Location: PHPKode > projects > Cancerbero - The watchdog of the ports > cancerbero-0.6/site/include/functions_plugins.php
<?php

function dirList ($directory)
{

    # create an array to hold directory list
    $results = array();

    # create a handler for the directory
    $handler = opendir($directory);

    # keep going until all files in directory have been read
    while (false !== ($file = readdir($handler))) {

        // if $file isn't this directory or its parent,
        // add it to the results array
	if ($file != '.' && $file != '..' && ereg(".php$", $file)){
		$results[] = "$file";
	}
    }

    # tidy up: close the handler
    closedir($handler);

    # done!
    return $results;

}

function get_info_mail ($scan_id) {

	$alerts_to_mail = array();
	
	$query = "select email, alerts.alert_name AS alert, message FROM owners, send_alerts, alerts, scans, hosts, ranges WHERE owners.owner_id = send_alerts.owner_id AND send_alerts.alert_name = alerts.alert_name AND alerts.last_scan_id = scans.scan_rec_id AND scans.host_id = hosts.host_id AND scans.range_id = ranges.range_id AND ((send_alerts.object = 'host' AND send_alerts.object_index = hosts.host_id) OR (send_alerts.object = 'range' AND send_alerts.object_index = scans.range_id) OR (send_alerts.object = 'sensor' AND send_alerts.object_index = ranges.sensor_id)) AND alerts.last_scan_id = $scan_id;";
	$result = mysql_query("$query") or die (mysql_error());
	
	while ($alerts_found = mysql_fetch_array($result, MYSQL_ASSOC)) {
		
		# no podemos usar list porque solo funciona con arrays numericos.
		#echo "$email, $alert, $message \n";
		$alerts_to_mail["$alerts_found[email]"]["$alerts_found[message]"] = $alerts_found['alert'];
	}
	return $alerts_to_mail;
}

function send_alerts_mail ($alerts_to_mail, $scan_id) {

	$host_id_query = mysql_query("SELECT scans.host_id, ip, hostname, sensor_name, range, range_name, FROM_UNIXTIME(d_scan, '%Y-%m-%d / %k:%i ') AS Date, number_of_alerts FROM scans,hosts,ranges, sensors WHERE scans.host_id = hosts.host_id AND hosts.range_id = ranges.range_id AND ranges.sensor_id = sensors.sensor_id AND scan_rec_id = $scan_id ") or die ('Querry failed1: ' . mysql_error());
while ($host = mysql_fetch_array($host_id_query, MYSQL_ASSOC)){
	$host_id = $host['host_id'];
	$ip = $host['ip'];
	$hostname = $host['hostname'];
	$range_description = ($host['range_name'] == "") ? $host['range'] : $host['range_name'];
	
	$query_scans_done = mysql_query("SELECT scan_rec_id FROM scans WHERE host_id = $host_id ORDER BY d_scan ASC") or die ('Querry failed: ' . mysql_error());
	$result_scans_done = "";
	$old_scan = 0;
	$num_scans = 0;
	while ( $scan_id_array = mysql_fetch_array($query_scans_done)) {
		$tmp_scan_id = $scan_id_array[0];
		if ($num_scans == 0 && $tmp_scan_id == $scan_id) {
			$old_scan = 0;
		} elseif ($tmp_scan_id == $scan_id) {
			mysql_data_seek($query_scans_done, $num_scans-1);
			list($old_scan) = mysql_fetch_array($query_scans_done);
			break;
		}
		$num_scans++;
	}

	$host_db = trim(`hostname`);
       $mail_headers = 'From: cancerbero@'.$host_db . "\r\n" . 'Reply-To: cancerbero@'.$host_db . "\r\n" . 'X-Mailer: PHP/' . phpversion() . "\r\n" . 'Content-Type: text/html; charset=iso-8859-1' . "\r\n" . 'Content-Transfer-Encoding: 8bit';
	
	$top_header ="
	<html>
	<head>
	<title>Cancerbero Alerts in $hostname($ip)</title>
	</head>
	<body>
	<div align='center'><strong>Cancerbero Alerts in
	$hostname($ip)</strong></div>
	<p>You are receiving this email because you are defined as owner of host $hostname($ip). If this is not right, contact with your Cancerbero Admin.</p>";
	
	foreach ($alerts_to_mail as $email => $email_values) {
		$body = "
		<table style='text-align: left;  width: 100%;' border='1' cellpadding='2' cellspacing='0'>
		<tbody>
		<tr align='center'>
		<td style='background-color: #FFCC66' colspan='4' rowspan='1'>$hostname ($ip)</td>
		</tr>
		<tr>
		<td style='text-align: center; background-color: #D8D8D8;'>Sensor</td>
		<td style='text-align: center; background-color: #D8D8D8;'>Range</td>
		<td style='text-align: center; background-color: #D8D8D8;'>Date&nbsp;Scan</td>
		<td style='text-align: center; background-color: #D8D8D8;'>Num Alerts</td>
		</tr>
		<tr>
		<td style='text-align: center;'>$host[sensor_name]</td>
		<td style='text-align: center;'>$range_description</td>
		<td style='text-align: center;'>$host[Date]</td>
		<td style='text-align: center;'>$host[number_of_alerts]</td>
		</tr>
		<tr align='center'>
		<td style='background-color: #FFCC66' colspan='4' rowspan='1'>Alerts Found</td>
		</tr>
		<tr>
		<td style='text-align: center; background-color: #D8D8D8;' colspan='2' rowspan='1'>Alert Type</td>
		<td style='text-align: center; background-color: #D8D8D8;' colspan='2' rowspan='1'>Alerts &nbsp;Message</td>
		</tr>
		";
		foreach ($alerts_to_mail[$email] as $message => $type_alert){
			$body.="
			   <tr>
				<td style='text-align: center;' colspan='2' rowspan='1'>$type_alert</td>
				<td style='text-align: center;' colspan='2' rowspan='1'>$message</td>
			   </tr>
			";
		}
		$body.="
		</tbody>
		</table>";
		$plugin_status = mysql_query("SELECT plugin_name FROM plugins WHERE plugin_name = 'Compare with last scan' AND status = 'on' ") or die ('Querry failed: ' . mysql_error());
		if ( mysql_num_rows($plugin_status) != 0 ){
			$body.= send_mails($scan_id,$old_scan,$alerts_to_mail,$hostname,$ip);
		}
		$body.= "</body>
		</html>
		";
		mail("$email","Cancerbero Alerts in $hostname($ip)", "$top_header$body", "$mail_headers");
	}
}
	
}

function insert_new_plugin ($plugin_name, $description, $alerts, $version) {


	$plugin_check = mysql_query("SELECT version FROM plugins where plugin_name = '$plugin_name'") or die ('Querry failed1: ' . mysql_error());
	if ( mysql_num_rows($plugin_check) == 0 ) {
		# Insert the new plugin in the database.
		mysql_query("INSERT INTO plugins (plugin_name, description, version ) VALUES ('$plugin_name', '$description', '$version')") or die (mysql_error());
		
		#Insert the alerts of the new plugin
		foreach ($alerts as $alert_name => $values) {
			list ($alert_level, $status) = $values;
			mysql_query("INSERT INTO alert_type (alert_name, status, alert_level, plugin_name ) VALUES ('$alert_name', '$status', '$alert_level', '$plugin_name')") or die (mysql_error());
		}
	} else {
		list ($dbver_plugin) = mysql_fetch_row($plugin_check);
		if ( $version > $dbver_plugin ) {
			echo "Actualizacion.";
		}
	}

	
}

function insert_alerts ($last_scan_id, $alerts_found, $old_scan_id = 0) {
	foreach ($alerts_found as $port => $port_values) {
		foreach ($alerts_found["$port"] as $alert_found => $values) {
			list ($message, $old_value, $new_value) = $values;
			mysql_query("INSERT INTO alerts (last_scan_id, old_scan_id, alert_name, message ) VALUES ('$last_scan_id', '$old_scan_id', '$alert_found', '$message $old_value => $new_value')") or die (mysql_error());
		}
	}
}

function send_mails ($last_scan_id, $old_scan_id, $alerts_to_mail, $hostname, $ip) {

	#$mail_headers = 'From: hide@address.com' . "\r\n" . 'Reply-To: hide@address.com' . "\r\n" . 'X-Mailer: PHP/' . phpversion() . "\r\n" . 'Content-Type: text/html; charset=iso-8859-1' . "\r\n" . 'Content-Transfer-Encoding: 8bit';

	if ($old_scan_id == 0) {
		return;
	}

	$result_old_scan = mysql_query("SELECT port, service, product, extra_info, port_version from ports where scan_rec_id = $old_scan_id  ORDER BY `port` ASC") or die (mysql_error());
	$result_last_scan = mysql_query("SELECT port, service, product, extra_info, port_version from ports where scan_rec_id = $last_scan_id  ORDER BY `port` ASC") or die (mysql_error());
	$result_os_old_scan = mysql_query("SELECT os_guessed, os_gen FROM scans where scan_rec_id = $old_scan_id") or die (mysql_error());
	$result_os_last_scan = mysql_query("SELECT os_guessed, os_gen FROM scans where scan_rec_id = $last_scan_id") or die (mysql_error());

	$query_date =  mysql_query("SELECT FROM_UNIXTIME((SELECT d_scan FROM scans WHERE scan_rec_id = $last_scan_id), '%Y-%m-%d / %k:%i ') AS Last, FROM_UNIXTIME((SELECT d_scan FROM scans WHERE scan_rec_id = $old_scan_id), '%Y-%m-%d / %k:%i ') AS Old, FROM_UNIXTIME((SELECT d_scan FROM scans WHERE scan_rec_id = $old_scan_id), '%Y-%m-%d') AS Date_Old FROM scans WHERE scan_rec_id = $last_scan_id") or die (mysql_error());

	$date = mysql_fetch_assoc ($query_date);

	$body = "";
	$body ="
	<p>
	<hr>
	<br>
	<div align='center'><strong>Some diferences has been found between Today's Scan and Last Scan ($date[Date_Old]) &nbsp;(1)</strong></div>
	<br>
	<table style='text-align: left; width: 100%;' border='1' cellpadding='0' cellspacing='0'>
	<tbody>
	<tr>
	<th colspan='12' rowspan='1' style='vertical-align: middle; text-align: center; background-color: #FFCC66; width: 46px;'><big>Diferencies found in $hostname($ip)</big></th>
	</tr>
	<tr>
	<td rowspan='1' style='background-color: #D8D8D8; width: 8px;' align='center' valign='middle'>Alerts</td>
	<td colspan='5' rowspan='1' style='background-color: #D8D8D8; width: 46px;' align='center' valign='middle'>Old Scan ($date[Old])</td>
	<td style='vertical-align: middle; text-align: center; background-color: #A0A0A0; width: 5px;'></td>
	<td colspan='5' rowspan='1' style='background-color: #D8D8D8; width: 236px;' align='center' valign='middle'>Last Scan ($date[Last])<br></td>
	</tr>
	<tr>
	<td></td>
	<td colspan='2' rowspan='1' style='background-color: #FFCC66; text-align: center;'>OS</td>
	<td colspan='3' rowspan='1' style='background-color: #FFCC66; text-align: center;'>OS Generation</td>
	<td style='vertical-align: middle; text-align: center; background-color: #A0A0A0;'></td>
	<td colspan='2' rowspan='1' style='background-color: #FFCC66; text-align: center;'>OS</td>
	<td colspan='3' rowspan='1' style='background-color: #FFCC66; text-align: center;'>OS Generation</td>
	</tr>";

	$os_old_scan = mysql_fetch_array($result_os_old_scan, MYSQL_ASSOC);
	$os_last_scan = mysql_fetch_array($result_os_last_scan, MYSQL_ASSOC);

	if ($os_old_scan == $os_last_scan) {
		$message = "";
		$color = "#9BFF8E";
	} else {
		$message = "Changes";
		$color = "#FFA19E";

	}

	$body.="<tr><td style='text-align: center;'>$message&nbsp;</td>";

	mysql_data_seek($result_os_old_scan, 0);
	mysql_data_seek($result_os_last_scan, 0);

	while ($os_old_scan = mysql_fetch_array($result_os_old_scan, MYSQL_ASSOC)) {

		foreach ($os_old_scan as $os_old_scan_field => $os_old_scan_valor) {
			if ($os_old_scan_field == 'os_guessed'){
				$colspan = 2;
			} else {
				$colspan = 3;
			}
			$body.="<td style='background-color: #FFFDDD; text-align: center;' colspan='$colspan' rowspan='1'>$os_old_scan_valor&nbsp;</td>";
		}
	}
	
	$body.= "<td style='vertical-align: middle; text-align: center; background-color: #A0A0A0;'></td>";

	while ($os_last_scan = mysql_fetch_array($result_os_last_scan, MYSQL_ASSOC)) {
		foreach ($os_last_scan as $os_last_scan_field => $os_last_scan_valor) {
			if ($os_last_scan_field == 'os_guessed') {
				$colspan = 2;
			} else {
				$colspan = 3;
			}
			$body.="<td style='background-color: $color; text-align: center;' colspan='$colspan' rowspan='1'>$os_last_scan_valor&nbsp;</td>";
		}
	}

	$body.= "</tr><tr>
	<td style='background-color: #FFFDDD; width: 8px;' align='center' valign='middle'>&nbsp;</td>
	<td style='background-color: #FFCC66;' align='center' valign='middle'>Port</td>
	<td style='background-color: #FFCC66;' align='center' valign='middle'>Service</td>
	<td style='background-color: #FFCC66;' align='center' valign='middle'>Product</td>
	<td style='background-color: #FFCC66;' align='center' valign='middle'>Extra Info</td>
	<td style='background-color: #FFCC66;' align='center' valign='middle'>Version</td>
	<td style='vertical-align: middle; text-align: center; background-color: #A0A0A0;'></td>
	<td style='background-color: #FFCC66;' align='center' valign='middle'>Port</td>
	<td style='background-color: #FFCC66;' align='center' valign='middle'>Service</td>
	<td style='background-color: #FFCC66;' align='center' valign='middle'>Product</td>
	<td style='background-color: #FFCC66;' align='center' valign='middle'>Extra Info</td>
	<td style='background-color: #FFCC66;' align='center' valign='middle'>Version</td>
	</tr>
	";

	while ($old_scan = mysql_fetch_array($result_old_scan, MYSQL_ASSOC)) {
		$array_port[] = $old_scan['port'];
	}
	while ($last_scan = mysql_fetch_array($result_last_scan, MYSQL_ASSOC)) {
		$array_port[] = $last_scan['port'];
	}

	$array_ports = array_unique($array_port);
	sort($array_ports);

	foreach ($array_ports as $port) {
		$active_port = 0;
		
		mysql_data_seek($result_old_scan, 0);
		mysql_data_seek($result_last_scan, 0);
	
		while ($old_scan = mysql_fetch_array($result_old_scan, MYSQL_ASSOC)) {
			if ($port == $old_scan['port']) {
				foreach ($old_scan as $old_scan_field => $old_scan_valor) {
					$old_result = array ($old_scan['port'],$old_scan['service'],$old_scan['product'],$old_scan['extra_info'],$old_scan['port_version']);
				}
				$active_port = 1;
				break;
			} elseif ($port == 65536) {
				$old_result = array();
			}
		}
	
		while ($last_scan = mysql_fetch_array($result_last_scan, MYSQL_ASSOC)) {
			if ($port == $last_scan['port']) {
				foreach ($last_scan as $last_scan_field => $last_scan_valor) {
					$last_result = array ($last_scan['port'],$last_scan['service'],$last_scan['product'],$last_scan['extra_info'],$last_scan['port_version']);
				}
				$active_port = $active_port + 2;
				break;
			}
		}

		if ( $old_result == $last_result ) {
			#no change green
			$color = "#9BFF8E";
		} else {
			#change red
			$color = "#FFA19E";
		}
	
		$body.= "\t<tr>\n";
		if ($active_port == 3){
			if ($color == "#FFA19E"){
				$body.= "<td style='background-color: #FFFDDD; width: 8px;' align='center' valign='middle'>Changes&nbsp;</td>";
				$color = "#FFFF66";
			} else {
				$body.= "<td style='background-color: #FFFDDD; width: 8px;' align='center' valign='middle'>&nbsp;</td>";
			}
			foreach ($old_scan as $old_scan_field => $old_scan_valor) {
				$body.= "<td style='background-color: #FFFDDD; width: 8px;' align='center' valign='middle'>$old_scan_valor&nbsp;</td>";
			}
			$body.="<td style='vertical-align: middle; text-align: center; background-color: #A0A0A0;'></td>";
			foreach ($last_scan as $last_scan_field => $last_scan_valor) {
				$body.= "<td style='background-color: $color; width: 8px;' align='center' valign='middle'>$last_scan_valor&nbsp;</td>";
			}
		} elseif ($active_port == 2) {
			$body.= "<td style='background-color: #FFFDDD; width: 8px;' align='center' valign='middle'>New Port</td>";
			for ($i = 0; $i <= 4 ; $i++) {
				$body.="<td style='background-color: #FFFDDD; width: 8px;' align='center' valign='middle'>&nbsp;</td>";
			}
			$body.="<td style='vertical-align: middle; text-align: center; background-color: #A0A0A0;'></td>";
			foreach ($last_scan as $last_scan_field => $last_scan_valor) {
				$body.= "<td style='background-color: $color; width: 8px;' align='center' valign='middle'>$last_scan_valor&nbsp;</td>";
			}
		} elseif ($active_port == 1) {
			$body.= "<td style='background-color: #FFFDDD; width: 8px;' align='center' valign='middle'>Deleted</td>";
			foreach ($old_scan as $old_scan_field => $old_scan_valor) {
				$body.= "<td style='background-color: #FFFDDD; width: 8px;' align='center' valign='middle'>$old_scan_valor&nbsp;</td>";
			}
			$body.="<td style='vertical-align: middle; text-align: center; background-color: #A0A0A0;'></td>";
			for ($i = 0; $i <= 4 ; $i++) {
				$body.="<td style='background-color: $color; width: 8px;' align='center' valign='middle'>&nbsp;</td>";
			}
		} else {
			$body.= "<td style='background-color: #FFFDDD; width: 8px;' align='center' valign='middle'>Deleted</td>";
			for ($i = 0; $i <= 4 ; $i++) {
				$body.="<td style='background-color: $color; width: 8px;' align='center' valign='middle'>&nbsp;</td>";
			}
			$body.="<td style='vertical-align: middle; text-align: center; background-color: #A0A0A0;'></td>";
			for ($i = 0; $i <= 4 ; $i++) {
				$body.="<td style='background-color: $color; width: 8px;' align='center' valign='middle'>&nbsp;</td>";
			}
		}
			$body.= "\t</tr>\n";
	}
	$body.= "</tbody>
		</table>
		<p><strong>(1)</strong> Note that the compare table is showing all the differents found despite of the notification alerts activated for you. This is normal.";
	return $body;
}

function check_send_alert ($last_scan_id, $alerts_found) {

	$mail_array = "";

	foreach ($alerts_found as $port => $port_values) {
		foreach ($alerts_found["$port"] as $alert_found => $values) {
			list ($message, $old_value, $new_value) = $values;
			# Check if this alert_name has recipients
			$recipients = mysql_query("SELECT owners.email as email,send_alerts.object as object ,send_alerts.object_index as object_index FROM send_alerts,owners WHERE  send_alerts.alert_name = '$alert_found' AND send_alerts.owner_id = owners.owner_id") or die (mysql_error());
			while ($recipient = mysql_fetch_assoc($recipients)) {
				$email = $recipient['email'];
				# Ask for the apropiate identificator for the object.
				switch($recipient["object"]) {
				case "Host":
					$identificators = mysql_query("SELECT host_id FROM scans WHERE scan_rec_id = '$last_scan_id' ") or die (mysql_error());
					while ($identificator = mysql_fetch_assoc($identificators)) {
						if ($recipient["object_index"] == $identificator["host_id"]) {
							$mail_array["$email"]["$port"]["$alert_found"] = array("$message","$old_value","$new_value");
						}
					}
					break;
				case "Range":
					$identificators = mysql_query("SELECT range_id FROM scans WHERE scan_rec_id = '$last_scan_id' ") or die (mysql_error());
					while ($identificator = mysql_fetch_assoc($identificators)) {
						if ($recipient["object_index"] == $identificator["range_id"]) {
							$mail_array["$email"]["$port"]["$alert_found"] = array("$message","$old_value","$new_value");
						}
					}
					break;
				case "Sensor":
					$identificators = mysql_query("SELECT ranges.sensor_id FROM scans,ranges WHERE scans.range_id = ranges.range_id AND scan_rec_id = '$last_scan_id' ") or die (mysql_error());
					while ($identificator = mysql_fetch_assoc($identificators)) {
						if ($recipient["object_index"] == $identificator["sensor_id"]) {
							$mail_array["$email"]["$port"]["$alert_found"] = array("$message","$old_value","$new_value");
						}
					}
					break;
				case "god":
					$mail_array["$email"]["$port"]["$alert_found"] = array("$message","$old_value","$new_value");
					break;
				case "other":
					$mail_array["$email"]["$port"]["$alert_found"] = array("$message","$old_value","$new_value");
					break;
				default:
				}
				
				
			}
		}
	}
	return $mail_array;
}

function check_active_alert ($alert_name) {
	$query = mysql_query("SELECT 1 FROM alert_type WHERE alert_name = '$alert_name' and status = 'on' ") or die ('Querry failed: ' . mysql_error());
	if ($check_alert = mysql_fetch_row($query)) {
		return $check_alert;
	}
}

?>
Return current item: Cancerbero - The watchdog of the ports