Skip to content
Snippets Groups Projects
Commit 295c7383 authored by root's avatar root
Browse files

Prvni import upravy Wardenu pro Apache

parent 05e7b0bd
Branches
Tags
No related merge requests found
Show whitespace changes
Inline Side-by-side
Showing
with 1426 additions and 127 deletions
src/warden-server/bin/getStatus.pl
+ 6
6
View file @ 295c7383
......@@ -102,14 +102,14 @@ my @server_status = @$server_status_ref;
print "Warden server variables:\n";
print "========================\n";
print "SERVER_VERSION:\t\t$server_status[0]\n";
print "ADDRESS:\t\t$server_status[1]\n";
print "PORT:\t\t\t$server_status[2]\n";
#print "ADDRESS:\t\t$server_status[1]\n";
#print "PORT:\t\t\t$server_status[2]\n";
print "LOGDIR:\t\t\t$server_status[3]\n";
print "PIDDIR:\t\t\t$server_status[4]\n";
#print "PIDDIR:\t\t\t$server_status[4]\n";
print "VARDIR:\t\t\t$server_status[5]\n";
print "SSL_KEY_FILE:\t\t$server_status[6]\n";
print "SSL_CERT_FILE:\t\t$server_status[7]\n";
print "SSLCA_FILE:\t\t$server_status[8]\n";
#print "SSL_KEY_FILE:\t\t$server_status[6]\n";
#print "SSL_CERT_FILE:\t\t$server_status[7]\n";
#print "SSLCA_FILE:\t\t$server_status[8]\n";
print "SYSLOG_FACILITY:\t$server_status[9]\n";
print "\n";
......
......
src/warden-server/bin/warden-server.pl
+ 26
26
View file @ 295c7383
......@@ -96,7 +96,7 @@ my $db = $VARDIR . $db_file;
# connect to DB - DBH is GLOBAL variable
my $dbargs = {AutoCommit => 0, PrintError => 1};
our $DBH = DBI->connect("dbi:SQLite:dbname=$db","","",$dbargs) or die errMsg("Can't connect to DB: $!");
#our $DBH = DBI->connect("DBI:mysql:database=warden;host=localhost", "root", "", {RaiseError => 1, mysql_auto_reconnect => 1}) || die "Could not connect to database: $DBI::errstr";
################################################################################
......@@ -246,38 +246,38 @@ sub saveNewEvent
#-----------------------------------------------------------------------------
# obtain cidr based on rigth common name and alternate names, service and client_type
$sth = $DBH->prepare("SELECT hostname, ip_net_client FROM clients WHERE hostname IN ($AN_FILTER) AND service = $service_db AND client_type = $client_type_db limit 1;");
if ( !defined $sth ) {die("Cannot prepare authorization statement in saveNewEvent: $DBI::errstr\n")}
$sth->execute;
my ($an, $cidr) = $sth->fetchrow();
# check if client is registered
if (!defined $cidr) {
write2log ("err", "Unauthorized access to saveNewEvent from: $IP (CN: $CN; AN: $an) - client is not registered");
die("Access denied - client is not registered at warden server!");
} else {
$cidr_list = Net::CIDR::Lite
-> new
-> add($cidr);
}
# $sth = $DBH->prepare("SELECT hostname, ip_net_client FROM clients WHERE hostname IN ($AN_FILTER) AND service = $service_db AND client_type = $client_type_db limit 1;");
# if ( !defined $sth ) {die("Cannot prepare authorization statement in saveNewEvent: $DBI::errstr\n")}
# $sth->execute;
# my ($an, $cidr) = $sth->fetchrow();
# # check if client is registered
# if (!defined $cidr) {
# write2log ("err", "Unauthorized access to saveNewEvent from: $IP (CN: $CN; AN: $an) - client is not registered");
# die("Access denied - client is not registered at warden server!");
# } else {
# $cidr_list = Net::CIDR::Lite
# -> new
# -> add($cidr);
# }
# check if client has IP from registered CIDR
if (!$cidr_list->bin_find($IP)) {
write2log ("err", "Unauthorized access to saveNewEvent from: $IP (CN: $CN; AN: $an) - access from bad subnet: $cidr");
die("Access denied - access from bad subnet!");
} else {
# if (!$cidr_list->bin_find($IP)) {
# write2log ("err", "Unauthorized access to saveNewEvent from: $IP (CN: $CN; AN: $an) - access from bad subnet: $cidr");
# die("Access denied - access from bad subnet!");
# } else {
{
# insert new event
$DBH->do("INSERT INTO events VALUES (null,$cn_db,$service_db,$detected_db,$received_db,$type_db,$source_type_db,$source_db,$target_proto_db,$target_port_db,$attack_scale_db,$note_db,$priority_db,$timeout_db,$valid_db);");
if ($DBH->err()) {die("Cannot do insert statement in saveNewEvent: $DBI::errstr\n")}
$DBH->commit();
#$DBH->commit();
# log last inserted ID
$sth = $DBH->prepare("SELECT last_insert_rowid();");
$sth = $DBH->prepare("SELECT last_insert_rowid()");
if ( !defined $sth ) {die("Cannot prepare last ID statement in saveNewEvent: $DBI::errstr\n")}
$sth->execute;
my $id= $sth->fetchrow();
write2log ("info", "Stored new event (#$id) from $IP (CN: $CN; AN: $an)");
write2log ("info", "Stored new event (#$id) from $IP (CN: $CN; AN: )");
if (! defined $id) {
write2log ("err", "Event from $IP ($CN) was not save: INSERT INTO events VALUES (null,$cn_db,$service_db,$detected_db,$received_db,$type_db,$source_type_db,$source_db,$target_proto_db,$target_port_db,$attack_scale_db,$note_db,$priority_db,$timeout_db,$valid_db);");
......@@ -810,12 +810,12 @@ write2log("info", "Size of DB file ($db_file) is: $db_size_human");
# start TCP server
my $server = SOAP::Transport::TCP::Server
->new(
Listen => 5,
Listen => 20,
LocalAddr => $ADDRESS,
LocalPort => $PORT,
Proto => "tcp",
ReuseAddr => 1,
SSL_verify_mode => 0x03,
SSL_verify_mode => 0x02,
SSL_use_cert => 1,
SSL_server => 1,
SSL_key_file => $SSL_KEY_FILE,
......
......
src/warden-server/doc/warden-apache.readme 0 → 100644
+ 46
0
View file @ 295c7383
apache2
mysql-server
a2enmod ssl
libapache2-mod-perl2
mysql -u root -p < warden.sql
libcrypt-x509-perl
libmime-base64-perl
apache2-mpm-prefork
<IfModule mpm_prefork_module>
StartServers 2
MinSpareServers 4
MaxSpareServers 8
ServerLimit 700
MaxClients 700
MaxRequestsPerChild 0
</IfModule>
Timeout 10
KeepAlive Off
Instalace Apache
Povoleni SSL
Instalace mod_perl
Apache - Virtual Host <*:443> - pro jine jeste povolit port
Include cesty do Apache
Nastaveni spravnych Adres - klient, server
Nastaveni db na serveru
Pouziti jineho cert server/client
Instalace 2 balicku
Instalace prefork
nastavni apache2.conf
================
Instalace DB
restore db z adr. etc/warden.sql
====
Instalace serveru do jine cesty nez /opt -> nevytvari adresar, nemaze pri odinstalaci
src/warden-server/doc/warden.mysql 0 → 100644
+ 84
0
View file @ 295c7383
-- MySQL dump 10.11
--
-- Host: localhost Database: warden
-- ------------------------------------------------------
-- Server version 5.0.51a-24+lenny3
/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
/*!40101 SET NAMES utf8 */;
/*!40103 SET @OLD_TIME_ZONE=@@TIME_ZONE */;
/*!40103 SET TIME_ZONE='+00:00' */;
/*!40014 SET @OLD_UNIQUE_CHECKS=@@UNIQUE_CHECKS, UNIQUE_CHECKS=0 */;
/*!40014 SET @OLD_FOREIGN_KEY_CHECKS=@@FOREIGN_KEY_CHECKS, FOREIGN_KEY_CHECKS=0 */;
/*!40101 SET @OLD_SQL_MODE=@@SQL_MODE, SQL_MODE='NO_AUTO_VALUE_ON_ZERO' */;
/*!40111 SET @OLD_SQL_NOTES=@@SQL_NOTES, SQL_NOTES=0 */;
--
-- Current Database: `warden`
--
CREATE DATABASE /*!32312 IF NOT EXISTS*/ `warden` /*!40100 DEFAULT CHARACTER SET latin1 */;
USE `warden`;
--
-- Table structure for table `clients`
--
DROP TABLE IF EXISTS `clients`;
SET @saved_cs_client = @@character_set_client;
SET character_set_client = utf8;
CREATE TABLE `clients` (
`client_id` int(11) NOT NULL auto_increment,
`hostname` varchar(256) default NULL,
`registered` timestamp NOT NULL default CURRENT_TIMESTAMP on update CURRENT_TIMESTAMP,
`requestor` varchar(256) default NULL,
`service` varchar(64) default NULL,
`client_type` varchar(1) default NULL,
`type` varchar(64) default NULL,
`receive_own_events` varchar(1) default NULL,
`description_tags` varchar(256) default NULL,
`ip_net_client` varchar(256) default NULL,
PRIMARY KEY (`client_id`)
) ENGINE=MyISAM AUTO_INCREMENT=16 DEFAULT CHARSET=latin1;
SET character_set_client = @saved_cs_client;
--
-- Table structure for table `events`
--
DROP TABLE IF EXISTS `events`;
SET @saved_cs_client = @@character_set_client;
SET character_set_client = utf8;
CREATE TABLE `events` (
`id` int(11) NOT NULL auto_increment,
`hostname` varchar(256) default NULL,
`service` varchar(64) default NULL,
`detected` timestamp NOT NULL default CURRENT_TIMESTAMP on update CURRENT_TIMESTAMP,
`received` timestamp NOT NULL default '0000-00-00 00:00:00',
`type` varchar(64) default NULL,
`source_type` varchar(64) default NULL,
`source` varchar(256) default NULL,
`target_proto` varchar(16) default NULL,
`target_port` int(2) default NULL,
`attack_scale` int(4) default NULL,
`note` text,
`priority` int(1) default NULL,
`timeout` int(2) default NULL,
`valid` varchar(1) default NULL,
PRIMARY KEY (`id`)
) ENGINE=MyISAM AUTO_INCREMENT=31 DEFAULT CHARSET=latin1;
SET character_set_client = @saved_cs_client;
/*!40103 SET TIME_ZONE=@OLD_TIME_ZONE */;
/*!40101 SET SQL_MODE=@OLD_SQL_MODE */;
/*!40014 SET FOREIGN_KEY_CHECKS=@OLD_FOREIGN_KEY_CHECKS */;
/*!40014 SET UNIQUE_CHECKS=@OLD_UNIQUE_CHECKS */;
/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;
/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
/*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */;
-- Dump completed on 2012-03-22 15:29:35
src/warden-server/etc/warden-apache.conf 0 → 100644
+ 25
0
View file @ 295c7383
SSLEngine on
SSLVerifyDepth 3
SSLVerifyClient require
SSLOptions +StdEnvVars +ExportCertData
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile server-cert.pem
SSLCertificateKeyFile server-key.pem
SSLCACertificateFile ca-cert.pem
#Mozno umistit jeste pred samotny <VirtualHost>
#http://perl.apache.org/docs/2.0/user/config/config.html#C_Parent_
#Create a new parent Perl interpreter for the given VirtualHost and give it its own interpreter pool
PerlOptions +Parent
PerlSwitches -I/opt/warden-server/lib
<Location /Warden>
SetHandler perl-script
PerlHandler Warden::ApacheDispatch
SSLOptions +StdEnvVars
</Location>
src/warden-server/lib/Warden.pm 0 → 100755
+ 998
0
View file @ 295c7383
#!/usr/bin/perl -w
#
# warden-server.pl
#
# Copyright (C) 2011-2012 Cesnet z.s.p.o
# Author(s): Tomas PLESNIK <plesnik@ics.muni.cz>
# Jan SOUKAL <soukal@ics.muni.cz>
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
# 1. Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in
# the documentation and/or other materials provided with the
# distribution.
# 3. Neither the name of the Cesnet z.s.p.o nor the names of its
# contributors may be used to endorse or promote products derived from
# this software without specific prior written permission.
#
# This software is provided ``as is'', and any express or implied
# warranties, including, but not limited to, the implied warranties of
# merchantability and fitness for a particular purpose are disclaimed.
# In no event shall the Cesnet z.s.p.o or contributors be liable for
# any direct, indirect, incidental, special, exemplary, or consequential
# damages (including, but not limited to, procurement of substitute
# goods or services; loss of use, data, or profits; or business
# interruption) however caused and on any theory of liability, whether
# in contract, strict liability, or tort (including negligence or
# otherwise) arising in any way out of the use of this software, even
# if advised of the possibility of such damage.
package Warden;
use strict;
#use SOAP::Lite;
#use SOAP::Transport::TCP;
#use SOAP::Transport::HTTP;
#use File::Pid;
#use POSIX;
use DBI;
use DBD::mysql;
use Format::Human::Bytes;
use Sys::Syslog qw(:DEFAULT setlogsock);
Sys::Syslog::setlogsock('unix');
use File::Basename;
#use FindBin;
#use Data::Dumper;
use Net::CIDR::Lite;
use DateTime;
#use Crypt::OpenSSL::X509;
use MIME::Base64;
use Crypt::X509;
our $VERSION = "0.1";
################################################################################
# CONFIG FILE VARIABLES
################################################################################
#my $script_name = $FindBin::Script;
my $conf_file = "/opt/warden-server/etc/warden-server.conf";
#
## first declaration of globa variables from config file
#our $ADDRESS = undef;
#our $PORT = undef;
our $LOGDIR = undef;
#our $PIDDIR = undef;
our $VARDIR = undef;
#our $SSL_KEY_FILE = undef;
#our $SSL_CERT_FILE = undef;
#our $SSL_CA_FILE = undef;
our $FACILITY = undef;
#DB options
our $DB_NAME = undef;
our $DB_USER = undef;
our $DB_PASS = undef;
our $DB_HOST = undef;
#
#$ADDRESS = "147.228.52.72";
##
###-------------------------------------------------------------------------------
### PORT - used TCP port for Warden server
###-------------------------------------------------------------------------------
#$PORT = "8889";
##
###-------------------------------------------------------------------------------
### BASEDIR - base directory of Warden server
###-------------------------------------------------------------------------------
#our $BASEDIR = "/opt/warden-server/";
##
###-------------------------------------------------------------------------------
### VARDIR - var directory
###-------------------------------------------------------------------------------
#$VARDIR = "$BASEDIR/var/";
##
###-------------------------------------------------------------------------------
### LOGDIR - logging directory
###-------------------------------------------------------------------------------
#$LOGDIR = "/var/log/";
##
###-------------------------------------------------------------------------------
### PIDDIR - process ID directory
###-------------------------------------------------------------------------------
#$PIDDIR = "/var/run/";
##
##
##
## read config file
if ( ! open( TMP, $conf_file) ) {
die errMsg("Can't read config file '$conf_file': $!\n");
}
close TMP;
# load set variables by user
if ( !do $conf_file ) {
die errMsg("Errors in config file '$conf_file': $@");
}
#
################################################################################
# VARIABLES
################################################################################
#my $die_now = 0;
# PID path
#my $pid_file = $PIDDIR . $script_name . ".pid";
# DB file
#my $db_file = "warden.db";
#my $db = $VARDIR . $db_file;
# connect to DB - DBH is GLOBAL variable
#my $dbargs = {AutoCommit => 0, PrintError => 1};
#our $DBH = DBI->connect("dbi:SQLite:dbname=$db","","",$dbargs) or die errMsg("Can't connect to DB: $!");
our $DBH = DBI->connect("DBI:mysql:database=$DB_NAME;host=$DB_HOST", $DB_USER, $DB_PASS, {RaiseError => 1, mysql_auto_reconnect => 0}) || die "Could not connect to database: $DBI::errstr";
#our $DBH;
################################################################################
# LOCAL FUNCTIONS
################################################################################
#-------------------------------------------------------------------------------
# errMsg - print error message and die
#-------------------------------------------------------------------------------
sub errMsg
{
my $msg = shift;
$msg = trim($msg);
print $msg . "\n";
exit 1;
} # End of errMsg
#-------------------------------------------------------------------------------
# trim - remove whitespace from the start and end of the string
#-------------------------------------------------------------------------------
sub trim
{
my $string = shift;
$string =~ s/^\s+//;
$string =~ s/\s+$//;
return $string;
} # End of trim
#-------------------------------------------------------------------------------
# write2log - writing message to syslog
#-------------------------------------------------------------------------------
sub write2log
{
my $priority = shift;
my $msg = shift;
my $filename = File::Basename::basename($0);
Sys::Syslog::openlog($filename, "cons,pid", $FACILITY);
Sys::Syslog::syslog("$priority", "$msg");
Sys::Syslog::closelog();
