Merge branch 'ent-10744-mejorar-deteccion-de-os-con-nmap-mucho-mas-lento' into 'develop'

Remoced xprobe and modified nmap for better performance detecting OS See merge request artica/pandorafms!5797
2023-05-04 09:01:52 +00:00 · 2023-05-04 09:01:52 +00:00 · 038e21cf0c
parent 151358190c 829ed3e33a
commit 038e21cf0c
17 changed files with 26 additions and 218 deletions
--- a/extras/aditional_rpmspec/xprobe2-0.3.spec
+++ b/extras/aditional_rpmspec/xprobe2-0.3.spec
@ -1,73 +0,0 @@
 Name:   	xprobe2
 Version:	0.3
 Release:	2
 Summary:	Tool to detect OS remotely by TCP/IP fingerprinting
 License:	GPLv2
 Group:     Network/Security
 URL:       	http://xprobe.sourceforge.net/
 Packager:	Sancho Lerena <slerena@gmail.com>
 Source:		http://dl.sf.net/xprobe/xprobe2-%{version}.tar.gz
 BuildRoot:	%{_tmppath}/%{name}-%{version}
 Provides:	%{name}-%{version}
 Requires:	libpcap
 BuildRequires: 	gcc-c++ libpcap-devel
 #This is for SUSE build service, to avoid enforce FHS paths
 #!BuildIgnore:	  post-build-checks
 %description
 Xprobe is an alternative to some tools which are heavily dependent upon the
 usage of the TCP protocol for remote active operating system fingerprinting.
 Xprobe I combines various remote active operating system fingerprinting methods
 using the ICMP protocol, which were discovered during the "ICMP Usage in
 Scanning" research project, into a simple, fast, efficient and a powerful way
 to detect an underlying operating system a targeted host is using.
 Xprobe2 is an active operating system fingerprinting tool with a different
 approach to operating system fingerprinting. Xprobe2 rely on fuzzy signature
 matching, probabilistic guesses, multiple matches simultaneously, and a
 signature database. 
 %prep
 %setup 
 %build
 ./configure --with-libpcap-libraries=/usr/lib --with-libpcap-includes=/usr/include/pcap --mandir=%{_mandir} --disable-schemas-install
 make 
 %install
 make DESTDIR=$RPM_BUILD_ROOT install
 %clean
 rm -rf $RPM_BUILD_ROOT
 %post
 ln -s /usr/local/bin/xprobe2 /usr/bin
 %preun
 %postun
 %files
 %defattr(755,root,root)
 /usr/local/etc
 /usr/local/etc/xprobe2
 %defattr(644,root,root)
 %doc AUTHORS CHANGELOG COPYING CREDITS README TODO docs/*
 %doc /usr/share/man/man1/xprobe2.1.gz
 /usr/local/etc/xprobe2/xprobe2.conf
 %defattr(755,root,root)
 /usr/local/bin/xprobe2
 %changelog
 * Fri Dec 18 2009 Sancho Lerena <slerena@gmail.com> 3.2-2
 - A lot of changes to be ready for all RPM plattforms available on build.opensuse.org
 * Tue Dec 08 2009 Sancho Lerena <slerena@gmail.com> 3.2-1
 - First RPM Spec for SUSE Systems, based on CentOS Spec from Dag Wieers
--- a/extras/aditional_sources/xprobe2-0.3.diff.patch.README
+++ b/extras/aditional_sources/xprobe2-0.3.diff.patch.README
@ -1,62 +0,0 @@
 Get the original xprobe2-0.3 from Sourceforge:
 http://downloads.sourceforge.net/project/xprobe/xprobe2/Xprobe2%200.3/xprobe2-0.3.tar.gz
 Uncompress it under, for example /tmp/xprobe2-0.3 directory
 Copy the diff file at /tmp
 Execute the patch command:
 patch -p1 < ../xprobe2-0.3.diff.patch 
 This should look like:
 patching file CHANGELOG
 patching file config.status
 patching file configure
 patching file libs-external/USI++/src/config.h
 patching file libs-external/USI++/src/config.log
 patching file libs-external/USI++/src/config.status
 patching file libs-external/USI++/src/ip.cc
 patching file libs-external/USI++/src/Makefile
 patching file libs-external/USI++/src/misc.cc
 patching file libs-external/USI++/src/usi++/arp.h
 patching file libs-external/USI++/src/usi++/config.h
 patching file libs-external/USI++/src/usi++/datalink.h
 patching file libs-external/USI++/src/usi++/icmp.h
 patching file libs-external/USI++/src/usi++/if.h
 patching file libs-external/USI++/src/usi++/ip.h
 patching file libs-external/USI++/src/usi++/Layer2.h
 patching file libs-external/USI++/src/usi++/README
 patching file libs-external/USI++/src/usi++/RX.h
 patching file libs-external/USI++/src/usi++/tcp.h
 patching file libs-external/USI++/src/usi++/TX.h
 patching file libs-external/USI++/src/usi++/TX_IP.h
 patching file libs-external/USI++/src/usi++/udp.h
 patching file libs-external/USI++/src/usi++/usi++
 patching file libs-external/USI++/src/usi++/usi++.h
 patching file libs-external/USI++/src/usi++/usi-structs.h
 patching file libs-external/USI++/usi++/config.h
 patching file libs-external/USI++/usi++/tcp.h
 patching file Makefile
 patching file src/config.h
 patching file src/defines.h
 patching file src/Makefile
 patching file src/xplib/Makefile
 patching file src/xpmodules/alive_probe/Makefile
 patching file src/xpmodules/alive_probe/portscanner/Makefile
 patching file src/xpmodules/alive_probe/ttl_calc/Makefile
 patching file src/xpmodules/Makefile
 patching file src/xpmodules/os_probe/icmp_addrmask/Makefile
 patching file src/xpmodules/os_probe/icmp_echo_id/Makefile
 patching file src/xpmodules/os_probe/icmp_inforeq/Makefile
 patching file src/xpmodules/os_probe/icmp_port_unreach/Makefile
 patching file src/xpmodules/os_probe/icmp_timestamp/Makefile
 patching file src/xpmodules/os_probe/Makefile
 patching file src/xpmodules/os_probe/smb/Makefile
 patching file src/xpmodules/os_probe/snmp/Makefile
 patching file src/xpmodules/os_probe/tcp_handshake/Makefile
 patching file src/xpmodules/os_probe/tcp_rst/Makefile
 Your patched code is now ready to be used.
--- a/extras/deploy-scripts/pandora_deploy_community.sh
+++ b/extras/deploy-scripts/pandora_deploy_community.sh
@ -300,7 +300,6 @@ server_dependencies=" \
    bind-utils \
    whois \
    cpanminus \
    http://firefly.artica.es/centos7/xprobe2-0.3-12.2.x86_64.rpm \
    http://firefly.artica.es/centos7/wmic-1.4-1.el7.x86_64.rpm \
    https://firefly.artica.es/centos7/pandorawmic-1.0.0-1.x86_64.rpm"
 execute_cmd "yum install -y $server_dependencies" "Installing Pandora FMS Server dependencies"
@ -328,7 +327,6 @@ execute_cmd "yum install -y $oracle_dependencies || yum reinstall -y $oracle_dep
 #ipam dependencies
 ipam_dependencies=" \
    http://firefly.artica.es/centos7/xprobe2-0.3-12.2.x86_64.rpm \
    perl(NetAddr::IP) \
    perl(Sys::Syslog) \
    perl(DBI) \
--- a/extras/deploy-scripts/pandora_deploy_community_el8.sh
+++ b/extras/deploy-scripts/pandora_deploy_community_el8.sh
@ -357,7 +357,6 @@ server_dependencies=" \
    java \
    bind-utils \
    whois \
    http://firefly.artica.es/centos7/xprobe2-0.3-12.2.x86_64.rpm \
    http://firefly.artica.es/centos7/wmic-1.4-1.el7.x86_64.rpm \
    https://firefly.artica.es/centos8/pandorawmic-1.0.0-1.x86_64.rpm"
 execute_cmd "dnf install -y $server_dependencies" "Installing Pandora FMS Server dependencies"
@ -385,7 +384,6 @@ execute_cmd "dnf install -y $oracle_dependencies" "Installing Oracle Instant cli
 #ipam dependencies
 ipam_dependencies=" \
    http://firefly.artica.es/centos7/xprobe2-0.3-12.2.x86_64.rpm \
    perl(NetAddr::IP) \
    perl(Sys::Syslog) \
    perl(DBI) \
--- a/extras/deploy-scripts/pandora_deploy_community_ubuntu_2204.sh
+++ b/extras/deploy-scripts/pandora_deploy_community_ubuntu_2204.sh
@ -253,7 +253,6 @@ server_dependencies=" \
 	openssh-client \
 	postfix \
 	unzip \
 	xprobe \
 	coreutils \
 	libio-compress-perl \
 	libmoosex-role-timer-perl \
@ -358,7 +357,6 @@ source '/root/.profile' &>> "$LOGFILE"
 #ipam dependencies
 ipam_dependencies=" \
    xprobe \
    libnetaddr-ip-perl \
    coreutils \
    libdbd-mysql-perl \
--- a/extras/docker/centos8/base/Dockerfile
+++ b/extras/docker/centos8/base/Dockerfile
@ -125,7 +125,6 @@ RUN dnf install -y --setopt=tsflags=nodocs \
    bind-utils \
    whois \
    libnsl \
    http://firefly.artica.es/centos7/xprobe2-0.3-12.2.x86_64.rpm \
    http://firefly.artica.es/centos7/wmic-1.4-1.el7.x86_64.rpm \
    https://firefly.artica.es/centos8/pandorawmic-1.0.0-1.x86_64.rpm ; dnf clean all
@ -136,7 +135,7 @@ RUN dnf install -y http://firefly.artica.es/centos8/perl-Crypt-OpenSSL-AES-0.02-
 # Instant client Oracle
 RUN dnf install -y https://download.oracle.com/otn_software/linux/instantclient/19800/oracle-instantclient19.8-basic-19.8.0.0.0-1.x86_64.rpm https://download.oracle.com/otn_software/linux/instantclient/19800/oracle-instantclient19.8-sqlplus-19.8.0.0.0-1.x86_64.rpm
 # Install IPAM dependencies
-RUN dnf install -y http://firefly.artica.es/centos7/xprobe2-0.3-12.2.x86_64.rpm "perl(NetAddr::IP)" "perl(Sys::Syslog)" "perl(DBI)" "perl(XML::Simple)" "perl(Geo::IP)" "perl(IO::Socket::INET6)" "perl(XML::Twig)" "perl(DBD::mysql)" --setopt=tsflags=nodocs
+RUN dnf install -y "perl(NetAddr::IP)" "perl(Sys::Syslog)" "perl(DBI)" "perl(XML::Simple)" "perl(Geo::IP)" "perl(IO::Socket::INET6)" "perl(XML::Twig)" "perl(DBD::mysql)" --setopt=tsflags=nodocs
 EXPOSE 80 443 41121 162/udp
--- a/pandora_server/DEBIAN/control
+++ b/pandora_server/DEBIAN/control
@ -6,5 +6,5 @@ Section: admin
 Installed-Size: 640
 Maintainer: ÁRTICA ST <info@artica.es>
 Homepage: http://pandorafms.org/
-Depends: perl (>= 5.8), libdbi-perl, libdbd-mysql-perl, libtime-format-perl, libnetaddr-ip-perl, libtime-format-perl, libxml-simple-perl, libxml-twig-perl, libhtml-parser-perl, snmp, snmpd, traceroute, xprobe2, nmap, sudo, libwww-perl, libsocket6-perl, libio-socket-inet6-perl, libio-socket-ssl-perl, snmp-mibs-downloader, libjson-perl, libnet-telnet-perl, libencode-locale-perl, libgeo-ip-perl
+Depends: perl (>= 5.8), libdbi-perl, libdbd-mysql-perl, libtime-format-perl, libnetaddr-ip-perl, libtime-format-perl, libxml-simple-perl, libxml-twig-perl, libhtml-parser-perl, snmp, snmpd, traceroute, nmap, sudo, libwww-perl, libsocket6-perl, libio-socket-inet6-perl, libio-socket-ssl-perl, snmp-mibs-downloader, libjson-perl, libnet-telnet-perl, libencode-locale-perl, libgeo-ip-perl
 Description: Pandora FMS is a monitoring system for big IT environments. It uses remote tests, or local agents to grab information. Pandora supports all standard OS (Linux, AIX, HP-UX, Solaris and Windows XP,2000/2003), and support multiple setups in HA enviroments. This is the server package. Server makes the remote checks and process information transfer by Pandora FMS agents to the server.
--- a/pandora_server/FreeBSD/pandora_server.conf.new
+++ b/pandora_server/FreeBSD/pandora_server.conf.new
@ -242,13 +242,6 @@ mta_address localhost
 # Set 0 if want eMail deliver shared mail by all destination.
 mail_in_separate 1
 # xprobe2: Optional package to detect OS types using advanced TCP/IP 
 # fingerprinting tecniques, much more accurates than stadard nmap.
 # If not provided, nmap is used insted xprobe2
 xprobe2 /usr/local/bin/xprobe2
 # nmap: If provided, is used to detect OS type with recon server using 
 # advanded OS fingerprint technique. Xprobe2 gives more accurate results
 # Nmap is also used to do TCP port scanning in detected host.
--- a/pandora_server/NetBSD/pandora_server.conf.new
+++ b/pandora_server/NetBSD/pandora_server.conf.new
@ -238,13 +238,6 @@ mta_address localhost
 # Set 0 if want eMail deliver shared mail by all destination.
 mail_in_separate 1
 # xprobe2: Optional package to detect OS types using advanced TCP/IP 
 # fingerprinting tecniques, much more accurates than stadard nmap.
 # If not provided, nmap is used insted xprobe2
 xprobe2 /usr/local/bin/xprobe2
 # nmap: If provided, is used to detect OS type with recon server using 
 # advanded OS fingerprint technique. Xprobe2 gives more accurate results
 # Nmap is also used to do TCP port scanning in detected host.
--- a/pandora_server/conf/pandora_server.conf.new
+++ b/pandora_server/conf/pandora_server.conf.new
@ -302,13 +302,6 @@ dataserver_threads 1
 # Set 0 if want eMail deliver shared mail by all destination.
 mail_in_separate 1
 # xprobe2: Optional package to detect OS types using advanced TCP/IP 
 # fingerprinting tecniques, much more accurates than stadard nmap.
 # If not provided, nmap is used insted xprobe2
 xprobe2 /usr/bin/xprobe2
 # nmap: If provided, is used to detect OS type with recon server using 
 # advanded OS fingerprint technique. Xprobe2 gives more accurate results
 # Nmap is also used to do TCP port scanning in detected host.
--- a/pandora_server/conf/pandora_server.conf.windows
+++ b/pandora_server/conf/pandora_server.conf.windows
@ -252,12 +252,6 @@ dataserver_threads 2
 #mta_encryption none
 # xprobe2: Optional package to detect OS types using advanced TCP/IP 
 # fingerprinting tecniques, much more accurates than stadard nmap.
 # If not provided, nmap is used insted xprobe2
 #xprobe2 c:\pandora_server\bin\xprobe2
 # nmap: If provided, is used to detect OS type with recon server using 
 # advanded OS fingerprint technique. Xprobe2 gives more accurate results
 # Nmap is also used to do TCP port scanning in detected host.
--- a/pandora_server/conf/pandora_server_sec.conf.template
+++ b/pandora_server/conf/pandora_server_sec.conf.template
@ -302,13 +302,6 @@ dataserver_threads 1
 # Set 0 if want eMail deliver shared mail by all destination.
 mail_in_separate 1
 # xprobe2: Optional package to detect OS types using advanced TCP/IP 
 # fingerprinting tecniques, much more accurates than stadard nmap.
 # If not provided, nmap is used insted xprobe2
 xprobe2 /usr/bin/xprobe2
 # nmap: If provided, is used to detect OS type with recon server using 
 # advanded OS fingerprint technique. Xprobe2 gives more accurate results
 # Nmap is also used to do TCP port scanning in detected host.
--- a/pandora_server/lib/PandoraFMS/Config.pm
+++ b/pandora_server/lib/PandoraFMS/Config.pm
@ -371,9 +371,6 @@ sub pandora_load_config {
 	# SNMP enterprise retries (for braa)
 	$pa_config->{"braa_retries"} = 3; # 5.0
 	# Xprobe2 for recon OS fingerprinting and tcpscan (optional)
 	$pa_config->{"xprobe2"} = "/usr/bin/xprobe2";
 	# Winexe allows to exec commands on remote windows systems (optional)
 	$pa_config->{"winexe"} = "/usr/bin/winexe";
@ -927,9 +924,6 @@ sub pandora_load_config {
 		elsif ($parametro =~ m/^braa_retries\s+([0-9]*)/i) {
 			$pa_config->{"braa_retries"} = clean_blank($1);
 		}
 		elsif ($parametro =~ m/^xprobe2\s(.*)/i) {
 			$pa_config->{'xprobe2'}= clean_blank($1); 
 		}
 		elsif ($parametro =~ m/^winexe\s(.*)/i) {
 			$pa_config->{'winexe'}= clean_blank($1);
 		}
--- a/pandora_server/lib/PandoraFMS/Core.pm
+++ b/pandora_server/lib/PandoraFMS/Core.pm
@ -6671,40 +6671,40 @@ sub pandora_get_os ($$) {
 		return 10;
 	}
-	if ($os =~ m/Windows/i) {
+	if ($os =~ m/Windows.*?(?=\(\d+%\))/i) {
 		return 9;
 	}
-	if ($os =~ m/Cisco/i) {
+	if ($os =~ m/Cisco.*?(?=\(\d+%\))/i) {
 		return 7;
 	}
-	if ($os =~ m/SunOS/i || $os =~ m/Solaris/i) {
+	if ($os =~ m/SunOS.*?(?=\(\d+%\))/i || $os =~ m/Solaris.*?(?=\(\d+%\))/i) {
 		return 2;
 	}
-	if ($os =~ m/AIX/i) {
+	if ($os =~ m/AIX.*?(?=\(\d+%\))/i) {
 		return 3;
 	}
-	if ($os =~ m/HP\-UX/i) {
+	if ($os =~ m/HP\-UX.*?(?=\(\d+%\))/i) {
 		return 5;
 	}
-	if ($os =~ m/Apple/i || $os =~ m/Darwin/i) {
+	if ($os =~ m/Apple.*?(?=\(\d+%\))/i || $os =~ m/Darwin.*?(?=\(\d+%\))/i) {
 		return 8;
 	}
-	if ($os =~ m/Linux/i) {
+	if ($os =~ m/Linux.*?(?=\(\d+%\))/i) {
 		return 1;
 	}
-	if ($os =~ m/Enterasys/i || $os =~ m/3com/i) {
+	if ($os =~ m/Enterasys.*?(?=\(\d+%\))/i || $os =~ m/3com.*?(?=\(\d+%\))/i) {
 		return 11;
 	}
-	if ($os =~ m/Octopods/i) {
+	if ($os =~ m/Octopods.*?(?=\(\d+%\))/i) {
 		return 13;
 	}
-	if ($os =~ m/embedded/i) {
+	if ($os =~ m/embedded.*?(?=\(\d+%\))/i) {
 		return 14;
 	}
-	if ($os =~ m/android/i) {
+	if ($os =~ m/android.*?(?=\(\d+%\))/i) {
 		return 15;
 	}
-	if ($os =~ m/BSD/i) {
+	if ($os =~ m/BSD.*?(?=\(\d+%\))/i) {
 		return 4;
 	}
--- a/pandora_server/lib/PandoraFMS/DiscoveryServer.pm
+++ b/pandora_server/lib/PandoraFMS/DiscoveryServer.pm
@ -407,7 +407,7 @@ sub exec_recon_script ($$$) {
 }
 ################################################################################
-# Guess the OS using xprobe2 or nmap.
+# Guess the OS using nmap.
 ################################################################################
 sub PandoraFMS::Recon::Base::guess_os($$;$) {
  my ($self, $device, $string_flag) = @_;
@ -426,26 +426,18 @@ sub PandoraFMS::Recon::Base::guess_os($$;$) {
    return OS_SWITCH if ($device_type eq 'switch');
    return OS_OTHER;
  }
  # Use xprobe2 if available
  if (-x $self->{'pa_config'}->{'xprobe2'}) {
    my $return = `"$self->{pa_config}->{xprobe2}" $device 2>$DEVNULL`;
    if ($? == 0) {
      if($return =~ /Running OS:(.*)/) {
        my $str_os = $1;
        return $str_os if is_enabled($string_flag);
        return pandora_get_os($self->{'dbh'}, $str_os);
      }
    }
  }
  # Use nmap by default
  if (-x $self->{'pa_config'}->{'nmap'}) {
-    my $return = `"$self->{pa_config}->{nmap}" -F -O $device 2>$DEVNULL`;
+    my $return = `"$self->{pa_config}->{nmap}" -sSU -T5 -F -O --osscan-limit $device 2>$DEVNULL`;
    return OS_OTHER if ($? != 0);
-
+    my $str_os;
-    if ($return =~ /Aggressive OS guesses:\s*(.*)/) {
+    if ($return =~ /Aggressive OS guesses:\s*(.*)|OS details:\s(.*)/) {
-      my $str_os = $1;
+      if($1 ne "") {
        $str_os = $1;
      } else {
        $str_os = $2;
      }
      return $str_os if is_enabled($string_flag);
      return pandora_get_os($self->{'dbh'}, $str_os);
    }
--- a/pandora_server/pandora_server_installer
+++ b/pandora_server/pandora_server_installer
@ -214,7 +214,7 @@ install () {
 			echo "The complete installation guide is at: https://pandorafms.com/docs/"
 			echo " "
 			echo "Debian-based distribution do:"
-			echo "	# apt-get install snmp snmpd libjson-perllibio-socket-inet6-perl libsocket6-perl libxml-simple-perl libxml-twig-perl libnetaddr-ip-perl libdbi-perl libnetaddr-ip-perl libhtml-parser-perl wmi-client xprobe2 snmp-mibs-downloader"
+			echo "	# apt-get install snmp snmpd libjson-perllibio-socket-inet6-perl libsocket6-perl libxml-simple-perl libxml-twig-perl libnetaddr-ip-perl libdbi-perl libnetaddr-ip-perl libhtml-parser-perl wmi-client snmp-mibs-downloader"
 			echo " "
 			echo "For CentOS / RHEL do: "
 			echo " "
@ -226,13 +226,13 @@ install () {
 	perl-HTML-Encoding perl-HTML-Tree perl-NetAddr-IP perl-IO-Socket-INET6 perl-Socket6
 	perl-TimeDate perl-XML-Simple perl-XML-Twig perl-libwww-perl mysql-client"
 			echo " "
-			echo "	You also will need to install (optionally) xprobe2 and wmiclient from rpm (download from our website)"
+			echo "	You also will need to install (optionally) wmiclient from rpm (download from our website)"
 			echo " "
 			echo "For FreeBSD do : "
 			echo " "
 			echo "  Install following tools from ports or packages."
 			echo "  Recommended: p5-DBI p5-NetAddr-IP p5-XML-Simple p5-XML-Twig p5-HTML-Parser p5-DBD-mysql p5-Socket6 p5-IO-Socket-INET6 p5-JSON"
-			echo "  Optional: nmap xprobe"
+			echo "  Optional: nmap"
 			echo " "
 			echo "  And install Geo::IP manually."
 			echo " "
--- a/tests/Dockerfile
+++ b/tests/Dockerfile
@ -54,7 +54,6 @@ RUN dnf install -y vim wget bzip2 curl && \
    php-zip \
    php-xmlrpc \
    nmap \
    xprobe2 \
    mysql-server \
    mysql \
    htop \
@ -76,7 +75,6 @@ RUN dnf install -y vim wget bzip2 curl && \
    perl-IO-Socket-SSL \
    nmap \
    sudo \
    xprobe2 \
    make \
    perl-CPAN \
    perl-JSON \