2009-08-19 Sancho lerena <slerena@artica.es>

* pandora_server.spec: Added nmap to required packages, removed xprobe2.
	
	* lib/PandoraFMS/Config.pm, conf/pandora_server.conf: New token for nmap.
	 
	* lib/PandoraFMS/ReconServer.pm: New parent detection, TCP scanning imple-
	mented using NMAP. Implemented TCP profile scanning.
	
	* lib/PandoraFMS/Tools.pm: Some reordering in pandora_get_os() gives
	more accurate OS guessing. enterprise_hook() now don't yell when enterprise
	is not found :-)



git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@1868 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
This commit is contained in:
slerena 2009-08-19 19:49:55 +00:00
parent 7c3014607c
commit 8c3452ab60
6 changed files with 101 additions and 68 deletions

View File

@ -4,6 +4,17 @@
2009-08-19 Sancho lerena <slerena@artica.es> 2009-08-19 Sancho lerena <slerena@artica.es>
* pandora_server.spec: Added nmap to required packages, removed xprobe2.
* lib/PandoraFMS/Config.pm, conf/pandora_server.conf: New token for nmap.
* lib/PandoraFMS/ReconServer.pm: New parent detection, TCP scanning imple-
mented using NMAP. Implemented TCP profile scanning.
* lib/PandoraFMS/Tools.pm: Some reordering in pandora_get_os() gives
more accurate OS guessing. enterprise_hook() now don't yell when enterprise
is not found :-)
* pandora_server.spec: Updated some dependencies. Also included the * pandora_server.spec: Updated some dependencies. Also included the
install of pandora_db maintance script in cron.daily. install of pandora_db maintance script in cron.daily.

View File

@ -172,11 +172,18 @@ mta_address localhost
# mta_from: Email address that sends the mail, by default is pandora@localhost # mta_from: Email address that sends the mail, by default is pandora@localhost
# probably you need to change it to avoid problems with your antispam # probably you need to change it to avoid problems with your antispam
# xprobe: If provided, is used to detect with recon server, OS fingerprint # xprobe2: Optional package to detect OS types using advanced TCP/IP
# of detected hosts. Xprobe2 is a GNU tool to detect OS types. # fingerprinting tecniques, much more accurates than stadard nmap.
# If not provided, nmap is used insted xprobe2
xprobe2 /usr/bin/xprobe2 xprobe2 /usr/bin/xprobe2
# nmap: If provided, is used to detect OS type with recon server using
# advanded OS fingerprint technique. Xprobe2 gives more accurate results
# Nmap is also used to do TCP port scanning in detected host.
nmap /usr/bin/nmap
# snmpget: Needed to do SNMP checks. By default is on /usr/bin/snmpget # snmpget: Needed to do SNMP checks. By default is on /usr/bin/snmpget
snmpget /usr/bin/snmpget snmpget /usr/bin/snmpget

View File

@ -37,7 +37,7 @@ our @EXPORT = qw(
# version: Defines actual version of Pandora Server for this module only # version: Defines actual version of Pandora Server for this module only
my $pandora_version = "3.0-dev"; my $pandora_version = "3.0-dev";
my $pandora_build = "PS090810"; my $pandora_build = "PS090819";
our $VERSION = $pandora_version." ".$pandora_build; our $VERSION = $pandora_version." ".$pandora_build;
# Setup hash # Setup hash
@ -195,8 +195,12 @@ sub pandora_load_config {
$pa_config->{"mta_auth"} = 'none'; # Introduced on 2.0 (Support LOGIN PLAIN CRAM-MD5 DIGEST-MD) $pa_config->{"mta_auth"} = 'none'; # Introduced on 2.0 (Support LOGIN PLAIN CRAM-MD5 DIGEST-MD)
$pa_config->{"mta_from"} = 'pandora@localhost'; # Introduced on 2.0 $pa_config->{"mta_from"} = 'pandora@localhost'; # Introduced on 2.0
# Xprobe2 for recon OS fingerprinting (optional feature to detect OS) # nmap for recon OS fingerprinting and tcpscan (optional)
$pa_config->{"xprobe2"} = "/usr/bin/xprobe2"; $pa_config->{"nmap"} = "/usr/bin/nmap";
# Xprobe2 for recon OS fingerprinting and tcpscan (optional)
$pa_config->{"xprobe2"} = "/usr/bin/xprobe";
# Snmpget for snmpget system command (optional) # Snmpget for snmpget system command (optional)
$pa_config->{"snmpget"} = "/usr/bin/snmpget"; $pa_config->{"snmpget"} = "/usr/bin/snmpget";
@ -421,6 +425,9 @@ sub pandora_load_config {
$pa_config->{"keepalive"} = clean_blank($1); $pa_config->{"keepalive"} = clean_blank($1);
$pa_config->{"keepalive_orig"} = clean_blank($1); $pa_config->{"keepalive_orig"} = clean_blank($1);
} }
elsif ($parametro =~ m/^nmap\s(.*)/i) {
$pa_config->{'nmap'}= clean_blank($1);
}
elsif ($parametro =~ m/^xprobe2\s(.*)/i) { elsif ($parametro =~ m/^xprobe2\s(.*)/i) {
$pa_config->{'xprobe2'}= clean_blank($1); $pa_config->{'xprobe2'}= clean_blank($1);
} }

View File

@ -25,7 +25,6 @@ use threads::shared;
use Thread::Semaphore; use Thread::Semaphore;
use IO::Socket::INET; use IO::Socket::INET;
use Net::Ping;
use NetAddr::IP; use NetAddr::IP;
use POSIX qw(strftime ceil); use POSIX qw(strftime ceil);
@ -128,35 +127,22 @@ sub data_consumer ($$) {
# Does the host already exist? # Does the host already exist?
next if (get_agent_from_addr ($dbh, $addr) > 0); next if (get_agent_from_addr ($dbh, $addr) > 0);
# Is the host alive? (thanks to Evi for the TCP scans)
my $alive = 0; my $alive = 0;
if (pandora_ping ($pa_config, $addr) == 1) { if (pandora_ping ($pa_config, $addr) == 1) {
$alive = 1; $alive = 1;
#Check for Remote Desktop & VNC (Desktop & Server machines) # TCP Port profiling
#} elsif (tcp_scan ($addr, $pa_config->{'networktimeout'}, 3389) == 1 || if ((defined ($task->{'recon_ports'})) && ($task->{'recon_ports'} ne "")) {
# tcp_scan ($addr, $pa_config->{'networktimeout'}, 5900) == 1) { $alive = tcp_scan ($pa_config, $addr, $task->{'recon_ports'});
# $alive = 1; }
#Check for management ports 10000 = Webmin, 161 = SNMP (Most embedded devices)
#} elsif (tcp_scan ($addr, $pa_config->{'networktimeout'}, 10000) == 1 ||
# tcp_scan ($addr, $pa_config->{'networktimeout'}, 161) == 1) {
# $alive = 1;
#Check for SSH & Mail (Servers and Unix machines)
#} elsif (tcp_scan ($addr, $pa_config->{'networktimeout'}, 22) == 1 ||
# tcp_scan ($addr, $pa_config->{'networktimeout'}, 25) == 1) {
# $alive = 1;
#Check for WWW & MySQL (Webservers and systems in a DMZ)
#} elsif (tcp_scan ($addr, $pa_config->{'networktimeout'}, 80) == 1 ||
# tcp_scan ($addr, $pa_config->{'networktimeout'}, 3306) == 1) {
# $alive = 1;
} }
next unless ($alive == 1); next unless ($alive > 0);
# Guess the OS and filter # Guess the OS and filter
my $id_os = guess_os ($pa_config, $addr); my $id_os = guess_os ($pa_config, $addr);
next if ($task->{'id_os'} > 0 && $task->{'id_os'} != $id_os); next if ($task->{'id_os'} > 0 && $task->{'id_os'} != $id_os);
$hosts_found++; $hosts_found ++;
$addr_found .= $addr . " "; $addr_found .= $addr . " ";
# Resolve the address # Resolve the address
@ -205,22 +191,15 @@ sub data_consumer ($$) {
# TCP scan the given host/port. Returns 1 if successful, 0 otherwise. # TCP scan the given host/port. Returns 1 if successful, 0 otherwise.
############################################################################## ##############################################################################
sub tcp_scan ($$$) { sub tcp_scan ($$$) {
my ($host, $timeout, $port) = @_; my ($pa_config, $host, $portlist) = @_;
my $rc = 0; my $runcommand;
eval { my $nmap = $pa_config->{'nmap'};
local $SIG{'ALRM'} = sub { return 0; }; eval {
alarm ($timeout); $runcommand = `$nmap -p$portlist $host | grep open | wc -l`;
my $handle=IO::Socket::INET->new(
Proto => 'tcp',
PeerAddr => $host,
PeerPort => $port);
$rc = 1 if ($handle);
alarm (0);
}; };
return 0 if ($@);
return 0 if ($@); return $runcommand;
return $rc;
} }
########################################################################## ##########################################################################
@ -228,21 +207,26 @@ sub tcp_scan ($$$) {
########################################################################## ##########################################################################
sub guess_os { sub guess_os {
my ($pa_config, $host) = @_; my ($pa_config, $host) = @_;
my $nmap = $pa_config->{'nmap'};
my $xprobe = $pa_config->{'xprobe2'};
my $xprobe2 = $pa_config->{'xprobe2'}; # if xprobe2 not available, use nmap, if not, not able to detect OS
if (! -e $xprobe){
# Other OS return 10 if (! -e $nmap);
return 10 if (! -e $xprobe2); }
# Execute xprobe2 # Execute Nmap (4.x) or Xprobe2
my $output = ''; my $output = '';
eval { eval {
$output = `$xprobe2 $host 2> /dev/null | grep "Running OS" 2> /dev/null | head -1 2> /dev/null`; if (-e $xprobe){
$output = `$xprobe $host 2> /dev/null | grep 'Running OS' | head -1`;
} else {
$output = `$nmap -F -O $host 2> /dev/null | grep 'Aggressive OS guesses'`;
}
}; };
# Check for errors # Check for errors
return 10 if ($@); return 10 if ($@);
return pandora_get_os ($output); return pandora_get_os ($output);
} }
@ -328,13 +312,14 @@ sub get_host_parent ($$){
# Traceroute not available # Traceroute not available
return 0 unless ($TracerouteAvailable != 0); return 0 unless ($TracerouteAvailable != 0);
my $traceroutetimeout = $pa_config->{'networktimeout'} * 2;
my $tr = Net::Traceroute::PurePerl->new ( my $tr = Net::Traceroute::PurePerl->new (
backend => 'PurePerl', backend => 'PurePerl',
host => $host, host => $host,
debug => 0, debug => 0,
max_ttl => 15, max_ttl => 15,
query_timeout => $pa_config->{'networktimeout'}, query_timeout => $traceroutetimeout,
packetlen => 40, packetlen => 80,
protocol => 'udp', # udp or icmp protocol => 'udp', # udp or icmp
); );
@ -343,7 +328,7 @@ sub get_host_parent ($$){
# Call traceroute # Call traceroute
eval { eval {
local $SIG{'ALRM'} = sub { return 0; }; local $SIG{'ALRM'} = sub { return 0; };
alarm($pa_config->{'networktimeout'}); alarm($traceroutetimeout);
$success = $tr->traceroute(); $success = $tr->traceroute();
alarm(0); alarm(0);
}; };
@ -354,8 +339,21 @@ sub get_host_parent ($$){
# Traceroute was not successful # Traceroute was not successful
return 0 if ($tr->hops < 2 || $success == 0); return 0 if ($tr->hops < 2 || $success == 0);
my $parent_addr = $tr->hop_query_host($tr->hops - 1, 0); my $hopstotal = $tr->hops;
return get_agent_from_addr ($dbh, $parent_addr); $hopstotal--;
# Run all list of parents until find a known parent
my $parent_addr;
my $parent_addr_check;
for (my $ax=$hopstotal; $ax >= 0; $ax--){
$parent_addr = $tr->hop_query_host($ax, 0);
$parent_addr_check = get_addr_id ($dbh, $parent_addr);
if ($parent_addr_check != -1){
return get_agent_from_addr ($dbh, $parent_addr);
}
}
return 0;
} }
1; 1;

