From 9ec3b84c55d6e6b351fff685d6578cc6a87ea96f Mon Sep 17 00:00:00 2001 From: Tomas Plesnik <plesnik@ics.muni.cz> Date: Thu, 1 Dec 2011 22:37:58 +0100 Subject: [PATCH] inicialni stav serveru --- src/warden-server/bin/getClients.pl | 116 +++ src/warden-server/bin/getStatus.pl | 127 +++ src/warden-server/bin/registerReceiver.pl | 128 +++ src/warden-server/bin/registerSender.pl | 124 +++ src/warden-server/bin/unregisterClient.pl | 112 +++ src/warden-server/bin/warden-alive | 9 + src/warden-server/bin/warden-server.pl | 846 +++++++++++++++++++ src/warden-server/bin/wardend | 127 +++ src/warden-server/etc/warden-client.conf | 23 + src/warden-server/etc/warden-server.conf | 53 ++ src/warden-server/lib/WardenConf.pm | 68 ++ src/warden-server/lib/WardenReg.pm | 194 +++++ src/warden-server/lib/WardenStatus.pm | 203 +++++ src/warden-server/sh/create_table-clients.sh | 39 + src/warden-server/sh/create_table-events.sh | 40 + 15 files changed, 2209 insertions(+) create mode 100755 src/warden-server/bin/getClients.pl create mode 100755 src/warden-server/bin/getStatus.pl create mode 100755 src/warden-server/bin/registerReceiver.pl create mode 100755 src/warden-server/bin/registerSender.pl create mode 100755 src/warden-server/bin/unregisterClient.pl create mode 100755 src/warden-server/bin/warden-alive create mode 100755 src/warden-server/bin/warden-server.pl create mode 100755 src/warden-server/bin/wardend create mode 100644 src/warden-server/etc/warden-client.conf create mode 100644 src/warden-server/etc/warden-server.conf create mode 100755 src/warden-server/lib/WardenConf.pm create mode 100755 src/warden-server/lib/WardenReg.pm create mode 100755 src/warden-server/lib/WardenStatus.pm create mode 100755 src/warden-server/sh/create_table-clients.sh create mode 100755 src/warden-server/sh/create_table-events.sh diff --git a/src/warden-server/bin/getClients.pl b/src/warden-server/bin/getClients.pl new file mode 100755 index 0000000..434a0a1 --- /dev/null +++ b/src/warden-server/bin/getClients.pl @@ -0,0 +1,116 @@ +#!/usr/bin/perl -w +# +# getClients.pl +# +# Copyright (C) 2011 Cesnet z.s.p.o +# Author(s): Tomas PLESNIK <plesnik@ics.muni.cz> +# Jan SOUKAL <soukal@ics.muni.cz> +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# 3. Neither the name of the Cesnet z.s.p.o nor the names of its +# contributors may be used to endorse or promote products derived from +# this software without specific prior written permission. +# +# This software is provided ``as is'', and any express or implied +# warranties, including, but not limited to, the implied warranties of +# merchantability and fitness for a particular purpose are disclaimed. +# In no event shall the Masaryk University or contributors be liable for +# any direct, indirect, incidental, special, exemplary, or consequential +# damages (including, but not limited to, procurement of substitute +# goods or services; loss of use, data, or profits; or business +# interruption) however caused and on any theory of liability, whether +# in contract, strict liability, or tort (including negligence or +# otherwise) arising in any way out of the use of this software, even +# if advised of the possibility of such damage. + +use strict; +use Getopt::Std; +use File::Basename; + +my $warden_path = '/opt/warden-server'; +require $warden_path . '/lib/WardenStatus.pm'; +my $filename = basename($0); + + +#------------------------------------------------------------------------------- +# Functions +#------------------------------------------------------------------------------- +sub usage { + print "Usage: $filename [without parameters]\n"; + exit 1; +} + + +#------------------------------------------------------------------------------- +# errMsg - print error message and die +#------------------------------------------------------------------------------- +sub errMsg +{ + my $msg = shift; + $msg = trim($msg); + print $msg . "\n"; + exit 1; +} # End of errMsg + + +#------------------------------------------------------------------------------- +# trim - remove whitespace from the start and end of the string +#------------------------------------------------------------------------------- +sub trim +{ + my $string = shift; + $string =~ s/^\s+//; + $string =~ s/\s+$//; + return $string; +} # End of trim + + +#------------------------------------------------------------------------------- +# MAIN +#------------------------------------------------------------------------------- +our ($opt_h); + +die usage unless getopts("h"); +my $help = $opt_h; + +# catch help param +if ($help) { + usage; +} + +# superuser controle +my $UID = $<; +if ($UID != 0) { + die errMsg("You must be root for running this script!") +} + + +my @clients = WardenStatus::getClients($warden_path); +print "+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+\n"; +print "| Client ID | Hostname | Registered | Requestor | Service | CT | Type | ROE | Description tags | IP Net Client |\n"; +print "+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+\n"; +foreach (@clients) { + printf("| %-10s ", @$_[0]); + printf("| %-30s ", @$_[1]); + printf("| %19s ", @$_[2]); + printf("| %-10s ", @$_[3]); + printf("| %-20s ", @$_[4]); + printf("| %-2s ", @$_[5]); + printf("| %-15s ", @$_[6]); + printf("| %-4s ", @$_[7]); + printf("| %-30s ", @$_[8]); + printf("| %-18s |\n", @$_[9]); +} +print "+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+\n"; +print "\n"; +print "Current registered clients in: " . scalar localtime(time) . "\n"; + +exit 0; diff --git a/src/warden-server/bin/getStatus.pl b/src/warden-server/bin/getStatus.pl new file mode 100755 index 0000000..57d3c8c --- /dev/null +++ b/src/warden-server/bin/getStatus.pl @@ -0,0 +1,127 @@ +#!/usr/bin/perl -w +# +# getStatus.pl +# +# Copyright (C) 2011 Cesnet z.s.p.o +# Author(s): Tomas PLESNIK <plesnik@ics.muni.cz> +# Jan SOUKAL <soukal@ics.muni.cz> +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# 3. Neither the name of the Cesnet z.s.p.o nor the names of its +# contributors may be used to endorse or promote products derived from +# this software without specific prior written permission. +# +# This software is provided ``as is'', and any express or implied +# warranties, including, but not limited to, the implied warranties of +# merchantability and fitness for a particular purpose are disclaimed. +# In no event shall the Masaryk University or contributors be liable for +# any direct, indirect, incidental, special, exemplary, or consequential +# damages (including, but not limited to, procurement of substitute +# goods or services; loss of use, data, or profits; or business +# interruption) however caused and on any theory of liability, whether +# in contract, strict liability, or tort (including negligence or +# otherwise) arising in any way out of the use of this software, even +# if advised of the possibility of such damage. + +use strict; +use Getopt::Std; +use File::Basename; + +my $warden_path = '/opt/warden-server'; +require $warden_path . '/lib/WardenStatus.pm'; +my $filename = basename($0); + +#------------------------------------------------------------------------------- +# Functions +#------------------------------------------------------------------------------- +sub usage { + print "Usage: $filename [without parameters]\n"; + exit 1; +} + + +#------------------------------------------------------------------------------- +# errMsg - print error message and die +#------------------------------------------------------------------------------- +sub errMsg +{ + my $msg = shift; + $msg = trim($msg); + print $msg . "\n"; + exit 1; +} # End of errMsg + + +#------------------------------------------------------------------------------- +# trim - remove whitespace from the start and end of the string +#------------------------------------------------------------------------------- +sub trim +{ + my $string = shift; + $string =~ s/^\s+//; + $string =~ s/\s+$//; + return $string; +} # End of trim + + +#------------------------------------------------------------------------------- +# MAIN +#------------------------------------------------------------------------------- +our ($opt_h); + +die usage unless getopts("h"); +my $help = $opt_h; + +# catch help param +if ($help) { + usage; +} + +# superuser controle +my $UID = $<; +if ($UID != 0) { + die errMsg("You must be root for running this script!") +} + +my @status = WardenStatus::getStatus($warden_path); + +# remove first element of array @status and save it into $server_status_ref +my $server_status_ref = shift(@status); +my @server_status = @$server_status_ref; + +print "Database size:\t\t\t$server_status[0]\n"; +print "Count of saved events:\t\t$server_status[1]\n"; +print "Last ID in events table:\t$server_status[2]\n"; +print "Time of first inserted event:\t$server_status[3] (UTC)\n"; +print "Time of latest inserted event:\t$server_status[4] (UTC)\n"; +print "Count of registered clients:\t$server_status[5]\n"; +print "\n"; + +# check if sum of registered client isn't 0 +if ($server_status[5] != 0) { + print "Statistics of registered senders:\n"; + print "+-----------------------------------------------------------------------------------------------------------+\n"; + print "| Client ID | Hostname | Service | Stored events | Last insertion (UTC) |\n"; + print "+-----------------------------------------------------------------------------------------------------------+\n"; + foreach my $client_status_ref (@status){ + my @client_status = @$client_status_ref; + printf("| %-10s ", $client_status[0]); + printf("| %-30s ", $client_status[1]); + printf("| %-20s ", $client_status[2]); + printf("| %-13s ", $client_status[3]); + printf("| %-20s |\n", $client_status[4]); + } + print "+-----------------------------------------------------------------------------------------------------------+\n"; + print "\n"; +} +print "Current server status in:\t" . scalar localtime(time) . "\n"; + +exit 0; diff --git a/src/warden-server/bin/registerReceiver.pl b/src/warden-server/bin/registerReceiver.pl new file mode 100755 index 0000000..83a21a4 --- /dev/null +++ b/src/warden-server/bin/registerReceiver.pl @@ -0,0 +1,128 @@ +#!/usr/bin/perl -w +# +# registerReceiver.pl +# +# Copyright (C) 2011 Cesnet z.s.p.o +# Author(s): Tomas PLESNIK <plesnik@ics.muni.cz> +# Jan SOUKAL <soukal@ics.muni.cz> +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# 3. Neither the name of the Cesnet z.s.p.o nor the names of its +# contributors may be used to endorse or promote products derived from +# this software without specific prior written permission. +# +# This software is provided ``as is'', and any express or implied +# warranties, including, but not limited to, the implied warranties of +# merchantability and fitness for a particular purpose are disclaimed. +# In no event shall the Masaryk University or contributors be liable for +# any direct, indirect, incidental, special, exemplary, or consequential +# damages (including, but not limited to, procurement of substitute +# goods or services; loss of use, data, or profits; or business +# interruption) however caused and on any theory of liability, whether +# in contract, strict liability, or tort (including negligence or +# otherwise) arising in any way out of the use of this software, even +# if advised of the possibility of such damage. + +use strict; +use Getopt::Std; +use Switch; +use File::Basename; + +my $warden_path = '/opt/warden-server'; +require $warden_path . '/lib/WardenReg.pm'; +my $filename = basename($0); + +#------------------------------------------------------------------------------- +# Functions +#------------------------------------------------------------------------------- +sub usage { + print "Usage: $filename [-h -o -n <hostname> -r <requestor> -t <type> -i <ip_net_client>]\n"; + exit 1; +} + + +sub help { + print "$filename [-h -o -n <hostname> -r <requestor> -t <type> -i <ip_net_client>]\n"; + print "-h print this text and exit\n"; + print "-n hostname of receiver\n"; + print "-r client registration requestor\n"; + print "-t type of receive events\n"; + print "-o enable receive of own events\n"; + print "-i CIDR of receiver\n"; + exit 0; +} + + +#------------------------------------------------------------------------------- +# errMsg - print error message and die +#------------------------------------------------------------------------------- +sub errMsg +{ + my $msg = shift; + $msg = trim($msg); + print $msg . "\n"; + exit 1; +} # End of errMsg + + +#------------------------------------------------------------------------------- +# trim - remove whitespace from the start and end of the string +#------------------------------------------------------------------------------- +sub trim +{ + my $string = shift; + $string =~ s/^\s+//; + $string =~ s/\s+$//; + return $string; +} # End of trim + + +#------------------------------------------------------------------------------- +# MAIN +#------------------------------------------------------------------------------- +our ($opt_n, $opt_r, $opt_t, $opt_o, $opt_i, $opt_h); + +die usage unless getopts("n:r:t:i:ho"); +my $hostname = $opt_n; +my $requestor = $opt_r; +my $type = $opt_t; +my $ip_net_client = $opt_i; +my $help = $opt_h; +my $receive_own_events = "f"; + +if ($opt_o) { + $receive_own_events = "t"; +} + +# catch help param +if ($help) { + help; +} + +# superuser controle +my $UID = $<; +if ($UID != 0) { + die errMsg("You must be root for running this script!") +} + +# check parameters definition +switch () { + case {!defined $hostname} { print "ERROR: Parameter 'hostname' is not defined!\n"; exit 1; } + case {!defined $requestor} { print "ERROR: Parameter 'requestor' is not defined!\n"; exit 1; } + case {!defined $type} { print "ERROR: Parameter 'type' is not defined!\n"; exit 1; } + case {!defined $receive_own_events} { print "ERROR: Parameter 'receive_own_events' is not defined!\n"; exit 1; } + case {!defined $ip_net_client} { print "ERROR: Parameter 'ip_net_client' is not defined!\n"; exit 1; } +} + +my $return = WardenReg::registerReceiver($warden_path, $hostname, $requestor, $type, $receive_own_events, $ip_net_client); +$return ? print "Registration of $hostname was SUCCESSFUL...\n" : print "Registration of $hostname FAILED!\n"; + +exit 0; diff --git a/src/warden-server/bin/registerSender.pl b/src/warden-server/bin/registerSender.pl new file mode 100755 index 0000000..0b7af95 --- /dev/null +++ b/src/warden-server/bin/registerSender.pl @@ -0,0 +1,124 @@ +#!/usr/bin/perl -w +# +# registerSender.pl +# +# Copyright (C) 2011 Cesnet z.s.p.o +# Author(s): Tomas PLESNIK <plesnik@ics.muni.cz> +# Jan SOUKAL <soukal@ics.muni.cz> +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# 3. Neither the name of the Cesnet z.s.p.o nor the names of its +# contributors may be used to endorse or promote products derived from +# this software without specific prior written permission. +# +# This software is provided ``as is'', and any express or implied +# warranties, including, but not limited to, the implied warranties of +# merchantability and fitness for a particular purpose are disclaimed. +# In no event shall the Masaryk University or contributors be liable for +# any direct, indirect, incidental, special, exemplary, or consequential +# damages (including, but not limited to, procurement of substitute +# goods or services; loss of use, data, or profits; or business +# interruption) however caused and on any theory of liability, whether +# in contract, strict liability, or tort (including negligence or +# otherwise) arising in any way out of the use of this software, even +# if advised of the possibility of such damage. + +use strict; +use Getopt::Std; +use Switch; +use File::Basename; + +my $warden_path = '/opt/warden-server'; +require $warden_path . '/lib/WardenReg.pm'; +my $filename = basename($0); + +#------------------------------------------------------------------------------- +# Functions +#------------------------------------------------------------------------------- +sub usage { + print "Usage: $filename [-h -n <hostname> -r <requestor> -s <service> -d <description_tags> -i <ip_net_client>]\n"; + exit 1; +} + +sub help { + print "$filename [-h -n <hostname> -r <requestor> -s <service> -d <description_tags> -i <ip_net_client>]\n"; + print "-h print this text and exit\n"; + print "-n hostname of sender\n"; + print "-r client registration requestor\n"; + print "-s service of send events\n"; + print "-d description tags of send events\n"; + print "-i CIDR of sender\n"; + exit 0; +} + + +#------------------------------------------------------------------------------- +# errMsg - print error message and die +#------------------------------------------------------------------------------- +sub errMsg +{ + my $msg = shift; + $msg = trim($msg); + print $msg . "\n"; + exit 1; +} # End of errMsg + + +#------------------------------------------------------------------------------- +# trim - remove whitespace from the start and end of the string +#------------------------------------------------------------------------------- +sub trim +{ + my $string = shift; + $string =~ s/^\s+//; + $string =~ s/\s+$//; + return $string; +} # End of trim + + +#------------------------------------------------------------------------------- +# MAIN +#------------------------------------------------------------------------------- +our ($opt_n, $opt_r, $opt_s, $opt_d, $opt_i, $opt_h); + +die usage unless getopts("n:r:s:d:i:h"); +my $hostname = $opt_n; +my $requestor = $opt_r; +my $service = $opt_s; +my $description_tags = $opt_d; +my $ip_net_client = $opt_i; +my $help = $opt_h; + +# catch help param +if ($help) { + help; +} + +# superuser controle +my $UID = $<; +if ($UID != 0) { + die errMsg("You must be root for running this script!") +} + +# check parameters definition +switch () { + case {!defined $hostname} { print "ERROR: Parameter 'hostname' is not defined!\n"; exit 1; } + case {!defined $requestor} { print "ERROR: Parameter 'requestor' is not defined!\n"; exit 1; } + case {!defined $service} { print "ERROR: Parameter 'service' is not defined!\n"; exit 1; } + case {!defined $description_tags} { print "ERROR: Parameter 'description_tags' is not defined!\n"; exit 1; } + case {!defined $ip_net_client} { print "ERROR: Parameter 'ip_net_client' is not defined!\n"; exit 1; } +} + +# register sender at warden server +my $return = WardenReg::registerSender($warden_path, $hostname, $requestor, $service, $description_tags, $ip_net_client); +$return ? print "Registration of $hostname was SUCCESSFUL...\n" : print "Registration of $hostname FAILED!\n"; + +exit 0; diff --git a/src/warden-server/bin/unregisterClient.pl b/src/warden-server/bin/unregisterClient.pl new file mode 100755 index 0000000..a69f1ac --- /dev/null +++ b/src/warden-server/bin/unregisterClient.pl @@ -0,0 +1,112 @@ +#!/usr/bin/perl -w +# +# unregisterClient.pl +# +# Copyright (C) 2011 Cesnet z.s.p.o +# Author(s): Tomas PLESNIK <plesnik@ics.muni.cz> +# Jan SOUKAL <soukal@ics.muni.cz> +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# 3. Neither the name of the Cesnet z.s.p.o nor the names of its +# contributors may be used to endorse or promote products derived from +# this software without specific prior written permission. +# +# This software is provided ``as is'', and any express or implied +# warranties, including, but not limited to, the implied warranties of +# merchantability and fitness for a particular purpose are disclaimed. +# In no event shall the Masaryk University or contributors be liable for +# any direct, indirect, incidental, special, exemplary, or consequential +# damages (including, but not limited to, procurement of substitute +# goods or services; loss of use, data, or profits; or business +# interruption) however caused and on any theory of liability, whether +# in contract, strict liability, or tort (including negligence or +# otherwise) arising in any way out of the use of this software, even +# if advised of the possibility of such damage. + +use strict; +use Getopt::Std; +use Switch; +use File::Basename; + +my $warden_path = '/opt/warden-server'; +require $warden_path . '/lib/WardenReg.pm'; +my $filename = basename($0); + +#------------------------------------------------------------------------------- +# Functions +#------------------------------------------------------------------------------- +sub usage { + print "Usage: $filename [-h -i <client_id>]\n"; + exit 1; +} + +sub help { + print "$filename [-h -i <client_id>]\n"; + print "-h print this text and exit\n"; + print "-i client_id for unregistration\n"; + exit 0; +} + + +#------------------------------------------------------------------------------- +# errMsg - print error message and die +#------------------------------------------------------------------------------- +sub errMsg +{ + my $msg = shift; + $msg = trim($msg); + print $msg . "\n"; + exit 1; +} # End of errMsg + + +#------------------------------------------------------------------------------- +# trim - remove whitespace from the start and end of the string +#------------------------------------------------------------------------------- +sub trim +{ + my $string = shift; + $string =~ s/^\s+//; + $string =~ s/\s+$//; + return $string; +} # End of trim + + +#------------------------------------------------------------------------------- +# MAIN +#------------------------------------------------------------------------------- +our ($opt_h, $opt_i); + +die usage unless getopts("i:h"); +my $client_id = $opt_i; +my $help = $opt_h; + +# catch help param +if ($help) { + help; +} + +# superuser controle +my $UID = $<; +if ($UID != 0) { + die errMsg("You must be root for running this script!") +} + +# check parameters definition +if (!defined $client_id) { + print "ERROR: Parameter 'client_id' is not defined!\n"; + exit 1; +} + +my $return = WardenReg::unregisterClient($warden_path, $client_id); +$return ? print "Unregistration of client (#$client_id) was SUCCESSFUL...\n" : print "Unregistration of client (# $client_id) FAILED!\n"; + +exit 0; diff --git a/src/warden-server/bin/warden-alive b/src/warden-server/bin/warden-alive new file mode 100755 index 0000000..140f96a --- /dev/null +++ b/src/warden-server/bin/warden-alive @@ -0,0 +1,9 @@ +#!/usr/bin/perl + +my $rv = `ps aux | grep "/usr/bin/perl -w /opt/warden-server/bin/warden-server.pl" | grep -v grep | grep -v process-alive | wc -l`; +if ($rv) { + print "WARDEN OK: Warden server is running\n"; +} +else { + print "WARDEN CRITICAL: Warden server is not running\n"; +}; diff --git a/src/warden-server/bin/warden-server.pl b/src/warden-server/bin/warden-server.pl new file mode 100755 index 0000000..bd4d1fe --- /dev/null +++ b/src/warden-server/bin/warden-server.pl @@ -0,0 +1,846 @@ +#!/usr/bin/perl -w +# +# warden-server.pl +# +# Copyright (C) 2011 Cesnet z.s.p.o +# Author(s): Tomas PLESNIK <plesnik@ics.muni.cz> +# Jan SOUKAL <soukal@ics.muni.cz> +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# 3. Neither the name of the Cesnet z.s.p.o nor the names of its +# contributors may be used to endorse or promote products derived from +# this software without specific prior written permission. +# +# This software is provided ``as is'', and any express or implied +# warranties, including, but not limited to, the implied warranties of +# merchantability and fitness for a particular purpose are disclaimed. +# In no event shall the Masaryk University or contributors be liable for +# any direct, indirect, incidental, special, exemplary, or consequential +# damages (including, but not limited to, procurement of substitute +# goods or services; loss of use, data, or profits; or business +# interruption) however caused and on any theory of liability, whether +# in contract, strict liability, or tort (including negligence or +# otherwise) arising in any way out of the use of this software, even +# if advised of the possibility of such damage. + +package Warden; + +use strict; +use SOAP::Lite; +use SOAP::Transport::TCP; +use File::Pid; +use POSIX; +use DBI; +use Format::Human::Bytes; +use Sys::Syslog qw(:DEFAULT setlogsock); +Sys::Syslog::setlogsock('unix'); +use File::Basename; +use FindBin; +use Data::Dumper; +use Net::CIDR::Lite; +use DateTime; + + +################################################################################ +# CONFIG FILE VARIABLES +################################################################################ + +my $script_name = $FindBin::Script; +my $conf_file = "/opt/warden-server/etc/warden-server.conf"; + +# first declaration of globa variables from config file +our $ADDRESS = undef; +our $PORT = undef; +our $LOGDIR = undef; +our $PIDDIR = undef; +our $VARDIR = undef; +our $SSL_KEY_FILE = undef; +our $SSL_CERT_FILE = undef; +our $SSL_CA_FILE = undef; +our $FACILITY = undef; + +# read config file +if ( ! open( TMP, $conf_file) ) { + die errMsg("Can't read config file '$conf_file': $!\n"); +} +close TMP; + +# load set variables by user +if ( !do $conf_file ) { + die errMsg("Errors in config file '$conf_file': $@"); +} + + + +################################################################################ +# VARIABLES +################################################################################ + +my $die_now = 0; + +# PID path +my $pid_file = $PIDDIR . $script_name . ".pid"; + +# DB file +my $db_file = "warden.db"; +my $db = $VARDIR . $db_file; + +# connect to DB - DBH is GLOBAL variable +my $dbargs = {AutoCommit => 0, PrintError => 1}; +our $DBH = DBI->connect("dbi:SQLite:dbname=$db","","",$dbargs) or die errMsg("Can't connect to DB: $!"); + + + +################################################################################ +# LOCAL FUNCTIONS +################################################################################ + + +#------------------------------------------------------------------------------- +# errMsg - print error message and die +#------------------------------------------------------------------------------- +sub errMsg +{ + my $msg = shift; + $msg = trim($msg); + print $msg . "\n"; + exit 1; +} # End of errMsg + + +#------------------------------------------------------------------------------- +# trim - remove whitespace from the start and end of the string +#------------------------------------------------------------------------------- +sub trim +{ + my $string = shift; + $string =~ s/^\s+//; + $string =~ s/\s+$//; + return $string; +} # End of trim + + +#------------------------------------------------------------------------------- +# write2log - writing message to syslog +#------------------------------------------------------------------------------- +sub write2log +{ + my $priority = shift; + my $msg = shift; + my $filename = File::Basename::basename($0); + + Sys::Syslog::openlog($filename, "cons,pid", $FACILITY); + Sys::Syslog::syslog("$priority", "$msg"); + Sys::Syslog::closelog(); +} # End of write2log + + +#------------------------------------------------------------------------------- +# signalHandler - catch signals and end the program if one is caught. +#------------------------------------------------------------------------------- +sub signalHandler +{ + $die_now = 1; # this will cause the "infinite loop" to exit +} # End of signalHandler + + +#------------------------------------------------------------------------------- +# sslErrorHandler - handle errors in SSL negitiation +#------------------------------------------------------------------------------- +sub sslErrorHandler +{ + my $socket = shift; + my $msg = shift; + + my $ip = $socket->peerhost; + + + print $socket $msg; + $socket->close; + write2log ("err", "Caught SSL handshake error from $ip: $msg"); + return 1; +} + +################################################################################ +# SOAP Functions +################################################################################ + +#----------------------------------------------------------------------------- +# saveNewEvent - save new received event into database +#----------------------------------------------------------------------------- +sub saveNewEvent +{ + my ($class, $data) = @_; + my ($sth, $cidr_list); + + # variables defined by server + our $IP; # IP address of sender + our $CN; # common name of sender + my $cn_db = $DBH->quote($CN); + + # variables defined by server + my $client_type = "s"; # incoming client MUST be sender + my $client_type_db = $DBH->quote($client_type); + my $valid = "t"; # registered sender has valid events + my $valid_db = $DBH->quote($valid); + my $received = DateTime->now; # time of event delivery (UTC) + my $received_db = $DBH->quote($received); + + # parse object (event) parameters + my $service = $data->{'SERVICE'}; + my $service_db = $DBH->quote($service); + my $detected = $data->{'DETECTED'}; + my $detected_db = $DBH->quote($detected); + my $type = $data->{'TYPE'}; + my $type_db = $DBH->quote($type); + my $source_type = $data->{'SOURCE_TYPE'}; + my $source_type_db = $DBH->quote($source_type); + my $source = $data->{'SOURCE'}; + my $source_db = $DBH->quote($source); + my $target_proto = $data->{'TARGET_PROTO'}; + my $target_proto_db = $DBH->quote($target_proto); + my $target_port = $data->{'TARGET_PORT'}; + my $target_port_db = $DBH->quote($target_port); + my $attack_scale = $data->{'ATTACK_SCALE'}; + my $attack_scale_db = $DBH->quote($attack_scale); + my $note = $data->{'NOTE'}; + my $note_db = $DBH->quote($note); + my $priority = $data->{'PRIORITY'}; + my $priority_db = $DBH->quote($priority); + my $timeout = $data->{'TIMEOUT'}; + my $timeout_db = $DBH->quote($timeout); + + # Authorization of incomming client + #----------------------------------------------------------------------------- + + # obtain cidr based on rigth common name, service and client_type + $sth = $DBH->prepare("SELECT ip_net_client FROM clients WHERE hostname = $cn_db AND service = $service_db AND client_type = $client_type_db;"); + if ( !defined $sth ) {die("Cannot prepare authorization statement in saveNewEvent: $DBI::errstr\n")} + $sth->execute; + my $cidr = $sth->fetchrow(); + + # check if client is registered + if (!defined $cidr) { + write2log ("err", "Unauthorized access to saveNewEvent from: $IP ($CN) - client is not registered"); + die("Access denied - client is not registered at warden server!"); + } else { + $cidr_list = Net::CIDR::Lite + -> new + -> add($cidr); + } + + # check if client has IP from registered CIDR + if (!