NathanGibbs3/BASE | Build 876 | setup/base_conf_contents.php | Coveralls

1

<?php

2

/*******************************************************************************

3

** Basic Analysis and Security Engine (BASE)

4

** Copyright (C) 2004 BASE Project Team

5

** Copyright (C) 2000 Carnegie Mellon University

6

**

7

** (see the file 'base_main.php' for license details)

8

**

9

** Project Leads: Kevin Johnson <kjohnson@secureideas.net>

10

** Built upon work by Roman Danyliw <rdd@cert.org>, <roman@danyliw.com>

11

**

12

** Purpose: Vanilla Config file used for the setup program

13

********************************************************************************

14

** Authors:

15

********************************************************************************

16

** Kevin Johnson <kjohnson@secureideas.net

17

**

18

********************************************************************************

19

*/

20

21

// Ensure the conf file has been loaded.  Prevent direct access to this file.

23

24

function returnContents()

25

26

    GLOBAL $language, $useauth, $adodb, $chartlib, $uri, $dbtype, $dbhost,

27

        $dbport, $dbname, $dbusername, $dbpasswd, $arcdbexists, $arcdbhost,

28

        $arcdbport, $arcdbname, $arcdbusername, $arcdbpasswd;

29

31

/*******************************************************************************

32

** Basic Analysis and Security Engine (BASE)

33

** Copyright (C) 2004 BASE Project Team

34

** Copyright (C) 2000 Carnegie Mellon University

35

**

36

** (see the file "base_main.php" for license details)

37

**

38

** Project Leads: Kevin Johnson <kjohnson@secureideas.net>

39

** Built upon work by Roman Danyliw <rdd@cert.org>, <roman@danyliw.com>

40

**

41

** Purpose: Vanilla Config file

42

********************************************************************************

43

** Authors:

44

********************************************************************************

45

** Kevin Johnson <kjohnson@secureideas.net

46

**

47

********************************************************************************

48

*/

49

    $BASE_VERSION = \'1.4.5 (lilias)\';

50

51

/*

52

     Set the below to the language you would like people to use while viewing

53

     your install of BASE.

54

*/

55

    $BASE_Language = \''.$language.'\';

56

57

/*

58

     Set the $Use_Auth_System variable to 1 if you would like to force users to

59

     authenticate to use the system.  Only turn this off if the system is not

60

     accessible to the public or the network at large.  i.e. a home user testing it

61

     out!

62

*/

63

64

    $Use_Auth_System = '.$useauth.';

65

66

/*

67

     Set the below to 0 to remove the links from the display of alerts.

68

*/

69

    $BASE_display_sig_links = 1;

70

71

/*

72

     Set the base_urlpath to the url location that is the root of your BASE install.

73

     This must be set for BASE to function! Do not include a trailing slash!

74

     But also put the preceding slash. e.g. Your URL is http://127.0.0.1/base

75

     set this to /base

76

77

*/

78

    $BASE_urlpath = \''. $uri .'\';

79

80

    /* Unique BASE ID.  The below variable, if set, will append its value to the

81

     * title bar of the browser.  This is for people who manage multiple installs

82

     * of BASE and want a simple way to differentiate them on the task bar.

83

*/

84

85

    $BASE_installID = \'\';

86

87

/*

88

     * Create a unique cookie name for each BASE installation.

89

*/

90

91

    $sessionName = str_replace(\' \', \'_\', $BASE_installID . session_name());

92

    session_name($sessionName);

93

94

session_start(); // Interim Fix for Issue #143

95

96

// Name of custom footer file.

97

// If set, will cause BASE to include the specified file as a custom footer to

98

// the main page.  The custom footer file must:

99

// 1. Be located in the /custom directory.

100

// 2. End with an .html or .htm extension.

101

// 3. Not be owned by root.

102

// 4. Be readable.

103

// A sample custom footer file is in the contrib directory

104

105

$base_custom_footer = \'\';

106

107

    /* Path to the DB abstraction library

108

     *  (Note: DO NOT include a trailing backslash after the directory)

109

     *   e.g. $foo = \'/tmp\'      [OK]

110

     *        $foo = \'/tmp/\'     [OK]

111

     *        $foo = \'c:\tmp\'    [OK]

112

     *        $foo = \'c:\tmp\\\'   [WRONG]

113

*/

114

    $DBlib_path = \'' . $adodb .'\';

115

116

    /* The type of underlying alert database

117

118

     *  MySQL       : \'mysql\'

119

     *  PostgresSQL : \'postgres\'

120

     *  MS SQL Server : \'mssql\'

121

     *  Oracle      : \'oci8\'

122

*/

123

    $DBtype = \''. $dbtype .'\';

124

125

    /* Alert DB connection parameters

126

     *   - $alert_dbname   : MySQL database name of Snort alert DB

127

     *   - $alert_host     : host on which the DB is stored

128

     *   - $alert_port     : port on which to access the DB

129

     *   - $alert_user     : login to the database with this user

130

     *   - $alert_password : password of the DB user

131

132

     *  This information can be gleaned from the Snort database

133

     *  output plugin configuration.

