Showing posts with label ITNM nmap agent. Show all posts
Showing posts with label ITNM nmap agent. Show all posts

Thursday, September 23, 2010

ITNM 3.8 NMAPScan Agent

Recent updates to IBM Tivoli Network Manager 3.8 introduced a new discovery agent that utilizes Nmap (Network Mapper) to provide some extra details about devices without SNMP access or certain types of end nodes. The extra information includes operating system type based on nmap’s OS fingerprinting capability along with port and service information.

This sounds great, but there are some serious drawbacks…

A. It’s slow. It’s a typical ITNM perl based agent that handles parallelism by spawning more instances of nmap to scan individual hosts rather than utilizing the large volume scanning capabilities inherent to nmap.

B. The required version of nmap is 4.85 and most enterprise *nix platforms are still shipping 4.0-4.11 so chances are you will need to acquire a recent version from the Nmap project page (http://nmap.org).

C. You can’t just turn the agent on. After you get an appropriate version of nmap installed you have to edit $NCHOME/ precision/disco/agents/perlAgents/ NMAPScan.pl to uncomment and set the path to nmap :

my $nmapBinary = '/usr/bin/nmap';

D. Running ITNM as setuid root does not work with the default nmap arguments. If you do not want your ITNM processes running as root you will need to adjust the scan settings in NMAPScan.pl or chown root ncp_disco_perl_agent then chmod u+s ncp_disco_perl_agent and then modify root’s environment so that the ITNM perl is used rather than the system perl. Or you could just run as root.

E. The OS type value is really just a guess. Sometimes it is a little off. For example CentOS 5 indentified as Gentoo.

F. Did I mention that it is slow?

Here are some screen shots of examples of the information collected.

So what would be a good use of the NMAPScan agent? For starters it would help classifying NoSNMPAccess devices.

Consider this AOC file that defines the class Linux_NoSNMPAccess:

//*************************************************************

//

// File : Linux_NoSNMPAccess.aoc

//

//*************************************************************

active object 'Linux_NoSNMPAccess'

{

super_class = 'NoSNMPAccess';

instantiate_rule = "ExtraInfo->m_OSType LIKE '.*Linux.*'";

visual_icon = 'NoSNMPAccess';

};

With this solution it is possible to create buckets to dump your devices into to provide the ability to at a minimum do ping polling via a class filter without pinging stuff you could care less about.