tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

2008-07-02 Sancho Lerena <slerena@gmail.com> 

* pandora_wmi: Finished first functional version. Uses wmic from
	samba project (Ubuntu has in official repos). This is a first 
	functional prototype, not to be tested on production sites.

	* pandora_plugin: fixed some bad strings.



git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@923 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
This commit is contained in:
slerena 2008-07-02 19:41:06 +00:00
parent 8a9672dd27
commit 05d157744e
3 changed files with 347 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
pandora_server/ChangeLog
View File

@ -1,3 +1,11 @@
2008-07-02 Sancho Lerena <slerena@gmail.com>
* pandora_wmi: Finished first functional version. Uses wmic from
samba project (Ubuntu has in official repos). This is a first
functional prototype, not to be tested on production sites.
* pandora_plugin: fixed some bad strings.
2008-06-30 Sancho Lerena <slerena@gmail.com> 2008-06-30 Sancho Lerena <slerena@gmail.com>
* util/plugin/udp_nmap_plugin.sh: Added UDP port check plugin * util/plugin/udp_nmap_plugin.sh: Added UDP port check plugin

6
pandora_server/bin/pandora_plugin
View File

@ -117,9 +117,9 @@ sub pandora_shutdown {
} }
########################################################################## ##########################################################################
# SUB pandora_network_subsystem # SUB pandora_plugin_consumer_subsystem
# Subsystem to process network modules # Subsystem to process Plugin modules
# This module runs each X seconds (server threshold) checking for network modules status # This module runs each X seconds (server threshold) checking for Plugin modules status
########################################################################## ##########################################################################
sub pandora_plugin_consumer ($$) { sub pandora_plugin_consumer ($$) {
my $pa_config = $_[0]; my $pa_config = $_[0];

363
pandora_server/bin/pandora_wmi
View File

@ -57,28 +57,45 @@ pandora_loadconfig (\%pa_config, 6);
# Audit server starting # Audit server starting
pandora_audit (\%pa_config, "Pandora FMS WMI server starting", "SYSTEM", "System"); pandora_audit (\%pa_config, "Pandora FMS WMI server starting", "SYSTEM", "System");
print " [*] Starting up plugin threads\n"; # Daemonize and put in background
if ( $pa_config{"daemon"} eq "1" ){
if ($pa_config{"quiet"} eq "0"){
print " [*] Backgrounding Pandora FMS WMI Server process.\n\n";
}
&pandora_daemonize ( \%pa_config);
}
die ("hasta aqui hemos llegado"); # Launch now all WMI server threads
for (my $i=0; $i < $pa_config{'wmi_threads'}; $i++){
threads->new( \&pandora_wmi_consumer, \%pa_config, $i);
}
# This is a prototype, not real code !!! # Launch now the producer thread
threads->new( \&pandora_wmi_producer, \%pa_config);
# Basic Skeleton to exec a WMI call remotely # Last thread is the main process (this process)
if ($pa_config{"quiet"} == 0){
print " [*] All threads loaded and running \n\n";
}
# Start Pandora FMS loggin
pandora_startlog (\%pa_config);
$Win32::OLE::Warn = 3; my $dbhost = $pa_config{'dbhost'};
my $dbname = $pa_config{'dbname'};
my $dbh = DBI->connect("DBI:mysql:$dbname:$dbhost:3306",
$pa_config{'dbuser'},
$pa_config{'dbpass'},
{ RaiseError => 1, AutoCommit => 1 });
my $wmipath = "root\\cimv2"; # Server keepalive thread running in main thread on a infinite loop
my $user = "administrador"; # if ADO needs DOMAIN\user while (1) {
my $pwd = "none"; pandora_serverkeepaliver (\%pa_config, 6, $dbh);
my $computer = "192.168.50.121"; threads->yield;
sleep ($pa_config{"server_threshold"});
}
my $wmiwebloc = Win32::OLE->new('WbemScripting.SWbemLocator') ||
die "Cannot access WMI on local machine: ", Win32::OLE->LastError;
my $wmi = $wmiwebloc->ConnectServer($computer,$wmipath,$user,$pwd);
# New samples # New samples
@ -110,19 +127,6 @@ my $wmi = $wmiwebloc->ConnectServer($computer,$wmipath,$user,$pwd);
# DatagramsSentPersec # DatagramsSentPersec
# SELECT * from Win32_PerfFormattedData_Tcpip_IP # SELECT * from Win32_PerfFormattedData_Tcpip_IP
my $colItems = $wmi->ExecQuery ("SELECT State FROM Win32_Service WHERE Name = 'Eventlog'");
foreach my $objItem (in $colItems){
print $objItem->{State};
print "\n";
}
# get all the service objects
my @services = in $wmi->InstancesOf("Win32_Service");
# Take 10 first services
for (my $a=0;$a<10;$a++){
print "Service ", $services[$a]->Name, " is ", $services[$a]->Status, "\n";
}
#------------------------------------------------------------------------------------ #------------------------------------------------------------------------------------
#------------------------------------------------------------------------------------ #------------------------------------------------------------------------------------
#------------------------------------------------------------------------------------ #------------------------------------------------------------------------------------
@ -142,3 +146,308 @@ sub pandora_shutdown {
0, 4, 0, 0, "system", $dbh); 0, 4, 0, 0, "system", $dbh);
exit; exit;
} }
##########################################################################
# SUB pandora_wmi_consumer subsystem
# Subsystem to process WMI modules
# This module runs each X seconds (server threshold) checking for WMI modules status
##########################################################################
sub pandora_wmi_consumer ($$) {
my $pa_config = $_[0];
my $thread_id = $_[1];
if ($pa_config->{"quiet"} == 0){
print " [*] Starting up WMI Consumer Thread # $thread_id \n";
}
my $data_id_agent_module;
# Create Database handler
my $dbh = DBI->connect("DBI:mysql:$pa_config->{'dbname'}:$pa_config->{'dbhost'}:3306", $pa_config->{'dbuser'}, $pa_config->{'dbpass'}, { RaiseError => 1, AutoCommit => 1 });
my $counter =0;
LOOP: while (1) {
if ($counter > 10) {
threads->yield;
sleep (1);
$counter = 0;
}
# Take the first element on the shared queue
# Insert this element on the current task hash
{
lock $queue_lock;
if (scalar(@pending_task) == 0){
$counter++;
next LOOP;
}
$data_id_agent_module = shift(@pending_task);
delete($pending_task_hash{$data_id_agent_module});
$current_task_hash{$data_id_agent_module}=1;
}
eval {
exec_wmi_module ($pa_config, $data_id_agent_module, $dbh);
};
if ($@){
logger ($pa_config, "[ERROR] WMI Task for module $data_id_agent_module causes a system exception", 0);
logger ($pa_config, "ERROR Code: $@", 1);
}
# Remove from queue. If catch an error, probably data is
# not been processed, but has been freed from task queue
{
lock $queue_lock;
delete ($current_task_hash {$data_id_agent_module} );
}
$counter = 0;
threads->yield;
}
}
sub pandora_wmi_producer ($) {
my $pa_config = $_[0];
print " [*] Starting up WMI Producer Thread ...\n";
my $dbh = DBI->connect("DBI:mysql:$pa_config->{'dbname'}:$pa_config->{'dbhost'}:3306", $pa_config->{'dbuser'}, $pa_config->{'dbpass'}, { RaiseError => 1, AutoCommit => 1 });
my $server_id = $pa_config->{'server_id'};
# Initialize variables for posterior usage
my $query1;
my @sql_data1;
my $data_id_agente_modulo;
my $data_flag;
my $exec_sql1;
while (1) {
if ($pa_config->{"pandora_master"} != 1) {
# Query for normal server, not MASTER server
$query1 = "SELECT
tagente_modulo.id_agente_modulo,
tagente_modulo.flag
FROM
tagente, tagente_modulo, tagente_estado
WHERE
id_wmi_server = $server_id
AND
tagente_modulo.id_agente = tagente.id_agente
AND
tagente.disabled = 0
AND
tagente_modulo.id_modulo = 6
AND
tagente_modulo.disabled = 0
AND
tagente_estado.id_agente_modulo = tagente_modulo.id_agente_modulo
AND (
(tagente_estado.last_execution_try + tagente_estado.current_interval) < UNIX_TIMESTAMP()
OR
tagente_modulo.flag = 1
)
ORDER BY
last_execution_try ASC ";
} else {
# Query for MASTER SERVER !
$query1 = "SELECT
DISTINCT(tagente_modulo.id_agente_modulo), tagente_modulo.flag
FROM
tagente, tagente_modulo, tagente_estado, tserver
WHERE
( (tagente.id_wmi_server = $server_id AND tagente_modulo.id_agente = tagente.id_agente) OR
(tagente.id_wmi_server != $server_id AND tagente_modulo.id_agente = tagente.id_agente AND tagente.id_plugin_server = tserver.id_server AND tserver.status = 0)
) AND
tagente.disabled = 0
AND
tagente_modulo.disabled = 0
AND
tagente_modulo.id_modulo = 6
AND
tagente_estado.id_agente_modulo = tagente_modulo.id_agente_modulo
AND
((tagente_estado.last_execution_try + tagente_estado.current_interval) < UNIX_TIMESTAMP() OR tagente_modulo.flag = 1 )
ORDER BY last_execution_try ASC";
}
$exec_sql1 = $dbh->prepare($query1);
$exec_sql1 ->execute;
while (@sql_data1 = $exec_sql1->fetchrow_array()) {
$data_id_agente_modulo = $sql_data1[0];
$data_flag = $sql_data1[1];
# Skip modules already queued
if ((!defined($pending_task_hash{$data_id_agente_modulo})) &&
(!defined($current_task_hash{$data_id_agente_modulo}))) {
if ($data_flag == 1){
$dbh->do("UPDATE tagente_modulo SET flag = 0 WHERE id_agente_modulo = $data_id_agente_modulo")
}
# Locking scope, do not remove redundant { }
{
lock $queue_lock;
push (@pending_task, $data_id_agente_modulo);
$pending_task_hash {$data_id_agente_modulo}=1;
}
}
}
$exec_sql1->finish();
threads->yield;
sleep($pa_config->{"server_threshold"});
} # Main loop
}
##########################################################################
# SUB exec_wmi_module (paconfig, id_agente_modulo, dbh )
# Execute WMI module task
##########################################################################
sub exec_wmi_module {
my $pa_config = $_[0];
my $id_am = $_[1];
my $dbh = $_[2];
# Set global variables for this sub
my $timeout = $pa_config->{'plugin_timeout'};
my $agent_module; # hash container for tagente_modulo record
# Get a full hash for agent_plugin record reference ($agent_module)
my $query_sql = "SELECT * FROM tagente_modulo WHERE id_agente_modulo = $id_am";
my $exec_sql = $dbh->prepare($query_sql);
$exec_sql ->execute;
$agent_module = $exec_sql->fetchrow_hashref;
# Calculate min timeout for this call
if ($agent_module->{'max_timeout'} < $timeout){
$timeout = $agent_module->{'max_timeout'};
}
# Initialize another global sub variables.
my $agent_name = dame_agente_nombre ($pa_config, $agent_module->{'id_agente'}, $dbh);
my $module_result = 1; # Fail by default
my $module_data = 0; # 0 data for default
my $module_interval = 0;
# Build execution command to plugin
my $exec_output = "";
my $wmi_command = "wmic ";
# Sample exec: wmic -U Administrador%none //192.168.50.123 "SELECT State FROM Win32_Service WHERE Name = \"Eventlog\""
# This returns several lines that needs to be processed
# OM Win32_Service WHERE Name = \"Eventlog\""
# CLASS: Win32_Service
# Name|State
# Eventlog|Running
my $wmi_query = $agent_module->{'snmp_oid'};
$wmi_query =~ s/&quot;/\"/g;
$wmi_query =~ s/\"/\\\"/g;
$wmi_command = $wmi_command . " -U ". $agent_module->{'plugin_user'} ."%". $agent_module->{'plugin_pass'};
$wmi_command = $wmi_command . " //". $agent_module->{'ip_target'};
$wmi_command = $wmi_command . " \"". $wmi_query . "\"";
logger ($pa_config, "Executing AM # $id_am WMI command '$wmi_command'", 9);
eval {
alarm ($timeout);
$module_data = `$wmi_command`;
my @data = split("\n", $module_data);
my @data2 = split(/\|/, $data[2]); # get third line (containing data)
# Take a specific field number from returned data. It uses tcp_port
# field from tagente_module table.
$module_data = $data2[$agent_module -> {'tcp_port'}];
alarm(0); # Cancel the pending alarm if plugin call returns alive
# Look for errors
if ($module_data =~ /ERROR/) {
$module_result = 1;
} else {
$module_result = 0; # If comes here, this is a successfull exec
}
# Special word to know is something is OK or not,
# for example "Running". Defined by user in console. It uses snmp_community
# field from tagente_modulo.
if ($agent_module -> {'snmp_community'} ne ""){
my $temp_filter1 = $agent_module -> {'snmp_community'};
if ($module_data =~ /$temp_filter1/){
$module_data = 1;
} else {
$module_data = 0;
}
}
};
# Timeout
if ($@ =~ /PANDORA WMI SERVER TIMED OUT/) {
logger ($pa_config, "[ERROR] WMI Task for module ".$agent_module->{'id_agente_modulo'}." causes a system timeout in exec", 1);
logger ($pa_config, "Executing WMI command '$wmi_command'", 9);
# General error, not timed-out
} elsif ($module_result == 1) {
logger ($pa_config, "[ERROR] Plugin Task for module ".$agent_module->{'id_agente_modulo'}." causes an unknown system error", 1);
logger ($pa_config, "[ERROR] $@", 1);
}
sub timed_out {
die "PANDORA WMI SERVER TIMED OUT";
}
# Get current timestamp
my $timestamp = &UnixDate("today","%Y-%m-%d %H:%M:%S");
my $utimestamp = &UnixDate("today","%s");
# If module execution get a valid value
if ($module_result == 0) {
my %part;
$part{'name'}[0] = $agent_module->{'nombre'};
$part{'description'}[0] = "";
$part{'data'}[0] = $module_data;
my $tipo_modulo = dame_nombretipomodulo_idagentemodulo ($pa_config, $agent_module->{'id_tipo_modulo'}, $dbh);
# 1 - generic_data
# 2 - generic_proc
# 3 - generic_data_string
# 4 - generic_data_inc
# 19, 20 - image
if (1 == $agent_module->{'id_tipo_modulo'}) {
module_generic_data ($pa_config, \%part, $timestamp, $agent_name, $tipo_modulo, $dbh);
}
elsif (4 == $agent_module->{'id_tipo_modulo'}) {
module_generic_data_inc ($pa_config, \%part, $timestamp, $agent_name, $tipo_modulo, $dbh);
}
elsif (3 == $agent_module->{'id_tipo_modulo'}) {
module_generic_data_string ($pa_config, \%part, $timestamp, $agent_name, $tipo_modulo, $dbh);
}
# Generic_proc
elsif (2 == $agent_module->{'id_tipo_modulo'}) {
module_generic_proc ($pa_config, \%part, $timestamp, $agent_name, $tipo_modulo, $dbh);
}
elsif ( (19 == $agent_module->{'id_tipo_modulo'}) || (20 == $agent_module->{'id_tipo_modulo'}) ) {
module_generic_image ($pa_config, \%part, $timestamp, $agent_name, $tipo_modulo, $dbh);
}
else { # Unknown module!, this IS a problem
logger ($pa_config, "WMI Server Problem with unknown module type '$tipo_modulo'", 0);
$module_result = 1;
}
# Update agent last contact
# Insert Pandora version as agent version
pandora_lastagentcontact ($pa_config, $timestamp, $agent_name, $pa_config->{'servername'}.$pa_config->{"servermode"}, $pa_config->{'version'}, -1, $dbh);
}
# If something went wrong in module processing...
if ($module_result != 0){
# If module execution get a INVALID value
if ($agent_module->{'intervalo'} == 0){
$module_interval = dame_intervalo ($pa_config, $agent_module->{'id_agente'}, $dbh);
}
# Modules who cannot connect or something go bad, update last_execution_try field
logger ($pa_config, "Cannot obtain exec WMI Module ".$agent_module->{'nombre'}." from agent $agent_name", 2);
my $query_act = "UPDATE tagente_estado SET current_interval = $module_interval, last_execution_try = $utimestamp WHERE id_agente_modulo = ".$agent_module->{'id_agente_modulo'};
$dbh->do($query_act);
}
$exec_sql->finish(); #close tagent_plugin hash reference
}