Merge branch 'master' of github.com:Opmantek/open-audit

app/Config/OpenAudit.php

@@ -14,7 +14,7 @@ class OpenAudit extends BaseConfig
     public string $displayVersion = '5.1.0';
     public int $appVersion = 20240104;
 
-    public array $enterprise_collections = array('applications' => 'cud', 'baselines' => 'crud', 'baselines_policies' => 'crud', 'baselines_results' => 'crud', 'clouds' => 'crud', 'collectors' => 'crud', 'dashboards' => 'cud', 'discovery_scan_options' => 'cud', 'files' => 'crud', 'integrations' => 'crud', 'racks' => 'crud', 'roles' => 'cu');
+    public array $enterprise_collections = array('applications' => 'cud', 'baselines' => 'crud', 'baselines_policies' => 'crud', 'baselines_results' => 'crud', 'clouds' => 'crud', 'collectors' => 'crud', 'dashboards' => 'cud', 'discovery_scan_options' => 'cud', 'files' => 'crud', 'executables' => 'crud', 'integrations' => 'crud', 'racks' => 'crud', 'roles' => 'cu');
     public array $professional_collections = array('applications' => 'r', 'clusters' => 'crud', 'dashboards' => 'r', 'discovery_scan_options' => 'r', 'maps' => 'crud', 'rules' => 'crud', 'tasks' => 'crud', 'widgets' => 'crud');
     public float $microtime = 0;
     public int $collector_connect_timeout = 10;
@@ -32,6 +32,7 @@ class OpenAudit extends BaseConfig
     public string $server_os = '';
     public string $server_platform = '';
     public bool $advanced_queries = true;
+    public bool $executables = false;
 
     public function __set($key, $value)
     {

app/Config/Routes.php

@@ -15,7 +15,7 @@
  */
 
 $collections = array('agents','applications','attributes','baselines','baselines_policies','baselines_results','clouds','clusters','collectors', 'components',
-'configuration','connections','credentials','dashboards','devices','discoveries','discovery_log','discovery_scan_options','errors','fields','files',
+'configuration','connections','credentials','dashboards','devices','discoveries','discovery_log','discovery_scan_options','errors','executables','fields','files',
 'groups','integrations','ldap_servers','licenses','locations','maps','networks','nmis','orgs','queries','queue','racks','rack_devices','reports','roles',
 'rules','scripts','summaries','support','tasks','users','widgets');
 

app/Controllers/Input.php

@@ -54,7 +54,7 @@ public function devices()
         include "include_process_device.php";
         $discoveryLogModel = new \App\Models\DiscoveryLogModel();
         $log = new \stdClass();
-        $log->discovery_id = null;
+        $log->discovery_id = (!empty($device->system->discovery_id)) ? intval($device->system->discovery_id) : null;
         $log->device_id = $device->system->id;
         $log->timestamp = null;
         $log->severity = 7;

app/Controllers/Scripts.php

@@ -32,13 +32,15 @@ class Scripts extends BaseController
 {
     public function download($id)
     {
-        $id = intval($id);
         if (empty($this->scriptsModel)) {
             $this->scriptsModel = model('App\Models\ScriptsModel');
         }
         if (!is_numeric($id)) {
             $id = $this->scriptsModel->getByOs($id);
         }
+        if (is_numeric($id)) {
+            $id = intval($id);
+        }
         if (empty($id)) {
             return;
         }

app/Controllers/include_process_device.php

@@ -16,7 +16,7 @@
 helper('utility');
 
 $log = new \stdClass();
-$log->discovery_id = null;
+$log->discovery_id = (!empty($device->system->discovery_id)) ? intval($device->system->discovery_id) : null;
 $log->device_id = null;
 $log->timestamp = null;
 $log->severity = 7;

app/Helpers/components_helper.php

@@ -19,6 +19,9 @@ function match_columns($table)
     if ($table === 'dns') {
             $match_columns = array('ip', 'name', 'fqdn');
     }
+    if ($table === 'executable') {
+            $match_columns = array('full_name', 'hash', 'inode', 'last_changed');
+    }
     if ($table === 'file') {
             $match_columns = array('full_name', 'hash', 'inode', 'last_changed');
     }

app/Helpers/discoveries_helper.php

@@ -66,7 +66,7 @@ function all_ip_list($discovery = null)
     function responding_ip_list($discovery = null)
     {
         if (is_null($discovery)) {
-            return false;
+            return array();
         }
         $discoveryLogModel = new \App\Models\DiscoveryLogModel();
 
