- Change language to:
We released another version for the Honeynet check script. It includes a better reporting template, reporting when the mirrorprobe file fetch failed; some style cleanups and some few feature changes. Checkout the file below to obtain more information. You can also request a ”diff” file from me to update your local version (use the contactform for that, or normalise the email address in the script)
#!/usr/bin/perl
###########################################################################
# $Id: check_honeynet-evilcoder.pl,v 1.13 2006/07/15 14:25:43 remko Exp $
###########################################################################
###########################################################################
# Copyright (C) 2005, Remko Lodder <remko at FreeBSD dot org>. All rights reserved.
# Copyright (C) 2006, Remko Lodder <remko at FreeBSD dot org>. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
# 1. Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in the
# documentation and/or other materials provided with the distribution.
#
# THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS “AS IS” AND
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
# ARE DISCLAIMED. IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE.
###########################################################################
###########################################################################
# Contributors:
# Ivo Naninck,
# Marc Plaisier,
# Mart van de Wege
# Lance Spitzner
#
# Script:
# This is a stand alone script written for honeynet.org. It’s purpose is
# to check the listed mirrors to see which one is outdated and notify
# the administrator of the outdated mirror if needed. This way the
# mirrors will always be within a certain timeframe and can be removed
# if they are too outdated.
#
# Mart van de Wege recently told me that it would be nice to have a
# higher level mail module. I do not want to do so because i think
# this script should be as low level as possible, requiring as less
# modules as possible. Making it easier to run this on various
# machines without needing to install the entire CPAN to function.
#
# Written in colaboration with Lance Spitzner <lance at honeynet dot org>
###########################################################################
use strict;
use warnings;
use Net::SMTP;
use Getopt::Std;
use LWP::Simple;
###########################################################################
# variables. All configurable options are defined below. Please adjust them
# to your need.
###########################################################################
# create two hashes which can be used to read our config variables from the
# configuration file. Devided between configuration items and mirror
# information.
my %CONFIG = ();
my %MIRRORS = ();
# create the option hash, we will use that later to add our option flags.
my %option = ();
# Template some variables
my ($status, $reporthost, $timestamp);
# Version, author and script specific behaviour
my $CONFIGFILE = "./honeynet-evilcoder.cf";
my $author = ‘Remko Lodder <remko at FreeBSD dot org>’; # Name of the author, respect the license.
my $name = __FILE__; # Our scriptname.
my $version = ‘1.4.2′; # Our version.
my $honeynet_ctime = time();
###########################################################################
# Do not edit anything below this line unless you know what you are doing.
###########################################################################
# Read the configuration before we will use anything else.
open (CONF, "< $CONFIGFILE") || die "Unable to open $CONFIGFILE: $!\n";
my ($config,$mirrors);
while (<CONF>) {
chomp;
if ( /\[CONFIG\]/ )
{
$config = 1;
$mirrors = 0;
next;
}
if ( /\[MIRRORS\]/ )
{
$config = 0;
$mirrors = 1;
next;
}
s/#.*//;
s/^\s+//;
s/\s+$//;
next unless length;
my ($var, $value) = split(/\s*=\s*/, $_, 2);
if ( $config eq "1" ) { $CONFIG{$var} = $value; }
elsif ( $mirrors eq "1" ) { $MIRRORS{$var} = $value; }
else { print "It seems that your configurationfile is empty, please investigate\n"; }
}
close CONF;
getopts("chpt", \%option);
if ($option{c})
{
if ($CONFIG{’debug’} ne "0")
{
print("$name: Starting\n");
print("$name: Writing timestamp\n");
}
create_timestamp($CONFIG{probefile});
if ($CONFIG{’debug’} ne "0") { print("$name: Finishing\n"); }
}
elsif ($option{p})
{
if ($CONFIG{’debug’} ne "0")
{
print("$name: Starting\n");
print("$name: Processing mirrors\n");
}
process_mirrors(%MIRRORS);
if ($CONFIG{’debug’} ne "0") { print("$name: Finishing\n"); }
}
# test mode, printout information on screen.
elsif ($option{t})
{
$CONFIG{enable_mail} = 0;
print("$name: Starting\n");
print("$name: Processing mirrors\n");
process_mirrors(%MIRRORS);
print("$name: Finishing\n");
}
# People expect a help option, provide it for them.
elsif ($option{h}) { print_help(); }
# No valid options had been given, fallback to the help information.
else { print_help(); }
sub print_help
{
print("$name\n");
print("Syntax: $name [-c] [-h] [-p] [-t]\n");
print("-c Create the timestamp for the local machine. This timestamp\n");
print(" can be used to determine when the mirrors were last updated.\n\n");
print("-h Print this help information\n\n");
print("-p Check the status of the mirrors and report that status.\n\n");
print("-t Test mode, do not send emails but print the information on\n");
print(" the screen. This overrides the email settings you might have\n");
print(" set in the file\n");
print("Version: $version\n");
print("Originally written by: $author\n");
}
sub create_timestamp
{
my $probefile = shift;
open(F_OUT, "> $probefile");
print F_OUT time();
close F_OUT;
}
sub fetch_data
{
my $source = shift;
my $sourcefile = shift;
my $data = get("http://${source}${sourcefile}");
if ($data) { return $data; }
}
sub process_mirrors
{
my %mirror_time;
my %mirror_list = @_;
for my $target ( sort keys %mirror_list )
{
$mirror_time{$target} = fetch_data($target,$CONFIG{sourcefile});
if (! $mirror_time{$target} ) { $mirror_time{$target} = 0; }
my $mirror_ctime = $mirror_time{$target};
my $mirror_difftime = $honeynet_ctime - $mirror_time{$target};
if ( $mirror_difftime < $CONFIG{timeout} )
{
if ($CONFIG{’verbose’} ne "0")
{
$status = "OK";
$timestamp = scalar localtime($mirror_time{$target});
$reporthost = $target;
write;
}
}
else
{
# The email option is enabled and we found an outdated mirror
# jump to the email_report function.
if ($CONFIG{enable_mail}) { email_report($target,$mirror_time{$target}); }
# We do not want to send a email, print a warning instead.
else
{
if ($CONFIG{’verbose’} ne "0")
{
$status = "!!!!!!";
$timestamp = scalar localtime($mirror_time{$target});
if ($timestamp =~ /19[6-7]\d/) { $timestamp = "Mirrorprobe file problems!"; }
$reporthost = $target;
write;
}
}
}
}
format STDOUT_TOP =
—————————————————————————-
————————— Honeynet Check results ————————-
—————————————————————————-
Status Site Last changed
.
format STDOUT =
@<<<< @<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< @<<<<<<<<<<<<<<<<<<<<<<<<<<
$status, $reporthost, $timestamp
.
}
sub email_report
{
my $target = shift;
my $mirror_time = shift;
if (!$CONFIG{ehlohost}) { $CONFIG{ehlohost} = $CONFIG{mailhost}; }
my $smtp = Net::SMTP->new("$CONFIG{mailhost}", Hello => "$CONFIG{ehlohost}");
$mirror_time = scalar localtime($mirror_time);
if ($mirror_time =~ /19[6-7]\d/) { $mirror_time = "There were problems fetching the mirrorprobe file"; }
$smtp->to("$MIRRORS{$target}");
$smtp->data();
$smtp->datasend("EHLO $CONFIG{ehlohost}\r\n");
$smtp->datasend("MAIL FROM: <$CONFIG{fromaddr}>\n");
$smtp->datasend("RCPT TO: <$MIRRORS{$target}>\n");
# We need to sleep a little so that all smtp servers can process the email.
# For example: postfix complains about unauthorized pipelining when this is not defined.
sleep(2);
$smtp->datasend("DATA\r\n");
$smtp->datasend("To: <$MIRRORS{$target}>\n");
$smtp->datasend("CC: <$CONFIG{ccaddr}\n");
$smtp->datasend("From: $CONFIG{fromaddr}\n");
$smtp->datasend("Subject: $target seems to be outdated, please investigate\n");
$smtp->datasend("\n\n");
$smtp->datasend("Hello $MIRRORS{$target},\n\n");
$smtp->datasend("You are recieving this email because your mirror ($target) seems to be outdated.\n");
$smtp->datasend("\n");
$smtp->datasend("At this moment it seems that your mirror was last updated on $mirror_time.\n");
$smtp->datasend("Could you please check if everything is working as expected?\n\n");
$smtp->datasend("If there is something wrong or you do no longer wish to be a mirror, please notify $CONFIG{honeyadmin}\n\n");
$smtp->datasend("–\n");
$smtp->datasend("Thanks for supporting the efforts of Honeynet\n");
$smtp->datasend("The Honeynet mirror admins\n");
$smtp->dataend();
$smtp->quit;
}