Device

Security Oriented Managed Attributes

Overview

Soma is an in-house project to develop a network inventory product. Soma consists of a dozen data collecting scripts which run from cron hourly or daily, dumping what they find into a relational database. A manual effort associates ethernet switch port identifiers with wall jack identifiers. On the front end, a Web reporting tool provides access to the results. With Soma, we want to acquire a rough idea of what is attached to our network, along with whatever tidbits of information we can easily acquire about these end-stations. We expect that producing and running Soma will help inform our efforts to select a more permanent open-source or commercial replacement.

At this point, Soma is dated ... written in 2005, plus a few minor enhancements. We're still running it (minus the Nessus integration, which we retired some years ago); we haven't gotten around to replacing it ... however, I would like to think that plenty of other projects do a better job n this spacethan Soma -- I leave it here purely as a monument: my first large software project. 2013-01-10 --sk

Soma's schema illustrates the data which Soma collects. Soma is implemented using Perl for the data collecting scripts, PostGres for the database, and Apache/PHP for the reporting front-end.

Data Collection

Typically, the data collecting scripts acquire a copy of our network's route table from a nearby router and then walk through each route, probing each IP address and performing some function, like querying its local NetBIOS name or querying its SNMP agent.

  • gather-dns-name: pings each address, performing a DNS look-up on each node which answers
  • gather-host-snmp: pings each address, performing an SNMP GET on sysDescr.0 and sysObjectID.0 on each node which answers
  • gather-ipaddr-mac-port: dumps the CAM and ARP tables from the switches and routers
  • gather-ldap-ou: for every NetBIOS machine name in Soma, queries Active Directory domain controllers for the associated OU
  • gather-netbios-name: pings each address, performing a NetBIOS name look-up on each node which answers
  • gather-nessus-vuln-all: performs a Nessus scan on each node
  • gather-nmap-os-guess: pings each address, performing an Nmap OS guess scan on each node which answers
  • gather-wap-clients: dumps the MAC address/Dot11 Radio interface table from each wireless access point
  • import-wins-dump: imports a csv file containing IP address to NetBIOS name mappings
  • wall-jack: imports an Excel spreadsheet containing switch-slot-port-walljack mappings

Most of the functional code behind Soma sits within a collection of modules.

  • DBTools.pm contains wrappers around various DBI functions.
  • Foundation.pm builds a framework which supports the data collecting routines.
  • HostTools.pm contains routines for asking localhost questions about its IP configuration.
  • LDAPTools.pm contains routines for connecting to LDAP servers.
  • NetworkTools.pm contains routines related to walking an IP space and performing an action on each address ... as well as routines for querying routers for ARP and route tables.
  • PingTools.pm contains various routines for emitting ICMP Echo packets.
  • QueryHost.pm contains routines which send queries to hosts.
  • QueryLDAP.pm contains routines for searching LDAP servers.
  • QuerySoma.pm contains routines for querying Soma.
  • ScanTools.pm contains wrappers around Nmap and Nessus.
  • SNMPTools.pm contains wrappers around the net-snmp SNMP methods.
  • SomaCrud.pm contains routines which accept data structures as input and Create/Read/Update/Delete tables in Soma.
  • SomaData.pm contains all the configuration information for Soma's data-collecting persona.
  • SomaTools.pm contains miscellaneous routines, currently routines for parsing the Wall Jack CSV file.
  • SwitchTools.pm contains routines for querying Ethernet switches.
  • Utilities.pm contains basic tools like logging and error-handling routines.
  • WINSTools.pm contains routines for examining WINS entries.

DataBase

To create Soma's tables, I use the following import file: soma-schema-v1.5.sql.

Reporting

Here are screen shots from the reporting front-end:


Last modified: 2017-04-28