@@ -88,8 +88,20 @@ function responding_ip_list($discovery = null)
         if ($discovery->scan_options->ping === 'y') {
             if (!empty($discovery->scan_options->exclude_ip)) {
                 $command = 'nmap -n -oG - -sP --exclude ' . $discovery->scan_options->exclude_ip . ' ' . $discovery->subnet;
+                // NOTE - Below should be faster than 'normal' Nmap
+                // $command = 'nmap -n -oG - -sP -T5 --min-parallelism 100 --max-parallelism 256  --exclude ' . $discovery->scan_options->exclude_ip . ' ' . $discovery->subnet;
             } else {
                 $command = 'nmap -n -oG - -sP ' . $discovery->subnet;
+                // NOTE - Below should be faster than 'normal' Nmap
+                // $command = 'nmap -n -oG - -sP -T5 --min-parallelism 100 --max-parallelism 256 ' . $discovery->subnet;
+                //
+                // NOTE - below is for Linux only and only in specific circumstances
+                //      - Fping doesn't have an exclude option
+                //      - Fping doesn't accept the same host formatting as Nmap, except for 1.2.3.4/5
+                // if (filter_var($discovery->subnet, FILTER_VALIDATE_IP)) {
+                //     $discovery->subnet = $discovery->subnet . '/32';
+                // }
+                // $command = 'fping -A -a -q -g -r 2 ' . $discovery->subnet . ' 2>&1';
             }
             if (php_uname('s') === 'Darwin') {
                 $command = '/usr/local/bin/' . $command;
@@ -103,13 +115,19 @@ function responding_ip_list($discovery = null)
                         $ip_addresses[] = $temp[1];
                     }
                 }
+                // Caters to a single responding IP on each line, for fping or Nmap with piping to cut, et al
+                // foreach ($output as $line) {
+                //     if (filter_var($line, FILTER_VALIDATE_IP)) {
+                //         $ip_addresses[] = $line;
+                //     }
+                // }
             } else {
                 if (php_uname('s') === 'Windows NT' and empty($output)) {
                     log_message('error', 'No response from Nmap. Is the Apache Service running as a normal user?');
                 }
                 $log->command_output = json_encode($output);
                 $discoveryLogModel->create($log);
-                return false;
+                return array();
             }
         } else {
             if (!empty($discovery->scan_options->exclude_ip)) {
@@ -131,7 +149,7 @@ function responding_ip_list($discovery = null)
                 }
             } else {
                 $discoveryLogModel->create($log);
-                return false;
+                return array();
             }
         }
         $log->command_output = 'Responding IPs: ' . @count($ip_addresses);
@@ -1807,7 +1825,7 @@ function ip_audit($ip_scan = null)
             $log->message = 'Matching device from audit result';
             $discoveryLogModel->create($log);
             $audit_device = deviceMatch($audit->system, intval($discovery->id), $discovery->match_options);
-            #$audit->system->discovery_id = $discovery->id;
+            $audit->system->discovery_id = $discovery->id;
             if (!empty($audit->system->id)) {
                 $log->device_id = $audit->system->id;
             }
@@ -1973,6 +1991,7 @@ function ip_audit($ip_scan = null)
             unset($device_json->system->original_last_seen);
             unset($device_json->system->id);
             unset($device_json->system->first_seen);
+            $device_json->system->discovery_id = $discovery->id;
             $device_json = json_encode($device_json);
 
             $url = $server->host . $server->community . '/index.php/input/devices';
@@ -1995,13 +2014,15 @@ function ip_audit($ip_scan = null)
                 // error
                 $log->severity = 4;
                 $log->message = 'Could not send result to ' . $url . ' - please check with your server administrator.';
+                $log->device_id = $device->id;
                 $discoveryLogModel->create($log);
                 $log->severity = 7;
                 log_message('error', 'Could not send result to ' . $url);
             } else {
                 // success
                 $log->severity = 7;
                 $log->message = 'Result sent to ' . $server->host . '.';
+                $log->device_id = $device->id;
                 $discoveryLogModel->create($log);
                 log_message('debug', 'Result sent to ' . $server->host . '.');
             }
@@ -2021,6 +2042,7 @@ function ip_audit($ip_scan = null)
         $log->command_status = 'device complete';
         $log->command_time_to_execute = microtime(true)  - $start;
         $log->message = 'IP Audit finish on device ' . ip_address_from_db($device->ip);
+        $log->device_id = $device->id;
         $log->ip = ip_address_from_db($device->ip);
         $discoveryLogModel->create($log);
 

app/Helpers/response_helper.php

@@ -1498,7 +1498,7 @@ function response_valid_actions()
      */
     function response_valid_collections()
     {
-        return array('agents','applications','attributes','baselines','baselines_policies','baselines_results','chart','clouds','clusters','collectors','components','configuration','connections','credentials','dashboards','database','devices','discoveries','discovery_log','discovery_scan_options','errors','fields','files','groups','help','integrations','integrations_log','integrations_rules','ldap_servers','licenses','locations','logs','maps','networks','nmis','orgs','queries','queue','racks','rack_devices','reports','roles','rules','scripts','search','sessions','summaries','support','tasks','users','widgets');
+        return array('agents','applications','attributes','baselines','baselines_policies','baselines_results','chart','clouds','clusters','collectors','components','configuration','connections','credentials','dashboards','database','devices','discoveries','discovery_log','discovery_scan_options','errors','executables','fields','files','groups','help','integrations','integrations_log','integrations_rules','ldap_servers','licenses','locations','logs','maps','networks','nmis','orgs','queries','queue','racks','rack_devices','reports','roles','rules','scripts','search','sessions','summaries','support','tasks','users','widgets');
     }
 }
 
@@ -1532,7 +1532,7 @@ function response_valid_formats()
      */
     function response_valid_includes()
     {
-        return array('application', 'attachment', 'audit_log', 'bios', 'certificate', 'change_log', 'cluster', 'credential', 'discovery_log', 'disk', 'dns', 'edit_log', 'field', 'file', 'image', 'ip', 'location', 'log', 'memory', 'module', 'monitor', 'motherboard', 'netstat', 'network', 'nmap', 'optical', 'pagefile', 'partition', 'policy', 'print_queue', 'processor', 'purchase', 'rack_devices', 'radio', 'route', 'san', 'scsi', 'server', 'server_item', 'service', 'share', 'software', 'software_key', 'sound', 'task', 'usb', 'user', 'user_group', 'variable', 'video', 'vm', 'windows');
+        return array('application', 'attachment', 'audit_log', 'bios', 'certificate', 'change_log', 'cluster', 'credential', 'discovery_log', 'disk', 'dns', 'edit_log', 'executable', 'field', 'file', 'image', 'ip', 'location', 'log', 'memory', 'module', 'monitor', 'motherboard', 'netstat', 'network', 'nmap', 'optical', 'pagefile', 'partition', 'policy', 'print_queue', 'processor', 'purchase', 'rack_devices', 'radio', 'route', 'san', 'scsi', 'server', 'server_item', 'service', 'share', 'software', 'software_key', 'sound', 'task', 'usb', 'user', 'user_group', 'variable', 'video', 'vm', 'windows');
     }
 }
 
@@ -1588,7 +1588,7 @@ function response_valid_permissions($collection)
      */
     function response_valid_sub_resources()
     {
-        return array('application', 'attachment', 'audit_log', 'bios', 'certificate', 'change_log', 'cluster', 'credential', 'discovery', 'discovery_log', 'disk', 'dns', 'edit_log', 'field', 'image', 'ip', 'log', 'memory', 'module', 'monitor', 'motherboard', 'netstat', 'network', 'nmap', 'optical', 'pagefile', 'partition', 'partition_graph', 'policy', 'print_queue', 'processor', 'radio', 'route', 'scsi', 'server', 'server_item', 'service', 'share', 'software', 'software_key', 'sound', 'task', 'usb', 'user', 'user_group', 'variable', 'video', 'vm', 'windows', 'report', 'query', 'group');
+        return array('application', 'attachment', 'audit_log', 'bios', 'certificate', 'change_log', 'cluster', 'credential', 'discovery', 'discovery_log', 'disk', 'dns', 'edit_log', 'executable', 'field', 'image', 'ip', 'log', 'memory', 'module', 'monitor', 'motherboard', 'netstat', 'network', 'nmap', 'optical', 'pagefile', 'partition', 'partition_graph', 'policy', 'print_queue', 'processor', 'radio', 'route', 'scsi', 'server', 'server_item', 'service', 'share', 'software', 'software_key', 'sound', 'task', 'usb', 'user', 'user_group', 'variable', 'video', 'vm', 'windows', 'report', 'query', 'group');
     }
 }
 

app/Helpers/snmp_6876_2_helper.php

@@ -41,6 +41,7 @@
         $guest->cpu = my_snmp_get($ip, $credentials, "1.3.6.1.4.1.6876.2.1.1.9.".$guest->vm_ident);
         $guest->status = my_snmp_get($ip, $credentials, "1.3.6.1.4.1.6876.2.1.1.6.".$guest->vm_ident);
         $guest->config_file = my_snmp_get($ip, $credentials, "1.3.6.1.4.1.6876.2.1.1.3.".$guest->vm_ident);
+        $guest->os = my_snmp_get($ip, $credentials, "1.3.6.1.4.1.6876.2.1.1.4.".$guest->vm_ident);
         $guest->vm_group = '';
         $guest->type = 'esx';
         $guests[] = $guest;

app/Helpers/snmp_helper.php

@@ -1634,8 +1634,7 @@ function snmp_audit(string $ip = '', object $credentials = null, int $discovery_
             $log->command_time_to_execute = (microtime(true) - $item_start);
             $log->message = 'Route count retrieval for '.$ip;
             $log->command = 'snmpwalk 1.3.6.1.2.1.4.24.3.0';
-            $temp = (!empty($route_count)) ? count($route_count) : 0;
-            $log->command_output = "Count is $temp";
+            $log->command_output = "Count is $route_count";
             $log->command_status = 'notice';
             if (!empty($route_count) && $route_count < $config_value) {
                 $retrieve_routes = 1;

app/Helpers/ssh_helper.php

@@ -605,7 +605,9 @@ function ssh_audit($parameters)
                 }
             } else if ($credential->type === 'ssh') {
                 log_message('debug', 'Testing credentials named: ' . $credential->name . ' on ' . $ip);
-                if ($ssh->login($credential->credentials->username, $credential->credentials->password)) {
+                // NOTE - Use @ below because some devices cause "Error reading from socket" and halt this process
+                // TODO - change to try / catch
+                if (@$ssh->login($credential->credentials->username, $credential->credentials->password)) {
                     $log->message = "Valid credentials named {$credential->name} used to log in to {$ip}.";
                     $log->command_status = 'success';
                     $discoveryLogModel->create($log);

app/Helpers/utility_helper.php

@@ -643,6 +643,17 @@ function collections_list()
         $collections->discovery_scan_options->actions->professional = 'r';
         $collections->discovery_scan_options->actions->community = 'r';
 
+
+        $collections->executables = new \StdClass();
+        $collections->executables->icon = 'fa fa-file-code-o';
+        $collections->executables->name = 'Executables';
+        $collections->executables->edition = 'Enterprise';
+        $collections->executables->orgs = 'b';
+        $collections->executables->actions = new \stdClass();
+        $collections->executables->actions->enterprise = 'crud';
+        $collections->executables->actions->professional = '';
+        $collections->executables->actions->community = '';
+
         $collections->fields = new \StdClass();
         $collections->fields->icon = 'fa fa-comments-o';
         $collections->fields->name = 'Fields';