diff --git a/pandora_server/ChangeLog b/pandora_server/ChangeLog index c92300851d..e795825bef 100644 --- a/pandora_server/ChangeLog +++ b/pandora_server/ChangeLog @@ -1,3 +1,8 @@ +2012-08-16 Vanessa Gil + + * util/recon_scripts/snmpdevices.pl: Added several networks and ips + to recon scripts. + 2012-08-16 Sergio Martin * lib/PandoraFMS/PluginServer.pm: Adapted the plugin server to diff --git a/pandora_server/util/recon_scripts/snmpdevices.pl b/pandora_server/util/recon_scripts/snmpdevices.pl index 42bca49a3f..a86eab5309 100755 --- a/pandora_server/util/recon_scripts/snmpdevices.pl +++ b/pandora_server/util/recon_scripts/snmpdevices.pl @@ -145,160 +145,301 @@ my $dbh = db_connect ('mysql', $conf{'dbname'}, $conf{'dbhost'}, $conf{'dbport'} # Start the network sweep # Get a NetAddr::IP object for the target network -my $net_addr = new NetAddr::IP ($target_network); -if (! defined ($net_addr)) { - logger (\%conf, "Invalid network " . $target_network . " for SNMP Recon App task", 1); - update_recon_task ($dbh, $task_id, -1); - return -1; -} +my @net_addr_list = split (",", $target_network); +my $addr_item; -# Scan the network for hosts -my ($total_hosts, $hosts_found, $addr_found) = ($net_addr->num, 0, ''); +foreach $addr_item (@net_addr_list) { -my $last = 0; -for (my $i = 1; $net_addr <= $net_addr->broadcast; $i++, $net_addr++) { - if($last == 1) { - last; - } - - my $net_addr_temp = $net_addr + 1; - if($net_addr->broadcast eq $net_addr_temp) { - $last = 1; - } - - if ($net_addr =~ /\b\d{1,3}\.\d{1,3}\.\d{1,3}\.(\d{1,3})\b/) { - if($1 eq '0' || $1 eq '255') { - next; - } - } - - my $addr = (split(/\//, $net_addr))[0]; - $hosts_found ++; - - # Update the recon task - update_recon_task ($dbh, $task_id, ceil ($i / ($total_hosts / 100))); - - my $alive = 0; - if (pandora_ping (\%conf, $addr) == 1) { - $alive = 1; - } - - next unless ($alive > 0); - - # Resolve the address - my $host_name = gethostbyaddr(inet_aton($addr), AF_INET); - $host_name = $addr unless defined ($host_name); - #/usr/bin/snmpwalk -OUevqt -c 'public' -v 1 192.168.50.100 SNMPv2-MIB::sysName.0 - logger(\%conf, "SNMP Recon App found host $host_name.", 10); - - # Add the new address if it does not exist - my $addr_id = get_addr_id ($dbh, $addr); - - my $resp; - my $oid; - my $module_type; - my $module_description; - my $module_name; - my $xml = ""; - my $ax; # Counter - my $conf = \%conf; - - $resp = ""; - - my @community_list = split (",", $target_community); - my $community_validate = 0; - my $community; - - foreach $community (@community_list) { - $resp = get_snmp_response ($target_timeout, $community, $addr); - - if ($resp ne "") { - $community_validate = 1; - $target_community = $community; - last; - } - } - - if ($community_validate eq 0) { - next; - } - - # Create agent if really has SNMP information - $addr_id = add_address ($dbh, $addr) unless ($addr_id > 0); - if ($addr_id <= 0) { - logger (\%conf, "Could not add address '$addr' for host '$host_name'", 3); - next; - } - - # Check if the agent exists - my $agent_id = get_agent_id($dbh, $host_name); - - # If the agent doesnt exist we create it - if($agent_id == -1) { - # Create a new agent - $agent_id = pandora_create_agent (\%conf, $conf{'servername'}, $host_name, $addr, $target_group, 0, 11, '', 300, $dbh); - } - - # Assign the new address to the agent - db_do ($dbh, 'INSERT INTO taddress_agent (`id_a`, `id_agent`) VALUES (?, ?)', $addr_id, $agent_id); - - # Generate an event - pandora_event (\%conf, "[RECON] New SNMP host [$host_name] detected on network [" . $target_network . ']', $target_group, $agent_id, 2, 0, 0, 'recon_host_detected', 0, $dbh); - - # SysUptime - process_module_snmp ($dbh, $target_community, $addr, ".1.3.6.1.2.1.1.3.0", "ticks", "SysUptime", "remote_snmp_string", "System uptime reported by SNMP", $conf); - - # SysName - process_module_snmp ($dbh, $target_community, $addr, ".1.3.6.1.2.1.1.5.0", "", "SysName", "remote_snmp_string", "System name reported by SNMP", $conf); - - # Local system total traffic - - process_module_snmp ($dbh, $target_community, $addr, ".1.3.6.1.2.1.4.3.0", "", "Local InReceives", "remote_snmp_inc", "System local incoming traffic (bytes)", $conf); - - process_module_snmp ($dbh, $target_community, $addr, ".1.3.6.1.2.1.4.10.0", "", "Local OutRequests", "remote_snmp_inc", "System local outgoing traffic (bytes)", $conf); - - # Process interface list - # Get interface indexes - - my $interface_indexes = `/usr/bin/snmpwalk -Ouvq -c '$target_community' -v 1 $addr ifIndex 2>/dev/null`; - - my @ids = split("\n", $interface_indexes); - - foreach my $ax (@ids) { - my $oper_status = `/usr/bin/snmpwalk -OUevqt -c '$target_community' -v 1 $addr .1.3.6.1.2.1.2.2.1.8.$ax 2>/dev/null`; - - # If switch_mode is active and the interface is not up, we avoid it - if($all_mode ne '-a' && $oper_status != 1) { - next; - } - - my $interface = `/usr/bin/snmpget -v 1 -r0 -t$target_timeout -OUevqt -c '$target_community' $addr RFC1213-MIB::ifDescr.$ax 2>/dev/null`; - - my $ip_address = `/usr/bin/snmpwalk -OnQ -c '$target_community' -v 1 $addr .1.3.6.1.2.1.4.20.1.2 | sed 's/.1.3.6.1.2.1.4.20.1.2.//' | grep "= $ax" | awk '{print \$1}'`; - - if($ip_address eq '') { - $ip_address = 'N/A'; - } - else { - chomp($ip_address); - $ip_address =~ s/\n/,/g; - } - - # Remove forbidden caracters - $interface =~ s/\"|\n|\<|\>|\&|\[|\]//g; - - process_module_snmp ($dbh, $target_community, $addr, ".1.3.6.1.2.1.2.2.1.8.$ax", "interface", "$interface Status", "remote_snmp_proc", "Operative status for $interface at position $ax. IP Address: $ip_address", $conf); + if ($addr_item =~ /\b\d{1,3}\.\d{1,3}\.\d{1,3}\.(\d{1,3})\b\/\d/) { # it's a network - process_module_snmp ($dbh, $target_community, $addr, ".1.3.6.1.2.1.2.2.1.10.$ax", "", "$interface Inbound bps", "remote_snmp_inc", "Incoming traffic for $interface", $conf); + #my $net_addr = new NetAddr::IP ($target_network); + my $net_addr = new NetAddr::IP ($addr_item); - process_module_snmp ($dbh, $target_community, $addr, ".1.3.6.1.2.1.2.2.1.16.$ax", "", "$interface Outbound bps", "remote_snmp_inc", "Outgoing traffic for $interface", $conf); + if (! defined ($net_addr)) { + logger (\%conf, "Invalid network " . $target_network . " for SNMP Recon App task", 1); + update_recon_task ($dbh, $task_id, -1); + return -1; + } + + # Scan the network for hosts + my ($total_hosts, $hosts_found, $addr_found) = ($net_addr->num, 0, ''); + + my $last = 0; + for (my $i = 1; $net_addr <= $net_addr->broadcast; $i++, $net_addr++) { + if($last == 1) { + last; + } + + my $net_addr_temp = $net_addr + 1; + if($net_addr->broadcast eq $net_addr_temp) { + $last = 1; + } + + if ($net_addr =~ /\b\d{1,3}\.\d{1,3}\.\d{1,3}\.(\d{1,3})\b/) { + if($1 eq '0' || $1 eq '255') { + next; + } + } + + my $addr = (split(/\//, $net_addr))[0]; + + $hosts_found ++; + + # Update the recon task + update_recon_task ($dbh, $task_id, ceil ($i / ($total_hosts / 100))); + + my $alive = 0; + if (pandora_ping (\%conf, $addr) == 1) { + $alive = 1; + } + + next unless ($alive > 0); + + # Resolve the address + my $host_name = gethostbyaddr(inet_aton($addr), AF_INET); + $host_name = $addr unless defined ($host_name); + #/usr/bin/snmpwalk -OUevqt -c 'public' -v 1 192.168.50.100 SNMPv2-MIB::sysName.0 + logger(\%conf, "SNMP Recon App found host $host_name.", 10); + + # Add the new address if it does not exist + my $addr_id = get_addr_id ($dbh, $addr); + + my $resp; + my $oid; + my $module_type; + my $module_description; + my $module_name; + my $xml = ""; + my $ax; # Counter + my $conf = \%conf; + + $resp = ""; + + my @community_list = split (",", $target_community); + my $community_validate = 0; + my $community; + + foreach $community (@community_list) { + $resp = get_snmp_response ($target_timeout, $community, $addr); + + if ($resp ne "") { + $community_validate = 1; + $target_community = $community; + last; + } + } + + if ($community_validate eq 0) { + next; + } + + # Create agent if really has SNMP information + $addr_id = add_address ($dbh, $addr) unless ($addr_id > 0); + if ($addr_id <= 0) { + logger (\%conf, "Could not add address '$addr' for host '$host_name'", 3); + next; + } + + # Check if the agent exists + my $agent_id = get_agent_id($dbh, $host_name); + + # If the agent doesnt exist we create it + if($agent_id == -1) { + # Create a new agent + $agent_id = pandora_create_agent (\%conf, $conf{'servername'}, $host_name, $addr, $target_group, 0, 11, '', 300, $dbh); + } + + # Assign the new address to the agent + db_do ($dbh, 'INSERT INTO taddress_agent (`id_a`, `id_agent`) VALUES (?, ?)', $addr_id, $agent_id); + + # Generate an event + pandora_event (\%conf, "[RECON] New SNMP host [$host_name] detected on network [" . $target_network . ']', $target_group, $agent_id, 2, 0, 0, 'recon_host_detected', 0, $dbh); + + # SysUptime + process_module_snmp ($dbh, $target_community, $addr, ".1.3.6.1.2.1.1.3.0", "ticks", "SysUptime", "remote_snmp_string", "System uptime reported by SNMP", $conf); + + # SysName + process_module_snmp ($dbh, $target_community, $addr, ".1.3.6.1.2.1.1.5.0", "", "SysName", "remote_snmp_string", "System name reported by SNMP", $conf); + + # Local system total traffic + + process_module_snmp ($dbh, $target_community, $addr, ".1.3.6.1.2.1.4.3.0", "", "Local InReceives", "remote_snmp_inc", "System local incoming traffic (bytes)", $conf); + + process_module_snmp ($dbh, $target_community, $addr, ".1.3.6.1.2.1.4.10.0", "", "Local OutRequests", "remote_snmp_inc", "System local outgoing traffic (bytes)", $conf); + + # Process interface list + # Get interface indexes + + my $interface_indexes = `/usr/bin/snmpwalk -Ouvq -c '$target_community' -v 1 $addr ifIndex 2>/dev/null`; + + my @ids = split("\n", $interface_indexes); + + foreach my $ax (@ids) { + my $oper_status = `/usr/bin/snmpwalk -OUevqt -c '$target_community' -v 1 $addr .1.3.6.1.2.1.2.2.1.8.$ax 2>/dev/null`; + + # If switch_mode is active and the interface is not up, we avoid it + if($all_mode ne '-a' && $oper_status != 1) { + next; + } + + my $interface = `/usr/bin/snmpget -v 1 -r0 -t$target_timeout -OUevqt -c '$target_community' $addr RFC1213-MIB::ifDescr.$ax 2>/dev/null`; - # Do a grace sleep to avoid destination server ban me - sleep 1; + my $ip_address = `/usr/bin/snmpwalk -OnQ -c '$target_community' -v 1 $addr .1.3.6.1.2.1.4.20.1.2 | sed 's/.1.3.6.1.2.1.4.20.1.2.//' | grep "= $ax" | awk '{print \$1}'`; + + if($ip_address eq '') { + $ip_address = 'N/A'; + } + else { + chomp($ip_address); + $ip_address =~ s/\n/,/g; + } + + # Remove forbidden caracters + $interface =~ s/\"|\n|\<|\>|\&|\[|\]//g; + + process_module_snmp ($dbh, $target_community, $addr, ".1.3.6.1.2.1.2.2.1.8.$ax", "interface", "$interface Status", "remote_snmp_proc", "Operative status for $interface at position $ax. IP Address: $ip_address", $conf); + + process_module_snmp ($dbh, $target_community, $addr, ".1.3.6.1.2.1.2.2.1.10.$ax", "", "$interface Inbound bps", "remote_snmp_inc", "Incoming traffic for $interface", $conf); + + process_module_snmp ($dbh, $target_community, $addr, ".1.3.6.1.2.1.2.2.1.16.$ax", "", "$interface Outbound bps", "remote_snmp_inc", "Outgoing traffic for $interface", $conf); + + # Do a grace sleep to avoid destination server ban me + sleep 1; + + } + + } + } else { #simple ip. No network. - } - -} + if ($addr_item =~ /\b\d{1,3}\.\d{1,3}\.\d{1,3}\.(\d{1,3})\b/) { + if($1 eq '0' || $1 eq '255') { + next; + } + } + + my $addr = $addr_item; + + my $alive = 0; + if (pandora_ping (\%conf, $addr) == 1) { + $alive = 1; + } + + next unless ($alive > 0); + + # Resolve the address + my $host_name = gethostbyaddr(inet_aton($addr), AF_INET); + $host_name = $addr unless defined ($host_name); + #/usr/bin/snmpwalk -OUevqt -c 'public' -v 1 192.168.50.100 SNMPv2-MIB::sysName.0 + logger(\%conf, "SNMP Recon App found host $host_name.", 10); + + # Add the new address if it does not exist + my $addr_id = get_addr_id ($dbh, $addr); + + my $resp; + my $oid; + my $module_type; + my $module_description; + my $module_name; + my $xml = ""; + my $ax; # Counter + my $conf = \%conf; + + $resp = ""; + + my @community_list = split (",", $target_community); + my $community_validate = 0; + my $community; + + foreach $community (@community_list) { + $resp = get_snmp_response ($target_timeout, $community, $addr); + + if ($resp ne "") { + $community_validate = 1; + $target_community = $community; + last; + } + } + + if ($community_validate eq 0) { + next; + } + + # Create agent if really has SNMP information + $addr_id = add_address ($dbh, $addr) unless ($addr_id > 0); + if ($addr_id <= 0) { + logger (\%conf, "Could not add address '$addr' for host '$host_name'", 3); + next; + } + + # Check if the agent exists + my $agent_id = get_agent_id($dbh, $host_name); + + # If the agent doesnt exist we create it + if($agent_id == -1) { + # Create a new agent + $agent_id = pandora_create_agent (\%conf, $conf{'servername'}, $host_name, $addr, $target_group, 0, 11, '', 300, $dbh); + } + + # Assign the new address to the agent + db_do ($dbh, 'INSERT INTO taddress_agent (`id_a`, `id_agent`) VALUES (?, ?)', $addr_id, $agent_id); + + # Generate an event + pandora_event (\%conf, "[RECON] New SNMP host [$host_name] detected on network [" . $target_network . ']', $target_group, $agent_id, 2, 0, 0, 'recon_host_detected', 0, $dbh); + + # SysUptime + process_module_snmp ($dbh, $target_community, $addr, ".1.3.6.1.2.1.1.3.0", "ticks", "SysUptime", "remote_snmp_string", "System uptime reported by SNMP", $conf); + + # SysName + process_module_snmp ($dbh, $target_community, $addr, ".1.3.6.1.2.1.1.5.0", "", "SysName", "remote_snmp_string", "System name reported by SNMP", $conf); + + # Local system total traffic + + process_module_snmp ($dbh, $target_community, $addr, ".1.3.6.1.2.1.4.3.0", "", "Local InReceives", "remote_snmp_inc", "System local incoming traffic (bytes)", $conf); + + process_module_snmp ($dbh, $target_community, $addr, ".1.3.6.1.2.1.4.10.0", "", "Local OutRequests", "remote_snmp_inc", "System local outgoing traffic (bytes)", $conf); + + # Process interface list + # Get interface indexes + + my $interface_indexes = `/usr/bin/snmpwalk -Ouvq -c '$target_community' -v 1 $addr ifIndex 2>/dev/null`; + + my @ids = split("\n", $interface_indexes); + + foreach my $ax (@ids) { + my $oper_status = `/usr/bin/snmpwalk -OUevqt -c '$target_community' -v 1 $addr .1.3.6.1.2.1.2.2.1.8.$ax 2>/dev/null`; + + # If switch_mode is active and the interface is not up, we avoid it + if($all_mode ne '-a' && $oper_status != 1) { + next; + } + + my $interface = `/usr/bin/snmpget -v 1 -r0 -t$target_timeout -OUevqt -c '$target_community' $addr RFC1213-MIB::ifDescr.$ax 2>/dev/null`; + + my $ip_address = `/usr/bin/snmpwalk -OnQ -c '$target_community' -v 1 $addr .1.3.6.1.2.1.4.20.1.2 | sed 's/.1.3.6.1.2.1.4.20.1.2.//' | grep "= $ax" | awk '{print \$1}'`; + + if($ip_address eq '') { + $ip_address = 'N/A'; + } + else { + chomp($ip_address); + $ip_address =~ s/\n/,/g; + } + + # Remove forbidden caracters + $interface =~ s/\"|\n|\<|\>|\&|\[|\]//g; + + process_module_snmp ($dbh, $target_community, $addr, ".1.3.6.1.2.1.2.2.1.8.$ax", "interface", "$interface Status", "remote_snmp_proc", "Operative status for $interface at position $ax. IP Address: $ip_address", $conf); + + process_module_snmp ($dbh, $target_community, $addr, ".1.3.6.1.2.1.2.2.1.10.$ax", "", "$interface Inbound bps", "remote_snmp_inc", "Incoming traffic for $interface", $conf); + + process_module_snmp ($dbh, $target_community, $addr, ".1.3.6.1.2.1.2.2.1.16.$ax", "", "$interface Outbound bps", "remote_snmp_inc", "Outgoing traffic for $interface", $conf); + + # Do a grace sleep to avoid destination server ban me + sleep 1; + + } + } +} # Mark recon task as done update_recon_task ($dbh, $task_id, -1);