Skip to content
Snippets Groups Projects
Select Git revision
  • master default protected
  • devel
  • hruska-feature-clients-api
  • malostik-#5066-deduplicate-idea-ids
  • warden-postgresql-port
  • hruska-feature-#6799-filter-keys
  • hruska-feature-5066-duplicateIdeaID
  • warden-client-3.0-beta3
  • warden-server-3.0-beta3
  • warden-client-2.2-final
  • warden-server-2.2-final
  • warden-client-3.0-beta2
  • warden-server-3.0-beta2
  • warden-client-2.2
  • warden-server-2.2-patch3
  • warden-client-3.0-beta1
  • warden-server-3.0-beta1
  • warden-server-2.2-patch1
  • warden-client-3.0-beta0
  • warden-server-3.0-beta0
  • warden-server-2.2
  • warden-server-2.1-patch1
  • warden-client-2.1
  • warden-server-2.1
  • warden-server-2.1-beta6
  • warden-server-2.1-beta5
  • warden-server-2.1-beta4
27 results

README

Blame
  • README 9.83 KiB
    +----------------------------+
    | README - Warden Server 2.1 |
    +----------------------------+
    
    Content
    
     A. Overall Information
     B. Installation Dependencies
     C. Installation
     D. Miscellaneous
     E. Registration of Clients
     F. Status Info
    
    --------------------------------------------------------------------------------
    A. Overall Information
    
     1. About Warden System
     
        Warden is a client-server architecture service designed to share detected
        security events (issues) among CSIRT and CERT teams in a simple and fast way.
        
        This package contains the Warden server.
    
     2. Version
      
        2.1 (2012-00-00)
        
     3. Package structure
     
        warden-server/
          bin/
    	getClients.pl
    	getStatus.pl
    	getWebStatus.sh
    	registerReceiver.pl
    	registerSender.pl
    	unregisterClients.pl
          doc/
    	AUTHORS
            CHANGELOG
    	INSTALL
    	LICENSE
    	README
    	warden.mysql
          etc/
    	package_version
            warden-apache.conf
            warden-client.conf
    	warden-server.conf
          lib/
            WardenConf.pm
    	Warden.pm
            WardenReg.pm
            WardenStatus.pm  
    	Warden/
    	  ApacheDispatch.pm
          uninstall.sh
    
    --------------------------------------------------------------------------------
    B. Installation Dependencies
     
     1. Applications:
    
        Perl	>= 5.10.1
        MySQL	>= 5.1.63
        Apache	>= 2.2.14
    
     2. Perl modules:
    
        SOAP::Lite			>= 0.712
        SOAP::Transport::HTTP	>= 0.712
        DBI				>= 1.612
        DBD::mysql			>= 4.016
        Format::Human::Bytes	>= 0.05
        Sys::Syslog			>= 0.27
        File::Basename		>= 2.77
        Net::CIDR::Lite		>= 0.21
        DateTime			>= 0.61
        Getopt::Std			>= 1.06
        Switch			>= 2.14
        IO::Socket::SSL		>= 1.74
        MIME::Base64		>= 3.08
        Crypt::X509			>= 0.40
    
    --------------------------------------------------------------------------------
    C. Installation
    
     1. Check SHA1 checksum of the Warden server package archive.
    
        $ sha1sum -c warden-server-2.1.tar.gz.sig
    
     2. Untar it.
    
        $ tar xzvf warden-server-2.1.tar.gz
    
     3. Run install.sh. 
      
        Default destination directory is /opt/warden-server/
        
        For more information about install.sh options run install.sh -h
    
        You must be root for running this script.
    
     4. Configuration files
      
        You are advised to check configuration file warden-apache.conf,
        warden-server.conf and warden-client.conf in warden-server/etc/
        directory after installation. For more information about post-installation
        steps see INSTALL file.
    
        Although this is the Warden server package it also contains several
        functions (for administration and maintenance) that are strictly 
        client-side in a way the Warden system handles functions. Therefore you have
        to check both server and client config files to make sure your installation
        of the Warden server was successful and complete.   
        
        SOAP protocol is used for handling communication between server and clients.
        Therefore, correct URI of Warden server must be set.
    
        Authentication of clients and server is performed using client and server
        SSL certificates. Both clients and server must have valid certificate.
    
        Configuration files contain following parameters:
    
        a) warden-client.conf:
    
        URI 	  - URI Warden server
              	    e.g. 'https://warden.server.com:443/Warden'
    
        SSL_KEY_FILE  - path to a host key file,
        	    	    e.g. '/etc/ssl/private/warden.server.com.key'
    
        SSL_CERT_FILE - path to a host certificate file,
         		    e.g. '/etc/ssl/certs/warden.server.com.pem'
    
        SSL_CA_FILE   - path to a CA file
                        e.g. '/etc/ssl/certs/tcs-ca-bundle.pem' 
    
        b) warden-server.conf
    
        The Warden server configuration file contains:
    
        BASEDIR       - base directory of the Warden server
                        e.g. /opt/warden-server/
    
        FACILITY      - syslog facility
                        e.g. local7
    
        DB_NAME	  - MySQL database name of Warden server
    		    e.g. warden
    
        DB_USER	  - MySQL database user of Warden server
    		    e.g. warden
    
        DB_PASS	  - MySQL database password of Warden server
    
        DB_HOST	  - MySQL database host
    		    e.g. localhost
    
        MAX_EVENT_LIMIT	- maximum number of events that can be downloaded from Warden server
        			  in a single getNewEvents client function call
        			  e.g. 2000000
    
        c) warden-apache.conf
    
        The Apache2 configuration file for Warden server
    
        SSLEngine on
    
        SSLVerifyDepth 3
        SSLVerifyClient require
        SSLOptions +StdEnvVars +ExportCertData
    
        SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
    
        SSLCertificateFile    <path_to_server_certificate>
        SSLCertificateKeyFile <path_to_server_certificate_key>
        SSLCACertificateFile  <path_to_CA_certificate>
    
        PerlOptions +Parent
        PerlSwitches -I <path_to_warden_server_libs>
    
        <Location /Warden>
        	SetHandler perl-script
            PerlHandler Warden::ApacheDispatch
            SSLOptions +StdEnvVars
        </Location>
    
    
     5. Usage of install.sh
    
        Usage: $ ./install.sh [-d <directory>] [-k <ssl_key_file>]
                              [-c <ssl_cert_file>] [-a <ssl_ca_file>] [-hV]"
    	-d <directory>            installation directory (default: /opt)
    	-k <ssl_key_file>         SSL certificate key file path
    	-c <ssl_cert_file>        SSL certificate file path
    	-a <ssl_ca_file>          CA certificate file path
    	-h                        print this help
    	-V                        print script version number and exit
    	
        Example: $ ./install.sh -d /opt -k /etc/ssl/private/server.key
                                -c /etc/ssl/certs/server.pem                            
    			    -a /etc/ssl/certs/bundle.pem
    
      6. Usage of uninstall.sh
    
       Usage: $ ./uninstall.sh [-d <directory>] [-hV]
            -d <directory>            uninstallation directory (default: /opt)
            -h                        print this help
            -V                        print script version number and exit
    
       Example: # ./uninstall.sh -d /opt
     
    --------------------------------------------------------------------------------
    D. Miscellaneous
    
     1. Error Messages
        
        Error messages of the server functions are sent via Syslog.
        Default is local7 facility.
    
     2. Firewall Settings
        
        Make sure that the TCP port listed in /etc/apache2/sites-enables/default
        is allowed on your firewall.
    
     3. Privileges
     
        The Warden server runs only under root privileges.
    
     4. Known Issues
    
        No issues are known.
    
    --------------------------------------------------------------------------------
    E. Registration of Clients
    
     The Warden server administrator is responsible for registering new clients or
     removing those already registered. Both registration or unregistration scripts
     are provided in the Warden server package. Those scripts should be run from
     localhost (the same machine the Warden server is installed and running on).
    
     Members of Warden community who would like to have their client registered must
     contact the Warden server administrator with the requirement. This is usually
     done via secured e-mail. Requestor should provide all important data to the
     Warden server administrator so that the client can be successfully registered.
    
     1. Register Sender
    
        New sender clients are registered in Warden system via registerSender.pl. 
        
        Following attributes must be provided in order to register new client
        successfully:
        
        hostname           - hostname of the client,
        requestor          - organization or authorized person who demands new
                             client registration, 
        service            - name of the service of a new registered client,
        description_tags   - tags describing the nature of the service,
        ip_net_client      - CIDR the client is only allowed to communicate from.
    
        One can run registerSender.pl with -h argument to see a help.
    
     2. Register Receiver
    
        New receiver clients are registered in Warden system via 
        registerReceiver.pl.
        
        Following attributes must be provided in order to register new client
        successfully:
        
        hostname           - hostname of the client,
        requestor          - organization or authorized person who demands new
                             client registration, 
        type               - the type of events the client wish to receive (only
                             this and nothing else),
        receive_own_events - boolean value describing if events originating from
                             the same CIDR will be sent to the client,
        ip_net_client      - CIDR the client is only allowed to communicate from.
    
        One can run registerReceiver.pl with -h argument to see a help.
    
     3. Unregister Client
    
        In the Warden system, already registered clients can be removed 
        (unregistered) via unregisterClient.pl.
    
        Following attribute must be provided in order to unregister existing client
        successfully:
    
        client_id          - ID of the client that should be removed (unregistered).
    
        One can run unregisterClient.pl with -h argument to see a help.
    
        The process of unregistration deletes this client from clients table in DB.
        But all messages stored by this client (considering "sender" client) are not 
        deleted, they are merely set 'invalid' in DB table events.
    
    --------------------------------------------------------------------------------
    F. Status Info
    
      Functions in this section show status of the Warden server and active
      (registered) clients to the Warden system administrator.
    
      Similarly to (un)registration, these functions should be run from
      localhost (e. g. from the same machine the Warden server is installed and
      running on).
    
      1. Get Status
    
         Function getStatus is accessible via getStatus.pl. Function has no input 
         parameters and returns info about the Warden server and its DB status.
    
      2. Get Clients
    
         Function getClients is accessible via getClients.pl. Function has no input 
         parameters and returns detailed information about all registered clients.
    
    --------------------------------------------------------------------------------
    
    Copyright (C) 2011-2012 Cesnet z.s.p.o