From 483a46be9a90ef46b3f478d62f108d675159cdc6 Mon Sep 17 00:00:00 2001 From: root Date: Mon, 9 May 2011 20:58:09 +0200 Subject: changed repos directory to fit krebs --- modules/people/README.md | 14 +++++ modules/people/TODO.md | 4 ++ modules/people/VERSION | 1 + modules/people/bin/run.sh | 5 ++ modules/people/conf/example.json | 22 +++++++ modules/people/src/arping.py | 30 ++++++++++ modules/people/src/main.py | 33 +++++++++++ modules/people/src/snmp_users.py | 122 +++++++++++++++++++++++++++++++++++++++ 8 files changed, 231 insertions(+) create mode 100644 modules/people/README.md create mode 100644 modules/people/TODO.md create mode 100644 modules/people/VERSION create mode 100755 modules/people/bin/run.sh create mode 100644 modules/people/conf/example.json create mode 100644 modules/people/src/arping.py create mode 100755 modules/people/src/main.py create mode 100755 modules/people/src/snmp_users.py (limited to 'modules') diff --git a/modules/people/README.md b/modules/people/README.md new file mode 100644 index 00000000..d28100d3 --- /dev/null +++ b/modules/people/README.md @@ -0,0 +1,14 @@ +SNMP Users +========== + +asks an snmp-router for its arp-list and tries to verify this list via +ARPING. The snmping is done via snmp-net and command line parsing, +the arping uses 'scapy'. + +This script needs superuser rights and otherwise will just skip the +verification + +SNMPWALK Command +=============== + +snmpwalk -c shammunity 10.42.0.1 1.3.6.1.2.1.3.1.1.2 diff --git a/modules/people/TODO.md b/modules/people/TODO.md new file mode 100644 index 00000000..dfefa9a0 --- /dev/null +++ b/modules/people/TODO.md @@ -0,0 +1,4 @@ +BUGS +===== +- an exception is thrown but handled wrong when snmp servers and arping is + unreachable diff --git a/modules/people/VERSION b/modules/people/VERSION new file mode 100644 index 00000000..6c50e659 --- /dev/null +++ b/modules/people/VERSION @@ -0,0 +1 @@ ++++++++[>+++++++>+++++++<<-]>.>---.<-. diff --git a/modules/people/bin/run.sh b/modules/people/bin/run.sh new file mode 100755 index 00000000..6da3d059 --- /dev/null +++ b/modules/people/bin/run.sh @@ -0,0 +1,5 @@ +#!/bin/bash +echo basedir $0 +BINDIR="`dirname $0`/../src" + +python2 "$BINDIR/main.py" $@ diff --git a/modules/people/conf/example.json b/modules/people/conf/example.json new file mode 100644 index 00000000..f34c20f0 --- /dev/null +++ b/modules/people/conf/example.json @@ -0,0 +1,22 @@ +{ + "snmp_users": { + "amqp": { + "connection": { + "login": "guest", + "password": "guest", + "host": "localhost" + }, + "out": { + "exchange": "snmp_src" + } + }, + "snmp": { + "server": "127.0.0.1", + "community": "community" + }, + "arping": { + "active": true, + "dev": "eth0" + } + } +} diff --git a/modules/people/src/arping.py b/modules/people/src/arping.py new file mode 100644 index 00000000..11fb81a9 --- /dev/null +++ b/modules/people/src/arping.py @@ -0,0 +1,30 @@ +#!/usr/bin/python2 + +import logging +log = logging.getLogger('arpingy') +import os +try: + if (os.geteuid() != 0): + raise Exception('no root permissions') + from scapy.all import * #might throws "no such module" + + def arpingy(iprange="10.42.1.0/24",iface='eth0'): + log.debug("pinging "+ str(iprange)) + """Arping function takes IP Address or Network, returns nested mac/ip list""" + try: + conf.verb=0 + ans,unans=arping(iprange,iface=iface,timeout=1) + + collection = [] + for snd, rcv in ans: + result = rcv.sprintf(r"%ARP.psrc% %Ether.src%").split() + log.debug(result) + return result # take just the first arp reply + except Exception as e: + print ("something went wrong while arpinging " + str(e)) + return [] + +except Exception as e: + log.error("Cannot load arping functions!" + str(e)) + def arpingy(iprange='',iface=''): + raise Exception ('arping not available') diff --git a/modules/people/src/main.py b/modules/people/src/main.py new file mode 100755 index 00000000..c70bffd4 --- /dev/null +++ b/modules/people/src/main.py @@ -0,0 +1,33 @@ +#!/usr/bin/env python2 +import sys,json,time +from snmp_users import snmp_users +import logging +import genericore as gen +MODULE_NAME='snmp_users' +log = logging.getLogger(MODULE_NAME) +PROTO_VERSION = 1 +DESCRIPTION = 'performes statistical analysis against mails from stream' + + +# set up instances of needed modules +conf = gen.Configurator(PROTO_VERSION,DESCRIPTION) +amqp = gen.auto_amqp(MODULE_NAME) +s = snmp_users(MODULE_NAME) # the magic mail parsing class + +conf.configure([amqp,s]) #set up parser and eval parsed stuff + +# start network connections +amqp.create_connection() + +log.info('Starting up snmp_users') +print ' Sending Messages in Intervals. To exit press CTRL+C' +try: + while True: + log.info("collecting data from network") + ret = s.collect() + data = { 'type' : 'snmp', 'subtype' : 0, 'data' : ret} + log.debug("writing data to queue : %s" % data) + amqp.publish(json.dumps(data)) + time.sleep(s.repeat) +except Exception as e: + print "something happened :( " + str(e) diff --git a/modules/people/src/snmp_users.py b/modules/people/src/snmp_users.py new file mode 100755 index 00000000..871ed9dd --- /dev/null +++ b/modules/people/src/snmp_users.py @@ -0,0 +1,122 @@ +#!/usr/bin/python2 + +import logging, subprocess,re +from multiprocessing import Pool +from genericore import Configurable +from arping import arpingy +log = logging.getLogger('snmp_users') + +DEFAULT_CONFIG= { + "snmp" : { + "server" : "127.0.0.1", + "community" : "community", + "tree" : "1.3.6.1.2.1.3.1.1.2" + }, + "arping" : { + "active" : True, + "dev" : "eth0" + } +} + +def arping_helper(dic): + return arpingy(**dic) + +class snmp_users(Configurable): + mac_list = {} + + def __init__(self,MODULE_NAME,config=None): + self.NAME=MODULE_NAME + newConf = { MODULE_NAME : DEFAULT_CONFIG } + Configurable.__init__(self,newConf) + self.load_conf(config) + + def call_external(self): + """returns an array of lines produced by snmpwalk """ + conf = self.config[self.NAME]['snmp'] + + out = subprocess.Popen( + ['snmpwalk', + '-v2c', + '-c',conf['community'], + conf['server'], + conf['tree']], + stdout=subprocess.PIPE).communicate()[0] + return out.split('\n') + + def parse_output(self,output): + """ parses output lines produced by snmpwalk """ + data = [] + for i in output: + if i == '': + continue + data.append(re.sub(r'.*\.(\d+\.\d+\.\d+\.\d+) = Hex-STRING: ([ 0-9A-F]*) ', r'\1 : \2',i).split(' : ')) + data = [ [ip,':'.join(mac.split()).lower()] for ip,mac in data] #sanitize + + return data + + def update_results(self,new): + """ Verifies ip and mac via ARP Scan + in addition it adds the correct ip to the mac_list """ + macl = self.mac_list = {} + for ip,mac in new: # fill the mac_list + if not macl.get(mac,None): + macl[mac] = [] + macl[mac].append(ip) + return True + + def verify(self,snmp_data): + """ verifies retrieved data where data is an array of arrays where + [0] is the ip and [1] is the mac (space-delimited)""" + arp_data = self.arping_parallel(snmp_data) + self.update_results(arp_data) + + def get_own_addr(self): + data = subprocess.Popen(['/sbin/ifconfig',self.config[self.NAME]['arping']['dev']], + stdout=subprocess.PIPE).communicate()[0].replace('\n','') + return re.sub(r'.*HWaddr ([0-9:A-F]*).*inet addr:([0-9.]*).*' ,r'\1 \2',data).split() + + + def arping_parallel(self,data): + conf = self.config[self.NAME]['arping'] + if conf['active']: + tmp = [ {'iprange':dat[0],'iface':conf['dev']} for dat in data] + try: + p = Pool(10) + ret = filter(lambda x:x , p.map(arping_helper, tmp)) + + myip,mymac = self.get_own_addr() #append self to list + ret.append([mymac,myip ] ) + p.terminate() + return ret + except Exception as e: + log.warning("Something happened,falling back to original data: "+ str(e)) + return data + + def collect(self): + output = self.call_external() + data = self.parse_output(output) + if not data: + raise Exception('External tool had not returned any parsable output') + log.debug('Got following output from snmpwalk program: ' +str(data)) + macs = self.verify(data) + #self.print_results(self.mac_list) + return self.mac_list + + def print_results(self,macs): + log.debug('printing results:') + print '\n'.join([ mac + " => %s" % + str(ips) for mac,ips in macs.items() ]) + print '%d *unique* nodes in network' % len(macs) + + def populate_parser(self,parser): + parser.add_argument('--repeat',type=int,dest='repeat',default=30,help='Seconds between Scans',metavar='SECS') #TODO add this to configuration + + def eval_parser(self,parsed): + self.repeat = parsed.repeat + +if __name__ == "__main__": + logging.basicConfig(level=logging.INFO) + a = snmp_users() + print a.get_own_addr() + a.collect() + a.print_results(a.mac_list) -- cgit v1.2.3