} # End of write2log
#-------------------------------------------------------------------------------
# signalHandler - catch signals and end the program if one is caught.
#-------------------------------------------------------------------------------
#sub signalHandler
#{
# $die_now = 1; # this will cause the "infinite loop" to exit
#} # End of signalHandler
#
#
#-------------------------------------------------------------------------------
# sslErrorHandler - handle errors in SSL negitiation
#-------------------------------------------------------------------------------
#sub sslErrorHandler
#{
# my $socket = shift;
# my $msg = shift;
#
# my $ip = $socket->peerhost;
# print $socket $msg;
# $socket->close;
# write2log ("err", "Caught SSL handshake error from $ip: $msg");
# return 1;
#} # End of sslErrorHandler
#
#
#-------------------------------------------------------------------------------
# altNamesFilter - parse hostnames from subjectAltNames array for SQL
# IN operator in database query
#-------------------------------------------------------------------------------
sub altNamesFilter
{
# my $alt_names_array_ref = shift;
# my @alt_names_array = @$alt_names_array_ref;
#our $CN;
my $CN = $ENV{'SSL_CLIENT_S_DN_CN'};
my @an_array;
#push @an_array, $DBH->quote($CN);
# my $i = 1;
# while ($i <= scalar @alt_names_array) {
# push @an_array, $DBH->quote($alt_names_array[$i]);
# $i+=2;
# }
# my $an_filter = join(',', @an_array);
# return $an_filter;
push @an_array, "'$CN'";
my @a = split("\n", $ENV{'SSL_CLIENT_CERT'});
pop @a;
shift @a;
my $der = decode_base64(join("", @a));
my $decoded= Crypt::X509->new(cert => $der);
foreach my $tmp (@{$decoded->SubjectAltName}){
if($tmp =~ s/dNSName=//){
push @an_array, "'$tmp'";
}
}
my $an_filter = join(',', @an_array);
return $an_filter;
}
################################################################################
# SOAP Functions
################################################################################
#-----------------------------------------------------------------------------
# saveNewEvent - save new received event into database
#-----------------------------------------------------------------------------
sub saveNewEvent
{
my ($class, $data) = @_;
my ($sth, $cidr_list);
# variables defined by server
#our $IP; # IP address of sender
#our $CN; # common name of sender
#our $AN_FILTER; # alternate names of sender
# my @alt_names_array = $socket->peer_certificate("subjectAltNames");
my $CN = $ENV{'SSL_CLIENT_S_DN_CN'};
my $AN_FILTER = altNamesFilter(undef);
my $IP = $ENV{'REMOTE_ADDR'};
my $LOCAL_IP = $ENV{'SERVER_ADDR'};
my $cn_db = $DBH->quote($CN);
# variables defined by server
my $client_type = "s"; # incoming client MUST be sender
my $client_type_db = $DBH->quote($client_type);
my $valid = "t"; # registered sender has valid events
my $valid_db = $DBH->quote($valid);
my $received = DateTime->now; # time of event delivery (UTC)
my $received_db = $DBH->quote($received);
## parse object (event) parameters
my $service = $data->{'SERVICE'};
my $service_db = $DBH->quote($service);
my $detected = $data->{'DETECTED'};
my $detected_db = $DBH->quote($detected);
my $type = $data->{'TYPE'};
my $type_db = $DBH->quote($type);
my $source_type = $data->{'SOURCE_TYPE'};
my $source_type_db = $DBH->quote($source_type);
my $source = $data->{'SOURCE'};
my $source_db = $DBH->quote($source);
my $target_proto = $data->{'TARGET_PROTO'};
my $target_proto_db = $DBH->quote($target_proto);
my $target_port = $data->{'TARGET_PORT'};
my $target_port_db = $DBH->quote($target_port);
my $attack_scale = $data->{'ATTACK_SCALE'};
my $attack_scale_db = $DBH->quote($attack_scale);
my $note = $data->{'NOTE'};
my $note_db = $DBH->quote($note);
my $priority = $data->{'PRIORITY'};
my $priority_db = $DBH->quote($priority);
my $timeout = $data->{'TIMEOUT'};
my $timeout_db = $DBH->quote($timeout);
# Authorization of incomming client
#-----------------------------------------------------------------------------
# obtain cidr based on rigth common name and alternate names, service and client_type
$sth = $DBH->prepare("SELECT hostname, ip_net_client FROM clients WHERE hostname IN ($AN_FILTER) AND service = $service_db AND client_type = $client_type_db LIMIT 1;");
if ( !defined $sth ) {die("Cannot prepare authorization statement in saveNewEvent: $DBI::errstr\n")}
$sth->execute;
my ($an, $cidr) = $sth->fetchrow();
# check if client is registered
if (!defined $cidr) {
write2log ("err", "Unauthorized access to saveNewEvent from: $IP (CN: $CN; AN: $an) - client is not registered");
die("Access denied - client is not registered at warden server!");
} else {
$cidr_list = Net::CIDR::Lite
-> new
-> add($cidr);
}
# check if client has IP from registered CIDR
if (!$cidr_list->bin_find($IP)) {
write2log ("err", "Unauthorized access to saveNewEvent from: $IP (CN: $CN; AN: $an) - access from bad subnet: $cidr");
die("Access denied - access from bad subnet!");
} else {
# insert new event
$DBH->do("INSERT INTO events VALUES (null,$cn_db,$service_db,$detected_db,$received_db,$type_db,$source_type_db,$source_db,$target_proto_db,$target_port_db,$attack_scale_db,$note_db,$priority_db,$timeout_db,$valid_db);");
if ($DBH->err()) {die("Cannot do insert statement in saveNewEvent: $DBI::errstr\n")}
#$DBH->commit();
# log last inserted ID
$sth = $DBH->prepare("SELECT last_insert_id()");
if ( !defined $sth ) {die("Cannot prepare last ID statement in saveNewEvent: $DBI::errstr\n")}
$sth->execute;
my $id= $sth->fetchrow();
write2log ("info", "Stored new event (#$id) from $IP (CN: $CN; AN: )");
if (! defined $id) {
write2log ("err", "Event from $IP ($CN) was not save: INSERT INTO events VALUES (null,$cn_db,$service_db,$detected_db,$received_db,$type_db,$source_type_db,$source_db,$target_proto_db,$target_port_db,$attack_scale_db,$note_db,$priority_db,$timeout_db,$valid_db);");
die("Event was not save at warden server - database return empty ID!");
return 0;
} else {
return 1;
}
}
#$DBH->disconnect();
} # END of saveNewEvent
#-----------------------------------------------------------------------------
# getNewEvents - get new events from the DB greater than received ID
#-----------------------------------------------------------------------------
sub getNewEvents
{
my ($class, $data) = @_;
my ($sth, @events, $event, @ids);
my ($id, $hostname, $service, $detected, $type, $source_type, $source, $target_proto, $target_port, $attack_scale, $note, $priority, $timeout);
# variables defined by server
#our $IP; # IP address of receiver
#our $CN; # common name of receiver
#our $AN_FILTER; # alternate name of receiver
my $CN = $ENV{'SSL_CLIENT_S_DN_CN'};
my $AN_FILTER = altNamesFilter(undef);
my $IP = $ENV{'REMOTE_ADDR'};
my $cn_db = $DBH->quote($CN);
my $client_type = "r"; # incoming client MUST be sender
my $client_type_db = $DBH->quote($client_type);
my $cidr_list;
# parse SOAP data object
my $requested_type = $data->{'REQUESTED_TYPE'};
my $requested_type_db = $DBH->quote($requested_type);
my $last_id = $data->{'LAST_ID'};
my $last_id_db = $DBH->quote($last_id);
# Authorization of incomming client
#-----------------------------------------------------------------------------
# obtain cidr based on rigth common name, service and client_type
$sth = $DBH->prepare("SELECT hostname, receive_own_events, ip_net_client FROM clients WHERE hostname IN ($AN_FILTER) AND type = $requested_type_db AND client_type = $client_type_db limit 1;");
if ( !defined $sth ) {die("Cannot prepare authorization statement in getNewEvents: $DBI::errstr\n")}
$sth->execute;
my ($an, $receive_own_events, $cidr) = $sth->fetchrow();
# check if client is registered
if (!defined $cidr) {
write2log ("err", "Unauthorized access to getNewEvents from: $IP (CN: $CN; AN: $an) - client is not registered");
die("Access denied - client is not registered at warden server!");
} else {
$cidr_list = Net::CIDR::Lite
-> new
-> add($cidr);
}
# check if client has IP from registered CIDR
if (!$cidr_list->bin_find($IP)) {
write2log ("err", "Unauthorized access to getNewEvents from: $IP (CN: $CN; AN: $an) - access from bad subnet: $cidr");
die("Access denied - access from bad subnet!");
} else {
# check if client want your own events or not
if ($receive_own_events eq 't') {
write2log("info", "SELECT * FROM events WHERE type != 'test' AND id > $last_id_db AND type = $requested_type_db AND valid = 't' ORDER BY id ASC;");
$sth = $DBH->prepare("SELECT * FROM events WHERE type != 'test' AND id > $last_id_db AND type = $requested_type_db AND valid = 't' ORDER BY id ASC;");
} else {
my ($domain) = $CN =~ /([^\.]+\.[^\.]+)$/;
my $domain_db = $DBH->quote("%$domain");
write2log("info", "SELECT * FROM events WHERE type != 'test' AND id > $last_id_db AND type = $requested_type_db AND valid = 't' AND hostname NOT LIKE $domain_db ORDER BY id ASC;");
$sth = $DBH->prepare("SELECT * FROM events WHERE type != 'test' AND id > $last_id_db AND type = $requested_type_db AND valid = 't' AND hostname NOT LIKE $domain_db ORDER BY id ASC;");
}
if ( !defined $sth ) { die("Cannot prepare statement in getNewEvents: $DBI::errstr\n") }
$sth->execute;
# parse items of events stored in DB
while (my @result = $sth->fetchrow()) {
$id = $result[0];
$hostname = $result[1];
$service = $result[2];
$detected = $result[3];
$type = $result[5];
$source_type = $result[6];
$source = $result[7];
$target_proto = $result[8];
$target_port = $result[9];
$attack_scale = $result[10];
$note = $result[11];
$priority = $result[12];
$timeout = $result[13];
# create SOAP data object
$event = SOAP::Data->name(event => \SOAP::Data->value(
SOAP::Data->name(ID => $id),
SOAP::Data->name(HOSTNAME => $hostname),
SOAP::Data->name(SERVICE => $service),
SOAP::Data->name(DETECTED => $detected),
SOAP::Data->name(TYPE => $type),
SOAP::Data->name(SOURCE_TYPE => $source_type),
SOAP::Data->name(SOURCE => $source),
SOAP::Data->name(TARGET_PROTO => $target_proto),
SOAP::Data->name(TARGET_PORT => $target_port),
SOAP::Data->name(ATTACK_SCALE => $attack_scale),
SOAP::Data->name(NOTE => $note),
SOAP::Data->name(PRIORITY => $priority),
SOAP::Data->name(TIMEOUT => $timeout)
));
push(@events, $event);
push(@ids, $id);
}
# log sent ID of events
if (scalar(@events) != 0) {
write2log("info", "Sent events with ID: [@ids] to $IP (CN: $CN; AN: $an)");
}
return @events;
}
} # END of getNewEvents
#
##-----------------------------------------------------------------------------
## getLastId - get lastest saved event ID
##-----------------------------------------------------------------------------
sub getLastId
{
my ($class, $arg) = @_;
my $sth = $DBH->prepare("SELECT max(id) FROM events;");
if ( !defined $sth ) { die("Cannot prepare statement in getLastId: $DBI::errstr\n") }
$sth->execute;
my $result = $sth->fetchrow();
return $result;
} # END of getLastID
##-----------------------------------------------------------------------------
## registerSender - register new sender
##-----------------------------------------------------------------------------
sub registerSender
{
my ($class, $data) = @_;
my $sth;
#our $IP;
#our $LOCAL_IP;
#our $CN;
my $CN = $ENV{'SSL_CLIENT_S_DN_CN'};
my $IP = $ENV{'REMOTE_ADDR'};
my $LOCAL_IP = $ENV{'SERVER_ADDR'};
if ($LOCAL_IP ne $IP) {
write2log ("err", "Unauthorized access to registerSender from: $IP ($CN) - access allowed only from localhost");
die("Access denied - access allowed only from localhost!");
} else {
# defined variables by server
my $client_type = "s";
my $client_type_db = $DBH->quote($client_type);
my $registered = DateTime->now;
my $registered_db = $DBH->quote($registered);
my $type = "null";
my $type_db = $DBH->quote($type);
my $receive_own_events = "null";
my $receive_own_events_db = $DBH->quote($receive_own_events);
# parse SOAP data oject
my $hostname = $data->{'HOSTNAME'};
my $hostname_db = $DBH->quote($hostname);
my $requestor = $data->{'REQUESTOR'};
my $requestor_db = $DBH->quote($requestor);
my $service = $data->{'SERVICE'};
my $service_db = $DBH->quote($service);
my $description_tags = $data->{'DESCRIPTION_TAGS'};
my $description_tags_db = $DBH->quote($description_tags);
my $ip_net_client = $data->{'IP_NET_CLIENT'};
my $ip_net_client_db = $DBH->quote($ip_net_client);
# check if sender has been already registered
$sth = $DBH->prepare("SELECT registered FROM clients WHERE hostname = $hostname_db AND requestor = $requestor_db AND service = $service_db AND client_type = $client_type_db AND type = $type_db AND receive_own_events = $receive_own_events_db AND description_tags = $description_tags_db AND ip_net_client = $ip_net_client_db;");
if ( !defined $sth ) {die("Cannot prepare check statement in registerSender: $DBI::errstr\n")}
$sth->execute;
my $result = $sth->fetchrow();
# register new sender
if (defined $result) {
write2log ("err", "Attempt to re-register the sender");
die("Error - sender has already been registered at $result");
} else {
$DBH->do("INSERT INTO clients VALUES (null,$hostname_db,$registered_db,$requestor_db,$service_db,$client_type_db,$type_db,$receive_own_events_db,$description_tags_db,$ip_net_client_db);");
if ($DBH->err()) {die("Cannot do statement in registerSender: $DBI::errstr\n")}
#$DBH->commit();
write2log("info", "New sender $hostname (service: $service, cidr: $ip_net_client) was registered");
return 1;
}
}
} # END of registerSender
##-----------------------------------------------------------------------------
## registerReceiver - register new receiver
##-----------------------------------------------------------------------------
sub registerReceiver
{
my ($class, $data) = @_;
my $sth;
#our $IP;
#our $LOCAL_IP;
#our $CN;
my $CN = $ENV{'SSL_CLIENT_S_DN_CN'};
my $IP = $ENV{'REMOTE_ADDR'};
my $LOCAL_IP = $ENV{'SERVER_ADDR'};
if ($LOCAL_IP ne $IP) {
write2log ("err", "Unauthorized access to registerReceiver from: $IP ($CN) - access allowed only from localhost");
die("Access denied - access allowed only from localhost!");
} else {
# variables defined by server
my $client_type = "r";
my $client_type_db = $DBH->quote($client_type);
my $registered = DateTime->now;
my $registered_db = $DBH->quote($registered);
my $service = "null";
my $service_db = $DBH->quote($service);
my $description_tags = "null";
my $description_tags_db = $DBH->quote($description_tags);
# parse SOAP data oject
my $hostname = $data->{'HOSTNAME'};
my $hostname_db = $DBH->quote($hostname);
my $requestor = $data->{'REQUESTOR'};
my $requestor_db = $DBH->quote($requestor);
my $type = $data->{'TYPE'};
my $type_db = $DBH->quote($type);
my $receive_own_events = $data->{'RECEIVE_OWN_EVENTS'};
my $receive_own_events_db = $DBH->quote($receive_own_events);
my $ip_net_client = $data->{'IP_NET_CLIENT'};
my $ip_net_client_db = $DBH->quote($ip_net_client);
# check if receiver has been already registered
$sth = $DBH->prepare("SELECT registered FROM clients WHERE hostname = $hostname_db AND requestor = $requestor_db AND service = $service_db AND client_type = $client_type_db AND type = $type_db AND receive_own_events = $receive_own_events_db AND description_tags = $description_tags_db AND ip_net_client = $ip_net_client_db;");
if ( !defined $sth ) {die("Cannot prepare check statement in registerReceiver: $DBI::errstr\n")}
$sth->execute;
my $result = $sth->fetchrow();
# register new receiver
if (defined $result) {
write2log ("err", "Attempt to re-register the receiver");
die("Error - receiver has already been registered at $result");
} else {
$DBH->do("INSERT INTO clients VALUES (null,$hostname_db,$registered_db,$requestor_db,$service_db,$client_type_db,$type_db,$receive_own_events_db,$description_tags_db,$ip_net_client_db);");
if ($DBH->err()) {die("Cannot do statement in registerReceiver: $DBI::errstr\n")}
#$DBH->commit();
write2log("info", "New receiver $hostname (type: $type, cidr: $ip_net_client: receive_own_events: $receive_own_events) was registered");
return 1;
}
}
} # END of registerReceiver
#-----------------------------------------------------------------------------
# unregisterClient - unregister client
#-----------------------------------------------------------------------------
sub unregisterClient
{
my ($class, $data) = @_;
my $sth;
#our $IP;
#our $LOCAL_IP;
#our $CN;
my $CN = $ENV{'SSL_CLIENT_S_DN_CN'};
my $IP = $ENV{'REMOTE_ADDR'};
my $LOCAL_IP = $ENV{'SERVER_ADDR'};
if ($LOCAL_IP ne $IP) {
write2log ("err", "Unauthorized access to unregisterClients from: $IP ($CN) - access allowed only from localhost");
die("Access denied - access allowed only from localhost!");
} else {
# parse SOAP data oject
my $client_id = $data->{'CLIENT_ID'};
my $client_id_db = $DBH->quote($client_id);
# check if receiver has been already registered
$sth = $DBH->prepare("SELECT client_id, hostname, service, client_type FROM clients WHERE client_id = $client_id_db;");
if ( !defined $sth ) {die("Cannot prepare check statement in unregisterClient: $DBI::errstr\n")}
$sth->execute;
my ($id, $hostname, $service, $client_type) = $sth->fetchrow();
my $hostname_db = $DBH->quote($hostname);
my $service_db = $DBH->quote($service);
# delete registered client
if (!defined $id) {
write2log ("err", "Attempt to delete unregister client");
die("Error - client (#$client_id) is not registered");
} else {
if ($client_type eq 's') {
$DBH->do("DELETE FROM clients WHERE client_id = $client_id_db;");
if ($DBH->err()) {die("Cannot do delete statement of sender in unregisterClient: $DBI::errstr\n")}
#$DBH->commit();
$DBH->do("UPDATE events SET valid = 'f' where hostname = $hostname_db AND service = $service_db;");
if ($DBH->err()) {die("Cannot do unvalidation statement in unregisterClient: $DBI::errstr\n")}
#$DBH->commit();
write2log("info", "Sender $hostname (client_id: $client_id, service: $service) was deleted and its data were invalidated" );
return 1;
} else {
$DBH->do("DELETE FROM clients WHERE client_id = $client_id_db;");
if ($DBH->err()) {die("Cannot do delete statement of receiver in unregisterClient: $DBI::errstr\n")}
#$DBH->commit();
write2log("info", "Receiver $hostname (client_id: $client_id) was deleted" );
return 1;
}
}
}
} # END of unregisterClient
#-----------------------------------------------------------------------------
# getClients - get list of clients which were registered at warden server
#-----------------------------------------------------------------------------
sub getClients
{
my ($class, $arg) = @_;
#our $IP;
#our $LOCAL_IP;
#our $CN;
my $CN = $ENV{'SSL_CLIENT_S_DN_CN'};
my $IP = $ENV{'REMOTE_ADDR'};
my $LOCAL_IP = $ENV{'SERVER_ADDR'};
if ($LOCAL_IP ne $IP) {
write2log ("err", "Unauthorized access to getClients from: $IP ($CN) - access allowed only from localhost");
die("Access denied - access allowed only from localhost!");
} else {
my (@clients, $client);
my ($client_id, $hostname, $registered, $requestor, $service, $client_type, $type, $receive_own_events, $description_tags, $ip_net_client);
my $sth = $DBH->prepare("SELECT * FROM clients;");
if (!defined $sth) { die("Cannot prepare statement in getClients: $DBI::errstr\n") }
$sth->execute;
while ( my @result = $sth->fetchrow() ) {
$client_id = $result[0];
$hostname = $result[1];
$registered = $result[2];
$requestor = $result[3];
$service = $result[4];
$client_type = $result[5];
$type = $result[6];
$receive_own_events = $result[7];
$description_tags = $result[8];
$ip_net_client = $result[9];
$client = SOAP::Data->name(client => \SOAP::Data->value(
SOAP::Data->name(CLIENT_ID => $client_id),
SOAP::Data->name(HOSTNAME => $hostname),
SOAP::Data->name(REGISTERED => $registered),
SOAP::Data->name(REQUESTOR => $requestor),
SOAP::Data->name(SERVICE => $service),
SOAP::Data->name(CLIENT_TYPE => $client_type),
SOAP::Data->name(TYPE => $type),
SOAP::Data->name(RECEIVE_OWN_EVENTS => $receive_own_events),
SOAP::Data->name(DESCRIPTION_TAGS => $description_tags),
SOAP::Data->name(IP_NET_CLIENT => $ip_net_client),
));
push(@clients, $client);
}
my $sum = scalar @clients;
write2log("info", "Sending information about $sum registered clients");
return @clients;
}
} # END of getClients
#-----------------------------------------------------------------------------
# getStatus - get list of status items of warden server
#-----------------------------------------------------------------------------
sub getStatus
{
my ($class, $arg) = @_;
#our $IP;
#our $LOCAL_IP;
#our $CN;
my $CN = $ENV{'SSL_CLIENT_S_DN_CN'};
my $IP = $ENV{'REMOTE_ADDR'};
my $LOCAL_IP = $ENV{'SERVER_ADDR'};
if ($LOCAL_IP ne $IP) {
write2log ("err", "Unauthorized access to getStatus from: $IP ($CN) - access allowed only from localhost");
die("Access denied - access allowed only from localhost!");
} else {
my ($sth, @status);
# size of database events
#my $db_size = Format::Human::Bytes::base10(-s $db);
$sth = $DBH->prepare("SELECT data_length + index_length FROM information_schema.TABLES WHERE table_schema = ? AND TABLE_NAME = ?");
$sth->execute("warden", "events");
my $db_size_db = $sth->fetchrow();
my $db_size = (defined $db_size_db ? Format::Human::Bytes::base10($db_size_db) : "none");
# sum of records in table events
$sth = $DBH->prepare("SELECT count(*) FROM events WHERE valid = 't';");
if (!defined $sth) { die("Cannot prepare statement in getStatus: $DBI::errstr\n") }
$sth->execute;
my $events_sum = $sth->fetchrow();
if (!defined $events_sum) { $events_sum = "none" }
# id of last record in table events
$sth = $DBH->prepare("SELECT max(id) FROM events;");
if (!defined $sth) { die("Cannot prepare statement in getStatus: $DBI::errstr\n") }
$sth->execute;
my $events_last_id = $sth->fetchrow();
if (!defined $events_last_id) { $events_last_id = "none" }
# timestamp of first record in table events
$sth = $DBH->prepare("SELECT received FROM events WHERE id = (SELECT min(id) FROM events);");
if (!defined $sth) { die("Cannot prepare statement in getStatus: $DBI::errstr\n") }
$sth->execute;
my $events_first_timestamp = $sth->fetchrow();
if (!defined $events_first_timestamp) { $events_first_timestamp = "none" }
# timestamp of last record in table events
$sth = $DBH->prepare("SELECT received FROM events WHERE id = (SELECT max(id) FROM events);");
if (!defined $sth) { die("Cannot prepare statement in getStatus: $DBI::errstr\n") }
$sth->execute;
my $events_last_timestamp = $sth->fetchrow();
if (!defined $events_last_timestamp) { $events_last_timestamp = "none" }
# sum of records in table clients
$sth = $DBH->prepare("SELECT count(*) FROM clients;");
if (!defined $sth) { die("Cannot prepare statement in getStatus: $DBI::errstr\n") }
$sth->execute;
my $clients_sum = $sth->fetchrow();
if (!defined $clients_sum) { $clients_sum = "none" }
my $server_status = SOAP::Data->name(server_status => \SOAP::Data->value(
SOAP::Data->name(VERSION => $VERSION),
#SOAP::Data->name(ADDRESS => $ADDRESS),
#SOAP::Data->name(PORT => $PORT),
SOAP::Data->name(LOGDIR => $LOGDIR),
#SOAP::Data->name(PIDDIR => $PIDDIR),
SOAP::Data->name(VARDIR => $VARDIR),
#SOAP::Data->name(SSL_KEY_FILE => $SSL_KEY_FILE),
#SOAP::Data->name(SSL_CERT_FILE => $SSL_CERT_FILE),
#SOAP::Data->name(SSL_CA_FILE => $SSL_CA_FILE),
SOAP::Data->name(FACILITY => $FACILITY),
SOAP::Data->name(DB_SIZE => $db_size),
SOAP::Data->name(EVENTS_SUM => $events_sum),
SOAP::Data->name(EVENTS_LAST_ID => $events_last_id),
SOAP::Data->name(EVENTS_FIRST_TIMESTAMP => $events_first_timestamp),
SOAP::Data->name(EVENTS_LAST_TIMESTAMP => $events_last_timestamp),
SOAP::Data->name(CLIENTS_SUM => $clients_sum)
));
push(@status, $server_status);
# statistics of senders
if ($clients_sum != 0) {
$sth = $DBH->prepare("SELECT client_id, hostname, service FROM clients WHERE client_type = 's';");
if (!defined $sth) { die("Cannot prepare statement in getStatus: $DBI::errstr\n") }
$sth->execute;
my ($client_id, $hostname, $service);
my $client_status;
while(($client_id, $hostname, $service) = $sth->fetchrow()) {
my $hostname_db = $DBH->quote($hostname);
my $service_db = $DBH->quote($service);
my $sth2;
# sum of stored events
$sth2 = $DBH->prepare("SELECT count(*) FROM events WHERE hostname = $hostname_db AND service = $service_db;");
if ( !defined $sth2 ) { die("Cannot prepare statement in getStatus: $DBI::errstr\n") }
$sth2->execute;
my $count = $sth2->fetchrow();
if (!defined $count) {$count = "none"}
# timestamp of last stored event
$sth2 = $DBH->prepare("SELECT max(received) FROM events WHERE hostname = $hostname_db AND service = $service_db;");
if ( !defined $sth2 ) { die("Cannot prepare statement in getStatus: $DBI::errstr\n") }
$sth2->execute;
my $timestamp = $sth2->fetchrow();
if (!defined $timestamp) { $timestamp = "none" }
# create SOAP data object
$client_status = SOAP::Data->name(client_status => \SOAP::Data->value(
SOAP::Data->name(CLIENT_ID => $client_id),
SOAP::Data->name(HOSTNAME => $hostname),
SOAP::Data->name(SERVICE => $service),
SOAP::Data->name(COUNT => $count),
SOAP::Data->name(TIMESTAMP => $timestamp),
));
push(@status, $client_status);
}
}
write2log("info", "Sent of warden server status info");
return @status;
}
} # END of getStatus
##
##
##################################################################################
### MAIN warden-server
##################################################################################
##
###-------------------------------------------------------------------------------
### Superuser controle
###-------------------------------------------------------------------------------
##my $UID = $<;
##if ($UID != 0) {
## die errMsg("You must be root for running this script!")
##}
##
###-------------------------------------------------------------------------------
### Daemonize section
###-------------------------------------------------------------------------------
##use POSIX qw(setsid);
##chdir '/';
##umask 0;
### all STDERR messages are printed on terminal
##open STDIN, '/dev/null' or die errMsg("Can't read /dev/null: $!");
##open STDOUT, '/dev/null' or die errMsg("Can't write to /dev/null: $!");
##defined( my $pid = fork ) or die errMsg("Can't fork: $!");
##exit if $pid;
##
###-------------------------------------------------------------------------------
### Dissociate this process from the controlling terminal
### that started it and stop being part of whatever
### process group this process was a part of.
###------------------------------------------------------------------------------
##POSIX::setsid() or die errMsg("Can't start a new session.");
##
###-------------------------------------------------------------------------------
### Callback signal handler for signals.
###-------------------------------------------------------------------------------
##$SIG{INT} = $SIG{TERM} = $SIG{HUP} = \&signalHandler;
##$SIG{PIPE} = 'ignore';
##
###-------------------------------------------------------------------------------
### Create pid file in /var/run/
###-------------------------------------------------------------------------------
##my $pfh = File::Pid->new( { file => $pid_file, } );
##$pfh->write or die errMsg("Can't write PID file $pid_file: $!");
##my $pid_number = $pfh->pid;
##
###-------------------------------------------------------------------------------
### Starting of Warden server
###-------------------------------------------------------------------------------
##write2log("info", "Starting WARDEN server daemon with pid $pid_number");
##
### log of warden database size
##my $db_size_human = Format::Human::Bytes::base10(-s $db);
##write2log("info", "Size of DB file ($db_file) is: $db_size_human");
##
### start TCP server
##my $server = SOAP::Transport::TCP::Server
## ->new(
## Listen => 5,
## LocalAddr => $ADDRESS,
## LocalPort => $PORT,
## Proto => "tcp",
## ReuseAddr => 1,
## SSL_verify_mode => 0x02,
## SSL_use_cert => 1,
## SSL_server => 1,
## SSL_key_file => $SSL_KEY_FILE,
## SSL_cert_file => $SSL_CERT_FILE,
## SSL_ca_file => $SSL_CA_FILE,
## SSL_error_trap =>\&sslErrorHandler,
## );
##
### check if socket exist
##$server or die errMsg("Socket error: $!");
##
### start SOAP server
##my $soap = SOAP::Server
## ->new()
## ->dispatch_to('Warden');
##
##
###-------------------------------------------------------------------------------
### Process of incoming client's requests and send response
###-------------------------------------------------------------------------------
##write2log("info", "Starting TCP and SOAP server at $ADDRESS:$PORT");
##while ($die_now != 1)
##{
## my $socket = $server->accept();
## next if (!$socket);
##
# our $CN = $ENV{'SSL_CLIENT_S_DN_CN'};
# my @alt_names_array = $socket->peer_certificate("subjectAltNames");
# our $AN_FILTER = altNamesFilter(undef);
# our $IP = $ENV{'REMOTE_ADDR'};
# our $LOCAL_IP = $ENV{'SERVER_ADDR'};
##
## # read input serialized SOAP envelope and data
## my ($request, $buf);
## while (defined($buf = <$socket>))
## {
## $request .= $buf;
## }
##
## # handle of called server function from client and send response to client
## my $response = $soap->handle($request);
## print $socket $response;
##
## $socket->close;
## undef($socket);
## undef($CN);
## undef($AN_FILTER);
## undef($IP);
## undef($LOCAL_IP);
##}
##
##
##
##################################################################################
### Cleanup section
##################################################################################
##END {
## if ($die_now == 1)
## {
## my $pid = trim(`cat $pid_file`);
## write2log("info", "Stopping WARDEN server daemon with pid $pid");
##
## # close connection to DB
## $DBH->disconnect();
##
## # remove pid file
## $pfh->remove if defined $pfh;
## }
##}
#
1;
src/warden-server/lib/Warden/ApacheDispatch.pm 0 → 100644
+ 7
0
View file @ 295c7383
package Warden::ApacheDispatch;
use SOAP::Transport::HTTP;
my $server = SOAP::Transport::HTTP::Apache->dispatch_to('.','Warden');
sub handler {
$server->handler(@_)
}
1;
src/warden-server/lib/WardenReg.pm
+ 71
20
View file @ 295c7383
......@@ -36,7 +36,8 @@ package WardenReg;
use strict;
use SOAP::Lite;
use IO::Socket::SSL qw(debug1);
use SOAP::Transport::TCP;
#use SOAP::Transport::TCP;
use SOAP::Transport::HTTP;
our $VERSION = "0.1";
......@@ -54,6 +55,47 @@ sub errMsg
#-------------------------------------------------------------------------------
# c2s - connect to server, send request and receive response
#-------------------------------------------------------------------------------
#sub c2s
#{
# my $uri = shift;
# my $ssl_key_file = shift;
# my $ssl_cert_file = shift;
# my $ssl_ca_file = shift;
# my $method = shift;
# my $data = shift;
#
# my $client;
# my ($server, $port, $service) = $uri =~ /https:\/\/(.+)\:(\d+)\/(.+)/;
# if (!($client = SOAP::Transport::TCP::Client->new(
# PeerAddr => $server,
# PeerPort => $port,
# Proto => 'tcp',
# SSL_use_cert => 1,
# SSL_verify_mode => 0x02,
# SSL_key_file => $ssl_key_file,
# SSL_cert_file => $ssl_cert_file,
# SSL_ca_file => $ssl_ca_file,
# ))) {errMsg("Sorry, unable to create socket: " . &SOAP::Transport::TCP::Client::errstr)}
#
# # setting of URI and serialize SOAP envelope and data object
# my $soap = SOAP::Lite->uri($uri);
# my $envelope = $soap->serializer->envelope(method => $method, $data);
#
# # setting of TCP URI and send serialized SOAP envelope and data
# my $tcp_uri = "tcp://$server:$port/$service";
# my $result = $client->send_receive(envelope => $envelope, endpoint => $tcp_uri);
#
# # check server response
# if (!defined $result) {
# errMsg("Error: server returned empty response." . "\n" . "Problem with used SSL ceritificates or Warden server at $server:$port is down.");
# } else {
# # deserialized response from server -> create SOAP envelope and data object
# my $response = $soap->deserializer->deserialize($result);
# # check SOAP fault status
# $response->fault ? errMsg("Server sent error message:: " . $response->faultstring) : return 1;
# }
#}
#
sub c2s
{
my $uri = shift;
......@@ -65,23 +107,29 @@ sub c2s
my $client;
my ($server, $port, $service) = $uri =~ /https:\/\/(.+)\:(\d+)\/(.+)/;
if (!($client = SOAP::Transport::TCP::Client->new(
PeerAddr => $server,
PeerPort => $port,
Proto => 'tcp',
if (!($client = SOAP::Transport::HTTP::Client->new(
# ssl_opts => {
# verify_hostname => 0,
# SSL_use_cert => 1,
# SSL_verify_mode => 0x02,
# SSL_key_file => $ssl_key_file,
# SSL_cert_file => $ssl_cert_file,
# SSL_ca_file => $ssl_ca_file
#}
))) {errMsg("Sorry, unable to create socket: " . &SOAP::Transport::HTTP::Client::errstr)}
$client->ssl_opts( verify_hostname => 1,
SSL_use_cert => 1,
SSL_verify_mode => 0x02,
SSL_key_file => $ssl_key_file,
SSL_cert_file => $ssl_cert_file,
SSL_ca_file => $ssl_ca_file,
))) {errMsg("Sorry, unable to create socket: " . &SOAP::Transport::TCP::Client::errstr)}
SSL_ca_file => $ssl_ca_file);
# setting of URI and serialize SOAP envelope and data object
my $soap = SOAP::Lite->uri($uri);
my $soap = SOAP::Lite->uri($service)->proxy($uri);
my $envelope = $soap->serializer->envelope(method => $method, $data);
# setting of TCP URI and send serialized SOAP envelope and data
my $tcp_uri = "tcp://$server:$port/$service";
my $tcp_uri = "https://$server:$port/$service";
my $result = $client->send_receive(envelope => $envelope, endpoint => $tcp_uri);
# check server response
......@@ -95,6 +143,9 @@ sub c2s
}
}
#-------------------------------------------------------------------------------
# registerSender - register new warden sender
#-------------------------------------------------------------------------------
......
......
src/warden-server/lib/WardenStatus.pm
+ 104
47
View file @ 295c7383
......@@ -36,9 +36,11 @@ package WardenStatus;
use strict;
use SOAP::Lite;
use IO::Socket::SSL qw(debug1);
use SOAP::Transport::TCP
#use SOAP::Transport::TCP;
use SOAP::Transport::HTTP;
#use Data::Dumper;
our $VERSION = "0.1";
our $VERSION = "0.2";
#-------------------------------------------------------------------------------
# errMsg - print error message and die
......@@ -53,6 +55,45 @@ sub errMsg
#-------------------------------------------------------------------------------
# c2s - connect to server, send request and receive response
#-------------------------------------------------------------------------------
#sub c2s
#{
# my $uri = shift;
# my $ssl_key_file = shift;
# my $ssl_cert_file = shift;
# my $ssl_ca_file = shift;
# my $method = shift;
#
# my $client;
# my ($server, $port, $service) = $uri =~ /https:\/\/(.+)\:(\d+)\/(.+)/;
# if (!($client = SOAP::Transport::TCP::Client->new(
# PeerAddr => $server,
# PeerPort => $port,
# Proto => 'tcp',
# SSL_use_cert => 1,
# SSL_verify_mode => 0x02,
# SSL_key_file => $ssl_key_file,
# SSL_cert_file => $ssl_cert_file,
# SSL_ca_file => $ssl_ca_file,
# ))) {errMsg("Sorry, unable to create socket: " . &SOAP::Transport::TCP::Client::errstr)}
#
# # setting of URI and serialize SOAP envelope and data object
# my $soap = SOAP::Lite->uri($uri);
# my $envelope = $soap->serializer->envelope(method => $method);
#
# # setting of TCP URI and send serialized SOAP envelope and data
# my $tcp_uri = "tcp://$server:$port/$service";
# my $result = $client->send_receive(envelope => $envelope, endpoint => $tcp_uri);
#
# # check server response
# if (!defined $result) {
# errMsg("Error: server returned empty response." . "\n" . "Problem with used SSL ceritificates or Warden server at $server:$port is down.");
# } else {
# # deserialized response from server -> create SOAP envelope and data object
# my $response = $soap->deserializer->deserialize($result);
# # check SOAP fault status
# $response->fault ? errMsg("Server sent error message:: " . $response->faultstring) : return $response;
# }
#}
sub c2s
{
my $uri = shift;
......@@ -60,26 +101,33 @@ sub c2s
my $ssl_cert_file = shift;
my $ssl_ca_file = shift;
my $method = shift;
my $data = shift;
my $client;
my ($server, $port, $service) = $uri =~ /https:\/\/(.+)\:(\d+)\/(.+)/;
if (!($client = SOAP::Transport::TCP::Client->new(
PeerAddr => $server,
PeerPort => $port,
Proto => 'tcp',
if (!($client = SOAP::Transport::HTTP::Client->new(
# ssl_opts => {
# verify_hostname => 0,
# SSL_use_cert => 1,
# SSL_verify_mode => 0x02,
# SSL_key_file => $ssl_key_file,
# SSL_cert_file => $ssl_cert_file,
# SSL_ca_file => $ssl_ca_file
#}
))) {errMsg("Sorry, unable to create socket: " . &SOAP::Transport::HTTP::Client::errstr)}
$client->ssl_opts( verify_hostname => 1,
SSL_use_cert => 1,
SSL_verify_mode => 0x02,
SSL_key_file => $ssl_key_file,
SSL_cert_file => $ssl_cert_file,
SSL_ca_file => $ssl_ca_file,
))) {errMsg("Sorry, unable to create socket: " . &SOAP::Transport::TCP::Client::errstr)}
SSL_ca_file => $ssl_ca_file);
# setting of URI and serialize SOAP envelope and data object
my $soap = SOAP::Lite->uri($uri);
my $soap = SOAP::Lite->uri($service)->proxy($uri);
my $envelope = $soap->serializer->envelope(method => $method);
# setting of TCP URI and send serialized SOAP envelope and data
my $tcp_uri = "tcp://$server:$port/$service";
my $tcp_uri = "https://$server:$port/$service";
my $result = $client->send_receive(envelope => $envelope, endpoint => $tcp_uri);
# check server response
......@@ -109,16 +157,18 @@ sub getClients
my $conf_file = $etcdir . "warden-client.conf";
my ($uri, $ssl_key_file, $ssl_cert_file, $ssl_ca_file) = WardenConf::loadConf($conf_file);
# call server method getClients
my $response = c2s($uri, $ssl_key_file, $ssl_cert_file, $ssl_ca_file, "getClients");
# match getClients functions response
$response->match('/Envelope/Body/getClientsResponse/');
my $i = 1;
my ($client_id, $hostname, $registered, $requestor, $service, $client_type, $type, $receive_own_events, $description_tags, $ip_net_client);
my @clients;
my $response_data = $response->valueof("[$i]");
# parse returned SOAP data object
my @response_list = $response->valueof('/Envelope/Body/getClientsResponse/');
while (scalar @response_list) {
my $response_data = shift(@response_list);
# parse returned data object
while (defined $response_data) {
# inicialization of temporal client array
my @client;
# parse items of one client
......@@ -128,14 +178,18 @@ sub getClients
$requestor = $response_data->{'REQUESTOR'};
$service = $response_data->{'SERVICE'};
$client_type = $response_data->{'CLIENT_TYPE'};
$type = $response_data->{'TYPE'};
$receive_own_events = $response_data->{'RECEIVE_OWN_EVENTS'};
$description_tags = $response_data->{'DESCRIPTION_TAGS'};
$type = defined $response_data->{'TYPE'} ? $response_data->{'TYPE'} : "";
$receive_own_events = defined $response_data->{'RECEIVE_OWN_EVENTS'} ? $response_data->{'RECEIVE_OWN_EVENTS'} : "";
$description_tags = defined $response_data->{'DESCRIPTION_TAGS'} ? $response_data->{'DESCRIPTION_TAGS'} : "";
$ip_net_client = $response_data->{'IP_NET_CLIENT'};
# push received clients from warden server into @clients which is returned
@client = ("$client_id", "$hostname", "$registered", "$requestor", "$service", "$client_type", "$type", "$receive_own_events", "$description_tags", "$ip_net_client");
push (@clients,\@client);
# go to the next received client
$i++;
$response_data = $response->valueof("[$i]");
}
return @clients;
} # End of getClients
......@@ -156,23 +210,25 @@ sub getStatus
my $conf_file = $etcdir . "warden-client.conf";
my ($uri, $ssl_key_file, $ssl_cert_file, $ssl_ca_file) = WardenConf::loadConf($conf_file);
# call server method getStatus
my $response = c2s($uri, $ssl_key_file, $ssl_cert_file, $ssl_ca_file, "getStatus");
# parse returned SOAP data object
my @response_list = $response->valueof('/Envelope/Body/getStatusResponse/');
my $response_data = shift(@response_list);
# match getStatus functions response
$response->match('/Envelope/Body/getStatusResponse/');
my @status;
my $i = 1;
# get first value from SOAP data object
my $response_data = $response->valueof("[$i]");
# parse items of server status
my $version = $response_data->{'VERSION'};
my $address = $response_data->{'ADDRESS'};
my $port = $response_data->{'PORT'};
#my $address = $response_data->{'ADDRESS'};
#my $port = $response_data->{'PORT'};
my $logdir = $response_data->{'LOGDIR'};
my $piddir = $response_data->{'PIDDIR'};
#my $piddir = $response_data->{'PIDDIR'};
my $vardir = $response_data->{'VARDIR'};
my $ssl_key_file_server = $response_data->{'SSL_KEY_FILE'};
my $ssl_cert_file_server = $response_data->{'SSL_CERT_FILE'};
my $ssl_ca_file_server = $response_data->{'SSL_CA_FILE'};
#my $ssl_key_file_server = $response_data->{'SSL_KEY_FILE'};
#my $ssl_cert_file_server = $response_data->{'SSL_CERT_FILE'};
#my $ssl_ca_file_server = $response_data->{'SSL_CA_FILE'};
my $facility = $response_data->{'FACILITY'};
my $db_size = $response_data->{'DB_SIZE'};
my $events_sum = $response_data->{'EVENTS_SUM'};
......@@ -181,23 +237,24 @@ sub getStatus
my $events_last_timestamp = $response_data->{'EVENTS_LAST_TIMESTAMP'};
my $clients_sum = $response_data->{'CLIENTS_SUM'};
my @status;
my @server_status = ("$version", "$address", "$port", "$logdir", "$piddir", "$vardir", "$ssl_key_file_server", "$ssl_cert_file_server", "$ssl_ca_file_server", "$facility", "$db_size", "$events_sum", "$events_last_id", "$events_first_timestamp", "$events_last_timestamp", "$clients_sum");
#my @server_status = ("$version", "$address", "$port", "$logdir", "$piddir", "$vardir", "$ssl_key_file_server", "$ssl_cert_file_server", "$ssl_ca_file_server", "$facility", "$db_size", "$events_sum", "$events_last_id", "$events_first_timestamp", "$events_last_timestamp", "$clients_sum");
my @server_status = ("$version", undef, undef, "$logdir", undef, "$vardir", undef, undef, undef, "$facility", "$db_size", "$events_sum", "$events_last_id", "$events_first_timestamp", "$events_last_timestamp", "$clients_sum");
push(@status, \@server_status);
while (scalar @response_list) {
my $response_data = shift(@response_list);
$i++;
$response_data = $response->valueof("[$i]");
while (defined $response_data) {
my @client_status;
# parse item of client status
# parse SOAP data object
my $client_id = $response_data->{'CLIENT_ID'};
my $hostname = $response_data->{'HOSTNAME'};
my $service = $response_data->{'SERVICE'};
my $count = $response_data->{'COUNT'};
my $timestamp = $response_data->{'TIMESTAMP'};
@client_status = ("$client_id", "$hostname", "$service", "$count", "$timestamp");
push(@status, \@client_status);
$i++;
$response_data = $response->valueof("[$i]");
}
return @status;
} # End of getStatus
......
......
src/warden-server/sh/install.sh
+ 59
28
View file @ 295c7383
......@@ -160,18 +160,6 @@ perl_chck()
fi
}
sqlite_chck()
{
echo -n "Checking SQLite database engine ... "
if which sqlite3 1> /dev/null; then
echo "OK"
else
echo "FAILED!"
echo "Error: SQLite3 database engine is not installed!"
exit 1
fi
}
modules_chck()
{
for module in ${modules[@]};
......@@ -189,6 +177,7 @@ modules_chck()
make_warden_dir()
{
echo -n "Creating warden server directory ... "
test -d ${prefix} || mkdir -p ${prefix}
if cp -R $dirname/warden-server $prefix 2> $err; then
echo "OK"
else
......@@ -296,6 +285,11 @@ make_server_conf()
# FACILITY - syslog facility
#-------------------------------------------------------------------------------
\$FACILITY = \"local7\";
\$DB_NAME = \"warden\";
\$DB_USER = \"username\";
\$DB_PASS = \"\";
\$DB_HOST = \"localhost\";
" > $server_conf 2> $err; ret_val=`echo $?`
if [ $ret_val -eq 0 ]; then
......@@ -306,17 +300,45 @@ make_server_conf()
}
create_db()
changeServerPath()
{
echo -n "Creating warden server database ... "
$create_tables $db_file 2> $err || err_clean
if chmod 600 $db_file 2> $err; then
echo "OK"
else
err_clean
fi
echo "Update server path ...";
for file in `ls -1 $bin | grep -v warden-alive | grep -v create_tables.sh | grep -v wardend`
do
echo "- update server path: ${bin}/$file"
perl -pi -e "s#/opt#${prefix}#" ${bin}/$file
done
echo "- update server path: ${apache_conf}"
perl -pi -e "s#/opt#${prefix}#" ${apache_conf}
echo "- update server path: ${lib}/Warden.pm"
perl -pi -e "s#/opt#${prefix}#" ${lib}/Warden.pm
}
updateCertsPath()
{
echo "- update certs path: ${apache_conf}"
perl -pi -e "s#server-cert.pem#${cert}#" ${apache_conf}
perl -pi -e "s#server-key.pem#${key}#" ${apache_conf}
perl -pi -e "s#ca-cert.pem#${ca_file}#" ${apache_conf}
}
#create_db()
#{
# echo -n "Creating warden server database ... "
# $create_tables $db_file 2> $err || err_clean
# if chmod 600 $db_file 2> $err; then
# echo "OK"
# else
# err_clean
# fi
#}
create_symlinks()
{
......@@ -326,8 +348,8 @@ create_symlinks()
echo "- making symlink: ${local_bin}/$file -> ${bin}/$file"
ln -s ${bin}/$file ${local_bin}/$file
done
echo "- making symlink: ${bin}/wardend -> $init"
ln -s ${bin}/wardend $init
# echo "- making symlink: ${bin}/wardend -> $init"
# ln -s ${bin}/wardend $init
}
......@@ -336,7 +358,8 @@ create_symlinks()
#-------------------------------------------------------------------------------
# list of used Perl modules
modules=(SOAP::Lite SOAP::Transport::TCP File::Pid POSIX DBI DBD::SQLite Format::Human::Bytes Sys::Syslog File::Basename FindBin Net::CIDR::Lite DateTime Getopt::Std Switch IO::Socket::SSL)
#modules=(SOAP::Lite SOAP::Transport::TCP File::Pid POSIX DBI DBD::SQLite Format::Human::Bytes Sys::Syslog File::Basename FindBin Net::CIDR::Lite DateTime Getopt::Std Switch IO::Socket::SSL)
modules=(DBI DBD::mysql Format::Human::Bytes Sys::Syslog File::Basename FindBin Net::CIDR::Lite DateTime Getopt::Std Switch IO::Socket::SSL MIME::Base64 Crypt::X509)
# OS test
os_chck
......@@ -378,7 +401,9 @@ local_bin="/usr/local/bin"
etc="${server_path}/etc"
client_conf="${etc}/warden-client.conf"
server_conf="${etc}/warden-server.conf"
apache_conf="${etc}/warden-apache.conf"
var="${server_path}/var"
lib="${server_path}/lib"
db_file="${var}/warden.db"
err="/tmp/warden-err"
init="/etc/init.d/wardend"
......@@ -392,8 +417,8 @@ echo "------------------------- Dependencies check-in -------------------------"
# Perl interpreter test
perl_chck
# SQLite database engine test
sqlite_chck
## SQLite database engine test
#sqlite_chck
# Perl modules test
modules_chck
......@@ -410,8 +435,14 @@ make_client_conf
# create server configuration file
make_server_conf
# create warden server database
create_db
## create warden server database
#create_db
#update paths in utilities
changeServerPath
#update paths in apachefile
updateCertsPath
# crate symlinks from warden server bin directory to /usr/local/bin
create_symlinks
......@@ -421,7 +452,7 @@ echo "Please check client configuration file in $client_conf!"
echo "Please check server configuration file in $server_conf!"
echo
echo "Warden server directory: $server_path"
echo "Warden server daemon: $init [start|stop|status|restart|force-stop]"
#echo "Warden server daemon: $init [start|stop|status|restart|force-stop]"
echo
echo "Installation of $package_version package was SUCCESSFUL!!!"
......
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment