#!/usr/bin/perl # Copyright Andrew Gavin 2009-2012 # # This file is part of OpenDLP. # # OpenDLP is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # OpenDLP is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # You should have received a copy of the GNU General Public License # along with OpenDLP. If not, see . use CGI qw/:standard/; use DBI; use Filesys::SmbClient; use POSIX ":sys_wait_h"; use Proc::Queue; my $version = get_version(); my $is_valid = 1; my $MAX_LENGTH_PROFILE = 64; my $MAX_LENGTH_SCAN = 64; my $MAX_LENGTH_URL = 256; my $MAX_CONCURRENT = 50; my $db_admin_file = "../etc/db_admin"; my $sc_path = "../../bin/sc.exe"; my $db_bin_file = "../../bin/db.pl"; my $agentless_bin_file = "../../bin/agentless.pl"; my $agentless_unix_file = "../../bin/agentless-unix.pl"; my $OpenDLPz_path = "../../bin/OpenDLPz.exe"; my $client_pem_path = "../../bin/client.pem"; my $server_pem_path = "../../bin/server.pem"; my( $scanname, $profile, $systems ) = ""; my( $db_username, $db_password ) = ""; my $scantype = ""; open( DB, $db_admin_file ); my $db_line = ; close( DB ); chomp $db_line; ($db_username, $db_password) = split( ":", $db_line ); header(); if( request_method() ne "POST" ) { $is_valid = 0; print "Only POST requests are allowed. Try starting here.
\n"; } foreach $p (param()) { $form{$p} = param($p); if( $p eq "scanname" ) { $scanname = $form{$p}; if( length( $scanname ) > $MAX_LENGTH_SCAN ) { $is_valid = 0; print "Scan name is too long. Limit it to $MAX_LENGTH_SCAN characters.

\n"; } if( $scanname !~ /^[a-z0-9\ \,\.\-\_]+$/i ) { $is_valid = 0; print "Scan name can only contain the following characters, including whitespace: A-Z0-9,.-_

\n"; } my $dbh = DBI->connect("DBI:mysql:database=OpenDLP;host=localhost",$db_username,$db_password); my $string = "SELECT scan from systems where scan=?"; my $sth = $dbh->prepare( $string ); $sth->execute( $scanname ); my $results = $sth->fetchrow_arrayref(); if( $$results[0] ne "" ) { $is_valid = 0; print "A scan with the same name already exists. Choose a unique scan name.

\n"; } $sth->finish(); $dbh->disconnect(); } if( $p eq "profile" ) { $profile = $form{$p}; if( length( $profile ) > $MAX_LENGTH_PROFILE ) { $is_valid = 0; print "Profile is too long. Limit it to $MAX_LENGTH_SCAN characters.

\n"; } if( $profile !~ /^[a-z0-9\ \,\.\-\_]+$/i ) { $is_valid = 0; print "Profile can only contain the following characters, including whitespace: A-Z0-9,.-_

\n"; } } if( $p eq "systems" ) { $systems = $form{$p}; my @system_temp = split( "\n", $systems ); foreach my $system( @system_temp ) { $system =~ s/\r$//g; $system =~ s/\n$//g; chomp $system; if( $system eq "" ) { $is_valid = 0; print "\"Systems to scan\" has stray newline character.

\n"; } } } } if( $is_valid ) { my $dbh = DBI->connect("DBI:mysql:database=OpenDLP;host=localhost",$db_username,$db_password); my $string = "SELECT username,password,domain,exts,ignore_exts,dirs,ignore_dirs,regex,path,phonehomeurl,phonehomeuser,phonehomepass,delaytime,description,debug,concurrent,creditcards,zipfiles,memory,hash,ignore_dbs,dbs,ignore_tables,tables,ignore_columns,columns,rows,scantype from profiles where profile=?;"; my $sth = $dbh->prepare( $string ); $sth->execute( $profile ); my $results = $sth->fetchrow_arrayref(); my $username = $$results[0]; my $password = $$results[1]; my $domain = $$results[2]; my $exts = $$results[3]; my $ignore_exts = $$results[4]; my $dirs = $$results[5]; my $ignore_dirs = $$results[6]; my $regexes = $$results[7]; my $path = $$results[8]; my $phonehomeurl = $$results[9]; my $phonehomeuser = $$results[10]; my $phonehomepass = $$results[11]; my $delaytime = $$results[12]; my $description = $$results[13]; my $debug = $$results[14]; my $concurrent = $$results[15]; my $creditcards = $$results[16]; my $zipfiles = $$results[17]; my $memory = $$results[18]; my $smbhash = $$results[19]; my $ignore_dbs = $$results[20]; my $dbs = $$results[21]; my $ignore_tables = $$results[22]; my $tables = $$results[23]; my $ignore_columns = $$results[24]; my $columns = $$results[25]; my $rows = $$results[26]; my $scantype = $$results[27]; if( $username eq "" && $scantype != "win_share" ) { print "Username cannot be blank

\n"; $is_valid = 0; } if( $regexes eq "" ) { print "No regular expressions selected

\n"; $is_valid = 0; } if( $debug !~ /^(0|1|2|3)$/ ) { print "Log verbosity must be 0, 1, 2 or 3

\n"; } if( $scantype eq "unix_agentless" ) { my @system_temp = split( "\n", $systems ); foreach my $system( @system_temp ) { $system =~ s/\r$//g; $system =~ s/\n$//g; chomp $system; if( $system !~ /^[A-Z0-9\.\-\_]+$/i ) { $is_valid = 0; print "\"Systems to scan\" has an invalid character.

\n"; } } } if( $scantype =~ /^mysql_agentless$/ ) { my @system_temp = split( "\n", $systems ); foreach my $system( @system_temp ) { $system =~ s/\r$//g; $system =~ s/\n$//g; chomp $system; if( $system !~ /^[A-Z0-9\.\-\_]+$/i ) { $is_valid = 0; print "\"Systems to scan\" has an invalid character.

\n"; } } } if( $scantype =~ /^mssql_agentless$/ ) { my @system_temp = split( "\n", $systems ); foreach my $system( @system_temp ) { $system =~ s/\r$//g; $system =~ s/\n$//g; chomp $system; if( $system !~ /^[A-Z0-9\.\-\_\\]+$/i ) { $is_valid = 0; print "\"Systems to scan\" has an invalid character.

\n"; } } } if( $scantype =~ /^oracle_agentless$/ ) { my @system_temp = split( "\n", $systems ); foreach my $system( @system_temp ) { $system =~ s/\r$//g; $system =~ s/\n$//g; chomp $system; if( $system !~ /^[A-Z0-9\.\-\_\/:]+$/i ) { $is_valid = 0; print "\"Systems to scan\" has an invalid character.

\n"; } } } if( $scantype eq "win_agent" ) { if( $domain eq "" ) { print "Domain cannot be blank

\n"; $is_valid = 0; } if( $path eq "" ) { print "Path cannot be blank

\n"; $is_valid = 0; } if( $phonehomeurl eq "" ) { print "Phone home URL cannot be blank

\n"; $is_valid = 0; } if( $delaytime eq "" ) { print "Delay time cannot be blank

\n"; $is_valid = 0; } if( $domain !~ /^[A-Z0-9\-_]+$/i ) { print "Windows domain can only contain alphanumeric, dash, and underscore characters

\n"; $is_valid = 0; } if( $username =~ /\"\/\\\[\]\:\;\|\=\,\+\*\?\<\>/ ) { print "Username contains illegal characters

\n"; $is_valid = 0; } if( $memory != .01 && $memory != .02 && $memory != .05 && $memory != .1 && $memory != .15 && $memory != .2 && $memory != .25 ) { print "Invalid memory limitation. It must be 1%, 2%, 5%, 10%, 15%, 20%, or 25%.

\n"; $is_valid = 0; } my @system_temp = split( "\n", $systems ); foreach my $system( @system_temp ) { $system =~ s/\r$//g; $system =~ s/\n$//g; chomp $system; if( $system !~ /^[A-Z0-9\.\-\_]+$/i ) { $is_valid = 0; print "\"Systems to scan\" has an invalid character.

\n"; } } } if( $scantype eq "win_agentless" ) { if( $domain eq "" ) { print "Domain cannot be blank

\n"; $is_valid = 0; } if( $domain !~ /^[A-Z0-9\-_]+$/i ) { print "Windows domain can only contain alphanumeric, dash, and underscore characters

\n"; $is_valid = 0; } if( $username =~ /\"\/\\\[\]\:\;\|\=\,\+\*\?\<\>/ ) { print "Username contains illegal characters

\n"; $is_valid = 0; } if( $memory != .01 && $memory != .02 && $memory != .05 && $memory != .1 && $memory != .15 && $memory != .2 && $memory != .25 ) { print "Invalid memory limitation. It must be 1%, 2%, 5%, 10%, 15%, 20%, or 25%.

\n"; $is_valid = 0; } my @system_temp = split( "\n", $systems ); foreach my $system( @system_temp ) { $system =~ s/\r$//g; $system =~ s/\n$//g; chomp $system; if( $system !~ /^[A-Z0-9\.\-\_]+$/i ) { $is_valid = 0; print "\"Systems to scan\" has an invalid character.

\n"; } } } if( $scantype eq "win_share" ) { if( $username =~ /\"\/\\\[\]\:\;\|\=\,\+\*\?\<\>/ ) { print "Username contains illegal characters

\n"; $is_valid = 0; } if( $memory != .01 && $memory != .02 && $memory != .05 && $memory != .1 && $memory != .15 && $memory != .2 && $memory != .25 ) { print "Invalid memory limitation. It must be 1%, 2%, 5%, 10%, 15%, 20%, or 25%.

\n"; $is_valid = 0; } foreach my $system( @system_temp ) { $system =~ s/\r$//g; $system =~ s/\n$//g; chomp $system; # invalid characters for Windows shares are: " / \ [ ] : | < > + ; , ? * = if( $system !~ /^[A-Z0-9\.\-\_\!\@\#\$\%\^\&\(\)\`\~\{\}\\\'\ ]+$/i ) { $is_valid = 0; print "\"Systems to scan\" has an invalid character. Shares cannot contain the following characters for their folder names: \" / \ [ ] : | < > + ; , ? * =

\n"; } } } if( $is_valid ) { if( $scantype eq "win_agent" ) { print "Deploying a Windows Agent Filesystem Scan

\n"; print "
Do not close or leave this window until all scanners are deployed!


\n"; print "
General scan information
\n"; print "Scan name: $scanname
\n"; print "Profile: $profile
\n"; print "Systems: $systems
\n"; print "Concurrent: $concurrent
\n"; print "


\n"; my $config = "# Scan name\n"; $config .= "scan=$scanname\n"; $config .= "\n# Profile name\n"; $config .= "profile=$profile\n"; # config file - extensions $config .= "\n# Ignore certain extensions? Valid options are:\n"; $config .= "# everything - scan all files regardless of extension\n"; $config .= "# ignore - ignore files ending in the following extensions\n"; $config .= "# allow - only look at files ending in the following extensions\n"; $config .= "ext_opt=$ignore_exts\n"; my @extensions = split( "\n", $exts ); foreach my $blah( @extensions ) { $blah =~ s/\n$//g; $blah =~ s/\r$//g; $config .= "ext=$blah\n"; } # config file - directories $config .= "\n# Ignore certain directories? Valid options are:\n"; $config .= "# everything - scan all directories\n"; $config .= "# ignore - ignore the following directories\n"; $config .= "# allow - only scan the following directories\n"; $config .= "dir_opt=$ignore_dirs\n"; my @directories = split( "\n", $dirs ); foreach my $blah( @directories ) { $blah =~ s/\n$//g; $blah =~ s/\r$//g; $config .= "dir=$blah\n"; } # config file - regexes $config .= "\n# Use the following regular expressions\n"; my @regex_array = split( ",", $regexes ); foreach my $regex_item( @regex_array ) { my $string = "SELECT name,pattern FROM regexes WHERE number=?;"; $sth = $dbh->prepare( $string ); $sth->execute( $regex_item ); $results = $sth->fetchrow_arrayref(); $config .= "regex=$$results[0]:$$results[1]\n"; } # config file - credit card regexes for mod10 checks $config .= "\n# This is used so the OpenDLP agent knows which regexes are credit card numbers.\n"; $config .= "# Knowing this, the OpenDLP agent will perform further checks on these potential matches\n"; $config .= "# to determine if they are valid credit card numbers.\n"; my @ccs = split( "\n", $creditcards ); foreach my $blah( @ccs ) { $blah =~ s/\n$//g; $blah =~ s/\r$//g; $config .= "creditcard=$blah\n"; } # config file - zip file extensions $config .= "\n# These file extensions tell OpenDLP to process the files as ZIPs.\n"; my @zips = split( "\n", $zipfiles ); foreach my $blah( @zips ) { $blah =~ s/\n$//g; $blah =~ s/\r$//g; $config .= "zipfile=$blah\n"; } # config file - misc $config .= "\n# This is the duration to wait before uploading new results to the web server.\n"; $config .= "wait=$delaytime\n"; $config .= "\n# This is the location where to upload scan data.\n"; $config .= "uploadurl=$phonehomeurl\n"; $config .= "\n# This is the username for the upload URL.\n"; $config .= "urluser=$phonehomeuser\n"; $config .= "\n# This is the password for the upload URL.\n"; $config .= "urlpass=$phonehomepass\n"; $config .= "\n# This is the setting that controls the verbosity of logs.\n"; $config .= "debug=$debug\n"; $config .= "\n# This is the maximum percent of available memory to use for processing files.\n"; $config .= "# If a file is greater than this, it will be split into chunks.\n"; $config .= "memory=$memory\n"; # If smbhash is not blank, set the environment variable SMBHASH # to hold the value that will be passed to the host my $smb = ""; if( $smbhash ne "" ) { $ENV{'SMBHASH'} = $smbhash; $smb = new Filesys::SmbClient( username => $username, workgroup => $domain ); } else { $smb = new Filesys::SmbClient( username => $username, password => $password, workgroup => $domain, ); } my @list_of_systems = split( "\n", $systems ); my $length_of_systems = @list_of_systems; Proc::Queue::size($concurrent); foreach my $system( @list_of_systems ) { $system =~ s/\r$//g; $system =~ s/\n$//g; $length_of_systems--; my $f = fork; if( defined ($f) and $f == 0 ) { print "$system: Trying to deploy ($length_of_systems systems remain in queue)
\n"; my $printme = ""; # stat installation directory my @directories = split( /\\/, $path ); my $built_dir = "smb://$system/" . substr($directories[0],0,1 ) . "\$/"; my $length_directories = @directories; my $x = ""; my $fd = ""; for( $x = 1; $x < $length_directories; $x++ ) { $built_dir .= $directories[$x] . "/"; } # only create the directory if it does not exist # OpenDLP will recursively delete the directory when all scanning is done # If users use "c:\windows" as the install directory, this would be a # very bad thing my @stat_smb = $smb->stat( $built_dir ); if( $#stat_smb == 0 ) { # build installation directory if it does not exist my $built_dir = "smb://$system/" . substr($directories[0],0,1 ) . "\$/"; my $length_directories = @directories; my $x = ""; my $fd = ""; for( $x = 1; $x < $length_directories; $x++ ) { $built_dir .= $directories[$x] . "/"; if( ($smb->mkdir( $built_dir, '0600' )) == 0 ) { $printme .= $! . "
\n"; } } } else { print "$system: Directory already exists, terminating deployment and scan attempt
\n"; exit(0); } # copy config.ini to installation directory my $file = $built_dir . "config.ini"; my @stat_smb = $smb->stat( $file ); my $tracker = ""; if( $#stat_smb == 0 ) { my $fd = $smb->open( ">$file", 0600 ); my $config_copy = $config; $config_copy .= "\n# Random string used for host tracking purposes.\n"; $config_copy .= "tracker="; my @chars = ( 'A'..'F','0'..'9' ); foreach( 1..32 ) { my $rand_char = $chars[rand @chars]; $config_copy .= $rand_char; $tracker .= $rand_char; } if( ($smb->write( $fd, $config_copy )) < 0 ) { $printme .= $! . "
\n"; } $smb->close($fd); $printme .= ">>> Copied config.ini file
\n"; } else { $printme .= ">>> File \"$file\" already exists. The original file was left untouched and nothing was copied. Perhaps a scan is already running on this system?
\n"; } # to be safe, copy sc.exe to installation directory my $file = $built_dir . "sc.exe"; my @stat_smb = $smb->stat( $file ); if( $#stat_smb == 0 ) { my $fd = $smb->open( ">$file", 0600 ); my @stat_info = stat( $sc_path ); my $sc_filesize = $stat_info[7]; open( SC, $sc_path ); binmode( SC ); my $sc_file = ""; read( SC, $sc_file, $sc_filesize ); if( ($smb->write( $fd, $sc_file )) < 0 ) { $printme .= $! . "
\n"; } if($fd) { $smb->close( $fd ); } $printme .= ">>> Copied sc.exe file
\n"; } else { $printme .= "File \"$file\" already exists. The original file was left untouched and nothing was copied. Perhaps a scan is already running on this system?
\n"; } # copy self-extracting zip file with OpenDLP and DLLs to installation directory my $file = $built_dir . "OpenDLPz.exe"; my @stat_smb = $smb->stat( $file ); if( $#stat_smb == 0 ) { my $fd = $smb->open( ">$file", 0600 ); my @stat_info = stat( $OpenDLPz_path ); my $OpenDLPz_filesize = $stat_info[7]; open( OpenDLPz, $OpenDLPz_path ); binmode( OpenDLPz ); my $OpenDLPz_file = ""; read( OpenDLPz, $OpenDLPz_file, $OpenDLPz_filesize ); if( ($smb->write( $fd, $OpenDLPz_file )) < 0 ) { $printme .= $! . "
\n"; } if($fd) { $smb->close( $fd ); } $printme .= ">>> Copied OpenDLPz.exe file
\n"; } else { $printme .= "File \"$file\" already exists. The original file was left untouched and nothing was copied. Perhaps a scan is already running on this system?
\n"; } # copy client.pem my $file = $built_dir . "client.pem"; my @stat_smb = $smb->stat( $file ); if( $#stat_smb == 0 ) { my $fd = $smb->open( ">$file", 0600 ); my @stat_info = stat( $client_pem_path ); my $client_pem_filesize = $stat_info[7]; open( client_pem, $client_pem_path ); binmode( client_pem ); my $client_pem_file = ""; read( client_pem, $client_pem_file, $client_pem_filesize ); if( ($smb->write( $fd, $client_pem_file )) < 0 ) { print $! . "
\n"; } if($fd) { $smb->close( $fd ); } $printme .= ">>> Copied client.pem file
\n"; } else { $printme .= ">>> File \"$file\" already exists. The original file was left untouched and nothing was copied. Perhaps a scan is already running on this system?
\n"; } # copy server.pem my $file = $built_dir . "server.pem"; my @stat_smb = $smb->stat( $file ); if( $#stat_smb == 0 ) { my $fd = $smb->open( ">$file", 0600 ); my @stat_info = stat( $server_pem_path ); my $server_pem_filesize = $stat_info[7]; open( server_pem, $server_pem_path ); binmode( server_pem ); my $server_pem_file = ""; read( server_pem, $server_pem_file, $server_pem_filesize ); if( ($smb->write( $fd, $server_pem_file )) < 0 ) { $printme .= $! . "
\n"; } if($fd) { $smb->close( $fd ); } $printme .= ">>> Copied server.pem file
\n"; } else { $printme .= ">>> File \"$file\" already exists. The original file was left untouched and nothing was copied. Perhaps a scan is already running on this system?
\n"; } my $escape_user = ""; my $length_user = length( $username ); my $x = 0; for( $x = 0; $x < $length_user; $x++ ) { $escape_user .= "\\" . substr( $username, $x, 1 ); } my $escape_pass = ""; my $length_pass = length( $password ); my $x = 0; for( $x = 0; $x < $length_pass; $x++ ) { $escape_pass .= "\\" . substr( $password, $x, 1 ); } # extract OpenDLPz.exe $printme .= ">>> Creating OpenDLP service
\n"; my $command = "winexe --user=\'$domain\'\\$escape_user --password=$escape_pass //$system \'\"$path\\OpenDLPz.exe\" x -y -o\"$path\"\'"; $output = `$command`; $output =~ s/\n/
/g; $printme .= $output; # create OpenDLP service (will use $description in future version) my $command = "winexe --user=\'$domain\'\\$escape_user --password=$escape_pass //$system \'\"$path\\sc.exe\" create OpenDLP binpath= \"$path\\OpenDLP.exe\" start= auto\'"; my $output = `$command`; $output =~ s/\n/
/g; $printme .= $output; # sleep a bit to allow Windows to regain normalcy sleep(3); # start OpenDLP service my $command = "winexe --user=\'$domain\'\\$escape_user --password=$escape_pass //$system \'\"$path\\sc.exe\" start OpenDLP\'"; my $output = `$command`; $output =~ s/\n/
/g; my $is_deployed = 0; if( $output =~ /START_PENDING/ ) { $is_deployed = 1; } $printme .= ">>> Starting OpenDLP service
\n"; $printme .= $output; # INSERT ip, updated, status, tracker, profile, scantype INTO systems; my $dbh2 = DBI->connect("DBI:mysql:database=OpenDLP;host=localhost",$db_username,$db_password); my $string = "INSERT into systems SET scan=?,domain=?,ip=?,status=?,updated=?,tracker=?,profile=?,control=?,scantype=?;"; my $sth2 = $dbh2->prepare( $string ); my $localtime = time(); $printme .= ">>> Populating database with system information
\n"; $sth2->execute( $scanname, $domain, $system, '-1', $localtime, $tracker, $profile, "running", $scantype ); $sth2->finish(); $dbh2->disconnect(); if( $is_deployed ) { print "$system: OpenDLP deployed and started
\n"; } else { print "$system: Possible error starting OpenDLP, check scan results when done deploying all agents here
\n"; } # print "
Deployment information for $system
$printme


"; exit(0); } 1 while waitpid(-1, WNOHANG) > 0; } } elsif( $scantype =~ /^(win_agentless)$/ ) { print "Deploying a Windows Agentless Filesystem Scan

\n"; print "
Do not close or leave this window until all scanners are deployed!


\n"; print "
General scan information
\n"; print "Scan name: $scanname
\n"; print "Profile: $profile
\n"; print "Systems: $systems
\n"; print "Concurrent: $concurrent
\n"; print "


\n"; my @list_of_systems = split( "\n", $systems ); my $length_of_systems = @list_of_systems; Proc::Queue::size($concurrent); foreach my $system( @list_of_systems ) { $system =~ s/\r$//g; $system =~ s/\n$//g; $length_of_systems--; my $f = fork; if( defined ($f) and $f == 0 ) { print "$system: Trying to deploy ($length_of_systems systems remain in queue)
\n"; my $tracker = ""; my @chars = ( 'A'..'F','0'..'9' ); foreach( 1..32 ) { my $rand_char = $chars[rand @chars]; $config_copy .= $rand_char; $tracker .= $rand_char; } `$agentless_bin_file \"$profile\" $system $tracker \"$scanname\" > /dev/null &`; print "$system: Child agentless scanning process started. Check logs for errors.
\n"; # INSERT ip, updated, status, profile, tracker, scantype INTO systems; my $dbh2 = DBI->connect("DBI:mysql:database=OpenDLP;host=localhost",$db_username,$db_password); my $string = "INSERT into systems SET scan=?,domain=?,ip=?,status=?,updated=?,tracker=?,profile=?,control=?,scantype=?;"; my $sth2 = $dbh2->prepare( $string ); my $localtime = time(); $printme .= ">>> Populating database with system information
\n"; $sth2->execute( $scanname, $domain, $system, '-1', $localtime, $tracker, $profile, "running", $scantype ); $sth2->finish(); $dbh2->disconnect(); exit(0); } 1 while waitpid(-1, WNOHANG) > 0; } } elsif( $scantype =~ /^(win_share)$/ ) { print "Deploying a Windows Share Scan

\n"; print "
Do not close or leave this window until all scanners are deployed!


\n"; print "
General scan information
\n"; print "Scan name: $scanname
\n"; print "Profile: $profile
\n"; my $systems_printme = $systems; $systems_printme = replacechars( $systems_printme ); print "Systems: $systems_printme
\n"; print "Concurrent: $concurrent
\n"; print "


\n"; my @list_of_systems = split( "\n", $systems ); my $length_of_systems = @list_of_systems; Proc::Queue::size($concurrent); foreach my $system( @list_of_systems ) { $system =~ s/\r$//g; $system =~ s/\n$//g; $length_of_systems--; my $f = fork; if( defined ($f) and $f == 0 ) { my $system_printme = $system; $system_printme = replacechars( $system_printme ); print "$system_printme: Trying to deploy ($length_of_systems systems remain in queue)
\n"; my $tracker = ""; my @chars = ( 'A'..'F','0'..'9' ); foreach( 1..32 ) { my $rand_char = $chars[rand @chars]; $config_copy .= $rand_char; $tracker .= $rand_char; } my $escape_system = ""; my $length_system = length( $system ); my $x = 0; for( $x = 0; $x < $length_system; $x++ ) { $escape_system .= "\\" . substr( $system, $x, 1 ); } `$agentless_bin_file \"$profile\" $escape_system $tracker \"$scanname\" > /dev/null &`; print "$system_printme: Child agentless scanning process started. Check logs for errors.
\n"; # INSERT ip, updated, status, profile, tracker, scantype INTO systems; my $dbh2 = DBI->connect("DBI:mysql:database=OpenDLP;host=localhost",$db_username,$db_password); my $string = "INSERT into systems SET scan=?,domain=?,ip=?,status=?,updated=?,tracker=?,profile=?,control=?,scantype=?;"; my $sth2 = $dbh2->prepare( $string ); my $localtime = time(); $printme .= ">>> Populating database with system information
\n"; $sth2->execute( $scanname, $domain, $system, '-1', $localtime, $tracker, $profile, "running", $scantype ); $sth2->finish(); $dbh2->disconnect(); exit(0); } 1 while waitpid(-1, WNOHANG) > 0; } } elsif( $scantype =~ /^(unix_agentless)$/ ) { print "Deploying a UNIX Agentless Filesystem Scan

\n"; print "
Do not close or leave this window until all scanners are deployed!


\n"; print "
General scan information
\n"; print "Scan name: $scanname
\n"; print "Profile: $profile
\n"; print "Systems: $systems
\n"; print "Concurrent: $concurrent
\n"; print "


\n"; my @list_of_systems = split( "\n", $systems ); my $length_of_systems = @list_of_systems; Proc::Queue::size($concurrent); foreach my $system( @list_of_systems ) { $system =~ s/\r$//g; $system =~ s/\n$//g; $length_of_systems--; my $f = fork; if( defined ($f) and $f == 0 ) { print "$system: Trying to deploy ($length_of_systems systems remain in queue)
\n"; my $tracker = ""; my @chars = ( 'A'..'F','0'..'9' ); foreach( 1..32 ) { my $rand_char = $chars[rand @chars]; $config_copy .= $rand_char; $tracker .= $rand_char; } `$agentless_unix_file \"$profile\" $system $tracker \"$scanname\" > /dev/null &`; print "$system: Child agentless scanning process started. Check logs for errors.
\n"; # INSERT ip, updated, status, profile, tracker, scantype INTO systems; my $dbh2 = DBI->connect("DBI:mysql:database=OpenDLP;host=localhost",$db_username,$db_password); my $string = "INSERT into systems SET scan=?,domain=?,ip=?,status=?,updated=?,tracker=?,profile=?,control=?,scantype=?;"; my $sth2 = $dbh2->prepare( $string ); my $localtime = time(); $printme .= ">>> Populating database with system information
\n"; $sth2->execute( $scanname, $domain, $system, '-1', $localtime, $tracker, $profile, "running", $scantype ); $sth2->finish(); $dbh2->disconnect(); exit(0); } 1 while waitpid(-1, WNOHANG) > 0; } } elsif( $scantype =~ /^(mssql_agentless|mysql_agentless|oracle_agentless)$/ ) { print "Deploying a Database Scan ($scantype)

\n"; print "
Do not close or leave this window until all scanners are deployed!


\n"; print "
General scan information
\n"; print "Scan name: $scanname
\n"; print "Profile: $profile
\n"; print "Systems: $systems
\n"; print "Concurrent: $concurrent
\n"; print "


\n"; my @list_of_systems = split( "\n", $systems ); my $length_of_systems = @list_of_systems; Proc::Queue::size($concurrent); foreach my $system( @list_of_systems ) { $system =~ s/\r$//g; $system =~ s/\n$//g; $length_of_systems--; my $f = fork; if( defined ($f) and $f == 0 ) { print "$system: Trying to deploy ($length_of_systems systems remain in queue)
\n"; my $tracker = ""; my @chars = ( 'A'..'F','0'..'9' ); foreach( 1..32 ) { my $rand_char = $chars[rand @chars]; $config_copy .= $rand_char; $tracker .= $rand_char; } `$db_bin_file \"$profile\" \"$system\" $tracker \"$scanname\" > /dev/null &`; print "$system: Child database scanning process started. Check logs for errors.
\n"; # INSERT ip, updated, status, profile, tracker, scantype INTO systems; my $dbh2 = DBI->connect("DBI:mysql:database=OpenDLP;host=localhost",$db_username,$db_password); my $string = "INSERT into systems SET scan=?,domain=?,ip=?,status=?,updated=?,tracker=?,profile=?,control=?,scantype=?;"; my $sth2 = $dbh2->prepare( $string ); my $localtime = time(); $printme .= ">>> Populating database with system information
\n"; $sth2->execute( $scanname, $domain, $system, '-1', $localtime, $tracker, $profile, "running", $scantype ); $sth2->finish(); $dbh2->disconnect(); exit(0); } 1 while waitpid(-1, WNOHANG) > 0; } } } else { print "Could not get profile information. Ensure the profile exists and try to deploy your scan again.

\n"; $is_valid = 0; } $sth->finish(); $dbh->disconnect(); } #footer(); sub header { print "Content-type: text/html\n\n"; print "\n\n"; print "OpenDLP $version\n"; print "\n"; print "\n"; print "\n"; print "\n"; print "\n"; print qq { }; print "\n"; print "\n"; print '
' . "\n"; } sub footer { print "
\n"; } sub get_version { open( V, "<../etc/version" ); my $v = ; close( V ); chomp $v; return $v; } sub replacechars { my $string = shift; $string =~ s/\&/\&/g; $string =~ s/\#/#/g; $string =~ s/"/"/g; $string =~ s/\%/%/g; $string =~ s/\'/'/g; $string =~ s/\////g; $string =~ s//>/g; $string =~ s/\[/[/g; $string =~ s/\\/\/g; $string =~ s/\]/]/g; $string =~ s/`/`/g; $string =~ s/{/{/g; $string =~ s/\|/|/g; $string =~ s/}/}/g; $string =~ s/\(/(/g; $string =~ s/\)/)/g; $string =~ s/\n//g; $string =~ s/\r//g; $string =~ s/\ / /g; return $string; }