def getProcToPortDictOnWindows(localClient, localFramework):
try:
dbconnect_utils.debugPrint(
3, '[' + SCRIPT_NAME + ':getProcToPortDictOnWindows]')
procToPortDict = {}
shell = shellutils.ShellUtils(localClient)
ntcmdErrStr = 'Remote command returned 1(0x1)'
HOST_IP = localClient.getIpAddress()
HOSTID = localFramework.getDestinationAttribute('hostId')
## Get process OSHs using NTCMD HR script
############################################
try:
processOSHV = ObjectStateHolderVector()
if (NTCMD_HR_Dis_Process_Lib.discoverProcessesByWmic(
shell, processOSHV, HOSTID, localFramework)) == 1 or (
NTCMD_HR_Dis_Process_Lib.discoverProcesses(
shell, processOSHV, HOSTID, localFramework)) == 1:
## We have an OSHV, extract OSHs from it
oshvIndex = 0
try:
while processOSHV.get(oshvIndex):
someOSH = processOSHV.get(oshvIndex)
if someOSH.getObjectClass() == 'process':
processDict = dbconnect_utils.getAttributeValuesFromOSH(
someOSH, [
'process_pid', 'data_name',
'process_cmdline', 'process_path'
])
## Name
processName = processDict['data_name']
if processName == None or processName == '' or len(
processName) < 1:
## We don't care about nameless processes
continue
pid = processDict['process_pid'] ## PID
processPath = processDict['process_path'] ## Path
processPath = string.replace(processPath, '"', '')
processCmdline = processDict[
'process_cmdline'] ## Command line
processCmdline = string.replace(
processCmdline, '"', '')
## Add this to the dictionary
dbconnect_utils.debugPrint(
4, '[' + SCRIPT_NAME +
':getProcToPortDictOnWindows] Got PROCESS <%s:%s> with path <%s> and command line <%s>'
%
(pid, processName, processPath, processCmdline)
)
## {PID:[processName, listeningPort, ipAddress, path, version, status, processCommandline]}
# procToPortDict[pid] = [processName, dbconnect_utils.UNKNOWN, dbconnect_utils.UNKNOWN, processPath, dbconnect_utils.UNKNOWN, 'Running', processCmdline]
if dbconnect_utils.populateProcToPortDict(
procToPortDict, pid, processName,
dbconnect_utils.UNKNOWN,
dbconnect_utils.UNKNOWN, processPath,
dbconnect_utils.UNKNOWN, 'Running',
processCmdline) == 0:
logger.debug(
'[' + SCRIPT_NAME +
':getProcToPortDictOnWindows] Unable to add PROCESS <%s:%s> (%s) with path <%s> and command line <%s> to the procToPort dictionary'
% (pid, processName, 'Running', processPath,
processCmdline))
oshvIndex = oshvIndex + 1
except ArrayIndexOutOfBoundsException:
dbconnect_utils.debugPrint(
4, '[' + SCRIPT_NAME +
':getProcToPortDictOnWindows] Array OOB exception while getting process CIs from OSHV. Ignoring because this is expected...'
)
pass
else:
## We don't have an OSHV
dbconnect_utils.debugPrint(
3, '[' + SCRIPT_NAME +
':getProcToPortDictOnWindows] Unable to get list of processes'
)
except:
excInfo = logger.prepareJythonStackTrace('')
logger.debug(
'[' + SCRIPT_NAME +
':getProcToPortDictOnWindows] Unable to get list of processes: <%s>'
% excInfo)
pass
## Add windows services to the list of processes
############################################
## First try WMIC because we can get a PID
## If that doesn't work, fallback on the OOTB NTCMD HR script
try:
buffer = shell.execCmd(
'wmic service get displayname, pathname, processid, started /format:csv < %SystemRoot%\win.ini'
)
dbconnect_utils.debugPrint(
4, '[' + SCRIPT_NAME +
':getProcToPortDictOnWindows] Output for wmic process command: %s'
% buffer)
reg_mamRc = shell.getLastCmdReturnCode()
if (reg_mamRc == 0):
## WMIC worked!!
wmicLines = buffer.split('\n')
fakePid = 0
# Each line: HOSTNAME,SERVICENAME,EXE-PATH,PID
for wmicLine in wmicLines:
tokens = wmicLine.split(',')
numTokens = len(tokens)
if (tokens == None) or (numTokens < 1):
continue
if tokens[0].strip() == 'Node':
continue
if (numTokens < 4):
continue
serviceName = tokens[numTokens - 4].strip()
serviceStatus = dbconnect_utils.UNKNOWN
if tokens[numTokens - 1].strip().lower() == 'true':
serviceStatus = 'Running'
else:
serviceStatus = 'Not Running'
pid = tokens[numTokens - 2].strip()
## Don't bother with SYSTEM services that have a pid of -1
if (pid != '-1' and pid.isnumeric()):
# Get the command line
serviceCmdline = tokens[numTokens - 3].strip()
serviceCmdline = serviceCmdline.strip()[0:2499]
serviceCmdline = string.replace(
serviceCmdline, '"', '')
# Set process path to command line
servicePath = serviceCmdline
## While using services, we sometimes need a fake PID because
## the service may not be running and the corresponding PID will be 0
if pid == '0':
pid = 'SERVICE ' + str(fakePid)
fakePid = fakePid + 1
dbconnect_utils.debugPrint(
4, '[' + SCRIPT_NAME +
':getProcToPortDictOnWindows] Using fake PID <%s> for service <%s>'
% (pid, serviceName))
## Got everything, make the array
dbconnect_utils.debugPrint(
4, '[' + SCRIPT_NAME +
':getProcToPortDictOnWindows] Got SERVICE <%s (%s)> with PID <%s>, command line <%s>, command path <%s>'
% (serviceName, serviceStatus, pid, serviceCmdline,
servicePath))
## {PID:[processName, listeningPort, ipAddress, path, version, status, processCommandline]}
# procToPortDict[pid] = [serviceName, dbconnect_utils.UNKNOWN, dbconnect_utils.UNKNOWN, servicePath, dbconnect_utils.UNKNOWN, serviceStatus, serviceCmdline]
if dbconnect_utils.populateProcToPortDict(
procToPortDict, pid, serviceName,
dbconnect_utils.UNKNOWN, HOST_IP, servicePath,
dbconnect_utils.UNKNOWN, serviceStatus,
serviceCmdline) == 0:
logger.debug(
'[' + SCRIPT_NAME +
':getProcToPortDictOnWindows] Unable to add SERVICE <%s:%s> (%s) with path <%s> and command line <%s> to the procToPort dictionary'
% (pid, serviceName, serviceStatus,
servicePath, serviceCmdline))
else:
## WMIC didn't work. Get service OSHs using NTCMD HR script
dbconnect_utils.debugPrint(
3, '[' + SCRIPT_NAME +
':getProcToPortDictOnWindows] WMIC didn\'t work, trying NTCMD HR script'
)
servicesOSHV = NTCMD_HR_REG_Service_Lib.doService(
shell, modeling.createHostOSH(HOST_IP))
## Extract OSHs from vector
oshvIndex = 0
try:
while servicesOSHV.get(oshvIndex):
someOSH = servicesOSHV.get(oshvIndex)
if someOSH.getObjectClass() == 'service':
serviceDict = dbconnect_utils.getAttributeValuesFromOSH(
someOSH, [
'data_name', 'service_pathtoexec',
'service_commandline',
'service_operatingstatus'
])
## Name
serviceName = serviceDict['data_name']
if serviceName == None or serviceName == '' or len(
serviceName) < 1:
## We don't care about nameless services
continue
pid = 'SERVICE ' + str(oshvIndex) ## PID (fake)
servicePath = serviceDict[
'service_pathtoexec'] ## Install path
servicePath = string.replace(servicePath, '"', '')
serviceCmdline = serviceDict[
'service_commandline'] ## Command line
serviceCmdline = string.replace(
serviceCmdline, '"', '')
serviceStatus = serviceDict[
'service_operatingstatus'] ## Status
## Add this to the dictionary
dbconnect_utils.debugPrint(
4, '[' + SCRIPT_NAME +
':getProcToPortDictOnWindows] Got <%s:%s> with installPath <%s> and commandline <%s>'
%
(pid, serviceName, servicePath, serviceCmdline)
)
## {PID:[processName, listeningPort, ipAddress, path, version, status, processCommandline]}
# procToPortDict[pid] = [serviceName, dbconnect_utils.UNKNOWN, dbconnect_utils.UNKNOWN, servicePath, dbconnect_utils.UNKNOWN, serviceStatus, serviceCmdline]
if dbconnect_utils.populateProcToPortDict(
procToPortDict, pid, serviceName,
dbconnect_utils.UNKNOWN, HOST_IP, servicePath,
dbconnect_utils.UNKNOWN, serviceStatus,
serviceCmdline) == 0:
logger.debug(
'[' + SCRIPT_NAME +
':getProcToPortDictOnWindows] Unable to add SERVICE <%s:%s> (%s) with path <%s> and command line <%s> to the procToPort dictionary'
% (pid, serviceName, serviceStatus,
servicePath, serviceCmdline))
oshvIndex = oshvIndex + 1
except ArrayIndexOutOfBoundsException:
dbconnect_utils.debugPrint(
4, '[' + SCRIPT_NAME +
':getProcToPortDictOnWindows] Array OOB exception while getting service CIs from OSHV. Ignoring because this is expected...'
)
pass
except:
excInfo = logger.prepareJythonStackTrace('')
logger.debug(
'[' + SCRIPT_NAME +
':getProcToPortDictOnWindows] Unable to get list of services: <%s>'
% excInfo)
pass
## Add installed software to the list of processes
############################################
try:
## Get installed software OSHs using NTCMD HR script
softwareOSHV = ObjectStateHolderVector()
gotSoftwareOshs = NTCMD_HR_REG_Software_Lib.doSoftware(
shell, modeling.createHostOSH(HOST_IP), softwareOSHV)
## Extract OSHs from vector
oshvIndex = 0
while gotSoftwareOshs and softwareOSHV.get(oshvIndex):
someOSH = softwareOSHV.get(oshvIndex)
if someOSH.getObjectClass() == 'software':
softwareDict = dbconnect_utils.getAttributeValuesFromOSH(
someOSH, [
'data_name', 'software_installpath',
'software_version'
])
## Name
softwareName = softwareDict['data_name']
if not softwareName:
## We don't care about nameless software
continue
pid = 'SOFTWARE ' + str(oshvIndex) ## PID (fake)
softwareInstallPath = softwareDict[
'software_installpath'] ## Install path
softwareVersion = softwareDict[
'software_version'] ## Version
## Add this to the dictionary
dbconnect_utils.debugPrint(
4, '[' + SCRIPT_NAME +
':getProcToPortDictOnWindows] Got <%s:%s> with installPath <%s> and version <%s>'
% (pid, softwareName, softwareInstallPath,
softwareVersion))
## {PID:[processName, listeningPort, ipAddress, path, version, status, processCommandline]}
# procToPortDict[pid] = [softwareName, dbconnect_utils.UNKNOWN, dbconnect_utils.UNKNOWN, softwareInstallPath, softwareVersion, dbconnect_utils.UNKNOWN, dbconnect_utils.UNKNOWN]
if dbconnect_utils.populateProcToPortDict(
procToPortDict, pid, softwareName,
dbconnect_utils.UNKNOWN, dbconnect_utils.UNKNOWN,
softwareInstallPath, softwareVersion,
dbconnect_utils.UNKNOWN,
dbconnect_utils.UNKNOWN) == 0:
logger.debug(
'[' + SCRIPT_NAME +
':getProcToPortDictOnWindows] Unable to add SOFTWARE <%s:%s> (%s) with path <%s> and command line <%s> to the procToPort dictionary'
% (pid, softwareName, dbconnect_utils.UNKNOWN,
softwareInstallPath, dbconnect_utils.UNKNOWN))
oshvIndex = oshvIndex + 1
except ArrayIndexOutOfBoundsException:
dbconnect_utils.debugPrint(
4, '[' + SCRIPT_NAME +
':getProcToPortDictOnWindows] Array OOB exception while getting software CIs from OSHV. Ignoring because this is expected...'
)
pass
except:
excInfo = logger.prepareJythonStackTrace('')
logger.debug(
'[' + SCRIPT_NAME +
':getProcToPortDictOnWindows] Unable to get list of software: <%s>'
% excInfo)
pass
## Use NETSTAT output to create an array of server ports
## and map them to server processes
############################################
try:
netstatLisStr = shell.execCmd(
'netstat -aon -p tcp | find "LISTENING"')
nsStrOk = 'false'
nsLisLines = None
if netstatLisStr.find(ntcmdErrStr) != -1 or len(netstatLisStr) < 1:
nsStrOk = 'false'
elif re.search('\r\n', netstatLisStr):
nsLisLines = netstatLisStr.split('\r\n')
nsStrOk = 'true'
elif re.search('\n', netstatLisStr):
nsLisLines = netstatLisStr.split('\n')
nsStrOk = 'true'
if nsStrOk == 'true':
for line in nsLisLines:
line = line.strip()
m = re.search(
'\S+\s+(\d+.\d+.\d+.\d+):(\d+)\s+\d+.\d+.\d+.\d+:\d+\s+\S+\s+(\d+).*',
line)
if (m):
ipAddress = m.group(1).strip()
## Skip loopback IPs
if re.search('127.0.0', ipAddress):
continue
## Set the IP address to that of the destination if it is "*", "::", or "0.0.0.0"
ipAddress = dbconnect_utils.fixIP(
ipAddress, localClient.getIpAddress())
serverPort = m.group(2).strip()
pid = m.group(3)
dbconnect_utils.debugPrint(
4, '[' + SCRIPT_NAME +
':getProcToPortDictOnWindows] Got port <%s> for pid <%s>'
% (serverPort, pid))
if pid != '-' and procToPortDict.has_key(pid):
dbconnect_utils.debugPrint(
4, '[' + SCRIPT_NAME +
':getProcToPortDictOnWindows] Adding port <%s:%s> for process <%s>'
% (ipAddress, serverPort,
(procToPortDict[pid])[0]))
(procToPortDict[pid]
)[dbconnect_utils.IP_INDEX] = ipAddress
(procToPortDict[pid]
)[dbconnect_utils.PORT_INDEX] = serverPort
dbconnect_utils.debugPrint(
4, '[' + SCRIPT_NAME +
':getProcToPortDictOnWindows] Got port <%s> for pid <%s>'
% (serverPort, pid))
else:
dbconnect_utils.debugPrint(
3, '[' + SCRIPT_NAME +
':getProcToPortDictOnWindows] Couldn\'t get process information (Most likely due to lack of user permissions): '
+ line)
else:
dbconnect_utils.debugPrint(
2, '[' + SCRIPT_NAME +
':getProcToPortDictOnWindows] Invalid output from netstat: <%s>'
% netstatLisStr)
except:
excInfo = logger.prepareJythonStackTrace('')
logger.debug(
'[' + SCRIPT_NAME +
':getProcToPortDictOnWindows] Unable to make a process to port map using netstat: <%s>'
% excInfo)
pass
## Should have proc to port map
if len(procToPortDict) > 0:
dbconnect_utils.debugPrint(
2, '[' + SCRIPT_NAME +
':getProcToPortDictOnWindows] Returning process to port dictionary with <%s> items'
% len(procToPortDict))
return procToPortDict
else:
dbconnect_utils.debugPrint(
2, '[' + SCRIPT_NAME +
':getProcToPortDictOnWindows] Returning EMPTY process to port dictionary'
)
return None
except:
excInfo = logger.prepareJythonStackTrace('')
dbconnect_utils.debugPrint(
'[' + SCRIPT_NAME +
':getProcToPortDictOnWindows] Exception: <%s>' % excInfo)
pass
def DiscoveryMain(Framework):
vector = ObjectStateHolderVector()
protocol = Framework.getDestinationAttribute('Protocol')
client = None
shell = None
try:
try:
# connect to destination
client = Framework.createClient()
# wrap client with Shell
shell = shellutils.ShellFactory().createShell(client)
except AuthenticationException, ae:
errormessages.resolveAndReport(ae.getMessage(), protocol,
Framework)
except:
exInfo = logger.prepareJythonStackTrace('')
errormessages.resolveAndReport(exInfo, protocol, Framework)
else:
language = Framework.getDestinationAttribute('language')
hostCmdbId = Framework.getDestinationAttribute('hostId')
# configure internationalization support
if language and language != 'NA':
langBund = Framework.getEnvironmentInformation().getBundle(
'langHost_Resources_By_TTY', language)
else:
langBund = Framework.getEnvironmentInformation().getBundle(
'langHost_Resources_By_TTY')
# discovery
discoverCPUs = Boolean.parseBoolean(
Framework.getParameter('discoverCPUs'))
discoverDisks = Boolean.parseBoolean(
Framework.getParameter('discoverDisks'))
discoveriSCSIInfo = Boolean.parseBoolean(
Framework.getParameter('discoveriSCSIInfo'))
discoverDrivers = Boolean.parseBoolean(
Framework.getParameter('discoverDrivers'))
discoverMemory = Boolean.parseBoolean(
Framework.getParameter('discoverMemory'))
discoverSoftware = Boolean.parseBoolean(
Framework.getParameter('discoverInstalledSoftware'))
discoverUsers = Boolean.parseBoolean(
Framework.getParameter('discoverUsers'))
discoverServices = Boolean.parseBoolean(
Framework.getParameter('discoverServices'))
discoverShares = Boolean.parseBoolean(
Framework.getParameter('discoverShares'))
discoverP2P = Boolean.parseBoolean(
Framework.getParameter('discoverP2P'))
try:
hostOsh = modeling.createOshByCmdbIdString('host', hostCmdbId)
if discoverShares:
try:
vector.addAll(_discoverSharedResources(shell, hostOsh))
except:
errorMessage = 'Failed to discover shared resources'
_logWarn(
errorcodes.
FAILED_DISCOVERING_RESOURCE_WITH_CLIENT_TYPE,
['share', protocol], errorMessage)
if discoverCPUs:
try:
vector.addAll(
TTY_HR_CPU_Lib.disWinOS(hostCmdbId, shell,
Framework, langBund))
except:
errorMessage = 'Failed to discover CPUs'
_logWarn(
errorcodes.
FAILED_DISCOVERING_RESOURCE_WITH_CLIENT_TYPE,
['cpus', protocol], errorMessage)
if discoverDisks:
try:
vector.addAll(TTY_HR_Disk_Lib.disWinOS(hostOsh, shell))
except:
errorMessage = 'Failed to discover disks'
_logWarn(
errorcodes.
FAILED_DISCOVERING_RESOURCE_WITH_CLIENT_TYPE,
['disks', protocol], errorMessage)
if discoverDrivers and shell.isWinOs():
try:
vector.addAll(
_discoverWindowsDeviceDriver(shell, hostOsh))
except:
errorMessage = 'Failed to discover windows device driver by powershell'
_logWarn(
errorcodes.
FAILED_DISCOVERING_RESOURCE_WITH_CLIENT_TYPE,
['windows device driver', protocol], errorMessage)
if discoveriSCSIInfo:
try:
vector.addAll(
TTY_HR_Disk_Lib.disWinOSiSCSIInfo(hostOsh, shell))
except:
errorMessage = 'Failed to discover iSCSI info'
_logWarn(
errorcodes.
FAILED_DISCOVERING_RESOURCE_WITH_CLIENT_TYPE,
['iSCSI', protocol], errorMessage)
if discoverMemory:
try:
vector.addAll(
TTY_HR_Memory_Lib.disWinOS(hostCmdbId, shell,
Framework, langBund))
except:
errorMessage = 'Failed to discover memory'
_logWarn(
errorcodes.
FAILED_DISCOVERING_RESOURCE_WITH_CLIENT_TYPE,
['memory', protocol], errorMessage)
processes = []
try:
processesDiscoverer = process_discoverer.DiscovererByShellOnWindows(
shell)
processes = processesDiscoverer.discoverAllProcesses()
if not processes:
raise ValueError()
except:
errorMessage = 'Failed to discover processes'
_logWarn(
errorcodes.
FAILED_DISCOVERING_RESOURCE_WITH_CLIENT_TYPE,
['processes', protocol], errorMessage)
if processes:
# save processes to DB
process_discoverer.saveProcessesToProbeDb(
processes, hostCmdbId, Framework)
# report processes
discoverProcesses = Boolean.parseBoolean(
Framework.getParameter('discoverProcesses'))
if discoverProcesses:
processReporter = process.Reporter()
for processObject in processes:
processVector = processReporter.reportProcess(
hostOsh, processObject)
vector.addAll(processVector)
if discoverUsers:
try:
vector.addAll(_discoverUsers(hostOsh, shell))
except:
errorMessage = 'Failed to discover users'
_logWarn(
errorcodes.
FAILED_DISCOVERING_RESOURCE_WITH_CLIENT_TYPE,
['users', protocol], errorMessage)
cmdLineToInstalledSoftware = {}
softNameToInstSoftOSH = {}
if discoverSoftware:
try:
softwareOSHs = TTY_HR_Software_Lib.disWinOS(
hostCmdbId, shell, Framework, langBund,
softNameToInstSoftOSH)
if softwareOSHs:
vector.addAll(softwareOSHs)
except:
errorMessage = 'Failed to discover installed software'
_logWarn(errorcodes.FAILED_DISCOVERING_RESOURCE,
['installed software', protocol],
errorMessage)
servicesByCmd = Hashtable()
if discoverServices:
try:
srvcOSHs = NTCMD_HR_REG_Service_Lib.doService(
shell, hostOsh, servicesByCmd, langBund, Framework)
vector.addAll(srvcOSHs)
except:
errorMessage = 'Failed to discover services'
_logWarn(errorcodes.FAILED_DISCOVERING_RESOURCE,
['services', protocol], errorMessage)
connectivityEndPoints = []
try:
tcpDiscoverer = Dis_TCP.getDiscovererByShell(
client, Framework, shell)
if tcpDiscoverer is not None:
tcpDiscoverer.discoverTCP()
connectivityEndPoints = tcpDiscoverer.getProcessEndPoints(
)
except:
errorMessage = 'Failed to run TCP discovery'
_logWarn(
errorcodes.FAILED_RUNNING_DISCOVERY_WITH_CLIENT_TYPE,
['tcp', protocol], errorMessage)
appSign = applications.createApplicationSignature(
Framework, client, shell)
if processes:
appSign.setProcessesManager(
applications.ProcessesManager(processes,
connectivityEndPoints))
servicesInfo = applications.ServicesInfo(servicesByCmd)
appSign.setServicesInfo(servicesInfo)
softwareInfo = applications.InstalledSoftwareInfo(
cmdLineToInstalledSoftware, softNameToInstSoftOSH)
appSign.setInstalledSoftwareInfo(softwareInfo)
appSign.getApplicationsTopology(hostCmdbId)
if discoverP2P:
try:
p2p = process_to_process.ProcessToProcess(Framework)
p2p.getProcessesToProcess()
except:
errorMessage = 'Failed to run p2p discovery'
_logWarn(errorcodes.FAILED_RUNNING_DISCOVERY,
['p2p', protocol], errorMessage)
except JException, ex:
exInfo = ex.getMessage()
errormessages.resolveAndReport(exInfo, protocol, Framework)
except:
def getProcToPortDictOnWindows(localClient, localFramework):
try:
dbconnect_utils.debugPrint(3, '[' + SCRIPT_NAME + ':getProcToPortDictOnWindows]')
procToPortDict = {}
shell = shellutils.ShellUtils(localClient)
ntcmdErrStr = 'Remote command returned 1(0x1)'
HOST_IP = localClient.getIpAddress()
HOSTID = localFramework.getDestinationAttribute('hostId')
## Get process OSHs using NTCMD HR script
############################################
try:
processOSHV = ObjectStateHolderVector()
if (NTCMD_HR_Dis_Process_Lib.discoverProcessesByWmic(shell, processOSHV, HOSTID, localFramework)) == 1 or (NTCMD_HR_Dis_Process_Lib.discoverProcesses(shell, processOSHV, HOSTID, localFramework)) == 1:
## We have an OSHV, extract OSHs from it
oshvIndex = 0
try:
while processOSHV.get(oshvIndex):
someOSH = processOSHV.get(oshvIndex)
if someOSH.getObjectClass() == 'process':
processDict = dbconnect_utils.getAttributeValuesFromOSH(someOSH, ['process_pid', 'data_name', 'process_cmdline', 'process_path'])
## Name
processName = processDict['data_name']
if processName == None or processName == '' or len(processName) <1:
## We don't care about nameless processes
continue
pid = processDict['process_pid'] ## PID
processPath = processDict['process_path'] ## Path
processPath = string.replace(processPath, '"', '')
processCmdline = processDict['process_cmdline'] ## Command line
processCmdline = string.replace(processCmdline, '"', '')
## Add this to the dictionary
dbconnect_utils.debugPrint(4, '[' + SCRIPT_NAME + ':getProcToPortDictOnWindows] Got PROCESS <%s:%s> with path <%s> and command line <%s>' % (pid, processName, processPath, processCmdline))
## {PID:[processName, listeningPort, ipAddress, path, version, status, processCommandline]}
# procToPortDict[pid] = [processName, dbconnect_utils.UNKNOWN, dbconnect_utils.UNKNOWN, processPath, dbconnect_utils.UNKNOWN, 'Running', processCmdline]
if dbconnect_utils.populateProcToPortDict(procToPortDict, pid, processName, dbconnect_utils.UNKNOWN, dbconnect_utils.UNKNOWN, processPath, dbconnect_utils.UNKNOWN, 'Running', processCmdline) == 0:
logger.debug('[' + SCRIPT_NAME + ':getProcToPortDictOnWindows] Unable to add PROCESS <%s:%s> (%s) with path <%s> and command line <%s> to the procToPort dictionary' % (pid, processName, 'Running', processPath, processCmdline))
oshvIndex = oshvIndex + 1
except ArrayIndexOutOfBoundsException:
dbconnect_utils.debugPrint(4, '[' + SCRIPT_NAME + ':getProcToPortDictOnWindows] Array OOB exception while getting process CIs from OSHV. Ignoring because this is expected...')
pass
else:
## We don't have an OSHV
dbconnect_utils.debugPrint(3, '[' + SCRIPT_NAME + ':getProcToPortDictOnWindows] Unable to get list of processes')
except:
excInfo = logger.prepareJythonStackTrace('')
logger.debug('[' + SCRIPT_NAME + ':getProcToPortDictOnWindows] Unable to get list of processes: <%s>' % excInfo)
pass
## Add windows services to the list of processes
############################################
## First try WMIC because we can get a PID
## If that doesn't work, fallback on the OOTB NTCMD HR script
try:
buffer = shell.execCmd('wmic service get displayname, pathname, processid, started /format:csv < %SystemRoot%\win.ini')
dbconnect_utils.debugPrint(4, '[' + SCRIPT_NAME + ':getProcToPortDictOnWindows] Output for wmic process command: %s' % buffer)
reg_mamRc = shell.getLastCmdReturnCode()
if (reg_mamRc == 0):
## WMIC worked!!
wmicLines = buffer.split('\n')
fakePid = 0
# Each line: HOSTNAME,SERVICENAME,EXE-PATH,PID
for wmicLine in wmicLines:
tokens = wmicLine.split(',')
numTokens = len(tokens)
if (tokens == None) or (numTokens < 1) :
continue
if tokens[0].strip() == 'Node':
continue
if (numTokens < 4):
continue
serviceName = tokens[numTokens - 4].strip()
serviceStatus = dbconnect_utils.UNKNOWN
if tokens[numTokens - 1].strip().lower() == 'true':
serviceStatus = 'Running'
else:
serviceStatus = 'Not Running'
pid = tokens[numTokens - 2].strip()
## Don't bother with SYSTEM services that have a pid of -1
if(pid != '-1' and pid.isnumeric()):
# Get the command line
serviceCmdline = tokens[numTokens - 3].strip()
serviceCmdline = serviceCmdline.strip()[0:2499]
serviceCmdline = string.replace(serviceCmdline, '"', '')
# Set process path to command line
servicePath = serviceCmdline
## While using services, we sometimes need a fake PID because
## the service may not be running and the corresponding PID will be 0
if pid == '0':
pid = 'SERVICE ' + str(fakePid)
fakePid = fakePid + 1
dbconnect_utils.debugPrint(4, '[' + SCRIPT_NAME + ':getProcToPortDictOnWindows] Using fake PID <%s> for service <%s>' % (pid, serviceName))
## Got everything, make the array
dbconnect_utils.debugPrint(4, '[' + SCRIPT_NAME + ':getProcToPortDictOnWindows] Got SERVICE <%s (%s)> with PID <%s>, command line <%s>, command path <%s>' % (serviceName, serviceStatus, pid, serviceCmdline, servicePath))
## {PID:[processName, listeningPort, ipAddress, path, version, status, processCommandline]}
# procToPortDict[pid] = [serviceName, dbconnect_utils.UNKNOWN, dbconnect_utils.UNKNOWN, servicePath, dbconnect_utils.UNKNOWN, serviceStatus, serviceCmdline]
if dbconnect_utils.populateProcToPortDict(procToPortDict, pid, serviceName, dbconnect_utils.UNKNOWN, HOST_IP, servicePath, dbconnect_utils.UNKNOWN, serviceStatus, serviceCmdline) == 0:
logger.debug('[' + SCRIPT_NAME + ':getProcToPortDictOnWindows] Unable to add SERVICE <%s:%s> (%s) with path <%s> and command line <%s> to the procToPort dictionary' % (pid, serviceName, serviceStatus, servicePath, serviceCmdline))
else:
## WMIC didn't work. Get service OSHs using NTCMD HR script
dbconnect_utils.debugPrint(3, '[' + SCRIPT_NAME + ':getProcToPortDictOnWindows] WMIC didn\'t work, trying NTCMD HR script')
servicesOSHV = NTCMD_HR_REG_Service_Lib.doService(shell, modeling.createHostOSH(HOST_IP))
## Extract OSHs from vector
oshvIndex = 0
try:
while servicesOSHV.get(oshvIndex):
someOSH = servicesOSHV.get(oshvIndex)
if someOSH.getObjectClass() == 'service':
serviceDict = dbconnect_utils.getAttributeValuesFromOSH(someOSH, ['data_name', 'service_pathtoexec', 'service_commandline', 'service_operatingstatus'])
## Name
serviceName = serviceDict['data_name']
if serviceName == None or serviceName == '' or len(serviceName) <1:
## We don't care about nameless services
continue
pid = 'SERVICE ' + str(oshvIndex) ## PID (fake)
servicePath = serviceDict['service_pathtoexec'] ## Install path
servicePath = string.replace(servicePath, '"', '')
serviceCmdline = serviceDict['service_commandline'] ## Command line
serviceCmdline = string.replace(serviceCmdline, '"', '')
serviceStatus = serviceDict['service_operatingstatus'] ## Status
if serviceStatus == 'true':
serviceStatus = 'Running'
else:
serviceStatus = 'Not Running'
## Add this to the dictionary
dbconnect_utils.debugPrint(4, '[' + SCRIPT_NAME + ':getProcToPortDictOnWindows] Got <%s:%s> with installPath <%s> and commandline <%s>' % (pid, serviceName, servicePath, serviceCmdline))
## {PID:[processName, listeningPort, ipAddress, path, version, status, processCommandline]}
# procToPortDict[pid] = [serviceName, dbconnect_utils.UNKNOWN, dbconnect_utils.UNKNOWN, servicePath, dbconnect_utils.UNKNOWN, serviceStatus, serviceCmdline]
if dbconnect_utils.populateProcToPortDict(procToPortDict, pid, serviceName, dbconnect_utils.UNKNOWN, HOST_IP, servicePath, dbconnect_utils.UNKNOWN, serviceStatus, serviceCmdline) == 0:
logger.debug('[' + SCRIPT_NAME + ':getProcToPortDictOnWindows] Unable to add SERVICE <%s:%s> (%s) with path <%s> and command line <%s> to the procToPort dictionary' % (pid, serviceName, serviceStatus, servicePath, serviceCmdline))
oshvIndex = oshvIndex + 1
except ArrayIndexOutOfBoundsException:
dbconnect_utils.debugPrint(4, '[' + SCRIPT_NAME + ':getProcToPortDictOnWindows] Array OOB exception while getting service CIs from OSHV. Ignoring because this is expected...')
pass
except:
excInfo = logger.prepareJythonStackTrace('')
logger.debug('[' + SCRIPT_NAME + ':getProcToPortDictOnWindows] Unable to get list of services: <%s>' % excInfo)
pass
## Add installed software to the list of processes
############################################
try:
## Get installed software OSHs using NTCMD HR script
softwareOSHV = ObjectStateHolderVector()
gotSoftwareOshs = NTCMD_HR_REG_Software_Lib.doSoftware(shell, modeling.createHostOSH(HOST_IP), softwareOSHV)
## Extract OSHs from vector
oshvIndex = 0
while gotSoftwareOshs and softwareOSHV.get(oshvIndex):
someOSH = softwareOSHV.get(oshvIndex)
if someOSH.getObjectClass() == 'software':
softwareDict = dbconnect_utils.getAttributeValuesFromOSH(someOSH, ['data_name', 'software_installpath', 'software_version'])
## Name
softwareName = softwareDict['data_name']
if not softwareName:
## We don't care about nameless software
continue
pid = 'SOFTWARE ' + str(oshvIndex) ## PID (fake)
softwareInstallPath = softwareDict['software_installpath'] ## Install path
softwareVersion = softwareDict['software_version'] ## Version
## Add this to the dictionary
dbconnect_utils.debugPrint(4, '[' + SCRIPT_NAME + ':getProcToPortDictOnWindows] Got <%s:%s> with installPath <%s> and version <%s>' % (pid, softwareName, softwareInstallPath, softwareVersion))
## {PID:[processName, listeningPort, ipAddress, path, version, status, processCommandline]}
# procToPortDict[pid] = [softwareName, dbconnect_utils.UNKNOWN, dbconnect_utils.UNKNOWN, softwareInstallPath, softwareVersion, dbconnect_utils.UNKNOWN, dbconnect_utils.UNKNOWN]
if dbconnect_utils.populateProcToPortDict(procToPortDict, pid, softwareName, dbconnect_utils.UNKNOWN, dbconnect_utils.UNKNOWN, softwareInstallPath, softwareVersion, dbconnect_utils.UNKNOWN, dbconnect_utils.UNKNOWN) == 0:
logger.debug('[' + SCRIPT_NAME + ':getProcToPortDictOnWindows] Unable to add SOFTWARE <%s:%s> (%s) with path <%s> and command line <%s> to the procToPort dictionary' % (pid, softwareName, dbconnect_utils.UNKNOWN, softwareInstallPath, dbconnect_utils.UNKNOWN))
oshvIndex = oshvIndex + 1
except ArrayIndexOutOfBoundsException:
dbconnect_utils.debugPrint(4, '[' + SCRIPT_NAME + ':getProcToPortDictOnWindows] Array OOB exception while getting software CIs from OSHV. Ignoring because this is expected...')
pass
except:
excInfo = logger.prepareJythonStackTrace('')
logger.debug('[' + SCRIPT_NAME + ':getProcToPortDictOnWindows] Unable to get list of software: <%s>' % excInfo)
pass
## Use NETSTAT output to create an array of server ports
## and map them to server processes
############################################
## Updated by Daniel La: updated to handle situation where a process can listen on multiple ports.
try:
keydeletion = [] # keys to delete - Daniel La
netstatLisStr = shell.execCmd('netstat -aon -p tcp | find "LISTENING"')
nsStrOk = 'false'
nsLisLines = None
if netstatLisStr.find(ntcmdErrStr) != -1 or len(netstatLisStr) < 1:
nsStrOk = 'false'
elif re.search('\r\n', netstatLisStr):
nsLisLines = netstatLisStr.split('\r\n')
nsStrOk = 'true'
elif re.search('\n', netstatLisStr):
nsLisLines = netstatLisStr.split('\n')
nsStrOk = 'true'
if nsStrOk == 'true':
for line in nsLisLines:
line = line.strip()
m = re.search('\S+\s+(\d+.\d+.\d+.\d+):(\d+)\s+\d+.\d+.\d+.\d+:\d+\s+\S+\s+(\d+).*', line)
if (m):
ipAddress = m.group(1).strip()
## Skip loopback IPs
if re.search('127.0.0', ipAddress):
continue
## Set the IP address to that of the destination if it is "*", "::", or "0.0.0.0"
ipAddress = dbconnect_utils.fixIP(ipAddress, localClient.getIpAddress())
serverPort = m.group(2).strip()
pid = m.group(3)
dbconnect_utils.debugPrint(4, '[' + SCRIPT_NAME + ':getProcToPortDictOnWindows] Got port <%s> for pid <%s>' % (serverPort, pid))
# modified if statement slightly to include check to see if listener is listening on port 80, 2481, or 2482. If so, these can be ignored. - Daniel La
if pid != '-' and procToPortDict.has_key(pid) and not (serverPort in ['80', '2481', '2482'] and re.search('tns', (procToPortDict[pid])[0].lower())):
dbconnect_utils.debugPrint(4, '[' + SCRIPT_NAME + ':getProcToPortDictOnWindows] Adding port <%s:%s> for process <%s>' % (ipAddress, serverPort, (procToPortDict[pid])[0]))
(procToPortDict[pid])[dbconnect_utils.IP_INDEX] = ipAddress
(procToPortDict[pid])[dbconnect_utils.PORT_INDEX] = serverPort
# create new key and add new entry - Daniel La
pidnport = str(pid) + '.' + str(serverPort)
if dbconnect_utils.populateProcToPortDict(procToPortDict, pidnport, (procToPortDict[pid])[dbconnect_utils.PROCESSNAME_INDEX], (procToPortDict[pid])[dbconnect_utils.PORT_INDEX], (procToPortDict[pid])[dbconnect_utils.IP_INDEX], (procToPortDict[pid])[dbconnect_utils.PATH_INDEX], (procToPortDict[pid])[dbconnect_utils.VERSION_INDEX], (procToPortDict[pid])[dbconnect_utils.STATUS_INDEX], (procToPortDict[pid])[dbconnect_utils.COMMANDLINE_INDEX], (procToPortDict[pid])[dbconnect_utils.USER_INDEX]) == 0:
logger.debug('Unable to add ', (procToPortDict[pid])[dbconnect_utils.PROCESSNAME_INDEX])
else:
# add key to list of keys to delete later as we've updated them with new entries.
keydeletion.append(pid)
dbconnect_utils.debugPrint(4, '[' + SCRIPT_NAME + ':getProcToPortDictOnWindows] Got port <%s> for pid <%s>' % (serverPort, pid))
else:
dbconnect_utils.debugPrint(3, '[' + SCRIPT_NAME + ':getProcToPortDictOnWindows] Couldn\'t get process information (Most likely due to lack of user permissions): ' + line)
# delete keys which are of no value anymore - Daniel La
for key in keydeletion:
if procToPortDict.has_key(key):
del procToPortDict[key]
logger.debug('deleted key: ', key)
else:
dbconnect_utils.debugPrint(2, '[' + SCRIPT_NAME + ':getProcToPortDictOnWindows] Invalid output from netstat: <%s>' % netstatLisStr)
except:
excInfo = logger.prepareJythonStackTrace('')
logger.debug('[' + SCRIPT_NAME + ':getProcToPortDictOnWindows] Unable to make a process to port map using netstat: <%s>' % excInfo)
pass
## Should have proc to port map
if len(procToPortDict) > 0:
dbconnect_utils.debugPrint(2, '[' + SCRIPT_NAME + ':getProcToPortDictOnWindows] Returning process to port dictionary with <%s> items' % len(procToPortDict))
return procToPortDict
else:
dbconnect_utils.debugPrint(2, '[' + SCRIPT_NAME + ':getProcToPortDictOnWindows] Returning EMPTY process to port dictionary')
return None
except:
excInfo = logger.prepareJythonStackTrace('')
dbconnect_utils.debugPrint('[' + SCRIPT_NAME + ':getProcToPortDictOnWindows] Exception: <%s>' % excInfo)
pass
def DiscoveryMain(Framework):
vector = ObjectStateHolderVector()
protocol = Framework.getDestinationAttribute('Protocol')
client = None
shell = None
try:
try:
# connect to destination
client = Framework.createClient()
# wrap client with Shell
shell = shellutils.ShellFactory().createShell(client)
except AuthenticationException, ae:
errormessages.resolveAndReport(ae.getMessage(), protocol, Framework)
except:
exInfo = logger.prepareJythonStackTrace('')
errormessages.resolveAndReport(exInfo, protocol, Framework)
else:
language = Framework.getDestinationAttribute('language')
hostCmdbId = Framework.getDestinationAttribute('hostId')
# configure internationalization support
if language and language != 'NA':
langBund = Framework.getEnvironmentInformation().getBundle('langHost_Resources_By_TTY', language)
else:
langBund = Framework.getEnvironmentInformation().getBundle('langHost_Resources_By_TTY')
# discovery
discoverCPUs = Boolean.parseBoolean(Framework.getParameter('discoverCPUs'))
discoverDisks = Boolean.parseBoolean(Framework.getParameter('discoverDisks'))
discoveriSCSIInfo = Boolean.parseBoolean(Framework.getParameter('discoveriSCSIInfo'))
discoverDrivers = Boolean.parseBoolean(Framework.getParameter('discoverDrivers'))
discoverMemory = Boolean.parseBoolean(Framework.getParameter('discoverMemory'))
discoverSoftware = Boolean.parseBoolean(Framework.getParameter('discoverInstalledSoftware'))
discoverUsers = Boolean.parseBoolean(Framework.getParameter('discoverUsers'))
discoverServices = Boolean.parseBoolean(Framework.getParameter('discoverServices'))
discoverShares = Boolean.parseBoolean(Framework.getParameter('discoverShares'))
discoverP2P = Boolean.parseBoolean(Framework.getParameter('discoverP2P'))
try:
hostOsh = modeling.createOshByCmdbIdString('host', hostCmdbId)
if discoverShares:
try:
vector.addAll(_discoverSharedResources(shell, hostOsh))
except:
errorMessage = 'Failed to discover shared resources'
_logWarn(errorcodes.FAILED_DISCOVERING_RESOURCE_WITH_CLIENT_TYPE, ['share', protocol], errorMessage)
if discoverCPUs:
try:
vector.addAll(TTY_HR_CPU_Lib.disWinOS(hostCmdbId, shell, Framework, langBund))
except:
errorMessage = 'Failed to discover CPUs'
_logWarn(errorcodes.FAILED_DISCOVERING_RESOURCE_WITH_CLIENT_TYPE, ['cpus', protocol], errorMessage)
if discoverDisks:
try:
vector.addAll(TTY_HR_Disk_Lib.disWinOS(hostOsh, shell))
except:
errorMessage = 'Failed to discover disks'
_logWarn(errorcodes.FAILED_DISCOVERING_RESOURCE_WITH_CLIENT_TYPE, ['disks', protocol], errorMessage)
if discoverDrivers and shell.isWinOs():
try:
vector.addAll(_discoverWindowsDeviceDriver(shell, hostOsh))
except:
errorMessage = 'Failed to discover windows device driver by powershell'
_logWarn(errorcodes.FAILED_DISCOVERING_RESOURCE_WITH_CLIENT_TYPE, ['windows device driver', protocol], errorMessage)
if discoveriSCSIInfo:
try:
vector.addAll(TTY_HR_Disk_Lib.disWinOSiSCSIInfo(hostOsh, shell))
except:
errorMessage = 'Failed to discover iSCSI info'
_logWarn(errorcodes.FAILED_DISCOVERING_RESOURCE_WITH_CLIENT_TYPE, ['iSCSI', protocol], errorMessage)
if discoverMemory:
try:
vector.addAll(TTY_HR_Memory_Lib.disWinOS(hostCmdbId, shell, Framework, langBund))
except:
errorMessage = 'Failed to discover memory'
_logWarn(errorcodes.FAILED_DISCOVERING_RESOURCE_WITH_CLIENT_TYPE, ['memory', protocol], errorMessage)
processes = []
try:
processesDiscoverer = process_discoverer.DiscovererByShellOnWindows(shell)
processes = processesDiscoverer.discoverAllProcesses()
if not processes:
raise ValueError()
except:
errorMessage = 'Failed to discover processes'
_logWarn(errorcodes.FAILED_DISCOVERING_RESOURCE_WITH_CLIENT_TYPE, ['processes', protocol], errorMessage)
if processes:
# save processes to DB
process_discoverer.saveProcessesToProbeDb(processes, hostCmdbId, Framework)
# report processes
discoverProcesses = Boolean.parseBoolean(Framework.getParameter('discoverProcesses'))
if discoverProcesses:
processReporter = process.Reporter()
for processObject in processes:
processVector = processReporter.reportProcess(hostOsh, processObject)
vector.addAll(processVector)
if discoverUsers:
try:
vector.addAll(_discoverUsers(hostOsh, shell))
except:
errorMessage = 'Failed to discover users'
_logWarn(errorcodes.FAILED_DISCOVERING_RESOURCE_WITH_CLIENT_TYPE, ['users', protocol], errorMessage)
cmdLineToInstalledSoftware = {}
softNameToInstSoftOSH = {}
if discoverSoftware:
try:
softwareOSHs = TTY_HR_Software_Lib.disWinOS(hostCmdbId, shell, Framework, langBund, softNameToInstSoftOSH)
if softwareOSHs:
vector.addAll(softwareOSHs)
except:
errorMessage = 'Failed to discover installed software'
_logWarn(errorcodes.FAILED_DISCOVERING_RESOURCE, ['installed software', protocol], errorMessage)
servicesByCmd = Hashtable()
if discoverServices:
try:
srvcOSHs = NTCMD_HR_REG_Service_Lib.doService(shell, hostOsh, servicesByCmd, langBund, Framework)
vector.addAll(srvcOSHs)
except:
errorMessage = 'Failed to discover services'
_logWarn(errorcodes.FAILED_DISCOVERING_RESOURCE, ['services', protocol], errorMessage)
connectivityEndPoints = []
try:
tcpDiscoverer = Dis_TCP.getDiscovererByShell(client, Framework, shell)
if tcpDiscoverer is not None:
tcpDiscoverer.discoverTCP()
connectivityEndPoints = tcpDiscoverer.getProcessEndPoints()
except:
errorMessage = 'Failed to run TCP discovery'
_logWarn(errorcodes.FAILED_RUNNING_DISCOVERY_WITH_CLIENT_TYPE, ['tcp', protocol], errorMessage)
appSign = applications.createApplicationSignature(Framework, client, shell)
if processes:
appSign.setProcessesManager(applications.ProcessesManager(processes, connectivityEndPoints))
servicesInfo = applications.ServicesInfo(servicesByCmd)
appSign.setServicesInfo(servicesInfo)
softwareInfo = applications.InstalledSoftwareInfo(cmdLineToInstalledSoftware, softNameToInstSoftOSH)
appSign.setInstalledSoftwareInfo(softwareInfo)
appSign.getApplicationsTopology(hostCmdbId)
if discoverP2P:
try:
p2p = process_to_process.ProcessToProcess(Framework)
p2p.getProcessesToProcess()
except:
errorMessage = 'Failed to run p2p discovery'
_logWarn(errorcodes.FAILED_RUNNING_DISCOVERY, ['p2p', protocol], errorMessage)
except JException, ex:
exInfo = ex.getMessage()
errormessages.resolveAndReport(exInfo, protocol, Framework)
except:
if softwareOSHs != None:
OSHVResult.addAll(softwareOSHs)
except:
errorMessage = "Failed to discover installed software"
logWarn(
Framework,
errorcodes.FAILED_DISCOVERING_RESOURCE,
["installed software", protocol],
errorMessage,
)
servicesByCmd = Hashtable()
if shell.isWinOs() and discoverServices:
try:
srvcOSHs = NTCMD_HR_REG_Service_Lib.doService(
shell, hostOsh, servicesByCmd, langBund, Framework
)
OSHVResult.addAll(srvcOSHs)
except:
errorMessage = "Failed to discover services"
logWarn(Framework, errorcodes.FAILED_DISCOVERING_RESOURCE, ["services", protocol], errorMessage)
if config.discoverFcHBAs:
oshs, warning = discover_or_warn(
"fibre channel HBAs",
discover_fc_hba_oshs_by_shell,
shell,
hostOsh,
protocol,
protocol_name=protocol,
)