tyler.durden/pandorafms
1
0
Fork 0
mirror of https://github.com/pandorafms/pandorafms.git synced 2025-07-28 08:14:38 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'develop' into ent-11014-codigo-qr-en-user-detail-editor-mantiene-fija-su-posicion-mientras-se-redimensiona-ventana

Browse Source
This commit is contained in:
Jonathan 2024-01-17 14:08:41 +01:00
commit 84b52ceb9c
616 changed files with 534565 additions and 123742 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

82
extras/deploy-scripts/pandora_agent_deploy.sh
View File

@ -78,16 +78,16 @@ cd unix && ./pandora_agent_installer --install
}
install_autodiscover () {
local arch=$1
wget http://firefly.pandorafms.com/projects/autodiscover-linux.zip
unzip autodiscover-linux.zip
chmod +x $arch/autodiscover
mv -f $arch/autodiscover /etc/pandora/plugins/autodiscover
}
# install_autodiscover () {
# local arch=$1
# wget http://firefly.pandorafms.com/projects/autodiscover-linux.zip
# unzip autodiscover-linux.zip
# chmod +x $arch/autodiscover
# mv -f $arch/autodiscover /etc/pandora/plugins/autodiscover
# }
## Main
echo "Starting PandoraFMS Agent deployment ver. $S_VERSION"
echo "Starting PandoraFMS Agent binary deployment ver. $S_VERSION"
execute_cmd "[ $PANDORA_SERVER_IP ]" 'Check Server IP Address' 'Please define env variable PANDORA_SERVER_IP'
@ -104,8 +104,6 @@ OS=$([[ $(grep '^ID_LIKE=' /etc/os-release) ]] && grep ^ID_LIKE= /etc/os-release
[[ $OS =~ 'rhel' ]] && OS_RELEASE=$OS
[[ $OS =~ 'fedora' ]] && OS_RELEASE=$OS
[[ $OS =~ 'debian' ]] && OS_RELEASE=$OS
#[[ $OS == 'rhel fedora' ]] && OS_RELEASE=$OS
#[[ $OS == 'centos rhel fedora' ]] && OS_RELEASE=$OS
# initialice logfile
execute_cmd "echo 'Starting community deployment' > $LOGFILE" "All installer activity is logged on $LOGFILE"
@ -126,6 +124,30 @@ check_repo_connection
execute_cmd "grep --version" 'Checking needed tools: grep'
execute_cmd "sed --version" 'Checking needed tools: sed'
# Arch check
arch=$(uname -m)
case $arch in
x86_64)
echo -e "${cyan}Arch: $arch ${reset} "
;;
x86)
echo -e "${yellow}Skiping installation arch: $arch not suported by binary agent please consider to install source agent${reset}"
exit -1
;;
armv7l)
echo -e "${yellow}Skiping installation arch: $arch not suported by binary agent please consider to install source agent${reset}"
exit -1
;;
*)
echo -e "${yellow}Skiping installation arch: $arch not suported by binary agent please consider to install source agent${reset}"
exit -1
;;
esac
# Creating working directory
rm -rf $HOME/pandora_deploy_tmp/ &>> $LOGFILE
mkdir $HOME/pandora_deploy_tmp &>> $LOGFILE
@ -148,6 +170,10 @@ if [[ $OS_RELEASE =~ 'rhel' ]] || [[ $OS_RELEASE =~ 'fedora' ]]; then
# Check rh version
if [ $(sed -nr 's/VERSION_ID+=\s*"([0-9]).*"$/\1/p' /etc/os-release) -eq '8' ] ; then
package_manager_cmd=dnf
execute_cmd "$package_manager_cmd install -y libnsl" "Installing dependencies"
elif [ $(sed -nr 's/VERSION_ID+=\s*"([0-9]).*"$/\1/p' /etc/os-release) -eq '9' ] ; then
package_manager_cmd=dnf
execute_cmd "$package_manager_cmd install -y libnsl libxcrypt-compat" "Installing dependencies"
elif [ $(sed -nr 's/VERSION_ID+=\s*"([0-9]).*"$/\1/p' /etc/os-release) -eq '7' ] ; then
package_manager_cmd=yum
@ -158,24 +184,23 @@ if [[ $OS_RELEASE =~ 'rhel' ]] || [[ $OS_RELEASE =~ 'fedora' ]]; then
echo -e "${cyan}Installing agent dependencies...${reset}" ${green}OK${reset}
# Insatall pandora agent
$package_manager_cmd install -y http://firefly.pandorafms.com/pandorafms/latest/RHEL_CentOS/pandorafms_agent_linux-7.0NG.noarch.rpm &>> $LOGFILE
echo -en "${cyan}Installing Pandora FMS agent...${reset}"
check_cmd_status 'Error installing Pandora FMS agent'
[[ $PANDORA_AGENT_SSL ]] && execute_cmd "$package_manager_cmd install -y perl-IO-Socket-SSL" "Installing SSL libraries for encrypted connection"
[ "$PANDORA_AGENT_PACKAGE_EL" ] || PANDORA_AGENT_PACKAGE_EL="https://firefly.pandorafms.com/pandorafms/latest/RHEL_CentOS/pandorafms_agent_linux_bin-7.0NG.x86_64.rpm"
execute_cmd "$package_manager_cmd install -y ${PANDORA_AGENT_PACKAGE_EL}" 'Installing Pandora FMS agent package'
#[[ $PANDORA_AGENT_SSL ]] && execute_cmd "$package_manager_cmd install -y perl-IO-Socket-SSL" "Installing SSL libraries for encrypted connection"
fi
if [[ $OS_RELEASE == 'debian' ]]; then
[ "$PANDORA_AGENT_PACKAGE_UBUNTU" ] || PANDORA_AGENT_PACKAGE_UBUNTU='https://firefly.pandorafms.com/pandorafms/latest/Tarball/pandorafms_agent_linux-7.0NG.x86_64.tar.gz'
execute_cmd "apt update" 'Updating repos'
execute_cmd "apt install -y perl wget curl unzip procps python3 python3-pip" 'Installing agent dependencies'
execute_cmd 'wget http://firefly.pandorafms.com/pandorafms/latest/Tarball/pandorafms_agent_linux-7.0NG.tar.gz' 'Downloading Pandora FMS agent package'
execute_cmd "apt install -y perl wget curl unzip procps python3 python3-pip" 'Installing agent dependencies'
execute_cmd "curl --output pandorafms_agent_linux-7.0NG.tar.gz ${PANDORA_AGENT_PACKAGE_UBUNTU}" 'Downloading Pandora FMS agent package'
execute_cmd 'install_tarball pandorafms_agent_linux-7.0NG.tar.gz' 'Installing Pandora FMS agent'
[[ $PANDORA_AGENT_SSL ]] && execute_cmd 'apt install -y libio-socket-ssl-perl' "Installing SSL libraries for encrypted connection"
#[[ $PANDORA_AGENT_SSL ]] && execute_cmd 'apt install -y libio-socket-ssl-perl' "Installing SSL libraries for encrypted connection"
cd $HOME/pandora_deploy_tmp
fi
# Configuring Agente
[[ $PANDORA_SERVER_IP ]] && sed -i "s/^server_ip.*$/server_ip $PANDORA_SERVER_IP/g" $PANDORA_AGENT_CONF
[[ $PANDORA_REMOTE_CONFIG ]] && sed -i "s/^remote_config.*$/remote_config $PANDORA_REMOTE_CONFIG/g" $PANDORA_AGENT_CONF
[[ $PANDORA_GROUP ]] && sed -i "s/^group.*$/group $PANDORA_GROUP/g" $PANDORA_AGENT_CONF
@ -187,27 +212,6 @@ fi
[[ $PANDORA_AGENT_SSL ]] && sed -i "s/^#server_ssl.*$/server_ssl $PANDORA_AGENT_SSL/g" $PANDORA_AGENT_CONF
#installing autodiscover
arch=$(uname -m)
case $arch in
x86_64)
execute_cmd 'install_autodiscover x86_64' "installing service autodiscover on $arch" 'Error unable to install autodiscovery'
;;
x86)
execute_cmd 'install_autodiscover x84' "installing service autodiscover on $arch" 'Error unable to install autodiscovery'
;;
armv7l)
echo -e "${cyan}Skiping autodiscover installation arch $arch not suported${reset}"
;;
*)
echo -e "${yellow}Skiping autodiscover installation arch $arch not suported${reset}"
;;
esac
#Starting pandora agent daemon.
execute_cmd '/etc/init.d/pandora_agent_daemon restart' 'Starting Pandora Agent'

37
extras/deploy-scripts/pandora_deploy_community.sh
View File

@ -11,7 +11,7 @@ PANDORA_SERVER_CONF=/etc/pandora/pandora_server.conf
PANDORA_AGENT_CONF=/etc/pandora/pandora_agent.conf
S_VERSION='2023062901'
S_VERSION='2023101101'
LOGFILE="/tmp/pandora-deploy-community-$(date +%F).log"
# define default variables
@ -185,7 +185,7 @@ extra_repos=" \
tar \
yum-utils \
https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm \
http://rpms.remirepo.net/enterprise/remi-release-7.rpm \
https://rpms.remirepo.net/enterprise/remi-release-7.rpm \
https://repo.percona.com/yum/percona-release-latest.noarch.rpm"
execute_cmd "yum install -y $extra_repos" "Installing extra repositories"
@ -285,6 +285,7 @@ console_dependencies=" \
mod_ssl \
libzstd \
openldap-clients \
https://firefly.pandorafms.com/centos8/pandora_gotty-1.0-1.el8.x86_64.rpm \
chromium"
execute_cmd "yum install -y $console_dependencies" "Installing Pandora FMS Console dependencies"
@ -312,7 +313,7 @@ server_dependencies=" \
bind-utils \
whois \
cpanminus \
http://firefly.pandorafms.com/centos7/wmic-1.4-1.el7.x86_64.rpm \
https://firefly.pandorafms.com/centos7/wmic-1.4-1.el7.x86_64.rpm \
https://firefly.pandorafms.com/centos7/pandorawmic-1.0.0-1.x86_64.rpm"
execute_cmd "yum install -y $server_dependencies" "Installing Pandora FMS Server dependencies"
@ -322,13 +323,13 @@ execute_cmd "cpanm -i Thread::Semaphore" "Installing Thread::Semaphore"
# SDK VMware perl dependencies
vmware_dependencies=" \
http://firefly.pandorafms.com/centos8/VMware-vSphere-Perl-SDK-6.5.0-4566394.x86_64.rpm \
https://firefly.pandorafms.com/centos8/VMware-vSphere-Perl-SDK-6.5.0-4566394.x86_64.rpm \
perl-JSON \
perl-Archive-Zip \
openssl-devel \
perl-Crypt-CBC \
perl-Digest-SHA \
http://firefly.pandorafms.com/centos7/perl-Crypt-OpenSSL-AES-0.02-1.el7.x86_64.rpm"
https://firefly.pandorafms.com/centos7/perl-Crypt-OpenSSL-AES-0.02-1.el7.x86_64.rpm"
execute_cmd "yum install -y $vmware_dependencies" "Installing SDK VMware perl dependencies"
# Instant client Oracle
@ -410,7 +411,7 @@ skip-character-set-client-handshake
# Disabling symbolic-links is recommended to prevent assorted security risks
symbolic-links=0
# Mysql optimizations for Pandora FMS
# Please check the documentation in http://pandorafms.com for better results
# Please check the documentation in https://pandorafms.com for better results
max_allowed_packet = 64M
innodb_buffer_pool_size = $POOL_SIZE
@ -461,20 +462,20 @@ export MYSQL_PWD=$DBPASS
#Define packages
#Define packages
if [ "$PANDORA_LTS" -eq '1' ] ; then
[ "$PANDORA_SERVER_PACKAGE" ] || PANDORA_SERVER_PACKAGE="http://firefly.pandorafms.com/pandorafms/latest/RHEL_CentOS/LTS/pandorafms_server-7.0NG.noarch.rpm"
[ "$PANDORA_CONSOLE_PACKAGE" ] || PANDORA_CONSOLE_PACKAGE="http://firefly.pandorafms.com/pandorafms/latest/RHEL_CentOS/LTS/pandorafms_console-7.0NG.noarch.rpm"
[ "$PANDORA_AGENT_PACKAGE" ] || PANDORA_AGENT_PACKAGE="http://firefly.pandorafms.com/pandorafms/latest/RHEL_CentOS/LTS/pandorafms_agent_linux-7.0NG.noarch.rpm"
[ "$PANDORA_SERVER_PACKAGE" ] || PANDORA_SERVER_PACKAGE="https://firefly.pandorafms.com/pandorafms/latest/RHEL_CentOS/LTS/pandorafms_server-7.0NG.noarch.rpm"
[ "$PANDORA_CONSOLE_PACKAGE" ] || PANDORA_CONSOLE_PACKAGE="https://firefly.pandorafms.com/pandorafms/latest/RHEL_CentOS/LTS/pandorafms_console-7.0NG.noarch.rpm"
[ "$PANDORA_AGENT_PACKAGE" ] || PANDORA_AGENT_PACKAGE="https://firefly.pandorafms.com/pandorafms/latest/RHEL_CentOS/LTS/pandorafms_agent_linux-7.0NG.noarch.rpm"
elif [ "$PANDORA_LTS" -ne '1' ] ; then
[ "$PANDORA_SERVER_PACKAGE" ] || PANDORA_SERVER_PACKAGE="http://firefly.pandorafms.com/pandorafms/latest/RHEL_CentOS/pandorafms_server-7.0NG.noarch.rpm"
[ "$PANDORA_CONSOLE_PACKAGE" ] || PANDORA_CONSOLE_PACKAGE="http://firefly.pandorafms.com/pandorafms/latest/RHEL_CentOS/pandorafms_console-7.0NG.noarch.rpm"
[ "$PANDORA_AGENT_PACKAGE" ] || PANDORA_AGENT_PACKAGE="http://firefly.pandorafms.com/pandorafms/latest/RHEL_CentOS/pandorafms_agent_linux-7.0NG.noarch.rpm"
[ "$PANDORA_SERVER_PACKAGE" ] || PANDORA_SERVER_PACKAGE="https://firefly.pandorafms.com/pandorafms/latest/RHEL_CentOS/pandorafms_server-7.0NG.x86_64.rpm"
[ "$PANDORA_CONSOLE_PACKAGE" ] || PANDORA_CONSOLE_PACKAGE="https://firefly.pandorafms.com/pandorafms/latest/RHEL_CentOS/pandorafms_console-7.0NG.x86_64.rpm"
[ "$PANDORA_AGENT_PACKAGE" ] || PANDORA_AGENT_PACKAGE="https://firefly.pandorafms.com/pandorafms/latest/RHEL_CentOS/pandorafms_agent_linux-7.0NG.noarch.rpm"
fi
# if beta is enable
if [ "$PANDORA_BETA" -eq '1' ] ; then
PANDORA_SERVER_PACKAGE="http://firefly.pandorafms.com/pandora_enterprise_nightlies/pandorafms_server-latest.x86_64.rpm"
PANDORA_CONSOLE_PACKAGE="http://firefly.pandorafms.com/pandora_enterprise_nightlies/pandorafms_console-latest.noarch.rpm"
PANDORA_AGENT_PACKAGE="http://firefly.pandorafms.com/pandorafms/latest/RHEL_CentOS/pandorafms_agent_linux-7.0NG.noarch.rpm"
PANDORA_SERVER_PACKAGE="https://firefly.pandorafms.com/pandora_enterprise_nightlies/pandorafms_server-latest.x86_64.rpm"
PANDORA_CONSOLE_PACKAGE="https://firefly.pandorafms.com/pandora_enterprise_nightlies/pandorafms_console-latest.x86_64.rpm"
PANDORA_AGENT_PACKAGE="https://firefly.pandorafms.com/pandorafms/latest/RHEL_CentOS/pandorafms_agent_linux-7.0NG.noarch.rpm"
fi
# Downloading Pandora Packages
@ -710,8 +711,8 @@ systemctl enable tentacle_serverd &>> $LOGFILE
execute_cmd "service tentacle_serverd start" "Starting Tentacle Server"
# Enabling condole cron
execute_cmd "echo \"* * * * * root wget -q -O - --no-check-certificate --load-cookies /tmp/cron-session-cookies --save-cookies /tmp/cron-session-cookies --keep-session-cookies http://127.0.0.1/pandora_console/enterprise/cron.php >> $PANDORA_CONSOLE/log/cron.log\" >> /etc/crontab" "Enabling Pandora FMS Console cron"
echo "* * * * * root wget -q -O - --no-check-certificate --load-cookies /tmp/cron-session-cookies --save-cookies /tmp/cron-session-cookies --keep-session-cookies http://127.0.0.1/pandora_console/enterprise/cron.php >> $PANDORA_CONSOLE/log/cron.log" >> /etc/crontab
execute_cmd "echo \"* * * * * root wget -q -O - --no-check-certificate --load-cookies /tmp/cron-session-cookies --save-cookies /tmp/cron-session-cookies --keep-session-cookies http://127.0.0.1/pandora_console/cron.php >> $PANDORA_CONSOLE/log/cron.log\" >> /etc/crontab" "Enabling Pandora FMS Console cron"
echo "* * * * * root wget -q -O - --no-check-certificate --load-cookies /tmp/cron-session-cookies --save-cookies /tmp/cron-session-cookies --keep-session-cookies http://127.0.0.1/pandora_console/cron.php >> $PANDORA_CONSOLE/log/cron.log" >> /etc/crontab
## Enabling agent
systemctl enable pandora_agent_daemon &>> $LOGFILE
execute_cmd "systemctl start pandora_agent_daemon" "Starting Pandora FMS Agent"
@ -729,7 +730,7 @@ Welcome to Pandora FMS appliance on CentOS
Go to Public http://$ipplublic/pandora_console to login web console
$(ip addr | grep -w "inet" | grep -v "127.0.0.1" | grep -v "172.17.0.1" | awk '{print $2}' | awk -F '/' '{print "Go to Local http://"$1"/pandora_console to login web console"}')
You can find more information at http://pandorafms.com
You can find more information at https://pandorafms.com
EOF_banner

46
extras/deploy-scripts/pandora_deploy_community_el8.sh
View File

@ -14,7 +14,7 @@ PANDORA_SERVER_CONF=/etc/pandora/pandora_server.conf
PANDORA_AGENT_CONF=/etc/pandora/pandora_agent.conf
S_VERSION='2023062901'
S_VERSION='2023101101'
LOGFILE="/tmp/pandora-deploy-community-$(date +%F).log"
# define default variables
@ -264,7 +264,7 @@ if [ "$(grep -Ei 'Red Hat Enterprise' /etc/redhat-release)" ]; then
tar \
dnf-utils \
https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm \
http://rpms.remirepo.net/enterprise/remi-release-8.rpm \
https://rpms.remirepo.net/enterprise/remi-release-8.rpm \
https://repo.percona.com/yum/percona-release-latest.noarch.rpm"
execute_cmd "dnf install -y $extra_repos" "Installing extra repositories"
@ -275,7 +275,7 @@ else
tar \
dnf-utils \
epel-release \
http://rpms.remirepo.net/enterprise/remi-release-8.rpm \
https://rpms.remirepo.net/enterprise/remi-release-8.rpm \
https://repo.percona.com/yum/percona-release-latest.noarch.rpm"
execute_cmd "dnf install -y $extra_repos" "Installing extra repositories"
@ -391,10 +391,12 @@ console_dependencies=" \
mod_ssl \
libzstd \
openldap-clients \
http://firefly.pandorafms.com/centos8/chromium-110.0.5481.177-1.el7.x86_64.rpm \
http://firefly.pandorafms.com/centos8/chromium-common-110.0.5481.177-1.el7.x86_64.rpm \
http://firefly.pandorafms.com/centos8/perl-Net-Telnet-3.04-1.el8.noarch.rpm \
http://firefly.pandorafms.com/centos7/wmic-1.4-1.el7.x86_64.rpm"
https://firefly.pandorafms.com/centos8/chromium-110.0.5481.177-1.el7.x86_64.rpm \
https://firefly.pandorafms.com/centos8/chromium-common-110.0.5481.177-1.el7.x86_64.rpm \
https://firefly.pandorafms.com/centos8/perl-Net-Telnet-3.04-1.el8.noarch.rpm \
https://firefly.pandorafms.com/centos8/pandora_gotty-1.0-1.el8.x86_64.rpm \
https://firefly.pandorafms.com/centos8/pandorafms_made-0.1.0-1.el8.x86_64.rpm \
https://firefly.pandorafms.com/centos7/wmic-1.4-1.el7.x86_64.rpm"
execute_cmd "dnf install -y $console_dependencies" "Installing Pandora FMS Console dependencies"
# Server dependencies
@ -421,7 +423,7 @@ server_dependencies=" \
bind-utils \
whois \
libnsl \
http://firefly.pandorafms.com/centos7/wmic-1.4-1.el7.x86_64.rpm \
https://firefly.pandorafms.com/centos7/wmic-1.4-1.el7.x86_64.rpm \
https://firefly.pandorafms.com/centos8/pandorawmic-1.0.0-1.x86_64.rpm"
execute_cmd "dnf install -y $server_dependencies" "Installing Pandora FMS Server dependencies"
@ -436,8 +438,8 @@ vmware_dependencies=" \
perl-Math-Random-ISAAC \
perl-JSON \
perl-Crypt-SSLeay \
http://firefly.pandorafms.com/centos8/perl-Crypt-OpenSSL-AES-0.02-1.el8.x86_64.rpm \
http://firefly.pandorafms.com/centos8/VMware-vSphere-Perl-SDK-6.5.0-4566394.x86_64.rpm"
https://firefly.pandorafms.com/centos8/perl-Crypt-OpenSSL-AES-0.02-1.el8.x86_64.rpm \
https://firefly.pandorafms.com/centos8/VMware-vSphere-Perl-SDK-6.5.0-4566394.x86_64.rpm"
execute_cmd "dnf install -y $vmware_dependencies" "Installing SDK VMware perl dependencies"
# Instant client Oracle
@ -518,7 +520,7 @@ skip-character-set-client-handshake
# Disabling symbolic-links is recommended to prevent assorted security risks
symbolic-links=0
# Mysql optimizations for Pandora FMS
# Please check the documentation in http://pandorafms.com for better results
# Please check the documentation in https://pandorafms.com for better results
max_allowed_packet = 64M
innodb_buffer_pool_size = $POOL_SIZE
@ -567,20 +569,20 @@ export MYSQL_PWD=$DBPASS
#Define packages
if [ "$PANDORA_LTS" -eq '1' ] ; then
[ "$PANDORA_SERVER_PACKAGE" ] || PANDORA_SERVER_PACKAGE="http://firefly.pandorafms.com/pandorafms/latest/RHEL_CentOS/LTS/pandorafms_server-7.0NG.noarch.rpm"
[ "$PANDORA_CONSOLE_PACKAGE" ] || PANDORA_CONSOLE_PACKAGE="http://firefly.pandorafms.com/pandorafms/latest/RHEL_CentOS/LTS/pandorafms_console-7.0NG.noarch.rpm"
[ "$PANDORA_AGENT_PACKAGE" ] || PANDORA_AGENT_PACKAGE="http://firefly.pandorafms.com/pandorafms/latest/RHEL_CentOS/LTS/pandorafms_agent_linux-7.0NG.noarch.rpm"
[ "$PANDORA_SERVER_PACKAGE" ] || PANDORA_SERVER_PACKAGE="https://firefly.pandorafms.com/pandorafms/latest/RHEL_CentOS/LTS/pandorafms_server-7.0NG.noarch.rpm"
[ "$PANDORA_CONSOLE_PACKAGE" ] || PANDORA_CONSOLE_PACKAGE="https://firefly.pandorafms.com/pandorafms/latest/RHEL_CentOS/LTS/pandorafms_console-7.0NG.noarch.rpm"
[ "$PANDORA_AGENT_PACKAGE" ] || PANDORA_AGENT_PACKAGE="https://firefly.pandorafms.com/pandorafms/latest/RHEL_CentOS/pandorafms_agent_linux_bin-7.0NG.x86_64.rpm"
elif [ "$PANDORA_LTS" -ne '1' ] ; then
[ "$PANDORA_SERVER_PACKAGE" ] || PANDORA_SERVER_PACKAGE="http://firefly.pandorafms.com/pandorafms/latest/RHEL_CentOS/pandorafms_server-7.0NG.noarch.rpm"
[ "$PANDORA_CONSOLE_PACKAGE" ] || PANDORA_CONSOLE_PACKAGE="http://firefly.pandorafms.com/pandorafms/latest/RHEL_CentOS/pandorafms_console-7.0NG.noarch.rpm"
[ "$PANDORA_AGENT_PACKAGE" ] || PANDORA_AGENT_PACKAGE="http://firefly.pandorafms.com/pandorafms/latest/RHEL_CentOS/pandorafms_agent_linux-7.0NG.noarch.rpm"
[ "$PANDORA_SERVER_PACKAGE" ] || PANDORA_SERVER_PACKAGE="https://firefly.pandorafms.com/pandorafms/latest/RHEL_CentOS/pandorafms_server-7.0NG.x86_64.rpm"
[ "$PANDORA_CONSOLE_PACKAGE" ] || PANDORA_CONSOLE_PACKAGE="https://firefly.pandorafms.com/pandorafms/latest/RHEL_CentOS/pandorafms_console-7.0NG.x86_64.rpm"
[ "$PANDORA_AGENT_PACKAGE" ] || PANDORA_AGENT_PACKAGE="https://firefly.pandorafms.com/pandorafms/latest/RHEL_CentOS/pandorafms_agent_linux_bin-7.0NG.x86_64.rpm"
fi
# if beta is enable
if [ "$PANDORA_BETA" -eq '1' ] ; then
PANDORA_SERVER_PACKAGE="http://firefly.pandorafms.com/pandora_enterprise_nightlies/pandorafms_server-latest.x86_64.rpm"
PANDORA_CONSOLE_PACKAGE="http://firefly.pandorafms.com/pandora_enterprise_nightlies/pandorafms_console-latest.noarch.rpm"
PANDORA_AGENT_PACKAGE="http://firefly.pandorafms.com/pandorafms/latest/RHEL_CentOS/pandorafms_agent_linux-7.0NG.noarch.rpm"
PANDORA_SERVER_PACKAGE="https://firefly.pandorafms.com/pandora_enterprise_nightlies/pandorafms_server-latest.x86_64.rpm"
PANDORA_CONSOLE_PACKAGE="https://firefly.pandorafms.com/pandora_enterprise_nightlies/pandorafms_console-latest.x86_64.rpm"
PANDORA_AGENT_PACKAGE="https://firefly.pandorafms.com/pandorafms/latest/RHEL_CentOS/pandorafms_agent_linux_bin-7.0NG.x86_64.rpm"
fi
# Downloading Pandora Packages
@ -828,8 +830,8 @@ systemctl enable tentacle_serverd &>> "$LOGFILE"
execute_cmd "service tentacle_serverd start" "Starting Tentacle Server"
# Enabling condole cron
execute_cmd "echo \"* * * * * root wget -q -O - --no-check-certificate --load-cookies /tmp/cron-session-cookies --save-cookies /tmp/cron-session-cookies --keep-session-cookies http://127.0.0.1/pandora_console/enterprise/cron.php >> $PANDORA_CONSOLE/log/cron.log\" >> /etc/crontab" "Enabling Pandora FMS Console cron"
echo "* * * * * root wget -q -O - --no-check-certificate --load-cookies /tmp/cron-session-cookies --save-cookies /tmp/cron-session-cookies --keep-session-cookies http://127.0.0.1/pandora_console/enterprise/cron.php >> $PANDORA_CONSOLE/log/cron.log" >> /etc/crontab
execute_cmd "echo \"* * * * * root wget -q -O - --no-check-certificate --load-cookies /tmp/cron-session-cookies --save-cookies /tmp/cron-session-cookies --keep-session-cookies http://127.0.0.1/pandora_console/cron.php >> $PANDORA_CONSOLE/log/cron.log\" >> /etc/crontab" "Enabling Pandora FMS Console cron"
echo "* * * * * root wget -q -O - --no-check-certificate --load-cookies /tmp/cron-session-cookies --save-cookies /tmp/cron-session-cookies --keep-session-cookies http://127.0.0.1/pandora_console/cron.php >> $PANDORA_CONSOLE/log/cron.log" >> /etc/crontab
## Enabling agent
systemctl enable pandora_agent_daemon &>> "$LOGFILE"
execute_cmd "systemctl start pandora_agent_daemon" "Starting Pandora FMS Agent"

32
extras/deploy-scripts/pandora_deploy_community_ubuntu_2204.sh
View File

@ -344,6 +344,14 @@ execute_cmd "apt install -y $server_dependencies" "Installing Pandora FMS Server
execute_cmd "installing_docker" "Installing Docker for debug"
# Installing pandora_gotty
execute_cmd "curl --output pandora_gotty.deb https://firefly.pandorafms.com/ubuntu/pandora_gotty_1.0.0.deb" "Downloading pandora_gotty"
execute_cmd "apt install -y ./pandora_gotty.deb" "Intalling pandora_gotty"
# Installing MADE
execute_cmd "curl --output pandora_made.deb https://firefly.pandorafms.com/ubuntu/pandorafms-made_0.1.0-2_amd64.deb" "Downloading pandora MADE"
execute_cmd "apt install -y ./pandora_made.deb" "Intalling pandora MADE"
# wmic and pandorawmic
execute_cmd "curl -O https://firefly.pandorafms.com/pandorafms/utils/bin/wmic" "Downloading wmic"
execute_cmd "curl -O https://firefly.pandorafms.com/pandorafms/utils/bin/pandorawmic" "Downloading pandorawmic"
@ -512,19 +520,19 @@ execute_cmd "systemctl restart mysql" "Configuring and restarting database engin
#Define packages
if [ "$PANDORA_LTS" -eq '1' ] ; then
[ "$PANDORA_SERVER_PACKAGE" ] || PANDORA_SERVER_PACKAGE="http://firefly.pandorafms.com/pandorafms/latest/Tarball/LTS/pandorafms_server-7.0NG.tar.gz"
[ "$PANDORA_CONSOLE_PACKAGE" ] || PANDORA_CONSOLE_PACKAGE="http://firefly.pandorafms.com/pandorafms/latest/Tarball/LTS/pandorafms_console-7.0NG.tar.gz"
[ "$PANDORA_AGENT_PACKAGE" ] || PANDORA_AGENT_PACKAGE="http://firefly.pandorafms.com/pandorafms/latest/Tarball/LTS/pandorafms_agent_linux-7.0NG.tar.gz"
[ "$PANDORA_SERVER_PACKAGE" ] || PANDORA_SERVER_PACKAGE="https://firefly.pandorafms.com/pandorafms/latest/Tarball/LTS/pandorafms_server-7.0NG.tar.gz"
[ "$PANDORA_CONSOLE_PACKAGE" ] || PANDORA_CONSOLE_PACKAGE="https://firefly.pandorafms.com/pandorafms/latest/Tarball/LTS/pandorafms_console-7.0NG.tar.gz"
[ "$PANDORA_AGENT_PACKAGE" ] || PANDORA_AGENT_PACKAGE="https://firefly.pandorafms.com/pandorafms/latest/Tarball/pandorafms_agent_linux-7.0NG.x86_64.tar.gz"
elif [ "$PANDORA_LTS" -ne '1' ] ; then
[ "$PANDORA_SERVER_PACKAGE" ] || PANDORA_SERVER_PACKAGE="http://firefly.pandorafms.com/pandorafms/latest/Tarball/pandorafms_server-7.0NG.tar.gz"
[ "$PANDORA_CONSOLE_PACKAGE" ] || PANDORA_CONSOLE_PACKAGE="http://firefly.pandorafms.com/pandorafms/latest/Tarball/pandorafms_console-7.0NG.tar.gz"
[ "$PANDORA_AGENT_PACKAGE" ] || PANDORA_AGENT_PACKAGE="http://firefly.pandorafms.com/pandorafms/latest/Tarball/pandorafms_agent_linux-7.0NG.tar.gz"
[ "$PANDORA_SERVER_PACKAGE" ] || PANDORA_SERVER_PACKAGE="https://firefly.pandorafms.com/pandorafms/latest/Tarball/pandorafms_server-7.0NG.tar.gz"
[ "$PANDORA_CONSOLE_PACKAGE" ] || PANDORA_CONSOLE_PACKAGE="https://firefly.pandorafms.com/pandorafms/latest/Tarball/pandorafms_console-7.0NG.tar.gz"
[ "$PANDORA_AGENT_PACKAGE" ] || PANDORA_AGENT_PACKAGE=" https://firefly.pandorafms.com/pandorafms/latest/Tarball/pandorafms_agent_linux-7.0NG.x86_64.tar.gz"
fi
if [ "$PANDORA_BETA" -eq '1' ] ; then
PANDORA_SERVER_PACKAGE="http://firefly.pandorafms.com/pandora_enterprise_nightlies/pandorafms_server-latest_x86_64.tar.gz"
PANDORA_CONSOLE_PACKAGE="http://firefly.pandorafms.com/pandora_enterprise_nightlies/pandorafms_console-latest.tar.gz"
PANDORA_AGENT_PACKAGE="http://firefly.pandorafms.com/pandorafms/latest/Tarball/pandorafms_agent_linux-7.0NG.tar.gz"
PANDORA_SERVER_PACKAGE="https://firefly.pandorafms.com/pandora_enterprise_nightlies/pandorafms_server-latest.tar.gz"
PANDORA_CONSOLE_PACKAGE="https://firefly.pandorafms.com/pandora_enterprise_nightlies/pandorafms_console-latest.tar.gz"
PANDORA_AGENT_PACKAGE="https://firefly.pandorafms.com/pandorafms/latest/Tarball/pandorafms_agent_linux-7.0NG.x86_64.tar.gz"
fi
# Downloading Pandora Packages
@ -819,8 +827,8 @@ execute_cmd "service tentacle_serverd start" "Starting Tentacle Server"
systemctl enable tentacle_serverd &>> "$LOGFILE"
# Enabling console cron
execute_cmd "echo \"* * * * * root wget -q -O - --no-check-certificate --load-cookies /tmp/cron-session-cookies --save-cookies /tmp/cron-session-cookies --keep-session-cookies http://127.0.0.1/pandora_console/enterprise/cron.php >> $PANDORA_CONSOLE/log/cron.log\" >> /etc/crontab" "Enabling Pandora FMS Console cron"
echo "* * * * * root wget -q -O - --no-check-certificate --load-cookies /tmp/cron-session-cookies --save-cookies /tmp/cron-session-cookies --keep-session-cookies http://127.0.0.1/pandora_console/enterprise/cron.php >> $PANDORA_CONSOLE/log/cron.log" >> /etc/crontab
execute_cmd "echo \"* * * * * root wget -q -O - --no-check-certificate --load-cookies /tmp/cron-session-cookies --save-cookies /tmp/cron-session-cookies --keep-session-cookies http://127.0.0.1/pandora_console/cron.php >> $PANDORA_CONSOLE/log/cron.log\" >> /etc/crontab" "Enabling Pandora FMS Console cron"
echo "* * * * * root wget -q -O - --no-check-certificate --load-cookies /tmp/cron-session-cookies --save-cookies /tmp/cron-session-cookies --keep-session-cookies http://127.0.0.1/pandora_console/cron.php >> $PANDORA_CONSOLE/log/cron.log" >> /etc/crontab
# Enabling pandoradb cron
execute_cmd "echo 'enabling pandoradb cron' >> $PANDORA_CONSOLE/log/cron.log\" >> /etc/crontab" "Enabling Pandora FMS pandoradb cron"
@ -829,7 +837,7 @@ echo "@hourly root bash -c /etc/cron.hourly/pandora_db" >> /etc/cront
## Enabling agent adn configuring Agente
sed -i "s/^remote_config.*$/remote_config 1/g" $PANDORA_AGENT_CONF &>> "$LOGFILE"
execute_cmd "/etc/init.d/pandora_agent_daemon start" "Starting PandoraFSM Agent"
execute_cmd "/etc/init.d/pandora_agent_daemon restart" "Starting PandoraFSM Agent"
systemctl enable pandora_agent_daemon &>> "$LOGFILE"
#fix path phantomjs

1
extras/pandora_gotty/.gitattributes vendored Normal file
View File

@ -0,0 +1 @@
src/pandora_gotty filter=lfs diff=lfs merge=lfs -text

2
extras/pandora_gotty/.gitignore vendored Normal file
View File

@ -0,0 +1,2 @@
*.rpm
*.deb

8
extras/pandora_gotty/Dockerfile-RPM Normal file
View File

@ -0,0 +1,8 @@
FROM rockylinux:8
RUN dnf install -y rpm-build rpmdevtools
RUN rpmdev-setuptree
RUN mkdir /root/pandora_gotty
WORKDIR /root/pandora_gotty
#CMD bash build.sh

6
extras/pandora_gotty/Dockerfile-deb Normal file
View File

@ -0,0 +1,6 @@
FROM ubuntu:22.04
RUN apt-get update
RUN apt-get install -y dh-make debhelper build-essential
RUN mkdir /root/pandora_gotty
WORKDIR /root/pandora_gotty

1
extras/pandora_gotty/README.md Normal file
View File

@ -0,0 +1 @@
To create the .deb and .rpm package need to hace docker installed on main system and execit `build_all_docker.sh`

11
extras/pandora_gotty/build_all_docker.sh Executable file
View File

@ -0,0 +1,11 @@
#Build RPM
docker build -t pandora_gotty_builder_rpm -f Dockerfile-RPM . || exit 1
docker run --rm -it -v `pwd`:/root/pandora_gotty pandora_gotty_builder_rpm /root/pandora_gotty/build_rpm.sh || exit 1
#Buikd DEB
docker build -t pandora_gotty_builder_deb -f Dockerfile-deb . || exit 1
docker run --rm -it -v `pwd`:/root/pandora_gotty pandora_gotty_builder_deb /root/pandora_gotty/build_deb.sh || exit 1
echo " - Done"
pwd
ls -l | grep -E "(\.deb|\.rpm)"

17
extras/pandora_gotty/build_deb.sh Executable file
View File

@ -0,0 +1,17 @@
#!/bin/bash
#DEB
cd deb
VERSION=$(grep 'Version:' pandora_gotty/DEBIAN/control | awk '{print $2}')
mkdir -p pandora_gotty/usr/bin
mkdir -p pandora_gotty/etc/pandora_gotty
cp -a ../src/pandora_gotty pandora_gotty/usr/bin
cp -a ../src/pandora_gotty.conf pandora_gotty/etc/pandora_gotty
curl -SsL --output pandora_gotty/usr/bin/pandora_gotty_exec http://192.168.50.31/installers/installers/Linux/x86_64/pandora_gotty_exec
chmod +x pandora_gotty/usr/bin/pandora_gotty_exec
dpkg-deb --build pandora_gotty
mv pandora_gotty.deb ../
rm -rf pandora_gotty/usr/
rm -rf pandora_gotty/etc/
cd ..
mv pandora_gotty.deb pandora_gotty_${VERSION}.deb
chmod 777 pandora_gotty_${VERSION}.deb

15
extras/pandora_gotty/build_rpm.sh Executable file
View File

@ -0,0 +1,15 @@
#!/bin/bash
#RPM
VERSION=$(grep '%define version' pandora_gotty.spec | awk '{print $3}')
mkdir -p pandora_gotty-${VERSION}
cp src/pandora_gotty pandora_gotty-${VERSION}/
cp src/pandora_gotty.conf pandora_gotty-${VERSION}/
curl -SsL --output pandora_gotty-${VERSION}/pandora_gotty_exec http://192.168.50.31/installers/installers/Linux/x86_64/pandora_gotty_exec
chmod +x pandora_gotty-${VERSION}/pandora_gotty_exec
tar -cvzf pandora_gotty-${VERSION}.tar.gz pandora_gotty-${VERSION}/*
mv pandora_gotty-${VERSION}.tar.gz ${HOME}/rpmbuild/SOURCES/
rm -rf ${HOME}/rpmbuild/RPMS/x86_64/pandora_gotty*
rpmbuild -ba pandora_gotty.spec
rm -rf pandora_gotty-${VERSION}
mv ${HOME}/rpmbuild/RPMS/x86_64/pandora_gotty* .
chmod 777 *.rpm

3
extras/pandora_gotty/deb/.gitignore vendored Normal file
View File

@ -0,0 +1,3 @@
*.deb
**/usr
**/etc

5
extras/pandora_gotty/deb/pandora_gotty/DEBIAN/changelog Normal file
View File

@ -0,0 +1,5 @@
pandora_gotty (1.0-1) stable; urgency=low
* Initial release.
-- PandoraFMS Mon, 18 Sep 2023 00:00:00 +0000

9
extras/pandora_gotty/deb/pandora_gotty/DEBIAN/control Normal file
View File

@ -0,0 +1,9 @@
Source: pandora_gotty
Section: utils
Version: 1.1.0
Priority: optional
Maintainer: PandoraFMS
Build-Depends: debhelper (>= 12)
Package: pandora-gotty
Architecture: amd64
Description: pandora_gotty for Pandora FMS.

41
extras/pandora_gotty/pandora_gotty.spec Normal file
View File

@ -0,0 +1,41 @@
%define name pandora_gotty
%define version 1.1
%define release 1%{?dist}
Summary: pandora_gptty for Pandora FMS
Name: %{name}
Version: %{version}
Release: %{release}
License: GPL
Vendor: PandoraFMS
Source0: %{name}-%{version}.tar.gz
URL: https://pandorafms.com
Group: System/Monitoring
Packager: PandoraFMS
BuildArch: x86_64
Provides: %{name}-%{version}
%description
pandora_gotty for Pandora FMS.
%prep
%setup -q
%install
rm -rf $RPM_BUILD_ROOT
mkdir -p $RPM_BUILD_ROOT/%{_bindir}
mkdir -p %{buildroot}/etc/pandora_gotty/
cp %{name} $RPM_BUILD_ROOT/%{_bindir}
cp pandora_gotty_exec $RPM_BUILD_ROOT/%{_bindir}
cp pandora_gotty.conf %{buildroot}/etc/pandora_gotty/
%clean
rm -Rf $RPM_BUILD_ROOT
%files
%defattr(-,root,root,-)
%config(noreplace) /etc/pandora_gotty/pandora_gotty.conf
%{_bindir}/%{name}
%{_bindir}/pandora_gotty_exec
%changelog
* Mon Sep 18 2023 PandoraFMS - 1.0-1
- Initial RPM release

2
extras/pandora_gotty/src/.gitignore vendored Normal file
View File

@ -0,0 +1,2 @@
*rpm
bin/*

3
extras/pandora_gotty/src/pandora_gotty Executable file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:3758eddb64db79c6ea1dac4cb200ee8ec86ef3f51723dad5be4365a1315b952b
size 13642854

29
extras/pandora_gotty/src/pandora_gotty.conf Normal file
View File

@ -0,0 +1,29 @@
//Pandora Gotty config file
// [bool] Permit clients to write to the TTY
permit_write = true
// [bool] Permit clients to send command line arguments in URL (e.g. http://example.com:8080/?arg=AAA&arg=BBB)
permit_arguments = true
// [bool] Enable random URL generation
enable_random_url = true
// [int] Default length of random strings appended to URL
// To enable random URL generation, set `true` to `enable_random_url`
random_url_length = 32
// [bool] Enable TLS/SSL
// enable_tls = false
// [string] Default TLS certificate file path
// tls_crt_file = "~/.gotty.crt"
// [string] Default TLS key file path
// tls_key_file = "~/.gotty.key"
// [bool] Enable client certificate authentication
// enable_tls_client_auth = false
// [string] Certificate file of CA for client certificates
// tls_ca_crt_file = "~/.gotty.ca.crt"

110
extras/pandora_gotty/src/pandora_gotty_exec.py Normal file
View File

@ -0,0 +1,110 @@
#!/usr/bin/env python
# -*- coding: utf-8 -*-
__author__ = "PandoraFMS Team"
__copyright__ = "Copyright 2023, PandoraFMS"
#__credits__ = ["Rob Knight", "Peter Maxwell", "Gavin Huttley", "Matthew Wakefield"]
__maintainer__ = "Projects/QA department"
__status__ = "Prod"
__version__ = "1.0"
import sys, argparse, signal, re, datetime, subprocess
info= f"""
SSH and TELNET helper for pandora_gotty.
Version: {__version__}
"""
parser = argparse.ArgumentParser(description= info, formatter_class=argparse.RawTextHelpFormatter)
parser.add_argument('exec_cmd',
help='Aplication to be executed, avalibles: ssh or telnet',type=str, choices=['ssh', 'telnet'])
parser.add_argument('address',
help='IP addres or dns name to connect', type=str, default="")
parser.add_argument('port',
help='Port to connect', type=int, default=23)
parser.add_argument('user',
help='Username, only requiered for ssh connection', type=str, default="", nargs='?')
args = parser.parse_args()
# Define a function to handle the SIGINT signal
def sigint_handler(signal, frame):
print ('\nInterrupted by user', file=sys.stderr)
sys.exit(0)
signal.signal(signal.SIGINT, sigint_handler)
# Define a function to handle the SIGTERM signal
def sigterm_handler(signum, frame):
print("Received SIGTERM signal.", file=sys.stderr)
sys.exit(0)
signal.signal(signal.SIGTERM, sigterm_handler)
# Functions
def is_valid_add(add:str):
# Regular expression to match an IP address
ip_pattern = r'^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$'
# Regular expression to match a DNS name (domain name)
dns_pattern = r'^[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$'
if re.match(ip_pattern, add) or re.match(dns_pattern, add):
return True
else:
print(f"Error not valid address: {add}", file=sys.stderr)
return False
def is_valid_username(username:str):
# Regular expression to match a valid Linux username
username_pattern = r'^[a-zA-Z_][a-zA-Z0-9_]{0,31}$'
if re.match(username_pattern, username) is not None:
return True
else:
print(f"Error not valid username: {username}", file=sys.stderr)
return False
def exec_ssh (user:str, add:str, port:int):
# Previus checks
if is_valid_username(user) == False:
return False
if is_valid_add(add) == False:
return False
if port == 0 :
return False
try:
print("> Starting SSH connection...")
ssh_command = f"ssh {user}@{add} -p {port}"
subprocess.run(ssh_command, shell=True, encoding='utf-8', text=True)
except subprocess.CalledProcessError as e:
raise SystemExit(e)
return True
def exec_telnet (add:str, port:int):
# Previus checks
if is_valid_add(add) == False:
return False
try:
print("> Starting Telnet connection...")
ssh_command = f"telnet -E {add} {port}"
subprocess.run(ssh_command, shell=True, encoding='utf-8', text=True)
except subprocess.CalledProcessError as e:
raise SystemExit(e)
return True
# Main
if __name__ == "__main__":
if args.exec_cmd == "ssh":
exec_ssh(args.user, args.address, args.port)
print ("> ssh session finished")
sys.exit(0)
if args.exec_cmd == "telnet":
exec_telnet(args.address, args.port)
print ("> telnet session finished")
sys.exit(0)
sys.exit(0)

5
extras/pandora_update_version.sh
View File

@ -22,13 +22,16 @@ else
fi
SPEC_FILES="$CODEHOME/pandora_console/pandora_console.spec \
$CODEHOME/pandora_agents/unix/pandora_agent.spec \
$CODEHOME/pandora_agents/unix/pandora_agent.redhat_bin.el8.spec \
$CODEHOME/pandora_agents/unix/pandora_agent.redhat_bin.el9.spec \
$CODEHOME/pandora_agents/unix/pandora_agent.redhat_bin.spec \
$CODEHOME/pandora_agents/unix/pandora_agent.redhat.spec \
$CODEHOME/pandora_server/pandora_server.spec \
$PANDHOME_ENT/pandora_console/enterprise/pandora_console_enterprise.spec \
$PANDHOME_ENT/pandora_server/PandoraFMS-Enterprise/pandora_server_enterprise.spec \
$CODEHOME/pandora_console/pandora_console.redhat.spec \
$CODEHOME/pandora_console/pandora_console.rhel7.spec \
$CODEHOME/pandora_agents/unix/pandora_agent.redhat.spec \
$CODEHOME/pandora_agents/unix/pandora_agent.redhat_bin.spec \
$CODEHOME/pandora_server/pandora_server.redhat.spec \
$PANDHOME_ENT/pandora_agents/pandora_agent.spec \
$PANDHOME_ENT/pandora_server/pandora_server_enterprise.redhat.spec \

2
pandora_agents/pc/AIX/pandora_agent.conf
View File

@ -1,5 +1,5 @@
# Base config file for Pandora FMS agents
# Version 7.0NG.773.3, AIX version
# Version 7.0NG.775, AIX version
# Licensed under GPL license v2,
# Copyright (c) 2003-2023 Pandora FMS
# http://www.pandorafms.com

2
pandora_agents/pc/FreeBSD/pandora_agent.conf
View File

@ -1,5 +1,5 @@
# Base config file for Pandora FMS agents
# Version 7.0NG.773.3, FreeBSD Version
# Version 7.0NG.775, FreeBSD Version
# Licensed under GPL license v2,
# Copyright (c) 2003-2023 Pandora FMS
# http://www.pandorafms.com

2
pandora_agents/pc/HP-UX/pandora_agent.conf
View File

@ -1,5 +1,5 @@
# Base config file for Pandora FMS agents
# Version 7.0NG.773.3, HP-UX Version
# Version 7.0NG.775, HP-UX Version
# Licensed under GPL license v2,
# Copyright (c) 2003-2023 Pandora FMS
# http://www.pandorafms.com

36
pandora_agents/pc/Linux/pandora_agent.conf
View File

@ -1,5 +1,5 @@
# Base config file for Pandora FMS agents
# Version 7.0NG.773.3, GNU/Linux
# Version 7.0NG.775, GNU/Linux
# Licensed under GPL license v2,
# Copyright (c) 2003-2023 Pandora FMS
# http://www.pandorafms.com
@ -234,6 +234,21 @@ module_description Number of cron task files
module_unit files
module_end
# This module /var/log/syslog file, under the module name "syslog"
# And search for "ssh" string into it, sending only that information.
module_begin
module_name Syslog
module_description Search for ssh string into /var/log/syslog file
module_type log
module_regexp /var/log/syslog
module_pattern ssh
module_end
#Hardening plugin for security compliance analysis. Enable to use it.
#module_begin
#module_plugin /usr/share/pandora_agent/plugins/pandora_hardening -t 150
#module_absoluteinterval 7d
#module_end
# Plugin example
@ -241,11 +256,6 @@ module_end
module_plugin pandora_df
# This parses /var/log/syslog file, under the module name "syslog"
# And search for "ssh" string into it, sending only that information.
module_plugin grep_log /var/log/syslog Syslog ssh
# Get disk space free in MB
#module_begin
#module_name disk_root_free
@ -270,7 +280,6 @@ module_plugin grep_log /var/log/syslog Syslog ssh
#module_end
# Plugin for inventory on the agent.
# module_plugin inventory 1 cpu ram video nic hd cdrom software init_services filesystem users process ip route
# Example of preconditions
@ -300,3 +309,16 @@ module_plugin grep_log /var/log/syslog Syslog ssh
#module_exec echo 5
#module_description Postcondition test module
#module_end
# This plugin runs several security checks in a Linux system
#module_plugin pandora_security_check
# Extraction module example
#module_begin
#module_name Collector
#module_description Logs extraction module
#module_type log
#module_regexp /var/log/logfile.log
#module_pattern .*
#module_end

2
pandora_agents/pc/NT4/pandora_agent.conf
View File

@ -1,5 +1,5 @@
# Base config file for Pandora FMS agents
# Version 7.0NG.773.3, GNU/Linux
# Version 7.0NG.775, GNU/Linux
# Licensed under GPL license v2,
# Copyright (c) 2003-2023 Pandora FMS
# http://www.pandorafms.com

2
pandora_agents/pc/SunOS/pandora_agent.conf
View File

@ -1,5 +1,5 @@
# Base config file for Pandora FMS agents
# Version 7.0NG.773.3, Solaris Version
# Version 7.0NG.775, Solaris Version
# Licensed under GPL license v2,
# Copyright (c) 2003-2023 Pandora FMS
# http://www.pandorafms.com

32
pandora_agents/pc/Win32/pandora_agent.conf
View File

@ -1,6 +1,6 @@
# Base config file for Pandora FMS Windows Agent
# (c) 2006-2023 Pandora FMS
# Version 7.0NG.773.3
# Version 7.0NG.775
# This program is Free Software, you can redistribute it and/or modify it
# under the terms of the GNU General Public Licence as published by the Free Software
# Foundation; either version 2 of the Licence or any later version
@ -147,22 +147,23 @@ module_max_critical 20
module_end
# Log events
# Get logs from System source.
module_begin
module_name System Events (TermService)
module_type async_string
module_logevent
module_description Log Events coming from Terminal Service
module_type log
module_logevent
module_source System
module_application TermService
module_end
# Get logs from Security source.
module_begin
module_name Security Events (Invalid Login)
module_type async_string
module_description Security log events for invalid login attempt
module_name Security Events
module_description Security log events
module_type log
module_logevent
module_source Security
module_eventcode 529
module_end
# Check if Dhcp service is enabled
@ -219,6 +220,12 @@ module_plugin cscript.exe //B "%ProgramFiles%\Pandora_Agent\util\df.vbs"
# module_description Free space on drive D: (%)
# module_end
# Hardening plugin for security compliance analysis.
# module_begin
# module_plugin "%PROGRAMFILES%\Pandora_Agent\util\pandora_hardening.exe -t 150"
# module_absoluteinterval 7d
# module_end
# Sample of Windows inventory module (ONLY ENTERPRISE)!
#module_begin
#module_name Inventory
@ -344,4 +351,13 @@ module_plugin cscript.exe //B "%ProgramFiles%\Pandora_Agent\util\df.vbs"
#module_condition (3,8) cmd.exe /c echo range >> c:\log.txt
#module_exec echo 5
#module_description Postcondition test module
#module_end
# Example of collector module
#module_begin
#module_name Collector
#module_description Logs extraction module
#module_type log
#module_regexp /var/log/logfile.log
#module_pattern .*
#module_end

3
pandora_agents/pc/Win32/scripts/install_service_restart.bat
View File

@ -1,2 +1,3 @@
@at 00:00 /every:1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30 "%CD%\restart_pandora_agent.bat"
@at 00:00 /every:1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30 "'%CD%\restart_pandora_agent.bat'"
schtasks /change /tn pandora_agent_restart /tr "'%CD%\restart_pandora_agent.bat'"

19
pandora_agents/pc/pandora_agent
View File

@ -54,7 +54,6 @@ if (!$@) {
use constant AGENT_VERSION => '4.0.1';
use constant AGENT_BUILD => '111213';
# Commands to retrieve total memory information in kB
use constant TOTALMEMORY_CMDS => {
linux => 'cat /proc/meminfo | grep MemTotal: | awk \'{ print $2 }\'',
@ -117,7 +116,6 @@ my $ConfDir = '';
# Pandora FMS agent configuration file
my $ConfFile = 'pandora_agent.conf';
# Broker agent configuration files
my @BrokerPid;
@ -264,7 +262,6 @@ sub valid_regexp ($) {
sub rmrf {
my $path = shift;
local *DIR;
if (-d $path) {
opendir (DIR, $path) || return;
while (defined (my $file_name = readdir(DIR))) {
@ -348,7 +345,6 @@ sub log_message ($$;$) {
}
}
}
################################################################################
# Add the given directory to the PATH.
################################################################################
@ -582,7 +578,6 @@ sub write_broker_conf($){
}
while (my $line = <CONF_FILE>){
# Skip broker definitions
if ($line =~ m/^\s*broker_agent/) {
next;
@ -1810,7 +1805,6 @@ sub exec_plugin ($) {
$Sem->down () if (defined ($Sem));
$Xml .= $output;
$Sem->up () if (defined ($Sem));
$ThreadSem->up () if (defined ($ThreadSem) && $Conf{'agent_threads'} > 1);
}
@ -2185,16 +2179,7 @@ sub configure ($) {
#Launch tentacle server in proxy mode if configured
if ($Conf{'proxy_mode'}) {
#Check if user is root
if ($> != 0) {
if (launch_tentacle_proxy() != 0) {
return 1;
}
} else {
error ('Proxy mode can not be launched as root');
return 1;
}
return 1 if (launch_tentacle_proxy() != 0);
}
# Add the plugins directory to the PATH
@ -2287,4 +2272,4 @@ This is released under the GNU Lesser General Public License.
Copyright (c) 2005-2023 Pandora FMS
=cut
=cut

1
pandora_agents/plugins/windows/pandora_security_win/.gitignore vendored Normal file
View File

@ -0,0 +1 @@
dist

10
pandora_agents/plugins/windows/pandora_security_win/Makefile Normal file
View File

@ -0,0 +1,10 @@
# Makefile for winexe.py.
.PHONY: all build_image pandora_security_win.py
all: build_image pandora_security_win.py
build_image:
docker build -t pandora_security_win docker/
pandora_security_win.py:
docker run --rm -t -v`pwd`:/pybuild pandora_security_win

5
pandora_agents/plugins/windows/pandora_security_win/build.sh Normal file
View File

@ -0,0 +1,5 @@
#!/bin/bash
# Build the winexe binary.
wine pip install -r src/requirements.txt
wine pyinstaller --onefile src/pandora_security_win.py
rm -rf build/ __pycache__/ pandora_security_win.spec

34
pandora_agents/plugins/windows/pandora_security_win/docker/Dockerfile Normal file
View File

@ -0,0 +1,34 @@
FROM i386/debian
# Update the package list.
RUN apt-get update
# Install needed packages.
RUN apt-get install --yes \
gnupg2 \
unzip \
software-properties-common \
wget \
xvfb
# Install WineHQ.
RUN wget -q https://dl.winehq.org/wine-builds/winehq.key -O- | apt-key add -
RUN apt-add-repository https://dl.winehq.org/wine-builds/debian/; apt-get update
RUN apt-get install --yes --install-recommends wine
# Use Windows 10.
COPY winetricks /tmp/winetricks
RUN /bin/bash /tmp/winetricks win10; rm -f /tmp/winetricks
# Install Python.
RUN wget https://www.python.org/ftp/python/3.8.10/python-3.8.10.exe
RUN xvfb-run wine python-3.8.10.exe /quiet Include_doc=0 Include_dev=0 Include_test=0 InstallAllUsers=1 PrependPath=1 TargetDir=c:\python; echo
ENV WINEPATH="c:\\python;c:\\python\Scripts"
# Install Python modules..
RUN wine pip.exe install wheel
RUN wine pip.exe install pyinstaller
VOLUME ["/pybuild"]
WORKDIR "/pybuild"
ENTRYPOINT ["/bin/bash", "/pybuild/build.sh"]

23525
pandora_agents/plugins/windows/pandora_security_win/docker/winetricks Normal file
View File

File diff suppressed because it is too large Load Diff

406
pandora_agents/plugins/windows/pandora_security_win/src/pandora_security_win.py Normal file
View File

@ -0,0 +1,406 @@
import wmi, sys, winreg, os, subprocess, json, re
from datetime import datetime, timedelta
## Define modules
modules=[]
def print_module(module, print_flag=None):
"""Returns module in XML format. Accepts only {dict}.\n
- Only works with one module at a time: otherwise iteration is needed.
- Module "value" field accepts str type or [list] for datalists.
- Use print_flag to show modules' XML in STDOUT.
"""
data = dict(module)
module_xml = ("<module>\n"
"\t<name><![CDATA[" + str(data["name"]) + "]]></name>\n"
"\t<type>" + str(data["type"]) + "</type>\n"
)
if type(data["type"]) is not str and "string" not in data["type"]: #### Strip spaces if module not generic_data_string
data["value"] = data["value"].strip()
if isinstance(data["value"], list): # Checks if value is a list
module_xml += "\t<datalist>\n"
for value in data["value"]:
if type(value) is dict and "value" in value:
module_xml += "\t<data>\n"
module_xml += "\t\t<value><![CDATA[" + str(value["value"]) + "]]></value>\n"
if "timestamp" in value:
module_xml += "\t\t<timestamp><![CDATA[" + str(value["timestamp"]) + "]]></timestamp>\n"
module_xml += "\t</data>\n"
module_xml += "\t</datalist>\n"
else:
module_xml += "\t<data><![CDATA[" + str(data["value"]) + "]]></data>\n"
if "desc" in data:
module_xml += "\t<description><![CDATA[" + str(data["desc"]) + "]]></description>\n"
if "unit" in data:
module_xml += "\t<unit><![CDATA[" + str(data["unit"]) + "]]></unit>\n"
if "interval" in data:
module_xml += "\t<module_interval><![CDATA[" + str(data["interval"]) + "]]></module_interval>\n"
if "tags" in data:
module_xml += "\t<tags>" + str(data["tags"]) + "</tags>\n"
if "module_group" in data:
module_xml += "\t<module_group>" + str(data["module_group"]) + "</module_group>\n"
if "module_parent" in data:
module_xml += "\t<module_parent>" + str(data["module_parent"]) + "</module_parent>\n"
if "min_warning" in data:
module_xml += "\t<min_warning><![CDATA[" + str(data["min_warning"]) + "]]></min_warning>\n"
if "min_warning_forced" in data:
module_xml += "\t<min_warning_forced><![CDATA[" + str(data["min_warning_forced"]) + "]]></min_warning_forced>\n"
if "max_warning" in data:
module_xml += "\t<max_warning><![CDATA[" + str(data["max_warning"]) + "]]></max_warning>\n"
if "max_warning_forced" in data:
module_xml += "\t<max_warning_forced><![CDATA[" + str(data["max_warning_forced"]) + "]]></max_warning_forced>\n"
if "min_critical" in data:
module_xml += "\t<min_critical><![CDATA[" + str(data["min_critical"]) + "]]></min_critical>\n"
if "min_critical_forced" in data:
module_xml += "\t<min_critical_forced><![CDATA[" + str(data["min_critical_forced"]) + "]]></min_critical_forced>\n"
if "max_critical" in data:
module_xml += "\t<max_critical><![CDATA[" + str(data["max_critical"]) + "]]></max_critical>\n"
if "max_critical_forced" in data:
module_xml += "\t<max_critical_forced><![CDATA[" + str(data["max_critical_forced"]) + "]]></max_critical_forced>\n"
if "str_warning" in data:
module_xml += "\t<str_warning><![CDATA[" + str(data["str_warning"]) + "]]></str_warning>\n"
if "str_warning_forced" in data:
module_xml += "\t<str_warning_forced><![CDATA[" + str(data["str_warning_forced"]) + "]]></str_warning_forced>\n"
if "str_critical" in data:
module_xml += "\t<str_critical><![CDATA[" + str(data["str_critical"]) + "]]></str_critical>\n"
if "str_critical_forced" in data:
module_xml += "\t<str_critical_forced><![CDATA[" + str(data["str_critical_forced"]) + "]]></str_critical_forced>\n"
if "critical_inverse" in data:
module_xml += "\t<critical_inverse><![CDATA[" + str(data["critical_inverse"]) + "]]></critical_inverse>\n"
if "warning_inverse" in data:
module_xml += "\t<warning_inverse><![CDATA[" + str(data["warning_inverse"]) + "]]></warning_inverse>\n"
if "max" in data:
module_xml += "\t<max><![CDATA[" + str(data["max"]) + "]]></max>\n"
if "min" in data:
module_xml += "\t<min><![CDATA[" + str(data["min"]) + "]]></min>\n"
if "post_process" in data:
module_xml += "\t<post_process><![CDATA[" + str(data["post_process"]) + "]]></post_process>\n"
if "disabled" in data:
module_xml += "\t<disabled><![CDATA[" + str(data["disabled"]) + "]]></disabled>\n"
if "min_ff_event" in data:
module_xml += "\t<min_ff_event><![CDATA[" + str(data["min_ff_event"]) + "]]></min_ff_event>\n"
if "status" in data:
module_xml += "\t<status><![CDATA[" + str(data["status"]) + "]]></status>\n"
if "timestamp" in data:
module_xml += "\t<timestamp><![CDATA[" + str(data["timestamp"]) + "]]></timestamp>\n"
if "custom_id" in data:
module_xml += "\t<custom_id><![CDATA[" + str(data["custom_id"]) + "]]></custom_id>\n"
if "critical_instructions" in data:
module_xml += "\t<critical_instructions><![CDATA[" + str(data["critical_instructions"]) + "]]></critical_instructions>\n"
if "warning_instructions" in data:
module_xml += "\t<warning_instructions><![CDATA[" + str(data["warning_instructions"]) + "]]></warning_instructions>\n"
if "unknown_instructions" in data:
module_xml += "\t<unknown_instructions><![CDATA[" + str(data["unknown_instructions"]) + "]]></unknown_instructions>\n"
if "quiet" in data:
module_xml += "\t<quiet><![CDATA[" + str(data["quiet"]) + "]]></quiet>\n"
if "module_ff_interval" in data:
module_xml += "\t<module_ff_interval><![CDATA[" + str(data["module_ff_interval"]) + "]]></module_ff_interval>\n"
if "crontab" in data:
module_xml += "\t<crontab><![CDATA[" + str(data["crontab"]) + "]]></crontab>\n"
if "min_ff_event_normal" in data:
module_xml += "\t<min_ff_event_normal><![CDATA[" + str(data["min_ff_event_normal"]) + "]]></min_ff_event_normal>\n"
if "min_ff_event_warning" in data:
module_xml += "\t<min_ff_event_warning><![CDATA[" + str(data["min_ff_event_warning"]) + "]]></min_ff_event_warning>\n"
if "min_ff_event_critical" in data:
module_xml += "\t<min_ff_event_critical><![CDATA[" + str(data["min_ff_event_critical"]) + "]]></min_ff_event_critical>\n"
if "ff_type" in data:
module_xml += "\t<ff_type><![CDATA[" + str(data["ff_type"]) + "]]></ff_type>\n"
if "ff_timeout" in data:
module_xml += "\t<ff_timeout><![CDATA[" + str(data["ff_timeout"]) + "]]></ff_timeout>\n"
if "each_ff" in data:
module_xml += "\t<each_ff><![CDATA[" + str(data["each_ff"]) + "]]></each_ff>\n"
if "module_parent_unlink" in data:
module_xml += "\t<module_parent_unlink><![CDATA[" + str(data["parent_unlink"]) + "]]></module_parent_unlink>\n"
if "global_alerts" in data:
for alert in data["alert"]:
module_xml += "\t<alert_template><![CDATA[" + alert + "]]></alert_template>\n"
module_xml += "</module>\n"
if print_flag:
print (module_xml)
return (module_xml)
def check_antivirus_status():
try:
wmi_obj = wmi.WMI(namespace="root/SecurityCenter2")
antivirus_products = wmi_obj.query("SELECT * FROM AntivirusProduct")
for product in antivirus_products:
display_name = product.displayName
product_state = product.productState
product_state_hex = hex(product_state)
last_update = product.timestamp
atv_status = int(product_state_hex[3:5])
atv_uptodate = int(product_state_hex[5:7])
atv_status = 1 if atv_status in [10, 11] else 0
atv_uptodate = 1 if atv_uptodate in [00,] else 0
#print(f"{display_name}, product_state: {product_state}, product_state_hex: {product_state_hex}, last_update: {last_update}, status: {atv_status}, uptodate: {atv_uptodate}")
modules.append({
"name" : f"{display_name} Antivirus status",
"type" : "generic_proc",
"value": atv_status,
"module_group": "security",
"desc" : f"{display_name} state: {product_state}, last update: {last_update}",
})
modules.append({
"name" : f"{display_name} Antivirus up to date",
"type" : "generic_proc",
"value": atv_uptodate,
"module_group": "security",
"desc" : f"{display_name} state: {product_state}, last update: {last_update}",
})
except Exception as e:
print(f"Error check antivirus: {e}", file=sys.stderr)
def is_lock_screen_enabled():
try:
# Open the registry key
key_path = r"SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System"
with winreg.OpenKey(winreg.HKEY_LOCAL_MACHINE, key_path) as key:
# Query the value of the DisableLockScreen key
value_name = "DisableLockScreen"
value, _ = winreg.QueryValueEx(key, value_name)
# Check if the lock screen is enabled (0 means enabled)
status = value == 0
if status == False: return status
except FileNotFoundError:
# If the registry key or value is not found, consider it as enabled
status = True
except Exception as e:
print(f"Error check lockscreen: {e}", file=sys.stderr)
status = False
try:
# Define the registry key for the lock screen settings
reg_key_path = r"SOFTWARE\Policies\Microsoft\Windows\Personalization"
reg_key = winreg.OpenKey(winreg.HKEY_LOCAL_MACHINE, reg_key_path)
# Query the "NoLockScreen" DWORD value
value_name = "NoLockScreen"
value, _ = winreg.QueryValueEx(reg_key, value_name)
# Check if the "NoLockScreen" value is 0 (enabled)
status = value == 0
if status == False: return status
except FileNotFoundError:
# If the registry key or value is not found, consider it as enabled
status = True
except Exception as e:
print(f"Error check lockscreen: {e}", file=sys.stderr)
status = False
return status
def check_locksreen_enables():
status = is_lock_screen_enabled()
value = 1 if status == True else 0
modules.append({
"name" : "Lockscreen status",
"type" : "generic_proc",
"value": value,
"module_group": "security",
"desc" : f"Check lockscreen enable",
})
def convert_to_human_readable_date(timestamp_str):
try:
# Parse the timestamp string without the time zone
timestamp = datetime.strptime(timestamp_str, '%Y%m%d%H%M%S')
# Convert to a human-readable format
human_readable_date = timestamp.strftime('%Y-%m-%d %H:%M:%S %z')
return human_readable_date.strip()
except Exception as e:
print(f"Error converting date: {e}", file=sys.stderr)
return None
def check_time_difference(timestamp, timedays=10):
try:
# Convert the timestamp string to a datetime object
given_timestamp = datetime.strptime(timestamp, '%Y-%m-%d %H:%M:%S')
# Get the current time
current_time = datetime.now()
#Calculate the time difference
time_difference = current_time - given_timestamp
# Check if the time difference is greater than one hour
if time_difference < timedelta(days=timedays):
return "1"
else:
return "0"
except Exception as e:
print(f"Error check time difference: {e}", file=sys.stderr)
return 0
def get_windows_update_info(limit=5):
try:
# Connect to the Win32_ReliabilityRecords class in the root/cimv2 namespace
wmi_conn = wmi.WMI()
# Query the Win32_ReliabilityRecords class for Windows Update information
query = "SELECT * FROM Win32_ReliabilityRecords WHERE sourcename = 'Microsoft-Windows-WindowsUpdateClient'"
result = wmi_conn.query(query)
# Extract relevant information and format output
update_info = [
{
"date": convert_to_human_readable_date(record.timegenerated.split('.')[0]),
"update": record.message
}
for record in result[:limit]
]
last_update_date=update_info[0]['date']
value=check_time_difference(last_update_date)
modules.append({
"name" : "Microsoft Update system status",
"type" : "generic_proc",
"value": value,
"module_group": "security",
"desc" : f"Check if system was updated in the last 10 days. last update: {last_update_date}",
})
return True
except Exception as e:
print(f"Error windows update check: {e}", file=sys.stderr)
return False
def is_firewall_enabled():
try:
# Run PowerShell command to check if the Windows Firewall is enabled
result = subprocess.run(
['powershell', 'Get-NetFirewallProfile |Select-Object profile, enabled | ConvertTo-Json'],
capture_output=True,
text=True
)
result_json= json.loads(result.stdout)
for profile in result_json:
modules.append({
"name" : f"Firewall profile: {profile['Profile']} status",
"type" : "generic_proc",
"value": profile["Enabled"],
"module_group": "security",
"desc" : f"Check if firewall profile {profile['Profile']} is enabled",
})
return True
except Exception as e:
print(f"Error firewall check: {e}", file=sys.stderr)
return False
def check_password_enforcement():
enforce_pass = 1
counter = 0
try:
# Connect to the WMI service
wmi_service = wmi.WMI()
# Query for user accounts
users = wmi_service.Win32_UserAccount()
# Check if each user enforces password
for user in users:
# username = user.Name
# password_required = user.PasswordRequired
if user.PasswordRequired == False :
enforce_pass = 0
counter += 1
#print(f"User: {username}, Password Required: {password_required}")
modules.append({
"name" : "All users enforced password",
"type" : "generic_proc",
"value": enforce_pass,
"module_group": "security",
"desc" : f"Check if all users has enforced password, not secure users = {counter}",
})
except Exception as e:
print(f"Error: {e}", file=sys.stderr)
print("Failed to check password enforcement for users.", file=sys.stderr)
def check_login_audit_policy():
try:
# Run the auditpol command to check the audit policy for Logon/Logoff
cmd_command = "auditpol /get /subcategory:Logon"
result = subprocess.run(cmd_command, shell=True, capture_output=True, text=True, check=True)
last_line = result.stdout.strip().split('\n')[-1]
cleaned_line = re.sub(' +', ' ', last_line)
# Interpret the result
if "Success and Failure" in result.stdout:
result = 1
elif "Aciertos y errores" in result.stdout:
result = 1
elif "No Auditing" in result.stdout:
result = 0
elif "Sin auditoría" in result.stdout:
result = 0
else:
print("Unable to determine audit policy for Logon/Logoff events.", file=sys.stderr)
result = 0
modules.append({
"name" : "Check logon event audited",
"type" : "generic_proc",
"value": result,
"module_group": "security",
"desc" : f"Check if the logon events audit log is enables, status:{cleaned_line}",
})
except subprocess.CalledProcessError as e:
print(f"Error: {e}")
print("Failed to check audit policy using auditpol command.", file=sys.stderr)
return
if __name__ == "__main__":
check_antivirus_status()
check_locksreen_enables()
get_windows_update_info()
is_firewall_enabled()
check_password_enforcement()
check_login_audit_policy()
for module in modules:
print_module(module, True)
# Windows Defender status values:
# 0: No action needed
# 266240: Antivirus is up to date
# 266256: Antivirus is out of date
# 266304: Antivirus is not monitoring
# 393216 (0x60000): No action needed.
# 393232 (0x60010): Antivirus is up to date.
# 393240 (0x60018): Antivirus is out of date.
# 393216 (0x60030): Antivirus is not monitoring.
# 397312 (0x61000): Antivirus is disabled.
# AVG Internet Security 2012 (from antivirusproduct WMI)
# 262144 (040000) = disabled and up to date
# 266240 (041000) = enabled and up to date
# AVG Internet Security 2012 (from firewallproduct WMI)
# 266256 (041010) = firewall enabled - (last two blocks not relevant it seems for firewall)
# 262160 (040010) = firewall disabled - (last two blocks not relevant it seems for firewall)
# Windows Defender
# 393472 (060100) = disabled and up to date
# 397584 (061110) = enabled and out of date
# 397568 (061100) = enabled and up to date
# Microsoft Security Essentials
# 397312 (061000) = enabled and up to date
# 393216 (060000) = disabled and up to date

1
pandora_agents/plugins/windows/pandora_security_win/src/requirements.txt Normal file
View File

@ -0,0 +1 @@
WMI==1.5.1

2
pandora_agents/shellscript/aix/pandora_agent.conf
View File

@ -1,6 +1,6 @@
# Fichero de configuracion base de agentes de Pandora
# Base config file for Pandora agents
# Version 7.0NG.773.3, AIX version
# Version 7.0NG.775, AIX version
# General Parameters
# ==================

2
pandora_agents/shellscript/bsd-ipso/pandora_agent.conf
View File

@ -1,6 +1,6 @@
# Fichero de configuracion base de agentes de Pandora
# Base config file for Pandora agents
# Version 7.0NG.773.3
# Version 7.0NG.775
# FreeBSD/IPSO version
# Licenced under GPL licence, 2003-2007 Sancho Lerena

2
pandora_agents/shellscript/hp-ux/pandora_agent.conf
View File

@ -1,6 +1,6 @@
# Fichero de configuracion base de agentes de Pandora
# Base config file for Pandora agents
# Version 7.0NG.773.3, HPUX Version
# Version 7.0NG.775, HPUX Version
# General Parameters
# ==================

28
pandora_agents/shellscript/linux/pandora_agent.conf
View File

@ -1,5 +1,5 @@
# Base config file for Pandora FMS agents
# Version 7.0NG.773.3
# Version 7.0NG.775
# Licensed under GPL license v2,
# (c) 2003-2023 Pandora FMS
# please visit http://pandora.sourceforge.net
@ -157,12 +157,32 @@ module_exec last | head -1
module_description Last Login
module_end
# Plugin example
#Hardening plugin for security compliance analysis. Enable to use it.
#module_begin
#module_plugin /usr/share/pandora_agent/plugins/pandora_hardening -t 150
#module_absoluteinterval 7d
#module_end
# This parses /var/log/syslog file, under the module name "syslog"
# This module parses /var/log/syslog file, under the module name "syslog"
# And search for "ssh" string into it, sending only that information.
module_begin
module_name Syslog
module_description Search for ssh string into /var/log/syslog file
module_type log
module_regexp /var/log/syslog
module_pattern ssh
module_end
module_plugin grep_log /var/log/syslog Syslog ssh
# Plugin example
# Plugin for inventory on the agent.
# module_plugin inventory 1 cpu ram video nic hd cdrom software
# Extraction module example
#module_begin
#module_name Collector
#module_description Logs extraction module
#module_type log
#module_regexp /var/log/logfile.log
#module_pattern .*
#module_end

33
pandora_agents/shellscript/mac_osx/pandora_agent.conf
View File

@ -1,5 +1,5 @@
# Base config file for Pandora FMS agents
# Version 7.0NG.773.3
# Version 7.0NG.775
# Licensed under GPL license v2,
# (c) 2003-2023 Pandora FMS
# please visit http://pandora.sourceforge.net
@ -372,13 +372,32 @@ module_end
#module_description XGrid
#module_end
#Hardening plugin for security compliance analysis. Enable to use it.
#module_begin
#module_plugin /usr/share/pandora_agent/plugins/pandora_hardening -t 150
#module_absoluteinterval 7d
#module_end
# This module parses /var/log/syslog file, under the module name "syslog"
# And search for "ssh" string into it, sending only that information.
module_begin
module_name Syslog
module_description Log collection modules
module_type log
module_regexp /var/log/syslog
module_pattern ssh
module_end
# Plugin example
# This parses /var/log/syslog file, under the module name "syslog"
# And search for "ssh" string into it, sending only that information.
#module_plugin grep_log /var/log/syslog Syslog ssh
# Plugin for inventory on the agent.
# module_plugin inventory 1 cpu ram video nic hd cdrom software
# Extraction module example
#module_begin
#module_name Collector
#module_description Logs extraction module
#module_type log
#module_regexp /var/log/logfile.log
#module_pattern .*
#module_end

2
pandora_agents/shellscript/openWRT/pandora_agent.conf
View File

@ -1,5 +1,5 @@
# Base config file for Pandora FMS agents
# Version 7.0NG.773.3
# Version 7.0NG.775
# Licensed under GPL license v2,
# please visit http://pandora.sourceforge.net

2
pandora_agents/shellscript/solaris/pandora_agent.conf
View File

@ -1,6 +1,6 @@
# Fichero de configuracion base de agentes de Pandora
# Base config file for Pandora agents
# Version 7.0NG.773.3, Solaris version
# Version 7.0NG.775, Solaris version
# General Parameters
# ==================

2
pandora_agents/unix/AIX/pandora_agent.conf
View File

@ -1,5 +1,5 @@
# Base config file for Pandora FMS agents
# Version 7.0NG.773.3, AIX version
# Version 7.0NG.775, AIX version
# Licensed under GPL license v2,
# Copyright (c) 2003-2023 Pandora FMS
# http://www.pandorafms.com

2
pandora_agents/unix/DEBIAN/control
View File

@ -1,5 +1,5 @@
package: pandorafms-agent-unix
Version: 7.0NG.773.3-230906
Version: 7.0NG.775-240117
Architecture: all
Priority: optional
Section: admin

2
pandora_agents/unix/DEBIAN/make_deb_package.sh
View File

@ -14,7 +14,7 @@
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
pandora_version="7.0NG.773.3-230906"
pandora_version="7.0NG.775-240117"
echo "Test if you has the tools for to make the packages."
whereis dpkg-deb | cut -d":" -f2 | grep dpkg-deb > /dev/null

2
pandora_agents/unix/Darwin/dmg/build_darwin_dmg.sh
View File

@ -31,7 +31,7 @@ fi
if [ "$#" -ge 2 ]; then
VERSION="$2"
else
VERSION="7.0NG.773.3"
VERSION="7.0NG.775"
fi
# Path for the generated DMG file

4
pandora_agents/unix/Darwin/dmg/extras/distribution.xml
View File

@ -19,11 +19,11 @@
<choice id="com.pandorafms.pandorafms_src" visible="false">
<pkg-ref id="com.pandorafms.pandorafms_src"/>
</choice>
<pkg-ref id="com.pandorafms.pandorafms_src" version="7.0NG.773.3" onConclusion="none">pandorafms_src.pdk</pkg-ref>
<pkg-ref id="com.pandorafms.pandorafms_src" version="7.0NG.775" onConclusion="none">pandorafms_src.pdk</pkg-ref>
<choice id="com.pandorafms.pandorafms_uninstall" visible="true" customLocation="/Applications">
<pkg-ref id="com.pandorafms.pandorafms_uninstall"/>
</choice>
<pkg-ref id="com.pandorafms.pandorafms_uninstall" version="7.0NG.773.3" onConclusion="none">pandorafms_uninstall.pdk</pkg-ref>
<pkg-ref id="com.pandorafms.pandorafms_uninstall" version="7.0NG.775" onConclusion="none">pandorafms_uninstall.pdk</pkg-ref>
<!-- <installation-check script="check()" />
<script>
<![CDATA[

6
pandora_agents/unix/Darwin/dmg/files/pandorafms_uninstall/PandoraFMS agent uninstaller.app/Contents/Info.plist
View File

@ -5,9 +5,9 @@
<key>CFBundleIconFile</key> <string>pandorafms.icns</string>
<key>CFBundleIdentifier</key> <string>com.pandorafms.pandorafms_uninstall</string>
<key>CFBundleVersion</key> <string>7.0NG.773.3</string>
<key>CFBundleGetInfoString</key> <string>7.0NG.773.3 Pandora FMS on Aug 2020</string>
<key>CFBundleShortVersionString</key> <string>7.0NG.773.3</string>
<key>CFBundleVersion</key> <string>7.0NG.775</string>
<key>CFBundleGetInfoString</key> <string>7.0NG.775 Pandora FMS on Aug 2020</string>
<key>CFBundleShortVersionString</key> <string>7.0NG.775</string>
<key>NSPrincipalClass</key><string>NSApplication</string>
<key>NSMainNibFile</key><string>MainMenu</string>

36
pandora_agents/unix/Darwin/pandora_agent.conf
View File

@ -1,5 +1,5 @@
# Base config file for Pandora FMS agents
# Version 7.0NG.773.3, GNU/Linux
# Version 7.0NG.775, GNU/Linux
# Licensed under GPL license v2,
# Copyright (c) 2003-2023 Pandora FMS
# http://www.pandorafms.com
@ -239,8 +239,34 @@ module_exec df -kh / | tail -1 | awk '{ print 100-$5 }'
module_max 100
module_min 0
module_description Free disk Percentage of root partition
module_min_warning 70
module_max_warning 90
module_min_critical 91
module_max_critical 100
module_min_warning 10
module_max_warning 20
module_min_critical 0
module_max_critical 10
module_end
# Sample modules to check connectivity from your mac
#module_begin
#module_name Packet_loss
#module_type generic_data
#module_exec ping 8.8.8.8 -c 5 | grep "packet loss" | cut -d " " -f 7 | grep -o "[0-9\.]*"
#module_end
#module_begin
#module_name Internet_Latency
#module_type generic_data
#module_exec ping -c 1 8.8.8.8 | grep "time"| cut -f 4 -d "=" | grep -o "[0-9\.]*"
#module_end
#module_begin
#module_name Internet_check
#module_type generic_proc
#module_exec ping 8.8.8.8 -c 2 | grep "2 packets received" | wc -l
#module_end
# Check a running process
#module_begin
#module_name Cyberduck
#module_type generic_proc
#module_exec ps aux | grep cyberduck | grep -v grep | wc -l
#module_end

2
pandora_agents/unix/FreeBSD/pandora_agent.conf
View File

@ -1,5 +1,5 @@
# Base config file for Pandora FMS agents
# Version 7.0NG.773.3, FreeBSD Version
# Version 7.0NG.775, FreeBSD Version
# Licensed under GPL license v2,
# Copyright (c) 2003-2023 Pandora FMS
# http://www.pandorafms.com

2
pandora_agents/unix/HP-UX/pandora_agent.conf
View File

@ -1,5 +1,5 @@
# Base config file for Pandora FMS agents
# Version 7.0NG.773.3, HP-UX Version
# Version 7.0NG.775, HP-UX Version
# Licensed under GPL license v2,
# Copyright (c) 2003-2023 Pandora FMS
# http://www.pandorafms.com

23
pandora_agents/unix/Linux/pandora_agent.conf
View File

@ -1,5 +1,5 @@
# Base config file for Pandora FMS agents
# Version 7.0NG.773.3
# Version 7.0NG.775
# Licensed under GPL license v2,
# Copyright (c) 2004-2023 Pandora FMS
# https://pandorafms.com
@ -271,11 +271,17 @@ module_plugin pandora_netusage
module_plugin autodiscover --default
# Plugin for inventory on the agent.
#module_plugin inventory 1 cpu ram video nic hd cdrom software init_services filesystem users route
# module_plugin inventory 1 cpu ram video nic hd cdrom software init_services filesystem users route
# Log collection modules. This will collect log files for forensic analysis and store everything
# This is for LOG monitoring. Different than log monitoring.
#module_plugin grep_log_module /var/log/messages Syslog \.\*
module_begin
module_name Syslog
module_description Log collection modules
module_type log
module_regexp /var/log/messages
module_pattern .*
module_end
# Another samples of monitoring modules
@ -313,6 +319,15 @@ module_plugin autodiscover --default
#Hardening plugin for security compliance analysis. Enable to use it.
#module_begin
#module_plugin /usr/share/pandora_agent/plugins/pandora_sca
#module_plugin /usr/share/pandora_agent/plugins/pandora_hardening -t 150
#module_absoluteinterval 7d
#module_end
# Extraction module example
#module_begin
#module_name Collector
#module_description Logs extraction module
#module_type log
#module_regexp /var/log/logfile.log
#module_pattern .*
#module_end

2
pandora_agents/unix/NT4/pandora_agent.conf
View File

@ -1,5 +1,5 @@
# Base config file for Pandora FMS agents
# Version 7.0NG.773.3, GNU/Linux
# Version 7.0NG.775, GNU/Linux
# Licensed under GPL license v2,
# Copyright (c) 2003-2023 Pandora FMS
# http://www.pandorafms.com

2
pandora_agents/unix/NetBSD/pandora_agent.conf
View File

@ -1,5 +1,5 @@
# Base config file for Pandora FMS agents
# Version 7.0NG.773.3, NetBSD Version
# Version 7.0NG.775, NetBSD Version
# Licensed under GPL license v2,
# Copyright (c) 2003-2023 Pandora FMS
# http://www.pandorafms.com

2
pandora_agents/unix/SunOS/pandora_agent.conf
View File

@ -1,5 +1,5 @@
# Base config file for Pandora FMS agents
# Version 7.0NG.773.3, Solaris Version
# Version 7.0NG.775, Solaris Version
# Licensed under GPL license v2,
# Copyright (c) 2003-2023 Pandora FMS
# http://www.pandorafms.com

266
pandora_agents/unix/pandora_agent
View File

@ -39,6 +39,14 @@ BEGIN {
use File::Copy;
use Scalar::Util qw(looks_like_number);
use File::Basename;
BEGIN {
eval {
require MIME::Base64;
};
}
BEGIN { push @INC, '/usr/lib/perl5'; }
################################################################################
@ -1030,8 +1038,8 @@ my $Sem = undef;
# Semaphore used to control the number of threads
my $ThreadSem = undef;
use constant AGENT_VERSION => '7.0NG.773.3';
use constant AGENT_BUILD => '230906';
use constant AGENT_VERSION => '7.0NG.775';
use constant AGENT_BUILD => '240117';
# Agent log default file size maximum and instances
use constant DEFAULT_MAX_LOG_SIZE => 600000;
@ -1562,6 +1570,9 @@ sub parse_conf_modules($) {
} elsif ($line =~ /^\s*module_occupiedpercentdisk\s+(.*)$/) {
$module->{'func'} = \&module_occupiedpercentdisk;
$module->{'params'} = $1;
}elsif ($line =~ /^\s*module_regexp\s+(.*)$/) {
$module->{'func'} = \&module_logger;
$module->{'params'} = $1;
} elsif ($line =~ /^\s*module_max\s+(.*)\s*$/) {
$module->{'max'} = $1;
} elsif ($line =~ /^\s*module_min\s+(.*)\s*$/) {
@ -1817,7 +1828,11 @@ sub parse_conf_modules($) {
# Macros
} elsif ($line =~ /^\s*module_macro(\S+)\s+(.*)\s*$/) {
$module->{'macros'}{$1} = $2;
# Regexp
}
elsif ($line =~ /^\s*module_pattern(\S+)\s+(.*)\s*$/) {
$module->{'filter'} = $1;
}
}
return;
}
@ -3663,6 +3678,11 @@ sub write_module_xml ($@) {
return;
}
if ($module->{'func'} == \&module_logger) {
$Xml .= $data[0];
return
}
# Critical section
$Sem->down () if (defined ($Sem));
@ -3860,6 +3880,237 @@ sub module_plugin ($) {
return ($output);
}
################################################################################
# Read the logs
################################################################################
sub module_logger ($) {
my $module = shift;
my $status = grep_logs(
$module->{'name'},
$module->{'params'},
$module->{'filter'}
);
return $status;
}
my $encode_sub = defined(&MIME::Base64::encode_base64) ? \&MIME::Base64::encode_base64 : sub {
my ($str, $endl) = @_;
my @ALPHABET = ('A'..'Z', 'a'..'z', 0..9, '+', '/');
my $str_len = length($str);
my $str_base64 = '';
for (my $i = 0; $i < $str_len; $i += 3) {
my $chunk = substr($str, $i, 3);
my $chunk_len = length($chunk);
my $num = 0;
$num |= ord(substr($chunk, 0, 1)) << 16 if ($chunk_len >= 1);
$num |= ord(substr($chunk, 1, 1)) << 8 if ($chunk_len >= 2);
$num |= ord(substr($chunk, 2, 1)) if ($chunk_len == 3);
my $enc_1 = ($num & 0xfc0000) >> 18;
my $enc_2 = ($num & 0x03f000) >> 12;
my $enc_3 = ($num & 0x000fc0) >> 6;
my $enc_4 = ($num & 0x00003f);
$str_base64 .= $ALPHABET[$enc_1];
$str_base64 .= $ALPHABET[$enc_2];
$str_base64 .= $chunk_len >= 2 ? $ALPHABET[$enc_3] : '=';
$str_base64 .= $chunk_len == 3 ? $ALPHABET[$enc_4] : '=';
}
return $str_base64;
};
sub grep_logs {
my ($str_name, $str_file, $str_regex) = @_;
if(!$str_name){
log_message("module_logger", "Missing module name");
return;
}
if(!$str_file){
log_message("module_logger", "Missing file name");
return;
}
if(!$str_regex){
$str_regex = '.*';
}
my $idx_dir = '/tmp/';
my $idx_file = '';
my $idx_pos = 0;
my $idx_size = 0;
my $idx_ino = '';
my $module_name = $str_name;
my $log_file = $str_file;
my $reg_exp = $str_regex;
# Check that log file exists
if (! -e $log_file) {
log_message("module_logger", "File $log_file does not exist");
return;
}
# Create index file storage directory
if (! -d $idx_dir) {
if (!mkdir($idx_dir)){
log_message("module_logger", "Error creating directory $idx_dir: " . $!);
return;
}
}
# Create index file if it does not exist
$idx_file = $idx_dir.$module_name."_".basename($log_file).".idx";
if (! -e $idx_file) {
return if create_idx(\$idx_pos, \$idx_ino, \$idx_file, \$log_file, \$idx_size) == 1;
return
} else{
return if load_idx(\$idx_pos, \$idx_ino, \$idx_file, \$idx_size) == 1;
my @data = parse_log(\$idx_pos, \$idx_ino, \$idx_file, \$log_file, \$module_name, \$reg_exp, \$idx_size);
my $output = create_log($module_name, @data);
return $output;
}
# Start the function definition
sub create_idx {
my ($idx_pos_ref, $idx_ino_ref, $idx_file_ref, $log_file_ref, $idx_size_ref) = @_;
my $first_line;
log_message("module_logger", "Creating index file $$idx_file_ref");
if (!open(LOGFILE, $$log_file_ref)){
log_message("module_logger", "Error opening file $$log_file_ref: ".$!);
return 1;
}
# Go to EOF and save the position
seek(LOGFILE, 0, 2);
$$idx_pos_ref = tell(LOGFILE);
close(LOGFILE);
# Save the file inode number
$$idx_ino_ref = (stat($$log_file_ref))[1];
return 1 if save_idx($idx_pos_ref, $idx_ino_ref, $idx_file_ref, $idx_size_ref) == 1;
return 0;
}
sub save_idx {
my ($idx_pos_ref, $idx_ino_ref, $idx_file_ref, $idx_size_ref) = @_;
log_message("module_logger", "Saving index file $$idx_file_ref");
if (!open(IDXFILE, "> $$idx_file_ref")){
log_message("module_logger", "Error opening file $$idx_file_ref: ". $!);
return 1;
}
print (IDXFILE $$idx_pos_ref . " " . $$idx_ino_ref . " " . $$idx_size_ref);
close(IDXFILE);
return 0;
}
sub load_idx {
my ($idx_pos_ref, $idx_ino_ref, $idx_file_ref, $idx_size_ref) = @_;
my $line;
my $current_ino;
my $current_size;
log_message("module_logger", "Loading index file $$idx_file_ref");
if (!open(IDXFILE, $$idx_file_ref)){
log_message("module_logger", "Error opening file $$idx_file_ref: " .$!);
return 1;
}
# Read position and date
$line = <IDXFILE>;
($$idx_pos_ref, $$idx_ino_ref, $$idx_size_ref) = split(' ', $line);
close(IDXFILE);
# Reset the file index if the file has changed
$current_ino = (stat($$idx_file_ref))[1];
$current_size = -s "$$idx_file_ref";
if ($current_ino != $$idx_ino_ref || $current_size < $$idx_size_ref) {
log_message("module_logger", "File changed, resetting index");
$$idx_pos_ref = 0;
$$idx_ino_ref = $current_ino;
}
$$idx_size_ref = $current_size;
return 0;
}
sub parse_log {
my ($idx_pos_ref, $idx_ino_ref, $idx_file_ref, $log_file_ref, $module_name_ref, $reg_exp_ref, $idx_size_ref) = @_;
my $line;
log_message("module_logger", "Parsing log file $$log_file_ref");
# Open log file for reading
if (!open(LOGFILE, $$log_file_ref)){
log_message("module_logger", "Error opening file $$log_file_ref: " . $!);
return 1;
}
# Go to starting position.
seek(LOGFILE, $$idx_pos_ref, 0);
# Parse log file
my @data;
while ($line = <LOGFILE>) {
if ($line =~ m/$$reg_exp_ref/i) {
push (@data, $line);
}
}
$$idx_pos_ref = tell(LOGFILE);
close(LOGFILE);
# Save the index file
return 1 if save_idx($idx_pos_ref, $idx_ino_ref, $idx_file_ref, $idx_size_ref) == 1;
return @data;
}
sub create_log {
my ($module_name, @data) = @_;
# No data
if ($#data < 0) {
return;
}
# Log module
my $output = "<log_module>\n";
$output .= "<source><![CDATA[" . $module_name . "]]></source>\n";
$output .= "<encoding>base64</encoding>\n";
$output .= "<data><![CDATA[";
$output .= &$encode_sub(join('', @data), '');
$output .= "]]></data>\n";
$output .= "</log_module>\n";
return $output;
}
}
################################################################################
# TERM Handler
################################################################################
@ -4030,6 +4281,8 @@ sub init_module ($) {
$module->{'module_ff_interval'} = undef;
$module->{'macros'} = {};
$module->{'alert_template'} = undef;
$module->{'filter'} = undef;
$module->{'absoluteinterval'} = undef;
}
################################################################################
@ -4183,14 +4436,7 @@ my $PID = $$;
#Launch tentacle server in proxy mode if configured
if ($Conf{'proxy_mode'}) {
#Check if user is root
if ($> != 0) {
launch_tentacle_proxy();
} else {
log_message ('error', 'Proxy mode can not be launched as root');
exit 1;
}
launch_tentacle_proxy();
}
# Advice if YAML::Tiny is allowed in this system

4
pandora_agents/unix/pandora_agent.redhat.spec
View File

@ -3,8 +3,8 @@
#
%global __os_install_post %{nil}
%define name pandorafms_agent_linux
%define version 7.0NG.773.3
%define release 230906
%define version 7.0NG.775
%define release 240117
Summary: Pandora FMS Linux agent, PERL version
Name: %{name}

169
pandora_agents/unix/pandora_agent.redhat_bin.el8.spec Normal file
View File

@ -0,0 +1,169 @@
#
#Pandora FMS Linux Agent
#
%global __os_install_post %{nil}
%define name pandorafms_agent_linux_bin
%define source_name pandorafms_agent_linux
%define version 7.0NG.775
%define release 240117
%define debug_package %{nil}
Summary: Pandora FMS Linux agent, binary version
Name: %{name}
Version: %{version}
Release: %{release}
License: GPL
Vendor: ArticaST <http://www.artica.es>
Source0: %{source_name}-%{version}.tar.gz
URL: http://pandorafms.org
Group: System/Monitoring
Packager: Sancho Lerena <slerena@artica.es>
Prefix: /usr/share
BuildRoot: %{_tmppath}/%{name}-%{version}-buildroot
BuildArch: x86_64
Requires(pre): shadow-utils
Requires(post): chkconfig /bin/ln
Requires(preun): chkconfig /bin/rm /usr/sbin/userdel
Requires: coreutils unzip
Requires: util-linux procps grep
Requires: /sbin/ip /bin/awk
Requires: perl-interpreter
Requires: perl-IO-Compress
Requires: libnsl
AutoReq: 0
Provides: %{name}-%{version}
%description
Pandora FMS agent for unix. Pandora FMS is an OpenSource full-featured monitoring software.
%prep
rm -rf $RPM_BUILD_ROOT
%setup -q -n unix
%build
%install
rm -rf $RPM_BUILD_ROOT
mkdir -p $RPM_BUILD_ROOT%{prefix}/pandora_agent/
mkdir -p $RPM_BUILD_ROOT/usr/bin/
mkdir -p $RPM_BUILD_ROOT/usr/sbin/
mkdir -p $RPM_BUILD_ROOT/etc/pandora/
mkdir -p $RPM_BUILD_ROOT/etc/rc.d/init.d/
mkdir -p $RPM_BUILD_ROOT/var/log/pandora/
mkdir -p $RPM_BUILD_ROOT/usr/share/man/man1/
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/
cp -aRf * $RPM_BUILD_ROOT%{prefix}/pandora_agent/
cp -aRf $RPM_BUILD_ROOT%{prefix}/pandora_agent/tentacle_client $RPM_BUILD_ROOT/usr/bin/
cp -aRf $RPM_BUILD_ROOT%{prefix}/pandora_agent/pandora_agent $RPM_BUILD_ROOT/usr/bin/
cp -aRf $RPM_BUILD_ROOT%{prefix}/pandora_agent/pandora_agent_exec $RPM_BUILD_ROOT/usr/bin/
cp -aRf $RPM_BUILD_ROOT%{prefix}/pandora_agent/pandora_agent_daemon $RPM_BUILD_ROOT/etc/rc.d/init.d/pandora_agent_daemon
cp -aRf $RPM_BUILD_ROOT%{prefix}/pandora_agent/man/man1/pandora_agent.1.gz $RPM_BUILD_ROOT/usr/share/man/man1/
cp -aRf $RPM_BUILD_ROOT%{prefix}/pandora_agent/man/man1/tentacle_client.1.gz $RPM_BUILD_ROOT/usr/share/man/man1/
cp -aRf $RPM_BUILD_ROOT%{prefix}/pandora_agent/Linux/pandora_agent.conf $RPM_BUILD_ROOT/usr/share/pandora_agent/pandora_agent.conf.rpmnew
install -m 0644 pandora_agent_logrotate $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/pandora_agent
if [ -f $RPM_BUILD_ROOT%{prefix}/pandora_agent/pandora_agent.spec ] ; then
rm $RPM_BUILD_ROOT%{prefix}/pandora_agent/pandora_agent.spec
fi
%clean
rm -Rf $RPM_BUILD_ROOT
%pre
getent passwd pandora >/dev/null || \
/usr/sbin/useradd -d %{prefix}/pandora -s /bin/false -M -g 0 pandora
exit 0
chown pandora:root /var/log/pandora
%post
if [ ! -d /etc/pandora ] ; then
mkdir -p /etc/pandora
fi
if [ ! -f /usr/share/pandora_agent/pandora_agent.conf ] ; then
cp /usr/share/pandora_agent/pandora_agent.conf.rpmnew /usr/share/pandora_agent/pandora_agent.conf
fi
if [ ! -f /etc/pandora/pandora_agent.conf ] ; then
ln -s /usr/share/pandora_agent/pandora_agent.conf /etc/pandora/pandora_agent.conf
else
[[ ! -f /etc/pandora/pandora_agent.conf.rpmnew ]] && ln -s /usr/share/pandora_agent/pandora_agent.conf.rpmnew /etc/pandora/pandora_agent.conf.rpmnew
fi
if [ ! -e /etc/pandora/plugins ]; then
ln -s /usr/share/pandora_agent/plugins /etc/pandora
fi
if [ ! -e /etc/pandora/collections ]; then
mkdir -p /usr/share/pandora_agent/collections
ln -s /usr/share/pandora_agent/collections /etc/pandora
fi
if [ ! -e /etc/pandora/commands ]; then
mkdir -p /usr/share/pandora_agent/commands
ln -s /usr/share/pandora_agent/commands /etc/pandora
fi
mkdir -p /var/spool/pandora/data_out
if [ ! -d /var/log/pandora ]; then
mkdir -p /var/log/pandora
fi
if [ `command -v systemctl` ];
then
echo "Copying new version of pandora_agent_daemon service"
cp -f /usr/share/pandora_agent/pandora_agent_daemon.service /usr/lib/systemd/system/
chmod -x /usr/lib/systemd/system/pandora_agent_daemon.service
# Enable the services on SystemD
systemctl enable pandora_agent_daemon.service
else
/sbin/chkconfig --add pandora_agent_daemon
/sbin/chkconfig pandora_agent_daemon on
fi
if [ "$1" -gt 1 ]
then
echo "If Pandora Agent daemon was running with init.d script,"
echo "please stop it manually and start the service with systemctl"
fi
%preun
# Upgrading
if [ "$1" = "1" ]; then
exit 0
fi
/sbin/chkconfig --del pandora_agent_daemon
/etc/rc.d/init.d/pandora_agent_daemon stop >/dev/null 2>&1 || :
# Remove symbolic links
pushd /etc/pandora
for f in pandora_agent.conf plugins collections
do
[ -L $f ] && rm -f $f
done
exit 0
%files
%defattr(750,root,root)
/usr/bin/pandora_agent
%defattr(755,pandora,root)
%{prefix}/pandora_agent
%defattr(755,root,root)
/usr/bin/pandora_agent_exec
/usr/bin/tentacle_client
/etc/rc.d/init.d/pandora_agent_daemon
%defattr(644,root,root)
/usr/share/man/man1/pandora_agent.1.gz
/usr/share/man/man1/tentacle_client.1.gz
%config(noreplace) %{_sysconfdir}/logrotate.d/pandora_agent

170
pandora_agents/unix/pandora_agent.redhat_bin.el9.spec Normal file
View File

@ -0,0 +1,170 @@
#
#Pandora FMS Linux Agent
#
%global __os_install_post %{nil}
%define name pandorafms_agent_linux_bin
%define source_name pandorafms_agent_linux
%define version 7.0NG.775
%define release 240117
%define debug_package %{nil}
Summary: Pandora FMS Linux agent, binary version
Name: %{name}
Version: %{version}
Release: %{release}
License: GPL
Vendor: ArticaST <http://www.artica.es>
Source0: %{source_name}-%{version}.tar.gz
URL: http://pandorafms.org
Group: System/Monitoring
Packager: Sancho Lerena <slerena@artica.es>
Prefix: /usr/share
BuildRoot: %{_tmppath}/%{name}-%{version}-buildroot
BuildArch: x86_64
Requires(pre): shadow-utils
Requires(post): chkconfig /bin/ln
Requires(preun): chkconfig /bin/rm /usr/sbin/userdel
Requires: coreutils unzip
Requires: util-linux procps grep
Requires: /sbin/ip /bin/awk
Requires: perl-interpreter
Requires: perl-IO-Compress
Requires: libnsl
Requires: libxcrypt-compat
AutoReq: 0
Provides: %{name}-%{version}
%description
Pandora FMS agent for unix. Pandora FMS is an OpenSource full-featured monitoring software.
%prep
rm -rf $RPM_BUILD_ROOT
%setup -q -n unix
%build
%install
rm -rf $RPM_BUILD_ROOT
mkdir -p $RPM_BUILD_ROOT%{prefix}/pandora_agent/
mkdir -p $RPM_BUILD_ROOT/usr/bin/
mkdir -p $RPM_BUILD_ROOT/usr/sbin/
mkdir -p $RPM_BUILD_ROOT/etc/pandora/
mkdir -p $RPM_BUILD_ROOT/etc/rc.d/init.d/
mkdir -p $RPM_BUILD_ROOT/var/log/pandora/
mkdir -p $RPM_BUILD_ROOT/usr/share/man/man1/
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/
cp -aRf * $RPM_BUILD_ROOT%{prefix}/pandora_agent/
cp -aRf $RPM_BUILD_ROOT%{prefix}/pandora_agent/tentacle_client $RPM_BUILD_ROOT/usr/bin/
cp -aRf $RPM_BUILD_ROOT%{prefix}/pandora_agent/pandora_agent $RPM_BUILD_ROOT/usr/bin/
cp -aRf $RPM_BUILD_ROOT%{prefix}/pandora_agent/pandora_agent_exec $RPM_BUILD_ROOT/usr/bin/
cp -aRf $RPM_BUILD_ROOT%{prefix}/pandora_agent/pandora_agent_daemon $RPM_BUILD_ROOT/etc/rc.d/init.d/pandora_agent_daemon
cp -aRf $RPM_BUILD_ROOT%{prefix}/pandora_agent/man/man1/pandora_agent.1.gz $RPM_BUILD_ROOT/usr/share/man/man1/
cp -aRf $RPM_BUILD_ROOT%{prefix}/pandora_agent/man/man1/tentacle_client.1.gz $RPM_BUILD_ROOT/usr/share/man/man1/
cp -aRf $RPM_BUILD_ROOT%{prefix}/pandora_agent/Linux/pandora_agent.conf $RPM_BUILD_ROOT/usr/share/pandora_agent/pandora_agent.conf.rpmnew
install -m 0644 pandora_agent_logrotate $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/pandora_agent
if [ -f $RPM_BUILD_ROOT%{prefix}/pandora_agent/pandora_agent.spec ] ; then
rm $RPM_BUILD_ROOT%{prefix}/pandora_agent/pandora_agent.spec
fi
%clean
rm -Rf $RPM_BUILD_ROOT
%pre
getent passwd pandora >/dev/null || \
/usr/sbin/useradd -d %{prefix}/pandora -s /bin/false -M -g 0 pandora
exit 0
chown pandora:root /var/log/pandora
%post
if [ ! -d /etc/pandora ] ; then
mkdir -p /etc/pandora
fi
if [ ! -f /usr/share/pandora_agent/pandora_agent.conf ] ; then
cp /usr/share/pandora_agent/pandora_agent.conf.rpmnew /usr/share/pandora_agent/pandora_agent.conf
fi
if [ ! -f /etc/pandora/pandora_agent.conf ] ; then
ln -s /usr/share/pandora_agent/pandora_agent.conf /etc/pandora/pandora_agent.conf
else
[[ ! -f /etc/pandora/pandora_agent.conf.rpmnew ]] && ln -s /usr/share/pandora_agent/pandora_agent.conf.rpmnew /etc/pandora/pandora_agent.conf.rpmnew
fi
if [ ! -e /etc/pandora/plugins ]; then
ln -s /usr/share/pandora_agent/plugins /etc/pandora
fi
if [ ! -e /etc/pandora/collections ]; then
mkdir -p /usr/share/pandora_agent/collections
ln -s /usr/share/pandora_agent/collections /etc/pandora
fi
if [ ! -e /etc/pandora/commands ]; then
mkdir -p /usr/share/pandora_agent/commands
ln -s /usr/share/pandora_agent/commands /etc/pandora
fi
mkdir -p /var/spool/pandora/data_out
if [ ! -d /var/log/pandora ]; then
mkdir -p /var/log/pandora
fi
if [ `command -v systemctl` ];
then
echo "Copying new version of pandora_agent_daemon service"
cp -f /usr/share/pandora_agent/pandora_agent_daemon.service /usr/lib/systemd/system/
chmod -x /usr/lib/systemd/system/pandora_agent_daemon.service
# Enable the services on SystemD
systemctl enable pandora_agent_daemon.service
else
/sbin/chkconfig --add pandora_agent_daemon
/sbin/chkconfig pandora_agent_daemon on
fi
if [ "$1" -gt 1 ]
then
echo "If Pandora Agent daemon was running with init.d script,"
echo "please stop it manually and start the service with systemctl"
fi
%preun
# Upgrading
if [ "$1" = "1" ]; then
exit 0
fi
/sbin/chkconfig --del pandora_agent_daemon
/etc/rc.d/init.d/pandora_agent_daemon stop >/dev/null 2>&1 || :
# Remove symbolic links
pushd /etc/pandora
for f in pandora_agent.conf plugins collections
do
[ -L $f ] && rm -f $f
done
exit 0
%files
%defattr(750,root,root)
/usr/bin/pandora_agent
%defattr(755,pandora,root)
%{prefix}/pandora_agent
%defattr(755,root,root)
/usr/bin/pandora_agent_exec
/usr/bin/tentacle_client
/etc/rc.d/init.d/pandora_agent_daemon
%defattr(644,root,root)
/usr/share/man/man1/pandora_agent.1.gz
/usr/share/man/man1/tentacle_client.1.gz
%config(noreplace) %{_sysconfdir}/logrotate.d/pandora_agent

5
pandora_agents/unix/pandora_agent.redhat_bin.spec
View File

@ -4,8 +4,8 @@
%global __os_install_post %{nil}
%define name pandorafms_agent_linux_bin
%define source_name pandorafms_agent_linux
%define version 7.0NG.773.3
%define release 230906
%define version 7.0NG.775
%define release 240117
Summary: Pandora FMS Linux agent, binary version
Name: %{name}
@ -26,6 +26,7 @@ Requires(preun): chkconfig /bin/rm /usr/sbin/userdel
Requires: coreutils unzip
Requires: util-linux procps grep
Requires: /sbin/ip /bin/awk
Requires: perl
#Requires: libnsl
AutoReq: 0
Provides: %{name}-%{version}

4
pandora_agents/unix/pandora_agent.spec
View File

@ -3,8 +3,8 @@
#
%global __os_install_post %{nil}
%define name pandorafms_agent_linux
%define version 7.0NG.773.3
%define release 230906
%define version 7.0NG.775
%define release 240117
Summary: Pandora FMS Linux agent, PERL version
Name: %{name}

4
pandora_agents/unix/pandora_agent_installer
View File

@ -9,8 +9,8 @@
# Please see http://www.pandorafms.org. This code is licensed under GPL 2.0 license.
# **********************************************************************
PI_VERSION="7.0NG.773.3"
PI_BUILD="230906"
PI_VERSION="7.0NG.775"
PI_BUILD="240117"
OS_NAME=`uname -s`
FORCE=0

631
pandora_agents/unix/plugins/pandora_security_check Normal file
View File

@ -0,0 +1,631 @@
#!/usr/bin/perl
################################################################################
# Author: Enrique Martin Garcia
# Copyright: 2023, PandoraFMS
# Maintainer: Operations department
# Version: 1.0
################################################################################
use strict;
use warnings;
use Getopt::Long;
use File::Basename;
use File::Spec;
use Digest::MD5 qw(md5_hex);
use Scalar::Util 'looks_like_number';
use Socket;
# Define signal handlers
sub sigint_handler {
print STDERR "\nInterrupted by user\n";
exit 0;
}
sub sigterm_handler {
print STDERR "Received SIGTERM signal.\n";
exit 0;
}
$SIG{INT} = \&sigint_handler;
$SIG{TERM} = \&sigterm_handler;
# Add lib dir path
my $lib_dir = File::Spec->catdir(dirname($0), 'lib');
unshift @INC, $lib_dir;
###
# GLOBALS
##################
my %options = ();
my $modules_group = 'Security';
my $b_ports = 'PORTS';
my $b_files = 'FILES';
my $b_passwords = 'PASSWORDS';
my @blocks = ($b_ports, $b_files, $b_passwords);
my $configuration_block;
my $integrity_file = '/tmp/' . md5_hex(File::Spec->rel2abs($0)) . '.integrity';
# Enable all checks by default
my $check_selinux = 1;
my $check_ssh_root_access = 1;
my $check_ssh_root_keys = 1;
my $check_ports = 1;
my $check_files = 1;
my $check_passwords = 1;
# Include all values for checks by default
my $include_defaults = 1;
# Initialize check lists
my @l_ports = (
80,
22
);
my @l_files = (
'/etc/shadow',
'/etc/passwd',
'/etc/hosts',
'/etc/resolv.conf',
'/etc/ssh/sshd_config',
'/etc/rsyslog.conf'
);
my @l_passwords = (
'123456',
'12345678',
'123456789',
'12345',
'1234567',
'password',
'1password',
'abc123',
'qwerty',
'111111',
'1234',
'iloveyou',
'sunshine',
'monkey',
'1234567890',
'123123',
'princess',
'baseball',
'dragon',
'football',
'shadow',
'soccer',
'unknown',
'000000',
'myspace1',
'purple',
'fuckyou',
'superman',
'Tigger',
'buster',
'pepper',
'ginger',
'qwerty123',
'qwerty1',
'peanut',
'summer',
'654321',
'michael1',
'cookie',
'LinkedIn',
'whatever',
'mustang',
'qwertyuiop',
'123456a',
'123abc',
'letmein',
'freedom',
'basketball',
'babygirl',
'hello',
'qwe123',
'fuckyou1',
'love',
'family',
'yellow',
'trustno1',
'jesus1',
'chicken',
'diamond',
'scooter',
'booboo',
'welcome',
'smokey',
'cheese',
'computer',
'butterfly',
'696969',
'midnight',
'princess1',
'orange',
'monkey1',
'killer',
'snoopy ',
'qwerty12 ',
'1qaz2wsx ',
'bandit',
'sparky',
'666666',
'football1',
'master',
'asshole',
'batman',
'sunshine1',
'bubbles',
'friends',
'1q2w3e4r',
'chocolate',
'Yankees',
'Tinkerbell',
'iloveyou1',
'abcd1234',
'flower',
'121212',
'passw0rd',
'pokemon',
'StarWars',
'iloveyou2',
'123qwe',
'Pussy',
'angel1'
);
###
# ARGS PARSER
##################
my $HELP = <<EO_HELP;
Run several security checks in a Linux system
Usage: $0
[-h,--help]
[--check_selinux {0,1}]
[--check_ssh_root_access {0,1}]
[--check_ssh_root_keys {0,1}]
[--check_ports {0,1}]
[--check_files {0,1}]
[--check_passwords {0,1}]
[--include_defaults {0,1}]
[--integrity_file <integrity_file>]
[--conf <conf_file>]
Optional arguments:
-h, --help Show this help message and exit
--check_selinux {0,1} Enable/Disable check SElinux module
--check_ssh_root_access {0,1} Enable/Disable check SSH root access module
--check_ssh_root_keys {0,1} Enable/Disable check SSH root keys module
--check_ports {0,1} Enable/Disable check ports module
--check_files {0,1} Enable/Disable check files module
--check_passwords {0,1} Enable/Disable check passwords module
--include_defaults {0,1} Enable/Disable default plugin checks for ports, files and passwords
--integrity_file <integrity_file> Path to integrity check file
Default: $integrity_file
--conf <conf_file> Path to plugin configuration file
Available configuration blocks:
[$b_ports], [$b_files] and [$b_passwords]
Content example:
[$b_ports]
3306
443
[$b_files]
/etc/httpd/httpd.conf
/etc/my.cnf
[$b_passwords]
pandora
PANDORA
P4nd0r4
EO_HELP
sub help {
my ($extra_message) = @_;
print $HELP;
print $extra_message if defined($extra_message);
exit 0;
}
sub parse_bool_arg {
my ($arg, $default) = @_;
if (defined $options{$arg}) {
if (looks_like_number($options{$arg}) && ($options{$arg} == 1 || $options{$arg} == 0)) {
return $options{$arg};
} else {
help("Invalid value for argument: $arg\n");
}
} else {
return $default;
}
}
# Parse arguments
GetOptions(
"help|h" => \$options{help},
"check_selinux=s" => \$options{check_selinux},
"check_ssh_root_access=s" => \$options{check_ssh_root_access},
"check_ssh_root_keys=s" => \$options{check_ssh_root_keys},
"check_ports=s" => \$options{check_ports},
"check_files=s" => \$options{check_files},
"check_passwords=s" => \$options{check_passwords},
"include_defaults=s" => \$options{include_defaults},
"integrity_file=s" => \$options{integrity_file},
"conf=s" => \$options{conf}
);
help() if ($options{help});
$check_selinux = parse_bool_arg('check_selinux', $check_selinux);
$check_ssh_root_access = parse_bool_arg('check_ssh_root_access', $check_ssh_root_access);
$check_ssh_root_keys = parse_bool_arg('check_ssh_root_keys', $check_ssh_root_keys);
$check_ports = parse_bool_arg('check_ports', $check_ports);
$check_files = parse_bool_arg('check_files', $check_files);
$check_passwords = parse_bool_arg('check_passwords', $check_passwords);
$include_defaults = parse_bool_arg('include_defaults', $include_defaults);
if (!$include_defaults) {
@l_ports = ();
@l_files = ();
@l_passwords = ();
}
$integrity_file = $options{integrity_file} if defined $options{integrity_file};
parse_configuration($options{conf}) if defined $options{conf};
###
# FUNCTIONS
##################
# Function to parse configuration file
sub parse_configuration {
my ($conf_file) = @_;
open my $conf_fh, '<', $conf_file or die "Error opening configuration file [$conf_file]: $!\n";
while (my $line = <$conf_fh>) {
chomp $line;
$line =~ s/^\s+//;
$line =~ s/\s+$//;
if ($line =~ /^\[($b_ports|$b_files|$b_passwords)\]$/) {
$configuration_block = $1;
}
elsif ($configuration_block) {
if ($configuration_block eq $b_ports) {
push @l_ports, $line;
}
elsif ($configuration_block eq $b_files) {
push @l_files, $line;
}
elsif ($configuration_block eq $b_passwords) {
push @l_passwords, $line;
}
}
}
close $conf_fh;
}
# Function to print module XML to STDOUT
sub print_xml_module {
my ($m_name, $m_type, $m_desc, $m_value) = @_;
print "<module>\n";
print "\t<name><![CDATA[$m_name]]></name>\n";
print "\t<type>$m_type</type>\n";
print "\t<data><![CDATA[$m_value]]></data>\n";
print "\t<description><![CDATA[$m_desc]]></description>\n";
print "\t<module_group>$modules_group</module_group>\n";
print "</module>\n";
}
# Make unique array
sub uniq {
my %seen;
return grep { !$seen{$_}++ } @_;
}
###
# MAIN
##################
# Check SELinux status
if ($check_selinux) {
my $value = 0;
my $desc = 'SELinux is disabled.';
my $output = `sestatus 2> /dev/null`;
if ($? == 0) {
if ($output =~ /SELinux status: enabled/) {
$value = 1;
$desc = 'SELinux is enabled.';
}
} else {
$value = 0;
$desc = 'Can not determine if SELinux is enabled.';
}
print_xml_module('SELinux status', 'generic_proc', $desc, $value);
}
# Check if SSH allows root access
if ($check_ssh_root_access) {
my $value = 1;
my $desc = 'SSH does not allow root access.';
my $ssh_config_file = '/etc/ssh/sshd_config';
if (-e $ssh_config_file && open my $ssh_fh, '<', $ssh_config_file) {
while (my $line = <$ssh_fh>) {
chomp $line;
$line =~ s/^\s+//;
$line =~ s/\s+$//;
next if $line =~ /^$/ or $line =~ /^#/;
my ($option, $val) = split /\s+/, $line, 2;
if ($option eq 'PermitRootLogin' && lc($val) ne 'no') {
$value = 0;
$desc = 'SSH config allows root access.';
last;
}
}
close $ssh_fh;
} else {
$value = 0;
$desc = 'Can not read '.$ssh_config_file.' to check if root access allowed.';
}
print_xml_module('SSH root access status', 'generic_proc', $desc, $value);
}
# Specific function for recursive directory check
sub find_files {
my ($dir) = @_;
my @files = ();
opendir my $dh, $dir or return;
while (my $file = readdir $dh) {
next if $file eq '.' or $file eq '..';
my $file_path = File::Spec->catfile($dir, $file);
if (-f $file_path) {
push @files, $file_path;
} elsif (-d $file_path) {
push @files, find_files($file_path);
}
}
closedir $dh;
return @files;
}
# Check if /root has SSH keys
if ($check_ssh_root_keys) {
my $value = 1;
my $desc = 'SSH root keys not found.';
my $ssh_keys = {'private' => [], 'public' => []};
my $ssh_dir = '/root/.ssh';
my @all_files = find_files($ssh_dir);
foreach my $file (@all_files) {
if (open my $fh, '<:raw', $file) {
my $content = '';
while(my $l = <$fh>) {
$content .= $l;
}
if ($content) {
my ($filename, $directories) = fileparse($file);
if ($content =~ /-----BEGIN RSA PRIVATE KEY-----.*?-----END RSA PRIVATE KEY-----/s) {
push @{$ssh_keys->{'private'}}, $file;
} elsif ($content =~ /ssh-rsa/ && $filename ne 'known_hosts' && $filename ne 'authorized_keys') {
push @{$ssh_keys->{'public'}}, $file;
}
}
}
}
if (@{$ssh_keys->{'private'}} > 0 || @{$ssh_keys->{'public'}} > 0) {
$value = 0;
$desc = "SSH root keys found:\n" . join("\n", @{$ssh_keys->{'private'}}, @{$ssh_keys->{'public'}});
}
print_xml_module('SSH root keys status', 'generic_proc', $desc, $value);
}
# Check authorized ports
if ($check_ports) {
my $value = 1;
my $desc = 'No unauthorized ports found.';
my @open_ports;
my @not_allowed_ports;
my @net_tcp_files = ('/proc/net/tcp', '/proc/net/tcp6');
foreach my $net_tcp_file (@net_tcp_files) {
if (-e $net_tcp_file && open my $tcp_fh, '<', $net_tcp_file) {
while (my $line = <$tcp_fh>) {
chomp $line;
my @parts = split /\s+/, $line;
if (scalar @parts >= 12) {
my $local_addr_hex = (split /:/, $parts[2])[0];
my $local_port_hex = (split /:/, $parts[2])[1];
my $state = $parts[4];
# Check if the connection is in state 0A (listening)
if ($state eq "0A") {
my $local_addr_4 = join('.', reverse split(/\./, inet_ntoa(pack("N", hex($local_addr_hex)))));
my $local_addr_6 = join(':', map { hex($_) } unpack("(A4)*", $local_addr_hex));
# Skip localhost listening ports
if ($local_addr_4 eq "127.0.0.1" || $local_addr_6 eq "0:0:0:0:0:0:0:1") {
next;
}
my $local_port = hex($local_port_hex);
push @open_ports, $local_port;
}
}
}
close $tcp_fh;
}
}
@open_ports = uniq(@open_ports);
my %allowed_ports;
foreach my $port (@l_ports) {
$allowed_ports{$port} = 1;
}
foreach my $port (@open_ports) {
if (!exists $allowed_ports{$port}) {
push @not_allowed_ports, $port;
}
}
if (@not_allowed_ports) {
$value = 0;
$desc = "Unauthorized ports found:\n" . join("\n", @not_allowed_ports);
}
print_xml_module('Authorized ports status', 'generic_proc', $desc, $value);
}
# Check files integrity
if ($check_files) {
my $value = 1;
my $desc = 'No changed files found.';
my %integrity;
my $can_check_files = 0;
if (-e $integrity_file) {
if (-r $integrity_file && -w $integrity_file) {
# Read integrity file content
open my $integrity_fh, '<', $integrity_file;
while (my $line = <$integrity_fh>) {
chomp $line;
if ($line =~ /^\s*(.*?)=(.*?)\s*$/) {
$integrity{$1} = $2;
}
}
close $integrity_fh;
$can_check_files = 1;
} else {
$value = 0;
$desc = 'Integrity check file can not be read or written: ' . $integrity_file;
}
} else {
if (open my $integrity_fh, '>', $integrity_file) {
close $integrity_fh;
$can_check_files = 1;
} else {
$value = 0;
$desc = 'Integrity check file can not be created: ' . $integrity_file;
}
}
if ($can_check_files) {
# Check each file integrity
my @errored_files;
my @no_integrity_files;
# Create unique check files list
@l_files = uniq(@l_files);
foreach my $file (@l_files) {
my $file_key = md5_hex($file);
if (open my $fh, '<:raw', $file) {
my $md5 = Digest::MD5->new;
$md5->addfile($fh);
my $file_md5 = $md5->hexdigest;
chomp $file_md5;
close $fh;
if (exists $integrity{$file_key} && $integrity{$file_key} ne $file_md5) {
push @no_integrity_files, $file;
}
$integrity{$file_key} = $file_md5;
} else {
push @errored_files, $file;
}
}
# Overwrite integrity file content
open my $file_handle, '>', $integrity_file;
print $file_handle map { "$_=$integrity{$_}\n" } keys %integrity;
close $file_handle;
# Check module status
if (@no_integrity_files) {
$value = 0;
$desc = "Changed files found:\n" . join("\n", @no_integrity_files);
}
if (@errored_files) {
$value = 0;
$desc .= "\nUnable to check integrity of some files:\n" . join("\n", @errored_files);
}
}
print_xml_module('Files check status', 'generic_proc', $desc, $value);
}
# Check weak passwords
if ($check_passwords) {
my $value = 1;
my $desc = 'No insecure passwords found.';
# Create unique check passwords list
@l_passwords = uniq(@l_passwords);
my @insecure_users;
my $shadow_file = '/etc/shadow';
if (-e $shadow_file && -r $shadow_file) {
open my $shadow_fh, '<', $shadow_file;
while (my $line = <$shadow_fh>) {
chomp $line;
my ($username, $password_hash, @rest) = split /:/, $line;
# Skip users with no password hash
if ($password_hash ne "*" && $password_hash ne "!!" && $password_hash ne "!locked") {
my $salt = substr($password_hash, 0, rindex($password_hash, '$') + 1);
my $user_hash = crypt($username, $salt);
if ($user_hash eq $password_hash) {
push @insecure_users, $username;
} else {
foreach my $weak_password (@l_passwords) {
my $weak_password_hash = crypt($weak_password, $salt);
if ($weak_password_hash eq $password_hash) {
push @insecure_users, $username;
last;
}
}
}
}
}
close $shadow_fh;
} else {
$value = 0;
$desc = 'Can not read '.$shadow_file.' to check passwords.';
}
if (@insecure_users) {
$value = 0;
$desc = "Users with insecure passwords found:\n" . join("\n", @insecure_users);
}
print_xml_module('Insecure passwords status', 'generic_proc', $desc, $value);
}

49
pandora_agents/win32/bin/pandora_agent.conf
View File

@ -1,6 +1,6 @@
# Base config file for Pandora FMS Windows Agent
# (c) 2006-2023 Pandora FMS
# Version 7.0NG.773.3
# Version 7.0NG.775
# This program is Free Software, you can redistribute it and/or modify it
# under the terms of the GNU General Public Licence as published by the Free Software
# Foundation; either version 2 of the Licence or any later version
@ -179,6 +179,22 @@ module_description Total number of TCP connections active
module_group Networking
module_end
# Get logs from System source.
module_begin
module_name Eventlog_System
module_type log
module_logevent
module_source System
module_end
# Get logs from Security source.
module_begin
module_name Eventlog_Security
module_type log
module_logevent
module_source Security
module_end
# Example plugin to retrieve drive usage
module_plugin cscript.exe //B "%ProgramFiles%\Pandora_Agent\util\df_percent_used.vbs"
@ -273,22 +289,6 @@ module_plugin "%PROGRAMFILES%\Pandora_Agent\util\autodiscover.exe" --default
#module_type generic_data_string
#module_end
# Get logs from System source. Need enterprise version.
#module_begin
#module_name Eventlog_System
#module_type log
#module_logevent
#module_source System
#module_end
# Get logs from Security source. Need enterprise version.
#module_begin
#module_name Eventlog_Security
#module_type log
#module_logevent
#module_source Security
#module_end
# Get logs from Application source. Need enterprise version.
#module_begin
#module_name Eventlog_Application
@ -526,7 +526,20 @@ module_plugin "%PROGRAMFILES%\Pandora_Agent\util\autodiscover.exe" --default
# Hardening plugin for security compliance analysis.
#module_begin
#module_plugin "%PROGRAMFILES%\Pandora_Agent\util\pandora_sca.exe"
#module_plugin "%PROGRAMFILES%\Pandora_Agent\util\pandora_hardening.exe -t 150"
#module_absoluteinterval 7d
#module_end
# Logs extraction
#module_begin
#module_name X_Server_log
#module_description Logs extraction module
#module_type log
#module_regexp C:\server\logs\xserver.log
#module_pattern .*
#module_end
# Pandora basic security check plugin for windows.
#module_begin
#module_plugin "%PROGRAMFILES%\Pandora_Agent\util\pandora_security_win.exe"
#module_end

3
pandora_agents/win32/bin/util/pandora_hardening.exe Executable file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:db207ef67053764be7e9b42cd04ea5509cc2a023548aab1c037745ca277b68a3
size 4858753

3
pandora_agents/win32/bin/util/pandora_sca.exe
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:6d93bd9d56c938063045fa2093198d324746f84df2b74567648f3baebd635657
size 5248006

3
pandora_agents/win32/bin/util/pandora_security_win.exe Executable file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:c58891fbd16bf80f288e0ff4751801aa02dbf4e6c914625b4d49a364c7e0b511
size 7829249

4
pandora_agents/win32/installer/pandora.mpi
View File

@ -3,7 +3,7 @@ AllowLanguageSelection
{Yes}
AppName
{Pandora FMS Windows Agent v7.0NG.773.3}
{Pandora FMS Windows Agent v7.0NG.775}
ApplicationID
{17E3D2CF-CA02-406B-8A80-9D31C17BD08F}
@ -186,7 +186,7 @@ UpgradeApplicationID
{}
Version
{230906}
{240117}
ViewReadme
{Yes}

3
pandora_agents/win32/installer/scripts/install_service_restart.bat
View File

@ -1,2 +1,3 @@
@at 00:00 /every:1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30 "%CD%\restart_pandora_agent.bat"
@at 00:00 /every:1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30 "'%CD%\restart_pandora_agent.bat'"
schtasks /change /tn pandora_agent_restart /tr "'%CD%\restart_pandora_agent.bat'"

