diff --git a/pandora_agents/linux/pandora_agent.conf b/pandora_agents/linux/pandora_agent.conf index bde1bed2f5..42abc0a91a 100755 --- a/pandora_agents/linux/pandora_agent.conf +++ b/pandora_agents/linux/pandora_agent.conf @@ -1,19 +1,19 @@ # Fichero de configuracion base de agentes de Pandora # Base config file for Pandora agents -# Version 1.1 +# Version 1.2 Beta 2 # Licenced under GPL licence, 2003-2005 Sancho Lerena # General Parameters # ================== -server_ip pandora_server +server_ip localhost server_path /opt/pandora_server/data_in pandora_path /opt/pandora_agent/ temporal /opt/pandora_agent/data_out -interval 300 -debug 0 +interval 1 +debug 1 checksum 1 -#agent_name satellite_system +agent_name adama # Module Definition # ================= @@ -22,6 +22,7 @@ checksum 1 module_begin module_name cpu_user module_type generic_data +module_interval 1 module_exec vmstat 1 2 | tail -1 | awk '{ print $14 }' module_max 100 module_min 0 @@ -49,6 +50,7 @@ module_end module_begin module_name disk_root_free module_type generic_data +module_interval 2 module_exec df -kh / | tail -1 | awk '{ print 100-$5 }' module_max 100 module_min 0 @@ -92,120 +94,23 @@ module_exec ps -Af | grep sshd | grep -v "grep" | wc -l module_end module_begin -module_name Inetd -module_type generic_proc -module_exec ps -Af | grep inetd | grep -v "grep" | wc -l -module_end - -module_begin -module_name DNS_Daemon -module_type generic_proc -module_exec ps -Af | grep named | grep -v "grep" | wc -l -module_end - -module_begin -module_name Antispam_Daemon -module_type generic_proc -module_exec ps -Af | grep spamd | grep -v "grep" | wc -l -module_end - -module_begin -module_name NFS_Daemon -module_type generic_proc -module_exec ps -Af | grep rpc.nfsd | grep -v "grep" | wc -l -module_end - -module_begin -module_name WEB_Hits -module_type generic_data_inc -module_exec cat /var/log/apache/access.log | grep "index" | wc -l -module_end - -module_begin -module_name eMails_proc -module_type generic_data_inc -module_exec cat /var/log/mail/mail.log | grep "postfix/pickup" | grep "from" | wc -l -module_end - -module_begin -module_name eMails_SPAM -module_type generic_data_inc -module_exec cat /var/log/mail/mail.log | grep "identified spam" | wc -l -module_end - -module_begin -module_name FTP_sessions -module_type generic_data_inc -module_exec cat /var/log/syslog | grep "FTP session opened" | wc -l -module_end - -module_begin -module_name DNS_Requests -module_type generic_data_inc -module_exec tail -5000 /var/log/syslog | grep "XSTATS" | tail -1 | cut -f 24 -d " " | cut -f 2 -d "=" -module_end - -module_begin -module_name DNS_Requests_forwarded -module_type generic_data_inc -module_exec tail -5000 /var/log/syslog | grep "XSTATS" | tail -1 | cut -f 26 -d " " | cut -f 2 -d "=" -module_end - -module_begin -module_name Snort_Events -module_type generic_data_inc -module_description Events reported by Snort IDS -module_max 1000 -module_min 0 -module_exec echo "SELECT COUNT(*) as num_event FROM event, signature WHERE event.signature = signatur -e.sig_id AND timestamp >=DATE_SUB(CURRENT_timestamp,INTERVAL 1 HOUR);" | mysql -u root -ppassword -D -snort | tail -1 -module_end - -module_begin -module_name MySQL_Questions -module_type generic_data_inc -module_description MySQL Questions (Queries) -module_exec echo "show status like 'questions'" | mysql -u root -ppassword | tail -1 | cut -f 2 -module_end - -module_begin -module_name Title1_elPais -module_description Titulares RSS de Elpais.es +module_name last_syslog module_type generic_data_string -module_exec wget http://www.elpais.es/rss.html -q -O - | grep title | head -3 | tail -1 +module_exec tail -1 /var/log/syslog module_end module_begin -module_name Free/Inactive Memory +module_name PandoraNet_Mem +module_description Pandora_Network Memory usage module_type generic_data -module_exec cat /proc/meminfo | grep Inactive | awk '{ print $2 }' +module_exec ps aux | grep pandora_network | grep -v grep | awk '{ print $6 }' module_end module_begin -module_name last_login -module_type generic_data_string -module_exec last | tail -1 +module_name PandoraSer_Mem +module_description Pandora Server memory usage +module_type generic_data +module_exec ps aux | grep pandora_server.pl | grep -v grep | awk '{ print $6 }' module_end -# Please check before use, interface order changes in each system -#1-lo,2-eth0,3-eth1,4-eth2,5-ppp0.. - -module_begin -module_name router_out -module_type generic_data_inc -module_exec snmpget -O vnq -v 1 -c public 192.168.5.4 .iso.org.dod.internet.mgmt.mib-2.interfaces.ifTable.ifEntry.ifOutOctets.5 -module_end - -module_begin -module_name router_discard -module_type generic_data_inc -module_exec snmpget -O vnq -v 1 -c public 192.168.5.4 .iso.org.dod.internet.mgmt.mib-2.interfaces.ifTable.ifEntry.ifInDiscards.5 -module_end - -module_begin -module_name router_in -module_type generic_data_inc -module_exec snmpget -O vnq -v 1 -c public 192.168.5.4 .iso.org.dod.internet.mgmt.mib-2.interfaces.ifTable.ifEntry.ifInOctets.5 -module_end diff --git a/pandora_agents/linux/pandora_agent.sh b/pandora_agents/linux/pandora_agent.sh index b313f708df..7f56477e9c 100755 --- a/pandora_agents/linux/pandora_agent.sh +++ b/pandora_agents/linux/pandora_agent.sh @@ -1,13 +1,13 @@ #!/bin/bash - # ********************************************************************** -# Agente Generico Pandora +# Pandora Generic Host Agent # Linux version -# (c) Sancho Lerena 2003-2005, +# (c) Sancho Lerena 2003-2006, +# with the help of many people. Please see http://pandora.sf.net # Este codigo esta licenciado bajo la licencia GPL 2.0. # This code is licenced under GPL 2.0 licence. # ********************************************************************** -AGENT_VERSION=1.2a +AGENT_VERSION=1.2beta2 IFS=$'\n' # Begin cycle for adquire primary config tokens @@ -15,27 +15,31 @@ TIMESTAMP=`date +"%Y/%m/%d %H:%M:%S"` if [ -z "$1" ] then - echo " " - echo "FATAL ERROR: I need an argument to PANDORA AGENT home path" - echo " " - echo " example: /opt/pandora_ng/pandora_agent.sh /opt/pandora_ng " - echo " " - exit -1 + echo " " + echo "FATAL ERROR: I need an argument to PANDORA AGENT home path" + echo " " + echo " example: /opt/pandora_ng/pandora_agent.sh /opt/pandora_ng " + echo " " + exit -1 else - PANDORA_HOME=$1 + PANDORA_HOME=$1 fi if [ ! -f $PANDORA_HOME/pandora_agent.conf ] then - echo " " - echo "FATAL ERROR: Cannot load pandora_agent.conf" - echo " " - exit -1 + echo " " + echo "FATAL ERROR: Cannot load pandora_agent.conf" + echo " " + exit -1 fi # Default values + CHECKSUM_MODE=1 DEBUG_MODE=0 +CONTADOR=0 +EXECUTE=1 +MODULE_END=0 echo "$TIMESTAMP - Reading general config parameters from .conf file" >> $PANDORA_HOME/pandora.log for a in `cat $PANDORA_HOME/pandora_agent.conf | grep -v -e "^#" | grep -v -e "^module" ` @@ -63,22 +67,21 @@ do INTERVAL=`echo $a | awk '{ print $2 }' ` echo "$TIMESTAMP - [SETUP] - Interval is $INTERVAL seconds" >> $PANDORA_HOME/pandora.log fi - if [ ! -z "`echo $a | grep -e '^agent_name'`" ] + if [ ! -z "`echo $a | grep -e '^agent_name'`" ] then NOMBRE_HOST=`echo $a | awk '{ print $2 }' ` - echo "$TIMESTAMP - [SETUP] - Agent name is $NOMBRE_HOST " >> $PANDORA_HOME/pandora.log + echo "$TIMESTAMP - [SETUP] - Agent name is $NOMBRE_HOST " >> $PANDORA_HOME/pandora.log fi - if [ ! -z "`echo $a | grep -e '^debug'`" ] + if [ ! -z "`echo $a | grep -e '^debug'`" ] then DEBUG_MODE=`echo $a | awk '{ print $2 }' ` - echo "$TIMESTAMP - [SETUP] - Debug mode is $DEBUG_MODE " >> $PANDORA_HOME/pandora.log + echo "$TIMESTAMP - [SETUP] - Debug mode is $DEBUG_MODE " >> $PANDORA_HOME/pandora.log fi - if [ ! -z "`echo $a | grep -e '^checksum'`" ] + if [ ! -z "`echo $a | grep -e '^checksum'`" ] then CHECKSUM_MODE=`echo $a | awk '{ print $2 }' ` - echo "$TIMESTAMP - [SETUP] - Checksum is $CHECKSUM_MODE " >> $PANDORA_HOME/pandora.log + echo "$TIMESTAMP - [SETUP] - Checksum is $CHECKSUM_MODE " >> $PANDORA_HOME/pandora.log fi - done @@ -87,6 +90,7 @@ done # OS Data OS_VERSION=`uname -r` OS_NAME=`uname -s` + # Hostname if [ -z "$NOMBRE_HOST" ] then @@ -96,116 +100,158 @@ fi while [ "1" == "1" ] do - # Fecha y hora. Se genera un serial (numero de segundos desde 1970) para cada paquete generado. - TIMESTAMP=`date +"%Y/%m/%d %H:%M:%S"` - SERIAL=`date +"%s"` + # Fecha y hora. Se genera un serial (numero de segundos desde 1970) para cada paquete generado. + TIMESTAMP=`date +"%Y/%m/%d %H:%M:%S"` + SERIAL=`date +"%s"` - # Nombre de los archivos - DATA=$TEMP/$NOMBRE_HOST.$SERIAL.data - CHECKSUM=$TEMP/$NOMBRE_HOST.$SERIAL.checksum - PANDORA_FILES="$TEMP/$NOMBRE_HOST.$SERIAL.*" + # Nombre de los archivos + DATA=$TEMP/$NOMBRE_HOST.$SERIAL.data + DATA2=$TEMP/$NOMBRE_HOST.$SERIAL.data_temp + CHECKSUM=$TEMP/$NOMBRE_HOST.$SERIAL.checksum + PANDORA_FILES="$TEMP/$NOMBRE_HOST.$SERIAL.*" - # Makes data packet - echo "" > $DATA - if [ "$DEBUG_MODE" == "1" ] - then - echo "$TIMESTAMP - Reading module adquisition data from .conf file" >> $PANDORA_HOME/pandora.log - fi - for a in `cat $PANDORA_HOME/pandora_agent.conf | grep -v -e "^#" | grep -e "^module" ` - do - a=`echo $a | tr -s " " " "` + # Makes data packet + echo "" > $DATA + if [ "$DEBUG_MODE" == "1" ] + then + echo "$TIMESTAMP - Reading module adquisition data from .conf file" >> $PANDORA_HOME/pandora.log + fi + for a in `cat $PANDORA_HOME/pandora_agent.conf | grep -v -e "^#" | grep -e "^module" ` + do + a=`echo $a | tr -s " " " "` - if [ ! -z "`echo $a | grep -e '^module_exec'`" ] - then - execution=`echo $a | cut -c 13- ` - res=`eval $execution` - if [ -z "$flux_string" ] - then - res=`eval expr $res 2> /dev/null` - fi - echo "$res" >> $DATA - fi + if [ ! -z "`echo $a | grep -e '^module_exec'`" ] + then + if [ $EXECUTE -eq 0 ] + then + execution=`echo $a | cut -c 13- ` + res=`eval $execution` + if [ -z "$flux_string" ] + then + res=`eval expr $res 2> /dev/null` + fi + echo "$res" >> $DATA2 + fi + fi - if [ ! -z "`echo $a | grep -e '^module_name'`" ] - then - name=`echo $a | cut -c 13- ` - echo "$name" >> $DATA - fi - - if [ ! -z "`echo $a | grep -e '^module_begin'`" ] - then - echo "" >> $DATA - fi + if [ ! -z "`echo $a | grep -e '^module_name'`" ] + then + name=`echo $a | cut -c 13- ` + echo "$name" >> $DATA2 + fi + + if [ ! -z "`echo $a | grep -e '^module_begin'`" ] + then + echo "" >> $DATA2 + EXECUTE=0 + fi + + if [ ! -z "`echo $a | grep -e '^module_max' `" ] + then + max=`echo $a | awk '{ print $2 }' ` + echo "$max" >> $DATA2 + fi - if [ ! -z "`echo $a | grep -e '^module_max' `" ] - then - max=`echo $a | awk '{ print $2 }' ` - echo "$max" >> $DATA - fi - if [ ! -z "`echo $a | grep -e '^module_min'`" ] - then - min=`echo $a | awk '{ print $2 }' ` - echo "$min" >> $DATA - fi - if [ ! -z "`echo $a | grep -e '^module_description'`" ] - then - desc=`echo $a | cut -c 20- ` - echo "$desc" >> $DATA - fi + if [ ! -z "`echo $a | grep -e '^module_min'`" ] + then + min=`echo $a | awk '{ print $2 }' ` + echo "$min" >> $DATA2 + fi + + if [ ! -z "`echo $a | grep -e '^module_description'`" ] + then + desc=`echo $a | cut -c 20- ` + echo "$desc" >> $DATA2 + fi - if [ ! -z "`echo $a | grep -e '^module_end'`" ] - then - echo "" >> $DATA - fi + if [ ! -z "`echo $a | grep -e '^module_end'`" ] + then + echo "" >> $DATA2 + MODULE_END=1 + else + MODULE_END=0 + fi - if [ ! -z "`echo $a | grep -e '^module_type'`" ] - then - mtype=`echo $a | awk '{ print $2 }' ` - if [ ! -z "`echo $mtype | grep 'generic_data_string'`" ] - then - flux_string=1 - else - flux_string=0 - unset flux_string - fi - echo "$mtype" >> $DATA - fi - done + if [ ! -z "`echo $a | grep -e '^module_type'`" ] + then + mtype=`echo $a | awk '{ print $2 }' ` + if [ ! -z "`echo $mtype | grep 'generic_data_string'`" ] + then + flux_string=1 + else + flux_string=0 + unset flux_string + fi + echo "$mtype" >> $DATA2 + fi + + if [ ! -z "`echo $a | grep '^module_interval'`" ] + then + # Determine if execution is to be done + MODULEINTERVAL=`echo $a | awk '{ print $2 }'` + EXECUTE=`expr \( $CONTADOR + 1 \) % $MODULEINTERVAL` + fi - # Call for user-defined script for data adquisition + # If module end, and execute for this module is enabled + # then write - if [ -f "$PANDORA_HOME/pandora_user.conf" ] - then - /bin/bash $PANDORA_HOME/pandora_user.conf >> $DATA - fi + if [ $MODULE_END -eq 1 ] + then + if [ $EXECUTE -eq 0 ] + then + cat $DATA2 >> $DATA + fi + rm -Rf $DATA2 > /dev/null 2> /dev/null + fi + done + + # Count number of agent runs + CONTADOR=`expr $CONTADOR + 1` + # Keep a limit of 100 for overflow reasons + if [ $CONTADOR -eq 100 ] + then + CONTADOR=0 + fi + + # Call for user-defined script for data adquisition + + if [ -f "$PANDORA_HOME/pandora_user.conf" ] + then + /bin/bash $PANDORA_HOME/pandora_user.conf >> $DATA + fi + + # Finish data packet + echo "" >> $DATA + if [ "$DEBUG_MODE" == "1" ] + then + echo "$TIMESTAMP - Finish writing XML $DATA" >> $PANDORA_HOME/pandora.log + fi + + if [ "$CHECKSUM_MODE" == "1" ] + then + # Calculate Checksum and prepare MD5 file + CHECKSUM_DATA=`/usr/bin/md5sum $DATA` + echo $CHECKSUM_DATA > $CHECKSUM + else + CHECKSUM_DATA="No valid checksum" + echo $CHECKSUM_DATA > $CHECKSUM + fi + + if [ "$DEBUG_MODE" == "1" ] + then + mv $PANDORA_FILES $SERVER_PATH > /dev/null 2> /dev/null + echo "$TIMESTAMP - Copying $PANDORA_FILES to $SERVER_IP:$SERVER_PATH" >> $PANDORA_HOME/pandora.log + else + # Copy XML Data files to remote systems + scp $PANDORA_FILES pandora@$SERVER_IP:$SERVER_PATH > /dev/null 2> /dev/null + fi + + # Delete it + rm -f $PANDORA_FILES> /dev/null 2> /dev/null + + # Go to bed + sleep $INTERVAL + - # Finish data packet - echo "" >> $DATA - if [ "$DEBUG_MODE" == "1" ] - then - echo "$TIMESTAMP - Finish writing XML $DATA" >> $PANDORA_HOME/pandora.log - fi - - if [ "$CHECKSUM_MODE" == "1" ] - then - # Calculate Checksum and prepare MD5 file - CHECKSUM_DATA=`/usr/bin/md5sum $DATA` - echo $CHECKSUM_DATA > $CHECKSUM - else - CHECKSUM_DATA="No valid checksum" - echo $CHECKSUM_DATA > $CHECKSUM - fi - - # Send packets to server and detele it - scp $PANDORA_FILES pandora@$SERVER_IP:$SERVER_PATH > /dev/null 2> /dev/null - if [ "$DEBUG_MODE" == "1" ] - then - echo "$TIMESTAMP - Copying $PANDORA_FILES to $SERVER_IP:$SERVER_PATH" >> $PANDORA_HOME/pandora.log - echo "Debug mode. Agent terminated" - exit - fi - - rm -f $PANDORA_FILES> /dev/null - sleep $INTERVAL done -# forever! +# This runs forever!