Changeset 035c51f in nscp

Timestamp:

02/03/08 11:10:38 (5 years ago)

Author:

Michael Medin <michael@…>

Branches:

master, 0.4.0, 0.4.1, 0.4.2, stable

Children:

777180d

Parents:

52215d7

Message:

+ Added encryption subsystem to NSCA module (still no mcrypt support, but atleast you have "xor" and passwords)

Files:

• NSC.dist (modified) (3 diffs)
• changelog (modified) (1 diff)
• include/Socket.cpp (modified) (1 diff)
• include/Socket.h (modified) (1 diff)
• include/config.h (modified) (1 diff)
• modules/NSCAAgent/NSCAAgent-2005.vcproj (modified) (2 diffs)
• modules/NSCAAgent/NSCAThread.cpp (modified) (3 diffs)
• modules/NSCAAgent/NSCAThread.h (modified) (5 diffs)
• modules/NSCAAgent/nsca_enrypt.hpp (added)

NSC.dist

@@ -181 +181 @@
 ; real.ini
 
+
 [NSCA Agent]
 ;# CHECK INTERVALL (in seconds)
 ;   How often we should run the checks and submit the results.
-interval=5
+;interval=5
 ;
 ;# ENCRYPTION METHOD
@@ -196 +197 @@
 ; Values:
 ; 0 = None  (Do NOT use this option)
-; -- only 0 is supported as of now, but will change in the future --
-;encryption_method=0
+; 1 = Simple XOR  (No security, just obfuscation, but very fast)
+; (no MCRYPT yet, but soon...)
+;encryption_method=1
+;
+;# ENCRYPTION PASSWORD
+;  This is the password/passphrase that should be used to encrypt the sent packets. 
+;password=
 ;
 ;# BIND TO ADDRESS
 ;  Allows you to bind server to a specific local address. This has to be a dotted ip adress not a hostname.
 ;  Leaving this blank will bind to "one" local interface.
-; -- not supported as of now --
 ;bind_to_address=
 ;
@@ -212 +217 @@
 ;  The port to the nagios server to submit results to.
 ;nsca_port=5667
-
-; The checks to run everytime we submit results back to nagios
+;
+
+;# CHECK COMMAND LIST
+;  The checks to run everytime we submit results back to nagios
 ;
 [NSCA Commands]
 my_cpu_check=checkCPU warn=80 crit=90 time=20m time=10s time=4
 my_mem_check=checkMem MaxWarn=80% MaxCrit=90% ShowAll type=page
-my_svc_check=checkServiceState CheckAll
+my_svc_check=checkServiceState CheckAll exclude=wampmysqld exclude=MpfService

changelog

@@ -5 +5 @@
  * Add module for relaying events
  * Add API for rehashing the daemon (or implement it the API is there but does nothing)
+
+2008-02-03 MickeM
+ + Added encryption subsystem to NSCA module (still no mcrypt support, but atleast you have "xor")
 
 2008-02-02 MickeM

include/Socket.cpp

@@ -42 +42 @@
   char *tmpBuffer = new char[tmpBufferLength+1];
   int n=recv(socket_,tmpBuffer,tmpBufferLength,0);
-  std::wcout << _T("read: ") << n << std::endl;
+  //std::wcout << _T("read: ") << n << std::endl;
   while ((n!=SOCKET_ERROR )&&(n!=0)) {
     if (n == tmpBufferLength) {

include/Socket.h

@@ -137 +137 @@
       length_ = length;
       buffer_[length_] = 0;
+    }
+    std::wstring toString() {
+      std::wstringstream ss;
+      for (unsigned int i =0;i<length_;i++) {
+        if (i%64==0) {
+          ss << std::endl;
+        }
+        if (buffer_[i] < 30 || buffer_[i] > 'z')
+          ss << _T(" ");
+        else
+          ss << buffer_[i];
+      }
+      return ss.str();
     }
   };

include/config.h

@@ -142 +142 @@
 #define NSCA_PORT _T("nsca_port")
 #define NSCA_PORT_DEFAULT 5667
+#define NSCA_ENCRYPTION _T("encryption_method")
+#define NSCA_ENCRYPTION_DEFAULT 1
+#define NSCA_PASSWORD _T("password")
+#define NSCA_PASSWORD_DEFAULT _T("")
 
 #define C_SYSTEM_SVC_ALL_0 _T("check_all_services[SERVICE_BOOT_START]")

modules/NSCAAgent/NSCAAgent-2005.vcproj

@@ -70 +70 @@
         Name="VCLinkerTool"
         AdditionalDependencies="ws2_32.lib"
-        OutputFile="$(OutDir)\$(ProjectName).dll"
+        OutputFile="../../Debug/modules/$(ProjectName).dll"
         LinkIncremental="2"
         ModuleDefinitionFile="NSCAAgent.def"
@@ -1901 +1901 @@
       <File
         RelativePath="..\..\include\error.hpp"
+        >
+      </File>
+      <File
+        RelativePath=".\nsca_enrypt.hpp"
         >
       </File>

modules/NSCAAgent/NSCAThread.cpp

@@ -27 +27 @@
   host_ = NSCModuleHelper::getSettingsString(NSCA_AGENT_SECTION_TITLE, NSCA_HOSTNAME, NSCA_HOSTNAME_DEFAULT);
   port_ = NSCModuleHelper::getSettingsInt(NSCA_AGENT_SECTION_TITLE, NSCA_PORT, NSCA_PORT_DEFAULT);
+  encryption_method_ = NSCModuleHelper::getSettingsInt(NSCA_AGENT_SECTION_TITLE, NSCA_ENCRYPTION, NSCA_ENCRYPTION_DEFAULT);
+  password_ = strEx::wstring_to_string(NSCModuleHelper::getSettingsString(NSCA_AGENT_SECTION_TITLE, NSCA_PASSWORD, NSCA_PASSWORD_DEFAULT));
   std::list<std::wstring> items = NSCModuleHelper::getSettingsSection(NSCA_CMD_SECTION_TITLE);
   for (std::list<std::wstring>::const_iterator cit = items.begin(); cit != items.end(); ++cit) {
@@ -100 +102 @@
         results.push_back((*cit).execute(host_));
       }
-
       send(results);
-
       _time64( &stop );
       __int64 elapsed = stop-start;
@@ -129 +129 @@
 }
 void NSCAThread::send(const std::list<Command::Result> &results) {
-  NSC_LOG_MESSAGE_STD(_T(">>> Attempting to send results..."));
-  simpleSocket::Socket socket(true);
-  simpleSocket::DataBuffer inc;
-  if (socket.connect(host_, port_) == SOCKET_ERROR) {
-    NSC_LOG_MESSAGE_STD(_T("<<< Could not connect to: ") + host_ + strEx::itos(port_));
+  try {
+    nsca_encrypt crypt_inst;
+    simpleSocket::Socket socket(true);
+    simpleSocket::DataBuffer inc;
+    if (socket.connect(host_, port_) == SOCKET_ERROR) {
+      NSC_LOG_ERROR_STD(_T("<<< Could not connect to: ") + host_ + strEx::itos(port_));
+      return;
+    }
+    if (!socket.readAll(inc, sizeof(NSCAPacket::init_packet_struct), sizeof(NSCAPacket::init_packet_struct))) {
+      NSC_LOG_ERROR_STD(_T("<<< Failed to read header: ") + host_ + strEx::itos(port_));
+      return;
+    }
+    NSCAPacket::init_packet_struct *packet_in = (NSCAPacket::init_packet_struct*) inc.getBuffer();
+    try {
+      crypt_inst.encrypt_init(password_.c_str(),encryption_method_,packet_in->iv);
+    } catch (nsca_encrypt::exception &e) {
+      NSC_LOG_ERROR_STD(_T("<<< Failed to initalize encryption header: ") + e.getMessage());
+      return;
+    } catch (...) {
+      NSC_LOG_ERROR_STD(_T("<<< Failed to initalize encryption header!"));
+      return;
+    }
+
+    try {
+      for (std::list<Command::Result>::const_iterator cit = results.begin(); cit != results.end(); ++cit) {
+        //NSC_DEBUG_MSG_STD(_T("Sending : ") + (*cit).toString());
+        socket.send((*cit).getBuffer(crypt_inst));
+      }
+    } catch (nsca_encrypt::exception &e) {
+      NSC_LOG_ERROR_STD(_T("<<< Failed to encrypt packet: ") + e.getMessage());
+      return;
+    } catch (...) {
+      NSC_LOG_ERROR_STD(_T("<<< Failed to encrypt packet!"));
+      return;
+    }
+    socket.close();
+  } catch (...) {
+    NSC_LOG_ERROR_STD(_T("<<< Failed to initalize encryption header!"));
     return;
   }
-  NSC_DEBUG_MSG_STD(_T("... Connected, attempting to read: ") + strEx::itos(sizeof(NSCAPacket::init_packet_struct)));
-  if (!socket.readAll(inc, sizeof(NSCAPacket::init_packet_struct), sizeof(NSCAPacket::init_packet_struct))) {
-    NSC_LOG_MESSAGE_STD(_T("<<< Failed to read header: ") + host_ + strEx::itos(port_));
-    return;
-  }
-  NSC_DEBUG_MSG_STD(_T("... Read..."));
-  NSCAPacket::init_packet_struct *packet_in = (NSCAPacket::init_packet_struct*) inc.getBuffer();
-  NSC_LOG_MESSAGE_STD(_T("Read: ") + strEx::format_date(packet_in->timestamp));
-  for (std::list<Command::Result>::const_iterator cit = results.begin(); cit != results.end(); ++cit) {
-    NSC_LOG_MESSAGE_STD(_T("Sending : ") + (*cit).toString());
-    socket.send((*cit).getBuffer());
-  }
-  NSC_DEBUG_MSG_STD(_T("... Done..."));
-  socket.close();
-  NSC_LOG_MESSAGE_STD(_T("<<< Attempting to send results..."));
 }
 

modules/NSCAAgent/NSCAThread.h

@@ -25 +25 @@
 #include <arrayBuffer.h>
 #include <Socket.h>
+#include "nsca_enrypt.hpp"
 
 /**
@@ -139 +140 @@
     Result(std::wstring _host) : host(_host){
       _time32(&time);
-      time+=60*60 + 2*60;
+      //time+=60*60 + 2*60;
     }
     std::wstring service;
@@ -153 +154 @@
     }
 
-    simpleSocket::DataBuffer getBuffer() const {
+    simpleSocket::DataBuffer getBuffer(nsca_encrypt &crypt_inst) const {
       std::string s = strEx::wstring_to_string(service);
       std::string r = strEx::wstring_to_string(result);
@@ -170 +171 @@
       unsigned int calculated_crc32=calculate_crc32(reinterpret_cast<char*>(&data),sizeof(data));
       data.crc32_value=static_cast<NSCAPacket::u_int32_t>(htonl(calculated_crc32));
-
-      return simpleSocket::DataBuffer(reinterpret_cast<char*>(&data),sizeof(data));
+      char * buffer = reinterpret_cast<char*>(&data);
+      crypt_inst.encrypt_buffer(buffer, sizeof(data));
+      return simpleSocket::DataBuffer(buffer,sizeof(data));
     }
 
@@ -207 +209 @@
   std::wstring host_;
   unsigned int port_;
+  std::string password_;
+  int encryption_method_;
 
 public: