Feature #941 - update selectu, uprava casu

* Jsou opeaveny vsechny selecty, aby pracovali nad zaindexovanymi sloupci. * Je opravena prace s casem do korektniho stavu

Feature #941 - update selectu, uprava casu
ddccf8bf · Jakub Cegan · 9467d78b · ddccf8bf · ddccf8bf · ddccf8bf
Commit ddccf8bf authored 12 years ago by Jakub Cegan
--- a/src/contrib/wardenWatchdog/WardenWatchdog.conf
+++ b/src/contrib/wardenWatchdog/WardenWatchdog.conf
@@ -57,7 +57,7 @@ END;');
 #-------------------------------------------------------------------------------
 @sql_queries = (
 {query => "SELECT hostname, service, MAX(received) FROM events WHERE valid = 't' GROUP BY hostname, service ORDER BY MAX(received) ASC;", text => "Uvedeny klient, nebo klienti jiz delsi dobu nereportovali zadne udalosti do Wardenu. Je mozne, ze nefunguji spravne.", contact => 'jakubcegan@cesnet.cz, ph@cesnet.cz'},
- {query => "SELECT * FROM clients WHERE service IN (SELECT service FROM events WHERE detected > '\$date' AND type NOT IN ('portscan', 'bruteforce', 'probe', 'spam', 'phishing', 'botnet_c_c', 'dos', 'malware', 'copyright', 'webattack', 'test', 'other') AND valid = 't' GROUP BY service) GROUP BY requestor;", text => "Uvedeny klient, nebo klienti zasilaji nepodporovany nebo zastaraly typ udalosti na server Warden", contact => 'jakubcegan@cesnet.cz, ph@cesnet.cz'},
+ {query => "SELECT clients.* FROM clients JOIN events ON clients.service=events.service WHERE events.detected > '\$date' AND NOT FIND_IN_SET(events.type, 'portscan,bruteforce,probe,spam,phishing,botnet_c_c,dos,malware,copyright,webattack,test,other') AND events.valid = 't' GROUP BY requestor;", text => "Uvedeny klient, nebo klienti zasilaji nepodporovany nebo zastaraly typ udalosti na server Warden", contact => 'jakubcegan@cesnet.cz, ph@cesnet.cz'},
 {query => "SELECT hostname, service, type, COUNT(*) FROM events WHERE detected - received > 0 AND received > '$date' GROUP BY hostname, service, type;", text => "Uvedeny klient, nebo klienti odesilaji odesilaji udalosti s casem z budoucnosti. Cas prirazeny serverem pri prichodu udalosti (received) musi byt vzdy roven nebo vetsi casu detekce (detected).", contact => 'jakubcegan@cesnet.cz, ph@cesnet.cz'},
 {query => "SELECT hostname, service, received, source, count(source) AS c, min(received), max(received) FROM events WHERE valid = 't' AND source_type = 'IP' AND iptest(source) GROUP BY hostname, service, source ORDER BY c DESC;", text => "Uvedeni klient, nebo klienti odesilaji udalosti se zdrojovou adresou, ktera by se nemela objevit v internetu (privatni rozsah), nebo je neplatna (prazdny oktet, oktet je vetsi nez 255, apod.). kvuli omezeni verzi MySQL serveru funguje zatim pouze pro IPv6.", contact => 'jakubcegan@cesnet.cz, ph@cesnet.cz'});


--- a/src/contrib/wardenWatchdog/WardenWatchdog.pm
+++ b/src/contrib/wardenWatchdog/WardenWatchdog.pm
@@ -244,9 +244,9 @@ sub run{

  my $date;
  eval{
-    my $dt = DateTime->now();
-    $dt = DateTime->now()->subtract(days => $period);
-    $date = $dt->date();
+    my $dt = DateTime->now(time_zone => 'UTC')->subtract(days => $period);
+    $dt->set_time_zone('local');
+    $date = $dt->strftime("%Y-%m-%d %H:%M:%S");
  } or do {
    #print "Warden watchdog - can't work with date\n";
    syslog("Warden watchdog - can't work with date\n");

