Skip to content
Snippets Groups Projects
Commit db239e5e authored by Jakub Cegan's avatar Jakub Cegan
Browse files

Merge branch 'master' of homeproj.cesnet.cz:warden

parents e64e60f8 61ffead4
No related branches found
No related tags found
No related merge requests found
Showing
with 104 additions and 56 deletions
...@@ -45,7 +45,6 @@ mkdir -p $package 2> $err || err ...@@ -45,7 +45,6 @@ mkdir -p $package 2> $err || err
cp ../src/${package_name}/sh/install.sh $package 2> $err || err cp ../src/${package_name}/sh/install.sh $package 2> $err || err
cp ../src/${package_name}/sh/update.sh $package 2> $err || err cp ../src/${package_name}/sh/update.sh $package 2> $err || err
cp ../src/${package_name}/sh/uninstall.sh $package 2> $err || err cp ../src/${package_name}/sh/uninstall.sh $package 2> $err || err
cp ../src/${package_name}/sh/uninstall.sh $package 2> $err || err
cp ../src/${package_name}/doc/AUTHORS $package 2> $err || err cp ../src/${package_name}/doc/AUTHORS $package 2> $err || err
cp ../src/${package_name}/doc/CHANGELOG $package 2> $err || err cp ../src/${package_name}/doc/CHANGELOG $package 2> $err || err
cp ../src/${package_name}/doc/INSTALL $package 2> $err || err cp ../src/${package_name}/doc/INSTALL $package 2> $err || err
...@@ -69,7 +68,6 @@ echo "OK" ...@@ -69,7 +68,6 @@ echo "OK"
echo -n "Building '${etc}' directory ... " echo -n "Building '${etc}' directory ... "
mkdir -p $etc 2> $err || err mkdir -p $etc 2> $err || err
cp ../src/${package_name}/etc/package_version $etc 2> $err || err cp ../src/${package_name}/etc/package_version $etc 2> $err || err
cp ../src/${package_name}/etc/warden-apache.conf $etc 2> $err || err
echo "OK" echo "OK"
echo -n "Building '${lib}' directory ... " echo -n "Building '${lib}' directory ... "
......
File added
e4e6cd82c07aa02f4a73aa37f5da13e7d04ab0fe warden-server-2.1-beta5.tar.gz
File moved
File moved
File moved
File moved
...@@ -24,13 +24,72 @@ You must be root for running this script. ...@@ -24,13 +24,72 @@ You must be root for running this script.
B. Uninstallation step B. Uninstallation step
---------------------- ----------------------
1) Uninstall Warden server package (default installation path) 1) Uninstall Warden server package (example for default installation path)
# /opt/warden-server/uninstall.sh -d /opt # /opt/warden-server/uninstall.sh -d /opt
C. Post-uninstallation steps C. Post-uninstallation steps
-------------------------- ----------------------------
1) Stop Apache server
# /etc/init.d/apache2 stop
2) Disable of mod_ssl module
# a2dismod ssl # a2dismod ssl
3) Remove Apache server configuration
a) VirtualHost section configuration
- remove include parameters from the Warden server configuration file (<warden-server_path>/etc/warden-apache.conf)
# vim /etc/apache2/sites-enables/default(-ssl)
<VirtualHost *:443>
...
Include /opt/warden-server/etc/warden-apache.conf
</VirtualHost>
b) remove Apache server performance configuration
# vim /etc/apache2/apache2.conf
- prefork module settings
<IfModule mpm_prefork_module>
StartServers 2
MinSpareServers 4
MaxSpareServers 8
ServerLimit 700
MaxClients 700
MaxRequestsPerChild 0
</IfModule>
- connection settings
Timeout 10
KeepAlive Off
4) Drop MySQL database
$ mysql -u <user> -h localhost -p <password>
mysql> DROP DATABASE warden;
mysql> exit
5) Uninstall unnecessary packages (optional)
# aptitude remove apache2 mysql-server libapache2-mod-perl2 apache2-mpm-prefork # aptitude remove apache2 mysql-server libapache2-mod-perl2 apache2-mpm-prefork
6) Start Apache server
# /etc/init.d/apache2 start
...@@ -35,3 +35,8 @@ C. Post-update steps ...@@ -35,3 +35,8 @@ C. Post-update steps
1) Update Warden server database 1) Update Warden server database
$ mysql -u <user> -h localhost -p <password> < {warden-server_path}/doc/warden20to21.patch $ mysql -u <user> -h localhost -p <password> < {warden-server_path}/doc/warden20to21.patch
2) Restart Apache server
# /etc/init.d/apache2 restart
...@@ -188,7 +188,7 @@ make_server_conf() ...@@ -188,7 +188,7 @@ make_server_conf()
#------------------------------------------------------------------------------- #-------------------------------------------------------------------------------
# BASEDIR - base directory of Warden server # BASEDIR - base directory of Warden server
#------------------------------------------------------------------------------- #-------------------------------------------------------------------------------
\$BASEDIR = '${server_path}'; \$BASEDIR = \"${server_path}\";
#------------------------------------------------------------------------------- #-------------------------------------------------------------------------------
# SYSLOG - enable/disable syslog logging # SYSLOG - enable/disable syslog logging
...@@ -203,40 +203,40 @@ make_server_conf() ...@@ -203,40 +203,40 @@ make_server_conf()
#------------------------------------------------------------------------------- #-------------------------------------------------------------------------------
# SYSLOG_FACILITY - syslog facility # SYSLOG_FACILITY - syslog facility
#------------------------------------------------------------------------------- #-------------------------------------------------------------------------------
\$SYSLOG_FACILITY = 'local7'; \$SYSLOG_FACILITY = \"local7\";
#------------------------------------------------------------------------------- #-------------------------------------------------------------------------------
# DB_NAME - MySQL database name of Warden server # DB_NAME - MySQL database name of Warden server
#------------------------------------------------------------------------------- #-------------------------------------------------------------------------------
\$DB_NAME = 'warden'; \$DB_NAME = \"warden\";
#------------------------------------------------------------------------------- #-------------------------------------------------------------------------------
# DB_USER - MySQL database user of Warden server # DB_USER - MySQL database user of Warden server
#------------------------------------------------------------------------------- #-------------------------------------------------------------------------------
\$DB_USER = 'warden'; \$DB_USER = \"warden\";
#------------------------------------------------------------------------------- #-------------------------------------------------------------------------------
# DB_PASS - MySQL database password of Warden server # DB_PASS - MySQL database password of Warden server
#------------------------------------------------------------------------------- #-------------------------------------------------------------------------------
\$DB_PASS = ''; \$DB_PASS = \"\";
#------------------------------------------------------------------------------- #-------------------------------------------------------------------------------
# DB_HOST - MySQL database host # DB_HOST - MySQL database host
#------------------------------------------------------------------------------- #-------------------------------------------------------------------------------
\$DB_HOST = 'localhost'; \$DB_HOST = \"localhost\";
#------------------------------------------------------------------------------- #-------------------------------------------------------------------------------
# MAX_EVENTS_LIMIT - server limit of maximum number of events that can be # MAX_EVENTS_LIMIT - server limit of maximum number of events that can be
# delivered to one client in one batch # delivered to one client in one batch
#------------------------------------------------------------------------------- #-------------------------------------------------------------------------------
\$MAX_EVENTS_LIMIT = '1000000'; \$MAX_EVENTS_LIMIT = 1000000;
#------------------------------------------------------------------------------- #-------------------------------------------------------------------------------
# VALID_STRINGS - validation hash containing allowed event attributes # VALID_STRINGS - validation hash containing allowed event attributes
#------------------------------------------------------------------------------- #-------------------------------------------------------------------------------
%VALID_STRINGS = ( %VALID_STRINGS = (
'type' => ['portscan', 'bruteforce', 'probe', 'spam', 'phishing', 'botnet_c_c', 'dos', 'malware', 'copyright', 'webattack', 'test', 'other', '_any_'], \"type\" => [\"portscan\", \"bruteforce\", \"probe\", \"spam\", \"phishing\", \"botnet_c_c\", \"dos\", \"malware\", \"copyright\", \"webattack\", \"test\", \"other\", \"_any_\"],
'source_type' => ['IP', 'URL', 'Reply-To:'] \"source_type\" => [\"IP\", \"URL\", \"Reply-To:\"]
);" > $server_conf 2> $err; ret_val=`echo $?` );" > $server_conf 2> $err; ret_val=`echo $?`
if [ $ret_val -eq 0 ]; then if [ $ret_val -eq 0 ]; then
...@@ -292,9 +292,6 @@ changeServerPath() ...@@ -292,9 +292,6 @@ changeServerPath()
perl -pi -e "s#/opt#${prefix}#" ${bin}/$file perl -pi -e "s#/opt#${prefix}#" ${bin}/$file
done done
echo "- update server path: $apache_conf"
perl -pi -e "s#/opt#${prefix}#" $apache_conf
echo "- update server path: ${lib}/Warden.pm" echo "- update server path: ${lib}/Warden.pm"
perl -pi -e "s#/opt#${prefix}#" ${lib}/Warden.pm perl -pi -e "s#/opt#${prefix}#" ${lib}/Warden.pm
...@@ -355,6 +352,7 @@ server_conf="${etc}/warden-server.conf" ...@@ -355,6 +352,7 @@ server_conf="${etc}/warden-server.conf"
apache_conf="${etc}/warden-apache.conf" apache_conf="${etc}/warden-apache.conf"
var="${server_path}/var" var="${server_path}/var"
lib="${server_path}/lib" lib="${server_path}/lib"
doc="${server_path}/doc"
err="/tmp/warden-err" err="/tmp/warden-err"
# check if warden-server is installed # check if warden-server is installed
...@@ -387,23 +385,21 @@ make_apache_conf ...@@ -387,23 +385,21 @@ make_apache_conf
#update paths in utilities #update paths in utilities
changeServerPath changeServerPath
#update paths in apachefile
updateCertsPath
# crate symlinks from warden server bin directory to /usr/local/bin # crate symlinks from warden server bin directory to /usr/local/bin
create_symlinks create_symlinks
echo echo
echo "Please check client configuration file in ${client_conf}!" echo "Please check configuration files:"
echo "Please check server configuration file in ${server_conf}!" echo " - ${client_conf}"
echo "Please check Apache configuration file in ${apache_conf}!" echo " - ${server_conf}"
echo " - ${apache_conf}"
echo echo
echo "Warden server directory: $server_path" echo "Warden server directory: $server_path"
echo echo
echo "Please follow post-installation steps in ${doc}/INSTALL!"
echo
echo "Installation of $package_version package was SUCCESSFUL!!!" echo "Installation of $package_version package was SUCCESSFUL!!!"
echo echo
echo "Please follow post-installation steps in ${dirname}/doc/INSTALL!"
# cleanup section # cleanup section
rm -rf $err rm -rf $err
......
...@@ -54,7 +54,6 @@ err_clean() ...@@ -54,7 +54,6 @@ err_clean()
do do
ln -s ${bin}/$file ${local_bin}/$file # create symlinks to /usr/local/bin ln -s ${bin}/$file ${local_bin}/$file # create symlinks to /usr/local/bin
done done
$init start # start server
cat $err cat $err
rm -rf $err $backup_dir rm -rf $err $backup_dir
echo echo
...@@ -104,13 +103,6 @@ warden_dir_chck() ...@@ -104,13 +103,6 @@ warden_dir_chck()
} }
stop_warden_server()
{
echo "Stopping Warden server ... "
${init} stop 1>/dev/null 2>&1
}
backup() backup()
{ {
echo -n "Backing-up Warden server directory ... " echo -n "Backing-up Warden server directory ... "
...@@ -175,11 +167,10 @@ bin="${server_path}/bin" ...@@ -175,11 +167,10 @@ bin="${server_path}/bin"
local_bin="/usr/local/bin" local_bin="/usr/local/bin"
etc="${server_path}/etc" etc="${server_path}/etc"
doc="${server_path}/doc" doc="${server_path}/doc"
uninstall_file="/tmp/UNINSTALL" uninstall_file="/tmp/UNINSTALL.warden"
old_package_version_file="${etc}/package_version" old_package_version_file="${etc}/package_version"
err="/tmp/warden-err" err="/tmp/warden-err"
backup_dir="/tmp/warden-backup" backup_dir="/tmp/warden-backup"
init="/etc/init.d/apache2"
# obtain version of installed warden-server package # obtain version of installed warden-server package
obtain_package_version obtain_package_version
...@@ -190,9 +181,6 @@ echo "------------------------- Uninstallation process ------------------------- ...@@ -190,9 +181,6 @@ echo "------------------------- Uninstallation process -------------------------
# check if $prefix/warden-server directory exist # check if $prefix/warden-server directory exist
warden_dir_chck warden_dir_chck
# stop running warden server
stop_warden_server
# make backup of currently installed warden-server package # make backup of currently installed warden-server package
backup backup
...@@ -202,11 +190,11 @@ delete_symlinks ...@@ -202,11 +190,11 @@ delete_symlinks
# do uninstallation # do uninstallation
uninstall_warden_server uninstall_warden_server
echo
echo "Please follow post-uninstallation steps in $uninstall_file!"
echo echo
echo "Uninstallation of $package_version package was SUCCESSFUL!" echo "Uninstallation of $package_version package was SUCCESSFUL!"
echo echo
echo "Please follow post-uninstallation steps in $uninstall_file!"
# cleanup section # cleanup section
rm -rf $err $backup_dir rm -rf $err $backup_dir
......
...@@ -173,7 +173,7 @@ update_warden_dir() ...@@ -173,7 +173,7 @@ update_warden_dir()
update_conf_files() update_conf_files()
{ {
echo "Updating $apache_conf_file ... " echo -n "Updating $apache_conf_file ... "
ssl_certificate_file=`cat $apache_conf_file | grep 'SSLCertificateFile'` ssl_certificate_file=`cat $apache_conf_file | grep 'SSLCertificateFile'`
ssl_certificate_key_file=`cat $apache_conf_file | grep 'SSLCertificateKeyFile'` ssl_certificate_key_file=`cat $apache_conf_file | grep 'SSLCertificateKeyFile'`
...@@ -203,8 +203,7 @@ $perl_switches ...@@ -203,8 +203,7 @@ $perl_switches
SetHandler perl-script SetHandler perl-script
PerlHandler Warden::ApacheDispatch PerlHandler Warden::ApacheDispatch
SSLOptions +StdEnvVars SSLOptions +StdEnvVars
</Location> </Location>" > $apache_conf_file 2> $err; ret_val=`echo $?`
" > $apache_conf_file 2> $err; ret_val=`echo $?`
if [ $ret_val -eq 0 ]; then if [ $ret_val -eq 0 ]; then
echo "OK" echo "OK"
...@@ -214,7 +213,7 @@ $perl_switches ...@@ -214,7 +213,7 @@ $perl_switches
#------------------------------------------------------------------------------- #-------------------------------------------------------------------------------
echo "Updating $client_conf_file ... " echo -n "Updating $client_conf_file ... "
uri=`cat $client_conf_file | grep '$URI'` uri=`cat $client_conf_file | grep '$URI'`
ssl_key_file=`cat $client_conf_file | grep '$SSL_KEY_FILE'` ssl_key_file=`cat $client_conf_file | grep '$SSL_KEY_FILE'`
...@@ -243,8 +242,7 @@ $ssl_cert_file ...@@ -243,8 +242,7 @@ $ssl_cert_file
#------------------------------------------------------------------------------- #-------------------------------------------------------------------------------
# SSL_CA_FILE - path to CA certificate file # SSL_CA_FILE - path to CA certificate file
#------------------------------------------------------------------------------- #-------------------------------------------------------------------------------
$ssl_ca_file $ssl_ca_file" > $client_conf_file 2> $err; ret_val=`echo $?`
" > $client_conf_file 2> $err; ret_val=`echo $?`
if [ $ret_val -eq 0 ]; then if [ $ret_val -eq 0 ]; then
echo "OK" echo "OK"
...@@ -254,7 +252,7 @@ $ssl_ca_file ...@@ -254,7 +252,7 @@ $ssl_ca_file
#------------------------------------------------------------------------------- #-------------------------------------------------------------------------------
echo "Updating $server_conf_file ... " echo -n "Updating $server_conf_file ... "
basedir=`cat $server_conf_file | grep '$BASEDIR'` basedir=`cat $server_conf_file | grep '$BASEDIR'`
syslog=`cat $server_conf_file | grep '$SYSLOG' | head -n1` syslog=`cat $server_conf_file | grep '$SYSLOG' | head -n1`
...@@ -269,7 +267,7 @@ $ssl_ca_file ...@@ -269,7 +267,7 @@ $ssl_ca_file
if [ -z "$syslog_facility" ]; then if [ -z "$syslog_facility" ]; then
syslog_facility=`cat $server_conf_file | grep '$FACILITY'` syslog_facility=`cat $server_conf_file | grep '$FACILITY'`
else else
syslog_facility='$SYSLOG_FACILITY = local7;' syslog_facility='$SYSLOG_FACILITY = "local7";'
fi fi
db_name=`cat $server_conf_file | grep '$DB_NAME'` db_name=`cat $server_conf_file | grep '$DB_NAME'`
db_user=`cat $server_conf_file | grep '$DB_USER'` db_user=`cat $server_conf_file | grep '$DB_USER'`
...@@ -281,9 +279,9 @@ $ssl_ca_file ...@@ -281,9 +279,9 @@ $ssl_ca_file
fi fi
valid_strings=`cat $server_conf_file | grep -A 3 '%VALID_STRINGS'` valid_strings=`cat $server_conf_file | grep -A 3 '%VALID_STRINGS'`
if [ -z "$valid_strings" ]; then if [ -z "$valid_strings" ]; then
valid_strings="\%VALID_STRINGS = ( valid_strings="%VALID_STRINGS = (
\'type\' => [\'portscan\', \'bruteforce\', \'probe\', \'spam\', \'phishing\', \'botnet_c_c\', \'dos\', \'malware\', \'copyright\', \'webattack\', \'test\', \'other\'], \"type\" => [\"portscan\", \"bruteforce\", \"probe\", \"spam\", \"phishing\", \"botnet_c_c\", \"dos\", \"malware\", \"copyright\", \"webattack\", \"test\", \"other\"],
\'source_type\' => [\'IP\', \'URL\', \'Reply-To:\'] \"source_type\" => [\"IP\", \"URL\", \"Reply-To:\"]
);" );"
fi fi
...@@ -340,8 +338,7 @@ $max_events_limit ...@@ -340,8 +338,7 @@ $max_events_limit
#------------------------------------------------------------------------------- #-------------------------------------------------------------------------------
# VALID_STRINGS - validation hash containing allowed event attributes # VALID_STRINGS - validation hash containing allowed event attributes
#------------------------------------------------------------------------------- #-------------------------------------------------------------------------------
$valid_strings $valid_strings" > $server_conf_file 2> $err; ret_val=`echo $?`
" > $server_conf_file 2> $err; ret_val=`echo $?`
if [ $ret_val -eq 0 ]; then if [ $ret_val -eq 0 ]; then
echo "OK" echo "OK"
...@@ -381,6 +378,7 @@ package_version=`cat ${dirname}/warden-server/etc/package_version` ...@@ -381,6 +378,7 @@ package_version=`cat ${dirname}/warden-server/etc/package_version`
[[ $prefix == */ ]] && prefix="${prefix%?}" # remove last char (slash) from prefix [[ $prefix == */ ]] && prefix="${prefix%?}" # remove last char (slash) from prefix
server_path="${prefix}/warden-server" server_path="${prefix}/warden-server"
etc="${server_path}/etc" etc="${server_path}/etc"
doc="${server_path}/doc"
old_package_version_file="${etc}/package_version" old_package_version_file="${etc}/package_version"
apache_conf_file="${etc}/warden-apache.conf" apache_conf_file="${etc}/warden-apache.conf"
client_conf_file="${etc}/warden-client.conf" client_conf_file="${etc}/warden-client.conf"
...@@ -419,13 +417,16 @@ update_warden_dir ...@@ -419,13 +417,16 @@ update_warden_dir
update_conf_files update_conf_files
echo echo
echo "Please check configuration file in ${conf_file}!" echo "Please check updated configuration files:"
echo " - $apache_conf_file"
echo " - $server_conf_file"
echo " - $client_conf_file"
echo echo
echo "Warden server directory: $server_path" echo "Warden server directory: $server_path"
echo echo
echo "Update from $old_package_version to $package_version package was SUCCESSFUL!!!" echo "Update from $old_package_version to $package_version package was SUCCESSFUL!!!"
echo echo
echo "Please follow post-update steps in ${dirname}/doc/UPDATE!" echo "Please follow post-update steps in ${doc}/UPDATE!"
echo echo
# cleanup section # cleanup section
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment