Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: ganglia-gmetad-info.nse
From: Brendan Coles <bcoles () gmail com>
Date: Tue, 28 Jun 2011 13:27:31 +1000

I've combined the ganglia-gmond-info and ganglia-gmetad-info scripts into
ganglia-info.nse ( attached )


-- @output
-- PORT     STATE SERVICE REASON  VERSION
-- 8651/tcp open  ganglia syn-ack Ganglia XML Grid monitor 3.0.7 (Cluster
name: Fyodor's Cluster 2; Owner: Fyodor; Source: gmetad)
-- | ganglia-info:
-- |        Service: Ganglia Meta Daemon
-- |        Version: 3.0.7
-- |        Grid Name: Fyodor's Grid
-- |        Cluster Name: Fyodor's Cluster 1
-- |            Owner: Fyodor
-- |        Cluster Name: Fyodor's Cluster 2
-- |            Owner: Fyodor
-- |            Hostname: ganglia.example.com
-- |                IP: 192.168.1.1
-- |                disk total: 482.853GB
-- |                cpu speed: 2133MHz
-- |                part max used: 74.7%
-- |                swap total: 2097144KB
-- |                os name: Linux
-- |                cpu user: 3.4%
-- |                cpu system: 0.4%
-- |                cpu aidle: 95.2%
-- |                load five: 0.13
-- |                proc run: 0
-- |                mem free: 714040KB
-- |                mem buffers: 262100KB
-- |                swap free: 2097144KB
-- |                bytes in: 2332.70bytes/sec
-- |                pkts out: 2.70packets/sec
-- |                cpu num: 2CPUs
-- |                disk free: 188.861GB
-- |                mem total: 3114872KB
-- |                cpu wio: 0.1%
-- |                boottime: 1307115184s
-- |                machine type: x86
-- |                os release: 2.6.18-238.9.1.el5
-- |                cpu nice: 0.0%
-- |                cpu idle: 96.1%
-- |                load one: 0.04
-- |                load fifteen: 0.14
-- |                proc total: 245
-- |                mem shared: 0KB
-- |                mem cached: 1260100KB
-- |                gexec: OFF
-- |                bytes out: 640.10bytes/sec
-- |_              pkts in: 12.90packets/sec


On Fri, Jun 10, 2011 at 12:51 AM, Toni Ruottu <toni.ruottu () iki fi> wrote:

Would it make sense to do one script called ganglia-info rather than
two scripts? I guess it would still be good for the version detection
to identify which service you are dealing with.

On Thu, Jun 9, 2011 at 1:13 PM, Brendan Coles <bcoles () gmail com> wrote:
Hi nmap-dev,

Attached is ganglia-gmetad-info.nse which is designed to retrieve system
information from a Ganglia Meta Daemon, as per the script ideas page on
secwiki.org

I've also attached a tiny modification to the Ganglia Monitoring Daemon
script ( ganglia-gmond-info.nse --- see:
http://seclists.org/nmap-dev/2011/q2/875 ) to stop the script returning
data
from a Ganglia Meta Daemon.

These two services are almost identical. If you aren't familiar with
Ganglia, the monitoring daemon (port 8649) returns data for hosts in a
single cluster whereas the meta daemon (port 8651) returns data for hosts
in
multiple clusters.

Nmap currently reports both services as "ganglia" --- can anyone foresee
any
issues with changing the nmap-service-probes for Ganglia from:

match ganglia m|^<\?xml version=\"1\.0\".*<!DOCTYPE
GANGLIA_XML.*<GANGLIA_XML VERSION=\"([^\"]+)\"
SOURCE=\"([^\"]+)\">.*<CLUSTER NAME=\"([^\"]+)\" LOCALTIME=\"\d+\"
OWNER=\"([^\"]+)\"|s p/Ganglia XML Grid monitor/ v/$1/ i/Cluster name:
$3;
Owner: $4; Source: $2/ d/specialized/

to:

match ganglia-metad m|^<\?xml version=\"1\.0\".*<!DOCTYPE
GANGLIA_XML.*<GANGLIA_XML VERSION=\"([^\"]+)\"
SOURCE=\"gmetad\">.*<CLUSTER
NAME=\"([^\"]+)\" LOCALTIME=\"\d+\" OWNER=\"([^\"]+)\"|s p/Ganglia XML
Grid
monitor/ v/$1/ i/Cluster name: $3; Owner: $4; Source: $2/ d/specialized/

match ganglia-gmond m|^<\?xml version=\"1\.0\".*<!DOCTYPE
GANGLIA_XML.*<GANGLIA_XML VERSION=\"([^\"]+)\"
SOURCE=\"gmond\">.*<CLUSTER
NAME=\"([^\"]+)\" LOCALTIME=\"\d+\" OWNER=\"([^\"]+)\"|s p/Ganglia XML
Grid
monitor/ v/$1/ i/Cluster name: $3; Owner: $4; Source: $2/ d/specialized/

... in order to reflect the difference in the service type? (Note the
difference in the "source" property of the GANGLIA_XML node.)


Is this a good idea? The difference between the two is currently only
reported (in service fingerprinting mode) in the version, as follows:

8649/tcp open  ganglia syn-ack Ganglia XML Grid monitor 3.0.7 (Cluster
name:
Fyodor's Cluster; Owner: Fyodor; Source: gmond)

8651/tcp open  ganglia syn-ack Ganglia XML Grid monitor 3.0.7 (Cluster
name:
Fyodor's Cluster 2; Owner: Fyodor; Source: gmetad)

( Note the difference in "source:" )


If the probes aren't changed then both scripts will be triggered by the
"ganglia" service if the user is running all discovery scripts.

If the probes can't be changed for some unforeseen reason, would it be
worth
combining these two scripts into one?


Furthermore, both scripts currently print the following in debugging mode
if
the service type is incorrect:

("%s: %s:%s is not a Ganglia Monitoring Daemon."):format(script_name,
host.targetname or host.ip, port.number)

or:

("%s: %s:%s is not a Ganglia Meta Daemon."):format(script_name,
host.targetname or host.ip, port.number)

... based on the aforementioned GANGLIA_XML nodes. Perhaps a better
solution
would be to return the error message even when debugging is off and
advise
the user to try the other script?

Finally, what do you think of the (rather verbose) output? Should
verbosity
be a script argument? If so, what data do you consider important for the
standard output?

Feedback is welcomed and appreciated.

-----------------------------------


description = [[
Retrieves system information from a listening Ganglia Meta Daemon.
Ganglia
is a scalable distributed monitoring system for high-performance
computing
systems such as clusters and Grids. The information retrieved includes
HDD
size,
available memory, OS version, architecture (and more) from each of the
systems
in each of the clusters in the grid.

For more information about the Ganglia Meta Daemon, see:
http://ganglia.sourceforge.net/

http://en.wikipedia.org/wiki/Ganglia_(software)#Ganglia_Meta_Daemon_.28gmetad.29
]]

---
-- @usage
-- nmap --script ganglia-gmetad-info --script-args
ganglia-gmetad-info.timeout=30,ganglia-gmetad-info.bytes=1000000 -p 8651
<target>
--
-- @args ganglia-gmetad-info.timeout
--           Set timeout in seconds. The default value is 30.
--           About 5KB-10KB of data is returned for each host in the
cluster.
--           Retrieving data from a grid of 25 hosts (~100KB-250KB) takes
~8s-20s @ 100Kb/s
-- @args ganglia-gmetad-info.bytes
--           Set the number of bytes to retrieve. The default value is
1000000.
--           About 5KB-10KB of data is returned for each host in the
cluster.
--           1,000,000 bytes should be enough for at least 100 hosts.
--
-- @output
-- PORT     STATE SERVICE REASON  VERSION
-- 8651/tcp open  ganglia syn-ack Ganglia XML Grid monitor 3.0.7 (Cluster
name: Fyodor's Cluster 2; Owner: Fyodor; Source: gmetad)
-- | ganglia-gmetad-info:
-- |   Version: 3.0.7
-- |   Grid:
-- |        Name: Fyodor's Grid
-- |            Cluster:
-- |                Name: Fyodor's Cluster 1
-- |                Owner: Fyodor
-- |            Cluster:
-- |                Name: Fyodor's Cluster 2
-- |                Owner: Fyodor
-- |            Host [Name: ganglia.example.com; IP: 192.168.1.1]
-- |                disk total: 482.853GB
-- |                cpu speed: 2133MHz
-- |                part max used: 74.7%
-- |                swap total: 2097144KB
-- |                os name: Linux
-- |                cpu user: 3.4%
-- |                cpu system: 0.4%
-- |                cpu aidle: 95.2%
-- |                load five: 0.13
-- |                proc run: 0
-- |                mem free: 714040KB
-- |                mem buffers: 262100KB
-- |                swap free: 2097144KB
-- |                bytes in: 2332.70bytes/sec
-- |                pkts out: 2.70packets/sec
-- |                cpu num: 2CPUs
-- |                disk free: 188.861GB
-- |                mem total: 3114872KB
-- |                cpu wio: 0.1%
-- |                boottime: 1307115184s
-- |                machine type: x86
-- |                os release: 2.6.18-238.9.1.el5
-- |                cpu nice: 0.0%
-- |                cpu idle: 96.1%
-- |                load one: 0.04
-- |                load fifteen: 0.14
-- |                proc total: 245
-- |                mem shared: 0KB
-- |                mem cached: 1260100KB
-- |                gexec: OFF
-- |                bytes out: 640.10bytes/sec
-- |_                pkts in: 12.90packets/sec


Regards,

Brendan Coles
http://itsecuritysolutions.org

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


Attachment: ganglia-info.nse
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]