vrr/ntopng
2
0
Fork 0
mirror of https://github.com/ntop/ntopng.git synced 2026-04-29 15:39:33 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Added fix for not changing state to the scan if ntop is terminated with shutdown

Browse source
This commit is contained in:
Luca Deri 2023-10-25 17:47:28 +02:00
parent d9714dc3c6
commit 86c44cde3f
2 changed files with 73 additions and 72 deletions
Download patch file Download diff file Expand all files Collapse all files

141
scripts/lua/modules/vulnerability_scan/vs_utils.lua
View file

@ -491,7 +491,7 @@ function vs_utils.cleanup_nmap_result(scan_result, scan_type)
return scan_result, num_open_ports, num_vulnerabilities, cve, udp_ports, tcp_ports
else
return "", 0, 0, 0, 0, 0
end
end
end
-- **********************************************************
@ -607,8 +607,8 @@ end
-- **********************************************************
-- Function to remove scanning host
local function remove_scanning_host(host_info)
-- Function to remove scanning host
local function remove_scanning_host(host_info)
local host_to_scan_hash_key = vs_utils.get_host_hash_key(host_info.host, host_info.scan_type)
ntop.delHashCache(host_in_scanning_hash_key,host_to_scan_hash_key)
end
@ -616,7 +616,7 @@ end
-- **********************************************************
-- Function to set the actual scanning host on a redis key
local function save_scanning_host(scan_info)
local function save_scanning_host(scan_info)
local host_to_scan_hash_key = vs_utils.get_host_hash_key(scan_info.host, scan_info.scan_type)
ntop.setHashCache(host_in_scanning_hash_key, host_to_scan_hash_key, json.encode(scan_info))
end
@ -637,7 +637,7 @@ end
-- **********************************************************
-- Function to update counters of periodically scan or scan all
-- Function to update counters of periodically scan or scan all
-- @param is_periodic (true -> is a periodic scan, false -> is a scan all)
local function update_periodicity_or_all_scan_info(is_periodic, new_item)
@ -657,10 +657,10 @@ local function update_periodicity_or_all_scan_info(is_periodic, new_item)
end
if (new_item.num_vulnerabilities_found ~= nil) then
if (info_json ~= {} and info_json.cves ~= nil) then
info_json.cves = tonumber(info_json.cves) + new_item.num_vulnerabilities_found
else
else
info_json.cves = 0
end
end
@ -669,29 +669,27 @@ local function update_periodicity_or_all_scan_info(is_periodic, new_item)
if (info_json ~= {} and info_json.udp_ports ~= nil) then
info_json.udp_ports = tonumber(info_json.udp_ports) + new_item.udp_ports
else
else
info_json.udp_ports = 0
end
end
if (new_item.tcp_ports ~= nil) then
if (info_json ~= {} and info_json.tcp_ports ~= nil) then
info_json.tcp_ports = tonumber(info_json.tcp_ports) + new_item.tcp_ports
else
else
info_json.tcp_ports = 0
end
end
if (info_json ~= {} and info_json.begin_epoch == nil) then
info_json.begin_epoch = os.time()
end
ntop.setCache(redis_info_key, json.encode(info_json))
end
end
-- **********************************************************
@ -750,10 +748,10 @@ function vs_utils.save_host_to_scan(scan_type, host, scan_result, last_scan_time
tprint("ALREADY PRESENT-> CHECKING DIFF")
end
local old_cve_no_score = {}
for _,cve in ipairs(old_data.cve) do
old_cve_no_score[#old_cve_no_score+1] = split(cve,"|")[1]
end
local old_cve_no_score = {}
for _,cve in ipairs(old_data.cve) do
old_cve_no_score[#old_cve_no_score+1] = split(cve,"|")[1]
end
local host_info_to_cache = check_differences(host, host_name,
scan_type,
@ -762,14 +760,14 @@ function vs_utils.save_host_to_scan(scan_type, host, scan_result, last_scan_time
ports = old_data.num_open_ports,
cve = old_cve_no_score,
tcp_ports = {num_ports = old_data.tcp_ports, ports = old_data.tcp_ports_list },
udp_ports = {num_ports = old_data.udp_ports, ports = old_data.udp_ports_list}
udp_ports = {num_ports = old_data.udp_ports, ports = old_data.udp_ports_list}
},
{
vulnerabilities = num_vulnerabilities_found,
ports = num_open_ports,
cve = cve,
tcp_ports = tcp_ports,
udp_ports = udp_ports
udp_ports = udp_ports
})
if host_info_to_cache then
ntop.rpushCache(scanned_hosts_changes_key, json.encode(host_info_to_cache))
@ -806,7 +804,6 @@ function vs_utils.save_host_to_scan(scan_type, host, scan_result, last_scan_time
}
if tcp_ports ~= nil then
new_item.tcp_ports = tcp_ports.num_ports
new_item.tcp_ports_list = tcp_ports.ports
end
@ -837,8 +834,6 @@ function vs_utils.save_host_to_scan(scan_type, host, scan_result, last_scan_time
if is_ok_last_scan == vs_utils.scan_status.ok then
new_item.is_ok_last_scan = vs_utils.scan_status.ok
end
end
if not isEmptyString(scan_frequency) then
@ -880,7 +875,7 @@ function vs_utils.save_host_to_scan(scan_type, host, scan_result, last_scan_time
-- edit case
ntop.setHashCache(host_to_scan_key, host_hash_key, json.encode(new_item))
else
result = 2 --aleready_present
result = 2 -- already_present
end
local counts = vs_utils.update_ts_counters()
@ -899,6 +894,8 @@ function vs_utils.save_host_to_scan(scan_type, host, scan_result, last_scan_time
return result, new_item.id
end
-- **********************************************************
function vs_utils.update_ts_counters()
local hosts_details = vs_utils.retrieve_hosts_to_scan()
@ -1003,40 +1000,40 @@ function vs_utils.notify_end_periodicity_or_all_scan(is_periodic, periodicity)
if (periodicity and periodicity == "1day") then
notification_message = i18n("hosts_stats.page_scan_hosts.email.periodicity_scan_1_day_ended", {
cves = format_num_for_email(cve_num,0),
udp_ports = format_num_for_email(udp_ports,1),
tcp_ports = format_num_for_email(tcp_ports,2),
url = getHttpHost() .. ntop.getHttpPrefix() .. "/lua/pro/reportng.lua?report_template=vs_result",
duration = duration_label
cves = format_num_for_email(cve_num,0),
udp_ports = format_num_for_email(udp_ports,1),
tcp_ports = format_num_for_email(tcp_ports,2),
url = getHttpHost() .. ntop.getHttpPrefix() .. "/lua/pro/reportng.lua?report_template=vs_result",
duration = duration_label
})
elseif (periodicity and periodicity == "1week") then
notification_message = i18n("hosts_stats.page_scan_hosts.email.periodicity_scan_1_week_ended", {
cves = format_num_for_email(cve_num,0),
udp_ports = format_num_for_email(udp_ports,1),
tcp_ports = format_num_for_email(tcp_ports,2),
url = getHttpHost() .. ntop.getHttpPrefix() .. "/lua/pro/reportng.lua?report_template=vs_result",
duration = duration_label
cves = format_num_for_email(cve_num,0),
udp_ports = format_num_for_email(udp_ports,1),
tcp_ports = format_num_for_email(tcp_ports,2),
url = getHttpHost() .. ntop.getHttpPrefix() .. "/lua/pro/reportng.lua?report_template=vs_result",
duration = duration_label
})
else
else
-- scan all case
notification_message = i18n("hosts_stats.page_scan_hosts.email.scan_all_ended", {
cves = format_num_for_email(cve_num,0),
udp_ports = format_num_for_email(udp_ports,1),
tcp_ports = format_num_for_email(tcp_ports,2),
url = getHttpHost() .. ntop.getHttpPrefix() .. "/lua/pro/reportng.lua?report_template=vs_result",
duration = duration_label
cves = format_num_for_email(cve_num,0),
udp_ports = format_num_for_email(udp_ports,1),
tcp_ports = format_num_for_email(tcp_ports,2),
url = getHttpHost() .. ntop.getHttpPrefix() .. "/lua/pro/reportng.lua?report_template=vs_result",
duration = duration_label
})
end
recipients.sendMessageByNotificationType({periodicity = periodicity, success=true, message = notification_message, title = title}, "vulnerability_scans")
ntop.setCache(info_redis_key,json.encode({
cves = 0,
udp_ports = 0,
tcp_ports = 0,
begin_epoch = 0
cves = 0,
udp_ports = 0,
tcp_ports = 0,
begin_epoch = 0
}))
@ -1337,7 +1334,7 @@ end
-- Function to exec single host scan
function vs_utils.scan_host(scan_type, host, ports, scan_id, use_coroutines)
if(ntop.isShuttingDown()) then return(false) end
if(use_coroutines == nil) then use_coroutines = false end
if debug_me then
@ -1360,7 +1357,7 @@ function vs_utils.scan_host(scan_type, host, ports, scan_id, use_coroutines)
end
if(ntop.isShuttingDown()) then return(false) end
vs_utils.set_status_scan(scan_type, host, ports_scan_param, id, nil,nil, vs_utils.scan_status.scanning)
-- Save on redis the scanning host to avoid inconsistent state on ntopng restarts
@ -1371,6 +1368,10 @@ function vs_utils.scan_host(scan_type, host, ports, scan_id, use_coroutines)
local scan_module = vs_utils.load_module(scan_type)
local now,result,duration,scan_result,num_open_ports,num_vulnerabilities_found, cve, udp_ports, tcp_ports = scan_module:scan_host(host, ports, use_coroutines)
if(ntop.isShuttingDown()) then
return false
end
if (udp_ports ~= nil) then
udp_ports = {ports = format_port_list_to_string(udp_ports), num_ports = #udp_ports}
end
@ -1378,22 +1379,22 @@ function vs_utils.scan_host(scan_type, host, ports, scan_id, use_coroutines)
if(tcp_ports ~= nil) then
tcp_ports = {ports = format_port_list_to_string(tcp_ports), num_ports = #tcp_ports}
end
if scan_result then
scan_result = vs_utils.scan_status.ok
ntop.incrCache(host_scannned_count_key)
end
if debug_me then
traceError(TRACE_NORMAL,TRACE_CONSOLE,"End scan Host ".. host .. ", result: " .. result .. "\n")
traceError(TRACE_NORMAL, TRACE_CONSOLE, "End scan Host ".. host .. ", result: " .. result .. "\n")
end
if (isAlreadyPresent({host= host, scan_type= scan_type})) then
vs_utils.save_host_to_scan(scan_type, host, result, now, duration, scan_result,
ports_scan_param, nil, num_open_ports, num_vulnerabilities_found, cve, scan_id, false, udp_ports, tcp_ports)
end
return true
end
@ -1438,12 +1439,12 @@ end
function vs_utils.schedule_all_hosts_scan()
local host_to_scan_list = vs_utils.retrieve_hosts_to_scan()
local is_scanning_almost_one = false
if #host_to_scan_list > 0 then
for _,scan_info in ipairs(host_to_scan_list) do
vs_utils.schedule_host_scan(scan_info.scan_type, scan_info.host, scan_info.ports, scan_info.id, false, true)
is_scanning_almost_one = true
is_scanning_almost_one = true
end
end
@ -1452,10 +1453,10 @@ function vs_utils.schedule_all_hosts_scan()
end
ntop.setCache(host_scan_all_info,json.encode({
cves = 0,
udp_ports = 0,
tcp_ports = 0,
begin_epoch = os.time()
cves = 0,
udp_ports = 0,
tcp_ports = 0,
begin_epoch = os.time()
}))
return true
@ -1488,12 +1489,12 @@ function vs_utils.schedule_periodic_scan(periodicity)
ntop.setCache(host_to_scan_periodicity_key , "1")
ntop.setCache(host_to_scan_periodicity_key.."type", periodicity)
ntop.setCache(host_periodic_scan_info , json.encode({
cves = 0,
udp_ports = 0,
tcp_ports = 0,
begin_epoch = os.time()
cves = 0,
udp_ports = 0,
tcp_ports = 0,
begin_epoch = os.time()
}))
end
@ -1508,7 +1509,7 @@ end
-- Process a single host scan request that has been queued
function vs_utils.process_oldest_scheduled_scan(use_coroutines)
if(ntop.isShuttingDown()) then return(false) end
local elem = ntop.lpopCache(host_scan_queue_key)
if((elem ~= nil) and (elem ~= "")) then
@ -1542,7 +1543,7 @@ end
function vs_utils.process_all_scheduled_scans(max_num_scans, use_coroutines)
local num = 0
local co = {}
if(max_num_scans == nil) then max_num_scans = 9999 end
if(debug_me) then traceError(TRACE_NORMAL, TRACE_CONSOLE, "Starting up to "..max_num_scans.." scans...") end
@ -1761,20 +1762,20 @@ end
function vs_utils.runCommand(scan_command, use_coroutines)
local result
local debug_me = false
if ntop.isWindows() then
local handle = io.popen(scan_command)
result = handle:read("*a")
handle:close()
else
if(debug_me) then traceError(TRACE_NORMAL, TRACE_CONSOLE, "Started " .. scan_command) end
if(use_coroutines) then
if(true) then
local job_id = ntop.execCmdAsync(scan_command)
result = nil
while((result == nil) and not(ntop.isShuttingDown())) do
coroutine.yield()
result = ntop.readResultCmdAsync(job_id)
@ -1801,12 +1802,12 @@ function vs_utils.nmap_scan_host(command, host_ip, ports, use_coroutines, module
if(ntop.isShuttingDown()) then
return nil
end
-- IPv6 check
if(string.contains(host_ip, ':')) then command = command .. " -6 " end
if(not(isEmptyString(ports))) then command = command .. " -p " .. ports end
scan_command = string.format("%s %s", command, host_ip)
if(debug_me) then traceError(TRACE_NORMAL, TRACE_CONSOLE, "Executing: "..scan_command.."\n") end