Exemplo n.º 1
0
function nmap_scan_results()
{
    if (!is_file("/etc/artica-postfix/nmap.map")) {
        return;
    }
    $f = explode("\n", @file_get_contents("/etc/artica-postfix/nmap.map"));
    while (list($index, $ligne) = each($f)) {
        if (preg_match("#Nmap scan report for\\s+(.+?)\\s+\\(([0-9\\.]+)#", $ligne, $re)) {
            $ipaddr = $re[2];
            $computer[$ipaddr]["IPADDR"] = $re[2];
            $computer[$ipaddr]["HOSTNAME"] = trim($re[1]);
            $LOGS[] = "Found {$ipaddr} hostname= {$re[1]}";
            continue;
        }
        if (preg_match("#Nmap scan report for ([0-9\\.]+)\$#", trim($ligne), $re)) {
            $ipaddr = $re[1];
            $computer[$ipaddr]["IPADDR"] = $re[1];
            $LOGS[] = "Found {$ipaddr} without computername ";
            continue;
        }
        if (preg_match("#^MAC Address:\\s+([0-9A-Z:]+)\$#", trim($ligne), $re)) {
            if (isset($MACSSCAN[trim($re[1])])) {
                continue;
            }
            $computer[$ipaddr]["MAC"] = trim($re[1]);
            $LOGS[] = "Found {$ipaddr} with mac {$re[1]} ";
            $MACSSCAN[trim($re[1])] = true;
            continue;
        }
        if (preg_match("#^MAC Address:(.+).+?\\((.+?)\\)#", $ligne, $re)) {
            if (isset($MACSSCAN[trim($re[1])])) {
                continue;
            }
            $MACSSCAN[trim($re[1])] = true;
            $computer[$ipaddr]["MAC"] = trim($re[1]);
            $computer[$ipaddr]["MACHINE_TYPE"] = trim($re[2]);
            $LOGS[] = "Found {$ipaddr} with mac {$re[1]} and machine type {$re[2]}";
            continue;
        }
        if (preg_match("#^Running:(.+)#", $ligne, $re)) {
            $computer[$ipaddr]["RUNNING"] = trim($re[1]);
            continue;
        }
        if (preg_match("#^OS details:(.+)#", $ligne, $re)) {
            $LOGS[] = "Found {$ipaddr} with OS {$re[1]}";
            $computer[$ipaddr]["OS"] = trim($re[1]);
            continue;
        }
    }
    nmap_logs(count($f) . " analyzed lines", @implode("\n", $LOGS));
    $c = 0;
    while (list($ipaddr, $array) = each($computer)) {
        if (isset($already[$mac])) {
            continue;
        }
        $mac = trim($array["MAC"]);
        if ($mac == null) {
            continue;
        }
        $c++;
        $already[$mac] = true;
        $ldap_ipaddr = null;
        $ComputerRealName = null;
        $uid = null;
        $RAISON = array();
        if (!isset($array["HOSTNAME"])) {
            $array["HOSTNAME"] = null;
        }
        if (!isset($array["OS"])) {
            $array["OS"] = null;
        }
        if (!isset($array["RUNNING"])) {
            $array["RUNNING"] = null;
        }
        if (!isset($array["MACHINE_TYPE"])) {
            $array["MACHINE_TYPE"] = null;
        }
        $cmp = new computers(null);
        $uid = $cmp->ComputerIDFromMAC($mac);
        if ($uid != null) {
            if ($GLOBALS["VERBOSE"]) {
                echo "{$mac} = {$uid}\n";
            }
            $cmp = new computers($uid);
            $ldap_ipaddr = $cmp->ComputerIP;
            $ComputerRealName = $cmp->ComputerRealName;
            if ($GLOBALS["VERBOSE"]) {
                echo "{$mac} = {$uid}\nLDAP:{$ldap_ipaddr}<>NMAP:{$ipaddr}\nLDAP CMP:{$ComputerRealName}<>NMAP:{$array["HOSTNAME"]}";
            }
            if ($array["HOSTNAME"] != null) {
                $EXPECTED_UID = strtoupper($array["HOSTNAME"]) . "\$";
                if ($EXPECTED_UID != $uid) {
                    $RAISON[] = "UID: {$uid} is different from {$EXPECTED_UID}";
                    nmap_logs("EDIT UID: {$mac}:[{$array["HOSTNAME"]}] ({$ipaddr})", @implode("\n", $array) . "\n" . @implode("\n", $RAISON), $uid);
                    $cmp->update_uid($EXPECTED_UID);
                }
            }
            if ($ldap_ipaddr != $ipaddr) {
                writelogs("Change {$ldap_ipaddr} -> to {$ipaddr} for  {$cmp->uid}", __FUNCTION__, __FILE__, __LINE__);
                $RAISON[] = "LDAP IP ADDR: {$ldap_ipaddr} is different from {$ipaddr}";
                $RAISON[] = "DN: {$cmp->dn}";
                $RAISON[] = "UID: {$cmp->uid}";
                $RAISON[] = "MAC: {$cmp->ComputerMacAddress}";
                if (!$cmp->update_ipaddr($ipaddr)) {
                    $RAISON[] = "ERROR:{$cmp->ldap_last_error}";
                }
                nmap_logs("EDIT IP: {$mac}:[{$array["HOSTNAME"]}] ({$ipaddr})", @implode("\n", $array) . "\n" . @implode("\n", $RAISON), $uid);
            }
            if ($array["OS"] != null) {
                if (strtolower($cmp->ComputerOS == "Unknown")) {
                    $cmp->ComputerOS = null;
                }
                if ($cmp->ComputerOS == null) {
                    $RAISON[] = "LDAP OS: {$cmp->ComputerOS} is different from {$array["OS"]}";
                    nmap_logs("EDIT OS: {$mac}:[{$array["HOSTNAME"]}] ({$ipaddr})", @implode("\n", $array) . "\n" . @implode("\n", $RAISON), $uid);
                    $cmp->update_OS($array["OS"]);
                }
            }
        } else {
            if ($array["HOSTNAME"] != null) {
                $uid = "{$array["HOSTNAME"]}\$";
            } else {
                $uid = "{$ipaddr}\$";
            }
            nmap_logs("ADD NEW: {$mac}:[{$array["HOSTNAME"]}] ({$ipaddr})", @implode("\n", $array) . "\n" . @implode("\n", $RAISON), "{$uid}");
            $cmp = new computers();
            $cmp->ComputerIP = $ipaddr;
            $cmp->ComputerMacAddress = $mac;
            $cmp->uid = "{$uid}";
            $cmp->ComputerOS = $array["OS"];
            $cmp->ComputerRunning = $array["RUNNING"];
            $cmp->ComputerMachineType = $array["MACHINE_TYPE"];
            $cmp->Add();
        }
    }
    nmap_logs("{$c} hosts analyzed in databases");
    @unlink("/etc/artica-postfix/nmap.map");
    //print_r($computer);
}
Exemplo n.º 2
0
function nmap_scan_results()
{
    if (!is_file("/etc/artica-postfix/nmap.map")) {
        return;
    }
    $f = explode("\n", @file_get_contents("/etc/artica-postfix/nmap.map"));
    $ipaddr = null;
    $computer = array();
    while (list($index, $ligne) = each($f)) {
        $ligne = trim($ligne);
        if ($ligne == null) {
            continue;
        }
        if ($ligne == "PORT  STATE  SERVICE") {
            continue;
        }
        if (strpos("    {$ligne}", "Network Distance:") > 0) {
            continue;
        }
        if (strpos("    {$ligne}", "tcp closed tcpmux") > 0) {
            continue;
        }
        if (strpos("    {$ligne}", "Too many fingerprints match") > 0) {
            continue;
        }
        if (strpos("    {$ligne}", "OS detection performed. Please report") > 0) {
            continue;
        }
        if (strpos("    {$ligne}", "OSScan results may be unreliable") > 0) {
            continue;
        }
        if (strpos("    {$ligne}", "/tcp filtered") > 0) {
            continue;
        }
        if (preg_match("#Nmap scan report for\\s+(.+?)\\s+\\(([0-9\\.]+)#", $ligne, $re)) {
            $ipaddr = $re[2];
            $computer[$ipaddr]["IPADDR"] = $re[2];
            $computer[$ipaddr]["HOSTNAME"] = trim($re[1]);
            if ($GLOBALS["VERBOSE"]) {
                echo "Found IP:{$ipaddr} hostname=`{$re[1]}` in `{$ligne}`\n";
            }
            $LOGS[] = "Found {$ipaddr} hostname= {$re[1]}";
            continue;
        }
        if (preg_match("#Interesting ports on (.*?)\\s+\\(([0-9\\.]+)\\)#", $ligne, $re)) {
            $ipaddr = $re[2];
            $computer[$ipaddr]["IPADDR"] = $re[2];
            $computer[$ipaddr]["HOSTNAME"] = trim($re[1]);
            if ($GLOBALS["VERBOSE"]) {
                echo "Found IP:{$ipaddr} hostname=`{$re[1]}` in `{$ligne}`\n";
            }
            $LOGS[] = "Found {$ipaddr} hostname= {$re[1]}";
            continue;
        }
        if (preg_match("#Interesting ports on ([0-9\\.]+):#", $ligne, $re)) {
            $ipaddr = $re[1];
            $computer[$ipaddr]["IPADDR"] = $re[1];
            if ($GLOBALS["VERBOSE"]) {
                echo "Found IP:{$ipaddr} only in `{$ligne}`\n";
            }
            $LOGS[] = "Found {$ipaddr} only";
            continue;
        }
        if (preg_match("#Nmap scan report for ([0-9\\.]+)\$#", trim($ligne), $re)) {
            $ipaddr = $re[1];
            $computer[$ipaddr]["IPADDR"] = $re[1];
            if ($GLOBALS["VERBOSE"]) {
                echo "[{$ipaddr}]: Found IP address `{$ipaddr}` without computername in `{$ligne}`\n";
            }
            $LOGS[] = "Found {$ipaddr} without computername ";
            continue;
        }
        if (preg_match("#^MAC Address:\\s+([0-9A-Z:]+)\$#", trim($ligne), $re)) {
            if (trim($ipaddr) == null) {
                continue;
            }
            if (isset($MACSSCAN[trim($re[1])])) {
                continue;
            }
            $computer[$ipaddr]["MAC"] = trim($re[1]);
            $LOGS[] = "Found {$ipaddr} with mac {$re[1]} ";
            if ($GLOBALS["VERBOSE"]) {
                echo "[{$ipaddr}]: Found mac {$re[1]} in `{$ligne}`\n";
            }
            $MACSSCAN[trim($re[1])] = true;
            continue;
        }
        if (preg_match("#^MAC Address:(.+).+?\\((.+?)\\)#", $ligne, $re)) {
            if (trim($ipaddr) == null) {
                continue;
            }
            if (isset($MACSSCAN[trim($re[1])])) {
                continue;
            }
            $MACSSCAN[trim($re[1])] = true;
            $computer[$ipaddr]["MAC"] = trim($re[1]);
            $computer[$ipaddr]["MACHINE_TYPE"] = trim($re[2]);
            if ($GLOBALS["VERBOSE"]) {
                echo "[{$ipaddr}]: Found mac {$re[1]} and machine type {$re[2]} in `{$ligne}`\n";
            }
            $LOGS[] = "Found {$ipaddr} with mac {$re[1]} and machine type {$re[2]}";
            continue;
        }
        if (preg_match("#^Running:(.+)#", $ligne, $re)) {
            if (trim($ipaddr) == null) {
                continue;
            }
            if ($GLOBALS["VERBOSE"]) {
                echo "Found running in `{$line}`\n";
            }
            $computer[$ipaddr]["RUNNING"] = trim($re[1]);
            continue;
        }
        if (preg_match("#^OS details:(.+)#", $ligne, $re)) {
            if ($GLOBALS["VERBOSE"]) {
                echo "[{$ipaddr}]: Found OS {$re[1]} in `{$ligne}`\n";
            }
            $LOGS[] = "Found {$ipaddr} with OS {$re[1]}";
            $computer[$ipaddr]["OS"] = trim($re[1]);
            continue;
        }
        if ($GLOBALS["VERBOSE"]) {
            echo "[{$ipaddr}]: Not understood in `{$ligne}`\n";
        }
    }
    nmap_logs(count($f) . " analyzed lines", @implode("\n", $LOGS));
    $c = 0;
    $prefix_sql = "INSERT IGNORE INTO computers_lastscan (`MAC`, `zDate`,`ipaddr`,`hostname`,`Info`) VALUES ";
    while (list($ipaddr, $array) = each($computer)) {
        if (!isset($array["MAC"])) {
            continue;
        }
        $mac = trim($array["MAC"]);
        if (isset($already[$mac])) {
            continue;
        }
        if ($mac == null) {
            continue;
        }
        $c++;
        $already[$mac] = true;
        $ldap_ipaddr = null;
        $ComputerRealName = null;
        $uid = null;
        $RAISON = array();
        if (!isset($array["HOSTNAME"])) {
            $array["HOSTNAME"] = null;
        }
        if (!isset($array["OS"])) {
            $array["OS"] = null;
        }
        if (!isset($array["RUNNING"])) {
            $array["RUNNING"] = null;
        }
        if (!isset($array["MACHINE_TYPE"])) {
            $array["MACHINE_TYPE"] = null;
        }
        $date = date('Y-m-d H:i:s');
        $infos = addslashes($array["OS"] . " Type:{$array["MACHINE_TYPE"]} ");
        $SQLAD[] = "('{$mac}','{$date}','{$ipaddr}','{$array["HOSTNAME"]}','{$infos}')";
        $cmp = new computers(null);
        $uid = $cmp->ComputerIDFromMAC($mac);
        if ($uid != null) {
            if ($GLOBALS["VERBOSE"]) {
                echo "{$mac} = {$uid}\n";
            }
            $cmp = new computers($uid);
            $ldap_ipaddr = $cmp->ComputerIP;
            $ComputerRealName = $cmp->ComputerRealName;
            if ($GLOBALS["VERBOSE"]) {
                echo "{$mac} = {$uid}\nLDAP:{$ldap_ipaddr}<>NMAP:{$ipaddr}\nLDAP CMP:{$ComputerRealName}<>NMAP:{$array["HOSTNAME"]}";
            }
            if ($array["HOSTNAME"] != null) {
                $EXPECTED_UID = strtoupper($array["HOSTNAME"]) . "\$";
                if ($EXPECTED_UID != $uid) {
                    $RAISON[] = "UID: {$uid} is different from {$EXPECTED_UID}";
                    nmap_logs("EDIT UID: {$mac}:[{$array["HOSTNAME"]}] ({$ipaddr})", @implode("\n", $array) . "\n" . @implode("\n", $RAISON), $uid);
                    $cmp->update_uid($EXPECTED_UID);
                }
            }
            if ($ldap_ipaddr != $ipaddr) {
                writelogs("Change {$ldap_ipaddr} -> to {$ipaddr} for  {$cmp->uid}", __FUNCTION__, __FILE__, __LINE__);
                $RAISON[] = "LDAP IP ADDR: {$ldap_ipaddr} is different from {$ipaddr}";
                $RAISON[] = "DN: {$cmp->dn}";
                $RAISON[] = "UID: {$cmp->uid}";
                $RAISON[] = "MAC: {$cmp->ComputerMacAddress}";
                if (!$cmp->update_ipaddr($ipaddr)) {
                    $RAISON[] = "ERROR:{$cmp->ldap_last_error}";
                }
                nmap_logs("EDIT IP: {$mac}:[{$array["HOSTNAME"]}] ({$ipaddr})", @implode("\n", $array) . "\n" . @implode("\n", $RAISON), $uid);
            }
            if ($array["OS"] != null) {
                if (strtolower($cmp->ComputerOS == "Unknown")) {
                    $cmp->ComputerOS = null;
                }
                if ($cmp->ComputerOS == null) {
                    $RAISON[] = "LDAP OS: {$cmp->ComputerOS} is different from {$array["OS"]}";
                    nmap_logs("EDIT OS: {$mac}:[{$array["HOSTNAME"]}] ({$ipaddr})", @implode("\n", $array) . "\n" . @implode("\n", $RAISON), $uid);
                    $cmp->update_OS($array["OS"]);
                }
            }
        } else {
            if ($array["HOSTNAME"] != null) {
                $uid = "{$array["HOSTNAME"]}\$";
            } else {
                continue;
            }
            nmap_logs("ADD NEW: {$mac}:[{$array["HOSTNAME"]}] ({$ipaddr})", @implode("\n", $array) . "\n" . @implode("\n", $RAISON), "{$uid}");
            $cmp = new computers();
            $cmp->ComputerIP = $ipaddr;
            $cmp->ComputerMacAddress = $mac;
            $cmp->uid = "{$uid}";
            $cmp->ComputerOS = $array["OS"];
            $cmp->ComputerRunning = $array["RUNNING"];
            $cmp->ComputerMachineType = $array["MACHINE_TYPE"];
            $cmp->Add();
        }
    }
    if ($GLOBALS["VERBOSE"]) {
        echo "*** " . count($SQLAD) . " MYsql queries...***\n";
    }
    system_admin_events("{$c} hosts analyzed in networks", __FUNCTION__, __FILE__, __LINE__, "nmap");
    nmap_logs("{$c} hosts analyzed in networks", @file_get_contents("/etc/artica-postfix/nmap.map"), null);
    if (count($SQLAD) > 0) {
        $q = new mysql();
        $q->QUERY_SQL("DROP TABLE computers_lastscan", "artica_backup");
        $q->check_storage_table(true);
        $final = $prefix_sql . @implode(",", $SQLAD);
        if ($GLOBALS["VERBOSE"]) {
            echo "*** {$final} ***\n";
        }
        $q->QUERY_SQL($prefix_sql . @implode(",", $SQLAD), "artica_backup");
        if (!$q->ok) {
            echo $q->mysql_error . "\n";
        }
    }
    @unlink("/etc/artica-postfix/nmap.map");
    //print_r($computer);
}