#!/bin/sh # #NADDS Agent - http://nadds.drmadcow.net/ #Monitor for changes in open TCP/IP ports #Agent Author: David Blizard #Date: 2003-May-26 (V2.1) . /usr/local/bcnu/etc/bcnuenv . $BCNUHOME/agent/agent_head #setup file handles and variables DIFFILE=$BCNUTMP/${BCNUAGENT}.diff ERRFILE=$BCNUTMP/${BCNUAGENT}.err OK=0 if [ ! -d $BCNUHOME/data/${BCNUAGENT}-archive ] ;then mkdir -p $BCNUHOME/data/${BCNUAGENT}-archive 2>/dev/null fi for param in $BCNUPARAM do bcnu_param HOST=$p1 CURPORTS=$BCNUTMP/${BCNUAGENT}.$HOST.cur.ports OKPORTS=$BCNUHOME/data/${BCNUAGENT}-archive/${BCNUAGENT}.$HOST.ok.ports rm -f $CURPORTS $DIFFILE $ERRFILE 2>/dev/null nmap $HOST | sed '$d' > $CURPORTS 2>$ERRFILE if [ $? -ne 0 ] ;then BCNUMSG="$BCNU -M 'WARNING - NMAP COMMAND FAILED' -F $ERRFILE -E $BCNU_WARN -T $BCNUHOSTTYPE $BCNUHOST" bcnu_warn_send exit 1 fi if [ ! -f $OKPORTS ] ;then cp -f $CURPORTS $OKPORTS 2>/dev/null fi #compare original tables to current tables diff $CURPORTS $OKPORTS > $DIFFILE 2>$ERRFILE OK=$? #if tables differ report error otherwise ok if [ $OK -eq 0 ] ;then BCNUMSG="$BCNU -h $HOST -m 'ok - open ports unchanged' -f $CURPORTS -e $BCNU_OK -t $BCNUHOSTTYPE $BCNUHOST" bcnu_send elif [ $OK -eq 1 ] ;then #get timestamp for error log DATE=`date` TIMESTAMP=`date +%Y%m%d%H%M%S` #make bakup files BAKUP=${BCNUAGENT}.$TIMESTAMP.$HOST.bakup.ports TAR=${BCNUAGENT}.$TIMESTAMP.$HOST.tgz ARCHIVE=$BCNUHOME/data/${BCNUAGENT}-archive/$TAR #bakup old port config mv -f $OKPORTS $BCNUHOME/data/${BCNUAGENT}-archive/$BAKUP 2>/dev/null cd $BCNUHOME/data/${BCNUAGENT}-archive/ 2>/dev/null tar cfpz $TAR $BAKUP 2>/dev/null rm -f $BCNUHOME/data/${BCNUAGENT}-archive/$BAKUP 2>/dev/null #update port configuration nmap $HOST | sed '$d' > $OKPORTS 2>$ERRFILE #send error message echo -e "\n****Open Ports Changed on $DATE****\n\tchange backed up in $ARCHIVE\n\n****Current open ports****\n" >> $DIFFILE 2>/dev/null; cat $CURPORTS >> $DIFFILE 2>/dev/null; BCNUMSG="$BCNU -h $HOST -m 'error - open ports changed' -f $DIFFILE -e $BCNU_ERR -t $BCNUHOSTTYPE $BCNUHOST" bcnu_err_send elif [ $OK -eq 2 ] ;then BCNUMSG="$BCNU -m 'warning - diff command failed - No such file $OKPORTS' -f $ERRFILE -e $BCNU_WARN -t $BCNUHOSTTYPE $BCNUHOST" bcnu_warn_send else BCNUMSG="$BCNU - m 'warning - unknown error - diff command' -f $ERRFILE -e $BCNU_WARN -t $BCNUHOSTTYPE $BCNUHOST" bcnu_warn_send fi done