netpass-devel Mailing List for NetPass (Page 3)
Brought to you by:
jeffmurphy
Menu
▾
▴
netpass-devel — Developer Discussion
You can subscribe to this list here.
| 2004 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
(1) |
Oct
|
Nov
|
Dec
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2005 |
Jan
|
Feb
|
Mar
|
Apr
(39) |
May
(103) |
Jun
(89) |
Jul
(22) |
Aug
(100) |
Sep
(21) |
Oct
(5) |
Nov
|
Dec
(7) |
| 2006 |
Jan
(25) |
Feb
(8) |
Mar
(12) |
Apr
(2) |
May
|
Jun
(1) |
Jul
(4) |
Aug
|
Sep
|
Oct
|
Nov
|
Dec
(4) |
| 2007 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
(3) |
Sep
(1) |
Oct
|
Nov
|
Dec
|
|
From: jeff m. <jef...@us...> - 2006-01-05 21:02:45
|
Update of /cvsroot/netpass/NetPass/lib/NetPass In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv32033/lib/NetPass Modified Files: DB.pm Log Message: various changes to reporting, nothing major Index: DB.pm =================================================================== RCS file: /cvsroot/netpass/NetPass/lib/NetPass/DB.pm,v retrieving revision 1.56 retrieving revision 1.57 diff -u -d -r1.56 -r1.57 --- DB.pm 1 Sep 2005 18:27:20 -0000 1.56 +++ DB.pm 5 Jan 2006 21:02:35 -0000 1.57 @@ -300,7 +300,7 @@ return 0; } -=head2 $rv = getRegisterInfo(-mac => mac, -macs => [], -ip => ip, -ips => []) +=head2 $rv = getRegisterInfo(-mac => mac, -macs => [], -ip => ip, -ips => [], -switch => ip, -port => number) This routine will get the registered info on an already registered MAC. Returns: @@ -308,11 +308,17 @@ =item C<HASHREF> -containing keys that correspond to the macAddresses given. -values of C<HASHREF> are C<HASHREF>s containing keys: ipAddress, lastSeen, -registeredOn, status, message, username, OS, switchIP, switchPort, uqlinkup. +keys in the hash contain either macAddresses or IP Addresses. +If you specify the B<mac>, B<macs> or B<switch>/B<port> parameters +then the keys are mac addresses. If you specify the B<ip> or +B<ips> parameters, then the keys are IP Addresses. -If the Mac is not registered, it won't be in the HASHREF returned. +values of C<HASHREF> are themselves C<HASHREF>s containing +keys: ipAddress, lastSeen, registeredOn, status, message, +username, OS, switchIP, switchPort, uqlinkup. + +If no matches are found (e.g. the Mac is not registered), +the HASREF will be empty. on success @@ -336,19 +342,23 @@ my $parms = parse_parms({ -parms => \@_, - -legal => [ qw(-mac -macs -ip -ips) ], - -defaults => { -mac => '', - -macs => [], - -ip => '', - -ips => [] + -legal => [ qw(-mac -macs -ip -ips -switch -port) ], + -defaults => { -mac => '', + -macs => [], + -ip => '', + -ips => [], + -switch => '', + -port => '' } } ); return "invalid params\n".Carp::longmess(Class::ParmList->error) if (!defined($parms)); - my ($mac, $macs, $ip, $ips) = $parms->get('-mac', '-macs', - '-ip', '-ips'); + my ($mac, $macs, $ip, $ips, $switch, $port) = + $parms->get('-mac', '-macs', + '-ip', '-ips', + '-switch', '-port'); my $sql = "SELECT macAddress, ipAddress, lastSeen, registeredOn, status, username, OS, switchIP, switchPort, uqlinkup FROM register WHERE "; if ($mac ne "") { @@ -359,6 +369,11 @@ $sql .= " ipAddress = ".$self->dbh->quote($ip); $kfield = "ipAddress"; } + elsif ($switch ne "" && $port ne "") { + $sql .= " ( switchIP = ".$self->dbh->quote($switch) . + " AND switchPort = ".$self->dbh->quote($port) . " ) "; + $kfield = "macAddress"; + } elsif ($#{$macs} > -1) { $sql .= join (" OR ", (map (" macAddress = ".$self->dbh->quote($_), @{$macs}))); $kfield = "macAddress"; @@ -367,13 +382,16 @@ $sql .= join (" OR ", (map (" ipAddress = ".$self->dbh->quote($_), @{$ip}))); $kfield = "ipAddress"; } + elsif (($switch && !$port) || (!$switch && $port)) { + return "invalid parameters"; + } my $a = $self->{'dbh'}->selectall_hashref($sql, $kfield); return $a if (defined($a) && (ref($a) eq "HASH")); _log "ERROR", "select failed: ".$self->{'dbh'}->errstr."\n"; - return undef; + return "db failure ". $self->{'dbh'}->errstr; } =head2 $msg = getPageList(-name => $name, -group => '') |
|
From: jeff m. <jef...@us...> - 2006-01-05 21:02:44
|
Update of /cvsroot/netpass/NetPass/www/htdocs/Admin/reports In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv32033/www/htdocs/Admin/reports Modified Files: byclient.mhtml Log Message: various changes to reporting, nothing major Index: byclient.mhtml =================================================================== RCS file: /cvsroot/netpass/NetPass/www/htdocs/Admin/reports/byclient.mhtml,v retrieving revision 1.6 retrieving revision 1.7 diff -u -d -r1.6 -r1.7 --- byclient.mhtml 9 Sep 2005 12:32:11 -0000 1.6 +++ byclient.mhtml 5 Jan 2006 21:02:35 -0000 1.7 @@ -151,47 +151,51 @@ $q->th("OS") ); - if ($#{$neis} < 1) { - push @rows, $q->td({-align=>'center', -colspan=>5}, "<I>none</I>"); - } + if (ref($ri) ne "HASH") { + push @rows, $q->td({-align=>'center', -colspan=>5}, "<I>Error: $ri</I>"); + } else { + if ($#{$neis} < 1) { + push @rows, $q->td({-align=>'center', -colspan=>5}, "<I>none</I>"); + } - foreach my $m (sort @$neis) { - next if ($m eq $mac); + foreach my $m (sort @$neis) { + next if ($m eq $mac); - my $ldap_url = $np->cfg->policy(-key => 'LDAP_USER_QUERY', -network => $ri->{$m}->{'ipAddress'} ); - my $ldap_puh = $np->cfg->policy(-key => 'LDAP_POPUP_HEIGHT', -network => $ri->{$m}->{'ipAddress'} ); - my $ldap_puw = $np->cfg->policy(-key => 'LDAP_POPUP_WIDTH', -network => $ri->{$m}->{'ipAddress'} ); - my $ldap_ref = ''; - if ($ldap_url) { - $ldap_puh ||= 480; - $ldap_puw ||= 640; - $ldap_ref = sprintf(qq{<a href="javascript:ldap_popup('$ldap_url', %d, %d);">}, - $ri->{$m}->{'username'}, - $ldap_puw, $ldap_puh); - } + my $ldap_url = $np->cfg->policy(-key => 'LDAP_USER_QUERY', -network => $ri->{$m}->{'ipAddress'} ); + my $ldap_puh = $np->cfg->policy(-key => 'LDAP_POPUP_HEIGHT', -network => $ri->{$m}->{'ipAddress'} ); + my $ldap_puw = $np->cfg->policy(-key => 'LDAP_POPUP_WIDTH', -network => $ri->{$m}->{'ipAddress'} ); + my $ldap_ref = ''; + if ($ldap_url) { + $ldap_puh ||= 480; + $ldap_puw ||= 640; + $ldap_ref = sprintf(qq{<a href="javascript:ldap_popup('$ldap_url', %d, %d);">}, + $ri->{$m}->{'username'}, + $ldap_puw, $ldap_puh); + } - my $row = ""; - if (exists $ri->{$m}) { - $row .= - $q->td(qq{<a href="/Admin/qc.mhtml?mac=$m&submit=search">}. - $ri->{$m}->{'status'}."</a>") . - $q->td($ldap_ref.$ri->{$m}->{'username'}.($ldap_ref?"</a>":"")) . - $q->td($ri->{$m}->{'ipAddress'}) . - $q->td($ri->{$m}->{'OS'}); - } else { - $row .= $q->td("UNREG") . - $q->td({-align=>'center'}, "-") . - $q->td({-align=>'center'},"-") . - $q->td({-align=>'center'},"-"); - } + my $row = ""; + if (exists $ri->{$m}) { + $row .= + $q->td(qq{<a href="/Admin/qc.mhtml?mac=$m&submit=search">}. + $ri->{$m}->{'status'}."</a>") . + $q->td($ldap_ref.$ri->{$m}->{'username'}.($ldap_ref?"</a>":"")) . + $q->td($ri->{$m}->{'ipAddress'}) . + $q->td($ri->{$m}->{'OS'}); + } else { + $row .= $q->td("UNREG") . + $q->td({-align=>'center'}, "-") . + $q->td({-align=>'center'},"-") . + $q->td({-align=>'center'},"-"); + } - push @rows, $q->TR( - { -id => $rl[$rn % 2].$rn, -class => $rl[$rn % 2] } , - $q->td({-class => 'mono', -id => "nei-$mac-Cell-$rn"}, - NetPass::padMac($m)), - $row); + push @rows, $q->TR( + { -id => $rl[$rn % 2].$rn, -class => $rl[$rn % 2] } , + $q->td({-class => 'mono', -id => "nei-$mac-Cell-$rn"}, + NetPass::padMac($m)), + $row); - $rn++; + $rn++; + } } print $q->table({-border=>0, -id => 'nei_'.$mac}, |
|
From: jeff m. <jef...@us...> - 2006-01-05 21:02:44
|
Update of /cvsroot/netpass/NetPass/bin In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv32033/bin Modified Files: resetport.pl Added Files: portinfo.pl Log Message: various changes to reporting, nothing major --- NEW FILE: portinfo.pl --- #!/opt/perl/bin/perl -w # # $Header: /cvsroot/netpass/NetPass/bin/portinfo.pl,v 1.1 2006/01/05 21:02:35 jeffmurphy Exp $ # # (c) 2006 University at Buffalo. # Available under the "Artistic License" # http://www.gnu.org/licenses/license-list.html#ArtisticLicense =head1 NAME portinfo.pl <switch> <port> =head1 SYNOPSIS portinfo.pl [-D] [-c cstr] [-U dbuser/dbpass] <switch> <port> -D debugging to stdout -c cstr db connect string -U user/pass db user[/pass] =head1 OPTIONS See above. =head1 DESCRIPTION Print out information about the given port. =head1 SEE ALSO C<netpass.conf> =head1 AUTHOR Jeff Murphy <jcm...@bu...> =head1 LICENSE (c) 2006 University at Buffalo. Available under the "Artistic License" http://www.gnu.org/licenses/license-list.html#ArtisticLicense =head1 REVISION $Id: portinfo.pl,v 1.1 2006/01/05 21:02:35 jeffmurphy Exp $ =cut use strict; use Getopt::Std; use lib '/opt/netpass/lib'; use FileHandle; use Pod::Usage; use NetPass::LOG qw(_log _cont); require NetPass; my $pagewidth = 70; my %opts; getopts('c:U:l:qDh?', \%opts); pod2usage(2) if exists $opts{'h'} || exists $opts{'?'}; NetPass::LOG::init *STDOUT if exists $opts{'D'}; my ($dbuser, $dbpass) = exists $opts{'U'} ? split('/', $opts{'U'}) : (undef, undef); my $np = new NetPass(-cstr => exists $opts{'c'} ? $opts{'c'} : undef, -dbuser => $dbuser, -dbpass => $dbpass, -debug => exists $opts{'D'} ? 1 : 0, -quiet => exists $opts{'q'} ? 1 : 0); die "failed to connect to NetPass: $np" unless (ref($np) eq "NetPass"); my ($s,$p) = (shift, shift); pod2usage(2) unless ($s && $p); print box("Switch: $s Port: $p"), hr(" Current/Live Config "); my ($vlan_uq, $vlan_qr) = $np->cfg->availableVlans(-switch => $s, -port => $p); print "Managed: ", !defined $vlan_uq ? "No" : "Yes", "\n"; my $cn = ($np->cfg->getCommunities($s))[1]; if (!defined($cn)) { print "Switch community name isn't configured in NetPass. Can't query switch.\n"; } else { my $snmp = new SNMP::Device('hostname' => $s, 'snmp_community' => $cn); my $vlans = $snmp->get_vlan_membership($p); my $vlns = join(',', sort {$a <=> $b} @$vlans); my $defid = $snmp->get_default_vlan_id($p); my $h = $snmp->get_if_info($p); my ($mp, $pm) = $snmp->get_mac_port_table(); print "Desc : ", $h->{$p}->{if_descr}, "\n"; print "VLANS : $vlns\n"; print "PVID : $defid\n"; print "State : ", ("?", "Down", "Up")[$h->{$p}->{if_status}], "\n"; print "Trunk ? ", ("?", "No", "Yes")[$h->{$p}->{vlan_port_type}], "\n"; print "Speed : ", ("?", "10", "100", "1000")[$h->{$p}->{speed}], " Mbps\n"; print "Duplex : ", ("?", "Half", "Full")[$h->{$p}->{duplex}], "\n"; print "Autoneg? ", ("?", "Enabled", "Disable")[$h->{$p}->{autoneg}], "\n"; print "FCSErrs: ", $h->{$p}->{fcs_errors}, "\n"; print "Macs : ", exists $pm->{$p} ? join(',', @{$pm->{$p}}) : "none" , "\n"; } # See if there's anything in the database for this port my $d = $np->db->getRegisterInfo(-switch => $s, -port => $p); if (ref($d) eq "HASH") { #use Data::Dumper; print Dumper($d); print hr(" Port Registrations "); printf("%12.12s %15.15s %10.10s %s\n", "MAC", "IP Address", "Username", "Status"); foreach my $ma (sort keys %$d) { printf("%12.12s %15.15s %10.10s %s\n", $ma, $d->{$ma}->{'ipAddress'}, $d->{$ma}->{'username'}, $d->{$ma}->{'status'}) } } else { print "GRIErr : $d\n"; } exit 0; sub hr { my $t = shift; my $r = 3; my $l = $pagewidth - length($t) - $r; if ($l < 1) { $r = 0; $l = 0; } return '-'x$r . $t . '-'x$l . "\n"; } sub center { my $t = shift; my $npw = shift; $npw ||= $pagewidth; return $t if (length($t) > $npw); my $s = ($npw - length($t)) / 2; return " "x$s . $t . " "x$s; } sub box { my $t = shift; my $l = $pagewidth - length($t) - 2; return $t, "\n" if ($l < 1); return hr(''). "|" . center($t, $pagewidth-2) . "|\n" . hr(''); } Index: resetport.pl =================================================================== RCS file: /cvsroot/netpass/NetPass/bin/resetport.pl,v retrieving revision 1.21 retrieving revision 1.22 diff -u -d -r1.21 -r1.22 --- resetport.pl 22 Dec 2005 18:36:41 -0000 1.21 +++ resetport.pl 5 Jan 2006 21:02:35 -0000 1.22 @@ -408,7 +408,7 @@ my $wl = workLoad($pq); $thrq->{'workLoad'} = $wl; - _log("DEBUG", $self->tid. " wakeup workload=$wl\n") if $wl; + #_log("DEBUG", $self->tid. " wakeup workload=$wl\n") if $wl; # move work to the private queues, deleting it from # the public queue. if the port is not already on @@ -562,7 +562,8 @@ =head2 workLoad -Add up all of the ports in the Q and U lists. The total is +Add up all of the ports in the Q and U lists. Add to +that the number of switches assigned to us. That total is the work load for this thread. =cut @@ -578,7 +579,8 @@ $wl += @{$pq->{'q'}->{$sw}}; } } - return $wl; + my $numSwitches = keys %{$pq->{'u'}}; + return $wl + $numSwitches; } =head2 processLines(\@lines) |
|
From: jeff m. <jef...@us...> - 2006-01-05 21:02:44
|
Update of /cvsroot/netpass/NetPass/lib/SNMP/Device In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv32033/lib/SNMP/Device Modified Files: BayStack.pm BayStack3.pm Cisco.pm Log Message: various changes to reporting, nothing major Index: Cisco.pm =================================================================== RCS file: /cvsroot/netpass/NetPass/lib/SNMP/Device/Cisco.pm,v retrieving revision 1.3 retrieving revision 1.4 diff -u -d -r1.3 -r1.4 --- Cisco.pm 3 Aug 2005 00:42:58 -0000 1.3 +++ Cisco.pm 5 Jan 2006 21:02:35 -0000 1.4 @@ -402,4 +402,25 @@ return ($res->{$oid} == 1) ? 1 : 0; } + +=head2 B<get_if_info($port)> + +=over 8 + +This will return a hash with all interfaces (or just the one +you specified) and their information, including unit, port, admin status, +operational status, autonegotiation, duplex, speed, fcs errors, vlan +tagged/untagged, PVID, and member VLANS. The B<$port> parameter +is the final digit of the OID, not really the port number. + +=back + +=cut + +sub get_if_info { + my $self = shift; + my $port = shift; + die "not implemented"; +} + 1; Index: BayStack3.pm =================================================================== RCS file: /cvsroot/netpass/NetPass/lib/SNMP/Device/BayStack3.pm,v retrieving revision 1.3 retrieving revision 1.4 diff -u -d -r1.3 -r1.4 --- BayStack3.pm 15 Oct 2004 15:49:35 -0000 1.3 +++ BayStack3.pm 5 Jan 2006 21:02:35 -0000 1.4 @@ -123,13 +123,15 @@ } -=head2 B<get_if_info()> +=head2 B<get_if_info($port)> =over 8 -This will return a hash with all interfaces and their information, -including unit, port, admin status, operational status, autonegotiation, -duplex, speed, fcs errors, vlan tagged/untagged, PVID, and member VLANS. +This will return a hash with all interfaces (or just the one +you specified) and their information, including unit, port, admin status, +operational status, autonegotiation, duplex, speed, fcs errors, vlan +tagged/untagged, PVID, and member VLANS. The B<$port> parameter +is the final digit of the OID, not really the port number. =back @@ -137,6 +139,7 @@ sub get_if_info { my $self = shift; + my $port = shift; my $port_info = {}; @@ -153,6 +156,27 @@ 'fcs_errors' => '.1.3.6.1.2.1.10.7.2.1.3', }; + if ($port) { + my @vbl; + my $oid2name = {}; + foreach my $name (keys %$oids) { + push @vbl, $oids->{$name}.".$port"; + $oid2name->{$oids->{$name}.".$port"} = $name; + } + + my $r = $self->snmp->get_request(-varbindlist => \@vbl); + + if ($self->snmp->error) { + $port_info->{$port}->{'error'} = $self->snmp->error; + } else { + foreach my $oid (keys %$oid2name) { + $port_info->{$port}->{$oid2name->{$oid}} = $r->{$oid}; + } + } + return $port_info; + } + + foreach my $oid (keys %$oids) { $self->_loadTable($oids->{$oid}, $oid, $port_info); } Index: BayStack.pm =================================================================== RCS file: /cvsroot/netpass/NetPass/lib/SNMP/Device/BayStack.pm,v retrieving revision 1.6 retrieving revision 1.7 diff -u -d -r1.6 -r1.7 --- BayStack.pm 12 Apr 2005 17:02:37 -0000 1.6 +++ BayStack.pm 5 Jan 2006 21:02:35 -0000 1.7 @@ -128,13 +128,15 @@ } -=head2 B<get_if_info()> +=head2 B<get_if_info($port)> =over 8 -This will return a hash with all interfaces and their information, -including unit, port, admin status, operational status, autonegotiation, -duplex, speed, fcs errors, vlan tagged/untagged, PVID, and member VLANS. +This will return a hash with all interfaces (or just the one +you specified) and their information, including unit, port, admin status, +operational status, autonegotiation, duplex, speed, fcs errors, vlan +tagged/untagged, PVID, and member VLANS. The B<$port> parameter +is the final digit of the OID, not really the port number. =back @@ -142,6 +144,7 @@ sub get_if_info { my $self = shift; + my $port = shift; my $port_info = {}; @@ -164,9 +167,33 @@ 'fcs_errors' => '.1.3.6.1.2.1.10.7.2.1.3', 'vlan_port_type' => '.1.3.6.1.4.1.2272.1.3.3.1.4', + # 1 = not trunk, 2 = trunk 'vlan_default_id' => '.1.3.6.1.4.1.2272.1.3.3.1.7' }; + if ($port) { + my @vbl; + my $oid2name = {}; + foreach my $name (keys %$oids) { + push @vbl, $oids->{$name}.".$port"; + $oid2name->{$oids->{$name}.".$port"} = $name; + } + + my $r = $self->snmp->get_request(-varbindlist => \@vbl); + + if ($self->snmp->error) { + $port_info->{$port}->{'error'} = $self->snmp->error; + } else { + foreach my $oid (keys %$oid2name) { + $port_info->{$port}->{$oid2name->{$oid}} = $r->{$oid}; + } + } + return $port_info; + } + + + # otherwise, we need to fetch all of the ports and do a bigger hash + foreach my $oid (keys %$oids) { $self->_loadTable($oids->{$oid}, $oid, $port_info); } @@ -876,20 +903,20 @@ =cut sub HexMac2DecMac { + my $hex_mac = shift; # hexadecimal mac in raw 12-character format (no : or - separators). + my $dec_mac = ''; # rv - my $hex_mac = shift; # hexadecimal mac in raw 12-character format (no : or - separators). - my $dec_mac = ''; # rv - - my ($m1, $m2, $m3, $m4, $m5, $m6) = ($hex_mac =~ /^(\w{2})(\w{2})(\w{2})(\w{2})(\w{2})(\w{2})$/); # MAC pieces, base 16. - - $m1 = hex($m1); - $m2 = hex($m2); - $m3 = hex($m3); - $m4 = hex($m4); - $m5 = hex($m5); - $m6 = hex($m6); - - return "$m1.$m2.$m3.$m4.$m5.$m6"; # decimal equivalent of hexadecimal mac address. + my ($m1, $m2, $m3, $m4, $m5, $m6) = + ($hex_mac =~ /^(\w{2})(\w{2})(\w{2})(\w{2})(\w{2})(\w{2})$/); # MAC pieces, base 16. + + $m1 = hex($m1); + $m2 = hex($m2); + $m3 = hex($m3); + $m4 = hex($m4); + $m5 = hex($m5); + $m6 = hex($m6); + + return "$m1.$m2.$m3.$m4.$m5.$m6"; # decimal equivalent of hexadecimal mac address. } =head1 AUTHOR |
|
From: jeff m. <jef...@us...> - 2006-01-05 21:02:44
|
Update of /cvsroot/netpass/NetPass In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv32033 Modified Files: CHANGES Log Message: various changes to reporting, nothing major Index: CHANGES =================================================================== RCS file: /cvsroot/netpass/NetPass/CHANGES,v retrieving revision 1.23 retrieving revision 1.24 diff -u -d -r1.23 -r1.24 --- CHANGES 22 Dec 2005 18:31:02 -0000 1.23 +++ CHANGES 5 Jan 2006 21:02:35 -0000 1.24 @@ -266,3 +266,18 @@ jcm bug fix. apparently i missed a routine in the install script, causing it to error out. +2005-12-23 + jcm NP 2.1 released + +2006-01-03 + jcm bug fix in install-lvs.sh - added gcc, et al, to up2date install line + jcm bug fix in iptables-lvs.sh - moved 'allow loopback INPUT traffic' to above + INPUT drop all rule + jcm bug fix in ldirectord.cf - set persistant to 600 for SNMP trap packets + +2006-01-05 + jcm fixed getRegisterInfo so the return values matched the doc. + jcm fixed bug in byclient report so it handled the rv from gri correctly + jcm modified gri so it can handle a -switch and -port parameter + jcm added bin/portinfo.pl report + jcm changed the workLoad calculation in resetport |
|
From: rcolantuoni <rco...@us...> - 2006-01-05 17:26:17
|
Update of /cvsroot/netpass/NetPass-Snort/lib/NetPass In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv7539/NetPass-Snort/lib/NetPass Modified Files: Snort.pm Log Message: modified snortRestart() to do a stop/start, since a HUP will fail when the snort buffer does not contain a large enough amount of data. Index: Snort.pm =================================================================== RCS file: /cvsroot/netpass/NetPass-Snort/lib/NetPass/Snort.pm,v retrieving revision 1.3 retrieving revision 1.4 diff -u -d -r1.3 -r1.4 --- Snort.pm 4 Jan 2006 16:02:09 -0000 1.3 +++ Snort.pm 5 Jan 2006 17:26:06 -0000 1.4 @@ -223,52 +223,13 @@ my %opts = %::opts; my $fh = new FileHandle; - return undef unless exists $opts{'S'}; - my $md5 = md5_hex(hostip.$opts{'S'}); - - return undef unless ($self->$check_soap_auth($key)); return undef unless ($self->$snortRunning()); - my $pid = $self->$snortGetPid(); - return undef unless $pid; - - my $soap = $self->$createSoapConnection(); - return undef unless $soap; - - my $aref = eval {$soap->getSnortRules( - -secret => $md5, - -type => "enabled", - )->result}; - return undef unless defined($aref) && (ref($aref) eq 'ARRAY'); - - my $rulesfile = (exists $opts{'r'}) ? $opts{'r'} : $DEFAULTSNORTRULES; - - # create a backup copy of the rules file - my $backupfile = $rulesfile.'.bkp'; - move($rulesfile, $backupfile) if (-e $rulesfile); - - $fh->open("> $rulesfile"); - foreach my $l (@$aref) { - chomp $l; - $l =~ s/\r\n/ /g; - print $fh $l."\n"; - } - $fh->close; - - # test the rules file - my $testcmd = (exists $opts{'T'}) ? $opts{'T'} : $DEFAULTSNORTTESTSCRIPT; - my $testoutput = qx($testcmd 2>&1); - if( $testoutput =~ /Fatal Error/gm) { - # we came across a Fatal Error! - # restore the backup copy of the rules file - move($backupfile, $rulesfile) if (-e $backupfile); - return undef; - } + $self->stopSnort($key, %opts); + sleep(2); + $self->startSnort($key, %opts); - $self->$update_pcap_rules_file($md5, $soap); - - return 1 if (kill('HUP', $pid) > 0); - return undef; + return undef; } =head2 $rv = snortStatus() |
|
From: rcolantuoni <rco...@us...> - 2006-01-04 16:02:23
|
Update of /cvsroot/netpass/NetPass-Snort/etc/init.d In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv12386/NetPass-Snort/etc/init.d Modified Files: npsnortd Log Message: added a test cmd to check the validity of generated rules. if the test fails, the backup rules file will be restored. Index: npsnortd =================================================================== RCS file: /cvsroot/netpass/NetPass-Snort/etc/init.d/npsnortd,v retrieving revision 1.2 retrieving revision 1.3 diff -u -d -r1.2 -r1.3 --- npsnortd 16 Aug 2005 20:44:40 -0000 1.2 +++ npsnortd 4 Jan 2006 16:02:09 -0000 1.3 @@ -23,6 +23,12 @@ SNORTRULESFILE="-r $SNORTRULESFILE" fi +if [ "$SNORTTESTSCRIPT"X = "X" ]; then + SNORTTESTSCRIPT="" +else + SNORTTESTSCRIPT="-T \"$SNORTTESTSCRIPT\"" +fi + if [ "$NPSNORTDPORT"X = "X" ]; then NPSNORTDPORT="" else @@ -62,7 +68,7 @@ case "$1" in start) echo -n "Starting npsnortd: " - daemon /usr/bin/npsnortd.pl -s $NPAPISERVER -S $NPAPISECRET $SNORTLOGFILE $SNORTRULESFILE $NPSNORTDPORT $SNORTPIDFILE $SNORTSTARTUPSCRIPT $SNORTIGNOREQUAR $NPSNORTDREFRESH $SNORTPCAPRULES + daemon /usr/bin/npsnortd.pl -s $NPAPISERVER -S $NPAPISECRET $SNORTLOGFILE $SNORTRULESFILE $SNORTTESTSCRIPT $NPSNORTDPORT $SNORTPIDFILE $SNORTSTARTUPSCRIPT $SNORTIGNOREQUAR $NPSNORTDREFRESH $SNORTPCAPRULES echo ;; stop) |
|
From: rcolantuoni <rco...@us...> - 2006-01-04 16:02:23
|
Update of /cvsroot/netpass/NetPass-Snort/lib/NetPass In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv12386/NetPass-Snort/lib/NetPass Modified Files: Snort.pm Log Message: added a test cmd to check the validity of generated rules. if the test fails, the backup rules file will be restored. Index: Snort.pm =================================================================== RCS file: /cvsroot/netpass/NetPass-Snort/lib/NetPass/Snort.pm,v retrieving revision 1.2 retrieving revision 1.3 diff -u -d -r1.2 -r1.3 --- Snort.pm 10 Aug 2005 20:25:31 -0000 1.2 +++ Snort.pm 4 Jan 2006 16:02:09 -0000 1.3 @@ -34,6 +34,7 @@ my $DEFAULTSNORTBPF = "/opt/snort/etc/pcaprules.txt"; my $DEFAULTSNORTPID = "/var/run/snort_dag0.pid"; my $DEFAULTSNORTCMD = "/etc/init.d/snortd"; +my $DEFAULTSNORTTESTSCRIPT = "/opt/snort/bin/snort -q -c/opt/snort/etc/snort.conf -T"; # make sure this matches DEFAULTPORT in npsnortd.pl my $DEFAULTPORT = 20008; @@ -68,7 +69,8 @@ my $rulesfile = (exists $opts{'b'}) ? $opts{'b'} : $DEFAULTSNORTBPF; # create a backup copy of the rules file - move($rulesfile, $rulesfile.'.bkp') if (-e $rulesfile); + my $backupfile = $rulesfile.'.bkp'; + move($rulesfile, $backupfile) if (-e $rulesfile); $fh->open("> $rulesfile"); print $fh $pcaprules."\n"; @@ -152,7 +154,8 @@ my $rulesfile = (exists $opts{'r'}) ? $opts{'r'} : $DEFAULTSNORTRULES; # create a backup copy of the rules file - move($rulesfile, $rulesfile.'.bkp') if (-e $rulesfile); + my $backupfile = $rulesfile.'.bkp'; + move($rulesfile, $backupfile) if (-e $rulesfile); $fh->open("> $rulesfile"); foreach my $l (@$aref) { @@ -162,6 +165,16 @@ } $fh->close; + # test the rules file + my $testcmd = (exists $opts{'T'}) ? $opts{'T'} : $DEFAULTSNORTTESTSCRIPT; + my $testoutput = qx($testcmd 2>&1); + if( $testoutput =~ /Fatal Error/gm) { + # we came across a Fatal Error! + # restore the backup copy of the rules file + move($backupfile, $rulesfile) if (-e $backupfile); + return undef; + } + $self->$update_pcap_rules_file($md5, $soap); my $cmd = (exists $opts{'f'}) ? $opts{'f'} : $DEFAULTSNORTCMD; @@ -231,7 +244,8 @@ my $rulesfile = (exists $opts{'r'}) ? $opts{'r'} : $DEFAULTSNORTRULES; # create a backup copy of the rules file - move($rulesfile, $rulesfile.'.bkp') if (-e $rulesfile); + my $backupfile = $rulesfile.'.bkp'; + move($rulesfile, $backupfile) if (-e $rulesfile); $fh->open("> $rulesfile"); foreach my $l (@$aref) { @@ -241,6 +255,16 @@ } $fh->close; + # test the rules file + my $testcmd = (exists $opts{'T'}) ? $opts{'T'} : $DEFAULTSNORTTESTSCRIPT; + my $testoutput = qx($testcmd 2>&1); + if( $testoutput =~ /Fatal Error/gm) { + # we came across a Fatal Error! + # restore the backup copy of the rules file + move($backupfile, $rulesfile) if (-e $backupfile); + return undef; + } + $self->$update_pcap_rules_file($md5, $soap); return 1 if (kill('HUP', $pid) > 0); |
|
From: rcolantuoni <rco...@us...> - 2006-01-04 16:02:23
|
Update of /cvsroot/netpass/NetPass-Snort/bin In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv12386/NetPass-Snort/bin Modified Files: npsnortd.pl Log Message: added a test cmd to check the validity of generated rules. if the test fails, the backup rules file will be restored. Index: npsnortd.pl =================================================================== RCS file: /cvsroot/netpass/NetPass-Snort/bin/npsnortd.pl,v retrieving revision 1.2 retrieving revision 1.3 diff -u -d -r1.2 -r1.3 --- npsnortd.pl 16 Aug 2005 21:23:28 -0000 1.2 +++ npsnortd.pl 4 Jan 2006 16:02:09 -0000 1.3 @@ -15,6 +15,7 @@ -p pidfile snort pid file -f cmd command used to start/stop snort -t refreshrate amount of time to wait before refreshing the list of networks we are watching + -T test script script used to test whether changes to the snort config are valid -b rules file containing the pcap rules to be sent to snort on startup -q include pcap filters in snort for filtering quarantine traffic -h this message @@ -72,7 +73,7 @@ my $TIMEOUT = 300; my $DEFAULTSNORTPID = "/var/run/snort_dag0.pid"; -getopts('s:S:p:P:r:l:f:t:b:qDh?', \%opts); +getopts('s:S:p:P:r:l:f:t:T:b:qDh?', \%opts); pod2usage(2) if exists $opts{'h'} || exists $opts{'?'}; pod2usage(2) if !exists $opts{'s'} || !exists $opts{'S'}; |
|
From: rcolantuoni <rco...@us...> - 2006-01-04 16:02:23
|
Update of /cvsroot/netpass/NetPass-Snort/etc/sysconfig In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv12386/NetPass-Snort/etc/sysconfig Modified Files: npsnortd Log Message: added a test cmd to check the validity of generated rules. if the test fails, the backup rules file will be restored. Index: npsnortd =================================================================== RCS file: /cvsroot/netpass/NetPass-Snort/etc/sysconfig/npsnortd,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -d -r1.1.1.1 -r1.2 --- npsnortd 10 Aug 2005 20:14:50 -0000 1.1.1.1 +++ npsnortd 4 Jan 2006 16:02:09 -0000 1.2 @@ -1,10 +1,13 @@ NPAPISERVER=128.205.10.37 NPAPISECRET=yoyo +SNORTBINFILE=/opt/snort/bin/snort SNORTLOGFILE=/opt/snort/logs/snort.log +SNORTCONFFILE=/opt/snort/etc/snort.conf SNORTRULESFILE=/opt/snort/etc/snort.rules SNORTPCAPRULES=/opt/snort/etc/pcaprules.txt NPSNORTDPORT=20008 SNORTPIDFILE=/var/run/snort_dag0.pid SNORTSTARTUPSCRIPT=/etc/init.d/snortd +SNORTTESTSCRIPT="$SNORTBINFILE -q -c$SNORTCONFFILE -T" SNORTIGNOREQUAR=1 NPSNORTDREFRESH=300 |
|
From: jeff m. <jef...@us...> - 2005-12-22 21:12:30
|
Update of /cvsroot/netpass/NetPass In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv22499 Modified Files: Makefile install Log Message: yet another install bug, this one with the apache.conf edits Index: Makefile =================================================================== RCS file: /cvsroot/netpass/NetPass/Makefile,v retrieving revision 1.5 retrieving revision 1.6 diff -u -d -r1.5 -r1.6 --- Makefile 4 May 2005 03:09:44 -0000 1.5 +++ Makefile 22 Dec 2005 21:12:21 -0000 1.6 @@ -1,5 +1,12 @@ dist: - (cd .. ; tar -cp --exclude CVS -f netpass-`cat NetPass/VERSION`.tar NetPass) + (NPVERSION=`head -1 VERSION` ; \ + NPBASEN=`basename $${PWD}` ; \ + cd .. ; \ + echo $${NPVERSION} $${NPBASEN} ; \ + mv $${NPBASEN} NetPass-$${NPVERSION} ; \ + tar -cp --exclude CVS -f NetPass-$${NPVERSION}.tar NetPass-$${NPVERSION} ; \ + gzip -v -9 NetPass-$${NPVERSION}.tar ; \ + mv NetPass-$${NPVERSION} $${NPBASEN} ) clean: find . -name \*~ -exec rm -f {} \; Index: install =================================================================== RCS file: /cvsroot/netpass/NetPass/install,v retrieving revision 1.28 retrieving revision 1.29 diff -u -d -r1.28 -r1.29 --- install 22 Dec 2005 19:29:52 -0000 1.28 +++ install 22 Dec 2005 21:12:21 -0000 1.29 @@ -1139,7 +1139,7 @@ ENTER to keep our value: "); $MaxClients ||= $mc; ll("Apache httpd.conf\nMaxClients=$MaxClients\n"); - apacheConfig_set(\@conf, '^#MaxClients', "MaxClients $MaxClients"); + apacheConfig_set(\@conf, '^#MaxClients', "MaxClients $MaxClients\n"); # ^#ServerAdmin @@ -1147,7 +1147,7 @@ my $ServerAdmin = ask ("Enter an email address of the person/group that administers this webserver: "); ll ("ServerAdmin=$ServerAdmin\n"); - apacheConfig_set(\@conf, '^ServerAdmin', "ServerAdmin $ServerAdmin"); + apacheConfig_set(\@conf, '^ServerAdmin', "ServerAdmin $ServerAdmin\n"); # ^#ServerName @@ -1156,7 +1156,7 @@ real name.\n\n"); ll ("ServerName=$ServerName\n"); - apacheConfig_set(\@conf, '^ServerName', "ServerName $ServerName"); + apacheConfig_set(\@conf, '^ServerName', "ServerName $ServerName\n"); #XXX squidGuardConfig("/opt/squidguard/SquidGuard.conf", $ServerName); |
|
From: jeff m. <jef...@us...> - 2005-12-22 19:30:03
|
Update of /cvsroot/netpass/NetPass In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv1704 Modified Files: VERSION install Log Message: installer fixes, testing Index: VERSION =================================================================== RCS file: /cvsroot/netpass/NetPass/VERSION,v retrieving revision 1.4 retrieving revision 1.5 diff -u -d -r1.4 -r1.5 --- VERSION 6 Apr 2005 20:50:35 -0000 1.4 +++ VERSION 22 Dec 2005 19:29:52 -0000 1.5 @@ -1 +1 @@ -2.00 +2.10 Index: install =================================================================== RCS file: /cvsroot/netpass/NetPass/install,v retrieving revision 1.27 retrieving revision 1.28 diff -u -d -r1.27 -r1.28 --- install 22 Dec 2005 18:31:02 -0000 1.27 +++ install 22 Dec 2005 19:29:52 -0000 1.28 @@ -138,11 +138,21 @@ if ($uninstall) { lprint("Uninstalling NetPass ..\n"); + foreach my $etcf ('services', 'syslog.conf') { depatchConf("/etc", $etcf); } lsystem("/etc/init.d/syslog restart"); + + depatchConf("/etc", "inittab"); + lsystem("/sbin/init q"); + + lsystem("/etc/init.d/netpass stop"); + + lsystem("/etc/init.d/syslog restart"); + lsystem("/etc/init.d/syslog restart"); depatchConf("/etc/squid", "squid.conf"); + removeTree($TARGET); lsystem("crontab -u netpass -r"); lsystem("/usr/sbin/userdel netpass") && lprint("userdel netpass failed $!\n"); @@ -171,12 +181,11 @@ lsystem("rm /etc/iptables.sh"); uninstallSwatch(); - depatchConf("/etc", "fstab"); - depatchConf("/etc", "inittab"); - lsystem("/sbin/init q"); dropDatabase(); + uninstallStartupScripts($PKGDIR."/install.d/init.d"); + lprint ("NetPass uninstall finished.\n"); exit 0; } @@ -250,8 +259,6 @@ patchConf("/etc", "inittab", { '%SMTPHOST%' => $smtp_server }); configureNPSVC($PKGDIR."/etc/npsvc-example.conf", $TARGET."/etc/npsvc.conf"); -lsystem("/sbin/init q"); - my $squidRV = patchSquidConf($PKGDIR, "install.d/squid.conf"); @@ -272,6 +279,8 @@ configure netpass. Login as netpass/netpass. Be sure to change your authentication method and/or reset the password as soon as you login.\n"); +lsystem("/sbin/init q"); + $LOG->close; exit 0; @@ -332,6 +341,7 @@ lsystem("/etc/init.d/apache start"); lsystem("/etc/init.d/squid start"); lsystem("/etc/init.d/swatch start"); + lsystem("/etc/init.d/netpass start"); } sub installIPTables { @@ -383,7 +393,7 @@ if ($useha =~ /^y/i) { $npvip = ask("Enter the virtual IP address for this NetPass cluster: "); $redir1 = ask("Enter the DNS name (or IP address) for the primary redirector: "); - $redir2 = ask("Enter the DNS name (or IP address) for the primary redirector (hit enter if you only have one redirector): "); + $redir2 = ask("Enter the DNS name (or IP address) for the secondary redirector (hit enter if you only have one redirector): "); $R->{'npvip'} = $npvip; $R->{'redir1'} = $redir1; $R->{'redir2'} = $redir2; @@ -507,11 +517,12 @@ installApacheStartupScript($ssdir, "apache", $skip->{'apache'}); - foreach my $script ("nessusd", "netpass", "swatch") { + foreach my $script ("nessusd", "netpass", "swatch", "netpassha") { next if exists $skip->{$script} && $skip->{$script}; lsystem("/bin/cp $ssdir/$script /etc/init.d/") unless (-f "/etc/init.d/$script"); - lsystem("chkconfig --level 2345 $script on"); + lsystem("chkconfig --level 2345 $script on") + unless ($script eq "netpassha"); # manually do this } # squid init script installed via RPM @@ -522,6 +533,24 @@ lsystem ("chkconfig --level 2345 apache on"); } +sub uninstallStartupScripts { + my $ssdir = shift; + my $skip = shift; + $skip = {} if (!defined($skip) || (ref($skip) ne "HASH")); + + lsystem ("chkconfig --level 2345 squid off"); + lsystem ("chkconfig --level 2345 dhcrelay off"); + lsystem ("chkconfig --level 2345 snmptrapd off"); + lsystem ("chkconfig --level 2345 apache off"); + + foreach my $script ("nessusd", "netpass", "swatch", "netpassha") { + next if exists $skip->{$script} && $skip->{$script}; + lsystem("chkconfig --level 2345 $script off"); + lsystem("chkconfig --del $script"); + lsystem("/bin/rm -f /etc/init.d/$script"); + } +} + sub installApacheStartupScript { my $base = shift; my $scr = shift; @@ -1381,19 +1410,19 @@ $rv = lsystem(qq{echo "insert into users values ('$u', 'Admin')" | mysql -fu $u $p netpass}); ldie "failed to create '$u' netpass account" if $rv; - $rv = lsystem(qq{insert into user values "('127.0.0.1', '$u', '', 'Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','',0,0,0)" | mysql -fu $u $p mysql }); + $rv = lsystem(qq{echo insert into user values "('127.0.0.1', '$u', '', 'Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','',0,0,0)" | mysql -fu $u $p mysql }); ldie "failed to add 127.0.0.1 to table mysql:user" if $rv; - $rv = lsystem(qq{insert into db values "('127.0.0.1', '%', '$u', 'Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y')" | mysql -fu $u $p mysql}); + $rv = lsystem(qq{echo insert into db values "('127.0.0.1', '%', '$u', 'Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y')" | mysql -fu $u $p mysql}); ldie "failed to add 127.0.0.1 to table mysql:user" if $rv; # redirectors foreach my $rd ($R->{'redir1'}, $R->{'redir2'}) { - $rv = lsystem(qq{insert into db values "('$rd', '%', '$u', 'Y','N','N','N','N','N','N','N','N','N','N','N')" | mysql -fu $u $p mysql}); + $rv = lsystem(qq{echo insert into db values "('$rd', '%', '$u', 'Y','N','N','N','N','N','N','N','N','N','N','N')" | mysql -fu $u $p mysql}); ldie "failed to add $rd to mysql:db table ($rv)" if $rv; - $rv = lsystem(qq{insert into user values "('$rd', '$u', '$p','y','n','n','n','n','n','n','n','n','n','n','n','n','n','n','n','n','n','n','n','n','','','','',0,0,0)" | mysql -fu $u $p mysql}); + $rv = lsystem(qq{echo insert into user values "('$rd', '$u', '$p','y','n','n','n','n','n','n','n','n','n','n','n','n','n','n','n','n','n','n','n','n','','','','',0,0,0)" | mysql -fu $u $p mysql}); ldie "failed to add $rd to mysql:user table ($rv)" if $rv; } |
|
From: jeff m. <jef...@us...> - 2005-12-22 18:36:50
|
Update of /cvsroot/netpass/NetPass/bin In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv18858/bin Modified Files: resetport.pl Log Message: accidentally left a development line of code in resetport. removed. Index: resetport.pl =================================================================== RCS file: /cvsroot/netpass/NetPass/bin/resetport.pl,v retrieving revision 1.20 retrieving revision 1.21 diff -u -d -r1.20 -r1.21 --- resetport.pl 22 Dec 2005 18:31:02 -0000 1.20 +++ resetport.pl 22 Dec 2005 18:36:41 -0000 1.21 @@ -94,8 +94,8 @@ use strict; use Getopt::Std; -#use lib '/opt/netpass/lib/'; -use lib '/u1/project/netpass/NetPass-2/lib/'; +use lib '/opt/netpass/lib/'; +#use lib '/u1/project/netpass/NetPass-2/lib/'; use FileHandle; use Pod::Usage; use IO::Seekable; |
|
From: jeff m. <jef...@us...> - 2005-12-22 18:31:19
|
Update of /cvsroot/netpass/NetPass/bin In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv17502/bin Modified Files: macscan.pl resetport.pl Log Message: resetport fixes, install script fix Index: macscan.pl =================================================================== RCS file: /cvsroot/netpass/NetPass/bin/macscan.pl,v retrieving revision 1.12 retrieving revision 1.13 diff -u -d -r1.12 -r1.13 --- macscan.pl 19 Sep 2005 15:25:03 -0000 1.12 +++ macscan.pl 22 Dec 2005 18:31:02 -0000 1.13 @@ -386,7 +386,7 @@ my ($myname, $pidDir) = (shift, shift); chdir $pidDir or die "$myname: can't chdir to $pidDir: $!"; - -w $pidDir or die "$myname: can't write to $pidDir\n"; + -w $pidDir or warn "$myname: can't write to $pidDir\n"; open STDIN, '/dev/null' or die "$myname: can't read /dev/null: $!"; open STDOUT, '>/dev/null' @@ -396,10 +396,12 @@ if($pid) { # parent my $pidFile = $pidDir . "/" . $myname . ".pid"; - open PIDFILE, "> " . $pidFile - or die "$myname: can't write to $pidFile: $!\n"; - print PIDFILE "$pid\n"; - close(PIDFILE); + if(open PIDFILE, "> " . $pidFile) { + print PIDFILE "$pid\n"; + close(PIDFILE); + } else { + warn "$myname: can't write to $pidFile: $!\n"; + } exit 0; } # child Index: resetport.pl =================================================================== RCS file: /cvsroot/netpass/NetPass/bin/resetport.pl,v retrieving revision 1.19 retrieving revision 1.20 diff -u -d -r1.19 -r1.20 --- resetport.pl 12 Oct 2005 20:45:04 -0000 1.19 +++ resetport.pl 22 Dec 2005 18:31:02 -0000 1.20 @@ -94,7 +94,8 @@ use strict; use Getopt::Std; -use lib '/opt/netpass/lib/'; +#use lib '/opt/netpass/lib/'; +use lib '/u1/project/netpass/NetPass-2/lib/'; use FileHandle; use Pod::Usage; use IO::Seekable; @@ -323,6 +324,10 @@ if a port on the pub queue is also on the priv queue, remove it from the priv queue and remove it from the priv queue time. +this means that link has come up on a port that we were going to +quarantine because link had gone down on it. since link is now +up, we remove it from the queue that tracks linkdown events. + =cut sub removeFromQCheck { @@ -333,13 +338,16 @@ return unless ( (ref($priv) eq "HASH") && (ref($pub) eq "HASH") && - (ref($privT) eq "ARRAY") && + (ref($privT) eq "HASH") && (exists $priv->{$sw}) && (exists $pub->{$sw}) ); # strip the ports from the priv queue foreach my $port (@{$pub->{$sw}}) { + if (grep /^$port$/, @{$priv->{$sw}}) { + _log "DEBUG", "$sw $port is on the private Q. removing it.\n"; + } @{$priv->{$sw}} = grep !/^$port$/, @{$priv->{$sw}}; } @@ -351,33 +359,6 @@ } } -=head2 removeFromUCheck($privU, $publicQ, $switch) - -Given the public quarantine (linkdown) queue and the private -unquarantine (linkup) queue and a switch: - -if a port on the pub queue is also on the priv queue, remove -it from the priv queue. - -=cut - -sub removeFromUCheck { - my $priv = shift; - my $pub = shift; - my $sw = shift; - - return unless ( (ref($priv) eq "HASH") && - (ref($pub) eq "HASH") && - (exists $priv->{$sw}) && - (exists $pub->{$sw}) ); - - # strip the ports from the priv queue - - foreach my $port (@{$pub->{$sw}}) { - @{$priv->{$sw}} = grep !/^$port$/, @{$priv->{$sw}}; - } -} - =head2 thread_entry( ) This is the entry point for the worker threads. This routine sits @@ -417,6 +398,8 @@ } + my %SScache = (); # used in procUQ + while(1) { my $didWork = 0; { @@ -425,13 +408,16 @@ my $wl = workLoad($pq); $thrq->{'workLoad'} = $wl; - #print $self->tid, " wakeup wl=$wl\n"; + _log("DEBUG", $self->tid. " wakeup workload=$wl\n") if $wl; # move work to the private queues, deleting it from # the public queue. if the port is not already on # the linkdown queue, record the current time (and associate # it with the port) so we can implement the linkflap - # tolerance feature. + # tolerance feature. similarly, if the port is not + # already on the linkup queue, record the current time + # so we can expire the unquar job if no mac appears on the + # the port within a configurable timeframe. # the ports coming are guaranteed (by 'processLines') to be # unique. iow, you wont see the same port on both the @@ -462,9 +448,10 @@ $pq->{'q'}->{$sw} = &share([]); $pq->{'qt'}->{$sw} = &share([]); $pq->{'u'}->{$sw} = &share([]); + $pq->{'ut'}->{$sw} = &share([]); } - #print $self->tid, " sw=$sw moving u..\n"; + _log("DEBUG", $self->tid, " $sw doing linkup->remove old linkdown check\n") if exists $opts{'D'}; # run thru the new unquarantine ports (linkup ports) # and see if any of them are on the private @@ -479,13 +466,25 @@ # linkup queue. if they are, remove them from the # priv linkup queue (unquar 'u' queue) - removeFromUCheck($pq->{'u'}, $thrq->{'q'}, $sw); + _log("DEBUG", $self->tid, " $sw doing linkdown->remove old linkup check\n") if exists $opts{'D'}; + + removeFromQCheck($pq->{'u'}, $pq->{'ut'}, + $thrq->{'q'}, $sw); # push the port onto the unquarantine work queue - # for this switch and then uniq that queue to remove - # duplicates. empty the public queue. + # for this switch. if the port wasn't already on + # the queue, record the current time so we can + # drop the linkup job if no mac appears on the port. + # then uniq that queue to remove duplicates. + # empty the public queue. + + + ($pq->{'u'}->{$sw}, + $pq->{'ut'}->{$sw}) + = starttime_calculation($pq->{'u'}->{$sw}, + $pq->{'ut'}->{$sw}, + $thrq->{'u'}->{$sw}); - push @{$pq->{'u'}->{$sw}}, @{$thrq->{'u'}->{$sw}}; $pq->{'u'}->{$sw} = uniq($pq->{'u'}->{$sw}); $thrq->{'u'}->{$sw} = &share([]); @@ -499,13 +498,13 @@ ($pq->{'q'}->{$sw}, $pq->{'qt'}->{$sw}) - = linkflap_starttime_calculation($pq->{'q'}->{$sw}, - $pq->{'qt'}->{$sw}, - $thrq->{'q'}->{$sw}); + = starttime_calculation($pq->{'q'}->{$sw}, + $pq->{'qt'}->{$sw}, + $thrq->{'q'}->{$sw}); $pq->{'q'}->{$sw} = uniq($pq->{'q'}->{$sw}); $thrq->{'q'}->{$sw} = &share([]); - $pq = procUQ($pq, $np); + $pq = procUQ($pq, $np, \%SScache); } } @@ -513,7 +512,16 @@ } } -sub linkflap_starttime_calculation { +=head2 starttime_calculation + +Iterate over the list of new ports and if we find a port that is not +already known (is not on our thread-private list) then record +the current time so we can track how long the port sits in the +queue. + +=cut + +sub starttime_calculation { my $priv = shift; # private queue (arrayref) my $ptl = shift; # port time list (arrayref) my $pub = shift; # public queue (arrayref) @@ -536,6 +544,13 @@ return ($priv, $ptl); } +=head2 uniq + +Given a list, 'uniq' it so that each element appears only +once. + +=cut + sub uniq { my $ar = shift; @@ -545,6 +560,13 @@ return $ar; } +=head2 workLoad + +Add up all of the ports in the Q and U lists. The total is +the work load for this thread. + +=cut + sub workLoad { my $pq = shift; my $wl = 0; @@ -578,7 +600,7 @@ while (defined(my $l = shift @{$lines})) { chomp $l; - + if ($l !~ /^\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}/) { _log("ERROR", "Line looks funny, skipping: \"$l\"\n"); next; @@ -602,10 +624,10 @@ if ($_port =~ /ifIndex.(\d+)\s/) { $port = $1; } else { - print "cant parse port out of \"$_port\". skip\n" - if exists $opts{'D'}; - _log("WARNING", "cant parse port out of \"$_port\"\n") - unless exists $opts{'q'}; + #print "cant parse port out of \"$_port\". skip\n" + # if exists $opts{'D'}; + #_log("WARNING", "cant parse port out of \"$_port\"\n") + # unless exists $opts{'q'}; next; } @@ -649,7 +671,10 @@ Those that we cant make a decision on (because the port doesnt show any attached macs) will be left on the list and reviewed -again the next time we are called. +again the next time we are called. if too much time goes by +(ResetPort Max Port Poll Time) we will drop the port from the +work queue and that user will have to visit the web page to get +unquarantined. A port will be reviewed for a maximum of 1 hour. If we don't see a MAC appear in that time, we stop looking. @@ -658,9 +683,12 @@ # +my $SScache = {}; + sub procUQ { - my $pq = shift; - my $np = shift; + my $pq = shift; + my $np = shift; + my $SScache = shift; my $self = threads->self; @@ -668,6 +696,7 @@ my $switches = uniq [ keys %{$pq->{'u'}}, keys %{$pq->{'q'}} ]; + foreach my $switch (@$switches) { my $cn = ($np->cfg->getCommunities($switch))[1]; @@ -676,21 +705,36 @@ next if (!exists($pq->{'u'}->{$switch}) && !exists($pq->{'q'}->{$switch})); next if (($#{$pq->{'u'}->{$switch}} == -1) && ($#{$pq->{'q'}->{$switch}} == -1)); - my $snmp = new SNMP::Device('hostname' => $switch, - 'snmp_community' => $cn); + my $snmp; + + if (exists $SScache->{$switch}) { + _log("DEBUG", $self->tid, " using cached SNMP object $switch...\n") if exists $opts{'D'}; + $snmp = $SScache->{$switch}; + } else { + _log("DEBUG", $self->tid. " making a new SNMP object $switch ...\n") if exists $opts{'D'}; + $snmp = new SNMP::Device('hostname' => $switch, + 'snmp_community' => $cn); + $SScache->{$switch} = $snmp; + } + my ($mp, $pm) = $snmp->get_mac_port_table(); + + # if the port is on Q and U and Q occurred after U then we need to + # drop from U + if (exists ($pq->{'u'}->{$switch})) { foreach my $port (@{$pq->{'u'}->{$switch}}) { + my $firstSeen = $pq->{'ut'}->{$switch}->[$port]; # if the port is on the 'q' queue, remove it from that queue since # link is now, apparently, up. if (exists ($pq->{'q'}->{$switch})) { - _log("DEBUG", $self->tid(). " $switch $port possibly removing from 'q'\n"); - @{$pq->{'q'}->{$switch}} = grep !/^$port$/, @{$pq->{'q'}->{$switch}}; - if (exists ($pq->{'qt'}->{$switch})) { - $pq->{'qt'}->{$switch}->[$port] = undef; + if (grep /^$port$/, @{$pq->{'q'}->{$switch}}) { + _log("DEBUG", $self->tid(). " $switch $port link is now up. removing from 'q' queue.\n"); + @{$pq->{'q'}->{$switch}} = grep !/^$port$/, @{$pq->{'q'}->{$switch}}; + $pq->{'qt'}->{$switch}->[$port] = undef if (exists ($pq->{'qt'}->{$switch})); } } @@ -712,26 +756,41 @@ _log("DEBUG", $self->tid. " link up $switch $port and unq_lu=$unq_on_linkup rppt=$rppt\n"); - print $self->tid. " fetch maclist\n" if exists $opts{'D'}; + _log("DEBUG", $self->tid. " fetch maclist\n") if exists $opts{'D'}; if (!exists ($failed->{$switch})) { $failed->{$switch} = []; - $failed->{$switch."PT"} = []; } my $macList = $pm->{$port}; - if (!defined($macList)) { + + # if we find NO macs on the port, check to see how long we've been polling this port. if it's + # been too long, drop it. + + if (!defined($macList) || $#$macList == -1) { + my $dropTime = time() - $pq->{'ut'}->{$switch}->[$port]; + my $droppedIn = $rppt-$dropTime; + $droppedIn = $droppedIn < 0 ? 0 : $droppedIn; _log ("ERROR", $self->tid(). - " we want to unquar on linkup, but $switch doesnt have mac information available for port $port yet!\n"); - push @{$failed->{$switch}}, $port; - $failed->{$switch."PT"}->[$port] = time(); #XXX + " we want to unquar on linkup, but $switch doesnt have mac information available for port $port yet! dropped in $droppedIn secs\n"); + if (!defined($pq->{'ut'}->{$switch}->[$port])) { + _log ("WARNING", $self->tid(). " $switch $port no UT start time recorded for this port. dropping it from the watch queue.\n"); + } + elsif ($dropTime > $rppt) { + _log ("WARNING", $self->tid(). " we've been polling $switch $port for too long (>$rppt secs). dropping it from the watch queue.\n"); + $pq->{'ut'}->{$switch}->[$port] = undef; + } + else { + # save the port and poll it again next time + push @{$failed->{$switch}}, $port; + } next; } - print "macList=".join(',', @$macList)."\n" if exists $opts{'D'}; + _log ("DEBUG", $self->tid. " macList=".join(',', @$macList)."\n") if exists $opts{'D'}; if ($unq_on_linkup eq "1") { - print $self->tid(), " unq=ON findRegMac\n" if exists $opts{'D'}; + _log("DEBUG", $self->tid(). " unq=ON findRegMac\n") if exists $opts{'D'}; # in order to move the port to unquarantine # we just need to call validateMac on the first @@ -739,7 +798,7 @@ my ($regMac, $regMacStatus) = findRegMac($np, $macList); if (!defined($regMac)) { - _log ("WARNING", $self->tid(). " no macs registered on $switch $port. leaving in quarantine.\n"); + _log ("WARNING", $self->tid(). " no registered macs found on $switch $port. leaving in quarantine.\n"); } else { _log("DEBUG", $self->tid(). " regMac $regMac $regMacStatus\n") if exists $opts{'D'}; @@ -750,7 +809,7 @@ if ($#{$macList} == 0) { _log ("DEBUG", $self->tid(). " $regMac is alone on $switch $port. status is $regMacStatus\n"); if ($regMacStatus =~ /UNQUAR$/) { - _log ("DEBUG", $self->tid(). " $regMac unquarantine $switch $port\n"); + _log ("DEBUG", $self->tid(). " $regMac unquarantine $switch $port. port event is ".(time()-$firstSeen)." secs old.\n"); if(exists $opts{'n'}) { _log("DEBUG", $self->tid(). " not really!\n"); } else { @@ -771,7 +830,7 @@ $switch, $port, undef, {$port => $macList}); if ($_rv =~ /UNQUAR$/) { - _log ("DEBUG", $self->tid(). " $switch $port multiMac said to unquarantine the port.\n"); + _log ("DEBUG", $self->tid(). " $switch $port multiMac said to unquarantine the port. port event is ".(time()-$firstSeen)." secs old.\n"); if (exists $opts{'n'}) { _log("DEBUG", "not really!\n"); } else { @@ -826,9 +885,10 @@ if (exists $pq->{'q'}->{$switch}) { foreach my $port (@{$pq->{'q'}->{$switch}}) { my $unq_on_linkup = $np->cfg->policy(-key => 'UNQUAR_ON_LINKUP') || "0"; - my $rppt = $np->cfg->policy(-key => 'RESETPORT_PORT_POLL_TIME') || 0; - my $lftol = $np->cfg->policy(-key => 'LINKFLAP_TOLERANCE') || 0; - + my $rppt = $np->cfg->policy(-key => 'RESETPORT_PORT_POLL_TIME') || 0; + my $lftol = $np->cfg->policy(-key => 'LINKFLAP_TOLERANCE') || 0; + my $firstSeen = $pq->{'qt'}->{$switch}->[$port]; + # if possible, we'll resolve the switch/port to a specific network and the # look to see if the above policy settings are over-ridden at the network or # netgroup level. @@ -848,7 +908,7 @@ # will be removed from the 'q' queue by the linkup code above. if the timer # expires, quarantine the port. - if ($rppt) { + if ($lftol) { if ($pq->{'qt'}->{$switch}->[$port]) { # if we are on the 'u' list then link is up and we'll be # removed from the 'u' list by the linkup code above. @@ -862,7 +922,7 @@ -vlan => 'quarantine', -by => 'resetport.pl') || _log("ERROR", $np->db->error()); - _log ("DEBUG", $self->tid()." quarantined $switch $port because rppt expired\n") + _log ("DEBUG", $self->tid()." quarantined $switch $port because linkflap tolerance expired\n") if exists $opts{'D'}; # remove the port from the linkdown queue since we've processed it @@ -879,13 +939,13 @@ $pq->{'qt'}->{$switch}->[$port] = time(); } } else { - # rppt is not set (or set to zero) so immediate quarantine the port + # lftol is not set (or set to zero) so immediately quarantine the port $np->db->requestMovePort(-switch => $switch, -port => $port, -vlan => 'quarantine', -by => 'resetport.pl') || _log("ERROR", $np->db->error()); - _log ("DEBUG", $self->tid()." immediately quarantined $switch $port because rppt=0\n") + _log ("DEBUG", $self->tid()." immediately quarantined $switch $port because lftol=0. port event is ".(time()-$firstSeen)." secs old.\n") if exists $opts{'D'}; # remove the port from the linkdown queue since we've processed it @@ -893,7 +953,7 @@ @{$pq->{'q'}->{$switch}} = grep /!$port$/, @{$pq->{'q'}->{$switch}}; $pq->{'qt'}->{$switch}->[$port] = undef; } - } + } # foreach port on this switch } # save the ports that have failed so we can take care of @@ -904,8 +964,9 @@ @{$pq->{'u'}->{$switch}} = @{$failed->{$switch}}; } else { $pq->{'u'}->{$switch} = []; + $pq->{'ut'}->{$switch} = []; } - } + } } # end foreach |
|
From: jeff m. <jef...@us...> - 2005-12-22 18:31:14
|
Update of /cvsroot/netpass/NetPass/lib/NetPass In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv17502/lib/NetPass Modified Files: Config.pm Network.pm Log Message: resetport fixes, install script fix Index: Config.pm =================================================================== RCS file: /cvsroot/netpass/NetPass/lib/NetPass/Config.pm,v retrieving revision 1.53 retrieving revision 1.54 diff -u -d -r1.53 -r1.54 --- Config.pm 22 Aug 2005 19:26:07 -0000 1.53 +++ Config.pm 22 Dec 2005 18:31:03 -0000 1.54 @@ -90,7 +90,7 @@ _log ("DEBUG", "config changed. reloading. cur=". $self->{'cfg_from_db'}->{'rev'}. - " new=".$newCfg->{'rev'}); + " new=".$newCfg->{'rev'}."\n"); $self->{'cfg'} = new Config::General(-String => $newCfg->{'config'}, -AutoTrue => 1, Index: Network.pm =================================================================== RCS file: /cvsroot/netpass/NetPass/lib/NetPass/Network.pm,v retrieving revision 1.7 retrieving revision 1.8 diff -u -d -r1.7 -r1.8 --- Network.pm 6 Sep 2005 20:29:18 -0000 1.7 +++ Network.pm 22 Dec 2005 18:31:03 -0000 1.8 @@ -182,8 +182,9 @@ my $res = new Net::DNS::Resolver; my $query = $res->search($hn); + return $hn if ($hn =~ /^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/); - + my $addr; if ($query) { |
|
From: jeff m. <jef...@us...> - 2005-12-22 18:31:12
|
Update of /cvsroot/netpass/NetPass/install.d In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv17502/install.d Modified Files: iptables-lvs.sh lvs Log Message: resetport fixes, install script fix Index: iptables-lvs.sh =================================================================== RCS file: /cvsroot/netpass/NetPass/install.d/iptables-lvs.sh,v retrieving revision 1.3 retrieving revision 1.4 diff -u -d -r1.3 -r1.4 --- iptables-lvs.sh 20 Apr 2005 18:34:36 -0000 1.3 +++ iptables-lvs.sh 22 Dec 2005 18:31:02 -0000 1.4 @@ -51,6 +51,10 @@ iptables -A PREROUTING -t mangle -p tcp --dport 443 -j MARK --set-mark 1 iptables -A PREROUTING -t mangle -p tcp --dport 443 -j RETURN +iptables -A PREROUTING -t mangle -p tcp --dport 20003 -j MARK --set-mark 1 +iptables -A PREROUTING -t mangle -p tcp --dport 20003 -j RETURN + + iptables -A PREROUTING -t mangle -j DROP #iptables -A PREROUTING -t mangle -j MARK --set-mark 1 Index: lvs =================================================================== RCS file: /cvsroot/netpass/NetPass/install.d/lvs,v retrieving revision 1.3 retrieving revision 1.4 diff -u -d -r1.3 -r1.4 --- lvs 17 Mar 2005 17:38:38 -0000 1.3 +++ lvs 22 Dec 2005 18:31:02 -0000 1.4 @@ -31,7 +31,7 @@ you've decided to use? "); my $rs1 = ask("\nWhat's the IP address of the first NetPass server? "); my $rs2 = ask("\nWhat's the IP address of the second NetPass server? "); -my $d2 = ask("\nWhat's the IP address of the other NetPass redirector? "); +my $d2 = ask("\nWhat's the IP address of the other NetPass redirector (not this one)? "); my $fhI = new FileHandle "$PKGDIR/install.d/ldirectord.cf", "r"; die "can't open $PKGDIR/install.d/ldirectord.cf for reading: $!" unless defined $fhI; @@ -48,10 +48,10 @@ $fhI->close; $fhO->close; -print "We will not configure /etc/ha.d/ha.cf. The 'hostname' that we are\n\ +print "We will now configure /etc/ha.d/ha.cf. The 'hostname' that we are\n\ about to ask for must match the output of 'uname -n' on each redirector.\n"; -my $dir1 = ask("\nEnter the hostname address of the primary redirector: "); -my $dir2 = ask("\nEnter the hostname address of the backup redirector: "); +my $dir1 = ask("\nEnter the HOSTNAME of the primary redirector: "); +my $dir2 = ask("\nEnter the HOSTNAME of the backup redirector: "); $fh = new FileHandle "/etc/ha.d/ha.cf", "w"; die "cant open /etc/ha.d/ha.cf for writing: $!" unless defined $fh; @@ -75,8 +75,8 @@ print "XXX IPTABLES, perl, /var/run/netpass, startup scripts (netpassha, garp) CONFIG HERE\n\n"; -print "\nHA configuration complete. Use the netpass/bin/interfacecfg.pl script -to generate your HA interface configuration script.\n"; +print "\nHA configuration complete. Use the netpassha init script +to bring this redirector online.\n"; exit 0; |
|
From: jeff m. <jef...@us...> - 2005-12-22 18:31:11
|
Update of /cvsroot/netpass/NetPass In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv17502 Modified Files: CHANGES install Log Message: resetport fixes, install script fix Index: CHANGES =================================================================== RCS file: /cvsroot/netpass/NetPass/CHANGES,v retrieving revision 1.22 retrieving revision 1.23 diff -u -d -r1.22 -r1.23 --- CHANGES 12 Oct 2005 20:39:42 -0000 1.22 +++ CHANGES 22 Dec 2005 18:31:02 -0000 1.23 @@ -256,3 +256,13 @@ jcm bug fix. resetport.pl, bug in findThread caused most jobs to get assigned to same thread, possibly resulting in long delays. +2005-12-23 + jcm bug fix. resetport.pl. bug in quarantine/linkdown processing if you + had linkflap tolerance enabled but port-polling disabled. it would + ignore the linkflap tolerance setting. + jcm resetport.pl added feature for port polling. if linkup on a port but + no mac appears on the port for N seconds (settable) resetport will + drop the port from the work queue. + jcm bug fix. apparently i missed a routine in the install script, causing + it to error out. + Index: install =================================================================== RCS file: /cvsroot/netpass/NetPass/install,v retrieving revision 1.26 retrieving revision 1.27 diff -u -d -r1.26 -r1.27 --- install 16 Aug 2005 14:04:31 -0000 1.26 +++ install 22 Dec 2005 18:31:02 -0000 1.27 @@ -249,9 +249,9 @@ Enter an SMTP server here: "); patchConf("/etc", "inittab", { '%SMTPHOST%' => $smtp_server }); +configureNPSVC($PKGDIR."/etc/npsvc-example.conf", $TARGET."/etc/npsvc.conf"); lsystem("/sbin/init q"); -configureNPSVC($TARGET); my $squidRV = patchSquidConf($PKGDIR, "install.d/squid.conf"); @@ -1259,6 +1259,28 @@ } +sub configureNPSVC { + my $cf = shift; + my $sf = shift; + + # edit npsvc.conf + + print "\nWe use 'npsvc' to make sure critical processes are running.\n"; + my $em = ask ("Enter an email address that npsvc can mail if it spots something wrong: "); + my $fh = new FileHandle $cf, "r"; + ldie "failed to open $cf for reading: $!" unless defined $cf; + my $f2 = new FileHandle $sf, "w"; + ldie "failed to open $sf for writing: $!" unless defined $sf; + while(my $line = <$fh>) { + $line =~ s/%EMAIL%/$em/g; + print $f2 $line; + } + $fh->close; + $f2->close; + lprint "NPSVC configuration file installed to $sf\n"; +} + + sub makeCookiesDir { if (-d '/cookies') { lprint ("Looks like /cookies already exists.\n"); |
|
From: Matt B. <mt...@os...> - 2005-10-13 23:25:28
|
if your using npsnortd.pl to manage snort, npsnortd.pl will create the snort.rules file and put all the active snort rules from the NetPass DB into that file whenever a startSnort or restartSnort SOAP API call is sent to npsnortd. -Matt On Thu, 13 Oct 2005, Don Rugh wrote: > Gang, > > ...having a little trouble getting snort running -- near the end of > the config file, the following appears: > > # rules > include snort.rules > > We're accustomed to seeing a /rules directory, but not a > "snort.rules" file -- where is this coming from? is it generated from > the NetPass DB? > > Thanks, > Don > > Donald G. Rugh > Director of Network Services > Information Services > Saint Vincent College > 300 Fraser Purchase Road > Latrobe, PA 15650 > 724-805-2559 > don...@em... > > |
|
From: Don R. <don...@em...> - 2005-10-13 20:20:56
|
Gang, ...having a little trouble getting snort running -- near the end of the config file, the following appears: # rules include snort.rules We're accustomed to seeing a /rules directory, but not a "snort.rules" file -- where is this coming from? is it generated from the NetPass DB? Thanks, Don Donald G. Rugh Director of Network Services Information Services Saint Vincent College 300 Fraser Purchase Road Latrobe, PA 15650 724-805-2559 don...@em... |
|
From: jeff m. <jef...@us...> - 2005-10-12 20:45:16
|
Update of /cvsroot/netpass/NetPass/bin In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv3852 Modified Files: resetport.pl Log Message: minor change to keep it quiet(er) Index: resetport.pl =================================================================== RCS file: /cvsroot/netpass/NetPass/bin/resetport.pl,v retrieving revision 1.18 retrieving revision 1.19 diff -u -d -r1.18 -r1.19 --- resetport.pl 12 Oct 2005 20:38:45 -0000 1.18 +++ resetport.pl 12 Oct 2005 20:45:04 -0000 1.19 @@ -296,7 +296,7 @@ foreach my $tid (sort keys %$tp) { lock($tp->{$tid}->{thrq}); $qLens{$tid} = $tp->{$tid}->{'thrq'}->{'workLoad'}; - _log("DEBUG", "$tid workLoad=".$qLens{$tid}."\n"); + _log("DEBUG", "$tid workLoad=".$qLens{$tid}."\n") if exists $opts{'D'}; $firstSeen = $tid unless $firstSeen; } |
|
From: jeff m. <jef...@us...> - 2005-10-12 20:39:51
|
Update of /cvsroot/netpass/NetPass In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv2806 Modified Files: CHANGES Log Message: Index: CHANGES =================================================================== RCS file: /cvsroot/netpass/NetPass/CHANGES,v retrieving revision 1.21 retrieving revision 1.22 diff -u -d -r1.21 -r1.22 --- CHANGES 21 Sep 2005 19:52:57 -0000 1.21 +++ CHANGES 12 Oct 2005 20:39:42 -0000 1.22 @@ -251,3 +251,8 @@ jcm bug fix message editor click cancel causes admin session to be logged out jcm bug fix if you change the status of a client's "result" in QC, no audit log entry is made reflecting which admin changed the status + +2005-10-12 + jcm bug fix. resetport.pl, bug in findThread caused most jobs to get assigned to + same thread, possibly resulting in long delays. + |
|
From: jeff m. <jef...@us...> - 2005-10-12 20:38:53
|
Update of /cvsroot/netpass/NetPass/bin In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv2595 Modified Files: resetport.pl Log Message: bug fix. bug caused most jobs to get assigned to same thread, possibly resulting in long delays. Index: resetport.pl =================================================================== RCS file: /cvsroot/netpass/NetPass/bin/resetport.pl,v retrieving revision 1.17 retrieving revision 1.18 diff -u -d -r1.17 -r1.18 --- resetport.pl 19 Sep 2005 15:26:56 -0000 1.17 +++ resetport.pl 12 Oct 2005 20:38:45 -0000 1.18 @@ -141,7 +141,7 @@ my $np = new NetPass(-cstr => exists $opts{'c'} ? $opts{'c'} : undef, -dbuser => $dbuser, -dbpass => $dbpass, - -debug => exists $opts{'D'} ? 1 : 0, + -debug => 0 , #exists $opts{'D'} ? 1 : 0, # too verbose -quiet => exists $opts{'q'} ? 1 : 0); die "failed to connect to NetPass: $np" unless (ref($np) eq "NetPass"); @@ -175,7 +175,7 @@ my $threads = {}; my $me = threads->self; -my $ps = exists $opts{'t'} ? $opts{'t'} : 50; +my $ps = exists $opts{'t'} ? $opts{'t'} : 20; my $threadPool = {}; my $swThrAffin = {}; @@ -293,17 +293,19 @@ my %qLens; my $firstSeen; - foreach my $tid (keys %$tp) { + foreach my $tid (sort keys %$tp) { lock($tp->{$tid}->{thrq}); $qLens{$tid} = $tp->{$tid}->{'thrq'}->{'workLoad'}; + _log("DEBUG", "$tid workLoad=".$qLens{$tid}."\n"); $firstSeen = $tid unless $firstSeen; } my $assignToMe = ''; my $min = ''; - foreach my $tid (keys %qLens) { - if ( ($min eq '') || ($qLens{$tid} < $min ) ) { + foreach my $tid (sort keys %qLens) { + $min = $qLens{$tid}+1 if ($min eq ''); + if ( $qLens{$tid} < $min ) { $assignToMe = $tid; $min = $qLens{$tid}; } @@ -609,10 +611,10 @@ _log("DEBUG", "$switch/$port checking if resetport is enabled...\n") if exists $opts{'D'}; if (resetPortEnabled($np, $switch, $port) == 0) { - _log("DEBUG", "$switch/$port reset port is disabled for $switch $port. skipping.\n"); + _log("DEBUG", "$switch/$port resetport is disabled for $switch $port. skipping.\n"); next; } - _log("DEBUG", "$switch/$port yes, reserport is enabled and ttype=$ttype\n") if exists $opts{'D'}; + _log("DEBUG", "$switch/$port yes, resetport is enabled and ttype=$ttype\n") if exists $opts{'D'}; if ($ttype == 2) { # LINKDOWN _log("INFO", "$switch/$port LINKDOWN\n"); |
|
From: jeff m. <jef...@us...> - 2005-09-21 19:53:04
|
Update of /cvsroot/netpass/NetPass In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv7195 Modified Files: CHANGES Log Message: Index: CHANGES =================================================================== RCS file: /cvsroot/netpass/NetPass/CHANGES,v retrieving revision 1.20 retrieving revision 1.21 diff -u -d -r1.20 -r1.21 --- CHANGES 19 Sep 2005 15:25:03 -0000 1.20 +++ CHANGES 21 Sep 2005 19:52:57 -0000 1.21 @@ -247,3 +247,7 @@ jcm changed number-of-threads in resetport from 20 to 50 to see if it makes it more responsive. +2005-09-21 + jcm bug fix message editor click cancel causes admin session to be logged out + jcm bug fix if you change the status of a client's "result" in QC, no audit log + entry is made reflecting which admin changed the status |
|
From: jeff m. <jef...@us...> - 2005-09-21 19:51:49
|
Update of /cvsroot/netpass/NetPass/www/htdocs/Admin/Editor In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv6972/www/htdocs/Admin/Editor Modified Files: edit.mhtml Log Message: BUG: message editor cancel logs you out Index: edit.mhtml =================================================================== RCS file: /cvsroot/netpass/NetPass/www/htdocs/Admin/Editor/edit.mhtml,v retrieving revision 1.6 retrieving revision 1.7 diff -u -d -r1.6 -r1.7 --- edit.mhtml 3 Aug 2005 20:22:40 -0000 1.6 +++ edit.mhtml 21 Sep 2005 19:51:40 -0000 1.7 @@ -132,7 +132,7 @@ <input $readOnly type="submit" name="submit" value=" Save Changes " /> <input $readOnly type="submit" name="submit" value=" Save Copy " /> -<input type="button" name="cancel" value=" Cancel " onClick="top.location='index.mhtml'"/> +<input type="button" name="cancel" value=" Cancel " onClick="top.location='index.mhtml?npsess=<%$m->session->{_session_id}%>'"/> </form> |
|
From: jeff m. <jef...@us...> - 2005-09-21 16:25:56
|
Update of /cvsroot/netpass/NetPass/www/components In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv24573/www/components Modified Files: Audit Log Message: audit logging for QC result changes Index: Audit =================================================================== RCS file: /cvsroot/netpass/NetPass/www/components/Audit,v retrieving revision 1.2 retrieving revision 1.3 diff -u -d -r1.2 -r1.3 --- Audit 12 Apr 2005 16:17:26 -0000 1.2 +++ Audit 21 Sep 2005 16:25:45 -0000 1.3 @@ -15,8 +15,8 @@ #my $i = $m->session->{'remote_addr'}; #my $u = $m->session->{'username'}; - $np->db->audit( -mac => $m->session->{'remote_mac'}, - -ip => $m->session->{'remote_addr'}, + $np->db->audit( -mac => '', + -ip => $ENV{'REMOTE_ADDR'}, -user => $m->session->{'username'}, -msg => $msg ); |
