Scanner selector

Document created by mcalvi on Mar 25, 2014
Version 1Show Document
  • View in full screen mode

Sorry for the cross post.  thought this might be a better location.

 

 

General Caveat:  this is horribly written and could be done better by holding in memory.

 

We have multiple scanner appliances and do most of our scanning via API / adhoc scans.  One of the issues we had was that all of the scans were coming from our primary scanner and not our secondary scanner.  Additionally we planned to have some more scanners for certain areas (subnets), so we needed a way to enforce certain scanners and let our process select the scanner it needed.

 

Thus we implemented the qualysDB.pm in our API scripts.

 

On the box which runs the API scripts, we installed a mysql with the tables listed it in db.txt.  In this we pre-populated all our network ranges in the networks table via an integer representation of the IP address start and end ranges.

 

In the leases table we pre-populated our static assignments (ie the networks where the scanners live).

 

When we want to find the scanner for a specific IP, we simply call

 

my $appliance = getScanner($IP_Address, $DB_Name, $DB_User, $DB_Password);

 

It then returns the scanners you specify and you can treat as you want.

 

Other things to consider:

- in the qualysDB.pm, it references a module that can be replaced by Net::IP to convert a ipv4 to an integer for the DB  (line 8)

- the scanners are hard coded as SCANNER1 and SCANNER2  (line 218 - 220)

- $debug (line 27): set to 1 if you want the print statements for debugging

- $time (line 28): for each IP checked, it adds $timer minutes to the lease.  We changed in production to 3 and it went a LONG time after a major scan of the workstation environment.

- time zones are set for America/Chicago (lines 188, 259, 306, 307)

Attachments

Outcomes