function nmap_scan_results() { if (!is_file("/etc/artica-postfix/nmap.map")) { return; } $f = explode("\n", @file_get_contents("/etc/artica-postfix/nmap.map")); while (list($index, $ligne) = each($f)) { if (preg_match("#Nmap scan report for\\s+(.+?)\\s+\\(([0-9\\.]+)#", $ligne, $re)) { $ipaddr = $re[2]; $computer[$ipaddr]["IPADDR"] = $re[2]; $computer[$ipaddr]["HOSTNAME"] = trim($re[1]); $LOGS[] = "Found {$ipaddr} hostname= {$re[1]}"; continue; } if (preg_match("#Nmap scan report for ([0-9\\.]+)\$#", trim($ligne), $re)) { $ipaddr = $re[1]; $computer[$ipaddr]["IPADDR"] = $re[1]; $LOGS[] = "Found {$ipaddr} without computername "; continue; } if (preg_match("#^MAC Address:\\s+([0-9A-Z:]+)\$#", trim($ligne), $re)) { if (isset($MACSSCAN[trim($re[1])])) { continue; } $computer[$ipaddr]["MAC"] = trim($re[1]); $LOGS[] = "Found {$ipaddr} with mac {$re[1]} "; $MACSSCAN[trim($re[1])] = true; continue; } if (preg_match("#^MAC Address:(.+).+?\\((.+?)\\)#", $ligne, $re)) { if (isset($MACSSCAN[trim($re[1])])) { continue; } $MACSSCAN[trim($re[1])] = true; $computer[$ipaddr]["MAC"] = trim($re[1]); $computer[$ipaddr]["MACHINE_TYPE"] = trim($re[2]); $LOGS[] = "Found {$ipaddr} with mac {$re[1]} and machine type {$re[2]}"; continue; } if (preg_match("#^Running:(.+)#", $ligne, $re)) { $computer[$ipaddr]["RUNNING"] = trim($re[1]); continue; } if (preg_match("#^OS details:(.+)#", $ligne, $re)) { $LOGS[] = "Found {$ipaddr} with OS {$re[1]}"; $computer[$ipaddr]["OS"] = trim($re[1]); continue; } } nmap_logs(count($f) . " analyzed lines", @implode("\n", $LOGS)); $c = 0; while (list($ipaddr, $array) = each($computer)) { if (isset($already[$mac])) { continue; } $mac = trim($array["MAC"]); if ($mac == null) { continue; } $c++; $already[$mac] = true; $ldap_ipaddr = null; $ComputerRealName = null; $uid = null; $RAISON = array(); if (!isset($array["HOSTNAME"])) { $array["HOSTNAME"] = null; } if (!isset($array["OS"])) { $array["OS"] = null; } if (!isset($array["RUNNING"])) { $array["RUNNING"] = null; } if (!isset($array["MACHINE_TYPE"])) { $array["MACHINE_TYPE"] = null; } $cmp = new computers(null); $uid = $cmp->ComputerIDFromMAC($mac); if ($uid != null) { if ($GLOBALS["VERBOSE"]) { echo "{$mac} = {$uid}\n"; } $cmp = new computers($uid); $ldap_ipaddr = $cmp->ComputerIP; $ComputerRealName = $cmp->ComputerRealName; if ($GLOBALS["VERBOSE"]) { echo "{$mac} = {$uid}\nLDAP:{$ldap_ipaddr}<>NMAP:{$ipaddr}\nLDAP CMP:{$ComputerRealName}<>NMAP:{$array["HOSTNAME"]}"; } if ($array["HOSTNAME"] != null) { $EXPECTED_UID = strtoupper($array["HOSTNAME"]) . "\$"; if ($EXPECTED_UID != $uid) { $RAISON[] = "UID: {$uid} is different from {$EXPECTED_UID}"; nmap_logs("EDIT UID: {$mac}:[{$array["HOSTNAME"]}] ({$ipaddr})", @implode("\n", $array) . "\n" . @implode("\n", $RAISON), $uid); $cmp->update_uid($EXPECTED_UID); } } if ($ldap_ipaddr != $ipaddr) { writelogs("Change {$ldap_ipaddr} -> to {$ipaddr} for {$cmp->uid}", __FUNCTION__, __FILE__, __LINE__); $RAISON[] = "LDAP IP ADDR: {$ldap_ipaddr} is different from {$ipaddr}"; $RAISON[] = "DN: {$cmp->dn}"; $RAISON[] = "UID: {$cmp->uid}"; $RAISON[] = "MAC: {$cmp->ComputerMacAddress}"; if (!$cmp->update_ipaddr($ipaddr)) { $RAISON[] = "ERROR:{$cmp->ldap_last_error}"; } nmap_logs("EDIT IP: {$mac}:[{$array["HOSTNAME"]}] ({$ipaddr})", @implode("\n", $array) . "\n" . @implode("\n", $RAISON), $uid); } if ($array["OS"] != null) { if (strtolower($cmp->ComputerOS == "Unknown")) { $cmp->ComputerOS = null; } if ($cmp->ComputerOS == null) { $RAISON[] = "LDAP OS: {$cmp->ComputerOS} is different from {$array["OS"]}"; nmap_logs("EDIT OS: {$mac}:[{$array["HOSTNAME"]}] ({$ipaddr})", @implode("\n", $array) . "\n" . @implode("\n", $RAISON), $uid); $cmp->update_OS($array["OS"]); } } } else { if ($array["HOSTNAME"] != null) { $uid = "{$array["HOSTNAME"]}\$"; } else { $uid = "{$ipaddr}\$"; } nmap_logs("ADD NEW: {$mac}:[{$array["HOSTNAME"]}] ({$ipaddr})", @implode("\n", $array) . "\n" . @implode("\n", $RAISON), "{$uid}"); $cmp = new computers(); $cmp->ComputerIP = $ipaddr; $cmp->ComputerMacAddress = $mac; $cmp->uid = "{$uid}"; $cmp->ComputerOS = $array["OS"]; $cmp->ComputerRunning = $array["RUNNING"]; $cmp->ComputerMachineType = $array["MACHINE_TYPE"]; $cmp->Add(); } } nmap_logs("{$c} hosts analyzed in databases"); @unlink("/etc/artica-postfix/nmap.map"); //print_r($computer); }
function nmap_scan_period() { if (system_is_overloaded(basename(__FILE__))) { writelogs("Overloaded system, aborting", __FUNCTION__, __FILE__, __LINE__); return; } $unix = new unix(); $pidfile = "/etc/artica-postfix/pids/exec.nmapscan.php.nmap_scan_period.pid"; $pidtime = "/etc/artica-postfix/pids/exec.nmapscan.php.nmap_scan_period.time"; $pid = @file_get_contents($pidfile); if ($unix->process_exists($pid, basename(__FILE__))) { die; } @unlink($pidfile); @file_put_contents($pidfile, getmypid()); $sock = new sockets(); $EnableScanComputersNet = $sock->GET_INFO("EnableScanComputersNet"); if (!is_numeric($EnableScanComputersNet)) { $EnableScanComputersNet = 0; } if ($EnableScanComputersNet == 0) { die; } $EnableScanComputersNetSchedule = $sock->GET_INFO("EnableScanComputersNetSchedule"); if (!is_numeric($EnableScanComputersNetSchedule)) { $EnableScanComputersNetSchedule = 15; } if ($EnableScanComputersNetSchedule < 5) { $EnableScanComputersNetSchedule = 5; } $time = $unix->file_time_min($pidtime); if ($time < $EnableScanComputersNetSchedule) { die; } @unlink($pidtime); @file_put_contents($pidtime, time()); $sql = "SELECT MACADDR,IPADDRESS FROM networks"; $q = new mysql(); $results = $q->QUERY_SQL($sql, "ocsweb"); $computer = new computers(); if (!$q->ok) { if (preg_match("#Unknown database#", $q->mysql_error)) { $sock = new sockets(); $sock->getFrameWork("services.php?mysql-ocs=yes"); $results = $q->QUERY_SQL($sql, "ocsweb"); } return; } if (!$q->FIELD_EXISTS("networks", "isActive", "ocsweb")) { $q->QUERY_SQL("ALTER TABLE `networks` ADD `isActive` SMALLINT( 1 ) NOT NULL DEFAULT '0',ADD INDEX ( `isActive` ) ", "ocsweb"); } $users = new usersMenus(); if (!is_file("{$users->NMAP_PATH}")) { return null; } $cmp = new computers(); while ($ligne = mysql_fetch_array($results, MYSQL_ASSOC)) { $MACADDR = $ligne["MACADDR"]; $IPADDRESS = $ligne["IPADDRESS"]; $cmd = $users->NMAP_PATH . " -v -F -PE -PN -O {$IPADDRESS} --system-dns --version-light 2>&1"; $resultsScan = array(); exec($cmd, $resultsScan); $PORTS = array(); $osDetails = null; $uid = null; $UpTime = null; $LIVE = false; $MACSSCAN = null; while (list($index, $line) = each($resultsScan)) { if (preg_match("#Nmap scan report for.+?host down#", $line)) { if ($GLOBALS["VERBOSE"]) { echo "{$MACADDR} ({$IPADDRESS}) DOWN\n"; } nmap_scan_period_save($IPADDRESS, $MACADDR, 0); break; } if (preg_match("#([0-9]+).+?open\\s+(.+)#", $line, $re)) { $PORTS[$re[1]] = $re[2]; continue; } if (preg_match("#^OS details:(.+)#", $line, $re)) { $osDetails = trim($re[1]); if (preg_match("#Microsoft.+?Windows.+?7#i", $osDetails)) { $osDetails = "Windows 7"; } continue; } if (preg_match("#^Uptime guess:\\s+(.+)#", $line, $re)) { $UpTime = $re[1]; continue; } if (preg_match("#^MAC Address:\\s+([0-9A-Z:]+)\$#", trim($line), $re)) { $MACSSCAN = trim(strtolower($re[1])); continue; } if (preg_match("#^MAC Address:(.+).+?\\((.+?)\\)#", $line, $re)) { $MACSSCAN = trim(strtolower($re[1])); continue; } } if (count($PORTS) > 0) { AddPorts($PORTS, $MACADDR); if (is_array($PORTS)) { $uid = $cmp->ComputerIDFromMAC($MACADDR); $cmp = new computers($uid); $portser = serialize($PORTS); $cmp->UpdateComputerOpenPorts(base64_encode($portser)); $PORTS = array(); $LIVE = true; } } if ($MACADDR == "unknown") { if ($MACSSCAN != null) { $MACADDR = $MACSSCAN; } } if ($osDetails != null) { if ($uid == null) { $uid = $cmp->ComputerIDFromMAC($MACADDR); $cmp = new computers($uid); } if ($cmp->ComputerOS != $osDetails) { $cmp->update_OS($osDetails); } $LIVE = true; } if ($UpTime != null) { if ($uid == null) { $uid = $cmp->ComputerIDFromMAC($MACADDR); $cmp = new computers($uid); } $cmp->UpdateComputerUpTime($UpTime); $LIVE = true; } if ($LIVE) { if ($GLOBALS["VERBOSE"]) { echo "{$IPADDRESS}/{$MACADDR} " . count($PORTS) . " ports ({$osDetails}) TTL:{$UpTime}\n"; } nmap_scan_period_save($IPADDRESS, $MACADDR, 1); $LIVE = false; continue; } if ($GLOBALS["VERBOSE"]) { echo "{$IPADDRESS}/{$MACADDR} DOWN\n"; } } }