From d7ed9ad81e7cc9010f3a75b6ca5155d98c93ae7e Mon Sep 17 00:00:00 2001
From: Tomas Plesnik <plesnik@ics.muni.cz>
Date: Tue, 13 Jan 2015 14:42:11 +0100
Subject: [PATCH] modul WardenClientSend.pm, WardenClientReceive.pm a funkce
getClientInfo zahrnuty do jedine knihovny klienta WardenClient.pm
---
src/warden-client/lib/WardenClient.pm | 225 ++++++++++++++++++++++++++
1 file changed, 225 insertions(+)
create mode 100755 src/warden-client/lib/WardenClient.pm
diff --git a/src/warden-client/lib/WardenClient.pm b/src/warden-client/lib/WardenClient.pm
new file mode 100755
index 0000000..74b777b
--- /dev/null
+++ b/src/warden-client/lib/WardenClient.pm
@@ -0,0 +1,225 @@
+# WardenClient.pm
+#
+# Copyright (C) 2011-2015 Cesnet z.s.p.o
+#
+# Use of this source is governed by a BSD-style license, see LICENSE file.
+
+package WardenClient;
+
+use strict;
+use warnings;
+
+use SOAP::Lite;
+use File::Basename;
+my $lib = File::Basename::dirname(__FILE__);
+use lib $lib;
+use WardenClientCommon;
+
+our $VERSION = "2.2";
+
+
+#-------------------------------------------------------------------------------
+# saveNewEvent - send new event from detection scripts to warden server
+#-------------------------------------------------------------------------------
+sub saveNewEvent
+{
+ my $event_ref = shift;
+
+ # prepare variables of event
+ my @event = @{$event_ref};
+ my $service = $event[0];
+ my $detected = $event[1];
+ my $type = $event[2];
+ my $source_type = $event[3];
+ my $source = $event[4];
+ my $target_proto = $event[5];
+ my $target_port = $event[6];
+ my $attack_scale = $event[7];
+ my $note = $event[8];
+ my $priority = $event[9];
+ my $timeout = $event[10];
+
+ # Issue #596 - Should be removed in Warden client 3.0.
+ # check if obsolete event attribute 'Priority' is used
+ if ((defined $priority) && ($priority >= 0)) {
+ WardenClientCommon::errMsg('Event attribute "Priority" is now obsolete and will be removed in Warden client 3.0', 'warn');
+ }
+ # check if obsolete event attribute 'Timeout' is used
+ if ((defined $timeout) && ($timeout >= 0)) {
+ WardenClientCommon::errMsg('Event attribute "Timeout" is now obsolete and will be removed in Warden client 3.0', 'warn');
+ }
+ # end of Issue #596
+
+ # create SOAP data object
+ my $event;
+ eval {
+ $event = SOAP::Data->name(
+ event => \SOAP::Data->value(
+ SOAP::Data->name(SERVICE => $service),
+ SOAP::Data->name(DETECTED => $detected),
+ SOAP::Data->name(TYPE => $type),
+ SOAP::Data->name(SOURCE_TYPE => $source_type),
+ SOAP::Data->name(SOURCE => $source),
+ SOAP::Data->name(TARGET_PROTO => $target_proto),
+ SOAP::Data->name(TARGET_PORT => $target_port),
+ SOAP::Data->name(ATTACK_SCALE => $attack_scale),
+ SOAP::Data->name(NOTE => $note),
+ SOAP::Data->name(PRIORITY => $priority),
+ SOAP::Data->name(TIMEOUT => $timeout)
+ )
+ );
+ } # end of eval
+ or WardenClientCommon::errMsg('Unknown error when creating SOAP data object, ' . $@);
+
+ # c2s() returns undef on fail
+ my $result = WardenClientCommon::c2s("saveNewEvent", $event);
+
+ defined $result ? return 1 : return 0;
+
+} # End of saveNewEvent
+
+
+#-------------------------------------------------------------------------------
+# getNewEvents - get new events from warden server greater than last received ID
+#-------------------------------------------------------------------------------
+sub getNewEvents
+{
+ my @events;
+
+ my $warden_path = shift;
+ my $requested_type = shift;
+
+ my $vardir = $warden_path . "/var/";
+ my $etcdir = $warden_path . "/etc/";
+ my $libdir = $warden_path . "/lib/";
+
+ require $libdir . "WardenClientConf.pm";
+ require $libdir . "WardenClientCommon.pm";
+
+ # read the config file
+ my $conf_file = $etcdir . "warden-client.conf";
+ WardenClientConf::loadConf($conf_file);
+
+ # set name of ID file for each client aplication
+ my ($caller_name) = ($FindBin::Script =~ /^(.*)$/); # untaint
+ my $id_file = $vardir . $caller_name . "-". ($requested_type || "any") . ".id";
+
+ #-----------------------------------------------------------------------------
+ # get last ID from ID file (if exist) or
+ # get last ID from warden server DB and save it into ID file
+ my $last_id;
+ if (-e $id_file) {
+ open(ID, "< $id_file") or return WardenClientCommon::errMsg("Cannot open ID file $id_file: $!");
+ foreach(<ID>) {
