From 8f7ed4888afda663e037e06e0853016b0e5f12cb Mon Sep 17 00:00:00 2001 From: Jon Date: Sat, 24 Feb 2024 15:25:52 +0930 Subject: [PATCH 1/8] feat(server): scanner identity confirmation !11 #1 --- .../ansible/collection/phpipam_scan_agent/index.md | 2 +- .../ansible/collection/phpipam_scan_agent/scanner.md | 9 +++++++++ .../ansible/collection/phpipam_scan_agent/server.md | 11 +++++++++++ extensions/eda/rulebooks/agent_receive.yml | 1 + includes/etc/phpipam/scan_agent.yaml | 2 ++ includes/etc/phpipam/scan_server.yaml | 2 ++ playbooks/tasks/scan_subnet.yaml | 2 ++ 7 files changed, 28 insertions(+), 1 deletion(-) diff --git a/docs/projects/ansible/collection/phpipam_scan_agent/index.md b/docs/projects/ansible/collection/phpipam_scan_agent/index.md index 8a84a18..92a4672 100644 --- a/docs/projects/ansible/collection/phpipam_scan_agent/index.md +++ b/docs/projects/ansible/collection/phpipam_scan_agent/index.md @@ -50,7 +50,7 @@ The following features are available or planned to be implmented: !!! info It's only possible to obtain a MAC Address if the scanner is on the same L2 network (Broadcast Domain). Within the docs you will find the different methods available to achieve this. -- [**ToDo** Remote Network Scanning](https://gitlab.com/nofusscomputing/projects/ansible/collections/phpipam_scan_agent/-/issues/1) +- Remote Network Scanning - [**ToDo** Resolve DNS names](https://gitlab.com/nofusscomputing/projects/ansible/collections/phpipam_scan_agent/-/issues/4) diff --git a/docs/projects/ansible/collection/phpipam_scan_agent/scanner.md b/docs/projects/ansible/collection/phpipam_scan_agent/scanner.md index 7a0cb33..12e1063 100644 --- a/docs/projects/ansible/collection/phpipam_scan_agent/scanner.md +++ b/docs/projects/ansible/collection/phpipam_scan_agent/scanner.md @@ -38,6 +38,7 @@ nofusscomputing_phpipam_scan_agent: http_port: 5000 # Optional, Integer. http port to connect to the server. http_server: http://127.0.0.1 # Optional, Integer. url with protocol of the Scan Server to connect to. + auth_token: # Optional, String. The Scan-Agent server authentication token. cache_expire_time: 1800 # Optional, Integer. Time in seconds to expire the phpIPAM cache. epoch_time_offset: 0 # optional, int. Value in seconds to offset the time @@ -93,3 +94,11 @@ The scanner component has the following workflow: 1. upload scan report to configured Server. 1. workflow complete. + + +## Remote network Scannning + +Once the [server component](server.md#remote%20network%20scannning) has been setup, the client can be installed/used from any network. Even a network that is isolated from the server. Only caveat is that the client can communicate with the server. To ensure that the client can connect to the server set the `auth_token` to match that of the server. + +!!! danger "Security" + Failing to secure the server component communication with TLS will allow anyone with direct access to the line of communication to view the `auth_token`. Anyone who has the `auth_token` will be able to upload data to the server. diff --git a/docs/projects/ansible/collection/phpipam_scan_agent/server.md b/docs/projects/ansible/collection/phpipam_scan_agent/server.md index 53de719..4895414 100644 --- a/docs/projects/ansible/collection/phpipam_scan_agent/server.md +++ b/docs/projects/ansible/collection/phpipam_scan_agent/server.md @@ -37,6 +37,7 @@ nofusscomputing_phpipam_scan_server: # Server Component Variables http_port: 5000 # Optional, Integer. The port for the Server component to listen for connections. + auth_token: # Optional, String. Token used to authentication Agents. ``` @@ -56,3 +57,13 @@ The Server componet has the following workflow: - _if no results found, no further processing occurs_ 1. Update the phpIPAM MariaDB/MySQL database directly + + +## Remote network Scannning + +Remote network scanning is possible with the Scan-Agent. The server must be setup and have connectivity to the phpIPAM MariaDB/MySQL database. Currently the server does not perform secure communication. As such you are strongly encouraged to setup the server component behind a reverse proxy that conducts the TLS termination. + +The [scan](scanner.md#remote%20network%20scannning) and server component must be setup with the same `auth_token`. It is this token that provides a means to ensure that what the server is receiving, is from an authorized client. + +!!! danger "Security" + Failing to secure the server component communication with TLS will allow anyone with direct access to the line of communication to view the `auth_token`. Anyone who has the `auth_token` will be able to upload data to the server. diff --git a/extensions/eda/rulebooks/agent_receive.yml b/extensions/eda/rulebooks/agent_receive.yml index 35aac33..3bd8b82 100644 --- a/extensions/eda/rulebooks/agent_receive.yml +++ b/extensions/eda/rulebooks/agent_receive.yml @@ -6,6 +6,7 @@ ansible.eda.webhook: host: 0.0.0.0 port: "{{ nofusscomputing_phpipam_scan_server.http_port | default(5000) | int }}" + token: "{{ nofusscomputing_phpipam_scan_server.auth_token | default('no-token-set') }}" rules: diff --git a/includes/etc/phpipam/scan_agent.yaml b/includes/etc/phpipam/scan_agent.yaml index 3591368..10bd32c 100644 --- a/includes/etc/phpipam/scan_agent.yaml +++ b/includes/etc/phpipam/scan_agent.yaml @@ -16,3 +16,5 @@ nofusscomputing_phpipam_scan_agent: client_token: # Mandatory, String client api token to connect to phpIPAM API [client_token] client_name: # Mandatory, String. The scanner name as set in phpIPAM interface [client_name] scanagent_code: # Mandatory, String. Scan Agent Code as set in phpIPAM interface [scanagent_code] + + # auth_token: # Optional, String. The Scan-Agent server authentication token. diff --git a/includes/etc/phpipam/scan_server.yaml b/includes/etc/phpipam/scan_server.yaml index e8176b6..ccdcc30 100644 --- a/includes/etc/phpipam/scan_server.yaml +++ b/includes/etc/phpipam/scan_server.yaml @@ -11,3 +11,5 @@ nofusscomputing_phpipam_scan_server: # Server Component Variables # http_port: 5000 # Optional, Integer. The port for the Server component to listen for connections. + +# auth_token: # Optional, String. Token used to authentication Agents. \ No newline at end of file diff --git a/playbooks/tasks/scan_subnet.yaml b/playbooks/tasks/scan_subnet.yaml index 4602786..a73e3c5 100644 --- a/playbooks/tasks/scan_subnet.yaml +++ b/playbooks/tasks/scan_subnet.yaml @@ -67,6 +67,8 @@ - name: Upload Scan Results - {{ subnet.address }} ansible.builtin.uri: + headers: + Authorization: "Bearer {{ nofusscomputing_phpipam_scan_agent.auth_token | default('no-token-set') }}" url: "{{ nofusscomputing_phpipam_scan_agent.http_server | default(nfc_c_http_server) }}:{{ nofusscomputing_phpipam_scan_agent.http_port | default(nfc_c_http_port) }}/" From 15b0ddb068c94a82d926af6311b245076185871b Mon Sep 17 00:00:00 2001 From: Jon Date: Sat, 24 Feb 2024 20:01:53 +0930 Subject: [PATCH 2/8] feat(scanner): Set user http user agent to / !11 --- .gitlab-ci.yml | 12 ++++++++++++ gitlab-ci | 2 +- playbooks/tasks/api_call.yaml | 3 +++ playbooks/tasks/scan_subnet.yaml | 3 +++ 4 files changed, 19 insertions(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index fcf4110..89bdc43 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -19,6 +19,18 @@ variables: DOCKER_IMAGE_PUBLISH_REGISTRY: docker.io/nofusscomputing DOCKER_IMAGE_PUBLISH_URL: https://hub.docker.com/r/nofusscomputing/$DOCKER_IMAGE_PUBLISH_NAME + RELEASE_ADDITIONAL_ACTIONS_BUMP: | + sed -E "/http_agent: nfc-phpipam-scan-agent/s/\/(.+)/\/$(cz version --project)/g" -i playbooks/tasks/scan_subnet.yaml; + + git add playbooks/tasks/scan_subnet.yaml; + + git status; + + sed -E "/http_agent: nfc-phpipam-scan-agent/s/\/(.