NathanGibbs3/BASE | Build 912 | setup/base_conf_contents.php | Coveralls

1

<?php

2

/*******************************************************************************

3

** Basic Analysis and Security Engine (BASE)

4

** Copyright (C) 2004 BASE Project Team

5

** Copyright (C) 2000 Carnegie Mellon University

6

**

7

** (see the file 'base_main.php' for license details)

8

**

9

** Project Leads: Kevin Johnson <kjohnson@secureideas.net>

10

** Built upon work by Roman Danyliw <rdd@cert.org>, <roman@danyliw.com>

11

**

12

** Purpose: Vanilla Config file used for the setup program

13

********************************************************************************

14

** Authors:

15

********************************************************************************

16

** Kevin Johnson <kjohnson@secureideas.net

17

**

18

********************************************************************************

19

*/

20

21

// Ensure the conf file has been loaded.  Prevent direct access to this file.

23

24

function returnContents()

25

26

    GLOBAL $language, $useauth, $adodb, $chartlib, $uri, $dbtype, $dbhost,

27

        $dbport, $dbname, $dbusername, $dbpasswd, $arcdbexists, $arcdbhost,

28

        $arcdbport, $arcdbname, $arcdbusername, $arcdbpasswd;

29

31

/*******************************************************************************

32

** Basic Analysis and Security Engine (BASE)

33

** Copyright (C) 2004 BASE Project Team

34

** Copyright (C) 2000 Carnegie Mellon University

35

**

36

** (see the file "base_main.php" for license details)

37

**

38

** Project Leads: Kevin Johnson <kjohnson@secureideas.net>

39

** Built upon work by Roman Danyliw <rdd@cert.org>, <roman@danyliw.com>

40

**

41

** Purpose: Vanilla Config file

42

********************************************************************************

43

** Authors:

44

********************************************************************************

45

** Kevin Johnson <kjohnson@secureideas.net

46

**

47

********************************************************************************

48

*/

49

    $BASE_VERSION = \'1.4.5 (lilias)\';

50

51

// BASE Server Config settings

52

53

/*

54

     Set the $Use_Auth_System variable to 1 if you would like to force users to

55

     authenticate to use the system.  Only turn this off if the system is not

56

     accessible to the public or the network at large.  i.e. a home user testing it

57

     out!

58

*/

59

60

    $Use_Auth_System = '.$useauth.';

61

62

// Allowed Client IP addresses IPv4 or IPv6.

63

// Host

64

// $AllowedClients = 192.168.0.1

65

// $AllowedClients = fd00:0000:0000::1

66

// Subnets

67

// $AllowedClients = 192.168.0.0/24

68

// $AllowedClients = fd00:0000:0000::/48

69

70

$AllowedClients = \'\';

71

72

// Domain or subdomain on which BASE is running.

73

// Effects the domain flag in sent cookies.

74

// This DOES NOT usually need to be set.

75

$domain = \'\';

76

77

// Set the base_urlpath to the url location that is the root of your BASE

78

// install. This must be set for BASE to function! Do not include a trailing

79

// slash! But also put the preceding slash.

80

//

81

// e.g. Your URL is http://127.0.0.1/base or http://hostname/base

82

// Set this to /base

83

// e.g. Your URL is http://127.0.0.1/ or http://hostname/

84

// Set this to an empty string \'\'.

85

86

$BASE_urlpath = \''. $uri .'\';

87

88

// BASE UI Settings

89

90

// UI Icon Set to use.

91

92

$BASE_IconSet = 0;

93

94

// Set the below to the language you would like people to use while viewing

95

// your install of BASE.

96

97

$BASE_Language = \''.$language.'\';

98

99

/*

100

     Set the below to 0 to remove the links from the display of alerts.

101

*/

102

    $BASE_display_sig_links = 1;

103

104

    /* Unique BASE ID.  The below variable, if set, will append its value to the

105

     * title bar of the browser.  This is for people who manage multiple installs

106

     * of BASE and want a simple way to differentiate them on the task bar.

107

*/

108

109

    $BASE_installID = \'\';

110

111

// Name of custom footer file.

112

// If set, will cause BASE to include the specified file as a custom footer to

113

// the main page.  The custom footer file must:

114

// 1. Be located in the /custom directory.

115

// 2. End with an .html or .htm extension.

116

// 3. Not be owned by root.

117

// 4. Be readable.

118

// A sample custom footer file is in the contrib directory

119

120

$base_custom_footer = \'\';

121

122

    /* Path to the DB abstraction library

123

     *  (Note: DO NOT include a trailing backslash after the directory)

124

     *   e.g. $foo = \'/tmp\'      [OK]

125

     *        $foo = \'/tmp/\'     [OK]

126

     *        $foo = \'c:\tmp\'    [OK]

127

     *        $foo = \'c:\tmp\\\'   [WRONG]

128

*/

129

    $DBlib_path = \'' . $adodb .'\';

130

131

    /* The type of underlying alert database

132

133

     *  MySQL       : \'mysql\'

134

     *  PostgresSQL : \'postgres\'

135

     *  MS SQL Server : \'mssql\'

136

     *  Oracle      : \'oci8\'

137

*/

138

    $DBtype = \''. $dbtype .'\';

139

140

    /* Alert DB connection parameters

141

     *   - $alert_dbname   : MySQL database name of Snort alert DB

142

     *   - $alert_host     : host on which the DB is stored

143

     *   - $alert_port     : port on which to access the DB

144

     *   - $alert_user     : login to the database with this user

145

     *   - $alert_password : password of the DB user

146

147

     *  This information can be gleaned from the Snort database

148

     *  output plugin configuration.

