Merge Dev into Master.

Opmantek · Dec 5, 2023 · 9dd12b4 · 9dd12b4
2 parents 792701b + a2f5638
commit 9dd12b4
Show file tree

Hide file tree

Showing 54 changed files with 2,275 additions and 211 deletions.
diff --git a/app/Config/Agents.php b/app/Config/Agents.php
@@ -0,0 +1,34 @@
+<?php
+# Copyright © 2023 FirstWave. All Rights Reserved.
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+declare(strict_types=1);
+
+namespace App\Controllers;
+
+/**
+ * PHP version 7.4
+ *
+ * @category  Controller
+ * @package   Open-AudIT\Controller
+ * @author    Mark Unwin <[email protected]>
+ * @copyright 2023 FirstWave
+ * @license   http://www.gnu.org/licenses/agpl-3.0.html aGPL v3
+ * @version   GIT: Open-AudIT_5.0.0
+ * @link      http://www.open-audit.org
+ */
+
+/**
+ * Base Object Agents
+ *
+ * @access   public
+ * @category Object
+ * @package  Open-AudIT\Controller\Agents
+ * @author   Mark Unwin <[email protected]>
+ * @license  http://www.gnu.org/licenses/agpl-3.0.html aGPL v3
+ * @link     http://www.open-audit.org
+ */
+class Agents extends BaseController
+{
+
+}
diff --git a/app/Config/App.php b/app/Config/App.php
@@ -18,7 +18,8 @@ class App extends BaseConfig
      *    http://example.com/
      */
     # public string $baseURL = 'http://localhost:8080/';
-    public string $baseURL = BASEURL;
+    # public string $baseURL = BASEURL;
+    public string $baseURL = '';
 
     /**
      * Allowed Hostnames in the Site URL other than the hostname in the baseURL.
@@ -447,4 +448,30 @@ class App extends BaseConfig
      * @see http://www.w3.org/TR/CSP/
      */
     public bool $CSPEnabled = true;
+
+    public function __construct()
+    {
+        // Dynamically set our baseURL
+        $this->baseURL = 'http://';
+        if (isset($_SERVER['HTTPS']) && !empty($_SERVER['HTTPS'])) {
+            $this->baseURL = 'https://';
+        }
+        if (!empty($_SERVER['SERVER_NAME'])) {
+            $this->baseURL .= $_SERVER['SERVER_NAME'];
+        } else {
+            $this->baseURL .= 'localhost';
+        }
+        if (!empty($_SERVER['SERVER_PORT']) and $_SERVER['SERVER_PORT'] != '80' and $_SERVER['SERVER_PORT'] != '443') {
+            $this->baseURL .= ':' . $_SERVER['SERVER_PORT'];
+        }
+        $this->baseURL .= str_replace('index.php', '', $_SERVER['SCRIPT_NAME']);
+        if (is_cli()) {
+            $this->baseURL = 'http://localhost/';
+        }
+
+        # Set CPSEnabled depending on environment
+        if (!empty($_SERVER['CI_ENVIRONMENT']) and $_SERVER['CI_ENVIRONMENT'] === 'development') {
+            $this->CSPEnabled = false;
+        }
+    }
 }
diff --git a/app/Config/Boot/development.php b/app/Config/Boot/development.php
@@ -7,6 +7,8 @@
  | In development, we want to show as many errors as possible to help
  | make sure they don't make it to production. And save us hours of
  | painful debugging.
+ |
+ | If you set 'display_errors' to '1', CI4's detailed error report will show.
  */
 error_reporting(-1);
 ini_set('display_errors', '1');

diff --git a/app/Config/Boot/production.php b/app/Config/Boot/production.php
@@ -6,8 +6,10 @@
  |--------------------------------------------------------------------------
  | Don't show ANY in production environments. Instead, let the system catch
  | it and display a generic error message.
+ |
+ | If you set 'display_errors' to '1', CI4's detailed error report will show.
  */
-ini_set('display_errors', 'Off');
+ini_set('display_errors', '0');
 error_reporting(E_ALL & ~E_NOTICE & ~E_DEPRECATED & ~E_STRICT & ~E_USER_NOTICE & ~E_USER_DEPRECATED);
 
 /*

diff --git a/app/Config/Boot/testing.php b/app/Config/Boot/testing.php
@@ -1,5 +1,11 @@
 <?php
 
+/*
+ * The environment testing is reserved for PHPUnit testing. It has special
+ * conditions built into the framework at various places to assist with that.
+ * You can’t use it for your development.
+ */
+
 /*
  |--------------------------------------------------------------------------
  | ERROR DISPLAY

diff --git a/app/Config/Filters.php b/app/Config/Filters.php
@@ -15,8 +15,9 @@ class Filters extends BaseConfig
      * Configures aliases for Filter classes to
      * make reading things nicer and simpler.
      *
-     * @var array<string, string>
-     * @phpstan-var array<string, class-string>
+     * @var array<string, array<int, string>|string> [filter_name => classname]
+     *                                               or [filter_name => [classname1, classname2, ...]]
+     * @phpstan-var array<string, class-string|list<class-string>>
      */
     public array $aliases = [
         'csrf'          => CSRF::class,

diff --git a/app/Config/Migrations.php b/app/Config/Migrations.php
@@ -25,9 +25,7 @@ class Migrations extends BaseConfig
      *
      * This is the name of the table that will store the current migrations state.
      * When migrations runs it will store in a database table which migration
-     * level the system is at. It then compares the migration level in this
-     * table to the $config['migration_version'] if they are not the same it
-     * will migrate up. This must be set.
+     * files have already been run.
      */
     public string $table = 'migrations';
 

diff --git a/app/Config/OpenAudit.php b/app/Config/OpenAudit.php
@@ -12,8 +12,8 @@ class OpenAudit extends BaseConfig
 {
     public function __construct()
     {
-        $this->appVersion = 20231130;
-        $this->displayVersion = '5.0.1';
+        $this->appVersion = 20231207;
+        $this->displayVersion = '5.0.2';
         $this->microtime = microtime(true);
 
         $commercial_dir = array(APPPATH . '../../omk',
@@ -180,7 +180,7 @@ public function __construct()
         $opLicense = $this->commercial_dir . "/bin/oplicense-cli.pl";
         $modules[] = (object)array("name" => "Applications",  "url" => (file_exists($this->commercial_dir)) ? "/omk"                  : "");
         $modules[] = (object)array("name" => "opCharts",      "url" => (in_array('opCharts',  $apps)) ? "/omk/opCharts"         : "https://firstwave.com/products/interactive-dashboards-and-charts/");
-        $modules[] = (object)array("name" => "opEvents",      "url" => (in_array('opEvents',  $apps)) ? "/omk/opEvents/"        : "https://firstwave.com/opevents-traps-network-event-management/");
+        $modules[] = (object)array("name" => "opEvents",      "url" => (in_array('opEvents',  $apps)) ? "/omk/opEvents/"        : "https://firstwave.com/products/centralized-log-and-event-management/");
         $modules[] = (object)array("name" => "opConfig",      "url" => (in_array('opConfig',  $apps)) ? "/omk/opConfig"         : "https://firstwave.com/products/network-configuration-management/");
         $modules[] = (object)array("name" => "opHA",          "url" => (in_array('opHA',      $apps)) ? "/omk/opHA"             : "https://firstwave.com/products/distributed-network-management/");
         $modules[] = (object)array("name" => "opReports",     "url" => (in_array('opReports', $apps)) ? "/omk/opReports/"       : "https://firstwave.com/products/advanced-analysis-and-reporting/");

diff --git a/app/Config/Routes.php b/app/Config/Routes.php
@@ -14,7 +14,7 @@
  * --------------------------------------------------------------------
  */
 
-$collections = array('applications','attributes','baselines','baselines_policies','baselines_results','clouds','clusters','collectors', 'components',
+$collections = array('agents','applications','attributes','baselines','baselines_policies','baselines_results','clouds','clusters','collectors', 'components',
 'configuration','connections','credentials','dashboards','devices','discoveries','discovery_log','discovery_scan_options','errors','fields','files',
 'groups','integrations','ldap_servers','licenses','locations','maps','networks','nmis','orgs','queries','queue','racks','rack_devices','reports','roles',
 'rules','scripts','summaries','support','tasks','users','widgets');
@@ -24,6 +24,8 @@
 
 # These will match and then take precedence over the below route array
 
+$routes->post('agents/execute', 'Agents::execute', ['as' => 'agentsExecuteAll']);
+
 $routes->get('baselines/(:num)/execute', 'Baselines::executeForm/$1', ['filter' => \App\Filters\Session::class, 'as' => 'baselinesExecuteForm']);
 $routes->post('baselines/(:num)/execute', 'Baselines::execute/$1', ['filter' => \App\Filters\Session::class, 'as' => 'baselinesExecute']);
 

diff --git a/app/Config/View.php b/app/Config/View.php
@@ -5,6 +5,10 @@
 use CodeIgniter\Config\View as BaseView;
 use CodeIgniter\View\ViewDecoratorInterface;
 
+/**
+ * @phpstan-type ParserCallable (callable(mixed): mixed)
+ * @phpstan-type ParserCallableString (callable(mixed): mixed)&string
+ */
 class View extends BaseView
 {
     /**
@@ -30,7 +34,8 @@ class View extends BaseView
      *  { title|esc(js) }
      *  { created_on|date(Y-m-d)|esc(attr) }
      *
-     * @var array
+     * @var array<string, string>
+     * @phpstan-var array<string, ParserCallableString>
      */
     public $filters = [];
 
@@ -39,7 +44,8 @@ class View extends BaseView
      * by the core Parser by creating aliases that will be replaced with
      * any callable. Can be single or tag pair.
      *
-     * @var array
+     * @var array<string, array<string>|callable|string>
+     * @phpstan-var array<string, array<ParserCallableString>|ParserCallableString|ParserCallable>
      */
     public $plugins = [];
 

diff --git a/app/Controllers/Cli.php b/app/Controllers/Cli.php
@@ -91,14 +91,57 @@ public function executeTasks()
         if (empty($config->enterprise_binary)) {
             return;
         }
+
+        // # Perform some directory permissions fixing
+
+        // # Lang Files
+        // chmod(ROOTPATH . 'app/Views/lang/cs.inc', 0666);
+        // chmod(ROOTPATH . 'app/Views/lang/de.inc', 0666);
+        // chmod(ROOTPATH . 'app/Views/lang/en.inc', 0666);
+        // chmod(ROOTPATH . 'app/Views/lang/es.inc', 0666);
+        // chmod(ROOTPATH . 'app/Views/lang/fr.inc', 0666);
+        // chmod(ROOTPATH . 'app/Views/lang/pt-br.inc', 0666);
+        // chmod(ROOTPATH . 'app/Views/lang/zh-tw.inc', 0666);
+
+        // # Other Dir
+        // chmod(ROOTPATH . 'other', 0777);
+
+        // # Scripts Dir
+        // chmod(ROOTPATH . 'other/scripts', 0777);
+
+        // # Attachments Dir
+        // chmod(ROOTPATH . 'app/Attachments', 0777);
+
+        // # Uploads Dir
+        // chmod(ROOTPATH . 'writable/uploads', 0777);
+
+        // # Cache Dir
+        // chmod(ROOTPATH . 'writable/cache', 0777);
+
+        // # Logs Dir
+        // chmod(ROOTPATH . 'writable/logs', 0777);
+
+        // # Session Dir
+        // chmod(ROOTPATH . 'writable/session', 0777);
+
+        // # DebugBar Dir
+        // chmod(ROOTPATH . 'writable/debugbar', 0777);
+
+        // # Custom Images Dir
+        // if (php_uname('s') === 'Linux') {
+        //     chmod(ROOTPATH . 'public/custom_images', 0777);
+        // }
+
+        // # Custom Images Dir
+        // if (php_uname('s') === 'Windows NT') {
+        //     chmod(ROOTPATH . '../htdocs/open-audit/custom_images', 0777);
+        // }
+
         $response = new stdClass();
         $response->meta = new stdClass();
         $response->meta->collection = 'tasks';
         $response->meta->action = 'execute';
-        $response->meta->uuid = $config->uuid;
-
-        # echo json_encode($response) . "\n";
-
+        $response->meta->uuid = $this->config->uuid;
         $db = db_connect() or die("Cannot establish a database connection.");
         // Insert the entry
         $sql = "INSERT INTO enterprise VALUES (null, ?, '', NOW(), '')";

diff --git a/app/Controllers/Logon.php b/app/Controllers/Logon.php
@@ -65,13 +65,6 @@ public function create()
             $password = $_SERVER['HTTP_PASSWORD'];
         }
 
-        if (empty($username) or empty($password)) {
-            # set flash need creds
-            $session->setFlashdata('flash', '{"level":"danger", "message":"Credentials required"}');
-            log_message('error', '{"level":"danger", "message":"Credentials required"}');
-            return redirect()->to(site_url('logon'));
-        }
-
         $http_accept = (!empty($_SERVER['HTTP_ACCEPT'])) ? $_SERVER['HTTP_ACCEPT'] : '';
         $format = '';
         if (strpos($http_accept, 'application/json') !== false) {
@@ -90,6 +83,17 @@ public function create()
             $format = 'json';
         }
 
+        if (empty($username) or empty($password)) {
+            # set flash need creds
+            $session->setFlashdata('flash', '{"level":"danger", "message":"Credentials required"}');
+            log_message('error', '{"level":"danger", "message":"Credentials required"}');
+            if ($format === 'html') {
+                return redirect()->to(site_url('logon'));
+            }
+            header('HTTP/1.0 401 Unauthorized');
+            echo '{"message":"Credentials required"}';
+        }
+
         $user = $logonModel->logon($username, $password);
         if ($user) {
             log_message('info', 'Valid credentials for ' . $username . ' from ' . @$this->request->getIPAddress());
@@ -118,7 +122,11 @@ public function create()
             exit;
         }
         log_message('info', 'Invalid credentials for ' . $username . ' from ' . @$this->request->getIPAddress());
-        return redirect()->to(site_url('logon'));
+        if ($format === 'html') {
+            return redirect()->to(site_url('logon'));
+        }
+        header('HTTP/1.0 401 Unauthorized');
+        echo '{"message":"Credentials required"}';
     }
 
     public function delete()

diff --git a/app/Helpers/discoveries_helper.php b/app/Helpers/discoveries_helper.php
@@ -1346,9 +1346,14 @@ function ip_audit($ip_scan = null)
         if (!empty($credentials_windows) or ! empty($credentials_ssh)) {
             $temp = $instance->scriptsModel->build(strtolower($device->os_group));
             if (empty($temp)) {
-                $log->message = 'Could not retrieve audit script for ' . strtolower($device->os_group) . ', check system log for details.';
-                $log->command_status = 'fail';
+                $log->command_output = 'Could not retrieve audit script for ' . strtolower($device->os_group) . ', check ' . ROOTPATH . 'other/scripts is writable.';
+                $log->command_status = 'issue';
                 $log->severity = 4;
+                if (php_uname('s') === 'Linux') {
+                    $command_string = 'stat ' . ROOTPATH . 'other/scripts';
+                    exec($command_string, $output, $return_var);
+                    $log->command = $command_string . ' : ' . json_encode($output);
+                }
                 $discoveryLogModel->create($log);
                 $log->command_status = 'notice';
                 $log->severity = 7;
@@ -1778,11 +1783,12 @@ function ip_audit($ip_scan = null)
 
         // Run our rules to update the device attributes
         if (!empty($audit)) {
-            log_message('debug', 'rulesModel::execute::return because audit script result exists');
+            log_message('debug', 'rulesModel::execute::return because audit script result exists for ' . $device->ip);
             $instance->rulesModel->execute($audit->system, intval($discovery->id), 'return', intval($audit->system->id));
         } else {
-            log_message('debug', 'rulesModel::execute::update because audit script result does not exist');
-            $instance->rulesModel->execute(null, intval($discovery->id), 'update', intval($device->id));
+            log_message('debug', 'rulesModel::execute::update because audit script result does not exist for ' . $device->ip);
+            # $instance->rulesModel->execute(null, intval($discovery->id), 'update', intval($device->id));
+            $instance->rulesModel->execute($device, intval($discovery->id), 'update', intval($device->id));
         }
 
         if (!empty($audit)) {

diff --git a/app/Helpers/response_helper.php b/app/Helpers/response_helper.php
@@ -426,7 +426,7 @@ function response_create($instance = null)
         $permission_requested = $response->meta->permission_requested;
         if (!empty($config->enterprise_binary) and $db->tableExists('enterprise')) {
             // TODO - fix this
-            if (($response->meta->collection === 'rules' or $response->meta->collection === 'roles') and $response->meta->action === 'update') {
+            if (($response->meta->collection === 'agents' or $response->meta->collection === 'rules' or $response->meta->collection === 'roles') and $response->meta->action === 'update') {
                 $received_data = $response->meta->received_data;
                 $response->meta->received_data = array();
             }
@@ -493,7 +493,7 @@ function response_create($instance = null)
             if (empty($r)) {
                 \Config\Services::session()->setFlashdata('error', 'There is an issue with Enterprise functionality. Please contact <a target="_blank" href="https://firstwave.com">FirstWave</a> for support.');
                 log_message('error', 'Could not decode JSON response from enterprise.');
-                log_message('error', $result[0]->response);
+                log_message('error', "Response: " . @$result[0]->response . "\n");
             }
             $response->meta->permission_requested = $permission_requested;
             if (!empty($response->meta->license)) {
@@ -511,7 +511,7 @@ function response_create($instance = null)
             }
 
             // TODO - fix this
-            if (($response->meta->collection === 'rules' or $response->meta->collection === 'roles') and $response->meta->action === 'update') {
+            if (($response->meta->collection === 'agents' or $response->meta->collection === 'rules' or $response->meta->collection === 'roles') and $response->meta->action === 'update') {
                 $response->meta->received_data = $received_data;
             }
             if ($response->meta->collection === 'search' and $response->meta->action === 'create') {
@@ -1504,7 +1504,7 @@ function response_valid_actions()
      */
     function response_valid_collections()
     {
-        return array('applications','attributes','baselines','baselines_policies','baselines_results','chart','clouds','clusters','collectors','components','configuration','connections','credentials','dashboards','database','devices','discoveries','discovery_log','discovery_scan_options','errors','fields','files','groups','help','integrations','integrations_log','integrations_rules','ldap_servers','licenses','locations','logs','maps','networks','nmis','orgs','queries','queue','racks','rack_devices','reports','roles','rules','scripts','search','sessions','summaries','support','tasks','users','widgets');
+        return array('agents','applications','attributes','baselines','baselines_policies','baselines_results','chart','clouds','clusters','collectors','components','configuration','connections','credentials','dashboards','database','devices','discoveries','discovery_log','discovery_scan_options','errors','fields','files','groups','help','integrations','integrations_log','integrations_rules','ldap_servers','licenses','locations','logs','maps','networks','nmis','orgs','queries','queue','racks','rack_devices','reports','roles','rules','scripts','search','sessions','summaries','support','tasks','users','widgets');
     }
 }
 

diff --git a/app/Helpers/snmp_10892_helper.php b/app/Helpers/snmp_10892_helper.php
@@ -0,0 +1,15 @@
+<?php
+# Copyright © 2023 FirstWave. All Rights Reserved.
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+declare(strict_types=1);
+
+# Vendor Gemtek Systems Holding
+
+$get_oid_details = function ($ip, $credentials, $oid) {
+    $details = new \StdClass();
+    $details->type = 'unknown';
+    $details->model = my_snmp_get($ip, $credentials, "1.3.6.1.4.1.10529.300.1.3.1.0");
+    $details->serial = my_snmp_get($ip, $credentials, "1.3.6.1.4.1.10529.300.1.3.5.0");
+    return($details);
+};