X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?a=blobdiff_plain;f=contrib%2Fossec-batch-manager.pl;h=b1b07df263a7a3ffdca02c4145b535110f2014cb;hb=789cbc8e52da68eba3517b920ef22e000cf3c9fd;hp=6564298915d13b3069510969dd36ae113f390dd1;hpb=301048b51990573e58a30dc4a5bb4ec285cad554;p=ossec-hids.git

diff --git a/contrib/ossec-batch-manager.pl b/contrib/ossec-batch-manager.pl
index 6564298..b1b07df 100755
--- a/contrib/ossec-batch-manager.pl
+++ b/contrib/ossec-batch-manager.pl
@@ -11,6 +11,45 @@
 # started as a hack to properly script manage_agents.   #  #
 #                                                       # #
 ##########################################################
+# Modified by Tim Meader (Timothy.A.Meader@nasa.gov)
+# on 2013/07/01
+#
+# - corrected a MAJOR logic error in the remove
+#   function. The comparison was being done across the
+#   entire line of the agent keys file, so both IPs
+#   and the SSH keys at the end could be matched against
+#   the 'agent ID' wanting to be removed. Changed the
+#   match to only compare the first column of the file
+# - added an error output message to the remove
+#   function if it's fed an 'agent ID' that doesn't
+#   exist
+# - the script now also removes the corresponding
+#   associated agent rid files after a successful remove
+#   operation, or gives an error on failure
+#            
+##########################################################
+# Modified by Tim Meader (Timothy.A.Meader@nasa.gov)
+# on 2010/12/08
+#            
+# - fixed two errors that were popping up during add or
+#   remove operations due to the code not taking into
+#   account the old key entries that have the "#*#*#*"
+#   pattern after the ID number. Simple fix was to do
+#   a "if (defined(xxx))" on the vars
+# - fixed the "list" operation to only show valid key
+#   entries
+# - changed the extract operation to store options
+#   in an array, and subsequently rewrote the 
+#   "extract_key" (now called "extract_keys") func
+#   to accept this new behavior
+# - modified "extract_keys" func to accept either ID,
+#   name, or IP address as the argument after the
+#   "-e" operator. Output of key extraction now
+#   include the name and IP address by default in the
+#   format: "name,IP  extracted_key"
+#
+#########################################################
+
 
 #$Id$
 # TODO:
@@ -27,15 +66,16 @@ use Digest::MD5 qw(md5_hex);
 use Getopt::Long;
 
 use constant AUTH_KEY_FILE => "/var/ossec/etc/client.keys";
+use constant RIDS_PATH => "/var/ossec/queue/rids/";
 
-my ($key, $add, $remove, $extract, $import, $listagents);
+my ($key, $add, $remove, @extracts, $import, $listagents);
 my ($agentid, $agentname, $ipaddress);
 
 GetOptions(
   'k|key=s'     => \$key,         # Unencoded ssh key
   'a|add'       => \$add,         # Add a new agent
   'r|remove=s'  => \$remove,      # Remove an agent
-  'e|extract=s' => \$extract,     # Extract a key
+  'e|extract=s' => \@extracts,     # Extract a key
   'm|import'    => \$import,      # Import a key
   'l|list'      => \$listagents,  # List all agents
   'i|id=s'      => \$agentid,     # Unique agent id
@@ -48,10 +88,9 @@ if ($listagents) {
   list_agents();
 }
 # Decode and extract the key for $agentid
-elsif ($extract) {
-  $agentid = $extract;
-  if ($agentid) {
-    extract_key($agentid);
+elsif (@extracts) {
+  if (@extracts) {
+    extract_keys(@extracts);
   }
   else {
     usage();
@@ -134,16 +173,16 @@ else {
 sub usage {
   warn "Usage: $0 [OPERATION] [OPTIONS]\n";
   warn "  [operations]\n";
-  warn "    -a or --add               = Add a new agent\n";
-  warn "    -r or --remove  [id]      = Remove agent\n";
-  warn "    -e or --extract [id]      = Extract key\n";
-  warn "    -m or --import  [keydata] = Import key\n";
-  warn "    -l or --list              = List available agents\n";
+  warn "    -a or --add                    = Add a new agent\n";
+  warn "    -r or --remove  [id]           = Remove agent\n";
+  warn "    -e or --extract [id|name|ip]   = Extract key\n";
+  warn "    -m or --import  [keydata]      = Import key\n";
+  warn "    -l or --list                   = List available agents\n";
   warn "  [options]\n";
-  warn "    -k or --key     [keydata] = Key data\n";
-  warn "    -n or --name    [name]    = Agent name (32 character max)\n";
-  warn "    -i or --id      [id]      = Agent identification (integer)\n";
-  warn "    -p or --ip      [ip]      = IP address\n\n";
+  warn "    -k or --key     [keydata]  = Key data\n";
+  warn "    -n or --name    [name]     = Agent name (32 character max)\n";
+  warn "    -i or --id      [id]       = Agent identification (integer)\n";
+  warn "    -p or --ip      [ip]       = IP address\n\n";
   exit 1;
 }
 
@@ -162,35 +201,56 @@ sub list_agents {
   while (<FH>) {
     chomp;
     my ($id, $name, $ip, $key) = split;
-    print "$id",    " " x (25 - length($id)),
-          "$name",  " " x (25 - length($name)),
-          "$ip",    " " x (25 - length($ip)) . "\n";
+    if (defined($key)) {
+      print "$id",    " " x (25 - length($id)),
+            "$name",  " " x (25 - length($name)),
+            "$ip",    " " x (25 - length($ip)) . "\n";
+    }
   }
   close(FH);
   exit 0;
 }
 
-sub extract_key {
-  my $extractid = shift;
-  my ($encoded, $decoded);
-
+sub extract_keys {
   if (-r AUTH_KEY_FILE) {
     open (FH, "<", AUTH_KEY_FILE);
   }
   else {
     die "No ".AUTH_KEY_FILE."!\n";
   }
-  while (<FH>) {
-    chomp;
-    my ($id, $name, $ip, $key) = split;
-    if ($id == $extractid) {
-      # Newlines are valid base64 characters so use '' instead for \n
-      $decoded = MIME::Base64::encode($_, '');
-      print "$decoded\n";
-      exit 0;
+  
+  foreach my $extract (@_) {
+    my ($encoded, $decoded);
+    my $found = 0;
+
+    while (<FH>) {
+      chomp;
+      my ($id, $name, $ip, $key) = split;
+      # Check to make sure it's a valid entry
+      if (defined($key)) {
+        if (($extract =~ /^\d+$/) && ($id == $extract)) {
+          $found = 1;
+        }
+        elsif ($name eq $extract) {
+          $found = 1;
+        }
+        elsif ($ip eq $extract) {
+          $found = 1;
+        }
+        else {
+          next;
+        }
+        # Newlines are valid base64 characters so use '' instead for \n
+        $decoded = MIME::Base64::encode($_, '');
+        print "$name,$ip  $decoded\n";
+        next;
+      }
     }
+    if (!$found) {
+      warn "Error: Agent $extract doesn't exist!\n";
+    }
+    seek FH,0,0;
   }
-  warn "Error: Agent ID $extractid doesn't exist!\n";
 }
 
 sub add_agent {
@@ -258,13 +318,27 @@ sub remove_agent {
   else {
     die "Error writing ".AUTH_KEY_FILE.": $!\n";
   }
+
+  my $key_found = 0;
+
   foreach my $line (@agent_array) {
-    if ($line !~ $removeid) {
+    my @split_line = split(/\s/,$line);
+
+    if ($split_line[0] ne $removeid) {
       print FHRW "$line";
     }
+    else {
+      my $rids_file = RIDS_PATH.$removeid;
+      $key_found = 1;
+      unlink $rids_file or warn "Could not remove rids file for Agent ID \'".$removeid."\'!\n";
+    }
   }
   close(FHRW);
-  exit 0;
+
+  if (!$key_found) {
+    die "Agent ID \'".$removeid."\' not found! Nothing removed.\n";
+  }
+  exit(0);
 }
 
 sub check_if_exists {
@@ -282,9 +356,11 @@ sub check_if_exists {
     while (<FH>) {
       chomp;
       my ($id, $name, $ip, $key) = split;
-      $rval = 1 if ($id == $newid && $rval == 0);
-      $rval = 2 if ($name eq $newname && $rval == 0); 
-      $rval = 3 if ($ip eq $newip && $rval == 0);
+      if(defined($key)) {
+        $rval = 1 if ($id == $newid && $rval == 0);
+        $rval = 2 if ($name eq $newname && $rval == 0); 
+        $rval = 3 if ($ip eq $newip && $rval == 0);
+      }
     }
     close(FH);
   }