2
pandora_agents/win32/pandora.cc
View File

@ -30,7 +30,7 @@ using namespace Pandora;
using namespace Pandora_Strutils;
#define PATH_SIZE _MAX_PATH+1
#define PANDORA_VERSION ("7.0NG.773.3 Build 230906")
#define PANDORA_VERSION ("7.0NG.775 Build 240117")
string pandora_path;
string pandora_dir;

2
pandora_agents/win32/versioninfo.rc
View File

@ -11,7 +11,7 @@ BEGIN
VALUE "LegalCopyright", "Pandora FMS"
VALUE "OriginalFilename", "PandoraAgent.exe"
VALUE "ProductName", "Pandora FMS Windows Agent"
VALUE "ProductVersion", "(7.0NG.773.3(Build 230906))"
VALUE "ProductVersion", "(7.0NG.775(Build 240117))"
VALUE "FileVersion", "1.0.0.0"
END
END

2
pandora_console/DEBIAN/control
View File

@ -1,5 +1,5 @@
package: pandorafms-console
Version: 7.0NG.773.3-230906
Version: 7.0NG.775-240117
Architecture: all
Priority: optional
Section: admin

2
pandora_console/DEBIAN/make_deb_package.sh
View File

@ -14,7 +14,7 @@
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
pandora_version="7.0NG.773.3-230906"
pandora_version="7.0NG.775-240117"
package_pear=0
package_pandora=1

4
pandora_console/ajax.php
View File

@ -183,7 +183,9 @@ if (isset($config['force_instant_logout']) === true
$_SESSION = [];
session_destroy();
header_remove('Set-Cookie');
setcookie(session_name(), $_COOKIE[session_name()], (time() - 4800), '/');
if (isset($_COOKIE[session_name()]) === true) {
setcookie(session_name(), $_COOKIE[session_name()], (time() - 4800), '/');
}
if ($config['auth'] === 'saml' && empty($public_hash) === true) {
include_once $config['saml_path'].'simplesamlphp/lib/_autoload.php';

31
pandora_console/cron.php Normal file
View File

@ -0,0 +1,31 @@
<?php
require_once 'include/config.php';
require_once 'include/auth/mysql.php';
require_once 'include/functions.php';
require_once 'include/functions_db.php';
global $config;
if ((bool) $config['enterprise_installed'] === true) {
return;
}
// Load classes.
require_once 'include/class/DiscoveryConsoleTask.php';
require_once 'include/class/ConsoleSupervisor.php';
db_process_sql_update(
'tconfig',
['value' => get_system_time()],
['token' => 'cron_last_run']
);
$tasks = new DiscoveryConsoleTask();
$tasks->run();
if (is_reporting_console_node() === true) {
$supervisor = new ConsoleSupervisor();
$supervisor->run();
}

75
pandora_console/extensions/agents_modules.php
View File

@ -52,7 +52,9 @@ function agents_modules_load_js()
max_width = width;
}
});
loadRecursionGroups();
$.each($('.th_class_module_r'), function (i, elem) {
id = $(elem).attr('id').replace('th_module_r_', '');
$("#th_module_r_" + id).height(($("#div_module_r_" + id).width() + 10) + 'px');
@ -139,29 +141,7 @@ function agents_modules_load_js()
});
$("#checkbox-recursion").change (function () {
jQuery.post ("ajax.php",
{"page" : "operation/agentes/ver_agente",
"get_agents_group_json" : 1,
"id_group" : $("#group_id").val(),
"privilege" : "AW",
"keys_prefix" : "_",
"recursion" : $('#checkbox-recursion').is(':checked')
},
function (data, status) {
$("#id_agents2").html('');
$("#module").html('');
jQuery.each (data, function (id, value) {
// Remove keys_prefix from the index
id = id.substring(1);
option = $("<option></option>")
.attr ("value", value["id_agente"])
.html (value["alias"]);
$("#id_agents").append (option);
$("#id_agents2").append (option);
});
},
"json"
);
loadRecursionGroups();
});
$("#modulegroup").change (function () {
@ -265,6 +245,33 @@ function agents_modules_load_js()
f.action = "index.php?sec=view&sec2=extensions/agents_modules";
$('#filter_form').submit();
}
function loadRecursionGroups () {
jQuery.post ("ajax.php",
{"page" : "operation/agentes/ver_agente",
"get_agents_group_json" : 1,
"id_group" : $("#group_id").val(),
"privilege" : "AW",
"keys_prefix" : "_",
"recursion" : $('#checkbox-recursion').is(':checked')
},
function (data, status) {
$("#id_agents2").html('');
$("#module").html('');
jQuery.each (data, function (id, value) {
// Remove keys_prefix from the index
id = id.substring(1);
option = $("<option></option>")
.attr ("value", value["id_agente"])
.html (value["alias"]);
$("#id_agents").append (option);
$("#id_agents2").append (option);
});
},
"json"
);
}
/* <![CDATA[ */
function export_csv() {
let group_id = $('#group_id option:selected').val();
@ -460,7 +467,7 @@ function mainAgentsModules()
$filter_groups .= html_print_label_input_block(
__('Recursion'),
html_print_checkbox_switch('recursion', 1, 0, true),
html_print_checkbox_switch('recursion', 1, $recursion, true),
[
'div_class' => 'add-input-reverse',
'label_class' => 'label-thin',
@ -720,6 +727,13 @@ function mainAgentsModules()
);
}
$group_id_for_agents_search = $group_id;
if ($group_id > 0) {
if ($recursion) {
$group_id_for_agents_search = groups_get_children_ids($group_id, true);
}
}
if (isset($agents_id[0]) === true && $agents_id[0] != -1) {
$agents = $agents_id;
} else {
@ -727,7 +741,7 @@ function mainAgentsModules()
$agents = $full_agents_id;
} else {
$agents = '';
$agents = agents_get_group_agents($group_id, ['disabled' => 0]);
$agents = agents_get_group_agents($group_id_for_agents_search, ['disabled' => 0]);
$agents = array_keys($agents);
}
}
@ -860,10 +874,7 @@ function mainAgentsModules()
if ($group_id > 0) {
if ($recursion) {
$filter_groups['id_grupo'] = array_merge(
$group_id,
groups_get_children_ids($group_id, true)
);
$filter_groups['id_grupo'] = groups_get_children_ids($group_id, true);
} else {
$filter_groups['id_grupo'] = $group_id;
}
@ -880,7 +891,7 @@ function mainAgentsModules()
return;
}
echo '<table cellpadding="4" cellspacing="4" border="0" class="info_table mrgn_btn_20px">';
echo '<table cellpadding="4" cellspacing="4" border="0" class="info_table mrgn_btn_20px" id="agents_modules_table">';
echo '<tr>';
@ -1007,7 +1018,7 @@ function mainAgentsModules()
echo "<td class='center' style='text-align:left;'>";
$win_handle = dechex(crc32($module_id.$module['name']));
$graph_type = return_graphtype(modules_get_agentmodule_type($module_id));
$link = "winopeng_var('".'operation/agentes/stat_win.php?'."type=$graph_type&".'period='.SECONDS_1DAY.'&'.'id='.$module_id.'&'.'refresh='.SECONDS_10MINUTES."', 'day_".$win_handle."', 800, 480)";
$link = "winopeng_var('".'operation/agentes/stat_win.php?'."type=$graph_type&".'period='.SECONDS_1DAY.'&id='.$module_id.'&period_graph=0&refresh='.SECONDS_10MINUTES."', 'day_".$win_handle."', 800, 480)";
echo '<a href="javascript:'.$link.'">';

33
pandora_console/extensions/agents_modules_csv.php
View File

@ -27,17 +27,18 @@
*/
global $config;
if (true) {
include_once '../include/config.php';
include_once '../include/functions_agents.php';
include_once '../include/functions_reporting.php';
include_once '../include/functions_modules.php';
include_once '../include/functions_users.php';
if ((bool) $config['metaconsole']) {
include_once $config['homedir'].'/include/config.php';
include_once $config['homedir'].'/include/functions_agents.php';
include_once $config['homedir'].'/include/functions_reporting.php';
include_once $config['homedir'].'/include/functions_modules.php';
include_once $config['homedir'].'/include/functions_users.php';
} else {
include_once __DIR__.'/../include/config.php';
include_once __DIR__.'/../include/functions_agents.php';
include_once __DIR__.'/../include/functions_reporting.php';
include_once __DIR__.'/../include/functions_modules.php';
include_once __DIR__.'/../include/functions_users.php';
}
@ -106,7 +107,25 @@ if ($get_agents_module_csv === '1') {
foreach ($results as $result) {
foreach ($result as $key => $value) {
$out_csv .= io_safe_output($value).$divider;
if (preg_match('/Linux/i', $_SERVER['HTTP_USER_AGENT'])) {
$value = preg_replace(
'/\s+/',
' ',
io_safe_output($value)
);
} else {
$value = mb_convert_encoding(
preg_replace(
'/\s+/',
'',
io_safe_output($value)
),
'UTF-16LE',
'UTF-8'
);
}
$out_csv .= $value.$divider;
}
$out_csv .= "\n";

2
pandora_console/extensions/api_checker.php
View File

@ -99,7 +99,7 @@ function api_execute(
if (empty($token) === true) {
$data['apipass'] = $apipass;
$data['user'] = $user;
$data['password'] = $password;
$data['pass'] = $password;
}
}

2
pandora_console/extensions/dbmanager.php
View File

@ -90,7 +90,7 @@ function dbmgr_extension_main()
// Header.
ui_print_standard_header(
__('Database interface'),
__('DB interface'),
'images/gm_db.png',
false,
'',

286
pandora_console/extensions/files_repo.php
View File

@ -1,286 +0,0 @@
<?php
// Pandora FMS - https://pandorafms.com
// ==================================================
// Copyright (c) 2005-2023 Pandora FMS
// Please see https://pandorafms.com/community/ for full contribution list
// This program is free software; you can redistribute it and/or
// modify it under the terms of the GNU General Public License
// as published by the Free Software Foundation; version 2
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
function pandora_files_repo_install()
{
global $config;
if (isset($config['files_repo_installed']) && $config['files_repo_installed'] == 1) {
return;
}
$full_extensions_dir = $config['homedir'].'/'.EXTENSIONS_DIR.'/';
$full_sql_dir = $full_extensions_dir.'files_repo/sql/';
$file_path = '';
switch ($config['dbtype']) {
case 'mysql':
$file_path = $full_sql_dir.'files_repo.sql';
break;
case 'postgresql':
$file_path = $full_sql_dir.'files_repo.postgreSQL.sql';
break;
case 'oracle':
$file_path = $full_sql_dir.'files_repo.oracle.sql';
break;
}
if (!empty($file_path)) {
$result = db_process_file($file_path);
if ($result) {
// Configuration values
$values = [
'token' => 'files_repo_installed',
'value' => 1,
];
db_process_sql_insert('tconfig', $values);
}
}
}
function pandora_files_repo_uninstall()
{
global $config;
switch ($config['dbtype']) {
case 'mysql':
db_process_sql('DROP TABLE `tfiles_repo_group`');
db_process_sql('DROP TABLE `tfiles_repo`');
db_process_sql(
'DELETE FROM `tconfig`
WHERE `token` LIKE "files_repo_%"'
);
break;
case 'postgresql':
db_process_sql('DROP TABLE "tfiles_repo_group"');
db_process_sql('DROP TABLE "tfiles_repo"');
db_process_sql(
'DELETE FROM "tconfig"
WHERE "token" LIKE \'files_repo_%\''
);
break;
case 'oracle':
db_process_sql('DROP TRIGGER "tfiles_repo_group_inc"');
db_process_sql('DROP SEQUENCE "tfiles_repo_group_s"');
db_process_sql('DROP TABLE "tfiles_repo_group"');
db_process_sql('DROP TRIGGER "tfiles_repo_inc"');
db_process_sql('DROP SEQUENCE "tfiles_repo_s"');
db_process_sql('DROP TABLE "tfiles_repo"');
db_process_sql(
'DELETE FROM tconfig
WHERE token LIKE \'files_repo_%\''
);
break;
}
if (!empty($config['attachment_store'])) {
delete_dir($config['attachment_store'].'/files_repo');
}
}
function pandora_files_repo_godmode()
{
global $config;
if (!isset($config['files_repo_installed']) || !$config['files_repo_installed']) {
ui_print_error_message(__('Extension not installed'));
}
// ACL Check
check_login();
if (! check_acl($config['id_user'], 0, 'PM')) {
db_pandora_audit(
AUDIT_LOG_ACL_VIOLATION,
'Trying to access to Files repository'
);
include 'general/noaccess.php';
return;
}
// Header tabs.
$godmode['text'] = '<a href="index.php?sec=godmode/extensions&sec2=extensions/files_repo">'.html_print_image('images/configuration@svg.svg', true, ['title' => __('Administration view'), 'class' => 'main_menu_icon invert_filter']).'</a>';
$godmode['godmode'] = 1;
$godmode['active'] = 1;
$operation['text'] = '<a href="index.php?sec=extensions&sec2=extensions/files_repo">'.html_print_image('images/see-details@svg.svg', true, ['title' => __('Operation view'), 'class' => 'main_menu_icon invert_filter']).'</a>';
$operation['operation'] = 1;
$onheader = [
'godmode' => $godmode,
'operation' => $operation,
];
// Header.
ui_print_standard_header(
__('Extensions'),
'images/extensions.png',
false,
'',
true,
$onheader,
[
[
'link' => '',
'label' => __('Admin tools'),
],
[
'link' => '',
'label' => __('Extension manager'),
],
[
'link' => '',
'label' => __('Files repository manager'),
],
]
);
$full_extensions_dir = $config['homedir'].'/'.EXTENSIONS_DIR.'/';
include_once $full_extensions_dir.'files_repo/functions_files_repo.php';
// Directory files_repo check.
if (!files_repo_check_directory(true)) {
return;
}
$server_content_length = 0;
if (isset($_SERVER['CONTENT_LENGTH'])) {
$server_content_length = $_SERVER['CONTENT_LENGTH'];
}
// Check for an anoying error that causes the $_POST and $_FILES arrays.
// were empty if the file is larger than the post_max_size.
if (intval($server_content_length) > 0 && empty($_POST)) {
ui_print_error_message(__('Problem uploading. Please check this PHP runtime variable values: <pre> post_max_size (currently '.ini_get('post_max_size').')</pre>'));
}
// GET and POST parameters.
$file_id = (int) get_parameter('file_id');
$add_file = (bool) get_parameter('add_file');
$update_file = (bool) get_parameter('update_file');
$delete_file = (bool) get_parameter('delete');
// File add or update.
if ($add_file || ($update_file && $file_id > 0)) {
$groups = get_parameter('groups', []);
$public = (bool) get_parameter('public');
$description = io_safe_output((string) get_parameter('description'));
if (mb_strlen($description, 'UTF-8') > 200) {
$description = mb_substr($description, 0, 200, 'UTF-8');
}
$description = io_safe_input($description);
if ($add_file) {
$result = files_repo_add_file('upfile', $description, $groups, $public);
} else if ($update_file) {
$result = files_repo_update_file($file_id, $description, $groups, $public);
$file_id = 0;
}
if ($result['status'] == false) {
ui_print_error_message($result['message']);
}
}
// File delete.
if ($delete_file && $file_id > 0) {
$result = files_repo_delete_file($file_id);
if ($result !== -1) {
ui_print_result_message($result, __('Successfully deleted'), __('Could not be deleted'));
}
$file_id = 0;
}
// FORM.
include $full_extensions_dir.'files_repo/files_repo_form.php';
if (!$file_id) {
// LIST.
$manage = true;
include $full_extensions_dir.'files_repo/files_repo_list.php';
}
}
function pandora_files_repo_operation()
{
global $config;
// Header tabs.
$onheader = [];
if (check_acl($config['id_user'], 0, 'PM')) {
$godmode['text'] = '<a href="index.php?sec=godmode/extensions&sec2=extensions/files_repo">'.html_print_image('images/configuration@svg.svg', true, ['title' => __('Administration view'), 'class' => 'main_menu_icon invert_filter']).'</a>';
$godmode['godmode'] = 1;
$operation['text'] = '<a href="index.php?sec=extensions&sec2=extensions/files_repo">'.html_print_image('images/see-details@svg.svg', true, ['title' => __('Operation view'), 'class' => 'main_menu_icon invert_filter']).'</a>';
$operation['operation'] = 1;
$operation['active'] = 1;
$onheader = [
'godmode' => $godmode,
'operation' => $operation,
];
}
// Header.
ui_print_standard_header(
__('Files repository'),
'images/extensions.png',
false,
'',
false,
$onheader,
[
[
'link' => '',
'label' => __('Admin tools'),
],
[
'link' => '',
'label' => __('Extension manager'),
],
[
'link' => '',
'label' => __('Files repository'),
],
]
);
$full_extensions_dir = $config['homedir'].'/'.EXTENSIONS_DIR.'/';
include_once $full_extensions_dir.'files_repo/functions_files_repo.php';
// Directory files_repo check.
if (!files_repo_check_directory(true)) {
return;
}
// LIST.
$full_extensions_dir = $config['homedir'].'/'.EXTENSIONS_DIR.'/';
include $full_extensions_dir.'files_repo/files_repo_list.php';
}
extensions_add_operation_menu_option(__('Files repository'), null, null, 'v1r1');
extensions_add_main_function('pandora_files_repo_operation');
extensions_add_godmode_menu_option(__('Files repository manager'), 'PM', null, null, 'v1r1');
extensions_add_godmode_function('pandora_files_repo_godmode');
pandora_files_repo_install();

168
pandora_console/extensions/files_repo/files_repo_list.php
View File

@ -1,168 +0,0 @@
<?php
// Pandora FMS - https://pandorafms.com
// ==================================================
// Copyright (c) 2005-2023 Pandora FMS
// Please see https://pandorafms.com/community/ for full contribution list
// This program is free software; you can redistribute it and/or
// modify it under the terms of the GNU General Public License
// as published by the Free Software Foundation; version 2
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
global $config;
$full_extensions_dir = $config['homedir'].'/'.EXTENSIONS_DIR.'/';
require_once $full_extensions_dir.'files_repo/functions_files_repo.php';
$offset = (int) get_parameter('offset');
$filter = [];
$filter['limit'] = $config['block_size'];
$filter['offset'] = $offset;
$filter['order'] = [
'field' => 'id',
'order' => 'DESC',
];
$files = files_repo_get_files($filter);
if (!empty($files)) {
if (!isset($manage)) {
$manage = false;
}
// Pagination
if ($manage) {
$url = ui_get_full_url('index.php?sec=godmode/extensions&sec2=extensions/files_repo');
} else {
$url = ui_get_full_url('index.php?sec=extensions&sec2=extensions/files_repo');
}
$total_files = files_repo_get_files(false, true);
ui_pagination($total_files, $url, $offset);
$table = new stdClass();
$table->width = '100%';
$table->class = 'info_table';
$table->style = [];
$table->style[1] = 'max-width: 200px;';
$table->style[4] = 'text-align: center;';
$table->head = [];
$table->head[0] = __('Name');
$table->head[1] = __('Description');
$table->head[2] = __('Size');
$table->head[3] = __('Last modification');
$table->head[4] = '';
$table->data = [];
foreach ($files as $file_id => $file) {
$data = [];
// Prepare the filename for the get_file.php script
$document_root = str_replace(
'\\',
'/',
io_safe_output($_SERVER['DOCUMENT_ROOT'])
);
$file['location'] = str_replace(
'\\',
'/',
io_safe_output($file['location'])
);
$relative_path = str_replace($document_root, '', $file['location']);
$file_name = explode('/', $file['location']);
$file_decoded = $file_name[(count($file_name) - 1)];
$file_path = base64_encode($file_decoded);
$hash = md5($file_path.$config['server_unique_identifier']);
$url = ui_get_full_url(
'include/get_file.php?file='.urlencode($file_path).'&hash='.$hash
);
$date_format = ($config['date_format']) ? io_safe_output($config['date_format']) : 'F j, Y - H:m';
$data[0] = "<a href=\"$url\" target=\"_blank\">".$file['name'].'</a>';
// Name
$data[1] = ui_print_truncate_text(
$file['description'],
'description',
true,
true
);
// Description
$data[2] = ui_format_filesize($file['size']);
// Size
$data[3] = date($date_format, $file['mtime']);
// Last modification
// Public URL
$data[4] = '';
$table->cellclass[][4] = 'table_action_buttons';
if (!empty($file['hash'])) {
$public_url = ui_get_full_url(
EXTENSIONS_DIR.'/files_repo/files_repo_get_file.php?file='.$file['hash']
);
$message = __('Copy to clipboard').': Ctrl+C -> Enter';
$action = "window.prompt('$message', '$public_url');";
$data[4] .= "<a href=\"javascript:;\" onclick=\"$action\">";
$data[4] .= html_print_image(
'images/world.png',
true,
['title' => __('Public link')]
);
// Public link image
$data[4] .= '</a> ';
}
$data[4] .= "<a href=\"$url\" target=\"_blank\">";
$data[4] .= html_print_image(
'images/download.png',
true,
[
'title' => __('Download'),
'style' => 'padding:3px',
]
);
// Download image
$data[4] .= '</a>';
if ($manage) {
$config_url = ui_get_full_url(
'index.php?sec=godmode/extensions&sec2=extensions/files_repo&file_id='.$file_id
);
$data[4] .= "<a href=\"$config_url\">";
$data[4] .= html_print_image(
'images/edit.svg',
true,
[
'title' => __('Edit'),
'class' => 'main_menu_icon invert_filter',
]
);
// Edit image
$data[4] .= '</a>';
$delete_url = ui_get_full_url(
'index.php?sec=godmode/extensions&sec2=extensions/files_repo&delete=1&file_id='.$file_id
);
$data[4] .= " <a href=\"$delete_url\" onClick=\"if (!confirm('".__('Are you sure?')."')) return false;\">";
$data[4] .= html_print_image(
'images/delete.svg',
true,
[
'title' => __('Delete'),
'class' => 'main_menu_icon invert_filter',
]
);
// Delete image
$data[4] .= '</a>';
}
$table->data[] = $data;
}
html_print_table($table);
} else {
ui_print_info_message(__('No items'));
}

16
pandora_console/extensions/files_repo/sql/files_repo.oracle.sql
View File

@ -1,16 +0,0 @@
CREATE TABLE tfiles_repo (
id NUMBER(5, 0) NOT NULL PRIMARY KEY,
name VARCHAR2(255) NOT NULL,
description VARCHAR2(500) NULL,
hash VARCHAR2(8) NULL
);
CREATE SEQUENCE tfiles_repo_s INCREMENT BY 1 START WITH 1;
CREATE OR REPLACE TRIGGER tfiles_repo_inc BEFORE INSERT ON tfiles_repo REFERENCING NEW AS NEW FOR EACH ROW BEGIN SELECT tfiles_repo_s.nextval INTO :NEW.ID FROM dual; END;;
CREATE TABLE tfiles_repo_group (
id NUMBER(10, 0) NOT NULL PRIMARY KEY,
id_file NUMBER(5, 0) NOT NULL REFERENCES tfiles_repo(id) ON DELETE CASCADE,
id_group NUMBER(4, 0) NOT NULL
);
CREATE SEQUENCE tfiles_repo_group_s INCREMENT BY 1 START WITH 1;
CREATE OR REPLACE TRIGGER tfiles_repo_group_inc BEFORE INSERT ON tfiles_repo_group REFERENCING NEW AS NEW FOR EACH ROW BEGIN SELECT tfiles_repo_group_s.nextval INTO :NEW.ID FROM dual; END;;

2
pandora_console/extensions/files_repo/sql/files_repo.postgreSQL.sql
View File

@ -1,2 +0,0 @@
CREATE TABLE "tfiles_repo" ("id" SERIAL NOT NULL PRIMARY KEY, "name" VARCHAR(255) NOT NULL, "description" VARCHAR(500) NULL default '', "hash" VARCHAR(8) NULL default '');
CREATE TABLE "tfiles_repo_group" ("id" SERIAL NOT NULL PRIMARY KEY, "id_file" INTEGER NOT NULL REFERENCES tfiles_repo("id") ON DELETE CASCADE, "id_group" INTEGER NOT NULL);

15
pandora_console/extensions/files_repo/sql/files_repo.sql
View File

@ -1,15 +0,0 @@
CREATE TABLE IF NOT EXISTS `tfiles_repo` (
`id` int(5) unsigned NOT NULL auto_increment,
`name` varchar(255) NOT NULL,
`description` varchar(500) NULL default '',
`hash` varchar(8) NULL default '',
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
CREATE TABLE IF NOT EXISTS `tfiles_repo_group` (
`id` int(10) unsigned NOT NULL auto_increment,
`id_file` int(5) unsigned NOT NULL,
`id_group` int(4) unsigned NOT NULL,
PRIMARY KEY (`id`),
FOREIGN KEY (`id_file`) REFERENCES tfiles_repo(`id`) ON DELETE CASCADE
) ENGINE=InnoDB DEFAULT CHARSET=utf8;

1
pandora_console/extensions/module_groups.php
View File

@ -345,6 +345,7 @@ function mainModuleGroups()
$table = new StdClass();
$table->class = 'info_table';
$table->style[0] = 'font-weight: bolder; min-width: 230px;';
$table->id = 'agent_group_module_group';
$table->width = '100%';
$head[0] = __('Groups');

3
pandora_console/extensions/pandora_logs.php
View File

@ -31,7 +31,7 @@ function view_logfile($file_name, $toggle=false)
} else {
$file_size = filesize($file_name);
if ($memory_limit < $file_size) {
if ($memory_limit < $file_size && $memory_limit !== '-1') {
$code .= '<pre><h2>'.$file_name.' ('.__('File is too large than PHP memory allocated in the system.').')</h2>';
$code .= '<h2>'.__('The preview file is imposible.').'</h2>';
} else if ($file_size > ($config['max_log_size'] * 1000)) {
@ -117,6 +117,7 @@ function pandoralogs_extension_main()
view_logfile($config['homedir'].'/log/console.log', true);
}
view_logfile('/var/log/php-fpm/www-error.log', true);
view_logfile($logs_directory.'/pandora_server.log', true);
view_logfile($logs_directory.'/pandora_server.error', true);

758
pandora_console/extensions/quick_shell.php
View File

@ -31,6 +31,7 @@ global $config;
require_once $config['homedir'].'/include/functions_agents.php';
require_once $config['homedir'].'/godmode/wizards/Wizard.main.php';
require_once $config['homedir'].'/include/functions_cron_task.php';
/**
@ -78,91 +79,78 @@ function quickShell()
return;
}
$form_sent = get_parameter('form-sent', false);
$method = get_parameter('method', null);
$setup_anchor = html_print_anchor(
[
'href' => 'index.php?sec=gsetup&sec2=godmode/setup/setup&section=quickshell',
'content' => __('GoTTY setup'),
],
true
);
if ((bool) $config['gotty_ssh_enabled'] === false
&& (bool) $config['gotty_telnet_enabled'] === false
) {
ui_print_warning_message(__('Please, enable GoTTY in %s', $setup_anchor));
return;
}
$agent_id = get_parameter('id_agente', 0);
$username = get_parameter('username', null);
$method = get_parameter('method', null);
$method_port = get_parameter('port', null);
// Retrieve main IP Address.
$address = agents_get_address($agent_id);
$agent_address = agents_get_address($agent_id);
ui_require_css_file('wizard');
ui_require_css_file('discovery');
// Settings.
// WebSocket host, where client should connect.
if (isset($config['ws_port']) === false) {
config_update_value('ws_port', 8080);
// Build URL args.
if ($method === 'ssh') {
// SSH.
$args .= '&arg='.$agent_address.'&arg='.$method_port.'&arg='.$username;
} else if ($method == 'telnet') {
// Telnet.
$args .= '&arg='.$agent_address.'&arg='.$method_port;
}
if (empty($config['ws_proxy_url']) === true) {
$ws_url = 'http://'.$_SERVER['SERVER_ADDR'].':'.$config['ws_port'];
} else {
preg_match('/\/\/(.*)/', $config['ws_proxy_url'], $matches);
if (isset($_SERVER['HTTPS']) === true) {
$ws_url = 'https://'.$matches[1];
} else {
$ws_url = 'http://'.$matches[1];
}
}
// Gotty settings. Internal communication (WS).
if (isset($config['gotty_host']) === false) {
config_update_value('gotty_host', '127.0.0.1');
}
if (isset($config['gotty_telnet_port']) === false) {
config_update_value('gotty_telnet_port', 8082);
}
if (isset($config['gotty_ssh_port']) === false) {
config_update_value('gotty_ssh_port', 8081);
}
// Context to allow self-signed certs.
$context = stream_context_create(
[
'http' => [ 'method' => 'GET'],
'ssl' => [
'verify_peer' => false,
'verify_peer_name' => false,
],
]
);
$connectionURL = buildConnectionURL($method);
$gotty_addr = $connectionURL.$args;
// Username. Retrieve from form.
if (empty($username) === true) {
if ($form_sent === false) {
// No username provided, ask for it.
$wiz = new Wizard();
$test = curl($ws_url, []);
if ($test === false) {
ui_print_error_message(__('WebService engine has not been started, please check documentation.'));
$wiz->printForm(
[
'form' => [
'method' => 'POST',
'action' => '#',
'id' => 'retry_form',
],
]
);
$method_fields = [];
html_print_action_buttons(
html_print_submit_button(
__('Retry'),
'submit',
false,
[
'icon' => 'next',
'form' => 'retry_form',
],
true
)
);
return;
if ($config['gotty_telnet_enabled']) {
$method_fields['telnet'] = __('Telnet');
$port_value = 23;
}
if ($config['gotty_ssh_enabled']) {
$method_fields['ssh'] = __('SSH');
$port_value = 22;
}
$method_script = "
var wizard = document.querySelector('.wizard');
p=22;
wizard.querySelector('ul > li').classList.remove('invisible_important');
wizard.querySelector('ul > li').classList.add('visible');
if(this.value == 'telnet') {
p=23;
wizard.querySelector('ul > li').classList.remove('visible');
wizard.querySelector('ul > li').classList.add('invisible_important');
$('#text-username').prop('required', false);
} else {
$('#text-username').prop('required', true);
}
$('#text-port').val(p);";
$wiz->printForm(
[
'form' => [
@ -175,8 +163,9 @@ function quickShell()
[
'label' => __('Username'),
'arguments' => [
'type' => 'text',
'name' => 'username',
'type' => 'text',
'name' => 'username',
'required' => true,
],
],
[
@ -185,7 +174,7 @@ function quickShell()
'type' => 'text',
'id' => 'port',
'name' => 'port',
'value' => 22,
'value' => $port_value,
],
],
[
@ -193,11 +182,15 @@ function quickShell()
'arguments' => [
'type' => 'select',
'name' => 'method',
'fields' => [
'ssh' => __('SSH'),
'telnet' => __('Telnet'),
],
'script' => "p=22; if(this.value == 'telnet') { p=23; } $('#text-port').val(p);",
'fields' => $method_fields,
'script' => $method_script,
],
],
[
'arguments' => [
'type' => 'hidden',
'name' => 'form-sent',
'value' => true,
],
],
],
@ -221,119 +214,73 @@ function quickShell()
return;
}
// Initialize Gotty Client.
$host = $config['gotty_host'];
if ($method == 'ssh') {
// SSH.
$port = $config['gotty_ssh_port'];
$command_arguments = "var args = '?arg=".$username.'@'.$address;
$command_arguments .= '&arg=-p '.$method_port."';";
} else if ($method == 'telnet') {
// Telnet.
$port = $config['gotty_telnet_port'];
$username = preg_replace('/[^a-zA-Z0-9\-\.]/', '', $username);
$command_arguments = "var args = '?arg=-l ".$username;
$command_arguments .= '&arg='.$address;
$command_arguments .= '&arg='.$method_port."&arg=-E';";
} else {
ui_print_error_message(__('Please use SSH or Telnet.'));
return;
// Check gotty connection before trying to load iframe.
$ch = curl_init($gotty_addr);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
// Maximum time for the entire request.
curl_setopt($ch, CURLOPT_TIMEOUT, 3);
// Maximum time to establish a connection.
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 2);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_MAXREDIRS, 10);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
$response = curl_exec($ch);
$responseCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
$finalUrl = curl_getinfo($ch, CURLINFO_EFFECTIVE_URL);
curl_close($ch);
if ($responseCode !== 200) {
ui_print_error_message(__('Connection error. Please check your settings at %s', $setup_anchor));
exit;
}
// If rediretion is enabled, we will try to connect using
// http:// or https:// endpoint.
$test = get_headers($ws_url, false, $context);
if ($test === false) {
if (empty($wiz) === true) {
$wiz = new Wizard();
}
ui_print_error_message(__('WebService engine has not been started, please check documentation.'));
echo $wiz->printGoBackButton('#');
return;
}
// Check credentials.
$auth_str = '';
$gotty_url = $host.':'.$port;
if (empty($config['gotty_user']) === false
&& empty($config['gotty_pass']) === false
) {
$auth_str = io_safe_output($config['gotty_user']);
$auth_str .= ':'.io_output_password($config['gotty_pass']);
$gotty_url = $auth_str.'@'.$host.':'.$port;
}
$r = file_get_contents('http://'.$gotty_url.'/js/hterm.js');
if (empty($r) === true) {
if (empty($wiz) === true) {
$wiz = new Wizard();
}
ui_print_error_message(__('WebService engine is not working properly, please check documentation.'));
echo $wiz->printGoBackButton('#');
return;
}
// Override gotty client settings.
if (empty($auth_str) === true) {
$r .= "var gotty_auth_token = '';";
} else {
$r .= "var gotty_auth_token = '";
$r .= $auth_str."';";
}
// Set websocket target and method.
$gotty = file_get_contents('http://'.$gotty_url.'/js/gotty.js');
$url = "var url = (httpsEnabled ? 'wss://' : 'ws://') + window.location.host + window.location.pathname + 'ws';";
if (empty($config['ws_proxy_url']) === true) {
$new = "var url = (httpsEnabled ? 'wss://' : 'ws://')";
$new .= " + window.location.host + ':";
$new .= $config['ws_port'].'/'.$method."';";
} else {
$new = "var url = '";
$new .= $config['ws_proxy_url'].'/'.$method."';";
}
// Update firefox issue.
$original = ' this.iframe_.src = \'#\';';
$trick = 'this.iframe_.src = \'javascript:\';';
$r = str_replace($original, $trick, $r);
// Update url.
$gotty = str_replace($url, $new, $gotty);
// Update websocket arguments.
$args = 'var args = window.location.search;';
$new = $command_arguments;
// Update arguments.
$gotty = str_replace($args, $new, $gotty);
?>
<style>#terminal {
height: 650px;
width: 100%;
margin: 0px;
padding: 0;
display: flex;
flex-direction: column;
min-height: calc(100vh - 205px);
}
#terminal > iframe {
width:100%;
height:100%;
position: relative!important;
flex-grow: 1;
border: 0px;
}
</style>
<div id="terminal"></div>
<script type="text/javascript">
<?php echo $r; ?>
</script>
<script type="text/javascript">
<?php echo $gotty; ?>
</script>
<div id="terminal"><iframe id="gotty-iframe" src="<?php echo $gotty_addr; ?>"></iframe></div>
<?php
}
/**
* Build Connection URL based on provided connection method.
*
* @param string $method Connection method (SSH/Telnet).
*
* @return string
*/
function buildConnectionURL($method)
{
global $config;
$address = (empty($config['gotty_addr']) === true) ? $_SERVER['SERVER_ADDR'] : $config['gotty_addr'];
$use_ssl = ($method === 'ssh') ? $config['gotty_ssh_use_ssl'] : $config['gotty_telnet_use_ssl'];
$protocol = ((bool) $use_ssl === true) ? 'https://' : 'http://';
return $protocol.$address.':'.$config['gotty_port'].'/'.$config['gotty_connection_hash'].'/?arg='.$method;
}
/**
* Provide an interface where configure all settings.
*
@ -347,116 +294,107 @@ function quickShellSettings()
ui_require_css_file('discovery');
// Gotty settings. Internal communication (WS).
if (isset($config['gotty_ssh_enabled']) === false) {
config_update_value('gotty_ssh_enabled', 1);
}
if (isset($config['gotty_telnet_enabled']) === false) {
config_update_value('gotty_telnet_enabled', 0);
}
if (isset($config['gotty_host']) === false) {
config_update_value('gotty_host', '127.0.0.1');
}
if (isset($config['gotty_telnet_port']) === false) {
config_update_value('gotty_telnet_port', 8082);
if (isset($config['gotty_port']) === false) {
config_update_value('gotty_port', 8080);
}
if (isset($config['gotty_ssh_port']) === false) {
config_update_value('gotty_ssh_port', 8081);
}
$changes = 0;
$critical = 0;
// Parser.
if (get_parameter('update_config', false) !== false) {
// Gotty settings. Internal communication (WS).
$gotty = get_parameter(
'gotty',
''
$gotty_ssh_enabled = get_parameter(
'gotty_ssh_enabled',
0
);
$gotty_host = get_parameter(
'gotty_host',
''
$gotty_telnet_enabled = get_parameter(
'gotty_telnet_enabled',
0
);
$gotty_ssh_port = get_parameter(
'gotty_ssh_port',
''
);
$gotty_telnet_port = get_parameter(
'gotty_telnet_port',
$gotty_addr = get_parameter(
'gotty_addr',
''
);
$gotty_user = get_parameter(
'gotty_user',
$gotty_port = get_parameter(
'gotty_port',
''
);
$gotty_pass = get_parameter(
'gotty_pass',
''
$gotty_ssh_use_ssl = get_parameter(
'gotty_ssh_use_ssl',
false
);
$gotty_pass = io_input_password($gotty_pass);
$gotty_telnet_use_ssl = get_parameter(
'gotty_telnet_use_ssl',
false
);
$changes = 0;
$critical = 0;
if ($config['gotty'] != $gotty) {
config_update_value('gotty', $gotty);
$changes++;
$critical++;
if ($config['gotty_ssh_enabled'] != $gotty_ssh_enabled) {
config_update_value('gotty_ssh_enabled', $gotty_ssh_enabled);
}
if ($config['gotty_host'] != $gotty_host) {
config_update_value('gotty_host', $gotty_host);
$changes++;
if ($config['gotty_telnet_enabled'] != $gotty_telnet_enabled) {
config_update_value('gotty_telnet_enabled', $gotty_telnet_enabled);
}
if ($config['gotty_telnet_port'] != $gotty_telnet_port) {
config_update_value('gotty_telnet_port', $gotty_telnet_port);
$changes++;
if ($config['gotty_addr'] != $gotty_addr) {
config_update_value('gotty_addr', $gotty_addr);
}
if ($config['gotty_ssh_port'] != $gotty_ssh_port) {
config_update_value('gotty_ssh_port', $gotty_ssh_port);
$changes++;
if ($config['gotty_port'] != $gotty_port) {
// Mark gotty for restart (should kill the process in the current port).
if ($config['restart_gotty_next_cron_port'] === ''
|| $config['restart_gotty_next_cron_port'] === null
) {
config_update_value('restart_gotty_next_cron_port', $config['gotty_port']);
}
config_update_value('gotty_port', $gotty_port);
}
if ($config['gotty_user'] != $gotty_user) {
config_update_value('gotty_user', $gotty_user);
$changes++;
$critical++;
if ($config['gotty_ssh_use_ssl'] != $gotty_ssh_use_ssl) {
config_update_value('gotty_ssh_use_ssl', $gotty_ssh_use_ssl);
}
if ($config['gotty_pass'] != $gotty_pass) {
$gotty_pass = io_input_password($gotty_pass);
config_update_value('gotty_pass', $gotty_pass);
$changes++;
$critical++;
if ($config['gotty_telnet_use_ssl'] != $gotty_telnet_use_ssl) {
config_update_value('gotty_telnet_use_ssl', $gotty_telnet_use_ssl);
}
cron_task_start_gotty();
}
if ($changes > 0) {
$msg = __('%d Updated', $changes);
if ($critical > 0) {
$msg = __(
'%d Updated, please restart WebSocket engine service',
$changes
);
}
ui_print_success_message($msg);
}
// Form. Using old style.
echo '<fieldset class="margin-bottom-10">';
echo '<legend>'.__('Quickshell').'</legend>';
echo '<legend>'.__('GoTTY general parameters').'</legend>';
$t = new StdClass();
$t->data = [];
$t->width = '100%';
$t->class = 'filter-table-adv';
$t->data = [];
$t->style = [];
$t->style[0] = 'width: 50%;';
$general_table = new StdClass();
$general_table->data = [];
$general_table->width = '100%';
$general_table->class = 'filter-table-adv';
$general_table->data = [];
$general_table->style = [];
$general_table->style[0] = 'width: 50%;';
$t->data[0][] = html_print_label_input_block(
__('Gotty path'),
$general_table->data[0][] = html_print_label_input_block(
__('Address'),
html_print_input_text(
'gotty',
$config['gotty'],
'gotty_addr',
$config['gotty_addr'],
'',
30,
100,
@ -464,11 +402,11 @@ function quickShellSettings()
)
);
$t->data[0][] = html_print_label_input_block(
__('Gotty host'),
$general_table->data[0][] = html_print_label_input_block(
__('Port'),
html_print_input_text(
'gotty_host',
$config['gotty_host'],
'gotty_port',
$config['gotty_port'],
'',
30,
100,
@ -476,79 +414,157 @@ function quickShellSettings()
)
);
$t->data[1][] = html_print_label_input_block(
__('Gotty ssh port'),
html_print_input_text(
'gotty_ssh_port',
$config['gotty_ssh_port'],
'',
30,
100,
html_print_table($general_table);
echo '</fieldset>';
echo '<fieldset class="margin-bottom-10">';
echo '<legend>'.__('GoTTY SSH connection parameters').'</legend>';
$ssh_table = new StdClass();
$ssh_table->data = [];
$ssh_table->width = '100%';
$ssh_table->class = 'filter-table-adv';
$ssh_table->data = [];
$ssh_table->style = [];
$ssh_table->style[0] = 'width: 50%;';
$ssh_table->data[0][] = html_print_label_input_block(
__('Enable SSH method'),
html_print_checkbox_switch(
'gotty_ssh_enabled',
1,
$config['gotty_ssh_enabled'],
true
)
);
$t->data[1][] = html_print_label_input_block(
__('Gotty telnet port'),
html_print_input_text(
'gotty_telnet_port',
$config['gotty_telnet_port'],
'',
30,
100,
true
$ssh_table->data[1][] = html_print_label_input_block(
__('Use SSL'),
html_print_checkbox_switch(
'gotty_ssh_use_ssl',
1,
$config['gotty_ssh_use_ssl'],
true,
$disable_agentaccess
)
);
$hidden = new stdClass();
$hidden->data = [];
$hidden->width = '100%';
$hidden->class = 'filter-table-adv';
$hidden->data = [];
$hidden->style[0] = 'width: 50%;';
// Test.
$row = [];
$test_start = '<span id="test-gotty-spinner-ssh" class="invisible">&nbsp;'.html_print_image('images/spinner.gif', true).'</span>';
$test_start .= '&nbsp;<span id="test-gotty-message-ssh" class="invisible"></span>';
$hidden->data[0][] = html_print_label_input_block(
__('Gotty user'),
html_print_input_text(
'gotty_user',
$config['gotty_user'],
'',
30,
100,
true
)
);
$hidden->data[0][] = html_print_label_input_block(
__('Gotty password'),
html_print_input_password(
'gotty_pass',
io_output_password($config['gotty_pass']),
'',
30,
100,
true
)
);
html_print_table($t);
ui_print_toggle(
$ssh_table->data[3][] = html_print_button(
__('Test'),
'test-gotty-ssh',
false,
'handleTestSSH()',
[
'content' => html_print_table($hidden, true),
'name' => __('Advanced options'),
'clean' => false,
'main_class' => 'no-border-imp',
'container_class' => 'no-border-imp',
]
);
'icon' => 'cog',
'mode' => 'secondary',
'style' => 'width: 115px;',
],
true
).$test_start;
html_print_table($ssh_table);
echo '</fieldset>';
echo '<fieldset class="margin-bottom-10">';
echo '<legend>'.__('GoTTY telnet connection parameters').'</legend>';
$telnet_table = new StdClass();
$telnet_table->data = [];
$telnet_table->width = '100%';
$telnet_table->class = 'filter-table-adv';
$telnet_table->data = [];
$telnet_table->style = [];
$telnet_table->style[0] = 'width: 50%;';
$telnet_table->data[0][] = html_print_label_input_block(
__('Enable telnet method'),
html_print_checkbox_switch(
'gotty_telnet_enabled',
1,
$config['gotty_telnet_enabled'],
true
)
);
$telnet_table->data[1][] = html_print_label_input_block(
__('Use SSL'),
html_print_checkbox_switch(
'gotty_telnet_use_ssl',
1,
$config['gotty_telnet_use_ssl'],
true
)
);
// Test.
$row = [];
$test_start = '<span id="test-gotty-spinner-telnet" class="invisible">&nbsp;'.html_print_image('images/spinner.gif', true).'</span>';
$test_start .= '&nbsp;<span id="test-gotty-message-telnet" class="invisible"></span>';
$telnet_table->data[3][] = html_print_button(
__('Test'),
'test-gotty-telnet',
false,
'handleTestTelnet()',
[
'icon' => 'cog',
'mode' => 'secondary',
'style' => 'width: 115px;',
],
true
).$test_start;
html_print_table($telnet_table);
html_print_input_hidden('update_config', 1);
echo '</fieldset>';
}
// This extension is usefull only if the agent has associated IP.
if (is_ajax() === true) {
$method = (string) get_parameter('method', '');
if (empty($method) === false) {
$address = buildConnectionURL($method);
$ch = curl_init($address);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
// Maximum time for the entire request.
curl_setopt($ch, CURLOPT_TIMEOUT, 2);
// Maximum time to establish a connection.
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_exec($ch);
$response_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch);
if ($response_code === 200) {
$result = ['status' => 'success'];
} else {
$result = ['status' => 'error'];
}
echo json_encode($result);
return;
}
$result = ['status' => 'error'];
return;
}
// This extension is useful only if the agent has associated IP.
$agent_id = get_parameter('id_agente');
if (empty($agent_id) === false
&& get_parameter('sec2', '') == 'operation/agentes/ver_agente'
@ -573,4 +589,136 @@ if (empty($agent_id) === false
}
}
echo '<script>';
echo 'var server_addr = "'.$_SERVER['SERVER_ADDR'].'";';
echo "function checkAddressReachability(method, callback) {
$.ajax({
url: 'ajax.php',
data: {
page: 'extensions/quick_shell',
method
},
type: 'GET',
async: false,
dataType: 'json',
success: function (data) {
if (data.status === 'success') {
callback(true);
} else {
callback(false);
}
},
error: function () {
callback(false);
}
});
}";
$handle_test_telnet = "var handleTestTelnet = function (event) {
var gotty_addr = $('input#text-gotty_addr').val();
var gotty_port = $('input#text-gotty_port').val();
var gotty_telnet_use_ssl = $('input#checkbox-gotty_telnet_use_ssl').is(':checked');
if (gotty_addr === '') {
url = (gotty_telnet_use_ssl ? 'https://' : 'http://') + server_addr + ':' + gotty_port;
} else {
url = (gotty_telnet_use_ssl ? 'https://' : 'http://') + gotty_addr + ':' + gotty_port;
}
var showLoadingImage = function () {
$('#button-test-gotty-telnet').children('div').attr('class', 'subIcon cog rotation secondary mini');
}
var showSuccessImage = function () {
$('#button-test-gotty-telnet').children('div').attr('class', 'subIcon tick secondary mini');
}
var showFailureImage = function () {
$('#button-test-gotty-telnet').children('div').attr('class', 'subIcon fail secondary mini');
}
var hideMessage = function () {
$('span#test-gotty-message-telnet').hide();
}
var showMessage = function () {
$('span#test-gotty-message-telnet').show();
}
var changeTestMessage = function (message) {
$('span#test-gotty-message-telnet').text(message);
}
var errorMessage = '".__('Unable to connect.')."';
hideMessage();
showLoadingImage();
checkAddressReachability('telnet', function(isReachable) {
if (isReachable) {
showSuccessImage();
hideMessage();
} else {
showFailureImage();
changeTestMessage(errorMessage);
showMessage();
}
});
};";
$handle_test_ssh = "var handleTestSSH = function (event) {
var gotty_addr = $('input#text-gotty_addr').val();
var gotty_port = $('input#text-gotty_port').val();
var gotty_ssh_use_ssl = $('input#checkbox-gotty_ssh_use_ssl').is(':checked');
if (gotty_addr === '') {
url = (gotty_ssh_use_ssl ? 'https://' : 'http://') + server_addr + ':' + gotty_port;
} else {
url = (gotty_ssh_use_ssl ? 'https://' : 'http://') + gotty_addr + ':' + gotty_port;
}
var showLoadingImage = function () {
$('#button-test-gotty-ssh').children('div').attr('class', 'subIcon cog rotation secondary mini');
}
var showSuccessImage = function () {
$('#button-test-gotty-ssh').children('div').attr('class', 'subIcon tick secondary mini');
}
var showFailureImage = function () {
$('#button-test-gotty-ssh').children('div').attr('class', 'subIcon fail secondary mini');
}
var hideMessage = function () {
$('span#test-gotty-message-ssh').hide();
}
var showMessage = function () {
$('span#test-gotty-message-ssh').show();
}
var changeTestMessage = function (message) {
$('span#test-gotty-message-ssh').text(message);
}
var errorMessage = '".__('Unable to connect.')."';
hideMessage();
showLoadingImage();
checkAddressReachability('ssh', function(isReachable) {
if (isReachable) {
showSuccessImage();
hideMessage();
} else {
showFailureImage();
changeTestMessage(errorMessage);
showMessage();
}
});
};";
echo $handle_test_ssh;
echo $handle_test_telnet;
echo '</script>';
extensions_add_godmode_function('quickShellSettings');

30
pandora_console/extras/delete_files/delete_files.txt
View File

@ -106,6 +106,7 @@ enterprise/godmode/alerts/alert_events.php
enterprise/godmode/alerts/alert_events_list.php
enterprise/godmode/alerts/alert_events_rules.php
enterprise/godmode/alerts/configure_alert_rule.php
enterprise/godmode/alerts/alert_correlation.php
enterprise/include/functions_networkmap.php
enterprise/operation/agentes/pandora_networkmap.view.php
enterprise/include/ajax/map_enterprise.ajax.php
@ -1707,4 +1708,31 @@ enterprise/godmode/wizards/Applications.class.php
enterprise/godmode/wizards/Cloud.class.php
enterprise/images/wizard/applications.png
enterprise/images/wizard/cloud.png
enterprise/images/wizard/consoletasks.png
enterprise/images/wizard/consoletasks.png
pandora_websocket_engine
operation/incidents/configure_integriaims_incident.php
operation/incidents/dashboard_detail_integriaims_incident.php
operation/incidents/incident_statistics.php
operation/incidents/integriaims_export_csv.php
operation/incidents/list_integriaims_incidents.php
include/functions_incidents.php
include/functions_integriaims.php
include/ajax/integria_incidents.ajax.php
enterprise/operation/log/log_source.php
enterprise/include/class/LogSource.class.php
include/chart_generator.php
enterprise/extensions/translate_string.php
enterprise/extensions/translate_string/functions.php
enterprise/extensions/translate_string/translate_string.oracle.sql
enterprise/extensions/translate_string/translate_string.postgresql.sql
enterprise/extensions/translate_string/translate_string.sql
enterprise/extensions/translate_string
extensions/files_repo.php
extensions/files_repo/files_repo_form.php
extensions/files_repo/files_repo_get_file.php
extensions/files_repo/files_repo_list.php
extensions/files_repo/functions_files_repo.php
extensions/files_repo/sql/files_repo.oracle.sql
extensions/files_repo/sql/files_repo.postgreSQL.sql
extensions/files_repo/sql/files_repo.sql
extensions/files_repo

30
pandora_console/extras/demodata/agents/0-demo-agent.prd Normal file
View File

@ -0,0 +1,30 @@
[agent_data]
agents_number="1"
agent_name="demo-global-agent"
agent_alias="demo-global-agent"
group="Demo servers"
address_network="192.168.0.0/24"
os_name="Linux"
os_versions[]="Rocky Linux 9.2 (Blue Onyx)"
os_versions[]="CentOS Linux 7 (Core)"
os_versions[]="CentOS Linux 6 (Core)"
os_versions[]="RHEL 8.2"
os_versions[]="RHEL 8.1"
os_versions[]="Alma Linux 9.1"
latitude="RANDOM;37;42"
longitude="RANDOM;-8;-1"
altitude="0"
[modules]
name[1]="Host Alive"
type[1]="generic_proc"
values[1]="PROC;5"
group[1]="Network"

211
pandora_console/extras/demodata/agents/1-linux.prd Normal file
View File

@ -0,0 +1,211 @@
[agent_data]
agents_number="4"
agent_name="linux"
agent_alias="linux"
group="Demo servers"
address_network="192.168.1.0/24"
os_name="Linux"
os_versions[]="Rocky Linux 9.2 (Blue Onyx)"
os_versions[]="CentOS Linux 7 (Core)"
os_versions[]="CentOS Linux 6 (Core)"
os_versions[]="RHEL 8.2"
os_versions[]="RHEL 8.1"
os_versions[]="Alma Linux 9.1"
latitude="RANDOM;37;42"
longitude="RANDOM;-8;-1"
altitude="0"
[modules]
name[1]="Network Usage"
type[1]="generic_data_inc"
description[1]="Network usage in the system"
values[1]="RANDOM;0;10000"
unit[1]="bytes/sec"
group[1]="Network"
name[2]="Network latency"
type[2]="generic_data"
description[2]="Network latency to router"
values[2]="RANDOM;0;20"
unit[2]="msec"
group[2]="Network"
name[3]="CPU Load"
type[3]="generic_data"
description[3]="CPU Usage"
values[3]="RANDOM;20;90"
unit[3]="%"
group[3]="System"
name[4]="Disk Usage"
type[4]="generic_data"
description[4]="% used space"
values[4]="RANDOM;50;60"
unit[4]="%"
group[4]="System"
name[5]="Memory Usage"
type[5]="generic_data"
description[5]="% Used memory"
values[5]="RANDOM;0;20"
unit[5]="%"
group[5]="System"
name[6]="Antivirus Updated"
type[6]="generic_proc"
description[6]="Detect if A/V is enabled and updated"
values[6]="PROC;5"
group[6]="Security"
name[7]="Insecure passwords status"
type[7]="generic_proc"
description[7]="No insecure passwords found"
values[7]="PROC;0"
group[7]="Security"
name[8]="Files check status"
type[8]="generic_proc"
description[8]="No changed files found"
values[8]="PROC;0"
group[8]="Security"
name[9]="Authorized ports status"
type[9]="generic_proc"
description[9]="No unauthorized ports found"
values[9]="PROC;0"
group[9]="Security"
name[10]="Service httpd"
type[10]="generic_proc"
values[10]="PROC;5"
group[10]="Applications"
name[11]="Service mysqld"
type[11]="generic_proc"
values[11]="PROC;5"
group[11]="Applications"
name[12]="Service sshd"
type[12]="generic_proc"
values[12]="PROC;5"
group[12]="Applications"
[inventory]
name[1]="Software"
format[1]="Name;Version;Description"
values[1]="name;version;description"
name[2]="Users"
format[2]="Username"
values[2]="username"
name[3]="File System"
format[3]="Device;Free size;Total size;Mount point"
values[3]="device;free_size;total_size;mount_point"
[inventory_values]
name[1]="aajohan-comfortaa-fonts"
name[2]="aardvark-dns"
name[3]="abattis-cantarell-fonts"
name[4]="abrt"
version[1]="3.101"
version[2]="1.0.3"
version[3]="0.301"
version[4]="2.14.6"
description[1]="Modern style true type font"
description[2]="Authoritative DNS server for A/AAAA container records"
description[3]="Humanist sans serif font"
description[4]="Automatic bug detection and reporting tool"
username[1]="root"
username[2]="pandora"
device[1]="/dev/sda1"
device[2]="/dev/sda2"
device[3]="/dev/sdb1"
free_size[1]="96G"
free_size[2]="136G"
free_size[3]="97M"
total_size[1]="180G"
total_size[2]="1.6T"
total_size[3]="819M"
mount_point[1]="/home"
mount_point[2]="/"
mount_point[3]="/tmp"
[log_modules]
source[1]="httpd"
data[1]='127.0.0.1 - "GET /index.html HTTP/1.1" 200 3456 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.182 Safari/537.36"'
source[2]="httpd"
data[2]='192.168.1.1 - "POST /submit.php HTTP/1.1" 302 0 "https://example.com/form" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.182 Safari/537.36"'
source[3]="httpd"
data[3]='10.0.0.2 - "GET /images/logo.png HTTP/1.1" 304 0 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 14_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.0.1 Mobile/15E148 Safari/604.1"'
source[4]="httpd"
data[4]='172.16.0.1 - "GET /page/about-us HTTP/1.1" 404 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.182 Safari/537.36"'
source[5]="httpd"
data[5]='192.168.0.10 - "GET /css/style.css HTTP/1.1" 200 768 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.182 Safari/537.36"'
source[6]="httpd"
data[6]='203.0.113.45 - "GET /blog/post-123 HTTP/1.1" 200 5432 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.182 Safari/537.36"'
source[7]="httpd"
data[7]='54.78.90.12 - "GET /category/api-reference HTTP/1.1" 200 6543 "-" "Mozilla/5.0 (Linux; Android 10; SM-G960U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.181 Mobile Safari/537.36"'
source[8]="httpd"
data[8]='88.77.66.55 - "GET /contact-us HTTP/1.1" 301 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.182 Safari/537.36"'
source[9]="httpd"
data[9]='198.51.100.23 - "GET /images/photo.jpg HTTP/1.1" 200 4567 "https://example.com/gallery" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.182 Safari/537.36"'
source[10]="httpd"
data[10]='128.0.0.1 - "GET /downloads/file.zip HTTP/1.1" 200 12345 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.182 Safari/537.36"'
source[11]="mysqld"
data[11]="[Warning] Aborted connection 123 to db: 'your_database' user: 'your_user' host: '192.168.1.100' (Got an error reading communication packets)"
source[12]="mysqld"
data[12]="[ERROR] Table 'your_database.your_table' doesn't exist"
source[13]="mysqld"
data[13]="[Note] Starting crash recovery..."
source[14]="mysqld"
data[14]="[Warning] Unsafe statement written to the binary log using statement format since BINLOG_FORMAT = STATEMENT. Statement is unsafe because it uses a LIMIT clause. Use a different log bin event type."
source[15]="mysqld"
data[15]="[ERROR] Out of memory; check if mysqld or some other process uses all available memory; if not, you may have to use 'ulimit' to allow mysqld to use more memory or you can add more swap space"
source[16]="mysqld"
data[16]="[Note] Aborted connection 456 to db: 'another_database' user: 'another_user' host: 'localhost' (Got timeout reading communication packets)"
source[17]="mysqld"
data[17]="[ERROR] Can't create a new thread (errno 11); if you are not out of available memory, you can consult the manual for a possible OS-dependent bug"
source[18]="mysqld"
data[18]="[Warning] 'user' entry 'your_user@localhost' ignored in --skip-name-resolve mode."
source[19]="mysqld"
data[19]="[Note] InnoDB: Starting rollback of uncommitted transactions"
source[20]="mysqld"
data[20]="[ERROR] Plugin 'InnoDB' registration as a STORAGE ENGINE failed."

118
pandora_console/extras/demodata/agents/2-windows.prd Normal file
View File

@ -0,0 +1,118 @@
[agent_data]
agents_number="2"
agent_name="windows"
agent_alias="windows"
group="Demo servers"
address_network="192.168.2.0/24"
os_name="Windows"
os_versions[]="Microsoft Windows 11 Pro"
os_versions[]="Microsoft Windows 11"
os_versions[]="Home Microsoft Windows 10 Pro"
os_versions[]="Microsoft Windows 10 Home"
os_versions[]="Microsoft Windows 2018"
latitude="RANDOM;37;42"
longitude="RANDOM;-8;-1"
altitude="0"
[modules]
name[1]="Network Usage"
type[1]="generic_data_inc"
description[1]="Network usage in the system"
values[1]="RANDOM;0;10000"
unit[1]="bytes/sec"
group[1]="Network"
name[2]="Network latency"
type[2]="generic_data"
description[2]="Network latency to router"
values[2]="RANDOM;0;20"
unit[2]="msec"
group[2]="Network"
name[3]="CPU Load"
type[3]="generic_data"
description[3]="CPU Usage"
values[3]="RANDOM;20;90"
unit[3]="%"
group[3]="System"
name[4]="Disk Usage"
type[4]="generic_data"
description[4]="% used space"
values[4]="RANDOM;50;60"
unit[4]="%"
group[4]="System"
name[5]="Memory Usage"
type[5]="generic_data"
description[5]="% Used memory"
values[5]="RANDOM;0;20"
unit[5]="%"
group[5]="System"
name[6]="Service WMI"
type[6]="generic_proc"
values[6]="PROC;5"
group[6]="Applications"
[inventory]
name[1]="Software"
format[1]="Name;Version"
values[1]="name;version"
name[2]="Users"
format[2]="Domain;User"
values[2]="domain;user"
name[3]="File System"
format[3]="Device;Total size;Free size;Mount point"
values[3]="device;total_size;free_size;mount_point"
name[4]="Windows Serial Number"
format[4]="Serial number"
values[4]="serial_number"
[inventory_values]
name[1]="Microsoft Update Health Tools"
name[2]="Java(TM) SE Development Kit 17.0.6 (64-bit)"
name[3]="DisplayLink Graphics"
name[4]="Microsoft Visual C++ 2019 X64 Additional Runtime - 14.28.29325"
version[1]="5.71.0.0"
version[2]="17.0.6.0"
version[3]="10.2.7042.0"
version[4]="14.28.29325"
domain[1]="DEMO"
domain[2]="DEMO"
user[1]="Administrator"
user[2]="pandora"
device[1]="C:"
device[2]="D:"
device[3]="T:"
total_size[1]="1.6T"
total_size[2]="180G"
total_size[3]="819M"
free_size[1]="136G"
free_size[2]="96G"
free_size[3]="97M"
mount_point[1]="OS"
mount_point[2]="Data"
mount_point[3]="Temp"
serial_number[1]="Demo-56 4d 7d 43 24 e4 c6 ac-67 57 52 60 e9 10 26 78"

74
pandora_console/extras/demodata/agents/3-macosx.prd Normal file
View File

@ -0,0 +1,74 @@
[agent_data]
agents_number="1"
agent_name="macos"
agent_alias="macos"
group="Demo servers"
address_network="192.168.3.0/24"
os_name="MacOS"
os_versions[]="12.1"
os_versions[]="13.1"
os_versions[]="11.2"
os_versions[]="11.3"
os_versions[]="10.3"
latitude="RANDOM;37;42"
longitude="RANDOM;-8;-1"
altitude="0"
[modules]
name[1]="Network Usage"
type[1]="generic_data_inc"
description[1]="Network usage in the system"
values[1]="RANDOM;0;10000"
unit[1]="bytes/sec"
group[1]="Network"
name[2]="Network latency"
type[2]="generic_data"
description[2]="Network latency to router"
values[2]="RANDOM;0;20"
unit[2]="msec"
group[2]="Network"
name[3]="CPU Load"
type[3]="generic_data"
description[3]="CPU Usage"
values[3]="RANDOM;20;90"
unit[3]="%"
group[3]="System"
name[4]="Disk Usage"
type[4]="generic_data"
description[4]="% used space"
values[4]="RANDOM;50;60"
unit[4]="%"
group[4]="System"
name[5]="Memory Usage"
type[5]="generic_data"
description[5]="% Used memory"
values[5]="RANDOM;0;20"
unit[5]="%"
group[5]="System"
name[6]="Service httpd"
type[6]="generic_proc"
values[6]="PROC;5"
group[6]="Applications"
name[7]="Service mysqld"
type[7]="generic_proc"
values[7]="PROC;5"
group[7]="Applications"
name[8]="Service sshd"
type[8]="generic_proc"
values[8]="PROC;5"
group[8]="Applications"

73
pandora_console/extras/demodata/agents/4-freebsd.prd Normal file
View File

@ -0,0 +1,73 @@
[agent_data]
agents_number="1"
agent_name="freebsd"
agent_alias="freebsd"
group="Demo servers"
address_network="192.168.4.0/24"
os_name="BSD"
os_versions[]="14.0"
os_versions[]="13.1"
os_versions[]="13.2"
os_versions[]="13.3"
latitude="RANDOM;37;42"
longitude="RANDOM;-8;-1"
altitude="0"
[modules]
name[1]="Network Usage"
type[1]="generic_data_inc"
description[1]="Network usage in the system"
values[1]="RANDOM;0;10000"
unit[1]="bytes/sec"
group[1]="Network"
name[2]="Network latency"
type[2]="generic_data"
description[2]="Network latency to router"
values[2]="RANDOM;0;20"
unit[2]="msec"
group[2]="Network"
name[3]="CPU Load"
type[3]="generic_data"
description[3]="CPU Usage"
values[3]="RANDOM;20;90"
unit[3]="%"
group[3]="System"
name[4]="Disk Usage"
type[4]="generic_data"
description[4]="% used space"
values[4]="RANDOM;50;60"
unit[4]="%"
group[4]="System"
name[5]="Memory Usage"
type[5]="generic_data"
description[5]="% Used memory"
values[5]="RANDOM;0;20"
unit[5]="%"
group[5]="System"
name[6]="Service httpd"
type[6]="generic_proc"
values[6]="PROC;5"
group[6]="Applications"
name[7]="Service mysqld"
type[7]="generic_proc"
values[7]="PROC;5"
group[7]="Applications"
name[8]="Service sshd"
type[8]="generic_proc"
values[8]="PROC;5"
group[8]="Applications"

297
pandora_console/extras/demodata/agents/5-cisco.prd Normal file
View File

@ -0,0 +1,297 @@
[agent_data]
agents_number="1"
agent_name="cisco"
agent_alias="cisco"
group="Demo network"
address_network="192.168.5.0/24"
mac="__randomMAC__"
os_name="Cisco"
os_versions[]="C9200L"
os_versions[]="C9300LM"
os_versions[]="C9600"
latitude="RANDOM;37;42"
longitude="RANDOM;-8;-1"
altitude="0"
[modules]
name[1]="CPU Usage (5 min avg)"
type[1]="generic_data"
description[1]="CPU Usage"
values[1]="RANDOM;20;90"
unit[1]="%"
group[1]="General"
name[2]="Big Buffer Misses"
type[2]="generic_data"
description[2]="Buffer misses"
values[2]="RANDOM;20;90"
unit[2]="%"
group[2]="General"
name[3]="Temperature"
type[3]="generic_data"
description[3]="System temp"
values[3]="RANDOM;20;30"
unit[3]="ºC"
group[3]="General"
name[4]="Host alive"
type[4]="generic_proc"
values[4]="PROC;5"
group[4]="Networking"
name[5]="Gi0/0_ifOperStatus"
type[5]="generic_proc"
description[5]="(MAC: _mac_ - Gi0/0_ifOperStatus)"
values[5]="PROC;5"
group[5]="Networking"
name[6]="Gi0/0_ifInOctets"
type[6]="generic_data_inc"
description[6]="(MAC: _mac_ - Gi0/0_ifInOctets)"
values[6]="RANDOM;0;1000"
unit[6]="bytes/s"
group[6]="Networking"
name[7]="Gi0/0_ifOutOctets"
type[7]="generic_data_inc"
description[7]="(MAC: _mac_ - Gi0/0_ifOutOctets)"
values[7]="RANDOM;0;1000"
unit[7]="bytes/s"
group[7]="Networking"
name[8]="Gi0/1_ifOperStatus"
type[8]="generic_proc"
description[8]="(MAC: _mac_ - Gi0/1_ifOperStatus)"
values[8]="PROC;5"
group[8]="Networking"
name[9]="Gi0/1_ifInOctets"
type[9]="generic_data_inc"
description[9]="(MAC: _mac_ - Gi0/1_ifInOctets)"
values[9]="RANDOM;0;1000"
unit[9]="bytes/s"
group[9]="Networking"
name[10]="Gi0/1_ifOutOctets"
type[10]="generic_data_inc"
description[10]="(MAC: _mac_ - Gi0/1_ifOutOctets)"
values[10]="RANDOM;0;1000"
unit[10]="bytes/s"
group[10]="Networking"
name[11]="Gi0/2_ifOperStatus"
type[11]="generic_proc"
description[11]="(MAC: _mac_ - Gi0/2_ifOperStatus)"
values[11]="PROC;5"
group[11]="Networking"
name[12]="Gi0/2_ifInOctets"
type[12]="generic_data_inc"
description[12]="(MAC: _mac_ - Gi0/2_ifInOctets)"
values[12]="RANDOM;0;1000"
unit[12]="bytes/s"
group[12]="Networking"
name[13]="Gi0/2_ifOutOctets"
type[13]="generic_data_inc"
description[13]="(MAC: _mac_ - Gi0/2_ifOutOctets)"
values[13]="RANDOM;0;1000"
unit[13]="bytes/s"
group[13]="Networking"
name[14]="Gi0/3_ifOperStatus"
type[14]="generic_proc"
description[14]="(MAC: _mac_ - Gi0/3_ifOperStatus)"
values[14]="PROC;5"
group[14]="Networking"
name[15]="Gi0/3_ifInOctets"
type[15]="generic_data_inc"
description[15]="(MAC: _mac_ - Gi0/3_ifInOctets)"
values[15]="RANDOM;0;1000"
unit[15]="bytes/s"
group[15]="Networking"
name[16]="Gi0/3_ifOutOctets"
type[16]="generic_data_inc"
description[16]="(MAC: _mac_ - Gi0/3_ifOutOctets)"
values[16]="RANDOM;0;1000"
unit[16]="bytes/s"
group[16]="Networking"
name[17]="Gi0/4_ifOperStatus"
type[17]="generic_proc"
description[17]="(MAC: _mac_ - Gi0/4_ifOperStatus)"
values[17]="PROC;5"
group[17]="Networking"
name[18]="Gi0/4_ifInOctets"
type[18]="generic_data_inc"
description[18]="(MAC: _mac_ - Gi0/4_ifInOctets)"
values[18]="RANDOM;0;1000"
unit[18]="bytes/s"
group[18]="Networking"
name[19]="Gi0/4_ifOutOctets"
type[19]="generic_data_inc"
description[19]="(MAC: _mac_ - Gi0/4_ifOutOctets)"
values[19]="RANDOM;0;1000"
unit[19]="bytes/s"
group[19]="Networking"
name[20]="Gi0/5_ifOperStatus"
type[20]="generic_proc"
description[20]="(MAC: _mac_ - Gi0/5_ifOperStatus)"
values[20]="PROC;5"
group[20]="Networking"
name[21]="Gi0/5_ifInOctets"
type[21]="generic_data_inc"
description[21]="(MAC: _mac_ - Gi0/5_ifInOctets)"
values[21]="RANDOM;0;1000"
unit[21]="bytes/s"
group[21]="Networking"
name[22]="Gi0/5_ifOutOctets"
type[22]="generic_data_inc"
description[22]="(MAC: _mac_ - Gi0/5_ifOutOctets)"
values[22]="RANDOM;0;1000"
unit[22]="bytes/s"
group[22]="Networking"
name[23]="Gi0/6_ifOperStatus"
type[23]="generic_proc"
description[23]="(MAC: _mac_ - Gi0/6_ifOperStatus)"
values[23]="PROC;5"
group[23]="Networking"
name[24]="Gi0/6_ifInOctets"
type[24]="generic_data_inc"
description[24]="(MAC: _mac_ - Gi0/6_ifInOctets)"
values[24]="RANDOM;0;1000"
unit[24]="bytes/s"
group[24]="Networking"
name[25]="Gi0/6_ifOutOctets"
type[25]="generic_data_inc"
description[25]="(MAC: _mac_ - Gi0/6_ifOutOctets)"
values[25]="RANDOM;0;1000"
unit[25]="bytes/s"
group[25]="Networking"
name[26]="Gi0/7_ifOperStatus"
type[26]="generic_proc"
description[26]="(MAC: _mac_ - Gi0/7_ifOperStatus)"
values[26]="PROC;5"
group[26]="Networking"
name[27]="Gi0/7_ifInOctets"
type[27]="generic_data_inc"
description[27]="(MAC: _mac_ - Gi0/7_ifInOctets)"
values[27]="RANDOM;0;1000"
unit[27]="bytes/s"
group[27]="Networking"
name[28]="Gi0/7_ifOutOctets"
type[28]="generic_data_inc"
description[28]="(MAC: _mac_ - Gi0/7_ifOutOctets)"
values[28]="RANDOM;0;1000"
unit[28]="bytes/s"
group[28]="Networking"
name[29]="Gi0/8_ifOperStatus"
type[29]="generic_proc"
description[29]="(MAC: _mac_ - Gi0/8_ifOperStatus)"
values[29]="PROC;5"
group[29]="Networking"
name[30]="Gi0/8_ifInOctets"
type[30]="generic_data_inc"
description[30]="(MAC: _mac_ - Gi0/8_ifInOctets)"
values[30]="RANDOM;0;1000"
unit[30]="bytes/s"
group[30]="Networking"
name[31]="Gi0/8_ifOutOctets"
type[31]="generic_data_inc"
description[31]="(MAC: _mac_ - Gi0/8_ifOutOctets)"
values[31]="RANDOM;0;1000"
unit[31]="bytes/s"
group[31]="Networking"
name[32]="Gi0/9_ifOperStatus"
type[32]="generic_proc"
description[32]="(MAC: _mac_ - Gi0/9_ifOperStatus)"
values[32]="PROC;5"
group[32]="Networking"
name[33]="Gi0/9_ifInOctets"
type[33]="generic_data_inc"
description[33]="(MAC: _mac_ - Gi0/9_ifInOctets)"
values[33]="RANDOM;0;1000"
unit[33]="bytes/s"
group[33]="Networking"
name[34]="Gi0/9_ifOutOctets"
type[34]="generic_data_inc"
description[34]="(MAC: _mac_ - Gi0/9_ifOutOctets)"
values[34]="RANDOM;0;1000"
unit[34]="bytes/s"
group[34]="Networking"
name[35]="ipInReceives"
type[35]="generic_data"
description[35]="The total number of input datagrams received from interfaces"
values[35]="RANDOM;0;1000"
unit[35]="datagrams"
group[35]="Networking"
name[36]="ipOutRequests"
type[36]="generic_data"
description[36]="The total number of output datagrams requested from interfaces"
values[36]="RANDOM;0;1000"
unit[36]="datagrams"
group[36]="Networking"
name[37]="Latency"
type[37]="generic_data"
description[37]="Network latency"
values[37]="RANDOM;0;100"
unit[37]="msec"
group[37]="Networking"
[traps]
oid[1]=".1.3.6.1.4.1.9.9.41.1.2.3.1.2.0"
value[1]="RANDOM;0;100"
snmp_type[1]="6"
chance_percent[1]="20"
oid[2]=".1.3.6.1.4.1.9.9.41.1.2.3.1.3.0"
value[2]="RANDOM;0;100"
snmp_type[2]="6"
chance_percent[2]="20"
oid[3]=".1.3.6.1.4.1.9.9.41.1.2.3.1.4.0"
value[3]="RANDOM;0;100"
snmp_type[3]="6"
chance_percent[3]="20"
oid[4]=".1.3.6.1.4.1.9.9.41.1.2.3.1.5.0"
value[4]="RANDOM;0;100"
snmp_type[4]="6"
chance_percent[4]="20"
oid[5]=".1.3.6.1.4.1.9.9.41.1.2.3.1.6.0"
value[5]="RANDOM;0;100"
snmp_type[5]="6"
chance_percent[5]="20"

65
pandora_console/extras/demodata/dashboards/1-dashboard.prd Normal file
View File

@ -0,0 +1,65 @@
[dashboard_data]
name="Demo dashboard"
group="Demo dashboard"
[dashboard_items]
title[1]="Groups status"
type[1]="system_group_status"
x[1]="0"
y[1]="0"
width[1]="5"
height[1]="4"
title[2]="Network map"
type[2]="network_map"
x[2]="5"
y[2]="0"
width[2]="7"
height[2]="6"
map_name[2]="Demo sunburst network map"
title[3]="Module histogram"
type[3]="graph_module_histogram"
x[3]="0"
y[3]="4"
width[3]="5"
height[3]="2"
agent_name[3]="demo-global-agent-1"
module[3]="Host Alive"
interval[3]="86400"
title[4]="List of latest events"
type[4]="events_list"
x[4]="0"
y[4]="6"
width[4]="12"
height[4]="5"
title[5]="Top N events by agent"
type[5]="top_n_events_by_group"
x[5]="6"
y[5]="11"
width[5]="6"
height[5]="8"
title[6]="Top N of agent modules"
type[6]="top_n"
x[6]="0"
y[6]="11"
width[6]="6"
height[6]="4"
agent_name[6]="cisco-.*"
module[6]=".*ifOutOctets"
interval[6]="86400"
title[7]="Top N of agent modules"
type[7]="top_n"
x[7]="0"
y[7]="15"
width[7]="6"
height[7]="4"
agent_name[7]="cisco-.*"
module[7]=".*ifInOctets"
interval[7]="86400"

16
pandora_console/extras/demodata/gis_maps/1-gismap.prd Normal file
View File

@ -0,0 +1,16 @@
[gis_data]
name="Demo GIS map"
group="Demo servers"
zoom_level="6"
initial_latitude="40"
initial_longitude="-3"
initial_altitude="0"
default_latitude="40"
default_longitude="-3"
default_altitude="0"
[gis_layers]
name[1]="Demo servers"
group[1]="Demo servers"

21
pandora_console/extras/demodata/graphs/1-cpu-graph.prd Normal file
View File

@ -0,0 +1,21 @@
[graph_data]
name="Linux CPU Load"
group="Demo servers"
description="This is a demo custom graph for linux agents CPU Load"
type="s_area"
periodicity="86400"
[graph_items]
agent_name[1]="linux-1"
module[1]="CPU Load"
agent_name[2]="linux-2"
module[2]="CPU Load"
agent_name[3]="linux-3"
module[3]="CPU Load"
agent_name[4]="linux-4"
module[4]="CPU Load"

21
pandora_console/extras/demodata/graphs/2-disks-graph.prd Normal file
View File

@ -0,0 +1,21 @@
[graph_data]
name="Linux Disk Usage"
group="Demo servers"
description="This is a demo custom graph for linux agents Disk Usage"
type="line"
periodicity="86400"
[graph_items]
agent_name[1]="linux-1"
module[1]="Disk Usage"
agent_name[2]="linux-2"
module[2]="Disk Usage"
agent_name[3]="linux-3"
module[3]="Disk Usage"
agent_name[4]="linux-4"
module[4]="Disk Usage"

Some files were not shown because too many files have changed in this diff Show More