tyler.durden/pandorafms
1
0
Fork 0
mirror of https://github.com/pandorafms/pandorafms.git synced 2025-07-31 01:35:36 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/develop' into ent-10847-modo-standby-en-vista-ha

Browse Source
This commit is contained in:
Calvo 2024-01-17 16:36:08 +01:00
commit 50e6a44002
745 changed files with 583024 additions and 132848 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

82
extras/deploy-scripts/pandora_agent_deploy.sh
View File

@ -78,16 +78,16 @@ cd unix && ./pandora_agent_installer --install
}
install_autodiscover () {
local arch=$1
wget http://firefly.pandorafms.com/projects/autodiscover-linux.zip
unzip autodiscover-linux.zip
chmod +x $arch/autodiscover
mv -f $arch/autodiscover /etc/pandora/plugins/autodiscover
}
# install_autodiscover () {
# local arch=$1
# wget http://firefly.pandorafms.com/projects/autodiscover-linux.zip
# unzip autodiscover-linux.zip
# chmod +x $arch/autodiscover
# mv -f $arch/autodiscover /etc/pandora/plugins/autodiscover
# }
## Main
echo "Starting PandoraFMS Agent deployment ver. $S_VERSION"
echo "Starting PandoraFMS Agent binary deployment ver. $S_VERSION"
execute_cmd "[ $PANDORA_SERVER_IP ]" 'Check Server IP Address' 'Please define env variable PANDORA_SERVER_IP'
@ -104,8 +104,6 @@ OS=$([[ $(grep '^ID_LIKE=' /etc/os-release) ]] && grep ^ID_LIKE= /etc/os-release
[[ $OS =~ 'rhel' ]] && OS_RELEASE=$OS
[[ $OS =~ 'fedora' ]] && OS_RELEASE=$OS
[[ $OS =~ 'debian' ]] && OS_RELEASE=$OS
#[[ $OS == 'rhel fedora' ]] && OS_RELEASE=$OS
#[[ $OS == 'centos rhel fedora' ]] && OS_RELEASE=$OS
# initialice logfile
execute_cmd "echo 'Starting community deployment' > $LOGFILE" "All installer activity is logged on $LOGFILE"
@ -126,6 +124,30 @@ check_repo_connection
execute_cmd "grep --version" 'Checking needed tools: grep'
execute_cmd "sed --version" 'Checking needed tools: sed'
# Arch check
arch=$(uname -m)
case $arch in
x86_64)
echo -e "${cyan}Arch: $arch ${reset} "
;;
x86)
echo -e "${yellow}Skiping installation arch: $arch not suported by binary agent please consider to install source agent${reset}"
exit -1
;;
armv7l)
echo -e "${yellow}Skiping installation arch: $arch not suported by binary agent please consider to install source agent${reset}"
exit -1
;;
*)
echo -e "${yellow}Skiping installation arch: $arch not suported by binary agent please consider to install source agent${reset}"
exit -1
;;
esac
# Creating working directory
rm -rf $HOME/pandora_deploy_tmp/ &>> $LOGFILE
mkdir $HOME/pandora_deploy_tmp &>> $LOGFILE
@ -148,6 +170,10 @@ if [[ $OS_RELEASE =~ 'rhel' ]] || [[ $OS_RELEASE =~ 'fedora' ]]; then
# Check rh version
if [ $(sed -nr 's/VERSION_ID+=\s*"([0-9]).*"$/\1/p' /etc/os-release) -eq '8' ] ; then
package_manager_cmd=dnf
execute_cmd "$package_manager_cmd install -y libnsl" "Installing dependencies"
elif [ $(sed -nr 's/VERSION_ID+=\s*"([0-9]).*"$/\1/p' /etc/os-release) -eq '9' ] ; then
package_manager_cmd=dnf
execute_cmd "$package_manager_cmd install -y libnsl libxcrypt-compat" "Installing dependencies"
elif [ $(sed -nr 's/VERSION_ID+=\s*"([0-9]).*"$/\1/p' /etc/os-release) -eq '7' ] ; then
package_manager_cmd=yum
@ -158,24 +184,23 @@ if [[ $OS_RELEASE =~ 'rhel' ]] || [[ $OS_RELEASE =~ 'fedora' ]]; then
echo -e "${cyan}Installing agent dependencies...${reset}" ${green}OK${reset}
# Insatall pandora agent
$package_manager_cmd install -y http://firefly.pandorafms.com/pandorafms/latest/RHEL_CentOS/pandorafms_agent_linux-7.0NG.noarch.rpm &>> $LOGFILE
echo -en "${cyan}Installing Pandora FMS agent...${reset}"
check_cmd_status 'Error installing Pandora FMS agent'
[[ $PANDORA_AGENT_SSL ]] && execute_cmd "$package_manager_cmd install -y perl-IO-Socket-SSL" "Installing SSL libraries for encrypted connection"
[ "$PANDORA_AGENT_PACKAGE_EL" ] || PANDORA_AGENT_PACKAGE_EL="https://firefly.pandorafms.com/pandorafms/latest/RHEL_CentOS/pandorafms_agent_linux_bin-7.0NG.x86_64.rpm"
execute_cmd "$package_manager_cmd install -y ${PANDORA_AGENT_PACKAGE_EL}" 'Installing Pandora FMS agent package'
#[[ $PANDORA_AGENT_SSL ]] && execute_cmd "$package_manager_cmd install -y perl-IO-Socket-SSL" "Installing SSL libraries for encrypted connection"
fi
if [[ $OS_RELEASE == 'debian' ]]; then
[ "$PANDORA_AGENT_PACKAGE_UBUNTU" ] || PANDORA_AGENT_PACKAGE_UBUNTU='https://firefly.pandorafms.com/pandorafms/latest/Tarball/pandorafms_agent_linux-7.0NG.x86_64.tar.gz'
execute_cmd "apt update" 'Updating repos'
execute_cmd "apt install -y perl wget curl unzip procps python3 python3-pip" 'Installing agent dependencies'
execute_cmd 'wget http://firefly.pandorafms.com/pandorafms/latest/Tarball/pandorafms_agent_linux-7.0NG.tar.gz' 'Downloading Pandora FMS agent package'
execute_cmd "apt install -y perl wget curl unzip procps python3 python3-pip" 'Installing agent dependencies'
execute_cmd "curl --output pandorafms_agent_linux-7.0NG.tar.gz ${PANDORA_AGENT_PACKAGE_UBUNTU}" 'Downloading Pandora FMS agent package'
execute_cmd 'install_tarball pandorafms_agent_linux-7.0NG.tar.gz' 'Installing Pandora FMS agent'
[[ $PANDORA_AGENT_SSL ]] && execute_cmd 'apt install -y libio-socket-ssl-perl' "Installing SSL libraries for encrypted connection"
#[[ $PANDORA_AGENT_SSL ]] && execute_cmd 'apt install -y libio-socket-ssl-perl' "Installing SSL libraries for encrypted connection"
cd $HOME/pandora_deploy_tmp
fi
# Configuring Agente
[[ $PANDORA_SERVER_IP ]] && sed -i "s/^server_ip.*$/server_ip $PANDORA_SERVER_IP/g" $PANDORA_AGENT_CONF
[[ $PANDORA_REMOTE_CONFIG ]] && sed -i "s/^remote_config.*$/remote_config $PANDORA_REMOTE_CONFIG/g" $PANDORA_AGENT_CONF
[[ $PANDORA_GROUP ]] && sed -i "s/^group.*$/group $PANDORA_GROUP/g" $PANDORA_AGENT_CONF
@ -187,27 +212,6 @@ fi
[[ $PANDORA_AGENT_SSL ]] && sed -i "s/^#server_ssl.*$/server_ssl $PANDORA_AGENT_SSL/g" $PANDORA_AGENT_CONF
#installing autodiscover
arch=$(uname -m)
case $arch in
x86_64)
execute_cmd 'install_autodiscover x86_64' "installing service autodiscover on $arch" 'Error unable to install autodiscovery'
;;
x86)
execute_cmd 'install_autodiscover x84' "installing service autodiscover on $arch" 'Error unable to install autodiscovery'
;;
armv7l)
echo -e "${cyan}Skiping autodiscover installation arch $arch not suported${reset}"
;;
*)
echo -e "${yellow}Skiping autodiscover installation arch $arch not suported${reset}"
;;
esac
#Starting pandora agent daemon.
execute_cmd '/etc/init.d/pandora_agent_daemon restart' 'Starting Pandora Agent'

37
extras/deploy-scripts/pandora_deploy_community.sh
View File

@ -11,7 +11,7 @@ PANDORA_SERVER_CONF=/etc/pandora/pandora_server.conf
PANDORA_AGENT_CONF=/etc/pandora/pandora_agent.conf
S_VERSION='2023062901'
S_VERSION='2023101101'
LOGFILE="/tmp/pandora-deploy-community-$(date +%F).log"
# define default variables
@ -185,7 +185,7 @@ extra_repos=" \
tar \
yum-utils \
https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm \
http://rpms.remirepo.net/enterprise/remi-release-7.rpm \
https://rpms.remirepo.net/enterprise/remi-release-7.rpm \
https://repo.percona.com/yum/percona-release-latest.noarch.rpm"
execute_cmd "yum install -y $extra_repos" "Installing extra repositories"
@ -285,6 +285,7 @@ console_dependencies=" \
mod_ssl \
libzstd \
openldap-clients \
https://firefly.pandorafms.com/centos8/pandora_gotty-1.0-1.el8.x86_64.rpm \
chromium"
execute_cmd "yum install -y $console_dependencies" "Installing Pandora FMS Console dependencies"
@ -312,7 +313,7 @@ server_dependencies=" \
bind-utils \
whois \
cpanminus \
http://firefly.pandorafms.com/centos7/wmic-1.4-1.el7.x86_64.rpm \
https://firefly.pandorafms.com/centos7/wmic-1.4-1.el7.x86_64.rpm \
https://firefly.pandorafms.com/centos7/pandorawmic-1.0.0-1.x86_64.rpm"
execute_cmd "yum install -y $server_dependencies" "Installing Pandora FMS Server dependencies"
@ -322,13 +323,13 @@ execute_cmd "cpanm -i Thread::Semaphore" "Installing Thread::Semaphore"
# SDK VMware perl dependencies
vmware_dependencies=" \
http://firefly.pandorafms.com/centos8/VMware-vSphere-Perl-SDK-6.5.0-4566394.x86_64.rpm \
https://firefly.pandorafms.com/centos8/VMware-vSphere-Perl-SDK-6.5.0-4566394.x86_64.rpm \
perl-JSON \
perl-Archive-Zip \
openssl-devel \
perl-Crypt-CBC \
perl-Digest-SHA \
http://firefly.pandorafms.com/centos7/perl-Crypt-OpenSSL-AES-0.02-1.el7.x86_64.rpm"
https://firefly.pandorafms.com/centos7/perl-Crypt-OpenSSL-AES-0.02-1.el7.x86_64.rpm"
execute_cmd "yum install -y $vmware_dependencies" "Installing SDK VMware perl dependencies"
# Instant client Oracle
@ -410,7 +411,7 @@ skip-character-set-client-handshake
# Disabling symbolic-links is recommended to prevent assorted security risks
symbolic-links=0
# Mysql optimizations for Pandora FMS
# Please check the documentation in http://pandorafms.com for better results
# Please check the documentation in https://pandorafms.com for better results
max_allowed_packet = 64M
innodb_buffer_pool_size = $POOL_SIZE
@ -461,20 +462,20 @@ export MYSQL_PWD=$DBPASS
#Define packages
#Define packages
if [ "$PANDORA_LTS" -eq '1' ] ; then
[ "$PANDORA_SERVER_PACKAGE" ] || PANDORA_SERVER_PACKAGE="http://firefly.pandorafms.com/pandorafms/latest/RHEL_CentOS/LTS/pandorafms_server-7.0NG.noarch.rpm"
[ "$PANDORA_CONSOLE_PACKAGE" ] || PANDORA_CONSOLE_PACKAGE="http://firefly.pandorafms.com/pandorafms/latest/RHEL_CentOS/LTS/pandorafms_console-7.0NG.noarch.rpm"
[ "$PANDORA_AGENT_PACKAGE" ] || PANDORA_AGENT_PACKAGE="http://firefly.pandorafms.com/pandorafms/latest/RHEL_CentOS/LTS/pandorafms_agent_linux-7.0NG.noarch.rpm"
[ "$PANDORA_SERVER_PACKAGE" ] || PANDORA_SERVER_PACKAGE="https://firefly.pandorafms.com/pandorafms/latest/RHEL_CentOS/LTS/pandorafms_server-7.0NG.noarch.rpm"
[ "$PANDORA_CONSOLE_PACKAGE" ] || PANDORA_CONSOLE_PACKAGE="https://firefly.pandorafms.com/pandorafms/latest/RHEL_CentOS/LTS/pandorafms_console-7.0NG.noarch.rpm"
[ "$PANDORA_AGENT_PACKAGE" ] || PANDORA_AGENT_PACKAGE="https://firefly.pandorafms.com/pandorafms/latest/RHEL_CentOS/LTS/pandorafms_agent_linux-7.0NG.noarch.rpm"
elif [ "$PANDORA_LTS" -ne '1' ] ; then
[ "$PANDORA_SERVER_PACKAGE" ] || PANDORA_SERVER_PACKAGE="http://firefly.pandorafms.com/pandorafms/latest/RHEL_CentOS/pandorafms_server-7.0NG.noarch.rpm"
[ "$PANDORA_CONSOLE_PACKAGE" ] || PANDORA_CONSOLE_PACKAGE="http://firefly.pandorafms.com/pandorafms/latest/RHEL_CentOS/pandorafms_console-7.0NG.noarch.rpm"
[ "$PANDORA_AGENT_PACKAGE" ] || PANDORA_AGENT_PACKAGE="http://firefly.pandorafms.com/pandorafms/latest/RHEL_CentOS/pandorafms_agent_linux-7.0NG.noarch.rpm"
[ "$PANDORA_SERVER_PACKAGE" ] || PANDORA_SERVER_PACKAGE="https://firefly.pandorafms.com/pandorafms/latest/RHEL_CentOS/pandorafms_server-7.0NG.x86_64.rpm"
[ "$PANDORA_CONSOLE_PACKAGE" ] || PANDORA_CONSOLE_PACKAGE="https://firefly.pandorafms.com/pandorafms/latest/RHEL_CentOS/pandorafms_console-7.0NG.x86_64.rpm"
[ "$PANDORA_AGENT_PACKAGE" ] || PANDORA_AGENT_PACKAGE="https://firefly.pandorafms.com/pandorafms/latest/RHEL_CentOS/pandorafms_agent_linux-7.0NG.noarch.rpm"
fi
# if beta is enable
if [ "$PANDORA_BETA" -eq '1' ] ; then
PANDORA_SERVER_PACKAGE="http://firefly.pandorafms.com/pandora_enterprise_nightlies/pandorafms_server-latest.x86_64.rpm"
PANDORA_CONSOLE_PACKAGE="http://firefly.pandorafms.com/pandora_enterprise_nightlies/pandorafms_console-latest.noarch.rpm"
PANDORA_AGENT_PACKAGE="http://firefly.pandorafms.com/pandorafms/latest/RHEL_CentOS/pandorafms_agent_linux-7.0NG.noarch.rpm"
PANDORA_SERVER_PACKAGE="https://firefly.pandorafms.com/pandora_enterprise_nightlies/pandorafms_server-latest.x86_64.rpm"
PANDORA_CONSOLE_PACKAGE="https://firefly.pandorafms.com/pandora_enterprise_nightlies/pandorafms_console-latest.x86_64.rpm"
PANDORA_AGENT_PACKAGE="https://firefly.pandorafms.com/pandorafms/latest/RHEL_CentOS/pandorafms_agent_linux-7.0NG.noarch.rpm"
fi
# Downloading Pandora Packages
@ -710,8 +711,8 @@ systemctl enable tentacle_serverd &>> $LOGFILE
execute_cmd "service tentacle_serverd start" "Starting Tentacle Server"
# Enabling condole cron
execute_cmd "echo \"* * * * * root wget -q -O - --no-check-certificate --load-cookies /tmp/cron-session-cookies --save-cookies /tmp/cron-session-cookies --keep-session-cookies http://127.0.0.1/pandora_console/enterprise/cron.php >> $PANDORA_CONSOLE/log/cron.log\" >> /etc/crontab" "Enabling Pandora FMS Console cron"
echo "* * * * * root wget -q -O - --no-check-certificate --load-cookies /tmp/cron-session-cookies --save-cookies /tmp/cron-session-cookies --keep-session-cookies http://127.0.0.1/pandora_console/enterprise/cron.php >> $PANDORA_CONSOLE/log/cron.log" >> /etc/crontab
execute_cmd "echo \"* * * * * root wget -q -O - --no-check-certificate --load-cookies /tmp/cron-session-cookies --save-cookies /tmp/cron-session-cookies --keep-session-cookies http://127.0.0.1/pandora_console/cron.php >> $PANDORA_CONSOLE/log/cron.log\" >> /etc/crontab" "Enabling Pandora FMS Console cron"
echo "* * * * * root wget -q -O - --no-check-certificate --load-cookies /tmp/cron-session-cookies --save-cookies /tmp/cron-session-cookies --keep-session-cookies http://127.0.0.1/pandora_console/cron.php >> $PANDORA_CONSOLE/log/cron.log" >> /etc/crontab
## Enabling agent
systemctl enable pandora_agent_daemon &>> $LOGFILE
execute_cmd "systemctl start pandora_agent_daemon" "Starting Pandora FMS Agent"
@ -729,7 +730,7 @@ Welcome to Pandora FMS appliance on CentOS
Go to Public http://$ipplublic/pandora_console to login web console
$(ip addr | grep -w "inet" | grep -v "127.0.0.1" | grep -v "172.17.0.1" | awk '{print $2}' | awk -F '/' '{print "Go to Local http://"$1"/pandora_console to login web console"}')
You can find more information at http://pandorafms.com
You can find more information at https://pandorafms.com
EOF_banner

46
extras/deploy-scripts/pandora_deploy_community_el8.sh
View File

@ -14,7 +14,7 @@ PANDORA_SERVER_CONF=/etc/pandora/pandora_server.conf
PANDORA_AGENT_CONF=/etc/pandora/pandora_agent.conf
S_VERSION='2023062901'
S_VERSION='2023101101'
LOGFILE="/tmp/pandora-deploy-community-$(date +%F).log"
# define default variables
@ -264,7 +264,7 @@ if [ "$(grep -Ei 'Red Hat Enterprise' /etc/redhat-release)" ]; then
tar \
dnf-utils \
https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm \
http://rpms.remirepo.net/enterprise/remi-release-8.rpm \
https://rpms.remirepo.net/enterprise/remi-release-8.rpm \
https://repo.percona.com/yum/percona-release-latest.noarch.rpm"
execute_cmd "dnf install -y $extra_repos" "Installing extra repositories"
@ -275,7 +275,7 @@ else
tar \
dnf-utils \
epel-release \
http://rpms.remirepo.net/enterprise/remi-release-8.rpm \
https://rpms.remirepo.net/enterprise/remi-release-8.rpm \
https://repo.percona.com/yum/percona-release-latest.noarch.rpm"
execute_cmd "dnf install -y $extra_repos" "Installing extra repositories"
@ -391,10 +391,12 @@ console_dependencies=" \
mod_ssl \
libzstd \
openldap-clients \
http://firefly.pandorafms.com/centos8/chromium-110.0.5481.177-1.el7.x86_64.rpm \
http://firefly.pandorafms.com/centos8/chromium-common-110.0.5481.177-1.el7.x86_64.rpm \
http://firefly.pandorafms.com/centos8/perl-Net-Telnet-3.04-1.el8.noarch.rpm \
http://firefly.pandorafms.com/centos7/wmic-1.4-1.el7.x86_64.rpm"
https://firefly.pandorafms.com/centos8/chromium-110.0.5481.177-1.el7.x86_64.rpm \
https://firefly.pandorafms.com/centos8/chromium-common-110.0.5481.177-1.el7.x86_64.rpm \
https://firefly.pandorafms.com/centos8/perl-Net-Telnet-3.04-1.el8.noarch.rpm \
https://firefly.pandorafms.com/centos8/pandora_gotty-1.0-1.el8.x86_64.rpm \
https://firefly.pandorafms.com/centos8/pandorafms_made-0.1.0-1.el8.x86_64.rpm \
https://firefly.pandorafms.com/centos7/wmic-1.4-1.el7.x86_64.rpm"
execute_cmd "dnf install -y $console_dependencies" "Installing Pandora FMS Console dependencies"
# Server dependencies
@ -421,7 +423,7 @@ server_dependencies=" \
bind-utils \
whois \
libnsl \
http://firefly.pandorafms.com/centos7/wmic-1.4-1.el7.x86_64.rpm \
https://firefly.pandorafms.com/centos7/wmic-1.4-1.el7.x86_64.rpm \
https://firefly.pandorafms.com/centos8/pandorawmic-1.0.0-1.x86_64.rpm"
execute_cmd "dnf install -y $server_dependencies" "Installing Pandora FMS Server dependencies"
@ -436,8 +438,8 @@ vmware_dependencies=" \
perl-Math-Random-ISAAC \
perl-JSON \
perl-Crypt-SSLeay \
http://firefly.pandorafms.com/centos8/perl-Crypt-OpenSSL-AES-0.02-1.el8.x86_64.rpm \
http://firefly.pandorafms.com/centos8/VMware-vSphere-Perl-SDK-6.5.0-4566394.x86_64.rpm"
https://firefly.pandorafms.com/centos8/perl-Crypt-OpenSSL-AES-0.02-1.el8.x86_64.rpm \
https://firefly.pandorafms.com/centos8/VMware-vSphere-Perl-SDK-6.5.0-4566394.x86_64.rpm"
execute_cmd "dnf install -y $vmware_dependencies" "Installing SDK VMware perl dependencies"
# Instant client Oracle
@ -518,7 +520,7 @@ skip-character-set-client-handshake
# Disabling symbolic-links is recommended to prevent assorted security risks
symbolic-links=0
# Mysql optimizations for Pandora FMS
# Please check the documentation in http://pandorafms.com for better results
# Please check the documentation in https://pandorafms.com for better results
max_allowed_packet = 64M
innodb_buffer_pool_size = $POOL_SIZE
@ -567,20 +569,20 @@ export MYSQL_PWD=$DBPASS
#Define packages
if [ "$PANDORA_LTS" -eq '1' ] ; then
[ "$PANDORA_SERVER_PACKAGE" ] || PANDORA_SERVER_PACKAGE="http://firefly.pandorafms.com/pandorafms/latest/RHEL_CentOS/LTS/pandorafms_server-7.0NG.noarch.rpm"
[ "$PANDORA_CONSOLE_PACKAGE" ] || PANDORA_CONSOLE_PACKAGE="http://firefly.pandorafms.com/pandorafms/latest/RHEL_CentOS/LTS/pandorafms_console-7.0NG.noarch.rpm"
[ "$PANDORA_AGENT_PACKAGE" ] || PANDORA_AGENT_PACKAGE="http://firefly.pandorafms.com/pandorafms/latest/RHEL_CentOS/LTS/pandorafms_agent_linux-7.0NG.noarch.rpm"
[ "$PANDORA_SERVER_PACKAGE" ] || PANDORA_SERVER_PACKAGE="https://firefly.pandorafms.com/pandorafms/latest/RHEL_CentOS/LTS/pandorafms_server-7.0NG.noarch.rpm"
[ "$PANDORA_CONSOLE_PACKAGE" ] || PANDORA_CONSOLE_PACKAGE="https://firefly.pandorafms.com/pandorafms/latest/RHEL_CentOS/LTS/pandorafms_console-7.0NG.noarch.rpm"
[ "$PANDORA_AGENT_PACKAGE" ] || PANDORA_AGENT_PACKAGE="https://firefly.pandorafms.com/pandorafms/latest/RHEL_CentOS/pandorafms_agent_linux_bin-7.0NG.x86_64.rpm"
elif [ "$PANDORA_LTS" -ne '1' ] ; then
[ "$PANDORA_SERVER_PACKAGE" ] || PANDORA_SERVER_PACKAGE="http://firefly.pandorafms.com/pandorafms/latest/RHEL_CentOS/pandorafms_server-7.0NG.noarch.rpm"
[ "$PANDORA_CONSOLE_PACKAGE" ] || PANDORA_CONSOLE_PACKAGE="http://firefly.pandorafms.com/pandorafms/latest/RHEL_CentOS/pandorafms_console-7.0NG.noarch.rpm"
[ "$PANDORA_AGENT_PACKAGE" ] || PANDORA_AGENT_PACKAGE="http://firefly.pandorafms.com/pandorafms/latest/RHEL_CentOS/pandorafms_agent_linux-7.0NG.noarch.rpm"
[ "$PANDORA_SERVER_PACKAGE" ] || PANDORA_SERVER_PACKAGE="https://firefly.pandorafms.com/pandorafms/latest/RHEL_CentOS/pandorafms_server-7.0NG.x86_64.rpm"
[ "$PANDORA_CONSOLE_PACKAGE" ] || PANDORA_CONSOLE_PACKAGE="https://firefly.pandorafms.com/pandorafms/latest/RHEL_CentOS/pandorafms_console-7.0NG.x86_64.rpm"
[ "$PANDORA_AGENT_PACKAGE" ] || PANDORA_AGENT_PACKAGE="https://firefly.pandorafms.com/pandorafms/latest/RHEL_CentOS/pandorafms_agent_linux_bin-7.0NG.x86_64.rpm"
fi
# if beta is enable
if [ "$PANDORA_BETA" -eq '1' ] ; then
PANDORA_SERVER_PACKAGE="http://firefly.pandorafms.com/pandora_enterprise_nightlies/pandorafms_server-latest.x86_64.rpm"
PANDORA_CONSOLE_PACKAGE="http://firefly.pandorafms.com/pandora_enterprise_nightlies/pandorafms_console-latest.noarch.rpm"
PANDORA_AGENT_PACKAGE="http://firefly.pandorafms.com/pandorafms/latest/RHEL_CentOS/pandorafms_agent_linux-7.0NG.noarch.rpm"
PANDORA_SERVER_PACKAGE="https://firefly.pandorafms.com/pandora_enterprise_nightlies/pandorafms_server-latest.x86_64.rpm"
PANDORA_CONSOLE_PACKAGE="https://firefly.pandorafms.com/pandora_enterprise_nightlies/pandorafms_console-latest.x86_64.rpm"
PANDORA_AGENT_PACKAGE="https://firefly.pandorafms.com/pandorafms/latest/RHEL_CentOS/pandorafms_agent_linux_bin-7.0NG.x86_64.rpm"
fi
# Downloading Pandora Packages
@ -828,8 +830,8 @@ systemctl enable tentacle_serverd &>> "$LOGFILE"
execute_cmd "service tentacle_serverd start" "Starting Tentacle Server"
# Enabling condole cron
execute_cmd "echo \"* * * * * root wget -q -O - --no-check-certificate --load-cookies /tmp/cron-session-cookies --save-cookies /tmp/cron-session-cookies --keep-session-cookies http://127.0.0.1/pandora_console/enterprise/cron.php >> $PANDORA_CONSOLE/log/cron.log\" >> /etc/crontab" "Enabling Pandora FMS Console cron"
echo "* * * * * root wget -q -O - --no-check-certificate --load-cookies /tmp/cron-session-cookies --save-cookies /tmp/cron-session-cookies --keep-session-cookies http://127.0.0.1/pandora_console/enterprise/cron.php >> $PANDORA_CONSOLE/log/cron.log" >> /etc/crontab
execute_cmd "echo \"* * * * * root wget -q -O - --no-check-certificate --load-cookies /tmp/cron-session-cookies --save-cookies /tmp/cron-session-cookies --keep-session-cookies http://127.0.0.1/pandora_console/cron.php >> $PANDORA_CONSOLE/log/cron.log\" >> /etc/crontab" "Enabling Pandora FMS Console cron"
echo "* * * * * root wget -q -O - --no-check-certificate --load-cookies /tmp/cron-session-cookies --save-cookies /tmp/cron-session-cookies --keep-session-cookies http://127.0.0.1/pandora_console/cron.php >> $PANDORA_CONSOLE/log/cron.log" >> /etc/crontab
## Enabling agent
systemctl enable pandora_agent_daemon &>> "$LOGFILE"
execute_cmd "systemctl start pandora_agent_daemon" "Starting Pandora FMS Agent"

32
extras/deploy-scripts/pandora_deploy_community_ubuntu_2204.sh
View File

@ -344,6 +344,14 @@ execute_cmd "apt install -y $server_dependencies" "Installing Pandora FMS Server
execute_cmd "installing_docker" "Installing Docker for debug"
# Installing pandora_gotty
execute_cmd "curl --output pandora_gotty.deb https://firefly.pandorafms.com/ubuntu/pandora_gotty_1.0.0.deb" "Downloading pandora_gotty"
execute_cmd "apt install -y ./pandora_gotty.deb" "Intalling pandora_gotty"
# Installing MADE
execute_cmd "curl --output pandora_made.deb https://firefly.pandorafms.com/ubuntu/pandorafms-made_0.1.0-2_amd64.deb" "Downloading pandora MADE"
execute_cmd "apt install -y ./pandora_made.deb" "Intalling pandora MADE"
# wmic and pandorawmic
execute_cmd "curl -O https://firefly.pandorafms.com/pandorafms/utils/bin/wmic" "Downloading wmic"
execute_cmd "curl -O https://firefly.pandorafms.com/pandorafms/utils/bin/pandorawmic" "Downloading pandorawmic"
@ -512,19 +520,19 @@ execute_cmd "systemctl restart mysql" "Configuring and restarting database engin
#Define packages
if [ "$PANDORA_LTS" -eq '1' ] ; then
[ "$PANDORA_SERVER_PACKAGE" ] || PANDORA_SERVER_PACKAGE="http://firefly.pandorafms.com/pandorafms/latest/Tarball/LTS/pandorafms_server-7.0NG.tar.gz"
[ "$PANDORA_CONSOLE_PACKAGE" ] || PANDORA_CONSOLE_PACKAGE="http://firefly.pandorafms.com/pandorafms/latest/Tarball/LTS/pandorafms_console-7.0NG.tar.gz"
[ "$PANDORA_AGENT_PACKAGE" ] || PANDORA_AGENT_PACKAGE="http://firefly.pandorafms.com/pandorafms/latest/Tarball/LTS/pandorafms_agent_linux-7.0NG.tar.gz"
[ "$PANDORA_SERVER_PACKAGE" ] || PANDORA_SERVER_PACKAGE="https://firefly.pandorafms.com/pandorafms/latest/Tarball/LTS/pandorafms_server-7.0NG.tar.gz"
[ "$PANDORA_CONSOLE_PACKAGE" ] || PANDORA_CONSOLE_PACKAGE="https://firefly.pandorafms.com/pandorafms/latest/Tarball/LTS/pandorafms_console-7.0NG.tar.gz"
[ "$PANDORA_AGENT_PACKAGE" ] || PANDORA_AGENT_PACKAGE="https://firefly.pandorafms.com/pandorafms/latest/Tarball/pandorafms_agent_linux-7.0NG.x86_64.tar.gz"
elif [ "$PANDORA_LTS" -ne '1' ] ; then
[ "$PANDORA_SERVER_PACKAGE" ] || PANDORA_SERVER_PACKAGE="http://firefly.pandorafms.com/pandorafms/latest/Tarball/pandorafms_server-7.0NG.tar.gz"
[ "$PANDORA_CONSOLE_PACKAGE" ] || PANDORA_CONSOLE_PACKAGE="http://firefly.pandorafms.com/pandorafms/latest/Tarball/pandorafms_console-7.0NG.tar.gz"
[ "$PANDORA_AGENT_PACKAGE" ] || PANDORA_AGENT_PACKAGE="http://firefly.pandorafms.com/pandorafms/latest/Tarball/pandorafms_agent_linux-7.0NG.tar.gz"
[ "$PANDORA_SERVER_PACKAGE" ] || PANDORA_SERVER_PACKAGE="https://firefly.pandorafms.com/pandorafms/latest/Tarball/pandorafms_server-7.0NG.tar.gz"
[ "$PANDORA_CONSOLE_PACKAGE" ] || PANDORA_CONSOLE_PACKAGE="https://firefly.pandorafms.com/pandorafms/latest/Tarball/pandorafms_console-7.0NG.tar.gz"
[ "$PANDORA_AGENT_PACKAGE" ] || PANDORA_AGENT_PACKAGE=" https://firefly.pandorafms.com/pandorafms/latest/Tarball/pandorafms_agent_linux-7.0NG.x86_64.tar.gz"
fi
if [ "$PANDORA_BETA" -eq '1' ] ; then
PANDORA_SERVER_PACKAGE="http://firefly.pandorafms.com/pandora_enterprise_nightlies/pandorafms_server-latest_x86_64.tar.gz"
PANDORA_CONSOLE_PACKAGE="http://firefly.pandorafms.com/pandora_enterprise_nightlies/pandorafms_console-latest.tar.gz"
PANDORA_AGENT_PACKAGE="http://firefly.pandorafms.com/pandorafms/latest/Tarball/pandorafms_agent_linux-7.0NG.tar.gz"
PANDORA_SERVER_PACKAGE="https://firefly.pandorafms.com/pandora_enterprise_nightlies/pandorafms_server-latest.tar.gz"
PANDORA_CONSOLE_PACKAGE="https://firefly.pandorafms.com/pandora_enterprise_nightlies/pandorafms_console-latest.tar.gz"
PANDORA_AGENT_PACKAGE="https://firefly.pandorafms.com/pandorafms/latest/Tarball/pandorafms_agent_linux-7.0NG.x86_64.tar.gz"
fi
# Downloading Pandora Packages
@ -819,8 +827,8 @@ execute_cmd "service tentacle_serverd start" "Starting Tentacle Server"
systemctl enable tentacle_serverd &>> "$LOGFILE"
# Enabling console cron
execute_cmd "echo \"* * * * * root wget -q -O - --no-check-certificate --load-cookies /tmp/cron-session-cookies --save-cookies /tmp/cron-session-cookies --keep-session-cookies http://127.0.0.1/pandora_console/enterprise/cron.php >> $PANDORA_CONSOLE/log/cron.log\" >> /etc/crontab" "Enabling Pandora FMS Console cron"
echo "* * * * * root wget -q -O - --no-check-certificate --load-cookies /tmp/cron-session-cookies --save-cookies /tmp/cron-session-cookies --keep-session-cookies http://127.0.0.1/pandora_console/enterprise/cron.php >> $PANDORA_CONSOLE/log/cron.log" >> /etc/crontab
execute_cmd "echo \"* * * * * root wget -q -O - --no-check-certificate --load-cookies /tmp/cron-session-cookies --save-cookies /tmp/cron-session-cookies --keep-session-cookies http://127.0.0.1/pandora_console/cron.php >> $PANDORA_CONSOLE/log/cron.log\" >> /etc/crontab" "Enabling Pandora FMS Console cron"
echo "* * * * * root wget -q -O - --no-check-certificate --load-cookies /tmp/cron-session-cookies --save-cookies /tmp/cron-session-cookies --keep-session-cookies http://127.0.0.1/pandora_console/cron.php >> $PANDORA_CONSOLE/log/cron.log" >> /etc/crontab
# Enabling pandoradb cron
execute_cmd "echo 'enabling pandoradb cron' >> $PANDORA_CONSOLE/log/cron.log\" >> /etc/crontab" "Enabling Pandora FMS pandoradb cron"
@ -829,7 +837,7 @@ echo "@hourly root bash -c /etc/cron.hourly/pandora_db" >> /etc/cront
## Enabling agent adn configuring Agente
sed -i "s/^remote_config.*$/remote_config 1/g" $PANDORA_AGENT_CONF &>> "$LOGFILE"
execute_cmd "/etc/init.d/pandora_agent_daemon start" "Starting PandoraFSM Agent"
execute_cmd "/etc/init.d/pandora_agent_daemon restart" "Starting PandoraFSM Agent"
systemctl enable pandora_agent_daemon &>> "$LOGFILE"
#fix path phantomjs

1
extras/docker/centos8/docker-compose.yml
View File

@ -32,6 +32,7 @@ services:
PUBLICURL: ""
SLEEP: 5
RETRIES: 10
TZ: 'Europe/Madrid'
networks:
- pandora
ports:

2
extras/docker/centos8/pandora-stack/Dockerfile
View File

@ -10,6 +10,8 @@ ENV DBPORT=3306
ENV SLEEP=5
ENV RETRIES=1
ENV OPEN=1
ENV TZ='Europe/Madrid'
ENV LC_ALL=C

4
extras/docker/centos8/pandora-stack/sources/init_pandora.sh
View File

@ -230,6 +230,10 @@ fi
echo "" > /opt/pandora/crontasks || touch /opt/pandora/crontasks
#set localtime
rm -rf /etc/localtime
ln -s /usr/share/zoneinfo/$TZ /etc/localtime
#install pandora packages
echo "-> Istalling pandorafms"
cd /opt/pandora

1
extras/pandora_gotty/.gitattributes vendored Normal file
View File

@ -0,0 +1 @@
src/pandora_gotty filter=lfs diff=lfs merge=lfs -text

2
extras/pandora_gotty/.gitignore vendored Normal file
View File

@ -0,0 +1,2 @@
*.rpm
*.deb

8
extras/pandora_gotty/Dockerfile-RPM Normal file
View File

@ -0,0 +1,8 @@
FROM rockylinux:8
RUN dnf install -y rpm-build rpmdevtools
RUN rpmdev-setuptree
RUN mkdir /root/pandora_gotty
WORKDIR /root/pandora_gotty
#CMD bash build.sh

6
extras/pandora_gotty/Dockerfile-deb Normal file
View File

@ -0,0 +1,6 @@
FROM ubuntu:22.04
RUN apt-get update
RUN apt-get install -y dh-make debhelper build-essential
RUN mkdir /root/pandora_gotty
WORKDIR /root/pandora_gotty

1
extras/pandora_gotty/README.md Normal file
View File

@ -0,0 +1 @@
To create the .deb and .rpm package need to hace docker installed on main system and execit `build_all_docker.sh`

11
extras/pandora_gotty/build_all_docker.sh Executable file
View File

@ -0,0 +1,11 @@
#Build RPM
docker build -t pandora_gotty_builder_rpm -f Dockerfile-RPM . || exit 1
docker run --rm -it -v `pwd`:/root/pandora_gotty pandora_gotty_builder_rpm /root/pandora_gotty/build_rpm.sh || exit 1
#Buikd DEB
docker build -t pandora_gotty_builder_deb -f Dockerfile-deb . || exit 1
docker run --rm -it -v `pwd`:/root/pandora_gotty pandora_gotty_builder_deb /root/pandora_gotty/build_deb.sh || exit 1
echo " - Done"
pwd
ls -l | grep -E "(\.deb|\.rpm)"

17
extras/pandora_gotty/build_deb.sh Executable file
View File

@ -0,0 +1,17 @@
#!/bin/bash
#DEB
cd deb
VERSION=$(grep 'Version:' pandora_gotty/DEBIAN/control | awk '{print $2}')
mkdir -p pandora_gotty/usr/bin
mkdir -p pandora_gotty/etc/pandora_gotty
cp -a ../src/pandora_gotty pandora_gotty/usr/bin
cp -a ../src/pandora_gotty.conf pandora_gotty/etc/pandora_gotty
curl -SsL --output pandora_gotty/usr/bin/pandora_gotty_exec http://192.168.50.31/installers/installers/Linux/x86_64/pandora_gotty_exec
chmod +x pandora_gotty/usr/bin/pandora_gotty_exec
dpkg-deb --build pandora_gotty
mv pandora_gotty.deb ../
rm -rf pandora_gotty/usr/
rm -rf pandora_gotty/etc/
cd ..
mv pandora_gotty.deb pandora_gotty_${VERSION}.deb
chmod 777 pandora_gotty_${VERSION}.deb

15
extras/pandora_gotty/build_rpm.sh Executable file
View File

@ -0,0 +1,15 @@
#!/bin/bash
#RPM
VERSION=$(grep '%define version' pandora_gotty.spec | awk '{print $3}')
mkdir -p pandora_gotty-${VERSION}
cp src/pandora_gotty pandora_gotty-${VERSION}/
cp src/pandora_gotty.conf pandora_gotty-${VERSION}/
curl -SsL --output pandora_gotty-${VERSION}/pandora_gotty_exec http://192.168.50.31/installers/installers/Linux/x86_64/pandora_gotty_exec
chmod +x pandora_gotty-${VERSION}/pandora_gotty_exec
tar -cvzf pandora_gotty-${VERSION}.tar.gz pandora_gotty-${VERSION}/*
mv pandora_gotty-${VERSION}.tar.gz ${HOME}/rpmbuild/SOURCES/
rm -rf ${HOME}/rpmbuild/RPMS/x86_64/pandora_gotty*
rpmbuild -ba pandora_gotty.spec
rm -rf pandora_gotty-${VERSION}
mv ${HOME}/rpmbuild/RPMS/x86_64/pandora_gotty* .
chmod 777 *.rpm

3
extras/pandora_gotty/deb/.gitignore vendored Normal file
View File

@ -0,0 +1,3 @@
*.deb
**/usr
**/etc

5
extras/pandora_gotty/deb/pandora_gotty/DEBIAN/changelog Normal file
View File

@ -0,0 +1,5 @@
pandora_gotty (1.0-1) stable; urgency=low
* Initial release.
-- PandoraFMS Mon, 18 Sep 2023 00:00:00 +0000

9
extras/pandora_gotty/deb/pandora_gotty/DEBIAN/control Normal file
View File

@ -0,0 +1,9 @@
Source: pandora_gotty
Section: utils
Version: 1.1.0
Priority: optional
Maintainer: PandoraFMS
Build-Depends: debhelper (>= 12)
Package: pandora-gotty
Architecture: amd64
Description: pandora_gotty for Pandora FMS.

41
extras/pandora_gotty/pandora_gotty.spec Normal file
View File

@ -0,0 +1,41 @@
%define name pandora_gotty
%define version 1.1
%define release 1%{?dist}
Summary: pandora_gptty for Pandora FMS
Name: %{name}
Version: %{version}
Release: %{release}
License: GPL
Vendor: PandoraFMS
Source0: %{name}-%{version}.tar.gz
URL: https://pandorafms.com
Group: System/Monitoring
Packager: PandoraFMS
BuildArch: x86_64
Provides: %{name}-%{version}
%description
pandora_gotty for Pandora FMS.
%prep
%setup -q
%install
rm -rf $RPM_BUILD_ROOT
mkdir -p $RPM_BUILD_ROOT/%{_bindir}
mkdir -p %{buildroot}/etc/pandora_gotty/
cp %{name} $RPM_BUILD_ROOT/%{_bindir}
cp pandora_gotty_exec $RPM_BUILD_ROOT/%{_bindir}
cp pandora_gotty.conf %{buildroot}/etc/pandora_gotty/
%clean
rm -Rf $RPM_BUILD_ROOT
%files
%defattr(-,root,root,-)
%config(noreplace) /etc/pandora_gotty/pandora_gotty.conf
%{_bindir}/%{name}
%{_bindir}/pandora_gotty_exec
%changelog
* Mon Sep 18 2023 PandoraFMS - 1.0-1
- Initial RPM release

2
extras/pandora_gotty/src/.gitignore vendored Normal file
View File

@ -0,0 +1,2 @@
*rpm
bin/*

3
extras/pandora_gotty/src/pandora_gotty Executable file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:3758eddb64db79c6ea1dac4cb200ee8ec86ef3f51723dad5be4365a1315b952b
size 13642854

29
extras/pandora_gotty/src/pandora_gotty.conf Normal file
View File

@ -0,0 +1,29 @@
//Pandora Gotty config file
// [bool] Permit clients to write to the TTY
permit_write = true
// [bool] Permit clients to send command line arguments in URL (e.g. http://example.com:8080/?arg=AAA&arg=BBB)
permit_arguments = true
// [bool] Enable random URL generation
enable_random_url = true
// [int] Default length of random strings appended to URL
// To enable random URL generation, set `true` to `enable_random_url`
random_url_length = 32
// [bool] Enable TLS/SSL
// enable_tls = false
// [string] Default TLS certificate file path
// tls_crt_file = "~/.gotty.crt"
// [string] Default TLS key file path
// tls_key_file = "~/.gotty.key"
// [bool] Enable client certificate authentication
// enable_tls_client_auth = false
// [string] Certificate file of CA for client certificates
// tls_ca_crt_file = "~/.gotty.ca.crt"

110
extras/pandora_gotty/src/pandora_gotty_exec.py Normal file
View File

@ -0,0 +1,110 @@
#!/usr/bin/env python
# -*- coding: utf-8 -*-
__author__ = "PandoraFMS Team"
__copyright__ = "Copyright 2023, PandoraFMS"
#__credits__ = ["Rob Knight", "Peter Maxwell", "Gavin Huttley", "Matthew Wakefield"]
__maintainer__ = "Projects/QA department"
__status__ = "Prod"
__version__ = "1.0"
import sys, argparse, signal, re, datetime, subprocess
info= f"""
SSH and TELNET helper for pandora_gotty.
Version: {__version__}
"""
parser = argparse.ArgumentParser(description= info, formatter_class=argparse.RawTextHelpFormatter)
parser.add_argument('exec_cmd',
help='Aplication to be executed, avalibles: ssh or telnet',type=str, choices=['ssh', 'telnet'])
parser.add_argument('address',
help='IP addres or dns name to connect', type=str, default="")
parser.add_argument('port',
help='Port to connect', type=int, default=23)
parser.add_argument('user',
help='Username, only requiered for ssh connection', type=str, default="", nargs='?')
args = parser.parse_args()
# Define a function to handle the SIGINT signal
def sigint_handler(signal, frame):
print ('\nInterrupted by user', file=sys.stderr)
sys.exit(0)
signal.signal(signal.SIGINT, sigint_handler)
# Define a function to handle the SIGTERM signal
def sigterm_handler(signum, frame):
print("Received SIGTERM signal.", file=sys.stderr)
sys.exit(0)
signal.signal(signal.SIGTERM, sigterm_handler)
# Functions
def is_valid_add(add:str):
# Regular expression to match an IP address
ip_pattern = r'^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$'
# Regular expression to match a DNS name (domain name)
dns_pattern = r'^[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$'
if re.match(ip_pattern, add) or re.match(dns_pattern, add):
return True
else:
print(f"Error not valid address: {add}", file=sys.stderr)
return False
def is_valid_username(username:str):
# Regular expression to match a valid Linux username
username_pattern = r'^[a-zA-Z_][a-zA-Z0-9_]{0,31}$'
if re.match(username_pattern, username) is not None:
return True
else:
print(f"Error not valid username: {username}", file=sys.stderr)
return False
def exec_ssh (user:str, add:str, port:int):
# Previus checks
if is_valid_username(user) == False:
return False
if is_valid_add(add) == False:
return False
if port == 0 :
return False
try:
print("> Starting SSH connection...")
ssh_command = f"ssh {user}@{add} -p {port}"
subprocess.run(ssh_command, shell=True, encoding='utf-8', text=True)
except subprocess.CalledProcessError as e:
raise SystemExit(e)
return True
def exec_telnet (add:str, port:int):
# Previus checks
if is_valid_add(add) == False:
return False
try:
print("> Starting Telnet connection...")
ssh_command = f"telnet -E {add} {port}"
subprocess.run(ssh_command, shell=True, encoding='utf-8', text=True)
except subprocess.CalledProcessError as e:
raise SystemExit(e)
return True
# Main
if __name__ == "__main__":
if args.exec_cmd == "ssh":
exec_ssh(args.user, args.address, args.port)
print ("> ssh session finished")
sys.exit(0)
if args.exec_cmd == "telnet":
exec_telnet(args.address, args.port)
print ("> telnet session finished")
sys.exit(0)
sys.exit(0)

4
extras/pandora_update_version.sh
View File

@ -22,6 +22,10 @@ else
fi
SPEC_FILES="$CODEHOME/pandora_console/pandora_console.spec \
$CODEHOME/pandora_agents/unix/pandora_agent.spec \
$CODEHOME/pandora_agents/unix/pandora_agent.redhat_bin.el8.spec \
$CODEHOME/pandora_agents/unix/pandora_agent.redhat_bin.el9.spec \
$CODEHOME/pandora_agents/unix/pandora_agent.redhat_bin.spec \
$CODEHOME/pandora_agents/unix/pandora_agent.redhat.spec \
$CODEHOME/pandora_server/pandora_server.spec \
$PANDHOME_ENT/pandora_console/enterprise/pandora_console_enterprise.spec \
$PANDHOME_ENT/pandora_server/PandoraFMS-Enterprise/pandora_server_enterprise.spec \

2
pandora_agents/pc/AIX/pandora_agent.conf
View File

@ -1,5 +1,5 @@
# Base config file for Pandora FMS agents
# Version 7.0NG.772, AIX version
# Version 7.0NG.775, AIX version
# Licensed under GPL license v2,
# Copyright (c) 2003-2023 Pandora FMS
# http://www.pandorafms.com

2
pandora_agents/pc/FreeBSD/pandora_agent.conf
View File

@ -1,5 +1,5 @@
# Base config file for Pandora FMS agents
# Version 7.0NG.772, FreeBSD Version
# Version 7.0NG.775, FreeBSD Version
# Licensed under GPL license v2,
# Copyright (c) 2003-2023 Pandora FMS
# http://www.pandorafms.com

2
pandora_agents/pc/HP-UX/pandora_agent.conf
View File

@ -1,5 +1,5 @@
# Base config file for Pandora FMS agents
# Version 7.0NG.772, HP-UX Version
# Version 7.0NG.775, HP-UX Version
# Licensed under GPL license v2,
# Copyright (c) 2003-2023 Pandora FMS
# http://www.pandorafms.com

38
pandora_agents/pc/Linux/pandora_agent.conf
View File

@ -1,5 +1,5 @@
# Base config file for Pandora FMS agents
# Version 7.0NG.772, GNU/Linux
# Version 7.0NG.775, GNU/Linux
# Licensed under GPL license v2,
# Copyright (c) 2003-2023 Pandora FMS
# http://www.pandorafms.com
@ -166,7 +166,7 @@ module_description User CPU Usage (%)
module_min_warning 70
module_max_warning 90
module_min_critical 91
module_max_critical 100
module_max_critical 0
module_unit %
module_end
@ -234,6 +234,21 @@ module_description Number of cron task files
module_unit files
module_end
# This module /var/log/syslog file, under the module name "syslog"
# And search for "ssh" string into it, sending only that information.
module_begin
module_name Syslog
module_description Search for ssh string into /var/log/syslog file
module_type log
module_regexp /var/log/syslog
module_pattern ssh
module_end
#Hardening plugin for security compliance analysis. Enable to use it.
#module_begin
#module_plugin /usr/share/pandora_agent/plugins/pandora_hardening -t 150
#module_absoluteinterval 7d
#module_end
# Plugin example
@ -241,11 +256,6 @@ module_end
module_plugin pandora_df
# This parses /var/log/syslog file, under the module name "syslog"
# And search for "ssh" string into it, sending only that information.
module_plugin grep_log /var/log/syslog Syslog ssh
# Get disk space free in MB
#module_begin
#module_name disk_root_free
@ -270,7 +280,6 @@ module_plugin grep_log /var/log/syslog Syslog ssh
#module_end
# Plugin for inventory on the agent.
# module_plugin inventory 1 cpu ram video nic hd cdrom software init_services filesystem users process ip route
# Example of preconditions
@ -300,3 +309,16 @@ module_plugin grep_log /var/log/syslog Syslog ssh
#module_exec echo 5
#module_description Postcondition test module
#module_end
# This plugin runs several security checks in a Linux system
#module_plugin pandora_security_check
# Extraction module example
#module_begin
#module_name Collector
#module_description Logs extraction module
#module_type log
#module_regexp /var/log/logfile.log
#module_pattern .*
#module_end

2
pandora_agents/pc/NT4/pandora_agent.conf
View File

@ -1,5 +1,5 @@
# Base config file for Pandora FMS agents
# Version 7.0NG.772, GNU/Linux
# Version 7.0NG.775, GNU/Linux
# Licensed under GPL license v2,
# Copyright (c) 2003-2023 Pandora FMS
# http://www.pandorafms.com

2
pandora_agents/pc/SunOS/pandora_agent.conf
View File

@ -1,5 +1,5 @@
# Base config file for Pandora FMS agents
# Version 7.0NG.772, Solaris Version
# Version 7.0NG.775, Solaris Version
# Licensed under GPL license v2,
# Copyright (c) 2003-2023 Pandora FMS
# http://www.pandorafms.com

34
pandora_agents/pc/Win32/pandora_agent.conf
View File

@ -1,6 +1,6 @@
# Base config file for Pandora FMS Windows Agent
# (c) 2006-2023 Pandora FMS
# Version 7.0NG.772
# Version 7.0NG.775
# This program is Free Software, you can redistribute it and/or modify it
# under the terms of the GNU General Public Licence as published by the Free Software
# Foundation; either version 2 of the Licence or any later version
@ -119,7 +119,7 @@ module_description CPU Load (%)
module_min_warning 80
module_max_warning 90
module_min_critical 91
module_max_critical 100
module_max_critical 0
module_end
# Number processes
@ -147,22 +147,23 @@ module_max_critical 20
module_end
# Log events
# Get logs from System source.
module_begin
module_name System Events (TermService)
module_type async_string
module_logevent
module_description Log Events coming from Terminal Service
module_type log
module_logevent
module_source System
module_application TermService
module_end
# Get logs from Security source.
module_begin
module_name Security Events (Invalid Login)
module_type async_string
module_description Security log events for invalid login attempt
module_name Security Events
module_description Security log events
module_type log
module_logevent
module_source Security
module_eventcode 529
module_end
# Check if Dhcp service is enabled
@ -219,6 +220,12 @@ module_plugin cscript.exe //B "%ProgramFiles%\Pandora_Agent\util\df.vbs"
# module_description Free space on drive D: (%)
# module_end
# Hardening plugin for security compliance analysis.
# module_begin
# module_plugin "%PROGRAMFILES%\Pandora_Agent\util\pandora_hardening.exe -t 150"
# module_absoluteinterval 7d
# module_end
# Sample of Windows inventory module (ONLY ENTERPRISE)!
#module_begin
#module_name Inventory
@ -344,4 +351,13 @@ module_plugin cscript.exe //B "%ProgramFiles%\Pandora_Agent\util\df.vbs"
#module_condition (3,8) cmd.exe /c echo range >> c:\log.txt
#module_exec echo 5
#module_description Postcondition test module
#module_end
# Example of collector module
#module_begin
#module_name Collector
#module_description Logs extraction module
#module_type log
#module_regexp /var/log/logfile.log
#module_pattern .*
#module_end

3
pandora_agents/pc/Win32/scripts/install_service_restart.bat
View File

@ -1,2 +1,3 @@
@at 00:00 /every:1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30 "%CD%\restart_pandora_agent.bat"
@at 00:00 /every:1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30 "'%CD%\restart_pandora_agent.bat'"
schtasks /change /tn pandora_agent_restart /tr "'%CD%\restart_pandora_agent.bat'"

19
pandora_agents/pc/pandora_agent
View File

@ -54,7 +54,6 @@ if (!$@) {
use constant AGENT_VERSION => '4.0.1';
use constant AGENT_BUILD => '111213';
# Commands to retrieve total memory information in kB
use constant TOTALMEMORY_CMDS => {
linux => 'cat /proc/meminfo | grep MemTotal: | awk \'{ print $2 }\'',
@ -117,7 +116,6 @@ my $ConfDir = '';
# Pandora FMS agent configuration file
my $ConfFile = 'pandora_agent.conf';
# Broker agent configuration files
my @BrokerPid;
@ -264,7 +262,6 @@ sub valid_regexp ($) {
sub rmrf {
my $path = shift;
local *DIR;
if (-d $path) {
opendir (DIR, $path) || return;
while (defined (my $file_name = readdir(DIR))) {
@ -348,7 +345,6 @@ sub log_message ($$;$) {
}
}
}
################################################################################
# Add the given directory to the PATH.
################################################################################
@ -582,7 +578,6 @@ sub write_broker_conf($){
}
while (my $line = <CONF_FILE>){
# Skip broker definitions
if ($line =~ m/^\s*broker_agent/) {
next;
@ -1810,7 +1805,6 @@ sub exec_plugin ($) {
$Sem->down () if (defined ($Sem));
$Xml .= $output;
$Sem->up () if (defined ($Sem));
$ThreadSem->up () if (defined ($ThreadSem) && $Conf{'agent_threads'} > 1);
}
@ -2185,16 +2179,7 @@ sub configure ($) {
#Launch tentacle server in proxy mode if configured
if ($Conf{'proxy_mode'}) {
#Check if user is root
if ($> != 0) {
if (launch_tentacle_proxy() != 0) {
return 1;
}
} else {
error ('Proxy mode can not be launched as root');
return 1;
}
return 1 if (launch_tentacle_proxy() != 0);
}
# Add the plugins directory to the PATH
@ -2287,4 +2272,4 @@ This is released under the GNU Lesser General Public License.
Copyright (c) 2005-2023 Pandora FMS
=cut
=cut

1
pandora_agents/plugins/windows/pandora_security_win/.gitignore vendored Normal file
View File

@ -0,0 +1 @@
dist

10
pandora_agents/plugins/windows/pandora_security_win/Makefile Normal file
View File

@ -0,0 +1,10 @@
# Makefile for winexe.py.
.PHONY: all build_image pandora_security_win.py
all: build_image pandora_security_win.py
build_image:
docker build -t pandora_security_win docker/
pandora_security_win.py:
docker run --rm -t -v`pwd`:/pybuild pandora_security_win

5
pandora_agents/plugins/windows/pandora_security_win/build.sh Normal file
View File

@ -0,0 +1,5 @@
#!/bin/bash
# Build the winexe binary.
wine pip install -r src/requirements.txt
wine pyinstaller --onefile src/pandora_security_win.py
rm -rf build/ __pycache__/ pandora_security_win.spec

34
pandora_agents/plugins/windows/pandora_security_win/docker/Dockerfile Normal file
View File

@ -0,0 +1,34 @@
FROM i386/debian
# Update the package list.
RUN apt-get update
# Install needed packages.
RUN apt-get install --yes \
gnupg2 \
unzip \
software-properties-common \
wget \
xvfb
# Install WineHQ.
RUN wget -q https://dl.winehq.org/wine-builds/winehq.key -O- | apt-key add -
RUN apt-add-repository https://dl.winehq.org/wine-builds/debian/; apt-get update
RUN apt-get install --yes --install-recommends wine
# Use Windows 10.
COPY winetricks /tmp/winetricks
RUN /bin/bash /tmp/winetricks win10; rm -f /tmp/winetricks
# Install Python.
RUN wget https://www.python.org/ftp/python/3.8.10/python-3.8.10.exe
RUN xvfb-run wine python-3.8.10.exe /quiet Include_doc=0 Include_dev=0 Include_test=0 InstallAllUsers=1 PrependPath=1 TargetDir=c:\python; echo
ENV WINEPATH="c:\\python;c:\\python\Scripts"
# Install Python modules..
RUN wine pip.exe install wheel
RUN wine pip.exe install pyinstaller
VOLUME ["/pybuild"]
WORKDIR "/pybuild"
ENTRYPOINT ["/bin/bash", "/pybuild/build.sh"]

23525
pandora_agents/plugins/windows/pandora_security_win/docker/winetricks Normal file
View File

File diff suppressed because it is too large Load Diff

406
pandora_agents/plugins/windows/pandora_security_win/src/pandora_security_win.py Normal file
View File

@ -0,0 +1,406 @@
import wmi, sys, winreg, os, subprocess, json, re
from datetime import datetime, timedelta
## Define modules
modules=[]
def print_module(module, print_flag=None):
"""Returns module in XML format. Accepts only {dict}.\n
- Only works with one module at a time: otherwise iteration is needed.
- Module "value" field accepts str type or [list] for datalists.
- Use print_flag to show modules' XML in STDOUT.
"""
data = dict(module)
module_xml = ("<module>\n"
"\t<name><![CDATA[" + str(data["name"]) + "]]></name>\n"
"\t<type>" + str(data["type"]) + "</type>\n"
)
if type(data["type"]) is not str and "string" not in data["type"]: #### Strip spaces if module not generic_data_string
data["value"] = data["value"].strip()
if isinstance(data["value"], list): # Checks if value is a list
module_xml += "\t<datalist>\n"
for value in data["value"]:
if type(value) is dict and "value" in value:
module_xml += "\t<data>\n"
module_xml += "\t\t<value><![CDATA[" + str(value["value"]) + "]]></value>\n"
if "timestamp" in value:
module_xml += "\t\t<timestamp><![CDATA[" + str(value["timestamp"]) + "]]></timestamp>\n"
module_xml += "\t</data>\n"
module_xml += "\t</datalist>\n"
else:
module_xml += "\t<data><![CDATA[" + str(data["value"]) + "]]></data>\n"
if "desc" in data:
module_xml += "\t<description><![CDATA[" + str(data["desc"]) + "]]></description>\n"
if "unit" in data:
module_xml += "\t<unit><![CDATA[" + str(data["unit"]) + "]]></unit>\n"
if "interval" in data:
module_xml += "\t<module_interval><![CDATA[" + str(data["interval"]) + "]]></module_interval>\n"
if "tags" in data:
module_xml += "\t<tags>" + str(data["tags"]) + "</tags>\n"
if "module_group" in data:
module_xml += "\t<module_group>" + str(data["module_group"]) + "</module_group>\n"
if "module_parent" in data:
module_xml += "\t<module_parent>" + str(data["module_parent"]) + "</module_parent>\n"
if "min_warning" in data:
module_xml += "\t<min_warning><![CDATA[" + str(data["min_warning"]) + "]]></min_warning>\n"
if "min_warning_forced" in data:
module_xml += "\t<min_warning_forced><![CDATA[" + str(data["min_warning_forced"]) + "]]></min_warning_forced>\n"
if "max_warning" in data:
module_xml += "\t<max_warning><![CDATA[" + str(data["max_warning"]) + "]]></max_warning>\n"
if "max_warning_forced" in data:
module_xml += "\t<max_warning_forced><![CDATA[" + str(data["max_warning_forced"]) + "]]></max_warning_forced>\n"
if "min_critical" in data:
module_xml += "\t<min_critical><![CDATA[" + str(data["min_critical"]) + "]]></min_critical>\n"
if "min_critical_forced" in data:
module_xml += "\t<min_critical_forced><![CDATA[" + str(data["min_critical_forced"]) + "]]></min_critical_forced>\n"
if "max_critical" in data:
module_xml += "\t<max_critical><![CDATA[" + str(data["max_critical"]) + "]]></max_critical>\n"
if "max_critical_forced" in data:
module_xml += "\t<max_critical_forced><![CDATA[" + str(data["max_critical_forced"]) + "]]></max_critical_forced>\n"
if "str_warning" in data:
module_xml += "\t<str_warning><![CDATA[" + str(data["str_warning"]) + "]]></str_warning>\n"
if "str_warning_forced" in data:
module_xml += "\t<str_warning_forced><![CDATA[" + str(data["str_warning_forced"]) + "]]></str_warning_forced>\n"
if "str_critical" in data:
module_xml += "\t<str_critical><![CDATA[" + str(data["str_critical"]) + "]]></str_critical>\n"
if "str_critical_forced" in data:
module_xml += "\t<str_critical_forced><![CDATA[" + str(data["str_critical_forced"]) + "]]></str_critical_forced>\n"
if "critical_inverse" in data:
module_xml += "\t<critical_inverse><![CDATA[" + str(data["critical_inverse"]) + "]]></critical_inverse>\n"
if "warning_inverse" in data:
module_xml += "\t<warning_inverse><![CDATA[" + str(data["warning_inverse"]) + "]]></warning_inverse>\n"
if "max" in data:
module_xml += "\t<max><![CDATA[" + str(data["max"]) + "]]></max>\n"
if "min" in data:
module_xml += "\t<min><![CDATA[" + str(data["min"]) + "]]></min>\n"
if "post_process" in data:
module_xml += "\t<post_process><![CDATA[" + str(data["post_process"]) + "]]></post_process>\n"
if "disabled" in data:
module_xml += "\t<disabled><![CDATA[" + str(data["disabled"]) + "]]></disabled>\n"
if "min_ff_event" in data:
module_xml += "\t<min_ff_event><![CDATA[" + str(data["min_ff_event"]) + "]]></min_ff_event>\n"
if "status" in data:
module_xml += "\t<status><![CDATA[" + str(data["status"]) + "]]></status>\n"
if "timestamp" in data:
module_xml += "\t<timestamp><![CDATA[" + str(data["timestamp"]) + "]]></timestamp>\n"
if "custom_id" in data:
module_xml += "\t<custom_id><![CDATA[" + str(data["custom_id"]) + "]]></custom_id>\n"
if "critical_instructions" in data:
module_xml += "\t<critical_instructions><![CDATA[" + str(data["critical_instructions"]) + "]]></critical_instructions>\n"
if "warning_instructions" in data:
module_xml += "\t<warning_instructions><![CDATA[" + str(data["warning_instructions"]) + "]]></warning_instructions>\n"
if "unknown_instructions" in data:
module_xml += "\t<unknown_instructions><![CDATA[" + str(data["unknown_instructions"]) + "]]></unknown_instructions>\n"
if "quiet" in data:
module_xml += "\t<quiet><![CDATA[" + str(data["quiet"]) + "]]></quiet>\n"
if "module_ff_interval" in data:
module_xml += "\t<module_ff_interval><![CDATA[" + str(data["module_ff_interval"]) + "]]></module_ff_interval>\n"
if "crontab" in data:
module_xml += "\t<crontab><![CDATA[" + str(data["crontab"]) + "]]></crontab>\n"
if "min_ff_event_normal" in data:
module_xml += "\t<min_ff_event_normal><![CDATA[" + str(data["min_ff_event_normal"]) + "]]></min_ff_event_normal>\n"
if "min_ff_event_warning" in data:
module_xml += "\t<min_ff_event_warning><![CDATA[" + str(data["min_ff_event_warning"]) + "]]></min_ff_event_warning>\n"
if "min_ff_event_critical" in data:
module_xml += "\t<min_ff_event_critical><![CDATA[" + str(data["min_ff_event_critical"]) + "]]></min_ff_event_critical>\n"
if "ff_type" in data:
module_xml += "\t<ff_type><![CDATA[" + str(data["ff_type"]) + "]]></ff_type>\n"
if "ff_timeout" in data:
module_xml += "\t<ff_timeout><![CDATA[" + str(data["ff_timeout"]) + "]]></ff_timeout>\n"
if "each_ff" in data:
module_xml += "\t<each_ff><![CDATA[" + str(data["each_ff"]) + "]]></each_ff>\n"
if "module_parent_unlink" in data:
module_xml += "\t<module_parent_unlink><![CDATA[" + str(data["parent_unlink"]) + "]]></module_parent_unlink>\n"
if "global_alerts" in data:
for alert in data["alert"]:
module_xml += "\t<alert_template><![CDATA[" + alert + "]]></alert_template>\n"
module_xml += "</module>\n"
if print_flag:
print (module_xml)
return (module_xml)
def check_antivirus_status():
try:
wmi_obj = wmi.WMI(namespace="root/SecurityCenter2")
antivirus_products = wmi_obj.query("SELECT * FROM AntivirusProduct")
for product in antivirus_products:
display_name = product.displayName
product_state = product.productState
product_state_hex = hex(product_state)
last_update = product.timestamp
atv_status = int(product_state_hex[3:5])
atv_uptodate = int(product_state_hex[5:7])
atv_status = 1 if atv_status in [10, 11] else 0
atv_uptodate = 1 if atv_uptodate in [00,] else 0
#print(f"{display_name}, product_state: {product_state}, product_state_hex: {product_state_hex}, last_update: {last_update}, status: {atv_status}, uptodate: {atv_uptodate}")
modules.append({
"name" : f"{display_name} Antivirus status",
"type" : "generic_proc",
"value": atv_status,
"module_group": "security",
"desc" : f"{display_name} state: {product_state}, last update: {last_update}",
})
modules.append({
"name" : f"{display_name} Antivirus up to date",
"type" : "generic_proc",
"value": atv_uptodate,
"module_group": "security",
"desc" : f"{display_name} state: {product_state}, last update: {last_update}",
})
except Exception as e:
print(f"Error check antivirus: {e}", file=sys.stderr)
def is_lock_screen_enabled():
try:
# Open the registry key
key_path = r"SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System"
with winreg.OpenKey(winreg.HKEY_LOCAL_MACHINE, key_path) as key:
# Query the value of the DisableLockScreen key
value_name = "DisableLockScreen"
value, _ = winreg.QueryValueEx(key, value_name)
# Check if the lock screen is enabled (0 means enabled)
status = value == 0
if status == False: return status
except FileNotFoundError:
# If the registry key or value is not found, consider it as enabled
status = True
except Exception as e:
print(f"Error check lockscreen: {e}", file=sys.stderr)
status = False
try:
# Define the registry key for the lock screen settings
reg_key_path = r"SOFTWARE\Policies\Microsoft\Windows\Personalization"
reg_key = winreg.OpenKey(winreg.HKEY_LOCAL_MACHINE, reg_key_path)
# Query the "NoLockScreen" DWORD value
value_name = "NoLockScreen"
value, _ = winreg.QueryValueEx(reg_key, value_name)
# Check if the "NoLockScreen" value is 0 (enabled)
status = value == 0
if status == False: return status
except FileNotFoundError:
# If the registry key or value is not found, consider it as enabled
status = True
except Exception as e:
print(f"Error check lockscreen: {e}", file=sys.stderr)
status = False
return status
def check_locksreen_enables():
status = is_lock_screen_enabled()
value = 1 if status == True else 0
modules.append({
"name" : "Lockscreen status",
"type" : "generic_proc",
"value": value,
"module_group": "security",
"desc" : f"Check lockscreen enable",
})
def convert_to_human_readable_date(timestamp_str):
try:
# Parse the timestamp string without the time zone
timestamp = datetime.strptime(timestamp_str, '%Y%m%d%H%M%S')
# Convert to a human-readable format
human_readable_date = timestamp.strftime('%Y-%m-%d %H:%M:%S %z')
return human_readable_date.strip()
except Exception as e:
print(f"Error converting date: {e}", file=sys.stderr)
return None
def check_time_difference(timestamp, timedays=10):
try:
# Convert the timestamp string to a datetime object
given_timestamp = datetime.strptime(timestamp, '%Y-%m-%d %H:%M:%S')
# Get the current time
current_time = datetime.now()
#Calculate the time difference
time_difference = current_time - given_timestamp
# Check if the time difference is greater than one hour
if time_difference < timedelta(days=timedays):
return "1"
else:
return "0"
except Exception as e:
print(f"Error check time difference: {e}", file=sys.stderr)
return 0
def get_windows_update_info(limit=5):
try:
# Connect to the Win32_ReliabilityRecords class in the root/cimv2 namespace
wmi_conn = wmi.WMI()
# Query the Win32_ReliabilityRecords class for Windows Update information
query = "SELECT * FROM Win32_ReliabilityRecords WHERE sourcename = 'Microsoft-Windows-WindowsUpdateClient'"
result = wmi_conn.query(query)
# Extract relevant information and format output
update_info = [
{
"date": convert_to_human_readable_date(record.timegenerated.split('.')[0]),
"update": record.message
}
for record in result[:limit]
]
last_update_date=update_info[0]['date']
value=check_time_difference(last_update_date)
modules.append({
"name" : "Microsoft Update system status",
"type" : "generic_proc",
"value": value,
"module_group": "security",
"desc" : f"Check if system was updated in the last 10 days. last update: {last_update_date}",
})
return True
except Exception as e:
print(f"Error windows update check: {e}", file=sys.stderr)
return False
def is_firewall_enabled():
try:
# Run PowerShell command to check if the Windows Firewall is enabled
result = subprocess.run(
['powershell', 'Get-NetFirewallProfile |Select-Object profile, enabled | ConvertTo-Json'],
capture_output=True,
text=True
)
result_json= json.loads(result.stdout)
for profile in result_json:
modules.append({
"name" : f"Firewall profile: {profile['Profile']} status",
"type" : "generic_proc",
"value": profile["Enabled"],
"module_group": "security",
"desc" : f"Check if firewall profile {profile['Profile']} is enabled",
})
return True
except Exception as e:
print(f"Error firewall check: {e}", file=sys.stderr)
return False
def check_password_enforcement():
enforce_pass = 1
counter = 0
try:
# Connect to the WMI service
wmi_service = wmi.WMI()
# Query for user accounts
users = wmi_service.Win32_UserAccount()
# Check if each user enforces password
for user in users:
# username = user.Name
# password_required = user.PasswordRequired
if user.PasswordRequired == False :
enforce_pass = 0
counter += 1
#print(f"User: {username}, Password Required: {password_required}")
modules.append({
"name" : "All users enforced password",
"type" : "generic_proc",
"value": enforce_pass,
"module_group": "security",
"desc" : f"Check if all users has enforced password, not secure users = {counter}",
})
except Exception as e:
print(f"Error: {e}", file=sys.stderr)
print("Failed to check password enforcement for users.", file=sys.stderr)
def check_login_audit_policy():
try:
# Run the auditpol command to check the audit policy for Logon/Logoff
cmd_command = "auditpol /get /subcategory:Logon"
result = subprocess.run(cmd_command, shell=True, capture_output=True, text=True, check=True)
last_line = result.stdout.strip().split('\n')[-1]
cleaned_line = re.sub(' +', ' ', last_line)
# Interpret the result
if "Success and Failure" in result.stdout:
result = 1
elif "Aciertos y errores" in result.stdout:
result = 1
elif "No Auditing" in result.stdout:
result = 0
elif "Sin auditoría" in result.stdout:
result = 0
else:
print("Unable to determine audit policy for Logon/Logoff events.", file=sys.stderr)
result = 0
modules.append({
"name" : "Check logon event audited",
"type" : "generic_proc",
"value": result,
"module_group": "security",
"desc" : f"Check if the logon events audit log is enables, status:{cleaned_line}",
})
except subprocess.CalledProcessError as e:
print(f"Error: {e}")
print("Failed to check audit policy using auditpol command.", file=sys.stderr)
return
if __name__ == "__main__":
check_antivirus_status()
check_locksreen_enables()
get_windows_update_info()
is_firewall_enabled()
check_password_enforcement()
check_login_audit_policy()
for module in modules:
print_module(module, True)
# Windows Defender status values:
# 0: No action needed
# 266240: Antivirus is up to date
# 266256: Antivirus is out of date
# 266304: Antivirus is not monitoring
# 393216 (0x60000): No action needed.
# 393232 (0x60010): Antivirus is up to date.
# 393240 (0x60018): Antivirus is out of date.
# 393216 (0x60030): Antivirus is not monitoring.
# 397312 (0x61000): Antivirus is disabled.
# AVG Internet Security 2012 (from antivirusproduct WMI)
# 262144 (040000) = disabled and up to date
# 266240 (041000) = enabled and up to date
# AVG Internet Security 2012 (from firewallproduct WMI)
# 266256 (041010) = firewall enabled - (last two blocks not relevant it seems for firewall)
# 262160 (040010) = firewall disabled - (last two blocks not relevant it seems for firewall)
# Windows Defender
# 393472 (060100) = disabled and up to date
# 397584 (061110) = enabled and out of date
# 397568 (061100) = enabled and up to date
# Microsoft Security Essentials
# 397312 (061000) = enabled and up to date
# 393216 (060000) = disabled and up to date

1
pandora_agents/plugins/windows/pandora_security_win/src/requirements.txt Normal file
View File

@ -0,0 +1 @@
WMI==1.5.1

2
pandora_agents/shellscript/aix/pandora_agent.conf
View File

@ -1,6 +1,6 @@
# Fichero de configuracion base de agentes de Pandora
# Base config file for Pandora agents
# Version 7.0NG.772, AIX version
# Version 7.0NG.775, AIX version
# General Parameters
# ==================

2
pandora_agents/shellscript/bsd-ipso/pandora_agent.conf
View File

@ -1,6 +1,6 @@
# Fichero de configuracion base de agentes de Pandora
# Base config file for Pandora agents
# Version 7.0NG.772
# Version 7.0NG.775
# FreeBSD/IPSO version
# Licenced under GPL licence, 2003-2007 Sancho Lerena

2
pandora_agents/shellscript/hp-ux/pandora_agent.conf
View File

@ -1,6 +1,6 @@
# Fichero de configuracion base de agentes de Pandora
# Base config file for Pandora agents
# Version 7.0NG.772, HPUX Version
# Version 7.0NG.775, HPUX Version
# General Parameters
# ==================

28
pandora_agents/shellscript/linux/pandora_agent.conf
View File

@ -1,5 +1,5 @@
# Base config file for Pandora FMS agents
# Version 7.0NG.772
# Version 7.0NG.775
# Licensed under GPL license v2,
# (c) 2003-2023 Pandora FMS
# please visit http://pandora.sourceforge.net
@ -157,12 +157,32 @@ module_exec last | head -1
module_description Last Login
module_end
# Plugin example
#Hardening plugin for security compliance analysis. Enable to use it.
#module_begin
#module_plugin /usr/share/pandora_agent/plugins/pandora_hardening -t 150
#module_absoluteinterval 7d
#module_end
# This parses /var/log/syslog file, under the module name "syslog"
# This module parses /var/log/syslog file, under the module name "syslog"
# And search for "ssh" string into it, sending only that information.
module_begin
module_name Syslog
module_description Search for ssh string into /var/log/syslog file
module_type log
module_regexp /var/log/syslog
module_pattern ssh
module_end
module_plugin grep_log /var/log/syslog Syslog ssh
# Plugin example
# Plugin for inventory on the agent.
# module_plugin inventory 1 cpu ram video nic hd cdrom software
# Extraction module example
#module_begin
#module_name Collector
#module_description Logs extraction module
#module_type log
#module_regexp /var/log/logfile.log
#module_pattern .*
#module_end

33
pandora_agents/shellscript/mac_osx/pandora_agent.conf
View File

@ -1,5 +1,5 @@
# Base config file for Pandora FMS agents
# Version 7.0NG.772
# Version 7.0NG.775
# Licensed under GPL license v2,
# (c) 2003-2023 Pandora FMS
# please visit http://pandora.sourceforge.net
@ -372,13 +372,32 @@ module_end
#module_description XGrid
#module_end
#Hardening plugin for security compliance analysis. Enable to use it.
#module_begin
#module_plugin /usr/share/pandora_agent/plugins/pandora_hardening -t 150
#module_absoluteinterval 7d
#module_end
# This module parses /var/log/syslog file, under the module name "syslog"
# And search for "ssh" string into it, sending only that information.
module_begin
module_name Syslog
module_description Log collection modules
module_type log
module_regexp /var/log/syslog
module_pattern ssh
module_end
# Plugin example
# This parses /var/log/syslog file, under the module name "syslog"
# And search for "ssh" string into it, sending only that information.
#module_plugin grep_log /var/log/syslog Syslog ssh
# Plugin for inventory on the agent.
# module_plugin inventory 1 cpu ram video nic hd cdrom software
# Extraction module example
#module_begin
#module_name Collector
#module_description Logs extraction module
#module_type log
#module_regexp /var/log/logfile.log
#module_pattern .*
#module_end

2
pandora_agents/shellscript/openWRT/pandora_agent.conf
View File

@ -1,5 +1,5 @@
# Base config file for Pandora FMS agents
# Version 7.0NG.772
# Version 7.0NG.775
# Licensed under GPL license v2,
# please visit http://pandora.sourceforge.net

2
pandora_agents/shellscript/solaris/pandora_agent.conf
View File

@ -1,6 +1,6 @@
# Fichero de configuracion base de agentes de Pandora
# Base config file for Pandora agents
# Version 7.0NG.772, Solaris version
# Version 7.0NG.775, Solaris version
# General Parameters
# ==================

2
pandora_agents/unix/AIX/pandora_agent.conf
View File

@ -1,5 +1,5 @@
# Base config file for Pandora FMS agents
# Version 7.0NG.772, AIX version
# Version 7.0NG.775, AIX version
# Licensed under GPL license v2,
# Copyright (c) 2003-2023 Pandora FMS
# http://www.pandorafms.com

2
pandora_agents/unix/DEBIAN/control
View File

@ -1,5 +1,5 @@
package: pandorafms-agent-unix
Version: 7.0NG.772-230730
Version: 7.0NG.775-240117
Architecture: all
Priority: optional
Section: admin

3
pandora_agents/unix/DEBIAN/make_deb_package.sh
View File

@ -14,7 +14,7 @@
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
pandora_version="7.0NG.772-230730"
pandora_version="7.0NG.775-240117"
echo "Test if you has the tools for to make the packages."
whereis dpkg-deb | cut -d":" -f2 | grep dpkg-deb > /dev/null
@ -42,6 +42,7 @@ mkdir -p temp_package/usr/bin/
mkdir -p temp_package/usr/sbin/
mkdir -p temp_package/etc/pandora/plugins
mkdir -p temp_package/etc/pandora/collections
mkdir -p temp_package/etc/pandora/ref
mkdir -p temp_package/etc/pandora/trans
mkdir -p temp_package/etc/pandora/commands
mkdir -p temp_package/etc/init.d/

2
pandora_agents/unix/Darwin/dmg/build_darwin_dmg.sh
View File

@ -31,7 +31,7 @@ fi
if [ "$#" -ge 2 ]; then
VERSION="$2"
else
VERSION="7.0NG.772"
VERSION="7.0NG.775"
fi
# Path for the generated DMG file

4
pandora_agents/unix/Darwin/dmg/extras/distribution.xml
View File

@ -19,11 +19,11 @@
<choice id="com.pandorafms.pandorafms_src" visible="false">
<pkg-ref id="com.pandorafms.pandorafms_src"/>
</choice>
<pkg-ref id="com.pandorafms.pandorafms_src" version="7.0NG.772" onConclusion="none">pandorafms_src.pdk</pkg-ref>
<pkg-ref id="com.pandorafms.pandorafms_src" version="7.0NG.775" onConclusion="none">pandorafms_src.pdk</pkg-ref>
<choice id="com.pandorafms.pandorafms_uninstall" visible="true" customLocation="/Applications">
<pkg-ref id="com.pandorafms.pandorafms_uninstall"/>
</choice>
<pkg-ref id="com.pandorafms.pandorafms_uninstall" version="7.0NG.772" onConclusion="none">pandorafms_uninstall.pdk</pkg-ref>
<pkg-ref id="com.pandorafms.pandorafms_uninstall" version="7.0NG.775" onConclusion="none">pandorafms_uninstall.pdk</pkg-ref>
<!-- <installation-check script="check()" />
<script>
<![CDATA[

6
pandora_agents/unix/Darwin/dmg/files/pandorafms_uninstall/PandoraFMS agent uninstaller.app/Contents/Info.plist
View File

@ -5,9 +5,9 @@
<key>CFBundleIconFile</key> <string>pandorafms.icns</string>
<key>CFBundleIdentifier</key> <string>com.pandorafms.pandorafms_uninstall</string>
<key>CFBundleVersion</key> <string>7.0NG.772</string>
<key>CFBundleGetInfoString</key> <string>7.0NG.772 Pandora FMS on Aug 2020</string>
<key>CFBundleShortVersionString</key> <string>7.0NG.772</string>
<key>CFBundleVersion</key> <string>7.0NG.775</string>
<key>CFBundleGetInfoString</key> <string>7.0NG.775 Pandora FMS on Aug 2020</string>
<key>CFBundleShortVersionString</key> <string>7.0NG.775</string>
<key>NSPrincipalClass</key><string>NSApplication</string>
<key>NSMainNibFile</key><string>MainMenu</string>

5
pandora_agents/unix/Darwin/dmg/scripts/postinstall
View File

@ -30,6 +30,7 @@ else
mkdir -p /usr/local/share/man/man1/
mkdir -p /usr/local/share/pandora_agent/collections/
mkdir -p /usr/local/share/pandora_agent/commands/
mkdir -p /usr/local/share/pandora_agent/ref/
mkdir -p /etc/pandora/
mkdir -p /var/spool/pandora/data_out/
mkdir -p /var/log/pandora/
@ -39,6 +40,7 @@ else
# Setting permissions to directories and files
chmod -R 700 /usr/local/share/pandora_agent/collections
chmod -R 700 /usr/local/share/pandora_agent/commands
chmod -R 700 /usr/local/share/pandora_agent/ref
chmod -R 755 /etc/pandora/
chmod -R 700 /var/spool/pandora/data_out
chmod -R 711 /var/log/pandora
@ -69,6 +71,7 @@ chown root:wheel /usr/local/bin/tentacle_client
ln -s /usr/local/share/pandora_agent/plugins /etc/pandora/plugins
ln -s /usr/local/share/pandora_agent/commands /etc/pandora/commands
ln -s /usr/local/share/pandora_agent/collections /etc/pandora/collections
ln -s /usr/local/share/pandora_agent/ref /etc/pandora/ref
# Copy manuals
@ -90,4 +93,4 @@ echo "/var/log/pandora/pandora_agent.log : 640 5 204
# Clean all install utilites
rm -Rf inst_utilities
exit 0
exit 0

38
pandora_agents/unix/Darwin/pandora_agent.conf
View File

@ -1,5 +1,5 @@
# Base config file for Pandora FMS agents
# Version 7.0NG.772, GNU/Linux
# Version 7.0NG.775, GNU/Linux
# Licensed under GPL license v2,
# Copyright (c) 2003-2023 Pandora FMS
# http://www.pandorafms.com
@ -187,7 +187,7 @@ module_description User CPU Usage (%)
module_min_warning 70
module_max_warning 90
module_min_critical 91
module_max_critical 100
module_max_critical 0
module_end
#Get load average
@ -239,8 +239,34 @@ module_exec df -kh / | tail -1 | awk '{ print 100-$5 }'
module_max 100
module_min 0
module_description Free disk Percentage of root partition
module_min_warning 70
module_max_warning 90
module_min_critical 91
module_max_critical 100
module_min_warning 10
module_max_warning 20
module_min_critical 0
module_max_critical 10
module_end
# Sample modules to check connectivity from your mac
#module_begin
#module_name Packet_loss
#module_type generic_data
#module_exec ping 8.8.8.8 -c 5 | grep "packet loss" | cut -d " " -f 7 | grep -o "[0-9\.]*"
#module_end
#module_begin
#module_name Internet_Latency
#module_type generic_data
#module_exec ping -c 1 8.8.8.8 | grep "time"| cut -f 4 -d "=" | grep -o "[0-9\.]*"
#module_end
#module_begin
#module_name Internet_check
#module_type generic_proc
#module_exec ping 8.8.8.8 -c 2 | grep "2 packets received" | wc -l
#module_end
# Check a running process
#module_begin
#module_name Cyberduck
#module_type generic_proc
#module_exec ps aux | grep cyberduck | grep -v grep | wc -l
#module_end

2
pandora_agents/unix/FreeBSD/pandora_agent.conf
View File

@ -1,5 +1,5 @@
# Base config file for Pandora FMS agents
# Version 7.0NG.772, FreeBSD Version
# Version 7.0NG.775, FreeBSD Version
# Licensed under GPL license v2,
# Copyright (c) 2003-2023 Pandora FMS
# http://www.pandorafms.com

2
pandora_agents/unix/HP-UX/pandora_agent.conf
View File

@ -1,5 +1,5 @@
# Base config file for Pandora FMS agents
# Version 7.0NG.772, HP-UX Version
# Version 7.0NG.775, HP-UX Version
# Licensed under GPL license v2,
# Copyright (c) 2003-2023 Pandora FMS
# http://www.pandorafms.com

29
pandora_agents/unix/Linux/pandora_agent.conf
View File

@ -1,5 +1,5 @@
# Base config file for Pandora FMS agents
# Version 7.0NG.772
# Version 7.0NG.775
# Licensed under GPL license v2,
# Copyright (c) 2004-2023 Pandora FMS
# https://pandorafms.com
@ -219,7 +219,7 @@ module_description User CPU Usage (%)
module_min_warning 70
module_max_warning 90
module_min_critical 91
module_max_critical 100
module_max_critical 0
module_unit %
module_group System
module_end
@ -271,11 +271,17 @@ module_plugin pandora_netusage
module_plugin autodiscover --default
# Plugin for inventory on the agent.
#module_plugin inventory 1 cpu ram video nic hd cdrom software init_services filesystem users route
# module_plugin inventory 1 cpu ram video nic hd cdrom software init_services filesystem users route
# Log collection modules. This will collect log files for forensic analysis and store everything
# This is for LOG monitoring. Different than log monitoring.
#module_plugin grep_log_module /var/log/messages Syslog \.\*
module_begin
module_name Syslog
module_description Log collection modules
module_type log
module_regexp /var/log/messages
module_pattern .*
module_end
# Another samples of monitoring modules
@ -310,3 +316,18 @@ module_plugin autodiscover --default
#module_description Zombies process on system
#module_group System
#module_end
#Hardening plugin for security compliance analysis. Enable to use it.
#module_begin
#module_plugin /usr/share/pandora_agent/plugins/pandora_hardening -t 150
#module_absoluteinterval 7d
#module_end
# Extraction module example
#module_begin
#module_name Collector
#module_description Logs extraction module
#module_type log
#module_regexp /var/log/logfile.log
#module_pattern .*
#module_end

2
pandora_agents/unix/NT4/pandora_agent.conf
View File

@ -1,5 +1,5 @@
# Base config file for Pandora FMS agents
# Version 7.0NG.772, GNU/Linux
# Version 7.0NG.775, GNU/Linux
# Licensed under GPL license v2,
# Copyright (c) 2003-2023 Pandora FMS
# http://www.pandorafms.com

2
pandora_agents/unix/NetBSD/pandora_agent.conf
View File

@ -1,5 +1,5 @@
# Base config file for Pandora FMS agents
# Version 7.0NG.772, NetBSD Version
# Version 7.0NG.775, NetBSD Version
# Licensed under GPL license v2,
# Copyright (c) 2003-2023 Pandora FMS
# http://www.pandorafms.com

2
pandora_agents/unix/SunOS/pandora_agent.conf
View File

@ -1,5 +1,5 @@
# Base config file for Pandora FMS agents
# Version 7.0NG.772, Solaris Version
# Version 7.0NG.775, Solaris Version
# Licensed under GPL license v2,
# Copyright (c) 2003-2023 Pandora FMS
# http://www.pandorafms.com

375
pandora_agents/unix/pandora_agent
View File

@ -39,6 +39,14 @@ BEGIN {
use File::Copy;
use Scalar::Util qw(looks_like_number);
use File::Basename;
BEGIN {
eval {
require MIME::Base64;
};
}
BEGIN { push @INC, '/usr/lib/perl5'; }
################################################################################
@ -1003,7 +1011,7 @@ use strict;
use warnings;
use Scalar::Util qw(looks_like_number);
use POSIX qw(strftime floor);
use POSIX qw(ceil floor strftime);
use Sys::Hostname;
use File::Basename;
use File::Copy;
@ -1030,8 +1038,8 @@ my $Sem = undef;
# Semaphore used to control the number of threads
my $ThreadSem = undef;
use constant AGENT_VERSION => '7.0NG.772';
use constant AGENT_BUILD => '230730';
use constant AGENT_VERSION => '7.0NG.775';
use constant AGENT_BUILD => '240117';
# Agent log default file size maximum and instances
use constant DEFAULT_MAX_LOG_SIZE => 600000;
@ -1121,6 +1129,7 @@ my %DefaultConf = (
'server_path_md5' => 'md5', #undocumented
'server_path_conf' => 'conf', #undocumented
'server_path_zip' => 'collections', #undocumented
'server_path_ref' => 'ref', #undocumented
'logfile' =>'/var/log/pandora/pandora_agent.log',
'logsize' => DEFAULT_MAX_LOG_SIZE,
'logrotate' => DEFAULT_LOG_ROTATE,
@ -1561,6 +1570,9 @@ sub parse_conf_modules($) {
} elsif ($line =~ /^\s*module_occupiedpercentdisk\s+(.*)$/) {
$module->{'func'} = \&module_occupiedpercentdisk;
$module->{'params'} = $1;
}elsif ($line =~ /^\s*module_regexp\s+(.*)$/) {
$module->{'func'} = \&module_logger;
$module->{'params'} = $1;
} elsif ($line =~ /^\s*module_max\s+(.*)\s*$/) {
$module->{'max'} = $1;
} elsif ($line =~ /^\s*module_min\s+(.*)\s*$/) {
@ -1569,6 +1581,34 @@ sub parse_conf_modules($) {
$module->{'post_process'} = $1;
} elsif ($line =~ /^\s*module_interval\s+(\d+)\s*$/) {
$module->{'interval'} = $1;
} elsif ($line =~ /^\s*module_absoluteinterval\s+(.*)$/) {
my $absolute_interval = $1;
if ($absolute_interval eq 'once') {
$module->{'absoluteinterval'} = 0;
} elsif ($absolute_interval =~ /^(\d+)([smhd])?\s*$/) {
if (defined($2)) {
# Seconds.
if ($2 eq 's') {
$module->{'absoluteinterval'} = int($1);
}
# Minutes (convert to seconds).
elsif ($2 eq 'm') {
$module->{'absoluteinterval'} = int($1) * 60;
}
# Hours (convert to seconds).
elsif ($2 eq 'h') {
$module->{'absoluteinterval'} = int($1) * 3600;
}
# Days (convert to seconds).
elsif ($2 eq 'd') {
$module->{'absoluteinterval'} = int($1) * 86400;
}
} else {
$module->{'absoluteinterval'} = int($1) * $Conf{'interval'};
}
} else {
log_message ('setup', "Invalid value for module_absoluteinterval: $absolute_interval");
}
} elsif ($line =~ /^\s*module_timeout\s+(\d+)\s*$/) {
$module->{'timeout'} = $1;
} elsif ($line =~ /^\s*module_save\s+(\w+)$/) {
@ -1636,6 +1676,27 @@ sub parse_conf_modules($) {
next;
}
# Configure modules with an absolute interval.
if (defined($module->{'absoluteinterval'})) {
# Convert from seconds to actual agent intervals.
$module->{'interval'} = ceil($module->{'absoluteinterval'} / $Conf{'interval'});
# Make sure modules that run once are asynchronous.
if ($module->{'interval'} == 0) {
if ($module->{'type'} eq 'generic_data') {
$module->{'type'} = 'async_data';
} elsif ($module->{'type'} eq 'generic_proc') {
$module->{'type'} = 'async_proc';
} elsif ($module->{'type'} eq 'generic_data_string') {
$module->{'type'} = 'async_string';
}
}
# This file will be used for persistence.
$module->{'timestamp_file'} = $ConfDir . '/' . $Conf{'server_path_ref'} . '/' . md5($module->{'name'}) . '.ref';
}
# Set the intensive interval
if ($module->{'is_intensive'} == 1) {
$module->{'intensive_interval'} = $module->{'interval'};
@ -1643,9 +1704,9 @@ sub parse_conf_modules($) {
$module->{'intensive_interval'} = $module->{'interval'} * ($Conf{'interval'} / $Conf{'intensive_interval'});
}
# Make the module run the first time
$module->{'counter'} = $module->{'intensive_interval'};
# Initialize the module's execution counter.
init_counter($module);
# Replace macros
replace_macros ($module);
@ -1767,7 +1828,11 @@ sub parse_conf_modules($) {
# Macros
} elsif ($line =~ /^\s*module_macro(\S+)\s+(.*)\s*$/) {
$module->{'macros'}{$1} = $2;
# Regexp
}
elsif ($line =~ /^\s*module_pattern(\S+)\s+(.*)\s*$/) {
$module->{'filter'} = $1;
}
}
return;
}
@ -2805,7 +2870,15 @@ sub exec_module {
}
}
if (++($module->{'counter'}) < $module->{'intensive_interval'}) {
# Modules that will run once.
if ($module->{'interval'} == 0) {
if ($module->{'counter'} == 0) {
$ThreadSem->up () if (defined ($ThreadSem) && $Conf{'agent_threads'} > 1);
return;
}
}
# Modules that will run periodically.
elsif (++($module->{'counter'}) < $module->{'intensive_interval'}) {
$ThreadSem->up () if (defined ($ThreadSem) && $Conf{'agent_threads'} > 1);
return;
}
@ -2862,6 +2935,9 @@ sub exec_module {
}
}
# Save the module's timestamp to disk.
save_module_timestamp($module);
$ThreadSem->up () if (defined ($ThreadSem) && $Conf{'agent_threads'} > 1);
}
@ -3547,6 +3623,44 @@ sub check_module_cron {
return 0;
}
################################################################################
# Initialize a module's internal execution counter.
################################################################################
sub init_counter($) {
my ($module) = @_;
# Open the timestamp file if available.
my $fh;
if (!defined($module->{'timestamp_file'}) ||
!open($fh, '<', $module->{'timestamp_file'})) {
# If intensive_interval is 0, setting counter to any value != 0 will make the module run.
$module->{'counter'} = $module->{'intensive_interval'} == 0 ? 1 : $module->{'intensive_interval'};
return;
}
# Read the timestamp from disk.
my $timestamp = int(<$fh>);
close($fh);
# Update the module's execution counter.
# If intensive_interval is 0, setting counter to 0 will prevent the module from running again.
$module->{'counter'} = $module->{'intensive_interval'} == 0 ? 0 : floor((time() - $timestamp) / $Conf{'interval'});
}
################################################################################
# Save a module's execution timestamp to disk for persistence.
################################################################################
sub save_module_timestamp($) {
my ($module) = @_;
return if (!defined($module->{'timestamp_file'}));
# Update the time reference.
open(my $fh, '>', $module->{'timestamp_file'}) or return;
print $fh time();
close($fh);
}
################################################################################
# Write module data in XML format.
################################################################################
@ -3564,6 +3678,11 @@ sub write_module_xml ($@) {
return;
}
if ($module->{'func'} == \&module_logger) {
$Xml .= $data[0];
return
}
# Critical section
$Sem->down () if (defined ($Sem));
@ -3761,6 +3880,237 @@ sub module_plugin ($) {
return ($output);
}
################################################################################
# Read the logs
################################################################################
sub module_logger ($) {
my $module = shift;
my $status = grep_logs(
$module->{'name'},
$module->{'params'},
$module->{'filter'}
);
return $status;
}
my $encode_sub = defined(&MIME::Base64::encode_base64) ? \&MIME::Base64::encode_base64 : sub {
my ($str, $endl) = @_;
my @ALPHABET = ('A'..'Z', 'a'..'z', 0..9, '+', '/');
my $str_len = length($str);
my $str_base64 = '';
for (my $i = 0; $i < $str_len; $i += 3) {
my $chunk = substr($str, $i, 3);
my $chunk_len = length($chunk);
my $num = 0;
$num |= ord(substr($chunk, 0, 1)) << 16 if ($chunk_len >= 1);
$num |= ord(substr($chunk, 1, 1)) << 8 if ($chunk_len >= 2);
$num |= ord(substr($chunk, 2, 1)) if ($chunk_len == 3);
my $enc_1 = ($num & 0xfc0000) >> 18;
my $enc_2 = ($num & 0x03f000) >> 12;
my $enc_3 = ($num & 0x000fc0) >> 6;
my $enc_4 = ($num & 0x00003f);
$str_base64 .= $ALPHABET[$enc_1];
$str_base64 .= $ALPHABET[$enc_2];
$str_base64 .= $chunk_len >= 2 ? $ALPHABET[$enc_3] : '=';
$str_base64 .= $chunk_len == 3 ? $ALPHABET[$enc_4] : '=';
}
return $str_base64;
};
sub grep_logs {
my ($str_name, $str_file, $str_regex) = @_;
if(!$str_name){
log_message("module_logger", "Missing module name");
return;
}
if(!$str_file){
log_message("module_logger", "Missing file name");
return;
}
if(!$str_regex){
$str_regex = '.*';
}
my $idx_dir = '/tmp/';
my $idx_file = '';
my $idx_pos = 0;
my $idx_size = 0;
my $idx_ino = '';
my $module_name = $str_name;
my $log_file = $str_file;
my $reg_exp = $str_regex;
# Check that log file exists
if (! -e $log_file) {
log_message("module_logger", "File $log_file does not exist");
return;
}
# Create index file storage directory
if (! -d $idx_dir) {
if (!mkdir($idx_dir)){
log_message("module_logger", "Error creating directory $idx_dir: " . $!);
return;
}
}
# Create index file if it does not exist
$idx_file = $idx_dir.$module_name."_".basename($log_file).".idx";
if (! -e $idx_file) {
return if create_idx(\$idx_pos, \$idx_ino, \$idx_file, \$log_file, \$idx_size) == 1;
return
} else{
return if load_idx(\$idx_pos, \$idx_ino, \$idx_file, \$idx_size) == 1;
my @data = parse_log(\$idx_pos, \$idx_ino, \$idx_file, \$log_file, \$module_name, \$reg_exp, \$idx_size);
my $output = create_log($module_name, @data);
return $output;
}
# Start the function definition
sub create_idx {
my ($idx_pos_ref, $idx_ino_ref, $idx_file_ref, $log_file_ref, $idx_size_ref) = @_;
my $first_line;
log_message("module_logger", "Creating index file $$idx_file_ref");
if (!open(LOGFILE, $$log_file_ref)){
log_message("module_logger", "Error opening file $$log_file_ref: ".$!);
return 1;
}
# Go to EOF and save the position
seek(LOGFILE, 0, 2);
$$idx_pos_ref = tell(LOGFILE);
close(LOGFILE);
# Save the file inode number
$$idx_ino_ref = (stat($$log_file_ref))[1];
return 1 if save_idx($idx_pos_ref, $idx_ino_ref, $idx_file_ref, $idx_size_ref) == 1;
return 0;
}
sub save_idx {
my ($idx_pos_ref, $idx_ino_ref, $idx_file_ref, $idx_size_ref) = @_;
log_message("module_logger", "Saving index file $$idx_file_ref");
if (!open(IDXFILE, "> $$idx_file_ref")){
log_message("module_logger", "Error opening file $$idx_file_ref: ". $!);
return 1;
}
print (IDXFILE $$idx_pos_ref . " " . $$idx_ino_ref . " " . $$idx_size_ref);
close(IDXFILE);
return 0;
}
sub load_idx {
my ($idx_pos_ref, $idx_ino_ref, $idx_file_ref, $idx_size_ref) = @_;
my $line;
my $current_ino;
my $current_size;
log_message("module_logger", "Loading index file $$idx_file_ref");
if (!open(IDXFILE, $$idx_file_ref)){
log_message("module_logger", "Error opening file $$idx_file_ref: " .$!);
return 1;
}
# Read position and date
$line = <IDXFILE>;
($$idx_pos_ref, $$idx_ino_ref, $$idx_size_ref) = split(' ', $line);
close(IDXFILE);
# Reset the file index if the file has changed
$current_ino = (stat($$idx_file_ref))[1];
$current_size = -s "$$idx_file_ref";
if ($current_ino != $$idx_ino_ref || $current_size < $$idx_size_ref) {
log_message("module_logger", "File changed, resetting index");
$$idx_pos_ref = 0;
$$idx_ino_ref = $current_ino;
}
$$idx_size_ref = $current_size;
return 0;
}
sub parse_log {
my ($idx_pos_ref, $idx_ino_ref, $idx_file_ref, $log_file_ref, $module_name_ref, $reg_exp_ref, $idx_size_ref) = @_;
my $line;
log_message("module_logger", "Parsing log file $$log_file_ref");
# Open log file for reading
if (!open(LOGFILE, $$log_file_ref)){
log_message("module_logger", "Error opening file $$log_file_ref: " . $!);
return 1;
}
# Go to starting position.
seek(LOGFILE, $$idx_pos_ref, 0);
# Parse log file
my @data;
while ($line = <LOGFILE>) {
if ($line =~ m/$$reg_exp_ref/i) {
push (@data, $line);
}
}
$$idx_pos_ref = tell(LOGFILE);
close(LOGFILE);
# Save the index file
return 1 if save_idx($idx_pos_ref, $idx_ino_ref, $idx_file_ref, $idx_size_ref) == 1;
return @data;
}
sub create_log {
my ($module_name, @data) = @_;
# No data
if ($#data < 0) {
return;
}
# Log module
my $output = "<log_module>\n";
$output .= "<source><![CDATA[" . $module_name . "]]></source>\n";
$output .= "<encoding>base64</encoding>\n";
$output .= "<data><![CDATA[";
$output .= &$encode_sub(join('', @data), '');
$output .= "]]></data>\n";
$output .= "</log_module>\n";
return $output;
}
}
################################################################################
# TERM Handler
################################################################################
@ -3931,6 +4281,8 @@ sub init_module ($) {
$module->{'module_ff_interval'} = undef;
$module->{'macros'} = {};
$module->{'alert_template'} = undef;
$module->{'filter'} = undef;
$module->{'absoluteinterval'} = undef;
}
################################################################################
@ -4084,14 +4436,7 @@ my $PID = $$;
#Launch tentacle server in proxy mode if configured
if ($Conf{'proxy_mode'}) {
#Check if user is root
if ($> != 0) {
launch_tentacle_proxy();
} else {
log_message ('error', 'Proxy mode can not be launched as root');
exit 1;
}
launch_tentacle_proxy();
}
# Advice if YAML::Tiny is allowed in this system

13
pandora_agents/unix/pandora_agent.redhat.spec
View File

@ -3,8 +3,8 @@
#
%global __os_install_post %{nil}
%define name pandorafms_agent_linux
%define version 7.0NG.772
%define release 230730
%define version 7.0NG.775
%define release 240117
Summary: Pandora FMS Linux agent, PERL version
Name: %{name}
@ -25,7 +25,7 @@ Requires(preun): chkconfig /bin/rm /usr/sbin/userdel
Requires: coreutils unzip
Requires: util-linux procps grep
Requires: /sbin/ip /bin/awk
Requires: perl(Sys::Syslog) perl(IO::Compress::Zip)
Requires: perl(Sys::Syslog) perl(IO::Compress::Zip) perl(File::Copy) perl(Sys::Hostname)
# Required by plugins
#Requires: sh-utils sed passwd net-tools rpm
AutoReq: 0
@ -100,6 +100,11 @@ if [ ! -e /etc/pandora/collections ]; then
ln -s /usr/share/pandora_agent/collections /etc/pandora
fi
if [ ! -e /etc/pandora/ref ]; then
mkdir -p /usr/share/pandora_agent/ref
ln -s /usr/share/pandora_agent/ref /etc/pandora
fi
if [ ! -e /etc/pandora/commands ]; then
mkdir -p /usr/share/pandora_agent/commands
ln -s /usr/share/pandora_agent/commands /etc/pandora
@ -143,7 +148,7 @@ fi
# Remove symbolic links
pushd /etc/pandora
for f in pandora_agent.conf plugins collections
for f in pandora_agent.conf plugins collections ref
do
[ -L $f ] && rm -f $f
done

169
pandora_agents/unix/pandora_agent.redhat_bin.el8.spec Normal file
View File

@ -0,0 +1,169 @@
#
#Pandora FMS Linux Agent
#
%global __os_install_post %{nil}
%define name pandorafms_agent_linux_bin
%define source_name pandorafms_agent_linux
%define version 7.0NG.775
%define release 240117
%define debug_package %{nil}
Summary: Pandora FMS Linux agent, binary version
Name: %{name}
Version: %{version}
Release: %{release}
License: GPL
Vendor: ArticaST <http://www.artica.es>
Source0: %{source_name}-%{version}.tar.gz
URL: http://pandorafms.org
Group: System/Monitoring
Packager: Sancho Lerena <slerena@artica.es>
Prefix: /usr/share
BuildRoot: %{_tmppath}/%{name}-%{version}-buildroot
BuildArch: x86_64
Requires(pre): shadow-utils
Requires(post): chkconfig /bin/ln
Requires(preun): chkconfig /bin/rm /usr/sbin/userdel
Requires: coreutils unzip
Requires: util-linux procps grep
Requires: /sbin/ip /bin/awk
Requires: perl-interpreter
Requires: perl-IO-Compress
Requires: libnsl
AutoReq: 0
Provides: %{name}-%{version}
%description
Pandora FMS agent for unix. Pandora FMS is an OpenSource full-featured monitoring software.
%prep
rm -rf $RPM_BUILD_ROOT
%setup -q -n unix
%build
%install
rm -rf $RPM_BUILD_ROOT
mkdir -p $RPM_BUILD_ROOT%{prefix}/pandora_agent/
mkdir -p $RPM_BUILD_ROOT/usr/bin/
mkdir -p $RPM_BUILD_ROOT/usr/sbin/
mkdir -p $RPM_BUILD_ROOT/etc/pandora/
mkdir -p $RPM_BUILD_ROOT/etc/rc.d/init.d/
mkdir -p $RPM_BUILD_ROOT/var/log/pandora/
mkdir -p $RPM_BUILD_ROOT/usr/share/man/man1/
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/
cp -aRf * $RPM_BUILD_ROOT%{prefix}/pandora_agent/
cp -aRf $RPM_BUILD_ROOT%{prefix}/pandora_agent/tentacle_client $RPM_BUILD_ROOT/usr/bin/
cp -aRf $RPM_BUILD_ROOT%{prefix}/pandora_agent/pandora_agent $RPM_BUILD_ROOT/usr/bin/
cp -aRf $RPM_BUILD_ROOT%{prefix}/pandora_agent/pandora_agent_exec $RPM_BUILD_ROOT/usr/bin/
cp -aRf $RPM_BUILD_ROOT%{prefix}/pandora_agent/pandora_agent_daemon $RPM_BUILD_ROOT/etc/rc.d/init.d/pandora_agent_daemon
cp -aRf $RPM_BUILD_ROOT%{prefix}/pandora_agent/man/man1/pandora_agent.1.gz $RPM_BUILD_ROOT/usr/share/man/man1/
cp -aRf $RPM_BUILD_ROOT%{prefix}/pandora_agent/man/man1/tentacle_client.1.gz $RPM_BUILD_ROOT/usr/share/man/man1/
cp -aRf $RPM_BUILD_ROOT%{prefix}/pandora_agent/Linux/pandora_agent.conf $RPM_BUILD_ROOT/usr/share/pandora_agent/pandora_agent.conf.rpmnew
install -m 0644 pandora_agent_logrotate $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/pandora_agent
if [ -f $RPM_BUILD_ROOT%{prefix}/pandora_agent/pandora_agent.spec ] ; then
rm $RPM_BUILD_ROOT%{prefix}/pandora_agent/pandora_agent.spec
fi
%clean
rm -Rf $RPM_BUILD_ROOT
%pre
getent passwd pandora >/dev/null || \
/usr/sbin/useradd -d %{prefix}/pandora -s /bin/false -M -g 0 pandora
exit 0
chown pandora:root /var/log/pandora
%post
if [ ! -d /etc/pandora ] ; then
mkdir -p /etc/pandora
fi
if [ ! -f /usr/share/pandora_agent/pandora_agent.conf ] ; then
cp /usr/share/pandora_agent/pandora_agent.conf.rpmnew /usr/share/pandora_agent/pandora_agent.conf
fi
if [ ! -f /etc/pandora/pandora_agent.conf ] ; then
ln -s /usr/share/pandora_agent/pandora_agent.conf /etc/pandora/pandora_agent.conf
else
[[ ! -f /etc/pandora/pandora_agent.conf.rpmnew ]] && ln -s /usr/share/pandora_agent/pandora_agent.conf.rpmnew /etc/pandora/pandora_agent.conf.rpmnew
fi
if [ ! -e /etc/pandora/plugins ]; then
ln -s /usr/share/pandora_agent/plugins /etc/pandora
fi
if [ ! -e /etc/pandora/collections ]; then
mkdir -p /usr/share/pandora_agent/collections
ln -s /usr/share/pandora_agent/collections /etc/pandora
fi
if [ ! -e /etc/pandora/commands ]; then
mkdir -p /usr/share/pandora_agent/commands
ln -s /usr/share/pandora_agent/commands /etc/pandora
fi
mkdir -p /var/spool/pandora/data_out
if [ ! -d /var/log/pandora ]; then
mkdir -p /var/log/pandora
fi
if [ `command -v systemctl` ];
then
echo "Copying new version of pandora_agent_daemon service"
cp -f /usr/share/pandora_agent/pandora_agent_daemon.service /usr/lib/systemd/system/
chmod -x /usr/lib/systemd/system/pandora_agent_daemon.service
# Enable the services on SystemD
systemctl enable pandora_agent_daemon.service
else
/sbin/chkconfig --add pandora_agent_daemon
/sbin/chkconfig pandora_agent_daemon on
fi
if [ "$1" -gt 1 ]
then
echo "If Pandora Agent daemon was running with init.d script,"
echo "please stop it manually and start the service with systemctl"
fi
%preun
# Upgrading
if [ "$1" = "1" ]; then
exit 0
fi
/sbin/chkconfig --del pandora_agent_daemon
/etc/rc.d/init.d/pandora_agent_daemon stop >/dev/null 2>&1 || :
# Remove symbolic links
pushd /etc/pandora
for f in pandora_agent.conf plugins collections
do
[ -L $f ] && rm -f $f
done
exit 0
%files
%defattr(750,root,root)
/usr/bin/pandora_agent
%defattr(755,pandora,root)
%{prefix}/pandora_agent
%defattr(755,root,root)
/usr/bin/pandora_agent_exec
/usr/bin/tentacle_client
/etc/rc.d/init.d/pandora_agent_daemon
%defattr(644,root,root)
/usr/share/man/man1/pandora_agent.1.gz
/usr/share/man/man1/tentacle_client.1.gz
%config(noreplace) %{_sysconfdir}/logrotate.d/pandora_agent

170
pandora_agents/unix/pandora_agent.redhat_bin.el9.spec Normal file
View File

@ -0,0 +1,170 @@
#
#Pandora FMS Linux Agent
#
%global __os_install_post %{nil}
%define name pandorafms_agent_linux_bin
%define source_name pandorafms_agent_linux
%define version 7.0NG.775
%define release 240117
%define debug_package %{nil}
Summary: Pandora FMS Linux agent, binary version
Name: %{name}
Version: %{version}
Release: %{release}
License: GPL
Vendor: ArticaST <http://www.artica.es>
Source0: %{source_name}-%{version}.tar.gz
URL: http://pandorafms.org
Group: System/Monitoring
Packager: Sancho Lerena <slerena@artica.es>
Prefix: /usr/share
BuildRoot: %{_tmppath}/%{name}-%{version}-buildroot
BuildArch: x86_64
Requires(pre): shadow-utils
Requires(post): chkconfig /bin/ln
Requires(preun): chkconfig /bin/rm /usr/sbin/userdel
Requires: coreutils unzip
Requires: util-linux procps grep
Requires: /sbin/ip /bin/awk
Requires: perl-interpreter
Requires: perl-IO-Compress
Requires: libnsl
Requires: libxcrypt-compat
AutoReq: 0
Provides: %{name}-%{version}
%description
Pandora FMS agent for unix. Pandora FMS is an OpenSource full-featured monitoring software.
%prep
rm -rf $RPM_BUILD_ROOT
%setup -q -n unix
%build
%install
rm -rf $RPM_BUILD_ROOT
mkdir -p $RPM_BUILD_ROOT%{prefix}/pandora_agent/
mkdir -p $RPM_BUILD_ROOT/usr/bin/
mkdir -p $RPM_BUILD_ROOT/usr/sbin/
mkdir -p $RPM_BUILD_ROOT/etc/pandora/
mkdir -p $RPM_BUILD_ROOT/etc/rc.d/init.d/
mkdir -p $RPM_BUILD_ROOT/var/log/pandora/
mkdir -p $RPM_BUILD_ROOT/usr/share/man/man1/
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/
cp -aRf * $RPM_BUILD_ROOT%{prefix}/pandora_agent/
cp -aRf $RPM_BUILD_ROOT%{prefix}/pandora_agent/tentacle_client $RPM_BUILD_ROOT/usr/bin/
cp -aRf $RPM_BUILD_ROOT%{prefix}/pandora_agent/pandora_agent $RPM_BUILD_ROOT/usr/bin/
cp -aRf $RPM_BUILD_ROOT%{prefix}/pandora_agent/pandora_agent_exec $RPM_BUILD_ROOT/usr/bin/
cp -aRf $RPM_BUILD_ROOT%{prefix}/pandora_agent/pandora_agent_daemon $RPM_BUILD_ROOT/etc/rc.d/init.d/pandora_agent_daemon
cp -aRf $RPM_BUILD_ROOT%{prefix}/pandora_agent/man/man1/pandora_agent.1.gz $RPM_BUILD_ROOT/usr/share/man/man1/
cp -aRf $RPM_BUILD_ROOT%{prefix}/pandora_agent/man/man1/tentacle_client.1.gz $RPM_BUILD_ROOT/usr/share/man/man1/
cp -aRf $RPM_BUILD_ROOT%{prefix}/pandora_agent/Linux/pandora_agent.conf $RPM_BUILD_ROOT/usr/share/pandora_agent/pandora_agent.conf.rpmnew
install -m 0644 pandora_agent_logrotate $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/pandora_agent
if [ -f $RPM_BUILD_ROOT%{prefix}/pandora_agent/pandora_agent.spec ] ; then
rm $RPM_BUILD_ROOT%{prefix}/pandora_agent/pandora_agent.spec
fi
%clean
rm -Rf $RPM_BUILD_ROOT
%pre
getent passwd pandora >/dev/null || \
/usr/sbin/useradd -d %{prefix}/pandora -s /bin/false -M -g 0 pandora
exit 0
chown pandora:root /var/log/pandora
%post
if [ ! -d /etc/pandora ] ; then
mkdir -p /etc/pandora
fi
if [ ! -f /usr/share/pandora_agent/pandora_agent.conf ] ; then
cp /usr/share/pandora_agent/pandora_agent.conf.rpmnew /usr/share/pandora_agent/pandora_agent.conf
fi
if [ ! -f /etc/pandora/pandora_agent.conf ] ; then
ln -s /usr/share/pandora_agent/pandora_agent.conf /etc/pandora/pandora_agent.conf
else
[[ ! -f /etc/pandora/pandora_agent.conf.rpmnew ]] && ln -s /usr/share/pandora_agent/pandora_agent.conf.rpmnew /etc/pandora/pandora_agent.conf.rpmnew
fi
if [ ! -e /etc/pandora/plugins ]; then
ln -s /usr/share/pandora_agent/plugins /etc/pandora
fi
if [ ! -e /etc/pandora/collections ]; then
mkdir -p /usr/share/pandora_agent/collections
ln -s /usr/share/pandora_agent/collections /etc/pandora
fi
if [ ! -e /etc/pandora/commands ]; then
mkdir -p /usr/share/pandora_agent/commands
ln -s /usr/share/pandora_agent/commands /etc/pandora
fi
mkdir -p /var/spool/pandora/data_out
if [ ! -d /var/log/pandora ]; then
mkdir -p /var/log/pandora
fi
if [ `command -v systemctl` ];
then
echo "Copying new version of pandora_agent_daemon service"
cp -f /usr/share/pandora_agent/pandora_agent_daemon.service /usr/lib/systemd/system/
chmod -x /usr/lib/systemd/system/pandora_agent_daemon.service
# Enable the services on SystemD
systemctl enable pandora_agent_daemon.service
else
/sbin/chkconfig --add pandora_agent_daemon
/sbin/chkconfig pandora_agent_daemon on
fi
if [ "$1" -gt 1 ]
then
echo "If Pandora Agent daemon was running with init.d script,"
echo "please stop it manually and start the service with systemctl"
fi
%preun
# Upgrading
if [ "$1" = "1" ]; then
exit 0
fi
/sbin/chkconfig --del pandora_agent_daemon
/etc/rc.d/init.d/pandora_agent_daemon stop >/dev/null 2>&1 || :
# Remove symbolic links
pushd /etc/pandora
for f in pandora_agent.conf plugins collections
do
[ -L $f ] && rm -f $f
done
exit 0
%files
%defattr(750,root,root)
/usr/bin/pandora_agent
%defattr(755,pandora,root)
%{prefix}/pandora_agent
%defattr(755,root,root)
/usr/bin/pandora_agent_exec
/usr/bin/tentacle_client
/etc/rc.d/init.d/pandora_agent_daemon
%defattr(644,root,root)
/usr/share/man/man1/pandora_agent.1.gz
/usr/share/man/man1/tentacle_client.1.gz
%config(noreplace) %{_sysconfdir}/logrotate.d/pandora_agent

11
pandora_agents/unix/pandora_agent.redhat_bin.spec
View File

@ -4,8 +4,8 @@
%global __os_install_post %{nil}
%define name pandorafms_agent_linux_bin
%define source_name pandorafms_agent_linux
%define version 7.0NG.772
%define release 230725
%define version 7.0NG.775
%define release 240117
Summary: Pandora FMS Linux agent, binary version
Name: %{name}
@ -19,16 +19,15 @@ Group: System/Monitoring
Packager: Sancho Lerena <slerena@artica.es>
Prefix: /usr/share
BuildRoot: %{_tmppath}/%{name}-%{version}-buildroot
BuildArch: noarch
BuildArch: x86_64
Requires(pre): shadow-utils
Requires(post): chkconfig /bin/ln
Requires(preun): chkconfig /bin/rm /usr/sbin/userdel
Requires: coreutils unzip
Requires: util-linux procps grep
Requires: /sbin/ip /bin/awk
Requires: perl(Sys::Syslog) perl(IO::Compress::Zip)
# Required by plugins
#Requires: sh-utils sed passwd net-tools rpm
Requires: perl
#Requires: libnsl
AutoReq: 0
Provides: %{name}-%{version}

8
pandora_agents/unix/pandora_agent.spec
View File

@ -3,8 +3,8 @@
#
%global __os_install_post %{nil}
%define name pandorafms_agent_linux
%define version 7.0NG.772
%define release 230730
%define version 7.0NG.775
%define release 240117
Summary: Pandora FMS Linux agent, PERL version
Name: %{name}
@ -94,6 +94,10 @@ if [ ! -e /etc/pandora/collections ]; then
mkdir /etc/pandora/collections
fi
if [ ! -e /etc/pandora/ref ]; then
mkdir /etc/pandora/ref
fi
if [ ! -e /etc/pandora/commands ]; then
mkdir /etc/pandora/commands
fi

9
pandora_agents/unix/pandora_agent_installer
View File

@ -9,8 +9,8 @@
# Please see http://www.pandorafms.org. This code is licensed under GPL 2.0 license.
# **********************************************************************
PI_VERSION="7.0NG.772"
PI_BUILD="230730"
PI_VERSION="7.0NG.775"
PI_BUILD="240117"
OS_NAME=`uname -s`
FORCE=0
@ -408,6 +408,11 @@ install () {
chmod -R 700 $PANDORA_BASE$PANDORA_HOME/commands
ln -s $PANDORA_BASE_REAL$PANDORA_HOME/commands $PANDORA_BASE$PANDORA_CFG
echo "Creating the ref directory in to $PANDORA_BASE$PANDORA_HOME/ref..."
mkdir -p $PANDORA_BASE$PANDORA_HOME/ref
chmod -R 700 $PANDORA_BASE$PANDORA_HOME/ref
ln -s $PANDORA_BASE_REAL$PANDORA_HOME/ref $PANDORA_BASE$PANDORA_CFG
if [ $WITHOUT_TENTACLE_SERVER -eq 0 ]
then
echo "Copying tentacle server to $PANDORA_BASE$TENTACLE_SERVER"

