Security Oriented Managed Attributes
Soma is an in-house project to develop a network inventory product. Soma consists of a dozen data collecting scripts which run from cron hourly or daily, dumping what they find into a relational database. A manual effort associates ethernet switch port identifiers with wall jack identifiers. On the front end, a Web reporting tool provides access to the results. With Soma, we want to acquire a rough idea of what is attached to our network, along with whatever tidbits of information we can easily acquire about these end-stations. We expect that producing and running Soma will help inform our efforts to select a more permanent open-source or commercial replacement.
At this point, Soma is dated ... written in 2005, plus a few minor enhancements. We're still running it (minus the Nessus integration, which we retired some years ago); we haven't gotten around to replacing it ... however, I would like to think that plenty of other projects do a better job n this spacethan Soma -- I leave it here purely as a monument: my first large software project. 2013-01-10 --sk
Soma's schema illustrates the data which Soma collects. Soma is implemented using Perl for the data collecting scripts, PostGres for the database, and Apache/PHP for the reporting front-end.
Typically, the data collecting scripts acquire a copy of our network's route table from a nearby router and then walk through each route, probing each IP address and performing some function, like querying its local NetBIOS name or querying its SNMP agent.
- gather-dns-name: pings each address, performing a DNS look-up on each node which answers
- gather-host-snmp: pings each address, performing an SNMP GET on sysDescr.0 and sysObjectID.0
on each node which answers
- gather-ipaddr-mac-port: dumps the CAM and ARP tables from the switches and routers
- gather-ldap-ou: for every NetBIOS machine name in Soma, queries
Active Directory domain controllers for the associated OU
- gather-netbios-name: pings each address, performing a NetBIOS name look-up on each node which
- gather-nessus-vuln-all: performs a Nessus scan on each node
- gather-nmap-os-guess: pings each address, performing an Nmap
OS guess scan on each node which answers
- gather-wap-clients: dumps the MAC address/Dot11 Radio interface
table from each wireless access point
- import-wins-dump: imports a csv file containing IP address to NetBIOS name mappings
- wall-jack: imports an Excel spreadsheet containing switch-slot-port-walljack mappings
Most of the functional code behind Soma sits within a collection of modules.
- DBTools.pm contains wrappers around various DBI functions.
- Foundation.pm builds a framework which supports the data collecting routines.
- HostTools.pm contains routines for asking localhost questions about its IP configuration.
- LDAPTools.pm contains routines for connecting to LDAP servers.
- NetworkTools.pm contains routines related to walking an IP space and performing an action on each address ... as well as routines for querying routers for ARP and route tables.
- PingTools.pm contains various routines for emitting ICMP Echo packets.
- QueryHost.pm contains routines which send queries to hosts.
- QueryLDAP.pm contains routines for searching LDAP servers.
- QuerySoma.pm contains routines for querying Soma.
- ScanTools.pm contains wrappers around Nmap and Nessus.
- SNMPTools.pm contains wrappers around the net-snmp SNMP methods.
- SomaCrud.pm contains routines which accept data structures as input and Create/Read/Update/Delete tables in Soma.
- SomaData.pm contains all the configuration information for Soma's data-collecting persona.
- SomaTools.pm contains miscellaneous routines, currently routines for parsing the Wall Jack CSV file.
- SwitchTools.pm contains routines for querying Ethernet switches.
- Utilities.pm contains basic tools like logging and error-handling routines.
- WINSTools.pm contains routines for examining WINS entries.
To create Soma's tables, I use the following import file:
Here are screen shots from the reporting front-end: