Skip to content
Snippets Groups Projects

Compare revisions

Changes are shown as if the source revision was being merged into the target revision. Learn more about comparing revisions.

Source

Select target project
No results found

Target

Select target project
  • Pavel.Valach/warden
1 result
Show changes
Showing
with 0 additions and 1878 deletions
#!/bin/bash
db_file=$1
if [ $# -ne 1 ]; then
echo "Usage: $0 dbfile"
exit -1
fi
# create table events
sqlite3 $db_file "CREATE TABLE events (id INTEGER, hostname VARCHAR(256), service VARCHAR(64), detected TIMESTAMP, type VARCHAR(64), source_type VARCHAR(64), source VARCHAR(256), target_proto VARCHAR(16), target_port INT(2), attack_scale INT(4), note TEXT, priority INT(1), timeout INT(2));"
exit 0
AUTHORS AND MAINTAINERS :
PROJECT ARCHITECTS:
Pavel Kacha <ph@cesnet.cz>
Andrea Kropacova <andrea@cesnet.cz>
Jan Vykopal <vykopal@cesnet.cz>
MAIN DEVELOPERS:
Michal Kostenec <kostenec@cesnet.cz>
Tomas Plesnik <plesnik@cesnet.cz>
Jan Soukal <soukal@cesnet.cz>
TESTING:
Jakub Cegan <jakubcegan@cesnet.cz>
CONTRIBUTORS:
Radoslav Bodo <bodik@civ.zcu.cz>
Martin Drasar <drasar@ics.muni.cz>
Vit Slama <slama@cis.vutbr.cz>
COMMUNITY:
Radomir Orkac <orkac@cesnet.cz>
Daniel Studeny <Daniel.Studeny@cesnet.cz>
Pavel Vachek <Pavel.Vachek@cesnet.cz>
Martin Zadnik <izadnik@fit.vutbr.cz>
2013-11-28 v.2.2-nosoap-alpha2
--------------------------------------------------------------------------------
- replaced SOAP::Lite and LWP::Protocol::https by own Warden specific soap/http
client based on Net::SSLeay and XML::Parser
2012-12-?? v.2.2-beta version
--------------------------------------------------------------------------------
- Added support of connection timeout interval (#925)
- Added new getClientInfo() function allowing the client to see (#609)
information regarding other involved clients
- Enhanced handling of errors. Die() functions are removed from (#599)
the code, errors are handled using return values.
2013-02-05 v.2.1 stable
--------------------------------------------------------------------------------
- Minor changes in documentation
2012-11-05 v.2.1-beta version
--------------------------------------------------------------------------------
- Added WardenClientCommon.pm package containing error-handling and
connect-to-server functions
- Installation of Warden client does not require copying of certificates
and keys (#553)
- Enhanced error messages (#552)
- Reading of configuration file enhanced (#533)
- Added protection from unexpected results in XML data returned from
server (#532)
- Added support for error (debug) logging via STDERR and/or Syslog (#520,#522)
- Receiving of all types of messages now supported
- Unexpected errors does not crush the client application (#519)
- Maximum number of events received ($MAX_RCV_EVENTS_LIMIT) in one
batch can be set in etc/warden-client.conf. Default is 6000. (#504)
- Added support for batch processing (#504)
2012-07-27 v.2.0 stable version and bugfix release of warden-client-2.0.0-beta
--------------------------------------------------------------------------------
- Sender client code fixed, so that it will not terminate "parent"
application when crashed
2012-05-10 v.2.0.0-beta beta version of warden-client-2.0.0
--------------------------------------------------------------------------------
- Changed communication with server: HTTP layer added (compatible with
Apache mod_perl version of Warden server)
- Removed Linux version check in install.sh, unistall.sh and update.sh
- Removed shell (BASH) dependencies in install.sh, unistall.sh and update.sh
2012-03-30 v1.2.0 stable version and bugfix release of warden-client-1.1.0
--------------------------------------------------------------------------------
- Fixed SSL certificate/key access privileges security issue
- Fixed client crash after multiple events download
- Fixed install.sh crash when warden client installation dictionary doesn't exist
- Fixed configuration error in permission access to etc directory in update.sh
- Fixed bug in backup process in update.sh
- Fixed several small bugs/issues
2012-02-06 v1.1.0 stable version and bugfix release of warden-client-1.0.0
--------------------------------------------------------------------------------
- Fixed bug when receiving of events
- Fixed earlier declaration in same scope of variable $data
- Fixed errMsg function -> finishing by the die function
- Added client configuration module WardenClientConf.pm
- Added error message when warden server is down
- Added README.cesnet (CESNET Specifics) file
- Added uninstallation script -> uninstall.sh
- Added update script -> update.sh
- Fixed several small bugs/issues
2011-11-16 v1.0.0 stable version
--------------------------------------------------------------------------------
- Initial package of warden client
- SSL certificate authentication/authorization supported
- Automatized installation process
This code is experimental and does not yet have streamlined instalation.
Simply copy the tree into desired place (usually /opt/warden-client, or
preferably /opt/warden-client-nosoap), add necessary certificates, edit
etc/warden-client.conf to your liking and from your application import
library and call the API exactly the same way you did with original SOAP
client (see the readme or examples in doc directory).
+------------------------------------------+
| README - Warden Client 2.2-nosoap-alpha2 |
+------------------------------------------+
WARNING - this code is experimental and especially documentation may not
exactly reflect the exact state of affairs.
Content
A. Overall Information
B. Installation Dependencies
C. Installation, Configuration, Registration, Usage
--------------------------------------------------------------------------------
A. Overall Information
1. About Warden Client
Warden is a client-based architecture service designed to share detected
security events (issues) among CSIRT and CERT teams in a simple and fast
way.
This package offers a client capable of both reporting events to server and
retreiving batch of new events from server. It consists of several Perl
modules/libraries which should be included into detection applications.
This is experimental version of Warden client without dependence on
SOAP::Lite and LWP::Protocol::https. However it is designed to work with
existing SOAP capable Warden server and expose exactly the same API as
SOAP::Lite based client (so there's no need for any changes in existing
applications whatsoever).
--------------------------------------------------------------------------------
B. Installation Dependencies
Perl >= 5.10.1
Net::SSLeay >= 1.55
XML::Parser >= 2.41
FindBin >= 1.50
DateTime >= 0.61
Carp >= 1.11
--------------------------------------------------------------------------------
C. Installation, Configuration, Registration, Usage
This code is experimental and does not yet have streamlined instalation.
Simply copy the tree into desired place (usually /opt/warden-client, or
preferably /opt/warden-client-nosoap), add necessary certificates, edit
etc/warden-client.conf to your liking and from your application import
library and call the API exactly the same way you did with original SOAP
client (see the readme or examples in doc directory).
For configuration, registration and usage please refer to documentation
of original SOAP based Warden client.
--------------------------------------------------------------------------------
Copyright (C) 2011-2013 Cesnet z.s.p.o
+-----------------------------------+
| README.cesnet - Warden Client 2.1 |
| |
| CESNET Specifics |
+-----------------------------------+
Content
A. Overall Information
B. Registration
C. Description tags
D. Types of events
E. Configuration
F. Testing
G. Authors of this document
--------------------------------------------------------------------------------
A. Overall Information
1. About CESNET Warden Server
Warden is a client-based architecture service designed to share detected
security events (issues) among CSIRT and CERT teams in a simple and fast way.
CESNET offers Warden server for security events exchange within its networks.
