From 3291526195559174980cadd549a41ef9d8d2a7bb Mon Sep 17 00:00:00 2001 From: Arturo Gonzalez Date: Wed, 23 Aug 2017 12:41:36 +0200 Subject: [PATCH 01/12] Added new fields to server table --- .../extras/pandoradb_migrate_6.0_to_7.0.mysql.sql | 5 +++++ pandora_console/pandoradb.sql | 1 + 2 files changed, 6 insertions(+) diff --git a/pandora_console/extras/pandoradb_migrate_6.0_to_7.0.mysql.sql b/pandora_console/extras/pandoradb_migrate_6.0_to_7.0.mysql.sql index d00cc19065..2d32d99d18 100644 --- a/pandora_console/extras/pandoradb_migrate_6.0_to_7.0.mysql.sql +++ b/pandora_console/extras/pandoradb_migrate_6.0_to_7.0.mysql.sql @@ -1416,3 +1416,8 @@ ALTER TABLE tgraph_source ADD COLUMN id_server int(11) UNSIGNED NOT NULL default -- --------------------------------------------------------------------- ALTER TABLE tserver_export_data MODIFY `module_name` varchar(600) BINARY NOT NULL default ''; + +-- --------------------------------------------------------------------- +-- Table `tserver` +-- --------------------------------------------------------------------- +ALTER TABLE tserver ADD COLUMN exec_proxy tinyint(1) UNSIGNED NOT NULL default 0; diff --git a/pandora_console/pandoradb.sql b/pandora_console/pandoradb.sql index 7167c79281..4734bec7bf 100644 --- a/pandora_console/pandoradb.sql +++ b/pandora_console/pandoradb.sql @@ -976,6 +976,7 @@ CREATE TABLE IF NOT EXISTS `tserver` ( `my_modules` int(11) NOT NULL default 0, `server_keepalive` int(11) NOT NULL default 0, `stat_utimestamp` bigint(20) NOT NULL default '0', + `exec_proxy` tinyint(1) UNSIGNED NOT NULL default 0, PRIMARY KEY (`id_server`), KEY `name` (`name`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8; From dce27f3ac2c87c252d9ecf8492377822a32bbbcf Mon Sep 17 00:00:00 2001 From: Arturo Gonzalez Date: Wed, 23 Aug 2017 15:01:09 +0200 Subject: [PATCH 02/12] Added new items to satellite editor view --- .../godmode/servers/modificar_server.php | 58 +++++++++++++++++-- 1 file changed, 53 insertions(+), 5 deletions(-) diff --git a/pandora_console/godmode/servers/modificar_server.php b/pandora_console/godmode/servers/modificar_server.php index 721b1597c6..ea0a9e5de7 100644 --- a/pandora_console/godmode/servers/modificar_server.php +++ b/pandora_console/godmode/servers/modificar_server.php @@ -33,21 +33,36 @@ if (isset($_GET["server"])) { $id_server= get_parameter_get ("server"); // Headers ui_print_page_header (__('Update Server'), "images/gm_servers.png", false, "servers", true); - $sql = sprintf("SELECT name, ip_address, description FROM tserver WHERE id_server = %d",$id_server); + $sql = sprintf("SELECT name, ip_address, description, server_type, exec_proxy FROM tserver WHERE id_server = %d",$id_server); $row = db_get_row_sql ($sql); echo '
'; html_print_input_hidden ("server",$id_server); + + $server_type = __('Standard'); + if ($row["server_type"] == 13) { + $server_type = __('Satellite'); + } + $exec_server_enable = __("No"); + if ($row["exec_proxy"] == 1) { + $exec_server_enable = __('Yes'); + } $table->cellpadding=4; $table->cellspacing=4; $table->width='100%'; $table->class="databox filters"; - $table->data[] = array (__('Name'),$row["name"]); - $table->data[] = array (__('IP Address'),html_print_input_text ('address',$row["ip_address"],'',50,0,true)); - $table->data[] = array (__('Description'),html_print_input_text ('description',$row["description"],'',50,0,true)); - html_print_table ($table); + $table->data[] = array (__('Name'), $row["name"]); + $table->data[] = array (__('IP Address'), html_print_input_text ('address',$row["ip_address"],'',50,0,true)); + $table->data[] = array (__('Description'), html_print_input_text ('description',$row["description"],'',50,0,true)); + if (enterprise_installed()) { + $table->data[] = array (__('Type'), $server_type); + $table->data[] = array (__('Exec Server Enable'), $exec_server_enable); + $table->data[] = array (__('Check Exec Server'), '' . html_print_image ("images/dot_red.disabled.png", true) . ''); + } + + html_print_table ($table); echo '
'; echo ''; @@ -141,3 +156,36 @@ else { require($config['homedir'] . '/godmode/servers/servers.build_table.php'); } ?> + + From 2521727ee10584c3e9ef886d9da8eb4bfa30be5a Mon Sep 17 00:00:00 2001 From: Arturo Gonzalez Date: Thu, 24 Aug 2017 11:05:10 +0200 Subject: [PATCH 03/12] Added ssh check connection --- pandora_console/godmode/servers/modificar_server.php | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/pandora_console/godmode/servers/modificar_server.php b/pandora_console/godmode/servers/modificar_server.php index ea0a9e5de7..a3d9821373 100644 --- a/pandora_console/godmode/servers/modificar_server.php +++ b/pandora_console/godmode/servers/modificar_server.php @@ -59,7 +59,7 @@ if (isset($_GET["server"])) { if (enterprise_installed()) { $table->data[] = array (__('Type'), $server_type); $table->data[] = array (__('Exec Server Enable'), $exec_server_enable); - $table->data[] = array (__('Check Exec Server'), '' . html_print_image ("images/dot_red.disabled.png", true) . ''); + $table->data[] = array (__('Check Exec Server'), '' . html_print_image ("images/dot_red.disabled.png", true) . '' . '
'); } html_print_table ($table); @@ -177,11 +177,13 @@ function check_process (id_server) { "ajax.php", parameters, function (data) { - if (data) { + if (data['correct']) { $("#check_exec_server img").attr("src", "images/dot_green.png"); } else { $("#check_exec_server img").attr("src", "images/dot_red.png"); + $("#check_error_message").empty(); + $("#check_error_message").append("" + data['message'] + ""); } }, "json" From f021bedb5c98162acda3e651c7543f5f16c642bd Mon Sep 17 00:00:00 2001 From: Arturo Gonzalez Date: Thu, 24 Aug 2017 12:34:06 +0200 Subject: [PATCH 04/12] Added proxy servers to events response form --- .../pandoradb_migrate_6.0_to_7.0.mysql.sql | 5 ++++ .../godmode/events/event_responses.editor.php | 23 +++++++++++++++++-- .../godmode/events/event_responses.php | 22 ++++++++++++++++++ pandora_console/pandoradb.sql | 1 + 4 files changed, 49 insertions(+), 2 deletions(-) diff --git a/pandora_console/extras/pandoradb_migrate_6.0_to_7.0.mysql.sql b/pandora_console/extras/pandoradb_migrate_6.0_to_7.0.mysql.sql index 2d32d99d18..18e473af34 100644 --- a/pandora_console/extras/pandoradb_migrate_6.0_to_7.0.mysql.sql +++ b/pandora_console/extras/pandoradb_migrate_6.0_to_7.0.mysql.sql @@ -1421,3 +1421,8 @@ ALTER TABLE tserver_export_data MODIFY `module_name` varchar(600) BINARY NOT NUL -- Table `tserver` -- --------------------------------------------------------------------- ALTER TABLE tserver ADD COLUMN exec_proxy tinyint(1) UNSIGNED NOT NULL default 0; + +-- --------------------------------------------------------------------- +-- Table `tevent_response` +-- --------------------------------------------------------------------- +ALTER TABLE tevent_response ADD COLUMN server_to_exec int(10) unsigned NOT NULL DEFAULT 0; diff --git a/pandora_console/godmode/events/event_responses.editor.php b/pandora_console/godmode/events/event_responses.editor.php index f2ad561a39..124338d7ee 100644 --- a/pandora_console/godmode/events/event_responses.editor.php +++ b/pandora_console/godmode/events/event_responses.editor.php @@ -53,6 +53,7 @@ else { $event_response['modal_width'] = 0; $event_response['modal_height'] = 0; $event_response['params'] = ''; + $event_response['server_to_exec'] = ''; } $table = new stdClass(); @@ -117,11 +118,25 @@ $data[3] = html_print_select($types,'type',$event_response['type'],'','','',true $table->data[3] = $data; $data = array(); -$table->colspan[4][1] = 3; $data[0] = ''.__('Command').''.ui_print_help_icon ("response_macros", true); $data[1] = html_print_input_text('target', $event_response['target'], '', 100, 255, true); -$types = array('url' => __('URL'), 'command' => __('Command')); + +$servers_to_exec = array(); +$servers_to_exec[0] = __('Local console'); + +if (enterprise_installed()) { + enterprise_include_once ('include/functions_satellite.php'); + + $rows = get_proxy_servers(); + foreach ($rows as $row) { + $servers_to_exec[$row['id_server']] = $row['name']; + } +} + +$data[2] = ''; +$data[3] = ''; + $table->data[4] = $data; if ($event_response_id == 0) { @@ -158,9 +173,13 @@ $('#type').change(function() { $('#new_window option[value="0"]') .prop('selected', true); $('#new_window').attr('disabled','disabled'); + $('#server_to_exec_label').css('display',''); + $('#server_to_exec_value').css('display',''); break; case 'url': $('#new_window').removeAttr('disabled'); + $('#server_to_exec_label').css('display','none'); + $('#server_to_exec_value').css('display','none'); break; } }); diff --git a/pandora_console/godmode/events/event_responses.php b/pandora_console/godmode/events/event_responses.php index 53d5058a8b..638774ab56 100644 --- a/pandora_console/godmode/events/event_responses.php +++ b/pandora_console/godmode/events/event_responses.php @@ -40,6 +40,17 @@ switch($action) { $values['modal_height'] = get_parameter('modal_height'); $values['new_window'] = get_parameter('new_window'); $values['params'] = get_parameter('params'); + if (enterprise_installed()) { + if ($values['type'] == 'command') { + $values['server_to_exec'] = get_parameter('server_to_exec'); + } + else { + $values['server_to_exec'] = 0; + } + } + else { + $values['server_to_exec'] = 0; + } if($values['new_window'] == 1) { $values['modal_width'] = 0; @@ -67,6 +78,17 @@ switch($action) { $values['modal_height'] = get_parameter('modal_height'); $values['new_window'] = get_parameter('new_window'); $values['params'] = get_parameter('params'); + if (enterprise_installed()) { + if ($values['type'] == 'command') { + $values['server_to_exec'] = get_parameter('server_to_exec'); + } + else { + $values['server_to_exec'] = 0; + } + } + else { + $values['server_to_exec'] = 0; + } if($values['new_window'] == 1) { $values['modal_width'] = 0; diff --git a/pandora_console/pandoradb.sql b/pandora_console/pandoradb.sql index 4734bec7bf..ce3dc212e2 100644 --- a/pandora_console/pandoradb.sql +++ b/pandora_console/pandoradb.sql @@ -1845,6 +1845,7 @@ CREATE TABLE IF NOT EXISTS `tevent_response` ( `modal_height` INTEGER NOT NULL DEFAULT 0, `new_window` TINYINT(4) NOT NULL DEFAULT 0, `params` TEXT NOT NULL, + `server_to_exec` int(10) unsigned NOT NULL DEFAULT 0, PRIMARY KEY (`id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8; From ffed7359bc2933ed418b7b40dc53ceecb8a8630c Mon Sep 17 00:00:00 2001 From: Arturo Gonzalez Date: Thu, 24 Aug 2017 13:25:03 +0200 Subject: [PATCH 05/12] Added execution in server proxy to event response commands --- pandora_console/include/ajax/events.php | 82 ++++++++++++++++--- .../include/javascript/pandora_events.js | 5 +- 2 files changed, 72 insertions(+), 15 deletions(-) diff --git a/pandora_console/include/ajax/events.php b/pandora_console/include/ajax/events.php index e2aa878f1b..452a9c4d43 100644 --- a/pandora_console/include/ajax/events.php +++ b/pandora_console/include/ajax/events.php @@ -122,19 +122,75 @@ if ($perform_event_response) { global $config; $command = get_parameter('target',''); - - switch (PHP_OS) { - case "FreeBSD": - $timeout_bin = '/usr/local/bin/gtimeout'; - break; - case "NetBSD": - $timeout_bin = '/usr/pkg/bin/gtimeout'; - break; - default: - $timeout_bin = '/usr/bin/timeout'; - break; + $response_id = get_parameter ('response_id'); + + $event_response = db_get_row('tevent_response','id',$response_id); + + if (enterprise_installed()) { + if ($event_response['server_to_exec'] != 0) { + enterprise_include_once ('include/functions_satellite.php'); + + $connection = connect_to_proxy_server('192.168.70.165'); + + switch (PHP_OS) { + case "FreeBSD": + $timeout_bin = '/usr/local/bin/gtimeout'; + break; + case "NetBSD": + $timeout_bin = '/usr/pkg/bin/gtimeout'; + break; + default: + $timeout_bin = '/usr/bin/timeout'; + break; + } + + $stream = ssh2_exec($connection, "whoami"); + + stream_set_blocking($stream, true); + $stream_out = ssh2_fetch_stream($stream, SSH2_STREAM_STDIO); + + $exec_val = stream_get_contents($stream_out); + + + + $stream = ssh2_exec($connection, $timeout_bin . ' 9 ' . io_safe_output($command) . ' 2>&1'); + + stream_set_blocking($stream, true); + $stream_out = ssh2_fetch_stream($stream, SSH2_STREAM_STDIO); + + $exec_val = stream_get_contents($stream_out); + + echo $exec_val; + } + else { + switch (PHP_OS) { + case "FreeBSD": + $timeout_bin = '/usr/local/bin/gtimeout'; + break; + case "NetBSD": + $timeout_bin = '/usr/pkg/bin/gtimeout'; + break; + default: + $timeout_bin = '/usr/bin/timeout'; + break; + } + echo system($timeout_bin . ' 9 '.io_safe_output($command).' 2>&1'); + } + } + else { + switch (PHP_OS) { + case "FreeBSD": + $timeout_bin = '/usr/local/bin/gtimeout'; + break; + case "NetBSD": + $timeout_bin = '/usr/pkg/bin/gtimeout'; + break; + default: + $timeout_bin = '/usr/bin/timeout'; + break; + } + echo system($timeout_bin . ' 9 '.io_safe_output($command).' 2>&1'); } - echo system($timeout_bin . ' 9 '.io_safe_output($command).' 2>&1'); return; } @@ -162,7 +218,7 @@ if ($dialogue_event_response) { echo "
"; echo "
"; break; case 'url': diff --git a/pandora_console/include/javascript/pandora_events.js b/pandora_console/include/javascript/pandora_events.js index 80c6affeb5..bd9b6cfcb6 100644 --- a/pandora_console/include/javascript/pandora_events.js +++ b/pandora_console/include/javascript/pandora_events.js @@ -177,7 +177,7 @@ function show_response_dialog(event_id, response_id, response) { draggable: true, modal: false, open: function(event, ui) { - perform_response(response['target']); + perform_response(response['target'], response_id); }, width: response['modal_width'], height: response['modal_height'] @@ -336,7 +336,7 @@ function get_response_target(event_id, response_id, server_id) { } // Perform a response and put the output into a div -function perform_response(target) { +function perform_response(target, response_id) { var ajax_file = $('#hidden-ajax_file').val(); $('#re_exec_command').hide(); @@ -351,6 +351,7 @@ function perform_response(target) { params.push("page=include/ajax/events"); params.push("perform_event_response=1"); params.push("target="+target); + params.push("response_id="+response_id) jQuery.ajax ({ data: params.join ("&"), From 88834d6ea1e8d378928624c3450b9ed34800eb39 Mon Sep 17 00:00:00 2001 From: Arturo Gonzalez Date: Thu, 24 Aug 2017 16:26:58 +0200 Subject: [PATCH 06/12] Added a first version of snmp browser with a proxy server --- pandora_console/include/ajax/events.php | 43 +++------- .../include/functions_snmp_browser.php | 86 ++++++++++++++----- .../javascript/pandora_snmp_browser.js | 2 + .../operation/snmpconsole/snmp_browser.php | 4 +- 4 files changed, 83 insertions(+), 52 deletions(-) diff --git a/pandora_console/include/ajax/events.php b/pandora_console/include/ajax/events.php index 452a9c4d43..14bf0c85a8 100644 --- a/pandora_console/include/ajax/events.php +++ b/pandora_console/include/ajax/events.php @@ -127,40 +127,21 @@ if ($perform_event_response) { $event_response = db_get_row('tevent_response','id',$response_id); if (enterprise_installed()) { - if ($event_response['server_to_exec'] != 0) { - enterprise_include_once ('include/functions_satellite.php'); - - $connection = connect_to_proxy_server('192.168.70.165'); - - switch (PHP_OS) { - case "FreeBSD": - $timeout_bin = '/usr/local/bin/gtimeout'; - break; - case "NetBSD": - $timeout_bin = '/usr/pkg/bin/gtimeout'; - break; - default: - $timeout_bin = '/usr/bin/timeout'; - break; + if ($event_response['server_to_exec'] != 0 && $event_response['type'] == 'command') { + $commandExclusions = array ('vi', 'vim', 'nano'); + + if (in_array(strtolower($command),$commandExclusions)) { + echo "Only stdin/stdout commands are supported"; } - - $stream = ssh2_exec($connection, "whoami"); - - stream_set_blocking($stream, true); - $stream_out = ssh2_fetch_stream($stream, SSH2_STREAM_STDIO); - - $exec_val = stream_get_contents($stream_out); - - - - $stream = ssh2_exec($connection, $timeout_bin . ' 9 ' . io_safe_output($command) . ' 2>&1'); + else { + enterprise_include_once ('include/functions_satellite.php'); - stream_set_blocking($stream, true); - $stream_out = ssh2_fetch_stream($stream, SSH2_STREAM_STDIO); + $connection = connect_to_proxy_server('192.168.70.165'); - $exec_val = stream_get_contents($stream_out); - - echo $exec_val; + $exec_val = proxy_execute_command($connection, io_safe_output($command)); + + echo $exec_val; + } } else { switch (PHP_OS) { diff --git a/pandora_console/include/functions_snmp_browser.php b/pandora_console/include/functions_snmp_browser.php index 7318e871cf..df434c8545 100644 --- a/pandora_console/include/functions_snmp_browser.php +++ b/pandora_console/include/functions_snmp_browser.php @@ -138,7 +138,7 @@ function snmp_browser_print_tree ($tree, $id = 0, $depth = 0, $last = 0, $last_a * * @return array The SNMP tree. */ -function snmp_browser_get_tree ($target_ip, $community, $starting_oid = '.', $version = '2c', $snmp3_auth_user = '', $snmp3_security_level = '', $snmp3_auth_method = '', $snmp3_auth_pass = '', $snmp3_privacy_method = '', $snmp3_privacy_pass = '') { +function snmp_browser_get_tree ($target_ip, $community, $starting_oid = '.', $version = '2c', $snmp3_auth_user = '', $snmp3_security_level = '', $snmp3_auth_method = '', $snmp3_auth_pass = '', $snmp3_privacy_method = '', $snmp3_privacy_pass = '', $server_to_exec = 0) { global $config; if ($target_ip == '') { @@ -174,26 +174,58 @@ function snmp_browser_get_tree ($target_ip, $community, $starting_oid = '.', $ve break; } - $oid_tree = array('__LEAVES__' => array()); - if ($version == "3") { - switch ($snmp3_security_level) { - case "authPriv": - exec ($snmpwalk_bin . ' -m ALL -v 3 -u ' . escapeshellarg($snmp3_auth_user) . ' -A ' . escapeshellarg($snmp3_auth_pass) . ' -l ' . escapeshellarg($snmp3_security_level) . ' -a ' . escapeshellarg($snmp3_auth_method) . ' -x ' . escapeshellarg($snmp3_privacy_method) . ' -X ' . escapeshellarg($snmp3_privacy_pass) . ' ' . escapeshellarg($target_ip) . ' ' . escapeshellarg($starting_oid) . ' 2> ' . $error_redir_dir, $output, $rc); - break; - case "authNoPriv": - exec ($snmpwalk_bin . ' -m ALL -v 3 -u ' . escapeshellarg($snmp3_auth_user) . ' -A ' . escapeshellarg($snmp3_auth_pass) . ' -l ' . escapeshellarg($snmp3_security_level) . ' -a ' . escapeshellarg($snmp3_auth_method) . ' ' . escapeshellarg($target_ip) . ' ' . escapeshellarg($starting_oid) . ' 2> ' . $error_redir_dir, $output, $rc); - break; - case "noAuthNoPriv": - exec ($snmpwalk_bin . ' -m ALL -v 3 -u ' . escapeshellarg($snmp3_auth_user) . ' -l ' . escapeshellarg($snmp3_security_level) . ' ' . escapeshellarg($target_ip) . ' ' . escapeshellarg($starting_oid) . ' 2> ' . $error_redir_dir, $output, $rc); - break; + if ($server_to_exec != 0) { + $sql = sprintf("SELECT exec_proxy: FROM tserver WHERE id_server = %d", $server_to_exec); + $server = db_get_row_sql($sql); + + if ($server) { + if (enterprise_installed()) { + enterprise_include_once ('include/functions_satellite.php'); + + $oid_tree = array('__LEAVES__' => array()); + if ($version == "3") { + switch ($snmp3_security_level) { + case "authPriv": + $command = $snmpwalk_bin . ' -m ALL -v 3 -u ' . escapeshellarg($snmp3_auth_user) . ' -A ' . escapeshellarg($snmp3_auth_pass) . ' -l ' . escapeshellarg($snmp3_security_level) . ' -a ' . escapeshellarg($snmp3_auth_method) . ' -x ' . escapeshellarg($snmp3_privacy_method) . ' -X ' . escapeshellarg($snmp3_privacy_pass) . ' ' . escapeshellarg($target_ip) . ' ' . escapeshellarg($starting_oid) . ' 2> ' . $error_redir_dir; + break; + case "authNoPriv": + $command = $snmpwalk_bin . ' -m ALL -v 3 -u ' . escapeshellarg($snmp3_auth_user) . ' -A ' . escapeshellarg($snmp3_auth_pass) . ' -l ' . escapeshellarg($snmp3_security_level) . ' -a ' . escapeshellarg($snmp3_auth_method) . ' ' . escapeshellarg($target_ip) . ' ' . escapeshellarg($starting_oid) . ' 2> ' . $error_redir_dir; + break; + case "noAuthNoPriv": + $command = $snmpwalk_bin . ' -m ALL -v 3 -u ' . escapeshellarg($snmp3_auth_user) . ' -l ' . escapeshellarg($snmp3_security_level) . ' ' . escapeshellarg($target_ip) . ' ' . escapeshellarg($starting_oid) . ' 2> ' . $error_redir_dir; + break; + } + } + else { + $command = $snmpwalk_bin . ' -m ALL -M +' . escapeshellarg($config['homedir'] . '/attachment/mibs') . ' -Cc -c ' . escapeshellarg($community) . ' -v ' . escapeshellarg($version) . ' ' . escapeshellarg($target_ip) . ' ' . escapeshellarg($starting_oid) . ' 2> ' . $error_redir_dir; + } + + $connection = connect_to_proxy_server('192.168.70.165'); + + $output = proxy_execute_command($connection, io_safe_output($command)); + } + } + else { + $oid_tree = array('__LEAVES__' => array()); + if ($version == "3") { + switch ($snmp3_security_level) { + case "authPriv": + exec ($snmpwalk_bin . ' -m ALL -v 3 -u ' . escapeshellarg($snmp3_auth_user) . ' -A ' . escapeshellarg($snmp3_auth_pass) . ' -l ' . escapeshellarg($snmp3_security_level) . ' -a ' . escapeshellarg($snmp3_auth_method) . ' -x ' . escapeshellarg($snmp3_privacy_method) . ' -X ' . escapeshellarg($snmp3_privacy_pass) . ' ' . escapeshellarg($target_ip) . ' ' . escapeshellarg($starting_oid) . ' 2> ' . $error_redir_dir, $output, $rc); + break; + case "authNoPriv": + exec ($snmpwalk_bin . ' -m ALL -v 3 -u ' . escapeshellarg($snmp3_auth_user) . ' -A ' . escapeshellarg($snmp3_auth_pass) . ' -l ' . escapeshellarg($snmp3_security_level) . ' -a ' . escapeshellarg($snmp3_auth_method) . ' ' . escapeshellarg($target_ip) . ' ' . escapeshellarg($starting_oid) . ' 2> ' . $error_redir_dir, $output, $rc); + break; + case "noAuthNoPriv": + exec ($snmpwalk_bin . ' -m ALL -v 3 -u ' . escapeshellarg($snmp3_auth_user) . ' -l ' . escapeshellarg($snmp3_security_level) . ' ' . escapeshellarg($target_ip) . ' ' . escapeshellarg($starting_oid) . ' 2> ' . $error_redir_dir, $output, $rc); + break; + } + } + else { + exec ($snmpwalk_bin . ' -m ALL -M +' . escapeshellarg($config['homedir'] . '/attachment/mibs') . ' -Cc -c ' . escapeshellarg($community) . ' -v ' . escapeshellarg($version) . ' ' . escapeshellarg($target_ip) . ' ' . escapeshellarg($starting_oid) . ' 2> ' . $error_redir_dir, $output, $rc); + } } } - else { - exec ($snmpwalk_bin . ' -m ALL -M +' . escapeshellarg($config['homedir'] . '/attachment/mibs') . ' -Cc -c ' . escapeshellarg($community) . ' -v ' . escapeshellarg($version) . ' ' . escapeshellarg($target_ip) . ' ' . escapeshellarg($starting_oid) . ' 2> ' . $error_redir_dir, $output, $rc); - } - //if ($rc != 0) { - // return __('No data'); - //} + foreach ($output as $line) { // Separate the OID from the value @@ -518,7 +550,21 @@ function snmp_browser_print_container ($return = false, $width = '100%', $height '3' => 'v. 3'), 'snmp_browser_version', '', 'checkSNMPVersion();', '', '', true, false, false, ''); - $table->data[0][4] = html_print_button(__('Browse'), 'browse', false, 'snmpBrowse()', 'class="sub search" style="margin-top:0px;"', true); + $servers_to_exec = array(); + $servers_to_exec[0] = __('Local console'); + + if (enterprise_installed()) { + enterprise_include_once ('include/functions_satellite.php'); + + $rows = get_proxy_servers(); + foreach ($rows as $row) { + $servers_to_exec[$row['id_server']] = $row['name']; + } + } + $table->data[0][4] = '' . __('Server to execute') . '   '; + $table->data[0][4] .= html_print_select($servers_to_exec, 'server_to_exec', '', '', '', '', true); + + $table->data[0][5] = html_print_button(__('Browse'), 'browse', false, 'snmpBrowse()', 'class="sub search" style="margin-top:0px;"', true); // SNMP v3 options $table3 = new stdClass(); diff --git a/pandora_console/include/javascript/pandora_snmp_browser.js b/pandora_console/include/javascript/pandora_snmp_browser.js index 3b9067729c..12f2f62296 100644 --- a/pandora_console/include/javascript/pandora_snmp_browser.js +++ b/pandora_console/include/javascript/pandora_snmp_browser.js @@ -19,6 +19,7 @@ function snmpBrowse () { var community = $('#text-community').val(); var starting_oid = $('#text-starting_oid').val(); var snmp_version = $('#snmp_browser_version').val(); + var server_to_exec = $('#server_to_exec').val(); var snmp3_auth_user = $('#text-snmp3_browser_auth_user').val(); var snmp3_security_level = $('#snmp3_browser_security_level').val(); var snmp3_auth_method = $('#snmp3_browser_auth_method').val(); @@ -33,6 +34,7 @@ function snmpBrowse () { "community=" + community, "starting_oid=" + starting_oid, "snmp_browser_version=" + snmp_version, + "server_to_exec=" + server_to_exec, "snmp3_browser_auth_user=" + snmp3_auth_user, "snmp3_browser_security_level=" + snmp3_security_level, "snmp3_browser_auth_method=" + snmp3_auth_method, diff --git a/pandora_console/operation/snmpconsole/snmp_browser.php b/pandora_console/operation/snmpconsole/snmp_browser.php index 191c0caab9..0a8204208e 100644 --- a/pandora_console/operation/snmpconsole/snmp_browser.php +++ b/pandora_console/operation/snmpconsole/snmp_browser.php @@ -27,6 +27,7 @@ if (is_ajax()) { $target_ip = (string) get_parameter ("target_ip", ''); $community = (string) get_parameter ("community", ''); $snmp_version = (string) get_parameter ("snmp_browser_version", ''); + $server_to_exec = (int) get_parameter ("server_to_exec", 0); $snmp3_auth_user = get_parameter('snmp3_browser_auth_user'); $snmp3_security_level = get_parameter('snmp3_browser_security_level'); $snmp3_auth_method = get_parameter('snmp3_browser_auth_method'); @@ -41,7 +42,8 @@ if (is_ajax()) { $snmp_tree = snmp_browser_get_tree( $target_ip, $community, $starting_oid, $snmp_version, $snmp3_auth_user, $snmp3_security_level, $snmp3_auth_method, - $snmp3_auth_pass, $snmp3_privacy_method, $snmp3_privacy_pass); + $snmp3_auth_pass, $snmp3_privacy_method, $snmp3_privacy_pass, + $server_to_exec); if (! is_array ($snmp_tree)) { echo $snmp_tree; } From 6b4dfe9885904fadd7ef03870420035735057600 Mon Sep 17 00:00:00 2001 From: Arturo Gonzalez Date: Mon, 28 Aug 2017 10:02:46 +0200 Subject: [PATCH 07/12] Added remote server to snmp browser --- pandora_console/include/ajax/events.php | 22 ++++-- .../include/functions_snmp_browser.php | 68 +++++++++++-------- 2 files changed, 59 insertions(+), 31 deletions(-) diff --git a/pandora_console/include/ajax/events.php b/pandora_console/include/ajax/events.php index 14bf0c85a8..20cd0c4a80 100644 --- a/pandora_console/include/ajax/events.php +++ b/pandora_console/include/ajax/events.php @@ -130,15 +130,29 @@ if ($perform_event_response) { if ($event_response['server_to_exec'] != 0 && $event_response['type'] == 'command') { $commandExclusions = array ('vi', 'vim', 'nano'); + $server_data = db_get_row('tserver','id_server', $event_response['server_to_exec']); + if (in_array(strtolower($command),$commandExclusions)) { echo "Only stdin/stdout commands are supported"; } else { - enterprise_include_once ('include/functions_satellite.php'); - - $connection = connect_to_proxy_server('192.168.70.165'); + $return_val = array(); + $return_val['correct'] = false; - $exec_val = proxy_execute_command($connection, io_safe_output($command)); + $exec_val = system("ssh root@" . $server_data['ip_address'] . " '" . $command . " 2>&1'", $ret_val); + + if ($ret_val != 0) { + $return_val['message'] = "Conection error"; + } + else { + if ($exec_val == "root") { + $return_val['correct'] = true; + } + else { + $return_val['message'] = "User must be pandora_exec_proxy"; + } + } + ob_clean(); echo $exec_val; } diff --git a/pandora_console/include/functions_snmp_browser.php b/pandora_console/include/functions_snmp_browser.php index df434c8545..9da6d75881 100644 --- a/pandora_console/include/functions_snmp_browser.php +++ b/pandora_console/include/functions_snmp_browser.php @@ -173,37 +173,32 @@ function snmp_browser_get_tree ($target_ip, $community, $starting_oid = '.', $ve $error_redir_dir = '/dev/null'; break; } - + if ($server_to_exec != 0) { - $sql = sprintf("SELECT exec_proxy: FROM tserver WHERE id_server = %d", $server_to_exec); - $server = db_get_row_sql($sql); + $sql = sprintf("SELECT ip_address FROM tserver WHERE id_server = %d", $server_to_exec); + $server_data = db_get_row_sql($sql); - if ($server) { - if (enterprise_installed()) { - enterprise_include_once ('include/functions_satellite.php'); + if (enterprise_installed()) { + enterprise_include_once ('include/functions_satellite.php'); - $oid_tree = array('__LEAVES__' => array()); - if ($version == "3") { - switch ($snmp3_security_level) { - case "authPriv": - $command = $snmpwalk_bin . ' -m ALL -v 3 -u ' . escapeshellarg($snmp3_auth_user) . ' -A ' . escapeshellarg($snmp3_auth_pass) . ' -l ' . escapeshellarg($snmp3_security_level) . ' -a ' . escapeshellarg($snmp3_auth_method) . ' -x ' . escapeshellarg($snmp3_privacy_method) . ' -X ' . escapeshellarg($snmp3_privacy_pass) . ' ' . escapeshellarg($target_ip) . ' ' . escapeshellarg($starting_oid) . ' 2> ' . $error_redir_dir; - break; - case "authNoPriv": - $command = $snmpwalk_bin . ' -m ALL -v 3 -u ' . escapeshellarg($snmp3_auth_user) . ' -A ' . escapeshellarg($snmp3_auth_pass) . ' -l ' . escapeshellarg($snmp3_security_level) . ' -a ' . escapeshellarg($snmp3_auth_method) . ' ' . escapeshellarg($target_ip) . ' ' . escapeshellarg($starting_oid) . ' 2> ' . $error_redir_dir; - break; - case "noAuthNoPriv": - $command = $snmpwalk_bin . ' -m ALL -v 3 -u ' . escapeshellarg($snmp3_auth_user) . ' -l ' . escapeshellarg($snmp3_security_level) . ' ' . escapeshellarg($target_ip) . ' ' . escapeshellarg($starting_oid) . ' 2> ' . $error_redir_dir; - break; - } + $oid_tree = array('__LEAVES__' => array()); + if ($version == "3") { + switch ($snmp3_security_level) { + case "authPriv": + $command = $snmpwalk_bin . " -m ALL -v 3 -u " . escapeshellarg($snmp3_auth_user) . " -A " . escapeshellarg($snmp3_auth_pass) . " -l " . escapeshellarg($snmp3_security_level) . " -a " . escapeshellarg($snmp3_auth_method) . " -x " . escapeshellarg($snmp3_privacy_method) . " -X " . escapeshellarg($snmp3_privacy_pass) . " " . escapeshellarg($target_ip) . " " . escapeshellarg($starting_oid) . " 2> " . $error_redir_dir; + break; + case "authNoPriv": + $command = $snmpwalk_bin . " -m ALL -v 3 -u " . escapeshellarg($snmp3_auth_user) . " -A " . escapeshellarg($snmp3_auth_pass) . " -l " . escapeshellarg($snmp3_security_level) . " -a " . escapeshellarg($snmp3_auth_method) . " " . escapeshellarg($target_ip) . " " . escapeshellarg($starting_oid) . " 2> " . $error_redir_dir; + break; + case "noAuthNoPriv": + $command = $snmpwalk_bin . " -m ALL -v 3 -u " . escapeshellarg($snmp3_auth_user) . " -l " . escapeshellarg($snmp3_security_level) . " " . escapeshellarg($target_ip) . ' ' . escapeshellarg($starting_oid) . " 2> " . $error_redir_dir; + break; } - else { - $command = $snmpwalk_bin . ' -m ALL -M +' . escapeshellarg($config['homedir'] . '/attachment/mibs') . ' -Cc -c ' . escapeshellarg($community) . ' -v ' . escapeshellarg($version) . ' ' . escapeshellarg($target_ip) . ' ' . escapeshellarg($starting_oid) . ' 2> ' . $error_redir_dir; - } - - $connection = connect_to_proxy_server('192.168.70.165'); - - $output = proxy_execute_command($connection, io_safe_output($command)); } + else { + $command = $snmpwalk_bin . " -m ALL -M +" . escapeshellarg($config['homedir'] . "/attachment/mibs") . " -Cc -c " . escapeshellarg($community) . " -v " . escapeshellarg($version) . " " . escapeshellarg($target_ip) . " " . escapeshellarg($starting_oid) . " 2> " . $error_redir_dir; + } + exec("ssh root@" . $server_data['ip_address'] . " \"" . $command . "\"", $output, $rc); } else { $oid_tree = array('__LEAVES__' => array()); @@ -225,7 +220,26 @@ function snmp_browser_get_tree ($target_ip, $community, $starting_oid = '.', $ve } } } - + else { + $oid_tree = array('__LEAVES__' => array()); + if ($version == "3") { + switch ($snmp3_security_level) { + case "authPriv": + exec ($snmpwalk_bin . ' -m ALL -v 3 -u ' . escapeshellarg($snmp3_auth_user) . ' -A ' . escapeshellarg($snmp3_auth_pass) . ' -l ' . escapeshellarg($snmp3_security_level) . ' -a ' . escapeshellarg($snmp3_auth_method) . ' -x ' . escapeshellarg($snmp3_privacy_method) . ' -X ' . escapeshellarg($snmp3_privacy_pass) . ' ' . escapeshellarg($target_ip) . ' ' . escapeshellarg($starting_oid) . ' 2> ' . $error_redir_dir, $output, $rc); + break; + case "authNoPriv": + exec ($snmpwalk_bin . ' -m ALL -v 3 -u ' . escapeshellarg($snmp3_auth_user) . ' -A ' . escapeshellarg($snmp3_auth_pass) . ' -l ' . escapeshellarg($snmp3_security_level) . ' -a ' . escapeshellarg($snmp3_auth_method) . ' ' . escapeshellarg($target_ip) . ' ' . escapeshellarg($starting_oid) . ' 2> ' . $error_redir_dir, $output, $rc); + break; + case "noAuthNoPriv": + exec ($snmpwalk_bin . ' -m ALL -v 3 -u ' . escapeshellarg($snmp3_auth_user) . ' -l ' . escapeshellarg($snmp3_security_level) . ' ' . escapeshellarg($target_ip) . ' ' . escapeshellarg($starting_oid) . ' 2> ' . $error_redir_dir, $output, $rc); + break; + } + } + else { + exec ($snmpwalk_bin . ' -m ALL -M +' . escapeshellarg($config['homedir'] . '/attachment/mibs') . ' -Cc -c ' . escapeshellarg($community) . ' -v ' . escapeshellarg($version) . ' ' . escapeshellarg($target_ip) . ' ' . escapeshellarg($starting_oid) . ' 2> ' . $error_redir_dir, $output, $rc); + } + } +html_debug($output, true); foreach ($output as $line) { // Separate the OID from the value From bab1f14a31f9f762993e176f65e591c2491591f7 Mon Sep 17 00:00:00 2001 From: Arturo Gonzalez Date: Mon, 28 Aug 2017 12:44:51 +0200 Subject: [PATCH 08/12] Added remote command execute to agent wizard --- .../agentes/agent_wizard.snmp_explorer.php | 26 +++++++-- .../agent_wizard.snmp_interfaces_explorer.php | 23 ++++++-- .../agentes/agent_wizard.wmi_explorer.php | 53 +++++++++++++++++-- pandora_console/include/ajax/events.php | 2 +- pandora_console/include/functions.php | 15 +++++- 5 files changed, 106 insertions(+), 13 deletions(-) diff --git a/pandora_console/godmode/agentes/agent_wizard.snmp_explorer.php b/pandora_console/godmode/agentes/agent_wizard.snmp_explorer.php index 0c129642ff..14c026e2d2 100644 --- a/pandora_console/godmode/agentes/agent_wizard.snmp_explorer.php +++ b/pandora_console/godmode/agentes/agent_wizard.snmp_explorer.php @@ -34,6 +34,7 @@ $ip_target = (string) get_parameter ('ip_target', $ipAgent); $use_agent = get_parameter ('use_agent'); $snmp_community = (string) get_parameter ('snmp_community', 'public'); $snmp_version = get_parameter('snmp_version', '1'); +$server_to_exec = get_parameter('server_to_exec', 0); $snmp3_auth_user = get_parameter('snmp3_auth_user'); $snmp3_security_level = get_parameter('snmp3_security_level'); $snmp3_auth_method = get_parameter('snmp3_auth_method'); @@ -87,7 +88,8 @@ if ($snmpwalk) { // OID Used is for DISKS $snmpis = get_snmpwalk($ip_target, $snmp_version, $snmp_community, $snmp3_auth_user, $snmp3_security_level, $snmp3_auth_method, $snmp3_auth_pass, - $snmp3_privacy_method, $snmp3_privacy_pass, 0, ".1.3.6.1.2.1.25.2.3.1.3", $tcp_port); + $snmp3_privacy_method, $snmp3_privacy_pass, 0, ".1.3.6.1.2.1.25.2.3.1.3", $tcp_port, + $server_to_exec); if (empty($snmpis)) { $fail = true; @@ -120,7 +122,8 @@ if ($snmpwalk) { // OID Used is for PROCESSES $snmpis = get_snmpwalk($ip_target, $snmp_version, $snmp_community, $snmp3_auth_user, $snmp3_security_level, $snmp3_auth_method, $snmp3_auth_pass, - $snmp3_privacy_method, $snmp3_privacy_pass, 0, ".1.3.6.1.2.1.25.4.2.1.2", $tcp_port); + $snmp3_privacy_method, $snmp3_privacy_pass, 0, ".1.3.6.1.2.1.25.4.2.1.2", $tcp_port, + $server_to_exec); if ($snmpis === false) { $snmpis = array(); @@ -158,7 +161,8 @@ if ($snmpwalk) { // OID Used is for SENSOR TEMPERATURES $snmpis = get_snmpwalk($ip_target, $snmp_version, $snmp_community, $snmp3_auth_user, $snmp3_security_level, $snmp3_auth_method, $snmp3_auth_pass, - $snmp3_privacy_method, $snmp3_privacy_pass, 0, ".1.3.6.1.4.1.2021.13.16.2.1", $tcp_port); + $snmp3_privacy_method, $snmp3_privacy_pass, 0, ".1.3.6.1.4.1.2021.13.16.2.1", $tcp_port, + $server_to_exec); if ($snmpis === false) { $snmpis = array(); @@ -196,7 +200,8 @@ if ($snmpwalk) { // OID Used is for DEVICES $snmpis = get_snmpwalk($ip_target, $snmp_version, $snmp_community, $snmp3_auth_user, $snmp3_security_level, $snmp3_auth_method, $snmp3_auth_pass, - $snmp3_privacy_method, $snmp3_privacy_pass, 0, ".1.3.6.1.4.1.2021.13.15.1.1", $tcp_port); + $snmp3_privacy_method, $snmp3_privacy_pass, 0, ".1.3.6.1.4.1.2021.13.15.1.1", $tcp_port, + $server_to_exec); if ($snmpis === false) { $snmpis = array(); @@ -706,6 +711,19 @@ $table->data[0][3] = html_print_input_text ('tcp_port', $tcp_port, '', 5, 20, tr $table->data[1][0] = '' . __('Use agent ip') . ''; $table->data[1][1] = html_print_checkbox ('use_agent', 1, $use_agent, true); +$servers_to_exec = array(); +$servers_to_exec[0] = __('Local console'); +if (enterprise_installed()) { + enterprise_include_once ('include/functions_satellite.php'); + + $rows = get_proxy_servers(); + foreach ($rows as $row) { + $servers_to_exec[$row['id_server']] = $row['name']; + } +} +$table->data[1][2] = '' . __('Server to execute command') . ''; +$table->data[1][3] = html_print_select ($servers_to_exec, 'server_to_exec', $server_to_exec, '', '', '', true); + $snmp_versions['1'] = 'v. 1'; $snmp_versions['2'] = 'v. 2'; $snmp_versions['2c'] = 'v. 2c'; diff --git a/pandora_console/godmode/agentes/agent_wizard.snmp_interfaces_explorer.php b/pandora_console/godmode/agentes/agent_wizard.snmp_interfaces_explorer.php index 23e10227eb..80c5a3a84f 100644 --- a/pandora_console/godmode/agentes/agent_wizard.snmp_interfaces_explorer.php +++ b/pandora_console/godmode/agentes/agent_wizard.snmp_interfaces_explorer.php @@ -30,6 +30,7 @@ check_login (); $ip_target = (string) get_parameter ('ip_target', $ipAgent); $use_agent = get_parameter ('use_agent'); $snmp_community = (string) get_parameter ('snmp_community', 'public'); +$server_to_exec = get_parameter('server_to_exec', 0); $snmp_version = get_parameter('snmp_version', '1'); $snmp3_auth_user = get_parameter('snmp3_auth_user'); $snmp3_security_level = get_parameter('snmp3_security_level'); @@ -53,16 +54,19 @@ if ($snmpwalk) { // OID Used is for SNMP MIB-2 Interfaces $snmpis = get_snmpwalk($ip_target, $snmp_version, $snmp_community, $snmp3_auth_user, $snmp3_security_level, $snmp3_auth_method, $snmp3_auth_pass, - $snmp3_privacy_method, $snmp3_privacy_pass, 0, ".1.3.6.1.2.1.2", $tcp_port); + $snmp3_privacy_method, $snmp3_privacy_pass, 0, ".1.3.6.1.2.1.2", $tcp_port, + $server_to_exec); // ifXTable is also used $ifxitems = get_snmpwalk($ip_target, $snmp_version, $snmp_community, $snmp3_auth_user, $snmp3_security_level, $snmp3_auth_method, $snmp3_auth_pass, - $snmp3_privacy_method, $snmp3_privacy_pass, 0, ".1.3.6.1.2.1.31.1.1", $tcp_port); + $snmp3_privacy_method, $snmp3_privacy_pass, 0, ".1.3.6.1.2.1.31.1.1", $tcp_port, + $server_to_exec); // Get the interfaces IPV4/IPV6 $snmp_int_ip = get_snmpwalk($ip_target, $snmp_version, $snmp_community, $snmp3_auth_user, $snmp3_security_level, $snmp3_auth_method, $snmp3_auth_pass, - $snmp3_privacy_method, $snmp3_privacy_pass, 0, ".1.3.6.1.2.1.4.34.1.3", $tcp_port); + $snmp3_privacy_method, $snmp3_privacy_pass, 0, ".1.3.6.1.2.1.4.34.1.3", $tcp_port, + $server_to_exec); // Build a [] => [] array if (!empty($snmp_int_ip)) { @@ -345,6 +349,19 @@ $table->data[0][3] = html_print_input_text ('tcp_port', $tcp_port, '', 5, 20, tr $table->data[1][0] = '' . __('Use agent ip') . ''; $table->data[1][1] = html_print_checkbox ('use_agent', 1, $use_agent, true); +$servers_to_exec = array(); +$servers_to_exec[0] = __('Local console'); +if (enterprise_installed()) { + enterprise_include_once ('include/functions_satellite.php'); + + $rows = get_proxy_servers(); + foreach ($rows as $row) { + $servers_to_exec[$row['id_server']] = $row['name']; + } +} +$table->data[1][2] = '' . __('Server to execute command') . ''; +$table->data[1][3] = html_print_select ($servers_to_exec, 'server_to_exec', $server_to_exec, '', '', '', true); + $snmp_versions['1'] = 'v. 1'; $snmp_versions['2'] = 'v. 2'; $snmp_versions['2c'] = 'v. 2c'; diff --git a/pandora_console/godmode/agentes/agent_wizard.wmi_explorer.php b/pandora_console/godmode/agentes/agent_wizard.wmi_explorer.php index 5a5ee589ef..99fb1e5c54 100644 --- a/pandora_console/godmode/agentes/agent_wizard.wmi_explorer.php +++ b/pandora_console/godmode/agentes/agent_wizard.wmi_explorer.php @@ -29,6 +29,7 @@ $ip_target = (string) get_parameter ('ip_target', $ipAgent); // Host $plugin_user = (string) get_parameter ('plugin_user', 'Administrator'); // Username $plugin_pass = io_safe_output(get_parameter('plugin_pass', '')); // Password $tcp_send = (string) get_parameter ('tcp_send'); // Namespace +$server_to_exec = get_parameter('server_to_exec', true); //See if id_agente is set (either POST or GET, otherwise -1 $id_agent = $idAgent; @@ -53,7 +54,18 @@ if ($wmiexplore) { $wmi_processes = $wmi_command . ' "select Name from Win32_Process"'; $processes_name_field = 1; - exec($wmi_processes, $output); + if (enterprise_installed()) { + if ($server_to_exec != 0) { + $server_data = db_get_row('tserver','id_server', $server_to_exec); + exec("ssh root@" . $server_data['ip_address'] . " '" . $wmi_processes . "'", $output, $rc); + } + else { + exec($wmi_processes, $output); + } + } + else { + exec($wmi_processes, $output); + } $fail = false; if (preg_match('/^Failed/', $output[0])) { @@ -79,7 +91,18 @@ if ($wmiexplore) { $services_name_field = 0; $services_check_field = 1; - exec($wmi_services, $output); + if (enterprise_installed()) { + if ($server_to_exec != 0) { + $server_data = db_get_row('tserver','id_server', $server_to_exec); + exec("ssh root@" . $server_data['ip_address'] . " '" . $wmi_services . "'", $output, $rc); + } + else { + exec($wmi_services, $output); + } + } + else { + exec($wmi_services, $output); + } foreach ($output as $index => $row) { // First and second rows are Class and column names, ignore it @@ -98,7 +121,18 @@ if ($wmiexplore) { $wmi_disks = $wmi_command . ' "Select DeviceID from Win32_LogicalDisk"'; $disks_name_field = 0; - exec($wmi_disks, $output); + if (enterprise_installed()) { + if ($server_to_exec != 0) { + $server_data = db_get_row('tserver','id_server', $server_to_exec); + exec("ssh root@" . $server_data['ip_address'] . " '" . $wmi_disks . "'", $output, $rc); + } + else { + exec($wmi_disks, $output); + } + } + else { + exec($wmi_disks, $output); + } foreach ($output as $index => $row) { // First and second rows are Class and column names, ignore it @@ -267,6 +301,19 @@ $table->data[1][3] = html_print_input_password ('plugin_pass', $plugin_pass, '', $table->data[1][3] .= ''; html_print_input_hidden('wmiexplore', 1); +$servers_to_exec = array(); +$servers_to_exec[0] = __('Local console'); +if (enterprise_installed()) { + enterprise_include_once ('include/functions_satellite.php'); + + $rows = get_proxy_servers(); + foreach ($rows as $row) { + $servers_to_exec[$row['id_server']] = $row['name']; + } +} +$table->data[2][0] = '' . __('Server to execute command') . ''; +$table->data[2][1] = html_print_select ($servers_to_exec, 'server_to_exec', $server_to_exec, '', '', '', true); + html_print_table($table); echo "
"; diff --git a/pandora_console/include/ajax/events.php b/pandora_console/include/ajax/events.php index 20cd0c4a80..d29289ecb3 100644 --- a/pandora_console/include/ajax/events.php +++ b/pandora_console/include/ajax/events.php @@ -139,7 +139,7 @@ if ($perform_event_response) { $return_val = array(); $return_val['correct'] = false; - $exec_val = system("ssh root@" . $server_data['ip_address'] . " '" . $command . " 2>&1'", $ret_val); + $exec_val = system("ssh root@" . $server_data['ip_address'] . " \"" . $command . " 2>&1\"", $ret_val); if ($ret_val != 0) { $return_val['message'] = "Conection error"; diff --git a/pandora_console/include/functions.php b/pandora_console/include/functions.php index 06081117f4..3472b0f567 100644 --- a/pandora_console/include/functions.php +++ b/pandora_console/include/functions.php @@ -1506,7 +1506,7 @@ function get_snmpwalk($ip_target, $snmp_version, $snmp_community = '', $snmp3_auth_user = '', $snmp3_security_level = '', $snmp3_auth_method = '', $snmp3_auth_pass = '', $snmp3_privacy_method = '', $snmp3_privacy_pass = '', - $quick_print = 0, $base_oid = "", $snmp_port = '') { + $quick_print = 0, $base_oid = "", $snmp_port = '', $server_to_exec = 0) { global $config; @@ -1598,7 +1598,18 @@ function get_snmpwalk($ip_target, $snmp_version, $snmp_community = '', break; } - exec($command_str, $output, $rc); + if (enterprise_installed()) { + if ($server_to_exec != 0) { + $server_data = db_get_row('tserver','id_server', $server_to_exec); + exec("ssh root@" . $server_data['ip_address'] . " \"" . $command_str . "\"", $output, $rc); + } + else { + exec($command_str, $output, $rc); + } + } + else { + exec($command_str, $output, $rc); + } // Parse the output of snmpwalk $snmpwalk = array(); From 0e7b00f26e555007bedce6f8073fc53046ccfd34 Mon Sep 17 00:00:00 2001 From: Arturo Gonzalez Date: Mon, 28 Aug 2017 16:38:30 +0200 Subject: [PATCH 09/12] Added correct user and fixed db error --- .../godmode/agentes/agent_wizard.wmi_explorer.php | 6 +++--- pandora_console/include/ajax/events.php | 2 +- pandora_console/include/functions.php | 2 +- pandora_console/include/functions_snmp_browser.php | 2 +- pandora_console/pandoradb_data.sql | 2 +- 5 files changed, 7 insertions(+), 7 deletions(-) diff --git a/pandora_console/godmode/agentes/agent_wizard.wmi_explorer.php b/pandora_console/godmode/agentes/agent_wizard.wmi_explorer.php index 99fb1e5c54..abdcbbecaa 100644 --- a/pandora_console/godmode/agentes/agent_wizard.wmi_explorer.php +++ b/pandora_console/godmode/agentes/agent_wizard.wmi_explorer.php @@ -57,7 +57,7 @@ if ($wmiexplore) { if (enterprise_installed()) { if ($server_to_exec != 0) { $server_data = db_get_row('tserver','id_server', $server_to_exec); - exec("ssh root@" . $server_data['ip_address'] . " '" . $wmi_processes . "'", $output, $rc); + exec("ssh pandora_exec_proxy@" . $server_data['ip_address'] . " '" . $wmi_processes . "'", $output, $rc); } else { exec($wmi_processes, $output); @@ -94,7 +94,7 @@ if ($wmiexplore) { if (enterprise_installed()) { if ($server_to_exec != 0) { $server_data = db_get_row('tserver','id_server', $server_to_exec); - exec("ssh root@" . $server_data['ip_address'] . " '" . $wmi_services . "'", $output, $rc); + exec("ssh pandora_exec_proxy@" . $server_data['ip_address'] . " '" . $wmi_services . "'", $output, $rc); } else { exec($wmi_services, $output); @@ -124,7 +124,7 @@ if ($wmiexplore) { if (enterprise_installed()) { if ($server_to_exec != 0) { $server_data = db_get_row('tserver','id_server', $server_to_exec); - exec("ssh root@" . $server_data['ip_address'] . " '" . $wmi_disks . "'", $output, $rc); + exec("ssh pandora_exec_proxy@" . $server_data['ip_address'] . " '" . $wmi_disks . "'", $output, $rc); } else { exec($wmi_disks, $output); diff --git a/pandora_console/include/ajax/events.php b/pandora_console/include/ajax/events.php index d29289ecb3..4f28012b2b 100644 --- a/pandora_console/include/ajax/events.php +++ b/pandora_console/include/ajax/events.php @@ -139,7 +139,7 @@ if ($perform_event_response) { $return_val = array(); $return_val['correct'] = false; - $exec_val = system("ssh root@" . $server_data['ip_address'] . " \"" . $command . " 2>&1\"", $ret_val); + $exec_val = system("ssh pandora_exec_proxy@" . $server_data['ip_address'] . " \"" . $command . " 2>&1\"", $ret_val); if ($ret_val != 0) { $return_val['message'] = "Conection error"; diff --git a/pandora_console/include/functions.php b/pandora_console/include/functions.php index 3472b0f567..057d6b4561 100644 --- a/pandora_console/include/functions.php +++ b/pandora_console/include/functions.php @@ -1601,7 +1601,7 @@ function get_snmpwalk($ip_target, $snmp_version, $snmp_community = '', if (enterprise_installed()) { if ($server_to_exec != 0) { $server_data = db_get_row('tserver','id_server', $server_to_exec); - exec("ssh root@" . $server_data['ip_address'] . " \"" . $command_str . "\"", $output, $rc); + exec("ssh pandora_exec_proxy@" . $server_data['ip_address'] . " \"" . $command_str . "\"", $output, $rc); } else { exec($command_str, $output, $rc); diff --git a/pandora_console/include/functions_snmp_browser.php b/pandora_console/include/functions_snmp_browser.php index 9da6d75881..417cd135fa 100644 --- a/pandora_console/include/functions_snmp_browser.php +++ b/pandora_console/include/functions_snmp_browser.php @@ -198,7 +198,7 @@ function snmp_browser_get_tree ($target_ip, $community, $starting_oid = '.', $ve else { $command = $snmpwalk_bin . " -m ALL -M +" . escapeshellarg($config['homedir'] . "/attachment/mibs") . " -Cc -c " . escapeshellarg($community) . " -v " . escapeshellarg($version) . " " . escapeshellarg($target_ip) . " " . escapeshellarg($starting_oid) . " 2> " . $error_redir_dir; } - exec("ssh root@" . $server_data['ip_address'] . " \"" . $command . "\"", $output, $rc); + exec("ssh pandora_exec_proxy@" . $server_data['ip_address'] . " \"" . $command . "\"", $output, $rc); } else { $oid_tree = array('__LEAVES__' => array()); diff --git a/pandora_console/pandoradb_data.sql b/pandora_console/pandoradb_data.sql index 7e0f84dee6..8047512f4d 100644 --- a/pandora_console/pandoradb_data.sql +++ b/pandora_console/pandoradb_data.sql @@ -1148,7 +1148,7 @@ INSERT INTO `tagent_custom_fields` VALUES (1,'Serial Number',0,0),(2,'Depar INSERT INTO `ttag` VALUES (1,'network','Network equipment','http://artica.es','',''),(2,'critical','Critical modules','','',''),(3,'dmz','DMZ Network Zone','','',''),(4,'performance','Performance anda capacity modules','','',''),(5,'configuration','','','',''); -INSERT INTO `tevent_response` VALUES (1,'Ping to host','Ping to the agent host','ping -c 5 _agent_address_','command',0,620,500,0,''),(2,'SSH to host','Connect via SSH to the agent','http://localhost:8022/anyterm.html?param=_User_@_agent_address_','url',0,800,450,0,'User'),(3,'Create incident from event','Create a incident from the event with the standard incidents system of Pandora FMS','index.php?sec=workspace&sec2=operation/incidents/incident_detail&insert_form&from_event=_event_id_','url',0,0,0,1,''),(4,'Create Integria IMS incident from event','Create a incident from the event with integria incidents system of Pandora FMS. Is necessary to enable and configure the Integria incidents in Pandora FMS setup.','index.php?sec=workspace&sec2=operation/integria_incidents/incident&tab=editor&from_event=_event_id_','url',0,0,0,1,''),(5,'Restart agent','Restart the agent with using UDP protocol. To use this response is necessary to have installed Pandora FMS server and console in the same machine.','/usr/share/pandora_server/util/udp_client.pl _agent_address_ 41122 "REFRESH AGENT"','command',0,620,500,0,''),(6,'Ping to module agent host','Ping to the module agent host','ping -c 5 _module_address_','command',0,620,500,0,''); +INSERT INTO `tevent_response` VALUES (1,'Ping to host','Ping to the agent host','ping -c 5 _agent_address_','command',0,620,500,0,'',0),(2,'SSH to host','Connect via SSH to the agent','http://localhost:8022/anyterm.html?param=_User_@_agent_address_','url',0,800,450,0,'User',0),(3,'Create incident from event','Create a incident from the event with the standard incidents system of Pandora FMS','index.php?sec=workspace&sec2=operation/incidents/incident_detail&insert_form&from_event=_event_id_','url',0,0,0,1,'',0),(4,'Create Integria IMS incident from event','Create a incident from the event with integria incidents system of Pandora FMS. Is necessary to enable and configure the Integria incidents in Pandora FMS setup.','index.php?sec=workspace&sec2=operation/integria_incidents/incident&tab=editor&from_event=_event_id_','url',0,0,0,1,'',0),(5,'Restart agent','Restart the agent with using UDP protocol. To use this response is necessary to have installed Pandora FMS server and console in the same machine.','/usr/share/pandora_server/util/udp_client.pl _agent_address_ 41122 "REFRESH AGENT"','command',0,620,500,0,'',0),(6,'Ping to module agent host','Ping to the module agent host','ping -c 5 _module_address_','command',0,620,500,0,'',0); INSERT INTO `tupdate_settings` VALUES ('current_update', '412'), ('customer_key', 'PANDORA-FREE'), ('updating_binary_path', 'Path where the updated binary files will be stored'), ('updating_code_path', 'Path where the updated code is stored'), ('dbname', ''), ('dbhost', ''), ('dbpass', ''), ('dbuser', ''), ('dbport', ''), ('proxy', ''), ('proxy_port', ''), ('proxy_user', ''), ('proxy_pass', ''); From 8daa66d6ee743733271e70bd8946507373c00b5c Mon Sep 17 00:00:00 2001 From: Arturo Gonzalez Date: Tue, 29 Aug 2017 11:14:42 +0200 Subject: [PATCH 10/12] Added option to set exec proxy in server --- pandora_console/godmode/servers/modificar_server.php | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/pandora_console/godmode/servers/modificar_server.php b/pandora_console/godmode/servers/modificar_server.php index a3d9821373..e412acbb9c 100644 --- a/pandora_console/godmode/servers/modificar_server.php +++ b/pandora_console/godmode/servers/modificar_server.php @@ -58,8 +58,12 @@ if (isset($_GET["server"])) { if (enterprise_installed()) { $table->data[] = array (__('Type'), $server_type); - $table->data[] = array (__('Exec Server Enable'), $exec_server_enable); - $table->data[] = array (__('Check Exec Server'), '' . html_print_image ("images/dot_red.disabled.png", true) . '' . '
'); + if ($row["server_type"] == 13) { + $table->data[] = array (__('Exec Server'), html_print_checkbox ("exec_proxy", 1, $row["exec_proxy"], true)); + if ($row["exec_proxy"]) { + $table->data[] = array (__('Check Exec Server'), '' . html_print_image ("images/dot_red.disabled.png", true) . '' . '
'); + } + } } html_print_table ($table); @@ -120,8 +124,9 @@ else { $address = get_parameter_post ("address"); $description = get_parameter_post ("description"); $id_server = get_parameter_post ("server"); + $exec_proxy = get_parameter_post ("exec_proxy"); - $values = array('ip_address' => $address, 'description' => $description); + $values = array('ip_address' => $address, 'description' => $description, 'exec_proxy' => $exec_proxy); $result = db_process_sql_update('tserver', $values, array('id_server' => $id_server)); if ($result !== false) { ui_print_success_message(__('Server updated successfully')); From 63fb4881767b2f34c84b75b566a4dec8d5f807eb Mon Sep 17 00:00:00 2001 From: Arturo Gonzalez Date: Tue, 29 Aug 2017 11:52:34 +0200 Subject: [PATCH 11/12] Clean code --- pandora_console/include/ajax/events.php | 17 ++--------------- 1 file changed, 2 insertions(+), 15 deletions(-) diff --git a/pandora_console/include/ajax/events.php b/pandora_console/include/ajax/events.php index 4f28012b2b..09e9642893 100644 --- a/pandora_console/include/ajax/events.php +++ b/pandora_console/include/ajax/events.php @@ -136,22 +136,9 @@ if ($perform_event_response) { echo "Only stdin/stdout commands are supported"; } else { - $return_val = array(); - $return_val['correct'] = false; +html_debug("ssh pandora_exec_proxy@" . $server_data['ip_address'] . " \"" . $command . " 2>&1\"", true); + $exec_val = system("ssh pandora_exec_proxy@" . $server_data['ip_address'] . " \"" . io_safe_output($command) . " 2>&1\"", $ret_val); - $exec_val = system("ssh pandora_exec_proxy@" . $server_data['ip_address'] . " \"" . $command . " 2>&1\"", $ret_val); - - if ($ret_val != 0) { - $return_val['message'] = "Conection error"; - } - else { - if ($exec_val == "root") { - $return_val['correct'] = true; - } - else { - $return_val['message'] = "User must be pandora_exec_proxy"; - } - } ob_clean(); echo $exec_val; From 976581e983d1dd23122b66d0e57e62896e2e7f2e Mon Sep 17 00:00:00 2001 From: Arturo Gonzalez Date: Tue, 29 Aug 2017 15:54:12 +0200 Subject: [PATCH 12/12] Adjust timeout in events response commands --- pandora_console/include/ajax/events.php | 21 ++++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) diff --git a/pandora_console/include/ajax/events.php b/pandora_console/include/ajax/events.php index 09e9642893..cad5efae1a 100644 --- a/pandora_console/include/ajax/events.php +++ b/pandora_console/include/ajax/events.php @@ -136,12 +136,19 @@ if ($perform_event_response) { echo "Only stdin/stdout commands are supported"; } else { -html_debug("ssh pandora_exec_proxy@" . $server_data['ip_address'] . " \"" . $command . " 2>&1\"", true); - $exec_val = system("ssh pandora_exec_proxy@" . $server_data['ip_address'] . " \"" . io_safe_output($command) . " 2>&1\"", $ret_val); + switch (PHP_OS) { + case "FreeBSD": + $timeout_bin = '/usr/local/bin/gtimeout'; + break; + case "NetBSD": + $timeout_bin = '/usr/pkg/bin/gtimeout'; + break; + default: + $timeout_bin = '/usr/bin/timeout'; + break; + } - ob_clean(); - - echo $exec_val; + echo system("ssh pandora_exec_proxy@" . $server_data['ip_address'] . " \"" . $timeout_bin . " 90 " . io_safe_output($command) . " 2>&1\"", $ret_val); } } else { @@ -156,7 +163,7 @@ html_debug("ssh pandora_exec_proxy@" . $server_data['ip_address'] . " \"" . $com $timeout_bin = '/usr/bin/timeout'; break; } - echo system($timeout_bin . ' 9 '.io_safe_output($command).' 2>&1'); + echo system($timeout_bin . ' 90 '.io_safe_output($command).' 2>&1'); } } else { @@ -171,7 +178,7 @@ html_debug("ssh pandora_exec_proxy@" . $server_data['ip_address'] . " \"" . $com $timeout_bin = '/usr/bin/timeout'; break; } - echo system($timeout_bin . ' 9 '.io_safe_output($command).' 2>&1'); + echo system($timeout_bin . ' 90 '.io_safe_output($command).' 2>&1'); } return;