From 21c699408b837907a4e876adc501bc8dc8df156e Mon Sep 17 00:00:00 2001 From: garnier-quentin Date: Mon, 30 Dec 2019 09:37:25 +0100 Subject: [PATCH] hardened cyberoam --- .../cyberoam/snmp/mode/components/service.pm | 75 +++++++++++-------- network/cyberoam/snmp/mode/services.pm | 21 +++--- 2 files changed, 52 insertions(+), 44 deletions(-) diff --git a/network/cyberoam/snmp/mode/components/service.pm b/network/cyberoam/snmp/mode/components/service.pm index 339d2db8c..11fbc9515 100644 --- a/network/cyberoam/snmp/mode/components/service.pm +++ b/network/cyberoam/snmp/mode/components/service.pm @@ -23,38 +23,38 @@ package network::cyberoam::snmp::mode::components::service; use strict; use warnings; -my %map_status = ( +my $map_status = { 1 => 'untouched', 2 => 'stopped', 3 => 'initializing', 4 => 'running', 5 => 'exiting', 6 => 'dead', 7 => 'unregistered', -); +}; my $mapping = { - pop3Service => { oid => '.1.3.6.1.4.1.21067.2.1.2.10.1', map => \%map_status, type => 'pop3' }, - imap4Service => { oid => '.1.3.6.1.4.1.21067.2.1.2.10.2', map => \%map_status, type => 'imap4' }, - smtpService => { oid => '.1.3.6.1.4.1.21067.2.1.2.10.3', map => \%map_status, type => 'smtp' }, - ftpService => { oid => '.1.3.6.1.4.1.21067.2.1.2.10.4', map => \%map_status, type => 'ftp' }, - httpService => { oid => '.1.3.6.1.4.1.21067.2.1.2.10.5', map => \%map_status, type => 'http' }, - avService => { oid => '.1.3.6.1.4.1.21067.2.1.2.10.6', map => \%map_status, type => 'av' }, - asService => { oid => '.1.3.6.1.4.1.21067.2.1.2.10.7', map => \%map_status, type => 'as' }, - dnsService => { oid => '.1.3.6.1.4.1.21067.2.1.2.10.8', map => \%map_status, type => 'dns' }, - haService => { oid => '.1.3.6.1.4.1.21067.2.1.2.10.9', map => \%map_status, type => 'ha' }, - idpService => { oid => '.1.3.6.1.4.1.21067.2.1.2.10.10', map => \%map_status, type => 'idp' }, - apacheService => { oid => '.1.3.6.1.4.1.21067.2.1.2.10.11', map => \%map_status, type => 'apache' }, - ntpService => { oid => '.1.3.6.1.4.1.21067.2.1.2.10.12', map => \%map_status, type => 'ntp' }, - tomcatService => { oid => '.1.3.6.1.4.1.21067.2.1.2.10.13', map => \%map_status, type => 'tomcat' }, - sslvpnService => { oid => '.1.3.6.1.4.1.21067.2.1.2.10.14', map => \%map_status, type => 'sslvpn' }, - DataBaseService => { oid => '.1.3.6.1.4.1.21067.2.1.2.10.15', map => \%map_status, type => 'database' }, - networkService => { oid => '.1.3.6.1.4.1.21067.2.1.2.10.16', map => \%map_status, type => 'network' }, - garnerService => { oid => '.1.3.6.1.4.1.21067.2.1.2.10.17', map => \%map_status, type => 'garner' }, - droutingService => { oid => '.1.3.6.1.4.1.21067.2.1.2.10.18', map => \%map_status, type => 'drouting' }, - sshdService => { oid => '.1.3.6.1.4.1.21067.2.1.2.10.19', map => \%map_status, type => 'sshd' }, - dgdService => { oid => '.1.3.6.1.4.1.21067.2.1.2.10.20', map => \%map_status, type => 'dgd' }, + pop3Service => { oid => '.1.3.6.1.4.1.21067.2.1.2.10.1', map => $map_status, type => 'pop3' }, + imap4Service => { oid => '.1.3.6.1.4.1.21067.2.1.2.10.2', map => $map_status, type => 'imap4' }, + smtpService => { oid => '.1.3.6.1.4.1.21067.2.1.2.10.3', map => $map_status, type => 'smtp' }, + ftpService => { oid => '.1.3.6.1.4.1.21067.2.1.2.10.4', map => $map_status, type => 'ftp' }, + httpService => { oid => '.1.3.6.1.4.1.21067.2.1.2.10.5', map => $map_status, type => 'http' }, + avService => { oid => '.1.3.6.1.4.1.21067.2.1.2.10.6', map => $map_status, type => 'av' }, + asService => { oid => '.1.3.6.1.4.1.21067.2.1.2.10.7', map => $map_status, type => 'as' }, + dnsService => { oid => '.1.3.6.1.4.1.21067.2.1.2.10.8', map => $map_status, type => 'dns' }, + haService => { oid => '.1.3.6.1.4.1.21067.2.1.2.10.9', map => $map_status, type => 'ha' }, + idpService => { oid => '.1.3.6.1.4.1.21067.2.1.2.10.10', map => $map_status, type => 'idp' }, + apacheService => { oid => '.1.3.6.1.4.1.21067.2.1.2.10.11', map => $map_status, type => 'apache' }, + ntpService => { oid => '.1.3.6.1.4.1.21067.2.1.2.10.12', map => $map_status, type => 'ntp' }, + tomcatService => { oid => '.1.3.6.1.4.1.21067.2.1.2.10.13', map => $map_status, type => 'tomcat' }, + sslvpnService => { oid => '.1.3.6.1.4.1.21067.2.1.2.10.14', map => $map_status, type => 'sslvpn' }, + DataBaseService => { oid => '.1.3.6.1.4.1.21067.2.1.2.10.15', map => $map_status, type => 'database' }, + networkService => { oid => '.1.3.6.1.4.1.21067.2.1.2.10.16', map => $map_status, type => 'network' }, + garnerService => { oid => '.1.3.6.1.4.1.21067.2.1.2.10.17', map => $map_status, type => 'garner' }, + droutingService => { oid => '.1.3.6.1.4.1.21067.2.1.2.10.18', map => $map_status, type => 'drouting' }, + sshdService => { oid => '.1.3.6.1.4.1.21067.2.1.2.10.19', map => $map_status, type => 'sshd' }, + dgdService => { oid => '.1.3.6.1.4.1.21067.2.1.2.10.20', map => $map_status, type => 'dgd' }, }; my $oid_serviceStats = '.1.3.6.1.4.1.21067.2.1.2.10'; sub load { my ($self) = @_; - + push @{$self->{request}}, { oid => $oid_serviceStats }; } @@ -68,21 +68,30 @@ sub check { my $result = $self->{snmp}->map_instance(mapping => $mapping, results => $self->{results}->{$oid_serviceStats}, instance => '0'); foreach (keys %{$mapping}) { + next if (!defined($result->{$_})); next if ($self->check_filter(section => 'service', instance => $mapping->{$_}->{type})); - + $self->{components}->{service}->{total}++; - - $self->{output}->output_add(long_msg => sprintf("service '%s' status is '%s' [instance: %s].", - $mapping->{$_}->{type}, $result->{$_}, - $mapping->{$_}->{type} - )); + + $self->{output}->output_add( + long_msg => sprintf( + "service '%s' status is '%s' [instance: %s].", + $mapping->{$_}->{type}, $result->{$_}, + $mapping->{$_}->{type} + ) + ); my $exit = $self->get_severity(label => 'default', section => 'service', instance => $mapping->{$_}->{type}, value => $result->{$_}); if (!$self->{output}->is_status(value => $exit, compare => 'ok', litteral => 1)) { - $self->{output}->output_add(severity => $exit, - short_msg => sprintf("service '%s' status is '%s'", - $mapping->{$_}->{type}, $result->{$_})); + $self->{output}->output_add( + severity => $exit, + short_msg => sprintf( + "service '%s' status is '%s'", + $mapping->{$_}->{type}, + $result->{$_} + ) + ); } } } -1; \ No newline at end of file +1; diff --git a/network/cyberoam/snmp/mode/services.pm b/network/cyberoam/snmp/mode/services.pm index f40ac0ab7..743f7f474 100644 --- a/network/cyberoam/snmp/mode/services.pm +++ b/network/cyberoam/snmp/mode/services.pm @@ -27,11 +27,11 @@ use warnings; sub set_system { my ($self, %options) = @_; - + $self->{regexp_threshold_overload_check_section_option} = '^(service)$'; - + $self->{cb_hook2} = 'snmp_execute'; - + $self->{thresholds} = { default => [ ['untouched', 'OK'], @@ -43,14 +43,14 @@ sub set_system { ['unregistered', 'OK'], ], }; - + $self->{components_path} = 'network::cyberoam::snmp::mode::components'; $self->{components_module} = ['service']; } sub snmp_execute { my ($self, %options) = @_; - + $self->{snmp} = $options{snmp}; $self->{results} = $self->{snmp}->get_multiple_table(oids => $self->{request}); } @@ -59,11 +59,10 @@ sub new { my ($class, %options) = @_; my $self = $class->SUPER::new(package => __PACKAGE__, %options, no_absent => 1, no_performance => 1); bless $self, $class; - - $options{options}->add_options(arguments => - { - }); - + + $options{options}->add_options(arguments => { + }); + return $self; } @@ -100,4 +99,4 @@ Example: --threshold-overload='service,imap4,OK,stopped' =back -=cut \ No newline at end of file +=cut