134

*/

135

    $alert_dbname   = \''. $dbname .'\';

136

    $alert_host     = \''. $dbhost .'\';

137

    $alert_port     = \''. $dbport .'\';

138

    $alert_user     = \''. $dbusername .'\';

139

    $alert_password = \''. $dbpasswd .'\';

140

141

    /* Archive DB connection parameters */

142

    $archive_exists   = \''. $arcdbexists .'\'; # Set this to 1 if you have an archive DB

143

    $archive_dbname   = \''. $arcdbname .'\';

144

    $archive_host     = \''. $arcdbhost .'\';

145

    $archive_port     = \''. $arcdbport .'\';

146

    $archive_user     = \''. $arcdbusername .'\';

147

    $archive_password = \''. $arcdbpasswd .'\';

148

149

    /* Type of DB connection to use

150

     *   1  : use a persistant connection (pconnect)

151

     *   2  : use a normal connection (connect)

152

*/

153

    $db_connect_method = 1;

154

155

    /* Use referential integrity

156

     *   1  : use

157

     *   0  : ignore (not installed)

158

159

     * Note: Only PostgreSQL and MS-SQL Server databases support

160

     *       referential integrity.  Use the associated

161

     *       create_acid_tbls_?_extra.sql script to add this

162

     *       functionality to the database.

163

164

     *       Referential integrity will greatly improve the

165

     *       speed of record deletion, but also slow record

166

     *       insertion.

167

*/

168

                $use_referential_integrity = 0;

169

170

                /* SMTP Email Alert action

171

172

     * Requires the Pear-Mail package to be installed like so:

173

174

     * # pear install --alldeps mail

175

176

177

     * - action_email_smtp_host : Which smtp server to use

178

     * - action_email_smtp_localhost : What name to use for this server in the

179

     *   SMTP HELO statement. You will likely need to replace this with the name

180

     *   of the machine running BASE when connecting to a remote mail server.

181

     * - action_email_smtp_auth : Whether or not to authenticate with

182

     *                            the smtp server

183

     *     0: We do NOT authenticate ourselves towards the smtp host

184

     *     1: We DO authenticate ourselves towards the smtp host

185

     *        with the following credentials:

186

     * - action_email_smtp_user : The user name with the smtp host

187

     * - action_email_smtp_pw : The password for this mail account

188

     * - action_email_from : email address to use in the FROM field of the mail message

189

     *                       MUST be the same email address as used for the SMTP account

190

     * - action_email_subject : subject to use for the mail message

191

     * - action_email_msg : additional text to include in the body of the mail message

192

     * - action_email_mode : specifies how the alert information should be enclosed

193

     *     0 : all emailed alerts should be in the body of the message

194

     *     1 : all emailed alerts should be enclosed in an attachment

195

*/

196

     $action_email_smtp_host = \'smtp.example.com\';

197

     $action_email_smtp_localhost = \'localhost\';

198

     $action_email_smtp_auth = 1;

199

     $action_email_smtp_user = \'username\';

200

     $action_email_smtp_pw = \'password\';

201

     $action_email_from = \'smtpuser@example.com\';

202

     $action_email_subject = \'BASE Incident Report\';

203

     $action_email_msg = \'\';

204

     $action_email_mode = 0;

205

206

                /* Variable to start the ability to handle themes... */

207

                $base_style = \'base_style.css\';

208

209

                /* Chart default colors - (red, green, blue)

210

                 *    - $chart_bg_color_default    : background color of chart

211

                 *    - $chart_lgrid_color_default : gridline color of chart

212

                 *    - $chart_bar_color_default   : bar/line color of chart

213

*/

214

                $chart_bg_color_default     = array(255,255,255);

215

                $chart_lgrid_color_default  = array(205,205,205);

216

                $chart_bar_color_default    = array(190, 5, 5);

217

218

                /* Maximum number of rows per criteria element */

219

                $MAX_ROWS = 10;

220

221

                /* Number of rows to display for any query results */

222

                $show_rows = 48;

223

224

                /* Number of items to return during a snapshot

225

                 *  Last _X_ # of alerts/unique alerts/ports/IP

226

*/

227

                $last_num_alerts = 15;

228

                $last_num_ualerts = 15;

229

                $last_num_uports = 15;

230

                $last_num_uaddr = 15;

231

232

                /* Number of items to return during a snapshot

233

                 *  Most Frequent unique alerts/IPs/ports

234

*/

235

                $freq_num_alerts = 5;

236

                $freq_num_uaddr = 15;

237

                $freq_num_uports = 15;

238

239

                /* Number of scroll buttons to use when displaying query results */

240

                $max_scroll_buttons = 12;

241

242

                /* Debug mode     - how much debugging information should be shown

243

                 * Timing mode    - display timing information

244

                 * SQL trace mode - log SQL statements

245

                 *   0 : no extra information

246

                 *   1 : debugging information

247

                 *   2 : extended debugging information

248

249

                 * HTML no cache - whether a no-cache directive should be sent

250

                 *                 to the browser (should be = 1 for IE)

251

252

                 * SQL trace file - file to log SQL traces

253

*/

254

                $debug_mode = 0;

255

                $debug_time_mode = 1;

256

                $html_no_cache = 1;

257

                $sql_trace_mode = 0;

258

                $sql_trace_file = \'\';

259

260

                /* Auto-Screen refresh

261

                 * - Refresh_Stat_Page - Should certain statistics pages refresh?

