diff --git a/packages/build-server.sh b/packages/build-server.sh
index 362acb4944f2914bcefff364c14430401ad53d10..1333c515784c39d03d36418e75dddcdb1b963fdf 100755
--- a/packages/build-server.sh
+++ b/packages/build-server.sh
@@ -24,7 +24,7 @@ err()
#-------------------------------------------------------------------------------
# edit when you build new package
-version="2.1"
+version="2.1-beta5"
package_name="warden-server"
package="${package_name}-${version}"
@@ -45,7 +45,6 @@ mkdir -p $package 2> $err || err
cp ../src/${package_name}/sh/install.sh $package 2> $err || err
cp ../src/${package_name}/sh/update.sh $package 2> $err || err
cp ../src/${package_name}/sh/uninstall.sh $package 2> $err || err
-cp ../src/${package_name}/sh/uninstall.sh $package 2> $err || err
cp ../src/${package_name}/doc/AUTHORS $package 2> $err || err
cp ../src/${package_name}/doc/CHANGELOG $package 2> $err || err
cp ../src/${package_name}/doc/INSTALL $package 2> $err || err
@@ -69,7 +68,6 @@ echo "OK"
echo -n "Building '${etc}' directory ... "
mkdir -p $etc 2> $err || err
cp ../src/${package_name}/etc/package_version $etc 2> $err || err
-cp ../src/${package_name}/etc/warden-apache.conf $etc 2> $err || err
echo "OK"
echo -n "Building '${lib}' directory ... "
diff --git a/packages/warden-server-2.1-beta4.tar.gz b/packages/warden-server-2.1-beta4.tar.gz
new file mode 100644
index 0000000000000000000000000000000000000000..9422c1e1b4ee3ff36c527d86010b366030bcbc93
Binary files /dev/null and b/packages/warden-server-2.1-beta4.tar.gz differ
diff --git a/packages/warden-server-2.1-beta4.tar.gz.sig b/packages/warden-server-2.1-beta4.tar.gz.sig
new file mode 100644
index 0000000000000000000000000000000000000000..fc2869d91ff5bae4ad3f276864f8200eed4adfa9
--- /dev/null
+++ b/packages/warden-server-2.1-beta4.tar.gz.sig
@@ -0,0 +1 @@
+3bf719d1f0887f7feb394aafc8a85b48a66e2498 warden-server-2.1-beta4.tar.gz
diff --git a/packages/warden-server-2.1-beta5.tar.gz b/packages/warden-server-2.1-beta5.tar.gz
new file mode 100644
index 0000000000000000000000000000000000000000..29e0b5cc2f7d2c93ecc23598307b5b730f09eed8
Binary files /dev/null and b/packages/warden-server-2.1-beta5.tar.gz differ
diff --git a/packages/warden-server-2.1-beta5.tar.gz.sig b/packages/warden-server-2.1-beta5.tar.gz.sig
new file mode 100644
index 0000000000000000000000000000000000000000..34e1e59eb2960358829dda6fb1c3c00cceafc918
--- /dev/null
+++ b/packages/warden-server-2.1-beta5.tar.gz.sig
@@ -0,0 +1 @@
+e4e6cd82c07aa02f4a73aa37f5da13e7d04ab0fe warden-server-2.1-beta5.tar.gz
diff --git a/packages/warden-server-2.1.tar.gz b/packages/warden-server-2.1.tar.gz
deleted file mode 100644
index db3152cc9ad588d22103292c0361e79661cd8008..0000000000000000000000000000000000000000
Binary files a/packages/warden-server-2.1.tar.gz and /dev/null differ
diff --git a/packages/warden-server-2.1.tar.gz.sig b/packages/warden-server-2.1.tar.gz.sig
deleted file mode 100644
index f92250c2bd35bc4ce049f2493ba92bff4159074d..0000000000000000000000000000000000000000
--- a/packages/warden-server-2.1.tar.gz.sig
+++ /dev/null
@@ -1 +0,0 @@
-ffa7243c2da0426c97abd5e8830c1efbf2aacef0 warden-server-2.1.tar.gz
diff --git a/src/meta/README b/src/contrib/meta/README
similarity index 100%
rename from src/meta/README
rename to src/contrib/meta/README
diff --git a/src/meta/other/importMetaClients.sh b/src/contrib/meta/other/importMetaClients.sh
similarity index 100%
rename from src/meta/other/importMetaClients.sh
rename to src/contrib/meta/other/importMetaClients.sh
diff --git a/src/meta/other/meta-nodes b/src/contrib/meta/other/meta-nodes
similarity index 100%
rename from src/meta/other/meta-nodes
rename to src/contrib/meta/other/meta-nodes
diff --git a/src/meta/other/meta_check.sh b/src/contrib/meta/other/meta_check.sh
similarity index 100%
rename from src/meta/other/meta_check.sh
rename to src/contrib/meta/other/meta_check.sh
