#!/usr/bin/perl # # This periodically runs a basic ping sweep using nmap to find devices on the given network. As devices are # found, they may be further processed (ie: to see if a MAC address matches a server to find the IP address # of a hosted server). # # Exit codes; # 0 = Normal exit # 1 = No databases available. # 2 = The '--network X' value is not valid. # 3 = Not yet time to rescan. # # TODO: * Support '--dhcp' where, if set, we look up the DHCP range offered by the Striker dashboard(s) and # scan just the lease range. This should speed up discovery of new/replacement foundation pack # equipment. use strict; use warnings; use Anvil::Tools; use Data::Dumper; # Turn off buffering so that the pinwheel will display while waiting for the SSH call(s) to complete. $| = 1; my $THIS_FILE = ($0 =~ /^.*\/(.*)$/)[0]; my $running_directory = ($0 =~ /^(.*?)\/$THIS_FILE$/)[0]; if (($running_directory =~ /^\./) && ($ENV{PWD})) { $running_directory =~ s/^\./$ENV{PWD}/; } my $anvil = Anvil::Tools->new(); $anvil->Log->level({set => 2}); $anvil->Log->secure({set => 0}); $anvil->Log->entry({source => $THIS_FILE, line => __LINE__, level => 2, secure => 0, key => "log_0115", variables => { program => $THIS_FILE }}); # Make sure we're running as 'root' # $< == real UID, $> == effective UID if (($< != 0) && ($> != 0)) { # Not root $anvil->Log->entry({source => $THIS_FILE, line => __LINE__, 'print' => 1, level => 0, key => "error_0005"}); $anvil->nice_exit({exit_code => 5}); } $anvil->Database->connect; $anvil->Log->entry({source => $THIS_FILE, line => __LINE__, level => 2, secure => 0, key => "log_0132"}); if (not $anvil->data->{sys}{database}{connections}) { # No databases, exit. $anvil->Log->entry({source => $THIS_FILE, line => __LINE__, level => 0, 'print' => 1, priority => "err", key => "error_0003"}); $anvil->nice_exit({exit_code => 1}); } # Do we have a specified network to scan? $anvil->data->{switches}{network} = ""; $anvil->data->{switches}{'job-uuid'} = ""; $anvil->data->{switches}{force} = ""; $anvil->Get->switches; $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { "switches::network" => $anvil->data->{switches}{network}, "switches::job-uuid" => $anvil->data->{switches}{'job-uuid'}, "switches::force" => $anvil->data->{switches}{force}, }}); update_progress($anvil, 0, "clear"); update_progress($anvil, 1, "log_0239,!!job-uuid!".$anvil->data->{switches}{'job-uuid'}."!!"); $anvil->data->{progress} = 1; check_if_time($anvil); scan($anvil); # We're done print $anvil->Words->string({key => "message_0025"})."\n"; update_progress($anvil, 100, "message_0025"); $anvil->nice_exit({exit_code => 0}); ############################################################################################################# # Functions # ############################################################################################################# # If this is being called as a job, this will allow the progress to be updated. sub update_progress { my ($anvil, $progress, $message) = @_; $progress = 95 if $progress > 100; if (not $anvil->data->{switches}{'job-uuid'}) { return(0); } $anvil->Job->update_progress({ progress => $progress, message => $message, job_uuid => $anvil->data->{switches}{'job-uuid'}, }); return(0); } # This checks to see if it's time to run the scan yet or not. If not, it will exit the program. If so, it # returns with '0'. sub check_if_time { my ($anvil) = @_; # NOTE: We only scan once a day, unless 'force' is used. if ($anvil->data->{switches}{force}) { return(0); } elsif ($anvil->data->{switches}{network}) { # We're being asked to scan a specific network. return(0); } elsif (not $anvil->data->{switches}{'job-uuid'}) { # No job_uuid, so a manual call. return(0); } else { my ($unixtime, $variable_uuid, $modified_date) = $anvil->Database->read_variable({variable_name => "network-scan::scanned"}); $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { unixtime => $unixtime, variable_uuid => $variable_uuid, modified_date => $modified_date, }}); if (($unixtime eq "") or ($unixtime =~ /\D/)) { $unixtime = 0; $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { unixtime => $unixtime }}); } ### TODO: Allow the user to set a "scan time" that will wait until the local time is after a ### certain time before scaning. Also, allow the user to disable auto-scan entirely. # If the database variable 'network-scan::scanned' is not set, or is more than 24 hours old, # scan. $anvil->data->{'network-scan'}{'scan-period'} = 86400 if not defined $anvil->data->{'network-scan'}{'scan-period'}; $anvil->data->{'network-scan'}{'scan-period'} =~ s/,//g; $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { 'network-scan::scan-period' => $anvil->data->{'network-scan'}{'scan-period'}, }}); if ($anvil->data->{'network-scan'}{'scan-period'} =~ /\D/) { $anvil->data->{'network-scan'}{'scan-period'} = 86400; $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { 'network-scan::scan-period' => $anvil->data->{'network-scan'}{'scan-period'}, }}); } my $time_now = time; my $next_scan = $unixtime + $anvil->data->{'network-scan'}{'scan-period'}; my $difference = ($next_scan - $time_now); $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { 's1:time_now' => $time_now, 's2:next_scan' => $next_scan, 's3:difference' => $difference, }}); if ((not $variable_uuid) or ($unixtime !~ /^\d+/) or ($difference < 0)) { # It's been long enough (or it's the first time), scan. return(0); } elsif ($difference > 0) { # Log when the next scan will happen and then exit. my $say_when = $anvil->Convert->time({'time' => $difference, long => 1}); $anvil->Log->entry({source => $THIS_FILE, line => __LINE__, level => 2, 'print' => 1, key => "log_0450", variables => { next_scan => $anvil->Convert->add_commas({number => $say_when}) }}); update_progress($anvil, 100, "log_0450,!!next_scan!".$anvil->Convert->add_commas({number => $say_when})."!!"); $anvil->nice_exit({exit_code => 3}); } } return(0); } # This scans any networks passed in. sub scan { my ($anvil) = @_; $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { "switches::network" => $anvil->data->{switches}{network} }}); if ($anvil->data->{switches}{network}) { # If this network is a specific subnet, scan it. If the network is 'bcn', 'sn', 'ifn' or # 'bcnX', 'snX', 'snX', find the network on the appropriate interfaces and use it's network. if ($anvil->data->{switches}{network} =~ /^(\d+.*?)\/(\d+.*)$/) { my $ip = $1; my $subnet_mask = $2; $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { "switches::network" => $anvil->data->{switches}{network} }}); my $ip_valid = $anvil->Validate->ipv4({ip => $ip}); my $subnet_mask_valid = $anvil->Validate->ipv4({ip => $subnet_mask}); $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { ip_valid => $ip_valid, subnet_mask_valid => $subnet_mask_valid, }}); if (not $subnet_mask_valid) { # Migt be cidr if (($subnet_mask =~ /^\d+$/) && ($subnet_mask >= 0) && ($subnet_mask <= 32)) { # Valid CIDR address $subnet_mask_valid = 1; $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { subnet_mask_valid => $subnet_mask_valid }}); } } if ((not $ip_valid) or (not $subnet_mask_valid)) { # Bail out. update_progress($anvil, 100, "error_0097,!!range!".$anvil->data->{switches}{network}."!!"); $anvil->Log->entry({source => $THIS_FILE, line => __LINE__, level => 0, 'print' => 1, priority => "err", key => "error_0097", variables => { range => $anvil->data->{switches}{network} }}); $anvil->nice_exit({exit_code => 2}); } else { # Scan it! call_nmap($anvil, $anvil->data->{switches}{network}); } } else { # If the address is [bc|s|if]n[X], scan it. $anvil->Network->get_ips(); my $target = "local"; my $to_scan = []; foreach my $interface (sort {$a cmp $b} keys %{$anvil->data->{network}{$target}{interface}}) { my $ip = $anvil->data->{network}{$target}{interface}{$interface}{ip}; my $subnet_mask = $anvil->data->{network}{$target}{interface}{$interface}{subnet_mask}; $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { ip => $ip, subnet_mask => $subnet_mask, }}); if (($ip) && ($subnet_mask)) { # Is this one we're interested in? my $network_name = $anvil->data->{switches}{network}; if ($interface =~ /^$network_name/) { # Yup! my $network = $anvil->Network->get_network({ip => $ip, subnet_mask => $subnet_mask}); $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { network => $network }}); if ($network) { # Scan it. my $address = $network."/".$subnet_mask; $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { address => $address }}); push @{$to_scan}, $address; } } } } # Scan what we found foreach my $address (sort {$a cmp $b} @{$to_scan}) { call_nmap($anvil, $address); } } } else { # Scan all the networks we have. $anvil->Network->get_ips(); my $target = "local"; my $to_scan = []; foreach my $interface (sort {$a cmp $b} keys %{$anvil->data->{network}{$target}{interface}}) { my $ip = $anvil->data->{network}{$target}{interface}{$interface}{ip}; my $subnet_mask = $anvil->data->{network}{$target}{interface}{$interface}{subnet_mask}; $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { ip => $ip, subnet_mask => $subnet_mask, }}); if (($ip) && ($subnet_mask)) { my $network = $anvil->Network->get_network({ip => $ip, subnet_mask => $subnet_mask}); $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { network => $network }}); if ($network) { # Scan it. my $address = $network."/".$subnet_mask; $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { address => $address }}); push @{$to_scan}, $address; } } } # Scan what we found foreach my $address (sort {$a cmp $b} @{$to_scan}) { call_nmap($anvil, $address); } } # Update the rescan time to now, if no specific network was given. if (not $anvil->data->{switches}{network}) { $anvil->Database->insert_or_update_variables({ debug => 3, variable_name => "network-scan::scanned", variable_value => time, variable_default => "", variable_description => "striker_0140", variable_section => "system", variable_source_uuid => $anvil->Get->host_uuid, variable_source_table => "hosts", }); } return(0); } # This calls nmap and parses sub call_nmap { my ($anvil, $address) = @_; # The subnet can't be dotted decimal, so convert it to CIDR notation, if needed. my ($ip, $subnet_mask) = ($address =~ /^(\d+.*?)\/(\d.*)$/); $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { ip => $ip, subnet_mask => $subnet_mask, }}); if ($anvil->Validate->ipv4({ip => $subnet_mask})) { # Convert to CIDR my $cidr = $anvil->Convert->cidr({subnet_mask => $subnet_mask}); $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { cidr => $cidr }}); if (($cidr >= 0) && ($cidr <= 32)) { $address = $ip."/".$cidr; $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { address => $address }}); } } $anvil->data->{progress} += 10; update_progress($anvil, $anvil->data->{progress}, "log_0445,!!range!".$address."!!"); $anvil->Log->entry({source => $THIS_FILE, line => __LINE__, level => 0, 'print' => 1, priority => "err", key => "log_0445", variables => { range => $address }}); # Make the call directly, instead of using 'System->call', so that we can show output as it's found. my $this_ip = ""; my $this_mac = ""; my $section = ""; my $shell_call = $anvil->data->{path}{exe}{nmap}." -sP -T4 --min-parallelism 100 --max-parallelism 256 ".$address; open (my $file_handle, $shell_call." 2>&1 |") or $anvil->Log->entry({source => $THIS_FILE, line => __LINE__, level => 0, secure => 0, priority => "err", key => "log_0014", variables => { shell_call => $shell_call, error => $! }}); while(<$file_handle>) { chomp; my $line = $_; $line =~ s/\n$//; $line =~ s/\r$//; $line = $anvil->Words->clean_spaces({'string' => $line}); $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { line => $line }}); $section .= $line."\n"; if ($line =~ /^Nmap scan report for (\d+\.\d+\.\d+\.\d+)$/i) { $this_ip = $1; $this_mac = ""; $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { 's1:this_mac' => $this_mac, 's2:this_ip' => $this_ip, }}); } if ($line =~ /MAC Address: (.*?) \(/) { $this_mac = $1; $this_mac = lc($this_mac); $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { 's1:this_mac' => $this_mac, 's2:this_ip' => $this_ip, }}); # Sane? my $mac_valid = $anvil->Validate->hex({string => $this_mac, sloppy => 1}); my $ip_valid = $anvil->Validate->ipv4({ip => $this_ip}); $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { mac_valid => $mac_valid, ip_valid => $ip_valid, }}); # Store if (($mac_valid) && ($ip_valid)) { $anvil->data->{progress} += 1; $anvil->data->{progress} = 95 if $anvil->data->{progress} > 95; my $company = $anvil->Network->get_company_from_mac({debug => 2, mac => $this_mac }); $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { company => $company }}); update_progress($anvil, $anvil->data->{progress}, "log_0446,!!ip!".$this_ip."!!,!!mac!".$this_mac."!!,!!company!".$company."!!"); $anvil->Log->entry({source => $THIS_FILE, line => __LINE__, level => 0, 'print' => 1, priority => "err", key => "log_0446", variables => { ip => $this_ip, mac => $this_mac, company => $company, }}); my ($mac_to_ip_uuid) = $anvil->Database->insert_or_update_mac_to_ip({ debug => 3, file => $THIS_FILE, line => __LINE__, mac_to_ip_mac_address => $this_mac, mac_to_ip_ip_address => $this_ip, update_note => 0, }); $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 3, list => { mac_to_ip_uuid => $mac_to_ip_uuid }}); } else { # Parse error $anvil->data->{progress} += 2; $section =~ s/\n//g; update_progress($anvil, $anvil->data->{progress}, "log_0444,!!ip!".$this_ip."!!,!!mac!".$this_mac."!!,!!section!".$section."!!"); $anvil->Log->entry({source => $THIS_FILE, line => __LINE__, level => 0, priority => "alert", key => "log_0444", variables => { ip => $this_ip, mac => $this_mac, section => $section, }}); } $section = ""; } } close $file_handle; return(0); }