262

                 * - refresh_all_pages - Should all the pages trigger the http refresh,

263

                 *                       as well?

264

                 *                       0: No, they should not.

265

                 *                       1: Yes, even these pages should refresh.

266

                 * - Stat_Page_Refresh_Time - refresh interval (in seconds)

267

*/

268

                $refresh_stat_page = 1;

269

                $refresh_all_pages = 0;

270

                $stat_page_refresh_time = 180;

271

272

                /* Display First/Previous/Last timestamps for alerts or

273

                 * just First/Last on the Unique Alert listing.

274

                 *    1: yes

275

                 *    0: no

276

*/

277

                $show_previous_alert = 0;

278

279

                /* Sets maximum execution time (in seconds) of any particular page.

280

                 * Note: this overrides the PHP configuration file variable

281

                 *       max_execution_time.  Thus script can run for a total of

282

                 *       ($max_script_runtime + max_execution_time) seconds

283

*/

284

                $max_script_runtime = 180;

285

286

    /* How should the IP address criteria be entered in the Search screen?

287

     *   1 : each octet is a separate field

288

     *   2 : entire address is as a single field

289

*/

290

    $ip_address_input = 2;

291

292

    /* Should a combo box with possible signatures be displayed on the

293

     * search form. (Requires Javascript)

294

     *   0 : disabled

295

     *   1 : show only non pre-processor signatures (e.g., ignore portscans)

296

     *   2 : show all signatures

297

*/

298

    $use_sig_list = 0;

299

300

    /* Resolve IP to FQDN (on certain queries?)

301

     *    1 : yes

302

     *    0 : no

303

*/

304

    $resolve_IP = 0;

305

306

    /* automatically expand the IP Criteria and Payload Criteria sections on the Search screen?)

307

     *    1 : yes

308

     *    0 : no - you need to click on them to see them

309

*/

310

    $show_expanded_query = 0;

311

312

    /* Should summary stats be calculated on every Query Results page

313

     * (Enabling this option will slow page loading time)

314

*/

315

    $show_summary_stats = 0;

316

317

    /* DNS cache lifetime (in minutes) */

318

    $dns_cache_lifetime = 20160;

319

320

    /* Whois information cache lifetime (in minutes) */

321

    $whois_cache_lifetime = 40320;

322

323

    /* Snort spp_portscan log file */

324

    $portscan_file = \'\';

325

326

    /* Show part of portscan payload in signature */

327

    $portscan_payload_in_signature = \'1\';

328

329

    /* Event cache Auto-update

330

331

     *  Should the event cache be verified and updated on every

332

     *  page log?  Otherwise, the cache will have to be explicitly

333

     *  updated from the \'cache and status\' page.

334

335

     *  Note: enabling this option could substantially slow down

336

     *  the page loading time when there are many uncached alerts.

337

     *  However, this is only a one-time penalty.

338

339

     *   1 : yes

340

     *   0 : no

341

*/

342

    $event_cache_auto_update = 1;

343

344

    /* Maintain a history of the visited pages so that the \'Back\'

345

     * button can be used.

346

347

     * Note: Enabling this option will cause the PHP-session to

348

     * grow substantially after many pages have been viewed causing

349

     * a slow down in page loading time. Periodically return to the

350

     * main page to clear the history.

351

352

     *   1 : yes

353

     *   0 : no

354

*/

355

    $maintain_history = 1;

356

357

    /* Level of detail to display on the main page.

358

359

     * Note: The presence of summary statistics will slow page loading time

360

361

     *   1 : show both the links and summary statistics

362

     *   0 : show only the links and a count of the number of alerts

363

*/

364

    $main_page_detail = 1;

365

366

    /* avoid count(*) whenever possible

367

368

     * Note: On some databases (e.g., postgres) this can greatly increase

369

     * performance if you have a large number of events. On other databases

370

     * (e.g., mysql) this will have little to no effect. Enabling this

371

     * option will prevent the number of events in the database from being

372

     * shown on the main screen and will remove the percentages associated

373

     * with the number of events on the alert screen.

374

*/

375

    $avoid_counts = 0;

376

377

    /* show links to first/last/previous event on alert screen

378

379

     * Note: Enabling this can slow down loading of the alert screen on large

380

     * databases

381

*/

382

    $show_first_last_links = 0;

383

384

/*

385

     * External URLs

386

*/

387

388

    /* Whois query */

389

    $external_whois_link = \'http://www.dnsstuff.com/tools/whois.ch?ip=\';

390

391

392

                /* Local whois */

393

                /* IP addresses of whois servers. Updated on Jan, 6th 2019.

394

395

                 * Name:                whois.arin.net

396

                 * Addresses:        199.212.0.46

397

398

                 * Name:                whois.apnic.net

399

                 * Address:                23.239.6.76

400

401

                 * Name:                whois.ripe.net

402

                 * Address:                193.0.6.135

403

404

                 * Name:                whois.nic.ad.jp

405

                 * Address:                192.41.192.40

406

407

                 * Name:                whos.afrinic.net

408

                 * Address:                196.216.2.21

409

410

                 * Name:                whos.lannic.net

411

                 * Address:                200.3.14.10

412

*/

413

414

$arin_ip  = "199.212.0.46";

415

$apnic_ip = "23.239.6.76";

416

$ripe_ip  = "193.0.6.135";

417

$jnic_ip  = "192.41.192.40";

418

$afrinic_ip = "196.216.2.21";

419

$lacnic_ip = "200.3.14.10";

420

421

422

     /* DNS query */

423

    $external_dns_link = \'http://www.dnsstuff.com/tools/ptr.ch?ip=\';

424

425

    /* SamSpade \'all\' query */

426

    $external_all_link = \'http://www.whois.sc/\';

427

428

// TCP/UDP port database

429

$external_port_link = array(

430

        \'sans\'     => \'https://isc.sans.edu/data/port.html?port=\'

431

);

432

433

    /* Signature references */

434

    $external_sig_link = array(\'bugtraq\'   => array(\'http://www.securityfocus.com/bid/\', \'\'),

435

                               \'snort\'     => array(\'https://snort.org/rule_docs/\', \'\'),

436

                               \'cve\'       => array(\'http://cve.mitre.org/cgi-bin/cvename.cgi?name=\', \'\'),

437

                               \'arachnids\' => array(\'http://www.whitehats.com/info/ids\', \'\'),

438

                               \'mcafee\'    => array(\'http://vil.nai.com/vil/content/v_\', \'.htm\'),

439

                               \'icat\'      => array(\'http://icat.nist.gov/icat.cfm?cvename=CAN-\', \'\'),

440

                               \'nessus\'    => array(\'http://www.nessus.org/plugins/index.php?view=single&amp;id=\', \'\'),

441

                               \'url\'       => array(\'http://\', \'\'),

442

                               \'local\'     => array(\'signatures/\', \'.txt\'),

443

                               \'local_rules_dir\' => array(\'rules/\', \'.rules\'),

444

                               \'EmThreats\'  => array(\'http://docs.emergingthreats.net/\', \'\'));

445

446

447

    /* Custom (user) PHP session handlers

448

449

     * - use_user_session : sets whether user PHP session can be used (configured

450

     *                      with the session.save_handler variable in php.ini)

451

     *      0 : no

452

     *      1 : yes (assuming that \'user_session_path\' and \'user_session_function\'

453

     *               are configured correctly)

454

     * - user_session_path : file to include that implements the custom PHP session

455

     *                       handler

456

     * - user_session_function : function to invoke in the custom session

457

     *                           implementation that will register the session handler

458

     *                           functions

459

*/

460

    $use_user_session = 0;

461

    $user_session_path = \'\';

462

    $user_session_function = \'\';

463

464

/**

465

     * This option is used to set if BASE will use colored results

466

     * based on the priority of alerts

467

     * 0 : no

468

     * 1 : yes

469

*/

470

    $colored_alerts = 0;

471

472

    // Red, yellow, orange, gray, white, green

473

    $priority_colors = array (\'FF0000\',\'FFFF00\',\'FF9900\',\'999999\',\'FFFFFF\',\'006600\');

474

475

476

                /** Choose a font name for the BASE charts (graph alert graphics)

477

478

                 * The fonts in the PEAR::Image::Graph / PEAR::Image::Canvas libraries

479

                 * are broken.

480

481

                 * Better would be a scalable font, like DejaVuSans or Verdana.  A scalable

482

                 * font would allow us to get different (more appropriate) font sizes.

483

                 * However, this won\'t work without minor or major modifications of

484

                 * these libraries.

485

                 * See docs/README.graph_alert_data for details.

486

487

                 * If you do NOT manage to tweak these libraries to get a proper font,

488

                 * choose "Image_Graph_Font".  However, this font is not scalable,

489

                 * i.e. a headline would have the same font size as a small label.

490

491

                 * Image_Graph_Font used to be a fail-safe font name.  But for php

492

                 * versions >= 5.3 even this does not seem to be true, any more.

493

                 * So, as last resort, choose an empty string.

494

*/

495

                // $graph_font_name = "Verdana";

496

           $graph_font_name = "DejaVuSans";

497

                // $graph_font_name = "Image_Graph_Font";

498

                // $graph_font_name = "";

499

500

501

    /** IP address to country support

502

503

     * 1. First method for the mapping of ip addresses to country names:

504

505

     * If you have installed the perl module Geo::IPfree

506

     * http://search.cpan.org/CPAN/authors/id/G/GM/GMPASSOS/Geo-IPfree-0.2.tar.gz

507

     * then generate the country database in readable ASCII format,

508

     * similarly to this:

509

     *         cd /usr/lib/perl5/site_perl/5.8.8/Geo/

510

     *         perl ipct2txt.pl ./ipscountry.dat /var/www/html/ips-ascii.txt

511

512

     * Set the absolute path to this database accordingly:

513

*/

514

     //$Geo_IPfree_file_ascii = "/var/www/html/ips-ascii.txt";

515

516

    /** 2. Second method for the mapping of ip addresses to country names:

517

518

     * If you have installed the perl module IP::Country

519

     * http://search.cpan.org/dist/IP-Country/

520

     * (requires Geography::Countries as well),

521

     * then uncomment and correct the absolute path to this perl executable:

522

*/

523

     //$IP2CC = "/usr/bin/ip2cc";

524

525

526

/*

527

     The below line should not be changed!

528

*/

529

    $BASE_path = dirname(__FILE__);

530

531

    // _BASE_INC is a variable set to prevent direct access to certain include files....

532

    define( \'_BASE_INC\', 1 );

533

534

    // Include for languages

535

    include("$BASE_path/languages/$BASE_Language.lang.php");

536

    ?>';

538

539

?>

NathanGibbs3 / BASE / 584

Source File
Press 'n' to go to next uncovered line, 'b' for previous

1	<?php
2	/*******************************************************************************
3	** Basic Analysis and Security Engine (BASE)
4	** Copyright (C) 2004 BASE Project Team
5	** Copyright (C) 2000 Carnegie Mellon University
6	**
7	** (see the file 'base_main.php' for license details)
8	**
9	** Project Leads: Kevin Johnson <kjohnson@secureideas.net>
10	** Built upon work by Roman Danyliw <rdd@cert.org>, <roman@danyliw.com>
11	**
12	** Purpose: Vanilla Config file used for the setup program
13	********************************************************************************
14	** Authors:
15	********************************************************************************
16	** Kevin Johnson <kjohnson@secureideas.net
17	**
18	********************************************************************************
19	*/
20
21	// Ensure the conf file has been loaded. Prevent direct access to this file.
22	defined( '_BASE_INC' ) or die( 'Accessing this file directly is not allowed.' );	×
23
24	function returnContents()
25	{
26	GLOBAL $language, $useauth, $adodb, $chartlib, $uri, $dbtype, $dbhost,
27	$dbport, $dbname, $dbusername, $dbpasswd, $arcdbexists, $arcdbhost,
28	$arcdbport, $arcdbname, $arcdbusername, $arcdbpasswd;
29
30	$contents = '<?php	×
31	/*******************************************************************************
32	** Basic Analysis and Security Engine (BASE)
33	** Copyright (C) 2004 BASE Project Team
34	** Copyright (C) 2000 Carnegie Mellon University
35	**
36	** (see the file "base_main.php" for license details)
37	**
38	** Project Leads: Kevin Johnson <kjohnson@secureideas.net>
39	** Built upon work by Roman Danyliw <rdd@cert.org>, <roman@danyliw.com>
40	**
41	** Purpose: Vanilla Config file
42	********************************************************************************
43	** Authors:
44	********************************************************************************
45	** Kevin Johnson <kjohnson@secureideas.net
46	**
47	********************************************************************************
48	*/
49	$BASE_VERSION = \'1.4.5 (lilias)\';
50
51	/*
52	Set the below to the language you would like people to use while viewing
53	your install of BASE.
54	*/
55	$BASE_Language = \''.$language.'\';
56
57	/*
58	Set the $Use_Auth_System variable to 1 if you would like to force users to
59	authenticate to use the system. Only turn this off if the system is not
60	accessible to the public or the network at large. i.e. a home user testing it
61	out!
62	*/
63
64	$Use_Auth_System = '.$useauth.';
65
66	/*
67	Set the below to 0 to remove the links from the display of alerts.
68	*/
69	$BASE_display_sig_links = 1;
70
71	/*
72	Set the base_urlpath to the url location that is the root of your BASE install.
73	This must be set for BASE to function! Do not include a trailing slash!
74	But also put the preceding slash. e.g. Your URL is http://127.0.0.1/base
75	set this to /base
76
77	*/
78	$BASE_urlpath = \''. $uri .'\';
79
80	/* Unique BASE ID. The below variable, if set, will append its value to the
81	* title bar of the browser. This is for people who manage multiple installs
82	* of BASE and want a simple way to differentiate them on the task bar.
83	*/
84
85	$BASE_installID = \'\';
86
87	/*
88	* Create a unique cookie name for each BASE installation.
89	*/
90
91	$sessionName = str_replace(\' \', \'_\', $BASE_installID . session_name());
92	session_name($sessionName);
93
94	session_start(); // Interim Fix for Issue #143
95
96	// Name of custom footer file.
97	// If set, will cause BASE to include the specified file as a custom footer to
98	// the main page. The custom footer file must:
99	// 1. Be located in the /custom directory.
100	// 2. End with an .html or .htm extension.
101	// 3. Not be owned by root.
102	// 4. Be readable.
103	// A sample custom footer file is in the contrib directory
104
105	$base_custom_footer = \'\';
106
107	/* Path to the DB abstraction library
108	* (Note: DO NOT include a trailing backslash after the directory)
109	* e.g. $foo = \'/tmp\' [OK]
110	* $foo = \'/tmp/\' [OK]
111	* $foo = \'c:\tmp\' [OK]
112	* $foo = \'c:\tmp\\\' [WRONG]
113	*/
114	$DBlib_path = \'' . $adodb .'\';
115
116	/* The type of underlying alert database
117	*
118	* MySQL : \'mysql\'
119	* PostgresSQL : \'postgres\'
120	* MS SQL Server : \'mssql\'
121	* Oracle : \'oci8\'
122	*/
123	$DBtype = \''. $dbtype .'\';
124
125	/* Alert DB connection parameters
126	* - $alert_dbname : MySQL database name of Snort alert DB
127	* - $alert_host : host on which the DB is stored
128	* - $alert_port : port on which to access the DB
129	* - $alert_user : login to the database with this user
130	* - $alert_password : password of the DB user
131	*
132	* This information can be gleaned from the Snort database
133	* output plugin configuration.
134	*/
135	$alert_dbname = \''. $dbname .'\';
136	$alert_host = \''. $dbhost .'\';
137	$alert_port = \''. $dbport .'\';
138	$alert_user = \''. $dbusername .'\';
139	$alert_password = \''. $dbpasswd .'\';
140
141	/* Archive DB connection parameters */
142	$archive_exists = \''. $arcdbexists .'\'; # Set this to 1 if you have an archive DB
143	$archive_dbname = \''. $arcdbname .'\';
144	$archive_host = \''. $arcdbhost .'\';
145	$archive_port = \''. $arcdbport .'\';
146	$archive_user = \''. $arcdbusername .'\';
147	$archive_password = \''. $arcdbpasswd .'\';
148
149	/* Type of DB connection to use
150	* 1 : use a persistant connection (pconnect)
151	* 2 : use a normal connection (connect)
152	*/
153	$db_connect_method = 1;
154
155	/* Use referential integrity
156	* 1 : use
157	* 0 : ignore (not installed)
158	*
159	* Note: Only PostgreSQL and MS-SQL Server databases support
160	* referential integrity. Use the associated
161	* create_acid_tbls_?_extra.sql script to add this
162	* functionality to the database.
163	*
164	* Referential integrity will greatly improve the
165	* speed of record deletion, but also slow record
166	* insertion.
167	*/
168	$use_referential_integrity = 0;
169
170	/* SMTP Email Alert action
171	*
172	* Requires the Pear-Mail package to be installed like so:
173	*
174	* # pear install --alldeps mail
175	*
176	*
177	* - action_email_smtp_host : Which smtp server to use
178	* - action_email_smtp_localhost : What name to use for this server in the
179	* SMTP HELO statement. You will likely need to replace this with the name
180	* of the machine running BASE when connecting to a remote mail server.
181	* - action_email_smtp_auth : Whether or not to authenticate with
182	* the smtp server
183	* 0: We do NOT authenticate ourselves towards the smtp host
184	* 1: We DO authenticate ourselves towards the smtp host
185	* with the following credentials:
186	* - action_email_smtp_user : The user name with the smtp host
187	* - action_email_smtp_pw : The password for this mail account
188	* - action_email_from : email address to use in the FROM field of the mail message
189	* MUST be the same email address as used for the SMTP account
190	* - action_email_subject : subject to use for the mail message
191	* - action_email_msg : additional text to include in the body of the mail message
192	* - action_email_mode : specifies how the alert information should be enclosed
193	* 0 : all emailed alerts should be in the body of the message
194	* 1 : all emailed alerts should be enclosed in an attachment
195	*/
196	$action_email_smtp_host = \'smtp.example.com\';
197	$action_email_smtp_localhost = \'localhost\';
198	$action_email_smtp_auth = 1;
199	$action_email_smtp_user = \'username\';
200	$action_email_smtp_pw = \'password\';
201	$action_email_from = \'smtpuser@example.com\';
202	$action_email_subject = \'BASE Incident Report\';
203	$action_email_msg = \'\';
204	$action_email_mode = 0;
205
206	/* Variable to start the ability to handle themes... */
207	$base_style = \'base_style.css\';
208
209	/* Chart default colors - (red, green, blue)
210	* - $chart_bg_color_default : background color of chart
211	* - $chart_lgrid_color_default : gridline color of chart
212	* - $chart_bar_color_default : bar/line color of chart
213	*/
214	$chart_bg_color_default = array(255,255,255);
215	$chart_lgrid_color_default = array(205,205,205);
216	$chart_bar_color_default = array(190, 5, 5);
217
218	/* Maximum number of rows per criteria element */
219	$MAX_ROWS = 10;
220
221	/* Number of rows to display for any query results */
222	$show_rows = 48;
223
224	/* Number of items to return during a snapshot
225	* Last _X_ # of alerts/unique alerts/ports/IP
226	*/
227	$last_num_alerts = 15;
228	$last_num_ualerts = 15;
229	$last_num_uports = 15;
230	$last_num_uaddr = 15;
231
232	/* Number of items to return during a snapshot
233	* Most Frequent unique alerts/IPs/ports
234	*/
235	$freq_num_alerts = 5;
236	$freq_num_uaddr = 15;
237	$freq_num_uports = 15;
238
239	/* Number of scroll buttons to use when displaying query results */
240	$max_scroll_buttons = 12;
241
242	/* Debug mode - how much debugging information should be shown
243	* Timing mode - display timing information
244	* SQL trace mode - log SQL statements
245	* 0 : no extra information
246	* 1 : debugging information
247	* 2 : extended debugging information
248	*
249	* HTML no cache - whether a no-cache directive should be sent
250	* to the browser (should be = 1 for IE)
251	*
252	* SQL trace file - file to log SQL traces
253	*/
254	$debug_mode = 0;
255	$debug_time_mode = 1;
256	$html_no_cache = 1;
257	$sql_trace_mode = 0;
258	$sql_trace_file = \'\';
259
260	/* Auto-Screen refresh
261	* - Refresh_Stat_Page - Should certain statistics pages refresh?
262	* - refresh_all_pages - Should all the pages trigger the http refresh,
263	* as well?
264	* 0: No, they should not.
265	* 1: Yes, even these pages should refresh.
266	* - Stat_Page_Refresh_Time - refresh interval (in seconds)
267	*/
268	$refresh_stat_page = 1;
269	$refresh_all_pages = 0;
270	$stat_page_refresh_time = 180;
271
272	/* Display First/Previous/Last timestamps for alerts or
273	* just First/Last on the Unique Alert listing.
274	* 1: yes
275	* 0: no
276	*/
277	$show_previous_alert = 0;
278
279	/* Sets maximum execution time (in seconds) of any particular page.
280	* Note: this overrides the PHP configuration file variable
281	* max_execution_time. Thus script can run for a total of
282	* ($max_script_runtime + max_execution_time) seconds
283	*/
284	$max_script_runtime = 180;
285
286	/* How should the IP address criteria be entered in the Search screen?
287	* 1 : each octet is a separate field
288	* 2 : entire address is as a single field
289	*/
290	$ip_address_input = 2;
291
292	/* Should a combo box with possible signatures be displayed on the
293	* search form. (Requires Javascript)
294	* 0 : disabled
295	* 1 : show only non pre-processor signatures (e.g., ignore portscans)
296	* 2 : show all signatures
297	*/
298	$use_sig_list = 0;
299
300	/* Resolve IP to FQDN (on certain queries?)
301	* 1 : yes
302	* 0 : no
303	*/
304	$resolve_IP = 0;
305
306	/* automatically expand the IP Criteria and Payload Criteria sections on the Search screen?)
307	* 1 : yes
308	* 0 : no - you need to click on them to see them
309	*/
310	$show_expanded_query = 0;
311
312	/* Should summary stats be calculated on every Query Results page
313	* (Enabling this option will slow page loading time)
314	*/
315	$show_summary_stats = 0;
316
317	/* DNS cache lifetime (in minutes) */
318	$dns_cache_lifetime = 20160;
319
320	/* Whois information cache lifetime (in minutes) */
321	$whois_cache_lifetime = 40320;
322
323	/* Snort spp_portscan log file */
324	$portscan_file = \'\';
325
326	/* Show part of portscan payload in signature */
327	$portscan_payload_in_signature = \'1\';
328
329	/* Event cache Auto-update
330	*
331	* Should the event cache be verified and updated on every
332	* page log? Otherwise, the cache will have to be explicitly
333	* updated from the \'cache and status\' page.
334	*
335	* Note: enabling this option could substantially slow down
336	* the page loading time when there are many uncached alerts.
337	* However, this is only a one-time penalty.
338	*
339	* 1 : yes
340	* 0 : no
341	*/
342	$event_cache_auto_update = 1;
343
344	/* Maintain a history of the visited pages so that the \'Back\'
345	* button can be used.
346	*
347	* Note: Enabling this option will cause the PHP-session to
348	* grow substantially after many pages have been viewed causing
349	* a slow down in page loading time. Periodically return to the
350	* main page to clear the history.
351	*
352	* 1 : yes
353	* 0 : no
354	*/
355	$maintain_history = 1;
356
357	/* Level of detail to display on the main page.
358	*
359	* Note: The presence of summary statistics will slow page loading time
360	*
361	* 1 : show both the links and summary statistics
362	* 0 : show only the links and a count of the number of alerts
363	*/
364	$main_page_detail = 1;
365
366	/* avoid count(*) whenever possible
367	*
368	* Note: On some databases (e.g., postgres) this can greatly increase
369	* performance if you have a large number of events. On other databases
370	* (e.g., mysql) this will have little to no effect. Enabling this
371	* option will prevent the number of events in the database from being
372	* shown on the main screen and will remove the percentages associated
373	* with the number of events on the alert screen.
374	*/
375	$avoid_counts = 0;
376
377	/* show links to first/last/previous event on alert screen
378	*
379	* Note: Enabling this can slow down loading of the alert screen on large
380	* databases
381	*/
382	$show_first_last_links = 0;
383
384	/*
385	* External URLs
386	*/
387
388	/* Whois query */
389	$external_whois_link = \'http://www.dnsstuff.com/tools/whois.ch?ip=\';
390
391
392	/* Local whois */
393	/* IP addresses of whois servers. Updated on Jan, 6th 2019.
394	*
395	* Name: whois.arin.net
396	* Addresses: 199.212.0.46
397	*
398	* Name: whois.apnic.net
399	* Address: 23.239.6.76
400	*
401	* Name: whois.ripe.net
402	* Address: 193.0.6.135
403	*
404	* Name: whois.nic.ad.jp
405	* Address: 192.41.192.40
406	*
407	* Name: whos.afrinic.net
408	* Address: 196.216.2.21
409	*
410	* Name: whos.lannic.net
411	* Address: 200.3.14.10
412	*/
413
414	$arin_ip = "199.212.0.46";
415	$apnic_ip = "23.239.6.76";
416	$ripe_ip = "193.0.6.135";
417	$jnic_ip = "192.41.192.40";
418	$afrinic_ip = "196.216.2.21";
419	$lacnic_ip = "200.3.14.10";
420
421
422	/* DNS query */
423	$external_dns_link = \'http://www.dnsstuff.com/tools/ptr.ch?ip=\';
424
425	/* SamSpade \'all\' query */
426	$external_all_link = \'http://www.whois.sc/\';
427
428	// TCP/UDP port database
429	$external_port_link = array(
430	\'sans\' => \'https://isc.sans.edu/data/port.html?port=\'
431	);
432
433	/* Signature references */
434	$external_sig_link = array(\'bugtraq\' => array(\'http://www.securityfocus.com/bid/\', \'\'),
435	\'snort\' => array(\'https://snort.org/rule_docs/\', \'\'),
436	\'cve\' => array(\'http://cve.mitre.org/cgi-bin/cvename.cgi?name=\', \'\'),
437	\'arachnids\' => array(\'http://www.whitehats.com/info/ids\', \'\'),
438	\'mcafee\' => array(\'http://vil.nai.com/vil/content/v_\', \'.htm\'),
439	\'icat\' => array(\'http://icat.nist.gov/icat.cfm?cvename=CAN-\', \'\'),
440	\'nessus\' => array(\'http://www.nessus.org/plugins/index.php?view=single&id=\', \'\'),
441	\'url\' => array(\'http://\', \'\'),
442	\'local\' => array(\'signatures/\', \'.txt\'),
443	\'local_rules_dir\' => array(\'rules/\', \'.rules\'),
444	\'EmThreats\' => array(\'http://docs.emergingthreats.net/\', \'\'));
445
446
447	/* Custom (user) PHP session handlers
448	*
449	* - use_user_session : sets whether user PHP session can be used (configured
450	* with the session.save_handler variable in php.ini)
451	* 0 : no
452	* 1 : yes (assuming that \'user_session_path\' and \'user_session_function\'
453	* are configured correctly)
454	* - user_session_path : file to include that implements the custom PHP session
455	* handler
456	* - user_session_function : function to invoke in the custom session
457	* implementation that will register the session handler
458	* functions
459	*/
460	$use_user_session = 0;
461	$user_session_path = \'\';
462	$user_session_function = \'\';
463
464	/**
465	* This option is used to set if BASE will use colored results
466	* based on the priority of alerts
467	* 0 : no
468	* 1 : yes
469	*/
470	$colored_alerts = 0;
471
472	// Red, yellow, orange, gray, white, green
473	$priority_colors = array (\'FF0000\',\'FFFF00\',\'FF9900\',\'999999\',\'FFFFFF\',\'006600\');
474
475
476	/** Choose a font name for the BASE charts (graph alert graphics)
477	*
478	* The fonts in the PEAR::Image::Graph / PEAR::Image::Canvas libraries
479	* are broken.
480	*
481	* Better would be a scalable font, like DejaVuSans or Verdana. A scalable
482	* font would allow us to get different (more appropriate) font sizes.
483	* However, this won\'t work without minor or major modifications of
484	* these libraries.
485	* See docs/README.graph_alert_data for details.
486	*
487	* If you do NOT manage to tweak these libraries to get a proper font,
488	* choose "Image_Graph_Font". However, this font is not scalable,
489	* i.e. a headline would have the same font size as a small label.
490	*
491	* Image_Graph_Font used to be a fail-safe font name. But for php
492	* versions >= 5.3 even this does not seem to be true, any more.
493	* So, as last resort, choose an empty string.
494	*/
495	// $graph_font_name = "Verdana";
496	$graph_font_name = "DejaVuSans";
497	// $graph_font_name = "Image_Graph_Font";
498	// $graph_font_name = "";
499
500
501	/** IP address to country support
502	*
503	* 1. First method for the mapping of ip addresses to country names:
504	*
505	* If you have installed the perl module Geo::IPfree
506	* http://search.cpan.org/CPAN/authors/id/G/GM/GMPASSOS/Geo-IPfree-0.2.tar.gz
507	* then generate the country database in readable ASCII format,
508	* similarly to this:
509	* cd /usr/lib/perl5/site_perl/5.8.8/Geo/
510	* perl ipct2txt.pl ./ipscountry.dat /var/www/html/ips-ascii.txt
511	*
512	* Set the absolute path to this database accordingly:
513	*/
514	//$Geo_IPfree_file_ascii = "/var/www/html/ips-ascii.txt";
515
516	/** 2. Second method for the mapping of ip addresses to country names:
517	*
518	* If you have installed the perl module IP::Country
519	* http://search.cpan.org/dist/IP-Country/
520	* (requires Geography::Countries as well),
521	* then uncomment and correct the absolute path to this perl executable:
522	*/
523	//$IP2CC = "/usr/bin/ip2cc";
524
525
526	/*
527	The below line should not be changed!
528	*/
529	$BASE_path = dirname(__FILE__);
530
531	// _BASE_INC is a variable set to prevent direct access to certain include files....
532	define( \'_BASE_INC\', 1 );
533
534	// Include for languages
535	include("$BASE_path/languages/$BASE_Language.lang.php");
536	?>';
537	return $contents;	×
538	}
539	?>

NathanGibbs3 / BASE / 584

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous