This just appeared on another list.     This fellow is using Nmap to port
scan the entire network.     First you do a base scan and see if there are
any problems that need to be addressed.   Once you get your network in an
acceptable state, you run another base scan to be used for comparison.
Then you run a daily scan as a scheduled task and the script emails you any
differences.       Not authored or tested by me.    Here is the post.



The two links in this message are perl script which I will be describing
below. This way if you don't want to look at the script you don't have to
go to my website.

archmaker (couldn't think of a better name :-))

The both require the use of the PERL module MailTools-1.5.

The format of the files produced are as follows:

10.1.1.1_RAW # Raw output of the nmap scan
10.1.1.1_Base # Cleaned up version of the nmap scan
10.1.1.1_Aug_14 # Daily cleaned up version of the nmap scan

This script is designed to be ran on a remote host, on an automated basis,
using the cron utility on a frequency determined by the user.

USE

Run the "base" code first to develop the base file. If you approve of the
ports reported open on the base scan then continue on. If not fix the open
ports and THEN re-run the base function to create an updated "base" file.

Run the "code" using cron underneath a NON-ROOT user for security purposes.

Have the address from system set to the user executing the crontab file.
Took a little work in sendmail to get formatted the way I wanted, but is
not that difficult.

RESULT

This program is currently being used once a day against a system to check
the status of the ports on the system. The base is the one which the daily
scans are compared against, with any difference being reported by email to
whomever you want to include in your contact list. This report is basically

in the format below:
------------------------------------------------------------------------------------------------------

From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Difference in 10.1.1.1


   DIFFERENCES IN SCAN RESULTS

      BASE SCAN RECENT SCAN
Port Status Service | Port Status Service
-------------------------------------------------------------------------------

No Open Ports        | 23    Open   telnet

------------------------------------------------------------------------------------------------------


Now for the code. Any comments to make it better will be appreciated. I am
an accountant, not a programmer. And all the programming I have done has
been self taught. Started teaching myself PERL about two years ago, in my
spare time. Believe the best way to learn is to do, not just read the book.

Hence my code does have some faults.

Will be working on my web site soon to place the code out in the public and

better document what it does, and hopefully contain information on how to
use and etc. I currently have two more scripts designed to be used against
sequential IP addresses (up to 255), both the "base" and "code", but want
to beta them a little more to ensure I have all the bugs worked out and
want to see the recommendations made concerning these two scripts.

Base code:      www.archmaker.com/archmaker_base.htm

Daily Scan code:        www.archmaker.com/archmaker_code.htm




http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

Reply via email to