+ $last_id = $_;
+ }
+ close ID;
+ } else {
+ # c2s() returns undef on fail
+ my $response = WardenClientCommon::c2s($WardenClientConf::URI, $WardenClientConf::SSL_KEY_FILE, $WardenClientConf::SSL_CERT_FILE, $WardenClientConf::SSL_CA_FILE, "getLastId");
+ defined $response or return; # receive data or return undef
+
+ $last_id = $response->result;
+ open(ID, "> $id_file") or return WardenClientCommon::errMsg("Cannot open ID file $id_file: $!");
+ print ID $last_id;
+ close ID;
+ }
+
+ #-----------------------------------------------------------------------------
+ # get new events from warden server DB based on gathered last ID
+
+ my $request_data;
+ eval {
+ # create SOAP data object
+ $request_data = SOAP::Data->name(
+ request => \SOAP::Data->value(
+ SOAP::Data->name(REQUESTED_TYPE => $requested_type),
+ SOAP::Data->name(LAST_ID => $last_id),
+ SOAP::Data->name(MAX_RCV_EVENTS_LIMIT => $WardenClientConf::MAX_RCV_EVENTS_LIMIT)
+ )
+ )
+ } or return errMsg('Unknown error when creating SOAP data object, ' . $@);
+
+ # call server method getNewEvents
+ my $response = WardenClientCommon::c2s($WardenClientConf::URI, $WardenClientConf::SSL_KEY_FILE, $WardenClientConf::SSL_CERT_FILE, $WardenClientConf::SSL_CA_FILE, "getNewEvents", $request_data);
+ defined $response or return; # connect to warden server or return undef
+
+ # parse returned SOAP data object
+ my ($id, $hostname, $service, $detected, $type, $source_type, $source, $target_proto, $target_port, $attack_scale, $note, $priority, $timeout);
+
+ my @response_list = $response->valueof('/Envelope/Body/getNewEventsResponse/event/');
+
+ while (scalar @response_list) {
+ my $response_data = shift(@response_list);
+ my @event;
+
+ # parse items of one event
+ $id = $response_data->{'ID'};
+ $hostname = $response_data->{'HOSTNAME'};
+ $service = $response_data->{'SERVICE'};
+ $detected = $response_data->{'DETECTED'};
+ $type = $response_data->{'TYPE'};
+ $source_type = $response_data->{'SOURCE_TYPE'};
+ $source = $response_data->{'SOURCE'};
+ $target_proto = $response_data->{'TARGET_PROTO'};
+ $target_port = $response_data->{'TARGET_PORT'};
+ $attack_scale = $response_data->{'ATTACK_SCALE'};
+ $note = $response_data->{'NOTE'};
+ $priority = $response_data->{'PRIORITY'};
+ $timeout = $response_data->{'TIMEOUT'};
+
+ # push new event from warden server into @events which is returned
+ @event = ($id, $hostname, $service, $detected, $type, $source_type, $source, $target_proto, $target_port, $attack_scale, $note, $priority, $timeout);
+ push (@events, \@event);
+
+ # set maximum received ID from current batch
+ if ($id > $last_id) {
+ $last_id = $id;
+ }
+ } #end of while loop
+
+ # write last return ID
+ if (defined $last_id) { # must be defined for first check ID
+ open(ID, "> $id_file") or return WardenClientCommon::errMsg("Cannot open ID file $id_file: $!");
+ print ID $last_id;
+ close ID;
+ }
+
+ return @events;
+
+} # End of getNewEvents
+
+
+#-------------------------------------------------------------------------------
+# getClientInfo - retrieve information about other clients from Warden server
+#-------------------------------------------------------------------------------
+sub getClientInfo
+{
+ # obtain information about clients on Warden server
+ my $response = c2s("getClientInfo");
+ defined $response or return; # receive data or return undef
+
+ # parse server response (SOAP data object)
+ my @clients;
+ my @response_list = $response->valueof('/Envelope/Body/getClientInfoResponse/client/');
+
+ while (scalar @response_list) {
+ my $response_data = shift(@response_list);
+ my %client;
+ $client{'client_id'} = $response_data->{'CLIENT_ID'} ;
+ $client{'hostname'} = $response_data->{'HOSTNAME'};
+ $client{'registered'} = $response_data->{'REGISTERED'};
+ $client{'requestor'} = $response_data->{'REQUESTOR'};
+ $client{'service'} = $response_data->{'SERVICE'};
+ $client{'client_type'} = $response_data->{'CLIENT_TYPE'};
+ $client{'type'} = $response_data->{'TYPE'};
+ $client{'receive_own_events'} = $response_data->{'RECEIVE_OWN_EVENTS'};
+ $client{'description_tags'} = $response_data->{'DESCRIPTION_TAGS'};
+ $client{'ip_net_client'} = $response_data->{'IP_NET_CLIENT'};
+ push (@clients,\%client);
+ }
+
+ return @clients;
+} # End of getClientInfo
+
+1;
--
GitLab