2. Version
2.1 (2013-02-05)
--------------------------------------------------------------------------------
B. Registration
Client attempting to communicate with CESNET Warden server must be
registered. Registration is currently provided by Tomas Plesnik at
mail address plesnik@ics.muni.cz and following information is needed:
* For sender client:
- hostname of the machine, where client runs,
- client type = sender,
- name of the detection service (for example 'ScanDetector'),
- description tags of sent events (see below)
- CIDR from which client will communicate with Warden server.
* For receiver client:
- hostname of the machine, where client runs,
- client type = receiver,
- whether client should receive all events, or type of requested
events (for example 'portscan', see below) otherwise
- receiving of sent events from my organization = yes/no (organizations
are separated based on the top-level and second-level domain),
- CIDR from which client will communicate with Warden server.
Clients need to have valid certificate to prove their identity to the
Warden server. For CESNET network, 'server' type certificate from Terena
Certificate Service (provided by Comodo) is needed. Hostname of the
machine must correspond with certificate subject, Alternative Name
extension is not supported. Administrator of Warden client must be
entitled to obtain this certificate. CESNET TCS request service
interface resides at
https://tcs.cesnet.cz/
--------------------------------------------------------------------------------
C. Description tags
Tags are case insensitive alphanumeric strings, designed to allow event
receivers to do more general filtering according to event source. Receiver
can for example decide to use only events originating at honeypots, or
filter out events, generated by human conclusions or correlation engines.
Sender client specifies its descriptive tags during registration, it is
up to client administrator's judgment to select or omit any particular tag.
Currently tags fall into four general categories - based on event medium,
data source, detection methodology and detector or analyzer product name.
Product name tag is free to choose if same product name was not yet
accepted by registrar, otherwise existing form must be used (registrar will
notify about such cases).
Categories list is certainly not complete. Therefore if new client's
administrator feels that name or type of important feature of his (or
others) detector is not covered, providers of Warden server are glad to
discuss it at registration address or at Warden project mailing list
(warden@cesnet.cz).
However, it may or may not be accepted, as aim is to keep the list of
categories possibly unambiguous, short and usable.
Following is grouped list of tags together with closer description and
examples.
1. Detection medium
* Network - network data based (Snort, Suricata, Bro, FTAS, LaBrea, Kippo,
Dionaea)
* Host - host based (Swatch, Logcheck)
* Correlation - corellation engines (Prelude, OSSIM)
* External - credible external sources (incident reporting, ticket
systems, human verified events)
2. Data source
* Content - datagram content based detectors (Snort, Bro)
* Flow - netflow based (FTAS, FlowMon, HoneyScan)
* Connection - connection data (portscan, portsweep)
* Data - application data based (SpamAssassin, antiviruses)
* Log - based on system logs, where more specific source is not
applicable (Swatch, Logcheck, SSH scans)
* IR - incident reporting, ticket systems, human verified events
3. Detection methodology
* Honeypot (LaBrea, Kippo, Dionaea)
* Antispam (SpamAssassin, Bogofilter, CRM114, Policyd, greylisting)
* Antivirus (ClamAV)
* IDS - IDS/IPS, Snort, Suricata, Bro
4. Detector/analyzer product name examples
* Snort, FTAS, SpamAssassin, LaBrea, Swatch, Prelude, Kippo, Dionaea
--------------------------------------------------------------------------------
D. Types of events
Event types purpose is to allow event receivers to filter and/or categorise
particular events according to attack characteristics. Types are loosely
chosen as list of common security incidents nowadays observed. List is by no
means complete, however it was created based on expected use cases at
receiving places. Possibility of a new type is also open to discussion.
* portscan - TCP/UDP port scanning/sweeping
* bruteforce - dictionary/bruteforce attack to services authentication
* probe - other connection attempts (for example ICMP) or
unrecognized/undecided portscan or bruteforce
* spam - unsolicited commercial email (except phishing)
* phishing - email, trying to scam user to revealing personal information
(possibly by some other channel)
* botnet_c_c - botnet command & control master machine
* dos - (possibly distributed) denial of service attack
* malware - virus/malware sample
* copyright - copyright infringement
* webattack - web application attack
* test - clients can use these at will when debugging/testing, these
messages will be processed and stored, but ignored later
* other - the rest, uncategorizable yet
In case of complex scenarios with structured info more events with
particular parts of information can be created.
--------------------------------------------------------------------------------
E. Configuration
CESNET Warden server resides at URI 'https://warden.cesnet.cz:443/Warden'.
--------------------------------------------------------------------------------
F. Testing
For testing purposes of sender clients, event type 'test' can be used.
These events will end up in server database, but will not be taken
further into consideration.
--------------------------------------------------------------------------------
G. Authors of this document
Pavel Kacha <ph@cesnet.cz>
Jan Soukal <soukal@ics.muni.cz>
Copyright (C) 2011-2013 Cesnet z.s.p.o
#!/usr/bin/perl -w
#
# Copyright (C) 2011-2013 Cesnet z.s.p.o
#
# Use of this source is governed by a BSD-style license, see LICENSE file.
use strict;
use DateTime;
use Getopt::Long;
#-------------------------------------------------------------------------------
# Warden 2.2. Command-line Client, Sender
#
# Command-line warden-client sender. For detailed info how to use particular
# variables and/or values see warden-client/doc/README file.
#-------------------------------------------------------------------------------
#-------------------------------------------------------------------------------
# Preparation of event attributes.
# Mandatory attributes
my $opt_s; # service
my $opt_t = "" . DateTime->from_epoch(epoch => time()) . ""; # time of detection
my $opt_e; # type of detected event
my $opt_o; # event source type
# Optional attributes
my $opt_v = ""; # event source value
my $opt_p = ""; # target protocol
my $opt_r = ""; # target port
my $opt_a = ""; # attack scale
my $opt_n = ""; # note
# Other attributes
my $opt_w = "../../warden-client"; # path to warden directory
my $opt_h; # display help
# Check whether mandatory fields are given. Otherwise print help and exit.
if (!GetOptions("service|s=s" => \$opt_s,
"timestamp|t=s" => \$opt_t,
"event-type|e=s" => \$opt_e,
"source-type|o=s" => \$opt_o,
"source-value|v=s" => \$opt_v,
"proto|p=s" => \$opt_p,
"port|r=i" => \$opt_r,
"attack-scale|a=i" => \$opt_a,
"note|n=s" => \$opt_n,
"warden-dir|w=s" => \$opt_w,
"help|h" => \$opt_h) ||
!defined($opt_s) || !defined($opt_e) || !defined($opt_o) ||
$opt_h) {
print "\nAbout command-line-sender.pl\n";
print "\n Script is supposed to be used as a simple command-line warden client that can send one event to the warden server at a time. For more information about the Warden system and it's events' structure, please see warden-client/doc/README file.\n";
print "\nUsage:\n\n ./command-line-sender.pl -s <service> -e <event_type> -o <source_type> [-t <timestamp_of_detection>] [-v <source>] [-p <protocol>] [-r <port>] [-a <attack_scale>] [-n <note>] [-w <warden_directory>] [-h]\n";
print "\nArguments:\n\n";
print " -s SERVICE, --service=SERVICE - Name of detection service\n\n";
print " -e EVENT_TYPE, --event-type=EVENT_TYPE - Type of detected event\n\n";
print " -o SOURCE_TYPE, --source-type=SOURCE_TYPE - Type of detected event\'s source\n\n";
print "\n";
print "Optional (but important) arguments:\n\n";
print " -t TIMESTAMP, --timestamp=TIMESTAMP - Timestamp of detection.\n";
print " Default is current system time (" . DateTime->from_epoch(epoch => time()) . ")\n\n";
print " -v SOURCE_VALUE, --source-value=SOURCE_VALUE - Source of detected event\n\n";
print " -p PROTO, --proto=PROTO - Protocol\n\n";
print " -r PORT, --port=PORT - Port\n\n";
print " -a ATTACK_SCALE, --attack-scale=ATTACK_SCALE - Scale of detected event\n\n";
print " -n NOTE, --note=NOTE - Note, comment or other data\n\n";
print " -w WARDEN_DIR, --warden-dir=WARDEN_DIR - Path to the warden-client directory. Default is \'../../warden-client\'\n\n";
print " -h, --help - Print help\n\n";
print "\nExample #1: ./command-line-sender.pl -s PhishTracker -e webattack -o URL -v 123.123.098.098 -p TCP -r 443 -a 100 -n \"important notice\"\n";
print "\nExample #2: ./command-line-sender.pl --service=ScanGuardian --event-type=portscan --source-type=IP --timestamp=\"2013-04-25T13:36:31\" --source-value=\"123.123.1.23\" --proto=TCP --port=25 --attack-scale=1234 --note=\"The very first run of ScanGuardian :)\" --warden-dir \"/opt/warden/warden-client\"\n";
print "\nNOTE: For more information how to use particular values see warden-client/doc/README file.\n\n";
exit 0;
}
my @event = ($opt_s, $opt_t, $opt_e, $opt_o, $opt_v,
$opt_p, $opt_r, $opt_a, $opt_n);
#-------------------------------------------------------------------------------
# Use of warden-client sender.
# Path to warden-client folder
my $warden_path = $opt_w;
# Inclusion of warden-client sender module
require $warden_path . '/lib/WardenClientSend.pm';
# Sending event to Warden server
WardenClientSend::saveNewEvent($warden_path, \@event);
exit 0;
#!/usr/bin/perl -w
#
# Copyright (C) 2011-2013 Cesnet z.s.p.o
#
# Use of this source is governed by a BSD-style license, see LICENSE file.
use strict;
#------------------------------------------------------------------------------
# Warden 2.2 Client, Info, Example
#
# Simple use of warden-client Info functionality to receive information about
# client registered to Warden server. This code illustrates how to integrate
# warden-client info functionality into local applications.
#------------------------------------------------------------------------------
#------------------------------------------------------------------------------
# This code should developer add into his/her application.
# Path to warden-client directory
my $warden_path = '/opt/warden-client/';
# Inclusion of warden-client receiving functionality
require $warden_path . '/lib/WardenClientCommon.pm';
my @clients = WardenClientCommon::getClientsInfo($warden_path) or exit 1; # receive data or exit
print "+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+\n";
print "| Client ID | Hostname | Registered | Requestor | Service | CT | Type | ROE | Description tags | IP Net Client |\n";
print "+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+\n";
foreach (@clients) {
printf("| %-10s ", $_->{'client_id'} || "NULL");
printf("| %-30s ", $_->{'hostname'} || "NULL");
printf("| %19s ", $_->{'registered'} || "NULL");
printf("| %-23s ", $_->{'requestor'} || "NULL");
printf("| %-25s ", $_->{'service'} || "NULL");
printf("| %-2s ", $_->{'client_type'} || "NULL");
printf("| %-15s ", $_->{'type'} || "NULL");
printf("| %-4s ", $_->{'receive_own_events'} || "NULL");
printf("| %-50s ", $_->{'description_tags'} || "NULL");
printf("| %-18s |\n", $_->{'ip_net_client'} || "NULL");
}
print "+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+\n";
print "\n";
print "Current registered clients in: " . scalar localtime(time) . "\n";
exit 0;
#!/usr/bin/perl -w
#
# Copyright (C) 2011-2013 Cesnet z.s.p.o
#
# Use of this source is governed by a BSD-style license, see LICENSE file.
use strict;
#------------------------------------------------------------------------------
# Warden 2.2 Client, Receiver, Example
#
# Simple use of warden-client receiver functionality to download new events
# from # Warden server. This code illustrates how to integrate warden-client
# receive functionality into local applications.
#------------------------------------------------------------------------------
#------------------------------------------------------------------------------
# This code should developer add into his/her application.
# Path to warden-client directory
my $warden_path = '/opt/warden-client/';
# Inclusion of warden-client receiving functionality
require $warden_path . '/lib/WardenClientReceive.pm';
# Definition of requested event type. This attributes is also set on server
# and must not change.
my $requested_type = "portscan";
#------------------------------------------------------------------------------
# Simple code that prints out new events obtained from Warden server.
print "+------------------------------------------------------------------------------------------------------------------------------------------+\n";
print "| id | hostname | service | detected | type | source_type | source | target_proto | target_port | attack_scale | note | priority | timeout |\n";
print "+------------------------------------------------------------------------------------------------------------------------------------------+\n";
# Download of new evetns from Warden server
while (my @new_events = WardenClientReceive::getNewEvents($warden_path, $requested_type)) {
foreach my $event_ref (@new_events) {
my @event = @$event_ref;
print "| " . join(' | ', map { $_ || '' } @event) . " |" . "\n";
}
print "+------------------------------------------------------------------------------------------------------------------------------------------+\n";
}
print "+------------------------------------------------------------------------------------------------------------------------------------------+";
print "\n";
print "Last events in: " . scalar(localtime(time)) . "\n";
exit 0;
#!/usr/bin/perl -w
#
# Copyright (C) 2011-2013 Cesnet z.s.p.o
#
# Use of this source is governed by a BSD-style license, see LICENSE file.
use Switch;
use strict;
use DateTime;
my $warden_path = '/opt/warden-client';
require $warden_path . '/lib/WardenClientSend.pm';
my $service = "test";
# service is needed in authorization process of the client,
# therefore it can not be set randomly
#switch (int(rand(3) + 0.5)) {
# case 1 { $service = 'ScanDetector'; }
# case 2 { $service = 'PhiGaro'; }
# case 3 { $service = 'HoneyScan'; }
# }
my $detected = DateTime->from_epoch(epoch => time());
my $type = "";
switch (int(rand(10) + 0.5)) {
case 1 { $type = 'portscan'; }
case 2 { $type = 'bruteforce'; }
case 3 { $type = 'spam'; }
case 4 { $type = 'phishing'; }
case 5 { $type = 'botnet_c_c'; }
case 6 { $type = 'dos'; }
case 7 { $type = 'malware'; }
case 8 { $type = 'copyright'; }
case 9 { $type = 'webattack'; }
case 10 { $type = 'other'; }
}
my $source_type = "";
switch (int(rand(3) + 0.5)) {
case 1 { $source_type = 'IP'; }
case 2 { $source_type = 'URL'; }
case 3 { $source_type = 'Reply-To:'; }
}
my $source = (int(rand(254) + 0.5) + 1) . "." . (int(rand(254) + 0.5) + 1) . "." . (int(rand(254) + 0.5) + 1) . "." . (int(rand(254) + 0.5) + 1);
my $target_proto = "";
switch (int(rand(2) + 0.5)) {
case 1 { $target_proto = 'TCP'; }
case 2 { $target_proto = 'UDP'; }
}
my $target_port = "";
switch (int(rand(6) + 0.5)) {
case 1 { $target_port = '22'; }
case 2 { $target_port = '23'; }
case 3 { $target_port = '25'; }
case 4 { $target_port = '443'; }
case 5 { $target_port = '3389'; }
case 6 { $target_port = 'null'; }
}
my $attack_scale = (int(rand(100000) + 0.5) + 1000);
my $note = "tohle je takova normalni jednoducha poznamka";
my $priority = int(rand(255) + 0.5);
my $timeout = int(rand(255) + 0.5);
my @event = (
$service, # $service
"$detected", # $detected
$type, # $type
$source_type, # $source_type
$source, # $source
$target_proto, # $target_proto
$target_port, # $target_port
$attack_scale, # $attack_scale
$note, # $note
$priority, # $priority
$timeout, # $timeout
);
WardenClientSend::saveNewEvent($warden_path, \@event);
#foreach (@event) {
# print "$_\n";
#}
#!/usr/bin/perl -w
#
# Copyright (C) 2011-2013 Cesnet z.s.p.o
#
# Use of this source is governed by a BSD-style license, see LICENSE file.
use strict;
use DateTime;
#-------------------------------------------------------------------------------
# Warden 2.2. Client, Sender, Example
#
# Sample script using warden-client sending functionality. This example is not
# intended to be a standalone script. It only shows how to use warden-client
# functionality.
#-------------------------------------------------------------------------------
#-------------------------------------------------------------------------------
# Preparation of event attributes.
# This should be handled by detection application.
my $local_detected = DateTime->from_epoch(epoch => time());
my $service = "test";
my $detected = "$local_detected";
my $type = "portscan";
my $source_type = "IP";
my $source = "123.123.123.123";
my $target_proto = "TCP";
my $target_port = "22";
my $attack_scale = "1234567890";
my $note = "important note or comment";
my $priority = 1;
my $timeout = 20;
my @event = ($service, $detected, $type, $source_type, $source,
$target_proto, $target_port, $attack_scale, $note,
$priority, $timeout );
#-------------------------------------------------------------------------------
# Use of warden-client sender.
# This code should developer add to his/her detection application
# (with corresponding paths appropriately changed).
# Path to warden-client folder
my $warden_path = '/opt/warden-client';
# Inclusion of warden-client sender module
require $warden_path . '/lib/WardenClientSend.pm';
# Sending event to Warden server
for (my $i = 0; $i < 10; $i++) {
print "Sending $i-st event on server\n";
WardenClientSend::saveNewEvent($warden_path, \@event);
}
exit 0;
warden-client-2.2-nosoap-alpha
#
# warden-client.conf - configuration file for the warden sender/receiver client
#
#-------------------------------------------------------------------------------
# URI - URI address of Warden server
#-------------------------------------------------------------------------------
$URI = "https://warden-sandbox.cesnet.cz:443/Warden";
#-------------------------------------------------------------------------------
# SSL_KEY_FILE - path to client SSL certificate key file
#-------------------------------------------------------------------------------
$SSL_KEY_FILE = "/opt/warden-client/etc/warden-client-key.pem";
#-------------------------------------------------------------------------------
# SSL_CERT_FILE - path to client SSL certificate file
#-------------------------------------------------------------------------------
$SSL_CERT_FILE = "/opt/warden-client/etc/warden-client-cert.pem";
#-------------------------------------------------------------------------------
# SSL_CA_FILE - path to CA certificate file
#-------------------------------------------------------------------------------
$SSL_CA_FILE = "/opt/warden-client/etc/tcs-ca-bundle.pem";
#-------------------------------------------------------------------------------
# MAX_RCV_EVENTS_LIMIT - maximum number of events the client is allowd to get
# from the Warden server in one batch
#-------------------------------------------------------------------------------
$MAX_RCV_EVENTS_LIMIT = 6000; #consumes app. 250 MB of memory
# !WARNING! - CONNECTION_TIMEOUT is not supported in nosoap client because of
# lack of support in Net::SSLeay
#-------------------------------------------------------------------------------
# CONNECTION_TIMEOUT - interval in seconds to timeout connection with Warden
# server. If your client timeouts, consider using higher
# timeout number. Also, in case of receiving clients, you
# can optimize the MAX_RCV_EVENTS_LIMIT value.
#-------------------------------------------------------------------------------
$CONNECTION_TIMEOUT = 60;
#-------------------------------------------------------------------------------
# Log options
#
# LOG_STDERR, LOG_SYSLOG - hide (0) or allow (1) error reporting on STDERR
# and/or to Syslog
# LOG_STDERR_VERBOSE, LOG_SYSLOG_VERBOSE - print only error message without
# a stack (0) or print debug info
# including err. message and stack (1)
#-------------------------------------------------------------------------------
$LOG_STDERR = 1;
$LOG_SYSLOG = 0;
$LOG_SYSLOG_FACILITY = "local7";
$LOG_VERBOSE = 1;
1;
#!/usr/bin/perl -w
#
# WardenClientCommon.pm
#
# Copyright (C) 2011-2012 Cesnet z.s.p.o
#
# Use of this source is governed by a BSD-style license, see LICENSE file.
package WardenClientCommon;
use strict;
use Carp;
use Sys::Syslog;
use Net::SSLeay qw(post_https make_headers make_form
load_error_strings
set_cert_and_key set_fd
get_peer_certificate ssl_write_all
print_errs die_if_ssl_error die_now ssl_read_all);
use XML::Parser;
our $VERSION = "2.2";
#-------------------------------------------------------------------------------
# errMsg - prints error msg and returns undef or prints warning and returns 1
#-------------------------------------------------------------------------------
sub errMsg
{
my $msg = shift;
my $type = shift;
defined $type or $type = "err"; # default type is err. Other: warn
# is this error report and is Verbose logging mode enabled?
if (($type eq "err") && ($WardenClientConf::LOG_VERBOSE)) { # user wants to log debug information
$msg .= "\nStack info: " . Carp::longmess();
}
# log into STDERR?
if ($WardenClientConf::LOG_STDERR) {
print STDERR $msg . "\n";
}
# log into Syslog?
if ($WardenClientConf::LOG_SYSLOG) {
openlog("Warden-client:", "pid", "$WardenClientConf::LOG_SYSLOG_FACILITY");
syslog("$type|$WardenClientConf::LOG_SYSLOG_FACILITY", $msg . "\n");
closelog();
}
if ($type eq 'warn') { # case of 'warn'
return 1;
} else { # case of 'err'
return;
}
} # End of errMsg
#-------------------------------------------------------------------------------
# https_send_receive - send $out_message, return (data, http error, headers)
#-------------------------------------------------------------------------------
sub https_send_receive
{
my ($dest_serv, $port, $out_message, $crt_path, $key_path, $ca_path) = @_;
my ($ctx, $ssl, $res, $errs);
($res, $errs) = Net::SSLeay::open_tcp_connection($dest_serv, $port);
goto final unless $res;
# SSLeay init
load_error_strings();
Net::SSLeay::SSLeay_add_ssl_algorithms();
Net::SSLeay::randomize();
# Setup and configure protocol context
$ctx = Net::SSLeay::new_x_ctx();
goto cleanup2 if $errs = print_errs('CTX_new') or !$ctx;
Net::SSLeay::CTX_set_options($ctx, &Net::SSLeay::OP_ALL);
goto cleanup2 if $errs = print_errs('CTX_set_options');
# Setup certificates
warn "Cert `$crt_path' given without key" if $crt_path && !$key_path;
set_cert_and_key($ctx, $crt_path, $key_path) if $crt_path;
# Set allowed CAs and require Warden server peer verify
Net::SSLeay::CTX_load_verify_locations($ctx, $ca_path, '');
goto cleanup2 if $errs = print_errs('CTX_load_verify_locations');
Net::SSLeay::CTX_set_verify($ctx, &Net::SSLeay::VERIFY_PEER, 0);
goto cleanup2 if $errs = print_errs('CTX_set_verify');
# Create SSL session
$ssl = Net::SSLeay::new($ctx);
goto cleanup if $errs = print_errs('SSL_new') or !$ssl;
# Attach filehandle and connect
set_fd($ssl, fileno(Net::SSLeay::SSLCAT_S));
goto cleanup if $errs = print_errs('set_fd');
$res = Net::SSLeay::connect($ssl);
goto cleanup_shut if $errs = print_errs('SSL_connect');
# Ok, exchange data
($res, $errs) = ssl_write_all($ssl, $out_message);
goto cleanup_shut unless $res;
($res, $errs) = ssl_read_all($ssl);
cleanup_shut:
shutdown Net::SSLeay::SSLCAT_S, 2;
cleanup:
Net::SSLeay::free ($ssl);
$errs .= print_errs('SSL_free');
cleanup2:
Net::SSLeay::CTX_free ($ctx);
$errs .= print_errs('CTX_free');
close Net::SSLeay::SSLCAT_S;
final:
$res = "HTTP/1.0 900 NET OR SSL ERROR\r\n\r\n$errs\r\n\r\n$res" if $errs;
my ($prolog, $data) = split /\s?\n\s?\n/, $res, 2;
my ($ret, $headers) = split /\s?\n/, $prolog, 2;
return wantarray ? ($data, $ret, $headers) : $data;
}
#-------------------------------------------------------------------------------
# expat2hash - convert convoluted expat list of lists to simpler hash
#-------------------------------------------------------------------------------
sub expat2hash {
my $l = shift;
# send XML attributes to the fiery pits of hell
if (ref($l->[0]) eq "HASH") {
shift(@{$l});
}
my $res = {};
while (scalar(@{$l})!=0) {
my $key = shift(@{$l});
my $value = shift(@{$l});
if (ref($value) eq "ARRAY") {
# process sublists recursively
$value = expat2hash($value);
}
push(@{$res->{$key}}, $value);
};
# flatten list singles
# special case warden events to simplify access, we want
# them in list even if only single event arrives
for my $key (keys %{$res}) {
if (scalar(@{$res->{$key}})==1 and not ($key eq 'event')) {
$res->{$key} = $res->{$key}->[0];
}
}
# nil values yield empty hashes now
if (!%{$res}) {
undef $res;
}
# flatten XML text node singles
elsif (scalar(keys(%{$res}))==1 and exists $res->{'0'}) {
$res = $res->{'0'};
};
return $res;
}
#-------------------------------------------------------------------------------
# hash2soapquery - convert parameters from hash into SOAP query payload
#-------------------------------------------------------------------------------
sub hash2soapquery {
my ($server, $port, $service, $method, $data) = @_;
my @datalist;
while (my ($key, $value) = each %{$data} )
{
if (!defined $value) {
push @datalist, "<$key xsi:nil=\"true\" />"
} elsif ($value =~ /^[+-]?\d+\z/) {
push @datalist, "<$key xsi:type=\"xsd:int\">$value</$key>"
} else {
push @datalist, "<$key xsi:type=\"xsd:string\">$value</$key>"
}
}
my $payload =
'<?xml version="1.0" encoding="UTF-8"?>' .
'<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" soap:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">' .
'<soap:Body>' .
"<$method xmlns=\"Warden\">" .
'<request>' .
join("", @datalist) .
'</request>' .
"</$method>" .
'</soap:Body>' .
'</soap:Envelope>';
my $paylen = length($payload);
my $header =
"POST /$service HTTP/1.1\r\n" .
"Host: $server:$port\r\n" .
"Content-Type: application/soap+xml; charset=utf-8\r\n" .
"Content-Length: $paylen\r\n" .
"SOAPAction: \"http://www.w3.org/2003/05/soap-envelope\"\r\n" .
"\r\n";
return $header . $payload;
}
#-------------------------------------------------------------------------------
# c2s - connect to server, send request and receive response
#-------------------------------------------------------------------------------
sub c2s
{
my $uri = shift;
my $ssl_key_file = shift;
my $ssl_cert_file = shift;
my $ssl_ca_file = shift;
my $method = shift;
my $data = shift;
my $client;
my ($server, $port, $service) = $uri =~ /https:\/\/(.+)\:(\d+)\/(.+)/;
# format HTTP request
my $message = hash2soapquery($server, $port, $service, $method, $data);
my ($res, $err);
eval {
($res, $err, undef) = https_send_receive($server, $port, $message, $ssl_cert_file, $ssl_key_file, $ssl_ca_file)
} or return errMsg('Unknown error in c2s() sending SOAP data, ' . $@);
# check HTTP error
my ($code) = $err =~ /[^ ]* ([^ ]*) /;
if ($code != "200") {
return errMsg("Server returned HTTP error: $err.");
}
# check server response
if (!defined $res) {
return errMsg("Server returned empty response. Problem with used SSL ceritificates or Warden server at $server:$port is down.");
}
# deserialize response from server
my $result;
eval {
my $parser = XML::Parser->new(Style => "Tree", ErrorContext => 2);
$result = expat2hash($parser->parse($res));
} or return errMsg('Unknown error in SOAP data deserialization. Received data: ' . $res . ', ' . $@);
# Flatten unneeded branches if structure is sane
unless (exists($result->{'soap:Envelope'}) and exists($result->{'soap:Envelope'}->{'soap:Body'})) {
return errMsg('Server returned unexpected SOAP response. Received data: ' . $res);
}
$result = $result->{'soap:Envelope'}->{'soap:Body'};
return $result;
}
#-------------------------------------------------------------------------------
# getClientsInfo - retrieve information about other clients from Warden server
#-------------------------------------------------------------------------------
sub getClientsInfo
{
my $warden_path = shift;
my $etcdir = $warden_path . "/etc/";
my $libdir = $warden_path . "/lib/";
require $libdir . "WardenClientConf.pm";
# read the config file
my $conf_file = $etcdir . "warden-client.conf";
WardenClientConf::loadConf($conf_file);
# c2s() returns undef on fail
my $response = c2s($WardenClientConf::URI, $WardenClientConf::SSL_KEY_FILE, $WardenClientConf::SSL_CERT_FILE, $WardenClientConf::SSL_CA_FILE, "getClientInfo");
defined $response or return; # receive data or return undef
# parse returned SOAP data object with clients
my @clients;
my ($client_id, $hostname, $registered, $requestor, $service, $client_type, $type, $receive_own_events, $description_tags, $ip_net_client);
my @response_list = $response->valueof('/Envelope/Body/getClientInfoResponse/client/');
while (scalar @response_list) {
my $response_data = shift(@response_list);
my %client;
$client{'client_id'} = $response_data->{'CLIENT_ID'} ;
$client{'hostname'} = $response_data->{'HOSTNAME'};
$client{'registered'} = $response_data->{'REGISTERED'};
$client{'requestor'} = $response_data->{'REQUESTOR'};
$client{'service'} = $response_data->{'SERVICE'};
$client{'client_type'} = $response_data->{'CLIENT_TYPE'};
$client{'type'} = $response_data->{'TYPE'};
$client{'receive_own_events'} = $response_data->{'RECEIVE_OWN_EVENTS'};
$client{'description_tags'} = $response_data->{'DESCRIPTION_TAGS'};
$client{'ip_net_client'} = $response_data->{'IP_NET_CLIENT'};
# push received clients from warden server into @clients which is returned
push (@clients,\%client);
}
return @clients;
}
1;
#!/usr/bin/perl -w
#
# WardenClientConf.pm
#
# Copyright (C) 2011-2013 Cesnet z.s.p.o
#
# Use of this source is governed by a BSD-style license, see LICENSE file.
package WardenClientConf;
use strict;
# preset of default variables
our $URI = undef;
our $SSL_KEY_FILE = undef;
our $SSL_CERT_FILE = undef;
our $SSL_CA_FILE = undef;
our $MAX_RCV_EVENTS_LIMIT = undef;
our $LOG_STDERR = 1;
our $LOG_SYSLOG = 0;
our $LOG_SYSLOG_FACILITY = "local7";
our $LOG_VERBOSE = 0;
our $CONNECTION_TIMEOUT = 60;
our $VERSION = "2.2";
sub loadConf
{
my $conf_file = shift;
# load configuration variables set by user
unless (do $conf_file) {
die("Errors in config file '$conf_file': $@") if $@;
die("Can't read config file '$conf_file': $!") unless defined $_;
# if $_ defined, it's retvalue of last statement of conf, for which we don't care
}
}
1;
#!/usr/bin/perl -w
#
# WardenClientReceive.pm
#
# Copyright (C) 2011-2012 Cesnet z.s.p.o
#
# Use of this source is governed by a BSD-style license, see LICENSE file.
package WardenClientReceive;
use strict;
use FindBin;
use Sys::Syslog;
our $VERSION = "2.2";
#-------------------------------------------------------------------------------
# getNewEvents - get new events from warden server greater than last received ID
#-------------------------------------------------------------------------------
sub getNewEvents
{
my @events;
my $warden_path = shift;
my $requested_type = shift;
my $vardir = $warden_path . "/var/";
my $etcdir = $warden_path . "/etc/";
my $libdir = $warden_path . "/lib/";
require $libdir . "WardenClientConf.pm";
require $libdir . "WardenClientCommon.pm";
# read the config file
my $conf_file = $etcdir . "warden-client.conf";
WardenClientConf::loadConf($conf_file);
# set name of ID file for each client aplication
my ($caller_name) = ($FindBin::Script =~ /^(.*)$/); # untaint
my $id_file = $vardir . $caller_name . "-". ($requested_type || "any") . ".id";
#-----------------------------------------------------------------------------
# get last ID from ID file (if exist) or
# get last ID from warden server DB and save it into ID file
my $last_id;
if (-e $id_file) {
open(ID, "< $id_file") or return WardenClientCommon::errMsg("Cannot open ID file $id_file: $!");
foreach(<ID>) {
$last_id = $_;
}
close ID;
} else {
# c2s() returns undef on fail
my $response = WardenClientCommon::c2s($WardenClientConf::URI, $WardenClientConf::SSL_KEY_FILE, $WardenClientConf::SSL_CERT_FILE, $WardenClientConf::SSL_CA_FILE, "getLastId");
defined $response or return; # receive data or return undef
# SOAP generates random names for unnamed return values, we sidestep through array
my @last_id = values(%{$response->{'getLastIdResponse'}});
$last_id = $last_id[0];
open(ID, "> $id_file") or return WardenClientCommon::errMsg("Cannot open ID file $id_file: $!");
print ID $last_id;
close ID;
}
#-----------------------------------------------------------------------------
# get new events from warden server DB based on gathered last ID
my %request_data = (
"REQUESTED_TYPE" => $requested_type,
"LAST_ID" => $last_id,
"MAX_RCV_EVENTS_LIMIT" => $WardenClientConf::MAX_RCV_EVENTS_LIMIT
);
# call server method getNewEvents
my $response = WardenClientCommon::c2s($WardenClientConf::URI, $WardenClientConf::SSL_KEY_FILE, $WardenClientConf::SSL_CERT_FILE, $WardenClientConf::SSL_CA_FILE, "getNewEvents", \%request_data);
defined $response or return; # connect to warden server or return undef
# parse returned SOAP data object
my ($id, $hostname, $service, $detected, $type, $source_type, $source, $target_proto, $target_port, $attack_scale, $note, $priority, $timeout);
my $response_list = ($response->{'getNewEventsResponse'}->{'event'} or []);
while (scalar @{$response_list}) {
my $response_data = shift(@{$response_list});
my @event;
# parse items of one event
$id = $response_data->{'ID'};
$hostname = $response_data->{'HOSTNAME'};
$service = $response_data->{'SERVICE'};
$detected = $response_data->{'DETECTED'};
$type = $response_data->{'TYPE'};
$source_type = $response_data->{'SOURCE_TYPE'};
$source = $response_data->{'SOURCE'};
$target_proto = $response_data->{'TARGET_PROTO'};
$target_port = $response_data->{'TARGET_PORT'};
$attack_scale = $response_data->{'ATTACK_SCALE'};
$note = $response_data->{'NOTE'};
$priority = $response_data->{'PRIORITY'};
$timeout = $response_data->{'TIMEOUT'};
# push new event from warden server into @events which is returned
@event = ($id, $hostname, $service, $detected, $type, $source_type, $source, $target_proto, $target_port, $attack_scale, $note, $priority, $timeout);
push (@events, \@event);
# set maximum received ID from current batch
if ($id > $last_id) {
$last_id = $id;
}
} #end of while loop
# write last return ID
if (defined $last_id) { # must be defined for first check ID
open(ID, "> $id_file") or return WardenClientCommon::errMsg("Cannot open ID file $id_file: $!");
print ID $last_id;
close ID;
}
return @events;
} # End of getNewEvents
1;
#!/usr/bin/perl -w
#
# WardenClientSend.pm
#
# Copyright (C) 2011-2012 Cesnet z.s.p.o
#
# Use of this source is governed by a BSD-style license, see LICENSE file.
package WardenClientSend;
use strict;
use Sys::Syslog;
our $VERSION = "2.2";
#-------------------------------------------------------------------------------
# saveNewEvent - send new event from detection scripts to warden server
#-------------------------------------------------------------------------------
sub saveNewEvent
{
my $result;
my $warden_path = shift;
my $event_ref = shift;
my $etcdir = $warden_path . "/etc/";
my $libdir = $warden_path . "/lib/";
require $libdir . "WardenClientConf.pm";
require $libdir . "WardenClientCommon.pm";
# read the config file
my $conf_file = $etcdir . "warden-client.conf";
WardenClientConf::loadConf($conf_file);
# prepare variables of event
my @event = @{$event_ref};
my $service = $event[0];
my $detected = $event[1];
my $type = $event[2];
my $source_type = $event[3];
my $source = $event[4];
my $target_proto = $event[5];
my $target_port = $event[6];
my $attack_scale = $event[7];
my $note = $event[8];
my $priority = $event[9];
my $timeout = $event[10];
