Skip to content
Snippets Groups Projects
Commit 2ebac1c2 authored by Tomáš Plesník's avatar Tomáš Plesník
Browse files

updatovaci skript pro warden-server-2.1

parent 88b49009
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
src/warden-server/sh/update.sh 0 → 100755
+ 434
0
View file @ 2ebac1c2
#!/bin/bash
#
# update.sh
#
# Copyright (C) 2011-2012 Cesnet z.s.p.o
#
# Use of this source is governed by a BSD-style license, see LICENSE file.
VERSION="2.1"
#-------------------------------------------------------------------------------
# FUNCTIONS
#-------------------------------------------------------------------------------
usage()
{
echo "Usage: `basename $0` [-d <directory>] [-hV]"
echo "-d <directory> destination directory (default: /opt)"
echo "-h print this help"
echo "-V print script version number and exit"
echo
echo "Example: # ./`basename $0` -d /opt"
echo
echo "Note: You must be root for running this script."
echo " For more information about update process, see README file (section Update)."
echo
exit 0
}
version()
{
echo "`basename ${0}` - current version is $VERSION"
exit 0
}
err()
{
echo "FAILED!"
cat $err
rm -rf $err
rm -rf $backup_dir
echo
echo "Update from $old_package_version to $package_version package FAILED!!!"
exit 1
}
err_clean()
{
echo "FAILED!"
echo " -> Reverting changes of Warden server package ... OK"
rm -rf ${server_path}/* > /dev/null 2>&1
cp -R ${backup_dir}/* $server_path
cat $err
rm -rf $err $backup_dir
echo
echo "Update from $old_package_version to $package_version package FAILED!!!"
exit 1
}
root_chck()
{
if [ $UID -ne 0 ]; then
echo "You must be root for running this script!"
exit 1
fi
}
params_chck()
{
if [ -z $prefix ]; then
prefix=/opt
echo "Warning: parameter -d <directory> is not set - default update directory is ${prefix}!"
fi
}
obtain_package_version()
{
if [ -f $old_package_version_file ]; then
old_package_version=`cat $old_package_version_file`
if [ "$old_package_version" == "$package_version" ]; then
echo "Sorry, but $package_version package is already installed!"
exit 1
fi
else
echo "Sorry, but Warden server package is not installed!"
echo "For installation of Warden server package please use install.sh script."
exit 1
fi
}
perl_chck()
{
echo -n "Checking Perl interpreter ... "
if which perl 1> /dev/null; then
echo "OK"
else
echo "FAILED!"
echo "Error: Perl interpreter is not installed!"
exit 1
fi
}
modules_chck()
{
for module in ${modules[@]};
do
echo -n "Checking $module module ... "
if perl -e "use $module" 2> $err; then
echo "OK"
else
err
fi
done
}
warden_dir_chck()
{
echo -n "Checking Warden server directory ... "
if [ ! -d $server_path ]; then
echo "FAILED!"
ls $server_path
exit 1
else
echo "OK"
fi
}
backup()
{
echo -n "Backing-up Warden server directory ... "
mkdir $backup_dir
if cp -R ${server_path}/* $backup_dir 2> $err; then
echo "OK"
else
err
fi
}
obtain_warden_user()
{
echo -n "Obtaining Warden server directory owner ... "
if user=`stat -c %U $server_conf_file` 2> $err; then
echo "OK"
else
err
fi
}
update_warden_dir()
{
echo -n "Updating Warden server directory ... "
if rsync -q --recursive --archive --delete --exclude='etc' --exclude='sh' ${dirname}/warden-server $prefix 2> $err; then
echo "OK"
else
err_clean
fi
cp ${dirname}/warden-server/etc/package_version $etc
cp ${dirname}/uninstall.sh $server_path
}
update_conf_files()
{
echo "Updating $apache_conf_file ... "
ssl_certificate_file=`cat $apache_conf_file | grep 'SSLCertificateFile'`
ssl_certificate_key_file=`cat $apache_conf_file | grep 'SSLCertificateKeyFile'`
ssl_ca_certificate_file=`cat $apache_conf_file | grep 'SSLCACertificateFile'`
perl_switches=`cat $apache_conf_file | grep 'PerlSwitches'`
echo "#
# warden-apache.conf - configuration file for the Apache server
#
SSLEngine on
SSLVerifyDepth 3
SSLVerifyClient require
SSLOptions +StdEnvVars +ExportCertData
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
$ssl_certificate_file
$ssl_certificate_key_file
$ssl_ca_certificate_file
PerlOptions +Parent
$perl_switches
<Location /Warden>
SetHandler perl-script
PerlHandler Warden::ApacheDispatch
SSLOptions +StdEnvVars
</Location>
" > $apache_conf_file 2> $err; ret_val=`echo $?`
if [ $ret_val -eq 0 ]; then
echo "OK"
else
err_clean
fi
#-------------------------------------------------------------------------------
echo "Updating $client_conf_file ... "
uri=`cat $client_conf_file | grep '$URI'`
ssl_key_file=`cat $client_conf_file | grep '$SSL_KEY_FILE'`
ssl_cert_file=`cat $client_conf_file | grep '$SSL_CERT_FILE'`
ssl_ca_file=`cat $client_conf_file | grep '$SSL_CA_FILE'`
echo "#
# warden-client.conf - configuration file for registration and status clients
#
#-------------------------------------------------------------------------------
# URI - URI address of Warden server
#-------------------------------------------------------------------------------
$uri
#-------------------------------------------------------------------------------
# SSL_KEY_FILE - path to server SSL certificate key file
#-------------------------------------------------------------------------------
$ssl_key_file
#-------------------------------------------------------------------------------
# SSL_CERT_FILE - path to server SSL certificate file
#-------------------------------------------------------------------------------
$ssl_cert_file
#-------------------------------------------------------------------------------
# SSL_CA_FILE - path to CA certificate file
#-------------------------------------------------------------------------------
$ssl_ca_file
" > $client_conf_file 2> $err; ret_val=`echo $?`
if [ $ret_val -eq 0 ]; then
echo "OK"
else
err_clean
fi
#-------------------------------------------------------------------------------
echo "Updating $server_conf_file ... "
basedir=`cat $server_conf_file | grep '$BASEDIR'`
syslog=`cat $server_conf_file | grep '$SYSLOG' | head -n1`
if [ -z "$syslog" ]; then
syslog='$SYSLOG = 1;'
fi
syslog_verbose=`cat $server_conf_file | grep '$SYSLOG_VERBOSE'`
if [ -z "$syslog_verbose" ]; then
syslog_verbose='$SYSLOG_VERBOSE = 1;'
fi
syslog_facility=`cat $server_conf_file | grep '$SYSLOG_FACILITY'`
if [ -z "$syslog_facility" ]; then
syslog_facility=`cat $server_conf_file | grep '$FACILITY'`
else
syslog_facility='$SYSLOG_FACILITY = local7;'
fi
db_name=`cat $server_conf_file | grep '$DB_NAME'`
db_user=`cat $server_conf_file | grep '$DB_USER'`
db_pass=`cat $server_conf_file | grep '$DB_PASS'`
db_host=`cat $server_conf_file | grep '$DB_HOST'`
max_events_limit=`cat $server_conf_file | grep '$MAX_EVENTS_LIMIT'`
if [ -z "$max_events_limit" ]; then
max_events_limit='$MAX_EVENTS_LIMIT = 1000000;'
fi
valid_strings=`cat $server_conf_file | grep -A 3 '%VALID_STRINGS'`
if [ -z "$valid_strings" ]; then
valid_strings="\%VALID_STRINGS = (
\'type\' => [\'portscan\', \'bruteforce\', \'probe\', \'spam\', \'phishing\', \'botnet_c_c\', \'dos\', \'malware\', \'copyright\', \'webattack\', \'test\', \'other\'],
\'source_type\' => [\'IP\', \'URL\', \'Reply-To:\']
);"
fi
echo "#
# warden-server.conf - configuration file for Warden server
#
#-------------------------------------------------------------------------------
# BASEDIR - base directory of Warden server
#-------------------------------------------------------------------------------
$basedir
#-------------------------------------------------------------------------------
# SYSLOG - enable/disable syslog logging
#-------------------------------------------------------------------------------
$syslog
#-------------------------------------------------------------------------------
# SYSLOG_VERBOSE - enable/disable logging in verbose mode (stack info added)
#-------------------------------------------------------------------------------
$syslog_verbose
#-------------------------------------------------------------------------------
# SYSLOG_FACILITY - syslog facility
#-------------------------------------------------------------------------------
$syslog_facility
#-------------------------------------------------------------------------------
# DB_NAME - MySQL database name of Warden server
#-------------------------------------------------------------------------------
$db_name
#-------------------------------------------------------------------------------
# DB_USER - MySQL database user of Warden server
#-------------------------------------------------------------------------------
$db_user
#-------------------------------------------------------------------------------
# DB_PASS - MySQL database password of Warden server
#-------------------------------------------------------------------------------
$db_pass
#-------------------------------------------------------------------------------
# DB_HOST - MySQL database host
#-------------------------------------------------------------------------------
$db_host
#-------------------------------------------------------------------------------
# MAX_EVENTS_LIMIT - server limit of maximum number of events that can be
# delivered to one client in one batch
#-------------------------------------------------------------------------------
$max_events_limit
#-------------------------------------------------------------------------------
# VALID_STRINGS - validation hash containing allowed event attributes
#-------------------------------------------------------------------------------
$valid_strings
" > $server_conf_file 2> $err; ret_val=`echo $?`
if [ $ret_val -eq 0 ]; then
echo "OK"
else
err_clean
fi
}
#-------------------------------------------------------------------------------
# MAIN
#-------------------------------------------------------------------------------
# list of used Perl modules
modules=(SOAP::Lite SOAP::Transport::HTTP DBI DBD::mysql Format::Human::Bytes Sys::Syslog File::Basename Net::CIDR::Lite DateTime Getopt::Std Switch IO::Socket::SSL MIME::Base64 Crypt::X509 Carp)
# read input
while getopts "d:Vh" options; do
case $options in
d ) prefix=$OPTARG;;
h ) usage;;
V ) version;;
* ) usage;;
esac
done
# root test
root_chck
# params test
params_chck
# create variables
dirname=`dirname $0`
package_version=`cat ${dirname}/warden-server/etc/package_version`
[[ $prefix == */ ]] && prefix="${prefix%?}" # remove last char (slash) from prefix
server_path="${prefix}/warden-server"
etc="${server_path}/etc"
old_package_version_file="${etc}/package_version"
apache_conf_file="${etc}/warden-apache.conf"
client_conf_file="${etc}/warden-client.conf"
server_conf_file="${etc}/warden-server.conf"
err="/tmp/warden-err"
backup_dir="/tmp/warden-server-backup"
# obtain version of old warden server
obtain_package_version
echo
echo "------------------------- Dependencies check-in -------------------------"
# Perl interpreter test
perl_chck
# Perl modules test
modules_chck
echo
echo "------------------------- Update process --------------------------------"
# check warden server directory
warden_dir_chck
# backup old warden server installation
backup
# obtain current warden server user
obtain_warden_user
# make warden server directory
update_warden_dir
# create conf files
update_conf_files
echo
echo "Please check configuration file in ${conf_file}!"
echo
echo "Warden server directory: $server_path"
echo
echo "Update from $old_package_version to $package_version package was SUCCESSFUL!!!"
echo
echo "Please follow post-update steps in ${dirname}/doc/UPDATE!"
echo
# cleanup section
rm -rf $err $backup_dir
exit 0
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment