From f017d32860bdcec83fb001cb17cf08982997679d Mon Sep 17 00:00:00 2001 From: Moritz Kraus Date: Thu, 8 Sep 2016 16:59:53 +0200 Subject: [PATCH 1/5] added CiscoIPS Class --- Info.pm | 4 + Info/Layer7/CiscoIPS.pm | 218 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 222 insertions(+) create mode 100644 Info/Layer7/CiscoIPS.pm diff --git a/Info.pm b/Info.pm index f0676e14..fb501997 100644 --- a/Info.pm +++ b/Info.pm @@ -1912,6 +1912,10 @@ sub device_type { $objtype = 'SNMP::Info::Layer2::NWSS2300' if ( $desc =~ /^(Nortel\s)??Wireless\sSecurity\sSwitch\s23[568][012]\b/); + + # Cisco IPS, older version which doesn't report layer 3 functionality + $objtype = 'SNMP::Info::Layer7::CiscoIPS' + if ( $soid =~ /\.1\.3\.6\.1\.4\.1\.9\.1\.1545/i ); # Generic device classification based upon sysObjectID if ( defined($id) and $objtype eq 'SNMP::Info') { diff --git a/Info/Layer7/CiscoIPS.pm b/Info/Layer7/CiscoIPS.pm new file mode 100644 index 00000000..b00a8351 --- /dev/null +++ b/Info/Layer7/CiscoIPS.pm @@ -0,0 +1,218 @@ +# SNMP::Info::Layer::CiscoIPS +# $Id$ +# +# Copyright (c) 2013 Moe Kraus +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are met: +# +# * Redistributions of source code must retain the above copyright notice, +# this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# * Neither the name of the University of California, Santa Cruz nor the +# names of its contributors may be used to endorse or promote products +# derived from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" +# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE +# LIABLE FOR +# ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +# POSSIBILITY OF SUCH DAMAGE. + +package SNMP::Info::Layer7::CiscoIPS; + +use strict; +use warnings; +use Exporter; +use SNMP::Info::CiscoStats; +use SNMP::Info::Layer7; +use SNMP::Info::Entity; + +@SNMP::Info::Layer7::CiscoIPS::ISA = qw/ + SNMP::Info::CiscoStats + SNMP::Info::Layer7 + Exporter/; +@SNMP::Info::Layer7::CiscoIPS::EXPORT_OK = qw//; + +use vars qw/$VERSION %GLOBALS %MIBS %FUNCS %MUNGE/; + +$VERSION = '3.33'; + +%MIBS = ( %SNMP::Info::Layer3::MIBS, %SNMP::Info::Entity::MIBS, ); + +%GLOBALS + = ( %SNMP::Info::Layer3::GLOBALS, %SNMP::Info::Entity::GLOBALS, ); + +%FUNCS = ( + %SNMP::Info::Layer7::FUNCS, + %SNMP::Info::Entity::FUNCS, + 'mac_table' => 'ifPhysAddress', +); + +%MUNGE = ( + %SNMP::Info::Layer7::MUNGE, + %SNMP::Info::Entity::MUNGE, + 'mac_table' => \&SNMP::Info::munge_mac, +); + +my ($serial, $descr, $model); + +sub _fetch_info { + my $self = shift; + foreach my $id ( keys %{ $self->e_id() } ){ + + if ( + $self->e_name->{$id} =~ m/^Module$/ and + $self->e_model->{$id} =~ m/IPS/ + ) { + $serial = $self->e_serial->{$id}; + $descr = $self->e_descr->{$id}; + $model = $self->e_model->{$id}; + } + + } + +} + +sub layers { + return '01001000'; +} +sub serial { + my $self = shift; + _fetch_info($self) unless defined $serial; + return $serial; +} + +sub sysdescr { + my $self = shift; + _fetch_info($self) unless defined $descr; + return $descr; +} + +sub model { + my $self = shift; + _fetch_info($self) unless defined $descr; + $descr =~ s/ Security Services Processor//g; + $descr =~ s/ /-/g; + return $descr; +} + +sub b_mac { + my ( $self ) = shift; + + foreach my $mac ( values %{$self->mac_table()} ){ + + next unless defined $mac; + next unless $mac =~ m/^e4:d3:f1/; + return $mac; + } + + return ''; +} + + + +1; +__END__ + +=head1 NAME + +SNMP::Info::Layer7::CiscoASA - Cisco Adaptive Security Appliance + +=head1 AUTHOR + +Moe Kraus + +=head1 SYNOPSIS + + # Let SNMP::Info determine the correct subclass for you. + my $cisco = new SNMP::Info( + AutoSpecify => 1, + Debug => 1, + # These arguments are passed directly to SNMP::Session + DestHost => 'myswitch', + Community => 'public', + Version => 2 + ) + or die "Can't connect to DestHost.\n"; + + my $class = $ips->class(); + print "SNMP::Info determined this device to fall under subclass: $class\n"; + +=head1 DESCRIPTION + +Subclass for Cisco ASA Devices + +=head2 Inherited Classes + +=over + +=item SNMP::Info::CiscoStats + +=item SNMP::Info::Layer3 + +=back + +=head2 Required MIBs + +=over + +=item Inherited Classes' MIBs + +See L for its own MIB requirements. + +See L for its own MIB requirements. + +=back + +=head1 GLOBALS + +These are methods that return scalar value from SNMP + +=over + +=item $asa->b_mac() + +Returns base mac. +Overrides base mac function in L. + +=item $asa->i_description() + +Overrides base interface description function in L to return the +configured interface name instead of "Adaptive Security Appliance +'$configured interface name' interface". + +=back + +=head2 Globals imported from SNMP::Info::CiscoStats + +See documentation in L for details. + +=head2 Global Methods imported from SNMP::Info::Layer3 + +See documentation in L for details. + +=head1 TABLE METHODS + +These are methods that return tables of information in the form of a +reference to a hash. + +=head2 Table Methods imported from SNMP::Info::CiscoStats + +See documentation in L for details. + +=head2 Table Methods imported from SNMP::Info::Layer3 + +See documentation in L for details. + +=cut From d37aa3378e5481f206707595f99b514e14bc3779 Mon Sep 17 00:00:00 2001 From: Moritz Kraus Date: Thu, 8 Sep 2016 17:41:11 +0200 Subject: [PATCH 2/5] Added sub productname --- Info/Layer7/CiscoIPS.pm | 49 ++++++++++++++++++----------------------- 1 file changed, 21 insertions(+), 28 deletions(-) diff --git a/Info/Layer7/CiscoIPS.pm b/Info/Layer7/CiscoIPS.pm index b00a8351..8afd3067 100644 --- a/Info/Layer7/CiscoIPS.pm +++ b/Info/Layer7/CiscoIPS.pm @@ -48,21 +48,19 @@ use vars qw/$VERSION %GLOBALS %MIBS %FUNCS %MUNGE/; $VERSION = '3.33'; -%MIBS = ( %SNMP::Info::Layer3::MIBS, %SNMP::Info::Entity::MIBS, ); +%MIBS = ( %SNMP::Info::Layer7::MIBS, %SNMP::Info::Entity::MIBS, ); %GLOBALS - = ( %SNMP::Info::Layer3::GLOBALS, %SNMP::Info::Entity::GLOBALS, ); + = ( %SNMP::Info::Layer7::GLOBALS, %SNMP::Info::Entity::GLOBALS, ); %FUNCS = ( %SNMP::Info::Layer7::FUNCS, %SNMP::Info::Entity::FUNCS, - 'mac_table' => 'ifPhysAddress', ); %MUNGE = ( %SNMP::Info::Layer7::MUNGE, %SNMP::Info::Entity::MUNGE, - 'mac_table' => \&SNMP::Info::munge_mac, ); my ($serial, $descr, $model); @@ -107,10 +105,15 @@ sub model { return $descr; } +sub productname { + my $self = shift; + return $self->model; +} + sub b_mac { my ( $self ) = shift; - foreach my $mac ( values %{$self->mac_table()} ){ + foreach my $mac ( values %{$self->i_mac()} ){ next unless defined $mac; next unless $mac =~ m/^e4:d3:f1/; @@ -151,15 +154,15 @@ Moe Kraus =head1 DESCRIPTION -Subclass for Cisco ASA Devices +Subclass for Cisco IPS Module =head2 Inherited Classes =over -=item SNMP::Info::CiscoStats +=item SNMP::Info::Entity -=item SNMP::Info::Layer3 +=item SNMP::Info::Layer7 =back @@ -169,50 +172,40 @@ Subclass for Cisco ASA Devices =item Inherited Classes' MIBs -See L for its own MIB requirements. - -See L for its own MIB requirements. +See classes listed above for their required MIBs. =back + =head1 GLOBALS These are methods that return scalar value from SNMP =over -=item $asa->b_mac() +=item $self->b_mac() -Returns base mac. -Overrides base mac function in L. +Returns base mac. Matches only on e4:d3:f1 -=item $asa->i_description() +=item $self->serial() -Overrides base interface description function in L to return the -configured interface name instead of "Adaptive Security Appliance -'$configured interface name' interface". +Fetches serial from Module =back -=head2 Globals imported from SNMP::Info::CiscoStats -See documentation in L for details. +=head2 Global Methods imported from SNMP::Info::Layer7 -=head2 Global Methods imported from SNMP::Info::Layer3 - -See documentation in L for details. +See documentation in L for details. =head1 TABLE METHODS These are methods that return tables of information in the form of a reference to a hash. -=head2 Table Methods imported from SNMP::Info::CiscoStats -See documentation in L for details. +=head2 Table Methods imported from SNMP::Info::Layer7 -=head2 Table Methods imported from SNMP::Info::Layer3 - -See documentation in L for details. +See documentation in L for details. =cut From 1719709648866d91380ac9fb4f9cc5ac0585df27 Mon Sep 17 00:00:00 2001 From: Moritz Kraus Date: Fri, 9 Sep 2016 15:53:30 +0200 Subject: [PATCH 3/5] override e_index for IPS with e_id --- Info/Layer7/CiscoIPS.pm | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/Info/Layer7/CiscoIPS.pm b/Info/Layer7/CiscoIPS.pm index 8afd3067..db9f89ae 100644 --- a/Info/Layer7/CiscoIPS.pm +++ b/Info/Layer7/CiscoIPS.pm @@ -123,7 +123,10 @@ sub b_mac { return ''; } - +sub e_index { + my $self = shift(); + return $self->e_id; +} 1; __END__ From fd3417a09a6d5dd1ca275e930196e12f7ddac242 Mon Sep 17 00:00:00 2001 From: Moritz Kraus Date: Fri, 9 Sep 2016 15:59:52 +0200 Subject: [PATCH 4/5] faked e_index with e_id --- Info/Layer7/CiscoIPS.pm | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/Info/Layer7/CiscoIPS.pm b/Info/Layer7/CiscoIPS.pm index db9f89ae..a18e4ecc 100644 --- a/Info/Layer7/CiscoIPS.pm +++ b/Info/Layer7/CiscoIPS.pm @@ -125,7 +125,11 @@ sub b_mac { sub e_index { my $self = shift(); - return $self->e_id; + my %index; + foreach my $id ( keys %{$self->e_id} ){ + %index->{$id} = $id; + } + return \%index; } 1; From 661051fde4eda855e6d8c08f267b89fde3417ea0 Mon Sep 17 00:00:00 2001 From: Moritz Kraus Date: Wed, 12 Oct 2016 10:52:58 +0200 Subject: [PATCH 5/5] Documentation for Info::Layer7::CiscoIPS written --- Info/Layer7/CiscoIPS.pm | 47 ++++++++++++++++++++++++++++++++++------- README | 5 +++++ 2 files changed, 44 insertions(+), 8 deletions(-) diff --git a/Info/Layer7/CiscoIPS.pm b/Info/Layer7/CiscoIPS.pm index a18e4ecc..d34d64a0 100644 --- a/Info/Layer7/CiscoIPS.pm +++ b/Info/Layer7/CiscoIPS.pm @@ -85,6 +85,7 @@ sub _fetch_info { sub layers { return '01001000'; } + sub serial { my $self = shift; _fetch_info($self) unless defined $serial; @@ -105,7 +106,7 @@ sub model { return $descr; } -sub productname { +sub productname { my $self = shift; return $self->model; } @@ -137,7 +138,7 @@ __END__ =head1 NAME -SNMP::Info::Layer7::CiscoASA - Cisco Adaptive Security Appliance +SNMP::Info::Layer7::CiscoIPS - Cisco Adaptive Security Appliance IPS module =head1 AUTHOR @@ -146,11 +147,11 @@ Moe Kraus =head1 SYNOPSIS # Let SNMP::Info determine the correct subclass for you. - my $cisco = new SNMP::Info( + my $info = new SNMP::Info( AutoSpecify => 1, Debug => 1, # These arguments are passed directly to SNMP::Session - DestHost => 'myswitch', + DestHost => 'myIPS', Community => 'public', Version => 2 ) @@ -190,29 +191,59 @@ These are methods that return scalar value from SNMP =over -=item $self->b_mac() +=item $info->b_mac() Returns base mac. Matches only on e4:d3:f1 -=item $self->serial() +=item $info->serial() Fetches serial from Module -=back +=item $info->e_index() +overrides Entity->e_index() since entity table the IPS delivering is buggy. + +=item $info->layers + +Returns '01001000' + +=item $info->model + +Returns model name + +=item $info->productname + +Retruns the product name + +=item $info->serial + +Returns the serial number + +=item $info->sysdescr + +Returns the system description + +=back =head2 Global Methods imported from SNMP::Info::Layer7 See documentation in L for details. +=head2 Global Methods imported from SNMP::Info::Entity + +See documentation in L for details. + =head1 TABLE METHODS These are methods that return tables of information in the form of a reference to a hash. - =head2 Table Methods imported from SNMP::Info::Layer7 See documentation in L for details. +=head2 Table Methods imported from SNMP::Info::Entity + +See documentation in L for details. + =cut diff --git a/README b/README index 19748397..9cf90979 100644 --- a/README +++ b/README @@ -806,6 +806,11 @@ SUBCLASSES SNMP Interface to APC UPS devices See documentation in SNMP::Info::Layer7::APC for details. + + SNMP::Info::Layer7::CiscoIPS + SNMP Interface to Cisco IPS Module on ASA + + See documentation in SNMP::Info::Layer7::CiscoIPS for details. SNMP::Info::Layer7::Netscaler SNMP Interface to Citrix Netscaler appliances