diff --git a/src/warden-server/lib/Warden.pm b/src/warden-server/lib/Warden.pm
index 75804ae4b03be65ca5383989bd014a7f682b650d..84da266c99ecc3906902472ccb7377a6b43d3888 100755
--- a/src/warden-server/lib/Warden.pm
+++ b/src/warden-server/lib/Warden.pm
@@ -39,6 +39,7 @@ my $etc = "$lib/../etc";
################################################################################
# READING OF CONFIGURATION VARIABLES
################################################################################
+# load server configuration
my $conf_file = "$etc/warden-server.conf";
WardenCommon::loadConf($conf_file);
@@ -47,6 +48,7 @@ WardenCommon::loadConf($conf_file);
################################################################################
# DB CONNECT
################################################################################
+# create database handler
our $DBH = DBI->connect("DBI:mysql:database=$WardenCommon::DB_NAME;host=$WardenCommon::DB_HOST", $WardenCommon::DB_USER, $WardenCommon::DB_PASS, {RaiseError => 1, mysql_auto_reconnect => 1})
|| die "Could not connect to database '$WardenCommon::DB_NAME' at '$WardenCommon::DB_HOST': $DBI::errstr";
@@ -65,6 +67,7 @@ sub sendMsg
my $syslog_msg = shift;
my $soap_msg = shift;
+ # send message via syslog
WardenCommon::sendMsg($WardenCommon::SYSLOG, $WardenCommon::SYSLOG_VERBOSE, $WardenCommon::SYSLOG_FACILITY, $severity,
$syslog_msg, $soap_msg, $FILENAME);
}
@@ -85,9 +88,12 @@ sub getAltNames
my $der = decode_base64(join("", @a));
my $decoded= Crypt::X509->new(cert => $der);
- foreach my $tmp (@{$decoded->SubjectAltName}) {
- if($tmp =~ s/dNSName=//){
- push(@an_array, $DBH->quote($tmp));
+ # obtain Subject Alternative Names from SSL certificate (if any exist)
+ if (defined $decoded->SubjectAltName) {
+ foreach my $tmp (@{$decoded->SubjectAltName}) {
+ if($tmp =~ s/dNSName=//){
+ push(@an_array, $DBH->quote($tmp));
+ }
}
}
@@ -140,7 +146,7 @@ sub authorizeClient
}
}
- # obtain registration info about clients
+ # obtain registration information about clients
my ($client_id, $ip_net_client, $receive_own, $ip_net_client_list);
my $correct_ip_source = 0;
my %ret;
@@ -213,12 +219,14 @@ sub saveNewEvent
my $priority = $data->{'PRIORITY'};
my $timeout = $data->{'TIMEOUT'};
+ # authorize incoming client
my %client = authorizeClient($alt_names, $ip, $service, $client_type, $function_name);
if (defined %client) {
sendMsg("debug",
"Incoming event: [client_id: '$client{'client_id'}', service: '$service', detected: '$detected', type: '$type', source_type: '$source_type', source: '$source', target_proto: '$target_proto', target_port: '$target_port', attack_scale: '$attack_scale', note: '$note', priority: '$priority', timeout: '$timeout']",
undef);
+ # check event entries 'event_type' and 'source_type' (based on VALIDATION HASH)
if (%WardenCommon::VALID_STRINGS) { # check if hash is not empty - use VALIDATION HASH
if (!(exists $WardenCommon::VALID_STRINGS{'type'} && grep $type eq $_, @{$WardenCommon::VALID_STRINGS{'type'}})) {
sendMsg("err",
@@ -238,6 +246,7 @@ sub saveNewEvent
"Unknown detected time format: '$detected'");
}
+ # check other event entries
my @change_list;
if (defined $target_port && $target_port !~ /^\d+\z/) {
push(@change_list, "target_port: '$target_port'");
@@ -266,6 +275,7 @@ sub saveNewEvent
undef);
}
+ # save new event into database
$sth = $DBH->prepare("INSERT INTO events VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?,?);");
unless (defined $sth) {
sendMsg("err",
@@ -315,6 +325,7 @@ sub getNewEvents
# authorize incoming client
my %client = authorizeClient($alt_names, $ip, $requested_type, $client_type, $function_name);
if (defined %client) {
+ # obtain events from database
my $query = "SELECT id, hostname, service, detected, events.type, source_type, source, target_proto, target_port, attack_scale, note, priority, timeout FROM events INNER JOIN clients ON events.client_id = clients.client_id WHERE events.type != 'test' AND id > ? AND events.valid = 't'";
my @params = ($last_id);
@@ -346,9 +357,9 @@ sub getNewEvents
"Internal 'execute' server error");
}
- # obtain items of events stored in events table
+ # obtain event entries from query
while (my @result = $sth->fetchrow()) {
- # create SOAP data object set values
+ # create SOAP object
$event = SOAP::Data->name(event => \SOAP::Data->value(
SOAP::Data->name(ID => $result[0]),
SOAP::Data->name(HOSTNAME => $result[1]),
@@ -404,8 +415,10 @@ sub getLastId
my $function_name = 'getLastId';
+ # authorize incoming client
my %client = authorizeClient($alt_names, $ip, $service, $client_type, $function_name);
if (defined %client) {
+ # obtain max event ID
my $sth = $DBH->prepare("SELECT max(id) FROM events;");
unless (defined $sth) {
sendMsg("err",
@@ -445,8 +458,10 @@ sub getClientInfo
my $function_name = 'getClientInfo';
+ # authorize incoming client
my %client = authorizeClient($alt_names, $ip, $service, $client_type, $function_name);
if (defined %client) {
+ # obtain all valid clients from DB
my $sth = $DBH->prepare("SELECT * FROM clients WHERE valid = 't' ORDER BY client_id ASC;");
unless (defined $sth) {
sendMsg("err",
@@ -461,6 +476,7 @@ sub getClientInfo
"Internal 'execute' server error");
}
+ # create SOAP object
while ( my @result = $sth->fetchrow() ) {
$client = SOAP::Data->name(client => \SOAP::Data->value(
SOAP::Data->name(CLIENT_ID => $result[0]),
@@ -478,6 +494,7 @@ sub getClientInfo
push(@clients, $client);
}
+ # log information message
my $sum = scalar @clients;
sendMsg("info",
"Sent information about $sum registered clients from Warden server '$ENV{'SERVER_NAME'}' to client '$client{'client_id'}'",