From 2b047cda9437380f36a759c2f0261049e499154e Mon Sep 17 00:00:00 2001 From: slerena Date: Fri, 14 Aug 2009 18:14:37 +0000 Subject: [PATCH] 2009-08-14 Sancho Lerena MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * linux/pandora_agent_installer: Fixed problems with .conf backup * linux/plugins/iptables_plugin: New agent plugin for Netfilter. * linux/plugins/apache_status: new agent plugin (apache status). * linux/plugins/inventory: Added users and process. Fixed weird problem with inexistant XML attribute VALUE ¿?. Now works fine. * linux/plugins/pandora_df: New agent plugin (disk space). git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@1850 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f --- pandora_agents/ChangeLog | 13 +++ pandora_agents/linux/pandora_agent_installer | 6 +- pandora_agents/linux/plugins/apache_status | 42 +++++++++ pandora_agents/linux/plugins/inventory | 57 +++++++++++- pandora_agents/linux/plugins/iptables_plugin | 95 ++++++++++++++++++++ pandora_agents/linux/plugins/pandora_df | 3 +- 6 files changed, 208 insertions(+), 8 deletions(-) create mode 100755 pandora_agents/linux/plugins/apache_status create mode 100755 pandora_agents/linux/plugins/iptables_plugin diff --git a/pandora_agents/ChangeLog b/pandora_agents/ChangeLog index 9a5a5b79fe..a349f935ce 100644 --- a/pandora_agents/ChangeLog +++ b/pandora_agents/ChangeLog @@ -1,3 +1,16 @@ +2009-08-14 Sancho Lerena + + * linux/pandora_agent_installer: Fixed problems with .conf backup + + * linux/plugins/iptables_plugin: New agent plugin for Netfilter. + + * linux/plugins/apache_status: new agent plugin (apache status). + + * linux/plugins/inventory: Added users and process. Fixed weird + problem with inexistant XML attribute VALUE ¿?. Now works fine. + + * linux/plugins/pandora_df: New agent plugin (disk space). + 2009-08-12 sancho Lerena * linux/pandora_agent: Added LSB tags to startup daemon for SUSE diff --git a/pandora_agents/linux/pandora_agent_installer b/pandora_agents/linux/pandora_agent_installer index c40f07bd7c..a598b2c010 100755 --- a/pandora_agents/linux/pandora_agent_installer +++ b/pandora_agents/linux/pandora_agent_installer @@ -131,10 +131,10 @@ install () { cp pandora_agent_daemon $PANDORA_HOME echo "Copying Pandora FMS Agent configuration file to $PANDORA_HOME/pandora_agent.conf..." - if [ -e $PANDORA_HOME/pandora_agent.conf ] + if [ -e /etc/pandora/pandora_agent.conf ] then - cp $PANDORA_HOME/pandora_agent.conf $PANDORA_HOME/pandora_agent.conf.$OLDFILENAMETMP - echo "Backing up old configuration file to $PANDORA_HOME/pandora_agent.conf.$OLDFILENAMETMP" + cat /etc/pandora/pandora_agent.conf > /etc/pandora/pandora/pandora_agent.conf.$OLDFILENAMETMP + echo "Backing up old configuration file to /etc/pandora_agent.conf.$OLDFILENAMETMP" fi echo "Copying default agent configuration to $PANDORA_HOME/pandora_agent.conf" diff --git a/pandora_agents/linux/plugins/apache_status b/pandora_agents/linux/plugins/apache_status new file mode 100755 index 0000000000..bc9689e838 --- /dev/null +++ b/pandora_agents/linux/plugins/apache_status @@ -0,0 +1,42 @@ +#!/bin/bash + +# THIS PLUGIN needs netcat (nc) and have the status extension enabled in your Apache2. +# Also need to setup advanced status in your apache setup (ExtendedStatus On) + +ASTAT="`echo -e 'GET /server-status?auto HTTP/1.0\n\n' | nc -w 10 localhost 80`" +AP_CPULOAD=`echo $ASTAT | grep -o "CPULoad: [0-9.]*" | awk '{ print $2}'` +AP_REQSEC=`echo $ASTAT | grep -o "ReqPerSec: [0-9.]*" | awk '{ print $2}'` +AP_TOTACC=`echo $ASTAT | grep -o "Total Accesses: [0-9]*" | awk '{ print $3}'` +AP_BUSY=`echo $ASTAT | grep -o "BusyWorkers: [0-9]*" | awk '{ print $2}'` +AP_BPS=`echo $ASTAT | grep -o "BytesPerSec: [0-9]*" | awk '{ print $2}'` + +echo "" +echo "Apache Total Accesses" +echo "generic_data_inc" +echo "$AP_TOTACC" +echo "" + +echo "" +echo "Apache Request per second" +echo "generic_data" +echo "0$AP_REQSEC" +echo "" + +echo "" +echo "Apache Busy Workers" +echo "generic_data" +echo "$AP_BUSY" +echo "" + +echo "" +echo "Apache BytesPerSecond Served" +echo "generic_data" +echo "$AP_BPS" +echo "" + +echo "" +echo "Apache CPULoad" +echo "generic_data" +echo "$AP_CPULOAD" +echo "" + diff --git a/pandora_agents/linux/plugins/inventory b/pandora_agents/linux/plugins/inventory index 02075d2372..56d64e26b8 100755 --- a/pandora_agents/linux/plugins/inventory +++ b/pandora_agents/linux/plugins/inventory @@ -1,12 +1,11 @@ #!/usr/bin/perl ############################################################################### # -# Copyright (c) 2009 Ramon Novoa # Copyright (c) 2009 Artica Soluciones Tecnologicas S.L. # # inventory Generate a hardware/software inventory. # -# Sample usage: ./inventory [cpu] [ram] [video] [nic] [hd] [cdrom] [software] [init_services] [filesystem] +# Sample usage: ./inventory [cpu] [ram] [video] [nic] [hd] [cdrom] [software] [init_services] [filesystem] [process] [users] # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -90,6 +89,47 @@ sub get_servicies_init_machine($$) { } } +# Get a list of running processes +sub get_processes ($$) { + my ($name, $modules) = @_; + + my $script = "ps aux"; + + my @services = `$script`; + foreach my $row (@services) { + my %module; + # Remove carriage returns + $row =~ s/[\n\l\f]//g; + $module{'service'} = $row; + $module{'_keys'} = ['service']; + push (@{$modules->{$name}}, \%module); + } +} + +# Get a list of valid users in the system +sub get_users ($$) { + my ($name, $modules) = @_; + + my $script = "cat /etc/passwd"; + my $user = ""; + my $estado = ""; + + my @services = `$script`; + foreach my $row (@services) { + my %module; + + next unless ($row =~ /^([A-Za-z0-9\-\_]*)/); + + $user = $1; + $script = `passwd -S $user`; + if ( $script =~ /^(\S+)\sP./){ + $module{'user'} = $user; + $module{'_keys'} = ['user']; + push (@{$modules->{$name}}, \%module); + } + } +} + # Get a list of installed programs sub get_software_module_data ($$) { my ($name, $modules) = @_; @@ -137,7 +177,7 @@ sub print_module ($$) { $data .= ($data eq '' ? '' : ';') . $item->{$key}; } - print " \n"; + print " \n"; } print " \n"; print " \n"; @@ -145,7 +185,7 @@ sub print_module ($$) { # Check command line parameters if ($#ARGV < 0) { - print "Usage: $0 [cpu] [ram] [video] [nic] [hd] [cdrom] [software] [init_services] [filesystem]\n\n"; + print "Usage: $0 [cpu] [ram] [video] [nic] [hd] [cdrom] [software] [init_services] [filesystem] [users] [process] \n\n"; exit 1; } @@ -222,6 +262,15 @@ if ($enable_all == 1 || $enabled{'filesystem'} == 1) { get_file_system('File system', \%modules); } +#processes +if ($enable_all == 1 || $enabled{'process'} == 1) { + get_processes('Process', \%modules); +} + +#users +if ($enable_all == 1 || $enabled{'users'} == 1){ + get_users ('Users', \%modules); +} # Print module data print "\n"; diff --git a/pandora_agents/linux/plugins/iptables_plugin b/pandora_agents/linux/plugins/iptables_plugin new file mode 100755 index 0000000000..8209f43a7e --- /dev/null +++ b/pandora_agents/linux/plugins/iptables_plugin @@ -0,0 +1,95 @@ +#!/bin/bash + +# ----------------------------------------------------------------- +# Netfilter / GNULinux Network IPTables plugin for Pandora FMS +# (c) Sancho Lerena 2008-2009. +# This is an agent plugin, used only on local agents +# NOTE: This agent needs the system command 'bc' to calculate hex data +# ----------------------------------------------------------------- + +TEMP=/tmp/network.tmp +cat /proc/net/stat/ip_conntrack | tail -1 | tr "[:lower:]" "[:upper:]" > $TEMP +CT_ENTRIES_T=`cat $TEMP | awk '{ print $1 }'` +CT_ENTRIES=`echo "ibase=16; $CT_ENTRIES_T" | bc` +CT_NEW_T=`cat $TEMP | awk '{ print $3 }'` +CT_NEW=`echo "ibase=16; $CT_NEW_T" | bc` +CT_INVALID_T=`cat $TEMP | awk '{ print $4 }'` +CT_INVALID=`echo "ibase=16; $CT_INVALID_T" | bc` + +rm $TEMP 2> /dev/null + +CONTRACKFILE=/tmp/conntrack.pandora +cat /proc/net/ip_conntrack > $CONTRACKFILE 2> /dev/null + +fw_con_established=`cat $CONTRACKFILE | grep ESTABLISH | wc -l` +fw_con_timewait=`cat $CONTRACKFILE | grep TIME_WAIT | wc -l` +fw_con_syn_wait=`cat $CONTRACKFILE | grep SYN_ | wc -l` +fw_con_fin_wait=`cat $CONTRACKFILE | grep FIN_WAIT | wc -l` +fw_con_unreplied=`cat $CONTRACKFILE | grep UNREPLIED | wc -l` +fw_enabled=`cat /proc/sys/net/ipv4/ip_forward` + +rm $CONTRACKFILE 2> /dev/null + +echo "" +echo "Conntrack Active Entries" +echo "generic_data" +echo "Get active entries in Netfilter conntrack session table" +echo "$CT_ENTRIES" +echo "" + +echo "" +echo "Conntrack New" +echo "generic_data_inc" +echo "Get new connections in Netfilter conntrack session table" +echo "$CT_NEW" +echo "" + +echo "" +echo "Conntrack Invalid" +echo "generic_data_inc" +echo "Get invalid entries in Netfilter conntrack session table" +echo "$CT_INVALID" +echo "" + +echo "" +echo "fw_con_established" +echo "generic_data" +echo "Established connetions on Firewall" +echo "$fw_con_established" +echo "" + +echo "" +echo "fw_con_timewait" +echo "generic_data" +echo "Established connections pending to timeout" +echo "$fw_con_timewait" +echo "" + +echo "" +echo "fw_con_syn_wait" +echo "generic_data" +echo "Not-established connections, waiting to other side" +echo "$fw_con_syn_wait" +echo "" + +echo "" +echo "fw_con_fin_wait" +echo "generic_data" +echo "Established connections waiting FIN on other side" +echo "$fw_con_fin_wait" +echo "" + +echo "" +echo "fw_con_unreplied" +echo "generic_data" +echo "Unreplied connection attempts" +echo "$fw_con_unreplied" +echo "" + +echo "" +echo "fw_enabled" +echo "generic_proc" +echo "Forwarding enabled" +echo "$fw_enabled" +echo "" + diff --git a/pandora_agents/linux/plugins/pandora_df b/pandora_agents/linux/plugins/pandora_df index 2d44cac6fc..e54069685d 100755 --- a/pandora_agents/linux/plugins/pandora_df +++ b/pandora_agents/linux/plugins/pandora_df @@ -63,7 +63,8 @@ while (my ($filesystem, $use) = each (%filesystems)) { print "\n"; print "\n"; print "\n"; - print "\n"; + print "\n"; + print "% of usage in this volume\n"; print "\n"; }