diff --git a/src/meta/warden-client-meta.tgz b/src/contrib/meta/warden-client-meta.tgz
similarity index 100%
rename from src/meta/warden-client-meta.tgz
rename to src/contrib/meta/warden-client-meta.tgz
diff --git a/src/meta/wardentest-lenny-meta.sh b/src/contrib/meta/wardentest-lenny-meta.sh
similarity index 100%
rename from src/meta/wardentest-lenny-meta.sh
rename to src/contrib/meta/wardentest-lenny-meta.sh
diff --git a/src/meta/wtw-lenny-meta.sh b/src/contrib/meta/wtw-lenny-meta.sh
similarity index 100%
rename from src/meta/wtw-lenny-meta.sh
rename to src/contrib/meta/wtw-lenny-meta.sh
diff --git a/src/contrib/networkReporter-client/networkReporter.pl b/src/contrib/networkReporter-client/networkReporter.pl
new file mode 100755
index 0000000000000000000000000000000000000000..ed32b7d99a7e478f0d065d293a28fc2b5041c897
--- /dev/null
+++ b/src/contrib/networkReporter-client/networkReporter.pl
@@ -0,0 +1,175 @@
+#!/usr/bin/perl
+#
+# networkReporter.pl - Warden client for communication with RT ticketing system
+#
+# Copyright (C) 2012 Masaryk University
+# Author(s): Jakub CEGAN <cegan@ics.muni.cz>
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+#
+# * Redistributions of source code must retain the above copyright notice,
+# this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above copyright notice,
+# this list of conditions and the following disclaimer in the documentation
+# and/or other materials provided with the distribution.
+# * Neither the name of Masaryk University nor the names of its contributors may be
+# used to endorse or promote products derived from this software without
+# specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+# POSSIBILITY OF SUCH DAMAGE.
+#
+
+use warnings;
+use strict;
+
+use lib '/opt/warden-client';
+use Email::Simple;
+use Sys::Hostname;
+use Text::Wrap;
+use DateTime;
+
+
+sub sendmailWrapper{
+ my $message = shift;
+
+ if(open(my $sendmail, '|/usr/sbin/sendmail -oi -t')){
+ print $sendmail $message;
+ close $sendmail;
+ return 1;
+ } else {
+ return (0, "Sending email failed: $!");
+ }
+}
+
+sub timeToLocal{
+ my $time = shift;
+
+ my ($y,$m,$d,$h,$mm,$s);
+ if(!($$time =~ m/(\d{4})\-(\d{2})\-(\d{2})\ (\d{2})\:(\d{2})\:(\d{2})/)){
+ return (0, "Bad time format!\n");
+ }
+
+ ($y,$m,$d,$h,$mm,$s) = $$time =~ m/(\d{4})\-(\d{2})\-(\d{2})\ (\d{2})\:(\d{2})\:(\d{2})/;
+ eval{
+ my $dt = DateTime->new(
+ year => $y,
+ month => $m,
+ day => $d,
+ hour => $h,
+ minute => $mm,
+ second => $s,
+ time_zone =>'gmt');
+ $dt->set_time_zone('local');
+ $$time = $dt->strftime('%d. %m. %Y v %H:%M');};
+ if($@){
+ return (0, "Can't convert time to epoch format!\n");
+ }
+ return 1;
+}
+
+#-------------------------------------------------------------------------------
+# reportToRT - fuction for creating tickets in the RT system
+#
+# param: hash with gateway address and warden event array
+#
+# return: ok || fail
+#-------------------------------------------------------------------------------
+sub reportToRT{
+
+ my $inputData = shift;
+ my $toGateway = $$inputData{'gateway'};
+ my @event = @{$$inputData{'data'}};
+
+ my $fromHostname;
+ my $message;
+ my ($rc, $err);
+
+ if(!($toGateway)){
+ return (0, "Empty 'To' email header!\n");
+ }
+
+ eval{
+ $fromHostname = hostname();
+ if(!($fromHostname =~ m/\.ics\.muni\.cz/gi)){
+ $fromHostname .= '.ics.muni.cz';
+ }
+ };
+ if($@){
+ return (0, "Can't retrive hostname for 'From' header!\n");
+ }
+
+ ($rc, $err) = timeToLocal(\$event[3]);
+ if(!$rc){
+ return (0, $err);
+ }
+
+ my $text = "Dobrý den,
+ z VaÅ¡Ã IP adresy $event[6] jsme zaznamenali $event[3] celkem $event[9] pokus(y) o pÅ™ipojenà k neexistujÃcà službÄ› (tzv. honeypotu). V tomto konkrétnÃm pÅ™ÃpadÄ› se jednalo o protokol $event[7] a port ÄÃslo $event[8]. Je pravdÄ›podobné, že se jedná o virus, napadený poÄÃtaÄ Äi zneužitý uživatelský úÄet. DoporuÄujeme Vám zkontrolovat zabezpeÄenà tohoto poÄitaÄe.
+
+ S pozdravem
+
+ CSIRT-MU
+ http://www.muni.cz/csirt";
+
+ eval{
+ $message = Email::Simple->create(
+ header => [
+ To => $toGateway,
+ From => 'tools@'.$fromHostname,
+ Subject => 'Pristup na honeypot v siti CESNET'],
+ body => fill('','',$text));
+ };
+ if($@){
+ return (0, "Can't create email message\n");
+ }
+
+ ($rc, $err) = sendmailWrapper($message->as_string);
+ if(!$rc){
+ return (0, $err);
+ }
+ return 1;
+}
+
+
+my $warden_path = '/opt/warden-client';
+
+require $warden_path . '/lib/WardenClientReceive.pm';
+
+my $requested_type = "portscan";
+my $ip_reg = '147\.251\.\d+\.\d+';
+my $client = 'CESNET_IDS';
+my $gateway = 'rt@rt-devel.ics.muni.cz';
+
+$Text::Wrap::columns = 90;
+
+
+my $logger;
+my @new_events;
+
+@new_events = WardenClientReceive::getNewEvents($warden_path, $requested_type);
+#@new_events = (["5179620","au1.cesnet.cz","CESNET_IDS","2012-11-08 17:04:56","portscan","IP","147.251.216.8","XXX","666","2","","0","720"]);
+foreach (@new_events) {
+ my @event = @$_;
+
+ if(($event[6] =~ /^$ip_reg$/i) and ($event[2] =~ /^$client$/i)){
+ my %input = (gateway => $gateway, data => \@event);
+ my ($rc,$err) = reportToRT(\%input);
+ if(!$rc){
+ #print "ERR: $err\n";
+ syslog("err|Warden client - networkReporter $err\n");
+ }
+ }
+}
+
+exit 0;
diff --git a/src/warden-server/bin/wardenWatchdog.pl b/src/warden-server/bin/wardenWatchdog.pl
new file mode 100755
index 0000000000000000000000000000000000000000..0c025817d24418b409b556c4072301ed12dc516d
--- /dev/null
+++ b/src/warden-server/bin/wardenWatchdog.pl
@@ -0,0 +1,207 @@
+#!/usr/bin/perl
+#
+# WardenWatchdog.pl
+#
+# Copyright (C) 2011-2012 Cesnet z.s.p.o
+#
+# Use of this source is governed by a BSD-style license, see LICENSE file.
+
+
+use WardenConf;
+use strict;
+use warnings;
+use DBI;
+use DBD::mysql;
+use DateTime;
+#use Email::Simple;
+use Sys::Hostname;
+use Text::Wrap;
+use Data::Dumper;
+
+sub sendmailWrapper{
+ my $message = shift;
+
+ if(open(my $sendmail, '|/usr/sbin/sendmail -oi -t')){
+ print $sendmail $message;
+ close $sendmail;
+ return 1;
+ } else {
+ return (0, "Sending email failed: $!");
+ }
+}
+
+# Array of hashes
+#{query => ; text => ; contact => }
+
+# Get clients admins
+sub sendReport{
+
+ my $input_data = shift;
+ my $contact = $$input_data{'contact'};
+ my $domain = $$input_data{'domain'};
+ my $text = $$input_data{'text'};
+
+ my $from_hostname;
+ my $message;
+
+ if(!($contact)){
+ return (0, "Empty 'To' email header!\n");
+ }
+
+ $domain =~ s/\./\./;
+
+ eval{
+ $from_hostname = hostname();
+ if(!($from_hostname =~ m/$domain/gi)){
+ $from_hostname .= $domain;
+ }
+ };
+ if($@){
+ return (0, "Can't retrive hostname for 'From' header!\n");
+ }
+
+ eval{
+ #$message = Email::Simple->create(
+ #header => [
+ #To => $contact,
+ #From => 'warden_watchdog@'.$from_hostname,
+ #Subject => 'Kotrola stavu udalosti na Wardenu'],
+ #body => fill('','',$text));
+ };
+ if($@){
+ return (0, "Can't create email message\n");
+ }
+
+ print "== $contact ==\n$text\n";
+ my ($rc, $err) = 1;#sendmailWrapper($message->as_string);
+ if(!$rc){
+ return (0, $err);
+ }
+ return 1;
+}
+
+sub connect_to_DB {
+
+ my $dbPlatform = 'mysql';
+ my $dbName = 'warden';
+ my $dbHostname = 'localhost';
+ my $dbUser = 'root';
+ my $dbPasswd = 'w4rd3n&r00t';
+
+ my $dbhRef = shift;
+ my $dbh;
+
+ if($dbh = DBI->connect( "dbi:$dbPlatform:database=$dbName;host=$dbHostname", $dbUser, $dbPasswd, {RaiseError => 1, mysql_auto_reconnect => 1})){
+ $$dbhRef = $dbh;
+ return 1;
+ }
+ else{
+ return (0,"Cannot connect to database! ".DBI->errstr);
+ }
+}
+
+sub sendQuery{
+
+ my $configRef = shift;
+ my $eventsRef = shift;
+
+ my @config = @{$configRef};
+ my %bad_events;
+ my ($rc,$err);
+ my $dbh;
+
+ my $i = 0;
+ # connect to DB
+ ($rc,$err) = connect_to_DB(\$dbh);
+ if (!$rc){
+ return (0, $err);
+ }
+
+ while ($i < scalar(@config)) {
+ my $contact;
+
+ # run DB query -> requestor, client name
+ my $sth;
+ if (defined($config[$i]{query})){
+ $sth = $dbh->prepare($config[$i]{query});
+ }
+ else{
+ return (0, "No query availble\n");
+ }
+
+ if (!($sth->execute)){
+ return (0, "Couldn't get data from my database: $sth->errstr\n");
+ };
+
+ my @result;
+ while(@result = $sth->fetchrow()){
+ if (defined($config[$i]{contact})){
+ $contact = $config[$i]{contact};
+ }
+ else{
+ $contact = "from_db\@$result[0]";
+ }
+ $bad_events{$contact} .= $config[$i]{text} . "DB INFO: ". join(', ',@result) ."\n";
+ }
+ $sth->finish;
+ $i++;
+ }
+ # disconnect to DB
+ $dbh->disconnect;
+
+ %$eventsRef = %bad_events;
+
+ return 1;
+}
+
+
+sub run{
+
+ my $domain = shift;
+ my $period = shift;
+
+ my $date;
+
+ eval{
+ my $dt = DateTime->now();
+ $dt = DateTime->now()->subtract(days => $period);
+ $date = $dt->date();
+ };
+ if($@){
+ print "Warden watchdog - can't work with date\n";
+ #syslog("err|Warden watchdog - can't work with date\n");
+ }
+
+ my @configuration = (
+ {query => "SELECT hostname, service, MAX(received) FROM events WHERE valid = 't' GROUP BY hostname, service ORDER BY MAX(received) ASC;", text => "Hey, this is test of warning for admin!\n"},
+ {query => "SELECT requestor FROM clients WHERE service IN (SELECT service FROM events WHERE detected > '$date' AND type NOT IN ('portscan', 'bruteforce', 'probe', 'spam', 'phishing', 'botnet_c_c', 'dos', 'malware', 'copyright', 'webattack', 'test', 'other') AND valid = 't' GROUP BY service) GROUP BY requestor;", text => "Hey, this is test of warning!\n", contact => 'warden-administrator@cesnet.cz'});
+
+ $Text::Wrap::columns = 80;
+
+
+ my %bad_events;
+
+ my $i = 0;
+ while ($i < scalar(@configuration)) {
+ my ($rc,$err) = sendQuery(\@configuration,\%bad_events);
+ if (!$rc){
+ print "Warden watchdog - $err\n";
+ #syslog("err|Warden watchdog - $err\n");
+ }
+ $i++;
+ }
+
+ while (my ($contact, $text) = each(%bad_events)){
+ my %input = (contact => $contact, domain => $domain, text => $text);
+ my ($rc,$err) = sendReport(\%input);
+ if (!$rc){
+ # TODO syslog
+ print $err;
+ #syslog("err|Warden client - networkReporter $err\n");
+ }
+ print "\n\n";
+ }
+}
+
+run('warden-dev.cesnet.cz',7);
+1;
diff --git a/src/warden-server/doc/INSTALL b/src/warden-server/doc/INSTALL
index eacf28e9600c91c05649d07b1f5c569635d99b4a..dcd5cf607eb0f56d77f2dec542a4365dc44d31f0 100644
--- a/src/warden-server/doc/INSTALL
+++ b/src/warden-server/doc/INSTALL
@@ -88,7 +88,7 @@ D. Post-installation steps
b) Create new database structure
- $ mysql -u <user> -h localhost -p <password> < {warden-server_path}/doc/warden.mysql
+ $ mysql -u <user> -h localhost -p < {warden-server_path}/doc/warden.mysql
4) Warden server configuration
diff --git a/src/warden-server/doc/UNINSTALL b/src/warden-server/doc/UNINSTALL
index ea227b8c395b47377674c2bc777586c78820198d..d9a61e4e012ef7f0040d10026421141c62173c65 100644
--- a/src/warden-server/doc/UNINSTALL
+++ b/src/warden-server/doc/UNINSTALL
@@ -24,13 +24,72 @@ You must be root for running this script.
B. Uninstallation step
----------------------
-1) Uninstall Warden server package (default installation path)
+1) Uninstall Warden server package (example for default installation path)
# /opt/warden-server/uninstall.sh -d /opt
C. Post-uninstallation steps
---------------------------
+----------------------------
- # a2dismod ssl
- # aptitude remove apache2 mysql-server libapache2-mod-perl2 apache2-mpm-prefork
+1) Stop Apache server
+
+ # /etc/init.d/apache2 stop
+
+
+2) Disable of mod_ssl module
+
+ # a2dismod ssl
+
+
+3) Remove Apache server configuration
+
+ a) VirtualHost section configuration
+
+ - remove include parameters from the Warden server configuration file (<warden-server_path>/etc/warden-apache.conf)
+
+ # vim /etc/apache2/sites-enables/default(-ssl)
+
+ <VirtualHost *:443>
+ ...