631
pandora_agents/unix/plugins/pandora_security_check Normal file
View File

@ -0,0 +1,631 @@
#!/usr/bin/perl
################################################################################
# Author: Enrique Martin Garcia
# Copyright: 2023, PandoraFMS
# Maintainer: Operations department
# Version: 1.0
################################################################################
use strict;
use warnings;
use Getopt::Long;
use File::Basename;
use File::Spec;
use Digest::MD5 qw(md5_hex);
use Scalar::Util 'looks_like_number';
use Socket;
# Define signal handlers
sub sigint_handler {
print STDERR "\nInterrupted by user\n";
exit 0;
}
sub sigterm_handler {
print STDERR "Received SIGTERM signal.\n";
exit 0;
}
$SIG{INT} = \&sigint_handler;
$SIG{TERM} = \&sigterm_handler;
# Add lib dir path
my $lib_dir = File::Spec->catdir(dirname($0), 'lib');
unshift @INC, $lib_dir;
###
# GLOBALS
##################
my %options = ();
my $modules_group = 'Security';
my $b_ports = 'PORTS';
my $b_files = 'FILES';
my $b_passwords = 'PASSWORDS';
my @blocks = ($b_ports, $b_files, $b_passwords);
my $configuration_block;
my $integrity_file = '/tmp/' . md5_hex(File::Spec->rel2abs($0)) . '.integrity';
# Enable all checks by default
my $check_selinux = 1;
my $check_ssh_root_access = 1;
my $check_ssh_root_keys = 1;
my $check_ports = 1;
my $check_files = 1;
my $check_passwords = 1;
# Include all values for checks by default
my $include_defaults = 1;
# Initialize check lists
my @l_ports = (
80,
22
);
my @l_files = (
'/etc/shadow',
'/etc/passwd',
'/etc/hosts',
'/etc/resolv.conf',
'/etc/ssh/sshd_config',
'/etc/rsyslog.conf'
);
my @l_passwords = (
'123456',
'12345678',
'123456789',
'12345',
'1234567',
'password',
'1password',
'abc123',
'qwerty',
'111111',
'1234',
'iloveyou',
'sunshine',
'monkey',
'1234567890',
'123123',
'princess',
'baseball',
'dragon',
'football',
'shadow',
'soccer',
'unknown',
'000000',
'myspace1',
'purple',
'fuckyou',
'superman',
'Tigger',
'buster',
'pepper',
'ginger',
'qwerty123',
'qwerty1',
'peanut',
'summer',
'654321',
'michael1',
'cookie',
'LinkedIn',
'whatever',
'mustang',
'qwertyuiop',
'123456a',
'123abc',
'letmein',
'freedom',
'basketball',
'babygirl',
'hello',
'qwe123',
'fuckyou1',
'love',
'family',
'yellow',
'trustno1',
'jesus1',
'chicken',
'diamond',
'scooter',
'booboo',
'welcome',
'smokey',
'cheese',
'computer',
'butterfly',
'696969',
'midnight',
'princess1',
'orange',
'monkey1',
'killer',
'snoopy ',
'qwerty12 ',
'1qaz2wsx ',
'bandit',
'sparky',
'666666',
'football1',
'master',
'asshole',
'batman',
'sunshine1',
'bubbles',
'friends',
'1q2w3e4r',
'chocolate',
'Yankees',
'Tinkerbell',
'iloveyou1',
'abcd1234',
'flower',
'121212',
'passw0rd',
'pokemon',
'StarWars',
'iloveyou2',
'123qwe',
'Pussy',
'angel1'
);
###
# ARGS PARSER
##################
my $HELP = <<EO_HELP;
Run several security checks in a Linux system
Usage: $0
[-h,--help]
[--check_selinux {0,1}]
[--check_ssh_root_access {0,1}]
[--check_ssh_root_keys {0,1}]
[--check_ports {0,1}]
[--check_files {0,1}]
[--check_passwords {0,1}]
[--include_defaults {0,1}]
[--integrity_file <integrity_file>]
[--conf <conf_file>]
Optional arguments:
-h, --help Show this help message and exit
--check_selinux {0,1} Enable/Disable check SElinux module
--check_ssh_root_access {0,1} Enable/Disable check SSH root access module
--check_ssh_root_keys {0,1} Enable/Disable check SSH root keys module
--check_ports {0,1} Enable/Disable check ports module
--check_files {0,1} Enable/Disable check files module
--check_passwords {0,1} Enable/Disable check passwords module
--include_defaults {0,1} Enable/Disable default plugin checks for ports, files and passwords
--integrity_file <integrity_file> Path to integrity check file
Default: $integrity_file
--conf <conf_file> Path to plugin configuration file
Available configuration blocks:
[$b_ports], [$b_files] and [$b_passwords]
Content example:
[$b_ports]
3306
443
[$b_files]
/etc/httpd/httpd.conf
/etc/my.cnf
[$b_passwords]
pandora
PANDORA
P4nd0r4
EO_HELP
sub help {
my ($extra_message) = @_;
print $HELP;
print $extra_message if defined($extra_message);
exit 0;
}
sub parse_bool_arg {
my ($arg, $default) = @_;
if (defined $options{$arg}) {
if (looks_like_number($options{$arg}) && ($options{$arg} == 1 || $options{$arg} == 0)) {
return $options{$arg};
} else {
help("Invalid value for argument: $arg\n");
}
} else {
return $default;
}
}
# Parse arguments
GetOptions(
"help|h" => \$options{help},
"check_selinux=s" => \$options{check_selinux},
"check_ssh_root_access=s" => \$options{check_ssh_root_access},
"check_ssh_root_keys=s" => \$options{check_ssh_root_keys},
"check_ports=s" => \$options{check_ports},
"check_files=s" => \$options{check_files},
"check_passwords=s" => \$options{check_passwords},
"include_defaults=s" => \$options{include_defaults},
"integrity_file=s" => \$options{integrity_file},
"conf=s" => \$options{conf}
);
help() if ($options{help});
$check_selinux = parse_bool_arg('check_selinux', $check_selinux);
$check_ssh_root_access = parse_bool_arg('check_ssh_root_access', $check_ssh_root_access);
$check_ssh_root_keys = parse_bool_arg('check_ssh_root_keys', $check_ssh_root_keys);
$check_ports = parse_bool_arg('check_ports', $check_ports);
$check_files = parse_bool_arg('check_files', $check_files);
$check_passwords = parse_bool_arg('check_passwords', $check_passwords);
$include_defaults = parse_bool_arg('include_defaults', $include_defaults);
if (!$include_defaults) {
@l_ports = ();
@l_files = ();
@l_passwords = ();
}
$integrity_file = $options{integrity_file} if defined $options{integrity_file};
parse_configuration($options{conf}) if defined $options{conf};
###
# FUNCTIONS
##################
# Function to parse configuration file
sub parse_configuration {
my ($conf_file) = @_;
open my $conf_fh, '<', $conf_file or die "Error opening configuration file [$conf_file]: $!\n";
while (my $line = <$conf_fh>) {
chomp $line;
$line =~ s/^\s+//;
$line =~ s/\s+$//;
if ($line =~ /^\[($b_ports|$b_files|$b_passwords)\]$/) {
$configuration_block = $1;
}
elsif ($configuration_block) {
if ($configuration_block eq $b_ports) {
push @l_ports, $line;
}
elsif ($configuration_block eq $b_files) {
push @l_files, $line;
}
elsif ($configuration_block eq $b_passwords) {
push @l_passwords, $line;
}
}
}
close $conf_fh;
}
# Function to print module XML to STDOUT
sub print_xml_module {
my ($m_name, $m_type, $m_desc, $m_value) = @_;
print "<module>\n";
print "\t<name><![CDATA[$m_name]]></name>\n";
print "\t<type>$m_type</type>\n";
print "\t<data><![CDATA[$m_value]]></data>\n";
print "\t<description><![CDATA[$m_desc]]></description>\n";
print "\t<module_group>$modules_group</module_group>\n";
print "</module>\n";
}
# Make unique array
sub uniq {
my %seen;
return grep { !$seen{$_}++ } @_;
}
###
# MAIN
##################
# Check SELinux status
if ($check_selinux) {
my $value = 0;
my $desc = 'SELinux is disabled.';
my $output = `sestatus 2> /dev/null`;
if ($? == 0) {
if ($output =~ /SELinux status: enabled/) {
$value = 1;
$desc = 'SELinux is enabled.';
}
} else {
$value = 0;
$desc = 'Can not determine if SELinux is enabled.';
}
print_xml_module('SELinux status', 'generic_proc', $desc, $value);
}
# Check if SSH allows root access
if ($check_ssh_root_access) {
my $value = 1;
my $desc = 'SSH does not allow root access.';
my $ssh_config_file = '/etc/ssh/sshd_config';
if (-e $ssh_config_file && open my $ssh_fh, '<', $ssh_config_file) {
while (my $line = <$ssh_fh>) {
chomp $line;
$line =~ s/^\s+//;
$line =~ s/\s+$//;
next if $line =~ /^$/ or $line =~ /^#/;
my ($option, $val) = split /\s+/, $line, 2;
if ($option eq 'PermitRootLogin' && lc($val) ne 'no') {
$value = 0;
$desc = 'SSH config allows root access.';
last;
}
}
close $ssh_fh;
} else {
$value = 0;
$desc = 'Can not read '.$ssh_config_file.' to check if root access allowed.';
}
print_xml_module('SSH root access status', 'generic_proc', $desc, $value);
}
# Specific function for recursive directory check
sub find_files {
my ($dir) = @_;
my @files = ();
opendir my $dh, $dir or return;
while (my $file = readdir $dh) {
next if $file eq '.' or $file eq '..';
my $file_path = File::Spec->catfile($dir, $file);
if (-f $file_path) {
push @files, $file_path;
} elsif (-d $file_path) {
push @files, find_files($file_path);
}
}
closedir $dh;
return @files;
}
# Check if /root has SSH keys
if ($check_ssh_root_keys) {
my $value = 1;
my $desc = 'SSH root keys not found.';
my $ssh_keys = {'private' => [], 'public' => []};
my $ssh_dir = '/root/.ssh';
my @all_files = find_files($ssh_dir);
foreach my $file (@all_files) {
if (open my $fh, '<:raw', $file) {
my $content = '';
while(my $l = <$fh>) {
$content .= $l;
}
if ($content) {
my ($filename, $directories) = fileparse($file);
if ($content =~ /-----BEGIN RSA PRIVATE KEY-----.*?-----END RSA PRIVATE KEY-----/s) {
push @{$ssh_keys->{'private'}}, $file;
} elsif ($content =~ /ssh-rsa/ && $filename ne 'known_hosts' && $filename ne 'authorized_keys') {
push @{$ssh_keys->{'public'}}, $file;
}
}
}
}
if (@{$ssh_keys->{'private'}} > 0 || @{$ssh_keys->{'public'}} > 0) {
$value = 0;
$desc = "SSH root keys found:\n" . join("\n", @{$ssh_keys->{'private'}}, @{$ssh_keys->{'public'}});
}
print_xml_module('SSH root keys status', 'generic_proc', $desc, $value);
}
# Check authorized ports
if ($check_ports) {
my $value = 1;
my $desc = 'No unauthorized ports found.';
my @open_ports;
my @not_allowed_ports;
my @net_tcp_files = ('/proc/net/tcp', '/proc/net/tcp6');
foreach my $net_tcp_file (@net_tcp_files) {
if (-e $net_tcp_file && open my $tcp_fh, '<', $net_tcp_file) {
while (my $line = <$tcp_fh>) {
chomp $line;
my @parts = split /\s+/, $line;
if (scalar @parts >= 12) {
my $local_addr_hex = (split /:/, $parts[2])[0];
my $local_port_hex = (split /:/, $parts[2])[1];
my $state = $parts[4];
# Check if the connection is in state 0A (listening)
if ($state eq "0A") {
my $local_addr_4 = join('.', reverse split(/\./, inet_ntoa(pack("N", hex($local_addr_hex)))));
my $local_addr_6 = join(':', map { hex($_) } unpack("(A4)*", $local_addr_hex));
# Skip localhost listening ports
if ($local_addr_4 eq "127.0.0.1" || $local_addr_6 eq "0:0:0:0:0:0:0:1") {
next;
}
my $local_port = hex($local_port_hex);
push @open_ports, $local_port;
}
}
}
close $tcp_fh;
}
}
@open_ports = uniq(@open_ports);
my %allowed_ports;
foreach my $port (@l_ports) {
$allowed_ports{$port} = 1;
}
foreach my $port (@open_ports) {
if (!exists $allowed_ports{$port}) {
push @not_allowed_ports, $port;
}
}
if (@not_allowed_ports) {
$value = 0;
$desc = "Unauthorized ports found:\n" . join("\n", @not_allowed_ports);
}
print_xml_module('Authorized ports status', 'generic_proc', $desc, $value);
}
# Check files integrity
if ($check_files) {
my $value = 1;
my $desc = 'No changed files found.';
my %integrity;
my $can_check_files = 0;
if (-e $integrity_file) {
if (-r $integrity_file && -w $integrity_file) {
# Read integrity file content
open my $integrity_fh, '<', $integrity_file;
while (my $line = <$integrity_fh>) {
chomp $line;
if ($line =~ /^\s*(.*?)=(.*?)\s*$/) {
$integrity{$1} = $2;
}
}
close $integrity_fh;
$can_check_files = 1;
} else {
$value = 0;
$desc = 'Integrity check file can not be read or written: ' . $integrity_file;
}
} else {
if (open my $integrity_fh, '>', $integrity_file) {
close $integrity_fh;
$can_check_files = 1;
} else {
$value = 0;
$desc = 'Integrity check file can not be created: ' . $integrity_file;
}
}
if ($can_check_files) {
# Check each file integrity
my @errored_files;
my @no_integrity_files;
# Create unique check files list
@l_files = uniq(@l_files);
foreach my $file (@l_files) {
my $file_key = md5_hex($file);
if (open my $fh, '<:raw', $file) {
my $md5 = Digest::MD5->new;
$md5->addfile($fh);
my $file_md5 = $md5->hexdigest;
chomp $file_md5;
close $fh;
if (exists $integrity{$file_key} && $integrity{$file_key} ne $file_md5) {
push @no_integrity_files, $file;
}
$integrity{$file_key} = $file_md5;
} else {
push @errored_files, $file;
}
}
# Overwrite integrity file content
open my $file_handle, '>', $integrity_file;
print $file_handle map { "$_=$integrity{$_}\n" } keys %integrity;
close $file_handle;
# Check module status
if (@no_integrity_files) {
$value = 0;
$desc = "Changed files found:\n" . join("\n", @no_integrity_files);
}
if (@errored_files) {
$value = 0;
$desc .= "\nUnable to check integrity of some files:\n" . join("\n", @errored_files);
}
}
print_xml_module('Files check status', 'generic_proc', $desc, $value);
}
# Check weak passwords
if ($check_passwords) {
my $value = 1;
my $desc = 'No insecure passwords found.';
# Create unique check passwords list
@l_passwords = uniq(@l_passwords);
my @insecure_users;
my $shadow_file = '/etc/shadow';
if (-e $shadow_file && -r $shadow_file) {
open my $shadow_fh, '<', $shadow_file;
while (my $line = <$shadow_fh>) {
chomp $line;
my ($username, $password_hash, @rest) = split /:/, $line;
# Skip users with no password hash
if ($password_hash ne "*" && $password_hash ne "!!" && $password_hash ne "!locked") {
my $salt = substr($password_hash, 0, rindex($password_hash, '$') + 1);
my $user_hash = crypt($username, $salt);
if ($user_hash eq $password_hash) {
push @insecure_users, $username;
} else {
foreach my $weak_password (@l_passwords) {
my $weak_password_hash = crypt($weak_password, $salt);
if ($weak_password_hash eq $password_hash) {
push @insecure_users, $username;
last;
}
}
}
}
}
close $shadow_fh;
} else {
$value = 0;
$desc = 'Can not read '.$shadow_file.' to check passwords.';
}
if (@insecure_users) {
$value = 0;
$desc = "Users with insecure passwords found:\n" . join("\n", @insecure_users);
}
print_xml_module('Insecure passwords status', 'generic_proc', $desc, $value);
}

55
pandora_agents/win32/bin/pandora_agent.conf
View File

@ -1,6 +1,6 @@
# Base config file for Pandora FMS Windows Agent
# (c) 2006-2023 Pandora FMS
# Version 7.0NG.772
# Version 7.0NG.775
# This program is Free Software, you can redistribute it and/or modify it
# under the terms of the GNU General Public Licence as published by the Free Software
# Foundation; either version 2 of the Licence or any later version
@ -165,7 +165,7 @@ module_description User CPU Usage (%)
module_min_warning 70
module_max_warning 90
module_min_critical 91
module_max_critical 100
module_max_critical 0
module_unit %
module_group System
module_end
@ -179,6 +179,22 @@ module_description Total number of TCP connections active
module_group Networking
module_end
# Get logs from System source.
module_begin
module_name Eventlog_System
module_type log
module_logevent
module_source System
module_end
# Get logs from Security source.
module_begin
module_name Eventlog_Security
module_type log
module_logevent
module_source Security
module_end
# Example plugin to retrieve drive usage
module_plugin cscript.exe //B "%ProgramFiles%\Pandora_Agent\util\df_percent_used.vbs"
@ -273,22 +289,6 @@ module_plugin "%PROGRAMFILES%\Pandora_Agent\util\autodiscover.exe" --default
#module_type generic_data_string
#module_end
# Get logs from System source. Need enterprise version.
#module_begin
#module_name Eventlog_System
#module_type log
#module_logevent
#module_source System
#module_end
# Get logs from Security source. Need enterprise version.
#module_begin
#module_name Eventlog_Security
#module_type log
#module_logevent
#module_source Security
#module_end
# Get logs from Application source. Need enterprise version.
#module_begin
#module_name Eventlog_Application
@ -524,3 +524,22 @@ module_plugin "%PROGRAMFILES%\Pandora_Agent\util\autodiscover.exe" --default
#module_native_encoding OEM
#module_end
# Hardening plugin for security compliance analysis.
#module_begin
#module_plugin "%PROGRAMFILES%\Pandora_Agent\util\pandora_hardening.exe -t 150"
#module_absoluteinterval 7d
#module_end
# Logs extraction
#module_begin
#module_name X_Server_log
#module_description Logs extraction module
#module_type log
#module_regexp C:\server\logs\xserver.log
#module_pattern .*
#module_end
# Pandora basic security check plugin for windows.
#module_begin
#module_plugin "%PROGRAMFILES%\Pandora_Agent\util\pandora_security_win.exe"
#module_end

3
pandora_agents/win32/bin/util/pandora_hardening.exe Executable file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:db207ef67053764be7e9b42cd04ea5509cc2a023548aab1c037745ca277b68a3
size 4858753

3
pandora_agents/win32/bin/util/pandora_security_win.exe Executable file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:c58891fbd16bf80f288e0ff4751801aa02dbf4e6c914625b4d49a364c7e0b511
size 7829249

4
pandora_agents/win32/installer/pandora.mpi
View File

@ -3,7 +3,7 @@ AllowLanguageSelection
{Yes}
AppName
{Pandora FMS Windows Agent v7.0NG.772}
{Pandora FMS Windows Agent v7.0NG.775}
ApplicationID
{17E3D2CF-CA02-406B-8A80-9D31C17BD08F}
@ -186,7 +186,7 @@ UpgradeApplicationID
{}
Version
{230730}
{240117}
ViewReadme
{Yes}

3
pandora_agents/win32/installer/scripts/install_service_restart.bat
View File

@ -1,2 +1,3 @@
@at 00:00 /every:1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30 "%CD%\restart_pandora_agent.bat"
@at 00:00 /every:1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30 "'%CD%\restart_pandora_agent.bat'"
schtasks /change /tn pandora_agent_restart /tr "'%CD%\restart_pandora_agent.bat'"

4
pandora_agents/win32/misc/pandora_file.h
View File

@ -31,6 +31,10 @@ using namespace std;
* File operations.
*/
namespace Pandora_File {
/* Size of a buffer that will be passed to Pandora_File::md5. */
const int MD5_BUF_SIZE = 33;
/**
* File super-class exception.
*/

81
pandora_agents/win32/modules/pandora_module.cc
View File

@ -19,11 +19,14 @@
*/
#include "pandora_module.h"
#include "pandora_windows_service.h"
#include "../misc/pandora_file.h"
#include "../pandora_strutils.h"
#include "../pandora.h"
#include <iostream>
#include <sstream>
#include <cmath>
#define BUFSIZE 4096
@ -472,18 +475,27 @@ Pandora_Module::setNoOutput () {
*/
void
Pandora_Module::run () {
/* Check the interval */
if (this->executions % this->intensive_interval != 0) {
// Run once.
if (this->intensive_interval == 0) {
if (this->executions == 0) {
has_output = false;
throw Interval_Not_Fulfilled ();
}
}
// Run periodically.
else if (++this->executions < this->intensive_interval) {
pandoraDebug ("%s: Interval is not fulfilled", this->module_name.c_str ());
this->executions++;
has_output = false;
throw Interval_Not_Fulfilled ();
}
/* Increment the executions after check. This is done to execute the
first time */
this->executions++;
// Reset the execution counter.
this->executions = 0;
has_output = true;
// Update the execution timestamp.
this->updateTimestampFile();
}
/**
@ -1663,6 +1675,63 @@ Pandora_Module::getTimestamp () {
return this->timestamp;
}
/**
* Sets the module timestamp file.
*
* @param file_name The name of the timestamp file.
*/
void
Pandora_Module::setTimestampFile (string file_name) {
this->timestamp_file = file_name;
}
/**
* Gets the module timestamp file.
*
* @return The name of the timestamp file.
*/
string
Pandora_Module::getTimestampFile () {
return this->timestamp_file;
}
/**
* Update the timestamp file with the current time.
*
*/
void
Pandora_Module::updateTimestampFile () {
try {
Pandora_File::writeFile(this->timestamp_file, std::to_string(std::time(NULL)));
} catch (...) {
/* Ignore errors. */
}
}
/**
* Initialize the module's internal execution counter.
*
*/
void
Pandora_Module::initExecutions () {
string timestamp;
try {
if (this->timestamp_file != "" && Pandora_File::readFile(this->timestamp_file, timestamp) != FILE_NOT_FOUND) {
// If the interval is 0, setting executions to 0 will prevent the module from running.
this->executions = this->intensive_interval == 0 ?
0 :
floor((1000.0 * (std::time(NULL) - strtoint(timestamp))) / Pandora_Windows_Service::getInstance()->getInterval());
return;
}
} catch (...) {
// Ignore errors.
}
// If the interval is 0, setting executions to any value != 0 will make the module run.
this->executions = this->intensive_interval == 0 ? 1 : this->intensive_interval;
}
/**
* Sets the value of intensive_match.
*

5
pandora_agents/win32/modules/pandora_module.h
View File

@ -171,6 +171,7 @@ namespace Pandora_Modules {
Cron *cron;
list<Condition *> *intensive_condition_list;
time_t timestamp;
string timestamp_file;
unsigned char intensive_match;
int intensive_interval;
string unit, custom_id, str_warning, str_critical;
@ -238,6 +239,7 @@ namespace Pandora_Modules {
bool getAsync ();
void setExecutions(long executions=0);
long getExecutions();
void initExecutions ();
virtual string getXml ();
@ -303,6 +305,9 @@ namespace Pandora_Modules {
int hasOutput ();
void setTimestamp (time_t timestamp);
time_t getTimestamp ();
void setTimestampFile (string file_name);
string getTimestampFile ();
void updateTimestampFile ();
void setIntensiveMatch (unsigned char intensive_match);
unsigned char getIntensiveMatch ();
bool isIntensive ();

88
pandora_agents/win32/modules/pandora_module_factory.cc
View File

@ -41,7 +41,10 @@
#include "pandora_module_snmpget.h"
#include "../windows/pandora_wmi.h"
#include "../pandora_strutils.h"
#include "../misc/pandora_file.h"
#include "../pandora.h"
#include <list>
#include <cmath>
using namespace Pandora;
using namespace Pandora_Modules;
@ -50,6 +53,7 @@ using namespace Pandora_Strutils;
#define TOKEN_NAME ("module_name ")
#define TOKEN_TYPE ("module_type ")
#define TOKEN_INTERVAL ("module_interval ")
#define TOKEN_ABSOLUTEINTERVAL ("module_absoluteinterval ")
#define TOKEN_EXEC ("module_exec ")
#define TOKEN_PROC ("module_proc ")
#define TOKEN_SERVICE ("module_service ")
@ -156,7 +160,8 @@ Pandora_Module_Factory::getModuleFromDefinition (string definition) {
list<string>::iterator iter;
string module_name, module_type, module_exec;
string module_min, module_max, module_description;
string module_interval, module_proc, module_service;
string module_interval, module_absoluteinterval;
string module_proc, module_service;
string module_freedisk, module_cpuusage, module_inventory;
string module_freedisk_percent, module_freememory_percent;
string module_dsn, module_freememory;
@ -196,6 +201,7 @@ Pandora_Module_Factory::getModuleFromDefinition (string definition) {
module_max = "";
module_description = "";
module_interval = "";
module_absoluteinterval = "";
module_exec = "";
module_proc = "";
module_service = "";
@ -290,6 +296,9 @@ Pandora_Module_Factory::getModuleFromDefinition (string definition) {
if (module_interval == "") {
module_interval = parseLine (line, TOKEN_INTERVAL);
}
if (module_absoluteinterval == "") {
module_absoluteinterval = parseLine (line, TOKEN_ABSOLUTEINTERVAL);
}
if (module_exec == "") {
module_exec = parseLine (line, TOKEN_EXEC);
}
@ -603,6 +612,13 @@ Pandora_Module_Factory::getModuleFromDefinition (string definition) {
}
}
if (module_absoluteinterval != "") {
pos_macro = module_absoluteinterval.find(macro_name);
if (pos_macro != string::npos){
module_absoluteinterval.replace(pos_macro, macro_name.size(), macro_value);
}
}
if (module_exec != "") {
pos_macro = module_exec.find(macro_name);
if (pos_macro != string::npos){
@ -1323,6 +1339,61 @@ Pandora_Module_Factory::getModuleFromDefinition (string definition) {
}
}
/* Set the module absolute interval */
if (module_absoluteinterval != "") {
int interval;
try {
service = Pandora_Windows_Service::getInstance();
// Run once.
if (module_absoluteinterval == "once") {
interval = 0;
}
// Seconds.
else if (module_absoluteinterval.back() == 's') {
interval = strtoint (module_absoluteinterval.substr(0, module_absoluteinterval.size() - 1));
}
// Minutes.
else if (module_absoluteinterval.back() == 'm') {
interval = strtoint (module_absoluteinterval.substr(0, module_absoluteinterval.size() - 1)) * 60;
}
// Hours.
else if (module_absoluteinterval.back() == 'h') {
interval = strtoint (module_absoluteinterval.substr(0, module_absoluteinterval.size() - 1)) * 3600;
}
// Days.
else if (module_absoluteinterval.back() == 'd') {
interval = strtoint (module_absoluteinterval.substr(0, module_absoluteinterval.size() - 1)) * 86400;
}
// Number of agent intervals.
else {
interval = strtoint(module_absoluteinterval) * (service->getIntervalSec());
}
// Convert from seconds to agent executions.
interval = ceil(interval / double(service->getIntervalSec()));
// Set the module interval.
module->setInterval (interval);
module->setIntensiveInterval (interval);
// Compute the MD5 hash of the module's name.
char module_name_md5[Pandora_File::MD5_BUF_SIZE];
Pandora_File::md5(module_name.c_str(), module_name.size(), module_name_md5);
// Set the timestamp file.
module->setTimestampFile(Pandora::getPandoraInstallDir().append("/ref/").append(module_name_md5).append(".ref"));
} catch (Invalid_Conversion e) {
pandoraLog ("Invalid absolute interval value \"%s\" for module %s",
module_absoluteinterval.c_str (),
module_name.c_str ());
}
catch (...) {
// Should not happen. Ignore errors.
}
}
/* Module intensive condition */
if (intensive_condition_list.size () > 0) {
intensive_condition_iter = intensive_condition_list.begin ();
@ -1337,6 +1408,9 @@ Pandora_Module_Factory::getModuleFromDefinition (string definition) {
module->setIntensiveInterval (module->getInterval () * (service->getInterval () / service->getIntensiveInterval ()));
}
/* Initialize the module's execution counter. */
module->initExecutions ();
/* Module cron */
module->setCron (module_crontab);
@ -1374,6 +1448,18 @@ Pandora_Module_Factory::getModuleFromDefinition (string definition) {
numeric = false;
}
// Make sure modules that run once are asynchronous.
if (module->getInterval() == 0) {
type = module->getTypeInt();
if (type == TYPE_GENERIC_DATA) {
module->setType("async_data");
} else if (type == TYPE_GENERIC_PROC) {
module->setType("async_proc");
} else if (type == TYPE_GENERIC_DATA_STRING) {
module->setType("async_string");
}
}
if (numeric) {
if (module_max != "") {
try {

2
pandora_agents/win32/pandora.cc
View File

@ -30,7 +30,7 @@ using namespace Pandora;
using namespace Pandora_Strutils;
#define PATH_SIZE _MAX_PATH+1
#define PANDORA_VERSION ("7.0NG.772 Build 230730")
#define PANDORA_VERSION ("7.0NG.775 Build 240117")
string pandora_path;
string pandora_dir;

5
pandora_agents/win32/pandora_windows_service.cc
View File

@ -2197,6 +2197,11 @@ Pandora_Windows_Service::getInterval () {
return this->interval;
}
long
Pandora_Windows_Service::getIntervalSec () {
return this->interval_sec;
}
long
Pandora_Windows_Service::getIntensiveInterval () {
return this->intensive_interval;

1
pandora_agents/win32/pandora_windows_service.h
View File

@ -122,6 +122,7 @@ namespace Pandora {
Pandora_Agent_Conf *getConf ();
string getEHKey (string ehorus_conf);
long getInterval ();
long getIntervalSec ();
long getIntensiveInterval ();
string generateAgentName ();
bool writeToBuffer (string temporal);

2
pandora_agents/win32/versioninfo.rc
View File

@ -11,7 +11,7 @@ BEGIN
VALUE "LegalCopyright", "Pandora FMS"
VALUE "OriginalFilename", "PandoraAgent.exe"
VALUE "ProductName", "Pandora FMS Windows Agent"
VALUE "ProductVersion", "(7.0NG.772(Build 230730))"
VALUE "ProductVersion", "(7.0NG.775(Build 240117))"
VALUE "FileVersion", "1.0.0.0"
END
END

2
pandora_console/DEBIAN/control
View File

@ -1,5 +1,5 @@
package: pandorafms-console
Version: 7.0NG.772-230730
Version: 7.0NG.775-240117
Architecture: all
Priority: optional
Section: admin

2
pandora_console/DEBIAN/make_deb_package.sh
View File

@ -14,7 +14,7 @@
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
pandora_version="7.0NG.772-230730"
pandora_version="7.0NG.775-240117"
package_pear=0
package_pandora=1

4
pandora_console/ajax.php
View File

@ -183,7 +183,9 @@ if (isset($config['force_instant_logout']) === true
$_SESSION = [];
session_destroy();
header_remove('Set-Cookie');
setcookie(session_name(), $_COOKIE[session_name()], (time() - 4800), '/');
if (isset($_COOKIE[session_name()]) === true) {
setcookie(session_name(), $_COOKIE[session_name()], (time() - 4800), '/');
}
if ($config['auth'] === 'saml' && empty($public_hash) === true) {
include_once $config['saml_path'].'simplesamlphp/lib/_autoload.php';

31
pandora_console/cron.php Normal file
View File

@ -0,0 +1,31 @@
<?php
require_once 'include/config.php';
require_once 'include/auth/mysql.php';
require_once 'include/functions.php';
require_once 'include/functions_db.php';
global $config;
if ((bool) $config['enterprise_installed'] === true) {
return;
}
// Load classes.
require_once 'include/class/DiscoveryConsoleTask.php';
require_once 'include/class/ConsoleSupervisor.php';
db_process_sql_update(
'tconfig',
['value' => get_system_time()],
['token' => 'cron_last_run']
);
$tasks = new DiscoveryConsoleTask();
$tasks->run();
if (is_reporting_console_node() === true) {
$supervisor = new ConsoleSupervisor();
$supervisor->run();
}

109
pandora_console/extensions/agents_modules.php
View File

@ -52,7 +52,9 @@ function agents_modules_load_js()
max_width = width;
}
});
loadRecursionGroups();
$.each($('.th_class_module_r'), function (i, elem) {
id = $(elem).attr('id').replace('th_module_r_', '');
$("#th_module_r_" + id).height(($("#div_module_r_" + id).width() + 10) + 'px');
@ -139,29 +141,7 @@ function agents_modules_load_js()
});
$("#checkbox-recursion").change (function () {
jQuery.post ("ajax.php",
{"page" : "operation/agentes/ver_agente",
"get_agents_group_json" : 1,
"id_group" : $("#group_id").val(),
"privilege" : "AW",
"keys_prefix" : "_",
"recursion" : $('#checkbox-recursion').is(':checked')
},
function (data, status) {
$("#id_agents2").html('');
$("#module").html('');
jQuery.each (data, function (id, value) {
// Remove keys_prefix from the index
id = id.substring(1);
option = $("<option></option>")
.attr ("value", value["id_agente"])
.html (value["alias"]);
$("#id_agents").append (option);
$("#id_agents2").append (option);
});
},
"json"
);
loadRecursionGroups();
});
$("#modulegroup").change (function () {
@ -261,12 +241,54 @@ function agents_modules_load_js()
}
function select_selected () {
// $('#id_agents2 option').each(function(){
// if($(this).attr('selected') === 'selected'){
// $(this).prop('selected', true);
// }
// });
var f = document.forms.filter_form;
f.action = "index.php?sec=view&sec2=extensions/agents_modules";
$('#filter_form').submit();
}
function loadRecursionGroups () {
jQuery.post ("ajax.php",
{"page" : "operation/agentes/ver_agente",
"get_agents_group_json" : 1,
"id_group" : $("#group_id").val(),
"privilege" : "AW",
"keys_prefix" : "_",
"recursion" : $('#checkbox-recursion').is(':checked')
},
function (data, status) {
$("#id_agents2").html('');
$("#module").html('');
jQuery.each (data, function (id, value) {
// Remove keys_prefix from the index
id = id.substring(1);
option = $("<option></option>")
.attr ("value", value["id_agente"])
.html (value["alias"]);
$("#id_agents").append (option);
$("#id_agents2").append (option);
});
},
"json"
);
}
/* <![CDATA[ */
function export_csv() {
let group_id = $('#group_id option:selected').val();
let module_group_id = $('#modulegroup option:selected').val();
let agent_id = $('#id_agents2 option:selected').map((_, e) => e.value).get();
let module_id = $('#module option:selected').map((_, e) => e.value).get();
let filters_array = {group_id: group_id, module_group_id:module_group_id, agent_id:agent_id, module_id:module_id}
let jsonFilters = JSON.stringify(filters_array)
let filters = window.btoa(jsonFilters)
var f = document.forms.filter_form;
blockResubmit($(this));
f.action = "extensions/agents_modules_csv.php?get_agents_module_csv=1&filters="+filters;
$("#filter_form").submit();
}
/* ]]> */
</script>
<?php
}
@ -445,7 +467,7 @@ function mainAgentsModules()
$filter_groups .= html_print_label_input_block(
__('Recursion'),
html_print_checkbox_switch('recursion', 1, 0, true),
html_print_checkbox_switch('recursion', 1, $recursion, true),
[
'div_class' => 'add-input-reverse',
'label_class' => 'label-thin',
@ -653,7 +675,7 @@ function mainAgentsModules()
}
if ($config['pure'] != 1) {
$show_filters = '<form method="post" action="index.php?sec=view&sec2=extensions/agents_modules" class="w100p">';
$show_filters = '<form id="filter_form" method="post" action="index.php?sec=view&sec2=extensions/agents_modules" class="w100p">';
$show_filters .= '<table class="filter-table-adv w100p no-border" cellpadding="4" cellspacing="4">';
$show_filters .= '<tr>';
$show_filters .= '<td width="33%">'.$filter_type.'</td>';
@ -679,6 +701,13 @@ function mainAgentsModules()
'onclick' => 'select_selected()',
],
true
).html_print_button(
__('Export to CSV'),
'srcbutton_csv',
false,
'export_csv()',
['class' => 'secondary mini'],
true,
),
],
true
@ -698,6 +727,13 @@ function mainAgentsModules()
);
}
$group_id_for_agents_search = $group_id;
if ($group_id > 0) {
if ($recursion) {
$group_id_for_agents_search = groups_get_children_ids($group_id, true);
}
}
if (isset($agents_id[0]) === true && $agents_id[0] != -1) {
$agents = $agents_id;
} else {
@ -705,7 +741,7 @@ function mainAgentsModules()
$agents = $full_agents_id;
} else {
$agents = '';
$agents = agents_get_group_agents($group_id, ['disabled' => 0]);
$agents = agents_get_group_agents($group_id_for_agents_search, ['disabled' => 0]);
$agents = array_keys($agents);
}
}
@ -838,10 +874,7 @@ function mainAgentsModules()
if ($group_id > 0) {
if ($recursion) {
$filter_groups['id_grupo'] = array_merge(
$group_id,
groups_get_children_ids($group_id, true)
);
$filter_groups['id_grupo'] = groups_get_children_ids($group_id, true);
} else {
$filter_groups['id_grupo'] = $group_id;
}
@ -858,7 +891,7 @@ function mainAgentsModules()
return;
}
echo '<table cellpadding="4" cellspacing="4" border="0" class="info_table mrgn_btn_20px">';
echo '<table cellpadding="4" cellspacing="4" border="0" class="info_table mrgn_btn_20px" id="agents_modules_table">';
echo '<tr>';
@ -985,7 +1018,7 @@ function mainAgentsModules()
echo "<td class='center' style='text-align:left;'>";
$win_handle = dechex(crc32($module_id.$module['name']));
$graph_type = return_graphtype(modules_get_agentmodule_type($module_id));
$link = "winopeng_var('".'operation/agentes/stat_win.php?'."type=$graph_type&".'period='.SECONDS_1DAY.'&'.'id='.$module_id.'&'.'refresh='.SECONDS_10MINUTES."', 'day_".$win_handle."', 800, 480)";
$link = "winopeng_var('".'operation/agentes/stat_win.php?'."type=$graph_type&".'period='.SECONDS_1DAY.'&id='.$module_id.'&period_graph=0&refresh='.SECONDS_10MINUTES."', 'day_".$win_handle."', 800, 480)";
echo '<a href="javascript:'.$link.'">';

137
pandora_console/extensions/agents_modules_csv.php Normal file
View File

@ -0,0 +1,137 @@
<?php
/**
* Export data.
*
* @category Tools
* @package Pandora FMS
* @subpackage Operation
* @version 1.0.0
* @license See below
*
* ______ ___ _______ _______ ________
* | __ \.-----.--.--.--| |.-----.----.-----. | ___| | | __|
* | __/| _ | | _ || _ | _| _ | | ___| |__ |
* |___| |___._|__|__|_____||_____|__| |___._| |___| |__|_|__|_______|
*
* ============================================================================
* Copyright (c) 2005-2023 Pandora FMS
* Please see https://pandorafms.com/community/ for full contribution list
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation for version 2.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* ============================================================================
*/
global $config;
if ((bool) $config['metaconsole']) {
include_once $config['homedir'].'/include/config.php';
include_once $config['homedir'].'/include/functions_agents.php';
include_once $config['homedir'].'/include/functions_reporting.php';
include_once $config['homedir'].'/include/functions_modules.php';
include_once $config['homedir'].'/include/functions_users.php';
} else {
include_once __DIR__.'/../include/config.php';
include_once __DIR__.'/../include/functions_agents.php';
include_once __DIR__.'/../include/functions_reporting.php';
include_once __DIR__.'/../include/functions_modules.php';
include_once __DIR__.'/../include/functions_users.php';
}
check_login();
// ACL Check.
if (! check_acl($config['id_user'], 0, 'AR')) {
db_pandora_audit(
AUDIT_LOG_ACL_VIOLATION,
'Trying to access Agent view (Grouped)'
);
include 'general/noaccess.php';
exit;
}
$get_agents_module_csv = get_parameter('get_agents_module_csv', 0);
if ($get_agents_module_csv === '1') {
// ***************************************************
// Header output
// ***************************************************
$config['ignore_callback'] = true;
while (@ob_end_clean()) {
}
$filename = 'agents_module_view_'.date('Ymd').'-'.date('His');
// Set cookie for download control.
setDownloadCookieToken();
header('Content-Type: text/csv');
header('Content-Disposition: attachment; filename="'.$filename.'.csv"');
// ***************************************************
// Data processing
// ***************************************************
echo pack('C*', 0xEF, 0xBB, 0xBF);
$json_filters = get_parameter('filters', '');
$filters = json_decode(
base64_decode(
get_parameter('filters', '')
),
true
);
$results = export_agents_module_csv($filters);
$divider = $config['csv_divider'];
$dataend = PHP_EOL;
$header_fields = [
__('Agent'),
__('Module'),
__('Data'),
];
$out_csv = '';
foreach ($header_fields as $key => $value) {
$out_csv .= $value.$divider;
}
$out_csv .= "\n";
foreach ($results as $result) {
foreach ($result as $key => $value) {
if (preg_match('/Linux/i', $_SERVER['HTTP_USER_AGENT'])) {
$value = preg_replace(
'/\s+/',
' ',
io_safe_output($value)
);
} else {
$value = mb_convert_encoding(
preg_replace(
'/\s+/',
'',
io_safe_output($value)
),
'UTF-16LE',
'UTF-8'
);
}
$out_csv .= $value.$divider;
}
$out_csv .= "\n";
}
echo io_safe_output($out_csv);
exit;
}

14
pandora_console/extensions/api_checker.php
View File

@ -99,7 +99,7 @@ function api_execute(
if (empty($token) === true) {
$data['apipass'] = $apipass;
$data['user'] = $user;
$data['password'] = $password;
$data['pass'] = $password;
}
}
@ -157,7 +157,6 @@ function extension_api_checker()
}
$url = io_safe_output(get_parameter('url', ''));
$ip = io_safe_output(get_parameter('ip', '127.0.0.1'));
$pandora_url = io_safe_output(get_parameter('pandora_url', $config['homeurl_static']));
$apipass = io_safe_output(get_parameter('apipass', ''));
@ -175,6 +174,17 @@ function extension_api_checker()
$api_execute = (bool) get_parameter('api_execute', false);
if ($url !== '') {
$validate_url = parse_url($url);
if ($validate_url['scheme'] === 'http' || $validate_url['scheme'] === 'https') {
ui_print_success_message(__('Request successfully processed'));
} else {
ui_print_error_message(__('Incorrect URL'));
$url = '';
$api_execute = false;
}
}
$return_call_api = '';
if ($api_execute === true) {
$return_call_api = api_execute(

2
pandora_console/extensions/dbmanager.php
View File

@ -90,7 +90,7 @@ function dbmgr_extension_main()
// Header.
ui_print_standard_header(
__('Database interface'),
__('DB interface'),
'images/gm_db.png',
false,
'',

286
pandora_console/extensions/files_repo.php
View File

@ -1,286 +0,0 @@
<?php
// Pandora FMS - https://pandorafms.com
// ==================================================
// Copyright (c) 2005-2023 Pandora FMS
// Please see https://pandorafms.com/community/ for full contribution list
// This program is free software; you can redistribute it and/or
// modify it under the terms of the GNU General Public License
// as published by the Free Software Foundation; version 2
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
function pandora_files_repo_install()
{
global $config;
if (isset($config['files_repo_installed']) && $config['files_repo_installed'] == 1) {
return;
}
$full_extensions_dir = $config['homedir'].'/'.EXTENSIONS_DIR.'/';
$full_sql_dir = $full_extensions_dir.'files_repo/sql/';
$file_path = '';
switch ($config['dbtype']) {
case 'mysql':
$file_path = $full_sql_dir.'files_repo.sql';
break;
case 'postgresql':
$file_path = $full_sql_dir.'files_repo.postgreSQL.sql';
break;
case 'oracle':
$file_path = $full_sql_dir.'files_repo.oracle.sql';
break;
}
if (!empty($file_path)) {
$result = db_process_file($file_path);
if ($result) {
// Configuration values
$values = [
'token' => 'files_repo_installed',
'value' => 1,
];
db_process_sql_insert('tconfig', $values);
}
}
}
function pandora_files_repo_uninstall()
{
global $config;
switch ($config['dbtype']) {
case 'mysql':
db_process_sql('DROP TABLE `tfiles_repo_group`');
db_process_sql('DROP TABLE `tfiles_repo`');
db_process_sql(
'DELETE FROM `tconfig`
WHERE `token` LIKE "files_repo_%"'
);
break;
case 'postgresql':
db_process_sql('DROP TABLE "tfiles_repo_group"');
db_process_sql('DROP TABLE "tfiles_repo"');
db_process_sql(
'DELETE FROM "tconfig"
WHERE "token" LIKE \'files_repo_%\''
);
break;
case 'oracle':
db_process_sql('DROP TRIGGER "tfiles_repo_group_inc"');
db_process_sql('DROP SEQUENCE "tfiles_repo_group_s"');
db_process_sql('DROP TABLE "tfiles_repo_group"');
db_process_sql('DROP TRIGGER "tfiles_repo_inc"');
db_process_sql('DROP SEQUENCE "tfiles_repo_s"');
db_process_sql('DROP TABLE "tfiles_repo"');
db_process_sql(
'DELETE FROM tconfig
WHERE token LIKE \'files_repo_%\''
);
break;
}
if (!empty($config['attachment_store'])) {
delete_dir($config['attachment_store'].'/files_repo');
}
}
function pandora_files_repo_godmode()
{
global $config;
if (!isset($config['files_repo_installed']) || !$config['files_repo_installed']) {
ui_print_error_message(__('Extension not installed'));
}
// ACL Check
check_login();
if (! check_acl($config['id_user'], 0, 'PM')) {
db_pandora_audit(
AUDIT_LOG_ACL_VIOLATION,
'Trying to access to Files repository'
);
include 'general/noaccess.php';
return;
}
// Header tabs.
$godmode['text'] = '<a href="index.php?sec=godmode/extensions&sec2=extensions/files_repo">'.html_print_image('images/configuration@svg.svg', true, ['title' => __('Administration view'), 'class' => 'main_menu_icon invert_filter']).'</a>';
$godmode['godmode'] = 1;
$godmode['active'] = 1;
$operation['text'] = '<a href="index.php?sec=extensions&sec2=extensions/files_repo">'.html_print_image('images/see-details@svg.svg', true, ['title' => __('Operation view'), 'class' => 'main_menu_icon invert_filter']).'</a>';
$operation['operation'] = 1;
$onheader = [
'godmode' => $godmode,
'operation' => $operation,
];
// Header.
ui_print_standard_header(
__('Extensions'),
'images/extensions.png',
false,
'',
true,
$onheader,
[
[
'link' => '',
'label' => __('Admin tools'),
],
[
'link' => '',
'label' => __('Extension manager'),
],
[
'link' => '',
'label' => __('Files repository manager'),
],
]
);
$full_extensions_dir = $config['homedir'].'/'.EXTENSIONS_DIR.'/';
include_once $full_extensions_dir.'files_repo/functions_files_repo.php';
// Directory files_repo check.
if (!files_repo_check_directory(true)) {
return;
}
$server_content_length = 0;
if (isset($_SERVER['CONTENT_LENGTH'])) {
$server_content_length = $_SERVER['CONTENT_LENGTH'];
}
// Check for an anoying error that causes the $_POST and $_FILES arrays.
// were empty if the file is larger than the post_max_size.
if (intval($server_content_length) > 0 && empty($_POST)) {
ui_print_error_message(__('Problem uploading. Please check this PHP runtime variable values: <pre> post_max_size (currently '.ini_get('post_max_size').')</pre>'));
}
// GET and POST parameters.
$file_id = (int) get_parameter('file_id');
$add_file = (bool) get_parameter('add_file');
$update_file = (bool) get_parameter('update_file');
$delete_file = (bool) get_parameter('delete');
// File add or update.
if ($add_file || ($update_file && $file_id > 0)) {
$groups = get_parameter('groups', []);
$public = (bool) get_parameter('public');
$description = io_safe_output((string) get_parameter('description'));
if (mb_strlen($description, 'UTF-8') > 200) {
$description = mb_substr($description, 0, 200, 'UTF-8');
}
$description = io_safe_input($description);
if ($add_file) {
$result = files_repo_add_file('upfile', $description, $groups, $public);
} else if ($update_file) {
$result = files_repo_update_file($file_id, $description, $groups, $public);
$file_id = 0;
}
if ($result['status'] == false) {
ui_print_error_message($result['message']);
}
}
// File delete.
if ($delete_file && $file_id > 0) {
$result = files_repo_delete_file($file_id);
if ($result !== -1) {
ui_print_result_message($result, __('Successfully deleted'), __('Could not be deleted'));
}
$file_id = 0;
}
// FORM.
include $full_extensions_dir.'files_repo/files_repo_form.php';
if (!$file_id) {
// LIST.
$manage = true;
include $full_extensions_dir.'files_repo/files_repo_list.php';
}
}
function pandora_files_repo_operation()
{
global $config;
// Header tabs.
$onheader = [];
if (check_acl($config['id_user'], 0, 'PM')) {
$godmode['text'] = '<a href="index.php?sec=godmode/extensions&sec2=extensions/files_repo">'.html_print_image('images/configuration@svg.svg', true, ['title' => __('Administration view'), 'class' => 'main_menu_icon invert_filter']).'</a>';
$godmode['godmode'] = 1;
$operation['text'] = '<a href="index.php?sec=extensions&sec2=extensions/files_repo">'.html_print_image('images/see-details@svg.svg', true, ['title' => __('Operation view'), 'class' => 'main_menu_icon invert_filter']).'</a>';
$operation['operation'] = 1;
$operation['active'] = 1;
$onheader = [
'godmode' => $godmode,
'operation' => $operation,
];
}
// Header.
ui_print_standard_header(
__('Files repository'),
'images/extensions.png',
false,
'',
false,
$onheader,
[
[
'link' => '',
'label' => __('Admin tools'),
],
[
'link' => '',
'label' => __('Extension manager'),
],
[
'link' => '',
'label' => __('Files repository'),
],
]
);
$full_extensions_dir = $config['homedir'].'/'.EXTENSIONS_DIR.'/';
include_once $full_extensions_dir.'files_repo/functions_files_repo.php';
// Directory files_repo check.
if (!files_repo_check_directory(true)) {
return;
}
// LIST.
$full_extensions_dir = $config['homedir'].'/'.EXTENSIONS_DIR.'/';
include $full_extensions_dir.'files_repo/files_repo_list.php';
}
extensions_add_operation_menu_option(__('Files repository'), null, null, 'v1r1');
extensions_add_main_function('pandora_files_repo_operation');
extensions_add_godmode_menu_option(__('Files repository manager'), 'PM', null, null, 'v1r1');
extensions_add_godmode_function('pandora_files_repo_godmode');
pandora_files_repo_install();

168
pandora_console/extensions/files_repo/files_repo_list.php
View File

@ -1,168 +0,0 @@
<?php
// Pandora FMS - https://pandorafms.com
// ==================================================
// Copyright (c) 2005-2023 Pandora FMS
// Please see https://pandorafms.com/community/ for full contribution list
// This program is free software; you can redistribute it and/or
// modify it under the terms of the GNU General Public License
// as published by the Free Software Foundation; version 2
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
global $config;
$full_extensions_dir = $config['homedir'].'/'.EXTENSIONS_DIR.'/';
require_once $full_extensions_dir.'files_repo/functions_files_repo.php';
$offset = (int) get_parameter('offset');
$filter = [];
$filter['limit'] = $config['block_size'];
$filter['offset'] = $offset;
$filter['order'] = [
'field' => 'id',
'order' => 'DESC',
];
$files = files_repo_get_files($filter);
if (!empty($files)) {
if (!isset($manage)) {
$manage = false;
}
// Pagination
if ($manage) {
$url = ui_get_full_url('index.php?sec=godmode/extensions&sec2=extensions/files_repo');
} else {
$url = ui_get_full_url('index.php?sec=extensions&sec2=extensions/files_repo');
}
$total_files = files_repo_get_files(false, true);
ui_pagination($total_files, $url, $offset);
$table = new stdClass();
$table->width = '100%';
$table->class = 'info_table';
$table->style = [];
$table->style[1] = 'max-width: 200px;';
$table->style[4] = 'text-align: center;';
$table->head = [];
$table->head[0] = __('Name');
$table->head[1] = __('Description');
$table->head[2] = __('Size');
$table->head[3] = __('Last modification');
$table->head[4] = '';
$table->data = [];
foreach ($files as $file_id => $file) {
$data = [];
// Prepare the filename for the get_file.php script
$document_root = str_replace(
'\\',
'/',
io_safe_output($_SERVER['DOCUMENT_ROOT'])
);
$file['location'] = str_replace(
'\\',
'/',
io_safe_output($file['location'])
);
$relative_path = str_replace($document_root, '', $file['location']);
$file_name = explode('/', $file['location']);
$file_decoded = $file_name[(count($file_name) - 1)];
$file_path = base64_encode($file_decoded);
$hash = md5($file_path.$config['server_unique_identifier']);
$url = ui_get_full_url(
'include/get_file.php?file='.urlencode($file_path).'&hash='.$hash
);
$date_format = ($config['date_format']) ? io_safe_output($config['date_format']) : 'F j, Y - H:m';
$data[0] = "<a href=\"$url\" target=\"_blank\">".$file['name'].'</a>';
// Name
$data[1] = ui_print_truncate_text(
$file['description'],
'description',
true,
true
);
// Description
$data[2] = ui_format_filesize($file['size']);
// Size
$data[3] = date($date_format, $file['mtime']);
// Last modification
// Public URL
$data[4] = '';
$table->cellclass[][4] = 'table_action_buttons';
if (!empty($file['hash'])) {
$public_url = ui_get_full_url(
EXTENSIONS_DIR.'/files_repo/files_repo_get_file.php?file='.$file['hash']
);
$message = __('Copy to clipboard').': Ctrl+C -> Enter';
$action = "window.prompt('$message', '$public_url');";
$data[4] .= "<a href=\"javascript:;\" onclick=\"$action\">";
$data[4] .= html_print_image(
'images/world.png',
true,
['title' => __('Public link')]
);
// Public link image
$data[4] .= '</a> ';
}
$data[4] .= "<a href=\"$url\" target=\"_blank\">";
$data[4] .= html_print_image(
'images/download.png',
true,
[
'title' => __('Download'),
'style' => 'padding:3px',
]
);
// Download image
$data[4] .= '</a>';
if ($manage) {
$config_url = ui_get_full_url(
'index.php?sec=godmode/extensions&sec2=extensions/files_repo&file_id='.$file_id
);
$data[4] .= "<a href=\"$config_url\">";
$data[4] .= html_print_image(
'images/edit.svg',
true,
[
'title' => __('Edit'),
'class' => 'main_menu_icon invert_filter',
]
);
// Edit image
$data[4] .= '</a>';
$delete_url = ui_get_full_url(
'index.php?sec=godmode/extensions&sec2=extensions/files_repo&delete=1&file_id='.$file_id
);
$data[4] .= " <a href=\"$delete_url\" onClick=\"if (!confirm('".__('Are you sure?')."')) return false;\">";
$data[4] .= html_print_image(
'images/delete.svg',
true,
[
'title' => __('Delete'),
'class' => 'main_menu_icon invert_filter',
]
);
// Delete image
$data[4] .= '</a>';
}
$table->data[] = $data;
}
html_print_table($table);
} else {
ui_print_info_message(__('No items'));
}

16
pandora_console/extensions/files_repo/sql/files_repo.oracle.sql
View File

@ -1,16 +0,0 @@
CREATE TABLE tfiles_repo (
id NUMBER(5, 0) NOT NULL PRIMARY KEY,
name VARCHAR2(255) NOT NULL,
description VARCHAR2(500) NULL,
hash VARCHAR2(8) NULL
);
CREATE SEQUENCE tfiles_repo_s INCREMENT BY 1 START WITH 1;
CREATE OR REPLACE TRIGGER tfiles_repo_inc BEFORE INSERT ON tfiles_repo REFERENCING NEW AS NEW FOR EACH ROW BEGIN SELECT tfiles_repo_s.nextval INTO :NEW.ID FROM dual; END;;
CREATE TABLE tfiles_repo_group (
id NUMBER(10, 0) NOT NULL PRIMARY KEY,
id_file NUMBER(5, 0) NOT NULL REFERENCES tfiles_repo(id) ON DELETE CASCADE,
id_group NUMBER(4, 0) NOT NULL
);
CREATE SEQUENCE tfiles_repo_group_s INCREMENT BY 1 START WITH 1;
CREATE OR REPLACE TRIGGER tfiles_repo_group_inc BEFORE INSERT ON tfiles_repo_group REFERENCING NEW AS NEW FOR EACH ROW BEGIN SELECT tfiles_repo_group_s.nextval INTO :NEW.ID FROM dual; END;;

2
pandora_console/extensions/files_repo/sql/files_repo.postgreSQL.sql
View File

@ -1,2 +0,0 @@
CREATE TABLE "tfiles_repo" ("id" SERIAL NOT NULL PRIMARY KEY, "name" VARCHAR(255) NOT NULL, "description" VARCHAR(500) NULL default '', "hash" VARCHAR(8) NULL default '');
CREATE TABLE "tfiles_repo_group" ("id" SERIAL NOT NULL PRIMARY KEY, "id_file" INTEGER NOT NULL REFERENCES tfiles_repo("id") ON DELETE CASCADE, "id_group" INTEGER NOT NULL);

15
pandora_console/extensions/files_repo/sql/files_repo.sql
View File

@ -1,15 +0,0 @@
CREATE TABLE IF NOT EXISTS `tfiles_repo` (
`id` int(5) unsigned NOT NULL auto_increment,
`name` varchar(255) NOT NULL,
`description` varchar(500) NULL default '',
`hash` varchar(8) NULL default '',
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
CREATE TABLE IF NOT EXISTS `tfiles_repo_group` (
`id` int(10) unsigned NOT NULL auto_increment,
`id_file` int(5) unsigned NOT NULL,
`id_group` int(4) unsigned NOT NULL,
PRIMARY KEY (`id`),
FOREIGN KEY (`id_file`) REFERENCES tfiles_repo(`id`) ON DELETE CASCADE
) ENGINE=InnoDB DEFAULT CHARSET=utf8;

1
pandora_console/extensions/module_groups.php
View File

@ -345,6 +345,7 @@ function mainModuleGroups()
$table = new StdClass();
$table->class = 'info_table';
$table->style[0] = 'font-weight: bolder; min-width: 230px;';
$table->id = 'agent_group_module_group';
$table->width = '100%';
$head[0] = __('Groups');

3
pandora_console/extensions/pandora_logs.php
View File

@ -31,7 +31,7 @@ function view_logfile($file_name, $toggle=false)
} else {
$file_size = filesize($file_name);
if ($memory_limit < $file_size) {
if ($memory_limit < $file_size && $memory_limit !== '-1') {
$code .= '<pre><h2>'.$file_name.' ('.__('File is too large than PHP memory allocated in the system.').')</h2>';
$code .= '<h2>'.__('The preview file is imposible.').'</h2>';
} else if ($file_size > ($config['max_log_size'] * 1000)) {
@ -117,6 +117,7 @@ function pandoralogs_extension_main()
view_logfile($config['homedir'].'/log/console.log', true);
}
view_logfile('/var/log/php-fpm/www-error.log', true);
view_logfile($logs_directory.'/pandora_server.log', true);
view_logfile($logs_directory.'/pandora_server.error', true);

758
pandora_console/extensions/quick_shell.php
View File

@ -31,6 +31,7 @@ global $config;
require_once $config['homedir'].'/include/functions_agents.php';
require_once $config['homedir'].'/godmode/wizards/Wizard.main.php';
require_once $config['homedir'].'/include/functions_cron_task.php';
/**
@ -78,91 +79,78 @@ function quickShell()
return;
}
$form_sent = get_parameter('form-sent', false);
$method = get_parameter('method', null);
$setup_anchor = html_print_anchor(
[
'href' => 'index.php?sec=gsetup&sec2=godmode/setup/setup&section=quickshell',
'content' => __('GoTTY setup'),
],
true
);
if ((bool) $config['gotty_ssh_enabled'] === false
&& (bool) $config['gotty_telnet_enabled'] === false
) {
ui_print_warning_message(__('Please, enable GoTTY in %s', $setup_anchor));
return;
}
$agent_id = get_parameter('id_agente', 0);
$username = get_parameter('username', null);
$method = get_parameter('method', null);
$method_port = get_parameter('port', null);
// Retrieve main IP Address.
$address = agents_get_address($agent_id);
$agent_address = agents_get_address($agent_id);
ui_require_css_file('wizard');
ui_require_css_file('discovery');
// Settings.
// WebSocket host, where client should connect.
if (isset($config['ws_port']) === false) {
config_update_value('ws_port', 8080);
// Build URL args.
if ($method === 'ssh') {
// SSH.
$args .= '&arg='.$agent_address.'&arg='.$method_port.'&arg='.$username;
} else if ($method == 'telnet') {
// Telnet.
$args .= '&arg='.$agent_address.'&arg='.$method_port;
}
if (empty($config['ws_proxy_url']) === true) {
$ws_url = 'http://'.$_SERVER['SERVER_ADDR'].':'.$config['ws_port'];
} else {
preg_match('/\/\/(.*)/', $config['ws_proxy_url'], $matches);
if (isset($_SERVER['HTTPS']) === true) {
$ws_url = 'https://'.$matches[1];
} else {
$ws_url = 'http://'.$matches[1];
}
}
// Gotty settings. Internal communication (WS).
if (isset($config['gotty_host']) === false) {
config_update_value('gotty_host', '127.0.0.1');
}
if (isset($config['gotty_telnet_port']) === false) {
config_update_value('gotty_telnet_port', 8082);
}
if (isset($config['gotty_ssh_port']) === false) {
config_update_value('gotty_ssh_port', 8081);
}
// Context to allow self-signed certs.
$context = stream_context_create(
[
'http' => [ 'method' => 'GET'],
'ssl' => [
'verify_peer' => false,
'verify_peer_name' => false,
],
]
);
$connectionURL = buildConnectionURL($method);
$gotty_addr = $connectionURL.$args;
// Username. Retrieve from form.
if (empty($username) === true) {
if ($form_sent === false) {
// No username provided, ask for it.
$wiz = new Wizard();
$test = curl($ws_url, []);
if ($test === false) {
ui_print_error_message(__('WebService engine has not been started, please check documentation.'));
$wiz->printForm(
[
'form' => [
'method' => 'POST',
'action' => '#',
'id' => 'retry_form',
],
]
);
$method_fields = [];
html_print_action_buttons(
html_print_submit_button(
__('Retry'),
'submit',
false,
[
'icon' => 'next',
'form' => 'retry_form',
],
true
)
);
return;
if ($config['gotty_telnet_enabled']) {
$method_fields['telnet'] = __('Telnet');
$port_value = 23;
}
if ($config['gotty_ssh_enabled']) {
$method_fields['ssh'] = __('SSH');
$port_value = 22;
}
$method_script = "
var wizard = document.querySelector('.wizard');
p=22;
wizard.querySelector('ul > li').classList.remove('invisible_important');
wizard.querySelector('ul > li').classList.add('visible');
if(this.value == 'telnet') {
p=23;
wizard.querySelector('ul > li').classList.remove('visible');
wizard.querySelector('ul > li').classList.add('invisible_important');
$('#text-username').prop('required', false);
} else {
$('#text-username').prop('required', true);
}
$('#text-port').val(p);";
$wiz->printForm(
[
'form' => [
@ -175,8 +163,9 @@ function quickShell()
[
'label' => __('Username'),
'arguments' => [
'type' => 'text',
'name' => 'username',
'type' => 'text',
'name' => 'username',
'required' => true,
],
],
[
@ -185,7 +174,7 @@ function quickShell()
'type' => 'text',
'id' => 'port',
'name' => 'port',
'value' => 22,
'value' => $port_value,
],
],
[
@ -193,11 +182,15 @@ function quickShell()
'arguments' => [
'type' => 'select',
'name' => 'method',
'fields' => [
'ssh' => __('SSH'),
'telnet' => __('Telnet'),
],
'script' => "p=22; if(this.value == 'telnet') { p=23; } $('#text-port').val(p);",
'fields' => $method_fields,
'script' => $method_script,
],
],
[
'arguments' => [
'type' => 'hidden',
'name' => 'form-sent',
'value' => true,
],
],
],
@ -221,119 +214,73 @@ function quickShell()
return;
}
// Initialize Gotty Client.
$host = $config['gotty_host'];
if ($method == 'ssh') {
// SSH.
$port = $config['gotty_ssh_port'];
$command_arguments = "var args = '?arg=".$username.'@'.$address;
$command_arguments .= '&arg=-p '.$method_port."';";
} else if ($method == 'telnet') {
// Telnet.
$port = $config['gotty_telnet_port'];
$username = preg_replace('/[^a-zA-Z0-9\-\.]/', '', $username);
$command_arguments = "var args = '?arg=-l ".$username;
$command_arguments .= '&arg='.$address;
$command_arguments .= '&arg='.$method_port."&arg=-E';";
} else {
ui_print_error_message(__('Please use SSH or Telnet.'));
return;
// Check gotty connection before trying to load iframe.
$ch = curl_init($gotty_addr);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
// Maximum time for the entire request.
curl_setopt($ch, CURLOPT_TIMEOUT, 3);
// Maximum time to establish a connection.
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 2);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_MAXREDIRS, 10);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
$response = curl_exec($ch);
$responseCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
$finalUrl = curl_getinfo($ch, CURLINFO_EFFECTIVE_URL);
curl_close($ch);
if ($responseCode !== 200) {
ui_print_error_message(__('Connection error. Please check your settings at %s', $setup_anchor));
exit;
}
// If rediretion is enabled, we will try to connect using
// http:// or https:// endpoint.
$test = get_headers($ws_url, false, $context);
if ($test === false) {
if (empty($wiz) === true) {
$wiz = new Wizard();
}
ui_print_error_message(__('WebService engine has not been started, please check documentation.'));
echo $wiz->printGoBackButton('#');
return;
}
// Check credentials.
$auth_str = '';
$gotty_url = $host.':'.$port;
if (empty($config['gotty_user']) === false
&& empty($config['gotty_pass']) === false
) {
$auth_str = io_safe_output($config['gotty_user']);
$auth_str .= ':'.io_output_password($config['gotty_pass']);
$gotty_url = $auth_str.'@'.$host.':'.$port;
}
$r = file_get_contents('http://'.$gotty_url.'/js/hterm.js');
if (empty($r) === true) {
if (empty($wiz) === true) {
$wiz = new Wizard();
}
ui_print_error_message(__('WebService engine is not working properly, please check documentation.'));
echo $wiz->printGoBackButton('#');
return;
}
// Override gotty client settings.
if (empty($auth_str) === true) {
$r .= "var gotty_auth_token = '';";
} else {
$r .= "var gotty_auth_token = '";
$r .= $auth_str."';";
}
// Set websocket target and method.
$gotty = file_get_contents('http://'.$gotty_url.'/js/gotty.js');
$url = "var url = (httpsEnabled ? 'wss://' : 'ws://') + window.location.host + window.location.pathname + 'ws';";
if (empty($config['ws_proxy_url']) === true) {
$new = "var url = (httpsEnabled ? 'wss://' : 'ws://')";
$new .= " + window.location.host + ':";
$new .= $config['ws_port'].'/'.$method."';";
} else {
$new = "var url = '";
$new .= $config['ws_proxy_url'].'/'.$method."';";
}
// Update firefox issue.
$original = ' this.iframe_.src = \'#\';';
$trick = 'this.iframe_.src = \'javascript:\';';
$r = str_replace($original, $trick, $r);
// Update url.
$gotty = str_replace($url, $new, $gotty);
// Update websocket arguments.
$args = 'var args = window.location.search;';
$new = $command_arguments;
// Update arguments.
$gotty = str_replace($args, $new, $gotty);
?>
<style>#terminal {
height: 650px;
width: 100%;
margin: 0px;
padding: 0;
display: flex;
flex-direction: column;
min-height: calc(100vh - 205px);
}
#terminal > iframe {
width:100%;
height:100%;
position: relative!important;
flex-grow: 1;
border: 0px;
}
</style>
<div id="terminal"></div>
<script type="text/javascript">
<?php echo $r; ?>
</script>
<script type="text/javascript">
<?php echo $gotty; ?>
</script>
<div id="terminal"><iframe id="gotty-iframe" src="<?php echo $gotty_addr; ?>"></iframe></div>
<?php
}
/**
* Build Connection URL based on provided connection method.
*
* @param string $method Connection method (SSH/Telnet).
*
* @return string
*/
function buildConnectionURL($method)
{
global $config;
$address = (empty($config['gotty_addr']) === true) ? $_SERVER['SERVER_ADDR'] : $config['gotty_addr'];
$use_ssl = ($method === 'ssh') ? $config['gotty_ssh_use_ssl'] : $config['gotty_telnet_use_ssl'];
$protocol = ((bool) $use_ssl === true) ? 'https://' : 'http://';
return $protocol.$address.':'.$config['gotty_port'].'/'.$config['gotty_connection_hash'].'/?arg='.$method;
}
/**
* Provide an interface where configure all settings.
*
@ -347,116 +294,107 @@ function quickShellSettings()
ui_require_css_file('discovery');
// Gotty settings. Internal communication (WS).
if (isset($config['gotty_ssh_enabled']) === false) {
config_update_value('gotty_ssh_enabled', 1);
}
if (isset($config['gotty_telnet_enabled']) === false) {
config_update_value('gotty_telnet_enabled', 0);
}
if (isset($config['gotty_host']) === false) {
config_update_value('gotty_host', '127.0.0.1');
}
if (isset($config['gotty_telnet_port']) === false) {
config_update_value('gotty_telnet_port', 8082);
if (isset($config['gotty_port']) === false) {
config_update_value('gotty_port', 8080);
}
if (isset($config['gotty_ssh_port']) === false) {
config_update_value('gotty_ssh_port', 8081);
}
$changes = 0;
$critical = 0;
// Parser.
if (get_parameter('update_config', false) !== false) {
// Gotty settings. Internal communication (WS).
$gotty = get_parameter(
'gotty',
''
$gotty_ssh_enabled = get_parameter(
'gotty_ssh_enabled',
0
);
$gotty_host = get_parameter(
'gotty_host',
''
$gotty_telnet_enabled = get_parameter(
'gotty_telnet_enabled',
0
);
$gotty_ssh_port = get_parameter(
'gotty_ssh_port',
''
);
$gotty_telnet_port = get_parameter(
'gotty_telnet_port',
$gotty_addr = get_parameter(
'gotty_addr',
''
);
$gotty_user = get_parameter(
'gotty_user',
$gotty_port = get_parameter(
'gotty_port',
''
);
$gotty_pass = get_parameter(
'gotty_pass',
''
$gotty_ssh_use_ssl = get_parameter(
'gotty_ssh_use_ssl',
false
);
$gotty_pass = io_input_password($gotty_pass);
$gotty_telnet_use_ssl = get_parameter(
'gotty_telnet_use_ssl',
false
);
$changes = 0;
$critical = 0;
if ($config['gotty'] != $gotty) {
config_update_value('gotty', $gotty);
$changes++;
$critical++;
if ($config['gotty_ssh_enabled'] != $gotty_ssh_enabled) {
config_update_value('gotty_ssh_enabled', $gotty_ssh_enabled);
}
if ($config['gotty_host'] != $gotty_host) {
config_update_value('gotty_host', $gotty_host);
$changes++;
if ($config['gotty_telnet_enabled'] != $gotty_telnet_enabled) {
config_update_value('gotty_telnet_enabled', $gotty_telnet_enabled);
}
if ($config['gotty_telnet_port'] != $gotty_telnet_port) {
config_update_value('gotty_telnet_port', $gotty_telnet_port);
$changes++;
if ($config['gotty_addr'] != $gotty_addr) {
config_update_value('gotty_addr', $gotty_addr);
}
if ($config['gotty_ssh_port'] != $gotty_ssh_port) {
config_update_value('gotty_ssh_port', $gotty_ssh_port);
$changes++;
if ($config['gotty_port'] != $gotty_port) {
// Mark gotty for restart (should kill the process in the current port).
if ($config['restart_gotty_next_cron_port'] === ''
|| $config['restart_gotty_next_cron_port'] === null
) {
config_update_value('restart_gotty_next_cron_port', $config['gotty_port']);
}
config_update_value('gotty_port', $gotty_port);
}
if ($config['gotty_user'] != $gotty_user) {
config_update_value('gotty_user', $gotty_user);
$changes++;
$critical++;
if ($config['gotty_ssh_use_ssl'] != $gotty_ssh_use_ssl) {
config_update_value('gotty_ssh_use_ssl', $gotty_ssh_use_ssl);
}
if ($config['gotty_pass'] != $gotty_pass) {
$gotty_pass = io_input_password($gotty_pass);
config_update_value('gotty_pass', $gotty_pass);
$changes++;
$critical++;
if ($config['gotty_telnet_use_ssl'] != $gotty_telnet_use_ssl) {
config_update_value('gotty_telnet_use_ssl', $gotty_telnet_use_ssl);
}
cron_task_start_gotty();
}
if ($changes > 0) {
$msg = __('%d Updated', $changes);
if ($critical > 0) {
$msg = __(
'%d Updated, please restart WebSocket engine service',
$changes
);
}
ui_print_success_message($msg);
}
// Form. Using old style.
echo '<fieldset class="margin-bottom-10">';
echo '<legend>'.__('Quickshell').'</legend>';
echo '<legend>'.__('GoTTY general parameters').'</legend>';
$t = new StdClass();
$t->data = [];
$t->width = '100%';
$t->class = 'filter-table-adv';
$t->data = [];
$t->style = [];
$t->style[0] = 'width: 50%;';
$general_table = new StdClass();
$general_table->data = [];
$general_table->width = '100%';
$general_table->class = 'filter-table-adv';
$general_table->data = [];
$general_table->style = [];
$general_table->style[0] = 'width: 50%;';
$t->data[0][] = html_print_label_input_block(
__('Gotty path'),
$general_table->data[0][] = html_print_label_input_block(
__('Address'),
html_print_input_text(
'gotty',
$config['gotty'],
'gotty_addr',
$config['gotty_addr'],
'',
30,
100,
@ -464,11 +402,11 @@ function quickShellSettings()
)
);
$t->data[0][] = html_print_label_input_block(
__('Gotty host'),
$general_table->data[0][] = html_print_label_input_block(
__('Port'),
html_print_input_text(
'gotty_host',
$config['gotty_host'],
'gotty_port',
$config['gotty_port'],
'',
30,
100,
@ -476,79 +414,157 @@ function quickShellSettings()
)
);
$t->data[1][] = html_print_label_input_block(
__('Gotty ssh port'),
html_print_input_text(
'gotty_ssh_port',
$config['gotty_ssh_port'],
'',
30,
100,
html_print_table($general_table);
echo '</fieldset>';
echo '<fieldset class="margin-bottom-10">';
echo '<legend>'.__('GoTTY SSH connection parameters').'</legend>';
$ssh_table = new StdClass();
$ssh_table->data = [];
$ssh_table->width = '100%';
$ssh_table->class = 'filter-table-adv';
$ssh_table->data = [];
$ssh_table->style = [];
$ssh_table->style[0] = 'width: 50%;';
$ssh_table->data[0][] = html_print_label_input_block(
__('Enable SSH method'),
html_print_checkbox_switch(
'gotty_ssh_enabled',
1,
$config['gotty_ssh_enabled'],
true
)
);
$t->data[1][] = html_print_label_input_block(
__('Gotty telnet port'),
html_print_input_text(
'gotty_telnet_port',
$config['gotty_telnet_port'],
'',
30,
100,
true
$ssh_table->data[1][] = html_print_label_input_block(
__('Use SSL'),
html_print_checkbox_switch(
'gotty_ssh_use_ssl',
1,
$config['gotty_ssh_use_ssl'],
true,
$disable_agentaccess
)
);
$hidden = new stdClass();
$hidden->data = [];
$hidden->width = '100%';
$hidden->class = 'filter-table-adv';
$hidden->data = [];
$hidden->style[0] = 'width: 50%;';
// Test.
$row = [];
$test_start = '<span id="test-gotty-spinner-ssh" class="invisible">&nbsp;'.html_print_image('images/spinner.gif', true).'</span>';
$test_start .= '&nbsp;<span id="test-gotty-message-ssh" class="invisible"></span>';
$hidden->data[0][] = html_print_label_input_block(
__('Gotty user'),
html_print_input_text(
'gotty_user',
$config['gotty_user'],
'',
30,
100,
true
)
);
$hidden->data[0][] = html_print_label_input_block(
__('Gotty password'),
html_print_input_password(
'gotty_pass',
io_output_password($config['gotty_pass']),
'',
30,
100,
true
)
);
html_print_table($t);
ui_print_toggle(
$ssh_table->data[3][] = html_print_button(
__('Test'),
'test-gotty-ssh',
false,
'handleTestSSH()',
[
'content' => html_print_table($hidden, true),
'name' => __('Advanced options'),
'clean' => false,
'main_class' => 'no-border-imp',
'container_class' => 'no-border-imp',
]
);
'icon' => 'cog',
'mode' => 'secondary',
'style' => 'width: 115px;',
],
true
).$test_start;
html_print_table($ssh_table);
echo '</fieldset>';
echo '<fieldset class="margin-bottom-10">';
echo '<legend>'.__('GoTTY telnet connection parameters').'</legend>';
$telnet_table = new StdClass();
$telnet_table->data = [];
$telnet_table->width = '100%';
$telnet_table->class = 'filter-table-adv';
$telnet_table->data = [];
$telnet_table->style = [];
$telnet_table->style[0] = 'width: 50%;';
$telnet_table->data[0][] = html_print_label_input_block(
__('Enable telnet method'),
html_print_checkbox_switch(
'gotty_telnet_enabled',
1,
$config['gotty_telnet_enabled'],
true
)
);
$telnet_table->data[1][] = html_print_label_input_block(
__('Use SSL'),
html_print_checkbox_switch(
'gotty_telnet_use_ssl',
1,
$config['gotty_telnet_use_ssl'],
true
)
);
// Test.
$row = [];
$test_start = '<span id="test-gotty-spinner-telnet" class="invisible">&nbsp;'.html_print_image('images/spinner.gif', true).'</span>';
$test_start .= '&nbsp;<span id="test-gotty-message-telnet" class="invisible"></span>';
$telnet_table->data[3][] = html_print_button(
__('Test'),
'test-gotty-telnet',
false,
'handleTestTelnet()',
[
'icon' => 'cog',
'mode' => 'secondary',
'style' => 'width: 115px;',
],
true
).$test_start;
html_print_table($telnet_table);
html_print_input_hidden('update_config', 1);
echo '</fieldset>';
}
// This extension is usefull only if the agent has associated IP.
if (is_ajax() === true) {
$method = (string) get_parameter('method', '');
if (empty($method) === false) {
$address = buildConnectionURL($method);
$ch = curl_init($address);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
// Maximum time for the entire request.
curl_setopt($ch, CURLOPT_TIMEOUT, 2);
// Maximum time to establish a connection.
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_exec($ch);
$response_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch);
if ($response_code === 200) {
$result = ['status' => 'success'];
} else {
$result = ['status' => 'error'];
}
echo json_encode($result);
return;
}
$result = ['status' => 'error'];
return;
}
// This extension is useful only if the agent has associated IP.
$agent_id = get_parameter('id_agente');
if (empty($agent_id) === false
&& get_parameter('sec2', '') == 'operation/agentes/ver_agente'
@ -573,4 +589,136 @@ if (empty($agent_id) === false
}
}
echo '<script>';
echo 'var server_addr = "'.$_SERVER['SERVER_ADDR'].'";';
echo "function checkAddressReachability(method, callback) {
$.ajax({
url: 'ajax.php',
data: {
page: 'extensions/quick_shell',
method
},
type: 'GET',
async: false,
dataType: 'json',
success: function (data) {
if (data.status === 'success') {
callback(true);
} else {
callback(false);
}
},
error: function () {
callback(false);
}
});
}";
$handle_test_telnet = "var handleTestTelnet = function (event) {
var gotty_addr = $('input#text-gotty_addr').val();
var gotty_port = $('input#text-gotty_port').val();
var gotty_telnet_use_ssl = $('input#checkbox-gotty_telnet_use_ssl').is(':checked');
if (gotty_addr === '') {
url = (gotty_telnet_use_ssl ? 'https://' : 'http://') + server_addr + ':' + gotty_port;
} else {
url = (gotty_telnet_use_ssl ? 'https://' : 'http://') + gotty_addr + ':' + gotty_port;
}
var showLoadingImage = function () {
$('#button-test-gotty-telnet').children('div').attr('class', 'subIcon cog rotation secondary mini');
}
var showSuccessImage = function () {
$('#button-test-gotty-telnet').children('div').attr('class', 'subIcon tick secondary mini');
}
var showFailureImage = function () {
$('#button-test-gotty-telnet').children('div').attr('class', 'subIcon fail secondary mini');
}
var hideMessage = function () {
$('span#test-gotty-message-telnet').hide();
}
var showMessage = function () {
$('span#test-gotty-message-telnet').show();
}
var changeTestMessage = function (message) {
$('span#test-gotty-message-telnet').text(message);
}
var errorMessage = '".__('Unable to connect.')."';
hideMessage();
showLoadingImage();
checkAddressReachability('telnet', function(isReachable) {
if (isReachable) {
showSuccessImage();
hideMessage();
} else {
showFailureImage();
changeTestMessage(errorMessage);
showMessage();
}
});
};";
$handle_test_ssh = "var handleTestSSH = function (event) {
var gotty_addr = $('input#text-gotty_addr').val();
var gotty_port = $('input#text-gotty_port').val();
var gotty_ssh_use_ssl = $('input#checkbox-gotty_ssh_use_ssl').is(':checked');
if (gotty_addr === '') {
url = (gotty_ssh_use_ssl ? 'https://' : 'http://') + server_addr + ':' + gotty_port;
} else {
url = (gotty_ssh_use_ssl ? 'https://' : 'http://') + gotty_addr + ':' + gotty_port;
}
var showLoadingImage = function () {
$('#button-test-gotty-ssh').children('div').attr('class', 'subIcon cog rotation secondary mini');
}
var showSuccessImage = function () {
$('#button-test-gotty-ssh').children('div').attr('class', 'subIcon tick secondary mini');
}
var showFailureImage = function () {
$('#button-test-gotty-ssh').children('div').attr('class', 'subIcon fail secondary mini');
}
var hideMessage = function () {
$('span#test-gotty-message-ssh').hide();
}
var showMessage = function () {
$('span#test-gotty-message-ssh').show();
}
var changeTestMessage = function (message) {
$('span#test-gotty-message-ssh').text(message);
}
var errorMessage = '".__('Unable to connect.')."';
hideMessage();
showLoadingImage();
checkAddressReachability('ssh', function(isReachable) {
if (isReachable) {
showSuccessImage();
hideMessage();
} else {
showFailureImage();
changeTestMessage(errorMessage);
showMessage();
}
});
};";
echo $handle_test_ssh;
echo $handle_test_telnet;
echo '</script>';
extensions_add_godmode_function('quickShellSettings');

4
pandora_console/extensions/resource_exportation.php
View File

@ -453,7 +453,7 @@ function resource_exportation_extension_main()
true
)
);
$table->data[0][] = html_print_button(__('Export'), '', false, 'export_to_ptr("report");', ['mode' => 'link'], true);
$table->data[0][] = html_print_button(__('Export'), '', false, 'export_to_ptr("report");', '', true);
$table->data[1][] = html_print_label_input_block(
__('Visual console'),
@ -465,7 +465,7 @@ function resource_exportation_extension_main()
true
)
);
$table->data[1][] = html_print_button(__('Export'), '', false, 'export_to_ptr("visual_console");', ['mode' => 'link'], true);
$table->data[1][] = html_print_button(__('Export'), '', false, 'export_to_ptr("visual_console");', '', true);
if ($hook_enterprise === true) {
add_rows_for_enterprise($table->data);

35
pandora_console/extras/delete_files/delete_files.txt
View File

@ -106,6 +106,7 @@ enterprise/godmode/alerts/alert_events.php
enterprise/godmode/alerts/alert_events_list.php
enterprise/godmode/alerts/alert_events_rules.php
enterprise/godmode/alerts/configure_alert_rule.php
enterprise/godmode/alerts/alert_correlation.php
enterprise/include/functions_networkmap.php
enterprise/operation/agentes/pandora_networkmap.view.php
enterprise/include/ajax/map_enterprise.ajax.php
@ -1702,4 +1703,36 @@ enterprise/meta/monitoring/wizard/wizard.module.network.php
enterprise/meta/monitoring/wizard/wizard.module.web.php
enterprise/meta/monitoring/wizard/wizard.php
enterprise/meta/monitoring/wizard/wizard.update_agent.php
enterprise/meta/monitoring/wizard/wizard.update_module.php
enterprise/meta/monitoring/wizard/wizard.update_module.php
enterprise/godmode/wizards/Applications.class.php
enterprise/godmode/wizards/Cloud.class.php
enterprise/images/wizard/applications.png
enterprise/images/wizard/cloud.png
enterprise/images/wizard/consoletasks.png
pandora_websocket_engine
operation/incidents/configure_integriaims_incident.php
operation/incidents/dashboard_detail_integriaims_incident.php
operation/incidents/incident_statistics.php
operation/incidents/integriaims_export_csv.php
operation/incidents/list_integriaims_incidents.php
include/functions_incidents.php
include/functions_integriaims.php
include/ajax/integria_incidents.ajax.php
enterprise/operation/log/log_source.php
enterprise/include/class/LogSource.class.php
include/chart_generator.php
enterprise/extensions/translate_string.php
enterprise/extensions/translate_string/functions.php
enterprise/extensions/translate_string/translate_string.oracle.sql
enterprise/extensions/translate_string/translate_string.postgresql.sql
enterprise/extensions/translate_string/translate_string.sql
enterprise/extensions/translate_string
extensions/files_repo.php
extensions/files_repo/files_repo_form.php
extensions/files_repo/files_repo_get_file.php
extensions/files_repo/files_repo_list.php
extensions/files_repo/functions_files_repo.php
extensions/files_repo/sql/files_repo.oracle.sql
extensions/files_repo/sql/files_repo.postgreSQL.sql
extensions/files_repo/sql/files_repo.sql
extensions/files_repo

Some files were not shown because too many files have changed in this diff Show More