From c76f8801ce085e914fa916ec1d8b7e523a3fc610 Mon Sep 17 00:00:00 2001
From: Tomas Plesnik <plesnik@ics.muni.cz>
Date: Wed, 12 Mar 2014 16:59:12 +0100
Subject: [PATCH] nove sablony pro update konfiguracnich souboru

---
 .../etc/warden-apache.conf.tmpl.update        | 25 +++++++
 .../etc/warden-server.conf.tmpl.update        | 57 ++++++++++++++++
 .../etc/warden-watchdog.conf.tmpl.update      | 67 +++++++++++++++++++
 3 files changed, 149 insertions(+)
 create mode 100644 src/warden-server/etc/warden-apache.conf.tmpl.update
 create mode 100644 src/warden-server/etc/warden-server.conf.tmpl.update
 create mode 100644 src/warden-server/etc/warden-watchdog.conf.tmpl.update

diff --git a/src/warden-server/etc/warden-apache.conf.tmpl.update b/src/warden-server/etc/warden-apache.conf.tmpl.update
new file mode 100644
index 0000000..12c07de
--- /dev/null
+++ b/src/warden-server/etc/warden-apache.conf.tmpl.update
@@ -0,0 +1,25 @@
+#
+#
+# warden-apache.conf - configuration file for the Apache server
+#
+
+SSLEngine on
+
+SSLVerifyDepth 3
+SSLVerifyClient require
+SSLOptions +StdEnvVars +ExportCertData
+
+SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
+
+SSLCertificateFile    _CERT_FILE_
+SSLCertificateKeyFile _KEY_FILE_
+SSLCACertificateFile  _CA_FILE_
+
+PerlOptions +Parent
+PerlSwitches -I _LIB_
+
+<Location /Warden>
+        SetHandler perl-script
+        PerlHandler Warden::ApacheDispatch
+        SSLOptions +StdEnvVars
+</Location>
diff --git a/src/warden-server/etc/warden-server.conf.tmpl.update b/src/warden-server/etc/warden-server.conf.tmpl.update
new file mode 100644
index 0000000..1a80842
--- /dev/null
+++ b/src/warden-server/etc/warden-server.conf.tmpl.update
@@ -0,0 +1,57 @@
+# 
+# warden-server.conf - configuration file for Warden server
+#
+
+#-------------------------------------------------------------------------------
+# BASEDIR - base directory of Warden server
+#-------------------------------------------------------------------------------
+$BASEDIR = "_BASEDIR_";
+
+#-------------------------------------------------------------------------------
+# SYSLOG - enable/disable syslog logging
+#-------------------------------------------------------------------------------
+$SYSLOG = "_SYSLOG_";
+
+#-------------------------------------------------------------------------------
+# SYSLOG_VERBOSE - enable/disable logging in verbose mode (stack info added)
+#-------------------------------------------------------------------------------
+$SYSLOG_VERBOSE = "_SYSLOG_VERBOSE_";
+
+#-------------------------------------------------------------------------------
+# SYSLOG_FACILITY - syslog facility
+#-------------------------------------------------------------------------------
+$SYSLOG_FACILITY = "_SYSLOG_FACILITY_";
+
+#-------------------------------------------------------------------------------
+# DB_NAME - MySQL database name of Warden server
+#-------------------------------------------------------------------------------
+$DB_NAME = "_DB_NAME_";
+
+#-------------------------------------------------------------------------------
+# DB_USER - MySQL database user of Warden server
+#-------------------------------------------------------------------------------
+$DB_USER = "_DB_USER_";
+
+#-------------------------------------------------------------------------------
+# DB_PASS - MySQL database password of Warden server
+#-------------------------------------------------------------------------------
+$DB_PASS = "_DB_PASS_";
+
+#-------------------------------------------------------------------------------
+# DB_HOST - MySQL database host
+#-------------------------------------------------------------------------------
+$DB_HOST = "_DB_HOST_";
+
+#-------------------------------------------------------------------------------
+# MAX_EVENTS_LIMIT - server limit of maximum number of events that can be
+#                    delivered to one client in one batch
+#-------------------------------------------------------------------------------
+$MAX_EVENTS_LIMIT = "_MAX_EVENTS_LIMIT_";
+
+#-------------------------------------------------------------------------------
+# VALID_STRINGS - validation hash containing allowed event attributes
+#-------------------------------------------------------------------------------
+%VALID_STRINGS = (
+  "type" => ["portscan", "bruteforce", "probe", "spam", "phishing", "botnet_c_c", "dos", "malware", "copyright", "webattack", "test", "other", "_any_"],
+  "source_type" => ["IP", "URL", "Reply-To:"]
+);
diff --git a/src/warden-server/etc/warden-watchdog.conf.tmpl.update b/src/warden-server/etc/warden-watchdog.conf.tmpl.update
new file mode 100644
index 0000000..8d75f84
--- /dev/null
+++ b/src/warden-server/etc/warden-watchdog.conf.tmpl.update
@@ -0,0 +1,67 @@
+#
+# wardenWatchdog.conf - configuration file for Wachdog script
+#
+
+#-------------------------------------------------------------------------------
+# domain_name - server full domain name
+#-------------------------------------------------------------------------------
+$domain_name = "_HOSTNAME_";
+
+#-------------------------------------------------------------------------------
+# email_subject - ...
+#-------------------------------------------------------------------------------
+$email_subject = "_EMAIL_SUBJECT_";
+
+#-------------------------------------------------------------------------------
+# email_server_conf - path and params of an email server for reports sending
+#-------------------------------------------------------------------------------
+$email_server_conf = "_EMAIL_SERVER_CONF_";
+
+#-------------------------------------------------------------------------------
+# sql_precondition - array of procedures which are executed "before" main action
+#-------------------------------------------------------------------------------
+@sql_precondition = ('DROP FUNCTION IF EXISTS iptest;', 'CREATE FUNCTION iptest(ip VARCHAR(15)) RETURNS TINYINT(1) DETERMINISTIC
+BEGIN
+ SET @nip = INET_ATON(ip);
+ IF(
+ ISNULL( @nip) OR
+ @nip BETWEEN 0 AND 16777216 OR
+ @nip BETWEEN 167772160 AND 171966464 OR
+ @nip BETWEEN 2130706432 AND 2130706433 OR
+ @nip BETWEEN 2851995648 AND 2851995649 OR
+ @nip BETWEEN 2886729728 AND 2886729729 OR
+ @nip BETWEEN 3221225472 AND 3221225473 OR
+ @nip BETWEEN 3221225984 AND 3221225985 OR
+ @nip BETWEEN 3227017984 AND 3227017985 OR
+ @nip BETWEEN 3232235520 AND 3232235521 OR
+ @nip BETWEEN 3323068416 AND 3323068417 OR
+ @nip BETWEEN 3325256704 AND 3325256705 OR
+ @nip BETWEEN 3405803776 AND 3405803777 OR
+ @nip BETWEEN 3758096384 AND 3758096385 OR
+ @nip BETWEEN 4026531840 AND 4026531841 OR
+ @nip > 4294967295) THEN
+ RETURN TRUE;
+ ELSE
+ RETURN FALSE;
+ END IF;
+END;');
+
+#-------------------------------------------------------------------------------
+# sql_queries - array of hashes of actions for the WardenWatchdog script.
+#               Each action has three followin parts:
+#               query   => sql query of an action (check) on Warden database
+#               text    => body of an email which is send to a admin of an client
+#                          in case of nonempty check result
+#               contact => contact for message, which overrides contact collumn
+#                          in a database table.
+#-------------------------------------------------------------------------------
+@sql_queries = (
+ {query => "SELECT hostname, service, MAX(received) FROM events WHERE valid = 't' GROUP BY hostname, service ORDER BY MAX(received) ASC;", text => "Uvedeny klient, nebo klienti jiz delsi dobu nereportovali zadne udalosti do Wardenu. Je mozne, ze nefunguji spravne.", contact => 'jakubcegan@cesnet.cz, ph@cesnet.cz'},
+ {query => "SELECT clients.* FROM clients JOIN events ON clients.service=events.service WHERE events.detected > '\$date' AND NOT FIND_IN_SET(events.type, 'portscan,bruteforce,probe,spam,phishing,botnet_c_c,dos,malware,copyright,webattack,test,other') AND events.valid = 't' GROUP BY requestor;", text => "Uvedeny klient, nebo klienti zasilaji nepodporovany nebo zastaraly typ udalosti na server Warden", contact => 'jakubcegan@cesnet.cz, ph@cesnet.cz'},
+ {query => "SELECT hostname, service, type, COUNT(*) FROM events WHERE detected - received > 0 AND received > '$date' GROUP BY hostname, service, type;", text => "Uvedeny klient, nebo klienti odesilaji odesilaji udalosti s casem z budoucnosti. Cas prirazeny serverem pri prichodu udalosti (received) musi byt vzdy roven nebo vetsi casu detekce (detected).", contact => 'jakubcegan@cesnet.cz, ph@cesnet.cz'},
+ {query => "SELECT hostname, service, received, source, count(source) AS c, min(received), max(received) FROM events WHERE valid = 't' AND source_type = 'IP' AND iptest(source) GROUP BY hostname, service, source ORDER BY c DESC;", text => "Uvedeni klient, nebo klienti odesilaji udalosti se zdrojovou adresou, ktera by se nemela objevit v internetu (privatni rozsah), nebo je neplatna (prazdny oktet, oktet je vetsi nez 255, apod.). kvuli omezeni verzi MySQL serveru funguje zatim pouze pro IPv6.", contact => 'jakubcegan@cesnet.cz, ph@cesnet.cz'});
+
+#-------------------------------------------------------------------------------
+# sql_postcondition - array of procedures which are executed "after" main action
+#-------------------------------------------------------------------------------
+@sql_postcondition = ('DROP FUNCTION IF EXISTS iptest;');
-- 
GitLab