149

*/

150

    $alert_dbname   = \''. $dbname .'\';

151

    $alert_host     = \''. $dbhost .'\';

152

    $alert_port     = \''. $dbport .'\';

153

    $alert_user     = \''. $dbusername .'\';

154

    $alert_password = \''. $dbpasswd .'\';

155

156

    /* Archive DB connection parameters */

157

    $archive_exists   = \''. $arcdbexists .'\'; # Set this to 1 if you have an archive DB

158

    $archive_dbname   = \''. $arcdbname .'\';

159

    $archive_host     = \''. $arcdbhost .'\';

160

    $archive_port     = \''. $arcdbport .'\';

161

    $archive_user     = \''. $arcdbusername .'\';

162

    $archive_password = \''. $arcdbpasswd .'\';

163

164

    /* Type of DB connection to use

165

     *   1  : use a persistant connection (pconnect)

166

     *   2  : use a normal connection (connect)

167

*/

168

    $db_connect_method = 1;

169

170

    /* Use referential integrity

171

     *   1  : use

172

     *   0  : ignore (not installed)

173

174

     * Note: Only PostgreSQL and MS-SQL Server databases support

175

     *       referential integrity.  Use the associated

176

     *       create_acid_tbls_?_extra.sql script to add this

177

     *       functionality to the database.

178

179

     *       Referential integrity will greatly improve the

180

     *       speed of record deletion, but also slow record

181

     *       insertion.

182

*/

183

                $use_referential_integrity = 0;

184

185

                /* SMTP Email Alert action

186

187

     * Requires the Pear-Mail package to be installed like so:

188

189

     * # pear install --alldeps mail

190

191

192

     * - action_email_smtp_host : Which smtp server to use

193

     * - action_email_smtp_localhost : What name to use for this server in the

194

     *   SMTP HELO statement. You will likely need to replace this with the name

195

     *   of the machine running BASE when connecting to a remote mail server.

196

     * - action_email_smtp_auth : Whether or not to authenticate with

197

     *                            the smtp server

198

     *     0: We do NOT authenticate ourselves towards the smtp host

199

     *     1: We DO authenticate ourselves towards the smtp host

200

     *        with the following credentials:

201

     * - action_email_smtp_user : The user name with the smtp host

202

     * - action_email_smtp_pw : The password for this mail account

203

     * - action_email_from : email address to use in the FROM field of the mail message

204

     *                       MUST be the same email address as used for the SMTP account

205

     * - action_email_subject : subject to use for the mail message

206

     * - action_email_msg : additional text to include in the body of the mail message

207

     * - action_email_mode : specifies how the alert information should be enclosed

208

     *     0 : all emailed alerts should be in the body of the message

209

     *     1 : all emailed alerts should be enclosed in an attachment

210

*/

211

     $action_email_smtp_host = \'smtp.example.com\';

212

     $action_email_smtp_localhost = \'localhost\';

213

     $action_email_smtp_auth = 1;

214

     $action_email_smtp_user = \'username\';

215

     $action_email_smtp_pw = \'password\';

216

     $action_email_from = \'smtpuser@example.com\';

217

     $action_email_subject = \'BASE Incident Report\';

218

     $action_email_msg = \'\';

219

     $action_email_mode = 0;

220

221

                /* Variable to start the ability to handle themes... */

222

                $base_style = \'base_style.css\';

223

224

                /* Chart default colors - (red, green, blue)

225

                 *    - $chart_bg_color_default    : background color of chart

226

                 *    - $chart_lgrid_color_default : gridline color of chart

227

                 *    - $chart_bar_color_default   : bar/line color of chart

228

*/

229

                $chart_bg_color_default     = array(255,255,255);

230

                $chart_lgrid_color_default  = array(205,205,205);

231

                $chart_bar_color_default    = array(190, 5, 5);

232

233

                /* Maximum number of rows per criteria element */

234

                $MAX_ROWS = 10;

235

236

                /* Number of rows to display for any query results */

237

                $show_rows = 48;

238

239

                /* Number of items to return during a snapshot

240

                 *  Last _X_ # of alerts/unique alerts/ports/IP

241

*/

242

                $last_num_alerts = 15;

243

                $last_num_ualerts = 15;

244

                $last_num_uports = 15;

245

                $last_num_uaddr = 15;

246

247

                /* Number of items to return during a snapshot

248

                 *  Most Frequent unique alerts/IPs/ports

249

*/

250

                $freq_num_alerts = 5;

251

                $freq_num_uaddr = 15;

252

                $freq_num_uports = 15;

253

254

                /* Number of scroll buttons to use when displaying query results */

255

                $max_scroll_buttons = 12;

256

257

                /* Debug mode     - how much debugging information should be shown

258

                 * Timing mode    - display timing information

259

                 * SQL trace mode - log SQL statements

260

                 *   0 : no extra information

261

                 *   1 : debugging information

262

                 *   2 : extended debugging information

263

264

                 * HTML no cache - whether a no-cache directive should be sent

265

                 *                 to the browser (should be = 1 for IE)

266

267

                 * SQL trace file - file to log SQL traces

268

*/

269

                $debug_mode = 0;

270

                $debug_time_mode = 1;

271

                $html_no_cache = 1;

272

                $sql_trace_mode = 0;

273

                $sql_trace_file = \'\';

274

275

                /* Auto-Screen refresh

276

                 * - Refresh_Stat_Page - Should certain statistics pages refresh?