+
+ Include /opt/warden-server/etc/warden-apache.conf
+ </VirtualHost>
+
+
+ b) remove Apache server performance configuration
+
+ # vim /etc/apache2/apache2.conf
+
+ - prefork module settings
+
+ <IfModule mpm_prefork_module>
+ StartServers 2
+ MinSpareServers 4
+ MaxSpareServers 8
+ ServerLimit 700
+ MaxClients 700
+ MaxRequestsPerChild 0
+ </IfModule>
+
+ - connection settings
+
+ Timeout 10
+ KeepAlive Off
+
+
+4) Drop MySQL database
+
+ $ mysql -u <user> -h localhost -p <password>
+ mysql> DROP DATABASE warden;
+ mysql> exit
+
+
+5) Uninstall unnecessary packages (optional)
+
+ # aptitude remove apache2 mysql-server libapache2-mod-perl2 apache2-mpm-prefork
+
+
+6) Start Apache server
+
+ # /etc/init.d/apache2 start
diff --git a/src/warden-server/doc/UPDATE b/src/warden-server/doc/UPDATE
index 6d3c7f87c1e736eee65fe97ebb3a39ab7a3a67e1..c9ce426ac2998573d0a82265d28b5426a277b9fd 100644
--- a/src/warden-server/doc/UPDATE
+++ b/src/warden-server/doc/UPDATE
@@ -35,3 +35,8 @@ C. Post-update steps
1) Update Warden server database
$ mysql -u <user> -h localhost -p <password> < {warden-server_path}/doc/warden20to21.patch
+
+
+2) Restart Apache server
+
+ # /etc/init.d/apache2 restart
diff --git a/src/warden-server/doc/warden.mysql b/src/warden-server/doc/warden.mysql
index d70f6dbb6af34a4ed6f72be9a0a58b6abe7d62b9..48a298232103f71148c97a8b8ecd3f43bc7b4af3 100644
--- a/src/warden-server/doc/warden.mysql
+++ b/src/warden-server/doc/warden.mysql
@@ -33,7 +33,7 @@ SET character_set_client = utf8;
CREATE TABLE `clients` (
`client_id` int(11) NOT NULL auto_increment,
`hostname` varchar(256) default NULL,
- `registered` timestamp NOT NULL default CURRENT_TIMESTAMP on update CURRENT_TIMESTAMP,
+ `registered` timestamp NOT NULL default '0000-00-00 00:00:00',
`requestor` varchar(256) default NULL,
`service` varchar(64) default NULL,
`client_type` varchar(1) default NULL,
@@ -56,7 +56,7 @@ CREATE TABLE `events` (
`id` int(11) NOT NULL auto_increment,
`hostname` varchar(256) default NULL,
`service` varchar(64) default NULL,
- `detected` timestamp NOT NULL default CURRENT_TIMESTAMP on update CURRENT_TIMESTAMP,
+ `detected` timestamp NOT NULL default '0000-00-00 00:00:00',
`received` timestamp NOT NULL default '0000-00-00 00:00:00',
`type` varchar(64) default NULL,
`source_type` varchar(64) default NULL,
diff --git a/src/warden-server/doc/warden20to21.patch b/src/warden-server/doc/warden20to21.patch
index ef22e9e5e2bd08c20d4352979cc61e6cfcf84b16..bf9c15fd92573c5b31eb2e16285634a53d40431a 100644
--- a/src/warden-server/doc/warden20to21.patch
+++ b/src/warden-server/doc/warden20to21.patch
@@ -1,2 +1,8 @@
ALTER TABLE `clients` CHANGE `registered` `registered` TIMESTAMP NOT NULL DEFAULT '0000-00-00 00:00:00';
-ALTER TABLE `events` CHANGE `detected` `detected` TIMESTAMP NOT NULL DEFAULT '0000-00-00 00:00:00';
+
+ALTER TABLE `events`
+CHANGE `detected` `detected` TIMESTAMP NOT NULL DEFAULT '0000-00-00 00:00:00',
+CHANGE `target_port` `target_port` INT( 2 ) UNSIGNED DEFAULT NULL ,
+CHANGE `attack_scale` `attack_scale` INT( 4 ) UNSIGNED DEFAULT NULL ,
+CHANGE `priority` `priority` INT( 1 ) UNSIGNED DEFAULT NULL ,
+CHANGE `timeout` `timeout` INT( 2 ) UNSIGNED DEFAULT NULL;
diff --git a/src/warden-server/etc/warden-apache.conf b/src/warden-server/etc/warden-apache.conf
index 118d4622ff6913884209fa686c72b5d2a59cc84e..0035c33a11bbfcc8c3fdc1986275fee267c2fe98 100644
--- a/src/warden-server/etc/warden-apache.conf
+++ b/src/warden-server/etc/warden-apache.conf
@@ -11,11 +11,11 @@ SSLOptions +StdEnvVars +ExportCertData
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /etc/ssl/certs/warden-dev.cesnet.cz.pem
-SSLCertificateKeyFile /opt/warden-client/etc/warden-dev.cesnet.cz.key
+SSLCertificateKeyFile /etc/ssl/private/warden-dev.cesnet.cz.key
SSLCACertificateFile /etc/ssl/certs/tcs-ca-bundle.pem
PerlOptions +Parent
-PerlSwitches -I/opt/warden-server/lib
+PerlSwitches -I /opt/warden-server/lib
<Location /Warden>
SetHandler perl-script
diff --git a/src/warden-server/sh/install.sh b/src/warden-server/sh/install.sh
index 58955b1c3838f09cc8a1822326e0bbc39cb9b54e..70a7feb99e4a22d19f208eee644b760cd807093c 100755
--- a/src/warden-server/sh/install.sh
+++ b/src/warden-server/sh/install.sh
@@ -168,8 +168,7 @@ make_client_conf()
#-------------------------------------------------------------------------------
# SSL_CA_FILE - path to CA certificate file
#-------------------------------------------------------------------------------
-\$SSL_CA_FILE = \"${ca_file}\";
-" > $client_conf 2> $err; ret_val=`echo $?`
+\$SSL_CA_FILE = \"${ca_file}\";" > $client_conf 2> $err; ret_val=`echo $?`
if [ $ret_val -eq 0 ]; then
echo "OK"
@@ -189,7 +188,7 @@ make_server_conf()
#-------------------------------------------------------------------------------
# BASEDIR - base directory of Warden server
#-------------------------------------------------------------------------------
-\$BASEDIR = \'${server_path}\';
+\$BASEDIR = \"${server_path}\";
#-------------------------------------------------------------------------------
# SYSLOG - enable/disable syslog logging
@@ -204,42 +203,77 @@ make_server_conf()
#-------------------------------------------------------------------------------
# SYSLOG_FACILITY - syslog facility
#-------------------------------------------------------------------------------
-\$YSLOG_FACILITY = \'local7\';
+\$SYSLOG_FACILITY = \"local7\";
#-------------------------------------------------------------------------------
# DB_NAME - MySQL database name of Warden server
#-------------------------------------------------------------------------------
-\$DB_NAME = \'warden\';
+\$DB_NAME = \"warden\";
#-------------------------------------------------------------------------------
# DB_USER - MySQL database user of Warden server
#-------------------------------------------------------------------------------
-\$DB_USER = \'username\';
+\$DB_USER = \"warden\";
#-------------------------------------------------------------------------------
# DB_PASS - MySQL database password of Warden server
#-------------------------------------------------------------------------------
-\$DB_PASS = \'\';
+\$DB_PASS = \"\";
#-------------------------------------------------------------------------------
# DB_HOST - MySQL database host
#-------------------------------------------------------------------------------
-\$DB_HOST = \'localhost\';
+\$DB_HOST = \"localhost\";
#-------------------------------------------------------------------------------
# MAX_EVENTS_LIMIT - server limit of maximum number of events that can be
# delivered to one client in one batch
#-------------------------------------------------------------------------------
-\$MAX_EVENTS_LIMIT = \'1000000\';
+\$MAX_EVENTS_LIMIT = 1000000;
#-------------------------------------------------------------------------------
# VALID_STRINGS - validation hash containing allowed event attributes
#-------------------------------------------------------------------------------
-\%VALID_STRINGS = (
- \'type\' => [\'portscan\', \'bruteforce\', \'probe\', \'spam\', \'phishing\', \'botnet_c_c\', \'dos\', \'malware\', \'copyright\', \'webattack\', \'test\', \'other\', \'_any_\'],
- \'source_type' => ['IP', 'URL', 'Reply-To:']
-);
-" > $server_conf 2> $err; ret_val=`echo $?`
+%VALID_STRINGS = (
+ \"type\" => [\"portscan\", \"bruteforce\", \"probe\", \"spam\", \"phishing\", \"botnet_c_c\", \"dos\", \"malware\", \"copyright\", \"webattack\", \"test\", \"other\", \"_any_\"],
+ \"source_type\" => [\"IP\", \"URL\", \"Reply-To:\"]
+);" > $server_conf 2> $err; ret_val=`echo $?`
+
+ if [ $ret_val -eq 0 ]; then
+ echo "OK"
+ else
+ err_clean
+ fi
+}
+
+make_apache_conf()
+{
+ echo -n "Creating Apache configuration file ... "
+ echo "#
+#
+# warden-apache.conf - configuration file for the Apache server
+#
+
+SSLEngine on
+
+SSLVerifyDepth 3
+SSLVerifyClient require
+SSLOptions +StdEnvVars +ExportCertData
+
+SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
+
+SSLCertificateFile $cert
+SSLCertificateKeyFile $key
+SSLCACertificateFile $ca_file
+
+PerlOptions +Parent
+PerlSwitches -I $lib
+
+<Location /Warden>
+ SetHandler perl-script
+ PerlHandler Warden::ApacheDispatch
+ SSLOptions +StdEnvVars
+</Location>" > $apache_conf 2> $err; ret_val=`echo $?`
if [ $ret_val -eq 0 ]; then
echo "OK"
@@ -258,25 +292,12 @@ changeServerPath()
perl -pi -e "s#/opt#${prefix}#" ${bin}/$file
done
- echo "- update server path: $apache_conf"
- perl -pi -e "s#/opt#${prefix}#" $apache_conf
-
echo "- update server path: ${lib}/Warden.pm"
perl -pi -e "s#/opt#${prefix}#" ${lib}/Warden.pm
}
-updateCertsPath()
-{
-
- echo "- update certs path: $apache_conf"
- perl -pi -e "s#server-cert.pem#${cert}#" $apache_conf
- perl -pi -e "s#server-key.pem#${key}#" $apache_conf
- perl -pi -e "s#ca-cert.pem#${ca_file}#" $apache_conf
-}
-
-
create_symlinks()
{
echo "Creating symbolic links ..."
@@ -316,7 +337,7 @@ params_chck
# create variables
dirname=`dirname $0`
-hostname=`hostname`
+hostname=`hostname -f`
key_file=`basename $key`
cert_file=`basename $cert`
package_version=`cat ${dirname}/warden-server/etc/package_version`
@@ -331,6 +352,7 @@ server_conf="${etc}/warden-server.conf"
apache_conf="${etc}/warden-apache.conf"
var="${server_path}/var"
lib="${server_path}/lib"
+doc="${server_path}/doc"
err="/tmp/warden-err"
# check if warden-server is installed
@@ -357,26 +379,27 @@ make_client_conf
# create server configuration file
make_server_conf
+# create Apache configuration file
+make_apache_conf
+
#update paths in utilities
changeServerPath
-#update paths in apachefile
-updateCertsPath
-
# crate symlinks from warden server bin directory to /usr/local/bin
create_symlinks
echo
-echo "Please check client configuration file in ${client_conf}!"
-echo "Please check server configuration file in ${server_conf}!"
-echo "Please check Apache configuration file in ${apache_conf}!"
+echo "Please check configuration files:"
+echo " - ${client_conf}"
+echo " - ${server_conf}"
+echo " - ${apache_conf}"
echo
echo "Warden server directory: $server_path"
echo
+echo "Please follow post-installation steps in ${doc}/INSTALL!"
+echo
echo "Installation of $package_version package was SUCCESSFUL!!!"
echo
-echo "Please follow post-installation steps in ${dirname}/doc/INSTALL!"
-
# cleanup section
rm -rf $err
diff --git a/src/warden-server/sh/uninstall.sh b/src/warden-server/sh/uninstall.sh
index 112d420e3a4d86d0f3b2d453d019c32d2570408c..d9bdcbf84fdb8437bcb174dcb98d585acecb80f9 100755
--- a/src/warden-server/sh/uninstall.sh
+++ b/src/warden-server/sh/uninstall.sh
@@ -54,7 +54,6 @@ err_clean()
do
ln -s ${bin}/$file ${local_bin}/$file # create symlinks to /usr/local/bin
done
- $init start # start server
cat $err
rm -rf $err $backup_dir
echo
@@ -104,13 +103,6 @@ warden_dir_chck()
}
-stop_warden_server()
-{
- echo "Stopping Warden server ... "
- ${init} stop 1>/dev/null 2>&1
-}
-
-
backup()
{
echo -n "Backing-up Warden server directory ... "
@@ -175,11 +167,10 @@ bin="${server_path}/bin"
local_bin="/usr/local/bin"
etc="${server_path}/etc"
doc="${server_path}/doc"
-uninstall_file="/tmp/UNINSTALL"
+uninstall_file="/tmp/UNINSTALL.warden"
old_package_version_file="${etc}/package_version"
err="/tmp/warden-err"
backup_dir="/tmp/warden-backup"
-init="/etc/init.d/apache2"
# obtain version of installed warden-server package
obtain_package_version
@@ -190,9 +181,6 @@ echo "------------------------- Uninstallation process -------------------------
# check if $prefix/warden-server directory exist
warden_dir_chck
-# stop running warden server
-stop_warden_server
-
# make backup of currently installed warden-server package
backup
@@ -202,11 +190,11 @@ delete_symlinks
# do uninstallation
uninstall_warden_server
+echo
+echo "Please follow post-uninstallation steps in $uninstall_file!"
echo
echo "Uninstallation of $package_version package was SUCCESSFUL!"
echo
-echo "Please follow post-uninstallation steps in $uninstall_file!"
