_auth'])) { if ($inc['Role']['perm_auth']) { @@ -583,6 +595,10 @@ class AppController extends Controller { $attribute['Attribute']['private'] = true; $attribute['Attribute']['cluster'] = false; $attribute['Attribute']['communitie'] = false; + } else { + $attribute['Attribute']['private'] = false; + $attribute['Attribute']['cluster'] = false; + $attribute['Attribute']['communitie'] = false; } $this->Attribute->save($attribute); } @@ -595,10 +611,18 @@ class AppController extends Controller { $events = $this->Event->find('all', array('recursive' => 0)); foreach ($events as $event) { if ($event['Event']['private']) { - $attribute['Event']['private'] = true; - $attribute['Event']['cluster'] = false; - $attribute['Event']['communitie'] = false; + $event['Event']['private'] = true; + $event['Event']['cluster'] = false; + $event['Event']['communitie'] = false; + } else { + $event['Event']['private'] = false; + $event['Event']['cluster'] = false; + $event['Event']['communitie'] = false; } + $event['Event']['orgc'] = $event['Event']['org']; + $event['Event']['dist_change'] = 0; + $event['Event']['analysis'] = 2; + $event['Event']['hop_count'] = 0; $this->Event->save($event); } } diff --git a/app/Controller/AttributesController.php b/app/Controller/AttributesController.php index 366a9a260..d108e48a7 100755 --- a/app/Controller/AttributesController.php +++ b/app/Controller/AttributesController.php @@ -303,12 +303,8 @@ class AttributesController extends AppController { } $this->Attribute->read(); - if (PHP_OS == 'WINNT') { - $path = APP . "files" . DS . $this->Attribute->data['Attribute']['event_id'] . DS; - $file = $this->Attribute->data['Attribute']['id']; - } else { - $file = new File(APP . "files" . DS . $this->Attribute->data['Attribute']['event_id'] . DS . $this->Attribute->data['Attribute']['id']); - } + $path = APP . "files" . DS . $this->Attribute->data['Attribute']['event_id'] . DS; + $file = $this->Attribute->data['Attribute']['id']; $filename = ''; if ('attachment' == $this->Attribute->data['Attribute']['type']) { $filename = Sanitize::clean($this->Attribute->data['Attribute']['value']); @@ -324,23 +320,13 @@ class AttributesController extends AppController { } $this->viewClass = 'Media'; - if (PHP_OS == 'WINNT') { - $params = array( + $params = array( 'id' => $file, 'name' => $filename, 'extension' => $fileExt, 'download' => true, 'path' => $path - ); - } else { - $params = array( - 'id' => $file->path, - 'name' => $filename, - 'extension' => $fileExt, - 'download' => true, - 'path' => DS - ); - } + ); $this->set($params); } @@ -371,17 +357,18 @@ class AttributesController extends AppController { // remove the published flag from the event $this->Event->id = $this->request->data['Attribute']['event_id']; $this->Event->saveField('published', 0); - // save the file-info in the database $this->Attribute->create(); if ($this->request->data['Attribute']['malware']) { $this->request->data['Attribute']['type'] = "malware-sample"; $filename = Sanitize::clean($filename); + preg_replace('/\//:*?"<>/', '', $filename); $this->request->data['Attribute']['value'] = $filename . '|' . $tmpfile->md5(); // TODO gives problems with bigger files $this->request->data['Attribute']['to_ids'] = 1; // LATER let user choose to send this to IDS } else { $this->request->data['Attribute']['type'] = "attachment"; $filename = Sanitize::clean($filename); + preg_replace('/\/:*?"<>/', '', $filename); $this->request->data['Attribute']['value'] = $filename; $this->request->data['Attribute']['to_ids'] = 0; } @@ -521,11 +508,14 @@ class AttributesController extends AppController { if (!$this->Attribute->exists()) { throw new NotFoundException(__('Invalid attribute')); } + $this->Attribute->read(); + //set stuff to fix undefined index: uuid + if (!$this->_isRest()) { + $uuid = $this->Attribute->data['Attribute']['uuid']; + } // only own attributes verified by isAuthorized - if ('true' == Configure::read('CyDefSIG.private')) { if (!$this->_IsAdmin()) { - $this->Attribute->read(null, $id); // check for non-private and re-read if (($this->Attribute->data['Event']['org'] != $this->Auth->user('org')) || (($this->Attribute->data['Event']['org'] == $this->Auth->user('org')) && ($this->Attribute->data['Event']['user_id'] != $this->Auth->user('id')) && (!$this->checkAcl('edit') || !$this->checkRole() || !$this->checkAcl('publish')))) { $this->Session->setFlash(__('Invalid attribute.')); @@ -534,7 +524,6 @@ class AttributesController extends AppController { } } - $this->Attribute->read(); $eventId = $this->Attribute->data['Attribute']['event_id']; if ('attachment' == $this->Attribute->data['Attribute']['type'] || 'malware-sample' == $this->Attribute->data['Attribute']['type'] ) { @@ -545,7 +534,6 @@ class AttributesController extends AppController { } else { $this->set('attachment', false); } - if ($this->request->is('post') || $this->request->is('put')) { if ('true' == Configure::read('CyDefSIG.private')) { $this->request->data = $this->Attribute->massageData($this->request->data); @@ -553,24 +541,44 @@ class AttributesController extends AppController { // reposition to get the attribute.id with given uuid // Notice (8): Undefined index: uuid [APP/Controller/AttributesController.php, line 502] - $existingAttribute = $this->Attribute->findByUuid($this->request->data['Attribute']['uuid']); + // Fixed - uuid was not passed back from the form since it's not a field. Set the uuid in a variable for non rest users, rest should have uuid. + // Generally all of this should be _isRest() only, but that's something for later to think about + if ($this->_isRest()) { + $existingAttribute = $this->Attribute->findByUuid($this->request->data['Attribute']['uuid']); + } else { + $existingAttribute = $this->Attribute->findByUuid($uuid); + } if (count($existingAttribute)) { $this->request->data['Attribute']['id'] = $existingAttribute['Attribute']['id']; } - // say what fields are to be updated - $fieldList = array('category', 'type', 'value1', 'value2', 'to_ids', 'private', 'cluster'); + $fieldList = array('category', 'type', 'value1', 'value2', 'to_ids', 'private', 'cluster', 'value'); if ("i" == Configure::read('CyDefSIG.rest')) { unset($this->request->data['Event']); $this->Attribute->unbindModel(array('belongsTo' => array('Event'))); $this->request->data['Attribute']['event_id'] = $eventId; } + + $this->loadModel('Event'); + $this->Event->id = $eventId; + + // enabling / disabling the distribution field in the edit view based on whether user's org == orgc in the event + $this->Event->read(); + if(!$this->_isRest()) { + $canEditDist = false; + if ($this->Event->data['Event']['orgc'] == $this->_checkOrg()) { + $this->set('canEditDist', true); + $canEditDist = true; + } else { + $this->set('canEditDist', false); + } + if (isset($this->request->data['Attribute']['distribution']) && $this->request->data['Attribute']['distribution'] != $existingAttribute['Attribute']['distribution']) { + $this->request->data['Attribute']['dist_change'] = 1 + $existingAttribute['Attribute']['dist_change']; + } + } if ($this->Attribute->save($this->request->data)) { $this->Session->setFlash(__('The attribute has been saved')); - // remove the published flag from the event - $this->loadModel('Event'); - $this->Event->id = $eventId; $this->Event->saveField('published', 0); if ($this->_isRest()) { @@ -590,9 +598,21 @@ class AttributesController extends AppController { } else { $this->request->data = $this->Attribute->read(null, $id); } - // needed for RBAC + $this->set('attribute', Sanitize::clean($this->request->data)); + // enabling / disabling the distribution field in the edit view based on whether user's org == orgc in the event + $this->loadModel('Event'); + $this->Event->id = $eventId; + $this->Event->read(); + $canEditDist = false; + if ($this->Event->data['Event']['orgc'] == $this->_checkOrg()) { + $this->set('canEditDist', true); + $canEditDist = true; + } else { + $this->set('canEditDist', false); + } + // needed for RBAC // combobox for types $types = array_keys($this->Attribute->typeDefinitions); $types = $this->_arrayToValuesIndexArray($types); @@ -602,26 +622,29 @@ class AttributesController extends AppController { array_pop($categories); // remove that last empty/space option $categories = $this->_arrayToValuesIndexArray($categories); $this->set('categories', $categories); - $this->loadModel('Event'); - $events = $this->Event->findById($eventId); - $maxDist = $events['Event']['distribution']; - $this->set('maxDist', $maxDist); - // combobox for distribution - if (isset($maxDist)) { - $distributionsBeforeCut = array_keys($this->Attribute->distributionDescriptions); - $count = 0; - foreach ($distributionsBeforeCut as $current) { - $distributions[$count] = $current; - if ($distributions[$count] == $maxDist)break; - $count++; + + if ($canEditDist) { + $this->loadModel('Event'); + $events = $this->Event->findById($eventId); + $maxDist = $events['Event']['distribution']; + $this->set('maxDist', $maxDist); + // combobox for distribution + if (isset($maxDist)) { + $distributionsBeforeCut = array_keys($this->Attribute->distributionDescriptions); + $count = 0; + foreach ($distributionsBeforeCut as $current) { + $distributions[$count] = $current; + if ($distributions[$count] == $maxDist)break; + $count++; + } + } else { + $distributions = array_keys($this->Attribute->distributionDescriptions); } - } else { - $distributions = array_keys($this->Attribute->distributionDescriptions); + $distributions = $this->_arrayToValuesIndexArray($distributions); + $this->set('distributions', $distributions); + // tooltip for distribution + $this->set('distributionDescriptions', $this->Attribute->distributionDescriptions); } - $distributions = $this->_arrayToValuesIndexArray($distributions); - $this->set('distributions', $distributions); - // tooltip for distribution - $this->set('distributionDescriptions', $this->Attribute->distributionDescriptions); $this->set('attrDescriptions', $this->Attribute->fieldDescriptions); $this->set('typeDefinitions', $this->Attribute->typeDefinitions); @@ -656,12 +679,11 @@ class AttributesController extends AppController { // attachment will be deleted with the beforeDelete() function in the Model if ($this->Attribute->delete()) { - // delete the attribute from remote servers - //if ('true' == Configure::read('CyDefSIG.sync')) { - // // find the uuid - // $this->__deleteAttributeFromServers($uuid); - //} + if ('true' == Configure::read('CyDefSIG.sync')) { + // find the uuid + $this->__deleteAttributeFromServers($uuid); + } $this->Session->setFlash(__('Attribute deleted')); } else { @@ -678,9 +700,11 @@ class AttributesController extends AppController { */ private function __deleteAttributeFromServers($uuid) { // TODO private and delete .. bring up .. - //if (true == $result['Attribute']['private']) { // never upload private attributes - // return "Attribute is private and non exportable"; - //} + //$existingAttribute = $this->Attribute->findByUuid($this->request->data['Attribute']['uuid']); + if (true == $result['Attribute']['private']) { // never upload private attributes + // return "Attribute is private and non exportable"; + return; + } // get a list of the servers $this->loadModel('Server'); @@ -710,23 +734,60 @@ class AttributesController extends AppController { if ($this->request->is('post') && ($this->request->here == $fullAddress)) { $keyword = $this->request->data['Attribute']['keyword']; + $keyword2 = $this->request->data['Attribute']['keyword2']; $type = $this->request->data['Attribute']['type']; $category = $this->request->data['Attribute']['category']; $this->set('keywordSearch', $keyword); + $keyWordText = null; + $keyWordText2 = null; $this->set('typeSearch', $type); $this->set('isSearch', 1); $this->set('categorySearch', $category); // search the db $conditions = array(); - if ($keyword) { - $keywordArray = explode("\n", $keyword); - $i = 0; + if (isset($keyword)) { + $keywordArray = preg_split("/\r\n|\n|\r/", $keyword); + $i = 1; $temp = array(); foreach ($keywordArray as $keywordArrayElement) { - $keywordArrayElement = '%' . trim($keywordArrayElement) . '%'; - if ($keywordArrayElement != '%%') array_push($temp, array('Attribute.value LIKE' => $keywordArrayElement)); + $saveWord = trim($keywordArrayElement); + $keywordArrayElement = '%' . trim($keywordArrayElement) . '%'; + if ($keywordArrayElement != '%%') array_push($temp, array('Attribute.value LIKE' => $keywordArrayElement)); + if ($i == 1 && $saveWord != '') $keyWordText = $saveWord; + else if (($i > 1 && $i < 10) && $saveWord != '') $keyWordText = $keyWordText .', '. $saveWord; + else if ($i == 10 && $saveWord != '') $keyWordText = $keyWordText . ' and several other keywords'; + $i++; + } + $this->set('keywordSearch', $keyWordText); + if (!empty($temp)){ + if (count($temp) == 1) { + $conditions['Attribute.value LIKE'] = '%'.$keyWordText.'%'; + } else { + $conditions['OR'] = $temp; + } + } + } + if (isset($keyword2)) { + $keywordArray2 = preg_split("/\r\n|\n|\r/", $keyword2); + $i = 1; + $temp = array(); + foreach ($keywordArray2 as $keywordArrayElement) { + $saveWord = trim($keywordArrayElement); + if (!is_numeric($saveWord) || $saveWord < 1) continue; + array_push($temp, array('Attribute.event_id !=' => $keywordArrayElement)); + if ($i == 1 && $saveWord != '') $keyWordText2 = $saveWord; + else if (($i > 1 && $i < 10) && $saveWord != '') $keyWordText2 = $keyWordText2 .', '. $saveWord; + else if ($i == 10 && $saveWord != '') $keyWordText2 = $keyWordText2 . ' and several other events'; + $i++; + } + $this->set('keywordSearch2', $keyWordText2); + if (!empty($temp)){ + if (count($temp) == 1) { + $conditions['Attribute.event_id !='] = $keyWordText2; + } else { + $conditions['AND'] = $temp; + } } - $conditions['OR'] = $temp; } if ($type != 'ALL') { $conditions['Attribute.type ='] = $type; @@ -757,6 +818,12 @@ class AttributesController extends AppController { $attributes = Sanitize::clean($this->paginate(), array('remove' => true, 'remove_html' => true, 'encode' => true, 'newline' => true)); foreach ($attributes as &$attribute) { $attribute['Attribute']['value'] = str_replace('\n', chr(10), $attribute['Attribute']['value']); + foreach ($keywordArray as $keywordArrayElement) { + $keywordArrayElement = trim($keywordArrayElement); + if ($attribute['Attribute']['type'] != 'malware-sample' && $attribute['Attribute']['type'] != 'link' && $attribute['Attribute']['type'] != 'attachment') { + $attribute['Attribute']['value'] = preg_replace('%'.$keywordArrayElement.'%', ''.$keywordArrayElement.'', $attribute['Attribute']['value']); + } + } } $this->set('attributes', $attributes); diff --git a/app/Controller/Component/NidsExportComponent.php b/app/Controller/Component/NidsExportComponent.php index f6f7d5731..ff3abf133 100755 --- a/app/Controller/Component/NidsExportComponent.php +++ b/app/Controller/Component/NidsExportComponent.php @@ -46,7 +46,7 @@ class NidsExportComponent extends Component { $ruleFormatReference = 'reference:url,' . Configure::read('CyDefSIG.baseurl') . '/events/view/' . $item['Event']['id']; $ruleFormat = '%salert %s %s %s %s %s %s (' . $ruleFormatMsg . '; %s %s classtype:' . $this->classtype . '; sid:%d; rev:%d; priority:' . $priority . '; ' . $ruleFormatReference . ';) '; - $sid = $startSid + ($item['Attribute']['id'] * 10); // leave 9 possible rules per attribute type + $sid = $startSid + ($item['Attribute']['id'] * 10); // leave 9 possible rules per attribute type $attribute = &$item['Attribute']; $sid++; @@ -99,17 +99,17 @@ class NidsExportComponent extends Component { $overruled = in_array($attribute['value'], $this->whitelist); $this->rules[] = sprintf($ruleFormat, ($overruled) ? '#OVERRULED BY WHITELIST# ' : '', - 'ip', // proto + 'ip', // proto '$HOME_NET', // src_ip - 'any', // src_port - '->', // direction + 'any', // src_port + '->', // direction $attribute['value'], // dst_ip - 'any', // dst_port - 'Outgoing To IP: ' . $attribute['value'], // msg - '', // rule_content - '', // tag - $sid, // sid - 1 // rev + 'any', // dst_port + 'Outgoing To IP: ' . $attribute['value'], // msg + '', // rule_content + '', // tag + $sid, // sid + 1 // rev ); } @@ -117,17 +117,17 @@ class NidsExportComponent extends Component { $overruled = in_array($attribute['value'], $this->whitelist); $this->rules[] = sprintf($ruleFormat, ($overruled) ? '#OVERRULED BY WHITELIST# ' : '', - 'ip', // proto + 'ip', // proto $attribute['value'], // src_ip - 'any', // src_port - '->', // direction + 'any', // src_port + '->', // direction '$HOME_NET', // dst_ip - 'any', // dst_port - 'Incoming From IP: ' . $attribute['value'], // msg - '', // rule_content - '', // tag - $sid, // sid - 1 // rev + 'any', // dst_port + 'Incoming From IP: ' . $attribute['value'], // msg + '', // rule_content + '', // tag + $sid, // sid + 1 // rev ); } @@ -135,17 +135,17 @@ class NidsExportComponent extends Component { $content = 'flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"' . $attribute['value'] . '"; nocase;'; $this->rules[] = sprintf($ruleFormat, (false) ? '#OVERRULED BY WHITELIST# ' : '', - 'tcp', // proto + 'tcp', // proto '$EXTERNAL_NET', // src_ip - 'any', // src_port - '<>', // direction + 'any', // src_port + '<>', // direction '$SMTP_SERVERS', // dst_ip - '25', // dst_port - 'Source Email Address: ' . $attribute['value'], // msg - $content, // rule_content - 'tag:session,600,seconds;', // tag - $sid, // sid - 1 // rev + '25', // dst_port + 'Source Email Address: ' . $attribute['value'], // msg + $content, // rule_content + 'tag:session,600,seconds;', // tag + $sid, // sid + 1 // rev ); } @@ -153,17 +153,17 @@ class NidsExportComponent extends Component { $content = 'flow:established,to_server; content:"RCPT TO|3a|"; nocase; content:"' . $attribute['value'] . '"; nocase;'; $this->rules[] = sprintf($ruleFormat, (false) ? '#OVERRULED BY WHITELIST# ' : '', - 'tcp', // proto + 'tcp', // proto '$EXTERNAL_NET', // src_ip - 'any', // src_port - '<>', // direction + 'any', // src_port + '<>', // direction '$SMTP_SERVERS', // dst_ip - '25', // dst_port - 'Destination Email Address: ' . $attribute['value'],// msg - $content, // rule_content - 'tag:session,600,seconds;', // tag - $sid, // sid - 1 // rev + '25', // dst_port + 'Destination Email Address: ' . $attribute['value'], // msg + $content, // rule_content + 'tag:session,600,seconds;', // tag + $sid, // sid + 1 // rev ); } @@ -172,17 +172,17 @@ class NidsExportComponent extends Component { $content = 'flow:established,to_server; content:"Subject|3a|"; nocase; content:"' . $attribute['value'] . '"; nocase;'; $this->rules[] = sprintf($ruleFormat, (false) ? '#OVERRULED BY WHITELIST# ' : '', - 'tcp', // proto + 'tcp', // proto '$EXTERNAL_NET', // src_ip - 'any', // src_port - '<>', // direction + 'any', // src_port + '<>', // direction '$SMTP_SERVERS', // dst_ip - '25', // dst_port + '25', // dst_port 'Bad Email Subject', // msg - $content, // rule_content - 'tag:session,600,seconds;', // tag - $sid, // sid - 1 // rev + $content, // rule_content + 'tag:session,600,seconds;', // tag + $sid, // sid + 1 // rev ); } @@ -191,17 +191,17 @@ class NidsExportComponent extends Component { $content = 'flow:established,to_server; content:"Content-Disposition: attachment|3b| filename=|22|"; content:"' . $attribute['value'] . '|22|";'; $this->rules[] = sprintf($ruleFormat, (false) ? '#OVERRULED BY WHITELIST# ' : '', - 'tcp', // proto + 'tcp', // proto '$EXTERNAL_NET', // src_ip - 'any', // src_port - '<>', // direction + 'any', // src_port + '<>', // direction '$SMTP_SERVERS', // dst_ip - '25', // dst_port - 'Bad Email Attachment', // msg - $content, // rule_content // LATER nids - test and finetune this snort rule https://secure.wikimedia.org/wikipedia/en/wiki/MIME#Content-Disposition - 'tag:session,600,seconds;', // tag - $sid, // sid - 1 // rev + '25', // dst_port + 'Bad Email Attachment', // msg + $content, // rule_content // LATER nids - test and finetune this snort rule https://secure.wikimedia.org/wikipedia/en/wiki/MIME#Content-Disposition + 'tag:session,600,seconds;', // tag + $sid, // sid + 1 // rev ); } @@ -210,32 +210,32 @@ class NidsExportComponent extends Component { $content = 'content:"' . $this->dnsNameToRawFormat($attribute['value'], 'hostname') . '"; nocase;'; $this->rules[] = sprintf($ruleFormat, ($overruled) ? '#OVERRULED BY WHITELIST# ' : '', - 'udp', // proto - 'any', // src_ip - 'any', // src_port - '->', // direction - 'any', // dst_ip - '53', // dst_port - 'Hostname: ' . $attribute['value'], // msg - $content, // rule_content - '', // tag - $sid, // sid - 1 // rev + 'udp', // proto + 'any', // src_ip + 'any', // src_port + '->', // direction + 'any', // dst_ip + '53', // dst_port + 'Hostname: ' . $attribute['value'], // msg + $content, // rule_content + '', // tag + $sid, // sid + 1 // rev ); $sid++; $this->rules[] = sprintf($ruleFormat, ($overruled) ? '#OVERRULED BY WHITELIST# ' : '', - 'tcp', // proto - 'any', // src_ip - 'any', // src_port - '->', // direction - 'any', // dst_ip - '53', // dst_port - 'Hostname: ' . $attribute['value'], // msg - $content, // rule_content - '', // tag - $sid, // sid - 1 // rev + 'tcp', // proto + 'any', // src_ip + 'any', // src_port + '->', // direction + 'any', // dst_ip + '53', // dst_port + 'Hostname: ' . $attribute['value'], // msg + $content, // rule_content + '', // tag + $sid, // sid + 1 // rev ); $sid++; // also do http requests @@ -243,17 +243,17 @@ class NidsExportComponent extends Component { $content = 'flow:to_server,established; content: "Host: ' . $attribute['value'] . '"; nocase; http_header; pcre: "/[^A-Za-z0-9-]' . preg_quote($attribute['value']) . '[^A-Za-z0-9-]/";'; $this->rules[] = sprintf($ruleFormat, ($overruled) ? '#OVERRULED BY WHITELIST# ' : '', - 'http', // proto + 'http', // proto '$HOME_NET', // src_ip - 'any', // src_port - '->', // direction + 'any', // src_port + '->', // direction '$EXTERNAL_NET', // dst_ip - 'any', // dst_port + 'any', // dst_port 'Outgoing HTTP Hostname: ' . $attribute['value'], // msg - $content, // rule_content - 'tag:session,600,seconds;', // tag - $sid, // sid - 1 // rev + $content, // rule_content + 'tag:session,600,seconds;', // tag + $sid, // sid + 1 // rev ); } @@ -262,32 +262,32 @@ class NidsExportComponent extends Component { $content = 'content:"' . $this->dnsNameToRawFormat($attribute['value']) . '"; nocase;'; $this->rules[] = sprintf($ruleFormat, ($overruled) ? '#OVERRULED BY WHITELIST# ' : '', - 'udp', // proto - 'any', // src_ip - 'any', // src_port - '->', // direction - 'any', // dst_ip - '53', // dst_port - 'Domain: ' . $attribute['value'], // msg - $content, // rule_content - '', // tag - $sid, // sid - 1 // rev + 'udp', // proto + 'any', // src_ip + 'any', // src_port + '->', // direction + 'any', // dst_ip + '53', // dst_port + 'Domain: ' . $attribute['value'], // msg + $content, // rule_content + '', // tag + $sid, // sid + 1 // rev ); $sid++; $this->rules[] = sprintf($ruleFormat, ($overruled) ? '#OVERRULED BY WHITELIST# ' : '', - 'tcp', // proto - 'any', // src_ip - 'any', // src_port - '->', // direction - 'any', // dst_ip - '53', // dst_port - 'Domain: ' . $attribute['value'], // msg - $content, // rule_content - '', // tag - $sid, // sid - 1 // rev + 'tcp', // proto + 'any', // src_ip + 'any', // src_port + '->', // direction + 'any', // dst_ip + '53', // dst_port + 'Domain: ' . $attribute['value'], // msg + $content, // rule_content + '', // tag + $sid, // sid + 1 // rev ); $sid++; // also do http requests, @@ -295,17 +295,17 @@ class NidsExportComponent extends Component { $content = 'flow:to_server,established; content: "Host:"; nocase; http_header; content:"' . $attribute['value'] . '"; nocase; http_header; pcre: "/[^A-Za-z0-9-]' . preg_quote($attribute['value']) . '[^A-Za-z0-9-]/";'; $this->rules[] = sprintf($ruleFormat, ($overruled) ? '#OVERRULED BY WHITELIST# ' : '', - 'http', // proto + 'http', // proto '$HOME_NET', // src_ip - 'any', // src_port - '->', // direction + 'any', // src_port + '->', // direction '$EXTERNAL_NET', // dst_ip - 'any', // dst_port + 'any', // dst_port 'Outgoing HTTP Domain: ' . $attribute['value'], // msg - $content, // rule_content - 'tag:session,600,seconds;', // tag - $sid, // sid - 1 // rev + $content, // rule_content + 'tag:session,600,seconds;', // tag + $sid, // sid + 1 // rev ); } @@ -317,17 +317,17 @@ class NidsExportComponent extends Component { $content = 'flow:to_server,established; content:"' . $attribute['value'] . '"; nocase; http_uri;'; $this->rules[] = sprintf($ruleFormat, (false) ? '#OVERRULED BY WHITELIST# ' : '', - 'http', // proto + 'http', // proto '$HOME_NET', // src_ip - 'any', // src_port - '->', // direction + 'any', // src_port + '->', // direction '$EXTERNAL_NET', // dst_ip - 'any', // dst_port + 'any', // dst_port 'Outgoing HTTP URL: ' . $attribute['value'], // msg - $content, // rule_content - 'tag:session,600,seconds;', // tag - $sid, // sid - 1 // rev + $content, // rule_content + 'tag:session,600,seconds;', // tag + $sid, // sid + 1 // rev ); } @@ -348,18 +348,18 @@ class NidsExportComponent extends Component { // tag - '/tag\s*:\s*.+?;/' $replaceCount = array(); $tmpRule = preg_replace('/sid\s*:\s*[0-9]+\s*;/', 'sid:' . $sid . ';', $tmpRule, -1, $replaceCount['sid']); - if (null == $tmpRule ) break; // don't output the rule on error with the regex + if (null == $tmpRule ) break; // don't output the rule on error with the regex $tmpRule = preg_replace('/rev\s*:\s*[0-9]+\s*;/', 'rev:1;', $tmpRule, -1, $replaceCount['rev']); - if (null == $tmpRule ) break; // don't output the rule on error with the regex + if (null == $tmpRule ) break; // don't output the rule on error with the regex $tmpRule = preg_replace('/classtype:[a-zA-Z_-]+;/', 'classtype:' . $this->classtype . ';', $tmpRule, -1, $replaceCount['classtype']); - if (null == $tmpRule ) break; // don't output the rule on error with the regex + if (null == $tmpRule ) break; // don't output the rule on error with the regex $tmpMessage = sprintf($ruleFormatMsg, 'snort-rule'); $tmpRule = preg_replace('/msg\s*:\s*".*?"\s*;/', $tmpMessage . ';', $tmpRule, -1, $replaceCount['msg']); - if (null == $tmpRule ) break; // don't output the rule on error with the regex + if (null == $tmpRule ) break; // don't output the rule on error with the regex $tmpRule = preg_replace('/reference\s*:\s*.+?;/', $ruleFormatReference . ';', $tmpRule, -1, $replaceCount['reference']); - if (null == $tmpRule ) break; // don't output the rule on error with the regex + if (null == $tmpRule ) break; // don't output the rule on error with the regex $tmpRule = preg_replace('/reference\s*:\s*.+?;/', $ruleFormatReference . ';', $tmpRule, -1, $replaceCount['reference']); - if (null == $tmpRule ) break; // don't output the rule on error with the regex + if (null == $tmpRule ) break; // don't output the rule on error with the regex // FIXME nids - implement priority overwriting // some values were not replaced, so we need to add them ourselves, and insert them in the rule diff --git a/app/Controller/EventsController.php b/app/Controller/EventsController.php index ab5657e5a..35075523d 100755 --- a/app/Controller/EventsController.php +++ b/app/Controller/EventsController.php @@ -26,7 +26,7 @@ class EventsController extends AppController { public $paginate = array( 'limit' => 60, - 'maxLimit' => 9999, // LATER we will bump here on a problem once we have more than 9999 events + 'maxLimit' => 9999, // LATER we will bump here on a problem once we have more than 9999 events <- no we won't, this is the max a user van view/page. 'order' => array( 'Event.id' => 'DESC' ) @@ -299,13 +299,17 @@ class EventsController extends AppController { // Sanitize::clean $this->Event->data['Event']['info'] = $this->beforeSanitizeClean($this->Event->data['Event']['info']); - foreach ($this->Event->data['Attribute'] as &$attribute) { - $attribute['value'] = $this->beforeSanitizeClean($attribute['value']); + if (isset($this->Event->data['Attribute'])) { + foreach ($this->Event->data['Attribute'] as &$attribute) { + $attribute['value'] = $this->beforeSanitizeClean($attribute['value']); + } } $event = Sanitize::clean($this->Event->data, array('remove' => true, 'remove_html' => true, 'encode' => true, 'newline' => true)); $event['Event']['info'] = $this->counterSanitizeClean($event['Event']['info']); - foreach ($event['Attribute'] as &$attribute) { - $attribute['value'] = $this->counterSanitizeClean($attribute['value']); + if (isset($event['Attribute'])) { + foreach ($event['Attribute'] as &$attribute) { + $attribute['value'] = $this->counterSanitizeClean($attribute['value']); + } } $this->set('event', $event); @@ -423,7 +427,11 @@ class EventsController extends AppController { public function _add(&$data, &$auth, $fromXml, $or='', $passAlong = null, $fromPull = false) { // force check userid and orgname to be from yourself $data['Event']['user_id'] = $auth->user('id'); - $data['Event']['org'] = strlen($or) ? $or : $auth->user('org'); // FIXME security - org problem + $data['Event']['org'] = $auth->user('org'); + //$data['Event']['org'] = strlen($or) ? $or : $auth->user('org'); // FIXME security - org problem + if (!$fromXml) { + $data['Event']['orgc'] = $data['Event']['org']; + } unset ($data['Event']['id']); $this->Event->create(); //$this->Event->data = $data; @@ -444,7 +452,7 @@ class EventsController extends AppController { $existingEventCount = $this->Event->find('count', array('conditions' => array('Event.uuid' => $data['Event']['uuid']))); if ($existingEventCount > 0) { // TODO RESTfull, set responce location header..so client can find right URL to edit - if($fromPull)return false; + if ($fromPull) return false; $existingEvent = $this->Event->find('first', array('conditions' => array('Event.uuid' => $data['Event']['uuid']))); $this->response->header('Location', Configure::read('CyDefSIG.baseurl') . '/events/' . $existingEvent['Event']['id']); $this->response->send(); @@ -454,13 +462,13 @@ class EventsController extends AppController { if ($upstream) { $fieldList = array( - 'Event' => array('date', 'risk', 'analysis', 'info', 'published', 'uuid'), + 'Event' => array('orgc', 'date', 'risk', 'analysis', 'info', 'published', 'uuid'), 'Attribute' => array('event_id', 'category', 'type', 'value', 'value1', 'value2', 'to_ids', 'uuid', 'revision') ); } else { $fieldList = array( - 'Event' => array('org', 'date', 'risk', 'analysis', 'info', 'user_id', 'published', 'uuid', 'private', 'cluster', 'communitie', 'hop_count'), - 'Attribute' => array('event_id', 'category', 'type', 'value', 'value1', 'value2', 'to_ids', 'uuid', 'revision', 'private', 'cluster', 'communitie') + 'Event' => array('org', 'orgc', 'date', 'risk', 'analysis', 'info', 'user_id', 'published', 'uuid', 'private', 'cluster', 'communitie', 'hop_count', 'dist_change', 'from'), + 'Attribute' => array('event_id', 'category', 'type', 'value', 'value1', 'value2', 'to_ids', 'uuid', 'revision', 'private', 'cluster', 'communitie', 'dist_change') ); } @@ -478,7 +486,7 @@ class EventsController extends AppController { $saveResult = $this->Event->saveAssociated($data, array('validate' => true, 'fieldList' => $fieldList)); } if ($saveResult) { - if (!empty($data['Event']['published']) && 1 == $data['Event']['published']) { + if (!empty($data['Event']['published']) && 1 == $data['Event']['published'] && $data['Event']['private'] == false) { // do the necessary actions to publish the event (email, upload,...) $this->__publish($this->Event->getId(), $passAlong); } @@ -506,13 +514,28 @@ class EventsController extends AppController { //if ('true' == Configure::read('CyDefSIG.private')) { // if (!$this->_IsAdmin()) { $this->Event->read(null, $id); - // // check for non-private and re-read - // if (($this->Event->data['Event']['org'] != $this->Auth->user('org')) || (($this->Event->data['Event']['org'] == $this->Auth->user('org')) && ($this->Event->data['Event']['user_id'] != $this->Auth->user('id')) && (!$this->checkAcl('edit') || !$this->checkRole() || !$this->checkAcl('publish')))) { - // $this->Session->setFlash(__('Invalid event.')); - // $this->redirect(array('controller' => 'users', 'action' => 'terms')); - // } - // } + // // check for if private and user not authorised to edit, go away + if (!$this->isSiteAdmin() && !$this->checkAction('perm_sync') && $this->Event->data['Event']['distribution'] == 'Your organization only') { + if (($this->Event->data['Event']['org'] != $this->_checkOrg()) || !($this->checkAction('perm_modify'))) { + $this->Session->setFlash(__('You are not authorised to do that.')); + $this->redirect(array('controller' => 'events', 'action' => 'index')); + } + } + //if (!$this->Event->data['Event']['org'] == $this->_checkOrg()){ + //throw new MethodNotAllowedException(); + //$this->Session->setFlash(__('Invalid event.')); + //$this->redirect(array('controller' => 'users', 'action' => 'terms')); + //} //} + + // check if the user is of the creating org, if not, don't let him/her change the distribution. + $canEditDist = false; + if ($this->Event->data['Event']['orgc'] == $this->_checkOrg()) { + $canEditDist = true; + $this->set('canEditDist', true); + } else { + $this->set('canEditDist', false); + } if ($this->request->is('post') || $this->request->is('put')) { if ($this->_isRest()) { // Workaround for different structure in XML/array than what CakePHP expects @@ -533,6 +556,17 @@ class EventsController extends AppController { if (count($existingEvent)) { $this->request->data['Event']['id'] = $existingEvent['Event']['id']; } + if ($existingEvent['Event']['orgc'] == $this->_checkOrg()) { + $this->set('canEditDist', true); + } else { + $this->set('canEditDist', false); + } + + $fieldList = array( + 'Event' => array('date', 'risk', 'analysis', 'info', 'published', 'uuid', 'dist_change', 'from'), + 'Attribute' => array('event_id', 'category', 'type', 'value', 'value1', 'value2', 'to_ids', 'uuid', 'revision', 'private', 'communitie', 'cluster', 'dist_change') + ); + if ("ii" == Configure::read('CyDefSIG.rest')) { // reposition to get the attribute.id with given uuid $c = 0; @@ -541,16 +575,20 @@ class EventsController extends AppController { $existingAttribute = $this->Event->Attribute->findByUuid($attribute['uuid']); if (count($existingAttribute)) { $this->request->data['Attribute'][$c]['id'] = $existingAttribute['Attribute']['id']; + if (!($this->request->data['Attribute'][$c]['dist_change'] > $existingAttribute['Attribute']['dist_change'])) { + unset($this->request->data['Attribute'][$c]['private']); + unset($this->request->data['Attribute'][$c]['cluster']); + unset($this->request->data['Attribute'][$c]['communitie']); + } } $c++; } } } - $fieldList = array( - 'Event' => array('org', 'date', 'risk', 'analysis', 'info', 'published', 'uuid', 'private', 'communitie'), - 'Attribute' => array('event_id', 'category', 'type', 'value', 'value1', 'value2', 'to_ids', 'uuid', 'revision', 'private', 'communitie') - ); + if ($this->request->data['Event']['dist_change'] > $existingEvent['Event']['dist_change']) { + array_push($fieldList['Event'], 'private', 'communitie', 'cluster'); + } if ("i" == Configure::read('CyDefSIG.rest')) { // this saveAssociated() function will save not only the event, but also the attributes // from the attributes attachments are also saved to the disk thanks to the afterSave() fonction of Attribute @@ -568,6 +606,11 @@ class EventsController extends AppController { $message = 'Saved'; $this->set('event', Sanitize::clean($this->Event->data)); + //if published -> do the actual publishing + if ((!empty($this->request->data['Event']['published']) && 1 == $this->request->data['Event']['published'])) { + // do the necessary actions to publish the event (email, upload,...) + $this->__publish($existingEvent['Event']['id']); + } // REST users want to see the newly created event $this->view($this->Event->getId()); @@ -581,18 +624,26 @@ class EventsController extends AppController { return false; } } - // say what fields are to be updated - $fieldList = array('date', 'risk', 'analysis', 'info', 'published', 'private', 'cluster', 'communitie'); + $fieldList = array('date', 'risk', 'analysis', 'info', 'published', 'private', 'cluster', 'communitie', 'dist_change'); + + //Moved this out of (if ($this->_isAdmin()) to use for the dist_change + $this->Event->read(); + // always force the org, but do not force it for admins if ($this->_isAdmin()) { // set the same org as existed before - $this->Event->read(); $this->request->data['Event']['org'] = Sanitize::clean($this->Event->data['Event']['org']); } // we probably also want to remove the published flag $this->request->data['Event']['published'] = 0; + // If the distribution has changed, up the dist_change count + if ($canEditDist) { + if ($this->request->data['Event']['distribution'] != $this->Event->data['Event']['distribution']) { + $this->request->data['Event']['dist_change'] = 1 + $this->Event->data['Event']['dist_change']; + } + } if ('true' == Configure::read('CyDefSIG.private')) { $this->request->data = $this->Event->massageData($this->request->data); } @@ -612,6 +663,7 @@ class EventsController extends AppController { $distributions = array_keys($this->Event->distributionDescriptions); $distributions = $this->_arrayToValuesIndexArray($distributions); $this->set('distributions', $distributions); + // tooltip for distribution $this->set('distributionDescriptions', $this->Event->distributionDescriptions); @@ -619,6 +671,7 @@ class EventsController extends AppController { $risks = $this->Event->validate['risk']['rule'][1]; $risks = $this->_arrayToValuesIndexArray($risks); $this->set('risks',$risks); + // tooltip for risk $this->set('riskDescriptions', $this->Event->riskDescriptions); @@ -626,6 +679,7 @@ class EventsController extends AppController { $analysiss = $this->Event->validate['analysis']['rule'][1]; $analysiss = $this->_arrayToValuesIndexArray($analysiss); $this->set('analysiss',$analysiss); + // tooltip for analysis $this->set('analysisDescriptions', $this->Event->analysisDescriptions); $this->set('analysisLevels', $this->Event->analysisLevels); @@ -641,6 +695,7 @@ class EventsController extends AppController { * @throws MethodNotAllowedException * @throws NotFoundException */ + public function delete($id = null) { if (!$this->request->is('post') && !$this->_isRest()) { throw new MethodNotAllowedException(); @@ -657,6 +712,12 @@ class EventsController extends AppController { $uuid = $result['Event']['uuid']; } + if (!$this->_isSiteAdmin()) { + if (!$this->Event->data['Event']['org'] == $this->_checkOrg()) { + throw new MethodNotAllowedException(); + } + } + if ($this->Event->delete()) { // delete the event from remote servers @@ -683,12 +744,14 @@ class EventsController extends AppController { $this->Event->recursive = 1; $this->Event->read(); + //Save the from field of the event to know where it came from originally and then set the event's from field to the current server's host org + $from = $this->Event->data['Event']['from']; + $this->Event->data['Event']['from'] = Configure::read('CyDefSIG.org'); // get a list of the servers $this->loadModel('Server'); $servers = $this->Server->find('all', array( 'conditions' => array('Server.push' => true) )); - // iterate over the servers and upload the event if(empty($servers)) return; @@ -698,7 +761,8 @@ class EventsController extends AppController { App::uses('HttpSocket', 'Network/Http'); $HttpSocket = new HttpSocket(); foreach ($servers as &$server) { - if (($passAlong != $server)) { + //Skip servers where the event has come from. + if (($passAlong != $server && $server['Server']['organization'] != $from)) { $thisUploaded = $this->Event->uploadEventToServer($this->Event->data, $server, $HttpSocket); if (!$thisUploaded) { $uploaded = !$uploaded ? $uploaded : $thisUploaded; @@ -706,7 +770,7 @@ class EventsController extends AppController { } } } - + $this->Event->data['Event']['from'] = Configure::read('CyDefSIG.org'); if (!$uploaded) { return $failedServers; } else { @@ -744,14 +808,13 @@ class EventsController extends AppController { private function __publish($id, $passAlong = null) { $this->Event->id = $id; $this->Event->recursive = 0; - //$this->Event->read(); + $event = $this->Event->read(null, $id); // update the DB to set the published flag $this->Event->saveField('published', 1); - + $event['Event']['from'] = Configure::read('CyDefSIG.sync'); $uploaded = false; - - // upload the event to remote servers + //if ($event['Event']['distribution'] == 'Your organization only' || $event['Event']['distribution'] == 'This server-only') return true; if ('true' == Configure::read('CyDefSIG.sync')) { $uploaded = $this->__uploadEventToServers($id, $passAlong); if ((is_bool($uploaded) && !$uploaded) || (is_array($uploaded))) { // TODO remove bool @@ -771,6 +834,7 @@ class EventsController extends AppController { if (!$this->Event->exists()) { throw new NotFoundException(__('Invalid event')); } + $this->Event->saveField('from', Configure::read('CyDefSIG.org')); // only allow publish for own events verified by isAuthorized @@ -802,7 +866,7 @@ class EventsController extends AppController { if (!$this->Event->exists()) { throw new NotFoundException(__('Invalid event')); } - + $this->Event->saveField('from', Configure::read('CyDefSIG.org')); // only allow alert for own events verified by isAuthorized // only allow form submit CSRF protection. @@ -1179,17 +1243,43 @@ class EventsController extends AppController { } else { $conditions = array(); } + //restricting to non-private or same org if the user is not a site-admin. + if (!$this->isSiteAdmin()) { + $temp = array(); + $temp2 = array(); + $org = $this->_checkOrg(); + $distribution = array(); + array_push($distribution, array('Event.private =' => 0)); + array_push($distribution, array('Event.cluster =' => 1)); + array_push($temp, array('OR' => $distribution)); + array_push($temp, array('Event.org LIKE' => $org)); + $conditions['OR'] = $temp; + $distribution2 = array(); + array_push($distribution2, array('Attribute.private =' => 0)); + array_push($distribution2, array('Attribute.cluster =' => 1)); + array_push($temp2, array('OR' => $distribution2)); + array_push($temp2, array('(SELECT EVENTS.ORG FROM EVENTS WHERE EVENTS.ID = Attribute.event_id) LIKE' => $org)); + $conditionsAttributes['OR'] = $temp2; + } + // do not expose all the data ... $fields = array('Event.id', 'Event.date', 'Event.risk', 'Event.analysis', 'Event.info', 'Event.published', 'Event.uuid'); + $fieldsAtt = array('Attribute.id', 'Attribute.type', 'Attribute.category', 'Attribute.value', 'Attribute.to_ids', 'Attribute.uuid', 'Attribute.event_id'); if ('true' == Configure::read('CyDefSIG.showorg')) { $fields[] = 'Event.org'; } + $params = array('conditions' => $conditions, 'recursive' => 1, 'fields' => $fields, - ); + 'contain' =>array( + 'Attribute' => array( + 'fields' => $fieldsAtt, + 'conditions' => $conditionsAttributes, + ), + ) + ); $results = $this->Event->find('all', $params); - $this->set('results', Sanitize::clean($results)); } @@ -1213,8 +1303,20 @@ class EventsController extends AppController { $this->loadModel('Attribute'); + //restricting to non-private or same org if the user is not a site-admin. + $conditions['AND'] = array('Attribute.to_ids' => 1, "Event.published" => 1); + if (!$this->isSiteAdmin()) { + $temp = array(); + $distribution = array(); + array_push($distribution, array('Attribute.private =' => 0)); + array_push($distribution, array('Attribute.cluster =' => 1)); + array_push($temp, array('OR' => $distribution)); + array_push($temp, array('(SELECT EVENTS.ORG FROM EVENTS WHERE EVENTS.ID = Attribute.event_id) LIKE' => $this->_checkOrg())); + $conditions['OR'] = $temp; + } + $params = array( - 'conditions' => array( "AND" => array ('Attribute.to_ids' => 1, "Event.published" => 1)), //array of conditions + 'conditions' => $conditions, //array of conditions 'recursive' => 0, //int 'group' => array('Attribute.type', 'Attribute.value1'), //fields to GROUP BY ); @@ -1251,8 +1353,20 @@ class EventsController extends AppController { $this->loadModel('Attribute'); + //restricting to non-private or same org if the user is not a site-admin. + $conditions['AND'] = array('Attribute.to_ids' => 1, "Event.published" => 1); + if (!$this->isSiteAdmin()) { + $temp = array(); + $distribution = array(); + array_push($distribution, array('Attribute.private =' => 0)); + array_push($distribution, array('Attribute.cluster =' => 1)); + array_push($temp, array('OR' => $distribution)); + array_push($temp, array('(SELECT EVENTS.ORG FROM EVENTS WHERE EVENTS.ID = Attribute.event_id) LIKE' => $this->_checkOrg())); + $conditions['OR'] = $temp; + } + $params = array( - 'conditions' => array('Attribute.to_ids' => 1), //array of conditions + 'conditions' => $conditions, //array of conditions 'recursive' => 0, //int 'group' => array('Attribute.type', 'Attribute.value1'), //fields to GROUP BY ); @@ -1294,8 +1408,20 @@ class EventsController extends AppController { $this->loadModel('Attribute'); + //restricting to non-private or same org if the user is not a site-admin. + $conditions['AND'] = array('Attribute.to_ids' => 1, "Event.published" => 1); + if (!$this->isSiteAdmin()) { + $temp = array(); + $distribution = array(); + array_push($distribution, array('Attribute.private =' => 0)); + array_push($distribution, array('Attribute.cluster =' => 1)); + array_push($temp, array('OR' => $distribution)); + array_push($temp, array('(SELECT EVENTS.ORG FROM EVENTS WHERE EVENTS.ID = Attribute.event_id) LIKE' => $this->_checkOrg())); + $conditions['OR'] = $temp; + } + $params = array( - 'conditions' => array('Attribute.to_ids' => 1), //array of conditions + 'conditions' => $conditions, //array of conditions 'recursive' => 0, //int 'group' => array('Attribute.type', 'Attribute.value1'), //fields to GROUP BY ); @@ -1334,8 +1460,23 @@ class EventsController extends AppController { $this->layout = 'text/default'; $this->loadModel('Attribute'); + + + //restricting to non-private or same org if the user is not a site-admin. + $conditions['AND'] = array('Attribute.type' => $type); + if (!$this->isSiteAdmin()) { + $temp = array(); + $distribution = array(); + array_push($distribution, array('Attribute.private =' => 0)); + array_push($distribution, array('Attribute.cluster =' => 1)); + array_push($temp, array('OR' => $distribution)); + array_push($temp, array('(SELECT EVENTS.ORG FROM EVENTS WHERE EVENTS.ID = Attribute.event_id) LIKE' => $this->_checkOrg())); + $conditions['OR'] = $temp; + } + + $params = array( - 'conditions' => array('Attribute.type' => $type), //array of conditions + 'conditions' => $conditions, //array of conditions 'recursive' => 0, //int 'fields' => array('Attribute.value'), //array of field names 'order' => array('Attribute.value'), //string or array defining order diff --git a/app/Controller/PagesController.php b/app/Controller/PagesController.php index 4b68d200c..f337c23b3 100755 --- a/app/Controller/PagesController.php +++ b/app/Controller/PagesController.php @@ -46,7 +46,7 @@ class PagesController extends AppController { public $uses = array(); public function isAuthorized($user) { - return true; + return true; } /** * Displays a view diff --git a/app/Controller/RolesController.php b/app/Controller/RolesController.php index 6a5f00da7..ebc06704f 100755 --- a/app/Controller/RolesController.php +++ b/app/Controller/RolesController.php @@ -65,7 +65,6 @@ class RolesController extends AppController { $this->Session->setFlash(__(sprintf('The Role has been saved.'))); $this->set('options', $this->options); $passAlong = $this->Role->read(null, $this->Role->getInsertID()); - debug($passAlong); $this->generateACL($passAlong); $this->redirect(array('action' => 'index')); } else { @@ -99,6 +98,8 @@ class RolesController extends AppController { public function admin_edit($id = null) { if($this->Auth->User('org') != 'ADMIN') $this->redirect(array('controller' => 'roles', 'action' => 'index', 'admin' => false)); $this->AdminCrud->adminEdit($id); + $passAlong = $this->Role->read(null, $id); + $this->generateACL($passAlong); $this->set('options', $this->options); } diff --git a/app/Controller/ServersController.php b/app/Controller/ServersController.php index fd0374d94..cbb23e0bb 100755 --- a/app/Controller/ServersController.php +++ b/app/Controller/ServersController.php @@ -65,7 +65,7 @@ class ServersController extends AppController { ); } else { if (!$this->checkAction('perm_sync')) $this->redirect(array('controller' => 'events', 'action' => 'index')); - $conditions['Server.organization LIKE'] = $this->Auth->user('org'); + $conditions['Server.org LIKE'] = $this->Auth->user('org'); $this->paginate = array( 'conditions' => array($conditions), ); @@ -79,7 +79,7 @@ class ServersController extends AppController { * @return void */ public function add() { - if (($this->Auth->user('org') != 'ADMIN') && !($this->Server->id == $this->Auth->user('org') && $this->checkAction('perm_sync'))) $this->redirect(array('controller' => 'servers', 'action' => 'index')); + if (($this->Auth->user('org') != 'ADMIN') && !($this->Server->organization == $this->Auth->user('org') && $this->checkAction('perm_sync'))) $this->redirect(array('controller' => 'servers', 'action' => 'index')); if ($this->request->is('post')) { // force check userid and orgname to be from yourself $this->request->data['Server']['org'] = $this->Auth->user('org'); @@ -102,7 +102,7 @@ class ServersController extends AppController { * @throws NotFoundException */ public function edit($id = null) { - if($this->Auth->user('org') != 'ADMIN' && $this->Server->id != $this->Auth->user('org')) $this->redirect(array('controller' => 'servers', 'action' => 'index')); + if ($this->Auth->user('org') != 'ADMIN' && !($this->Server->organization == $this->Auth->user('org') && $this->checkAction('perm_sync'))) $this->redirect(array('controller' => 'servers', 'action' => 'index')); $this->Server->id = $id; if (!$this->Server->exists()) { throw new NotFoundException(__('Invalid server')); @@ -155,7 +155,7 @@ class ServersController extends AppController { public function pull($id = null, $full=false) { // TODO should we de-activate data validation for type and category / and or mapping? Maybe other instances have other configurations that are incompatible. - if($this->Auth->User('org') != 'ADMIN') $this->redirect(array('controller' => 'servers', 'action' => 'index')); + if ($this->Auth->user('org') != 'ADMIN' && !($this->Server->organization == $this->Auth->user('org') && $this->checkAction('perm_sync'))) $this->redirect(array('controller' => 'servers', 'action' => 'index')); if (!$this->request->is('post')) { throw new MethodNotAllowedException(); } @@ -310,7 +310,7 @@ class ServersController extends AppController { } public function push($id = null, $full=false) { - if($this->Auth->User('org') != 'ADMIN') $this->redirect(array('controller' => 'servers', 'action' => 'index')); + if ($this->Auth->user('org') != 'ADMIN' && !($this->Server->organization == $this->Auth->user('org') && $this->checkAction('perm_sync'))) $this->redirect(array('controller' => 'servers', 'action' => 'index')); if (!$this->request->is('post')) { throw new MethodNotAllowedException(); } diff --git a/app/MYSQL.dist_change.sql b/app/MYSQL.dist_change.sql new file mode 100644 index 000000000..9407bfbf2 --- /dev/null +++ b/app/MYSQL.dist_change.sql @@ -0,0 +1,2 @@ +ALTER TABLE `events` ADD `dist_change` INT NOT NULL DEFAULT '0' +ALTER TABLE `attributes` ADD `dist_change` INT NOT NULL DEFAULT '0' \ No newline at end of file diff --git a/app/MYSQL.from.sql b/app/MYSQL.from.sql new file mode 100644 index 000000000..62ffc124e --- /dev/null +++ b/app/MYSQL.from.sql @@ -0,0 +1 @@ +ALTER TABLE `events` ADD `from` VARCHAR( 10 ) CHARACTER SET utf8 COLLATE utf8_bin NOT NULL \ No newline at end of file diff --git a/app/MYSQL.migrate.sql b/app/MYSQL.migrate.sql new file mode 100644 index 000000000..09fde1b39 --- /dev/null +++ b/app/MYSQL.migrate.sql @@ -0,0 +1,149 @@ +-- +-- Update to attributes +-- + +ALTER TABLE `attributes` ADD `cluster` tinyint(1) DEFAULT '0'; +ALTER TABLE `attributes` ADD `communitie` tinyint(1) DEFAULT '0'; +ALTER TABLE `attributes` ADD `dist_change` int(11) DEFAULT '0'; +-- -------------------------------------------------------- + +-- +-- Create blacklist +-- + +CREATE TABLE `blacklist` ( + `id` int(11) NOT NULL AUTO_INCREMENT, + `name` varchar(254) NOT NULL, + PRIMARY KEY (`id`) +) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin AUTO_INCREMENT=1 ; +-- -------------------------------------------------------- + +-- +-- Create correlations +-- + +DROP TABLE IF EXISTS `correlations`; +CREATE TABLE `correlations` ( + `id` int(11) NOT NULL AUTO_INCREMENT, + `1_event_id` int(11) NOT NULL, + `1_attribute_id` int(11) NOT NULL, + `1_private` tinyint(1) NOT NULL, + `event_id` int(11) NOT NULL, + `attribute_id` int(11) NOT NULL, + `org` varchar(255) COLLATE utf8_bin NOT NULL, + `private` tinyint(1) NOT NULL, + `cluster` tinyint(1) NOT NULL, + `date` date NOT NULL, + PRIMARY KEY (`id`) +) ENGINE=MyISAM AUTO_INCREMENT=118 DEFAULT CHARSET=utf8 COLLATE=utf8_bin; +-- -------------------------------------------------------- + +-- +-- Update to events +-- + +ALTER TABLE `events` ADD `cluster` tinyint(1) NOT NULL; +ALTER TABLE `events` ADD `communitie` tinyint(1) NOT NULL; +ALTER TABLE `events` ADD `analysis` tinyint(4) NOT NULL; +ALTER TABLE `events` ADD `attribute_count` int(11) UNSIGNED DEFAULT NULL; +ALTER TABLE `events` ADD `hop_count` int(11) UNSIGNED DEFAULT NULL; +ALTER TABLE `events` ADD `dist_change` int(11) NOT NULL DEFAULT 0; +ALTER TABLE `events` ADD `orgc` VARCHAR(255) CHARACTER SET utf8 COLLATE utf8_bin NOT NULL; +UPDATE TABLE `events` SET `orgc` = `org` WHERE `orgc` = NULL; +-- -------------------------------------------------------- + +-- +-- Table structure for table `logs` +-- + +CREATE TABLE `logs` ( + `id` int(11) NOT NULL AUTO_INCREMENT, + `title` varchar(255) COLLATE utf8_bin NOT NULL, + `created` datetime NOT NULL, + `model` varchar(20) COLLATE utf8_bin NOT NULL, + `model_id` int(11) NOT NULL, + `action` varchar(20) COLLATE utf8_bin NOT NULL, + `user_id` int(11) NOT NULL, + `change` varchar(255) COLLATE utf8_bin, + `email` varchar(255) COLLATE utf8_bin NOT NULL, + `org` varchar(255) COLLATE utf8_bin NOT NULL, + `description` varchar(255) COLLATE utf8_bin NOT NULL, + PRIMARY KEY (`id`) +) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin AUTO_INCREMENT=1 ; +-- -------------------------------------------------------- + +-- +-- Table structure for table `regexp` +-- + +CREATE TABLE `regexp` ( + `id` int(11) NOT NULL AUTO_INCREMENT, + `regexp` varchar(255) COLLATE utf8_bin NOT NULL, + `replacement` varchar(255) COLLATE utf8_bin NOT NULL, + PRIMARY KEY (`id`) +) ENGINE=MyISAM AUTO_INCREMENT=16 DEFAULT CHARSET=utf8 COLLATE=utf8_bin; +-- -------------------------------------------------------- + +-- +-- Create table roles +-- + +DROP TABLE IF EXISTS `roles`; +CREATE TABLE `roles` ( + `id` int(11) NOT NULL AUTO_INCREMENT, + `name` varchar(100) COLLATE utf8_bin NOT NULL, + `created` datetime NOT NULL, + `modified` datetime NOT NULL, + `perm_add` tinyint(1) NOT NULL, + `perm_modify` tinyint(1) NOT NULL, + `perm_modify_org` tinyint(1) NOT NULL, + `perm_publish` tinyint(1) NOT NULL, + `perm_sync` tinyint(1) NOT NULL, + `perm_full` tinyint(1) NOT NULL, + `perm_auth` tinyint(1) NOT NULL, + `perm_audit` tinyint(1) NOT NULL, + `perm_admin` tinyint(1) NOT NULL, + PRIMARY KEY (`id`) +) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin AUTO_INCREMENT=1 ; +-- -------------------------------------------------------- + +-- +-- Creating initial roles +-- +-- 1. Admin - has full access +-- 2. Org Admin - read/write/publish/audit/admin/sync/auth +-- 3. User - User - Read / Write, no other permissions (default) +-- 4. Sync user - read/write/publish/sync/auth +-- + +INSERT INTO `roles` (`id` ,`name` ,`created` ,`modified` ,`perm_add` ,`perm_modify` ,`perm_modify_org` ,`perm_publish` ,`perm_sync` ,`perm_admin` ,`perm_audit` ,`perm_full` ,`perm_auth`) +VALUES ('1', 'admin', NOW() , NOW() , '1', '1', '1', '1', '1', '1', '1', '1', '1'); + +INSERT INTO `roles` (`id` ,`name` ,`created` ,`modified` ,`perm_add` ,`perm_modify` ,`perm_modify_org` ,`perm_publish` ,`perm_sync` ,`perm_admin` ,`perm_audit` ,`perm_full` ,`perm_auth`) +VALUES ('2', 'Org Admin', NOW() , NOW() , '1', '1', '0' , '1', '1', '1', '1', '0' , '1'); + +INSERT INTO `roles` (`id` ,`name` ,`created` ,`modified` ,`perm_add` ,`perm_modify` ,`perm_modify_org` ,`perm_publish` ,`perm_sync` ,`perm_admin` ,`perm_audit` ,`perm_full` ,`perm_auth`) +VALUES ('3', 'User', NOW() , NOW() , '1', '1', '0' , '0' , '0' , '0' , '0' , '0' , '0'); + +INSERT INTO `roles` (`id`, `name`, `created`, `modified`, `perm_add`, `perm_modify`, `perm_modify_org`, `perm_publish`, `perm_sync`, `perm_admin`, `perm_audit`, `perm_full`, `perm_auth`) +VALUES ('4', 'Sync user', NOW(), NOW(), '1', '1', '1', '1', '1', '0', '1', '0', '1'); +-- -------------------------------------------------------- + +-- +-- Update servers +-- + +ALTER TABLE `servers` DROP `logo`; +-- -------------------------------------------------------- + +-- +-- Update users +-- Collate changed for email - fixes case sensitivity of user names +-- + +ALTER TABLE `users` ADD `role_id` int(11) NOT NULL; +ALTER TABLE `users` ADD `change_pw` tinyint(1) NOT NULL; +ALTER TABLE `users` CHANGE `email` `email` VARCHAR( 255 ) CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL +UPDATE TABLE `users` SET `role_id` = '3'; +UPDATE TABLE `users` SET `role_id` = '1' WHERE `org` = 'ADMIN'; +-- -------------------------------------------------------- diff --git a/app/MYSQL.orgc.sql b/app/MYSQL.orgc.sql new file mode 100644 index 000000000..c20155b6c --- /dev/null +++ b/app/MYSQL.orgc.sql @@ -0,0 +1 @@ +ALTER TABLE `events` ADD `orgc` VARCHAR( 255 ) CHARACTER SET utf8 COLLATE utf8_bin NOT NULL \ No newline at end of file diff --git a/app/Model/Attribute.php b/app/Model/Attribute.php index 40533682d..1e3c8c732 100755 --- a/app/Model/Attribute.php +++ b/app/Model/Attribute.php @@ -21,8 +21,9 @@ class Attribute extends AppModel { 'userKey' => 'user_id', 'change' => 'full'), 'Trim', - //'Regexp' => array('fields' => array('value', 'value2')), - //'Blacklist' => array('fields' => array('value')) + 'Containable', + 'Regexp' => array('fields' => array('value', 'value2')), + 'Blacklist' => array('fields' => array('value')) ); /** @@ -369,20 +370,21 @@ class Attribute extends AppModel { if (!empty($this->data['Attribute']['type'])) { $compositeTypes = $this->getCompositeTypes(); // explode composite types in value1 and value2 - $pieces = explode('|', $this->data['Attribute']['value']); - if (in_array($this->data['Attribute']['type'], $compositeTypes)) { - if (2 != count($pieces)) { - throw new InternalErrorException('Composite type, but value not explodable'); + //if (!isset($this->data['Attribute']['value1'])) { + $pieces = explode('|', $this->data['Attribute']['value']); + if (in_array($this->data['Attribute']['type'], $compositeTypes)) { + if (2 != count($pieces)) { + throw new InternalErrorException('Composite type, but value not explodable'); + } + $this->data['Attribute']['value1'] = $pieces[0]; + $this->data['Attribute']['value2'] = $pieces[1]; + } else { + $total = implode('|', $pieces); + $this->data['Attribute']['value1'] = $total; + $this->data['Attribute']['value2'] = ''; } - $this->data['Attribute']['value1'] = $pieces[0]; - $this->data['Attribute']['value2'] = $pieces[1]; - } else { - $total = implode('|', $pieces); - $this->data['Attribute']['value1'] = $total; - $this->data['Attribute']['value2'] = ''; - } + //} } - // always return true after a beforeSave() return true; } @@ -423,6 +425,7 @@ class Attribute extends AppModel { } public function massageData(&$data) { + if(!isset($data['Attribute']['distribution'])) return $data; switch ($data['Attribute']['distribution']) { case 'Your organization only': $data['Attribute']['private'] = true; @@ -682,7 +685,6 @@ class Attribute extends AppModel { break; case 'link': if (preg_match('#^(http|ftp)(s)?\:\/\/((([a-z|0-9|\-]{1,25})(\.)?){2,7})($|/.*$)#i', $value) && !preg_match("#\n#", $value)) { - debug('here'); $returnValue = true; } break; diff --git a/app/Model/Behavior/RegexpBehavior.php b/app/Model/Behavior/RegexpBehavior.php index 7c16f932b..eda60b798 100755 --- a/app/Model/Behavior/RegexpBehavior.php +++ b/app/Model/Behavior/RegexpBehavior.php @@ -33,7 +33,6 @@ class RegexpBehavior extends ModelBehavior { $returnValue = true; // process some.. $returnValue = $this->regexpStringFields($Model); - return $returnValue; } @@ -48,9 +47,7 @@ class RegexpBehavior extends ModelBehavior { foreach ($Model->data[$Model->name] as $key => $field) { if (in_array($key, $this->settings[$Model->alias]['fields']) && is_string($field)) { $returnValue = $this->replaceWindowsSpecific($Model, $field); - //if (!$returnValue) { - // $Model->blacklistErrors[] = array($key, $field); - //} + $Model->data[$Model->name][$key] = $returnValue; } } return $returnValue; @@ -70,11 +67,12 @@ class RegexpBehavior extends ModelBehavior { foreach ($allRegexp as $regexp) { if (strlen($regexp['Regexp']['replacement'] && strlen($regexp['Regexp']['regexp']))) { $string = preg_replace($regexp['Regexp']['regexp'], $regexp['Regexp']['replacement'], $string); + $returnValue = $string; } if (!strlen($regexp['Regexp']['replacement']) && preg_match($regexp['Regexp']['regexp'], $string)) { App::uses('SessionComponent', 'Controller/Component'); SessionComponent::setFlash('Blacklisted value!'); - $returnValue = false; + return false; } } return $returnValue; diff --git a/app/Model/Event.php b/app/Model/Event.php index 19306fa49..a78766c76 100644 --- a/app/Model/Event.php +++ b/app/Model/Event.php @@ -16,8 +16,9 @@ class Event extends AppModel { 'userKey' => 'user_id', 'change' => 'full'), 'Trim', - //'Regexp' => array('fields' => array('info')), - //'Blacklist' => array('fields' => array('info')), + 'Containable', + 'Regexp' => array('fields' => array('info')), + 'Blacklist' => array('fields' => array('info')), ); /** @@ -83,6 +84,16 @@ class Event extends AppModel { //'on' => 'create', // Limit validation to 'create' or 'update' operations ), ), + 'orgc' => array( + 'notempty' => array( + 'rule' => array('notempty'), + //'message' => 'Your custom message here', + //'allowEmpty' => false, + //'required' => false, + //'last' => false, // Stop validation after this rule + //'on' => 'create', // Limit validation to 'create' or 'update' operations + ), + ), 'date' => array( 'date' => array( 'rule' => array('date'), @@ -529,16 +540,24 @@ class Event extends AppModel { $encodedFile = $this->Attribute->base64EncodeAttachment($attribute); $attribute['data'] = $encodedFile; } + // Passing the attribute ID together with the attribute could cause the deletion of attributes after a publish/push + // Basically, if the attribute count differed between two instances, and the instance with the lower attribute + // count pushed, the old attributes with the same ID got overwritten. Unsetting the ID before pushing it + // solves the issue and a new attribute is always created. + unset($attribute['id']); } // Distribution, correct Community to Org only in Event if ($event['Event']['cluster'] && !$event['Event']['private']) { $event['Event']['private'] = true; $event['Event']['cluster'] = false; + //$event['Event']['communitie'] = false; $event['Event']['distribution'] = 'Your organization only'; } // Distribution, correct All to Community in Event + // Potential problem here -> setting cluster gives 0-1-1 (pr/cl/co) settings that don't exist. Adding switch from comm true to false if (!$event['Event']['cluster'] && !$event['Event']['private'] && $event['Event']['communitie']) { $event['Event']['cluster'] = true; + $event['Event']['communitie'] = false; $event['Event']['distribution'] = 'This Community-only'; } // up the hop count diff --git a/app/Model/User.php b/app/Model/User.php index ce28874d7..d7b963cce 100755 --- a/app/Model/User.php +++ b/app/Model/User.php @@ -1,367 +1,367 @@ - array( - 'numeric' => array( - 'rule' => array('numeric'), - //'message' => 'Your custom message here', - //'allowEmpty' => false, - //'required' => false, - //'last' => false, // Stop validation after this rule - //'on' => 'create', // Limit validation to 'create' or 'update' operations - ), - ), - 'password' => array( - 'minlength' => array( - 'rule' => array('minlength', 6), - 'message' => 'A password of a minimum length of 6 is required.', - //'allowEmpty' => false, - 'required' => true, - //'last' => false, // Stop validation after this rule - //'on' => 'create', // Limit validation to 'create' or 'update' operations - ), - 'complexity' => array( - 'rule' => array('complexPassword'), - 'message' => 'The password must contain at least one upper-case, one lower-case, one (digits or special character).', - //'allowEmpty' => false, - //'required' => true, - //'last' => false, // Stop validation after this rule - //'on' => 'create', // Limit validation to 'create' or 'update' operations - ), - 'identical' => array( - 'rule' => array('identicalFieldValues', 'confirm_password'), - 'message' => 'Please re-enter your password twice so that the values match.', - //'allowEmpty' => false, - //'required' => true, - //'last' => false, // Stop validation after this rule - //'on' => 'create', // Limit validation to 'create' or 'update' operations - ), - ), - 'org' => array( - 'notempty' => array( - 'rule' => array('notempty'), - 'message' => 'Please specify the organisation where you are working.', - //'allowEmpty' => false, - //'required' => false, - //'last' => false, // Stop validation after this rule - //'on' => 'create', // Limit validation to 'create' or 'update' operations - ), - ), - 'org_id' => array( - 'notempty' => array( - 'rule' => array('notempty'), - 'message' => 'Please specify the organisation ID where you are working.', // TODO ACL, org_id in Users - //'allowEmpty' => false, - //'required' => false, - //'last' => false, // Stop validation after this rule - //'on' => 'create', // Limit validation to 'create' or 'update' operations - ), - ), - 'email' => array( - 'email' => array( - 'rule' => array('email'), - 'message' => 'Please enter a valid email address.', - //'allowEmpty' => false, - 'required' => true, - //'last' => false, // Stop validation after this rule - //'on' => 'create', // Limit validation to 'create' or 'update' operations - ), - 'unique' => array( - 'rule' => 'isUnique', - 'message' => 'An account with this email address already exists.' - ), - ), - 'autoalert' => array( - 'boolean' => array( - 'rule' => array('boolean'), - //'message' => 'Your custom message here', - 'allowEmpty' => true, - 'required' => false, - //'last' => false, // Stop validation after this rule - //'on' => 'create', // Limit validation to 'create' or 'update' operations - ), - ), - 'authkey' => array( - 'minlength' => array( - 'rule' => array('minlength', 40), - 'message' => 'A authkey of a minimum length of 40 is required.', - 'required' => true, - ), - 'notempty' => array( - 'rule' => array('notempty'), - //'message' => 'Your custom message here', - //'allowEmpty' => false, - //'required' => false, - //'last' => false, // Stop validation after this rule - //'on' => 'create', // Limit validation to 'create' or 'update' operations - ), - ), - 'invited_by' => array( - 'numeric' => array( - 'rule' => array('numeric'), - //'message' => 'Your custom message here', - //'allowEmpty' => false, - //'required' => false, - //'last' => false, // Stop validation after this rule - //'on' => 'create', // Limit validation to 'create' or 'update' operations - ), - ), - 'change_pw' => array( - 'numeric' => array( - 'rule' => array('numeric'), - //'message' => 'Your custom message here', - 'allowEmpty' => true, - 'required' => false, - //'last' => false, // Stop validation after this rule - //'on' => 'create', // Limit validation to 'create' or 'update' operations - ), - ), - 'gpgkey' => array( - 'notempty' => array( - 'rule' => array('validateGpgkey'), - 'message' => 'GPG key not valid, please enter a valid key.', - //'allowEmpty' => false, - //'required' => false, - //'last' => false, // Stop validation after this rule - //'on' => 'create', // Limit validation to 'create' or 'update' operations - ), - ), - 'nids_sid' => array( - 'numeric' => array( - 'rule' => array('numeric'), - 'message' => 'A SID should be an integer.', - 'allowEmpty' => false, - 'required' => true, - //'last' => false, // Stop validation after this rule - //'on' => 'create', // Limit validation to 'create' or 'update' operations - ), - ), - 'termsaccepted' => array( - 'boolean' => array( - 'rule' => array('boolean'), - //'message' => 'Your custom message here', - //'allowEmpty' => false, - //'required' => false, - //'last' => false, // Stop validation after this rule - //'on' => 'create', // Limit validation to 'create' or 'update' operations - ), - ), - 'newsread' => array( - 'date' => array( - 'rule' => array('date'), - //'message' => 'Your custom message here', - //'allowEmpty' => false, - //'required' => false, - //'last' => false, // Stop validation after this rule - //'on' => 'create', // Limit validation to 'create' or 'update' operations - ), - ), - ); - - //The Associations below have been created with all possible keys, those that are not needed can be removed - -/** - * belongsTo associations - * - * @var array - */ - public $belongsTo = array( - 'Role' => array( - 'className' => 'Role', - 'foreignKey' => 'role_id', - 'conditions' => '', - 'fields' => '', - 'order' => '' - ) - ); - -/** - * hasMany associations - * - * @var array - */ - public $hasMany = array( - 'Event' => array( - 'className' => 'Event', - 'foreignKey' => 'user_id', - 'dependent' => false, - 'conditions' => '', - 'fields' => '', - 'order' => '', - 'limit' => '', - 'offset' => '', - 'exclusive' => '', - 'finderQuery' => '', - 'counterQuery' => '' - ) - ); - -/** - * TODO ACL: 1: be requester to CakePHP ACL system - */ - public $actsAs = array( - 'Acl' => array( // TODO ACL, + 'enabled' => false - 'type' => 'requester', - 'enabled' => false - ), - 'SysLogLogable.SysLogLogable' => array( // TODO Audit, logable - 'userModel' => 'User', - 'userKey' => 'user_id', - 'change' => 'full' - ), - 'Trim', - //'RemoveNewline' => array('fields' => array('gpgkey')), - ); - -/** - * TODO ACL: 2: hook User into CakePHP ACL system (so link to aros) - */ - public function parentNode() { - if (!$this->id && empty($this->data)) { - return null; - } - if (isset($this->data['User']['role_id'])) { - $roleId = $this->data['User']['role_id']; - } else { - $roleId = $this->field('role_id'); - } - if (!$roleId) { - return null; - } else { - return array('Role' => array('id' => $roleId)); - } - } - -/** - * TODO ACL: 3: rights on Roles: http://stackoverflow.com/questions/6154285/aros-table-in-cakephp-is-still-including-users-even-after-bindnode - */ - public function bindNode($user) { - // return array('model' => 'Group', 'foreign_key' => $user['User']['role_id']); - return array('Role' => array('id' => $user['User']['role_id'])); - } - - public function beforeSave() { - if (isset($this->data[$this->alias]['password'])) { - $this->data[$this->alias]['password'] = AuthComponent::password($this->data[$this->alias]['password']); - } - return true; - - // only accept add and edit in own org - //if ($this->data[$this->alias]['org'] != "TEST") { - // return false; - //} - //return true; - } - -/** - * Checks if the GPG key is a valid key - * But also import it in the keychain. - */ - public function validateGpgkey($check) { - // LATER first remove the old gpgkey from the keychain - - // empty value - if (empty($check['gpgkey'])) { - return true; - } - - // we have a clean, hopefull public, key here - - // key is entered - require_once 'Crypt/GPG.php'; - try { - $gpg = new Crypt_GPG(array('homedir' => Configure::read('GnuPG.homedir'))); - try { - $keyImportOutput = $gpg->importKey($check['gpgkey']); - if (!empty($keyImportOutput['fingerprint'])) { - return true; - } - } catch (Exception $e) { - //debug($e); - return false; - } - } catch (Exception $e) { - //debug($e); - return true; // TODO was false - } - } - - public function complexPassword($check) { - /* - 6 characters minimum - 1 or more upper-case letters - 1 or more lower-case letters - 1 or more digits or special characters - example: "EasyPeasy34" - */ - $value = array_values($check); - $value = $value[0]; - return preg_match('/((?=.*\d)|(?=.*\W+))(?![.\n])(?=.*[A-Z])(?=.*[a-z]).*$/', $value); - } - - public function identicalFieldValues($field=array(), $compareField=null) { - foreach ($field as $key => $value) { - $v1 = $value; - $v2 = $this->data[$this->name][$compareField]; - if ($v1 !== $v2) { - return false; - } else { - continue; - } - } - return true; - } - -/** - * Generates an authentication key for each user - */ - public function generateAuthKey() { - //$key = sha1(mt_rand(30, 30).time()); - $length = 40; - $characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'; - $charLen = strlen($characters) - 1; - $key = ''; - for ($p = 0; $p < $length; $p++) { - $key .= $characters[rand(0, $charLen)]; - } - - return $key; - } - - public function checkAndCorrectPgps() { - $fails = array(); - $users = $this->find('all', array('recursive' => 0)); - - foreach ($users as $user) { - if (strlen($user['User']['gpgkey']) && strpos($user['User']['gpgkey'], "\n")) { - $fails[] = $user['User']['id'] . ':' . $user['User']['id']; - //$check['gpgkey'] = trim(preg_replace('/\n', '', $check['gpgkey'])); - } - } - return $fails; - } -} + array( + 'numeric' => array( + 'rule' => array('numeric'), + //'message' => 'Your custom message here', + //'allowEmpty' => false, + //'required' => false, + //'last' => false, // Stop validation after this rule + //'on' => 'create', // Limit validation to 'create' or 'update' operations + ), + ), + 'password' => array( + 'minlength' => array( + 'rule' => array('minlength', 6), + 'message' => 'A password of a minimum length of 6 is required.', + //'allowEmpty' => false, + 'required' => true, + //'last' => false, // Stop validation after this rule + //'on' => 'create', // Limit validation to 'create' or 'update' operations + ), + 'complexity' => array( + 'rule' => array('complexPassword'), + 'message' => 'The password must contain at least one upper-case, one lower-case, one (digits or special character).', + //'allowEmpty' => false, + //'required' => true, + //'last' => false, // Stop validation after this rule + //'on' => 'create', // Limit validation to 'create' or 'update' operations + ), + 'identical' => array( + 'rule' => array('identicalFieldValues', 'confirm_password'), + 'message' => 'Please re-enter your password twice so that the values match.', + //'allowEmpty' => false, + //'required' => true, + //'last' => false, // Stop validation after this rule + //'on' => 'create', // Limit validation to 'create' or 'update' operations + ), + ), + 'org' => array( + 'notempty' => array( + 'rule' => array('notempty'), + 'message' => 'Please specify the organisation where you are working.', + //'allowEmpty' => false, + //'required' => false, + //'last' => false, // Stop validation after this rule + //'on' => 'create', // Limit validation to 'create' or 'update' operations + ), + ), + 'org_id' => array( + 'notempty' => array( + 'rule' => array('notempty'), + 'message' => 'Please specify the organisation ID where you are working.', // TODO ACL, org_id in Users + //'allowEmpty' => false, + //'required' => false, + //'last' => false, // Stop validation after this rule + //'on' => 'create', // Limit validation to 'create' or 'update' operations + ), + ), + 'email' => array( + 'email' => array( + 'rule' => array('email'), + 'message' => 'Please enter a valid email address.', + //'allowEmpty' => false, + 'required' => true, + //'last' => false, // Stop validation after this rule + //'on' => 'create', // Limit validation to 'create' or 'update' operations + ), + 'unique' => array( + 'rule' => 'isUnique', + 'message' => 'An account with this email address already exists.' + ), + ), + 'autoalert' => array( + 'boolean' => array( + 'rule' => array('boolean'), + //'message' => 'Your custom message here', + 'allowEmpty' => true, + 'required' => false, + //'last' => false, // Stop validation after this rule + //'on' => 'create', // Limit validation to 'create' or 'update' operations + ), + ), + 'authkey' => array( + 'minlength' => array( + 'rule' => array('minlength', 40), + 'message' => 'A authkey of a minimum length of 40 is required.', + 'required' => true, + ), + 'notempty' => array( + 'rule' => array('notempty'), + //'message' => 'Your custom message here', + //'allowEmpty' => false, + //'required' => false, + //'last' => false, // Stop validation after this rule + //'on' => 'create', // Limit validation to 'create' or 'update' operations + ), + ), + 'invited_by' => array( + 'numeric' => array( + 'rule' => array('numeric'), + //'message' => 'Your custom message here', + //'allowEmpty' => false, + //'required' => false, + //'last' => false, // Stop validation after this rule + //'on' => 'create', // Limit validation to 'create' or 'update' operations + ), + ), + 'change_pw' => array( + 'numeric' => array( + 'rule' => array('numeric'), + //'message' => 'Your custom message here', + 'allowEmpty' => true, + 'required' => false, + //'last' => false, // Stop validation after this rule + //'on' => 'create', // Limit validation to 'create' or 'update' operations + ), + ), + 'gpgkey' => array( + 'notempty' => array( + 'rule' => array('validateGpgkey'), + 'message' => 'GPG key not valid, please enter a valid key.', + //'allowEmpty' => false, + //'required' => false, + //'last' => false, // Stop validation after this rule + //'on' => 'create', // Limit validation to 'create' or 'update' operations + ), + ), + 'nids_sid' => array( + 'numeric' => array( + 'rule' => array('numeric'), + 'message' => 'A SID should be an integer.', + 'allowEmpty' => false, + 'required' => true, + //'last' => false, // Stop validation after this rule + //'on' => 'create', // Limit validation to 'create' or 'update' operations + ), + ), + 'termsaccepted' => array( + 'boolean' => array( + 'rule' => array('boolean'), + //'message' => 'Your custom message here', + //'allowEmpty' => false, + //'required' => false, + //'last' => false, // Stop validation after this rule + //'on' => 'create', // Limit validation to 'create' or 'update' operations + ), + ), + 'newsread' => array( + 'date' => array( + 'rule' => array('date'), + //'message' => 'Your custom message here', + //'allowEmpty' => false, + //'required' => false, + //'last' => false, // Stop validation after this rule + //'on' => 'create', // Limit validation to 'create' or 'update' operations + ), + ), + ); + + //The Associations below have been created with all possible keys, those that are not needed can be removed + +/** + * belongsTo associations + * + * @var array + */ + public $belongsTo = array( + 'Role' => array( + 'className' => 'Role', + 'foreignKey' => 'role_id', + 'conditions' => '', + 'fields' => '', + 'order' => '' + ) + ); + +/** + * hasMany associations + * + * @var array + */ + public $hasMany = array( + 'Event' => array( + 'className' => 'Event', + 'foreignKey' => 'user_id', + 'dependent' => false, + 'conditions' => '', + 'fields' => '', + 'order' => '', + 'limit' => '', + 'offset' => '', + 'exclusive' => '', + 'finderQuery' => '', + 'counterQuery' => '' + ) + ); + +/** + * TODO ACL: 1: be requester to CakePHP ACL system + */ + public $actsAs = array( + 'Acl' => array( // TODO ACL, + 'enabled' => false + 'type' => 'requester', + 'enabled' => false + ), + 'SysLogLogable.SysLogLogable' => array( // TODO Audit, logable + 'userModel' => 'User', + 'userKey' => 'user_id', + 'change' => 'full' + ), + 'Trim', + //'RemoveNewline' => array('fields' => array('gpgkey')), + ); + +/** + * TODO ACL: 2: hook User into CakePHP ACL system (so link to aros) + */ + public function parentNode() { + if (!$this->id && empty($this->data)) { + return null; + } + if (isset($this->data['User']['role_id'])) { + $roleId = $this->data['User']['role_id']; + } else { + $roleId = $this->field('role_id'); + } + if (!$roleId) { + return null; + } else { + return array('Role' => array('id' => $roleId)); + } + } + +/** + * TODO ACL: 3: rights on Roles: http://stackoverflow.com/questions/6154285/aros-table-in-cakephp-is-still-including-users-even-after-bindnode + */ + public function bindNode($user) { + // return array('model' => 'Group', 'foreign_key' => $user['User']['role_id']); + return array('Role' => array('id' => $user['User']['role_id'])); + } + + public function beforeSave() { + if (isset($this->data[$this->alias]['password'])) { + $this->data[$this->alias]['password'] = AuthComponent::password($this->data[$this->alias]['password']); + } + return true; + + // only accept add and edit in own org + //if ($this->data[$this->alias]['org'] != "TEST") { + // return false; + //} + //return true; + } + +/** + * Checks if the GPG key is a valid key + * But also import it in the keychain. + */ + public function validateGpgkey($check) { + // LATER first remove the old gpgkey from the keychain + + // empty value + if (empty($check['gpgkey'])) { + return true; + } + + // we have a clean, hopefull public, key here + + // key is entered + require_once 'Crypt/GPG.php'; + try { + $gpg = new Crypt_GPG(array('homedir' => Configure::read('GnuPG.homedir'))); + try { + $keyImportOutput = $gpg->importKey($check['gpgkey']); + if (!empty($keyImportOutput['fingerprint'])) { + return true; + } + } catch (Exception $e) { + //debug($e); + return false; + } + } catch (Exception $e) { + //debug($e); + return true; // TODO was false + } + } + + public function complexPassword($check) { + /* + 6 characters minimum + 1 or more upper-case letters + 1 or more lower-case letters + 1 or more digits or special characters + example: "EasyPeasy34" + */ + $value = array_values($check); + $value = $value[0]; + return preg_match('/((?=.*\d)|(?=.*\W+))(?![.\n])(?=.*[A-Z])(?=.*[a-z]).*$/', $value); + } + + public function identicalFieldValues($field=array(), $compareField=null) { + foreach ($field as $key => $value) { + $v1 = $value; + $v2 = $this->data[$this->name][$compareField]; + if ($v1 !== $v2) { + return false; + } else { + continue; + } + } + return true; + } + +/** + * Generates an authentication key for each user + */ + public function generateAuthKey() { + //$key = sha1(mt_rand(30, 30).time()); + $length = 40; + $characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'; + $charLen = strlen($characters) - 1; + $key = ''; + for ($p = 0; $p < $length; $p++) { + $key .= $characters[rand(0, $charLen)]; + } + + return $key; + } + + public function checkAndCorrectPgps() { + $fails = array(); + $users = $this->find('all', array('recursive' => 0)); + + foreach ($users as $user) { + if (strlen($user['User']['gpgkey']) && strpos($user['User']['gpgkey'], "\n")) { + $fails[] = $user['User']['id'] . ':' . $user['User']['id']; + //$check['gpgkey'] = trim(preg_replace('/\n', '', $check['gpgkey'])); + } + } + return $fails; + } +} diff --git a/app/View/Attributes/add.ctp b/app/View/Attributes/add.ctp index ff10e3f44..1b718d85b 100755 --- a/app/View/Attributes/add.ctp +++ b/app/View/Attributes/add.ctp @@ -89,7 +89,7 @@ var formInfoValues = new Array(); $def) { $info = isset($def['formdesc']) ? $def['formdesc'] : $def['desc']; - echo "formInfoValues['" . addslashes($type) . "'] = \"" . addslashes($info) . "\";\n"; // as we output JS code we need to add slashes + echo "formInfoValues['" . addslashes($type) . "'] = \"" . addslashes($info) . "\";\n"; // as we output JS code we need to add slashes } foreach ($categoryDefinitions as $category => $def) { $info = isset($def['formdesc']) ? $def['formdesc'] : $def['desc']; @@ -97,7 +97,7 @@ foreach ($categoryDefinitions as $category => $def) { } foreach ($distributionDescriptions as $type => $def) { $info = isset($def['formdesc']) ? $def['formdesc'] : $def['desc']; - echo "formInfoValues['" . addslashes($type) . "'] = \"" . addslashes($info) . "\";\n"; // as we output JS code we need to add slashes + echo "formInfoValues['" . addslashes($type) . "'] = \"" . addslashes($info) . "\";\n"; // as we output JS code we need to add slashes } ?> diff --git a/app/View/Attributes/add_attachment.ctp b/app/View/Attributes/add_attachment.ctp index d0c99049e..fe30ee2cf 100755 --- a/app/View/Attributes/add_attachment.ctp +++ b/app/View/Attributes/add_attachment.ctp @@ -47,7 +47,7 @@ foreach ($categoryDefinitions as $category => $def) { } foreach ($distributionDescriptions as $type => $def) { $info = isset($def['formdesc']) ? $def['formdesc'] : $def['desc']; - echo "formInfoValues['" . addslashes($type) . "'] = \"" . addslashes($info) . "\";\n"; // as we output JS code we need to add slashes + echo "formInfoValues['" . addslashes($type) . "'] = \"" . addslashes($info) . "\";\n"; // as we output JS code we need to add slashes } ?> diff --git a/app/View/Attributes/edit.ctp b/app/View/Attributes/edit.ctp index 4b5fc3f57..12abad25e 100755 --- a/app/View/Attributes/edit.ctp +++ b/app/View/Attributes/edit.ctp @@ -1,127 +1,130 @@ - -
-Form->create('Attribute');?> -
- -Form->input('id'); -echo $this->Form->input('category', array('between' => $this->Html->div('forminfo', '', array('id' => 'AttributeCategoryDiv')))); -if ($attachment) { - echo $this->Form->hidden('type', array('between' => $this->Html->div('forminfo', '', array('id' => 'AttributeTypeDiv')))); - echo "
Type: " . $this->Form->value('Attribute.type'); -} else { - echo $this->Form->input('type', array('between' => $this->Html->div('forminfo', '', array('id' => 'AttributeTypeDiv')))); -} -if ('true' == Configure::read('CyDefSIG.sync')) { - if ('true' == Configure::read('CyDefSIG.private')) { - echo $this->Form->input('distribution', array('label' => 'Distribution', - 'between' => $this->Html->div('forminfo', '', array('id' => 'AttributeDistributionDiv')) - )); - } else { - echo $this->Form->input('private', array( - 'before' => $this->Html->div('forminfo', isset($attrDescriptions['private']['formdesc']) ? $attrDescriptions['private']['formdesc'] : $attrDescriptions['private']['desc']), - )); - } -} -echo $this->Form->input('to_ids', array( - 'before' => $this->Html->div('forminfo', isset($attrDescriptions['signature']['formdesc']) ? $attrDescriptions['signature']['formdesc'] : $attrDescriptions['signature']['desc']), - 'label' => 'IDS Signature?' -)); -if ($attachment) { - echo $this->Form->hidden('value'); - echo "
Value: " . $this->Form->value('Attribute.value'); -} else { - echo $this->Form->input('value', array( - 'type' => 'textarea', - 'error' => array('escape' => false), - )); -} -$this->Js->get('#AttributeCategory')->event('change', 'formCategoryChanged("#AttributeCategory")'); -$this->Js->get('#AttributeType')->event('change', 'showFormInfo("#AttributeType")'); -$this->Js->get('#AttributeDistribution')->event('change', 'showFormInfo("#AttributeDistribution")'); - -?> -
-Form->end(__('Submit'));?> -
-
- -
- - -Js->writeBuffer(); // Write cached scripts + +
+Form->create('Attribute');?> +
+ +Form->input('id'); +echo $this->Form->input('category', array('between' => $this->Html->div('forminfo', '', array('id' => 'AttributeCategoryDiv')))); +if ($attachment) { + echo $this->Form->hidden('type', array('between' => $this->Html->div('forminfo', '', array('id' => 'AttributeTypeDiv')))); + echo "
Type: " . $this->Form->value('Attribute.type'); +} else { + echo $this->Form->input('type', array('between' => $this->Html->div('forminfo', '', array('id' => 'AttributeTypeDiv')))); +} +if ('true' == Configure::read('CyDefSIG.sync')) { + if ('true' == Configure::read('CyDefSIG.private')) { + if ('true' == $canEditDist) { + echo $this->Form->input('distribution', array('label' => 'Distribution', + 'between' => $this->Html->div('forminfo', '', array('id' => 'AttributeDistributionDiv')) + )); + } + } else { + echo $this->Form->input('private', array( + 'before' => $this->Html->div('forminfo', isset($attrDescriptions['private']['formdesc']) ? $attrDescriptions['private']['formdesc'] : $attrDescriptions['private']['desc']), + )); + } +} +echo $this->Form->input('to_ids', array( + 'before' => $this->Html->div('forminfo', isset($attrDescriptions['signature']['formdesc']) ? $attrDescriptions['signature']['formdesc'] : $attrDescriptions['signature']['desc']), + 'label' => 'IDS Signature?' +)); +if ($attachment) { + echo $this->Form->hidden('value'); + echo "
Value: " . $this->Form->value('Attribute.value'); +} else { + echo $this->Form->input('value', array( + 'type' => 'textarea', + 'error' => array('escape' => false), + )); +} +$this->Js->get('#AttributeCategory')->event('change', 'formCategoryChanged("#AttributeCategory")'); +$this->Js->get('#AttributeType')->event('change', 'showFormInfo("#AttributeType")'); +if ($canEditDist) { + $this->Js->get('#AttributeDistribution')->event('change', 'showFormInfo("#AttributeDistribution")'); +} +?> +
+Form->end(__('Submit'));?> +
+
+ +
+ + +Js->writeBuffer(); // Write cached scripts diff --git a/app/View/Attributes/event.ctp b/app/View/Attributes/event.ctp index ee174acc2..bd66059a6 100755 --- a/app/View/Attributes/event.ctp +++ b/app/View/Attributes/event.ctp @@ -1,200 +1,200 @@ -
-
- - - - -
- - - -

Event

-
-
ID
-
- -   -
-
Org
-
- -   -
-
Email
-
- -   -
-
Date
-
- -   -
- >Risk -
- -   -
-
Distribution
-
- -   -
- -
Info
-
- -   -
-
-
-

Related Events

- -
- -
-

Attributes

- - - - - - - - - - - - - - - - - - - -
CategoryTypeValueRelated Events>IDS Signature>PrivateActions
- Html->link($filenameHash[0], array('controller' => 'attributes', 'action' => 'download', $attribute['Attribute']['id'])); - if (isset($filenameHash[1])) echo ' | ' . $filenameHash[1]; - } elseif (strpos($attribute['Attribute']['type'], '|') !== false) { - $filenameHash = explode('|', h($attribute['Attribute']['value'])); - echo $filenameHash[0]; - if (isset($filenameHash[1])) echo ' | ' . $filenameHash[1]; - } elseif ('vulnerability' == $attribute['Attribute']['type']) { - echo $this->Html->link($sigDisplay, 'http://www.google.com/search?q=' . $sigDisplay, array('target' => '_blank')); - } elseif ('link' == $attribute['Attribute']['type']) { - echo $this->Html->link($sigDisplay, $sigDisplay); - } else { - echo $sigDisplay; - }?>Html->link($relatedAttribute['Correlation']['event_id'], array('controller' => 'events', 'action' => 'view', $relatedAttribute['Correlation']['event_id'])); - } else { - echo $this->Html->link($relatedAttribute['Attribute']['event_id'], array('controller' => 'events', 'action' => 'view', $relatedAttribute['Attribute']['event_id'])); - } - echo ' '; - } - }?>  - - Html->link(__('Edit', true), array('controller' => 'attributes', 'action' => 'edit', $attribute['Attribute']['id'])); - echo $this->Form->postLink(__('Delete'), array('controller' => 'attributes', 'action' => 'delete', $attribute['Attribute']['id']), null, __('Are you sure you want to delete this attribute?')); - ?> -
-

- Paginator->counter(array( - 'format' => __('Page {:page} of {:pages}, showing {:current} records out of {:count} total, starting on record {:start}, ending on {:end}') - )); - ?>

- -
Paginator->prev('< ' . __('previous'), array(), null, array('class' => 'prev disabled')); - echo $this->Paginator->numbers(array('separator' => '')); - echo $this->Paginator->next(__('next') . ' >', array(), null, array('class' => 'next disabled')); - ?> -
-
-
    -
  • Html->link('Add Attribute', array('controller' => 'attributes', 'action' => 'add', $event['Event']['id']));?>
    • -
  • Html->link('Add Attachment', array('controller' => 'attributes', 'action' => 'add_attachment', $event['Event']['id']));?>
    • -
-
-
- -
- -
- +
+
+
  • Form->postLink('Publish Event', array('controller' => 'events', 'action' => 'alert', $event['Event']['id']), null, 'Are you sure this event is complete and everyone should be informed?'); + echo $this->Form->postLink('Publish (no email)', array('controller' => 'events', 'action' => 'publish', $event['Event']['id']), null, 'Publish but do NOT send alert email? Only for minor changes!'); + ?>
+
  • Not published
+ +
  • Html->link(__('Contact reporter', true), array('controller' => 'events', 'action' => 'contact', $event['Event']['id'])); ?>
+
+ + + +

Event

+
+
ID
+
+ +   +
+
Org
+
+ +   +
+
Email
+
+ +   +
+
Date
+
+ +   +
+ >Risk +
+ +   +
+
Distribution
+
+ +   +
+ +
Info
+
+ +   +
+
+
+

Related Events

+
    +
  • Html->link($linkText, array('controller' => 'attributes', 'action' => 'event', $relatedEvent['id'])); + } else { + $linkText = $relatedEvent['Event']['date'] . ' (' . $relatedEvent['Event']['id'] . ')'; + echo $this->Html->link($linkText, array('controller' => 'attributes', 'action' => 'event', $relatedEvent['Event']['id'])); + }?>
    • +
+
+ +
+

Attributes

+ + + + + + + + + + + + + + + + + + + +
CategoryTypeValueRelated Events>IDS Signature>PrivateActions
+ Html->link($filenameHash[0], array('controller' => 'attributes', 'action' => 'download', $attribute['Attribute']['id'])); + if (isset($filenameHash[1])) echo ' | ' . $filenameHash[1]; + } elseif (strpos($attribute['Attribute']['type'], '|') !== false) { + $filenameHash = explode('|', h($attribute['Attribute']['value'])); + echo $filenameHash[0]; + if (isset($filenameHash[1])) echo ' | ' . $filenameHash[1]; + } elseif ('vulnerability' == $attribute['Attribute']['type']) { + echo $this->Html->link($sigDisplay, 'http://www.google.com/search?q=' . $sigDisplay, array('target' => '_blank')); + } elseif ('link' == $attribute['Attribute']['type']) { + echo $this->Html->link($sigDisplay, $sigDisplay); + } else { + echo $sigDisplay; + }?>Html->link($relatedAttribute['Correlation']['event_id'], array('controller' => 'events', 'action' => 'view', $relatedAttribute['Correlation']['event_id'])); + } else { + echo $this->Html->link($relatedAttribute['Attribute']['event_id'], array('controller' => 'events', 'action' => 'view', $relatedAttribute['Attribute']['event_id'])); + } + echo ' '; + } + }?>  + + Html->link(__('Edit', true), array('controller' => 'attributes', 'action' => 'edit', $attribute['Attribute']['id'])); + echo $this->Form->postLink(__('Delete'), array('controller' => 'attributes', 'action' => 'delete', $attribute['Attribute']['id']), null, __('Are you sure you want to delete this attribute? Keep in mind that this will also delete this attribute on remote MISP instances.')); + ?> +
+

+ Paginator->counter(array( + 'format' => __('Page {:page} of {:pages}, showing {:current} records out of {:count} total, starting on record {:start}, ending on {:end}') + )); + ?>

+ +
Paginator->prev('< ' . __('previous'), array(), null, array('class' => 'prev disabled')); + echo $this->Paginator->numbers(array('separator' => '')); + echo $this->Paginator->next(__('next') . ' >', array(), null, array('class' => 'next disabled')); + ?> +
+
+
    +
  • Html->link('Add Attribute', array('controller' => 'attributes', 'action' => 'add', $event['Event']['id']));?>
    • +
  • Html->link('Add Attachment', array('controller' => 'attributes', 'action' => 'add_attachment', $event['Event']['id']));?>
    • +
+
+
+ +
+ +
+
\ No newline at end of file diff --git a/app/View/Attributes/index.ctp b/app/View/Attributes/index.ctp index bf920e65f..9e41fb6c1 100755 --- a/app/View/Attributes/index.ctp +++ b/app/View/Attributes/index.ctp @@ -20,6 +20,7 @@ function getTitle(incInt, id){ if ($isSearch == 1) { echo "

