SevScanSoft

  • Retrieves data on a specific list of hosts by pulling data from various sources
    • Location from inventory
    • Hostname from DNS
    • MAC address, OS guess, open ports by NMap + ARPing scan
  • All portions of SevScanSoft (except for the nmap scan which requires root) is run by the audit user on watcher204.cscf
  • Files themselves are located in /home/audit/scansoft
  • Files used to configure some general options used by all tools are:
    • config.inc.php : settings for scripts
    • switchmap.inc.php : switch to commroom mappings

Tools

  • Data importers (copies data from an existing source into the local database)
    • xferdns : transfers data from DNS into the local database
    • xferona : transfers host data from ONA into the local database (requires database backend access from BruceCampbell)
    • xferona2 : copies switch data from ONA into the local database (requires database backend access from BruceCampbell)
    • xferwo : transfers data from WebObjects into the local database (requires database backend access from webobjects.math)
  • verifyloc : verification of location script (correlates data from different sources and sees if they match)
  • pingscan : scans for machine aliveness by ping
  • superpingscan : scans for machine aliveness by ping and other more subtle means (requires root)
  • nmapscan : attempts to determine machine type (OS) by nmap, also uses ARPing duplicate detection mode to determine if a machine is alive and its MAC address currently disabled, edit root cron on watcher204 to reenable
  • machinetype : generalizes machines into predefined groups and determines if a known Windows domain is present

Adding new hosts to be scanned

  1. Add it to the database
    • ./addhosts
  2. Update hostnames and other DNS data
    • ./xferdns
  3. Scan!
    • ./nmapscan #Must be run as root
  4. While that's going, you can update the rest of the data...
    • ./xferona #Requires access to ONA database
    • ./xferwo #Requires access to WebObjects database
  5. Optionally add cronjobs to rerun
    • ./xferona
    • ./xferwo
    • ./xferdns
    • ./nmapscan
  6. Optionally update configuration in...
    • config.inc.php --General configuration
    • switchmap.inc.php --Switch<->Commroom mapping

Removing a host to be scanned

  • Log in to the database and remove the host's IP from all the 'raw' tables

-- SevernTsui - 28 Mar 2005

Edit | Attach | Watch | Print version | History: r4 < r3 < r2 < r1 | Backlinks | Raw View | WYSIWYG | More topic actions
Topic revision: r4 - 2013-08-16 - DrewPilcher
 
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2020 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback