2 # vim:shiftwidth=2:tabstop=2:expandtab:textwidth=80:softtabstop=2:ai:
4 #########################################################
5 # Written Aug 4, 2007 and released under the GNU/GPLv2 ##
6 # by Jeff Schroeder (jeffschroeder@computer.org) # #
7 ######################################################### #
9 # ossec-batch-manager.pl - Add and extract agents from # #
10 # the ossec client.keys file non-interactively. This # #
11 # started as a hack to properly script manage_agents. # #
13 ##########################################################
15 #$Id: ossec-batch-manager.pl,v 1.4 2007/11/05 21:05:39 jeff Exp $
17 # - Add check for ossec 1.4 and support longer agent names
18 # - Add in eval so that older version of perl without
19 # Time::HiRes still can use this script.
23 require 5.8.2; # Time::HiRes is standard from this version forth
26 use Digest::MD5 qw(md5_hex);
29 use constant AUTH_KEY_FILE => "/var/ossec/etc/client.keys";
31 my ($key, $add, $remove, $extract, $import, $listagents);
32 my ($agentid, $agentname, $ipaddress);
35 'k|key=s' => \$key, # Unencoded ssh key
36 'a|add' => \$add, # Add a new agent
37 'r|remove=s' => \$remove, # Remove an agent
38 'e|extract=s' => \$extract, # Extract a key
39 'm|import' => \$import, # Import a key
40 'l|list' => \$listagents, # List all agents
41 'i|id=s' => \$agentid, # Unique agent id
42 'n|name=s' => \$agentname, # Agent name. 32 char max
43 'p|ip=s' => \$ipaddress # IP Address in "dotted quad" notation
46 # Spit out a list of available agents, their names, and ip information
50 # Decode and extract the key for $agentid
54 extract_key($agentid);
62 if ($agentname && $ipaddress && $ipaddress =~
63 m/(1?\d\d?|2[0-4]\d|25[0-5])(\.(1?\d\d?|2[0-4]\d|25[0-5])){3}/ &&
64 # ossec doesn't like agent names > 32 characters.
65 length($agentname) <= 32) {
67 # Autogenerate an id incremented 1 from the last in a sorted list of
68 # all current ones if it isn't specified from the command line.
71 # Make a list of all of the used agentids and then sort it.
72 if (-r AUTH_KEY_FILE) {
73 my @used_agent_ids = ();
74 open (FH, "<", AUTH_KEY_FILE);
76 my ($id, $name, $ip, $key) = split;
77 push(@used_agent_ids, $id);
81 if (@used_agent_ids) {
82 @used_agent_ids = sort(@used_agent_ids);
83 $agentid = sprintf("%03d", $used_agent_ids[-1] + 1);
86 # If the client.keys is empty or doesn't exist set the id to 001
87 $agentid = sprintf("%03d", 001) if (!$agentid);
90 # Autogenerate a key unless one was specified on the command line
92 use Time::HiRes; # Standard with perl >= 5.8.2
94 my $rand_str1 = time() . $agentname . rand(10000);
95 my $rand_str2 = Time::HiRes::time . $ipaddress . $agentid . rand(10000);
96 $key = md5_hex($rand_str1) . md5_hex($rand_str2);
99 add_agent($agentid, $agentname, $ipaddress, $key);
102 warn "Error: adding agents requires: --name and --ip options.\n";
108 remove_agent($agentid);
111 remove_agent($remove)
115 # Every option needs to be specified and NOT autogenerated because what
116 # is autogenerated on the server and the agent will likely be different
117 if (!$agentid || !$agentname || !$ipaddress || !$key) {
118 warn "Error: importing requires: --id, --name, --ip, and --key\n";
122 # The key extracted from the server needs to be decoded before being put
123 # into the client.keys
124 $key = MIME::Base64::decode($key);
126 add_agent($agentid, $agentname, $ipaddress, $key);
130 warn "Error: no options specified!\n";
135 warn "Usage: $0 [OPERATION] [OPTIONS]\n";
136 warn " [operations]\n";
137 warn " -a or --add = Add a new agent\n";
138 warn " -r or --remove [id] = Remove agent\n";
139 warn " -e or --extract [id] = Extract key\n";
140 warn " -m or --import [keydata] = Import key\n";
141 warn " -l or --list = List available agents\n";
143 warn " -k or --key [keydata] = Key data\n";
144 warn " -n or --name [name] = Agent name (32 character max)\n";
145 warn " -i or --id [id] = Agent identification (integer)\n";
146 warn " -p or --ip [ip] = IP address\n\n";
151 if (-r AUTH_KEY_FILE) {
152 open (FH, "<", AUTH_KEY_FILE);
155 die "Error reading ".AUTH_KEY_FILE.": $!\n";
157 print "Available Agents:\n";
158 print "ID", " " x (25 - length('ID')),
159 "NAME", " " x (25 - length('NAME')),
160 "IP", " " x (25 - length('IP'));
164 my ($id, $name, $ip, $key) = split;
165 print "$id", " " x (25 - length($id)),
166 "$name", " " x (25 - length($name)),
167 "$ip", " " x (25 - length($ip)) . "\n";
174 my $extractid = shift;
175 my ($encoded, $decoded);
177 if (-r AUTH_KEY_FILE) {
178 open (FH, "<", AUTH_KEY_FILE);
181 die "No ".AUTH_KEY_FILE."!\n";
185 my ($id, $name, $ip, $key) = split;
186 if ($id == $extractid) {
187 # Newlines are valid base64 characters so use '' instead for \n
188 $decoded = MIME::Base64::encode($key, '');
193 warn "Error: Agent ID $extractid doesn't exist!\n";
200 my $agentkey = shift;
202 if ($name && $ip && $agentkey) {
204 # 5a832efb8f93660857ce2acf8eec66a19fd9d4fa58e3221bbd2927ca8a0b40c3
205 if ($agentkey !~ m/[a-z0-9]{64}/) {
206 warn "Error: invalid keydata! Let this script autogenerate it.\n";
210 my @newagent = ($id, $name, $ip, $agentkey);
211 my $exists = check_if_exists(\@newagent);
214 # Append if client.keys exists and create it if it doesn't
215 if (-e AUTH_KEY_FILE) {
216 open(FH, ">>", AUTH_KEY_FILE) or die AUTH_KEY_FILE." error: $!\n";
219 open(FH, ">", AUTH_KEY_FILE) or die AUTH_KEY_FILE." error: $!\n";
221 print FH join(' ', @newagent), "\n";
224 elsif ($exists == 1) {
225 warn "ID: $id already in ".AUTH_KEY_FILE."!\n";
227 elsif ($exists == 2) {
228 warn "Agent: $name already in ".AUTH_KEY_FILE."!\n";
230 elsif ($exists == 3) {
231 warn "IP: $ip already in ".AUTH_KEY_FILE."!\n";
235 warn "Missing options to --add or problem with ".AUTH_KEY_FILE.": $!\n";
241 my $removeid = shift;
244 if (-r AUTH_KEY_FILE) {
245 open (FH, "<", AUTH_KEY_FILE);
248 die "Error: with ".AUTH_KEY_FILE.": $!\n";
251 push(@agent_array, $_);
255 if (-w AUTH_KEY_FILE) {
256 open (FHRW, ">", AUTH_KEY_FILE);
259 die "Error writing ".AUTH_KEY_FILE.": $!\n";
261 foreach my $line (@agent_array) {
262 if ($line !~ $removeid) {
270 sub check_if_exists {
271 my $agentlist_ref = shift;
272 my ($newid, $newname, $newip);
275 $newid = $agentlist_ref->[0];
276 $newname = $agentlist_ref->[1];
277 $newip = $agentlist_ref->[2];
279 # If the file isn't readable, the id probably isn't already in it
280 if (-r AUTH_KEY_FILE) {
281 open (FH, "<", AUTH_KEY_FILE);
284 my ($id, $name, $ip, $key) = split;
285 $rval = 1 if ($id == $newid && $rval == 0);
286 $rval = 2 if ($name eq $newname && $rval == 0);
287 $rval = 3 if ($ip eq $newip && $rval == 0);