From cc3d8261170d630c228de4a315193ed5cb6d12fa Mon Sep 17 00:00:00 2001
From: Calvo <luis.calvo@pandorafms.com>
Date: Fri, 3 Feb 2023 12:35:20 +0100
Subject: [PATCH 1/2] Added cookie management to api curl and wget calls

---
 extras/deploy-scripts/pandora_deploy_community.sh             | 4 ++--
 extras/deploy-scripts/pandora_deploy_community_el8.sh         | 4 ++--
 extras/deploy-scripts/pandora_deploy_community_ubuntu_2204.sh | 4 ++--
 extras/docker/centos8/pandora-stack/sources/init_pandora.sh   | 4 ++--
 pandora_console/include/class/ConsoleSupervisor.php           | 2 +-
 pandora_server/bin/pandora_server                             | 2 +-
 6 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/extras/deploy-scripts/pandora_deploy_community.sh b/extras/deploy-scripts/pandora_deploy_community.sh
index 873b9a3068..78f1ef0e41 100644
--- a/extras/deploy-scripts/pandora_deploy_community.sh
+++ b/extras/deploy-scripts/pandora_deploy_community.sh
@@ -639,8 +639,8 @@ systemctl enable tentacle_serverd &>> $LOGFILE
 execute_cmd "service tentacle_serverd start" "Starting Tentacle Server"
 
 # Enabling condole cron
-execute_cmd "echo \"* * * * * root wget -q -O - --no-check-certificate http://127.0.0.1/pandora_console/enterprise/cron.php >> $PANDORA_CONSOLE/log/cron.log\" >> /etc/crontab" "Enabling Pandora FMS Console cron"
-echo "* * * * * root wget -q -O - --no-check-certificate http://127.0.0.1/pandora_console/enterprise/cron.php >> $PANDORA_CONSOLE/log/cron.log" >> /etc/crontab
+execute_cmd "echo \"* * * * * root wget -q -O - --no-check-certificate --load-cookies /tmp/cron-session-cookies --save-cookies /tmp/cron-session-cookies --keep-session-cookies http://127.0.0.1/pandora_console/enterprise/cron.php >> $PANDORA_CONSOLE/log/cron.log\" >> /etc/crontab" "Enabling Pandora FMS Console cron"
+echo "* * * * * root wget -q -O - --no-check-certificate --load-cookies /tmp/cron-session-cookies --save-cookies /tmp/cron-session-cookies --keep-session-cookies http://127.0.0.1/pandora_console/enterprise/cron.php >> $PANDORA_CONSOLE/log/cron.log" >> /etc/crontab
 ## Enabling agent
 systemctl enable pandora_agent_daemon &>> $LOGFILE
 execute_cmd "systemctl start pandora_agent_daemon" "Starting Pandora FMS Agent"
diff --git a/extras/deploy-scripts/pandora_deploy_community_el8.sh b/extras/deploy-scripts/pandora_deploy_community_el8.sh
index 794e11f8fe..13f90fcf85 100644
--- a/extras/deploy-scripts/pandora_deploy_community_el8.sh
+++ b/extras/deploy-scripts/pandora_deploy_community_el8.sh
@@ -732,8 +732,8 @@ systemctl enable tentacle_serverd &>> "$LOGFILE"
 execute_cmd "service tentacle_serverd start" "Starting Tentacle Server"
 
 # Enabling condole cron
-execute_cmd "echo \"* * * * * root wget -q -O - --no-check-certificate http://127.0.0.1/pandora_console/enterprise/cron.php >> $PANDORA_CONSOLE/log/cron.log\" >> /etc/crontab" "Enabling Pandora FMS Console cron"
-echo "* * * * * root wget -q -O - --no-check-certificate http://127.0.0.1/pandora_console/enterprise/cron.php >> $PANDORA_CONSOLE/log/cron.log" >> /etc/crontab
+execute_cmd "echo \"* * * * * root wget -q -O - --no-check-certificate --load-cookies /tmp/cron-session-cookies --save-cookies /tmp/cron-session-cookies --keep-session-cookies http://127.0.0.1/pandora_console/enterprise/cron.php >> $PANDORA_CONSOLE/log/cron.log\" >> /etc/crontab" "Enabling Pandora FMS Console cron"
+echo "* * * * * root wget -q -O - --no-check-certificate --load-cookies /tmp/cron-session-cookies --save-cookies /tmp/cron-session-cookies --keep-session-cookies http://127.0.0.1/pandora_console/enterprise/cron.php >> $PANDORA_CONSOLE/log/cron.log" >> /etc/crontab
 ## Enabling agent
 systemctl enable pandora_agent_daemon &>> "$LOGFILE"
 execute_cmd "systemctl start pandora_agent_daemon" "Starting Pandora FMS Agent"
diff --git a/extras/deploy-scripts/pandora_deploy_community_ubuntu_2204.sh b/extras/deploy-scripts/pandora_deploy_community_ubuntu_2204.sh
index f52eb625e2..b22d5d163f 100644
--- a/extras/deploy-scripts/pandora_deploy_community_ubuntu_2204.sh
+++ b/extras/deploy-scripts/pandora_deploy_community_ubuntu_2204.sh
@@ -732,8 +732,8 @@ execute_cmd "service tentacle_serverd start" "Starting Tentacle Server"
 systemctl enable tentacle_serverd &>> "$LOGFILE"
 
 # Enabling condole cron
-execute_cmd "echo \"* * * * * root wget -q -O - --no-check-certificate http://127.0.0.1/pandora_console/enterprise/cron.php >> $PANDORA_CONSOLE/log/cron.log\" >> /etc/crontab" "Enabling Pandora FMS Console cron"
-echo "* * * * * root wget -q -O - --no-check-certificate http://127.0.0.1/pandora_console/enterprise/cron.php >> $PANDORA_CONSOLE/log/cron.log" >> /etc/crontab
+execute_cmd "echo \"* * * * * root wget -q -O - --no-check-certificate --load-cookies /tmp/cron-session-cookies --save-cookies /tmp/cron-session-cookies --keep-session-cookies http://127.0.0.1/pandora_console/enterprise/cron.php >> $PANDORA_CONSOLE/log/cron.log\" >> /etc/crontab" "Enabling Pandora FMS Console cron"
+echo "* * * * * root wget -q -O - --no-check-certificate --load-cookies /tmp/cron-session-cookies --save-cookies /tmp/cron-session-cookies --keep-session-cookies http://127.0.0.1/pandora_console/enterprise/cron.php >> $PANDORA_CONSOLE/log/cron.log" >> /etc/crontab
 
 ## Enabling agent adn configuring Agente
 sed -i "s/^remote_config.*$/remote_config 1/g" $PANDORA_AGENT_CONF &>> "$LOGFILE"
diff --git a/extras/docker/centos8/pandora-stack/sources/init_pandora.sh b/extras/docker/centos8/pandora-stack/sources/init_pandora.sh
index 76a0954bb8..e9265a0981 100755
--- a/extras/docker/centos8/pandora-stack/sources/init_pandora.sh
+++ b/extras/docker/centos8/pandora-stack/sources/init_pandora.sh
@@ -277,8 +277,8 @@ export ORACLE_HOME=/usr/lib/oracle/$VERSION/client64
 EOF_ENV
 
 echo  ">> Enable discovery cron: "
-#while true ; do wget -q -O - --no-check-certificate http://localhost/pandora_console/enterprise/cron.php >> /var/www/html/pandora_console/pandora_console.log && sleep 60 ; done &
-echo "*/5 * * * * wget -q -O - --no-check-certificate http://localhost/pandora_console/enterprise/cron.php >> /var/www/html/pandora_console/log/cron.log" >> /opt/pandora/crontasks
+#while true ; do wget -q -O - --no-check-certificate --load-cookies /tmp/cron-session-cookies --save-cookies /tmp/cron-session-cookies --keep-session-cookies http://localhost/pandora_console/enterprise/cron.php >> /var/www/html/pandora_console/pandora_console.log && sleep 60 ; done &
+echo "*/5 * * * * wget -q -O - --no-check-certificate --load-cookies /tmp/cron-session-cookies --save-cookies /tmp/cron-session-cookies --keep-session-cookies http://localhost/pandora_console/enterprise/cron.php >> /var/www/html/pandora_console/log/cron.log" >> /opt/pandora/crontasks
 
 echo  ">> Enable pandora_db cron: "
 /usr/bin/perl /usr/share/pandora_server/util/pandora_db.pl /etc/pandora/pandora_server.conf
diff --git a/pandora_console/include/class/ConsoleSupervisor.php b/pandora_console/include/class/ConsoleSupervisor.php
index b6a6d3df43..2c04aa0ae3 100644
--- a/pandora_console/include/class/ConsoleSupervisor.php
+++ b/pandora_console/include/class/ConsoleSupervisor.php
@@ -2379,7 +2379,7 @@ class ConsoleSupervisor
             if (strtoupper(substr(PHP_OS, 0, 3)) != 'WIN') {
                 $message_conf_cron .= __('Discovery relies on an appropriate cron setup.');
                 $message_conf_cron .= '. '.__('Please, add the following line to your crontab file:');
-                $message_conf_cron .= '<b><pre class=""ui-dialog>* * * * * &lt;user&gt; wget -q -O - --no-check-certificate ';
+                $message_conf_cron .= '<b><pre class=""ui-dialog>* * * * * &lt;user&gt; wget -q -O - --no-check-certificate --load-cookies /tmp/cron-session-cookies --save-cookies /tmp/cron-session-cookies --keep-session-cookies ';
                 $message_conf_cron .= str_replace(
                     ENTERPRISE_DIR.'/meta/',
                     '',
diff --git a/pandora_server/bin/pandora_server b/pandora_server/bin/pandora_server
index fd8fa0d99d..05d846b3ec 100755
--- a/pandora_server/bin/pandora_server
+++ b/pandora_server/bin/pandora_server
@@ -799,7 +799,7 @@ sub main() {
 	# Testing API url
 	my $curl_execution = "'".$Config{'console_api_url'}."?op=get&op2=test&apipass=".$Config{"console_api_pass"}."&user=".$Config{"console_user"}."&pass=".$Config{"console_pass"}."'";
 	# More than 30 secs is highly unrecommendated
-	my $command = $Config{'plugin_exec'}.' 30 curl '.$curl_execution.' 2>/dev/null';
+	my $command = $Config{'plugin_exec'}.' 30 curl --cookie-jar /tmp/cron-session-cookies '.$curl_execution.' 2>/dev/null';
 	my $exe_testing_api = `$command`;
 	my @res_testing_api = split(',', $exe_testing_api);
 	if ( $res_testing_api[0] ne 'OK' ) {

From 3e45b548b6e833aff67ea34a8d7608ab7e2ee2a5 Mon Sep 17 00:00:00 2001
From: Calvo <luis.calvo@pandorafms.com>
Date: Mon, 6 Feb 2023 11:58:50 +0100
Subject: [PATCH 2/2] Pandora db delete /tmp/cron-session-cookies file

---
 pandora_server/util/pandora_db.pl | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/pandora_server/util/pandora_db.pl b/pandora_server/util/pandora_db.pl
index f0437a5bfb..84fdfb75d5 100755
--- a/pandora_server/util/pandora_db.pl
+++ b/pandora_server/util/pandora_db.pl
@@ -1067,12 +1067,18 @@ sub pandora_delete_old_session_data {
 
 	$ulimit_timestamp = time() - $session_timeout;
 
-	log_message ('PURGE', "Deleting old session data from tsessions_php\n");
+	log_message ('PURGE', "Deleting old session data from tsessions_php");
 	while(db_delete_limit ($dbh, 'tsessions_php', 'last_active < ?', $SMALL_OPERATION_STEP, $ulimit_timestamp) ne '0E0') {
 		usleep (10000);
 	};
 
 	db_do ($dbh, "DELETE FROM tsessions_php WHERE data IS NULL OR id_session REGEXP '^cron-'");
+
+	# Delete cron cookies file
+	my $cookie_file = '/tmp/cron-session-cookies';
+	log_message ('PURGE', "Deleting cron session file");
+	unlink($cookie_file) or die 	log_message ('PURGE', "Could not delete session file");
+ 
 }
 
 ###############################################################################