diff --git a/src/warden-server/bin/getClients.pl b/src/warden-server/bin/getClients.pl
index 63fff51198bc46bd81b969878c6d26a8afcda9c0..1bfbf098fdd510136e661fccf4083c515d394c15 100755
--- a/src/warden-server/bin/getClients.pl
+++ b/src/warden-server/bin/getClients.pl
@@ -9,17 +9,21 @@
use strict;
use Getopt::Std;
use File::Basename;
+use DBI;
+use DBD::mysql;
-our $VERSION = "2.1";
-my $warden_path = '/opt/warden-server';
-require $warden_path . '/lib/WardenStatus.pm';
+################################################################################
+# GLOBAL VARIABLES
+################################################################################
+our $VERSION = "2.2";
my $filename = basename($0);
-#-------------------------------------------------------------------------------
+
+################################################################################
# Functions
-#-------------------------------------------------------------------------------
+################################################################################
sub usage {
print "Usage: $filename [without parameters]\n";
exit 1;
@@ -50,9 +54,10 @@ sub trim
} # End of trim
-#-------------------------------------------------------------------------------
+
+################################################################################
# MAIN
-#-------------------------------------------------------------------------------
+################################################################################
our ($opt_h);
die usage unless getopts("h");
@@ -69,22 +74,44 @@ if ($UID != 0) {
die errMsg("You must be root for running this script!")
}
+# read config file
+my $conf_file = "/opt/warden-server/etc/warden-server.conf"; # path is updated by install.sh
+our $DB_NAME = undef;
+our $DB_USER = undef;
+our $DB_PASS = undef;
+our $DB_HOST = undef;
+unless (do $conf_file) {
+ die("Errors in config file '$conf_file': $@") if $@;
+ die("Can't read config file '$conf_file': $!") unless defined $_;
+ # if $_ defined, it's retvalue of last statement of conf, for which we don't care
+}
+
+# connect to DB
+our $DBH = DBI->connect("DBI:mysql:database=$DB_NAME;host=$DB_HOST", $DB_USER, $DB_PASS, {RaiseError => 1, mysql_auto_reconnect => 1}) || die "Could not connect to database: $DBH->errstr";
+
+# obtain data from DB
+my $sth = $DBH->prepare("SELECT * FROM clients ORDER BY client_id ASC;") or die "Cannot prepare statement: " . $DBH->errstr;
+$sth->execute or die "Couldn't execute statement: " . $sth->errstr;
+my @clients = $sth->fetchall_arrayref();
-my @clients = WardenStatus::getClients($warden_path);
+# print table of clients
print "+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+\n";
print "| Client ID | Hostname | Registered | Requestor | Service | CT | Type | ROE | Description tags | IP Net Client |\n";
print "+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+\n";
foreach (@clients) {
- printf("| %-10s ", @$_[0] || "unknown");
- printf("| %-30s ", @$_[1] || "unknown");
- printf("| %19s ", @$_[2] || "unknown");
- printf("| %-23s ", @$_[3] || "unknown");
- printf("| %-25s ", @$_[4] || "unknown");
- printf("| %-2s ", @$_[5] || "unknown");
- printf("| %-15s ", @$_[6] || "unknown");
- printf("| %-4s ", @$_[7] || "unknown");
- printf("| %-50s ", @$_[8] || "unknown");
- printf("| %-18s |\n", @$_[9] || "unknown");
+ my @client = @$_;
+ foreach (@client) {
+ printf("| %-10s ", @$_[0] || "unknown");
+ printf("| %-30s ", @$_[1] || "unknown");
+ printf("| %19s ", @$_[2] || "unknown");
+ printf("| %-23s ", @$_[3] || "unknown");
+ printf("| %-25s ", @$_[4] || "-");
+ printf("| %-2s ", @$_[5] || "unknown");
+ printf("| %-15s ", @$_[6] || "-");
+ printf("| %-4s ", @$_[7] || "-");
+ printf("| %-50s ", @$_[8] || "-");
+ printf("| %-18s |\n", @$_[9] || "unknown");
+ }
}
print "+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+\n";
print "\n";
diff --git a/src/warden-server/etc/warden-apache.conf b/src/warden-server/etc/warden-apache.conf
index 0035c33a11bbfcc8c3fdc1986275fee267c2fe98..4ef065d313d36dd11bbf04c53ff497e074aecb7f 100644
--- a/src/warden-server/etc/warden-apache.conf
+++ b/src/warden-server/etc/warden-apache.conf
@@ -1,4 +1,5 @@
#
+#
# warden-apache.conf - configuration file for the Apache server
#
@@ -10,15 +11,15 @@ SSLOptions +StdEnvVars +ExportCertData
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
-SSLCertificateFile /etc/ssl/certs/warden-dev.cesnet.cz.pem
-SSLCertificateKeyFile /etc/ssl/private/warden-dev.cesnet.cz.key
+SSLCertificateFile /etc/ssl/certs/warden-c.cesnet.cz.pem
+SSLCertificateKeyFile /etc/ssl/private/warden-c.cesnet.cz.key
SSLCACertificateFile /etc/ssl/certs/tcs-ca-bundle.pem
PerlOptions +Parent
PerlSwitches -I /opt/warden-server/lib
<Location /Warden>
- SetHandler perl-script
- PerlHandler Warden::ApacheDispatch
- SSLOptions +StdEnvVars
+ SetHandler perl-script
+ PerlHandler Warden::ApacheDispatch
+ SSLOptions +StdEnvVars
</Location>
diff --git a/src/warden-server/etc/warden-client.conf b/src/warden-server/etc/warden-client.conf
index 945209a4bd204fff987d53237d8686c6d9048cac..9992d58365880da8aaed2dd3811faa60b683b80d 100644
--- a/src/warden-server/etc/warden-client.conf
+++ b/src/warden-server/etc/warden-client.conf
@@ -1,21 +1,21 @@
#
-# warden-client.conf - configuration file for registration and status clients
+# warden-client.conf - configuration file for the warden sender/receiver client
#
#-------------------------------------------------------------------------------
# URI - URI address of Warden server
#-------------------------------------------------------------------------------
-$URI = "https://warden-dev.cesnet.cz:443/Warden";
+$URI = "https://warden-c.cesnet.cz:443/Warden";
#-------------------------------------------------------------------------------
-# SSL_KEY_FILE - path to server SSL certificate key file
+# SSL_KEY_FILE - path to client SSL certificate key file
#-------------------------------------------------------------------------------
-$SSL_KEY_FILE = "/etc/ssl/private/warden-dev.cesnet.cz.key";
+$SSL_KEY_FILE = "/etc/ssl/private/warden-c.cesnet.cz.key";
#-------------------------------------------------------------------------------
-# SSL_CERT_FILE - path to server SSL certificate file
+# SSL_CERT_FILE - path to client SSL certificate file
#-------------------------------------------------------------------------------
-$SSL_CERT_FILE = "/etc/ssl/certs/warden-dev.cesnet.cz.pem";
+$SSL_CERT_FILE = "/etc/ssl/certs/warden-c.cesnet.cz.pem";
#-------------------------------------------------------------------------------
# SSL_CA_FILE - path to CA certificate file
diff --git a/src/warden-server/etc/warden-server.conf b/src/warden-server/etc/warden-server.conf
index 1ac4fcecee6ee116ccc6beb983da2dbec97cad9f..2180acab1d7a28491017447329149d1f94a13e78 100644
--- a/src/warden-server/etc/warden-server.conf
+++ b/src/warden-server/etc/warden-server.conf
@@ -5,12 +5,12 @@
#-------------------------------------------------------------------------------
# BASEDIR - base directory of Warden server
#-------------------------------------------------------------------------------
-$BASEDIR = '/opt/warden-server';
+$BASEDIR = "/opt/warden-server";
#-------------------------------------------------------------------------------
# SYSLOG - enable/disable syslog logging
#-------------------------------------------------------------------------------
-$SYSLOG = 1;
+$SYSLOG = 1;
#-------------------------------------------------------------------------------
# SYSLOG_VERBOSE - enable/disable logging in verbose mode (stack info added)
@@ -20,38 +20,38 @@ $SYSLOG_VERBOSE = 1;
#-------------------------------------------------------------------------------
# SYSLOG_FACILITY - syslog facility
#-------------------------------------------------------------------------------
-$SYSLOG_FACILITY = 'local7';
+$SYSLOG_FACILITY = "local7";
#-------------------------------------------------------------------------------
# DB_NAME - MySQL database name of Warden server
#-------------------------------------------------------------------------------
-$DB_NAME = 'warden';
+$DB_NAME = "warden";
#-------------------------------------------------------------------------------
# DB_USER - MySQL database user of Warden server
#-------------------------------------------------------------------------------
-$DB_USER = 'root';
+$DB_USER = "root";
#-------------------------------------------------------------------------------
# DB_PASS - MySQL database password of Warden server
#-------------------------------------------------------------------------------
-$DB_PASS = '';
+$DB_PASS = "";
#-------------------------------------------------------------------------------
# DB_HOST - MySQL database host
#-------------------------------------------------------------------------------
-$DB_HOST = 'localhost';
+$DB_HOST = "localhost";
#-------------------------------------------------------------------------------
# MAX_EVENTS_LIMIT - server limit of maximum number of events that can be
# delivered to one client in one batch
#-------------------------------------------------------------------------------
-$MAX_EVENTS_LIMIT = '1000000';
+$MAX_EVENTS_LIMIT = 1000000;
#-------------------------------------------------------------------------------
# VALID_STRINGS - validation hash containing allowed event attributes
#-------------------------------------------------------------------------------
%VALID_STRINGS = (
- 'type' => ['portscan', 'bruteforce', 'probe', 'spam', 'phishing', 'botnet_c_c', 'dos', 'malware', 'copyright', 'webattack', 'test', 'other'],
- 'source_type' => ['IP', 'URL', 'Reply-To:']
+ "type" => ["portscan", "bruteforce", "probe", "spam", "phishing", "botnet_c_c", "dos", "malware", "copyright", "webattack", "test", "other", "_any_"],
+ "source_type" => ["IP", "URL", "Reply-To:"]
);
diff --git a/src/warden-server/lib/Warden.pm b/src/warden-server/lib/Warden.pm
index 9cabc6dc27a3f0009d0626f0929ed0fc92ff5618..5df2b889b4ee7de12148f63615664e6b52fd74ee 100755
--- a/src/warden-server/lib/Warden.pm
+++ b/src/warden-server/lib/Warden.pm
@@ -22,7 +22,7 @@ use Crypt::X509;
use SOAP::Lite;
use Carp;
-our $VERSION = "2.2";
+our $VERSION = "2.2-devel";
################################################################################
@@ -631,70 +631,6 @@ sub unregisterClient
} # END of unregisterClient
-#-----------------------------------------------------------------------------
-# getClients - get list of clients which were registered at warden server
-#-----------------------------------------------------------------------------
-sub getClients
-{
- my ($class, $arg) = @_;
-
- # client network information
- my $cn = $ENV{'SSL_CLIENT_S_DN_CN'};
- my $ip = $ENV{'REMOTE_ADDR'};
- my $local_ip = $ENV{'SERVER_ADDR'};
-
- my $function_name = 'getClients';
-
- if ($local_ip ne $ip) {
- sendMsg("err",
- "Unauthorized access to function '$function_name' from: '$ip' ('$cn') - access allowed only from localhost",
- "Access denied - access allowed only from localhost");
- } else {
- my (@clients, $client);
- my ($client_id, $hostname, $registered, $requestor, $service, $client_type, $type, $receive_own_events, $description_tags, $ip_net_client);
- my $sth = $DBH->prepare("SELECT * FROM clients ORDER BY client_id ASC;");
- if (!defined $sth) {
- sendMsg("err",
- "Cannot prepare statement in function '$function_name': $DBH->errstr",
- "Internal 'prepare' server error");
- }
- $sth->execute;
-
- while ( my @result = $sth->fetchrow() ) {
- $client_id = $result[0];
- $hostname = $result[1];
- $registered = $result[2];
- $requestor = $result[3];
- $service = $result[4];
- $client_type = $result[5];
- $type = $result[6];
- $receive_own_events = $result[7];
- $description_tags = $result[8];
- $ip_net_client = $result[9];
-
- $client = SOAP::Data->name(client => \SOAP::Data->value(
- SOAP::Data->name(CLIENT_ID => $client_id),
- SOAP::Data->name(HOSTNAME => $hostname),
- SOAP::Data->name(REGISTERED => $registered),
- SOAP::Data->name(REQUESTOR => $requestor),
- SOAP::Data->name(SERVICE => $service),
- SOAP::Data->name(CLIENT_TYPE => $client_type),
- SOAP::Data->name(TYPE => $type),
- SOAP::Data->name(RECEIVE_OWN_EVENTS => $receive_own_events),
- SOAP::Data->name(DESCRIPTION_TAGS => $description_tags),
- SOAP::Data->name(IP_NET_CLIENT => $ip_net_client),
- ));
- push(@clients, $client);
- }
- my $sum = scalar @clients;
- sendMsg("info",
- "Sending information about '$sum' registered clients from $ENV{'SERVER_NAME'}",
- undef);
- return @clients;
- }
-} # END of getClients
-
-
#-----------------------------------------------------------------------------
# getStatus - get list of status items of warden server
#-----------------------------------------------------------------------------
@@ -842,7 +778,8 @@ sub getStatus
#-------------------------------------------------------------------------------
-# getClientInfo
+# getClientInfo - get list of registered clients on Warden server
+# by Warden client
#-------------------------------------------------------------------------------
sub getClientInfo
{
diff --git a/src/warden-server/lib/WardenStatus.pm b/src/warden-server/lib/WardenStatus.pm
index 1907ecbfb897efb57c79137f3dd795bc55cb070a..537aea1def6b3c37dce4a820b7bfac11141651ae 100755
--- a/src/warden-server/lib/WardenStatus.pm
+++ b/src/warden-server/lib/WardenStatus.pm
@@ -71,51 +71,6 @@ sub c2s
}
-#-------------------------------------------------------------------------------
-# getClients - get list of registered clients
-#-------------------------------------------------------------------------------
-sub getClients
-{
- my $warden_path = shift;
-
- my $etcdir = $warden_path . "/etc/";
- my $libdir = $warden_path . "/lib/";
-
- # read the config file
- require $libdir . "WardenConf.pm";
- my $conf_file = $etcdir . "warden-client.conf";
- my ($uri, $ssl_key_file, $ssl_cert_file, $ssl_ca_file) = WardenConf::loadConf($conf_file);
-
- # call method getClients on the Warden server
- my $response = c2s($uri, $ssl_key_file, $ssl_cert_file, $ssl_ca_file, "getClients");
-
- # parse returned SOAP data object with clients
- my @clients;
- my ($client_id, $hostname, $registered, $requestor, $service, $client_type, $type, $receive_own_events, $description_tags, $ip_net_client);
- my @response_list = $response->valueof('/Envelope/Body/getClientsResponse/client/');
- while (scalar @response_list) {
- my $response_data = shift(@response_list);
- my @client;
-
- $client_id = $response_data->{'CLIENT_ID'} ;
- $hostname = $response_data->{'HOSTNAME'};
- $registered = $response_data->{'REGISTERED'};
- $requestor = $response_data->{'REQUESTOR'};
- $service = defined $response_data->{'SERVICE'} ? $response_data->{'SERVICE'} : "-";
- $client_type = $response_data->{'CLIENT_TYPE'};
- $type = defined $response_data->{'TYPE'} ? $response_data->{'TYPE'} : "-";
- $receive_own_events = defined $response_data->{'RECEIVE_OWN_EVENTS'} ? $response_data->{'RECEIVE_OWN_EVENTS'} : "-";
- $description_tags = defined $response_data->{'DESCRIPTION_TAGS'} ? $response_data->{'DESCRIPTION_TAGS'} : "-";
- $ip_net_client = $response_data->{'IP_NET_CLIENT'};
-
- # push received clients from warden server into @clients which is returned
- @client = ($client_id, $hostname, $registered, $requestor, $service, $client_type, $type, $receive_own_events, $description_tags, $ip_net_client);
- push (@clients,\@client);
- }
- return @clients;
-} # End of getClients
-
-
#-------------------------------------------------------------------------------
# getStatus - get warden server status
#-------------------------------------------------------------------------------