NathanGibbs3/BASE | Build 909 | setup/base_conf_contents.php | Coveralls

1

<?php

2

/*******************************************************************************

3

** Basic Analysis and Security Engine (BASE)

4

** Copyright (C) 2004 BASE Project Team

5

** Copyright (C) 2000 Carnegie Mellon University

6

**

7

** (see the file 'base_main.php' for license details)

8

**

9

** Project Leads: Kevin Johnson <kjohnson@secureideas.net>

10

** Built upon work by Roman Danyliw <rdd@cert.org>, <roman@danyliw.com>

11

**

12

** Purpose: Vanilla Config file used for the setup program

13

********************************************************************************

14

** Authors:

15

********************************************************************************

16

** Kevin Johnson <kjohnson@secureideas.net

17

**

18

********************************************************************************

19

*/

20

21

// Ensure the conf file has been loaded.  Prevent direct access to this file.

23

24

function returnContents()

25

26

    GLOBAL $language, $useauth, $adodb, $chartlib, $uri, $dbtype, $dbhost,

27

        $dbport, $dbname, $dbusername, $dbpasswd, $arcdbexists, $arcdbhost,

28

        $arcdbport, $arcdbname, $arcdbusername, $arcdbpasswd;

29

31

/*******************************************************************************

32

** Basic Analysis and Security Engine (BASE)

33

** Copyright (C) 2004 BASE Project Team

34

** Copyright (C) 2000 Carnegie Mellon University

35

**

36

** (see the file "base_main.php" for license details)

37

**

38

** Project Leads: Kevin Johnson <kjohnson@secureideas.net>

39

** Built upon work by Roman Danyliw <rdd@cert.org>, <roman@danyliw.com>

40

**

41

** Purpose: Vanilla Config file

42

********************************************************************************

43

** Authors:

44

********************************************************************************

45

** Kevin Johnson <kjohnson@secureideas.net

46

**

47

********************************************************************************

48

*/

49

    $BASE_VERSION = \'1.4.5 (lilias)\';

50

51

// BASE Server Config settings

52

53

/*

54

     Set the $Use_Auth_System variable to 1 if you would like to force users to

55

     authenticate to use the system.  Only turn this off if the system is not

56

     accessible to the public or the network at large.  i.e. a home user testing it

57

     out!

58

*/

59

60

    $Use_Auth_System = '.$useauth.';

61

62

// Allowed Client IP addresses IPv4 or IPv6.

63

// Host

64

// $AllowedClients = 192.168.0.1

65

// $AllowedClients = fd00:0000:0000::1

66

// Subnets

67

// $AllowedClients = 192.168.0.0/24

68

// $AllowedClients = fd00:0000:0000::/48

69

70

$AllowedClients = \'\';

71

72

// Set the base_urlpath to the url location that is the root of your BASE

73

// install. This must be set for BASE to function! Do not include a trailing

74

// slash! But also put the preceding slash.

75

//

76

// e.g. Your URL is http://127.0.0.1/base or http://hostname/base

77

// Set this to /base

78

// e.g. Your URL is http://127.0.0.1/ or http://hostname/

79

// Set this to an empty string \'\'.

80

81

$BASE_urlpath = \''. $uri .'\';

82

83

// BASE UI Settings

84

85

/*

86

     Set the below to the language you would like people to use while viewing

87

     your install of BASE.

88

*/

89

    $BASE_Language = \''.$language.'\';

90

91

/*

92

     Set the below to 0 to remove the links from the display of alerts.

93

*/

94

    $BASE_display_sig_links = 1;

95

96

    /* Unique BASE ID.  The below variable, if set, will append its value to the

97

     * title bar of the browser.  This is for people who manage multiple installs

98

     * of BASE and want a simple way to differentiate them on the task bar.

99

*/

100

101

    $BASE_installID = \'\';

102

103

// Name of custom footer file.

104

// If set, will cause BASE to include the specified file as a custom footer to

105

// the main page.  The custom footer file must:

106

// 1. Be located in the /custom directory.

107

// 2. End with an .html or .htm extension.

108

// 3. Not be owned by root.

109

// 4. Be readable.

110

// A sample custom footer file is in the contrib directory

111

112

$base_custom_footer = \'\';

113

114

    /* Path to the DB abstraction library

115

     *  (Note: DO NOT include a trailing backslash after the directory)

116

     *   e.g. $foo = \'/tmp\'      [OK]

117

     *        $foo = \'/tmp/\'     [OK]

118

     *        $foo = \'c:\tmp\'    [OK]

119

     *        $foo = \'c:\tmp\\\'   [WRONG]

120

*/

121

    $DBlib_path = \'' . $adodb .'\';

122

123

    /* The type of underlying alert database

124

125

     *  MySQL       : \'mysql\'

126

     *  PostgresSQL : \'postgres\'

127

     *  MS SQL Server : \'mssql\'

128

     *  Oracle      : \'oci8\'

129

*/

130

    $DBtype = \''. $dbtype .'\';

131

132

    /* Alert DB connection parameters

133

     *   - $alert_dbname   : MySQL database name of Snort alert DB

134

     *   - $alert_host     : host on which the DB is stored

135

     *   - $alert_port     : port on which to access the DB

136

     *   - $alert_user     : login to the database with this user

137

     *   - $alert_password : password of the DB user

138

139

     *  This information can be gleaned from the Snort database

140

     *  output plugin configuration.

141

*/

142

    $alert_dbname   = \''. $dbname .'\';

143

    $alert_host     = \''. $dbhost .'\';

144

    $alert_port     = \''. $dbport .'\';

145

    $alert_user     = \''. $dbusername .'\';

146

    $alert_password = \''. $dbpasswd .'\';

147

148

    /* Archive DB connection parameters */

149

    $archive_exists   = \''. $arcdbexists .'\'; # Set this to 1 if you have an archive DB

150

    $archive_dbname   = \''. $arcdbname .'\';

151

    $archive_host     = \''. $arcdbhost .'\';

152

    $archive_port     = \''. $arcdbport .'\';

153

    $archive_user     = \''. $arcdbusername .'\';

154

    $archive_password = \''. $arcdbpasswd .'\';

155

156

    /* Type of DB connection to use

157

     *   1  : use a persistant connection (pconnect)

158

     *   2  : use a normal connection (connect)

159

*/

160

    $db_connect_method = 1;

161

162

    /* Use referential integrity

163

     *   1  : use

164

     *   0  : ignore (not installed)

165

166

     * Note: Only PostgreSQL and MS-SQL Server databases support

167

     *       referential integrity.  Use the associated

168

     *       create_acid_tbls_?_extra.sql script to add this

169

     *       functionality to the database.

170

171

     *       Referential integrity will greatly improve the

172

     *       speed of record deletion, but also slow record

173

     *       insertion.

174

*/

175

                $use_referential_integrity = 0;

176

177

                /* SMTP Email Alert action

178

179

     * Requires the Pear-Mail package to be installed like so:

180

181

     * # pear install --alldeps mail

182

183

184

     * - action_email_smtp_host : Which smtp server to use

185

     * - action_email_smtp_localhost : What name to use for this server in the

186

     *   SMTP HELO statement. You will likely need to replace this with the name

187

     *   of the machine running BASE when connecting to a remote mail server.

188

     * - action_email_smtp_auth : Whether or not to authenticate with

189

     *                            the smtp server

190

     *     0: We do NOT authenticate ourselves towards the smtp host

191

     *     1: We DO authenticate ourselves towards the smtp host

192

     *        with the following credentials:

193

     * - action_email_smtp_user : The user name with the smtp host

194

     * - action_email_smtp_pw : The password for this mail account

195

     * - action_email_from : email address to use in the FROM field of the mail message

196

     *                       MUST be the same email address as used for the SMTP account

197

     * - action_email_subject : subject to use for the mail message

198

     * - action_email_msg : additional text to include in the body of the mail message

199

     * - action_email_mode : specifies how the alert information should be enclosed

200

     *     0 : all emailed alerts should be in the body of the message

201

     *     1 : all emailed alerts should be enclosed in an attachment

202

*/

203

     $action_email_smtp_host = \'smtp.example.com\';

204

     $action_email_smtp_localhost = \'localhost\';

205

     $action_email_smtp_auth = 1;

206

     $action_email_smtp_user = \'username\';

207

     $action_email_smtp_pw = \'password\';

208

     $action_email_from = \'smtpuser@example.com\';

209

     $action_email_subject = \'BASE Incident Report\';

210

     $action_email_msg = \'\';

211

     $action_email_mode = 0;

212

213

                /* Variable to start the ability to handle themes... */

214

                $base_style = \'base_style.css\';

215

216

                /* Chart default colors - (red, green, blue)

217

                 *    - $chart_bg_color_default    : background color of chart

218

                 *    - $chart_lgrid_color_default : gridline color of chart

219

                 *    - $chart_bar_color_default   : bar/line color of chart

220

*/

221

                $chart_bg_color_default     = array(255,255,255);

222

                $chart_lgrid_color_default  = array(205,205,205);

223

                $chart_bar_color_default    = array(190, 5, 5);

224

225

                /* Maximum number of rows per criteria element */

226

                $MAX_ROWS = 10;

227

228

                /* Number of rows to display for any query results */

229

                $show_rows = 48;

230

231

                /* Number of items to return during a snapshot

232

                 *  Last _X_ # of alerts/unique alerts/ports/IP

233

*/

234

                $last_num_alerts = 15;

235

                $last_num_ualerts = 15;

236

                $last_num_uports = 15;

237

                $last_num_uaddr = 15;

238

239

                /* Number of items to return during a snapshot

240

                 *  Most Frequent unique alerts/IPs/ports

241

*/

242

                $freq_num_alerts = 5;

243

                $freq_num_uaddr = 15;

244

                $freq_num_uports = 15;

245

246

                /* Number of scroll buttons to use when displaying query results */

247

                $max_scroll_buttons = 12;

248

249

                /* Debug mode     - how much debugging information should be shown

250

                 * Timing mode    - display timing information

251

                 * SQL trace mode - log SQL statements

252

                 *   0 : no extra information

253

                 *   1 : debugging information

254

                 *   2 : extended debugging information

255

256

                 * HTML no cache - whether a no-cache directive should be sent

257

                 *                 to the browser (should be = 1 for IE)

258

259

                 * SQL trace file - file to log SQL traces

260

*/

261

                $debug_mode = 0;

262

                $debug_time_mode = 1;

263

                $html_no_cache = 1;

264

                $sql_trace_mode = 0;

265

                $sql_trace_file = \'\';

266

267

                /* Auto-Screen refresh

268

                 * - Refresh_Stat_Page - Should certain statistics pages refresh?

269

                 * - refresh_all_pages - Should all the pages trigger the http refresh,

270

                 *                       as well?

271

                 *                       0: No, they should not.

272

                 *                       1: Yes, even these pages should refresh.

273

                 * - Stat_Page_Refresh_Time - refresh interval (in seconds)

274

*/

275

                $refresh_stat_page = 1;

276

                $refresh_all_pages = 0;

277

                $stat_page_refresh_time = 180;

278

279

                /* Display First/Previous/Last timestamps for alerts or

280

                 * just First/Last on the Unique Alert listing.

281

                 *    1: yes

282

                 *    0: no

283

*/

284

                $show_previous_alert = 0;

285

286

                /* Sets maximum execution time (in seconds) of any particular page.

287

                 * Note: this overrides the PHP configuration file variable

288

                 *       max_execution_time.  Thus script can run for a total of

289

                 *       ($max_script_runtime + max_execution_time) seconds

290

*/

291

                $max_script_runtime = 180;

292

293

    /* How should the IP address criteria be entered in the Search screen?

294

     *   1 : each octet is a separate field

295

     *   2 : entire address is as a single field

296

*/

297

    $ip_address_input = 2;

298

299

    /* Should a combo box with possible signatures be displayed on the

300

     * search form. (Requires Javascript)

301

     *   0 : disabled

302

     *   1 : show only non pre-processor signatures (e.g., ignore portscans)

303

     *   2 : show all signatures

304

*/

305

    $use_sig_list = 0;

306

307

    /* Resolve IP to FQDN (on certain queries?)

308

     *    1 : yes

309

     *    0 : no

310

*/

311

    $resolve_IP = 0;

312

313

    /* automatically expand the IP Criteria and Payload Criteria sections on the Search screen?)

314

     *    1 : yes

315

     *    0 : no - you need to click on them to see them

316

*/

317

    $show_expanded_query = 0;

318

319

    /* Should summary stats be calculated on every Query Results page

320

     * (Enabling this option will slow page loading time)

321

*/

322

    $show_summary_stats = 0;

323

324

    /* DNS cache lifetime (in minutes) */

325

    $dns_cache_lifetime = 20160;

326

327

    /* Whois information cache lifetime (in minutes) */

328

    $whois_cache_lifetime = 40320;

329

330

    /* Snort spp_portscan log file */

331

    $portscan_file = \'\';

332

333

    /* Show part of portscan payload in signature */

334

    $portscan_payload_in_signature = \'1\';

335

336

    /* Event cache Auto-update

337

338

     *  Should the event cache be verified and updated on every

339

     *  page log?  Otherwise, the cache will have to be explicitly

340

     *  updated from the \'cache and status\' page.

341

342

     *  Note: enabling this option could substantially slow down

343

     *  the page loading time when there are many uncached alerts.

344

     *  However, this is only a one-time penalty.

345

346

     *   1 : yes

347

     *   0 : no

348

*/

349

    $event_cache_auto_update = 1;

350

351

    /* Maintain a history of the visited pages so that the \'Back\'

352

     * button can be used.

353

354

     * Note: Enabling this option will cause the PHP-session to

355

     * grow substantially after many pages have been viewed causing

356

     * a slow down in page loading time. Periodically return to the

357

     * main page to clear the history.

358

359

     *   1 : yes

360

     *   0 : no

361

*/

362

    $maintain_history = 1;

363

364

    /* Level of detail to display on the main page.

365

366

     * Note: The presence of summary statistics will slow page loading time

367

368

     *   1 : show both the links and summary statistics

369

     *   0 : show only the links and a count of the number of alerts

370

*/

371

    $main_page_detail = 1;

372

373

    /* avoid count(*) whenever possible

374

375

     * Note: On some databases (e.g., postgres) this can greatly increase

376

     * performance if you have a large number of events. On other databases

377

     * (e.g., mysql) this will have little to no effect. Enabling this

378

     * option will prevent the number of events in the database from being

379

     * shown on the main screen and will remove the percentages associated

380

     * with the number of events on the alert screen.

381

*/

382

    $avoid_counts = 0;

383

384

    /* show links to first/last/previous event on alert screen

385

386

     * Note: Enabling this can slow down loading of the alert screen on large

387

     * databases

388

*/

389

    $show_first_last_links = 0;

390

391

/*

392

     * External URLs

393

*/

394

395

    /* Whois query */

396

    $external_whois_link = \'http://www.dnsstuff.com/tools/whois.ch?ip=\';

397

398

399

                /* Local whois */

400

                /* IP addresses of whois servers. Updated on Jan, 6th 2019.

401

402

                 * Name:                whois.arin.net

403

                 * Addresses:        199.212.0.46

404

405

                 * Name:                whois.apnic.net

406

                 * Address:                23.239.6.76

407

408

                 * Name:                whois.ripe.net

409

                 * Address:                193.0.6.135

410

411

                 * Name:                whois.nic.ad.jp

412

                 * Address:                192.41.192.40

413

414

                 * Name:                whos.afrinic.net

415

                 * Address:                196.216.2.21

416

417

                 * Name:                whos.lannic.net

418

                 * Address:                200.3.14.10

419

*/

420

421

$arin_ip  = "199.212.0.46";

422

$apnic_ip = "23.239.6.76";

423

$ripe_ip  = "193.0.6.135";

424

$jnic_ip  = "192.41.192.40";

425

$afrinic_ip = "196.216.2.21";

426

$lacnic_ip = "200.3.14.10";

427

428

429

     /* DNS query */

430

    $external_dns_link = \'http://www.dnsstuff.com/tools/ptr.ch?ip=\';

431

432

    /* SamSpade \'all\' query */

433

    $external_all_link = \'http://www.whois.sc/\';

434

435

// TCP/UDP port database

436

$external_port_link = array(

437

        \'sans\'     => \'https://isc.sans.edu/data/port.html?port=\'

438

);

439

440

    /* Signature references */

441

    $external_sig_link = array(\'bugtraq\'   => array(\'http://www.securityfocus.com/bid/\', \'\'),

442

                               \'snort\'     => array(\'https://snort.org/rule_docs/\', \'\'),

443

                               \'cve\'       => array(\'http://cve.mitre.org/cgi-bin/cvename.cgi?name=\', \'\'),

444

                               \'arachnids\' => array(\'http://www.whitehats.com/info/ids\', \'\'),

445

                               \'mcafee\'    => array(\'http://vil.nai.com/vil/content/v_\', \'.htm\'),

446

                               \'icat\'      => array(\'http://icat.nist.gov/icat.cfm?cvename=CAN-\', \'\'),

447

                               \'nessus\'    => array(\'http://www.nessus.org/plugins/index.php?view=single&amp;id=\', \'\'),

448

                               \'url\'       => array(\'http://\', \'\'),

449

                               \'local\'     => array(\'signatures/\', \'.txt\'),

450

                               \'local_rules_dir\' => array(\'rules/\', \'.rules\'),

451

                               \'EmThreats\'  => array(\'http://docs.emergingthreats.net/\', \'\'));

452

453

454

    /* Custom (user) PHP session handlers

455

456

     * - use_user_session : sets whether user PHP session can be used (configured

457

     *                      with the session.save_handler variable in php.ini)

458

     *      0 : no

459

     *      1 : yes (assuming that \'user_session_path\' and \'user_session_function\'

460

     *               are configured correctly)

461

     * - user_session_path : file to include that implements the custom PHP session

462

     *                       handler

463

     * - user_session_function : function to invoke in the custom session

464

     *                           implementation that will register the session handler

465

     *                           functions

466

*/

467

    $use_user_session = 0;

468

    $user_session_path = \'\';

469

    $user_session_function = \'\';

470

471

/**

472

     * This option is used to set if BASE will use colored results

473

     * based on the priority of alerts

474

     * 0 : no

475

     * 1 : yes

476

*/

477

    $colored_alerts = 0;

478

479

    // Red, yellow, orange, gray, white, green

480

    $priority_colors = array (\'FF0000\',\'FFFF00\',\'FF9900\',\'999999\',\'FFFFFF\',\'006600\');

481

482

483

                /** Choose a font name for the BASE charts (graph alert graphics)

484

485

                 * The fonts in the PEAR::Image::Graph / PEAR::Image::Canvas libraries

486

                 * are broken.

487

488

                 * Better would be a scalable font, like DejaVuSans or Verdana.  A scalable

489

                 * font would allow us to get different (more appropriate) font sizes.

490

                 * However, this won\'t work without minor or major modifications of

491

                 * these libraries.

492

                 * See docs/README.graph_alert_data for details.

493

494

                 * If you do NOT manage to tweak these libraries to get a proper font,

495

                 * choose "Image_Graph_Font".  However, this font is not scalable,

496

                 * i.e. a headline would have the same font size as a small label.

497

498

                 * Image_Graph_Font used to be a fail-safe font name.  But for php

499

                 * versions >= 5.3 even this does not seem to be true, any more.

500

                 * So, as last resort, choose an empty string.

501

*/

502

                // $graph_font_name = "Verdana";

503

           $graph_font_name = "DejaVuSans";

504

                // $graph_font_name = "Image_Graph_Font";

505

                // $graph_font_name = "";

506

507

508

    /** IP address to country support

509

510

     * 1. First method for the mapping of ip addresses to country names:

511

512

     * If you have installed the perl module Geo::IPfree

513

     * http://search.cpan.org/CPAN/authors/id/G/GM/GMPASSOS/Geo-IPfree-0.2.tar.gz

514

     * then generate the country database in readable ASCII format,

515

     * similarly to this:

516

     *         cd /usr/lib/perl5/site_perl/5.8.8/Geo/

517

     *         perl ipct2txt.pl ./ipscountry.dat /var/www/html/ips-ascii.txt

518

519

     * Set the absolute path to this database accordingly:

520

*/

521

     //$Geo_IPfree_file_ascii = "/var/www/html/ips-ascii.txt";

522

523

    /** 2. Second method for the mapping of ip addresses to country names:

524

525

     * If you have installed the perl module IP::Country

526

     * http://search.cpan.org/dist/IP-Country/

527

     * (requires Geography::Countries as well),

528

     * then uncomment and correct the absolute path to this perl executable:

529

*/

530

     //$IP2CC = "/usr/bin/ip2cc";

531

532

    // Include for languages

533

    include("$BASE_path/languages/$BASE_Language.lang.php");

534

    ?>';

536

537

?>

NathanGibbs3 / BASE / 624

Source File
Press 'n' to go to next uncovered line, 'b' for previous

1	<?php
2	/*******************************************************************************
3	** Basic Analysis and Security Engine (BASE)
4	** Copyright (C) 2004 BASE Project Team
5	** Copyright (C) 2000 Carnegie Mellon University
6	**
7	** (see the file 'base_main.php' for license details)
8	**
9	** Project Leads: Kevin Johnson <kjohnson@secureideas.net>
10	** Built upon work by Roman Danyliw <rdd@cert.org>, <roman@danyliw.com>
11	**
12	** Purpose: Vanilla Config file used for the setup program
13	********************************************************************************
14	** Authors:
15	********************************************************************************
16	** Kevin Johnson <kjohnson@secureideas.net
17	**
18	********************************************************************************
19	*/
20
21	// Ensure the conf file has been loaded. Prevent direct access to this file.
22	defined( '_BASE_INC' ) or die( 'Accessing this file directly is not allowed.' );	×
23
24	function returnContents()
25	{
26	GLOBAL $language, $useauth, $adodb, $chartlib, $uri, $dbtype, $dbhost,
27	$dbport, $dbname, $dbusername, $dbpasswd, $arcdbexists, $arcdbhost,
28	$arcdbport, $arcdbname, $arcdbusername, $arcdbpasswd;
29
30	$contents = '<?php	×
31	/*******************************************************************************
32	** Basic Analysis and Security Engine (BASE)
33	** Copyright (C) 2004 BASE Project Team
34	** Copyright (C) 2000 Carnegie Mellon University
35	**
36	** (see the file "base_main.php" for license details)
37	**
38	** Project Leads: Kevin Johnson <kjohnson@secureideas.net>
39	** Built upon work by Roman Danyliw <rdd@cert.org>, <roman@danyliw.com>
40	**
41	** Purpose: Vanilla Config file
42	********************************************************************************
43	** Authors:
44	********************************************************************************
45	** Kevin Johnson <kjohnson@secureideas.net
46	**
47	********************************************************************************
48	*/
49	$BASE_VERSION = \'1.4.5 (lilias)\';
50
51	// BASE Server Config settings
52
53	/*
54	Set the $Use_Auth_System variable to 1 if you would like to force users to
55	authenticate to use the system. Only turn this off if the system is not
56	accessible to the public or the network at large. i.e. a home user testing it
57	out!
58	*/
59
60	$Use_Auth_System = '.$useauth.';
61
62	// Allowed Client IP addresses IPv4 or IPv6.
63	// Host
64	// $AllowedClients = 192.168.0.1
65	// $AllowedClients = fd00:0000:0000::1
66	// Subnets
67	// $AllowedClients = 192.168.0.0/24
68	// $AllowedClients = fd00:0000:0000::/48
69
70	$AllowedClients = \'\';
71
72	// Set the base_urlpath to the url location that is the root of your BASE
73	// install. This must be set for BASE to function! Do not include a trailing
74	// slash! But also put the preceding slash.
75	//
76	// e.g. Your URL is http://127.0.0.1/base or http://hostname/base
77	// Set this to /base
78	// e.g. Your URL is http://127.0.0.1/ or http://hostname/
79	// Set this to an empty string \'\'.
80
81	$BASE_urlpath = \''. $uri .'\';
82
83	// BASE UI Settings
84
85	/*
86	Set the below to the language you would like people to use while viewing
87	your install of BASE.
88	*/
89	$BASE_Language = \''.$language.'\';
90
91	/*
92	Set the below to 0 to remove the links from the display of alerts.
93	*/
94	$BASE_display_sig_links = 1;
95
96	/* Unique BASE ID. The below variable, if set, will append its value to the
97	* title bar of the browser. This is for people who manage multiple installs
98	* of BASE and want a simple way to differentiate them on the task bar.
99	*/
100
101	$BASE_installID = \'\';
102
103	// Name of custom footer file.
104	// If set, will cause BASE to include the specified file as a custom footer to
105	// the main page. The custom footer file must:
106	// 1. Be located in the /custom directory.
107	// 2. End with an .html or .htm extension.
108	// 3. Not be owned by root.
109	// 4. Be readable.
110	// A sample custom footer file is in the contrib directory
111
112	$base_custom_footer = \'\';
113
114	/* Path to the DB abstraction library
115	* (Note: DO NOT include a trailing backslash after the directory)
116	* e.g. $foo = \'/tmp\' [OK]
117	* $foo = \'/tmp/\' [OK]
118	* $foo = \'c:\tmp\' [OK]
119	* $foo = \'c:\tmp\\\' [WRONG]
120	*/
121	$DBlib_path = \'' . $adodb .'\';
122
123	/* The type of underlying alert database
124	*
125	* MySQL : \'mysql\'
126	* PostgresSQL : \'postgres\'
127	* MS SQL Server : \'mssql\'
128	* Oracle : \'oci8\'
129	*/
130	$DBtype = \''. $dbtype .'\';
131
132	/* Alert DB connection parameters
133	* - $alert_dbname : MySQL database name of Snort alert DB
134	* - $alert_host : host on which the DB is stored
135	* - $alert_port : port on which to access the DB
136	* - $alert_user : login to the database with this user
137	* - $alert_password : password of the DB user
138	*
139	* This information can be gleaned from the Snort database
140	* output plugin configuration.
141	*/
142	$alert_dbname = \''. $dbname .'\';
143	$alert_host = \''. $dbhost .'\';
144	$alert_port = \''. $dbport .'\';
145	$alert_user = \''. $dbusername .'\';
146	$alert_password = \''. $dbpasswd .'\';
147
148	/* Archive DB connection parameters */
149	$archive_exists = \''. $arcdbexists .'\'; # Set this to 1 if you have an archive DB
150	$archive_dbname = \''. $arcdbname .'\';
151	$archive_host = \''. $arcdbhost .'\';
152	$archive_port = \''. $arcdbport .'\';
153	$archive_user = \''. $arcdbusername .'\';
154	$archive_password = \''. $arcdbpasswd .'\';
155
156	/* Type of DB connection to use
157	* 1 : use a persistant connection (pconnect)
158	* 2 : use a normal connection (connect)
159	*/
160	$db_connect_method = 1;
161
162	/* Use referential integrity
163	* 1 : use
164	* 0 : ignore (not installed)
165	*
166	* Note: Only PostgreSQL and MS-SQL Server databases support
167	* referential integrity. Use the associated
168	* create_acid_tbls_?_extra.sql script to add this
169	* functionality to the database.
170	*
171	* Referential integrity will greatly improve the
172	* speed of record deletion, but also slow record
173	* insertion.
174	*/
175	$use_referential_integrity = 0;
176
177	/* SMTP Email Alert action
178	*
179	* Requires the Pear-Mail package to be installed like so:
180	*
181	* # pear install --alldeps mail
182	*
183	*
184	* - action_email_smtp_host : Which smtp server to use
185	* - action_email_smtp_localhost : What name to use for this server in the
186	* SMTP HELO statement. You will likely need to replace this with the name
187	* of the machine running BASE when connecting to a remote mail server.
188	* - action_email_smtp_auth : Whether or not to authenticate with
189	* the smtp server
190	* 0: We do NOT authenticate ourselves towards the smtp host
191	* 1: We DO authenticate ourselves towards the smtp host
192	* with the following credentials:
193	* - action_email_smtp_user : The user name with the smtp host
194	* - action_email_smtp_pw : The password for this mail account
195	* - action_email_from : email address to use in the FROM field of the mail message
196	* MUST be the same email address as used for the SMTP account
197	* - action_email_subject : subject to use for the mail message
198	* - action_email_msg : additional text to include in the body of the mail message
199	* - action_email_mode : specifies how the alert information should be enclosed
200	* 0 : all emailed alerts should be in the body of the message
201	* 1 : all emailed alerts should be enclosed in an attachment
202	*/
203	$action_email_smtp_host = \'smtp.example.com\';
204	$action_email_smtp_localhost = \'localhost\';
205	$action_email_smtp_auth = 1;
206	$action_email_smtp_user = \'username\';
207	$action_email_smtp_pw = \'password\';
208	$action_email_from = \'smtpuser@example.com\';
209	$action_email_subject = \'BASE Incident Report\';
210	$action_email_msg = \'\';
211	$action_email_mode = 0;
212
213	/* Variable to start the ability to handle themes... */
214	$base_style = \'base_style.css\';
215
216	/* Chart default colors - (red, green, blue)
217	* - $chart_bg_color_default : background color of chart
218	* - $chart_lgrid_color_default : gridline color of chart
219	* - $chart_bar_color_default : bar/line color of chart
220	*/
221	$chart_bg_color_default = array(255,255,255);
222	$chart_lgrid_color_default = array(205,205,205);
223	$chart_bar_color_default = array(190, 5, 5);
224
225	/* Maximum number of rows per criteria element */
226	$MAX_ROWS = 10;
227
228	/* Number of rows to display for any query results */
229	$show_rows = 48;
230
231	/* Number of items to return during a snapshot
232	* Last _X_ # of alerts/unique alerts/ports/IP
233	*/
234	$last_num_alerts = 15;
235	$last_num_ualerts = 15;
236	$last_num_uports = 15;
237	$last_num_uaddr = 15;
238
239	/* Number of items to return during a snapshot
240	* Most Frequent unique alerts/IPs/ports
241	*/
242	$freq_num_alerts = 5;
243	$freq_num_uaddr = 15;
244	$freq_num_uports = 15;
245
246	/* Number of scroll buttons to use when displaying query results */
247	$max_scroll_buttons = 12;
248
249	/* Debug mode - how much debugging information should be shown
250	* Timing mode - display timing information
251	* SQL trace mode - log SQL statements
252	* 0 : no extra information
253	* 1 : debugging information
254	* 2 : extended debugging information
255	*
256	* HTML no cache - whether a no-cache directive should be sent
257	* to the browser (should be = 1 for IE)
258	*
259	* SQL trace file - file to log SQL traces
260	*/
261	$debug_mode = 0;
262	$debug_time_mode = 1;
263	$html_no_cache = 1;
264	$sql_trace_mode = 0;
265	$sql_trace_file = \'\';
266
267	/* Auto-Screen refresh
268	* - Refresh_Stat_Page - Should certain statistics pages refresh?
269	* - refresh_all_pages - Should all the pages trigger the http refresh,
270	* as well?
271	* 0: No, they should not.
272	* 1: Yes, even these pages should refresh.
273	* - Stat_Page_Refresh_Time - refresh interval (in seconds)
274	*/
275	$refresh_stat_page = 1;
276	$refresh_all_pages = 0;
277	$stat_page_refresh_time = 180;
278
279	/* Display First/Previous/Last timestamps for alerts or
280	* just First/Last on the Unique Alert listing.
281	* 1: yes
282	* 0: no
283	*/
284	$show_previous_alert = 0;
285
286	/* Sets maximum execution time (in seconds) of any particular page.
287	* Note: this overrides the PHP configuration file variable
288	* max_execution_time. Thus script can run for a total of
289	* ($max_script_runtime + max_execution_time) seconds
290	*/
291	$max_script_runtime = 180;
292
293	/* How should the IP address criteria be entered in the Search screen?
294	* 1 : each octet is a separate field
295	* 2 : entire address is as a single field
296	*/
297	$ip_address_input = 2;
298
299	/* Should a combo box with possible signatures be displayed on the
300	* search form. (Requires Javascript)
301	* 0 : disabled
302	* 1 : show only non pre-processor signatures (e.g., ignore portscans)
303	* 2 : show all signatures
304	*/
305	$use_sig_list = 0;
306
307	/* Resolve IP to FQDN (on certain queries?)
308	* 1 : yes
309	* 0 : no
310	*/
311	$resolve_IP = 0;
312
313	/* automatically expand the IP Criteria and Payload Criteria sections on the Search screen?)
314	* 1 : yes
315	* 0 : no - you need to click on them to see them
316	*/
317	$show_expanded_query = 0;
318
319	/* Should summary stats be calculated on every Query Results page
320	* (Enabling this option will slow page loading time)
321	*/
322	$show_summary_stats = 0;
323
324	/* DNS cache lifetime (in minutes) */
325	$dns_cache_lifetime = 20160;
326
327	/* Whois information cache lifetime (in minutes) */
328	$whois_cache_lifetime = 40320;
329
330	/* Snort spp_portscan log file */
331	$portscan_file = \'\';
332
333	/* Show part of portscan payload in signature */
334	$portscan_payload_in_signature = \'1\';
335
336	/* Event cache Auto-update
337	*
338	* Should the event cache be verified and updated on every
339	* page log? Otherwise, the cache will have to be explicitly
340	* updated from the \'cache and status\' page.
341	*
342	* Note: enabling this option could substantially slow down
343	* the page loading time when there are many uncached alerts.
344	* However, this is only a one-time penalty.
345	*
346	* 1 : yes
347	* 0 : no
348	*/
349	$event_cache_auto_update = 1;
350
351	/* Maintain a history of the visited pages so that the \'Back\'
352	* button can be used.
353	*
354	* Note: Enabling this option will cause the PHP-session to
355	* grow substantially after many pages have been viewed causing
356	* a slow down in page loading time. Periodically return to the
357	* main page to clear the history.
358	*
359	* 1 : yes
360	* 0 : no
361	*/
362	$maintain_history = 1;
363
364	/* Level of detail to display on the main page.
365	*
366	* Note: The presence of summary statistics will slow page loading time
367	*
368	* 1 : show both the links and summary statistics
369	* 0 : show only the links and a count of the number of alerts
370	*/
371	$main_page_detail = 1;
372
373	/* avoid count(*) whenever possible
374	*
375	* Note: On some databases (e.g., postgres) this can greatly increase
376	* performance if you have a large number of events. On other databases
377	* (e.g., mysql) this will have little to no effect. Enabling this
378	* option will prevent the number of events in the database from being
379	* shown on the main screen and will remove the percentages associated
380	* with the number of events on the alert screen.
381	*/
382	$avoid_counts = 0;
383
384	/* show links to first/last/previous event on alert screen
385	*
386	* Note: Enabling this can slow down loading of the alert screen on large
387	* databases
388	*/
389	$show_first_last_links = 0;
390
391	/*
392	* External URLs
393	*/
394
395	/* Whois query */
396	$external_whois_link = \'http://www.dnsstuff.com/tools/whois.ch?ip=\';
397
398
399	/* Local whois */
400	/* IP addresses of whois servers. Updated on Jan, 6th 2019.
401	*
402	* Name: whois.arin.net
403	* Addresses: 199.212.0.46
404	*
405	* Name: whois.apnic.net
406	* Address: 23.239.6.76
407	*
408	* Name: whois.ripe.net
409	* Address: 193.0.6.135
410	*
411	* Name: whois.nic.ad.jp
412	* Address: 192.41.192.40
413	*
414	* Name: whos.afrinic.net
415	* Address: 196.216.2.21
416	*
417	* Name: whos.lannic.net
418	* Address: 200.3.14.10
419	*/
420
421	$arin_ip = "199.212.0.46";
422	$apnic_ip = "23.239.6.76";
423	$ripe_ip = "193.0.6.135";
424	$jnic_ip = "192.41.192.40";
425	$afrinic_ip = "196.216.2.21";
426	$lacnic_ip = "200.3.14.10";
427
428
429	/* DNS query */
430	$external_dns_link = \'http://www.dnsstuff.com/tools/ptr.ch?ip=\';
431
432	/* SamSpade \'all\' query */
433	$external_all_link = \'http://www.whois.sc/\';
434
435	// TCP/UDP port database
436	$external_port_link = array(
437	\'sans\' => \'https://isc.sans.edu/data/port.html?port=\'
438	);
439
440	/* Signature references */
441	$external_sig_link = array(\'bugtraq\' => array(\'http://www.securityfocus.com/bid/\', \'\'),
442	\'snort\' => array(\'https://snort.org/rule_docs/\', \'\'),
443	\'cve\' => array(\'http://cve.mitre.org/cgi-bin/cvename.cgi?name=\', \'\'),
444	\'arachnids\' => array(\'http://www.whitehats.com/info/ids\', \'\'),
445	\'mcafee\' => array(\'http://vil.nai.com/vil/content/v_\', \'.htm\'),
446	\'icat\' => array(\'http://icat.nist.gov/icat.cfm?cvename=CAN-\', \'\'),
447	\'nessus\' => array(\'http://www.nessus.org/plugins/index.php?view=single&id=\', \'\'),
448	\'url\' => array(\'http://\', \'\'),
449	\'local\' => array(\'signatures/\', \'.txt\'),
450	\'local_rules_dir\' => array(\'rules/\', \'.rules\'),
451	\'EmThreats\' => array(\'http://docs.emergingthreats.net/\', \'\'));
452
453
454	/* Custom (user) PHP session handlers
455	*
456	* - use_user_session : sets whether user PHP session can be used (configured
457	* with the session.save_handler variable in php.ini)
458	* 0 : no
459	* 1 : yes (assuming that \'user_session_path\' and \'user_session_function\'
460	* are configured correctly)
461	* - user_session_path : file to include that implements the custom PHP session
462	* handler
463	* - user_session_function : function to invoke in the custom session
464	* implementation that will register the session handler
465	* functions
466	*/
467	$use_user_session = 0;
468	$user_session_path = \'\';
469	$user_session_function = \'\';
470
471	/**
472	* This option is used to set if BASE will use colored results
473	* based on the priority of alerts
474	* 0 : no
475	* 1 : yes
476	*/
477	$colored_alerts = 0;
478
479	// Red, yellow, orange, gray, white, green
480	$priority_colors = array (\'FF0000\',\'FFFF00\',\'FF9900\',\'999999\',\'FFFFFF\',\'006600\');
481
482
483	/** Choose a font name for the BASE charts (graph alert graphics)
484	*
485	* The fonts in the PEAR::Image::Graph / PEAR::Image::Canvas libraries
486	* are broken.
487	*
488	* Better would be a scalable font, like DejaVuSans or Verdana. A scalable
489	* font would allow us to get different (more appropriate) font sizes.
490	* However, this won\'t work without minor or major modifications of
491	* these libraries.
492	* See docs/README.graph_alert_data for details.
493	*
494	* If you do NOT manage to tweak these libraries to get a proper font,
495	* choose "Image_Graph_Font". However, this font is not scalable,
496	* i.e. a headline would have the same font size as a small label.
497	*
498	* Image_Graph_Font used to be a fail-safe font name. But for php
499	* versions >= 5.3 even this does not seem to be true, any more.
500	* So, as last resort, choose an empty string.
501	*/
502	// $graph_font_name = "Verdana";
503	$graph_font_name = "DejaVuSans";
504	// $graph_font_name = "Image_Graph_Font";
505	// $graph_font_name = "";
506
507
508	/** IP address to country support
509	*
510	* 1. First method for the mapping of ip addresses to country names:
511	*
512	* If you have installed the perl module Geo::IPfree
513	* http://search.cpan.org/CPAN/authors/id/G/GM/GMPASSOS/Geo-IPfree-0.2.tar.gz
514	* then generate the country database in readable ASCII format,
515	* similarly to this:
516	* cd /usr/lib/perl5/site_perl/5.8.8/Geo/
517	* perl ipct2txt.pl ./ipscountry.dat /var/www/html/ips-ascii.txt
518	*
519	* Set the absolute path to this database accordingly:
520	*/
521	//$Geo_IPfree_file_ascii = "/var/www/html/ips-ascii.txt";
522
523	/** 2. Second method for the mapping of ip addresses to country names:
524	*
525	* If you have installed the perl module IP::Country
526	* http://search.cpan.org/dist/IP-Country/
527	* (requires Geography::Countries as well),
528	* then uncomment and correct the absolute path to this perl executable:
529	*/
530	//$IP2CC = "/usr/bin/ip2cc";
531
532	// Include for languages
533	include("$BASE_path/languages/$BASE_Language.lang.php");
534	?>';
535	return $contents;	×
536	}
537	?>

NathanGibbs3 / BASE / 624

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous