Nmap Development mailing list archives

ganglia-gmetad-info.nse

From: Brendan Coles <bcoles () gmail com>
Date: Thu, 9 Jun 2011 20:13:06 +1000

Hi nmap-dev,

Attached is ganglia-gmetad-info.nse which is designed to retrieve system
information from a Ganglia Meta Daemon, as per the script ideas page on
secwiki.org

I've also attached a tiny modification to the Ganglia Monitoring Daemon
script ( ganglia-gmond-info.nse --- see:
http://seclists.org/nmap-dev/2011/q2/875 ) to stop the script returning data
from a Ganglia Meta Daemon.

These two services are almost identical. If you aren't familiar with
Ganglia, the monitoring daemon (port 8649) returns data for hosts in a
single cluster whereas the meta daemon (port 8651) returns data for hosts in
multiple clusters.

Nmap currently reports both services as "ganglia" --- can anyone foresee any
issues with changing the nmap-service-probes for Ganglia from:

match ganglia m|^<\?xml version=\"1\.0\".*<!DOCTYPE
GANGLIA_XML.*<GANGLIA_XML VERSION=\"([^\"]+)\"
SOURCE=\"([^\"]+)\">.*<CLUSTER NAME=\"([^\"]+)\" LOCALTIME=\"\d+\"
OWNER=\"([^\"]+)\"|s p/Ganglia XML Grid monitor/ v/$1/ i/Cluster name: $3;
Owner: $4; Source: $2/ d/specialized/

to:

match ganglia-metad m|^<\?xml version=\"1\.0\".*<!DOCTYPE
GANGLIA_XML.*<GANGLIA_XML VERSION=\"([^\"]+)\" SOURCE=\"gmetad\">.*<CLUSTER
NAME=\"([^\"]+)\" LOCALTIME=\"\d+\" OWNER=\"([^\"]+)\"|s p/Ganglia XML Grid
monitor/ v/$1/ i/Cluster name: $3; Owner: $4; Source: $2/ d/specialized/

match ganglia-gmond m|^<\?xml version=\"1\.0\".*<!DOCTYPE
GANGLIA_XML.*<GANGLIA_XML VERSION=\"([^\"]+)\" SOURCE=\"gmond\">.*<CLUSTER
NAME=\"([^\"]+)\" LOCALTIME=\"\d+\" OWNER=\"([^\"]+)\"|s p/Ganglia XML Grid
monitor/ v/$1/ i/Cluster name: $3; Owner: $4; Source: $2/ d/specialized/

... in order to reflect the difference in the service type? (Note the
difference in the "source" property of the GANGLIA_XML node.)


Is this a good idea? The difference between the two is currently only
reported (in service fingerprinting mode) in the version, as follows:

8649/tcp open  ganglia syn-ack Ganglia XML Grid monitor 3.0.7 (Cluster name:
Fyodor's Cluster; Owner: Fyodor; Source: gmond)

8651/tcp open  ganglia syn-ack Ganglia XML Grid monitor 3.0.7 (Cluster name:
Fyodor's Cluster 2; Owner: Fyodor; Source: gmetad)

( Note the difference in "source:" )


If the probes aren't changed then both scripts will be triggered by the
"ganglia" service if the user is running all discovery scripts.

If the probes can't be changed for some unforeseen reason, would it be worth
combining these two scripts into one?


Furthermore, both scripts currently print the following in debugging mode if
the service type is incorrect:

("%s: %s:%s is not a Ganglia Monitoring Daemon."):format(script_name,
host.targetname or host.ip, port.number)

or:

("%s: %s:%s is not a Ganglia Meta Daemon."):format(script_name,
host.targetname or host.ip, port.number)

... based on the aforementioned GANGLIA_XML nodes. Perhaps a better solution
would be to return the error message even when debugging is off and advise
the user to try the other script?

Finally, what do you think of the (rather verbose) output? Should verbosity
be a script argument? If so, what data do you consider important for the
standard output?

Feedback is welcomed and appreciated.

-----------------------------------


description = [[
Retrieves system information from a listening Ganglia Meta Daemon. Ganglia
is a scalable distributed monitoring system for high-performance computing
systems such as clusters and Grids. The information retrieved includes HDD
size,
available memory, OS version, architecture (and more) from each of the
systems
in each of the clusters in the grid.

For more information about the Ganglia Meta Daemon, see:
http://ganglia.sourceforge.net/
http://en.wikipedia.org/wiki/Ganglia_(software)#Ganglia_Meta_Daemon_.28gmetad.29
]]

---
-- @usage
-- nmap --script ganglia-gmetad-info --script-args
ganglia-gmetad-info.timeout=30,ganglia-gmetad-info.bytes=1000000 -p 8651
<target>
--
-- @args ganglia-gmetad-info.timeout
--           Set timeout in seconds. The default value is 30.
--           About 5KB-10KB of data is returned for each host in the
cluster.
--           Retrieving data from a grid of 25 hosts (~100KB-250KB) takes
~8s-20s @ 100Kb/s
-- @args ganglia-gmetad-info.bytes
--           Set the number of bytes to retrieve. The default value is
1000000.
--           About 5KB-10KB of data is returned for each host in the
cluster.
--           1,000,000 bytes should be enough for at least 100 hosts.
--
-- @output
-- PORT     STATE SERVICE REASON  VERSION
-- 8651/tcp open  ganglia syn-ack Ganglia XML Grid monitor 3.0.7 (Cluster
name: Fyodor's Cluster 2; Owner: Fyodor; Source: gmetad)
-- | ganglia-gmetad-info:
-- |   Version: 3.0.7
-- |   Grid:
-- |        Name: Fyodor's Grid
-- |            Cluster:
-- |                Name: Fyodor's Cluster 1
-- |                Owner: Fyodor
-- |            Cluster:
-- |                Name: Fyodor's Cluster 2
-- |                Owner: Fyodor
-- |            Host [Name: ganglia.example.com; IP: 192.168.1.1]
-- |                disk total: 482.853GB
-- |                cpu speed: 2133MHz
-- |                part max used: 74.7%
-- |                swap total: 2097144KB
-- |                os name: Linux
-- |                cpu user: 3.4%
-- |                cpu system: 0.4%
-- |                cpu aidle: 95.2%
-- |                load five: 0.13
-- |                proc run: 0
-- |                mem free: 714040KB
-- |                mem buffers: 262100KB
-- |                swap free: 2097144KB
-- |                bytes in: 2332.70bytes/sec
-- |                pkts out: 2.70packets/sec
-- |                cpu num: 2CPUs
-- |                disk free: 188.861GB
-- |                mem total: 3114872KB
-- |                cpu wio: 0.1%
-- |                boottime: 1307115184s
-- |                machine type: x86
-- |                os release: 2.6.18-238.9.1.el5
-- |                cpu nice: 0.0%
-- |                cpu idle: 96.1%
-- |                load one: 0.04
-- |                load fifteen: 0.14
-- |                proc total: 245
-- |                mem shared: 0KB
-- |                mem cached: 1260100KB
-- |                gexec: OFF
-- |                bytes out: 640.10bytes/sec
-- |_                pkts in: 12.90packets/sec


Regards,

Brendan Coles
http://itsecuritysolutions.org

Attachment: ganglia-gmond-info.nse
Description:

Attachment: ganglia-gmetad-info.nse
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

ganglia-gmetad-info.nse Brendan Coles (Jun 09)
- Re: ganglia-gmetad-info.nse Toni Ruottu (Jun 09)
  - Re: ganglia-gmetad-info.nse Brendan Coles (Jun 27)