tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

2011-08-24 Ramon Novoa <rnovoa@artica.es> 

* lib/PandoraFMS/NmapParser.pm: Added to repository. Patched
	  Nmap::Parser. See http://search.cpan.org/dist/Nmap-Parser/.

	* lib/PandoraFMS/ReconServer.pm: Use Nmap::Parser.



git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@4819 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
This commit is contained in:
Ramon Novoa 2011-08-24 18:07:59 +00:00
parent 9192987cf0
commit 9a9fab74d8
3 changed files with 1937 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
pandora_server/ChangeLog
View File

@ -1,3 +1,10 @@
2011-08-24 Ramon Novoa <rnovoa@artica.es>
* lib/PandoraFMS/NmapParser.pm: Added to repository. Patched
Nmap::Parser. See http://search.cpan.org/dist/Nmap-Parser/.
* lib/PandoraFMS/ReconServer.pm: Use Nmap::Parser.
2011-08-24 Ramon Novoa <rnovoa@artica.es> 2011-08-24 Ramon Novoa <rnovoa@artica.es>
* lib/PandoraFMS/DataServer.pm: Exclude the datalist tag from the * lib/PandoraFMS/DataServer.pm: Exclude the datalist tag from the

1904
pandora_server/lib/PandoraFMS/NmapParser.pm Normal file
View File

File diff suppressed because it is too large Load Diff

51
pandora_server/lib/PandoraFMS/ReconServer.pm
View File

@ -36,6 +36,9 @@ use PandoraFMS::Core;
use PandoraFMS::ProducerConsumerServer; use PandoraFMS::ProducerConsumerServer;
use PandoraFMS::GIS qw(get_reverse_geoip_sql get_reverse_geoip_file get_random_close_point); use PandoraFMS::GIS qw(get_reverse_geoip_sql get_reverse_geoip_file get_random_close_point);
# Patched Nmap::Parser. See http://search.cpan.org/dist/Nmap-Parser/.
use PandoraFMS::NmapParser;
# Inherits from PandoraFMS::ProducerConsumerServer # Inherits from PandoraFMS::ProducerConsumerServer
our @ISA = qw(PandoraFMS::ProducerConsumerServer); our @ISA = qw(PandoraFMS::ProducerConsumerServer);
@ -128,38 +131,30 @@ sub data_consumer ($$) {
} }
# Call nmap # Call nmap
my $nmap = $pa_config->{'nmap'}; my $np = new Nmap::Parser;
my $subnet = $task->{'subnet'}; eval {
my @output = `$nmap -nsP $subnet`; $np->parsescan($pa_config->{'nmap'},'-nsP', ($task->{'subnet'}));
if ($? != 0) { };
if ($@) {
update_recon_task ($dbh, $task_id, -1); update_recon_task ($dbh, $task_id, -1);
return; return;
} }
# Parse nmap output # Parse scanned hosts
my $addr = ''; my $module_hash;
my $found_hosts = {}; my @up_hosts = $np->all_hosts ('up');
foreach my $line (@output) { my $total_up = scalar (@up_hosts);
chomp ($line);
if ($line =~ m/Nmap scan report for (\S+).*/) {
$addr = $1;
} elsif ($line =~ m/Host is up \((\S+)s.*/) {
next unless ($addr ne '');
$found_hosts->{$addr} = 1;
$addr = '';
}
}
# Process found hosts
my $progress = 0; my $progress = 0;
my $added = ''; my $added_hosts = '';
my $total_hosts = scalar (keys (%{$found_hosts})); foreach my $host (@up_hosts) {
foreach my $addr (keys (%{$found_hosts})) {
$progress++; $progress++;
# Get agent address
my $addr = $host->addr();
next unless ($addr ne '0');
# Update the recon task or break if it does not exist anymore # Update the recon task or break if it does not exist anymore
last if (update_recon_task ($dbh, $task_id, ceil ($progress / ($total_hosts / 100))) eq '0E0'); last if (update_recon_task ($dbh, $task_id, ceil ($progress / ($total_up / 100))) eq '0E0');
# Does the host already exist? # Does the host already exist?
my $agent = get_agent_from_addr ($dbh, $addr); my $agent = get_agent_from_addr ($dbh, $addr);
@ -285,16 +280,16 @@ sub data_consumer ($$) {
pandora_event ($pa_config, "[RECON] New host [$host_name] detected on network [" . $task->{'subnet'} . ']', pandora_event ($pa_config, "[RECON] New host [$host_name] detected on network [" . $task->{'subnet'} . ']',
$task->{'id_group'}, $agent_id, 2, 0, 0, 'recon_host_detected', 0, $dbh); $task->{'id_group'}, $agent_id, 2, 0, 0, 'recon_host_detected', 0, $dbh);
$added .= $addr . ' '; $added_hosts .= "$addr ";
} }
# Create an incident with totals # Create an incident with totals
if ($total_hosts > 0 && $task->{'create_incident'} == 1) { if ($added_hosts ne '' && $task->{'create_incident'} == 1) {
my $text = "At " . strftime ("%Y-%m-%d %H:%M:%S", localtime()) . " ($total_hosts) new hosts were detected by Pandora FMS Recon Server running on [" . $pa_config->{'servername'} . "_Recon]. This incident has been automatically created following instructions for this recon task [" . $task->{'id_group'} . "].\n\n"; my $text = "At " . strftime ("%Y-%m-%d %H:%M:%S", localtime()) . " ($added_hosts) new hosts were detected by Pandora FMS Recon Server running on [" . $pa_config->{'servername'} . "_Recon]. This incident has been automatically created following instructions for this recon task [" . $task->{'id_group'} . "].\n\n";
if ($task->{'id_network_profile'} > 0) { if ($task->{'id_network_profile'} > 0) {
$text .= "Aditionally, and following instruction for this task, agent(s) has been created, with modules assigned to network component profile [" . get_nc_profile_name ($dbh, $task->{'id_network_profile'}) . "]. Please check this agent as soon as possible to verify it."; $text .= "Aditionally, and following instruction for this task, agent(s) has been created, with modules assigned to network component profile [" . get_nc_profile_name ($dbh, $task->{'id_network_profile'}) . "]. Please check this agent as soon as possible to verify it.";
} }
$text .= "\n\nThis is the list of IP addresses found: \n\n$added"; $text .= "\n\nThis is the list of IP addresses found: \n\n$added_hosts";
pandora_create_incident ($pa_config, $dbh, "[RECON] New hosts detected", $text, 0, 0, 'Pandora FMS Recon Server', $task->{'id_group'}); pandora_create_incident ($pa_config, $dbh, "[RECON] New hosts detected", $text, 0, 0, 'Pandora FMS Recon Server', $task->{'id_group'});
} }