This just appeared on another list. This fellow is using Nmap to port
scan the entire network. First you do a base scan and see if there are
any problems that need to be addressed. Once you get your network in an
acceptable state, you run another base scan to be used for comparison.
Then you run a daily scan as a scheduled task and the script emails you any
differences. Not authored or tested by me. Here is the post.
The two links in this message are perl script which I will be describing
below. This way if you don't want to look at the script you don't have to
go to my website.
archmaker (couldn't think of a better name :-))
The both require the use of the PERL module MailTools-1.5.
The format of the files produced are as follows:
10.1.1.1_RAW # Raw output of the nmap scan
10.1.1.1_Base # Cleaned up version of the nmap scan
10.1.1.1_Aug_14 # Daily cleaned up version of the nmap scan
This script is designed to be ran on a remote host, on an automated basis,
using the cron utility on a frequency determined by the user.
USE
Run the "base" code first to develop the base file. If you approve of the
ports reported open on the base scan then continue on. If not fix the open
ports and THEN re-run the base function to create an updated "base" file.
Run the "code" using cron underneath a NON-ROOT user for security purposes.
Have the address from system set to the user executing the crontab file.
Took a little work in sendmail to get formatted the way I wanted, but is
not that difficult.
RESULT
This program is currently being used once a day against a system to check
the status of the ports on the system. The base is the one which the daily
scans are compared against, with any difference being reported by email to
whomever you want to include in your contact list. This report is basically
in the format below:
------------------------------------------------------------------------------------------------------
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Difference in 10.1.1.1
DIFFERENCES IN SCAN RESULTS
BASE SCAN RECENT SCAN
Port Status Service | Port Status Service
-------------------------------------------------------------------------------
No Open Ports | 23 Open telnet
------------------------------------------------------------------------------------------------------
Now for the code. Any comments to make it better will be appreciated. I am
an accountant, not a programmer. And all the programming I have done has
been self taught. Started teaching myself PERL about two years ago, in my
spare time. Believe the best way to learn is to do, not just read the book.
Hence my code does have some faults.
Will be working on my web site soon to place the code out in the public and
better document what it does, and hopefully contain information on how to
use and etc. I currently have two more scripts designed to be used against
sequential IP addresses (up to 255), both the "base" and "code", but want
to beta them a little more to ensure I have all the bugs worked out and
want to see the recommendations made concerning these two scripts.
Base code: www.archmaker.com/archmaker_base.htm
Daily Scan code: www.archmaker.com/archmaker_code.htm
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
