public function system_snmp() { // check to make sure we have SNMP capability # TODO - provide a message saying SNMP extension not loaded if (!extension_loaded('snmp')) { redirect('main/list_devices'); } $this->load->model("m_system"); $this->load->model("m_audit_log"); $this->load->model("m_devices_components"); $this->load->library('encrypt'); $this->load->helper('snmp'); $this->load->helper('snmp_oid'); $details = new stdClass(); $details->id = $this->uri->segment(3, 0); $credentials = $this->m_devices_components->read($details->id, 'y', 'credential'); foreach ($credentials as $credential) { if (!empty($credential->type) and $credential->type == 'snmp') { break; } } $details->hostname = $this->m_devices_components->read($details->id, 'y', 'system', '', 'hostname'); if ($details->hostname == '-') { $details->hostname = ''; } $details->ip = ip_address_from_db($this->m_devices_components->read($details->id, 'y', 'system', '', 'ip')); $details->show_output = true; # set up the pop up page echo "<html>\n\t\t<head>\n\t\t<script type=\"text/javascript\">\n\t\twindow.onunload = refreshParent;\n\t\tfunction refreshParent()\n\t\t{\n\t\t\twindow.opener.location.reload();\n\t\t}\n\t\tfunction CloseMe()\n\t\t{\n\t\t\twindow.opener.location.reload();\n\t\t\twindow.close();\n\t\t}\n\t\t</script>\n\t\t</head>\n\t\t<body>\n\t\t<h3 style='text-align: center'>Open-AudIT SNMP Scan</h3>\n\t\t<p style='font-family: \"Verdana\",\"Lucida Sans Unicode\",\"Lucida Sans\",sans-serif; font-size: 12px;'>\n\t\t<pre>"; # audit the device via snmp #if ($temp_array = get_snmp($details)) { if ($temp_array = snmp_audit($details->ip, $credential->attributes, 'y')) { if (!empty($temp_array['details'])) { foreach ($temp_array['details'] as $key => $value) { if (!empty($value)) { $details->{$key} = $value; } } $details->last_seen_by = 'snmp'; $details->audits_ip = '127.0.0.1'; } } else { echo "Error - nothing returned when SNMP routine executed."; } $network_interfaces = $temp_array['interfaces']; $ip = $temp_array['ip']; unset($guests); if (isset($temp_array['guests']) and count($temp_array['guests']) > 0) { $guests = $temp_array['guests']; } $modules = $temp_array['modules']; $details->last_seen_by = 'snmp'; $details->last_seen = $this->config->config['timestamp']; $details->last_user = $this->user->full_name; $details->audits_ip = '127.0.0.1'; if ($this->config->item('discovery_use_dns') == 'y') { $details = dns_validate($details, 'y'); } #unset($details->type); unset($details->show_output); unset($details->ip); echo "<pre>\n"; if (isset($details->snmp_oid) and $details->snmp_oid > '') { $details->original_timestamp = $this->m_devices_components->read($details->id, 'y', 'system', '', 'last_seen'); $this->m_system->update_system($details); if (isset($this->user->full_name)) { $temp_user = $this->user->full_name; } else { $temp_user = ''; } $this->m_audit_log->create($details->id, $temp_user, $details->last_seen_by, $details->audits_ip, '', '', $details->last_seen); unset($temp_user); # update any network interfaces and ip addresses retrieved by SNMP $details->last_seen = $this->m_devices_components->read($details->id, 'y', 'system', '', 'last_seen'); $details->first_seen = $this->m_devices_components->read($details->id, 'y', 'system', '', 'first_seen'); $details->original_last_seen_by = $this->m_devices_components->read($details->id, 'y', 'system', '', 'last_seen_by'); if (isset($network_interfaces) and is_array($network_interfaces) and count($network_interfaces) > 0) { $input = new stdClass(); $input->item = array(); $input->item = $network_interfaces; $this->m_devices_components->process_component('network', $details, $input, 'y'); } if (isset($ip->item) and count($ip->item) > 0) { $this->m_devices_components->process_component('ip', $details, $ip, 'y'); } # insert any found virtual machines if (isset($guests) and is_array($guests) and count($guests) > 0) { $vm = new stdClass(); $vm->item = array(); $vm->item = $guests; $this->m_devices_components->process_component('vm', $details, $vm, 'y'); } # insert any modules if (isset($modules) and is_array($modules) and count($modules) > 0) { $input = new stdClass(); $input->item = array(); $input->item = $modules; $this->m_devices_components->process_component('module', $details, $input, 'y'); } // Generate any DNS entries required $dns = new stdClass(); $dns->item = array(); $dns->item = $this->m_devices_components->create_dns_entries((int) $details->id); if (count($dns->item) > 0) { $this->m_devices_components->process_component('dns', $details, $dns, 'y'); } unset($dns); // insert a blank to indicate we're finished this part of the discovery // if required, the audit scripts will insert their own audit logs $this->m_audit_log->update('debug', '', $details->id, $details->last_seen); } else { echo "Audit NOT submitted."; } echo "<div align=\"center\"><input type=\"button\" value=\"Close\" onclick=\"CloseMe();\"/></div></p>\n</body>\n</html>"; }
public function process_subnet() { // accept or process the output of the discover subnet script - nmap details if (!isset($_POST['form_details'])) { $this->load->view('v_process_subnet', $this->data); } else { $display = ''; if ($this->input->post('debug') and strpos($_SERVER['HTTP_ACCEPT'], 'html')) { $display = 'y'; echo "<pre>\n"; echo "DEBUG - Starting process_subnet.\n"; echo "***********************************************************************************\n"; echo "* NOTE - THIS PAGE WILL CONTINUOUSLY RENDER UNTIL THE DISCOVERY HAS FINISHED *\n"; echo "* WATCH YOUR BROSWER TO SEE WHEN THE PAGE FINISHES RENDERING *\n"; echo "* DO NOT REFRESH THIS PAGE OR ATTEMPT TO GO 'back' UNTIL THE PAGE HAS COMPLETED *\n"; echo "***********************************************************************************\n"; } $this->load->model('m_oa_user'); $this->load->model('m_scripts'); if (isset($this->session->userdata['user_id']) and is_numeric($this->session->userdata['user_id'])) { $this->user = $this->m_oa_user->get_user_details($this->session->userdata['user_id']); } // all logging will be as below, only the message will change $log_details = new stdClass(); $log_details->severity = 7; $log_details->file = 'system'; $log_details->display = $display; if (!$this->m_oa_config->check_blessed($_SERVER['REMOTE_ADDR'], '')) { if ($display == 'y') { $log_details->message = "Audit submission from an IP (" . $_SERVER['REMOTE_ADDR'] . ") not in the list of blessed subnets, exiting."; echo "\n" . $log_details->message . "\n"; stdlog($log_details); } exit; } $this->load->helper('url'); $this->load->model('m_credentials'); if ($display == 'y') { echo 'DEBUG - <a href=\'' . base_url() . "index.php/discovery/discover_subnet'>Back to input page</a>\n"; echo 'DEBUG - <a href=\'' . base_url() . "index.php'>Front Page</a>\n"; } if (php_uname('s') != 'Windows NT') { $filepath = $this->config->config['base_path'] . '/other'; } else { $filepath = $this->config->config['base_path'] . '\\other'; } $this->load->helper('xml'); $xml_input = $_POST['form_details']; try { $xml = new SimpleXMLElement($xml_input); } catch (Exception $error) { // not a valid XML string $log_details->message = 'Invalid XML input for discovery from ' . $_SERVER['REMOTE_ADDR']; stdlog($log_details); exit; } $this->load->helper('url'); $this->load->library('encrypt'); $this->load->helper('ipmi'); if (extension_loaded('snmp')) { $this->load->helper('snmp'); $this->load->helper('snmp_oid'); } $this->load->model('m_system'); $this->load->model('m_oa_group'); $this->load->model('m_audit_log'); $this->load->model('m_change_log'); $this->load->model('m_devices_components'); $this->load->model('m_devices'); $timestamp = $this->config->config['timestamp']; $count = 0; foreach ($xml->children() as $details) { $details = (object) $details; if (isset($details->complete) and $details->complete == 'y') { // delete the credential set if ($display == 'y') { echo "DEBUG - ----------------------------------------------------\n"; } $this->echo_details($details); sleep(5); $log_details->message = 'Deleting credential set for ' . $details->subnet_range . ' submitted on ' . $details->subnet_timestamp; stdlog($log_details); $sql = '/* discovery::process_subnet */ DELETE FROM oa_temp WHERE temp_name = \'Subnet Credentials - ' . $details->subnet_range . '\' and temp_timestamp = \'' . $details->subnet_timestamp . '\' '; $query = $this->db->query($sql); } else { $skip = false; if (stripos(' ' . $this->config->config['discovery_ip_exclude'] . ' ', ' ' . $details->ip . ' ') !== false) { # Our ip address matched an ip in the discovery_ip_exclude list - exit $log_details->message = $details->ip . ' is in the list of excluded ip addresses - skipping.'; stdlog($log_details); $skip = true; } if (!$skip) { $log_details->message = 'Start processing ' . $details->ip; stdlog($log_details); $count++; $details->last_seen = $timestamp; $details->last_user = ''; $details->last_seen_by = 'nmap'; $details->domain = ''; $details->audits_ip = ip_address_to_db($_SERVER['REMOTE_ADDR']); $details->hostname = ''; if ($this->config->item('discovery_use_dns') == 'y') { $details = dns_validate($details, $display); } $details->id = ''; $details->id = $this->m_system->find_system($details); $details->last_seen_user = ''; $details->network_address = ''; $details->limit = 1000000; $details->count = 0; $details->use_https = ''; // # 1.12.6 $credentials = array(); // If we find a device and we're in DEBUG, output a result line. if ($display == 'y') { if (!empty($details->id)) { echo 'DEBUG - Device found with ID: <a href=\'' . base_url() . 'index.php/main/system_display/' . $details->id . '\'>' . $details->id . "</a>.\n"; } } // Device specific credentials if (!empty($details->id)) { $temp = $this->m_devices_components->read(intval($details->id), 'y', 'credential', '', '*'); if (count($temp) > 0) { foreach ($temp as $credential) { $credentials[] = $credential; } } unset($temp); } // Credential Sets $temp = $this->m_credentials->collection(); if (count($temp) > 0) { $credentials = array_merge($credentials, $temp); } unset($temp); // supplied credentials $sql = '/* discovery::process_subnet */ SELECT temp_value FROM oa_temp WHERE temp_name = \'Subnet Credentials - ' . $details->subnet_range . '\' and temp_timestamp = \'' . $details->subnet_timestamp . '\' ORDER BY temp_id DESC LIMIT 1'; $query = $this->db->query($sql); $row = $query->row(); $supplied_credentials = @$row->temp_value; $supplied = new stdClass(); if (isset($supplied_credentials) and $supplied_credentials > '') { $supplied_credentials = $this->encrypt->decode($supplied_credentials); $supplied_credentials = json_decode($supplied_credentials); $details->last_seen_user = @$supplied_credentials->last_user; $details->network_address = @$supplied_credentials->network_address; $details->limit = (int) @$supplied_credentials->limit; $details->count = (int) @$supplied_credentials->count; $details->org_id = (int) @$supplied_credentials->org; $details->location_id = (int) @$supplied_credentials->location; $details->org_id = (int) @$supplied_credentials->org; $details->location_id = (int) @$supplied_credentials->location; $details->use_https = (string) @$supplied_credentials->use_https; } # TODO - replace the ugly code below $creds = array(); foreach ($credentials as $credential) { $creds[] = $credential->attributes; } unset($credentials); $credentials = $creds; unset($creds); // default Open-AudIT credentials // $default = $this->m_oa_config->get_credentials(); // unset($default); if (intval($details->count) >= intval($details->limit)) { # we have discovered the requested number of devcies $log_details->message = 'Count from DB is higher than requested limit, exiting. Count: ' . $details->count . ' Limit: ' . $details->limit; stdlog($log_details); return; } if (empty($supplied_credentials)) { $supplied_credentials = new stdClass(); } if (empty($supplied_credentials->count)) { $supplied_credentials->count = 0; } else { $supplied_credentials->count++; } $sql = '/* discovery::process_subnet */ UPDATE oa_temp SET temp_value = ? WHERE temp_name = \'Subnet Credentials - ' . $details->subnet_range . '\' and temp_timestamp = \'' . $details->subnet_timestamp . '\''; $data_in = json_encode($supplied_credentials); $data_in = $this->encrypt->encode($data_in); $data = array("{$data_in}"); $query = $this->db->query($sql, $data); $details->last_user = $details->last_seen_user; $log_details->user = $details->last_seen_user; // create the URL for use by the audit scripts # use $_POST if supplied if (isset($_POST['network_address']) and $_POST['network_address'] > '') { $temp = explode('/', base_url()); $url = str_replace($temp[2], $_POST['network_address'], base_url()); # use $details->network_address if stored in DB } elseif (isset($details->network_address) and $details->network_address != '') { $temp = explode('/', base_url()); $url = str_replace($temp[2], $details->network_address, base_url()); # use the open-audit default config value } elseif (isset($this->config->config['default_network_address']) and $this->config->config['default_network_address'] > '') { $temp = explode('/', base_url()); $url = str_replace($temp[2], $this->config->config['default_network_address'], base_url()); # use the PHP function to guess as a last resort } else { $url = base_url(); } unset($details->network_address); if ($details->use_https == 'on') { $url = str_ireplace('http://', 'https://', $url); } if (isset($supplied->snmp_community) and $supplied->snmp_community != '') { $details->snmp_community = $supplied->snmp_community; } // output to log file and DEBUG the status of the three main services $log_details->message = 'WMI Status is ' . $details->wmi_status . ' on ' . $details->ip; stdlog($log_details); // On OSX we cannot run Nmap and get a UDP port result for 161 as 'You requested a scan type which requires root privileges.' So just set the snmp_status to true and attempt to snmp_audit the target device if (php_uname('s') == 'Darwin') { $details->snmp_status = 'true'; $details->nmap_ports .= ',161/udp/snmp'; } $log_details->message = 'SNMP Status is ' . $details->snmp_status . ' on ' . $details->ip; stdlog($log_details); $log_details->message = 'SSH Status is ' . $details->ssh_status . ' on ' . $details->ip; stdlog($log_details); // get rid of os_* as nmap only guesses unset($details->os_group); unset($details->os_family); unset($details->os_name); # IPMI audit # TODO - make a ipmi_helper::ipmi_credentials function // if (isset($this->config->config['discovery_use_ipmi']) and $this->config->config['discovery_use_ipmi'] == 'y') { // $credentials_ipmi = new stdClass(); // $credentials_ipmi->type = 'ipmi'; // $credentials_ipmi->credentials = new stdClass(); // $credentials_ipmi->credentials->username = $this->config->config['default_ipmi_username']; // $credentials_ipmi->credentials->password = $this->config->config['default_ipmi_username']; // $credentials[] = $credentials_ipmi; // $ipmi_details = ipmi_audit($details->ip, $credentials_ipmi, $display); // if (!empty($ipmi_details)) { // foreach ($ipmi_details as $key => $value) { // if (!empty($value)) { // $details->key = $value; // } // } // } // if ($details->serial) { // $details->last_seen_by = 'ipmi'; // $details->audits_ip = '127.0.0.1'; // } // } // SNMP audit if (!extension_loaded('snmp') and $details->snmp_status == 'true') { $log_details->message = 'PHP extension not loaded, skipping SNMP data retrieval for ' . $details->ip; stdlog($log_details); } if (extension_loaded('snmp') and $details->snmp_status == 'true') { $log_details->message = 'Testing SNMP credentials for ' . $details->ip; stdlog($log_details); $credentials_snmp = snmp_credentials($details->ip, $credentials, $display); } else { $credentials_snmp = false; } if ($credentials_snmp) { $temp_array = snmp_audit($details->ip, $credentials_snmp, $display); if (!empty($temp_array['details'])) { foreach ($temp_array['details'] as $key => $value) { if (!empty($value)) { $details->{$key} = $value; } } $details->last_seen_by = 'snmp'; $details->audits_ip = '127.0.0.1'; } if (!empty($temp_array['interfaces'])) { $network_interfaces = $temp_array['interfaces']; } if (!empty($temp_array['modules'])) { $modules = $temp_array['modules']; } if (!empty($temp_array['ip'])) { $ip = $temp_array['ip']; } if (!empty($temp_array['guests'])) { $guests = $temp_array['guests']; } } // new for 1.8.4 - if we have a non-computer, do not attempt to connect using SSH if ($details->type != 'computer' and $details->type != '' and $details->type != 'unknown' and $details->os_family != 'DD-WRT' and stripos($details->sysDescr, 'dd-wrt') === false) { $log_details->message = 'Not a computer and not a DD-WRT device, setting SSH status to false for ' . $details->ip . ' (System ID ' . $details->id . ')'; stdlog($log_details); $details->ssh_status = 'false'; } # test for working SSH credentials if ($details->ssh_status == 'true') { $log_details->message = 'Testing SSH credentials for ' . $details->ip; stdlog($log_details); $credentials_ssh = ssh_credentials($details->ip, $credentials, $display); } else { $credentials_ssh = false; } # run SSH audit commands if ($details->ssh_status == 'true' and $credentials_ssh) { $ssh_details = ssh_audit($details->ip, $credentials_ssh, $display); if (!empty($ssh_details)) { $details->last_seen_by = 'ssh'; $details->audits_ip = '127.0.0.1'; foreach ($ssh_details as $key => $value) { if (!empty($value)) { $details->{$key} = $value; } } } } // test for working Windows credentials if ($details->wmi_status == 'true') { $log_details->message = 'Testing Windows credentials for ' . $details->ip; stdlog($log_details); $credentials_windows = windows_credentials($details->ip, $credentials, $display); } else { $credentials_windows = false; } # run Windows audit commands if ($details->wmi_status == 'true' and $credentials_windows) { $windows_details = wmi_audit($details->ip, $credentials_windows, $display); if (!empty($windows_details)) { $details->last_seen_by = 'windows'; $details->audits_ip = '127.0.0.1'; foreach ($windows_details as $key => $value) { if (!empty($value)) { $details->{$key} = $value; } } } } # in the case where port 5060 is detected and we have no other information, assign type 'voip phone' if (empty($details->type) and empty($details->snmp_oid) and empty($details->uuid) and stripos($details->nmap_result, '5060/') !== false) { $details->type = 'voip phone'; } if ($this->config->item('discovery_use_dns') == 'y') { $details = dns_validate($details, $display); } $details->id = $this->m_system->find_system($details, $display); if ($display == 'y') { $details->show_output = true; echo "=======DETAILS======\n"; foreach ($details as $key => $value) { echo "DEBUG - " . $key . ": " . (string) $value . "\n"; } echo "====================\n"; ob_flush(); flush(); } // insert or update the device if (isset($details->id) and $details->id != '') { // we have a system id - UPDATE $log_details->message = strtoupper($details->last_seen_by) . " update for {$details->ip} (System ID {$details->id})"; stdlog($log_details); $details->original_last_seen = $this->m_devices_components->read($details->id, 'y', 'system', '', 'last_seen'); $details->original_last_seen_by = $this->m_devices_components->read($details->id, 'y', 'system', '', 'last_seen_by'); $this->m_system->update_system($details, $display); } else { // we have a new system - INSERT $log_details->message = strtoupper($details->last_seen_by) . " insert for {$details->ip}"; stdlog($log_details); $details->id = $this->m_system->insert_system($details, $display); } // grab some timestamps $details->last_seen = $this->m_devices_components->read($details->id, 'y', 'system', '', 'last_seen'); $details->first_seen = $this->m_devices_components->read($details->id, 'y', 'system', '', 'first_seen'); // Insert an audit log if (isset($this->user->full_name)) { $temp_user = $this->user->full_name; } else { $temp_user = ''; } $this->m_audit_log->create($details->id, $temp_user, $details->last_seen_by, $details->audits_ip, '', '', $details->last_seen); unset($temp_user); // Update the groups if ($this->config->config['discovery_update_groups'] == 'y') { $this->m_oa_group->update_system_groups($details); } // update any network interfaces and ip addresses retrieved by SNMP if (isset($network_interfaces) and is_array($network_interfaces) and count($network_interfaces) > 0) { $input = new stdClass(); $input->item = array(); $input->item = $network_interfaces; $this->m_devices_components->process_component('network', $details, $input, $display); } // insert any ip addresses if (isset($ip->item) and count($ip->item) > 0) { $this->m_devices_components->process_component('ip', $details, $ip, $display); } // finish off with updating any network IPs that don't have a matching interface $this->m_devices_components->update_missing_interfaces($details->id); // insert any modules if (isset($modules) and count($modules) > 0) { $input = new stdClass(); $input->item = array(); $input->item = $modules; $this->m_devices_components->process_component('module', $details, $input, $display); } // insert any found virtual machines if (isset($guests) and is_array($guests) and count($guests) > 0) { $vm = new stdClass(); $vm->item = array(); $vm->item = $guests; $this->m_devices_components->process_component('vm', $details, $vm, $display); } if (!empty($credentials_snmp) and $details->snmp_status == 'true') { $log_details->message = 'SNMP credential update for ' . $details->ip . ' (System ID ' . $details->id . ')'; stdlog($log_details); $this->m_devices->sub_resource_create($details->id, 'credential', $credentials_snmp); } if (!empty($credentials_ssh) and $details->ssh_status == 'true') { $log_details->message = 'SSH credential update for ' . $details->ip . ' (System ID ' . $details->id . ')'; stdlog($log_details); $this->m_devices->sub_resource_create($details->id, 'credential', $credentials_ssh); } if (isset($credentials_windows) and $details->wmi_status == 'true') { $log_details->message = "Windows credential update for {$details->ip} (System ID {$details->id})"; stdlog($log_details); $this->m_devices->sub_resource_create($details->id, 'credential', $credentials_windows); } // $details->id is now set if ($display == 'y') { echo "DEBUG - System ID <a href='" . base_url() . "index.php/devices/" . $details->id . "'>" . $details->id . "</a>\n"; } // process and store the Nmap result $nmap_result = array(); foreach (explode(',', $details->nmap_ports) as $port) { $temp = explode('/', $port); $nmap_item = new stdClass(); $nmap_item->ip = (string) $details->ip; $nmap_item->port = $temp[0]; $nmap_item->protocol = $temp[1]; $nmap_item->program = $temp[2]; if ($nmap_item->port != '') { $nmap_result[] = $nmap_item; } unset($nmap_item); unset($temp); } if (count($nmap_result) > 0) { $input = new stdClass(); $input->item = array(); $input->item = $nmap_result; $this->m_devices_components->process_component('nmap', $details, $input, $display); } // insert a blank to indicate we're finished this part of the discovery // if required, the audit scripts will insert their own audit logs $this->m_audit_log->update('debug', '', $details->id, $details->last_seen); # Audit Windows if ($details->wmi_status == "true" and $credentials_windows) { $log_details->message = "Starting windows audit for {$details->ip} (System ID {$details->id})"; stdlog($log_details); $share = '\\admin$'; $destination = 'audit_windows.vbs'; if ($display = 'y') { $debugging = 3; } else { $debugging = 0; } $sql = "/* discovery::process_subnet */ SELECT * FROM `scripts` WHERE `name` = 'audit_windows.vbs' AND `based_on` = 'audit_windows.vbs' ORDER BY `id` LIMIT 1"; $query = $this->db->query($sql); $result = $query->result(); if (!empty($result[0])) { $script_details = $result[0]; # Just ensure we delete any audit scripts that might exist. # Shouldn't be required because we're creating based on the timestamp # Then open the file for writing $ts = date('y_m_d_H_i_s'); if (php_uname('s') == 'Windows NT') { $source_name = 'scripts\\audit_windows_' . $ts . '.vbs'; @unlink($this->config->config['base_path'] . '\\other\\' . $source_name); try { $fp = fopen($this->config->config['base_path'] . '\\other\\' . $source_name, 'w'); } catch (Exception $e) { print_r($e); } } else { $source_name = 'scripts/audit_windows_' . $ts . '.vbs'; @unlink($this->config->config['base_path'] . '/other/' . $source_name); try { $fp = fopen($this->config->config['base_path'] . '/other/' . $source_name, 'w'); } catch (Exception $e) { print_r($e); } } $script = $this->m_scripts->download($script_details->id); fwrite($fp, $script); fclose($fp); } else { $source_name = 'audit_windows.vbs'; } if (php_uname('s') != 'Windows NT') { $source = $this->config->config['base_path'] . '/other/' . $source_name; $command = "cscript c:\\windows\\audit_windows.vbs submit_online=y create_file=n strcomputer=. url=" . $url . "index.php/system/add_system debugging=" . $debugging . " system_id=" . $details->id . " last_seen_by=audit_wmi"; if (copy_to_windows($details->ip, $credentials_windows, $share, $source, $destination, $display)) { if (execute_windows($details->ip, $credentials_windows, $command, $display)) { # All complete! } else { # run audit script failed } } else { # copy audit script to Windows failed } if ($source_name != 'audit_windows.vbs') { unlink($this->config->config['base_path'] . '/other/' . $source_name); } } else { #if (strtolower($_SERVER['USERPROFILE']) == 'c:\windows\system32\config\systemprofile') { if (exec('whoami') == 'nt authority\\system') { # We're running on the LocalSystem account. # We cannot copy the audit script to the target and then run it, # We _must_ run the script locally and use $details->ip as the script target # We will loose the ability to retrieve certain items like files, netstat, tasks, etc $log_details->message = "Windows audit for {$details->ip} (System ID {$details->id})"; stdlog($log_details); $username = $credentials_windows->credentials->username; $temp = explode('@', $username); $username = $temp[0]; if (count($temp) > 1) { $domain = $temp[1] . '\\'; } else { $domain = ''; } unset($temp); if ($display == 'y') { $script_string = "{$filepath}\\" . $source_name . " strcomputer=" . $details->ip . " submit_online=y create_file=n struser="******" strpass="******" url=" . $url . "index.php/system/add_system debugging=3 system_id=" . $details->id . " last_seen_by=audit_wmi"; $command_string = "%comspec% /c start /b cscript //nologo " . $script_string; exec($command_string, $output, $return_var); $command_string = str_replace($credentials_windows->credentials->password, '******', $command_string); echo 'DEBUG - Command Executed: ' . $command_string . "\n"; echo 'DEBUG - Return Value: ' . $return_var . "\n"; echo "DEBUG - Command Output:\n"; print_r($output); if ($return_var != '0') { $error = "Attempt to run audit_windows.vbs on {$details->ip} has failed"; $log_details->message = $error; stdlog($log_details); } else { $log_details->message = "Attempt to run audit_windows.vbs on {$details->ip} has succeeded"; stdlog($log_details); } $output = null; $return_var = null; } else { $script_string = "{$filepath}\\" . $source_name . " strcomputer=" . $details->ip . " submit_online=y create_file=n struser="******" strpass="******" url=" . $url . "index.php/system/add_system debugging=0 system_id=" . $details->id . " last_seen_by=audit_wmi"; $command_string = "%comspec% /c start /b cscript //nologo " . $script_string . " &"; pclose(popen($command_string, "r")); } $command_string = null; if ($source_name != 'audit_windows.vbs') { unlink($this->config->config['base_path'] . '/other/' . $source_name); } } else { # We are running as something other than the LocalSystem account. # Therefore we _should_ be able to copy the audit script to tthe target and start it there # and therefore retrieve ALL information $source = $this->config->config['base_path'] . '\\other\\' . $source_name; rename($source, 'c:\\windows\\audit_windows_' . $ts . '.vbs'); $source = 'audit_windows_' . $ts . '.vbs'; $command = "cscript \\\\" . $details->ip . "\\admin\$\\audit_windows_" . $ts . ".vbs submit_online=y create_file=n strcomputer=. url=" . $url . "index.php/system/add_system debugging=" . $debugging . " system_id=" . $details->id . " self_delete=y last_seen_by=audit_wmi"; if (copy_to_windows($details->ip, $credentials_windows, $share, $source, $destination, $display)) { if (execute_windows($details->ip, $credentials_windows, $command, $display)) { # All complete! } else { # run audit script failed } } else { # copy audit script to Windows failed } if ($source_name != 'audit_windows.vbs') { unlink('c:\\windows\\audit_windows_' . $ts . '.vbs'); } } } } # Audit SSH if ($details->ssh_status == "true" and $details->os_family != 'DD-WRT' and $credentials_ssh) { $log_details->message = "Starting ssh audit for {$details->ip} (System ID {$details->id})"; stdlog($log_details); // $command = 'uname'; // $ssh_result = ssh_command($details->ip, $credentials_ssh, $command, $display); // if ($ssh_result['status'] == 0) { // $remote_os = $ssh_result['output'][0]; // } // switch (strtolower($remote_os)) { switch (strtolower($details->os_group)) { case 'aix': $audit_script = 'audit_aix.sh'; break; case 'vmkernel': $audit_script = 'audit_esxi.sh'; break; case 'linux': $audit_script = 'audit_linux.sh'; break; case 'darwin': $audit_script = 'audit_osx.sh'; break; case 'windows': $audit_script = ''; break; default: $audit_script = ''; break; } $destination = $audit_script; if ($display = 'y') { $debugging = 3; } else { $debugging = 0; } $sql = "/* discovery::process_subnet */ SELECT * FROM `scripts` WHERE `name` = '{$audit_script}' AND `based_on` = '{$audit_script}' ORDER BY `id` LIMIT 1"; $query = $this->db->query($sql); $result = $query->result(); if (!empty($result[0])) { $script_details = $result[0]; # Just ensure we delete any audit scripts that might exist. # Shouldn't be required because we're creating based on the timestamp # Then open the file for writing $ts = date('y_m_d_H_i_s'); if (php_uname('s') == 'Windows NT') { $source_name = 'scripts\\' . str_replace('.sh', '_' . $ts . '.sh', $audit_script); $unlink = $this->config->config['base_path'] . '\\other\\' . $source_name; @unlink($unlink); $fp = fopen($this->config->config['base_path'] . '\\other\\' . $source_name, 'w'); } else { $source_name = 'scripts/' . str_replace('.sh', '_' . $ts . '.sh', $audit_script); $unlink = $this->config->config['base_path'] . '/other/' . $source_name; @unlink($unlink); try { $fp = fopen($this->config->config['base_path'] . '/other/' . $source_name, 'w'); } catch (Exception $e) { print_r($e); } } $script = $this->m_scripts->download($script_details->id); fwrite($fp, $script); fclose($fp); } else { $unlink = ''; $source_name = $audit_script; } unset($temp); if ($audit_script != '') { # copy the audit script to the target ip if (php_uname('s') == 'Windows NT') { $source = $filepath . '\\' . $source_name; } else { $source = $filepath . '/' . $source_name; } $destination = $this->config->item('discovery_linux_script_directory'); if (substr($destination, -1) != '/') { $destination .= '/'; } $destination .= $audit_script; if ($ssh_result = scp($details->ip, $credentials_ssh, $source, $destination, $display)) { # Successfully copied the audit script $command = 'chmod ' . $this->config->item('discovery_linux_script_permissions') . ' ' . $destination; $temp = ssh_command($details->ip, $credentials_ssh, $command, $display); } if ($display = 'y') { $debugging = 3; } else { $debugging = 0; } } # audit anything that's not ESX if ($audit_script != 'audit_esxi.sh' and $audit_script != '') { # successfully copied and chmodded the audit script if (!empty($credentials_ssh->sudo)) { # run the audit script as a normal user, using sudo $command = 'echo "' . $credentials_ssh->credentials->password . '" | ' . $credentials_ssh->sudo . ' -S ' . $this->config->item('discovery_linux_script_directory') . $audit_script . ' submit_online=y create_file=n url=' . $url . 'index.php/system/add_system debugging=' . $debugging . ' system_id=' . $details->id . ' display=' . $display . ' last_seen_by=audit_ssh'; } else { # run the script without using sudo $command = $this->config->item('discovery_linux_script_directory') . $audit_script . ' submit_online=y create_file=n url=' . $url . 'index.php/system/add_system debugging=' . $debugging . ' system_id=' . $details->id . ' display=' . $display . ' last_seen_by=audit_ssh'; } $result = ssh_command($details->ip, $credentials_ssh, $command, $display); if ($unlink != '') { unlink($unlink); } } # audit ESX if ($audit_script == 'audit_esxi.sh') { $command = $this->config->item('discovery_linux_script_directory') . $audit_script . ' submit_online=y last_seen_by=audit_ssh create_file=n debugging=0 echo_output=y system_id=' . $details->id . ' 2>/dev/null'; if ($result = ssh_command($details->ip, $credentials_ssh, $command, $display)) { if ($result['status'] == 0) { $script_result = ''; foreach ($result['output'] as $line) { $script_result .= $line . "\n"; } $script_result = preg_replace('/\\s+/', ' ', $script_result); $script_result = str_replace("> <", "><", $script_result); $esx_input = trim($script_result); try { $esx_xml = new SimpleXMLElement($esx_input); } catch (Exception $error) { // not a valid XML string $log_details->message = 'Invalid XML input for ESX audit script'; stdlog($log_details); exit; } $count = 0; foreach ($esx_xml->children() as $child) { if ($child->getName() === 'sys') { $esx_details = (object) $esx_xml->sys; if (!isset($esx_details->ip) or $esx_details->ip == '') { $esx_details->ip = $details->ip; } $esx_details->system_id = $this->m_system->find_system($esx_details, $display); $esx_details->last_seen = $details->last_seen; if (isset($esx_details->system_id) and $esx_details->system_id != '') { // we have an existing device $esx_details->original_last_seen_by = $this->m_devices_components->read($esx_details->system_id, 'y', 'system', '', 'last_seen_by'); $esx_details->original_last_seen = $this->m_devices_components->read($esx_details->system_id, 'y', 'system', '', 'last_seen'); $this->m_system->update_system($esx_details); $log_details->message = "ESX update for {$esx_details->ip} (System ID {$esx_details->system_id})"; stdlog($log_details); } else { // we have a new system $esx_details->system_id = $this->m_system->insert_system($esx_details); $log_details->message = "ESX insert for {$esx_details->ip} (System ID {$esx_details->system_id})"; stdlog($log_details); } if (!isset($esx_details->audits_ip)) { $esx_details->audits_ip = $details->audits_ip; } if (isset($this->user->full_name)) { $temp_user = $this->user->full_name; } else { $temp_user = ''; } $this->m_audit_log->create($esx_details->system_id, $temp_user, $esx_details->last_seen_by, $esx_details->audits_ip, '', '', $esx_details->last_seen); unset($temp_user); } } $this->m_devices_components->process_component('network', $esx_details, $esx_xml->network, $display); $this->m_devices_components->process_component('software', $esx_details, $esx_xml->software, $display); $this->m_devices_components->process_component('processor', $esx_details, $esx_xml->processor, $display); $this->m_devices_components->process_component('bios', $esx_details, $esx_xml->bios, $display); $this->m_devices_components->process_component('memory', $esx_details, $esx_xml->memory, $display); $this->m_devices_components->process_component('motherboard', $esx_details, $esx_xml->motherboard, $display); $this->m_devices_components->process_component('video', $esx_details, $esx_xml->video, $display); $this->m_devices_components->process_component('vm', $esx_details, $esx_xml->vm, $display); $this->m_devices_components->process_component('ip', $esx_details, $esx_xml->ip, $display); } } } $log_details->message = "Completed processing {$details->ip} (System ID {$details->id})"; stdlog($log_details); } // close the 'skip' } // close the device / complete switch unset($details); } // close for each device in XML } // close for form submission } // close function }