Results for all attributes"; if ($keywordSearch != null) echo " with the value containing \"" . h($keywordSearch) . "\""; + if ($keywordSearch2 != null) echo " excluding the events \"" . h($keywordSearch2) . "\""; if ($categorySearch != "ALL") echo " of category \"" . h($categorySearch) . "\""; if ($typeSearch != "ALL") echo " of type \"" . h($typeSearch) . "\""; echo ":

"; @@ -53,7 +54,7 @@ foreach ($attributes as $attribute): ?>   Html->link($sigDisplay, array('controller' => 'attributes', 'action' => 'download', $attribute['Attribute']['id'])); } elseif ('link' == $attribute['Attribute']['type']) { diff --git a/app/View/Attributes/search.ctp b/app/View/Attributes/search.ctp index 35351a183..0107bbae0 100755 --- a/app/View/Attributes/search.ctp +++ b/app/View/Attributes/search.ctp @@ -3,7 +3,8 @@
Form->input('keyword', array('type' => 'textarea')); + echo $this->Form->input('keyword', array('type' => 'textarea', 'label' => 'Containing the following expressions')); + echo $this->Form->input('keyword2', array('type' => 'textarea', 'label' => 'Excluding the following events')); echo $this->Form->input('type', array('between' => $this->Html->div('forminfo', '', array('id' => 'AttributeTypeDiv')))); echo $this->Form->input('category', array('between' => $this->Html->div('forminfo', '', array('id' => 'AttributeCategoryDiv')))); ?> diff --git a/app/View/Elements/actions_menu.ctp b/app/View/Elements/actions_menu.ctp index 1231c9fbb..56a41da0e 100755 --- a/app/View/Elements/actions_menu.ctp +++ b/app/View/Elements/actions_menu.ctp @@ -1,3 +1,4 @@ +

  • Html->link(__('New Event', true), array('controller' => 'events', 'action' => 'add')); ?>
  • Html->link(__('List Events', true), array('controller' => 'events', 'action' => 'index')); ?>
    • @@ -5,7 +6,6 @@ if ($isAclAdd) echo $this->Html->link(__('New Event', true), array('controller'
  • Html->link(__('Search Attributes', true), array('controller' => 'attributes', 'action' => 'search')); ?>
  • Html->link(__('Export', true), array('controller' => 'events', 'action' => 'export')); ?>
    • -
  •  

  • Html->link(__('News', true), array('controller' => 'users', 'action' => 'news')); ?>
    • @@ -23,16 +23,16 @@ if (('true' == Configure::read('CyDefSIG.sync')) && ($isAclSync || $isAdmin)): ? - +if($isSiteAdmin): ?>
  •  
    • -

    +

  • Html->link(__('Import Blacklist', true), array('controller' => 'blacklists', 'action' => 'index', 'admin' => true)); ?>
  • Html->link(__('Import Regexp', true), array('controller' => 'regexp', 'action' => 'index', 'admin' => true)); ?>
  • Html->link(__('Signature Whitelist', true), array('controller' => 'whitelists', 'action' => 'index', 'admin' => true)); ?>
  •  
    • +

  • Html->link(__('New User', true), array('controller' => 'users', 'action' => 'add', 'admin' => true)); ?>
  • Html->link(__('List Users', true), array('controller' => 'users', 'action' => 'index', 'admin' => true)); ?>
  • Html->link(__('New Role', true), array('controller' => 'roles', 'action' => 'add', 'admin' => true)); ?>
    • @@ -43,13 +43,14 @@ endif;?> +if($isAdmin && !$isSiteAdmin): ?>
  •  
    • -

    +

  • Html->link(__('Import Blacklist', true), array('controller' => 'blacklists', 'action' => 'index')); ?>
  • Html->link(__('Import Regexp', true), array('controller' => 'regexp', 'action' => 'index')); ?>
  • Html->link(__('Signature Whitelist', true), array('controller' => 'whitelists', 'action' => 'index')); ?>
  •  
    • +

  • Html->link(__('New User', true), array('controller' => 'users', 'action' => 'add', 'admin' => true)); ?>
  • Html->link(__('List Users', true), array('controller' => 'users', 'action' => 'index', 'admin' => true)); ?>
  • Html->link(__('List Roles', true), array('controller' => 'roles', 'action' => 'index')); ?>
    • @@ -59,9 +60,9 @@ endif;?> +if(!$isSiteAdmin && !$isAclAdmin): ?>
  •  
    • -

    +

  • Html->link(__('Import Blacklist', true), array('controller' => 'blacklists', 'action' => 'index')); ?>
  • Html->link(__('Import Regexp', true), array('controller' => 'regexp', 'action' => 'index')); ?>
  • Html->link(__('Signature Whitelist', true), array('controller' => 'whitelists', 'action' => 'index')); ?>
    • @@ -69,7 +70,7 @@ if(!$isAdmin && !$isAclAdmin): ?> endif;?> +if($isAclAudit): ?>

  • Html->link(__('List Logs', true), array('controller' => 'logs', 'action' => 'index', 'admin' => true)); ?>
  • Html->link(__('Search Logs', true), array('controller' => 'logs', 'action' => 'admin_search', 'admin' => true)); ?>
    • diff --git a/app/View/Events/add.ctp b/app/View/Events/add.ctp index c4630bc46..cfa9cae90 100755 --- a/app/View/Events/add.ctp +++ b/app/View/Events/add.ctp @@ -50,15 +50,15 @@ var formInfoValues = new Array(); $def) { $info = isset($def['formdesc']) ? $def['formdesc'] : $def['desc']; - echo "formInfoValues['" . addslashes($type) . "'] = \"" . addslashes($info) . "\";\n"; // as we output JS code we need to add slashes + echo "formInfoValues['" . addslashes($type) . "'] = \"" . addslashes($info) . "\";\n"; // as we output JS code we need to add slashes } foreach ($riskDescriptions as $type => $def) { $info = isset($def['formdesc']) ? $def['formdesc'] : $def['desc']; - echo "formInfoValues['" . addslashes($type) . "'] = \"" . addslashes($info) . "\";\n"; // as we output JS code we need to add slashes + echo "formInfoValues['" . addslashes($type) . "'] = \"" . addslashes($info) . "\";\n"; // as we output JS code we need to add slashes } foreach ($analysisDescriptions as $type => $def) { $info = isset($def['formdesc']) ? $def['formdesc'] : $def['desc']; - echo "formInfoValues['" . addslashes($type) . "'] = \"" . addslashes($info) . "\";\n"; // as we output JS code we need to add slashes + echo "formInfoValues['" . addslashes($type) . "'] = \"" . addslashes($info) . "\";\n"; // as we output JS code we need to add slashes } ?> diff --git a/app/View/Events/edit.ctp b/app/View/Events/edit.ctp index fcee9c7db..b2418be95 100755 --- a/app/View/Events/edit.ctp +++ b/app/View/Events/edit.ctp @@ -12,9 +12,11 @@ echo $this->Form->input('analysis', array( 'before' => $this->Html->div('forminfo', '', array('id' => 'EventAnalysisDiv')))); if ('true' == Configure::read('CyDefSIG.sync')) { if ('true' == Configure::read('CyDefSIG.private')) { - echo $this->Form->input('distribution', array('label' => 'Distribution', - 'between' => $this->Html->div('forminfo', '', array('id' => 'EventDistributionDiv')) - )); + if ('true' == $canEditDist) { + echo $this->Form->input('distribution', array('label' => 'Distribution', + 'between' => $this->Html->div('forminfo', '', array('id' => 'EventDistributionDiv')) + )); + } } else { echo $this->Form->input('private', array( 'before' => $this->Html->div('forminfo', isset($eventDescriptions['private']['formdesc']) ? $eventDescriptions['private']['formdesc'] : $eventDescriptions['private']['desc']),)); @@ -23,7 +25,9 @@ if ('true' == Configure::read('CyDefSIG.sync')) { echo $this->Form->input('info'); // link an onchange event to the form elements -$this->Js->get('#EventDistribution')->event('change', 'showFormInfo("#EventDistribution")'); +if ('true' == $canEditDist) { + $this->Js->get('#EventDistribution')->event('change', 'showFormInfo("#EventDistribution")'); +} $this->Js->get('#EventRisk')->event('change', 'showFormInfo("#EventRisk")'); $this->Js->get('#EventAnalysis')->event('change', 'showFormInfo("#EventAnalysis")'); ?> @@ -42,10 +46,13 @@ $this->Js->get('#EventAnalysis')->event('change', 'showFormInfo("#EventAnalysis" // var formInfoValues = new Array(); $def) { - $info = isset($def['formdesc']) ? $def['formdesc'] : $def['desc']; - echo "formInfoValues['" . addslashes($type) . "'] = \"" . addslashes($info) . "\";\n"; // as we output JS code we need to add slashes +if ('true' == $canEditDist) { + foreach ($distributionDescriptions as $type => $def) { + $info = isset($def['formdesc']) ? $def['formdesc'] : $def['desc']; + echo "formInfoValues['" . addslashes($type) . "'] = \"" . addslashes($info) . "\";\n"; // as we output JS code we need to add slashes + } } + foreach ($riskDescriptions as $type => $def) { $info = isset($def['formdesc']) ? $def['formdesc'] : $def['desc']; echo "formInfoValues['" . addslashes($type) . "'] = \"" . addslashes($info) . "\";\n"; // as we output JS code we need to add slashes @@ -68,7 +75,9 @@ function showFormInfo(id) { } // hide the formInfo things -$('#EventDistributionDiv').hide(); +if ('true' == $canEditDist) { + $('#EventDistributionDiv').hide(); +} $('#EventRiskDiv').hide(); $('#EventAnalysisDiv').hide(); diff --git a/app/View/Events/index.ctp b/app/View/Events/index.ctp index ff6860c2b..02e19fe48 100755 --- a/app/View/Events/index.ctp +++ b/app/View/Events/index.ctp @@ -7,6 +7,11 @@ if ('true' == Configure::read('CyDefSIG.showorg') || $isAdmin): ?> Paginator->sort('org');?> + + Paginator->sort('owner org');?> + Paginator->sort('id');?> Paginator->sort('attribute_count', '#Attr.');?> @@ -45,6 +50,15 @@ foreach ($events as $event):?> }?>   + Html->image('orgs/' . h($event['Event']['orgc']) . '.png', array('alt' => h($event['Event']['orgc']),'width' => '48','hight' => '48')); + else echo $this->Html->tag('span', h($event['Event']['orgc']), array('class' => 'welcome', 'style' => 'float:right;'));?> +  
    -element('img', array('id' => $event['Event']['org']));?>element('img', array('id' => $event['Event']['orgc']));?>

    Event

    @@ -59,7 +59,15 @@ endif; ?>   -
    Org
    +
    Creating Org
    +
    + +   +
    + + +
    Owner org
      @@ -244,7 +252,7 @@ if (!empty($event['Attribute'])):?> Html->link(__('Edit', true), array('controller' => 'attributes', 'action' => 'edit', $attribute['id'])); - echo $this->Form->postLink(__('Delete'), array('controller' => 'attributes', 'action' => 'delete', $attribute['id']), null, __('Are you sure you want to delete this attribute?')); + echo $this->Form->postLink(__('Delete'), array('controller' => 'attributes', 'action' => 'delete', $attribute['id']), null, __('Are you sure you want to delete this attribute? Keep in mind that this will also delete this attribute on remote MISP instances.')); ?> Date: The date when the incident has happened.

  • Distribution: This setting controls, who will be able to see this event once it becomes published. Apart from being able to set which users on this server are allowed to see the event, this also controls whether the event will be synchronised to other servers or not. The following options are available:

    • -
    • Your organization only: This setting will only allow members of your organisation on this server to see it.

      • -
    • This server-only: This setting will only allow members of any organisation on this server to see it.

      • -
    • This Community-only: Users that are part of your MISP community will be able to see the event. This includes your own organisation, organisations on your MISP server and organisations running MISP servers that synchronise with this server. Any other organisations connected to such linked servers will be restricted from seeing the event. Use this option if you are on the central hub of your community.

      • -
    • Connected communities: Users that are part of your MISP community will be able to see the event. This includes all organisations on your own MISP server, all organisations on MISP servers synchronising with this server and the hosting organisations of servers that connect to those afore mentioned servers (so basically any server that is 2 hops away from this one). Any other organisations connected to linked servers that are 2 hops away from this own will be restricted from seeing the event. Use this option if this server isn't the central MISP hub of the community but is connected to it.

      • +
    • Your organization only: This setting will only allow members of your organisation on this server to see it. Events with this setting will not be synchronised.

      • +
    • This server-only: This setting will allow members of any organisation on this server to see it. Events with this setting will not be synchronised. For more information on community-related distribution levels, click here.

      • +
    • This Community-only: Users that are part of your MISP community will be able to see the event. This includes your own organisation, organisations on this MISP server and organisations running MISP servers that synchronise with this server. Any other organisations connected to such linked servers will be restricted from seeing the event. For more information on community-related distribution levels, click here.

      • +
    • Connected communities: Users that are part of your MISP community will be able to see the event. This includes all organisations on this MISP server, all organisations on MISP servers synchronising with this server and the hosting organisations of servers that connect to those afore mentioned servers (so basically any server that is 2 hops away from this one). Any other organisations connected to linked servers that are 2 hops away from this own will be restricted from seeing the event. For more information on community-related distribution levels, click here.

    • All communities: This will share the event with all MISP communities, allowing the event to be freely propagated from one server to the next.

  • Risk: This field indicates the risk level of the event. Incidents can be categorised into three different threat categories (low, medium, high). This field can alternatively be left as undefined. The 3 options are:

    • diff --git a/app/View/Users/admin_add.ctp b/app/View/Users/admin_add.ctp index 8d08d2ed4..adf7c3cbb 100755 --- a/app/View/Users/admin_add.ctp +++ b/app/View/Users/admin_add.ctp @@ -11,7 +11,7 @@ if ($currentOrg == 'ADMIN') { } echo $this->Form->input('role_id', array('label' => 'Role')); echo $this->Form->input('autoalert'); - echo $this->Form->input('authkey', array('value' => $authkey, 'disabled' => 'disabled')); + echo $this->Form->input('authkey', array('value' => $authkey, 'readonly' => 'readonly')); echo $this->Form->input('nids_sid'); echo $this->Form->input('gpgkey'); ?>