From 951d398e20fdb778289e7dff2350594503dc300f Mon Sep 17 00:00:00 2001
From: krebs <krebs@UTART>
Date: Sun, 22 May 2011 01:42:36 +0200
Subject: updated people script,
removed bloat from people script collection
---
modules/people/Makefile | 6 ++
modules/people/README.md | 11 ++--
modules/people/TODO.md | 3 +-
modules/people/arping.py | 37 +++++++++++
modules/people/arping_users.py | 54 ++++++++++++++++
modules/people/bin/run.sh | 5 --
modules/people/conf/example.json | 22 -------
modules/people/mac_names.lst | 1 +
modules/people/src/arping.py | 37 -----------
modules/people/src/arping_users.py | 48 ---------------
modules/people/src/mac_names.lst | 1 -
modules/people/src/main.py | 33 ----------
modules/people/src/snmp_users.py | 122 -------------------------------------
13 files changed, 104 insertions(+), 276 deletions(-)
create mode 100644 modules/people/Makefile
create mode 100755 modules/people/arping.py
create mode 100755 modules/people/arping_users.py
delete mode 100755 modules/people/bin/run.sh
delete mode 100644 modules/people/conf/example.json
create mode 100644 modules/people/mac_names.lst
delete mode 100755 modules/people/src/arping.py
delete mode 100755 modules/people/src/arping_users.py
delete mode 100644 modules/people/src/mac_names.lst
delete mode 100755 modules/people/src/main.py
delete mode 100755 modules/people/src/snmp_users.py
diff --git a/modules/people/Makefile b/modules/people/Makefile
new file mode 100644
index 00000000..2c6c1c03
--- /dev/null
+++ b/modules/people/Makefile
@@ -0,0 +1,6 @@
+.phony: all
+
+all: arping.py arping_users.py
+ echo "call python ./arping_users.py v"
+install:
+ apt-get install python-scapy
diff --git a/modules/people/README.md b/modules/people/README.md
index d28100d3..e45d39c1 100644
--- a/modules/people/README.md
+++ b/modules/people/README.md
@@ -1,12 +1,11 @@
-SNMP Users
+ARPING Users
==========
-asks an snmp-router for its arp-list and tries to verify this list via
-ARPING. The snmping is done via snmp-net and command line parsing,
-the arping uses 'scapy'.
+This is a simplified python script which checks the available subnet for computers online and returns a list of users which are online based on their mac-address
-This script needs superuser rights and otherwise will just skip the
-verification
+
+arping_users.py:
+ call `python arping_users.py v` for verbose output -> print all discovered hosts
SNMPWALK Command
===============
diff --git a/modules/people/TODO.md b/modules/people/TODO.md
index dfefa9a0..daacfd58 100644
--- a/modules/people/TODO.md
+++ b/modules/people/TODO.md
@@ -1,4 +1,3 @@
BUGS
=====
-- an exception is thrown but handled wrong when snmp servers and arping is
- unreachable
+
diff --git a/modules/people/arping.py b/modules/people/arping.py
new file mode 100755
index 00000000..1b51ab1b
--- /dev/null
+++ b/modules/people/arping.py
@@ -0,0 +1,37 @@
+#!/usr/bin/python
+
+import logging
+log = logging.getLogger('arpingy')
+logging.disable(logging.WARNING)
+
+import os,sys
+try:
+ if (os.geteuid() != 0):
+ raise Exception('no root permissions')
+ from scapy.all import * #might throws "no such module"
+
+ def arpingy(iprange="10.42.1.0/24",iface='eth0'):
+ log.debug("pinging "+ str(iprange))
+ """Arping function takes IP Address or Network, returns nested mac/ip list"""
+ try:
+ conf.verb=0
+ ans,unans=arping(iprange,iface=iface,timeout=1,retry=3)
+
+ collection = []
+ for snd, rcv in ans:
+ result = rcv.sprintf(r"%ARP.psrc% %Ether.src%").split()
+ log.debug(result)
+ return result # take just the first arp reply
+ except Exception as e:
+ print ("something went wrong while arpinging " + str(e))
+ return []
+
+except Exception as e:
+ log.error("Cannot load arping functions!" + str(e))
+ def arpingy(iprange='',iface=''):
+ raise Exception ('arping not available')
+
+
+if __name__ =='__main__':
+ logging.basicConfig(level=logging.DEBUG)
+ arpingy(sys.argv[1],sys.argv[2])
diff --git a/modules/people/arping_users.py b/modules/people/arping_users.py
new file mode 100755
index 00000000..c576e4f3
--- /dev/null
+++ b/modules/people/arping_users.py
@@ -0,0 +1,54 @@
+#!/usr/bin/python
+import subprocess,re,logging,sys
+
+from arping import arpingy
+from multiprocessing import Pool
+DEV='eth0'
+MAC_NAMES='mac_names.lst'
+data = []
+ret = {}
+verb = False
+
+if len(sys.argv) > 1 and sys.argv[1] == 'v':
+ verb = True
+def get_own_addr():
+ data = subprocess.Popen(['/sbin/ifconfig',DEV],
+ stdout=subprocess.PIPE).communicate()[0].replace('\n','')
+ return re.sub(r'.*HWaddr ([0-9A-Fa-f:]*).*inet addr:([0-9.]*).*' ,
+ r'\1 \2',data).split()
+
+def load_names(MAC_NAMES):
+ names = {}
+ f = open(MAC_NAMES)
+ for l in f:
+ mac,name = l.split()
+ names[mac] = name.replace('\n','')
+ f.close()
+ return names
+
+def arping_helper(dic):
+ return arpingy(**dic)
+
+for first in range(4):
+ for second in range(255):
+ data.append({'iprange':'10.42.'+str(first)+'.'+str(second),'iface':DEV})
+
+names = load_names(MAC_NAMES)
+try:
+ p = Pool(20)
+ ret = filter(lambda x:x , p.map(arping_helper, data))
+ myip,mymac = get_own_addr()
+ ret.append([mymac,myip])
+ p.terminate()
+except Exception as e:
+ print 'you fail '+str(e)
+
+
+
+for p in ret:
+ if verb:
+ print p[0] + " => " + p[1]
+ if p[1] in names:
+ print names[p[1]]+ " is online"
+
+
diff --git a/modules/people/bin/run.sh b/modules/people/bin/run.sh
deleted file mode 100755
index 6da3d059..00000000
--- a/modules/people/bin/run.sh
+++ /dev/null
@@ -1,5 +0,0 @@
-#!/bin/bash
-echo basedir $0
-BINDIR="`dirname $0`/../src"
-
-python2 "$BINDIR/main.py" $@
diff --git a/modules/people/conf/example.json b/modules/people/conf/example.json
deleted file mode 100644
index f34c20f0..00000000
--- a/modules/people/conf/example.json
+++ /dev/null
@@ -1,22 +0,0 @@
-{
- "snmp_users": {
- "amqp": {
- "connection": {
- "login": "guest",
- "password": "guest",
- "host": "localhost"
- },
- "out": {
- "exchange": "snmp_src"
- }
- },
- "snmp": {
- "server": "127.0.0.1",
- "community": "community"
- },
- "arping": {
- "active": true,
- "dev": "eth0"
- }
- }
-}
diff --git a/modules/people/mac_names.lst b/modules/people/mac_names.lst
new file mode 100644
index 00000000..dcd3c2b0
--- /dev/null
+++ b/modules/people/mac_names.lst
@@ -0,0 +1 @@
+00:40:63:c8:b5:a0 krebs
diff --git a/modules/people/src/arping.py b/modules/people/src/arping.py
deleted file mode 100755
index eea176e0..00000000
--- a/modules/people/src/arping.py
+++ /dev/null
@@ -1,37 +0,0 @@
-#!/usr/bin/python
-
-import logging
-log = logging.getLogger('arpingy')
-logging.disable(logging.WARNING)
-
-import os,sys
-try:
- if (os.geteuid() != 0):
- raise Exception('no root permissions')
- from scapy.all import * #might throws "no such module"
-
- def arpingy(iprange="10.42.1.0/24",iface='eth0'):
- log.debug("pinging "+ str(iprange))
- """Arping function takes IP Address or Network, returns nested mac/ip list"""
- try:
- conf.verb=1
- ans,unans=arping(iprange,iface=iface,timeout=1,retry=3)
-
- collection = []
- for snd, rcv in ans:
- result = rcv.sprintf(r"%ARP.psrc% %Ether.src%").split()
- log.debug(result)
- return result # take just the first arp reply
- except Exception as e:
- print ("something went wrong while arpinging " + str(e))
- return []
-
-except Exception as e:
- log.error("Cannot load arping functions!" + str(e))
- def arpingy(iprange='',iface=''):
- raise Exception ('arping not available')
-
-
-if __name__ =='__main__':
- logging.basicConfig(level=logging.DEBUG)
- arpingy(sys.argv[1],sys.argv[2])
diff --git a/modules/people/src/arping_users.py b/modules/people/src/arping_users.py
deleted file mode 100755
index d6f6826e..00000000
--- a/modules/people/src/arping_users.py
+++ /dev/null
@@ -1,48 +0,0 @@
-#!/usr/bin/python
-import subprocess,re,logging
-
-from arping import arpingy
-from multiprocessing import Pool
-
-DEV='eth0'
-MAC_NAMES='mac_names.lst'
-data = []
-ret = {}
-exit (0)
-def get_own_addr():
- data = subprocess.Popen(['/sbin/ifconfig',DEV],
- stdout=subprocess.PIPE).communicate()[0].replace('\n','')
- return re.sub(r'.*HWaddr ([0-9A-Fa-f:]*).*inet addr:([0-9.]*).*' ,
- r'\1 \2',data).split()
-
-def load_names(MAC_NAMES):
- names = {}
- f = open(MAC_NAMES)
- for l in f:
- mac,name = l.split()
- names[mac] = name.replace('\n','')
- f.close()
- return names
-
-def arping_helper(dic):
- return arpingy(**dic)
-
-for first in range(3):
- for second in range(255):
- data.append({'iprange':'10.42.'+str(first)+'.'+str(second),'iface':DEV})
-
-names = load_names(MAC_NAMES)
-try:
- p = Pool(20)
- ret = filter(lambda x:x , p.map(arping_helper, data))
- myip,mymac = get_own_addr()
- ret.append([mymac,myip])
- p.terminate()
-except:
- print 'you fail'
-
-
-
-for p in ret:
- if p[1] in names:
- print names[p[1]]+ " is online"
diff --git a/modules/people/src/mac_names.lst b/modules/people/src/mac_names.lst
deleted file mode 100644
index dcd3c2b0..00000000
--- a/modules/people/src/mac_names.lst
+++ /dev/null
@@ -1 +0,0 @@
-00:40:63:c8:b5:a0 krebs
diff --git a/modules/people/src/main.py b/modules/people/src/main.py
deleted file mode 100755
index c70bffd4..00000000
--- a/modules/people/src/main.py
+++ /dev/null
@@ -1,33 +0,0 @@
-#!/usr/bin/env python2
-import sys,json,time
-from snmp_users import snmp_users
-import logging
-import genericore as gen
-MODULE_NAME='snmp_users'
-log = logging.getLogger(MODULE_NAME)
-PROTO_VERSION = 1
-DESCRIPTION = 'performes statistical analysis against mails from stream'
-
-
-# set up instances of needed modules
-conf = gen.Configurator(PROTO_VERSION,DESCRIPTION)
-amqp = gen.auto_amqp(MODULE_NAME)
-s = snmp_users(MODULE_NAME) # the magic mail parsing class
-
-conf.configure([amqp,s]) #set up parser and eval parsed stuff
-
-# start network connections
-amqp.create_connection()
-
-log.info('Starting up snmp_users')
-print ' Sending Messages in Intervals. To exit press CTRL+C'
-try:
- while True:
- log.info("collecting data from network")
- ret = s.collect()
- data = { 'type' : 'snmp', 'subtype' : 0, 'data' : ret}
- log.debug("writing data to queue : %s" % data)
- amqp.publish(json.dumps(data))
- time.sleep(s.repeat)
-except Exception as e:
- print "something happened :( " + str(e)
diff --git a/modules/people/src/snmp_users.py b/modules/people/src/snmp_users.py
deleted file mode 100755
index 871ed9dd..00000000
--- a/modules/people/src/snmp_users.py
+++ /dev/null
@@ -1,122 +0,0 @@
-#!/usr/bin/python2
-
-import logging, subprocess,re
-from multiprocessing import Pool
-from genericore import Configurable
-from arping import arpingy
-log = logging.getLogger('snmp_users')
-
-DEFAULT_CONFIG= {
- "snmp" : {
- "server" : "127.0.0.1",
- "community" : "community",
- "tree" : "1.3.6.1.2.1.3.1.1.2"
- },
- "arping" : {
- "active" : True,
- "dev" : "eth0"
- }
-}
-
-def arping_helper(dic):
- return arpingy(**dic)
-
-class snmp_users(Configurable):
- mac_list = {}
-
- def __init__(self,MODULE_NAME,config=None):
- self.NAME=MODULE_NAME
- newConf = { MODULE_NAME : DEFAULT_CONFIG }
- Configurable.__init__(self,newConf)
- self.load_conf(config)
-
- def call_external(self):
- """returns an array of lines produced by snmpwalk """
- conf = self.config[self.NAME]['snmp']
-
- out = subprocess.Popen(
- ['snmpwalk',
- '-v2c',
- '-c',conf['community'],
- conf['server'],
- conf['tree']],
- stdout=subprocess.PIPE).communicate()[0]
- return out.split('\n')
-
- def parse_output(self,output):
- """ parses output lines produced by snmpwalk """
- data = []
- for i in output:
- if i == '':
- continue
- data.append(re.sub(r'.*\.(\d+\.\d+\.\d+\.\d+) = Hex-STRING: ([ 0-9A-F]*) ', r'\1 : \2',i).split(' : '))
- data = [ [ip,':'.join(mac.split()).lower()] for ip,mac in data] #sanitize
-
- return data
-
- def update_results(self,new):
- """ Verifies ip and mac via ARP Scan
- in addition it adds the correct ip to the mac_list """
- macl = self.mac_list = {}
- for ip,mac in new: # fill the mac_list
- if not macl.get(mac,None):
- macl[mac] = []
- macl[mac].append(ip)
- return True
-
- def verify(self,snmp_data):
- """ verifies retrieved data where data is an array of arrays where
- [0] is the ip and [1] is the mac (space-delimited)"""
- arp_data = self.arping_parallel(snmp_data)
- self.update_results(arp_data)
-
- def get_own_addr(self):
- data = subprocess.Popen(['/sbin/ifconfig',self.config[self.NAME]['arping']['dev']],
- stdout=subprocess.PIPE).communicate()[0].replace('\n','')
- return re.sub(r'.*HWaddr ([0-9:A-F]*).*inet addr:([0-9.]*).*' ,r'\1 \2',data).split()
-
-
- def arping_parallel(self,data):
- conf = self.config[self.NAME]['arping']
- if conf['active']:
- tmp = [ {'iprange':dat[0],'iface':conf['dev']} for dat in data]
- try:
- p = Pool(10)
- ret = filter(lambda x:x , p.map(arping_helper, tmp))
-
- myip,mymac = self.get_own_addr() #append self to list
- ret.append([mymac,myip ] )
- p.terminate()
- return ret
- except Exception as e:
- log.warning("Something happened,falling back to original data: "+ str(e))
- return data
-
- def collect(self):
- output = self.call_external()
- data = self.parse_output(output)
- if not data:
- raise Exception('External tool had not returned any parsable output')
- log.debug('Got following output from snmpwalk program: ' +str(data))
- macs = self.verify(data)
- #self.print_results(self.mac_list)
- return self.mac_list
-
- def print_results(self,macs):
- log.debug('printing results:')
- print '\n'.join([ mac + " => %s" %
- str(ips) for mac,ips in macs.items() ])
- print '%d *unique* nodes in network' % len(macs)
-
- def populate_parser(self,parser):
- parser.add_argument('--repeat',type=int,dest='repeat',default=30,help='Seconds between Scans',metavar='SECS') #TODO add this to configuration
-
- def eval_parser(self,parsed):
- self.repeat = parsed.repeat
-
-if __name__ == "__main__":
- logging.basicConfig(level=logging.INFO)
- a = snmp_users()
- print a.get_own_addr()
- a.collect()
- a.print_results(a.mac_list)
--
cgit v1.2.3