277

                 * - refresh_all_pages - Should all the pages trigger the http refresh,

278

                 *                       as well?

279

                 *                       0: No, they should not.

280

                 *                       1: Yes, even these pages should refresh.

281

                 * - Stat_Page_Refresh_Time - refresh interval (in seconds)

282

*/

283

                $refresh_stat_page = 1;

284

                $refresh_all_pages = 0;

285

                $stat_page_refresh_time = 180;

286

287

                /* Display First/Previous/Last timestamps for alerts or

288

                 * just First/Last on the Unique Alert listing.

289

                 *    1: yes

290

                 *    0: no

291

*/

292

                $show_previous_alert = 0;

293

294

                /* Sets maximum execution time (in seconds) of any particular page.

295

                 * Note: this overrides the PHP configuration file variable

296

                 *       max_execution_time.  Thus script can run for a total of

297

                 *       ($max_script_runtime + max_execution_time) seconds

298

*/

299

                $max_script_runtime = 180;

300

301

    /* How should the IP address criteria be entered in the Search screen?

302

     *   1 : each octet is a separate field

303

     *   2 : entire address is as a single field

304

*/

305

    $ip_address_input = 2;

306

307

    /* Should a combo box with possible signatures be displayed on the

308

     * search form. (Requires Javascript)

309

     *   0 : disabled

310

     *   1 : show only non pre-processor signatures (e.g., ignore portscans)

311

     *   2 : show all signatures

312

*/

313

    $use_sig_list = 0;

314

315

    /* Resolve IP to FQDN (on certain queries?)

316

     *    1 : yes

317

     *    0 : no

318

*/

319

    $resolve_IP = 0;

320

321

    /* automatically expand the IP Criteria and Payload Criteria sections on the Search screen?)

322

     *    1 : yes

323

     *    0 : no - you need to click on them to see them

324

*/

325

    $show_expanded_query = 0;

326

327

    /* Should summary stats be calculated on every Query Results page

328

     * (Enabling this option will slow page loading time)

329

*/

330

    $show_summary_stats = 0;

331

332

    /* DNS cache lifetime (in minutes) */

333

    $dns_cache_lifetime = 20160;

334

335

    /* Whois information cache lifetime (in minutes) */

336

    $whois_cache_lifetime = 40320;

337

338

    /* Snort spp_portscan log file */

339

    $portscan_file = \'\';

340

341

    /* Show part of portscan payload in signature */

342

    $portscan_payload_in_signature = \'1\';

343

344

    /* Event cache Auto-update

345

346

     *  Should the event cache be verified and updated on every

347

     *  page log?  Otherwise, the cache will have to be explicitly

348

     *  updated from the \'cache and status\' page.

349

350

     *  Note: enabling this option could substantially slow down

351

     *  the page loading time when there are many uncached alerts.

352

     *  However, this is only a one-time penalty.

353

354

     *   1 : yes

355

     *   0 : no

356

*/

357

    $event_cache_auto_update = 1;

358

359

    /* Maintain a history of the visited pages so that the \'Back\'

360

     * button can be used.

361

362

     * Note: Enabling this option will cause the PHP-session to

363

     * grow substantially after many pages have been viewed causing

364

     * a slow down in page loading time. Periodically return to the

365

     * main page to clear the history.

366

367

     *   1 : yes

368

     *   0 : no

369

*/

370

    $maintain_history = 1;

371

372

    /* Level of detail to display on the main page.

373

374

     * Note: The presence of summary statistics will slow page loading time

375

376

     *   1 : show both the links and summary statistics

377

     *   0 : show only the links and a count of the number of alerts

378

*/

379

    $main_page_detail = 1;

380

381

    /* avoid count(*) whenever possible

382

383

     * Note: On some databases (e.g., postgres) this can greatly increase

384

     * performance if you have a large number of events. On other databases

385

     * (e.g., mysql) this will have little to no effect. Enabling this

386

     * option will prevent the number of events in the database from being

387

     * shown on the main screen and will remove the percentages associated

388

     * with the number of events on the alert screen.

389

*/

390

    $avoid_counts = 0;

391

392

    /* show links to first/last/previous event on alert screen

393

394

     * Note: Enabling this can slow down loading of the alert screen on large

395

     * databases

396

*/

397

    $show_first_last_links = 0;

398

399

/*

400

     * External URLs

401

*/

402

403

    /* Whois query */

404

    $external_whois_link = \'http://www.dnsstuff.com/tools/whois.ch?ip=\';

405

406

407

                /* Local whois */

408

                /* IP addresses of whois servers. Updated on Jan, 6th 2019.

409

410

                 * Name:                whois.arin.net

411

                 * Addresses:        199.212.0.46

412

413

                 * Name:                whois.apnic.net

414

                 * Address:                23.239.6.76

415

416

                 * Name:                whois.ripe.net

417

                 * Address:                193.0.6.135

418

419

                 * Name:                whois.nic.ad.jp

420

                 * Address:                192.41.192.40

421

422

                 * Name:                whos.afrinic.net

423

                 * Address:                196.216.2.21

424

425

                 * Name:                whos.lannic.net

426

                 * Address:                200.3.14.10

427

*/

428

429

$arin_ip  = "199.212.0.46";

430

$apnic_ip = "23.239.6.76";

431

$ripe_ip  = "193.0.6.135";

432

$jnic_ip  = "192.41.192.40";

433

$afrinic_ip = "196.216.2.21";

434

$lacnic_ip = "200.3.14.10";

435

436

437

     /* DNS query */

438

    $external_dns_link = \'http://www.dnsstuff.com/tools/ptr.ch?ip=\';

439

440

    /* SamSpade \'all\' query */

441

    $external_all_link = \'http://www.whois.sc/\';

442

443

// TCP/UDP port database

444

$external_port_link = array(

445

        \'sans\'     => \'https://isc.sans.edu/data/port.html?port=\'

446

);

447

448

    /* Signature references */

449

    $external_sig_link = array(\'bugtraq\'   => array(\'http://www.securityfocus.com/bid/\', \'\'),

450

                               \'snort\'     => array(\'https://snort.org/rule_docs/\', \'\'),

451

                               \'cve\'       => array(\'http://cve.mitre.org/cgi-bin/cvename.cgi?name=\', \'\'),

452

                               \'arachnids\' => array(\'http://www.whitehats.com/info/ids\', \'\'),

453

                               \'mcafee\'    => array(\'http://vil.nai.com/vil/content/v_\', \'.htm\'),

454

                               \'icat\'      => array(\'http://icat.nist.gov/icat.cfm?cvename=CAN-\', \'\'),

455

                               \'nessus\'    => array(\'http://www.nessus.org/plugins/index.php?view=single&amp;id=\', \'\'),

456

                               \'url\'       => array(\'http://\', \'\'),

457

                               \'local\'     => array(\'signatures/\', \'.txt\'),

458

                               \'local_rules_dir\' => array(\'rules/\', \'.rules\'),

459

                               \'EmThreats\'  => array(\'http://docs.emergingthreats.net/\', \'\'));

460

461

462

    /* Custom (user) PHP session handlers

463

464

     * - use_user_session : sets whether user PHP session can be used (configured

465

     *                      with the session.save_handler variable in php.ini)

466

     *      0 : no

467

     *      1 : yes (assuming that \'user_session_path\' and \'user_session_function\'

468

     *               are configured correctly)

469

     * - user_session_path : file to include that implements the custom PHP session

470

     *                       handler

471

     * - user_session_function : function to invoke in the custom session

472

     *                           implementation that will register the session handler

473

     *                           functions

474

*/

475

    $use_user_session = 0;

476

    $user_session_path = \'\';

477

    $user_session_function = \'\';

478

479

/**

480

     * This option is used to set if BASE will use colored results

481

     * based on the priority of alerts

482

     * 0 : no

483

     * 1 : yes

484

*/

485

    $colored_alerts = 0;

486

487

    // Red, yellow, orange, gray, white, green

488

    $priority_colors = array (\'FF0000\',\'FFFF00\',\'FF9900\',\'999999\',\'FFFFFF\',\'006600\');

489

490

491

                /** Choose a font name for the BASE charts (graph alert graphics)

492

493

                 * The fonts in the PEAR::Image::Graph / PEAR::Image::Canvas libraries

494

                 * are broken.

495

496

                 * Better would be a scalable font, like DejaVuSans or Verdana.  A scalable

497

                 * font would allow us to get different (more appropriate) font sizes.

498

                 * However, this won\'t work without minor or major modifications of

499

                 * these libraries.

500

                 * See docs/README.graph_alert_data for details.

501

502

                 * If you do NOT manage to tweak these libraries to get a proper font,

503

                 * choose "Image_Graph_Font".  However, this font is not scalable,

504

                 * i.e. a headline would have the same font size as a small label.

505

506

                 * Image_Graph_Font used to be a fail-safe font name.  But for php

507

                 * versions >= 5.3 even this does not seem to be true, any more.

508

                 * So, as last resort, choose an empty string.

509

*/

510

                // $graph_font_name = "Verdana";

511

           $graph_font_name = "DejaVuSans";

512

                // $graph_font_name = "Image_Graph_Font";

513

                // $graph_font_name = "";

514

515

516

    /** IP address to country support

517

518

     * 1. First method for the mapping of ip addresses to country names:

519

520

     * If you have installed the perl module Geo::IPfree

521

     * http://search.cpan.org/CPAN/authors/id/G/GM/GMPASSOS/Geo-IPfree-0.2.tar.gz

522

     * then generate the country database in readable ASCII format,

523

     * similarly to this:

524

     *         cd /usr/lib/perl5/site_perl/5.8.8/Geo/

525

     *         perl ipct2txt.pl ./ipscountry.dat /var/www/html/ips-ascii.txt

526

527

     * Set the absolute path to this database accordingly:

528

*/

529

     //$Geo_IPfree_file_ascii = "/var/www/html/ips-ascii.txt";

530

531

    /** 2. Second method for the mapping of ip addresses to country names:

532

533

     * If you have installed the perl module IP::Country

534

     * http://search.cpan.org/dist/IP-Country/

535

     * (requires Geography::Countries as well),

536

     * then uncomment and correct the absolute path to this perl executable:

537

*/

538

     //$IP2CC = "/usr/bin/ip2cc";

539

540

    // Include for languages

541

    include("$BASE_path/languages/$BASE_Language.lang.php");

542

    ?>';

544

545

?>

NathanGibbs3 / BASE / 627

Source File
Press 'n' to go to next uncovered line, 'b' for previous

1	<?php
2	/*******************************************************************************
3	** Basic Analysis and Security Engine (BASE)
4	** Copyright (C) 2004 BASE Project Team
5	** Copyright (C) 2000 Carnegie Mellon University
6	**
7	** (see the file 'base_main.php' for license details)
8	**
9	** Project Leads: Kevin Johnson <kjohnson@secureideas.net>
10	** Built upon work by Roman Danyliw <rdd@cert.org>, <roman@danyliw.com>
11	**
12	** Purpose: Vanilla Config file used for the setup program
13	********************************************************************************
14	** Authors:
15	********************************************************************************
16	** Kevin Johnson <kjohnson@secureideas.net
17	**
18	********************************************************************************
19	*/
20
21	// Ensure the conf file has been loaded. Prevent direct access to this file.
22	defined( '_BASE_INC' ) or die( 'Accessing this file directly is not allowed.' );	×
23
24	function returnContents()
25	{
26	GLOBAL $language, $useauth, $adodb, $chartlib, $uri, $dbtype, $dbhost,
27	$dbport, $dbname, $dbusername, $dbpasswd, $arcdbexists, $arcdbhost,
28	$arcdbport, $arcdbname, $arcdbusername, $arcdbpasswd;
29
30	$contents = '<?php	×
31	/*******************************************************************************
32	** Basic Analysis and Security Engine (BASE)
33	** Copyright (C) 2004 BASE Project Team
34	** Copyright (C) 2000 Carnegie Mellon University
35	**
36	** (see the file "base_main.php" for license details)
37	**
38	** Project Leads: Kevin Johnson <kjohnson@secureideas.net>
39	** Built upon work by Roman Danyliw <rdd@cert.org>, <roman@danyliw.com>
40	**
41	** Purpose: Vanilla Config file
42	********************************************************************************
43	** Authors:
44	********************************************************************************
45	** Kevin Johnson <kjohnson@secureideas.net
46	**
47	********************************************************************************
48	*/
49	$BASE_VERSION = \'1.4.5 (lilias)\';
50
51	// BASE Server Config settings
52
53	/*
54	Set the $Use_Auth_System variable to 1 if you would like to force users to
55	authenticate to use the system. Only turn this off if the system is not
56	accessible to the public or the network at large. i.e. a home user testing it
57	out!
58	*/
59
60	$Use_Auth_System = '.$useauth.';
61
62	// Allowed Client IP addresses IPv4 or IPv6.
63	// Host
64	// $AllowedClients = 192.168.0.1
65	// $AllowedClients = fd00:0000:0000::1
66	// Subnets
67	// $AllowedClients = 192.168.0.0/24
68	// $AllowedClients = fd00:0000:0000::/48
69
70	$AllowedClients = \'\';
71
72	// Domain or subdomain on which BASE is running.
73	// Effects the domain flag in sent cookies.
74	// This DOES NOT usually need to be set.
75	$domain = \'\';
76
77	// Set the base_urlpath to the url location that is the root of your BASE
78	// install. This must be set for BASE to function! Do not include a trailing
79	// slash! But also put the preceding slash.
80	//
81	// e.g. Your URL is http://127.0.0.1/base or http://hostname/base
82	// Set this to /base
83	// e.g. Your URL is http://127.0.0.1/ or http://hostname/
84	// Set this to an empty string \'\'.
85
86	$BASE_urlpath = \''. $uri .'\';
87
88	// BASE UI Settings
89
90	// UI Icon Set to use.
91
92	$BASE_IconSet = 0;
93
94	// Set the below to the language you would like people to use while viewing
95	// your install of BASE.
96
97	$BASE_Language = \''.$language.'\';
98
99	/*
100	Set the below to 0 to remove the links from the display of alerts.
101	*/
102	$BASE_display_sig_links = 1;
103
104	/* Unique BASE ID. The below variable, if set, will append its value to the
105	* title bar of the browser. This is for people who manage multiple installs
106	* of BASE and want a simple way to differentiate them on the task bar.
107	*/
108
109	$BASE_installID = \'\';
110
111	// Name of custom footer file.
112	// If set, will cause BASE to include the specified file as a custom footer to
113	// the main page. The custom footer file must:
114	// 1. Be located in the /custom directory.
115	// 2. End with an .html or .htm extension.
116	// 3. Not be owned by root.
117	// 4. Be readable.
118	// A sample custom footer file is in the contrib directory
119
120	$base_custom_footer = \'\';
121
122	/* Path to the DB abstraction library
123	* (Note: DO NOT include a trailing backslash after the directory)
124	* e.g. $foo = \'/tmp\' [OK]
125	* $foo = \'/tmp/\' [OK]
126	* $foo = \'c:\tmp\' [OK]
127	* $foo = \'c:\tmp\\\' [WRONG]
128	*/
129	$DBlib_path = \'' . $adodb .'\';
130
131	/* The type of underlying alert database
132	*
133	* MySQL : \'mysql\'
134	* PostgresSQL : \'postgres\'
135	* MS SQL Server : \'mssql\'
136	* Oracle : \'oci8\'
137	*/
138	$DBtype = \''. $dbtype .'\';
139
140	/* Alert DB connection parameters
141	* - $alert_dbname : MySQL database name of Snort alert DB
142	* - $alert_host : host on which the DB is stored
143	* - $alert_port : port on which to access the DB
144	* - $alert_user : login to the database with this user
145	* - $alert_password : password of the DB user
146	*
147	* This information can be gleaned from the Snort database
148	* output plugin configuration.
149	*/
150	$alert_dbname = \''. $dbname .'\';
151	$alert_host = \''. $dbhost .'\';
152	$alert_port = \''. $dbport .'\';
153	$alert_user = \''. $dbusername .'\';
154	$alert_password = \''. $dbpasswd .'\';
155
156	/* Archive DB connection parameters */
157	$archive_exists = \''. $arcdbexists .'\'; # Set this to 1 if you have an archive DB
158	$archive_dbname = \''. $arcdbname .'\';
159	$archive_host = \''. $arcdbhost .'\';
160	$archive_port = \''. $arcdbport .'\';
161	$archive_user = \''. $arcdbusername .'\';
162	$archive_password = \''. $arcdbpasswd .'\';
163
164	/* Type of DB connection to use
165	* 1 : use a persistant connection (pconnect)
166	* 2 : use a normal connection (connect)
167	*/
168	$db_connect_method = 1;
169
170	/* Use referential integrity
171	* 1 : use
172	* 0 : ignore (not installed)
173	*
174	* Note: Only PostgreSQL and MS-SQL Server databases support
175	* referential integrity. Use the associated
176	* create_acid_tbls_?_extra.sql script to add this
177	* functionality to the database.
178	*
179	* Referential integrity will greatly improve the
180	* speed of record deletion, but also slow record
181	* insertion.
182	*/
183	$use_referential_integrity = 0;
184
185	/* SMTP Email Alert action
186	*
187	* Requires the Pear-Mail package to be installed like so:
188	*
189	* # pear install --alldeps mail
190	*
191	*
192	* - action_email_smtp_host : Which smtp server to use
193	* - action_email_smtp_localhost : What name to use for this server in the
194	* SMTP HELO statement. You will likely need to replace this with the name
195	* of the machine running BASE when connecting to a remote mail server.
196	* - action_email_smtp_auth : Whether or not to authenticate with
197	* the smtp server
198	* 0: We do NOT authenticate ourselves towards the smtp host
199	* 1: We DO authenticate ourselves towards the smtp host
200	* with the following credentials:
201	* - action_email_smtp_user : The user name with the smtp host
202	* - action_email_smtp_pw : The password for this mail account
203	* - action_email_from : email address to use in the FROM field of the mail message
204	* MUST be the same email address as used for the SMTP account
205	* - action_email_subject : subject to use for the mail message
206	* - action_email_msg : additional text to include in the body of the mail message
207	* - action_email_mode : specifies how the alert information should be enclosed
208	* 0 : all emailed alerts should be in the body of the message
209	* 1 : all emailed alerts should be enclosed in an attachment
210	*/
211	$action_email_smtp_host = \'smtp.example.com\';
212	$action_email_smtp_localhost = \'localhost\';
213	$action_email_smtp_auth = 1;
214	$action_email_smtp_user = \'username\';
215	$action_email_smtp_pw = \'password\';
216	$action_email_from = \'smtpuser@example.com\';
217	$action_email_subject = \'BASE Incident Report\';
218	$action_email_msg = \'\';
219	$action_email_mode = 0;
220
221	/* Variable to start the ability to handle themes... */
222	$base_style = \'base_style.css\';
223
224	/* Chart default colors - (red, green, blue)
225	* - $chart_bg_color_default : background color of chart
226	* - $chart_lgrid_color_default : gridline color of chart
227	* - $chart_bar_color_default : bar/line color of chart
228	*/
229	$chart_bg_color_default = array(255,255,255);
230	$chart_lgrid_color_default = array(205,205,205);
231	$chart_bar_color_default = array(190, 5, 5);
232
233	/* Maximum number of rows per criteria element */
234	$MAX_ROWS = 10;
235
236	/* Number of rows to display for any query results */
237	$show_rows = 48;
238
239	/* Number of items to return during a snapshot
240	* Last _X_ # of alerts/unique alerts/ports/IP
241	*/
242	$last_num_alerts = 15;
243	$last_num_ualerts = 15;
244	$last_num_uports = 15;
245	$last_num_uaddr = 15;
246
247	/* Number of items to return during a snapshot
248	* Most Frequent unique alerts/IPs/ports
249	*/
250	$freq_num_alerts = 5;
251	$freq_num_uaddr = 15;
252	$freq_num_uports = 15;
253
254	/* Number of scroll buttons to use when displaying query results */
255	$max_scroll_buttons = 12;
256
257	/* Debug mode - how much debugging information should be shown
258	* Timing mode - display timing information
259	* SQL trace mode - log SQL statements
260	* 0 : no extra information
261	* 1 : debugging information
262	* 2 : extended debugging information
263	*
264	* HTML no cache - whether a no-cache directive should be sent
265	* to the browser (should be = 1 for IE)
266	*
267	* SQL trace file - file to log SQL traces
268	*/
269	$debug_mode = 0;
270	$debug_time_mode = 1;
271	$html_no_cache = 1;
272	$sql_trace_mode = 0;
273	$sql_trace_file = \'\';
274
275	/* Auto-Screen refresh
276	* - Refresh_Stat_Page - Should certain statistics pages refresh?
277	* - refresh_all_pages - Should all the pages trigger the http refresh,
278	* as well?
279	* 0: No, they should not.
280	* 1: Yes, even these pages should refresh.
281	* - Stat_Page_Refresh_Time - refresh interval (in seconds)
282	*/
283	$refresh_stat_page = 1;
284	$refresh_all_pages = 0;
285	$stat_page_refresh_time = 180;
286
287	/* Display First/Previous/Last timestamps for alerts or
288	* just First/Last on the Unique Alert listing.
289	* 1: yes
290	* 0: no
291	*/
292	$show_previous_alert = 0;
293
294	/* Sets maximum execution time (in seconds) of any particular page.
295	* Note: this overrides the PHP configuration file variable
296	* max_execution_time. Thus script can run for a total of
297	* ($max_script_runtime + max_execution_time) seconds
298	*/
299	$max_script_runtime = 180;
300
301	/* How should the IP address criteria be entered in the Search screen?
302	* 1 : each octet is a separate field
303	* 2 : entire address is as a single field
304	*/
305	$ip_address_input = 2;
306
307	/* Should a combo box with possible signatures be displayed on the
308	* search form. (Requires Javascript)
309	* 0 : disabled
310	* 1 : show only non pre-processor signatures (e.g., ignore portscans)
311	* 2 : show all signatures
312	*/
313	$use_sig_list = 0;
314
315	/* Resolve IP to FQDN (on certain queries?)
316	* 1 : yes
317	* 0 : no
318	*/
319	$resolve_IP = 0;
320
321	/* automatically expand the IP Criteria and Payload Criteria sections on the Search screen?)
322	* 1 : yes
323	* 0 : no - you need to click on them to see them
324	*/
325	$show_expanded_query = 0;
326
327	/* Should summary stats be calculated on every Query Results page
328	* (Enabling this option will slow page loading time)
329	*/
330	$show_summary_stats = 0;
331
332	/* DNS cache lifetime (in minutes) */
333	$dns_cache_lifetime = 20160;
334
335	/* Whois information cache lifetime (in minutes) */
336	$whois_cache_lifetime = 40320;
337
338	/* Snort spp_portscan log file */
339	$portscan_file = \'\';
340
341	/* Show part of portscan payload in signature */
342	$portscan_payload_in_signature = \'1\';
343
344	/* Event cache Auto-update
345	*
346	* Should the event cache be verified and updated on every
347	* page log? Otherwise, the cache will have to be explicitly
348	* updated from the \'cache and status\' page.
349	*
350	* Note: enabling this option could substantially slow down
351	* the page loading time when there are many uncached alerts.
352	* However, this is only a one-time penalty.
353	*
354	* 1 : yes
355	* 0 : no
356	*/
357	$event_cache_auto_update = 1;
358
359	/* Maintain a history of the visited pages so that the \'Back\'
360	* button can be used.
361	*
362	* Note: Enabling this option will cause the PHP-session to
363	* grow substantially after many pages have been viewed causing
364	* a slow down in page loading time. Periodically return to the
365	* main page to clear the history.
366	*
367	* 1 : yes
368	* 0 : no
369	*/
370	$maintain_history = 1;
371
372	/* Level of detail to display on the main page.
373	*
374	* Note: The presence of summary statistics will slow page loading time
375	*
376	* 1 : show both the links and summary statistics
377	* 0 : show only the links and a count of the number of alerts
378	*/
379	$main_page_detail = 1;
380
381	/* avoid count(*) whenever possible
382	*
383	* Note: On some databases (e.g., postgres) this can greatly increase
384	* performance if you have a large number of events. On other databases
385	* (e.g., mysql) this will have little to no effect. Enabling this
386	* option will prevent the number of events in the database from being
387	* shown on the main screen and will remove the percentages associated
388	* with the number of events on the alert screen.
389	*/
390	$avoid_counts = 0;
391
392	/* show links to first/last/previous event on alert screen
393	*
394	* Note: Enabling this can slow down loading of the alert screen on large
395	* databases
396	*/
397	$show_first_last_links = 0;
398
399	/*
400	* External URLs
401	*/
402
403	/* Whois query */
404	$external_whois_link = \'http://www.dnsstuff.com/tools/whois.ch?ip=\';
405
406
407	/* Local whois */
408	/* IP addresses of whois servers. Updated on Jan, 6th 2019.
409	*
410	* Name: whois.arin.net
411	* Addresses: 199.212.0.46
412	*
413	* Name: whois.apnic.net
414	* Address: 23.239.6.76
415	*
416	* Name: whois.ripe.net
417	* Address: 193.0.6.135
418	*
419	* Name: whois.nic.ad.jp
420	* Address: 192.41.192.40
421	*
422	* Name: whos.afrinic.net
423	* Address: 196.216.2.21
424	*
425	* Name: whos.lannic.net
426	* Address: 200.3.14.10
427	*/
428
429	$arin_ip = "199.212.0.46";
430	$apnic_ip = "23.239.6.76";
431	$ripe_ip = "193.0.6.135";
432	$jnic_ip = "192.41.192.40";
433	$afrinic_ip = "196.216.2.21";
434	$lacnic_ip = "200.3.14.10";
435
436
437	/* DNS query */
438	$external_dns_link = \'http://www.dnsstuff.com/tools/ptr.ch?ip=\';
439
440	/* SamSpade \'all\' query */
441	$external_all_link = \'http://www.whois.sc/\';
442
443	// TCP/UDP port database
444	$external_port_link = array(
445	\'sans\' => \'https://isc.sans.edu/data/port.html?port=\'
446	);
447
448	/* Signature references */
449	$external_sig_link = array(\'bugtraq\' => array(\'http://www.securityfocus.com/bid/\', \'\'),
450	\'snort\' => array(\'https://snort.org/rule_docs/\', \'\'),
451	\'cve\' => array(\'http://cve.mitre.org/cgi-bin/cvename.cgi?name=\', \'\'),
452	\'arachnids\' => array(\'http://www.whitehats.com/info/ids\', \'\'),
453	\'mcafee\' => array(\'http://vil.nai.com/vil/content/v_\', \'.htm\'),
454	\'icat\' => array(\'http://icat.nist.gov/icat.cfm?cvename=CAN-\', \'\'),
455	\'nessus\' => array(\'http://www.nessus.org/plugins/index.php?view=single&id=\', \'\'),
456	\'url\' => array(\'http://\', \'\'),
457	\'local\' => array(\'signatures/\', \'.txt\'),
458	\'local_rules_dir\' => array(\'rules/\', \'.rules\'),
459	\'EmThreats\' => array(\'http://docs.emergingthreats.net/\', \'\'));
460
461
462	/* Custom (user) PHP session handlers
463	*
464	* - use_user_session : sets whether user PHP session can be used (configured
465	* with the session.save_handler variable in php.ini)
466	* 0 : no
467	* 1 : yes (assuming that \'user_session_path\' and \'user_session_function\'
468	* are configured correctly)
469	* - user_session_path : file to include that implements the custom PHP session
470	* handler
471	* - user_session_function : function to invoke in the custom session
472	* implementation that will register the session handler
473	* functions
474	*/
475	$use_user_session = 0;
476	$user_session_path = \'\';
477	$user_session_function = \'\';
478
479	/**
480	* This option is used to set if BASE will use colored results
481	* based on the priority of alerts
482	* 0 : no
483	* 1 : yes
484	*/
485	$colored_alerts = 0;
486
487	// Red, yellow, orange, gray, white, green
488	$priority_colors = array (\'FF0000\',\'FFFF00\',\'FF9900\',\'999999\',\'FFFFFF\',\'006600\');
489
490
491	/** Choose a font name for the BASE charts (graph alert graphics)
492	*
493	* The fonts in the PEAR::Image::Graph / PEAR::Image::Canvas libraries
494	* are broken.
495	*
496	* Better would be a scalable font, like DejaVuSans or Verdana. A scalable
497	* font would allow us to get different (more appropriate) font sizes.
498	* However, this won\'t work without minor or major modifications of
499	* these libraries.
500	* See docs/README.graph_alert_data for details.
501	*
502	* If you do NOT manage to tweak these libraries to get a proper font,
503	* choose "Image_Graph_Font". However, this font is not scalable,
504	* i.e. a headline would have the same font size as a small label.
505	*
506	* Image_Graph_Font used to be a fail-safe font name. But for php
507	* versions >= 5.3 even this does not seem to be true, any more.
508	* So, as last resort, choose an empty string.
509	*/
510	// $graph_font_name = "Verdana";
511	$graph_font_name = "DejaVuSans";
512	// $graph_font_name = "Image_Graph_Font";
513	// $graph_font_name = "";
514
515
516	/** IP address to country support
517	*
518	* 1. First method for the mapping of ip addresses to country names:
519	*
520	* If you have installed the perl module Geo::IPfree
521	* http://search.cpan.org/CPAN/authors/id/G/GM/GMPASSOS/Geo-IPfree-0.2.tar.gz
522	* then generate the country database in readable ASCII format,
523	* similarly to this:
524	* cd /usr/lib/perl5/site_perl/5.8.8/Geo/
525	* perl ipct2txt.pl ./ipscountry.dat /var/www/html/ips-ascii.txt
526	*
527	* Set the absolute path to this database accordingly:
528	*/
529	//$Geo_IPfree_file_ascii = "/var/www/html/ips-ascii.txt";
530
531	/** 2. Second method for the mapping of ip addresses to country names:
532	*
533	* If you have installed the perl module IP::Country
534	* http://search.cpan.org/dist/IP-Country/
535	* (requires Geography::Countries as well),
536	* then uncomment and correct the absolute path to this perl executable:
537	*/
538	//$IP2CC = "/usr/bin/ip2cc";
539
540	// Include for languages
541	include("$BASE_path/languages/$BASE_Language.lang.php");
542	?>';
543	return $contents;	×
544	}
545	?>

NathanGibbs3 / BASE / 627

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous