-
Notifications
You must be signed in to change notification settings - Fork 10
/
flowview_bulkarin.php
209 lines (173 loc) · 6.26 KB
/
flowview_bulkarin.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
#!/usr/bin/env php
<?php
/*
+-------------------------------------------------------------------------+
| Copyright (C) 2004-2024 The Cacti Group |
| |
| This program is free software; you can redistribute it and/or |
| modify it under the terms of the GNU General Public License |
| as published by the Free Software Foundation; either version 2 |
| of the License, or (at your option) any later version. |
| |
| This program is distributed in the hope that it will be useful, |
| but WITHOUT ANY WARRANTY; without even the implied warranty of |
| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| GNU General Public License for more details. |
+-------------------------------------------------------------------------+
| Cacti: The Complete RRDTool-based Graphing Solution |
+-------------------------------------------------------------------------+
| This code is designed, written, and maintained by the Cacti Group. See |
| about.php and/or the AUTHORS file for specific developer information. |
+-------------------------------------------------------------------------+
| http://www.cacti.net/ |
+-------------------------------------------------------------------------+
*/
chdir('../../');
include('./include/cli_check.php');
include_once('./plugins/flowview/functions.php');
include_once('./plugins/flowview/setup.php');
include_once('./plugins/flowview/database.php');
flowview_connect();
ini_set('max_execution_time', '0');
/* process calling arguments */
$parms = $_SERVER['argv'];
array_shift($parms);
$proceed = false;
$origins = false;
$ips = false;
if (cacti_sizeof($parms)) {
foreach($parms as $parameter) {
if (strpos($parameter, '=')) {
list($arg, $value) = explode('=', $parameter, 2);
} else {
$arg = $parameter;
$value = '';
}
switch ($arg) {
case '--proceed':
$proceed = true;
break;
case '--origins':
$origins = true;
break;
case '--ips':
$ips = true;
break;
case '--version':
case '-V':
case '-v':
display_version();
exit(0);
case '--help':
case '-H':
case '-h':
display_help();
exit(0);
default:
print 'ERROR: Invalid Parameter ' . $parameter . PHP_EOL . PHP_EOL;
display_help();
exit(1);
}
}
}
if ($proceed == false) {
print "WARNING: This utility is meant for development purposes only. It will kill and cleanup parallel queries." . PHP_EOL;
print "Use the --proceed option if you wish to do so.". PHP_EOL;
exit(1);
}
if (read_config_option('flowview_use_arin') == 'on') {
print "NOTE: Check for Unverified Arin Addresses" . PHP_EOL;
} else {
print "WARNING: Arin Address Verification Disabled." . PHP_EOL;
exit(1);
}
$time = time();
$addresses = array();
$cidrs = array();
$whois_provider = read_config_option('flowview_whois_provider');
$whois_path = read_config_option('flowview_path_whois');
if ($origins) {
$cidrs = flowview_db_fetch_assoc('SELECT *
FROM plugin_flowview_arin_information
WHERE origin = ""');
}
if (cacti_sizeof($cidrs)) {
foreach($cidrs as $row) {
$cidr = $row['cidr'];
$arin_id = $row['id'];
$return_var = 0;
$output = array();
$origin = flowview_db_fetch_cell_prepared('SELECT origin
FROM plugin_flowview_irr_route
WHERE route = ?',
array($cidr));
if ($origin == '') {
if (file_exists($whois_path) && is_executable($whois_path) && $whois_provider != '') {
$last_line = exec("$whois_path -h $whois_provider $cidr | grep 'origin:' | head -1 | awk -F':' '{print \$2}'", $output, $return_var);
/* attempt to prevent rate limiting */
sleep(1);
if (cacti_sizeof($output)) {
$origin = trim($output[0]);
print "NOTE: Origin AS Verified for CIDR Address:$cidr and Origin AS:$origin." . PHP_EOL;
flowview_db_execute_prepared('UPDATE plugin_flowview_arin_information
SET origin = ?
WHERE id = ?',
array($origin, $arin_id));
} else {
print "WARNING: Origin AS Not Verified for CIDR Address:$cidr." . PHP_EOL;
}
} else {
print "FATAL: Whois binary path not provided or no whois provider specified." . PHP_EOL;
exit(1);
}
} else {
print "NOTE: Origin AS Verified for CIDR Address:$cidr and Origin AS:$origin." . PHP_EOL;
flowview_db_execute_prepared('UPDATE plugin_flowview_arin_information
SET origin = ?
WHERE id = ?',
array($origin, $arin_id));
}
}
}
if ($ips) {
$addresses = flowview_db_fetch_assoc('SELECT *
FROM plugin_flowview_dnscache
WHERE arin_verified = 0');
}
if (cacti_sizeof($addresses)) {
foreach($addresses as $p) {
$arin_id = 0;
$arin_ver = 0;
$data = flowview_get_owner_from_arin($p['ip']);
if ($data !== false) {
$arin_id = $data['arin_id'];
$arin_ver = 1;
}
if ($arin_ver == 1) {
print "NOTE: Arin Verified for IP Address:{$p['ip']} and DNS Name:{$p['host']}" . PHP_EOL;
/* return the hostname, without the trailing '.' */
flowview_db_execute_prepared('UPDATE plugin_flowview_dnscache
SET `arin_verified` = ?, `arin_id` = ?, `time` = ?
WHERE `ip` = ?',
array($arin_ver, $arin_id, $time, $p['ip']));
} else {
print "WARNING: Arin Not Verified for IP Address:{$p['ip']} and DNS Name:{$p['host']}" . PHP_EOL;
}
}
}
exit(0);
/* display_version - displays version information */
function display_version() {
$info = plugin_flowview_version();
$version = $info['version'];
print "Cacti Flowview Arin Bulk Loader, Version $version, " . COPYRIGHT_YEARS . PHP_EOL;
}
/* display_help - displays the usage of the function */
function display_help () {
display_version();
print PHP_EOL . 'usage: flowview_bulkarin.php [--proceed] [--ips] [--origins]' . PHP_EOL . PHP_EOL;
print 'A command line version of the Cacti Flowview Arin bulk loader.' . PHP_EOL;
print 'To perform a bulk resolution of unverified Arin details and to' . PHP_EOL;
print 'locate Origin AS via whois when Arin does not do this directly.' . PHP_EOL;
print 'You must use the --proceed option to actually run the script.' . PHP_EOL . PHP_EOL;
}