$cidr_list->bin_find($IP)) { + write2log ("err", "Unauthorized access to saveNewEvent from: $IP ($CN) - access from bad subnet: $cidr"); + die("Access denied - access from bad subnet!"); + } else { + + # insert new event + $DBH->do("INSERT INTO events VALUES (null,$cn_db,$service_db,$detected_db,$received_db,$type_db,$source_type_db,$source_db,$target_proto_db,$target_port_db,$attack_scale_db,$note_db,$priority_db,$timeout_db,$valid_db);"); + if ($DBH->err()) {die("Cannot do insert statement in saveNewEvent: $DBI::errstr\n")} + $DBH->commit(); + + # log last inserted ID + $sth = $DBH->prepare("SELECT last_insert_rowid();"); + if ( !defined $sth ) {die("Cannot prepare last ID statement in saveNewEvent: $DBI::errstr\n")} + $sth->execute; + my $id= $sth->fetchrow(); + write2log ("info", "Stored new event (#$id) from $IP ($CN)"); + + if (! defined $id) { + write2log ("err", "Event from $IP ($CN) was not save: INSERT INTO events VALUES (null,$cn_db,$service_db,$detected_db,$received_db,$type_db,$source_type_db,$source_db,$target_proto_db,$target_port_db,$attack_scale_db,$note_db,$priority_db,$timeout_db,$valid_db);"); + die("Event was not save at warden server - database return empty ID!"); + } else { + return 1; + } + } +} # END of saveNewEvent + + +#----------------------------------------------------------------------------- +# getNewEvents - get new events from the DB greater than received ID +#----------------------------------------------------------------------------- +sub getNewEvents +{ + my ($class, $data) = @_; + my ($sth, @events, $event, @ids); + my ($id, $hostname, $service, $detected, $type, $source_type, $source, $target_proto, $target_port, $attack_scale, $note, $priority, $timeout); + + # variables defined by server + our $IP; # IP address of sender + our $CN; # common name of sender + my $cn_db = $DBH->quote($CN); + my $client_type = "r"; # incoming client MUST be sender + my $client_type_db = $DBH->quote($client_type); + my $cidr_list; + + # parse SOAP data object + my $requested_type = $data->{'REQUESTED_TYPE'}; + my $requested_type_db = $DBH->quote($requested_type); + my $last_id = $data->{'LAST_ID'}; + my $last_id_db = $DBH->quote($last_id); + + # Authorization of incomming client + #----------------------------------------------------------------------------- + + # obtain cidr based on rigth common name, service and client_type + $sth = $DBH->prepare("SELECT receive_own_events, ip_net_client FROM clients WHERE hostname = $cn_db AND type = $requested_type_db AND client_type = $client_type_db;"); + if ( !defined $sth ) {die("Cannot prepare authorization statement in getNewEvents: $DBI::errstr\n")} + $sth->execute; + my ($receive_own_events, $cidr) = $sth->fetchrow(); + + # check if client is registered + if (!defined $cidr) { + write2log ("err", "Unauthorized access to getNewEvents from: $IP ($CN) - client is not registered"); + die("Access denied - client is not registered at warden server!"); + } else { + $cidr_list = Net::CIDR::Lite + -> new + -> add($cidr); + } + + # check if client has IP from registered CIDR + if (!$cidr_list->bin_find($IP)) { + write2log ("err", "Unauthorized access to getNewEvents from: $IP ($CN) - access from bad subnet: $cidr"); + die("Access denied - access from bad subnet!"); + } else { + + # check if client want your own events or not + if ($receive_own_events eq 't') { + $sth = $DBH->prepare("SELECT * FROM events WHERE id > $last_id_db AND type = $requested_type_db AND valid = 't' ORDER BY id ASC;"); + } else { + my ($domain) = $CN =~ /([^\.]+\.[^\.]+)$/; + my $domain_db = $DBH->quote("%$domain"); + $sth = $DBH->prepare("SELECT * FROM events WHERE id > $last_id_db AND type = $requested_type_db AND valid = 't' AND hostname NOT LIKE $domain_db ORDER BY id ASC;"); + } + if ( !defined $sth ) { die("Cannot prepare statement in getNewEvents: $DBI::errstr\n") } + $sth->execute; + + # parse items of events stored in DB + while (my @result = $sth->fetchrow()) { + $id = $result[0]; + $hostname = $result[1]; + $service = $result[2]; + $detected = $result[3]; + $type = $result[5]; + $source_type = $result[6]; + $source = $result[7]; + $target_proto = $result[8]; + $target_port = $result[9]; + $attack_scale = $result[10]; + $note = $result[11]; + $priority = $result[12]; + $timeout = $result[13]; + + # create SOAP data object + $event = SOAP::Data->name(event => \SOAP::Data->value( + SOAP::Data->name(ID => $id), + SOAP::Data->name(HOSTNAME => $hostname), + SOAP::Data->name(SERVICE => $service), + SOAP::Data->name(DETECTED => $detected), + SOAP::Data->name(TYPE => $type), + SOAP::Data->name(SOURCE_TYPE => $source_type), + SOAP::Data->name(SOURCE => $source), + SOAP::Data->name(TARGET_PROTO => $target_proto), + SOAP::Data->name(TARGET_PORT => $target_port), + SOAP::Data->name(ATTACK_SCALE => $attack_scale), + SOAP::Data->name(NOTE => $note), + SOAP::Data->name(PRIORITY => $priority), + SOAP::Data->name(TIMEOUT => $timeout) + )); + push(@events, $event); + push(@ids, $id); + } + + # log sent ID of events + if (scalar(@events)!=0) { + write2log("info", "Sent events with ID: [@ids] to $IP ($CN)"); + } + return @events; + } +} # END of getNewEvents + + +#----------------------------------------------------------------------------- +# getLastId - get lastest saved event ID +#----------------------------------------------------------------------------- +sub getLastId +{ + my ($class, $arg) = @_; + + my $sth = $DBH->prepare("SELECT max(id) FROM events;"); + if ( !defined $sth ) { die("Cannot prepare statement in getLastId: $DBI::errstr\n") } + $sth->execute; + my $result = $sth->fetchrow(); + return $result; +} # END of getLastID + + +#----------------------------------------------------------------------------- +# registerSender - register new sender +#----------------------------------------------------------------------------- +sub registerSender +{ + my ($class, $data) = @_; + + my $sth; + our $IP; + our $LOCAL_IP; + our $CN; + + if ($LOCAL_IP ne $IP) { + write2log ("err", "Unauthorized access to registerSender from: $IP ($CN) - access allowed only from localhost"); + die("Access denied - access allowed only from localhost!"); + } else { + # defined variables by server + my $client_type = "s"; + my $client_type_db = $DBH->quote($client_type); + my $registered = DateTime->now; + my $registered_db = $DBH->quote($registered); + my $type = "null"; + my $type_db = $DBH->quote($type); + my $receive_own_events = "null"; + my $receive_own_events_db = $DBH->quote($receive_own_events); + + # parse SOAP data oject + my $hostname = $data->{'HOSTNAME'}; + my $hostname_db = $DBH->quote($hostname); + my $requestor = $data->{'REQUESTOR'}; + my $requestor_db = $DBH->quote($requestor); + my $service = $data->{'SERVICE'}; + my $service_db = $DBH->quote($service); + my $description_tags = $data->{'DESCRIPTION_TAGS'}; + my $description_tags_db = $DBH->quote($description_tags); + my $ip_net_client = $data->{'IP_NET_CLIENT'}; + my $ip_net_client_db = $DBH->quote($ip_net_client); + + # check if sender has been already registered + $sth = $DBH->prepare("SELECT registered FROM clients WHERE hostname = $hostname_db AND requestor = $requestor_db AND service = $service_db AND client_type = $client_type_db AND type = $type_db AND receive_own_events = $receive_own_events_db AND description_tags = $description_tags_db AND ip_net_client = $ip_net_client_db;"); + if ( !defined $sth ) {die("Cannot prepare check statement in registerSender: $DBI::errstr\n")} + $sth->execute; + my $result = $sth->fetchrow(); + + # register new sender + if (defined $result) { + write2log ("err", "Attempt to re-register the sender"); + die("Error - sender has already been registered at $result"); + } else { + $DBH->do("INSERT INTO clients VALUES (null,$hostname_db,$registered_db,$requestor_db,$service_db,$client_type_db,$type_db,$receive_own_events_db,$description_tags_db,$ip_net_client_db);"); + if ($DBH->err()) {die("Cannot do statement in registerSender: $DBI::errstr\n")} + $DBH->commit(); + write2log("info", "New sender $hostname (service: $service, cidr: $ip_net_client) was registered"); + return 1; + } + } +} # END of registerSender + + +#----------------------------------------------------------------------------- +# registerReceiver - register new receiver +#----------------------------------------------------------------------------- +sub registerReceiver +{ + my ($class, $data) = @_; + + my $sth; + our $IP; + our $LOCAL_IP; + our $CN; + + if ($LOCAL_IP ne $IP) { + write2log ("err", "Unauthorized access to registerReceiver from: $IP ($CN) - access allowed only from localhost"); + die("Access denied - access allowed only from localhost!"); + } else { + # variables defined by server + my $client_type = "r"; + my $client_type_db = $DBH->quote($client_type); + my $registered = DateTime->now; + my $registered_db = $DBH->quote($registered); + my $service = "null"; + my $service_db = $DBH->quote($service); + my $description_tags = "null"; + my $description_tags_db = $DBH->quote($description_tags); + + # parse SOAP data oject + my $hostname = $data->{'HOSTNAME'}; + my $hostname_db = $DBH->quote($hostname); + my $requestor = $data->{'REQUESTOR'}; + my $requestor_db = $DBH->quote($requestor); + my $type = $data->{'TYPE'}; + my $type_db = $DBH->quote($type); + my $receive_own_events = $data->{'RECEIVE_OWN_EVENTS'}; + my $receive_own_events_db = $DBH->quote($receive_own_events); + my $ip_net_client = $data->{'IP_NET_CLIENT'}; + my $ip_net_client_db = $DBH->quote($ip_net_client); + + # check if receiver has been already registered + $sth = $DBH->prepare("SELECT registered FROM clients WHERE hostname = $hostname_db AND requestor = $requestor_db AND service = $service_db AND client_type = $client_type_db AND type = $type_db AND receive_own_events = $receive_own_events_db AND description_tags = $description_tags_db AND ip_net_client = $ip_net_client_db;"); + if ( !defined $sth ) {die("Cannot prepare check statement in registerReceiver: $DBI::errstr\n")} + $sth->execute; + my $result = $sth->fetchrow(); + + # register new receiver + if (defined $result) { + write2log ("err", "Attempt to re-register the receiver"); + die("Error - receiver has already been registered at $result"); + } else { + $DBH->do("INSERT INTO clients VALUES (null,$hostname_db,$registered_db,$requestor_db,$service_db,$client_type_db,$type_db,$receive_own_events_db,$description_tags_db,$ip_net_client_db);"); + if ($DBH->err()) {die("Cannot do statement in registerReceiver: $DBI::errstr\n")} + $DBH->commit(); + write2log("info", "New receiver $hostname (type: $type, cidr: $ip_net_client: receive_own_events: $receive_own_events) was registered"); + return 1; + } + } +} # END of registerReceiver + + +#----------------------------------------------------------------------------- +# unregisterClient - unregister client +#----------------------------------------------------------------------------- +sub unregisterClient +{ + my ($class, $data) = @_; + + my $sth; + our $IP; + our $LOCAL_IP; + our $CN; + + if ($LOCAL_IP ne $IP) { + write2log ("err", "Unauthorized access to unregisterClients from: $IP ($CN) - access allowed only from localhost"); + die("Access denied - access allowed only from localhost!"); + } else { + # parse SOAP data oject + my $client_id = $data->{'CLIENT_ID'}; + my $client_id_db = $DBH->quote($client_id); + + # check if receiver has been already registered + $sth = $DBH->prepare("SELECT client_id, hostname, service, client_type FROM clients WHERE client_id = $client_id_db;"); + if ( !defined $sth ) {die("Cannot prepare check statement in unregisterClient: $DBI::errstr\n")} + $sth->execute; + my ($id, $hostname, $service, $client_type) = $sth->fetchrow(); + my $hostname_db = $DBH->quote($hostname); + my $service_db = $DBH->quote($service); + + # delete registered client + if (!defined $id) { + write2log ("err", "Attempt to delete unregister client"); + die("Error - client (#$client_id) is not registered"); + } else { + if ($client_type eq 's') { + $DBH->do("DELETE FROM clients WHERE client_id = $client_id_db;"); + if ($DBH->err()) {die("Cannot do delete statement of sender in unregisterClient: $DBI::errstr\n")} + $DBH->commit(); + + $DBH->do("UPDATE events SET valid = 'f' where hostname = $hostname_db AND service = $service_db;"); + if ($DBH->err()) {die("Cannot do unvalidation statement in unregisterClient: $DBI::errstr\n")} + $DBH->commit(); + + write2log("info", "Sender $hostname (client_id: $client_id, service: $service) was deleted and its data were invalidated" ); + return 1; + } else { + $DBH->do("DELETE FROM clients WHERE client_id = $client_id_db;"); + if ($DBH->err()) {die("Cannot do delete statement of receiver in unregisterClient: $DBI::errstr\n")} + $DBH->commit(); + write2log("info", "Receiver $hostname (client_id: $client_id) was deleted" ); + return 1; + } + } + } +} # END of unregisterClient + + +#----------------------------------------------------------------------------- +# getClients - get list of clients which were registered at warden server +#----------------------------------------------------------------------------- +sub getClients +{ + my ($class, $arg) = @_; + + our $IP; + our $LOCAL_IP; + our $CN; + + if ($LOCAL_IP ne $IP) { + write2log ("err", "Unauthorized access to getClients from: $IP ($CN) - access allowed only from localhost"); + die("Access denied - access allowed only from localhost!"); + } else { + my (@clients, $client); + my ($client_id, $hostname, $registered, $requestor, $service, $client_type, $type, $receive_own_events, $description_tags, $ip_net_client); + my $sth = $DBH->prepare("SELECT * FROM clients;"); + if (!defined $sth) { die("Cannot prepare statement in getClients: $DBI::errstr\n") } + $sth->execute; + + while ( my @result = $sth->fetchrow() ) { + $client_id = $result[0]; + $hostname = $result[1]; + $registered = $result[2]; + $requestor = $result[3]; + $service = $result[4]; + $client_type = $result[5]; + $type = $result[6]; + $receive_own_events = $result[7]; + $description_tags = $result[8]; + $ip_net_client = $result[9]; + + $client = SOAP::Data->name(client => \SOAP::Data->value( + SOAP::Data->name(CLIENT_ID => $client_id), + SOAP::Data->name(HOSTNAME => $hostname), + SOAP::Data->name(REGISTERED => $registered), + SOAP::Data->name(REQUESTOR => $requestor), + SOAP::Data->name(SERVICE => $service), + SOAP::Data->name(CLIENT_TYPE => $client_type), + SOAP::Data->name(TYPE => $type), + SOAP::Data->name(RECEIVE_OWN_EVENTS => $receive_own_events), + SOAP::Data->name(DESCRIPTION_TAGS => $description_tags), + SOAP::Data->name(IP_NET_CLIENT => $ip_net_client), + )); + push(@clients, $client); + } + my $sum = scalar @clients; + write2log("info", "Sending information about $sum registered clients"); + return @clients; + } +} # END of getClients + + +#----------------------------------------------------------------------------- +# getStatus - get list of status items of warden server +#----------------------------------------------------------------------------- +sub getStatus +{ + my ($class, $arg) = @_; + + our $IP; + our $LOCAL_IP; + our $CN; + + if ($LOCAL_IP ne $IP) { + write2log ("err", "Unauthorized access to getStatus from: $IP ($CN) - access allowed only from localhost"); + die("Access denied - access allowed only from localhost!"); + } else { + my ($sth, @status); + + # size of database events + my $db_size = Format::Human::Bytes::base10(-s $db); + + # sum of records in table events + $sth = $DBH->prepare("SELECT count(*) FROM events;"); + if (!defined $sth) { die("Cannot prepare statement in getStatus: $DBI::errstr\n") } + $sth->execute; + my $events_sum = $sth->fetchrow(); + if (!defined $events_sum) { $events_sum = "none" } + + # id of last record in table events + $sth = $DBH->prepare("SELECT max(id) FROM events;"); + if (!defined $sth) { die("Cannot prepare statement in getStatus: $DBI::errstr\n") } + $sth->execute; + my $events_last_id = $sth->fetchrow(); + if (!defined $events_last_id) { $events_last_id = "none" } + + # timestamp of first record in table events + $sth = $DBH->prepare("SELECT received FROM events WHERE id = (SELECT min(id) FROM events);"); + if (!defined $sth) { die("Cannot prepare statement in getStatus: $DBI::errstr\n") } + $sth->execute; + my $events_first_timestamp = $sth->fetchrow(); + if (!defined $events_first_timestamp) { $events_first_timestamp = "none" } + + # timestamp of last record in table events + $sth = $DBH->prepare("SELECT received FROM events WHERE id = (SELECT max(id) FROM events);"); + if (!defined $sth) { die("Cannot prepare statement in getStatus: $DBI::errstr\n") } + $sth->execute; + my $events_last_timestamp = $sth->fetchrow(); + if (!defined $events_last_timestamp) { $events_last_timestamp = "none" } + + # sum of records in table clients + $sth = $DBH->prepare("SELECT count(*) FROM clients;"); + if (!defined $sth) { die("Cannot prepare statement in getStatus: $DBI::errstr\n") } + $sth->execute; + my $clients_sum = $sth->fetchrow(); + if (!defined $clients_sum) { $clients_sum = "none" } + + my $server_status = SOAP::Data->name(server_status => \SOAP::Data->value( + SOAP::Data->name(DB_SIZE => $db_size), + SOAP::Data->name(EVENTS_SUM => $events_sum), + SOAP::Data->name(EVENTS_LAST_ID => $events_last_id), + SOAP::Data->name(EVENTS_FIRST_TIMESTAMP => $events_first_timestamp), + SOAP::Data->name(EVENTS_LAST_TIMESTAMP => $events_last_timestamp), + SOAP::Data->name(CLIENTS_SUM => $clients_sum), + )); + push(@status, $server_status); + + # statistics of senders + if ($clients_sum != 0) { + $sth = $DBH->prepare("SELECT client_id, hostname, service FROM clients WHERE client_type = 's';"); + if (!defined $sth) { die("Cannot prepare statement in getStatus: $DBI::errstr\n") } + $sth->execute; + my ($client_id, $hostname, $service); + my $client_status; + while(($client_id, $hostname, $service) = $sth->fetchrow()) { + my $hostname_db = $DBH->quote($hostname); + my $service_db = $DBH->quote($service); + my $sth2; + # sum of stored events + $sth2 = $DBH->prepare("SELECT count(*) FROM events WHERE hostname = $hostname_db AND service = $service_db;"); + if ( !defined $sth2 ) { die("Cannot prepare statement in getStatus: $DBI::errstr\n") } + $sth2->execute; + my $count = $sth2->fetchrow(); + if (!defined $count) {$count = "none"} + # timestamp of last stored event + $sth2 = $DBH->prepare("SELECT max(received) FROM events WHERE hostname = $hostname_db AND service = $service_db;"); + if ( !defined $sth2 ) { die("Cannot prepare statement in getStatus: $DBI::errstr\n") } + $sth2->execute; + my $timestamp = $sth2->fetchrow(); + if (!defined $timestamp) { $timestamp = "none" } + # create SOAP data object + $client_status = SOAP::Data->name(client_status => \SOAP::Data->value( + SOAP::Data->name(CLIENT_ID => $client_id), + SOAP::Data->name(HOSTNAME => $hostname), + SOAP::Data->name(SERVICE => $service), + SOAP::Data->name(COUNT => $count), + SOAP::Data->name(TIMESTAMP => $timestamp), + )); + push(@status, $client_status); + } + } + write2log("info", "Sent of warden server status info"); + return @status; + } +} # END of getStatus + + + +################################################################################ +# MAIN warden-server +################################################################################ + +#------------------------------------------------------------------------------- +# Superuser controle +#------------------------------------------------------------------------------- +my $UID = $<; +if ($UID != 0) { + die errMsg("You must be root for running this script!") +} + +#------------------------------------------------------------------------------- +# Daemonize section +#------------------------------------------------------------------------------- +use POSIX qw(setsid); +chdir '/'; +umask 0; +# all stderr messages are situated in warden-server-error.log +#open STDERR, '/dev/null' or die errMsg("Can't write to /dev/null: $!"); +open STDIN, '/dev/null' or die errMsg("Can't read /dev/null: $!"); +open STDOUT, '/dev/null' or die errMsg("Can't write to /dev/null: $!"); +defined( my $pid = fork ) or die errMsg("Can't fork: $!"); +exit if $pid; + +#------------------------------------------------------------------------------- +# Dissociate this process from the controlling terminal +# that started it and stop being part of whatever +# process group this process was a part of. +#------------------------------------------------------------------------------ +POSIX::setsid() or die errMsg("Can't start a new session."); + +#------------------------------------------------------------------------------- +# Callback signal handler for signals. +#------------------------------------------------------------------------------- +$SIG{INT} = $SIG{TERM} = $SIG{HUP} = \&signalHandler; +$SIG{PIPE} = 'ignore'; + +#------------------------------------------------------------------------------- +# Create pid file in /var/run/ +#------------------------------------------------------------------------------- +my $pfh = File::Pid->new( { file => $pid_file, } ); +$pfh->write or die errMsg("Can't write PID file $pid_file: $!"); +my $pid_number = $pfh->pid; + +#------------------------------------------------------------------------------- +# Starting of Warden server +#------------------------------------------------------------------------------- +write2log("info", "Starting WARDEN server daemon with pid $pid_number"); + +# log of warden database size +my $db_size = Format::Human::Bytes::base10(-s $db); +write2log("info", "Size of DB file ($db_file) is: $db_size"); + +# start TCP server +my $server = SOAP::Transport::TCP::Server + ->new( + Listen => 5, + LocalAddr => $ADDRESS, + LocalPort => $PORT, + Proto => "tcp", + ReuseAddr => 1, + SSL_verify_mode => 0x03, + SSL_use_cert => 1, + SSL_server => 1, + SSL_key_file => $SSL_KEY_FILE, + SSL_cert_file => $SSL_CERT_FILE, + SSL_ca_file => $SSL_CA_FILE, + SSL_error_trap =>\&sslErrorHandler, + ); + +# check if socket exist +$server or die errMsg("Socket error: $!"); + +# start SOAP server +my $soap = SOAP::Server + ->new() + ->dispatch_to('Warden'); + +write2log("info", "Starting TCP and SOAP server at $ADDRESS:$PORT"); + +#------------------------------------------------------------------------------- +# Process of incoming client's requests and send response +#------------------------------------------------------------------------------- +while ($die_now != 1) +{ + my $socket = $server->accept(); + next if (!$socket); + our $CN = $socket->peer_certificate("cn"); + our $IP = $socket->peerhost; + our $LOCAL_IP = $socket->sockhost; + + # read input serialized SOAP envelope and data + my ($request, $buf); + while (defined($buf = <$socket>)) + { + $request .= $buf; + } + + # handle of called server function from client and send response to client + my $response = $soap->handle($request); + print $socket $response; + + $socket->close; + undef($socket); + undef($CN); +} + + + +################################################################################ +# Cleanup section +################################################################################ +END { + if ($die_now == 1) + { + my $pid = trim(`cat $pid_file`); + write2log("info", "Stopping WARDEN server daemon with pid $pid"); + + # close connection to DB + $DBH->disconnect(); + + # remove pid file + $pfh->remove if defined $pfh; + } +} diff --git a/src/warden-server/bin/wardend b/src/warden-server/bin/wardend new file mode 100755 index 0000000..2c9ddb2 --- /dev/null +++ b/src/warden-server/bin/wardend @@ -0,0 +1,127 @@ +#!/bin/bash +# +# wardend +# +# Copyright (C) 2011 Cesnet z.s.p.o +# Author(s): Tomas PLESNIK <plesnik@ics.muni.cz> +# Jan SOUKAL <soukal@ics.muni.cz> +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# 3. Neither the name of the Cesnet z.s.p.o nor the names of its +# contributors may be used to endorse or promote products derived from +# this software without specific prior written permission. +# +# This software is provided ``as is'', and any express or implied +# warranties, including, but not limited to, the implied warranties of +# merchantability and fitness for a particular purpose are disclaimed. +# In no event shall the Masaryk University or contributors be liable for +# any direct, indirect, incidental, special, exemplary, or consequential +# damages (including, but not limited to, procurement of substitute +# goods or services; loss of use, data, or profits; or business +# interruption) however caused and on any theory of liability, whether +# in contract, strict liability, or tort (including negligence or +# otherwise) arising in any way out of the use of this software, even +# if advised of the possibility of such damage. + + +WARDEN="/opt/warden-server/bin/warden-server.pl" +PID_FILE="/var/run/warden-server.pl.pid" +LOCK_FILE="/var/lock/warden-server" +SCRIPTNAME=`basename "$0"` + +if [ $UID -ne 0 ]; then + echo "You must be root for runnnig this script!" + exit 1 +fi + +if [ -z $WARDEN ]; then + echo "Sorry, but warden-server.pl does not exist!" + exit 1 +fi + +check_status() { + TRUE=1 + FALSE=0 + /bin/ps axo pid,comm | grep -q "warden-server*"; RET_VAL=`echo $?` + if [ $RET_VAL -eq 0 ]; then + STATUS=1 # true - warden is running + else + STATUS=0 # false - warden is not running + fi +} + +get_pid() { + PID=`ps axo pid,comm | grep "warden-server*" | sed 's/^ \{1,4\}//g' | cut -f 1 -d " "` + return $PID +} + +case $1 in + status) + check_status + if [ $STATUS -eq 1 ]; then + get_pid PID + echo "Warden daemon is running (pid $PID)." + else + echo "Warden daemon is NOT running." + fi + ;; + start) + check_status + if [ $STATUS -eq 1 ]; then + get_pid PID + echo "Warden daemon is running (pid $PID)." + else + echo "Starting Warden server daemon ..." + $WARDEN + touch $LOCK_FILE + fi + ;; + stop) + check_status + if [ $STATUS -eq 1 ]; then + echo "Stoping Warden server daemon ..." + if [ -e $PID_FILE ]; then + PID=`cat $PID_FILE` + kill -1 $PID + rm -f $LOCK_FILE + else + echo "Unable to stop Warden server daemon. Try to use: $SCRIPTNAME force-stop" + fi + else + echo "Warden daemon is NOT running." + fi + ;; + force-stop) + check_status + if [ $STATUS -eq 1 ]; then + echo "Force stoping Warden server daemon ..." + get_pid PID + kill -9 $PID + if [ -e $PID_FILE ]; then + rm -f $PID_FILE + fi + rm -f $LOCK_FILE + else + echo "Warden daemon is NOT running." + fi + ;; + restart) + $0 stop + $0 start + ;; + *) + # Display usage of this script + echo "Usage: $0 [start|stop|status|restart|force-stop]" + exit 1 + ;; +esac + +exit 0 diff --git a/src/warden-server/etc/warden-client.conf b/src/warden-server/etc/warden-client.conf new file mode 100644 index 0000000..1816343 --- /dev/null +++ b/src/warden-server/etc/warden-client.conf @@ -0,0 +1,23 @@ +# +# warden-client.conf - configuration file for registration and status clients +# + +#------------------------------------------------------------------------------- +# URI - URI address of Warden server +#------------------------------------------------------------------------------- +$URI = "https://warden-dev.cesnet.cz:443/Warden"; + +#------------------------------------------------------------------------------- +# SSL_KEY_FILE - path to server SSL certificate key file +#------------------------------------------------------------------------------- +$SSL_KEY_FILE = "/etc/ssl/private/warden-dev.cesnet.cz.key"; + +#------------------------------------------------------------------------------- +# SSL_CERT_FILE - path toserver SSL certificate file +#------------------------------------------------------------------------------- +$SSL_CERT_FILE = "/etc/ssl/certs/warden-dev.cesnet.cz.pem"; + +#------------------------------------------------------------------------------- +# SSL_CA_FILE - path to CA certificate file +#------------------------------------------------------------------------------- +$SSL_CA_FILE = "/etc/ssl/certs/tcs-ca-bundle.pem"; diff --git a/src/warden-server/etc/warden-server.conf b/src/warden-server/etc/warden-server.conf new file mode 100644 index 0000000..48fba30 --- /dev/null +++ b/src/warden-server/etc/warden-server.conf @@ -0,0 +1,53 @@ +# +# warden-server.conf - configuration file for Warden server +# + +#------------------------------------------------------------------------------- +# ADDRESS - IP address of warden server +#------------------------------------------------------------------------------- +$ADDRESS = "warden-dev.cesnet.cz"; + +#------------------------------------------------------------------------------- +# PORT - used TCP port for Warden server +#------------------------------------------------------------------------------- +$PORT = "443"; + +#------------------------------------------------------------------------------- +# BASEDIR - base directory of Warden server +#------------------------------------------------------------------------------- +$BASEDIR = "/opt/warden-server"; + +#------------------------------------------------------------------------------- +# VARDIR - var directory +#------------------------------------------------------------------------------- +$VARDIR = "$BASEDIR/var/"; + +#------------------------------------------------------------------------------- +# LOGDIR - logging directory +#------------------------------------------------------------------------------- +$LOGDIR = "/var/log/"; + +#------------------------------------------------------------------------------- +# PIDDIR - process ID directory +#------------------------------------------------------------------------------- +$PIDDIR = "/var/run/"; + +#------------------------------------------------------------------------------- +# SSL_KEY_FILE - path to server SSL certificate key file +#------------------------------------------------------------------------------- +$SSL_KEY_FILE = "/etc/ssl/private/warden-dev.cesnet.cz.key"; + +#------------------------------------------------------------------------------- +# SSL_CERT_FILE - path to server SSL certificate file +#------------------------------------------------------------------------------- +$SSL_CERT_FILE = "/etc/ssl/certs/warden-dev.cesnet.cz.pem"; + +#------------------------------------------------------------------------------- +# SSL_CA_FILE - path to CA ceritificate file +#------------------------------------------------------------------------------- +$SSL_CA_FILE = "/etc/ssl/certs/tcs-ca-bundle.pem"; + +#------------------------------------------------------------------------------- +# FACILITY - syslog facility +#------------------------------------------------------------------------------- +$FACILITY = "local7"; diff --git a/src/warden-server/lib/WardenConf.pm b/src/warden-server/lib/WardenConf.pm new file mode 100755 index 0000000..4b86eff --- /dev/null +++ b/src/warden-server/lib/WardenConf.pm @@ -0,0 +1,68 @@ +#!/usr/bin/perl -w +# +# WardenConf.pm +# +# Copyright (C) 2011 Cesnet z.s.p.o +# Author(s): Tomas PLESNIK <plesnik@ics.muni.cz> +# Jan SOUKAL <soukal@ics.muni.cz> +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# 3. Neither the name of the Cesnet z.s.p.o nor the names of its +# contributors may be used to endorse or promote products derived from +# this software without specific prior written permission. +# +# This software is provided ``as is'', and any express or implied +# warranties, including, but not limited to, the implied warranties of +# merchantability and fitness for a particular purpose are disclaimed. +# In no event shall the Masaryk University or contributors be liable for +# any direct, indirect, incidental, special, exemplary, or consequential +# damages (including, but not limited to, procurement of substitute +# goods or services; loss of use, data, or profits; or business +# interruption) however caused and on any theory of liability, whether +# in contract, strict liability, or tort (including negligence or +# otherwise) arising in any way out of the use of this software, even +# if advised of the possibility of such damage. +# + +package WardenConf; + +use strict; + +our $VERSION = 100; + +#------------------------------------------------------------------------------- +# loadConf - load variables from configuration file +#------------------------------------------------------------------------------- +sub loadConf +{ + my $conf_file = shift; + + # preset of default variables + our $URI = undef; + our $SSL_KEY_FILE = undef; + our $SSL_CERT_FILE = undef; + our $SSL_CA_FILE = undef; + + # read config file + if ( ! open( TMP, $conf_file) ) { + die "Can't read config file '$conf_file': $!\n"; + } + close TMP; + + # load set variables by user + if ( !do $conf_file ) { + die("Errors in config file '$conf_file': $@"); + } + + return ($URI, $SSL_KEY_FILE, $SSL_CERT_FILE, $SSL_CA_FILE); + +} # End of loadConf +1; diff --git a/src/warden-server/lib/WardenReg.pm b/src/warden-server/lib/WardenReg.pm new file mode 100755 index 0000000..b32562a --- /dev/null +++ b/src/warden-server/lib/WardenReg.pm @@ -0,0 +1,194 @@ +#!/usr/bin/perl -w +# +# WardenReg.pm +# +# Copyright (C) 2011 Cesnet z.s.p.o +# Author(s): Tomas PLESNIK <plesnik@ics.muni.cz> +# Jan SOUKAL <soukal@ics.muni.cz> +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# 3. Neither the name of the Cesnet z.s.p.o nor the names of its +# contributors may be used to endorse or promote products derived from +# this software without specific prior written permission. +# +# This software is provided ``as is'', and any express or implied +# warranties, including, but not limited to, the implied warranties of +# merchantability and fitness for a particular purpose are disclaimed. +# In no event shall the Masaryk University or contributors be liable for +# any direct, indirect, incidental, special, exemplary, or consequential +# damages (including, but not limited to, procurement of substitute +# goods or services; loss of use, data, or profits; or business +# interruption) however caused and on any theory of liability, whether +# in contract, strict liability, or tort (including negligence or +# otherwise) arising in any way out of the use of this software, even +# if advised of the possibility of such damage. + +package WardenReg; + +use strict; +use SOAP::Lite; +use IO::Socket::SSL qw(debug1); +use SOAP::Transport::TCP; + +our $VERSION = 100; + + +#------------------------------------------------------------------------------- +# errMsg - print error message and die +#------------------------------------------------------------------------------- +sub errMsg +{ + my $msg = shift; + die($msg . "\n"); +} # End of errMsg + + +#------------------------------------------------------------------------------- +# c2s - connect to server, send request and receive response +#------------------------------------------------------------------------------- +sub c2s +{ + my $uri = shift; + my $ssl_key_file = shift; + my $ssl_cert_file = shift; + my $ssl_ca_file = shift; + my $method = shift; + my $data = shift; + + my $client; + my ($server, $port, $service) = $uri =~ /https:\/\/(.+)\:(\d+)\/(.+)/; + if (!($client = SOAP::Transport::TCP::Client->new( + PeerAddr => $server, + PeerPort => $port, + Proto => 'tcp', + SSL_use_cert => 1, + SSL_verify_mode => 0x02, + SSL_key_file => $ssl_key_file, + SSL_cert_file => $ssl_cert_file, + SSL_ca_file => $ssl_ca_file, + ))) {errMsg("Sorry, unable to create socket: " . &SOAP::Transport::TCP::Client::errstr)} + + # setting of URI and serialize SOAP envelope and data object + my $soap = SOAP::Lite->uri($uri); + my $envelope = $soap->serializer->envelope(method => $method, $data); + + # setting of TCP URI and send serialized SOAP envelope and data + my $tcp_uri = "tcp://$server:$port/$service"; + my $result = $client->send_receive(envelope => $envelope, endpoint => $tcp_uri); + + # check server response + if (!defined $result) { + errMsg("Error: server returned empty response. Probably problem with used SSL ceritificates."); + } else { + # deserialized response from server -> create SOAP envelope and data object + my $response = $soap->deserializer->deserialize($result); + # check SOAP fault status + $response->fault ? errMsg("Server sent error message:: " . $response->faultstring) : return 1; + } +} + +#------------------------------------------------------------------------------- +# registerSender - register new warden sender +#------------------------------------------------------------------------------- +sub registerSender +{ + my $warden_path = shift; + my $hostname = shift; + my $requestor = shift; + my $service = shift; + my $description_tags = shift; + my $ip_net_client = shift; + + my $etcdir = $warden_path . "/etc/"; + my $libdir = $warden_path . "/lib/"; + + # read the config file + require $libdir . "WardenConf.pm"; + my $conf_file = $etcdir . "warden-client.conf"; + my ($uri, $ssl_key_file, $ssl_cert_file, $ssl_ca_file) = WardenConf::loadConf($conf_file); + + # create SOAP data obejct + my $data = SOAP::Data->name(client => \SOAP::Data->value( + SOAP::Data->name(HOSTNAME => $hostname), + SOAP::Data->name(REQUESTOR => $requestor), + SOAP::Data->name(SERVICE => $service), + SOAP::Data->name(DESCRIPTION_TAGS => $description_tags), + SOAP::Data->name(IP_NET_CLIENT => $ip_net_client) + )); + + my $result = c2s($uri, $ssl_key_file, $ssl_cert_file, $ssl_ca_file, "registerSender", $data); + $result ? return 1 : return 0; + +} # End of registerSender + + +#------------------------------------------------------------------------------- +# registerReceiver - register new warden receiver +#------------------------------------------------------------------------------- +sub registerReceiver +{ + my $warden_path = shift; + my $hostname = shift; + my $requestor = shift; + my $type = shift; + my $receive_own_events = shift; + my $ip_net_client = shift; + + my $etcdir = $warden_path . "/etc/"; + my $libdir = $warden_path . "/lib/"; + + # read the config file + require $libdir . "WardenConf.pm"; + my $conf_file = $etcdir . "warden-client.conf"; + my ($uri, $ssl_key_file, $ssl_cert_file, $ssl_ca_file) = WardenConf::loadConf($conf_file); + + # create SOAP data obejct + my $data = SOAP::Data->name(client => \SOAP::Data->value( + SOAP::Data->name(HOSTNAME => $hostname), + SOAP::Data->name(REQUESTOR => $requestor), + SOAP::Data->name(TYPE => $type), + SOAP::Data->name(RECEIVE_OWN_EVENTS => $receive_own_events), + SOAP::Data->name(IP_NET_CLIENT => $ip_net_client) + )); + + my $result = c2s($uri, $ssl_key_file, $ssl_cert_file, $ssl_ca_file, "registerReceiver", $data); + $result ? return 1 : return 0; + +} # End of registerReceiver + + +#------------------------------------------------------------------------------- +# unregisterClient - unregister client from warden server +#------------------------------------------------------------------------------- +sub unregisterClient +{ + my $warden_path = shift; + my $client_id = shift; + + my $etcdir = $warden_path . "/etc/"; + my $libdir = $warden_path . "/lib/"; + + # read the config file + require $libdir . "WardenConf.pm"; + my $conf_file = $etcdir . "warden-client.conf"; + my ($uri, $ssl_key_file, $ssl_cert_file, $ssl_ca_file) = WardenConf::loadConf($conf_file); + + # create SOAP data obejct + my $data = SOAP::Data->name(client => \SOAP::Data->value( + SOAP::Data->name(CLIENT_ID => $client_id) + )); + + my $result = c2s($uri, $ssl_key_file, $ssl_cert_file, $ssl_ca_file, "unregisterClient", $data); + $result ? return 1 : return 0; + +} # End of unregisterClient + +1; diff --git a/src/warden-server/lib/WardenStatus.pm b/src/warden-server/lib/WardenStatus.pm new file mode 100755 index 0000000..4406767 --- /dev/null +++ b/src/warden-server/lib/WardenStatus.pm @@ -0,0 +1,203 @@ +#!/usr/bin/perl -w +# +# WardenStatus.pm +# +# Copyright (C) 2011 Cesnet z.s.p.o +# Author(s): Tomas PLESNIK <plesnik@ics.muni.cz> +# Jan SOUKAL <soukal@ics.muni.cz> +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# 3. Neither the name of the Cesnet z.s.p.o nor the names of its +# contributors may be used to endorse or promote products derived from +# this software without specific prior written permission. +# +# This software is provided ``as is'', and any express or implied +# warranties, including, but not limited to, the implied warranties of +# merchantability and fitness for a particular purpose are disclaimed. +# In no event shall the Masaryk University or contributors be liable for +# any direct, indirect, incidental, special, exemplary, or consequential +# damages (including, but not limited to, procurement of substitute +# goods or services; loss of use, data, or profits; or business +# interruption) however caused and on any theory of liability, whether +# in contract, strict liability, or tort (including negligence or +# otherwise) arising in any way out of the use of this software, even +# if advised of the possibility of such damage. + +package WardenStatus; + +use strict; +use SOAP::Lite; +use IO::Socket::SSL qw(debug1); +use SOAP::Transport::TCP + +our $VERSION = 100; + +#------------------------------------------------------------------------------- +# errMsg - print error message and die +#------------------------------------------------------------------------------- +sub errMsg +{ + my $msg = shift; + die($msg . "\n"); +} # End of errMsg + + +#------------------------------------------------------------------------------- +# c2s - connect to server, send request and receive response +#------------------------------------------------------------------------------- +sub c2s +{ + my $uri = shift; + my $ssl_key_file = shift; + my $ssl_cert_file = shift; + my $ssl_ca_file = shift; + my $method = shift; + + my $client; + my ($server, $port, $service) = $uri =~ /https:\/\/(.+)\:(\d+)\/(.+)/; + if (!($client = SOAP::Transport::TCP::Client->new( + PeerAddr => $server, + PeerPort => $port, + Proto => 'tcp', + SSL_use_cert => 1, + SSL_verify_mode => 0x02, + SSL_key_file => $ssl_key_file, + SSL_cert_file => $ssl_cert_file, + SSL_ca_file => $ssl_ca_file, + ))) {errMsg("Sorry, unable to create socket: " . &SOAP::Transport::TCP::Client::errstr)} + + # setting of URI and serialize SOAP envelope and data object + my $soap = SOAP::Lite->uri($uri); + my $envelope = $soap->serializer->envelope(method => $method); + + # setting of TCP URI and send serialized SOAP envelope and data + my $tcp_uri = "tcp://$server:$port/$service"; + my $result = $client->send_receive(envelope => $envelope, endpoint => $tcp_uri); + + # check server response + if (!defined $result) { + errMsg("Error: server returned empty response. Probably problem with used SSL ceritificates."); + } else { + # deserialized response from server -> create SOAP envelope and data object + my $response = $soap->deserializer->deserialize($result); + # check SOAP fault status + $response->fault ? errMsg("Server sent error message:: " . $response->faultstring) : return $response; + } +} + + +#------------------------------------------------------------------------------- +# getClients - get list of registered clients +#------------------------------------------------------------------------------- +sub getClients +{ + my $warden_path = shift; + + my $etcdir = $warden_path . "/etc/"; + my $libdir = $warden_path . "/lib/"; + + # read the config file + require $libdir . "WardenConf.pm"; + my $conf_file = $etcdir . "warden-client.conf"; + my ($uri, $ssl_key_file, $ssl_cert_file, $ssl_ca_file) = WardenConf::loadConf($conf_file); + + my $response = c2s($uri, $ssl_key_file, $ssl_cert_file, $ssl_ca_file, "getClients"); + # match getClients functions response + $response->match('/Envelope/Body/getClientsResponse/'); + + my $i = 1; + my ($client_id, $hostname, $registered, $requestor, $service, $client_type, $type, $receive_own_events, $description_tags, $ip_net_client); + my @clients; + my $data = $response->valueof("[$i]"); + + # parse returned data object + while (defined $data) { + # inicialization of temporal client array + my @client; + + # parse items of one client + $client_id = $data->{'CLIENT_ID'}; + $hostname = $data->{'HOSTNAME'}; + $registered = $data->{'REGISTERED'}; + $requestor = $data->{'REQUESTOR'}; + $service = $data->{'SERVICE'}; + $client_type = $data->{'CLIENT_TYPE'}; + $type = $data->{'TYPE'}; + $receive_own_events = $data->{'RECEIVE_OWN_EVENTS'}; + $description_tags = $data->{'DESCRIPTION_TAGS'}; + $ip_net_client = $data->{'IP_NET_CLIENT'}; + + # push received clients from warden server into @clients which is returned + @client = ("$client_id", "$hostname", "$registered", "$requestor", "$service", "$client_type", "$type", "$receive_own_events", "$description_tags", "$ip_net_client"); + push (@clients,\@client); + + # go to the next received client + $i++; + $data = $response->valueof("[$i]"); + } + return @clients; +} # End of getClients + + +#------------------------------------------------------------------------------- +# getStatus - get warden server status +#------------------------------------------------------------------------------- +sub getStatus +{ + my $warden_path = shift; + + my $etcdir = $warden_path . "/etc/"; + my $libdir = $warden_path . "/lib/"; + + # read the config file + require $libdir . "WardenConf.pm"; + my $conf_file = $etcdir . "warden-client.conf"; + my ($uri, $ssl_key_file, $ssl_cert_file, $ssl_ca_file) = WardenConf::loadConf($conf_file); + + my $response = c2s($uri, $ssl_key_file, $ssl_cert_file, $ssl_ca_file, "getStatus"); + + # match getStatus functions response + $response->match('/Envelope/Body/getStatusResponse/'); + my @status; + my $i = 1; + + # get first value from SOAP data object + my $data = $response->valueof("[$i]"); + # parse items of server status + my $db_size = $data->{'DB_SIZE'}; + my $events_sum = $data->{'EVENTS_SUM'}; + my $events_last_id = $data->{'EVENTS_LAST_ID'}; + my $events_first_timestamp = $data->{'EVENTS_FIRST_TIMESTAMP'}; + my $events_last_timestamp = $data->{'EVENTS_LAST_TIMESTAMP'}; + my $clients_sum = $data->{'CLIENTS_SUM'}; + my @server_status = ("$db_size", "$events_sum", "$events_last_id", "$events_first_timestamp", "$events_last_timestamp", "$clients_sum"); + push(@status, \@server_status); + + $i++; + $data = $response->valueof("[$i]"); + while (defined $data) { + my @client_status; + # parse SOAP data object + my $client_id = $data->{'CLIENT_ID'}; + my $hostname = $data->{'HOSTNAME'}; + my $service = $data->{'SERVICE'}; + my $count = $data->{'COUNT'}; + my $timestamp = $data->{'TIMESTAMP'}; + @client_status = ("$client_id", "$hostname", "$service", "$count", "$timestamp"); + push(@status, \@client_status); + $i++; + $data = $response->valueof("[$i]"); + } + + return @status; +} # End of getStatus + +1; diff --git a/src/warden-server/sh/create_table-clients.sh b/src/warden-server/sh/create_table-clients.sh new file mode 100755 index 0000000..9c3e1a5 --- /dev/null +++ b/src/warden-server/sh/create_table-clients.sh @@ -0,0 +1,39 @@ +#!/bin/bash +# +# create_table-clients.sh +# +# Copyright (C) 2011 Cesnet z.s.p.o +# Author(s): Tomas PLESNIK <plesnik@ics.muni.cz> +# Jan SOUKAL <soukal@ics.muni.cz> +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# 3. Neither the name of the Cesnet z.s.p.o nor the names of its +# contributors may be used to endorse or promote products derived from +# this software without specific prior written permission. +# +# This software is provided ``as is'', and any express or implied +# warranties, including, but not limited to, the implied warranties of +# merchantability and fitness for a particular purpose are disclaimed. +# In no event shall the Masaryk University or contributors be liable for +# any direct, indirect, incidental, special, exemplary, or consequential +# damages (including, but not limited to, procurement of substitute +# goods or services; loss of use, data, or profits; or business +# interruption) however caused and on any theory of liability, whether +# in contract, strict liability, or tort (including negligence or +# otherwise) arising in any way out of the use of this software, even +# if advised of the possibility of such damage. + + +sqlite=`which sqlite3` +db_file="/opt/warden-server/var/warden.db" + +$sqlite $db_file "CREATE TABLE clients (client_id INTEGER PRIMARY KEY, hostname VARCHAR(256), registered TIMESTAMP, requestor VARCHAR(256), service VARCHAR(64), client_type VARCHAR(1), type VARCHAR(64), receive_own_events VARCHAR(1), description_tags VARCHAR(256), ip_net_client VARCHAR(256));" +exit 0 diff --git a/src/warden-server/sh/create_table-events.sh b/src/warden-server/sh/create_table-events.sh new file mode 100755 index 0000000..60ce357 --- /dev/null +++ b/src/warden-server/sh/create_table-events.sh @@ -0,0 +1,40 @@ +#!/bin/bash +# +# create_table-events.sh +# +# Copyright (C) 2011 Cesnet z.s.p.o +# Author(s): Tomas PLESNIK <plesnik@ics.muni.cz> +# Jan SOUKAL <soukal@ics.muni.cz> +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# 3. Neither the name of the Cesnet z.s.p.o nor the names of its +# contributors may be used to endorse or promote products derived from +# this software without specific prior written permission. +# +# This software is provided ``as is'', and any express or implied +# warranties, including, but not limited to, the implied warranties of +# merchantability and fitness for a particular purpose are disclaimed. +# In no event shall the Masaryk University or contributors be liable for +# any direct, indirect, incidental, special, exemplary, or consequential +# damages (including, but not limited to, procurement of substitute +# goods or services; loss of use, data, or profits; or business +# interruption) however caused and on any theory of liability, whether +# in contract, strict liability, or tort (including negligence or +# otherwise) arising in any way out of the use of this software, even +# if advised of the possibility of such damage. + + +sqlite=`which sqlite3` +db_file="/opt/warden-server/var/warden.db" + +$sqlite $db_file "CREATE TABLE events (id INTEGER PRIMARY KEY, hostname VARCHAR(256), service VARCHAR(64), detected TIMESTAMP, received TIMESTAMP, type VARCHAR(64), source_type VARCHAR(64), source VARCHAR(256), target_proto VARCHAR(16), target_port INT(2), attack_scale INT(4), note TEXT, priority INT(1), timeout INT(2), valid VARCHAR(1));" + +exit 0 -- GitLab