This is an automated email from the git hooks/post-receive script. New commit to branch develop in repository mum. See http://git.chorem.org/mum.git commit c760a0065eec4d9537c8f76c5211a9fe2a72edb1 Author: Alexis Guilbaud <guilbaud@codelutin.com> Date: Tue Apr 21 15:23:03 2015 +0200 known ports are at least verfied once when adding a host, and if a connection is preconfigured, it will be activated --- app/module_loader.py | 48 ++++++++++++-------------- app/modules/nmap_detection.py | 9 +++-- app/modules/storage_modules/shelve_db.py | 59 +++++++++++++++++++++++++++++--- 3 files changed, 83 insertions(+), 33 deletions(-) diff --git a/app/module_loader.py b/app/module_loader.py index 8226bb2..fb89d0b 100644 --- a/app/module_loader.py +++ b/app/module_loader.py @@ -53,6 +53,12 @@ class ModuleLoader: def get_websocket_container(self): return self.wsc + def get_all_known_ports(self): + res = [] + for conn_mod in self.loaded_mod_conn: + res.append(self.loaded_mod_conn[conn_mod]['known_port']) + return res + def create_task(self, task_id): self.db.store_task(task_id) self.wsc.notify_task_change() @@ -87,6 +93,7 @@ class ModuleLoader: ws, self.get_conection_modules_list(), self.get_monitoring_modules_list(), + self.get_all_known_ports(), modules.HostNotFoundException) try: if re.search('^\d{1,3}(-\d{1,3})?[.]\d{1,3}(-\d{1,3})?[.]\d{1,3}(-\d{1,3})?[.]\d{1,3}(-\d{1,3})?$', param): @@ -112,7 +119,11 @@ class ModuleLoader: fake_nmap_res['addr'] = addr_host fake_nmap_res['hostname'] = '' fake_nmap_res['openports'] = [] - self.db.add_host(addr_host, json.dumps(fake_nmap_res), self.get_conection_modules_list(), self.get_monitoring_modules_list()) + self.db.add_host(addr_host, + json.dumps(fake_nmap_res), + self.get_conection_modules_list(), + self.get_monitoring_modules_list(), + self.get_all_known_ports()) monitoring_intructions = self.db.get_monitoring_instructions(addr_host) for instr in monitoring_intructions: self.add_to_waiting_list(instr) @@ -277,15 +288,15 @@ class ModuleLoader: # getting all availiable connections for this part to check compatible_conn = self.loaded_mod_moni[part_name]['compatible_conn'] conf_conn = self.db.get_conf_conn(addr_host) - conn_found = False - for i in range(len(conf_conn)): + check_done = False + i = 0 + while i < len(conf_conn) and not check_done: # for each connection that have been configurated for this host (by priority) for mod in self.loaded_mod_moni[part_name]['modules']: # for each monitoring module, being from this part, activated for this host loaded_mod = self.loaded_mod_moni[part_name]['modules'][mod]['imported'] if getattr(loaded_mod, 'connection') == conf_conn[i]['conn_mod_name']: # if this monitoring module is compatible for the current connection - conn_found = True try: conn_inst = self.create_connection(addr_host, conf_conn[i]) dict_notif = getattr(self.loaded_mod_moni[part_name]['modules'][mod]['imported'], @@ -293,30 +304,15 @@ class ModuleLoader: db, modules.ModuleNotCompatibleException) self.run_notification_modules(dict_notif) - except modules.ModuleNotCompatibleException.ModuleNotCompatibleException as mnce: - print mnce.__str__() - process_monitoring.remove_to_waiting_list(addr_host, part_name) - dict_deactivation_request = {} - dict_deactivation_request['addr_host'] = addr_host - dict_deactivation_request['activated'] = {part_name: False} - self.db.config_mod_activation(dict_deactivation_request) - except modules.CommandNotFoundException.CommandNotFoundException as cnfe: - print cnfe.__str__() - process_monitoring.remove_to_waiting_list(addr_host, part_name) - dict_deactivation_request = {} - dict_deactivation_request['addr_host'] = addr_host - dict_deactivation_request['activated'] = {part_name: False} - self.db.config_mod_activation(dict_deactivation_request) + check_done = True except Exception: - print "Monitoring module " + part_name + " have been disabled on " + addr_host + \ - " because of an unexpected error. Traceback:" + print "The connection could not have been established with " + conf_conn[i]['conn_mod_name']\ + + " on " + addr_host + ". Traceback:" print traceback.format_exc() - process_monitoring.remove_to_waiting_list(addr_host, part_name) - dict_deactivation_request = {} - dict_deactivation_request['addr_host'] = addr_host - dict_deactivation_request['activated'] = {part_name: False} - self.db.config_mod_activation(dict_deactivation_request) - if not conn_found: + # set failed conn priority to 0 ? + print "Now trying on next avaliable connection..." + i += 1 + if not check_done: print "No necessary connection have been properly configured for " + part_name + " on " + addr_host +\ ". Therefore it has been deactivated." process_monitoring.remove_to_waiting_list(addr_host, part_name) diff --git a/app/modules/nmap_detection.py b/app/modules/nmap_detection.py index 279dee0..0c08fb4 100644 --- a/app/modules/nmap_detection.py +++ b/app/modules/nmap_detection.py @@ -8,7 +8,7 @@ from string import letters class nmap_detection: - def __init__(self, opt, db, ws, list_mod_conn, dict_mod_monitoring, hnfe): + def __init__(self, opt, db, ws, list_mod_conn, dict_mod_monitoring, known_ports, hnfe): self.opt = opt self.db = db self.ws = ws @@ -16,6 +16,7 @@ class nmap_detection: self.scanned_ip = [] self.list_mod_conn = list_mod_conn self.dict_mod_monitoring = dict_mod_monitoring + self.known_ports = known_ports self.HostNotFoundException = hnfe # function for splitting the different ranges of the IP adress @@ -166,5 +167,9 @@ class nmap_detection: list_dict_port.append(dict_port) dict_host['openports'] = list_dict_port # the host have its IP for ID on the db - self.db.add_host(dict_host['addr'], json.dumps(dict_host), self.list_mod_conn, self.dict_mod_monitoring) + self.db.add_host(dict_host['addr'], + json.dumps(dict_host), + self.list_mod_conn, + self.dict_mod_monitoring, + self.known_ports) self.scanned_ip.append(dict_host['addr']) \ No newline at end of file diff --git a/app/modules/storage_modules/shelve_db.py b/app/modules/storage_modules/shelve_db.py index 23c3a32..2e7f768 100644 --- a/app/modules/storage_modules/shelve_db.py +++ b/app/modules/storage_modules/shelve_db.py @@ -6,6 +6,7 @@ import json import shelve import traceback import threading +import socket import os.path @@ -76,7 +77,9 @@ class shelve_db: if mod not in self.db['global_conf']: # adding a entry for every module loaded for the first time mod_conf = {} mod_conf['block'] = loaded_mod_moni[mod]['block'] - mod_conf['activated'] = mod == 'ping' # we want the ping module to be activated by default + # all modules are added if the os is compatible, we'll try at least + # once the check, if it exists a connection that can lauch the module + mod_conf['activated'] = True mod_conf['check_frequency'] = 60 """ mod_conf['nb_minute'] = 30 @@ -147,9 +150,9 @@ class shelve_db: finally: self.close_db() - def add_host(self, addr_host, nmap_res, conn_infos, dict_mod_info): + def add_host(self, addr_host, nmap_res, conn_infos, dict_mod_info, known_ports): """ - Called by the nmap_detection module. + Called by the nmap_detection module or directly by the module loader if no detection was asked. Add and save a new host after its first nmap detection It also preconfigure with the default configuration, add the host to the group "all" and creates empty structures for the monitoring and archive data. @@ -159,6 +162,8 @@ class shelve_db: (see get_conection_modules_list() on module_loader) :param dict_mod_info: a dictionnary containing informations about the different monitoring modules (see get_info_mod_monitoring() on module_loader) + :param a list of integers representing the known ports for the connection modules, that may not have been + detected by nmap """ self.open_db() addr_host = str(addr_host) # Shelve doesn't support Unicode @@ -170,6 +175,10 @@ class shelve_db: # Preconfiguration self.db["hosts"][addr_host]["conf"] = {} nmap_res_data = json.loads(nmap_res) + nmap_res_data['openports'] = self.check_if_known_port_is_open(addr_host, + known_ports, + nmap_res_data['openports']) + self.db["hosts"][addr_host]['detected']['nmap'] = json.dumps(nmap_res_data) self.db["hosts"][addr_host]["conf"]["connections"] = self.init_conn(nmap_res_data, conn_infos) os_host = nmap_res_data['os'] self.db["hosts"][addr_host]["conf"]["monitoring"] = {} @@ -180,7 +189,7 @@ class shelve_db: self.db['hosts'][addr_host]['conf']['idling']['modules'] = [] self.db['hosts'][addr_host]['conf']['idling']['status'] = "" self.db["hosts"][addr_host]["conf"]["groups"] = ["all"] # Every host is in group "all" - self.db["hosts"][addr_host]["conf"]["subscribers"] = {} # Add current user automatically ? + self.db["hosts"][addr_host]["conf"]["subscribers"] = {} self.db["hosts"][addr_host]["conf"]["custom_info"] = "" self.db["hosts"][addr_host]["conf"]["interventions"] = [] # Create structure for monitoring data @@ -195,6 +204,40 @@ class shelve_db: self.close_db() @staticmethod + def check_if_known_port_is_open(addr_host, known_ports, openports): + """ + For each known_port that may not be detected by nmap, we will try to verify if this port is open or not by + opening a socket. + :param addr_host: the IP address of the host + :param known_ports: a list containing integers representing the known_ports to verify. + :param openports: a dictionary containing the nmap result of the detected open ports + :return: openports attribute with new fields for each open port newly verified. + """ + new_port_dict_list = [] + try: + sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) + for port_id in known_ports: + print port_id + port_id_was_detected = False + for port_dict in openports: + if port_dict['portid'] == port_id: + print 1 + port_id_was_detected = True + if not port_id_was_detected: + try: + if sock.connect_ex((addr_host, port_id)) == 0: + print 2 + new_port_dict_list.append({"portname": "", "portid": port_id}) + except Exception: + pass + print new_port_dict_list + for new_port_dict in new_port_dict_list: + openports.append(new_port_dict) + print openports + finally: + return openports + + @staticmethod def init_conn(dict_nmap_res, conn_infos): """ Returns an initialization for the connection configuration on a host. @@ -224,7 +267,13 @@ class shelve_db: dict_conn[loaded_conn_mod] = {} for param in conn_infos[loaded_conn_mod]['params']: dict_conn[loaded_conn_mod][param] = None - dict_conn[loaded_conn_mod]["priority"] = 0 + if len(conn_infos[loaded_conn_mod]['params'].keys()) == 1 and \ + 'port' in conn_infos[loaded_conn_mod]['params']: + # if there is only the port to configure, the conn module can be activated because is + # already configured + dict_conn[loaded_conn_mod]["priority"] = 1 + else: + dict_conn[loaded_conn_mod]["priority"] = 0 dict_conn[loaded_conn_mod]["port"] = conn_infos[loaded_conn_mod]['known_port'] return dict_conn -- To stop receiving notification emails like this one, please contact chorem.org SCM administrator <admin+scm@chorem.org>.