From 64efeeed9c6da2015b682d7595fd8da79bbc0f0f Mon Sep 17 00:00:00 2001
From: Tomas Plesnik <plesnik@ics.muni.cz>
Date: Fri, 4 Jul 2014 15:20:40 +0200
Subject: [PATCH] pridana makra pro SQL dotazy
---
.../etc/warden-watchdog.conf.tmpl.update | 33 ++-----------------
1 file changed, 3 insertions(+), 30 deletions(-)
diff --git a/src/warden-server/etc/warden-watchdog.conf.tmpl.update b/src/warden-server/etc/warden-watchdog.conf.tmpl.update
index 538e80d..32ac9db 100644
--- a/src/warden-server/etc/warden-watchdog.conf.tmpl.update
+++ b/src/warden-server/etc/warden-watchdog.conf.tmpl.update
@@ -23,31 +23,7 @@ $EMAIL_SERVER_CONF = '_EMAIL_SERVER_CONF_';
#-------------------------------------------------------------------------------
# SQL_PRECONDITION - array of procedures which are executed "before" main action
#-------------------------------------------------------------------------------
-@SQL_PRECONDITION = ('DROP FUNCTION IF EXISTS iptest;', 'CREATE FUNCTION iptest(ip VARCHAR(15)) RETURNS TINYINT(1) DETERMINISTIC
-BEGIN
- SET @nip = INET_ATON(ip);
- IF(
- ISNULL( @nip) OR
- @nip BETWEEN 0 AND 16777216 OR
- @nip BETWEEN 167772160 AND 171966464 OR
- @nip BETWEEN 2130706432 AND 2130706433 OR
- @nip BETWEEN 2851995648 AND 2851995649 OR
- @nip BETWEEN 2886729728 AND 2886729729 OR
- @nip BETWEEN 3221225472 AND 3221225473 OR
- @nip BETWEEN 3221225984 AND 3221225985 OR
- @nip BETWEEN 3227017984 AND 3227017985 OR
- @nip BETWEEN 3232235520 AND 3232235521 OR
- @nip BETWEEN 3323068416 AND 3323068417 OR
- @nip BETWEEN 3325256704 AND 3325256705 OR
- @nip BETWEEN 3405803776 AND 3405803777 OR
- @nip BETWEEN 3758096384 AND 3758096385 OR
- @nip BETWEEN 4026531840 AND 4026531841 OR
- @nip > 4294967295) THEN
- RETURN TRUE;
- ELSE
- RETURN FALSE;
- END IF;
-END;');
+@SQL_PRECONDITION = (_SQL_PRECONDITION_);
#-------------------------------------------------------------------------------
# SQL_QUERIES - array of hashes of actions for the WardenWatchdog script.
@@ -59,12 +35,9 @@ END;');
# in a database table.
#-------------------------------------------------------------------------------
@SQL_QUERIES = (
- {query => "SELECT hostname, service, MAX(received) FROM events WHERE valid = 't' GROUP BY hostname, service ORDER BY MAX(received) ASC;", text => "These clients do not report any events for a long time. It is possible, that they are misconfigured or not running.", contact => "jakubcegan@cesnet.cz, ph@cesnet.cz"},
- {query => "SELECT clients.* FROM clients JOIN events ON clients.service=events.service WHERE events.detected > '$date' AND NOT FIND_IN_SET(events.type, 'portscan,bruteforce,probe,spam,phishing,botnet_c_c,dos,malware,copyright,webattack,test,other') AND events.valid = 't' GROUP BY requestor;", text => "Following client(s) report unsupported or obsolete type of event to a Warden server.", contact => "jakubcegan@cesnet.cz, ph@cesnet.cz"},
- {query => "SELECT hostname, service, type, COUNT(*) FROM events WHERE detected - received > 0 AND received > '$date' GROUP BY hostname, service, type;", text => "Following client(s) report events to a Warden server with a timestamp from future. Server timestamp (received) has to be always greater or equal to a timestam of detection.", contact => "jakubcegan@cesnet.cz, ph@cesnet.cz"},
- {query => "SELECT hostname, service, received, source, count(source) AS c, min(received), max(received) FROM events WHERE valid = 't' AND source_type = 'IP' AND iptest(source) GROUP BY hostname, service, source ORDER BY c DESC;", text => "Following client(s) report events to a Warden server with a private or invalid IPv4 address.", contact => "jakubcegan@cesnet.cz, ph@cesnet.cz"});
+_SQL_QUERIES_);
#-------------------------------------------------------------------------------
# SQL_POSTCONDITION - array of procedures which are executed "after" main action
#-------------------------------------------------------------------------------
-@SQL_POSTCONDITION = ('DROP FUNCTION IF EXISTS iptest;');
+@SQL_POSTCONDITION = (_SQL_POSTCONDITION_);
--
GitLab