具体出现的界面如下:
<?php
/*
** Copyright (C) 2000 Carnegie Mellon University
**
** Author: Roman Danyliw <
rdd@cert.org>, <
roman@danyliw.com>
**
** This program is free software; you can redistribute it and/or modify
** it under the terms of the GNU General Public License as published by
** the Free Software Foundation; either version 2 of the License, or
** (at your option) any later version.
**
** This program is distributed in the hope that it will be useful,
** but WITHOUT ANY WARRANTY; without even the implied warranty of
** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
** GNU General Public License for more details.
**
** You should have received a copy of the GNU General Public License
** along with this program; if not, write to the Free Software
** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
/*
* Analysis Console for Incident Databases (ACID) by Roman Danyliw
*
* This application was developed at the CERT Coordination Center as a part
* of the AIRCERT project.
*
* See
http://www.cert.org/kb/acid for the most up to date
* information and documentation about this application.
*
* Purpose:
*
* ACID is an PHP-based analysis engine to search and process
* a database of security incidents generated by the NIDS Snort.
*
* Configuration:
*
* See the 'README' file, and 'acid.conf'
*
*/
?>
<?php
$start = time();
include("acid_conf.php");
include("acid_include.inc");
include_once("acid_common.php");
include_once("acid_stat_common.php");
include_once("acid_db_common.php");
RegisterGlobalState();
//InitGlobalState();
/* Initialize the history */
$HTTP_SESSION_VARS = NULL;
InitArray($HTTP_SESSION_VARS['back_list'], 1, 3, "");
$HTTP_SESSION_VARS['back_list_cnt'] = 0;
PushHistory();
?>
<!doctype html public "-//w3c//dtd html 4.0 transitional//en">
<!-- Analysis Console for Incident Databases (ACID) <?php echo $ACID_VERSION; ?> -->
<HTML>
<HEAD>
<META name="Author" content="Roman Danyliw">
<META HTTP-EQUIV="pragma" CONTENT="no-cache">
<?php
PrintFreshPage($refresh_stat_page, $stat_page_refresh_time);
?>
<TITLE>Analysis Console for Intrusion Databases (ACID) </TITLE>
<LINK rel="stylesheet" type="text/css" href="acid_style.css">
</HEAD>
<BODY>
<TABLE WIDTH="100%" BORDER=0 CELLSPACING=0 CELLPADDING=5>
<TR>
<TD class="mainheader">   </TD>
<TD class="mainheadertitle">
<U>A</U>nalysis <U>C</U>onsole for <U>I</U>ntrusion <U>D</U>atabases
</TD>
</TR>
</TABLE>
<P><P>
<?php
if ( $debug_mode == 1 )
PrintPageHeader();
/* Check that PHP was built correctly */
$tmp_str = verify_php_build($DBtype);
if ( $tmp_str != "")
{
echo $tmp_str;
die();
}
/* Connect to the Alert database */
$db = NewACIDDBConnection($DBlib_path, $DBtype);
$db->acidDBConnect($db_connect_method,
$alert_dbname, $alert_host, $alert_port, $alert_user, $alert_password);
/* Check that the DB schema is recent */
$tmp_str = verify_db($db, $alert_dbname, $alert_host);
if ( $tmp_str != "")
{
echo $tmp_str;
die();
}
if ( $event_cache_auto_update == 1 ) UpdateAlertCache($db);
printf("<B>Queried on </B><FONT> : %s<BR>",date("D F d, Y H:i:s",time()));
printf("<B>Database:</B> %s (<B>schema version:</B> %d) \n<BR>\n",
($alert_dbname.'@'.$alert_host. ($alert_port != "" ? ':'.$alert_port : "") ),
$db->acidGetDBVersion() );
StartStopTime($start_time, $end_time, $db);
if ( $start_time != "" )
printf("<B>Time window:</B> [%s] - [%s]\n<P>\n", $start_time, $end_time);
else
printf("<B>Time window:</B> <I>no alerts detected</I>\n");
echo '<TABLE BORDER=1 WIDTH="100%">
<TR>
<TD WIDTH="30%" VALIGN=TOP>';
PrintGeneralStats($db, 0, $main_page_detail, "", "", true);
echo ' </TD>
<TD WIDTH="70%" VALIGN=TOP>
<B>Traffic Profile by Protocol</B>';
PrintProtocolProfileGraphs($db);
echo ' </TD>
</TR>
</TABLE>';
?>
<P>
<LI><B><A href="acid_qry_main.php?new=1">Search</A></B>
<LI><B><A href="acid_graph_main.php">Graph Alert data</A></B>
<P>
<LI><B>Snapshot</B>
<?php
$tmp_month = date("m");
$tmp_day = date("d");
$tmp_year = date("Y");
$today = '&time%5B0%5D%5B0%5D=+&time%5B0%5D%5B1%5D=%3D'.
'&time%5B0%5D%5B2%5D='.$tmp_month.
'&time%5B0%5D%5B3%5D='.$tmp_day.
'&time%5B0%5D%5B4%5D='.$tmp_year.
'&time%5B0%5D%5B5%5D=&time%5B0%5D%5B6%5D=&time%5B0%5D%5B7%5D='.
'&time%5B0%5D%5B8%5D=+&time%5B0%5D%5B9%5D=+';
$yesterday_year = date("Y", time()-86400);
$yesterday_month = date("m", time()-86400);
$yesterday_day = date ("d", time()-86400);
$yesterday_hour = date ("H", time()-86400);
$yesterday = '&time%5B0%5D%5B0%5D=+&time%5B0%5D%5B1%5D=>%3D'.
'&time%5B0%5D%5B2%5D='.$yesterday_month.
'&time%5B0%5D%5B3%5D='.$yesterday_day.
'&time%5B0%5D%5B4%5D='.$yesterday_year.
'&time%5B0%5D%5B5%5D='.$yesterday_hour.
'&time%5B0%5D%5B6%5D=&time%5B0%5D%5B7%5D='.
'&time%5B0%5D%5B8%5D=+&time%5B0%5D%5B9%5D=+';
$last72_year = date("Y", time()-86400*3);
$last72_month = date("m", time()-86400*3);
$last72_day = date ("d", time()-86400*3);
$last72_hour = date ("H", time()-86400*3);
$last72 = '&time%5B0%5D%5B0%5D=+&time%5B0%5D%5B1%5D=>%3D'.
'&time%5B0%5D%5B2%5D='.$last72_month.
'&time%5B0%5D%5B3%5D='.$last72_day.
'&time%5B0%5D%5B4%5D='.$last72_year.
'&time%5B0%5D%5B5%5D='.$last72_hour.
'&time%5B0%5D%5B6%5D=&time%5B0%5D%5B7%5D='.
'&time%5B0%5D%5B8%5D=+&time%5B0%5D%5B9%5D=+';
$tmp_24hour = 'acid_qry_main.php?new=1'.$yesterday.'&submit=Query+DB&num_result_rows=-1&time_cnt=1';
$tmp_24hour_unique = 'acid_stat_alerts.php?time_cnt=1'.$yesterday;
$tmp_24hour_sip = 'acid_stat_uaddr.php?addr_type=1&sort_order=occur_d&time_cnt=1'.$yesterday;
$tmp_24hour_dip = 'acid_stat_uaddr.php?addr_type=2&sort_order=occur_d&time_cnt=1'.$yesterday;
$tmp_72hour = 'acid_qry_main.php?new=1'.$last72.'&submit=Query+DB&num_result_rows=-1&time_cnt=1';
$tmp_72hour_unique = 'acid_stat_alerts.php?time_cnt=1'.$last72;
$tmp_72hour_sip = 'acid_stat_uaddr.php?addr_type=1&sort_order=occur_d&time_cnt=1'.$last72;
$tmp_72hour_dip = 'acid_stat_uaddr.php?addr_type=2&sort_order=occur_d&time_cnt=1'.$last72;
$tmp_today = 'acid_qry_main.php?new=1'.$today.'&submit=Query+DB&num_result_rows=-1&time_cnt=1';
$tmp_today_unique = 'acid_stat_alerts.php?time_cnt=1'.$today;
$tmp_sip = 'acid_stat_uaddr.php?addr_type=1&sort_order=occur_d&time_cnt=1'.$today;
$tmp_dip = 'acid_stat_uaddr.php?addr_type=2&sort_order=occur_d&time_cnt=1'.$today;
echo '
<TABLE WIDTH="100%" BORDER=0>
<TR>
<TD WIDTH="45%" VALIGN=TOP>
<BLOCKQUOTE>
<LI>Most recent <?php echo $last_num_alerts; ?> Alerts:
<A href="acid_qry_main.php?new=1&caller=last_any&num_result_rows=-1&submit=Last%20Any">any protocol</A>,
<A href="acid_qry_main.php?new=1&layer4=TCP&caller=last_tcp&num_result_rows=-1&submit=Last%20TCP">TCP</A>,
<A href="acid_qry_main.php?new=1&layer4=UDP&caller=last_udp&num_result_rows=-1&submit=Last%20UDP">UDP</A>,
<A href="acid_qry_main.php?new=1&layer4=ICMP&caller=last_icmp&num_result_rows=-1&submit=Last%20ICMP">ICMP</A>
<LI>Today\'s: alerts <A href="'.$tmp_today_unique.'">unique</A>,
<A href="'.$tmp_today.'">listing</A>;
IP <A href="'.$tmp_sip.'">src</A> / <A href="'.$tmp_dip.'">dst</A>
<LI>Last 24 Hours: alerts <A href="'.$tmp_24hour_unique.'">unique</A>,
<A href="'.$tmp_24hour.'">listing</A>;
IP <A href="'.$tmp_24hour_sip.'">src</A> / <A href="'.$tmp_24hour_dip.'">dst</A>
<LI>Last 72 Hours: alerts <A href="'.$tmp_72hour_unique.'">unique</A>,
<A href="'.$tmp_72hour.'">listing</A>;
IP <A href="'.$tmp_72hour_sip.'">src</A> / <A href="'.$tmp_72hour_dip.'">dst</A>';
?>
<LI>Most <A href="acid_stat_alerts.php?caller=last_alerts&sort_order=last_d">
recent <?php echo $last_num_ualerts; ?> Unique Alerts</A>
<P>
<LI>Last Source Ports:
<A href="acid_stat_ports.php?caller=last_ports&port_type=1&proto=-1&sort_order=last_d">
any
</A>,
<A href="acid_stat_ports.php?caller=last_ports&port_type=1&proto=6&sort_order=last_d">
TCP
</A>,
<A href="acid_stat_ports.php?caller=last_ports&port_type=1&proto=17&sort_order=last_d">
UDP
</A>
<LI>Last Destination Ports:
<A href="acid_stat_ports.php?caller=last_ports&port_type=2&proto=-1&sort_order=last_d">
any
</A>,
<A href="acid_stat_ports.php?caller=last_ports&port_type=2&proto=6&sort_order=last_d">
TCP
</A>,
<A href="acid_stat_ports.php?caller=last_ports&port_type=2&proto=17&sort_order=last_d">
UDP
</A>
<!-- <P>
<LI>Last IP addresses:
<A href="acid_stat_uaddr.php?caller=last_addr&addr_type=1&sort_order=last_d">source</A>
<A href="acid_stat_uaddr.php?caller=last_addr&addr_type=2&sort_order=last_d">destination</A>
-->
</BLOCKQUOTE>
</TD>
<TD WIDTH="45%" VALIGN=TOP>
<LI>Most <A href="acid_stat_alerts.php?caller=most_frequent&sort_order=occur_d">
frequent <?php echo $freq_num_alerts; ?> Alerts</A>
<P>
<LI>Most Frequent Source Ports:
<A href="acid_stat_ports.php?caller=most_frequent&port_type=1&proto=-1&sort_order=occur_d">
any
</A>,
<A href="acid_stat_ports.php?caller=most_frequent&port_type=1&proto=6&sort_order=occur_d">
TCP
</A>,
<A href="acid_stat_ports.php?caller=most_frequent&port_type=1&proto=17&sort_order=occur_d">
UDP
</A>
<LI>Most Frequent Destination Ports:
<A href="acid_stat_ports.php?caller=most_frequent&port_type=2&proto=-1&sort_order=occur_d">
any
</A>,
<A href="acid_stat_ports.php?caller=most_frequent&port_type=2&proto=6&sort_order=occur_d">
TCP
</A>,
<A href="acid_stat_ports.php?caller=most_frequent&port_type=2&proto=17&sort_order=occur_d">
UDP
</A>
<P>
<LI>Most frequent <?php echo $freq_num_uaddr; ?> addresses:
<A href="acid_stat_uaddr.php?caller=most_frequent&addr_type=1&sort_order=occur_d">source</A>,
<A href="acid_stat_uaddr.php?caller=most_frequent&addr_type=2&sort_order=occur_d">destination</A>
</TD>
<TD></TD>
</TR>
</TABLE>
<P>
<LI><FONT>Graph alert </FONT><A href="acid_stat_time.php">detection time</A>
</UL>
<FONT>
<P>
<LI><B>Alert Group (AG) <A href="acid_ag_main.php?ag_action=list">maintenance</A></B>
<LI><B>Application <A href="acid_maintenance.php">cache and status</A></B>
</FONT>
<?php
$stop = time();
if ( $debug_time_mode > 0 )
echo "<H3>[Loaded in ".($stop-$start)." seconds]</H3>";
?>
<P>
<TABLE WIDTH="100%" BORDER=0 CELLSPACING=0 CELLPADDING=5>
<TR>
<TD class="mainheader">
<?php
include("acid_footer.html");
?>
</TD>
</TR>
</TABLE>
</BODY>
</HTML>