So this is one of the first templates i'd like to share
We needed some nmap scanning so i decided to integrate it with zabbix to be notified if one port had been open.
This is still work in progress - there are no triggers but after the initial test, it seems like it's working nicely.
So how does it work
there is a powershell script that need to setting up IP address of zabbix, URL and API key to zabbix - this script will be triggered by windows scheduler. Host have to have environmental value for Nmap.exe. Nmap takes right now only default values
zabbix_sender need to be present from machine we scanning from (and in PS var points to it)
Template will create 2x trapper items - names can be changed easily but there is a section in PS script where they are referenced.
We need also need macro {$ALLOWED.PORTS} assigned to the host and values of the ports that can be open with comma-separated ports like: 80,90,443 etc. Host will be skipped if macro doesn't exist - host will be scanned one-by-one so we dont overdo netowork
To enable scanning we need to assign them to a new host group called "PortScanGroup" - feel free to adjust code so you can search for hosts by template. I wanted them in separate host groups really to enable/disable.
PS script when run will create a folder with logs and XML files from nmap in the directory specified in PS script.
This is just the 1st release of this template - I will be working on it and fixing few things like:
-adding macro to template (oh forgot to do it),
-when host is disabled - skip it
-when host has more than one IP addresses (127.0.0.1 is already disabled from scanning) - so nmap can scan them all if needed
-adjusting logs to they are more readable and consistent
-maybe linux support? currently works on windows
-expand more options to nmap
So the workflow is like this:
get hostgroup id and then get all hosts
get IP addresses
scan with nmap with XML output
get macro value per host
read XML and compare with Macro value
if there is port that is not in macro - script will send this port number to hosts item
Approach with windows scheduler was because we cannot run PS scripts that are run too long (we can via hackery but not bothered) - this is controlled purely by windows task scheduler - feel free to adapt to your own case and take "magic vars" out so can be passed to script instead for security
enjoy
We needed some nmap scanning so i decided to integrate it with zabbix to be notified if one port had been open.
This is still work in progress - there are no triggers but after the initial test, it seems like it's working nicely.
So how does it work
there is a powershell script that need to setting up IP address of zabbix, URL and API key to zabbix - this script will be triggered by windows scheduler. Host have to have environmental value for Nmap.exe. Nmap takes right now only default values
zabbix_sender need to be present from machine we scanning from (and in PS var points to it)
Template will create 2x trapper items - names can be changed easily but there is a section in PS script where they are referenced.
We need also need macro {$ALLOWED.PORTS} assigned to the host and values of the ports that can be open with comma-separated ports like: 80,90,443 etc. Host will be skipped if macro doesn't exist - host will be scanned one-by-one so we dont overdo netowork
To enable scanning we need to assign them to a new host group called "PortScanGroup" - feel free to adjust code so you can search for hosts by template. I wanted them in separate host groups really to enable/disable.
PS script when run will create a folder with logs and XML files from nmap in the directory specified in PS script.
This is just the 1st release of this template - I will be working on it and fixing few things like:
-adding macro to template (oh forgot to do it),
-when host is disabled - skip it
-when host has more than one IP addresses (127.0.0.1 is already disabled from scanning) - so nmap can scan them all if needed
-adjusting logs to they are more readable and consistent
-maybe linux support? currently works on windows
-expand more options to nmap
So the workflow is like this:
get hostgroup id and then get all hosts
get IP addresses
scan with nmap with XML output
get macro value per host
read XML and compare with Macro value
if there is port that is not in macro - script will send this port number to hosts item
Approach with windows scheduler was because we cannot run PS scripts that are run too long (we can via hackery but not bothered) - this is controlled purely by windows task scheduler - feel free to adapt to your own case and take "magic vars" out so can be passed to script instead for security
enjoy
Comment