2008 March » Evilcoder.org

Mar 24

Check_Honeynet v1.7

Downloads No Comments »

Change language to:

Here is Check_Honeynet v1.7

check_honeynet.pl:

PLAIN TEXT

PERL:

#!/usr/bin/perl
# $Id: check_honeynet.pl,v 1.48.2.3 2008/03/24 14:46:14 remko Exp $
###########################################################################
###########################################################################
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
# 1. Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in the
# documentation and/or other materials provided with the distribution.
#
# THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
# ARE DISCLAIMED. IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE.
###########################################################################
###########################################################################
# Contributors:
# Ivo Naninck, (Language)
# Marc Plaisier, (Language)
# Mart van de Wege, (suggested a different mailer in 2006, told me that it
# should run on a high level interface as easy as possible, I discarded
# the idea back then, till Richard came with a good idea).
# Lance Spitzner (the most valueable feedback regarding the script).
# Richard Arends (suggested the actual perl mailer; and gave a good example
# on how to use the module)
# Robert Blacquiere (showed me Simple::Config, which I am using now to
# obtain configuration informatin, as well as write statistics to a
# temporary file)
#
# Script:
# This is a stand alone script written for honeynet.org. It's purpose is
# to check the listed mirrors to see which one is outdated and notify
# the administrator of the outdated mirror if needed. This way the
# mirrors will always be within a certain timeframe and can be removed
# if they are too outdated.
#
# A while ago Mart vd Wege told me that a higher level mail module would be
# much easier to cope with. This had been implemented as of version 1.6.2
#
# Written in colaboration with Lance Spitzner <lance@honeynet.org>
###########################################################################
###########################################################################
# Differences between releases, started this between 1.5 and 1.6 sorry
# for the loss of potential usefull information (although I might be able
# to retrieve the missing data from my CVS branches).
# Note that all the three version based versions are just bugfixes to some
# degree.
# Version Who What
# 1.1 Remko Initial script to check the mirrors.
# 1.1->1.2 Remko
# 1.2->1.3 Remko
# 1.3->1.4 Remko
# 1.4->1.5 Remko Code cleanups, restructure of code; corrected
# some bugs between various releases spotted
# by Lance.
# 1.5->1.6 Remko Cleanups, changed structure for timestamp
# retrieval; make it human readable and match
# on a specific pattern. Made the version dependend
# on the configuration version and visa-versa
# to be able to make big config changes.
# BF-1: Fix the email send options by using the
# correct Net::SMTP commands.
# BF-1: Fix the parsing of the new mirrorprobe
# layout.
# BF-2: Change the Mailer used to send out the
# report.
# 1.6->1.7 Remko Implement Config::Simple, makes configuration
# much easier!
###########################################################################
use strict;
use warnings;
use LWP::Simple;
use Getopt::Std;
use Mail::Sendmail;
use Config::Simple;
###########################################################################
# variables. All configurable options are defined below. Please adjust them
# to your need.
###########################################################################
# Hash to store our entire configuration in.
my %CONFIG = ();
# create the option hash, we will use that later to add our option flags.
my %option = ();
# Template some standard variables
my ($CONFIGFILE, $status, $reporthost, $timestamp,$target, @MIRRORS, $enable_mail, $cfg);
# Prototype functions
sub fetch_data ($$);
sub email_report ($$);
sub convert_input ($);
sub process_mirrors (@);
sub create_timestamp ($);
# Version, author and script specific behaviour
my $author = 'Remko Lodder <remko@FreeBSD.org>'; # Name of the author, respect the license.
my $name = __FILE__; # Our scriptname.
my $MAJOR = '1'; # Our major version number
my $MINOR = '7'; # Our minor version number
my $PATCHLEVEL = '0'; # Our patchlevel
my $version = "$MAJOR.$MINOR.$PATCHLEVEL"; # Our version.
###########################################################################
# Do not edit anything below this line unless you know what you are doing.
###########################################################################
getopts("cC:f:F:hpR:t", \%option);
my $config_flag = 1 if $option{f};
my $config_option = $option{f};
my $create_flag = 1 if $option{c};
my $help_flag = 1 if $option{h};
my $process_flag = 1 if $option{p};
my $test_flag = 1 if $option{t};
my $convert_flag = 1 if $option{C};
my $fetch_flag = 1 if $option{F};
my $retrieve_flag = 1 if $option{R};
# Simply assign the contents of the configuration parameter to the
# configuration file variable, otherwise overrule it with the
# default value
$CONFIGFILE = $config_option || "./honeynet.cf";
$cfg = new Config::Simple($CONFIGFILE);
%CONFIG = $cfg->vars();
@MIRRORS = $cfg->param('CONFIG.mirrors');
$enable_mail = $cfg->param('CONFIG.enable_mail');
# Temporary to write out the exact config to our statistics file, later we will use this to write
# down our run-time statistics into a "peristent" file.
$cfg->write($cfg->param('CONFIG.statisticsfile'));
# Make sure that there us a version statement in the configuration file, so that we can see whether we are
# compabible or not.
if (!$cfg->param('CONFIG.version'))
{
print "It appears that you do not have a version statement in your configuration file. This means that the version you are using now is
too old, make sure that you obtain the latest one and update that to your needs.";
exit(1);
}
if ($cfg->param('CONFIG.version'))
{
my($version_def_major,$version_def_minor) = $cfg->param('CONFIG.version') =~ /(\d+)\.(\d+)/;
# the script can defer between MAJOR and MINOR releases; bugfixes aka patchlevels are
# not affected by this and can thus be ignored.
# TODO: This check should be made more flexible in the future, version 1.4 and 1.5 share
# the same configuration file and should both pass.
if(($version_def_major lt $MAJOR) or ($version_def_minor lt $MINOR))
{
print "You appear to be using an older configuration file that might not be compatible with the current version of the
script, please validate that you have the latest options included and copy over the version statement from the latest available configuration
file. Make sure that the old version statement is overwritten!
The current script runs on version: $version, while the configuration is for version $cfg->param('CONFIG.version')\n";
exit(1);
}
}
# Create a new timestamp that will be fed into the mirrors, which we can use to test the
# age of the mirror.
if ($create_flag) {
create_timestamp($cfg->param('CONFIG.probefile'));
}
elsif ($process_flag) {
# Process the mirrors using the hash we have for them.
process_mirrors(@MIRRORS);
}
# test mode, printout information on screen.
elsif($test_flag)
{
# In test mode we dont send out emails.
$enable_mail = 0;
print("$name: Starting\n");
print("$name: Processing mirrors\n");
# Process the mirrors using the hash we have for them.
process_mirrors(@MIRRORS);
print("$name: Finishing\n");
}
# convert input from unixtime to human readable time.
elsif($convert_flag)
{
print "$option{C} resolves to " . convert_input($option{C}) . "\n";
}
# fetch the mirrorprobe file from the given host
elsif($fetch_flag)
{
my $result = fetch_data($option{F}, $cfg->param('CONFIG.sourcefile'));
open(OUT, "> $cfg->param('CONFIG.outdir')/$option{F}.timestamp");
print OUT $result;
close(OUT);
}
# Fetch the mirror timestamp and parse it. Print the output back on the screen.
elsif($retrieve_flag)
{
my $result = fetch_data($option{R}, $cfg->param('CONFIG.sourcefile'));
print("$option{R} was last modified " . convert_input($result) . "\n");
}
# People expect a help option, provide it for them.
elsif ($help_flag)
{
print_help();
}
# No valid options had been given, fallback to the help information.
else
{
print_help();
}
sub print_help
{
print("Usage:\t$name [ -c ] [ -C <value> ] [ -f <configurationfile> ] [ -F <host> ] [ -h ] [ -p ] [ -R <host> ] [ -t ]
\t-c\tCreate the timestamp for the localmachine. This timestamp can be used to determine when the mirror was last updated.
\t-C\t<value> converts the unix timestamp to human readable format
\t-f\t<filename> Use the specified configuration file
\t-F\t<host> fetch the timestamp for an external host, for example: www.honeynet.nl
\t-h\tprint this help.
\t-p\tCheck the status of the mirrors, and report the output to us
\t-t\tTest mode, does not send out emails, but prints the information on the screen.
Version: $version
Originally written by Remko Lodder <remko\@FreeBSD.org, for the honeynet project.\n");
}
sub create_timestamp ($)
{
my $probefile = shift;
open(F_OUT, "> $probefile");
print F_OUT "Mirrorprobe time: " . time() . "
Local time: " . convert_input(time());
close F_OUT;
}
sub convert_input ($)
{
my $output = scalar localtime(shift);
return $output;
}
sub fetch_data ($$)
{
my $source = shift;
my $sourcefile = shift;
my $return_data = ();
my $data = get("http://$source$sourcefile");
# IF the remote data is present, take out the numberic time value and return that
# ELSE obscure the data, which will revert to 1969/1970 (depending on what the machine
# considers EPOCH).
if ($data)
{
chomp $data;
$return_data = $data;
$return_data =~ s/\n/\ /;
if ($return_data =~ /\S+ \S+ (\d+) \S+/)
{
$return_data = $1;
}
return $return_data;
}
else
{
$data = 0;
return $data;
}
}
sub process_mirrors (@) {
my %mirror_time;
my @mirror_list = @_;
for my $target(@mirror_list)
{
$mirror_time{$target} = fetch_data($target,$cfg->param('CONFIG.sourcefile'));
# We should probably dont need to use this since it is implied in the routine itself.
if(!$mirror_time{$target})
{
$mirror_time{$target} = 0;
}
# declare our local time before continueing.
my $honeynet_ctime = time();
my $mirror_ctime = $mirror_time{$target};
my $mirror_difftime = $honeynet_ctime - $mirror_time{$target};
# If the resulting number is less then zero, the remote host is outdated.
my $mirror_timediff = $cfg->param('CONFIG.timeout') - $mirror_difftime;
if ($mirror_timediff gt "0")
{
if($cfg->param('CONFIG.verbose') ne "0")
{
$status = "OK";
$timestamp = scalar localtime($mirror_time{$target});
$reporthost = $target;
write;
}
next;
}
else
{
# The email option is enabled and we found an outdated mirror
# jump to the email_report function.
if($enable_mail)
{
email_report($target,$mirror_time{$target});
}
if($cfg->param('CONFIG.verbose') ne "0")
{
$status = "FAIL";
$timestamp = scalar localtime($mirror_time{$target});
# Only override if the message has the old timestamp and thus is broken.
if(

Evilcoder.org

Language

Pages

Categories

Links

Spam Blocked

Check_Honeynet v1.7