From 19645f055053a8287a1db90431505dba21dfdb2e Mon Sep 17 00:00:00 2001 From: "manuel.montes" Date: Thu, 13 Sep 2018 18:17:28 +0200 Subject: [PATCH 1/6] Modified trecon_task table --- pandora_console/extras/mr/20.sql | 10 ++++++++++ .../extras/pandoradb_migrate_6.0_to_7.0.mysql.sql | 9 +++++++++ pandora_console/pandoradb.sql | 8 ++++++++ 3 files changed, 27 insertions(+) diff --git a/pandora_console/extras/mr/20.sql b/pandora_console/extras/mr/20.sql index 58aa5bf708..eae836b611 100644 --- a/pandora_console/extras/mr/20.sql +++ b/pandora_console/extras/mr/20.sql @@ -18,10 +18,20 @@ ALTER TABLE `tlayout_template_data` ADD COLUMN `linked_layout_status_as_service_ ALTER TABLE `tlayout_template_data` ADD COLUMN `linked_layout_status_as_service_critical` FLOAT(20, 3) NOT NULL default 0; ALTER TABLE `tlayout_template_data` ADD COLUMN `linked_layout_node_id` INT(10) NOT NULL default 0; +<<<<<<< Updated upstream -- ----------------------------------------------------- -- Add column in table `treport` -- ----------------------------------------------------- ALTER TABLE `treport` ADD COLUMN `hidden` tinyint(1) NOT NULL DEFAULT 0; +======= +ALTER TABLE `trecon_task` ADD COLUMN `snmp_version` varchar(5) NOT NULL default '1'; +ALTER TABLE `trecon_task` ADD COLUMN `snmp_auth_user` varchar(255) NOT NULL default ''; +ALTER TABLE `trecon_task` ADD COLUMN `snmp_auth_pass` varchar(255) NOT NULL default ''; +ALTER TABLE `trecon_task` ADD COLUMN `snmp_auth_method` varchar(25) NOT NULL default ''; +ALTER TABLE `trecon_task` ADD COLUMN `snmp_privacy_method` varchar(25) NOT NULL default ''; +ALTER TABLE `trecon_task` ADD COLUMN `snmp_privacy_pass` varchar(255) NOT NULL default ''; +ALTER TABLE `trecon_task` ADD COLUMN `snmp_security_level` varchar(25) NOT NULL default ''; +>>>>>>> Stashed changes COMMIT; \ No newline at end of file diff --git a/pandora_console/extras/pandoradb_migrate_6.0_to_7.0.mysql.sql b/pandora_console/extras/pandoradb_migrate_6.0_to_7.0.mysql.sql index dd39b6159f..93533705bc 100644 --- a/pandora_console/extras/pandoradb_migrate_6.0_to_7.0.mysql.sql +++ b/pandora_console/extras/pandoradb_migrate_6.0_to_7.0.mysql.sql @@ -1774,3 +1774,12 @@ CREATE TABLE IF NOT EXISTS `tlayout_template_data` ( -- ----------------------------------------------------- ALTER TABLE `treport` ADD COLUMN `hidden` tinyint(1) NOT NULL DEFAULT 0; + + +ALTER TABLE `trecon_task` ADD COLUMN `snmp_version` varchar(5) NOT NULL default '1'; +ALTER TABLE `trecon_task` ADD COLUMN `snmp_auth_user` varchar(255) NOT NULL default ''; +ALTER TABLE `trecon_task` ADD COLUMN `snmp_auth_pass` varchar(255) NOT NULL default ''; +ALTER TABLE `trecon_task` ADD COLUMN `snmp_auth_method` varchar(25) NOT NULL default ''; +ALTER TABLE `trecon_task` ADD COLUMN `snmp_privacy_method` varchar(25) NOT NULL default ''; +ALTER TABLE `trecon_task` ADD COLUMN `snmp_privacy_pass` varchar(255) NOT NULL default ''; +ALTER TABLE `trecon_task` ADD COLUMN `snmp_security_level` varchar(25) NOT NULL default ''; diff --git a/pandora_console/pandoradb.sql b/pandora_console/pandoradb.sql index b6b1511bec..e7ff8cdc59 100644 --- a/pandora_console/pandoradb.sql +++ b/pandora_console/pandoradb.sql @@ -775,6 +775,13 @@ CREATE TABLE IF NOT EXISTS `trecon_task` ( `alias_as_name` tinyint(2) NOT NULL default '0', `snmp_enabled` tinyint(1) unsigned default '0', `vlan_enabled` tinyint(1) unsigned default '0', + `snmp_version` varchar(5) NOT NULL default '1', + `snmp_auth_user` varchar(255) NOT NULL default '', + `snmp_auth_pass` varchar(255) NOT NULL default '', + `snmp_auth_method` varchar(25) NOT NULL default '', + `snmp_privacy_method` varchar(25) NOT NULL default '', + `snmp_privacy_pass` varchar(255) NOT NULL default '', + `snmp_security_level` varchar(25) NOT NULL default '', PRIMARY KEY (`id_rt`), KEY `recon_task_daemon` (`id_recon_server`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8; @@ -3330,3 +3337,4 @@ CREATE TABLE IF NOT EXISTS `tlayout_template_data` ( PRIMARY KEY(`id`), FOREIGN KEY (`id_layout_template`) REFERENCES tlayout_template(`id`) ON DELETE CASCADE ON UPDATE CASCADE ) ENGINE = InnoDB DEFAULT CHARSET=utf8; + From c9af020d91973f1e682b69225c1f21164d30f92e Mon Sep 17 00:00:00 2001 From: fermin831 Date: Mon, 17 Sep 2018 10:16:12 +0200 Subject: [PATCH 2/6] Remove unwanted git traces on 20.sql --- pandora_console/extras/mr/20.sql | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/pandora_console/extras/mr/20.sql b/pandora_console/extras/mr/20.sql index eae836b611..db5de3e8e2 100644 --- a/pandora_console/extras/mr/20.sql +++ b/pandora_console/extras/mr/20.sql @@ -18,13 +18,12 @@ ALTER TABLE `tlayout_template_data` ADD COLUMN `linked_layout_status_as_service_ ALTER TABLE `tlayout_template_data` ADD COLUMN `linked_layout_status_as_service_critical` FLOAT(20, 3) NOT NULL default 0; ALTER TABLE `tlayout_template_data` ADD COLUMN `linked_layout_node_id` INT(10) NOT NULL default 0; -<<<<<<< Updated upstream -- ----------------------------------------------------- -- Add column in table `treport` -- ----------------------------------------------------- ALTER TABLE `treport` ADD COLUMN `hidden` tinyint(1) NOT NULL DEFAULT 0; -======= + ALTER TABLE `trecon_task` ADD COLUMN `snmp_version` varchar(5) NOT NULL default '1'; ALTER TABLE `trecon_task` ADD COLUMN `snmp_auth_user` varchar(255) NOT NULL default ''; ALTER TABLE `trecon_task` ADD COLUMN `snmp_auth_pass` varchar(255) NOT NULL default ''; @@ -32,6 +31,5 @@ ALTER TABLE `trecon_task` ADD COLUMN `snmp_auth_method` varchar(25) NOT NULL def ALTER TABLE `trecon_task` ADD COLUMN `snmp_privacy_method` varchar(25) NOT NULL default ''; ALTER TABLE `trecon_task` ADD COLUMN `snmp_privacy_pass` varchar(255) NOT NULL default ''; ALTER TABLE `trecon_task` ADD COLUMN `snmp_security_level` varchar(25) NOT NULL default ''; ->>>>>>> Stashed changes COMMIT; \ No newline at end of file From cfec231107595b6d3c0f289e2bbc22936c62293c Mon Sep 17 00:00:00 2001 From: "manuel.montes" Date: Mon, 17 Sep 2018 12:44:47 +0200 Subject: [PATCH 3/6] Especified SNMP version in recon task --- .../godmode/servers/manage_recontask.php | 105 +++++++++++++++--- .../godmode/servers/manage_recontask_form.php | 66 ++++++++++- 2 files changed, 151 insertions(+), 20 deletions(-) diff --git a/pandora_console/godmode/servers/manage_recontask.php b/pandora_console/godmode/servers/manage_recontask.php index 2b9527704d..25f9e048dd 100644 --- a/pandora_console/godmode/servers/manage_recontask.php +++ b/pandora_console/godmode/servers/manage_recontask.php @@ -97,7 +97,15 @@ if ((isset ($_GET["update"])) OR ((isset ($_GET["create"])))) { $field2 = get_parameter ("_field2_", ""); $field3 = get_parameter ("_field3_", ""); $field4 = get_parameter ("_field4_", ""); - + $snmp_version = get_parameter_post ("snmp_version"); + $snmp3_auth_user = get_parameter_post ("snmp_auth_user"); + $snmp3_auth_pass = get_parameter_post ("snmp_auth_pass"); + $snmp3_privacy_method = get_parameter_post ("snmp_privacy_method"); + $snmp3_privacy_pass = get_parameter_post ("snmp_privacy_pass"); + $snmp3_auth_method = get_parameter_post ("snmp_auth_method"); + $snmp3_security_level = get_parameter_post ("snmp_security_level"); + + if ($mode == "network_sweep") $id_recon_script = 0; else @@ -154,8 +162,30 @@ if (isset($_GET["update"])) { 'macros' => $macros, 'alias_as_name' => $alias_as_name, 'snmp_enabled' => $snmp_enabled, - 'vlan_enabled' => $vlan_enabled + 'vlan_enabled' => $vlan_enabled, + 'snmp_version' => $snmp_version ); + + $values_v3 = array( + 'snmp_auth_user' => $snmp3_auth_user, + 'snmp_auth_pass' => $snmp3_auth_pass, + 'snmp_privacy_method' => $snmp3_privacy_method, + 'snmp_privacy_pass' => $snmp3_privacy_pass, + 'snmp_auth_method' => $snmp3_auth_method, + 'snmp_security_level' => $snmp3_security_level + ); + if($values['snmp_version'] == '1' || $values['snmp_version'] == '2' || $values['snmp_version'] == '2c'){ + $values_v3 = array( + 'snmp_auth_user' => '', + 'snmp_auth_pass' => '', + 'snmp_privacy_method' => '', + 'snmp_privacy_pass' => '', + 'snmp_auth_method' => '', + 'snmp_security_level' => '' + ); + } + + $values = array_merge($values, $values_v3); $where = array('id_rt' => $id); @@ -217,13 +247,35 @@ if (isset($_GET["create"])) { 'macros' => $macros, 'alias_as_name' => $alias_as_name, 'snmp_enabled' => $snmp_enabled, - 'vlan_enabled' => $vlan_enabled + 'vlan_enabled' => $vlan_enabled, + 'snmp_version' => $snmp_version ); + $values_v3 = array( + 'snmp_auth_user' => $snmp3_auth_user, + 'snmp_auth_pass' => $snmp3_auth_pass, + 'snmp_privacy_method' => $snmp3_privacy_method, + 'snmp_privacy_pass' => $snmp3_privacy_pass, + 'snmp_auth_method' => $snmp3_auth_method, + 'snmp_security_level' => $snmp3_security_level + ); + if($values['snmp_version'] == '1' || $values['snmp_version'] == '2' || $values['snmp_version'] == '2c'){ + $values_v3 = array( + 'snmp_auth_user' => '', + 'snmp_auth_pass' => '', + 'snmp_privacy_method' => '', + 'snmp_privacy_pass' => '', + 'snmp_auth_method' => '', + 'snmp_security_level' => '' + ); + } + + $values = array_merge($values, $values_v3); + $name = io_safe_output($name); $name = trim($name, ' '); $name = io_safe_input($name); - + html_debug($values, true); $reason = ""; if ($name != "") { @@ -245,6 +297,7 @@ if (isset($_GET["create"])) { } else{ $result = db_process_sql_insert('trecon_task', $values); + html_debug("entra", true); } } else { @@ -293,7 +346,7 @@ else { $color=1; if ($result !== false) { $table = new StdClass(); - $table->head = array (__('Name'), __('Network'), __('Mode'), __('Group'), __('Incident'), __('OS'), __('Interval'), __('Ports'), __('Action')); + $table->head = array (__('Name'), __('Network'), __('Mode'), __('Group'), __('SNMP Version'), __('Incident'), __('OS'), __('Interval'), __('Ports'), __('Action')); $table->align = array ("left","left","left","left","left","left","left","left"); $table->width = "100%"; $table->cellpadding = 4; @@ -336,48 +389,64 @@ if ($result !== false) { $data[3] = "-"; } + //SNMP VERSION + if ($row["snmp_version"] == '1'){ + $data[4] = "v. 1"; + } + elseif($row["snmp_version"] == '2'){ + $data[4] = "v. 2"; + } + elseif($row["snmp_version"] == '2c'){ + $data[4] = "v. 2c"; + } + elseif($row["snmp_version"] == '3'){ + $data[4] = "v. 3"; + } + + + // INCIDENT - $data[4] = (($row["create_incident"] == 1) ? __('Yes') : __('No')); + $data[5] = (($row["create_incident"] == 1) ? __('Yes') : __('No')); // OS if ($row["id_recon_script"] == 0) { - $data[5] =(($row["id_os"] > 0) ? ui_print_os_icon ($row["id_os"], false, true) : __('Any')); + $data[6] =(($row["id_os"] > 0) ? ui_print_os_icon ($row["id_os"], false, true) : __('Any')); } else { - $data[5] = "-"; + $data[6] = "-"; } // INTERVAL if ($row["interval_sweep"]==0) - $data[6] = __("Manual"); + $data[7] = __("Manual"); else - $data[6] =human_time_description_raw($row["interval_sweep"]); + $data[7] =human_time_description_raw($row["interval_sweep"]); // PORTS if ($row["id_recon_script"] == 0) { - $data[7] = substr($row["recon_ports"],0,15); + $data[8] = substr($row["recon_ports"],0,15); } else { - $data[7] = "-"; + $data[8] = "-"; } // ACTION $task_group = $row["id_group"]; if (in_array($task_group, $user_groups_w)){ - $data[8] = '' . html_print_image("images/eye.png", true) . ''; - $data[8] .= '' . html_print_image("images/cross.png", true, array("border" => '0')) . ''; + $data[9] = '' . html_print_image("images/eye.png", true) . ''; + $data[9] .= '' . html_print_image("images/cross.png", true, array("border" => '0')) . ''; if($mode_name != 'IPAM Recon'){ - $data[8] .= '' .html_print_image("images/config.png", true) . ''; + $data[9] .= '' .html_print_image("images/config.png", true) . ''; } else { $sql_ipam = 'select id from tipam_network where id_recon_task =' . $row["id_rt"]; $id_recon_ipam = db_get_sql($sql_ipam); - $data[8] .= '' . html_print_image("images/config.png", true) . ''; + $data[9] .= '' . html_print_image("images/config.png", true) . ''; } if($row["disabled"] == 0) { - $data[8] .= '' .html_print_image("images/lightbulb.png", true) . ''; + $data[9] .= '' .html_print_image("images/lightbulb.png", true) . ''; } else { - $data[8] .= '' .html_print_image("images/lightbulb_off.png", true) . ''; + $data[9] .= '' .html_print_image("images/lightbulb_off.png", true) . ''; } } diff --git a/pandora_console/godmode/servers/manage_recontask_form.php b/pandora_console/godmode/servers/manage_recontask_form.php index d33e0ee19c..eacc850dd4 100644 --- a/pandora_console/godmode/servers/manage_recontask_form.php +++ b/pandora_console/godmode/servers/manage_recontask_form.php @@ -108,6 +108,13 @@ if (isset($_GET["update"]) || (isset($_GET["upd"]))) { $id_os = $row["id_os"]; $recon_ports = $row["recon_ports"]; $snmp_community = $row["snmp_community"]; + $snmp_version = $row["snmp_version"]; + $snmp3_auth_user = $row["snmp_auth_user"]; + $snmp3_auth_pass = $row["snmp_auth_pass"]; + $snmp3_privacy_method = $row["snmp_privacy_method"]; + $snmp3_privacy_pass = $row["snmp_privacy_pass"]; + $snmp3_auth_method = $row["snmp_auth_method"]; + $snmp3_security_level = $row["snmp_security_level"]; $id_recon_script = $row["id_recon_script"]; $field1 = $row["field1"]; $field2 = $row["field2"]; @@ -156,6 +163,13 @@ elseif (isset($_GET["create"]) || isset($_GET["crt"])) { $id_group = 0; $create_incident = 1; $snmp_community = "public"; + $snmp3_auth_user = ''; + $snmp3_auth_pass = ''; + $snmp_version = 1; + $snmp3_privacy_method = ''; + $snmp3_privacy_pass = ''; + $snmp3_auth_method = ''; + $snmp3_security_level = ''; $id_network_profile = 0; $id_os = -1; // Any $recon_ports = ""; // Any @@ -212,6 +226,13 @@ $table->rowclass[20] = "network_sweep"; $table->rowclass[21] = "network_sweep"; $table->rowclass[22] = "network_sweep"; $table->rowclass[23] = "network_sweep"; +$table->rowclass[24] = "network_sweep"; +$table->rowclass[25] = "network_sweep recon_v3"; +$table->rowclass[26] = "network_sweep recon_v3"; +$table->rowclass[27] = "network_sweep recon_v3"; +$table->rowclass[28] = "network_sweep recon_v3"; +$table->rowclass[29] = "network_sweep recon_v3"; +$table->rowclass[30] = "network_sweep recon_v3"; $table->rowclass[6] = "recon_script"; $table->rowclass[13] = "recon_script"; @@ -327,6 +348,34 @@ $table->data[12][0] = "".__('SNMP Default community'); $table->data[12][0] .= ui_print_help_tip (__('You can specify several values, separated by commas, for example: public,mysecret,1234'), true); $table->data[12][1] = html_print_input_text ('snmp_community', $snmp_community, '', 35, 0, true); +//SNMP version + +$snmp_versions['1'] = 'v. 1'; +$snmp_versions['2'] = 'v. 2'; +$snmp_versions['2c'] = 'v. 2c'; +$snmp_versions['3'] = 'v. 3'; +$table->data[24][0] ="". _('SNMP version'); +$table->data[24][1] = html_print_select ($snmp_versions, 'snmp_version', $snmp_version, '', '', 0, true); + +$table->data[25][0] ="".__('Auth user'); +$table->data[25][1] = html_print_input_text ('snmp_auth_user', $snmp3_auth_user, '', 15, 60, true, '', + false, '', ''); +$table->data[26][0] ="". __('Auth password') . ui_print_help_tip(__("The pass length must be eight character minimum."), true); +$table->data[26][1] = html_print_input_password ('snmp_auth_pass', $snmp3_auth_pass, '', 15, 60, true, '', + false, ''); +$table->data[26][1] .= html_print_input_hidden_extended('active_snmp_v3', 0, 'active_snmp_v3_mmen', true); + +$table->data[27][0] ="". __('Privacy method'); +$table->data[27][1] = html_print_select(array('DES' => __('DES'), 'AES' => __('AES')), 'snmp_privacy_method', $snmp3_privacy_method, '', '', '', true, false, false, '', ''); +$table->data[28][0] ="". __('Privacy pass') . ui_print_help_tip(__("The pass length must be eight character minimum."), true); +$table->data[28][1] = html_print_input_password ('snmp_privacy_pass', $snmp3_privacy_pass, '', 15, 60, true, '', + false, ''); +$table->data[29][0] ="". __('Auth method'); +$table->data[29][1] = html_print_select(array('MD5' => __('MD5'), 'SHA' => __('SHA')), 'snmp_auth_method', $snmp3_auth_method, '', '', '', true, false, false, '', ''); +$table->data[30][0] ="". __('Security level'); +$table->data[30][1] = html_print_select(array('noAuthNoPriv' => __('Not auth and not privacy method'), + 'authNoPriv' => __('Auth and not privacy method'), 'authPriv' => __('Auth and privacy method')), 'snmp_security_level', $snmp3_security_level, '', '', '', true, false, false, '', ''); + // Explanation $explanation = db_get_value('description', 'trecon_script', 'id_recon_script', $id_recon_script); @@ -461,9 +510,21 @@ $('select#id_recon_script').change(function() { get_explanation_recon_script($(this).val()); }); +$('select#snmp_version').change(function () { + if (this.value == "3") { + $(".recon_v3").show(); + $("input[name=active_snmp_v3]").val(1); + $("input[name=snmp_community]").attr("disabled", true); + } + else { + $(".recon_v3").hide(); + $("input[name=active_snmp_v3]").val(0); + $("input[name=snmp_community]").removeAttr('disabled'); + } +}); + $('select#mode').change(function() { var type = $(this).val(); - if (type == 'recon_script') { $(".recon_script").show(); $(".network_sweep").hide(); @@ -474,6 +535,7 @@ $('select#mode').change(function() { $(".recon_script").hide(); $(".network_sweep").show(); $('.macro_field').remove(); + $('select#snmp_version').trigger('change'); } }).change(); @@ -543,5 +605,5 @@ function get_explanation_recon_script (id) { }); taskManager.addTask(xhr); } -/* ]]> */ + From 146dab5caa460d265133982c725a70122d2cfc7d Mon Sep 17 00:00:00 2001 From: fermin831 Date: Mon, 17 Sep 2018 14:36:52 +0200 Subject: [PATCH 4/6] Added SNMP v1, v2, v2c and v3 to Network Sweep recon --- pandora_server/lib/PandoraFMS/Recon/Base.pm | 180 +++++++++++++++++-- pandora_server/lib/PandoraFMS/ReconServer.pm | 100 ++++++++++- 2 files changed, 258 insertions(+), 22 deletions(-) diff --git a/pandora_server/lib/PandoraFMS/Recon/Base.pm b/pandora_server/lib/PandoraFMS/Recon/Base.pm index e0d6ae8fe1..e64e273a1d 100644 --- a/pandora_server/lib/PandoraFMS/Recon/Base.pm +++ b/pandora_server/lib/PandoraFMS/Recon/Base.pm @@ -96,6 +96,9 @@ sub new { # Working SNMP community for each device. community_cache => {}, + # Cache of deviced discovered. + dicovered_cache => {}, + # Connections between devices. connections => {}, @@ -147,8 +150,15 @@ sub new { recon_timing_template => 3, recon_ports => '', resolve_names => 0, + snmp_auth_user => '', + snmp_auth_pass => '', + snmp_auth_method => '', snmp_checks => 2, + snmp_privacy_method => '', + snmp_privacy_pass => '', + snmp_security_level => '', snmp_timeout => 2, + snmp_version => 1, subnets => [], @_, @@ -157,8 +167,66 @@ sub new { # Perform some sanity checks. die("No subnet was specified.") unless defined($self->{'subnets'}); - # Disable SNMP scans if no community was given. - $self->{'snmp_enabled'} = 0 if (scalar(@{$self->{'communities'}}) == 0); + # Check SNMP params id SNMP is enabled + if ($self->{'snmp_enabled'}) { + # Check SNMP version + if ($self->{'snmp_version'} ne '1' && $self->{'snmp_version'} ne '2' + && $self->{'snmp_version'} ne '2c' && $self->{'snmp_version'} ne '3' + ) { + $self->{'snmp_enabled'} = 0; + $self->call('message', "SNMP version " . $self->{'snmp_version'} . " not supported (only 1, 2, 2c and 3).", 5); + } + + # Check the version 3 parameters + if ($self->{'snmp_version'} eq '3') { + # Fixed some vars + $self->{'communities'} = []; + + # SNMP v3 checks + if ( + $self->{'snmp_security_level'} ne 'noAuthNoPriv' && + $self->{'snmp_security_level'} ne 'authNoPriv' && + $self->{'snmp_security_level'} ne 'authPriv' + ) { + $self->{'snmp_enabled'} = 0; + $self->call('message', "Invalid SNMP security level " . $self->{'snmp_security_level'} . ".", 5); + } + if ($self->{'snmp_privacy_method'} ne 'DES' && $self->{'snmp_privacy_method'} ne 'AES') { + $self->{'snmp_enabled'} = 0; + $self->call('message', "Invalid SNMP privacy method " . $self->{'snmp_privacy_method'} . ".", 5); + } + if ($self->{'snmp_auth_method'} ne 'MD5' && $self->{'snmp_auth_method'} ne 'SHA') { + $self->{'snmp_enabled'} = 0; + $self->call('message', "Invalid SNMP authentication method " . $self->{'snmp_auth_method'} . ".", 5); + } + } else { + # Fixed some vars + $self->{'snmp_auth_user'} = ''; + $self->{'snmp_auth_pass'} = ''; + $self->{'snmp_auth_method'} = ''; + $self->{'snmp_privacy_method'} = ''; + $self->{'snmp_privacy_pass'} = ''; + $self->{'snmp_security_level'} = ''; + + # Disable SNMP scans if no community was given. + if (scalar(@{$self->{'communities'}}) == 0) { + $self->{'snmp_enabled'} = 0; + $self->call('message', "There is not any SNMP community configured.", 5); + + } + } + } + + # Remove all snmp related values if disabled + if (!$self->{'snmp_enabled'}) { + $self->{'communities'} = []; + $self->{'snmp_auth_user'} = ''; + $self->{'snmp_auth_pass'} = ''; + $self->{'snmp_auth_method'} = ''; + $self->{'snmp_privacy_method'} = ''; + $self->{'snmp_privacy_pass'} = ''; + $self->{'snmp_security_level'} = ''; + } return bless($self, $class); } @@ -199,7 +267,7 @@ sub aft_connectivity($$) { my ($self, $switch) = @_; my (%mac_temp, @aft_temp); - return unless defined($self->get_community($switch)); + return unless ($self->is_snmp_discovered($switch)); $self->enable_vlan_cache(); @@ -397,8 +465,7 @@ sub find_ifaces($$) { my ($self, $device) = @_; # Does it respond to SNMP? - my $community = $self->get_community($device); - return unless defined($community); + return unless ($self->is_snmp_discovered($device)); my @output = $self->snmp_get_value_array($device, $PandoraFMS::Recon::Base::IFINDEX); foreach my $if_index (@output) { @@ -476,11 +543,13 @@ sub get_device($$) { sub get_community($$) { my ($self, $device) = @_; + return '' if ($self->{'snmp_version'} eq "3"); + if (defined($self->{'community_cache'}->{$device})) { return $self->{'community_cache'}->{$device}; } - return undef; + return ''; } ######################################################################################## @@ -787,6 +856,9 @@ sub get_visited_devices($) { sub get_vlans($$) { my ($self, $device) = @_; + # Disabled in verison 3 + return () if ($self->{'snmp_version'} eq "3"); + # Is the VLAN cache disabled? return () unless ($self->{'__vlan_cache_enabled__'} == 1); @@ -945,6 +1017,17 @@ sub is_visited($$) { return 0; } +######################################################################################## +# Returns 1 if the given device has responded successfully to a snmp request +# Returns 0 otherwise. +######################################################################################## +sub is_snmp_discovered($$) { + my ($self, $device) = @_; + + # Check if device is into discovered cache + return (defined($self->{'discovered_cache'}->{$device})) ? 1 : 0; +} + ######################################################################################## # Mark the given devices as connected to each other on the given interfaces. ######################################################################################## @@ -999,23 +1082,46 @@ sub mark_visited($$) { } ######################################################################################## -# Looks for a working SNMP community for the given device. Returns 1 if one is -# found, 0 otherwise. Updates the SNMP community cache. +# Mark the given device as snmp discovered. +######################################################################################## +sub mark_discovered($$) { + my ($self, $device) = @_; + + $self->{'discovered_cache'}->{$device} = 1; +} + +######################################################################################## +# Validate the configuration for the given device. +# Returns 1 if successfull snmp contact, 0 otherwise. +# Updates the SNMP community cache on v1, v2 and v2c. ######################################################################################## sub snmp_responds($$) { my ($self, $device) = @_; - # We already have a working SNMP community for this device. - return 1 if (defined($self->get_community($device))); + return 1 if($self->is_snmp_discovered($device)); + + return ($self->{'snmp_version'} eq "3") + ? $self->snmp_responds_v3($device) + : $self->snmp_responds_v122c($device); +} + +######################################################################################## +# Looks for a working SNMP community for the given device. Returns 1 if one is +# found, 0 otherwise. Updates the SNMP community cache. +######################################################################################## +sub snmp_responds_v122c($$) { + my ($self, $device) = @_; foreach my $community (@{$self->{'communities'}}) { # Clean blanks. $community =~ s/\s+//g; - `snmpwalk -M/dev/null -r$self->{'snmp_checks'} -t$self->{'snmp_timeout'} -v1 -On -Oe -c $community $device .0 2>/dev/null`; + my $command = $self->snmp_get_command($device, ".0", $community); + `$command`; if ($? == 0) { $self->set_community($device, $community); + $self->mark_discovered($device); return 1; } } @@ -1023,6 +1129,25 @@ sub snmp_responds($$) { return 0; } + +######################################################################################## +# Validate the SNMP v3 configuration for a device. +# Returns 1 if successfull snmp contact, 0 otherwise. +######################################################################################## +sub snmp_responds_v3($$) { + my ($self, $device) = @_; + + my $command = $self->snmp_get_command($device, ".0"); + `$command`; + + if ($? == 0) { + $self->mark_discovered($device); + return 1; + } + + return 0; +} + ############################################################################## # Parse the local ARP cache. ############################################################################## @@ -1309,8 +1434,8 @@ sub snmp_get($$$) { my ($self, $device, $oid) = @_; my @output; + return () unless defined $self->is_snmp_discovered($device); my $community = $self->get_community($device); - return () unless defined ($community); # Check the SNMP query cache first. if (defined($self->{'snmp_cache'}->{"${device}_${oid}"})) { @@ -1320,13 +1445,15 @@ sub snmp_get($$$) { # Check VLANS. my @vlans = $self->get_vlans($device); if (scalar(@vlans) == 0) { - @output = `snmpwalk -M/dev/null -r$self->{'snmp_checks'} -t$self->{'snmp_timeout'} -v1 -On -Oe -c $community $device $oid 2>/dev/null`; + my $command = $self->snmp_get_command($device, $oid, $community); + @output = `$command`; } else { # Handle duplicate lines. my %output_hash; foreach my $vlan (@vlans) { - foreach my $line (`snmpwalk -M/dev/null -r$self->{'snmp_checks'} -t$self->{'snmp_timeout'} -v1 -On -Oe -c $community\@$vlan $device $oid 2>/dev/null`) { + my $command = $self->snmp_get_command($device, $oid, $community, $vlan); + foreach my $line (`$vlan`) { $output_hash{$line} = 1; } } @@ -1339,6 +1466,31 @@ sub snmp_get($$$) { return @output; } +######################################################################################## +# Get the snmpwalk command seing version 1, 2, 2c or 3. +######################################################################################## +sub snmp_get_command { + my ($self, $device, $oid, $community, $vlan) = @_; + $vlan = defined($vlan) ? "\@" . $vlan : ''; + + my $command = "snmpwalk -M/dev/null -r$self->{'snmp_checks'} -t$self->{'snmp_timeout'} -v$self->{'snmp_version'} -On -Oe "; + if ($self->{'snmp_version'} eq "3") { + $command .= " -l$self->{'snmp_security_level'} "; + print $self->{'snmp_security_level'} . "\n"; + if ($self->{'snmp_security_level'} ne "noAuthNoPriv") { + $command .= " -u$self->{'snmp_auth_user'} -a$self->{'snmp_auth_method'} -A$self->{'snmp_auth_pass'} "; + } + if ($self->{'snmp_security_level'} eq "authPriv") { + $command .= " -x$self->{'snmp_privacy_method'} -X$self->{'snmp_privacy_pass'} "; + } + } else { + $command .= " -c$community$vlan "; + } + + return "$command $device $oid 2>/dev/null"; + +} + ######################################################################################## # Performs an SNMP WALK and returns the value of the given OID. Returns undef # on error. diff --git a/pandora_server/lib/PandoraFMS/ReconServer.pm b/pandora_server/lib/PandoraFMS/ReconServer.pm index f0c272b3c7..13d563cd8e 100644 --- a/pandora_server/lib/PandoraFMS/ReconServer.pm +++ b/pandora_server/lib/PandoraFMS/ReconServer.pm @@ -173,7 +173,16 @@ sub data_consumer ($$) { pa_config => $pa_config, recon_ports => $task->{'recon_ports'}, resolve_names => $task->{'resolve_names'}, + snmp_auth_user => $task->{'snmp_auth_user'}, + snmp_auth_pass => $task->{'snmp_auth_pass'}, + snmp_auth_method => $task->{'snmp_auth_method'}, + snmp_checks => $task->{'snmp_checks'}, snmp_enabled => $task->{'snmp_enabled'}, + snmp_privacy_method => $task->{'snmp_privacy_method'}, + snmp_privacy_pass => $task->{'snmp_privacy_pass'}, + snmp_security_level => $task->{'snmp_security_level'}, + snmp_timeout => $task->{'snmp_timeout'}, + snmp_version => $task->{'snmp_version'}, subnets => \@subnets, task_id => $task->{'id_rt'}, vlan_cache_enabled => $task->{'vlan_enabled'}, @@ -310,10 +319,17 @@ sub PandoraFMS::Recon::Base::create_network_profile_modules($$$) { $self->call('message', "Network component ID " . $np_component->{'id_nc'} . " not found.", 5); next; } - + # Use snmp_community from network task instead the component snmp_community $component->{'snmp_community'} = safe_output($self->get_community($device)); - + $component->{'tcp_send'} = $self->{'snmp_version'}; + $component->{'custom_string_1'} = $self->{'snmp_privacy_method'}; + $component->{'custom_string_2'} = $self->{'snmp_privacy_pass'}; + $component->{'custom_string_3'} = $self->{'snmp_security_level'}; + $component->{'plugin_parameter'} = $self->{'snmp_auth_method'}; + $component->{'plugin_user'} = $self->{'snmp_auth_user'}; + $component->{'plugin_pass'} = $self->{'snmp_auth_pass'}; + pandora_create_module_from_network_component($self->{'pa_config'}, $component, $agent_id, $self->{'dbh'}); } } @@ -466,8 +482,8 @@ sub PandoraFMS::Recon::Base::create_agent($$) { } # Add interfaces to the agent if it responds to SNMP. + return $agent_id unless ($self->is_snmp_discovered($device)); my $community = $self->get_community($device); - return $agent_id unless defined($community); my @output = $self->snmp_get_value_array($device, $PandoraFMS::Recon::Base::IFINDEX); foreach my $if_index (@output) { @@ -506,7 +522,13 @@ sub PandoraFMS::Recon::Base::create_agent($$) { 'descripcion' => $if_desc, 'id_agente' => $agent_id, 'ip_target' => $device, - 'tcp_send' => 1, + 'tcp_send' => $self->{'snmp_version'}, + 'custom_string_1' => $self->{'snmp_privacy_method'}, + 'custom_string_2' => $self->{'snmp_privacy_pass'}, + 'custom_string_3' => $self->{'snmp_security_level'}, + 'plugin_parameter' => $self->{'snmp_auth_method'}, + 'plugin_user' => $self->{'snmp_auth_user'}, + 'plugin_pass' => $self->{'snmp_auth_pass'}, 'snmp_community' => $community, 'snmp_oid' => "$PandoraFMS::Recon::Base::IFOPERSTATUS.$if_index" ); @@ -516,6 +538,14 @@ sub PandoraFMS::Recon::Base::create_agent($$) { 'descripcion' => $if_desc, 'ip_target' => $device, 'snmp_community' => $community, + 'tcp_send' => $self->{'snmp_version'}, + 'custom_string_1' => $self->{'snmp_privacy_method'}, + 'custom_string_2' => $self->{'snmp_privacy_pass'}, + 'custom_string_3' => $self->{'snmp_security_level'}, + 'plugin_parameter' => $self->{'snmp_auth_method'}, + 'plugin_user' => $self->{'snmp_auth_user'}, + 'plugin_pass' => $self->{'snmp_auth_pass'}, + 'tcp_send' => $self->{'snmp_version'}, ); pandora_update_module_from_hash ($self->{'pa_config'}, \%module, 'id_agente_modulo', $module_id, $self->{'dbh'}); } @@ -531,7 +561,13 @@ sub PandoraFMS::Recon::Base::create_agent($$) { 'descripcion' => 'The total number of octets received on the interface, including framing characters. This object is a 64-bit version of ifInOctets.', 'id_agente' => $agent_id, 'ip_target' => $device, - 'tcp_send' => 1, + 'tcp_send' => $self->{'snmp_version'}, + 'custom_string_1' => $self->{'snmp_privacy_method'}, + 'custom_string_2' => $self->{'snmp_privacy_pass'}, + 'custom_string_3' => $self->{'snmp_security_level'}, + 'plugin_parameter' => $self->{'snmp_auth_method'}, + 'plugin_user' => $self->{'snmp_auth_user'}, + 'plugin_pass' => $self->{'snmp_auth_pass'}, 'snmp_community' => $community, 'snmp_oid' => "$PandoraFMS::Recon::Base::IFHCINOCTECTS.$if_index"); pandora_create_module_from_hash ($self->{'pa_config'}, \%module, $self->{'dbh'}); @@ -539,6 +575,13 @@ sub PandoraFMS::Recon::Base::create_agent($$) { my %module = ( 'ip_target' => $device, 'snmp_community' => $community, + 'tcp_send' => $self->{'snmp_version'}, + 'custom_string_1' => $self->{'snmp_privacy_method'}, + 'custom_string_2' => $self->{'snmp_privacy_pass'}, + 'custom_string_3' => $self->{'snmp_security_level'}, + 'plugin_parameter' => $self->{'snmp_auth_method'}, + 'plugin_user' => $self->{'snmp_auth_user'}, + 'plugin_pass' => $self->{'snmp_auth_pass'}, ); pandora_update_module_from_hash ($self->{'pa_config'}, \%module, 'id_agente_modulo', $module_id, $self->{'dbh'}); } @@ -553,7 +596,13 @@ sub PandoraFMS::Recon::Base::create_agent($$) { 'descripcion' => 'The total number of octets received on the interface, including framing characters.', 'id_agente' => $agent_id, 'ip_target' => $device, - 'tcp_send' => 1, + 'tcp_send' => $self->{'snmp_version'}, + 'custom_string_1' => $self->{'snmp_privacy_method'}, + 'custom_string_2' => $self->{'snmp_privacy_pass'}, + 'custom_string_3' => $self->{'snmp_security_level'}, + 'plugin_parameter' => $self->{'snmp_auth_method'}, + 'plugin_user' => $self->{'snmp_auth_user'}, + 'plugin_pass' => $self->{'snmp_auth_pass'}, 'snmp_community' => $community, 'snmp_oid' => "$PandoraFMS::Recon::Base::IFINOCTECTS.$if_index"); pandora_create_module_from_hash ($self->{'pa_config'}, \%module, $self->{'dbh'}); @@ -561,6 +610,13 @@ sub PandoraFMS::Recon::Base::create_agent($$) { my %module = ( 'ip_target' => $device, 'snmp_community' => $community, + 'tcp_send' => $self->{'snmp_version'}, + 'custom_string_1' => $self->{'snmp_privacy_method'}, + 'custom_string_2' => $self->{'snmp_privacy_pass'}, + 'custom_string_3' => $self->{'snmp_security_level'}, + 'plugin_parameter' => $self->{'snmp_auth_method'}, + 'plugin_user' => $self->{'snmp_auth_user'}, + 'plugin_pass' => $self->{'snmp_auth_pass'}, ); pandora_update_module_from_hash ($self->{'pa_config'}, \%module, 'id_agente_modulo', $module_id, $self->{'dbh'}); } @@ -577,7 +633,13 @@ sub PandoraFMS::Recon::Base::create_agent($$) { 'descripcion' => 'The total number of octets received on the interface, including framing characters. This object is a 64-bit version of ifOutOctets.', 'id_agente' => $agent_id, 'ip_target' => $device, - 'tcp_send' => 1, + 'tcp_send' => $self->{'snmp_version'}, + 'custom_string_1' => $self->{'snmp_privacy_method'}, + 'custom_string_2' => $self->{'snmp_privacy_pass'}, + 'custom_string_3' => $self->{'snmp_security_level'}, + 'plugin_parameter' => $self->{'snmp_auth_method'}, + 'plugin_user' => $self->{'snmp_auth_user'}, + 'plugin_pass' => $self->{'snmp_auth_pass'}, 'snmp_community' => $community, 'snmp_oid' => "$PandoraFMS::Recon::Base::IFHCOUTOCTECTS.$if_index"); pandora_create_module_from_hash ($self->{'pa_config'}, \%module, $self->{'dbh'}); @@ -585,6 +647,14 @@ sub PandoraFMS::Recon::Base::create_agent($$) { my %module = ( 'ip_target' => $device, 'snmp_community' => $community, + 'tcp_send' => $self->{'snmp_version'}, + 'tcp_send' => $self->{'snmp_version'}, + 'custom_string_1' => $self->{'snmp_privacy_method'}, + 'custom_string_2' => $self->{'snmp_privacy_pass'}, + 'custom_string_3' => $self->{'snmp_security_level'}, + 'plugin_parameter' => $self->{'snmp_auth_method'}, + 'plugin_user' => $self->{'snmp_auth_user'}, + 'plugin_pass' => $self->{'snmp_auth_pass'}, ); pandora_update_module_from_hash ($self->{'pa_config'}, \%module, 'id_agente_modulo', $module_id, $self->{'dbh'}); } @@ -599,7 +669,13 @@ sub PandoraFMS::Recon::Base::create_agent($$) { 'descripcion' => 'The total number of octets received on the interface, including framing characters.', 'id_agente' => $agent_id, 'ip_target' => $device, - 'tcp_send' => 1, + 'tcp_send' => $self->{'snmp_version'}, + 'custom_string_1' => $self->{'snmp_privacy_method'}, + 'custom_string_2' => $self->{'snmp_privacy_pass'}, + 'custom_string_3' => $self->{'snmp_security_level'}, + 'plugin_parameter' => $self->{'snmp_auth_method'}, + 'plugin_user' => $self->{'snmp_auth_user'}, + 'plugin_pass' => $self->{'snmp_auth_pass'}, 'snmp_community' => $community, 'snmp_oid' => "$PandoraFMS::Recon::Base::IFOUTOCTECTS.$if_index"); pandora_create_module_from_hash ($self->{'pa_config'}, \%module, $self->{'dbh'}); @@ -607,6 +683,14 @@ sub PandoraFMS::Recon::Base::create_agent($$) { my %module = ( 'ip_target' => $device, 'snmp_community' => $community, + 'tcp_send' => $self->{'snmp_version'}, + 'tcp_send' => $self->{'snmp_version'}, + 'custom_string_1' => $self->{'snmp_privacy_method'}, + 'custom_string_2' => $self->{'snmp_privacy_pass'}, + 'custom_string_3' => $self->{'snmp_security_level'}, + 'plugin_parameter' => $self->{'snmp_auth_method'}, + 'plugin_user' => $self->{'snmp_auth_user'}, + 'plugin_pass' => $self->{'snmp_auth_pass'}, ); pandora_update_module_from_hash ($self->{'pa_config'}, \%module, 'id_agente_modulo', $module_id, $self->{'dbh'}); } From 0d164fc3e00306542b25e03e66118f2df0f27536 Mon Sep 17 00:00:00 2001 From: fermin831 Date: Mon, 17 Sep 2018 16:38:02 +0200 Subject: [PATCH 5/6] Removed unwanted trace --- pandora_server/lib/PandoraFMS/Recon/Base.pm | 1 - 1 file changed, 1 deletion(-) diff --git a/pandora_server/lib/PandoraFMS/Recon/Base.pm b/pandora_server/lib/PandoraFMS/Recon/Base.pm index e64e273a1d..902a1d86d9 100644 --- a/pandora_server/lib/PandoraFMS/Recon/Base.pm +++ b/pandora_server/lib/PandoraFMS/Recon/Base.pm @@ -1476,7 +1476,6 @@ sub snmp_get_command { my $command = "snmpwalk -M/dev/null -r$self->{'snmp_checks'} -t$self->{'snmp_timeout'} -v$self->{'snmp_version'} -On -Oe "; if ($self->{'snmp_version'} eq "3") { $command .= " -l$self->{'snmp_security_level'} "; - print $self->{'snmp_security_level'} . "\n"; if ($self->{'snmp_security_level'} ne "noAuthNoPriv") { $command .= " -u$self->{'snmp_auth_user'} -a$self->{'snmp_auth_method'} -A$self->{'snmp_auth_pass'} "; } From 40bf163fedeb80f5ebc775bf365cc944e6cdb4cb Mon Sep 17 00:00:00 2001 From: "manuel.montes" Date: Tue, 18 Sep 2018 11:03:30 +0200 Subject: [PATCH 6/6] Disabled vlan vhen SNMP version is v3 --- pandora_console/godmode/servers/manage_recontask.php | 5 +++-- pandora_console/godmode/servers/manage_recontask_form.php | 3 +++ 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/pandora_console/godmode/servers/manage_recontask.php b/pandora_console/godmode/servers/manage_recontask.php index 25f9e048dd..1d5dc69c89 100644 --- a/pandora_console/godmode/servers/manage_recontask.php +++ b/pandora_console/godmode/servers/manage_recontask.php @@ -269,13 +269,15 @@ if (isset($_GET["create"])) { 'snmp_security_level' => '' ); } + if ($values['snmp_version'] == '3'){ + $values['vlan_enabled'] = 0; + } $values = array_merge($values, $values_v3); $name = io_safe_output($name); $name = trim($name, ' '); $name = io_safe_input($name); - html_debug($values, true); $reason = ""; if ($name != "") { @@ -297,7 +299,6 @@ if (isset($_GET["create"])) { } else{ $result = db_process_sql_insert('trecon_task', $values); - html_debug("entra", true); } } else { diff --git a/pandora_console/godmode/servers/manage_recontask_form.php b/pandora_console/godmode/servers/manage_recontask_form.php index eacc850dd4..f5865d1470 100644 --- a/pandora_console/godmode/servers/manage_recontask_form.php +++ b/pandora_console/godmode/servers/manage_recontask_form.php @@ -515,11 +515,14 @@ $('select#snmp_version').change(function () { $(".recon_v3").show(); $("input[name=active_snmp_v3]").val(1); $("input[name=snmp_community]").attr("disabled", true); + $("input[name=vlan_enabled]").removeAttr("checked"); + $("input[name=vlan_enabled]").attr("disabled", true); } else { $(".recon_v3").hide(); $("input[name=active_snmp_v3]").val(0); $("input[name=snmp_community]").removeAttr('disabled'); + $("input[name=vlan_enabled]").removeAttr('disabled'); } });