--- a/src/contrib/wardenWatchdog/WardenWatchdogOfflinecheck.conf
+++ b/src/contrib/wardenWatchdog/WardenWatchdogOfflinecheck.conf
@@ -56,35 +56,34 @@ END;');
 #              {query => ; text => ; contact => }
 #-------------------------------------------------------------------------------
 @sql_queries = (
- {query => "SELECT * FROM events WHERE (detected > NOW() OR detected < '2013-02-05 00:00:00') AND valid = 't' GROUP BY service;",
+ {query => "SELECT * FROM events WHERE received > '\$date' AND (detected > NOW() OR detected < '2013-02-05 00:00:00') AND valid = 't' GROUP BY service;",
  text => "Tito udalosti maji cas \"detected\" z doby pred spustenim Wardenu nebo z budoucnosti",
-  contact => 'jakubcegan@cesnet.cz'
- },
- {query => "SELECT * FROM clients WHERE service IN (SELECT service FROM events WHERE detected > '\$date' AND NOT FIND_IN_SET(type, 'portscan,bruteforce,probe,spam,phishing,botnet_c_c,dos,malware,copyright,webattack,test,other') AND valid = 't' GROUP BY service) GROUP BY requestor;",
+  contact => 'jakubcegan@cesnet.cz'},
+ {query => "SELECT clients.* FROM clients JOIN events ON clients.service=events.service WHERE events.detected > '\$date' AND NOT FIND_IN_SET(events.type, 'portscan,bruteforce,probe,spam,phishing,botnet_c_c,dos,malware,copyright,webattack,test,other') AND events.valid = 't' GROUP BY requestor;",
  text => "Tito klienti posilaji udalosti s \"type\", ktery neni ve slovniku",
  contact => 'jakubcegan@cesnet.cz'},
- {query => "SELECT * FROM clients WHERE service IN (SELECT service FROM events WHERE detected > '\$date' AND NOT FIND_IN_SET(source_type, 'IP,URL,Reply-To:') AND valid = 't' GROUP BY service) GROUP BY requestor;",
+ {query => "SELECT clients.* FROM clients JOIN events ON clients.service=events.service WHERE events.detected > '\$date' AND NOT FIND_IN_SET(events.source_type, 'IP,URL,Reply-To:') AND events.valid = 't' GROUP BY requestor;",
  text => "Tito klienti posilaji udalosti s \"source_type\", ktery neni ve slovniku",
  contact => 'jakubcegan@cesnet.cz'},
- {query => "SELECT * FROM clients WHERE service IN (SELECT service FROM events WHERE detected > '\$date' AND NOT FIND_IN_SET(target_proto, 'IP,HTTP,TCP,UDP') AND valid = 't' GROUP BY service) GROUP BY requestor;",
+ {query => "SELECT clients.* FROM clients JOIN events ON clients.service=events.service WHERE events.detected > '\$date' AND NOT FIND_IN_SET(events.target_proto, 'IP,HTTP,TCP,UDP') AND events.valid = 't' GROUP BY requestor;",
  text => "Tito klienti posilaji udalosti s \"target_proto\", ktery neni ve slovniku",
  contact => 'jakubcegan@cesnet.cz'},
- {query => "SELECT * FROM clients WHERE service IN (SELECT service FROM events WHERE detected > '\$date' AND  target_port NOT REGEXP ('[0-9]+') AND target_port IS NOT NULL AND valid = 't' GROUP BY service) GROUP BY requestor;",
+ {query => "SELECT clients.* FROM clients JOIN events ON clients.service=events.service WHERE events.detected > '\$date' AND events.target_port NOT REGEXP ('[0-9]+') AND events.target_port IS NOT NULL AND events.valid = 't' GROUP BY requestor;",
  text => "Tito klienti posilaji udalosti s \"target_port\", ktery neni cislo ani NULL",
  contact => 'jakubcegan@cesnet.cz'},
