diff --git a/src/warden-server/lib/Warden.pm b/src/warden-server/lib/Warden.pm
index 1aa8a7584e70d07a17b1f33691b566f3ef6a430c..f342b4caa026385e7e0c0ed31f16120bfc3526c2 100755
--- a/src/warden-server/lib/Warden.pm
+++ b/src/warden-server/lib/Warden.pm
@@ -19,12 +19,20 @@ use MIME::Base64;
use Crypt::X509;
use SOAP::Lite;
use Carp;
-use FindBin qw($RealBin $RealScript);
-use lib "$FindBin::RealBin/../lib";
+use File::Basename;
+
+my $basedir = "/opt/warden-server/";
+use lib $basedir . "lib";
use WardenCommon;
+
+
+################################################################################
+# VARIABLES
+################################################################################
our $VERSION = "2.2";
-my $etc = "$FindBin::RealBin/../etc";
+my $etc = $basedir . "etc";
+our $FILENAME = File::Basename::basename($0);
@@ -39,8 +47,8 @@ our $DB_NAME = undef;
our $DB_USER = undef;
our $DB_PASS = undef;
our $DB_HOST = undef;
-our $MAX_EVENTS_LIMIT = 1000000; # default value
-our %VALID_STRINGS = undef;
+our $MAX_EVENTS_LIMIT = 1000000; # default value
+our %VALID_STRINGS = (); # inicialization of empty hash
# load set variables by user
unless (do $conf_file) {
@@ -52,41 +60,29 @@ unless (do $conf_file) {
################################################################################
-# VARIABLES
+# DB CONNECT
################################################################################
our $DBH = DBI->connect("DBI:mysql:database=$DB_NAME;host=$DB_HOST", $DB_USER, $DB_PASS, {RaiseError => 1, mysql_auto_reconnect => 1})
|| die "Could not connect to database: $DBH->errstr";
+
################################################################################
-# LOCAL FUNCTIONS
+# FUNCTIONS
################################################################################
#-------------------------------------------------------------------------------
-# sendMsg - sent message to syslog (SYS::Syslog) and to client (SOAP::Fault)
-#
-# Args: (SYSLOG severity, SYSLOG msg, SOAP msg)
+# sendMsg - wrapper for more complex WardenCommon::sendMsg function
#-------------------------------------------------------------------------------
sub sendMsg
{
- my $severity = shift;
- my $syslog_msg = shift;
- my $soap_msg = shift;
- my $filename = $RealScript;
+ my $severity = shift;
+ my $syslog_msg = shift;
+ my $soap_msg = shift;
- if ($SYSLOG_VERBOSE == 1 && ($severity eq "err" || $severity eq "debug")) {
- $syslog_msg .= "\nStack info: " . Carp::longmess();
- }
-
- if ($SYSLOG == 1 && defined $severity && defined $syslog_msg) {
- Sys::Syslog::openlog($filename, "cons,pid", $SYSLOG_FACILITY);
- Sys::Syslog::syslog("$severity", "$syslog_msg");
- Sys::Syslog::closelog();
- }
-
- if (defined $soap_msg) {die SOAP::Fault->faultstring($soap_msg)};
- }
-} # End of sendMsg
+ WardenCommon::sendMsg($SYSLOG, $SYSLOG_VERBOSE, $SYSLOG_FACILITY, $severity,
+ $syslog_msg, $soap_msg, $FILENAME);
+}
#-------------------------------------------------------------------------------
@@ -137,8 +133,8 @@ sub authorizeClient
# check db handler
if (!defined $sth) {
sendMsg("err",
- "Cannot prepare authorization statement in $function_name: $DBH->errstr",
- "Internal 'prepare' server error")
+ "Cannot prepare authorization statement in $function_name: $DBH->errstr",
+ "Internal 'prepare' server error");
}
# execute query for two or none params functions
@@ -169,16 +165,16 @@ sub authorizeClient
# check if client is registered
if ($sth->rows == 0) {
sendMsg("err",
- "Unauthorized access to function '$function_name' from: '$ip'; CN(AN): $alt_names; used service: '$service_type' - client is not registered",
- "Access denied - client is not registered at warden server $ENV{'SERVER_NAME'}");
+ "Unauthorized access to function '$function_name' from [IP: '$ip'; CN(AN): $alt_names; Client_type: '$client_type'; Service/Type: '$service_type'] - client is not registered at Warden server '$ENV{'SERVER_NAME'}'",
+ "Access denied - client is not registered at Warden server '$ENV{'SERVER_NAME'}'");
return undef;
}
# check if client has IP from registered CIDR
if (!$correct_ip_source) {
sendMsg ("err",
- "Unauthorized access to function '$function_name' from: '$ip'; CN(AN): $alt_names; used service: '$service_type' - access from bad subnet: Registered subnet '$ret{'cidr'}'",
- "Access denied - access to $ENV{'SERVER_NAME'} from unauthorized subnet");
+ "Unauthorized access to function '$function_name' from [IP: '$ip'; CN(AN): $alt_names; Client_type: '$client_type'; Service/Type: '$service_type'] - access to Warden server '$ENV{'SERVER_NAME'}' from another subnet than '$ret{'cidr'}'",
+ "Access denied - access to Warden server '$ENV{'SERVER_NAME'}' from unauthorized subnet '$ret{'cidr'}'");
return undef;
}
@@ -224,46 +220,44 @@ sub saveNewEvent
my $timeout = $data->{'TIMEOUT'};
my %client = authorizeClient($alt_names, $ip, $service, $client_type, $function_name);
- if(defined %client) {
- if (!(exists $VALID_STRINGS{'type'} && grep $type eq $_, @{$VALID_STRINGS{'type'}})) {
- sendMsg("err",
- "Unknown event type - client from: '$ip'; CN(AN): $alt_names; used type: '$type'",
- "Unknown event type '$type'");
- } elsif (!(exists $VALID_STRINGS{'source_type'} && grep $source_type eq $_, @{$VALID_STRINGS{'source_type'}})) {
- sendMsg("err",
- "Unknown source type - client from: '$ip'; CN(AN): $alt_names; used source_type: '$source_type'",
- "Unknown source type '$source_type'");
+ if (defined %client) {
+ if (%VALID_STRINGS) { # check if hash is not empty - use VALIDATION HASH
+ if (!(exists $VALID_STRINGS{'type'} && grep $type eq $_, @{$VALID_STRINGS{'type'}})) {
+ sendMsg("err",
+ "Unknown event type from [IP: '$ip'; CN(AN): $alt_names; Service: '$service'; Type: '$type']",
+ "Unknown event type: '$type'");
+ } elsif (!(exists $VALID_STRINGS{'source_type'} && grep $source_type eq $_, @{$VALID_STRINGS{'source_type'}})) {
+ sendMsg("err",
+ "Unknown source type from [IP '$ip'; CN(AN): $alt_names; Service: '$service'; Source_type: '$source_type']",
+ "Unknown source type: '$source_type'");
+ }
+ }
# http://my.safaribooksonline.com/book/programming/regular-expressions/9780596802837/4dot-validation-and-formatting/id2983571
- } elsif ($detected !~ /^((?:[1-9][0-9]*)?[0-9]{4})-(1[0-2]|0[1-9])-(3[0-1]|0[1-9]|[1-2][0-9])T(2[0-3]|[0-1][0-9]):([0-5][0-9]):([0-5][0-9])(\.[0-9]+)?(Z|[+-](?:2[0-3]|[0-1][0-9]):[0-5][0-9])?/) {
+ if ($detected !~ /^((?:[1-9][0-9]*)?[0-9]{4})-(1[0-2]|0[1-9])-(3[0-1]|0[1-9]|[1-2][0-9])T(2[0-3]|[0-1][0-9]):([0-5][0-9]):([0-5][0-9])(\.[0-9]+)?(Z|[+-](?:2[0-3]|[0-1][0-9]):[0-5][0-9])?/) {
sendMsg("err",
- "Unknown detected time format - client from: '$ip'; CN(AN): $alt_names; used detected: '$detected'",
- "Unknown detected time format '$detected'");
- } elsif ($target_port !~ /^\d+\z/ && defined $target_port) {
- sendMsg("err",
- "Unknown target port - client from: '$ip'; CN(AN): $alt_names; used target_port: '$target_port'",
- "Unknown target port '$target_port'");
- } elsif ($attack_scale !~ /^\d+\z/ && defined $attack_scale) {
- sendMsg("err",
- "Unknown attack scale - client from: '$ip'; CN(AN): $alt_names; used attack_scale: '$attack_scale'",
- "Unknown attack scale '$attack_scale'");
- } elsif ($priority !~ /^\d+\z/ && defined $priority) {
- sendMsg("err",
- "Unknown priority - client from: '$ip'; CN(AN): $alt_names; used priority: '$priority'",
- "Unknown priority '$priority'");
- } elsif ($timeout !~ /^\d+\z/ && defined $timeout) {
+ "Unknown detected time format from [IP: '$ip'; CN(AN): $alt_names; Service: '$service'; Detected: '$detected']",
+ "Unknown detected time format: '$detected'");
+ }
+ if ($target_port !~ /^\d+\z/) {
+ $target_port = undef;
+ }
+ if ($attack_scale !~ /^\d+\z/) {
+ $attack_scale = undef;
+ }
+ if ($priority !~ /^\d+\z/) {
+ $priority = undef;
+ }
+ if ($timeout !~ /^\d+\z/) {
+ $timeout = undef;
+ }
+ $sth=$DBH->prepare("INSERT INTO events VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?);");
+ if (!defined $sth) {
sendMsg("err",
- "Unknown timeout - client from: '$ip'; CN(AN): $alt_names; used timeout: '$timeout'",
- "Unknown timeout '$timeout'");
- } else {
- $sth=$DBH->prepare("INSERT INTO events VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?);");
- if (!defined $sth) {
- sendMsg("err",
- "Cannot prepare statement in function '$function_name': $DBH->errstr",
- "Internal 'prepare' server error");
- }
- $sth->execute(undef, $client{'dns'}, $service, $detected, $received, $type, $source_type, $source, $target_proto, $target_port, $attack_scale, $note, $priority, $timeout, $valid);
- return 1;
+ "Cannot prepare statement in function '$function_name': $DBH->errstr",
+ "Internal 'prepare' server error");
}
+ $sth->execute(undef, $client{'dns'}, $service, $detected, $received, $type, $source_type, $source, $target_proto, $target_port, $attack_scale, $note, $priority, $timeout, $valid);
+ return 1;
}
} # END of saveNewEvent
@@ -382,11 +376,11 @@ sub getNewEvents
if (scalar @events != 0) {
if (scalar @ids == 1) {
sendMsg("info",
- "Sent 1 event [#$ids[0]] to '$ip' [CN(AN): $alt_names], client_limit: '$max_rcv_events_limit', requested_type: '$requested_type'",
+ "Sent 1 event [#$ids[0]] to [IP: '$ip'; CN(AN): $alt_names; Client_limit: '$max_rcv_events_limit', Requested_type: '$requested_type']",
undef);
} else {
sendMsg("info",
- "Sent " . scalar @ids . " events [#$ids[0] - #$ids[-1]] to '$ip' [CN(AN): $alt_names], client_limit: '$max_rcv_events_limit', requested_type: '$requested_type'",
+ "Sent " . scalar @ids . " events [#$ids[0] - #$ids[-1]] to [IP: '$ip'; CN(AN): $alt_names, Client_limit: '$max_rcv_events_limit', Requested_type: '$requested_type']",
undef);
}
}
@@ -485,7 +479,7 @@ sub getClientInfo
}
my $sum = scalar @clients;
sendMsg("info",
- "Sending information about '$sum' registered clients from $ENV{'SERVER_NAME'}",
+ "Sent information about $sum registered clients from Warden server '$ENV{'SERVER_NAME'}'",
undef);
return @clients;
}