View File

@ -73,12 +73,6 @@ sub pandora_get_os ($) {
if ($command =~ m/Windows/i){ if ($command =~ m/Windows/i){
return 9; return 9;
} }
elsif ($command =~ m/Linux/i){
return 1;
}
elsif ($command =~ m/BSD/i){
return 4;
}
elsif ($command =~ m/Cisco/i){ elsif ($command =~ m/Cisco/i){
return 7; return 7;
} }
@ -97,9 +91,21 @@ sub pandora_get_os ($) {
elsif ($command =~ m/Apple/i){ elsif ($command =~ m/Apple/i){
return 8; return 8;
} }
elsif ($command =~ m/Linux/i){
return 1;
}
elsif ($command =~ m/Enterasys/i){
return 11;
}
elsif ($command =~ m/3com/i){
return 11;
}
elsif ($command =~ m/Octopus/i){ elsif ($command =~ m/Octopus/i){
return 13; return 13;
} }
elsif ($command =~ m/BSD/i){
return 4;
}
else { else {
return 10; # Unknown / Other return 10; # Unknown / Other
} }
@ -346,12 +352,15 @@ sub enterprise_hook ($$) {
# Prepend the package name # Prepend the package name
$func = 'PandoraFMS::Enterprise::' . $func; $func = 'PandoraFMS::Enterprise::' . $func;
# Try to call the function # Check if exist before try to call it
my $output = eval { &$func (@args); }; my $output = `perl -e "use $func"`;
# Check for errors if ($output){
return undef if ($@); # Try to call the function
$output = eval { &$func (@args); };
} else {
return $undef;
}
return $output; return $output;
} }

View File

@ -21,8 +21,9 @@ BuildArchitectures: noarch
Requires(pre): /usr/sbin/useradd Requires(pre): /usr/sbin/useradd
AutoReq: 0 AutoReq: 0
Provides: %{name}-%{version} Provides: %{name}-%{version}
Requires: perl-mail-sendmail perl-DBI perl-DBD-mysql perl-time-format perl-mail-sendmail perl-netaddr-ip wmic perl-SNMP net-snmp Requires: perl-mail-sendmail perl-DBI perl-DBD-mysql perl-time-format
#Requires: xprobe2 Requires: perl-mail-sendmail perl-netaddr-ip perl-SNMP net-snmp
Requires: nmap wmic
%description %description
Pandora FMS is a monitoring system for big IT environments. It uses remote tests, or local agents to grab information. Pandora supports all standard OS (Linux, AIX, HP-UX, Solaris and Windows XP,2000/2003), and support multiple setups in HA enviroments. Pandora FMS is a monitoring system for big IT environments. It uses remote tests, or local agents to grab information. Pandora supports all standard OS (Linux, AIX, HP-UX, Solaris and Windows XP,2000/2003), and support multiple setups in HA enviroments.