Skip to content
Snippets Groups Projects
Commit 38ecb30c authored by Pavel Kácha's avatar Pavel Kácha
Browse files

Merge branch 'warden-client-2.2' 

Conflicts:
	packages/build-client.sh
	src/warden-client/doc/CHANGELOG
parents 262ff7d0 339fbb23
Branches
Tags
No related merge requests found
Show whitespace changes
Inline Side-by-side
Showing
with 523 additions and 102 deletions
packages/build-client.sh
+ 1
1
View file @ 38ecb30c
......@@ -27,7 +27,7 @@ err()
#-------------------------------------------------------------------------------
# edit when you build new package
version="2.1"
version="2.2-beta"
package_name="warden-client"
package="${package_name}-${version}"
......
src/warden-client/doc/CHANGELOG
+ 14
7
View file @ 38ecb30c
2012-12-?? v.2.2-beta version
--------------------------------------------------------------------------------
- Added support of connection timeout interval (#925)
- Added new getClientInfo() function allowing the client to see (#609)
information regarding other involved clients
- Enhanced handling of errors. Die() functions are removed from (#599)
the code, errors are handled using return values.
2013-02-05 v.2.1 stable
-----------------------
- Minor changes in documentation
2012-11-05 v.2.1-beta version
-------------------------------
--------------------------------------------------------------------------------
- Added WardenClientCommon.pm package containing error-handling and
connect-to-server functions
- Installation of Warden client does not require copying of certificates
......@@ -22,13 +29,13 @@
2012-07-27 v.2.0 stable version and bugfix release of warden-client-2.0.0-beta
------------------------------------------------------------------------------
--------------------------------------------------------------------------------
- Sender client code fixed, so that it will not terminate "parent"
application when crashed
2012-05-10 v.2.0.0-beta beta version of warden-client-2.0.0
-----------------------------------------------------------
--------------------------------------------------------------------------------
- Changed communication with server: HTTP layer added (compatible with
Apache mod_perl version of Warden server)
- Removed Linux version check in install.sh, unistall.sh and update.sh
......@@ -36,7 +43,7 @@
2012-03-30 v1.2.0 stable version and bugfix release of warden-client-1.1.0
--------------------------------------------------------------------------
--------------------------------------------------------------------------------
- Fixed SSL certificate/key access privileges security issue
- Fixed client crash after multiple events download
- Fixed install.sh crash when warden client installation dictionary doesn't exist
......@@ -46,7 +53,7 @@
2012-02-06 v1.1.0 stable version and bugfix release of warden-client-1.0.0
--------------------------------------------------------------------------
--------------------------------------------------------------------------------
- Fixed bug when receiving of events
- Fixed earlier declaration in same scope of variable $data
- Fixed errMsg function -> finishing by the die function
......@@ -59,7 +66,7 @@
2011-11-16 v1.0.0 stable version
--------------------------------
--------------------------------------------------------------------------------
- Initial package of warden client
- SSL certificate authentication/authorization supported
- Automatized installation process
src/warden-client/doc/README
+ 27
0
View file @ 38ecb30c
......@@ -159,6 +159,21 @@ D. Update (Update of previously installed the Warden client package)
Note: You must be root for running this script.
6. Note that unlike version 2.1, in 2.2 the name of the file in which id of
the last received message is stored have changed. Previously, name was
"CALLER_NAME.id" (where CALLER_NAME is the name of calling script),
whereas now name contains name of requested message type
"CALLER_NAME-TYPE.id".
Should you want to continue downloading events where previous version
left off, you will have to rename the file by hand.
For example, where name of the file was "./var/example-receiver.pl.id"
and downloaded type was "portscan", new name should be
"./var/example-receiver.pl-portscan.id". If caller passes undef as
requested type to receive all types, new name should be
"./var/example-receiver.pl-any.id"
--------------------------------------------------------------------------------
E. Uninstallation
......@@ -224,6 +239,14 @@ F. Configuration
your Warden server administrator if you need to know Warden server batch
limits.
Option CONNECTION_TIMEOUT was added to prevent some troubles when receiving
large batches of new data. Default value is 60 seconds.
CONNECTION_TIMEOUT - interval in seconds to timeout connection with Warden
server. If your client timeouts, consider using higher
timeout number. Also, in case of receiving clients, you
can optimize the MAX_RCV_EVENTS_LIMIT value.
Since Warden client 2.1 there is also possibility to log status and other
information either to STDERR of Syslog.
......@@ -422,11 +445,15 @@ I. Functions, Arguments and Calls
$note = "this threat is dangerous";
# PRIORITY - INT 1
# Note: Currently obsolete (although still supported). Will be removed in
# warden-client 3.0!
# Subjective definition of incident severity. Values 0-255 are
# possible where 0 is the lowest priority or 'undef'.
$priority = "1";
# TIMEOUT - INT 2
# Note: Currently obsolete (although still supported). Will be removed in
# warden-client 3.0!
# Subjective time (in minutes) or 'undef'. After this time event might be
# considered timeouted.
$timeout = "20";
......
src/warden-client/doc/command-line-sender.pl 0 → 100755
+ 95
0
View file @ 38ecb30c
#!/usr/bin/perl -w
#
# Copyright (C) 2011-2013 Cesnet z.s.p.o
#
# Use of this source is governed by a BSD-style license, see LICENSE file.
use strict;
use DateTime;
use Getopt::Long;
#-------------------------------------------------------------------------------
# Warden 2.2. Command-line Client, Sender
#
# Command-line warden-client sender. For detailed info how to use particular
# variables and/or values see warden-client/doc/README file.
#-------------------------------------------------------------------------------
#-------------------------------------------------------------------------------
# Preparation of event attributes.
# Mandatory attributes
my $opt_s; # service
my $opt_t = "" . DateTime->from_epoch(epoch => time()) . ""; # time of detection
my $opt_e; # type of detected event
my $opt_o; # event source type
# Optional attributes
my $opt_v = ""; # event source value
my $opt_p = ""; # target protocol
my $opt_r = ""; # target port
my $opt_a = ""; # attack scale
my $opt_n = ""; # note
# Other attributes
my $opt_w = "../../warden-client"; # path to warden directory
my $opt_h; # display help
# Check whether mandatory fields are given. Otherwise print help and exit.
if (!GetOptions("service|s=s" => \$opt_s,
"timestamp|t=s" => \$opt_t,
"event-type|e=s" => \$opt_e,
"source-type|o=s" => \$opt_o,
"source-value|v=s" => \$opt_v,
"proto|p=s" => \$opt_p,
"port|r=i" => \$opt_r,
"attack-scale|a=i" => \$opt_a,
"note|n=s" => \$opt_n,
"warden-dir|w=s" => \$opt_w,
"help|h" => \$opt_h) ||
!defined($opt_s) || !defined($opt_e) || !defined($opt_o) ||
$opt_h) {
print "\nAbout command-line-sender.pl\n";
print "\n Script is supposed to be used as a simple command-line warden client that can send one event to the warden server at a time. For more information about the Warden system and it's events' structure, please see warden-client/doc/README file.\n";
print "\nUsage:\n\n ./command-line-sender.pl -s <service> -e <event_type> -o <source_type> [-t <timestamp_of_detection>] [-v <source>] [-p <protocol>] [-r <port>] [-a <attack_scale>] [-n <note>] [-w <warden_directory>] [-h]\n";
print "\nArguments:\n\n";
print " -s SERVICE, --service=SERVICE - Name of detection service\n\n";
print " -e EVENT_TYPE, --event-type=EVENT_TYPE - Type of detected event\n\n";
print " -o SOURCE_TYPE, --source-type=SOURCE_TYPE - Type of detected event\'s source\n\n";
print "\n";
print "Optional (but important) arguments:\n\n";
print " -t TIMESTAMP, --timestamp=TIMESTAMP - Timestamp of detection.\n";
print " Default is current system time (" . DateTime->from_epoch(epoch => time()) . ")\n\n";
print " -v SOURCE_VALUE, --source-value=SOURCE_VALUE - Source of detected event\n\n";
print " -p PROTO, --proto=PROTO - Protocol\n\n";
print " -r PORT, --port=PORT - Port\n\n";
print " -a ATTACK_SCALE, --attack-scale=ATTACK_SCALE - Scale of detected event\n\n";
print " -n NOTE, --note=NOTE - Note, comment or other data\n\n";
print " -w WARDEN_DIR, --warden-dir=WARDEN_DIR - Path to the warden-client directory. Default is \'../../warden-client\'\n\n";
print " -h, --help - Print help\n\n";
print "\nExample #1: ./command-line-sender.pl -s PhishTracker -e webattack -o URL -v 123.123.098.098 -p TCP -r 443 -a 100 -n \"important notice\"\n";
print "\nExample #2: ./command-line-sender.pl --service=ScanGuardian --event-type=portscan --source-type=IP --timestamp=\"2013-04-25T13:36:31\" --source-value=\"123.123.1.23\" --proto=TCP --port=25 --attack-scale=1234 --note=\"The very first run of ScanGuardian :)\" --warden-dir \"/opt/warden/warden-client\"\n";
print "\nNOTE: For more information how to use particular values see warden-client/doc/README file.\n\n";
exit 0;
}
my @event = ($opt_s, $opt_t, $opt_e, $opt_o, $opt_v,
$opt_p, $opt_r, $opt_a, $opt_n);
#-------------------------------------------------------------------------------
# Use of warden-client sender.
# Path to warden-client folder
my $warden_path = $opt_w;
# Inclusion of warden-client sender module
require $warden_path . '/lib/WardenClientSend.pm';
# Sending event to Warden server
WardenClientSend::saveNewEvent($warden_path, \@event);
exit 0;
src/warden-client/doc/example-info.pl.txt 0 → 100755
+ 48
0
View file @ 38ecb30c
#!/usr/bin/perl -w
#
# Copyright (C) 2011-2013 Cesnet z.s.p.o
#
# Use of this source is governed by a BSD-style license, see LICENSE file.
use strict;
#------------------------------------------------------------------------------
# Warden 2.2 Client, Info, Example
#
# Simple use of warden-client Info functionality to receive information about
# client registered to Warden server. This code illustrates how to integrate
# warden-client info functionality into local applications.
#------------------------------------------------------------------------------
#------------------------------------------------------------------------------
# This code should developer add into his/her application.
# Path to warden-client directory
my $warden_path = '/home/soukal/pokus/warden/warden-client/';
# Inclusion of warden-client receiving functionality
require $warden_path . '/lib/WardenClientCommon.pm';
my @clients = WardenClientCommon::getClientsInfo($warden_path) or exit 1; # receive data or exit
print "+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+\n";
print "| Client ID | Hostname | Registered | Requestor | Service | CT | Type | ROE | Description tags | IP Net Client |\n";
print "+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+\n";
foreach (@clients) {
printf("| %-10s ", $_->{'client_id'} || "NULL");
printf("| %-30s ", $_->{'hostname'} || "NULL");
printf("| %19s ", $_->{'registered'} || "NULL");
printf("| %-23s ", $_->{'requestor'} || "NULL");
printf("| %-25s ", $_->{'service'} || "NULL");
printf("| %-2s ", $_->{'client_type'} || "NULL");
printf("| %-15s ", $_->{'type'} || "NULL");
printf("| %-4s ", $_->{'receive_own_events'} || "NULL");
printf("| %-50s ", $_->{'description_tags'} || "NULL");
printf("| %-18s |\n", $_->{'ip_net_client'} || "NULL");
}
print "+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+\n";
print "\n";
print "Current registered clients in: " . scalar localtime(time) . "\n";
exit 0;
src/warden-client/doc/example-receiver.pl.txt
+ 2
2
View file @ 38ecb30c
......@@ -7,7 +7,7 @@
use strict;
#------------------------------------------------------------------------------
# Warden 2.1 Client, Receiver, Example
# Warden 2.2 Client, Receiver, Example
#
# Simple use of warden-client receiver functionality to download new events
# from # Warden server. This code illustrates how to integrate warden-client
......@@ -18,7 +18,7 @@ use strict;
# This code should developer add into his/her application.
# Path to warden-client directory
my $warden_path = '/opt/warden-client/';
my $warden_path = '/home/soukal/pokus/warden/warden-client/';
# Inclusion of warden-client receiving functionality
require $warden_path . '/lib/WardenClientReceive.pm';
......
src/warden-client/doc/example-sender-random.pl.txt 0 → 100755
+ 119
0
View file @ 38ecb30c
#!/usr/bin/perl -w
#
# sender.pl
#
# Copyright (C) 2011-2012 Cesnet z.s.p.o
# Author(s): Tomas PLESNIK <plesnik@ics.muni.cz>
# Jan SOUKAL <soukal@ics.muni.cz>
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
# 1. Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in
# the documentation and/or other materials provided with the
# distribution.
# 3. Neither the name of the Cesnet z.s.p.o nor the names of its
# contributors may be used to endorse or promote products derived from
# this software without specific prior written permission.
#
# This software is provided ``as is'', and any express or implied
# warranties, including, but not limited to, the implied warranties of
# merchantability and fitness for a particular purpose are disclaimed.
# In no event shall the Cesnet z.s.p.o or contributors be liable for
# any direct, indirect, incidental, special, exemplary, or consequential
# damages (including, but not limited to, procurement of substitute
# goods or services; loss of use, data, or profits; or business
# interruption) however caused and on any theory of liability, whether
# in contract, strict liability, or tort (including negligence or
# otherwise) arising in any way out of the use of this software, even
# if advised of the possibility of such damage.
#
use Switch;
use strict;
use DateTime;
my $warden_path = '/home/soukal/pokus/warden-2.2-beta-package/warden-client-2.2-beta-installation-3/dummy/foo/whatever/warden-client';
require $warden_path . '/lib/WardenClientSend.pm';
my $service = "test";
# service is needed in authorization process of the client,
# therefore it can not be set randomly
#switch (int(rand(3) + 0.5)) {
# case 1 { $service = 'ScanDetector'; }
# case 2 { $service = 'PhiGaro'; }
# case 3 { $service = 'HoneyScan'; }
# }
my $detected = DateTime->from_epoch(epoch => time());
my $type = "";
switch (int(rand(10) + 0.5)) {
case 1 { $type = 'portscan'; }
case 2 { $type = 'bruteforce'; }
case 3 { $type = 'spam'; }
case 4 { $type = 'phishing'; }
case 5 { $type = 'botnet_c_c'; }
case 6 { $type = 'dos'; }
case 7 { $type = 'malware'; }
case 8 { $type = 'copyright'; }
case 9 { $type = 'webattack'; }
case 10 { $type = 'other'; }
}
my $source_type = "";
switch (int(rand(3) + 0.5)) {
case 1 { $source_type = 'IP'; }
case 2 { $source_type = 'URL'; }
case 3 { $source_type = 'Reply-To:'; }
}
my $source = (int(rand(254) + 0.5) + 1) . "." . (int(rand(254) + 0.5) + 1) . "." . (int(rand(254) + 0.5) + 1) . "." . (int(rand(254) + 0.5) + 1);
my $target_proto = "";
switch (int(rand(2) + 0.5)) {
case 1 { $target_proto = 'TCP'; }
case 2 { $target_proto = 'UDP'; }
}
my $target_port = "";
switch (int(rand(6) + 0.5)) {
case 1 { $target_port = '22'; }
case 2 { $target_port = '23'; }
case 3 { $target_port = '25'; }
case 4 { $target_port = '443'; }
case 5 { $target_port = '3389'; }
case 6 { $target_port = 'null'; }
}
my $attack_scale = (int(rand(100000) + 0.5) + 1000);
my $note = "tohle je takova normalni jednoducha poznamka";
my $priority = int(rand(255) + 0.5);
my $timeout = int(rand(255) + 0.5);
my @event = (
$service, # $service
"$detected", # $detected
$type, # $type
$source_type, # $source_type
$source, # $source
$target_proto, # $target_proto
$target_port, # $target_port
$attack_scale, # $attack_scale
$note, # $note
$priority, # $priority
$timeout, # $timeout
);
WardenClientSend::saveNewEvent($warden_path, \@event);
#foreach (@event) {
# print "$_\n";
#}
src/warden-client/doc/example-sender.pl.txt
+ 9
6
View file @ 38ecb30c
......@@ -8,7 +8,7 @@ use strict;
use DateTime;
#-------------------------------------------------------------------------------
# Warden 2.1. Client, Sender, Example
# Warden 2.2. Client, Sender, Example
#
# Sample script using warden-client sending functionality. This example is not
# intended to be a standalone script. It only shows how to use warden-client
......@@ -23,7 +23,7 @@ use DateTime;
my $local_detected = DateTime->from_epoch(epoch => time());
my $service = "ScanDetector";
my $service = "test";
my $detected = "$local_detected";
my $type = "portscan";
my $source_type = "IP";
......@@ -32,8 +32,8 @@ my $target_proto = "TCP";
my $target_port = "22";
my $attack_scale = "1234567890";
my $note = "important note or comment";
my $priority = undef;
my $timeout = "20";
my $priority = 1;
my $timeout = 20;
my @event = ($service, $detected, $type, $source_type, $source,
$target_proto, $target_port, $attack_scale, $note,
......@@ -45,12 +45,15 @@ my @event = ($service, $detected, $type, $source_type, $source,
# (with corresponding paths appropriately changed).
# Path to warden-client folder
my $warden_path = '/opt/warden-client';
my $warden_path = '/home/soukal/pokus/warden/warden-client';
# Inclusion of warden-client sender module
require $warden_path . '/lib/WardenClientSend.pm';
# Sending event to Warden server
for (my $i = 0; $i < 10; $i++) {
print "Sending $i-st event on server\n";
WardenClientSend::saveNewEvent($warden_path, \@event);
}
exit 0;
src/warden-client/etc/package_version
+ 1
1
View file @ 38ecb30c
warden-client-2.1
warden-client-2.2
src/warden-client/etc/warden-client.conf
+ 17
8
View file @ 38ecb30c
......@@ -5,17 +5,17 @@
#-------------------------------------------------------------------------------
# URI - URI address of Warden server
#-------------------------------------------------------------------------------
$URI = "https://warden-dev.cesnet.cz:443/Warden";
$URI = "https://warden-c.cesnet.cz:443/Warden";
#-------------------------------------------------------------------------------
# SSL_KEY_FILE - path to client SSL certificate key file
#-------------------------------------------------------------------------------
$SSL_KEY_FILE = "/opt/warden-client/etc/warden-dev.cesnet.cz.key";
$SSL_KEY_FILE = "/home/soukal/client-test/2.0.0_beta/warden-client/etc/warden-c.cesnet.cz.key";
#-------------------------------------------------------------------------------
# SSL_CERT_FILE - path to client SSL certificate file
#-------------------------------------------------------------------------------
$SSL_CERT_FILE = "/opt/warden-client/etc/warden-dev.cesnet.cz.pem";
$SSL_CERT_FILE = "/home/soukal/client-test/2.0.0_beta/warden-client/etc/warden-c.cesnet.cz.pem";
#-------------------------------------------------------------------------------
# SSL_CA_FILE - path to CA certificate file
......@@ -28,6 +28,14 @@ $SSL_CA_FILE = "/etc/ssl/certs/tcs-ca-bundle.pem";
#-------------------------------------------------------------------------------
$MAX_RCV_EVENTS_LIMIT = 6000; #consumes app. 250 MB of memory
#-------------------------------------------------------------------------------
# CONNECTION_TIMEOUT - interval in seconds to timeout connection with Warden
# server. If your client timeouts, consider using higher
# timeout number. Also, in case of receiving clients, you
# can optimize the MAX_RCV_EVENTS_LIMIT value.
#-------------------------------------------------------------------------------
$CONNECTION_TIMEOUT = 60;
#-------------------------------------------------------------------------------
# Log options
#
......@@ -39,12 +47,13 @@ $MAX_RCV_EVENTS_LIMIT = 6000; #consumes app. 250 MB of memory
#-------------------------------------------------------------------------------
$LOG_STDERR = 1;
$LOG_SYSLOG = 1;
$LOG_SYSLOG = 0;
$LOG_SYSLOG_FACILITY = "local7";
$LOG_VERBOSE = 0;
$LOG_VERBOSE = 1;
1;
src/warden-client/lib/WardenClientCommon.pm
+ 104
16
View file @ 38ecb30c
......@@ -14,20 +14,40 @@ use SOAP::Lite;
use IO::Socket::SSL qw(debug1);
use SOAP::Transport::HTTP;
our $VERSION = "2.1";
our $VERSION = "2.2";
#-------------------------------------------------------------------------------
# errMsg - print error message and die
# errMsg - prints error msg and returns undef or prints warning and returns 1
#-------------------------------------------------------------------------------
sub errMsg
{
my $msg = shift;
my $type = shift;
defined $type or $type = "err"; # default type is err. Other: warn
if ($WardenClientConf::LOG_VERBOSE) { # user wants to log debug information
# is this error report and is Verbose logging mode enabled?
if (($type eq "err") && ($WardenClientConf::LOG_VERBOSE)) { # user wants to log debug information
$msg .= "\nStack info: " . Carp::longmess();
}
die($msg . "\n");
# log into STDERR?
if ($WardenClientConf::LOG_STDERR) {
print STDERR $msg . "\n";
}
# log into Syslog?
if ($WardenClientConf::LOG_SYSLOG) {
openlog("Warden-client:", "pid", "$WardenClientConf::LOG_SYSLOG_FACILITY");
syslog("$type|$WardenClientConf::LOG_SYSLOG_FACILITY", $msg . "\n");
closelog();
}
if ($type eq 'warn') { # case of 'warn'
return 1;
} else { # case of 'err'
return;
}
} # End of errMsg
......@@ -45,42 +65,110 @@ sub c2s
my $client;
my ($server, $port, $service) = $uri =~ /https:\/\/(.+)\:(\d+)\/(.+)/;
if (!($client = SOAP::Transport::HTTP::Client->new())) {
errMsg("Unable to create socket: " . &SOAP::Transport::HTTP::Client::errstr)
}
$client->timeout(10);
eval {
$client = SOAP::Transport::HTTP::Client->new();
} or return errMsg('Unknown error in c2s() when creating socket, SOAP::Transport::HTTP::Client->new(), ' . $@);
eval {$client->timeout($WardenClientConf::CONNECTION_TIMEOUT);}
or return errMsg('Unknown error in c2s() when setting socket timeout, ' . $@);
eval {
$client->ssl_opts(verify_hostname => 1,
SSL_use_cert => 1,
SSL_verify_mode => 0x02,
SSL_key_file => $ssl_key_file,
SSL_cert_file => $ssl_cert_file,
SSL_ca_file => $ssl_ca_file);
return 1; # fix of eval triggering 'or' statement
} or return errMsg('Unknown error in c2s() when setting socket SSL options, ' . $@);
# setting of URI and serialize SOAP envelope and data object
my $soap = SOAP::Lite->uri($service)->proxy($uri);
my $soap;
eval {
$soap = SOAP::Lite->uri($service)->proxy($uri);
} or return errMsg('Unknown error in c2s() when serializing SOAP object, ' . $@);
my $envelope;
if (!defined $data) {
eval {
$envelope = $soap->serializer->envelope(method => $method);
} or return errMsg('Unknown error in c2s() when setting enevelope, ' . $@);
} else {
eval {
$envelope = $soap->serializer->envelope(method => $method, $data);
} or return errMsg('Unknown error in c2s() when setting envelope, ' . $@);
}
# setting of TCP URI and send serialized SOAP envelope and data
my $server_uri = "https://$server:$port/$service";
my $result = $client->send_receive(envelope => $envelope, endpoint => $server_uri);
my $result;
eval {
$result = $client->send_receive(envelope => $envelope, endpoint => $server_uri);
} or return errMsg('Unknown error in c2s() sending SOAP data, ' . $@);
# check server response
if (!defined $result) {
errMsg("Server returned empty response. Problem with used SSL ceritificates or Warden server at $server:$port is down.");
} else {
# deserialized response from server -> create SOAP envelope and data object
my $response;
eval {
$response = $soap->deserializer->deserialize($result);
} or errMsg($@ . "Received data: " . $result);
} or return errMsg('Unknown error in SOAP data deserialization. Received data: ' . $result . ', ' . $@);
# check SOAP fault status
$response->fault ? errMsg("Server sent error message:: " . $response->faultstring) : return $response;
$response->fault ? return errMsg("Server sent error message:: " . $response->faultstring) : return $response;
}
}
#-------------------------------------------------------------------------------
# getClientsInfo - retrieve information about other clients from Warden server
#-------------------------------------------------------------------------------
sub getClientsInfo
{
my $warden_path = shift;
my $etcdir = $warden_path . "/etc/";
my $libdir = $warden_path . "/lib/";
require $libdir . "WardenClientConf.pm";
# read the config file
my $conf_file = $etcdir . "warden-client.conf";
WardenClientConf::loadConf($conf_file);
# c2s() returns undef on fail
my $response = c2s($WardenClientConf::URI, $WardenClientConf::SSL_KEY_FILE, $WardenClientConf::SSL_CERT_FILE, $WardenClientConf::SSL_CA_FILE, "getClientInfo");
defined $response or return; # receive data or return undef
# parse returned SOAP data object with clients
my @clients;
my ($client_id, $hostname, $registered, $requestor, $service, $client_type, $type, $receive_own_events, $description_tags, $ip_net_client);
my @response_list = $response->valueof('/Envelope/Body/getClientInfoResponse/client/');
while (scalar @response_list) {
my $response_data = shift(@response_list);
my %client;
$client{'client_id'} = $response_data->{'CLIENT_ID'} ;
$client{'hostname'} = $response_data->{'HOSTNAME'};
$client{'registered'} = $response_data->{'REGISTERED'};
$client{'requestor'} = $response_data->{'REQUESTOR'};
$client{'service'} = $response_data->{'SERVICE'};
$client{'client_type'} = $response_data->{'CLIENT_TYPE'};
$client{'type'} = $response_data->{'TYPE'};
$client{'receive_own_events'} = $response_data->{'RECEIVE_OWN_EVENTS'};
$client{'description_tags'} = $response_data->{'DESCRIPTION_TAGS'};
$client{'ip_net_client'} = $response_data->{'IP_NET_CLIENT'};
# push received clients from warden server into @clients which is returned
push (@clients,\%client);
}
return @clients;
}
1;
src/warden-client/lib/WardenClientConf.pm
+ 2
1
View file @ 38ecb30c
......@@ -20,9 +20,10 @@ our $LOG_STDERR = 1;
our $LOG_SYSLOG = 0;
our $LOG_SYSLOG_FACILITY = "local7";
our $LOG_VERBOSE = 0;
our $CONNECTION_TIMEOUT = 60;
our $VERSION = "2.1";
our $VERSION = "2.2";
sub loadConf
{
......
src/warden-client/lib/WardenClientReceive.pm
+ 24
31
View file @ 38ecb30c
......@@ -15,7 +15,7 @@ use SOAP::Transport::HTTP;
use FindBin;
use Sys::Syslog;
our $VERSION = "2.1";
our $VERSION = "2.2";
#-------------------------------------------------------------------------------
# getNewEvents - get new events from warden server greater than last received ID
......@@ -24,8 +24,6 @@ sub getNewEvents
{
my @events;
eval {
my $warden_path = shift;
my $requested_type = shift;
......@@ -42,22 +40,25 @@ sub getNewEvents
# set name of ID file for each client aplication
my $caller_name = $FindBin::Script;
my $id_file = $vardir . $caller_name . ".id";
my $id_file = $vardir . $caller_name . "-". ($requested_type || "any") . ".id";
#-----------------------------------------------------------------------------
# get last ID from ID file (if exist) or
# get last ID from warden server DB and save it into ID file
my $last_id;
if (-e $id_file) {
open(ID, "< $id_file") || WardenClientCommon::errMsg("Cannot open ID file $id_file: $!");
open(ID, "< $id_file") or return WardenClientCommon::errMsg("Cannot open ID file $id_file: $!");
foreach(<ID>) {
$last_id = $_;
}
close ID;
} else {
# c2s() returns undef on fail
my $response = WardenClientCommon::c2s($WardenClientConf::URI, $WardenClientConf::SSL_KEY_FILE, $WardenClientConf::SSL_CERT_FILE, $WardenClientConf::SSL_CA_FILE, "getLastId");
defined $response or return; # receive data or return undef
$last_id = $response->result;
open(ID, "> $id_file") || WardenClientCommon::errMsg("Cannot open ID file $id_file: $!");
open(ID, "> $id_file") or return WardenClientCommon::errMsg("Cannot open ID file $id_file: $!");
print ID $last_id;
close ID;
}
......@@ -65,21 +66,27 @@ sub getNewEvents
#-----------------------------------------------------------------------------
# get new events from warden server DB based on gathered last ID
# create SOAP data obejct
my $request_data = SOAP::Data->name(
my $request_data;
eval {
# create SOAP data object
$request_data = SOAP::Data->name(
request => \SOAP::Data->value(
SOAP::Data->name(REQUESTED_TYPE => $requested_type),
SOAP::Data->name(LAST_ID => $last_id),
SOAP::Data->name(MAX_RCV_EVENTS_LIMIT => $WardenClientConf::MAX_RCV_EVENTS_LIMIT)
)
);
)
} or return errMsg('Unknown error when creating SOAP data object, ' . $@);
# call server method getNewEvents
my $response = WardenClientCommon::c2s($WardenClientConf::URI, $WardenClientConf::SSL_KEY_FILE, $WardenClientConf::SSL_CERT_FILE, $WardenClientConf::SSL_CA_FILE, "getNewEvents", $request_data);
defined $response or return; # connect to warden server or return undef
# parse returned SOAP data object
my ($id, $hostname, $service, $detected, $type, $source_type, $source, $target_proto, $target_port, $attack_scale, $note, $priority, $timeout);
my @response_list = $response->valueof('/Envelope/Body/getNewEventsResponse/event/');
while (scalar @response_list) {
my $response_data = shift(@response_list);
my @event;
......@@ -111,24 +118,10 @@ sub getNewEvents
# write last return ID
if (defined $last_id) { # must be defined for first check ID
open(ID, "> $id_file") || WardenClientCommon::errMsg("Cannot open ID file $id_file: $!");
open(ID, "> $id_file") or return WardenClientCommon::errMsg("Cannot open ID file $id_file: $!");
print ID $last_id;
close ID;
}
} # End of eval block
or do {
if ($WardenClientConf::LOG_STDERR) {
print STDERR $@ . "\n";
}
if ($WardenClientConf::LOG_SYSLOG) {
openlog("Warden:", "pid", "WardenClientConf::LOG_SYSLOG_FACILITY");
syslog("err|WardenClientConf::LOG_SYSLOG_FACILITY", $@ . "\n");
closelog();
}
return;
};
return @events;
......
src/warden-client/lib/WardenClientSend.pm
+ 28
21
View file @ 38ecb30c
......@@ -14,7 +14,7 @@ use IO::Socket::SSL qw(debug1);
use SOAP::Transport::HTTP;
use Sys::Syslog;
our $VERSION = "2.1";
our $VERSION = "2.2";
#-------------------------------------------------------------------------------
# saveNewEvent - send new event from detection scripts to warden server
......@@ -23,7 +23,6 @@ sub saveNewEvent
{
my $result;
eval {
my $warden_path = shift;
my $event_ref = shift;
......@@ -51,8 +50,28 @@ sub saveNewEvent
my $priority = $event[9];
my $timeout = $event[10];
# Issue #596 - Should be removed in Warden client 3.0.
# Checking for obsolete attributes priority or timeout. If not default or 'undef' values are found, print out warning.
# check if obsolete event attribute Priority is used
if ((defined $priority) && ($priority >= 1)) {
# print warning
WardenClientCommon::errMsg('Event attribute "Priority" is now obsolete and will be removed in Warden client 3.0', 'warn');
}
# check if obsolete event attribute Timeout is used
if ((defined $timeout) && ($timeout >= 0)) {
# print warning
WardenClientCommon::errMsg('Event attribute "Timeout" is now obsolete and will be removed in Warden client 3.0', 'warn');
}
# end of Issue #596
my $event;
eval {
# create SOAP data object
my $event = SOAP::Data->name(
$event = SOAP::Data->name(
event => \SOAP::Data->value(
SOAP::Data->name(SERVICE => $service),
SOAP::Data->name(DETECTED => $detected),
......@@ -67,25 +86,13 @@ sub saveNewEvent
SOAP::Data->name(TIMEOUT => $timeout)
)
);
} # end of eval
or WardenClientCommon::errMsg('Unknown error when creating SOAP data object, ' . $@);
# c2s() returns undef on fail.
$result = WardenClientCommon::c2s($WardenClientConf::URI, $WardenClientConf::SSL_KEY_FILE, $WardenClientConf::SSL_CERT_FILE, $WardenClientConf::SSL_CA_FILE, "saveNewEvent", $event);
} # End of eval block
or do {
if ($WardenClientConf::LOG_STDERR) {
print STDERR $@ . "\n";
}
if ($WardenClientConf::LOG_SYSLOG) {
openlog("Warden-client:", "pid", "$WardenClientConf::LOG_SYSLOG_FACILITY");
syslog("err|$WardenClientConf::LOG_SYSLOG_FACILITY", $@ . "\n");
closelog();
}
return 0;
};
$result ? return 1 : return 0;
defined $result ? return 1 : return 0;
} # End of saveNewEvent
......
src/warden-client/sh/install.sh
+ 20
5
View file @ 38ecb30c
......@@ -139,7 +139,13 @@ modules_chck()
make_warden_dir()
{
echo -n "Creating warden client directory ... "
test -d $prefix || mkdir -p prefix
while [ ! -d `echo ${path_to_chown} | rev | cut -d '/' -f2- | rev` ]
do
path_to_chown=`echo ${path_to_chown} | rev | cut -d '/' -f2- | rev`
done
test -d $prefix || mkdir -p $prefix
if cp -R ${dirname}/warden-client $prefix 2> $err; then
echo "OK"
......@@ -217,13 +223,21 @@ make_conf_file()
#-------------------------------------------------------------------------------
\$MAX_RCV_EVENTS_LIMIT = 6000; #consumes app. 250 MB of memory
#-------------------------------------------------------------------------------
# CONNECTION_TIMEOUT - interval in seconds to timeout connection with Warden
# server. If your client timeouts, consider using higher
# timeout number. Also, in case of receiving clients, you
# can optimize the MAX_RCV_EVENTS_LIMIT value.
#-------------------------------------------------------------------------------
\$CONNECTION_TIMEOUT = 60;
#-------------------------------------------------------------------------------
# Log options
#
# LOG_STDERR, LOG_SYSLOG - hide (0) or allow (1) error reporting on STDERR
# and/or to Syslog
# LOG_STDERR_VERBOSE, LOG_SYSLOG_VERBOSE - print only error message without
# a stack (0) or print debug info
# LOG_SYSLOG_FACILITY - specify a Syslog facility to log in
# LOG_VERBOSE - print only error message without a stack (0) or print debug info
# including err. message and stack (1)
#-------------------------------------------------------------------------------
\$LOG_STDERR = 1;
......@@ -250,7 +264,7 @@ make_conf_file()
change_permissions()
{
echo -n "Changing permissions to installed package ... "
chown -R $user: $client_path 2> $err || err_clean
chown -R $user: $path_to_chown 2> $err || err_clean
chmod 644 ${etc}/package_version || err_clean
if chmod 600 $conf_file; then
echo "OK"
......@@ -294,6 +308,7 @@ key_file=`basename $key`
cert_file=`basename $cert`
[[ $prefix == */ ]] && prefix="${prefix%?}" # remove last char (slash) from prefix
client_path="${prefix}/warden-client"
path_to_chown="${client_path}"
etc="${client_path}/etc"
conf_file="${etc}/warden-client.conf"
err="/tmp/warden-err"
......
src/warden-client/sh/update.sh
+ 12
3
View file @ 38ecb30c
......@@ -185,6 +185,7 @@ make_conf_file()
ssl_cert_file=`cat $conf_file | grep '$SSL_CERT_FILE'`
ssl_ca_file=`cat $conf_file | grep '$SSL_CA_FILE'`
max_rcv_events_limit=`cat $conf_file | grep '$MAX_RCV_EVENTS_LIMIT'`
connection_timeout=`cat $conf_file | grep '$CONNECTION_TIMEOUT'`
log_stderr=`cat $conf_file | grep '$LOG_STDERR'`
if [ -z $log_stderr ]; then
......@@ -236,13 +237,21 @@ $ssl_ca_file
#-------------------------------------------------------------------------------
$max_rcv_events_limit
#-------------------------------------------------------------------------------
# CONNECTION_TIMEOUT - interval in seconds to timeout connection with Warden
# server. If your client timeouts, consider using higher
# timeout number. Also, in case of receiving clients, you
# can optimize the MAX_RCV_EVENTS_LIMIT value.
#-------------------------------------------------------------------------------
$connection_timeout
#-------------------------------------------------------------------------------
# Log options
#
# LOG_STDERR, LOG_SYSLOG - hide (0) or allow (1) error reporting on STDERR
# and/or to Syslog
# LOG_STDERR_VERBOSE, LOG_SYSLOG_VERBOSE - print only error message without
# a stack (0) or print debug info
# LOG_SYSLOG_FACILITY - specify a Syslog facility to log in
# LOG_VERBOSE - print only error message without a stack (0) or print debug info
# including err. message and stack (1)
#-------------------------------------------------------------------------------
$log_stderr
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment