gnms 2.1.0 → 2.1.1

data/lib/gui/node_host_view.rb

@@ -131,8 +131,9 @@ class NodeHostView < NodeView
 	   @notification_group.visibility = Goo::CanvasItem::VISIBLE
       end
   end
-
- #define a tooltip
+#
+#  define a tooltip
+#
   def show_tooltips()
 	if @tooltips==nil
 		@tooltips=Gtk::Window.new(Gtk::Window::POPUP)
@@ -162,15 +163,18 @@ gc = Gdk::GC.new(drawable)
 	 end
 		vbox=Gtk::VBox.new
 	  vbox.border_width=5
-	   ttips_text="<span weight=\"bold\" size=\"small\">IP: </span>#{self.node.ip}"
-		ttips_text+="\n<span weight=\"bold\" size=\"small\">Mask: </span>#{self.node.netmask}"
-     if self.node.dns_name?
-	     ttips_text+="\n<span weight=\"bold\" size=\"small\">Dns name: </span>#{self.node.dns_name}"
-
-     end
-     if self.node.description?() &&( self.node.description != "")
-	     ttips_text+="\n<span weight=\"bold\" size=\"small\">Description: </span>#{self.node.description}"
-     end
+	  ttips_text="<span weight=\"bold\" size=\"small\">IPv4: </span>#{self.node.ipv4}"
+		ttips_text+="\n<span weight=\"bold\" size=\"small\">NetMask4: </span>#{self.node.netmask4}"
+    if !self.node.ipv6.nil?
+      ttips_text+="\n<span weight=\"bold\" size=\"small\">IPv6: </span>#{self.node.ipv6}"
+		  ttips_text+="\n<span weight=\"bold\" size=\"small\">NetMask6: </span>#{self.node.netmask6}"    
+    end
+    if self.node.dns_name?
+      ttips_text+="\n<span weight=\"bold\" size=\"small\">Dns name: </span>#{self.node.dns_name}"
+    end
+    if self.node.description?() &&( self.node.description != "")
+	    ttips_text+="\n<span weight=\"bold\" size=\"small\">Description: </span>#{self.node.description}"
+    end
 	  label = Gtk::Label.new.set_markup(ttips_text)
 	  label.set_alignment(0,0.5)
 	  vbox.add label

data/lib/main.rb

@@ -1031,13 +1031,17 @@ def set_map(mp=nil)
         #thread to listen to monitored jmx cmd
         add_monitoring_thread("JMX monitoring", tmonitorjmx())
       end
-      if $config.find_node_state
+      if $config.active_find_node_state
         #thread to find new host in local network with broacast ping	
         add_monitoring_thread("Local ping", t_find_local_segment_pinging())
+        #thread to find new host in remote network with nmap ping
+        add_monitoring_thread("Remote ping", t_find_remote_new_host())
+      end
+      if $config.passive_find_node_state
 	#thread to find new host in local segment sniffing for arp/lldp/dhcp packets
 	add_monitoring_thread("Local sniffing", t_find_local_segment_sniffing())
-        #thread to find new host in remote network with nmap ping
-        add_monitoring_thread("Remote ping", t_find_remote_new_host())	
+	#thread which is sending SSDP query	
+	add_monitoring_thread("SSDP query", t_find_ssdp_discovery())      
       end
       if $config.mac_state
         #thread to find MAC address
@@ -1097,6 +1101,7 @@ def set_map(mp=nil)
     #	call all db method to save all the map in the db
     #
     def save_all_in_db()
+       $log.info("Saving nodes")
        #save nodes
        set_busy()
 

data/lib/monitor/client/snmp/snmp.rb

@@ -165,20 +165,26 @@ end
 def mac(ip)
   #first try to solve it by the help of local arp table
   temp=mac_tablelocal(ip)
-  #print ">>>>>>>",temp.chomp,"<<<<<<<",ip,"\n"
+
   if (temp!="")
     return temp.chomp
   end
   if !$config.snmp_mon || $host[ip].status == CRITICAL
-      return ""
+      return
   end
-#puts "in map() 1 for #{ip}"
   val=get_snmp_OID($host[ip], "ipAdEntIfIndex.#{ip}")
-
 	if !val || val == "Error"
     return
   end
   result=get_snmp_OID($host[ip], "ifPhysAddress.#{val}")
-#puts "map() result: #{result}"
+  #expecting the MAC address as a string
+  if !result.ascii_only?
+    #if binary, we tried to convert it
+    result = result.unpack("H2H2H2H2H2H2").join(":")
+  end
+
+  if !isValidMac(result)
+    return
+  end
   return result
 end

data/lib/monitor/server/snmp/snmptrap_server.rb

@@ -9,7 +9,7 @@ class SnmpTrapServer
   #check if snmp lib support traps
   def snmp_traps_supported?
     begin
-      SNMP::UDPServerTransport.new('localhost', 9999)
+      SNMP::UDPServerTransport.new('localhost', 9999, Socket::AF_INET)
       return true
     rescue ArgumentError
       return false

data/lib/node.rb

@@ -579,7 +579,7 @@ class Node
   #
   def get_service_sev(protocol, port)
     serv = @service[service_key(protocol, port)]
-    if serv.nil?
+    if serv.nil? or !isInteger(serv.severity)
       return 0
     end
     return serv.severity

data/lib/node_listener.rb

@@ -107,7 +107,7 @@ end
 def tmonitorjmx()
 	Thread.start {	
 	   	while $config.jmx_mon
-		  $log.error("in tmonitorjmx every #{$config.jmx_mon_delay} second")
+		  $log.debug("in tmonitorjmx every #{$config.jmx_mon_delay} second")
 		  sleep($config.jmx_mon_delay.to_i)
 		  ip_table=$host.keys
 		  for ip in ip_table
@@ -119,7 +119,7 @@ def tmonitorjmx()
 						test_monitored_jmx(ip)
 					end
 				rescue Exception => msg
-					$log.error(msg)
+					$log.error("tmonitorjmx: #{msg}")
 					$event_win.add_event(EventWindow::JMX_EVENT_TYPE, "INFO", $host[ip], msg)
 				end
 		  end
@@ -312,7 +312,7 @@ end
 #
 # snmp discovery
 # read arp, route, interface from a snmp host
-
+#
 def tresolvesnmp()
   Thread.start {
     while $config.node_resolving
@@ -379,7 +379,7 @@ def tresolvesnmp()
                 new_node_array.push new_node.new(ip, mac_addr, netmask_addr, status)
               }
               #propagate the search if requested
-              if $config.find_node_state              
+              if $config.active_find_node_state              
                 status = 4
                 manager.walk("1.3.6.1.2.1.4.22.1.2") { |vb|
                   #remove mib header and extract interface id and ip
@@ -403,7 +403,7 @@ def tresolvesnmp()
                     #node already exists, check the mac
                     if $host[nnode.ip].mac != Node::NOARP_PROPERTY
                       if $host[nnode.ip].mac != nnode.mac
-                        $event_win.add_event(EventWindow::AVAIL_EVENT_TYPE, "WARN", $host[nnode.ip], "Hardware MAC@ collision, find #{nnode.mac}")
+                        $event_win.add_event(EventWindow::AVAIL_EVENT_TYPE, "WARN", $host[nnode.ip], "Hardware MAC address collision, find #{nnode.mac}")
                       end
                     else
                       #mac is not set for this node at this point, so adding it
@@ -505,15 +505,16 @@ def tmacip ()
               $log.info("difficulty to find MAC address for #{ip}")
             end
           else
-            if  $config.mac_lock #we verify mac address
+            if $config.mac_lock #we verify mac address
               begin
                 timeout($config.mac_delay.to_i) {
                   Thread.start {
+                    #trying to get the mac addr using the arp table or snmp request
                     res=mac(ip)
                     if res != ""
                       if $host[ip] && $host[ip].mac != res && $host[ip].status != CRITICAL
                         $host[ip].set_avail_severity(MINOR)
-                        $event_win.add_event(EventWindow::AVAIL_EVENT_TYPE, "WARN", $host[ip], "Hardware MAC@ changed")
+                        $event_win.add_event(EventWindow::AVAIL_EVENT_TYPE, "WARN", $host[ip], "Hardware MAC address changed")
                       else
                         if $host[ip].status == MINOR
                           $host[ip].set_avail_severity(CRITICAL)
@@ -550,11 +551,11 @@ end
 
 def t_find_remote_new_host ()
   Thread.start {
-    while $config.find_node_state
-      sleep($config.find_node_delay.to_i)
+    while $config.active_find_node_state
+      sleep($config.active_find_node_delay.to_i)
       $log.debug("in t_find_remote_new_host")
       $network.each_value {|node|
-        if !$config.find_node_state
+        if !$config.active_find_node_state
           break
         end
         if node.ip != ROOTMAPADDR
@@ -568,7 +569,7 @@ def t_find_remote_new_host ()
           end
         end
       }
-      sleep($config.find_node_delay.to_i)
+      sleep($config.active_find_node_delay.to_i)
     end
   }
 end
@@ -594,8 +595,8 @@ end
 #
 def t_find_local_segment_pinging()
   Thread.start {
-    while $config.find_node_state
-      sleep($config.find_node_delay.to_i)
+    while $config.active_find_node_state
+      sleep($config.active_find_node_delay.to_i)
       if !defined?($in_confirm_exit_window) || ($in_confirm_exit_window == false)
         mask=local_mask()
         mask = DEFAULT_CLASS_C_NETMASK if !mask
@@ -632,14 +633,93 @@ def t_find_local_segment_pinging()
           end
         end
       end
-      sleep($config.find_node_delay.to_i)
+      sleep($config.active_find_node_delay.to_i)
+    end
+  }
+end
+
+#
+# threat which is sending SSDP discovery requests
+#
+def t_find_ssdp_discovery()
+  if Process.euid != 0
+    return
+  end
+  Thread.start {
+    $log.debug("in t_find_ssdp_discovery")
+    dest = "239.255.255.250"
+    port = 1900      
+    msearch =
+    "M-SEARCH * HTTP/1.1\r\n" +
+    "Host:#{dest}:#{port}\r\n" +
+    "ST:upnp:rootdevice\r\n" +
+    "Man:\"ssdp:discover\"\r\n" +
+    "MX:3\r\n\r\n"
+  
+    udp_sock = UDPSocket.new
+    while $config.passive_find_node_state
+      begin
+        udp_sock.bind("0.0.0.0", port)
+      rescue Errno::EADDRINUSE
+      rescue Errno::EINVAL
+      rescue Exception => msg
+        $log.error("in t_find_ssdp_discovery during udp binding: #{msg}")
+      end
+      begin
+        udp_sock.send(msearch, 0, dest, port)
+        res = nil
+        1.upto(5) do
+          res,addr,info = udp_sock.recvfrom(65535, 1.0)
+          break if res and res =~ /^(Server|Location)/mi
+          sleep(10)
+          udp_sock.send msearch, 0, dest, port
+        end
+      rescue Exception => msg
+        $log.error("in t_find_ssdp_discovery: #{msg}")
+      end        
+      sleep($config.passive_find_node_delay.to_i)
     end
   }
 end
 
 #
+# analyze udp packet to port 1900
+# trying to extract some upnp data
+#
+def ssdp_analyze(pkt)
+  packet_info = [pkt.ip_saddr,  pkt.udp_dst]
+  #we assume here dst port is set to default upnp port 1900
+  #if pkt.udp_dst == 1900
+  #puts "%s %s" % packet_info
+  ssdp_body = pkt.udp_header.body
+  #try to find the OS
+  detected_os = "unknown"
+  if ssdp_body.include?("M-SEARCH * HTTP/1.1") and ssdp_body.include?("ssdp:discover") and ssdp_body.include?("upnp:rootdevice")
+    #puts "query"
+    return [pkt.ip_saddr, detected_os]
+  elsif ssdp_body.include?("HTTP/1.1 200 OK") and ssdp_body.include?("upnp:rootdevice")
+    #puts "response"
+    ssdp_body.each_line {|l|
+      l.upcase!
+      if l.include?("SERVER:")
+        if l.include?("WINDOWS")
+          detected_os = "windows"
+        elsif l.include?("LINUX")
+          detected_os = "linux"
+        end
+        return [pkt.ip_saddr, detected_os]
+      end
+    }
+    return [pkt.ip_saddr, detected_os]
+    #end
+  end
+  return nil
+end
+
+#
+# passive scanning
 # listen for new host in local network,
-# sniffing for packets arp, lldp/cdp as now
+# sniffing for packets arp, lldp/cdp, upnp
 #
 def t_find_local_segment_sniffing()
   #run as root ?
@@ -665,7 +745,7 @@ def t_find_local_segment_sniffing()
         loop do
           cap.stream.each do |p|
             pkt = PacketFu::Packet.parse p
-            if $config.find_node_state and !$config.visible()
+            if $config.passive_find_node_state and !$config.visible()
               if pkt.is_arp?
                 #check if it's ethernet and arp reply
                 if pkt.arp_hw == 1 and pkt.arp_opcode == 2
@@ -702,6 +782,39 @@ def t_find_local_segment_sniffing()
                   }
                 end
               end
+              #check for upnp ssdp packets
+              if pkt.is_udp? and (pkt.udp_dst == 1900)
+                result = ssdp_analyze(pkt)
+                if !result.nil?
+                  ip, os = result
+                  $log.debug("t_find_local_segment_sniffing: SSDP founds ip=#{ip} os=#{os}")
+                  if isValidIPv4(ip) and !exist_host(ip) and !in_exception_list(ip)                  
+                    if $network_map_always == 0
+                      choose_network_map(ip)
+                      while $network_map_result.nil?
+                        sleep(2)
+                      end
+                    end
+                    if !$network_map_result.nil? and !$network_map_result.empty?
+                      if isValidIPv4($network_map_result)
+                        map = $network_map_result
+                        if $network.has_key?(map)
+                          addhostentry(ip, 24, map)
+                          sleep(2)
+                          if $host[ip] and (os != "unknown")
+                            $host[ip].os = os
+                          end
+                        end
+                      else
+                        add_node_def_exception_list(ip)
+                      end
+                    end
+                    if $network_map_always == 0
+                      $network_map_result = nil
+                    end                    
+                  end
+                end
+              end
               begin
                 if pkt.is_lldp?
                   $log.debug("t_find_local_segment_sniffing: LLDP founds ip=#{pkt.lldp_address} mac=#{pkt.lldp_saddr_mac}")
@@ -746,6 +859,59 @@ def t_find_local_segment_sniffing()
   end
 end
 
+#
+# active scanning to find new nodes
+#
+def t_find_local_segment_scanning()
+
+end
+
+#
+# scan a given ip, proto/port
+# return 1 when the service is responding
+# or 0
+#
+def scan_port(ip, proto, port)
+  p1 = nil
+  protocol = proto.upcase
+  if protocol == "UDP"
+    p1 = Net::Ping::UDP.new(ip, port)
+  elsif protocol == "TCP"  
+    p1 = Net::Ping::TCP.new(ip, port)
+  end
+  if !p1.nil? and p1.ping?
+    return 1
+  end
+  return 0
+end
+
+#
+# scan a given node
+# trying to reach following services:
+# ftp, ssh, http(s), dns, smtp, pop3,
+# imap, nntp, ldap(s), kerberos, rdp
+#
+def portscan_node(n)
+
+  tcp_service_to_check = [21, 22, 80, 25, 110, 143, 119, 389, 443, 636, 3389]
+  udp_service_to_check = [53]
+  
+  udp_service_to_check.each {|port|
+    p1 = Net::Ping::UDP.new(n.ip, port)
+    if p1.ping?
+      return 1
+    end
+  }
+  
+  tcp_service_to_check.each {|port|
+    p1 = Net::Ping::TCP.new(n.ip, port)
+    if p1.ping?
+      return 1
+    end
+  }
+  return 0  
+end
+
 #
 # To know if we already know this ip
 #

data/lib/version.rb

@@ -1,6 +1,6 @@
 GNMSMAJORVERSION=2
 GNMSMINORVERSION=1
-GNMSTAGVERSION=0
+GNMSTAGVERSION=1
 if GNMSTAGVERSION != ""
 	GNMSVERSION = "#{GNMSMAJORVERSION}.#{GNMSMINORVERSION}.#{GNMSTAGVERSION}"
 else

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: gnms
 version: !ruby/object:Gem::Version
-  version: 2.1.0
+  version: 2.1.1
   prerelease: 
 platform: ruby
 authors:
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-02-06 00:00:00.000000000 Z
+date: 2013-02-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: facter
@@ -378,3 +378,4 @@ signing_key:
 specification_version: 3
 summary: Gnome Network Management System
 test_files: []
+has_rdoc: false