- {query => "SELECT * FROM clients WHERE service IN (SELECT service FROM events WHERE detected > '\$date' AND  attack_scale NOT REGEXP ('[0-9]+') AND attack_scale IS NOT NULL AND valid = 't' GROUP BY service) GROUP BY requestor;",
+ {query => "SELECT clients.* FROM clients JOIN events ON clients.service=events.service WHERE events.detected > '\$date' AND  events.attack_scale NOT REGEXP ('[0-9]+') AND  events.attack_scale IS NOT NULL AND events.valid = 't' GROUP BY requestor;",
  text => "Tito klienti posilaji udalosti s \"attack_scale\", ktery neni cislo ani NULL",
  contact => 'jakubcegan@cesnet.cz'},
- {query => "SELECT * FROM clients WHERE service IN (SELECT service FROM events WHERE detected > '\$date' AND  priority NOT REGEXP ('[0-9]+') AND priority IS NOT NULL AND valid = 't' GROUP BY service) GROUP BY requestor;",
+ {query => "SELECT clients.* FROM clients JOIN events ON clients.service=events.service WHERE events.detected > '\$date' AND  events.priority NOT REGEXP ('[0-9]+') AND  events.priority IS NOT NULL AND events.valid = 't' GROUP BY requestor;",
  text => "Tito klienti posilaji udalosti s \"priority\", ktery neni cislo ani NULL",
  contact => 'jakubcegan@cesnet.cz'},
- {query => "SELECT * FROM clients WHERE service IN (SELECT service FROM events WHERE detected > '\$date' AND  timeout NOT REGEXP ('[0-9]+') AND timeout IS NOT NULL AND valid = 't' GROUP BY service) GROUP BY requestor;",
+ {query => "SELECT clients.* FROM clients JOIN events ON clients.service=events.service WHERE events.detected > '\$date' AND  events.timeout NOT REGEXP ('[0-9]+') AND  events.timeout IS NOT NULL AND events.valid = 't' GROUP BY requestor;",
  text => "Tito klienti posilaji udalosti s \"timeout\", ktery neni cislo ani NULL",
  contact => 'jakubcegan@cesnet.cz'},
- {query => "SELECT * FROM clients WHERE service IN (SELECT service FROM events WHERE detected > '\$date' AND  attack_scale IS NOT NULL AND attack_scale < 1 AND valid = 't' GROUP BY service) GROUP BY requestor;",
+ {query => "SELECT clients.* FROM clients JOIN events ON clients.service=events.service WHERE events.detected > '\$date' AND  events.attack_scale IS NOT NULL AND  events.attack_scale < 1 AND events.valid = 't' GROUP BY requestor;",
  text => "Tito klienti posilaji udalosti s \"attack_scale\", ktery je cislo mensi nez jedna",
  contact => 'jakubcegan@cesnet.cz'},
- {query => "SELECT * FROM clients WHERE service IN (SELECT * FROM events WHERE source NOT REGEXP ('(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(\d|[1-2]\d|3[0-2]))') AND source NOT REGEXP ('^(https?://|www\\.)[\.A-Za-z0-9\-]+\\.[a-zA-Z]{2,4}') AND source NOT REGEXP ('((\w|<|>|\ |.{2}|@)+)') GROUP BY service) GROUP BY requestor;",
+ {query => "SELECT clients.* FROM clients JOIN events ON clients.service=events.service WHERE events.detected > '\$date' AND events.source NOT REGEXP ('(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(\d|[1-2]\d|3[0-2]))') AND events.source NOT REGEXP ('^(https?://|www\\.)[\.A-Za-z0-9\-]+\\.[a-zA-Z]{2,4}') AND events.source NOT REGEXP ('((\w|<|>|\ |.{2}|@)+)') GROUP BY requestor;",
  text => "Tito klienti posilaji udalosti se \"source\", ktery neni URL, IP nebo emailova adresa.",
  contact => 'jakubcegan@cesnet.cz'},
 );