tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'ent-12317-mejora-del-discovery-host-scan-y-el-wizard-de-discovery-de-bienvenida' into 'develop' 

Net scan improvements

See merge request artica/pandorafms!6908
This commit is contained in:
Rafael Ameijeiras 2024-02-15 08:28:12 +00:00
parent f28808f246 5d174013e5
commit 62ce18e4dc
9 changed files with 820 additions and 227 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
pandora_console/extras/mr/68.sql
View File

@ -63,4 +63,27 @@ SET @widget_id = NULL;
SELECT @widget_id := `id` FROM `twidget` WHERE `unique_name` = 'GisMap';
INSERT IGNORE INTO `twidget` (`id`,`class_name`,`unique_name`,`description`,`options`,`page`) VALUES (@widget_id,'GisMap','GisMap','Gis map','','GisMap.php');
-- Create SNMPv3 credentials for recon tasks and update them
SET @creds_name = 'Recon-SNMP-creds-';
INSERT IGNORE INTO `tcredential_store` (`identifier`, `id_group`, `product`, `extra_1`)
SELECT
CONCAT(@creds_name,`id_rt`) AS `identifier`,
`id_group`,
'SNMP' AS `product`,
CONCAT(
'{',
'"community":"',`snmp_community`,'",',
'"version":"',`snmp_version`,'",',
'"securityLevelV3":"',`snmp_security_level`,'",',
'"authUserV3":"',`snmp_auth_user`,'",',
'"authMethodV3":"',`snmp_auth_method`,'",',
'"authPassV3":"',`snmp_auth_pass`,'",',
'"privacyMethodV3":"',`snmp_privacy_method`,'",',
'"privacyPassV3":"',`snmp_privacy_pass`,'"',
'}'
) AS `extra1`
FROM `trecon_task` WHERE `snmp_version` = 3 AND `snmp_enabled` = 1
;
UPDATE `trecon_task` SET `auth_strings` = IF(`auth_strings` = '',CONCAT(@creds_name,`id_rt`),CONCAT(@creds_name,`id_rt`,',',`auth_strings`)) WHERE `snmp_version` = 3 AND `snmp_enabled` = 1;
COMMIT;

251
pandora_console/godmode/wizards/HostDevices.class.php
View File

@ -450,6 +450,26 @@ class HostDevices extends Wizard
if (isset($this->task['id_rt']) === false) {
// Create.
$default_templates = [
io_safe_input('Linux System'),
io_safe_input('Windows System'),
io_safe_input('Windows Hardware'),
io_safe_input('Network Management')
];
$default_templates_ids = db_get_all_rows_sql('SELECT id_np
FROM tnetwork_profile
WHERE name IN ('.implode(',', array_map(function($template) {
return "'" . $template . "'";
}, $default_templates)).')
ORDER BY name');
if($default_templates_ids !== false) {
$this->task['id_network_profile'] = implode(',',
array_column($default_templates_ids, 'id_np'),
);
}
$this->task['id_rt'] = db_process_sql_insert(
'trecon_task',
$this->task
@ -1100,12 +1120,9 @@ class HostDevices extends Wizard
'arguments' => [
'name' => 'id_network_profile[]',
'type' => 'select_from_sql',
'sql' => 'SELECT tn.id_np, tn.name
FROM tnetwork_profile tn
LEFT JOIN `tnetwork_profile_pen` tp
ON tp.id_np = tn.id_np
WHERE tp.id_np IS NULL
ORDER BY tn.name',
'sql' => 'SELECT id_np, name
FROM tnetwork_profile
ORDER BY name',
'return' => true,
'selected' => explode(
',',
@ -1273,114 +1290,86 @@ class HostDevices extends Wizard
],
];
// SNMP Options pack v3.
$form['inputs'][] = [
'hidden' => 1,
'block_id' => 'snmp_options_v3',
'class' => 'indented',
'block_content' => [
[
'label' => '<b>'.__('Context').'</b>',
'arguments' => [
'name' => 'snmp_context',
'type' => 'text',
'value' => $this->task['snmp_community'],
'size' => 15,
'return' => true,
$show_snmp_auth = false;
if (isset($this->task['snmp_enabled']) && $this->task['snmp_enabled'] > 0
&& isset($this->task['snmp_version']) && $this->task['snmp_version'] == 3
) {
$show_snmp_auth = true;
}
],
],
[
'label' => '<b>'.__('Auth user').'</b>',
'arguments' => [
'name' => 'snmp_auth_user',
'type' => 'text',
'value' => $this->task['snmp_auth_user'],
'size' => 15,
'return' => true,
],
],
[
'label' => '<b>'.__('Security level').'</b>',
'arguments' => [
'name' => 'snmp_security_level',
'type' => 'select',
'fields' => [
'noAuthNoPriv' => __('Not auth and not privacy method'),
'authNoPriv' => __('Auth and not privacy method'),
'authPriv' => __('Auth and privacy method'),
],
'selected' => $this->task['snmp_security_level'],
'size' => 15,
'return' => true,
],
],
[
'label' => '<b>'.__('Auth method').'</b>',
'arguments' => [
'name' => 'snmp_auth_method',
'type' => 'select',
'fields' => [
'MD5' => __('MD5'),
'SHA' => __('SHA'),
],
'selected' => $this->task['snmp_auth_method'],
'size' => 15,
'return' => true,
],
],
[
'label' => '<b>'.__('Auth password').'</b>'.ui_print_help_tip(
__(
'The pass length must be eight character minimum.'
),
true
),
'arguments' => [
'name' => 'snmp_auth_pass',
'type' => 'password',
'value' => $this->task['snmp_auth_pass'],
'size' => 15,
'return' => true,
],
],
[
'label' => '<b>'.__('Privacy method').'</b>',
'arguments' => [
'name' => 'snmp_privacy_method',
'type' => 'select',
'fields' => [
'DES' => __('DES'),
'AES' => __('AES'),
],
'selected' => $this->task['snmp_privacy_method'],
'size' => 15,
'return' => true,
],
],
[
'label' => '<b>'.__('Privacy pass').'</b>'.ui_print_help_tip(
__(
'The pass length must be eight character minimum.'
),
true
),
'arguments' => [
'name' => 'snmp_privacy_pass',
'type' => 'password',
'value' => $this->task['snmp_privacy_pass'],
'size' => 15,
'return' => true,
],
],
include_once $config['homedir'].'/include/class/CredentialStore.class.php';
$all_snmp_keys = CredentialStore::getAll(
[
'cs.*',
'tg.nombre as `group`',
],
];
['product' => 'SNMP']
);
if (is_array($all_snmp_keys) === true) {
// Improve usage and decode output.
$snmp_available_keys = array_reduce(
$all_snmp_keys,
function ($carry, $item) {
$item['extra_1'] = io_output_password($item['extra_1']);
$extra1 = json_decode($item['extra_1'], true);
if($extra1 !== null && $extra1['version'] == 3) {
$carry[$item['identifier']] = $item['identifier'];
}
return $carry;
},
[]
);
}
if (check_acl($config['id_user'], 0, 'UM')) {
$link_to_cs = '<a class="ext_link" href="'.ui_get_full_url(
'index.php?sec=gmodules&sec2=godmode/groups/group_list&tab=credbox'
).'" >';
$link_to_cs .= __('No credentials available').', ';
$link_to_cs .= strtolower(__('Manage credentials')).'</a>';
} else {
$link_to_cs = __('No credentials available');
}
if (count($snmp_available_keys) > 0) {
$form['inputs'][] = [
'block_id' => 'auth_block_snmp',
'class' => 'indented',
'hidden' => !$show_snmp_auth,
'block_content' => [
[
'label' => __('Credentials to try with'),
'arguments' => [
'type' => 'select',
'name' => 'auth_strings[]',
'fields' => $snmp_available_keys,
'selected' => explode(
',',
$this->task['auth_strings']
),
'multiple' => true,
'class' => 'select_multiple',
],
],
],
];
} else {
$form['inputs'][] = [
'block_id' => 'auth_block_snmp',
'class' => 'indented',
'hidden' => !$show_snmp_auth,
'block_content' => [
[
'label' => __('Credentials to try with'),
'extra' => $link_to_cs,
],
],
];
}
// Input: Enforce os detection.
$form['inputs'][] = [
@ -1453,14 +1442,12 @@ class HostDevices extends Wizard
// AUTH CONFIGURATION.
$show_auth = false;
if ((isset($this->task['wmi_enabled']) && $this->task['wmi_enabled'] > 0)
|| (isset($this->task['rcmd_enabled']) && $this->task['rcmd_enabled'] > 0)
) {
if (isset($this->task['wmi_enabled']) && $this->task['wmi_enabled'] > 0) {
$show_auth = true;
}
include_once $config['homedir'].'/include/class/CredentialStore.class.php';
$available_keys = CredentialStore::getKeys('WMI');
$wmi_available_keys = CredentialStore::getKeys('WMI');
if (check_acl($config['id_user'], 0, 'UM')) {
$link_to_cs = '<a class="ext_link" href="'.ui_get_full_url(
'index.php?sec=gmodules&sec2=godmode/groups/group_list&tab=credbox'
@ -1471,9 +1458,9 @@ class HostDevices extends Wizard
$link_to_cs = __('No credentials available');
}
if (count($available_keys) > 0) {
if (count($wmi_available_keys) > 0) {
$form['inputs'][] = [
'block_id' => 'auth_block',
'block_id' => 'auth_block_wmi',
'class' => 'indented',
'hidden' => !$show_auth,
'block_content' => [
@ -1482,7 +1469,7 @@ class HostDevices extends Wizard
'arguments' => [
'type' => 'select',
'name' => 'auth_strings[]',
'fields' => CredentialStore::getKeys('WMI'),
'fields' => $wmi_available_keys,
'selected' => explode(
',',
$this->task['auth_strings']
@ -1496,12 +1483,12 @@ class HostDevices extends Wizard
];
} else {
$form['inputs'][] = [
'block_id' => 'auth_block',
'block_id' => 'auth_block_wmi',
'class' => 'indented',
'hidden' => !$show_auth,
'block_content' => [
[
'label' => __('Credentials'),
'label' => __('Credentials to try with'),
'extra' => $link_to_cs,
],
],
@ -1520,11 +1507,11 @@ class HostDevices extends Wizard
function SNMPExtraShow(target) {
$("#snmp_options_basic").hide();
$("#snmp_options_skip_non_enabled_ifs").hide();
$("#snmp_options_v3").hide();
$("#auth_block_snmp").hide();
if (document.getElementsByName("snmp_enabled")[0].checked) {
$("#snmp_extra").show();
if (target == 3) {
$("#snmp_options_v3").show();
$("#auth_block_snmp").show();
} else {
$("#snmp_options_basic").show();
$("#snmp_options_skip_non_enabled_ifs").show();
@ -1554,7 +1541,7 @@ class HostDevices extends Wizard
$("#snmp_extra").hide();
$("#snmp_options_basic").hide();
$("#snmp_options_skip_non_enabled_ifs").hide();
$("#snmp_options_v3").hide();
$("#auth_block_snmp").hide();
// Disable snmp dependant checks
if (document.getElementsByName("parent_recursion")[0].checked)
@ -1572,13 +1559,17 @@ class HostDevices extends Wizard
}
function toggleAuth() {
if (document.getElementsByName("wmi_enabled")[0].checked
|| (typeof document.getElementsByName("rcmd_enabled")[0] != "undefined"
&& document.getElementsByName("rcmd_enabled")[0].checked)
) {
$("#auth_block").show();
if (document.getElementsByName("wmi_enabled")[0].checked) {
$("#auth_block_wmi").show();
} else {
$("#auth_block").hide();
$("#auth_block_wmi").hide();
}
if (typeof document.getElementsByName("rcmd_enabled")[0] != "undefined"
&& document.getElementsByName("rcmd_enabled")[0].checked) {
$("#auth_block_rcmd").show();
} else {
$("#auth_block_rcmd").hide();
}
}

7
pandora_console/include/ajax/task_to_perform.php
View File

@ -129,7 +129,12 @@ if ($check_connectivity) {
if ($create_net_scan) {
$ip_target = get_parameter('ip_target', '192.168.10.0/24');
$id_net_scan = create_net_scan($ip_target);
$snmp_version = get_parameter('snmp_version', '1');
$snmp_communities = get_parameter('snmp_communities', 'public');
$wmi_credentials = get_parameter('wmi_credentials', []);
$rcmd_credentials = get_parameter('rcmd_credentials', []);
$id_net_scan = create_net_scan($ip_target, $snmp_version, $snmp_communities, $wmi_credentials, $rcmd_credentials);
if ($id_net_scan > 0) {
$id_recon_server = db_get_row_filter('tserver', ['server_type' => SERVER_TYPE_DISCOVERY], 'id_server')['id_server'];
ui_print_success_message(__('Basic net created and scan in progress. <a href='.ui_get_full_url('index.php?sec=gservers&sec2=godmode/servers/discovery&wiz=tasklist&server_id='.$id_recon_server.'&force='.$id_net_scan).'>Click here to view the data</a>. Please note that it may take a few seconds to see data if your server is busy'));

349
pandora_console/include/class/WelcomeWindow.class.php
View File

@ -848,13 +848,22 @@ class WelcomeWindow extends Wizard
</div>
<div id="dialog_basic_net" class="invisible">
<?php
$serverIP = $_SERVER['SERVER_ADDR'];
$ipParts = explode('.', $serverIP);
if (count($ipParts) === 4) {
$ipParts[3] = '0/24';
$network = implode('.', $ipParts);
} else {
$network = '192.168.10.0/24';
}
echo html_print_input_hidden('create_net_scan', 1);
echo html_print_label_input_block(
__('Ip target'),
html_print_input_text(
'ip_target_discovery',
'192.168.10.0/24',
'192.168.10.0/24',
$network,
$network,
false,
18,
true,
@ -874,8 +883,307 @@ class WelcomeWindow extends Wizard
)
);
echo html_print_div(
[
'class' => '',
'content' => '<br>To detect and find systems on your network we will need access credentials. The SNMP community for network devices, and at least one set of credentials for Linux and Windows environments (they do not need to be super administrators, but they do need to be able to connect remotely). Without the credentials, we will only be able to detect if the devices are connected to the network.<br><br>',
],
true
);
// SNMP Communities
echo html_print_label_input_block(
__('SNMP communities to try with').ui_print_help_tip(
__(
'You can specify several values, separated by commas, for example: public,mysecret,1234'
),
true
),
html_print_input(
[
'name' => 'community',
'type' => 'text',
'value' => 'public',
'size' => 25,
'return' => true
],
'div',
true
),
[
'div_id' => 'snmp-communities-div'
]
);
ui_require_jquery_file('tag-editor.min','include/javascript/',true);
ui_require_jquery_file('caret.min','include/javascript/',true);
ui_require_css_file('jquery.tag-editor','include/styles/',true);
echo '<br>';
$spacing = '';
for ($i = 0; $i < 12; $i++) {
$spacing .= '&nbsp;';
}
// WMI Credentials
echo '<fieldset style="padding: 10px; padding-top: 0px">';
echo '<legend>'.__('WMI credentials').'</legend>';
echo html_print_div(
[
'id' => 'wmi-creds',
'content' => ''
],
true
);
echo html_print_div(
[
'id' => 'wmi-cred-form',
'hidden' => true,
'style' => 'margin: 10px; display: flex; align-items: center;',
'content' => html_print_div(
[
'id' => 'wmi-cred-user-div',
'style' => 'width: 260px;',
'content' => html_print_label_input_block(__('User').'&nbsp;', html_print_input_text(
'wmi-cred-user',
'',
'',
false,
50, // Max length
true,
false,
true,
'',
'w100p',
'',
'off',
false,
'',
'',
'',
false,
'',
'Username'
),['div_style' => 'display: flex; align-items: center;'])
],
true
)
.
html_print_div(
[
'id' => 'wmi-cred-pass-div',
'style' => 'width: 260px;',
'content' => html_print_label_input_block($spacing.__('Password').'&nbsp;', html_print_input_password(
'wmi-cred-pass',
'',
'',
false,
50, // Max length
true,
false,
true,
'w100p',
'off',
false,
''
),['div_style' => 'display: flex; align-items: center;'])
],
true
)
.
html_print_div(
[
'id' => 'wmi-cred-namespace-div',
'style' => 'width: 260px;',
'content' => html_print_label_input_block($spacing.__('Namespace').'&nbsp;', html_print_input_text(
'wmi-cred-namespace',
'',
'',
false,
50, // Max length
true,
false,
true,
'',
'w100p',
'',
'off',
false,
'',
'',
'',
false,
'',
'Namespace'
),['div_style' => 'display: flex; align-items: center;'])
],
true
)
.
'<a onClick="delete_discovery_credential(this);">'.html_print_image(
'images/delete.svg',
true,
[
'title' => __('Delete'),
'style' => 'cursor: pointer;',
'class' => 'main_menu_icon invert_filter',
]
).'</a>'
],
true
);
echo '<div style="height: 10px;"></div>';
echo html_print_button(
__('Add'),
'add-wmi-cred',
false,
'add_discovery_credential("wmi-cred-form","wmi-creds");',
[
'icon' => 'plus',
'mode' => 'secondary',
'class' => 'mini'
],
true,
false,
false,
''
);
echo '</fieldset>';
echo '<br>';
// RCM Credentials
echo '<fieldset style="padding: 10px; padding-top: 0px">';
echo '<legend>'.__('Remote commands credentials').'</legend>';
echo html_print_div(
[
'id' => 'rcmd-creds',
'content' => ''
],
true
);
echo html_print_div(
[
'id' => 'rcmd-cred-form',
'hidden' => true,
'style' => 'margin: 10px; display: flex; align-items: center;',
'content' => html_print_div(
[
'id' => 'rcmd-cred-user-div',
'style' => 'width: 260px;',
'content' => html_print_label_input_block(__('User').'&nbsp;', html_print_input_text(
'rcmd-cred-user',
'',
'',
false,
50, // Max length
true,
false,
true,
'',
'w100p',
'',
'off',
false,
'',
'',
'',
false,
'',
'Username'
),['div_style' => 'display: flex; align-items: center;'])
],
true
)
.
html_print_div(
[
'id' => 'rcmd-cred-pass-div',
'style' => 'width: 260px;',
'content' => html_print_label_input_block($spacing.__('Password').'&nbsp;', html_print_input_password(
'rcmd-cred-pass',
'',
'',
false,
50, // Max length
true,
false,
true,
'w100p',
'off',
false,
''
),['div_style' => 'display: flex; align-items: center;'])
],
true
)
.
'<a onClick="delete_discovery_credential(this);">'.html_print_image(
'images/delete.svg',
true,
[
'title' => __('Delete'),
'style' => 'cursor: pointer;',
'class' => 'main_menu_icon invert_filter',
]
).'</a>'
],
true
);
echo '<div style="height: 10px;"></div>';
echo html_print_button(
__('Add'),
'add-rcmd-cred',
false,
'add_discovery_credential("rcmd-cred-form","rcmd-creds");',
[
'icon' => 'plus',
'mode' => 'secondary',
'class' => 'mini'
],
true,
false,
false,
''
);
echo '</fieldset>';
echo html_print_submit_button(__('Create'), 'basic_net', false, ['icon' => 'next', 'style' => 'margin-top:15px; float:right;']);
?>
<script type="text/javascript">
$(document).ready(function() {
$('#snmp-communities-div .tag-editor').remove();
$('#text-community').tagEditor({
forceLowercase: false
});
});
var credentialCounters = {};
function add_discovery_credential(sourceFormId, targetDivId) {
// Increment the counter for this type of credential
credentialCounters[targetDivId] = (credentialCounters[targetDivId] || 0) + 1;
// Clone the source form
var newCredential = $("#" + sourceFormId).clone();
// Generate a unique ID for the new credential
var uniqueId = targetDivId + "-" + credentialCounters[targetDivId];
// Set a new ID for the cloned form
newCredential.attr("id", uniqueId);
// Append the cloned form to the target div
$("#" + targetDivId).append(newCredential);
// Ensure the cloned div is visible
newCredential.show().css("display", "flex");
}
function delete_discovery_credential(clickedElement) {
$(clickedElement).parent().remove();
}
</script>
</div>
<div id="dialog_alert_mail" class="invisible">
<?php
@ -1308,8 +1616,8 @@ class WelcomeWindow extends Wizard
draggable: true,
modal: true,
close: false,
height: 200,
width: 480,
height: 590,
width: 925,
overlay: {
opacity: 0.5,
background: "black"
@ -1407,6 +1715,35 @@ class WelcomeWindow extends Wizard
});
$('#button-basic_net').click(function(){
var wmi_credentials = [];
$("#wmi-creds [id^='wmi-creds-']").each(function() {
var credentialId = $(this).attr("id");
var credentialValues = {
user: $(this).find('[name="wmi-cred-user"]').val(),
pass: $(this).find('[name="wmi-cred-pass"]').val(),
namespace: $(this).find('[name="wmi-cred-namespace"]').val()
};
wmi_credentials.push({
id: credentialId,
credential: credentialValues
});
});
var rcmd_credentials = [];
$("#rcmd-creds [id^='rcmd-creds-']").each(function() {
var credentialId = $(this).attr("id");
var credentialValues = {
user: $(this).find('[name="rcmd-cred-user"]').val(),
pass: $(this).find('[name="rcmd-cred-pass"]').val()
};
rcmd_credentials.push({
id: credentialId,
credential: credentialValues
});
});
$.ajax({
async: false,
type: "POST",
@ -1414,6 +1751,10 @@ class WelcomeWindow extends Wizard
data: {
create_net_scan: 1,
ip_target: $('#text-ip_target_discovery').val(),
snmp_version: 1,
snmp_communities: $('#text-community').val(),
wmi_credentials: wmi_credentials,
rcmd_credentials: rcmd_credentials
},
success: function(data) {
if (data !== 0) {

108
pandora_console/include/functions_welcome_wizard.php
View File

@ -473,13 +473,108 @@ function create_module_packet_lost($id_agent, $id_group, $ip_target)
* Create module packet lost and return module id.
*
* @param string $ip_target Ip and red mask.
* @param string $snmp_communities SNMP Communities to use in recon task.
* @param array $wmi_credentials WMI Credentials to use in recon task.
* @param array $rcmd_credentials RCMD Credentials to use in recon task.
*
* @return interger Module id.
*/
function create_net_scan($ip_target)
function create_net_scan($ip_target, $snmp_version, $snmp_communities, $wmi_credentials, $rcmd_credentials)
{
global $config;
include_once $config['homedir'].'/godmode/wizards/HostDevices.class.php';
include_once $config['homedir'].'/include/functions_groups.php';
$group_name = 'AutoDiscovery';
$id_group = db_get_value('id_grupo', 'tgrupo', 'nombre', io_safe_input($group_name));
if (!($id_group > 0)) {
$id_group = groups_create_group(
io_safe_input($group_name),
[
'icon' => 'applications.png',
'description' => '',
'contact' => '',
'other' => '',
]
);
if (!($id_group > 0)) {
$id_group = 10;
}
}
$auth_strings = [];
$default_templates = [
io_safe_input('Linux System'),
io_safe_input('Windows System'),
io_safe_input('Windows Hardware'),
io_safe_input('Network Management')
];
$default_templates_ids = db_get_all_rows_sql('SELECT id_np
FROM tnetwork_profile
WHERE name IN ('.implode(',', array_map(function($template) {
return "'" . $template . "'";
}, $default_templates)).')
ORDER BY name');
$id_base = 'autoDiscovery-WMI-';
$id = 0;
foreach($wmi_credentials as $wmi) {
$id++;
$identifier = $id_base . $id;
while(db_get_value_sql(
sprintf(
'SELECT COUNT(*) AS count FROM tcredential_store WHERE identifier = "%s"',
$identifier
)
) > 0) {
$id++;
$identifier = $id_base . $id;
}
$storeKey = db_process_sql_insert('tcredential_store', [
'identifier' => $identifier,
'id_group' => $id_group,
'product' => 'WMI',
'username' => $wmi['credential']['user'],
'password' => $wmi['credential']['pass'],
'extra_1' => $wmi['credential']['namespace']
]);
if($storeKey !== false) {
$auth_strings[] = $identifier;
}
}
$id_base = 'autoDiscovery-RCMD-';
$id = 0;
foreach($rcmd_credentials as $rcmd) {
$id++;
$identifier = $id_base . $id;
while(db_get_value_sql(
sprintf(
'SELECT COUNT(*) AS count FROM tcredential_store WHERE identifier = "%s"',
$identifier
)
) > 0) {
$id++;
$identifier = $id_base . $id;
}
$storeKey = db_process_sql_insert('tcredential_store', [
'identifier' => $identifier,
'id_group' => $id_group,
'product' => 'CUSTOM',
'username' => $rcmd['credential']['user'],
'password' => $rcmd['credential']['pass']
]);
if($storeKey !== false) {
$auth_strings[] = $identifier;
}
}
$HostDevices = new HostDevices(1);
$id_recon_server = db_get_row_filter('tserver', ['server_type' => SERVER_TYPE_DISCOVERY], 'id_server')['id_server'];
@ -493,7 +588,7 @@ function create_net_scan($ip_target)
'taskname' => __('Basic network'),
'id_recon_server' => $id_recon_server,
'network' => $ip_target,
'id_group' => '8',
'id_group' => $id_group,
'comment' => __('Created on welcome'),
];
$task_created = $HostDevices->parseNetScan();
@ -504,13 +599,13 @@ function create_net_scan($ip_target)
'page' => '2',
'recon_ports' => '',
'auto_monitor' => 'on',
'id_network_profile' => ['0' => '2'],
'id_network_profile' => array_column($default_templates_ids, 'id_np'),
'review_results' => 'on',
'review_limited' => '0',
'snmp_enabled' => 'on',
'snmp_version' => '1',
'snmp_version' => $snmp_version,
'snmp_skip_non_enabled_ifs' => 'on',
'community' => '',
'community' => $snmp_communities,
'snmp_context' => '',
'snmp_auth_user' => '',
'snmp_security_level' => 'authNoPriv',
@ -523,6 +618,9 @@ function create_net_scan($ip_target)
'parent_detection' => 'on',
'parent_recursion' => 'on',
'vlan_enabled' => 'on',
'wmi_enabled' => 'on',
'rcmd_enabled' => 'on',
'auth_strings' => $auth_strings,
];
$task_final_created = $HostDevicesFinal->parseNetScan();

4
pandora_console/include/styles/jquery.tag-editor.css
View File

@ -108,9 +108,7 @@
cursor: default;
font-size: 14px;
}
.ui-front {
z-index: 9999;
}
.ui-menu {
list-style: none;
padding: 1px;

180
pandora_server/lib/PandoraFMS/DiscoveryServer.pm
View File

@ -1118,6 +1118,30 @@ sub PandoraFMS::Recon::Base::create_interface_modules($$) {
return unless ($self->is_snmp_discovered($device));
my $community = $self->get_community($device);
my $snmp3_creds = undef;
if(defined($self->{'snmp3_auth_key'}{$device})) {
$snmp3_creds = $self->snmp3_credentials($self->{'snmp3_auth_key'}{$device});
}
my $snmp3_params = {
'custom_string_1' => '',
'custom_string_2' => '',
'custom_string_3' => '',
'plugin_parameter' => '',
'plugin_user' => '',
'plugin_pass' => ''
};
if(defined($snmp3_creds)) {
$community = $snmp3_creds->{'community'};
$snmp3_params = {
'custom_string_1' => $snmp3_creds->{'snmp_privacy_method'},
'custom_string_2' => $snmp3_creds->{'snmp_privacy_pass'},
'custom_string_3' => $snmp3_creds->{'snmp_security_level'},
'plugin_parameter' => $snmp3_creds->{'snmp_auth_method'},
'plugin_user' => $snmp3_creds->{'snmp_auth_user'},
'plugin_pass' => $snmp3_creds->{'snmp_auth_pass'}
};
}
my @output = $self->snmp_get_value_array($device, $PandoraFMS::Recon::Base::IFINDEX);
foreach my $if_index (@output) {
next unless ($if_index =~ /^[0-9]+$/);
@ -1153,12 +1177,12 @@ sub PandoraFMS::Recon::Base::create_interface_modules($$) {
),
'ip_target' => $device,
'tcp_send' => $self->{'task_data'}{'snmp_version'},
'custom_string_1' => $self->{'task_data'}{'snmp_privacy_method'},
'custom_string_2' => $self->{'task_data'}{'snmp_privacy_pass'},
'custom_string_3' => $self->{'task_data'}{'snmp_security_level'},
'plugin_parameter' => $self->{'task_data'}{'snmp_auth_method'},
'plugin_user' => $self->{'task_data'}{'snmp_auth_user'},
'plugin_pass' => $self->{'task_data'}{'snmp_auth_pass'},
'custom_string_1' => $snmp3_params->{'snmp_privacy_method'},
'custom_string_2' => $snmp3_params->{'snmp_privacy_pass'},
'custom_string_3' => $snmp3_params->{'snmp_security_level'},
'plugin_parameter' => $snmp3_params->{'snmp_auth_method'},
'plugin_user' => $snmp3_params->{'snmp_auth_user'},
'plugin_pass' => $snmp3_params->{'snmp_auth_pass'},
'snmp_community' => $community,
'snmp_oid' => "$PandoraFMS::Recon::Base::IFOPERSTATUS.$if_index",
'unit' => ''
@ -1183,12 +1207,12 @@ sub PandoraFMS::Recon::Base::create_interface_modules($$) {
),
'ip_target' => $device,
'tcp_send' => $self->{'task_data'}{'snmp_version'},
'custom_string_1' => $self->{'task_data'}{'snmp_privacy_method'},
'custom_string_2' => $self->{'task_data'}{'snmp_privacy_pass'},
'custom_string_3' => $self->{'task_data'}{'snmp_security_level'},
'plugin_parameter' => $self->{'task_data'}{'snmp_auth_method'},
'plugin_user' => $self->{'task_data'}{'snmp_auth_user'},
'plugin_pass' => $self->{'task_data'}{'snmp_auth_pass'},
'custom_string_1' => $snmp3_params->{'snmp_privacy_method'},
'custom_string_2' => $snmp3_params->{'snmp_privacy_pass'},
'custom_string_3' => $snmp3_params->{'snmp_security_level'},
'plugin_parameter' => $snmp3_params->{'snmp_auth_method'},
'plugin_user' => $snmp3_params->{'snmp_auth_user'},
'plugin_pass' => $snmp3_params->{'snmp_auth_pass'},
'snmp_community' => $community,
'snmp_oid' => "$PandoraFMS::Recon::Base::IFHCINOCTECTS.$if_index",
'unit' => safe_input('bytes/s')
@ -1210,12 +1234,12 @@ sub PandoraFMS::Recon::Base::create_interface_modules($$) {
),
'ip_target' => $device,
'tcp_send' => $self->{'task_data'}{'snmp_version'},
'custom_string_1' => $self->{'task_data'}{'snmp_privacy_method'},
'custom_string_2' => $self->{'task_data'}{'snmp_privacy_pass'},
'custom_string_3' => $self->{'task_data'}{'snmp_security_level'},
'plugin_parameter' => $self->{'task_data'}{'snmp_auth_method'},
'plugin_user' => $self->{'task_data'}{'snmp_auth_user'},
'plugin_pass' => $self->{'task_data'}{'snmp_auth_pass'},
'custom_string_1' => $snmp3_params->{'snmp_privacy_method'},
'custom_string_2' => $snmp3_params->{'snmp_privacy_pass'},
'custom_string_3' => $snmp3_params->{'snmp_security_level'},
'plugin_parameter' => $snmp3_params->{'snmp_auth_method'},
'plugin_user' => $snmp3_params->{'snmp_auth_user'},
'plugin_pass' => $snmp3_params->{'snmp_auth_pass'},
'snmp_community' => $community,
'snmp_oid' => "$PandoraFMS::Recon::Base::IFINOCTECTS.$if_index",
'unit' => safe_input('bytes/s')
@ -1241,12 +1265,12 @@ sub PandoraFMS::Recon::Base::create_interface_modules($$) {
),
'ip_target' => $device,
'tcp_send' => $self->{'task_data'}{'snmp_version'},
'custom_string_1' => $self->{'task_data'}{'snmp_privacy_method'},
'custom_string_2' => $self->{'task_data'}{'snmp_privacy_pass'},
'custom_string_3' => $self->{'task_data'}{'snmp_security_level'},
'plugin_parameter' => $self->{'task_data'}{'snmp_auth_method'},
'plugin_user' => $self->{'task_data'}{'snmp_auth_user'},
'plugin_pass' => $self->{'task_data'}{'snmp_auth_pass'},
'custom_string_1' => $snmp3_params->{'snmp_privacy_method'},
'custom_string_2' => $snmp3_params->{'snmp_privacy_pass'},
'custom_string_3' => $snmp3_params->{'snmp_security_level'},
'plugin_parameter' => $snmp3_params->{'snmp_auth_method'},
'plugin_user' => $snmp3_params->{'snmp_auth_user'},
'plugin_pass' => $snmp3_params->{'snmp_auth_pass'},
'snmp_community' => $community,
'snmp_oid' => "$PandoraFMS::Recon::Base::IFHCOUTOCTECTS.$if_index",
'unit' => safe_input('bytes/s')
@ -1268,12 +1292,12 @@ sub PandoraFMS::Recon::Base::create_interface_modules($$) {
),
'ip_target' => $device,
'tcp_send' => $self->{'task_data'}{'snmp_version'},
'custom_string_1' => $self->{'task_data'}{'snmp_privacy_method'},
'custom_string_2' => $self->{'task_data'}{'snmp_privacy_pass'},
'custom_string_3' => $self->{'task_data'}{'snmp_security_level'},
'plugin_parameter' => $self->{'task_data'}{'snmp_auth_method'},
'plugin_user' => $self->{'task_data'}{'snmp_auth_user'},
'plugin_pass' => $self->{'task_data'}{'snmp_auth_pass'},
'custom_string_1' => $snmp3_params->{'snmp_privacy_method'},
'custom_string_2' => $snmp3_params->{'snmp_privacy_pass'},
'custom_string_3' => $snmp3_params->{'snmp_security_level'},
'plugin_parameter' => $snmp3_params->{'snmp_auth_method'},
'plugin_user' => $snmp3_params->{'snmp_auth_user'},
'plugin_pass' => $snmp3_params->{'snmp_auth_pass'},
'snmp_community' => $community,
'snmp_oid' => "$PandoraFMS::Recon::Base::IFOUTOCTECTS.$if_index",
'unit' => safe_input('bytes/s')
@ -1305,19 +1329,19 @@ sub PandoraFMS::Recon::Base::create_interface_modules($$) {
# Interface index filter.
$macros->{'5'}->{'value'} = $if_index;
# SecurityName.
$macros->{'6'}->{'value'} = $self->{'task_data'}->{'snmp_auth_user'};
$macros->{'6'}->{'value'} = $snmp3_params->{'snmp_auth_user'};
# SecurityContext.
$macros->{'7'}->{'value'} = $community;
# SecurityLevel.
$macros->{'8'}->{'value'} = $self->{'task_data'}->{'snmp_security_level'};
$macros->{'8'}->{'value'} = $snmp3_params->{'snmp_security_level'};
# AuthProtocol.
$macros->{'9'}->{'value'} = $self->{'task_data'}->{'snmp_auth_method'};
$macros->{'9'}->{'value'} = $snmp3_params->{'snmp_auth_method'};
# AuthKey.
$macros->{'10'}->{'value'} = $self->{'task_data'}->{'snmp_auth_pass'};
$macros->{'10'}->{'value'} = $snmp3_params->{'snmp_auth_pass'};
# PrivProtocol.
$macros->{'11'}->{'value'} = $self->{'task_data'}->{'snmp_privacy_method'};
$macros->{'11'}->{'value'} = $snmp3_params->{'snmp_privacy_method'};
# PrivKey.
$macros->{'12'}->{'value'} = $self->{'task_data'}->{'snmp_privacy_pass'};
$macros->{'12'}->{'value'} = $snmp3_params->{'snmp_privacy_pass'};
# Hash identifier.
$macros->{'13'}->{'value'} = PandoraFMS::Tools::generate_agent_name_hash($if_name, $device);
# Get input usage.
@ -1429,6 +1453,7 @@ sub PandoraFMS::Recon::Base::create_wmi_modules {
{
'ip_target' => $target,
'snmp_oid' => "SELECT LoadPercentage FROM Win32_Processor WHERE DeviceId=\'$cpu\'",
'tcp_send' => $creds->{'extra_1'},
'plugin_user' => $creds->{'username'},
'plugin_pass' => $creds->{'password'},
'tcp_port' => 1,
@ -1449,6 +1474,7 @@ sub PandoraFMS::Recon::Base::create_wmi_modules {
{
'ip_target' => $target,
'snmp_oid' => "SELECT FreePhysicalMemory, TotalVisibleMemorySize FROM Win32_OperatingSystem",
'tcp_send' => $creds->{'extra_1'},
'plugin_user' => $creds->{'username'},
'plugin_pass' => $creds->{'password'},
'tcp_port' => 0,
@ -1469,6 +1495,7 @@ sub PandoraFMS::Recon::Base::create_wmi_modules {
{
'ip_target' => $target,
'snmp_oid' => "SELECT FreeSpace FROM Win32_LogicalDisk WHERE DeviceID='$unit'",
'tcp_send' => $creds->{'extra_1'},
'plugin_user' => $creds->{'username'},
'plugin_pass' => $creds->{'password'},
'tcp_port' => 1,
@ -1510,14 +1537,7 @@ sub PandoraFMS::Recon::Base::create_network_profile_modules($$) {
# 1. Retrieve template info.
my $template = get_nc_profile_advanced($self->{'dbh'}, $t_id);
# 2. Verify Private Enterprise Number matches (PEN)
if (defined($template->{'pen'})) {
my @pens = split(',', $template->{'pen'});
next unless (is_in_array(\@pens, $self->get_pen($device)));
}
# 3. Retrieve module list from target template.
# 2. Retrieve module list from target template.
my @np_components = get_db_rows(
$self->{'dbh'},
'SELECT * FROM tnetwork_profile_component WHERE id_np = ?',
@ -1525,7 +1545,7 @@ sub PandoraFMS::Recon::Base::create_network_profile_modules($$) {
);
foreach my $np_component (@np_components) {
# 4. Register each module (candidate). 'add_module' will test them.
# 3. Register each module (candidate). 'add_module' will test them.
my $component = get_db_single_row(
$self->{'dbh'},
'SELECT * FROM tnetwork_component WHERE id_nc = ?',
@ -1543,18 +1563,45 @@ sub PandoraFMS::Recon::Base::create_network_profile_modules($$) {
}
$component->{'name'} = safe_output($component->{'name'});
if ($component->{'type'} >= 15 && $component->{'type'} <= 18) {
$component->{'snmp_community'} = safe_output($self->get_community($device));
# SNMP Modules
if ($self->is_snmp_discovered($device) && $component->{'type'} >= 15 && $component->{'type'} <= 18) {
my $snmp3_creds = undef;
my $community = safe_output($self->get_community($device));
if(defined($self->{'snmp3_auth_key'}{$device})) {
$snmp3_creds = $self->snmp3_credentials($self->{'snmp3_auth_key'}{$device});
}
my $snmp3_params = {
'custom_string_1' => '',
'custom_string_2' => '',
'custom_string_3' => '',
'plugin_parameter' => '',
'plugin_user' => '',
'plugin_pass' => ''
};
if(defined($snmp3_creds)) {
$community = $snmp3_creds->{'community'};
$snmp3_params = {
'custom_string_1' => $snmp3_creds->{'snmp_privacy_method'},
'custom_string_2' => $snmp3_creds->{'snmp_privacy_pass'},
'custom_string_3' => $snmp3_creds->{'snmp_security_level'},
'plugin_parameter' => $snmp3_creds->{'snmp_auth_method'},
'plugin_user' => $snmp3_creds->{'snmp_auth_user'},
'plugin_pass' => $snmp3_creds->{'snmp_auth_pass'}
};
}
$component->{'snmp_community'} = $community;
$component->{'tcp_send'} = $self->{'snmp_version'};
$component->{'custom_string_1'} = $self->{'snmp_privacy_method'};
$component->{'custom_string_2'} = $self->{'snmp_privacy_pass'};
$component->{'custom_string_3'} = $self->{'snmp_security_level'};
$component->{'plugin_parameter'} = $self->{'snmp_auth_method'};
$component->{'plugin_user'} = $self->{'snmp_auth_user'};
$component->{'plugin_pass'} = $self->{'snmp_auth_pass'};
$component->{'custom_string_1'} = $snmp3_params->{'snmp_privacy_method'};
$component->{'custom_string_2'} = $snmp3_params->{'snmp_privacy_pass'};
$component->{'custom_string_3'} = $snmp3_params->{'snmp_security_level'};
$component->{'plugin_parameter'} = $snmp3_params->{'snmp_auth_method'};
$component->{'plugin_user'} = $snmp3_params->{'snmp_auth_user'};
$component->{'plugin_pass'} = $snmp3_params->{'snmp_auth_pass'};
}
if ($component->{'type'} >= 34 && $component->{'type'} <= 37) {
# RCMD Modules
if ($self->rcmd_responds($device) && $component->{'type'} >= 34 && $component->{'type'} <= 37) {
# Update module credentials.
$component->{'custom_string_1'} = $self->rcmd_credentials_key($device);
$component->{'custom_string_2'} = pandora_get_os_by_id(
@ -1563,9 +1610,18 @@ sub PandoraFMS::Recon::Base::create_network_profile_modules($$) {
);
}
# WMI Modules
if ($self->wmi_responds($device) && $component->{'id_modulo'} == 6) {
my $key = $self->wmi_credentials_key($device);
my $creds = $self->call('get_credentials', $key);
$component->{'tcp_send'} = $creds->{'extra_1'};
$component->{'plugin_user'} = $creds->{'username'};
$component->{'plugin_pass'} = $creds->{'password'};
}
$component->{'__module_component'} = 1;
# 3. Try to register module into monitoring list.
# 4. Try to register module into monitoring list.
$self->call('add_module', $device, $component);
}
}
@ -1576,13 +1632,23 @@ sub PandoraFMS::Recon::Base::create_network_profile_modules($$) {
# Retrieve a key from credential store.
################################################################################
sub PandoraFMS::Recon::Base::get_credentials {
my ($self, $key_index) = @_;
my ($self, $key_index, $product) = @_;
return credential_store_get_key(
my $cred = credential_store_get_key(
$self->{'pa_config'},
$self->{'dbh'},
$key_index
);
if(defined($product)) {
if($product eq $cred->{'product'}) {
return $cred;
} else {
return undef;
}
}
return $cred;
}
################################################################################

97
pandora_server/lib/PandoraFMS/Recon/Base.pm
View File

@ -1352,10 +1352,9 @@ sub snmp_responds_v122c($$) {
sub snmp_responds_v3($$) {
my ($self, $device) = @_;
my $command = $self->snmp_get_command($device, ".0");
`$command`;
$self->snmp3_credentials_calculation($device);
if ($? == 0) {
if ($self->snmp3_credentials_calculation($device)) {
$self->mark_discovered($device);
return 1;
}
@ -1363,6 +1362,81 @@ sub snmp_responds_v3($$) {
return 0;
}
################################################################################
# Get SNMP3 credentials info in HASH
################################################################################
sub snmp3_credentials {
my ($self, $key) = @_;
my $cred = $self->call('get_credentials', $key, 'SNMP');
return undef if !defined($cred);
return undef if ref($cred) ne 'HASH';
my $extra1 = {};
eval {
local $SIG{__DIE__};
$extra1 = p_decode_json($self->{'pa_config'}, $cred->{'extra_1'});
};
if ($@) {
$self->call('message', "[".$key."] Credentials ERROR JSON: $@", 10);
return undef;
}
return undef if $extra1->{'version'} ne '3';
return {
'snmp_security_level' => $extra1->{'securityLevelV3'},
'snmp_privacy_method' => $extra1->{'privacyMethodV3'},
'snmp_privacy_pass' => $extra1->{'privacyPassV3'},
'snmp_auth_method' => $extra1->{'authMethodV3'},
'snmp_auth_user' => $extra1->{'authUserV3'},
'snmp_auth_pass' => $extra1->{'authPassV3'},
'community' => $extra1->{'community'}
};
}
################################################################################
# Calculate WMI credentials for target, 1 if calculated, undef if cannot
# connect to target. Credentials could be empty (-N)
################################################################################
sub snmp3_credentials_calculation {
my ($self, $target) = @_;
# Test all credentials selected.
foreach my $key_index (@{$self->{'auth_strings_array'}}) {
my $cred = snmp3_credentials($key_index);
next if !defined($cred);
next if ref($cred) ne 'HASH';
my $auth = '';
if ($cred->{'community'}) { # Context
$auth .= " -N \'$cred->{'community'}\' ";
}
$auth .= " -l$cred->{'snmp_security_level'} ";
if ($cred->{'snmp_security_level'} ne "noAuthNoPriv") {
$auth .= " -u$cred->{'snmp_auth_user'} -a $cred->{'snmp_auth_method'} -A \'$cred->{'snmp_auth_pass'}\' ";
}
if ($cred->{'snmp_security_level'} eq "authPriv") {
$auth .= " -x$cred->{'snmp_privacy_method'} -X \'$cred->{'snmp_privacy_pass'}\' ";
}
$self->{'snmp3_auth'}{$target} = $auth;
$self->{'snmp3_auth_key'}{$target} = $key_index;
my $command = $self->snmp_get_command($target, ".0");
`$command`;
if ($? == 0) {
return 1;
}
}
delete($self->{'snmp3_auth'}{$target});
delete($self->{'snmp3_auth_key'}{$target});
return 0;
}
################################################################################
# Parse the local ARP cache.
################################################################################
@ -2198,16 +2272,7 @@ sub snmp_get_command {
my $command = "snmpwalk -M$DEVNULL -r$self->{'snmp_checks'} -t$self->{'snmp_timeout'} -v$self->{'snmp_version'} -On -Oe ";
if ($self->{'snmp_version'} eq "3") {
if ($self->{'community'}) { # Context
$command .= " -N \'$self->{'community'}\' ";
}
$command .= " -l$self->{'snmp_security_level'} ";
if ($self->{'snmp_security_level'} ne "noAuthNoPriv") {
$command .= " -u$self->{'snmp_auth_user'} -a $self->{'snmp_auth_method'} -A \'$self->{'snmp_auth_pass'}\' ";
}
if ($self->{'snmp_security_level'} eq "authPriv") {
$command .= " -x$self->{'snmp_privacy_method'} -X \'$self->{'snmp_privacy_pass'}\' ";
}
$command .= " $self->{'snmp3_auth'}{$device} ";
} else {
$command .= " -c\'$community\'$vlan ";
}
@ -2353,7 +2418,8 @@ sub wmi_credentials_calculation {
# Test all credentials selected.
foreach my $key_index (@{$self->{'auth_strings_array'}}) {
my $cred = $self->call('get_credentials', $key_index);
my $cred = $self->call('get_credentials', $key_index, 'WMI');
next if !defined($cred);
next if ref($cred) ne 'HASH';
my $auth = $cred->{'username'}.'%'.$cred->{'password'};
@ -2431,7 +2497,8 @@ sub rcmd_credentials_calculation {
# Test all credentials selected.
foreach my $key_index (@{$self->{'auth_strings_array'}}) {
my $cred = $self->call('get_credentials', $key_index);
my $cred = $self->call('get_credentials', $key_index, 'CUSTOM');
next if !defined($cred);
next if ref($cred) ne 'HASH';
$rcmd->clean_ssh_lib();

28
pandora_server/lib/PandoraFMS/Tools.pm
View File

@ -716,19 +716,23 @@ sub credential_store_get_key($$$) {
my $sql = 'SELECT * FROM tcredential_store WHERE identifier = ?';
my $key = PandoraFMS::DB::get_db_single_row($dbh, $sql, $identifier);
return {
'username' => PandoraFMS::Core::pandora_output_password(
$pa_config,
$key->{'username'}
),
'password' => PandoraFMS::Core::pandora_output_password(
$pa_config,
$key->{'password'}
),
'extra_1' => $key->{'extra_1'},
'extra_2' => $key->{'extra_2'},
};
if(defined($key)) {
return {
'product' => $key->{'product'},
'username' => PandoraFMS::Core::pandora_output_password(
$pa_config,
$key->{'username'}
),
'password' => PandoraFMS::Core::pandora_output_password(
$pa_config,
$key->{'password'}
),
'extra_1' => $key->{'extra_1'},
'extra_2' => $key->{'extra_2'},
};
}
return undef;
}
################################################################################