+)/\/$(cz version --project)/g" -i playbooks/tasks/api_call.yaml + + git add playbooks/tasks/api_call.yaml; + + git status; include: diff --git a/gitlab-ci b/gitlab-ci index 4f65bc1..6f80ea3 160000 --- a/gitlab-ci +++ b/gitlab-ci @@ -1 +1 @@ -Subproject commit 4f65bc1367585146490637dfc7c57c987216e652 +Subproject commit 6f80ea3af7fdc64e9998820a8800c288d7facbc6 diff --git a/playbooks/tasks/api_call.yaml b/playbooks/tasks/api_call.yaml index 0e1b216..554e945 100644 --- a/playbooks/tasks/api_call.yaml +++ b/playbooks/tasks/api_call.yaml @@ -49,6 +49,8 @@ cached_file.stat.exists + # Note: Dont edit http_agent version as the build pipeline updates automagically!! + # see ci variable 'RELEASE_ADDITIONAL_ACTIONS_BUMP' - name: > PHPIPAM API Call - {{ api_path }}{%- if api_query_string is defined -%} /?{{ api_query_string }} @@ -61,6 +63,7 @@ {%- endif %} headers: token: "{{ api_token }}" + http_agent: nfc-phpipam-scan-agent/0.2.0-a2 return_content: true status_code: - 200 diff --git a/playbooks/tasks/scan_subnet.yaml b/playbooks/tasks/scan_subnet.yaml index a73e3c5..9b200b8 100644 --- a/playbooks/tasks/scan_subnet.yaml +++ b/playbooks/tasks/scan_subnet.yaml @@ -65,10 +65,13 @@ subnet_scan_results: "{{ subnet_scan_results | from_yaml }}" + # Note: Dont edit http_agent version as the build pipeline updates automagically!! + # see ci variable 'RELEASE_ADDITIONAL_ACTIONS_BUMP' - name: Upload Scan Results - {{ subnet.address }} ansible.builtin.uri: headers: Authorization: "Bearer {{ nofusscomputing_phpipam_scan_agent.auth_token | default('no-token-set') }}" + http_agent: nfc-phpipam-scan-agent/0.2.0-a2 url: "{{ nofusscomputing_phpipam_scan_agent.http_server | default(nfc_c_http_server) }}:{{ nofusscomputing_phpipam_scan_agent.http_port | default(nfc_c_http_port) }}/" From b005a31aab302b45825221715cdb7eec6ad778fa Mon Sep 17 00:00:00 2001 From: Jon Date: Sat, 24 Feb 2024 20:11:06 +0930 Subject: [PATCH 3/8] feat(scanner): if an auth token has been set, fail non-https communication with server except to localhost. !11 #1 --- .../collection/phpipam_scan_agent/scanner.md | 2 ++ playbooks/tasks/scan_subnet.yaml | 19 +++++++++++++++++++ 2 files changed, 21 insertions(+) diff --git a/docs/projects/ansible/collection/phpipam_scan_agent/scanner.md b/docs/projects/ansible/collection/phpipam_scan_agent/scanner.md index 12e1063..cc4c28c 100644 --- a/docs/projects/ansible/collection/phpipam_scan_agent/scanner.md +++ b/docs/projects/ansible/collection/phpipam_scan_agent/scanner.md @@ -102,3 +102,5 @@ Once the [server component](server.md#remote%20network%20scannning) has been set !!! danger "Security" Failing to secure the server component communication with TLS will allow anyone with direct access to the line of communication to view the `auth_token`. Anyone who has the `auth_token` will be able to upload data to the server. + + In an attempt to mitigate this, the scanner will fail to communicate with the server if you have set an `auth_token` and attempt non-TLS communication with the server. diff --git a/playbooks/tasks/scan_subnet.yaml b/playbooks/tasks/scan_subnet.yaml index 9b200b8..f5de6b5 100644 --- a/playbooks/tasks/scan_subnet.yaml +++ b/playbooks/tasks/scan_subnet.yaml @@ -60,6 +60,25 @@ {% endfor %} ] + +- name: Force Failure for non-HTTPS Communication + ansible.builtin.assert: + that: + - |- + not + ( + ( + 'http:' in (nofusscomputing_phpipam_scan_agent.http_server | default(nfc_c_http_server) | string) + and + 'http://127.0.0.1' not in (nofusscomputing_phpipam_scan_agent.http_server | default(nfc_c_http_server) | string) + ) + and + nofusscomputing_phpipam_scan_agent.auth_token | default('no-token-set') != 'no-token-set' + ) + fail_msg: 'Failing task as an attempt was made to communicate with the server over a non-encrypted channel' + success_msg: 'OK' + + - name: To JSON - {{ subnet.address }} ansible.builtin.set_fact: subnet_scan_results: "{{ subnet_scan_results | from_yaml }}" From 87b92963173192dc499993d517fb1bbfbc3e8d74 Mon Sep 17 00:00:00 2001 From: Jon Date: Sat, 24 Feb 2024 20:16:24 +0930 Subject: [PATCH 4/8] docs: cleanup !11 --- .../ansible/collection/phpipam_scan_agent/scanner.md | 10 +++++----- .../ansible/collection/phpipam_scan_agent/server.md | 10 +++++----- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/docs/projects/ansible/collection/phpipam_scan_agent/scanner.md b/docs/projects/ansible/collection/phpipam_scan_agent/scanner.md index cc4c28c..0276f41 100644 --- a/docs/projects/ansible/collection/phpipam_scan_agent/scanner.md +++ b/docs/projects/ansible/collection/phpipam_scan_agent/scanner.md @@ -38,15 +38,15 @@ nofusscomputing_phpipam_scan_agent: http_port: 5000 # Optional, Integer. http port to connect to the server. http_server: http://127.0.0.1 # Optional, Integer. url with protocol of the Scan Server to connect to. - auth_token: # Optional, String. The Scan-Agent server authentication token. + auth_token: # Optional, String. The Scan-Agent server authentication token. cache_expire_time: 1800 # Optional, Integer. Time in seconds to expire the phpIPAM cache. epoch_time_offset: 0 # optional, int. Value in seconds to offset the time # phpIPAM Scan Agent Settings - client_token: # Mandatory, String client api token to connect to phpIPAM API [client_token] - client_name: # Mandatory, String. The scanner name as set in phpIPAM interface [client_name] - scanagent_code: # Mandatory, String. Scan Agent Code as set in phpIPAM interface [scanagent_code] + client_token: # Mandatory, String client api token to connect to phpIPAM API + client_name: # Mandatory, String. The scanner name as set in phpIPAM interface + scanagent_code: # Mandatory, String. Scan Agent Code as set in phpIPAM interface ``` @@ -98,7 +98,7 @@ The scanner component has the following workflow: ## Remote network Scannning -Once the [server component](server.md#remote%20network%20scannning) has been setup, the client can be installed/used from any network. Even a network that is isolated from the server. Only caveat is that the client can communicate with the server. To ensure that the client can connect to the server set the `auth_token` to match that of the server. +Once the [server component](server.md#remote-network-scannning) has been setup, the client can be installed/used from any network. Even a network that is isolated from the server. Only caveat is that the client can communicate with the server. To ensure that the client can connect to the server set the `auth_token` to match that of the server. !!! danger "Security" Failing to secure the server component communication with TLS will allow anyone with direct access to the line of communication to view the `auth_token`. Anyone who has the `auth_token` will be able to upload data to the server. diff --git a/docs/projects/ansible/collection/phpipam_scan_agent/server.md b/docs/projects/ansible/collection/phpipam_scan_agent/server.md index 4895414..4992b9f 100644 --- a/docs/projects/ansible/collection/phpipam_scan_agent/server.md +++ b/docs/projects/ansible/collection/phpipam_scan_agent/server.md @@ -29,10 +29,10 @@ The variables described below, if optional the value specified here is the defau nofusscomputing_phpipam_scan_server: # phpIPAM MariaDB/MySQL Variables - mysql_host: # Mandatory, String. IP/DNS of host to connect. [nfc_c_] - mysql_port: 3306 # Optional, Integer. port to use for connection. [nfc_c_] - mysql_user: # Mandatory, String. User to authenticate with. [nfc_c_] - mysql_password: # Mandatory, String. Password for the user to connect with. [nfc_c_] + mysql_host: # Mandatory, String. IP/DNS of host to connect. + mysql_port: 3306 # Optional, Integer. port to use for connection. + mysql_user: # Mandatory, String. User to authenticate with. + mysql_password: # Mandatory, String. Password for the user to connect with. # Server Component Variables @@ -63,7 +63,7 @@ The Server componet has the following workflow: Remote network scanning is possible with the Scan-Agent. The server must be setup and have connectivity to the phpIPAM MariaDB/MySQL database. Currently the server does not perform secure communication. As such you are strongly encouraged to setup the server component behind a reverse proxy that conducts the TLS termination. -The [scan](scanner.md#remote%20network%20scannning) and server component must be setup with the same `auth_token`. It is this token that provides a means to ensure that what the server is receiving, is from an authorized client. +The [scan](scanner.md#remote-network-scannning) and server component must be setup with the same `auth_token`. It is this token that provides a means to ensure that what the server is receiving, is from an authorized client. !!! danger "Security" Failing to secure the server component communication with TLS will allow anyone with direct access to the line of communication to view the `auth_token`. Anyone who has the `auth_token` will be able to upload data to the server. From 4d19ead2f19fd7750c41ad4917738a9e669f16be Mon Sep 17 00:00:00 2001 From: Jon Date: Sat, 24 Feb 2024 20:16:37 +0930 Subject: [PATCH 5/8] feat(scanner): for ssl cert validation when uploading to server !11 #1 --- docs/projects/ansible/collection/phpipam_scan_agent/scanner.md | 2 ++ playbooks/tasks/scan_subnet.yaml | 1 + 2 files changed, 3 insertions(+) diff --git a/docs/projects/ansible/collection/phpipam_scan_agent/scanner.md b/docs/projects/ansible/collection/phpipam_scan_agent/scanner.md index 0276f41..7583449 100644 --- a/docs/projects/ansible/collection/phpipam_scan_agent/scanner.md +++ b/docs/projects/ansible/collection/phpipam_scan_agent/scanner.md @@ -100,6 +100,8 @@ The scanner component has the following workflow: Once the [server component](server.md#remote-network-scannning) has been setup, the client can be installed/used from any network. Even a network that is isolated from the server. Only caveat is that the client can communicate with the server. To ensure that the client can connect to the server set the `auth_token` to match that of the server. +There is no true confirmation of the servers identity outside of confirming the TLS Certificate is trusted. Due to this fact, you're advised to use your own CA to sign the server components TLS Certificate. By doing this only you can issue a certificate to the server component. All that is required is to ensure that your CA certificate is within the trusted certificates of the machine that is running the agent. + !!! danger "Security" Failing to secure the server component communication with TLS will allow anyone with direct access to the line of communication to view the `auth_token`. Anyone who has the `auth_token` will be able to upload data to the server. diff --git a/playbooks/tasks/scan_subnet.yaml b/playbooks/tasks/scan_subnet.yaml index f5de6b5..09203d0 100644 --- a/playbooks/tasks/scan_subnet.yaml +++ b/playbooks/tasks/scan_subnet.yaml @@ -103,3 +103,4 @@ "results": "{{ subnet_scan_results }}" } } + validate_certs: true # Ensure always true From 667de0a41bd6766cff7f1a2f8cbbf20fad8b0892 Mon Sep 17 00:00:00 2001 From: Jon Date: Sat, 24 Feb 2024 21:08:11 +0930 Subject: [PATCH 6/8] feat(scanner): don't include PTR DNS records as hostname !11 closes #10 --- playbooks/tasks/scan_subnet.yaml | 28 ++++++++++++++++++++++++++-- 1 file changed, 26 insertions(+), 2 deletions(-) diff --git a/playbooks/tasks/scan_subnet.yaml b/playbooks/tasks/scan_subnet.yaml index 09203d0..8c0f78c 100644 --- a/playbooks/tasks/scan_subnet.yaml +++ b/playbooks/tasks/scan_subnet.yaml @@ -45,15 +45,39 @@ "subnetId": "{{ subnet.id }}", "ip": "{{ scanned_host.address['@addr'] | default(scanned_host.address[0]['@addr']) }}", "lastSeen": "{{ nmap_scan.start }}", + {% if scanned_host.hostnames.hostname is defined %} - {% if '.' in scanned_host.hostnames.hostname['@name'] | string %} + + {% set ip_address = scanned_host.address['@addr'] | default(scanned_host.address[0]['@addr']) | split('.') %} + + {% if + '.' in scanned_host.hostnames.hostname['@name'] | string + and + (ip_address[0] + '-' + ip_address[1] + '-' + ip_address[2] + '-' + ip_address[3]) not in scanned_host.hostnames.hostname['@name'] | string + and + (ip_address[3] + '-' + ip_address[2] + '-' + ip_address[1] + '-' + ip_address[0]) not in scanned_host.hostnames.hostname['@name'] | string + %} + "hostname": "{{ (scanned_host.hostnames.hostname['@name'] | split('.'))[0] }}", - {% else %} + + {% elif + '.' not in scanned_host.hostnames.hostname['@name'] | string + and + (ip_address[0] + '-' + ip_address[1] + '-' + ip_address[2] + '-' + ip_address[3]) not in scanned_host.hostnames.hostname['@name'] | string + and + (ip_address[3] + '-' + ip_address[2] + '-' + ip_address[1] + '-' + ip_address[0]) not in scanned_host.hostnames.hostname['@name'] | string + %} + "hostname": "{{ scanned_host.hostnames.hostname['@name'] }}", + {% endif %} + {% endif %} + {% if scanned_host.address['@addrtype'] | default(scanned_host.address[1]['@addrtype']) == 'mac' %} + "mac": "{{ scanned_host.address['@addr'] | default(scanned_host.address[1]['@addr']) | upper }}" + {% endif %} }, {% endif %} From 181a3bdc44a03e8ec50b76fafc4bd58c582a6a16 Mon Sep 17 00:00:00 2001 From: Jon Date: Sat, 24 Feb 2024 21:26:01 +0930 Subject: [PATCH 7/8] feat(scanner): Add scanner timezone to scan report !11 #13 --- playbooks/tasks/scan_subnet.yaml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/playbooks/tasks/scan_subnet.yaml b/playbooks/tasks/scan_subnet.yaml index 8c0f78c..b63fefb 100644 --- a/playbooks/tasks/scan_subnet.yaml +++ b/playbooks/tasks/scan_subnet.yaml @@ -44,7 +44,7 @@ {%- endfor %} "subnetId": "{{ subnet.id }}", "ip": "{{ scanned_host.address['@addr'] | default(scanned_host.address[0]['@addr']) }}", - "lastSeen": "{{ nmap_scan.start }}", + "lastSeen": "{{ (nmap_scan.start | split('.'))[0] }}", {% if scanned_host.hostnames.hostname is defined %} @@ -124,7 +124,8 @@ "code": "{{ nofusscomputing_phpipam_scan_agent.scanagent_code }}", "scan": { "subnet": "{{ subnet.address }}", - "results": "{{ subnet_scan_results }}" + "results": "{{ subnet_scan_results }}", + "tz": "{{ '%z' | strftime }}" } } validate_certs: true # Ensure always true From 46f25ea6169fee41da6cdfcf631206b8b0f79012 Mon Sep 17 00:00:00 2001 From: Jon Date: Sat, 24 Feb 2024 22:00:46 +0930 Subject: [PATCH 8/8] feat(server): Update the time of last access for scan agent !11 closes #5 --- .../collection/phpipam_scan_agent/index.md | 11 +++++++++++ playbooks/server.yaml | 18 ++++++++++++++++++ 2 files changed, 29 insertions(+) diff --git a/docs/projects/ansible/collection/phpipam_scan_agent/index.md b/docs/projects/ansible/collection/phpipam_scan_agent/index.md index 92a4672..b94082d 100644 --- a/docs/projects/ansible/collection/phpipam_scan_agent/index.md +++ b/docs/projects/ansible/collection/phpipam_scan_agent/index.md @@ -75,6 +75,17 @@ When this setting is enabled, the scanner will scan the entire subnet that has b This is displayed within the subnet interface next to the `Discover new hosts` field. Whenever a scan report is received by the server this filed is updated to reflect the last scan time. +### Scan Agent + +- Location `Administration -> Scan agents [Last access]` + +This is displayed within the Scan Agent table in column `Last access`. When ever the scanner checks in, the time of the checkin is used to update the field. + +- Location `Subnet -> Scan agent [Last Check]` + +This is displayed within the subnet interface next to `Scan agent` field. When ever the scanner checks in, the time of the checkin is used to update the field. + + ## Development Notes Contributions to this project are welcome. Below you will find some useful commands for use during development. diff --git a/playbooks/server.yaml b/playbooks/server.yaml index d740d90..d007e47 100644 --- a/playbooks/server.yaml +++ b/playbooks/server.yaml @@ -38,6 +38,24 @@ register: mysql_query_agent_details + - name: Update Scan Agent Last seen + community.mysql.mysql_query: + login_host: "{{ nofusscomputing_phpipam_scan_server.mysql_host }}" + login_port: "{{ nofusscomputing_phpipam_scan_server.mysql_port | default(3306) | int }}" + login_user: "{{ nofusscomputing_phpipam_scan_server.mysql_user }}" + login_password: "{{ nofusscomputing_phpipam_scan_server.mysql_password }}" + + login_db: 'phpipam' + query: |- + UPDATE + scanAgents + SET + last_access = '{{ ('%Y-%m-%d %H:%M:%S' | strftime) }}' + WHERE + id = '{{ mysql_query_agent_details.query_result[0][0].id }}' + single_transaction: true + + - name: Confirm Subnet Assignment community.mysql.mysql_query: login_host: "{{ nofusscomputing_phpipam_scan_server.mysql_host }}"