#Triple D Consulting
#Network Attached Device Diagnostic System
#README File

Agent Name: portmon Agent
Agent Version: Version 2.1
Agent Author: David Blizard
Agent Date: 2003-May-26
Agent Purpose:
	Agent monitors open ports on any host for changes using the nmap command.

Agent How Does It work:
	User supplies hosts to monitor.

Agent History:
	Started as just agent to monitor new ports opening or closing on the localhost.
	Added functionality to monitor remote hosts and display them like net agent.
	Added state changes - errors once from port changes then updates. (mabye warn if within 24 hours)

Agent Installation Instructions:
	Place agent in the agents directory within the $BCNUHOME
	directory.  Add entry into $BCNUHOME/etc/agents

Agent call example:
	agent:portmon:::::host1 host2 host3:
eg.	agent:portmon:0-24:10:10:enabled:test1 test2:

Agent Operating Dependancies:
	Linux (Tested on Redhat 7.3 Linux kernel 2.4.18-3)

Agent Application Dependancies:
	nmap (tested with nmap-2.54BETA31-1)
	diff command
	BCNU v1.22

Features to add:
	- nothing right now
	
-----------------TESTING for version 2.0--------------------------

Tested by: Dustin and Dave
Date Tested: April 25, 2003

Testing platform: Redhat 7.3, nmap-2.54BETA31-1, BCNU v1.22, Linux kernel 2.4.18-3

Testing methodology: We tested by changing open ports by starting and stopping services 
to trigger the alerts.


Error conditions:

NMAP Command Failed -
Expected response: "WARNING - NMAP COMMAND FAILED" BCNU error message and stderr output
Actual response: "WARNING - NMAP COMMAND FAILED" BCNU error message and stderr output
Sample output:
"WARNING - NMAP COMMAND FAILED" BCNU error message

bash: nmap: command not found

Open Ports Changed -
Expected response: "error - error - open ports changed, change backed up" BCNU error message and output from diff command and state history
Actual response: "error - open ports changed, change backed up" BCNU error message and output from diff command and state history
Sample output:
"error - open ports changed, change backed up" BCNU message

4c4
 < (The 1596 ports scanned but not shown below are in state: closed)
 ---
 > (The 1594 ports scanned but not shown below are in state: closed)
 10a11,12
 > 5800/tcp   open        vnc-http                
 > 5900/tcp   open        vnc                     
 
 
 *****Open Ports Changed on Mon May 26 23:11:22 PDT 2003*****
 
 
 
 Starting nmap V. 3.00 ( www.insecure.org/nmap/ )
 Interesting ports on hal (192.168.0.2):
 (The 1596 ports scanned but not shown below are in state: closed)
 Port       State       Service
 135/tcp    open        loc-srv                 
 139/tcp    open        netbios-ssn             
 445/tcp    open        microsoft-ds            
 1025/tcp   open        NFS-or-IIS              
 5000/tcp   open        UPnP                    
 
 
 ***Portmon State History***
 
 Mon May 12 18:13:26 PDT 2003	/usr/local/bcnu/data/archive/portmon.May12-181326.hal.tgz
 
 Mon May 12 18:18:26 PDT 2003	/usr/local/bcnu/data/archive/portmon.May12-181826.hal.tgz


Diff Command Failed - No such file
Expected response: "error - diff command failed - No such file OK_PORTS_FILENAME" BCNU error message and stderr output
Actual response: "error - diff command failed - No such file OK_PORTS_FILENAME" BCNU error message and stderr output
Sample output:
error - diff command failed - No such file iptables
diff: iptables: No such file or directory

Unknown Diff Error
Expected response: "error - unknown error - diff command" BCNU error message and stderr output
Actual response: NOTE: did not test - occurs when diff returns an exit status other then 0,1,2
Sample output: NOTE: did not test - occurs when diff returns an exit status other then 0,1,2


Successful conditions:

Open Ports Unchanged -
Expected response: "ok - open ports unchanged" BCNU message and output from nmap and state history
Actual response: "ok - open ports unchanged" BCNU message and output from nmap and state  history
Sample output:
"ok - open ports unchanged" BCNU message

Starting nmap V. 3.00 ( www.insecure.org/nmap/ )
 Interesting ports on atlantis (127.0.0.1):
 (The 1592 ports scanned but not shown below are in state: closed)
 Port       State       Service
 21/tcp     open        ftp                     
 22/tcp     open        ssh                     
 25/tcp     open        smtp                    
 80/tcp     open        http                    
 111/tcp    open        sunrpc                  
 139/tcp    open        netbios-ssn             
 443/tcp    open        https                   
 825/tcp    open        unknown                 
 6666/tcp   open        irc-serv                
 
 
 ***PortMon State History***
 
 Mon May 26 08:07:01 PDT 2003	/usr/local/bcnu/data/archive/portmon.May26-080701.atlantis.tgz
 
 Mon May 26 12:11:21 PDT 2003	/usr/local/bcnu/data/archive/portmon.May26-121121.atlantis.tgz