|
Security Oriented Managed Attributes
Overview
Soma is an in-house project to develop a network inventory product. Soma consists of a
dozen data collecting scripts which run from cron hourly or daily, dumping what they find
into a relational database. A manual effort associates ethernet switch port identifiers with
wall jack identifiers. On the front end, a Web reporting tool provides access to the results.
With Soma, we want to acquire a rough idea of what is attached to our network, along with whatever
tidbits of information we can easily acquire about these end-stations.
Soma's schema illustrates the data which Soma collects.
Soma is implemented using Perl for the data collecting scripts, PostGres for the database,
and Apache/PHP for the reporting front-end.
Data Collection
Typically, the data collecting scripts acquire a copy of our network's route table from a nearby
router and then walk through each route, probing each IP address and performing some function,
like querying its local NetBIOS name or querying its SNMP agent.
- gather-dns-name: pings each address, performing a DNS look-up on each node which answers
- gather-host-snmp: pings each address, performing an SNMP GET on sysDescr.0 and sysObjectID.0
on each node which answers
- gather-ipaddr-mac-port: dumps the CAM and ARP tables from the switches and routers
- gather-ldap-ou: for every NetBIOS machine name in Soma, queries
Active Directory domain controllers for the associated OU
- gather-netbios-name: pings each address, performing a NetBIOS name look-up on each node which
answers
- gather-nessus-vuln-all: performs a Nessus scan on each node
- gather-nmap-os-guess: pings each address, performing an Nmap
OS guess scan on each node which answers
- gather-wap-clients: dumps the MAC address/Dot11 Radio interface
table from each wireless access point
- wall-jack: imports an Excel spreadsheet containing switch-slot-port-walljack mappings
Most of the functional code behind Soma sits within a collection of modules.
- DBTools.pm contains wrappers around various DBI functions.
- Foundation.pm builds a framework which supports the data
collecting routines.
- HostTools.pm contains routines for asking localhost questions about
its IP configuration.
- LDAPTools.pm contains routines for connecting to LDAP servers.
- NetworkTools.pm contains routines related to walking an IP space
and performing an action on each address ... as well as routines for querying switches and routers
for various parameters.
- PingTools.pm contains various routines for emitting ICMP Echo packets.
- QueryHost.pm contains routines which send queries to hosts.
- QueryLDAP.pm contains routines for searching LDAP servers.
- ScanTools.pm contains wrappers around Nmap and Nessus.
- SNMPTools.pm contains wrappers around the net-snmp SNMP methods.
- SomaCrud.pm contains routines which accept data structures as input and
Create/Read/Update/Delete tables in Soma.
- SomaData.pm contains all the configuration information for Soma's
data-collecting persona.
- SomaQuery.pm contains routines for reading tables from Soma.
- Utilities.pm contains basic tools like logging and error-handling
routines.
DataBase
To create Soma's tables, I use the following import file:
soma-schema-v1.5.sql.
Reporting
Here are screen shots from the reporting front-end:
|
