seasharp
/
anvil
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

* Started work on managing the firewall in System.

Browse Source 
Signed-off-by: Digimer <digimer@alteeve.ca>
main
Digimer 7 years ago
parent 57f1b60bdb
commit cd5a78091f
5 changed files with 152 additions and 21 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 1
      AN/Tools.pm
  2. 82
      AN/Tools/Database.pm
  3. 84
      AN/Tools/System.pm
  4. 4
      AN/an-tools.xml
  5. 2
      striker.conf

1
AN/Tools.pm
Unescape View File

@ -668,6 +668,7 @@ sub _set_paths
createuser => "/usr/bin/createuser",
dmidecode => "/usr/sbin/dmidecode",
echo => "/usr/bin/echo",
'firewall-cmd' => "/usr/bin/firewall-cmd",
gethostip => "/usr/bin/gethostip",
hostname => "/usr/bin/hostname",
ip => "/usr/sbin/ip",

82
AN/Tools/Database.pm
Unescape View File

@ -506,6 +506,12 @@ sub configure_pgsql
}
}
# Finally, make sure firewalld is listening on the local port.
# my $zone = firewall-cmd --get-default-zone
# firewall-cmd --zone=$zone --list-all
# check for 'services: ... postgresql ...' (for 5432) or 'ports: ... X ...' otherwise
# Check 'firewall-cmd --info-service=postgresql' to nonfirm 'ports: 5432/tcp'
return(0);
}
@ -606,7 +612,7 @@ sub connect
if (not $an->data->{sys}{host_uuid})
{
$an->data->{sys}{host_uuid} = $an->Get->host_uuid;
$an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 3, list => { "sys::host_uuid" => $an->data->{sys}{host_uuid} }});
$an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { "sys::host_uuid" => $an->data->{sys}{host_uuid} }});
}
# This will be used in a few cases where the local DB ID is needed (or the lack of it being set
@ -629,6 +635,13 @@ sub connect
my $name = $an->data->{database}{$id}{name} ? $an->data->{database}{$id}{name} : ""; # This should fail
my $user = $an->data->{database}{$id}{user} ? $an->data->{database}{$id}{user} : ""; # This should fail
my $password = $an->data->{database}{$id}{password} ? $an->data->{database}{$id}{password} : "";
$an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 3, list => {
host => $host,
port => $port,
name => $name,
user => $user,
password => $an->Log->secure ? $password : "--",
}});
# If not set, we will always ping before connecting.
if ((not exists $an->data->{database}{$id}{ping_before_connect}) or (not defined $an->data->{database}{$id}{ping_before_connect}))
@ -680,7 +693,11 @@ sub connect
{
# Didn't ping and 'database::<id>::ping_before_connect' not set. Record this
# in the failed connections array.
$an->Log->entry({source => $THIS_FILE, line => __LINE__, level => 1, priority => "alert", key => "log_0063", variables => { id => $id }});
$an->Log->entry({source => $THIS_FILE, line => __LINE__, level => 1, priority => "alert", key => "log_0063", variables => {
host => $port ? $host.":".$port : $host,
name => $name,
id => $id,
}});
push @{$failed_connections}, $id;
next;
}
@ -778,7 +795,7 @@ sub connect
push @{$successful_connections}, $id;
$an->data->{cache}{db_fh}{$id} = $dbh;
$an->Log->entry({source => $THIS_FILE, line => __LINE__, level => 3, key => "log_0071", variables => {
$an->Log->entry({source => $THIS_FILE, line => __LINE__, level => 2, key => "log_0071", variables => {
host => $host,
port => $port,
name => $name,
@ -863,6 +880,14 @@ sub connect
# Report any failed DB connections
foreach my $id (@{$failed_connections})
{
$an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => {
"database::${id}::host" => $an->data->{database}{$id}{host},
"database::${id}::port" => $an->data->{database}{$id}{port},
"database::${id}::name" => $an->data->{database}{$id}{name},
"database::${id}::user" => $an->data->{database}{$id}{user},
"database::${id}::password" => $an->Log->secure ? $an->data->{database}{$id}{password} : "--",
}});
# Copy my alert hash before I delete the id.
my $error_array = [];
@ -912,6 +937,14 @@ sub connect
# Send an 'all clear' message if a now-connected DB previously wasn't.
foreach my $id (@{$successful_connections})
{
$an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 3, list => {
"database::${id}::host" => $an->data->{database}{$id}{host},
"database::${id}::port" => $an->data->{database}{$id}{port},
"database::${id}::name" => $an->data->{database}{$id}{name},
"database::${id}::user" => $an->data->{database}{$id}{user},
"database::${id}::password" => $an->Log->secure ? $an->data->{database}{$id}{password} : "--",
}});
### TODO: Is this still an issue? If so, then we either need to require that the DB host
### matches the actual hostname (dumb) or find another way of mapping the host name.
# Query to see if the newly connected host is in the DB yet. If it isn't, don't send an
@ -965,6 +998,7 @@ sub connect
source => $source,
tables => $tables,
});
die;
# Hold if a lock has been requested.
$an->Database->locking();
@ -1261,6 +1295,7 @@ sub insert_or_update_hosts
my $self = shift;
my $parameter = shift;
my $an = $self->parent;
$an->Log->entry({source => $THIS_FILE, line => __LINE__, level => 2, key => "log_0125", variables => { method => "Database->insert_or_update_hosts()" }});
my $host_name = $parameter->{host_name} ? $parameter->{host_name} : $an->_hostname;
my $host_type = $parameter->{host_type} ? $parameter->{host_type} : $an->System->determine_host_type;
@ -1357,6 +1392,7 @@ WHERE
$an->Database->write({query => $query, id => $id, source => $THIS_FILE, line => __LINE__});
}
$an->Log->entry({source => $THIS_FILE, line => __LINE__, level => 2, key => "log_0126", variables => { method => "Database->insert_or_update_hosts()" }});
return(0);
}
@ -2676,7 +2712,7 @@ sub _find_behind_databases
my $source = $parameter->{source} ? $parameter->{source} : "";
my $tables = $parameter->{tables} ? $parameter->{tables} : "";
$an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 3, list => {
$an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => {
source => $source,
tables => $tables,
}});
@ -2693,6 +2729,14 @@ sub _find_behind_databases
$an->data->{sys}{database}{source_updated_time} = 0;
foreach my $id (sort {$a cmp $b} keys %{$an->data->{database}})
{
$an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => {
"database::${id}::host" => $an->data->{database}{$id}{host},
"database::${id}::port" => $an->data->{database}{$id}{port},
"database::${id}::name" => $an->data->{database}{$id}{name},
"database::${id}::user" => $an->data->{database}{$id}{user},
"database::${id}::password" => $an->Log->secure ? $an->data->{database}{$id}{password} : "--",
}});
my $name = $an->data->{database}{$id}{name};
my $user = $an->data->{database}{$id}{user};
@ -2707,14 +2751,14 @@ WHERE
AND
updated_by = ".$an->data->{sys}{use_db_fh}->quote($source).";";
$an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 3, list => {
$an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => {
id => $id,
query => $query,
}});
my $last_updated = $an->Database->query({id => $id, query => $query, source => $THIS_FILE, line => __LINE__})->[0]->[0];
$last_updated = 0 if not defined $last_updated;
$an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 3, list => {
$an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => {
last_updated => $last_updated,
"sys::database::source_updated_time" => $an->data->{sys}{database}{source_updated_time},
}});
@ -2722,7 +2766,7 @@ AND
{
$an->data->{sys}{database}{source_updated_time} = $last_updated;
$an->data->{sys}{database}{source_db_id} = $id;
$an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 3, list => {
$an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => {
"sys::database::source_db_id" => $an->data->{sys}{database}{source_db_id},
"sys::database::source_updated_time" => $an->data->{sys}{database}{source_updated_time},
}});
@ -2730,7 +2774,7 @@ AND
# Get the last updated time for this database (and source).
$an->data->{database}{$id}{last_updated} = $last_updated;
$an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 3, list => {
$an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => {
"sys::database::source_updated_time" => $an->data->{sys}{database}{source_updated_time},
"sys::database::source_db_id" => $an->data->{sys}{database}{source_db_id},
"database::${id}::last_updated" => $an->data->{database}{$id}{last_updated}
@ -2746,7 +2790,7 @@ AND
$table_name =~ s/'(.*?)'/$1/;
my $host_column = $an->data->{sys}{use_db_fh}->quote($tables->{$table});
$host_column =~ s/'(.*?)'/$1/;
$an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 3, list => {
$an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => {
table_name => $table_name,
host_column => $host_column,
}});
@ -2767,7 +2811,7 @@ WHERE
ORDER BY
modified_date DESC
;";
$an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 3, list => {
$an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => {
id => $id,
query => $query,
}});
@ -2776,7 +2820,7 @@ ORDER BY
$last_updated = 0 if not defined $last_updated;
$an->data->{database}{$id}{tables}{$table}{last_updated} = $last_updated;
$an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 3, list => {
$an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => {
"database::${id}::tables::${table}::last_updated" => $an->data->{database}{$id}{tables}{$table}{last_updated},
}});
}
@ -2787,7 +2831,7 @@ ORDER BY
$an->data->{sys}{database}{to_update} = {};
foreach my $id (sort {$a cmp $b} keys %{$an->data->{database}})
{
$an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 3, list => {
$an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => {
"sys::database::source_updated_time" => $an->data->{sys}{database}{source_updated_time},
"database::${id}::last_updated" => $an->data->{database}{$id}{last_updated},
}});
@ -2806,7 +2850,7 @@ ORDER BY
{
# This database is up to date (so far).
$an->data->{sys}{database}{to_update}{$id}{behind} = 0;
$an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 3, list => {
$an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => {
"sys::database::to_update::${id}::behind" => $an->data->{sys}{database}{to_update}{$id}{behind},
}});
}
@ -2821,7 +2865,7 @@ ORDER BY
{
# First we've seen, set the general updated time to this entry
$an->data->{sys}{database}{tables}{$table}{last_updated} = $an->data->{database}{$id}{tables}{$table}{last_updated};
$an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 3, list => {
$an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => {
"sys::database::tables::${table}::last_updated" => $an->data->{sys}{database}{tables}{$table}{last_updated}
}});
}
@ -2863,30 +2907,30 @@ sub _mark_database_as_behind
my $an = $self->parent;
my $id = $parameter->{id} ? $parameter->{id} : "";
$an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 3, list => { id => $id }});
$an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { id => $id }});
$an->data->{sys}{database}{to_update}{$id}{behind} = 1;
$an->data->{sys}{database}{resync_needed} = 1;
$an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 3, list => {
$an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => {
"sys::database::to_update::${id}::behind" => $an->data->{sys}{database}{to_update}{$id}{behind},
"sys::database::resync_needed" => $an->data->{sys}{database}{resync_needed},
}});
# We can't trust this database for reads, so switch to another database for reads if
# necessary.
$an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 3, list => {
$an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => {
id => $id,
"sys::read_db_id" => $an->data->{sys}{read_db_id},
}});
if ($id eq $an->data->{sys}{read_db_id})
{
# Switch.
$an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 3, list => { ">> sys::read_db_id" => $an->data->{sys}{read_db_id} }});
$an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { ">> sys::read_db_id" => $an->data->{sys}{read_db_id} }});
foreach my $this_id (sort {$a cmp $b} keys %{$an->data->{database}})
{
next if $this_id eq $id;
$an->data->{sys}{read_db_id} = $this_id;
$an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 3, list => { "<< sys::read_db_id" => $an->data->{sys}{read_db_id} }});
$an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { "<< sys::read_db_id" => $an->data->{sys}{read_db_id} }});
last;
}
}

84
AN/Tools/System.pm
Unescape View File

@ -17,6 +17,7 @@ my $THIS_FILE = "System.pm";
# check_memory
# determine_host_type
# enable_daemon
# manage_firewall
# ping
# read_ssh_config
# remote_call
@ -314,6 +315,89 @@ sub enable_daemon
return($return);
}
=head2 manage_firewall
This method manages a firewalld firewall.
Parameters;
=head3 task (optional)
If set to C<< open >>, it will open the corresponding C<< port >> or C<< service >>. If set to C<< close >>, it will close the corresponding C<< port >> or C<< service >>. If set to c<< check >>, the state of the given C<< port >> or C<< service >> is returned.
The default is C<< check >>.
=head3 port (optional)
If set, this is the port number to work on.
If not specified, C<< service >> is required.
=head3 port_type (optional)
This can be c<< tcp >> or C<< upd >> and is used to specify what protocol to use with the C<< port >>, when specified. The default is C<< tcp >>.
=head3 service (optional)
This is the name of the service to work on.
If not specified, C<< port >> is required.
=cut
sub manage_firewall
{
my $self = shift;
my $parameter = shift;
my $an = $self->parent;
my $task = defined $parameter->{task} ? $parameter->{task} : "check";
my $port = defined $parameter->{port} ? $parameter->{port} : "";
my $port_type = defined $parameter->{port_type} ? $parameter->{port_type} : "";
my $service = defined $parameter->{service} ? $parameter->{service} : "";
$an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => {
task => $task,
port => $port,
port_type => $port_type,
service => $service,
}});
# Make sure we have a port or service.
if ((not $port) && (not $service))
{
# ...
return("!!error!!");
}
# Before we do anything, what zone is active?
my $shell_call = $an->data->{path}{exe}{'firewall-cmd'}." --get-active-zones";
my $output = $an->System->call({shell_call => $shell_call})
my $active_zone = "";
$an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => {
shell_call => $shell_call,
output => $output,
}});
foreach my $line (split/\n/, $output)
{
$an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { line => $line }});
if ($line =~ /^\S$/)
{
$active_zone = $1;
$an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { active_zone => $active_zone }});
}
last;
}
if ($service)
{
#
}
else
{
}
return(0);
}
=head2 ping
This method will attempt to ping a target, by hostname or IP, and returns C<< 1 >> if successful, and C<< 0 >> if not.

4
AN/an-tools.xml
Unescape View File

@ -112,7 +112,7 @@ Connecting to Database with configuration ID: [#!variable!id!#]
<key name="log_0060">Database user: [#!variable!user!#] already exists with ID: [#!variable!id!#].</key>
<key name="log_0061"><![CDATA[[ Error ] - The method Get->users_home() was asked to find the home directory for the user: [#!variable!user!#], but was unable to do so.]]></key>
<key name="log_0062">SSH session opened without a password to: [#!variable!target!#].</key>
<key name="log_0063">The database with the ID: [#!variable!id!#] did not respond to pings and 'database::#!variable!id!#::ping_before_connect' is not set to '0' in '#!data!path::configs::striker.conf!#', skipping it.</key>
<key name="log_0063">The database: [#!variable!host!# -> #!variable!name!#] with the ID: [#!variable!id!#] did not respond to pings and 'database::#!variable!id!#::ping_before_connect' is not set to '0' in '#!data!path::configs::striker.conf!#', skipping it.</key>
<key name="log_0064">[ Warning ] - The database: [#!variable!name!#] on host: [#!variable!host!#] with ID: [#!variable!id!#] can not be used, skipping it.</key>
<key name="log_0065">
The database connection error was:
@ -193,6 +193,8 @@ The database connection error was:
<key name="log_0122">The 'smaps' proc file for the process ID: [#!variable!pid!#] was not found. Did the program just close?</key>
<key name="log_0123"><![CDATA[[ Error ] - Asked 'pgrep' to return the PIDs (process IDs) of the program: [#!variable!program!#] and a non-digit value was returned in: [#!variable!line!#]. This should not have happened.]]></key>
<key name="log_0124">About to query: [#!variable!query!#]</key>
<key name="log_0125">Entering method: [#!variable!method!#]</key>
<key name="log_0126">Exiting method: [#!variable!method!#]</key>
<!-- Test words. Do NOT change unless you update 't/Words.t' or tests will needlessly fail. -->
<key name="t_0000">Test</key>

2
striker.conf
Unescape View File

@ -8,7 +8,7 @@ database::1::user = admin
database::1::password = Initial1
database::1::ping_before_connect = 1
database::2::host = an-striker02.alteeve.com
database::2::host = 192.168.122.202
database::2::port = 5432
database::2::name = scancore
database::2::user = admin

Write Preview
Loading…
Cancel
Save