2011-08-24 Ramon Novoa <rnovoa@artica.es>

* lib/PandoraFMS/NmapParser.pm: Added to repository. Patched Nmap::Parser. See http://search.cpan.org/dist/Nmap-Parser/. * lib/PandoraFMS/ReconServer.pm: Use Nmap::Parser. git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@4819 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
2011-08-24 18:07:59 +00:00 · 2011-08-24 18:07:59 +00:00 · 9a9fab74d8
parent 9192987cf0
commit 9a9fab74d8
3 changed files with 1937 additions and 31 deletions
--- a/pandora_server/ChangeLog
+++ b/pandora_server/ChangeLog
@ -1,3 +1,10 @@
+2011-08-24  Ramon Novoa  <rnovoa@artica.es>
+
+	* lib/PandoraFMS/NmapParser.pm: Added to repository. Patched
+	  Nmap::Parser. See http://search.cpan.org/dist/Nmap-Parser/.
+
+	* lib/PandoraFMS/ReconServer.pm: Use Nmap::Parser.
+
 2011-08-24  Ramon Novoa  <rnovoa@artica.es>

 	* lib/PandoraFMS/DataServer.pm: Exclude the datalist tag from the
--- a/pandora_server/lib/PandoraFMS/NmapParser.pm
+++ b/pandora_server/lib/PandoraFMS/NmapParser.pm
--- a/pandora_server/lib/PandoraFMS/ReconServer.pm
+++ b/pandora_server/lib/PandoraFMS/ReconServer.pm
@ -36,6 +36,9 @@ use PandoraFMS::Core;
 use PandoraFMS::ProducerConsumerServer;
 use PandoraFMS::GIS qw(get_reverse_geoip_sql get_reverse_geoip_file get_random_close_point);

+# Patched Nmap::Parser. See http://search.cpan.org/dist/Nmap-Parser/.
+use PandoraFMS::NmapParser;
+
 # Inherits from PandoraFMS::ProducerConsumerServer
 our @ISA = qw(PandoraFMS::ProducerConsumerServer);

@ -128,38 +131,30 @@ sub data_consumer ($$) {
 	}

 	# Call nmap
-	my $nmap = $pa_config->{'nmap'};
-	my $subnet = $task->{'subnet'};
-	my @output = `$nmap -nsP $subnet`;
-	if ($? != 0) {
+	my $np = new Nmap::Parser;
+	eval {
+		$np->parsescan($pa_config->{'nmap'},'-nsP', ($task->{'subnet'}));
+	};
+	if ($@) {
 		update_recon_task ($dbh, $task_id, -1);
 		return;
 	}

-	# Parse nmap output
-	my $addr = '';
-	my $found_hosts = {};
-	foreach my $line (@output) {
-		chomp ($line);
-		
-		if ($line =~ m/Nmap scan report for (\S+).*/) {
-			$addr = $1;
-		} elsif ($line =~ m/Host is up \((\S+)s.*/) {
-			next unless ($addr ne '');
-			$found_hosts->{$addr} = 1;	
-			$addr = '';
-		}
-	}
-
-	# Process found hosts
+	# Parse scanned hosts
+	my $module_hash;
+	my @up_hosts = $np->all_hosts ('up');
+	my $total_up = scalar (@up_hosts);
 	my $progress = 0;
-	my $added = '';
-	my $total_hosts = scalar (keys (%{$found_hosts}));
-	foreach my $addr (keys (%{$found_hosts})) {
+	my $added_hosts = '';
+	foreach my $host (@up_hosts) {
 		$progress++;
 		
+		# Get agent address
+		my $addr = $host->addr();
+		next unless ($addr ne '0');
+		
 		# Update the recon task or break if it does not exist anymore
-		last if (update_recon_task ($dbh, $task_id, ceil ($progress / ($total_hosts / 100))) eq '0E0');
+		last if (update_recon_task ($dbh, $task_id, ceil ($progress / ($total_up / 100))) eq '0E0');
       
 		# Does the host already exist?
 		my $agent = get_agent_from_addr ($dbh, $addr);
@ -282,19 +277,19 @@ sub data_consumer ($$) {
 		create_network_profile_modules ($pa_config, $dbh, $agent_id, $task->{'id_network_profile'}, $addr, $task->{'snmp_community'});

 		# Generate an event
-        pandora_event ($pa_config, "[RECON] New host [$host_name] detected on network [" . $task->{'subnet'} . ']',
-                       $task->{'id_group'}, $agent_id, 2, 0, 0, 'recon_host_detected', 0, $dbh);
+		pandora_event ($pa_config, "[RECON] New host [$host_name] detected on network [" . $task->{'subnet'} . ']',
+		               $task->{'id_group'}, $agent_id, 2, 0, 0, 'recon_host_detected', 0, $dbh);
 		
-        $added .= $addr . ' ';
+		$added_hosts .= "$addr ";
 	}

 	# Create an incident with totals
-	if ($total_hosts > 0 && $task->{'create_incident'} == 1) {
-		my $text = "At " . strftime ("%Y-%m-%d %H:%M:%S", localtime()) . " ($total_hosts) new hosts were detected by Pandora FMS Recon Server running on [" . $pa_config->{'servername'} . "_Recon]. This incident has been automatically created following instructions for this recon task [" . $task->{'id_group'} . "].\n\n";
+	if ($added_hosts ne '' && $task->{'create_incident'} == 1) {
+		my $text = "At " . strftime ("%Y-%m-%d %H:%M:%S", localtime()) . " ($added_hosts) new hosts were detected by Pandora FMS Recon Server running on [" . $pa_config->{'servername'} . "_Recon]. This incident has been automatically created following instructions for this recon task [" . $task->{'id_group'} . "].\n\n";
 		if ($task->{'id_network_profile'} > 0) {
 			$text .= "Aditionally, and following instruction for this task, agent(s) has been created, with modules assigned to network component profile [" . get_nc_profile_name ($dbh, $task->{'id_network_profile'}) . "]. Please check this agent as soon as possible to verify it.";
 		}
-		$text .= "\n\nThis is the list of IP addresses found: \n\n$added";
+		$text .= "\n\nThis is the list of IP addresses found: \n\n$added_hosts";
 		pandora_create_incident ($pa_config, $dbh, "[RECON] New hosts detected", $text, 0, 0, 'Pandora FMS Recon Server', $task->{'id_group'});
 	}

@ -378,7 +373,7 @@ sub tcp_scan ($$$) {
 	my ($pa_config, $host, $portlist) = @_;
 	
 	my $nmap = $pa_config->{'nmap'};
-    my $output = `$nmap -p$portlist $host | grep open | wc -l`;
+	my $output = `$nmap -p$portlist $host | grep open | wc -l`;
 	return 0 if ($? != 0);
 	return $output;
 }