-
# cleanup section
rm -rf $err $backup_dir
diff --git a/src/warden-server/sh/update.sh b/src/warden-server/sh/update.sh
index 21f0a7fbc102bd59f83dad0e4a8c431b8118783b..bc0810eef19120bd6575d104dca47ed11507c523 100755
--- a/src/warden-server/sh/update.sh
+++ b/src/warden-server/sh/update.sh
@@ -173,7 +173,7 @@ update_warden_dir()
update_conf_files()
{
- echo "Updating $apache_conf_file ... "
+ echo -n "Updating $apache_conf_file ... "
ssl_certificate_file=`cat $apache_conf_file | grep 'SSLCertificateFile'`
ssl_certificate_key_file=`cat $apache_conf_file | grep 'SSLCertificateKeyFile'`
@@ -203,8 +203,7 @@ $perl_switches
SetHandler perl-script
PerlHandler Warden::ApacheDispatch
SSLOptions +StdEnvVars
-</Location>
-" > $apache_conf_file 2> $err; ret_val=`echo $?`
+</Location>" > $apache_conf_file 2> $err; ret_val=`echo $?`
if [ $ret_val -eq 0 ]; then
echo "OK"
@@ -214,7 +213,7 @@ $perl_switches
#-------------------------------------------------------------------------------
- echo "Updating $client_conf_file ... "
+ echo -n "Updating $client_conf_file ... "
uri=`cat $client_conf_file | grep '$URI'`
ssl_key_file=`cat $client_conf_file | grep '$SSL_KEY_FILE'`
@@ -243,8 +242,7 @@ $ssl_cert_file
#-------------------------------------------------------------------------------
# SSL_CA_FILE - path to CA certificate file
#-------------------------------------------------------------------------------
-$ssl_ca_file
-" > $client_conf_file 2> $err; ret_val=`echo $?`
+$ssl_ca_file" > $client_conf_file 2> $err; ret_val=`echo $?`
if [ $ret_val -eq 0 ]; then
echo "OK"
@@ -254,7 +252,7 @@ $ssl_ca_file
#-------------------------------------------------------------------------------
- echo "Updating $server_conf_file ... "
+ echo -n "Updating $server_conf_file ... "
basedir=`cat $server_conf_file | grep '$BASEDIR'`
syslog=`cat $server_conf_file | grep '$SYSLOG' | head -n1`
@@ -269,7 +267,7 @@ $ssl_ca_file
if [ -z "$syslog_facility" ]; then
syslog_facility=`cat $server_conf_file | grep '$FACILITY'`
else
- syslog_facility='$SYSLOG_FACILITY = local7;'
+ syslog_facility='$SYSLOG_FACILITY = "local7";'
fi
db_name=`cat $server_conf_file | grep '$DB_NAME'`
db_user=`cat $server_conf_file | grep '$DB_USER'`
@@ -281,9 +279,9 @@ $ssl_ca_file
fi
valid_strings=`cat $server_conf_file | grep -A 3 '%VALID_STRINGS'`
if [ -z "$valid_strings" ]; then
- valid_strings="\%VALID_STRINGS = (
- \'type\' => [\'portscan\', \'bruteforce\', \'probe\', \'spam\', \'phishing\', \'botnet_c_c\', \'dos\', \'malware\', \'copyright\', \'webattack\', \'test\', \'other\'],
- \'source_type\' => [\'IP\', \'URL\', \'Reply-To:\']
+ valid_strings="%VALID_STRINGS = (
+ \"type\" => [\"portscan\", \"bruteforce\", \"probe\", \"spam\", \"phishing\", \"botnet_c_c\", \"dos\", \"malware\", \"copyright\", \"webattack\", \"test\", \"other\"],
+ \"source_type\" => [\"IP\", \"URL\", \"Reply-To:\"]
);"
fi
@@ -340,8 +338,7 @@ $max_events_limit
#-------------------------------------------------------------------------------
# VALID_STRINGS - validation hash containing allowed event attributes
#-------------------------------------------------------------------------------
-$valid_strings
-" > $server_conf_file 2> $err; ret_val=`echo $?`
+$valid_strings" > $server_conf_file 2> $err; ret_val=`echo $?`
if [ $ret_val -eq 0 ]; then
echo "OK"
@@ -381,6 +378,7 @@ package_version=`cat ${dirname}/warden-server/etc/package_version`
[[ $prefix == */ ]] && prefix="${prefix%?}" # remove last char (slash) from prefix
server_path="${prefix}/warden-server"
etc="${server_path}/etc"
+doc="${server_path}/doc"
old_package_version_file="${etc}/package_version"
apache_conf_file="${etc}/warden-apache.conf"
client_conf_file="${etc}/warden-client.conf"
@@ -419,13 +417,16 @@ update_warden_dir
update_conf_files
echo
-echo "Please check configuration file in ${conf_file}!"
+echo "Please check updated configuration files:"
+echo " - $apache_conf_file"
+echo " - $server_conf_file"
+echo " - $client_conf_file"
echo
echo "Warden server directory: $server_path"
echo
echo "Update from $old_package_version to $package_version package was SUCCESSFUL!!!"
echo
-echo "Please follow post-update steps in ${dirname}/doc/UPDATE!"
+echo "Please follow post-update steps in ${doc}/UPDATE!"
echo
# cleanup section