# Issue #596 - Should be removed in Warden client 3.0.
# Checking for obsolete attributes priority or timeout. If not default or 'undef' values are found, print out warning.
# check if obsolete event attribute Priority is used
if ((defined $priority) && ($priority >= 1)) {
# print warning
WardenClientCommon::errMsg('Event attribute "Priority" is now obsolete and will be removed in Warden client 3.0', 'warn');
}
# check if obsolete event attribute Timeout is used
if ((defined $timeout) && ($timeout >= 0)) {
# print warning
WardenClientCommon::errMsg('Event attribute "Timeout" is now obsolete and will be removed in Warden client 3.0', 'warn');
}
# end of Issue #596
my $event = {
SERVICE => $service,
DETECTED => $detected,
TYPE => $type,
SOURCE_TYPE => $source_type,
SOURCE => $source,
TARGET_PROTO => $target_proto,
TARGET_PORT => $target_port,
ATTACK_SCALE => $attack_scale,
NOTE => $note,
PRIORITY => $priority,
TIMEOUT => $timeout
};
# c2s() returns undef on fail.
$result = WardenClientCommon::c2s($WardenClientConf::URI, $WardenClientConf::SSL_KEY_FILE, $WardenClientConf::SSL_CERT_FILE, $WardenClientConf::SSL_CA_FILE, "saveNewEvent", $event);
defined $result ? return 1 : return 0;
} # End of saveNewEvent
1;
#!/usr/bin/perl
use strict;
use warnings;
use Test::More tests => 2;
use lib '..';
use WardenClientSend;
my $uri_ok = 'https://warden-dev.cesnet.cz:443/Warden';
my $ssl_key_file_ok = '/opt/warden-client/etc/warden-dev.cesnet.cz.key';
my $ssl_cert_file_ok = '/opt/warden-client/etc/warden-dev.cesnet.cz.pem';
my $ssl_ca_file_ok = '/opt/warden-client/etc/tcs-ca-meta-bundle.pem';
my $method_ok = 'saveNewEvent';
my $data_ok = '';
my $warden_path_ok = '/opt/warden-client';
my $warden_path_fail = '/path/to/fail';
my @event_ok = ("honeyscan", "1234567890", "portscan","IP", "123.123.123.123", "TCP", "22", "1234567890", "important note or comment", "null", "20");
my @vent_ok = ('HoneyScan', '2012-09-01T23:02:48', 'webattackReply-To:', '170.96.48.164', 'UDP', '44392354', 'tohle je takova normalni jednoducha poznamka', '180187');
my $ret;
#my ($ret) = WardenClientSend::c2s($uri_ok, $ssl_key_file_ok, $ssl_cert_file_ok, $ssl_ca_file_ok, $method_ok, $data_ok);
#ok ($ret == 1, 'Everything is fine!');
$ret = WardenClientSend::saveNewEvent($warden_path_fail,\@event_ok);
ok ($ret == 0, 'Bad Warden path!');
$ret = WardenClientSend::saveNewEvent($warden_path_ok,\@event_ok);
ok ($ret == 1, 'Everything is fine.');
#!/bin/bash
#
# install.sh
#
# Copyright (C) 2011-2013 Cesnet z.s.p.o
#
# Use of this source is governed by a BSD-style license, see LICENSE file.
VERSION="2.1"
#-------------------------------------------------------------------------------
# FUNCTIONS
#-------------------------------------------------------------------------------
usage()
{
echo "Usage: `basename $0` [-d <directory>] [-u <user>] [-k <ssl_key_file>] [-c <ssl_cert_file>] [-a <ssl_ca_file>] [-hV]"
echo "-d <directory> installation directory (default: /opt)"
echo "-u <user> owner of warden client package (user for running detection scripts)"
echo "-k <ssl_key_file> path to SSL certificate key file"
echo "-c <ssl_cert_file> path to SSL certificate file"
echo "-a <ssl_ca_file> path to CA certificate file"
echo "-h print this help"
echo "-V print script version number and exit"
echo
echo "Example: # ./`basename $0` -d /opt -u detector -k /etc/ssl/private/client.key -c /etc/ssl/certs/client.pem -a /etc/ssl/certs/tcs-ca-bundle.pem"
echo
echo "Note: You must be root for running this script."
echo " For more information about installation process, see README file (section Installation)."
echo
exit 0
}
version()
{
echo "`basename ${0}` - current version is $VERSION"
exit 0
}
err()
{
echo "FAILED!"
cat $err
rm -rf $err
echo
echo "Installation of $package_version package FAILED!!!"
exit 1
}
err_clean()
{
echo "FAILED!"
echo " -> Uninstalling client package ... OK"
rm -rf $client_path > /dev/null 2>&1
cat $err
rm -rf $err
echo
echo "Installation of $package_version package FAILED!!!"
exit 1
}
root_chck()
{
if [ $UID -ne 0 ]; then
echo "You must be root for running this script!"
exit 1
fi
}
params_chck()
{
if [ -z $prefix ]; then
prefix=/opt
echo "Warning: parameter -d <directory> is not set - default installation directory is ${prefix}!"
fi
if [ -z $user ]; then
echo "Parameter -u <user> is not set!"
exit 1
fi
if [ -z $key ]; then
echo "Parameter -k <ssl_key_file> is not set!"
exit 1
fi
if [ -z $cert ]; then
echo "Parameter -c <ssl_cert_file> is not set!"
exit 1
fi
if [ -z $ca_file ]; then
echo "Parameter -a <ssl_ca_file> is not set!"
exit 1
fi
}
old_client_chck()
{
old_package_version_file={$etc}/package_version
if [ -f $old_package_version_file ]; then
old_package_version=`cat $old_package_version_file`
echo "Sorry, but $old_package_version package is installed!"
echo "For update of warden client package please use update.sh script."
exit 1
fi
}
perl_chck()
{
echo -n "Checking Perl interpreter ... "
if which perl 1> /dev/null; then
echo "OK"
else
echo "FAILED!"
echo "Error: Perl interpreter is not installed!"
exit 1
fi
}
modules_chck()
{
for module in ${modules[@]};
do
echo -n "Checking $module module ... "
if perl -e "use $module" 2> $err; then
echo "OK"
else
err
fi
done
}
make_warden_dir()
{
echo -n "Creating warden client directory ... "
while [ ! -d `echo ${path_to_chown} | rev | cut -d '/' -f2- | rev` ]
do
path_to_chown=`echo ${path_to_chown} | rev | cut -d '/' -f2- | rev`
done
test -d $prefix || mkdir -p $prefix
if cp -R ${dirname}/warden-client $prefix 2> $err; then
echo "OK"
else
err_clean
fi
echo -n "Copying files ... "
files=(CHANGELOG INSTALL LICENSE README README.cesnet)
for file in ${files[@]};
do
cp ${dirname}/warden-client/doc/$file ${client_path}/doc
done
test -d ${client_path}/ || mkdir -p ${client_path}/
cp ${dirname}/uninstall.sh ${client_path}/
echo "OK"
}
check_key()
{
echo -n "Checking certificate key file ... "
if su ${user} -c "test -r ${key}" 2> $err; then
echo "OK"
else
echo "Warning: certificate key file is not readable by user ${user}!"
fi
}
check_cert()
{
echo -n "Checking certificate file ... "
if su ${user} -c "test -r ${key}" 2> $err; then
echo "OK"
else
echo "Warning: certificate file is not readable by user ${user}!"
fi
}
make_conf_file()
{
echo -n "Creating configuration file ... "
echo "#
# warden-client.conf - configuration file for the warden sender/receiver client
#
#-------------------------------------------------------------------------------
# URI - URI address of Warden server
#-------------------------------------------------------------------------------
\$URI = \"https://warden.cesnet.cz:443/Warden\";
#-------------------------------------------------------------------------------
# SSL_KEY_FILE - path to client SSL certificate key file
#-------------------------------------------------------------------------------
\$SSL_KEY_FILE = \"${key}\";
#-------------------------------------------------------------------------------
# SSL_CERT_FILE - path to client SSL certificate file
#-------------------------------------------------------------------------------
\$SSL_CERT_FILE = \"${cert}\";
#-------------------------------------------------------------------------------
# SSL_CA_FILE - path to CA certificate file
#-------------------------------------------------------------------------------
\$SSL_CA_FILE = \"${ca_file}\";
#-------------------------------------------------------------------------------
# MAX_RCV_EVENTS_LIMIT - maximum number of events the client is allowd to get
# from the Warden server in one batch
#-------------------------------------------------------------------------------
\$MAX_RCV_EVENTS_LIMIT = 6000; #consumes app. 250 MB of memory
#-------------------------------------------------------------------------------
# CONNECTION_TIMEOUT - interval in seconds to timeout connection with Warden
# server. If your client timeouts, consider using higher
# timeout number. Also, in case of receiving clients, you
# can optimize the MAX_RCV_EVENTS_LIMIT value.
#-------------------------------------------------------------------------------
\$CONNECTION_TIMEOUT = 60;
#-------------------------------------------------------------------------------
# Log options
#
# LOG_STDERR, LOG_SYSLOG - hide (0) or allow (1) error reporting on STDERR
# and/or to Syslog
# LOG_SYSLOG_FACILITY - specify a Syslog facility to log in
# LOG_VERBOSE - print only error message without a stack (0) or print debug info
# including err. message and stack (1)
#-------------------------------------------------------------------------------
\$LOG_STDERR = 1;
\$LOG_SYSLOG = 0;
\$LOG_SYSLOG_FACILITY = \"local7\";
\$LOG_VERBOSE = 0;
1;
" > $conf_file 2> $err; ret_val=`echo $?`
if [ $ret_val -eq 0 ]; then
echo "OK"
else
err_clean
fi
}
change_permissions()
{
echo -n "Changing permissions to installed package ... "
chown -R $user: $path_to_chown 2> $err || err_clean
chmod 644 ${etc}/package_version || err_clean
if chmod 600 $conf_file; then
echo "OK"
else
err_clean
fi
}
#-------------------------------------------------------------------------------
# MAIN
#-------------------------------------------------------------------------------
# list of used Perl modules
modules=(SOAP::Lite IO::Socket::SSL SOAP::Transport::HTTP FindBin DateTime Carp)
# read input
while getopts "d:u:k:c:a:Vh" options; do
case $options in
d ) prefix=$OPTARG;;
u ) user=$OPTARG;;
k ) key=$OPTARG;;
c ) cert=$OPTARG;;
a ) ca_file=$OPTARG;;
h ) usage;;
V ) version;;
* ) usage;;
esac
done
# root test
root_chck
# params test
params_chck
# create variables
dirname=`dirname $0`
package_version=`cat ${dirname}/warden-client/etc/package_version`
key_file=`basename $key`
cert_file=`basename $cert`
[[ $prefix == */ ]] && prefix="${prefix%?}" # remove last char (slash) from prefix
client_path="${prefix}/warden-client"
path_to_chown="${client_path}"
etc="${client_path}/etc"
conf_file="${etc}/warden-client.conf"
err="/tmp/warden-err"
# check if warden-client is installed
old_client_chck
echo
echo "------------------------- Dependencies check-in -------------------------"
# Perl interpreter test
perl_chck
# Perl modules test
modules_chck
echo
echo "------------------------- Installation process --------------------------"
# make warden client directory
make_warden_dir
# copy cert key file
check_key
# copy cert file
check_cert
# create conf file
make_conf_file
# change permissions
change_permissions
echo
echo "Please check configuration file in ${conf_file}!"
echo
echo "Warden client directory: $client_path"
echo
echo "Installation of $package_version package was SUCCESSFUL!!!"
# cleanup section
rm -rf $err
exit 0
#!/bin/bash
#
# uninstall.sh
#
# Copyright (C) 2011-2013 Cesnet z.s.p.o
#
# Use of this source is governed by a BSD-style license, see LICENSE file.
VERSION="2.1"
#-------------------------------------------------------------------------------
# FUNCTIONS
#-------------------------------------------------------------------------------
usage()
{
echo "Usage: `basename $0` [-d <directory>] [-hV]"
echo "-d <directory> uninstallation directory (default: /opt)"
echo "-h print this help"
echo "-V print script version number and exit"
echo
echo "Example: # ./`basename $0` -d /opt"
echo
echo "Note: You must be root for running this script."
echo " For more information about uninstallation process, see README file (section Uninstallation)."
echo
exit 0
}
version()
{
echo "`basename ${0}` - current version is $VERSION"
exit 0
}
err()
{
echo "FAILED!"
cat $err
rm -rf $err $backup_dir
echo
echo "Uninstallation of $package_version package FAILED!!!"
exit 1
}
err_clean()
{
echo "FAILED!"
echo " -> Reverting changes of warden client package ... OK"
rm -rf ${client_path}/* > /dev/null 2>&1
cp -R ${backup_dir}/* $client_path
cat $err
rm -rf $err $backup_dir
echo
echo "Uninstallation of $package_version package FAILED!!!"
exit 1
}
root_chck()
{
if [ $UID -ne 0 ]; then
echo "You must be root for running this script!"
exit 1
fi
}
params_chck()
{
if [ -z $prefix ]; then
prefix=/opt
echo "Warning: parameter -d <directory> is not set - default uninstallation directory is ${prefix}!"
fi
}
obtain_package_version()
{
if [ -f $old_package_version_file ]; then
package_version=`cat $old_package_version_file`
else
package_version="unknown"
fi
}
warden_dir_chck()
{
echo -n "Checking warden client directory ... "
if [ ! -d $client_path ]; then
echo "FAILED!"
ls $client_path
exit 1
else
echo "OK"
fi
}
backup()
{
echo -n "Backing-up warden client directory ... "
mkdir $backup_dir
if cp -R ${client_path}/* $backup_dir 2> $err; then
echo "OK"
else
err
fi
}
uninstall_warden_client()
{
echo -n "Uninstalling $package_version package ... "
if rm -rf $client_path 2> $err; then
echo "OK"
else
err_clean
fi
}
#-------------------------------------------------------------------------------
# MAIN
#-------------------------------------------------------------------------------
# read input
while getopts "d:Vh" options; do
case $options in
d ) prefix=$OPTARG;;
h ) usage;;
V ) version;;
* ) usage;;
esac
done
# create variables
[[ $prefix == */ ]] && prefix="${prefix%?}" # remove last char (slash) from prefix
client_path="${prefix}/warden-client"
etc="${client_path}/etc"
old_package_version_file="${etc}/package_version"
err="/tmp/warden-err"
backup_dir="/tmp/warden-backup"
# obtain version of installed warden-client package
obtain_package_version
echo
echo "------------------------- Uninstallation process --------------------------------"
# root check
root_chck
# check if $prefix/warden-client directory exist
warden_dir_chck
# make backup of currently installed warden-client package
backup
# do uninstallation
uninstall_warden_client
echo
echo "Uninstallation of $package_version package was SUCCESSFUL!!!"
# cleanup section
rm -rf $err $backup_dir
exit 0