Skip to content
Snippets Groups Projects

Compare revisions

Changes are shown as if the source revision was being merged into the target revision. Learn more about comparing revisions.

Source

Select target project
No results found
Select Git revision
  • devel
  • hruska-feature-#6799-filter-keys
  • hruska-feature-5066-duplicateIdeaID
  • hruska-feature-clients-api
  • malostik-#5066-deduplicate-idea-ids
  • master
  • warden-postgresql-port
  • warden-client-1.1.0
  • warden-client-1.2.0
  • warden-client-2.0
  • warden-client-2.0.0-beta1
  • warden-client-2.0.0-beta2
  • warden-client-2.1
  • warden-client-2.1-beta
  • warden-client-2.2
  • warden-client-2.2-final
  • warden-client-3.0-beta0
  • warden-client-3.0-beta1
  • warden-client-3.0-beta2
  • warden-client-3.0-beta3
  • warden-server-0.1.0
  • warden-server-2.0
  • warden-server-2.0.0-beta1
  • warden-server-2.1
  • warden-server-2.1-aplha1
  • warden-server-2.1-beta1
  • warden-server-2.1-beta2
  • warden-server-2.1-beta3
  • warden-server-2.1-beta4
  • warden-server-2.1-beta5
  • warden-server-2.1-beta6
  • warden-server-2.1-patch1
  • warden-server-2.2
  • warden-server-2.2-final
  • warden-server-2.2-patch1
  • warden-server-2.2-patch3
  • warden-server-3.0-beta0
  • warden-server-3.0-beta1
  • warden-server-3.0-beta2
  • warden-server-3.0-beta3
40 results

Target

Select target project
  • Pavel.Valach/warden
1 result
Select Git revision
  • devel
  • hruska-feature-#6799-filter-keys
  • hruska-feature-5066-duplicateIdeaID
  • hruska-feature-clients-api
  • malostik-#5066-deduplicate-idea-ids
  • master
  • warden-postgresql-port
  • warden-client-1.1.0
  • warden-client-1.2.0
  • warden-client-2.0
  • warden-client-2.0.0-beta1
  • warden-client-2.0.0-beta2
  • warden-client-2.1
  • warden-client-2.1-beta
  • warden-client-2.2
  • warden-client-2.2-final
  • warden-client-3.0-beta0
  • warden-client-3.0-beta1
  • warden-client-3.0-beta2
  • warden-client-3.0-beta3
  • warden-server-0.1.0
  • warden-server-2.0
  • warden-server-2.0.0-beta1
  • warden-server-2.1
  • warden-server-2.1-aplha1
  • warden-server-2.1-beta1
  • warden-server-2.1-beta2
  • warden-server-2.1-beta3
  • warden-server-2.1-beta4
  • warden-server-2.1-beta5
  • warden-server-2.1-beta6
  • warden-server-2.1-patch1
  • warden-server-2.2
  • warden-server-2.2-final
  • warden-server-2.2-patch1
  • warden-server-2.2-patch3
  • warden-server-3.0-beta0
  • warden-server-3.0-beta1
  • warden-server-3.0-beta2
  • warden-server-3.0-beta3
40 results
Show changes
Showing
with 0 additions and 2733 deletions
#!/usr/bin/perl -w
#
# registerReceiver.pl
#
# Copyright (C) 2011-2013 Cesnet z.s.p.o
#
# Use of this source is governed by a BSD-style license, see LICENSE file.
use strict;
use Getopt::Std;
use Switch;
use File::Basename;
use DBI;
use DBD::mysql;
use DateTime;
use Sys::Syslog qw(:DEFAULT setlogsock);
Sys::Syslog::setlogsock('unix');
use Carp;
################################################################################
# GLOBAL VARIABLES
################################################################################
our $VERSION = "2.2";
my $filename = basename($0);
################################################################################
# Functions
################################################################################
sub usage {
print "Usage: $filename [-h -o -n <hostname> -r <requestor> -t <type> -i <ip_net_client>]\n";
exit 1;
}
sub help {
print "$filename [-h -o -n <hostname> -r <requestor> -t <type> -i <ip_net_client>]\n";
print "-h print this text and exit\n";
print "-n hostname of receiver\n";
print "-r client registration requestor\n";
print "-t type of received events or '_any_' for receiving of all types of events\n";
print "-o enable receiving of own events\n";
print "-i CIDR of receiver\n";
exit 0;
}
#-------------------------------------------------------------------------------
# errMsg - print error message and die
#-------------------------------------------------------------------------------
sub errMsg
{
my $msg = shift;
$msg = trim($msg);
print $msg . "\n";
exit 1;
} # End of errMsg
#-------------------------------------------------------------------------------
# trim - remove whitespace from the start and end of the string
#-------------------------------------------------------------------------------
sub trim
{
my $string = shift;
$string =~ s/^\s+//;
$string =~ s/\s+$//;
return $string;
} # End of trim
#-------------------------------------------------------------------------------
# sendMsg - sent message to syslog (SYS::Syslog)
#-------------------------------------------------------------------------------
sub sendMsg
{
my $syslog = shift;
my $syslog_verbose = shift;
my $syslog_facility = shift;
my $severity = shift;
my $syslog_msg = shift;
my $filename = File::Basename::basename($0);
if ($syslog_verbose == 1 && ($severity eq "err" || $severity eq "debug")) {
$syslog_msg .= "\nStack info: " . Carp::longmess();
}
if ($syslog == 1 && defined $severity && defined $syslog_msg) {
Sys::Syslog::openlog($filename, "cons,pid", $syslog_facility);
Sys::Syslog::syslog("$severity", "$syslog_msg");
Sys::Syslog::closelog();
}
} # End of sendMsg
################################################################################
# MAIN
################################################################################
our ($opt_n, $opt_r, $opt_t, $opt_o, $opt_i, $opt_h);
if ($#ARGV == -1) {usage}
die usage unless getopts("n:r:t:i:ho");
my $hostname = $opt_n;
my $requestor = $opt_r;
my $type = $opt_t;
my $ip_net_client = $opt_i;
my $help = $opt_h;
my $receive_own_events = "f";
if ($opt_o) {
$receive_own_events = "t";
}
# catch help param
if ($help) {
help;
}
if ($ip_net_client !~ /^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(\d|[1-2]\d|3[0-2]))$/) {
die "Enter correct IP address in CIDR format!";
}
# superuser controle
my $UID = $<;
if ($UID != 0) {die errMsg("You must be root for running this script!")}
# check parameters definition
switch () {
case {!defined $hostname} { print "ERROR: Parameter 'hostname' is not defined!\n"; exit 1; }
case {!defined $requestor} { print "ERROR: Parameter 'requestor' is not defined!\n"; exit 1; }
case {!defined $type} { print "ERROR: Parameter 'type' is not defined!\n"; exit 1; }
case {!defined $receive_own_events} { print "ERROR: Parameter 'receive_own_events' is not defined!\n"; exit 1; }
case {!defined $ip_net_client} { print "ERROR: Parameter 'ip_net_client' is not defined!\n"; exit 1; }
}
# defined variables by script
my $client_type = "r";
my $registered = DateTime->now;
my $service = undef;
my $description_tags = undef;
# read config file
my $conf_file = "/opt/warden-server/etc/warden-server.conf"; # path is updated by install.sh
our $SYSLOG = undef;
our $SYSLOG_VERBOSE = undef;
our $SYSLOG_FACILITY = undef;
our $DB_NAME = undef;
our $DB_USER = undef;
our $DB_PASS = undef;
our $DB_HOST = undef;
unless (do $conf_file) {
die("Errors in config file '$conf_file': $@") if $@;
die("Can't read config file '$conf_file': $!") unless defined $_;
# if $_ defined, it's retvalue of last statement of conf, for which we don't care
}
# connect to DB
our $DBH = DBI->connect("DBI:mysql:database=$DB_NAME;host=$DB_HOST", $DB_USER, $DB_PASS, {RaiseError => 1, mysql_auto_reconnect => 1}) || die "Could not connect to database: $DBH->errstr";
# check if receiver has been already registered or register it
my $sth = $DBH->prepare("SELECT registered FROM clients WHERE hostname = ? AND client_type = ? AND type = ? AND ip_net_client = ? LIMIT 1;") or die "Cannot prepare statement: " . $DBH->errstr;
$sth->execute($hostname, $client_type, $type, $ip_net_client) or die "Cannot execute statement: " . $sth->errstr;
my $result = $sth->fetchrow();
my $warden_server = trim(`hostname -f`);
if (defined $result) {
sendMsg($SYSLOG,
$SYSLOG_VERBOSE,
$SYSLOG_FACILITY,
"info",
"Attempt to re-register the receiver [hostname: '$hostname', type: '$type', cidr: '$ip_net_client']");
errMsg("Receiver has already been registered at $warden_server in '$result'");
} else {
$sth = $DBH->prepare("INSERT INTO clients VALUES (?,?,?,?,?,?,?,?,?,?);") or die "Cannot prepare statement: " . $DBH->errstr;
my $ret_val = $sth->execute(undef, $hostname, $registered, $requestor, $service, $client_type, $type, $receive_own_events, $description_tags, $ip_net_client) or die "Cannot execute statement: " . $sth->errstr;
if ($ret_val == 1) {
sendMsg($SYSLOG,
$SYSLOG_VERBOSE,
$SYSLOG_FACILITY,
"info",
"New receiver [hostname: '$hostname', type: '$type', cidr: '$ip_net_client'] was registered");
print "Registration of receiver from $hostname was SUCCESSFUL!!!\n";
exit 0;
} else {
print "Registration of receiver from $hostname FAILED!!!\n";
exit 1;
}
}
#!/usr/bin/perl -w
#
# registerSender.pl
#
# Copyright (C) 2011-2012 Cesnet z.s.p.o
#
# Use of this source is governed by a BSD-style license, see LICENSE file.
use strict;
use Getopt::Std;
use Switch;
use File::Basename;
use DBI;
use DBD::mysql;
use DateTime;
use Sys::Syslog qw(:DEFAULT setlogsock);
Sys::Syslog::setlogsock('unix');
use Carp;
################################################################################
# GLOBAL VARIABLES
################################################################################
our $VERSION = "2.2";
my $filename = basename($0);
################################################################################
# Functions
################################################################################
sub usage {
print "Usage: $filename [-h -n <hostname> -r <requestor> -s <service> -d <description_tags> -i <ip_net_client>]\n";
exit 1;
}
sub help {
print "$filename [-h -n <hostname> -r <requestor> -s <service> -d <description_tags> -i <ip_net_client>]\n";
print "-h print this text and exit\n";
print "-n hostname of sender\n";
print "-r client registration requestor\n";
print "-s name of service which sent events\n";
print "-d description tags of send events\n";
print "-i CIDR of sender\n";
exit 0;
}
#-------------------------------------------------------------------------------
# errMsg - print error message and die
#-------------------------------------------------------------------------------
sub errMsg
{
my $msg = shift;
$msg = trim($msg);
print $msg . "\n";
exit 1;
} # End of errMsg
#-------------------------------------------------------------------------------
# trim - remove whitespace from the start and end of the string
#-------------------------------------------------------------------------------
sub trim
{
my $string = shift;
$string =~ s/^\s+//;
$string =~ s/\s+$//;
return $string;
} # End of trim
#-------------------------------------------------------------------------------
# sendMsg - sent message to syslog (SYS::Syslog)
#-------------------------------------------------------------------------------
sub sendMsg
{
my $syslog = shift;
my $syslog_verbose = shift;
my $syslog_facility = shift;
my $severity = shift;
my $syslog_msg = shift;
my $filename = File::Basename::basename($0);
if ($syslog_verbose == 1 && ($severity eq "err" || $severity eq "debug")) {
$syslog_msg .= "\nStack info: " . Carp::longmess();
}
if ($syslog == 1 && defined $severity && defined $syslog_msg) {
Sys::Syslog::openlog($filename, "cons,pid", $syslog_facility);
Sys::Syslog::syslog("$severity", "$syslog_msg");
Sys::Syslog::closelog();
}
} # End of sendMsg
################################################################################
# MAIN
################################################################################
our ($opt_n, $opt_r, $opt_s, $opt_d, $opt_i, $opt_h);
if ($#ARGV == -1) {usage}
die usage unless getopts("n:r:s:d:i:h");
my $hostname = $opt_n;
my $requestor = $opt_r;
my $service = $opt_s;
my $description_tags = $opt_d;
my $ip_net_client = $opt_i;
my $help = $opt_h;
# catch help param
if ($help) {
help;
}
if ($ip_net_client !~ /^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(\d|[1-2]\d|3[0-2]))$/) {
die errMsg("Enter correct IP in CIDR format!");
}
# superuser controle
my $UID = $<;
if ($UID != 0) {die errMsg("You must be root for running this script!")}
# check parameters definition
switch () {
case {!defined $hostname} { print "ERROR: Parameter 'hostname' is not defined!\n"; exit 1; }
case {!defined $requestor} { print "ERROR: Parameter 'requestor' is not defined!\n"; exit 1; }
case {!defined $service} { print "ERROR: Parameter 'service' is not defined!\n"; exit 1; }
case {!defined $description_tags} { print "ERROR: Parameter 'description_tags' is not defined!\n"; exit 1; }
case {!defined $ip_net_client} { print "ERROR: Parameter 'ip_net_client' is not defined!\n"; exit 1; }
}
# defined variables by method
my $client_type = "s";
my $registered = DateTime->now;
my $type = undef;
my $receive_own_events = undef;
# read config file
my $conf_file = "/opt/warden-server/etc/warden-server.conf"; # path is updated by install.sh
our $SYSLOG = undef;
our $SYSLOG_VERBOSE = undef;
our $SYSLOG_FACILITY = undef;
our $DB_NAME = undef;
our $DB_USER = undef;
our $DB_PASS = undef;
our $DB_HOST = undef;
unless (do $conf_file) {
die("Errors in config file '$conf_file': $@") if $@;
die("Can't read config file '$conf_file': $!") unless defined $_;
# if $_ defined, it's retvalue of last statement of conf, for which we don't care
}
# connect to DB
our $DBH = DBI->connect("DBI:mysql:database=$DB_NAME;host=$DB_HOST", $DB_USER, $DB_PASS, {RaiseError => 1, mysql_auto_reconnect => 1}) || die "Could not connect to database: $DBH->errstr";
# check if receiver has been already registered or register it
my $sth = $DBH->prepare("SELECT registered FROM clients WHERE hostname = ? AND service = ? AND client_type = ? AND ip_net_client = ? LIMIT 1;") or die "Cannot prepare statement: " . $DBH->errstr;
$sth->execute($hostname, $service, $client_type, $ip_net_client) or die "Cannot execute statement: " . $sth->errstr;
my $result = $sth->fetchrow();
my $warden_server = trim(`hostname -f`);
if (defined $result) {
sendMsg($SYSLOG,
$SYSLOG_VERBOSE,
$SYSLOG_FACILITY,
"info",
"Attempt to re-register the sender [hostname: '$hostname', service: '$service', cidr: '$ip_net_client']");
errMsg("Sender has already been registered at $warden_server in '$result'");
} else {
$sth = $DBH->prepare("INSERT INTO clients VALUES (?,?,?,?,?,?,?,?,?,?);") or die "Cannot prepare statement: " . $DBH->errstr;
my $ret_val = $sth->execute(undef, $hostname, $registered, $requestor, $service, $client_type, $type, $receive_own_events, $description_tags, $ip_net_client) or die "Cannot execute statement: " . $sth->errstr;
if ($ret_val == 1) {
sendMsg($SYSLOG,
$SYSLOG_VERBOSE,
$SYSLOG_FACILITY,
"info",
"New sender [hostname: '$hostname', service: '$service', cidr: '$ip_net_client'] was registered");
print "Registration of sender from $hostname was SUCCESSFUL!!!\n";
exit 0;
} else {
print "Registration of sender from $hostname FAILED!!!\n";
exit 1;
}
}
#!/usr/bin/perl -w
#
# unregisterClient.pl
#
# Copyright (C) 2011-2012 Cesnet z.s.p.o
#
# Use of this source is governed by a BSD-style license, see LICENSE file.
use strict;
use Getopt::Std;
use Switch;
use File::Basename;
use DBI;
use DBD::mysql;
use DateTime;
use Sys::Syslog qw(:DEFAULT setlogsock);
Sys::Syslog::setlogsock('unix');
use Carp;
################################################################################
# GLOBAL VARIABLES
################################################################################
our $VERSION = "2.2";
my $filename = basename($0);
################################################################################
# Functions
################################################################################
sub usage {
print "Usage: $filename [-h -i <client_id>]\n";
exit 1;
}
sub help {
print "$filename [-h -i <client_id>]\n";
print "-h print this text and exit\n";
print "-i client_id for unregistration\n";
exit 0;
}
#-------------------------------------------------------------------------------
# errMsg - print error message and die
#-------------------------------------------------------------------------------
sub errMsg
{
my $msg = shift;
$msg = trim($msg);
print $msg . "\n";
exit 1;
} # End of errMsg
#-------------------------------------------------------------------------------
# trim - remove whitespace from the start and end of the string
#-------------------------------------------------------------------------------
sub trim
{
my $string = shift;
$string =~ s/^\s+//;
$string =~ s/\s+$//;
return $string;
} # End of trim
#-------------------------------------------------------------------------------
# sendMsg - sent message to syslog (SYS::Syslog)
#-------------------------------------------------------------------------------
sub sendMsg
{
my $syslog = shift;
my $syslog_verbose = shift;
my $syslog_facility = shift;
my $severity = shift;
my $syslog_msg = shift;
my $filename = File::Basename::basename($0);
if ($syslog_verbose == 1 && ($severity eq "err" || $severity eq "debug")) {
$syslog_msg .= "\nStack info: " . Carp::longmess();
}
if ($syslog == 1 && defined $severity && defined $syslog_msg) {
Sys::Syslog::openlog($filename, "cons,pid", $syslog_facility);
Sys::Syslog::syslog("$severity", "$syslog_msg");
Sys::Syslog::closelog();
}
} # End of sendMsg
#-------------------------------------------------------------------------------
# MAIN
#-------------------------------------------------------------------------------
our ($opt_h, $opt_i);
if ($#ARGV == -1) {usage}
die usage unless getopts("i:h");
my $client_id = $opt_i;
my $help = $opt_h;
# catch help param
if ($help) {
help;
}
# superuser controle
my $UID = $<;
if ($UID != 0) {die errMsg("You must be root for running this script!")}
# check parameters definition
if (!defined $client_id) {
print "ERROR: Parameter 'client_id' is not defined!\n";
exit 1;
}
# read config file
my $conf_file = "/opt/warden-server/etc/warden-server.conf"; # path is updated by install.sh
our $SYSLOG = undef;
our $SYSLOG_VERBOSE = undef;
our $SYSLOG_FACILITY = undef;
our $DB_NAME = undef;
our $DB_USER = undef;
our $DB_PASS = undef;
our $DB_HOST = undef;
unless (do $conf_file) {
die("Errors in config file '$conf_file': $@") if $@;
die("Can't read config file '$conf_file': $!") unless defined $_;
# if $_ defined, it's retvalue of last statement of conf, for which we don't care
}
# connect to DB
our $DBH = DBI->connect("DBI:mysql:database=$DB_NAME;host=$DB_HOST", $DB_USER, $DB_PASS, {RaiseError => 1, mysql_auto_reconnect => 1}) || die "Could not connect to database: $DBH->errstr";
# check if receiver has been already registered
my $sth = $DBH->prepare("SELECT client_id, hostname, service, client_type, type FROM clients WHERE client_id = ? LIMIT 1;") or die "Cannot prepare statement: " . $DBH->errstr;
$sth->execute($client_id) or die "Cannot execute statement: " . $sth->errstr;
my ($id, $hostname, $service, $client_type, $type) = $sth->fetchrow();
my $warden_server = trim(`hostname -f`);
# delete registered client
if (!defined $id) {
sendMsg($SYSLOG,
$SYSLOG_VERBOSE,
$SYSLOG_FACILITY,
"err",
"Attempt to delete unregister client (client_id: #$client_id)");
errMsg("Client (#$client_id) is not registered at $warden_server");
} else {
if ($client_type eq 's') {
$sth = $DBH->prepare("DELETE FROM clients WHERE client_id = ?;") or die "Cannot prepare statement: " . $DBH->errstr;
my $ret_val = $sth->execute($client_id) or die "Cannot execute statement: " . $sth->errstr;
if ($ret_val == 1) {
$sth = $DBH->prepare("UPDATE events SET valid = 'f' where hostname = ? AND service = ?;") or die "Cannot prepare statement: " . $DBH->errstr;
$sth->execute($hostname, $service) or die "Cannot execute statement: " . $sth->errstr;
sendMsg($SYSLOG,
$SYSLOG_VERBOSE,
$SYSLOG_FACILITY,
"info",
"Sender '$hostname' [client_id: '$client_id', service: '$service'] was deleted and its data were invalidated from $warden_server");
print "Unregistration of sender client (client_id: #$client_id) was SUCCESSFUL!!!\n";
exit 0;
} else {
print "Unregistration of sender client (client_id: #$client_id) FAILED!!!\n";
exit 1;
}
} else {
$sth = $DBH->prepare("DELETE FROM clients WHERE client_id = ?;") or die "Cannot prepare statement: " . $DBH->errstr;
my $ret_val = $sth->execute($client_id) or die "Cannot execute statement: " . $sth->errstr;
if ($ret_val == 1) {
sendMsg($SYSLOG,
$SYSLOG_VERBOSE,
$SYSLOG_FACILITY,
"info",
"Receiver '$hostname' [client_id: '$client_id', type: '$type'] was deleted from $warden_server");
print "Unregistration of receiver client (client_id: #$client_id) was SUCCESSFUL!!!\n";
exit 0;
} else {
print "Unregistration of receiver client (client_id: #$client_id) FAILED!!!\n";
exit 1;
}
}
}
#!/usr/bin/perl
#
# WardenWatchdog.pl
#
# Copyright (C) 2011-2012 Cesnet z.s.p.o
#
# Use of this source is governed by a BSD-style license, see LICENSE file.
use WardenConf;
use strict;
use warnings;
use DBI;
use DBD::mysql;
use DateTime;
#use Email::Simple;
use Sys::Hostname;
use Text::Wrap;
use Data::Dumper;
sub sendmailWrapper{
my $message = shift;
if(open(my $sendmail, '|/usr/sbin/sendmail -oi -t')){
print $sendmail $message;
close $sendmail;
return 1;
} else {
return (0, "Sending email failed: $!");
}
}
# Array of hashes
#{query => ; text => ; contact => }
# Get clients admins
sub sendReport{
my $input_data = shift;
my $contact = $$input_data{'contact'};
my $domain = $$input_data{'domain'};
my $text = $$input_data{'text'};
my $from_hostname;
my $message;
if(!($contact)){
return (0, "Empty 'To' email header!\n");
}
$domain =~ s/\./\./;
eval{
$from_hostname = hostname();
if(!($from_hostname =~ m/$domain/gi)){
$from_hostname .= $domain;
}
};
if($@){
return (0, "Can't retrive hostname for 'From' header!\n");
}
eval{
#$message = Email::Simple->create(
#header => [
#To => $contact,
#From => 'warden_watchdog@'.$from_hostname,
#Subject => 'Kotrola stavu udalosti na Wardenu'],
#body => fill('','',$text));
};
if($@){
return (0, "Can't create email message\n");
}
print "== $contact ==\n$text\n";
my ($rc, $err) = 1;#sendmailWrapper($message->as_string);
if(!$rc){
return (0, $err);
}
return 1;
}
sub connect_to_DB {
my $dbPlatform = 'mysql';
my $dbName = 'warden';
my $dbHostname = 'localhost';
my $dbUser = 'root';
my $dbPasswd = 'w4rd3n&r00t';
my $dbhRef = shift;
my $dbh;
if($dbh = DBI->connect( "dbi:$dbPlatform:database=$dbName;host=$dbHostname", $dbUser, $dbPasswd, {RaiseError => 1, mysql_auto_reconnect => 1})){
$$dbhRef = $dbh;
return 1;
}
else{
return (0,"Cannot connect to database! ".DBI->errstr);
}
}
sub sendQuery{
my $configRef = shift;
my $eventsRef = shift;
my @config = @{$configRef};
my %bad_events;
my ($rc,$err);
my $dbh;
my $i = 0;
# connect to DB
($rc,$err) = connect_to_DB(\$dbh);
if (!$rc){
return (0, $err);
}
while ($i < scalar(@config)) {
my $contact;
# run DB query -> requestor, client name
my $sth;
if (defined($config[$i]{query})){
$sth = $dbh->prepare($config[$i]{query});
}
else{
return (0, "No query availble\n");
}
if (!($sth->execute)){
return (0, "Couldn't get data from my database: $sth->errstr\n");
};
my @result;
while(@result = $sth->fetchrow()){
if (defined($config[$i]{contact})){
$contact = $config[$i]{contact};
}
else{
$contact = "from_db\@$result[0]";
}
$bad_events{$contact} .= $config[$i]{text} . "DB INFO: ". join(', ',@result) ."\n";
}
$sth->finish;
$i++;
}
# disconnect to DB
$dbh->disconnect;
%$eventsRef = %bad_events;
return 1;
}
sub run{
my $domain = shift;
my $period = shift;
my $date;
eval{
my $dt = DateTime->now();
$dt = DateTime->now()->subtract(days => $period);
$date = $dt->date();
};
if($@){
print "Warden watchdog - can't work with date\n";
#syslog("err|Warden watchdog - can't work with date\n");
}
my @configuration = (
{query => "SELECT hostname, service, MAX(received) FROM events WHERE valid = 't' GROUP BY hostname, service ORDER BY MAX(received) ASC;", text => "Hey, this is test of warning for admin!\n"},
{query => "SELECT requestor FROM clients WHERE service IN (SELECT service FROM events WHERE detected > '$date' AND type NOT IN ('portscan', 'bruteforce', 'probe', 'spam', 'phishing', 'botnet_c_c', 'dos', 'malware', 'copyright', 'webattack', 'test', 'other') AND valid = 't' GROUP BY service) GROUP BY requestor;", text => "Hey, this is test of warning!\n", contact => 'warden-administrator@cesnet.cz'});
$Text::Wrap::columns = 80;
my %bad_events;
my $i = 0;
while ($i < scalar(@configuration)) {
my ($rc,$err) = sendQuery(\@configuration,\%bad_events);
if (!$rc){
print "Warden watchdog - $err\n";
#syslog("err|Warden watchdog - $err\n");
}
$i++;
}
while (my ($contact, $text) = each(%bad_events)){
my %input = (contact => $contact, domain => $domain, text => $text);
my ($rc,$err) = sendReport(\%input);
if (!$rc){
# TODO syslog
print $err;
#syslog("err|Warden client - networkReporter $err\n");
}
print "\n\n";
}
}
run('warden-dev.cesnet.cz',7);
1;
AUTHORS AND MAINTAINERS :
PROJECT ARCHITECTS:
Pavel Kacha <ph@cesnet.cz>
Andrea Kropacova <andrea@cesnet.cz>
Jan Vykopal <vykopal@cesnet.cz>
MAIN DEVELOPERS:
Michal Kostenec <kostenec@cesnet.cz>
Tomas Plesnik <plesnik@cesnet.cz>
Jan Soukal <soukal@cesnet.cz>
TESTING:
Jakub Cegan <jakubcegan@cesnet.cz>
CONTRIBUTORS:
Radoslav Bodo <bodik@civ.zcu.cz>
Martin Drasar <drasar@ics.muni.cz>
Vit Slama <slama@cis.vutbr.cz>
COMMUNITY:
Radomir Orkac <orkac@cesnet.cz>
Daniel Studeny <Daniel.Studeny@cesnet.cz>
Pavel Vachek <Pavel.Vachek@cesnet.cz>
Martin Zadnik <izadnik@fit.vutbr.cz>
2012-11-16 v2.1 stable version
------------------------------
- fixed bug in default value of database timestamp type (#576, #577)
- fixed bug in getStatus function (#566)
- fixed bug in re-registration check of client (#541)
- added Syslog logging support (#578)
- added update process (#573)
- added server limit of maximum number of events that can be (#526)
delivered to one client in one batch
- added validation of received events parameters (#524)
- server can provide clients with events disregarding event (#523)
type
- added verbose logging option (stack info) (#521)
- enhanced call of database error function (#549)
- enhanced response time of getStatus function (#546)
- enhanced server logging/warning function (#534)
- enhanced reading of configuration files (#533)
- other minor bugs and issues fixed
2012-07-27 v2.0 stable version
------------------------------
- MySQL database engine used
- Apache used to support faster multithread processing (communication switched to HTTPs protocol)
- enhanced support of Alternate Names in SSL certificates (#505)
- added automatic reconnect to DB (#494)
- enhanced authentization and authorization (#495)
- other minor bugs and issues fixed
2012-03-02 v0.1.0 beta version
------------------------------
- initial release of the Warden server
- SSL certificate authentication/authorization supported
- Subject Alternative Names of SSL certificates supported
- Syslog logging supported
- Nagios system check supported
- automated installation and uninstallation process
- SQLite database engine used
Installation process
====================
Content
A. Overview
B. Pre-installation step
C. Installation step
D. Post-installation steps
--------------------------------------------------------------------------------
A. Overview
-----------
For installation of warden-server package on local machine use install.sh.
Default destination directory is /opt/warden-server/.
For more information about install.sh options run install.sh -h.
You must be root for running this script.
B. Pre-installation step
------------------------
1) Install necessary packages
# aptitude install apache2 mysql-server libapache2-mod-perl2 apache2-mpm-prefork
C. Installation step
--------------------
1) Install Warden server package
# ./warden-server-2.1/install.sh -d /opt -k /etc/ssl/private/server.key -c /etc/ssl/certs/server.pem -a /etc/ssl/certs/bundle.pem
D. Post-installation steps
--------------------------
1) Enable of mod_ssl module
# a2enmod ssl
2) Apache server configuration
a) VirtualHost section configuration
- include parameters from the Warden server configuration file (<warden-server_path>/etc/warden-apache.conf)
# vim /etc/apache2/sites-enables/default(-ssl)
<VirtualHost *:443>
...
Include /opt/warden-server/etc/warden-apache.conf
</VirtualHost>
b) Apache server performance configuration
# vim /etc/apache2/apache2.conf
- prefork module settings
<IfModule mpm_prefork_module>
StartServers 2
MinSpareServers 4
MaxSpareServers 8
ServerLimit 700
MaxClients 700
MaxRequestsPerChild 0
</IfModule>
- connection settings
Timeout 10
KeepAlive Off
3) MySQL database configuration
a) Create new user acount (optional)
b) Create new database structure
$ mysql -u <user> -h localhost -p < {warden-server_path}/doc/warden.mysql
4) Warden server configuration
- configure warden-server.conf, warden-client.conf and warden-apache.conf placed in <warden-server_path>/etc directory
5) Restart of Apache server
# /etc/init.d/apache2 restart
+----------------------------+
| README - Warden Server 2.1 |
+----------------------------+
Content
A. Overall Information
B. Installation Dependencies
C. Installation
D. Update
E. Uninstallation
F. Miscellaneous
G. Registration of Clients
H. Status Info
--------------------------------------------------------------------------------
A. Overall Information
1. About Warden System
Warden is a client-server architecture service designed to share detected
security events (issues) among CSIRT and CERT teams in a simple and fast way.
This package contains the Warden server.
2. Version
2.1 (2012-11-16)
3. Package structure
warden-server/
bin/
getClients.pl
getStatus.pl
getWebStatus.sh
registerReceiver.pl
registerSender.pl
unregisterClients.pl
doc/
AUTHORS
CHANGELOG
INSTALL
LICENSE
README
warden.mysql
etc/
package_version
warden-apache.conf
warden-client.conf
warden-server.conf
lib/
WardenConf.pm
Warden.pm
WardenReg.pm
WardenStatus.pm
Warden/
ApacheDispatch.pm
uninstall.sh
--------------------------------------------------------------------------------
B. Installation Dependencies
1. Applications:
Perl >= 5.10.1
MySQL >= 5.1.63
Apache >= 2.2.14
2. Perl modules:
SOAP::Lite >= 0.712
SOAP::Transport::HTTP >= 0.712
DBI >= 1.612
DBD::mysql >= 4.016
Format::Human::Bytes >= 0.05
Sys::Syslog >= 0.27
File::Basename >= 2.77
Net::CIDR::Lite >= 0.21
DateTime >= 0.61
Getopt::Std >= 1.06
Switch >= 2.14
IO::Socket::SSL >= 1.66
MIME::Base64 >= 3.08
Crypt::X509 >= 0.40
Carp >= 1.11
--------------------------------------------------------------------------------
C. Installation
1. Check SHA1 checksum of the Warden server package archive.
$ sha1sum -c warden-server-2.1.tar.gz.sig
2. Untar it.
$ tar xzvf warden-server-2.1.tar.gz
3. Run install.sh.
Default installation directory is /opt/warden-server/
For more information about install.sh options run install.sh -h
Usage: $ ./install.sh [-d <directory>] [-k <ssl_key_file>]
[-c <ssl_cert_file>] [-a <ssl_ca_file>] [-hV]"
-d <directory> installation directory (default: /opt)
-k <ssl_key_file> SSL certificate key file path
-c <ssl_cert_file> SSL certificate file path
-a <ssl_ca_file> CA certificate file path
-h print this help
-V print script version number and exit
Example: # ./install.sh -d /opt -k /etc/ssl/private/server.key
-c /etc/ssl/certs/server.pem
-a /etc/ssl/certs/bundle.pem
You must be root for running this script.
4. Configuration files
You are advised to check configuration file warden-apache.conf,
warden-server.conf and warden-client.conf in warden-server/etc/
directory after installation. For more information about post-installation
steps see INSTALL file in 'doc' directory.
Although this is the Warden server package it also contains several
functions (for administration and maintenance) that are strictly
client-side in a way the Warden system handles functions. Therefore you have
to check both server and client config files to make sure your installation
of the Warden server was successful and complete.
SOAP protocol is used for handling communication between server and clients.
Therefore, correct URI of Warden server must be set.
Authentication of clients and server is performed using client and server
SSL certificates. Both clients and server must have valid certificate.
Configuration files contain following parameters:
a) warden-client.conf:
URI - URI Warden server
e.g. 'https://warden.server.com:443/Warden'
SSL_KEY_FILE - path to a host key file,
e.g. '/etc/ssl/private/warden.server.com.key'
SSL_CERT_FILE - path to a host certificate file,
e.g. '/etc/ssl/certs/warden.server.com.pem'
SSL_CA_FILE - path to a CA file
e.g. '/etc/ssl/certs/tcs-ca-bundle.pem'
b) warden-server.conf:
The Warden server configuration file contains:
BASEDIR - base directory of the Warden server
e.g. /opt/warden-server/
SYSLOG - enable/disable syslog logging
e.g. 1
SYSLOG_VERBOSE - enable/disable logging in verbose mode (stack info added)
e.g. 1
SYSLOG_FACILITY - syslog facility
e.g. local7
DB_NAME - MySQL database name of Warden server
e.g. warden
DB_USER - MySQL database user of Warden server
e.g. warden
DB_PASS - MySQL database password of Warden server
DB_HOST - MySQL database host
e.g. localhost
MAX_EVENTS_LIMIT - server limit of maximum number of events that can be
delivered to one client in one batch
e.g. 1000000
VALID_STRINGS - validation hash containing allowed event attributes
e.g.
%VALID_STRINGS = (
'type' => ['portscan', 'bruteforce', 'probe', 'spam', 'phishing', 'botnet_c_c', 'dos', 'malware', 'copyright', 'webattack', 'test', 'other'],
'source_type' => ['IP', 'URL', 'Reply-To:']
);
c) warden-apache.conf
The Apache2 configuration file for Warden server:
SSLEngine on
SSLVerifyDepth 3
SSLVerifyClient require
SSLOptions +StdEnvVars +ExportCertData
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile <path_to_server_certificate>
SSLCertificateKeyFile <path_to_server_certificate_key>
SSLCACertificateFile <path_to_CA_certificate>
PerlOptions +Parent
PerlSwitches -I <path_to_warden_server_libs>
<Location /Warden>
SetHandler perl-script
PerlHandler Warden::ApacheDispatch
SSLOptions +StdEnvVars
</Location>
--------------------------------------------------------------------------------
D. Update
For update of the Warden server package from local machine use update.sh.
Default destination directory is /opt/warden-server/.
For more information about update.sh options run update.sh -h
Usage: $ ./update.sh [-d <directory>] [-hV]
-d <directory> destination directory (default: /opt)
-h print this help
-V print script version number and exit
Example: # ./update.sh -d /opt
You must be root for running this script.
For more information about post-update steps see UPDATE file in 'doc'
directory.
--------------------------------------------------------------------------------
E. Uninstallation
For uninstallation of the Warden server package from local machine use uninstall.sh.
Default uninstallation directory is /opt/warden-server/.
For more information about uninstall.sh options run uninstall.sh -h
Usage: $ ./uninstall.sh [-d <directory>] [-hV]
-d <directory> uninstallation directory (default: /opt)
-h print this help
-V print script version number and exit
Example: # ./uninstall.sh -d /opt
You must be root for running this script.
For more information about post-uninstallation steps see UNINSTALL file in 'doc'
directory.
--------------------------------------------------------------------------------
F. Miscellaneous
1. Error Messages
Error messages of the server functions are sent via Syslog.
Default is local7 facility.
2. Firewall Settings
Make sure that the TCP port listed in /etc/apache2/sites-enables/default(-ssl)
is allowed on your firewall.
3. Privileges
The Warden server runs only under root privileges.
4. Known Issues
No issues are known.
--------------------------------------------------------------------------------
G. Registration of Clients
The Warden server administrator is responsible for registering new clients or
removing those already registered. Both registration or unregistration scripts
are provided in the Warden server package. Those scripts should be run from
localhost (the same machine the Warden server is installed and running on).
Members of Warden community who would like to have their client registered must
contact the Warden server administrator with the requirement. This is usually
done via secured e-mail. Requestor should provide all important data to the
Warden server administrator so that the client can be successfully registered.
1. Register Sender
New sender clients are registered in Warden system via registerSender.pl.
Following attributes must be provided in order to register new client
successfully:
hostname - hostname of the client,
requestor - organization or authorized person who demands new
client registration,
service - name of the service of a new registered client,
description_tags - tags describing the nature of the service,
ip_net_client - CIDR the client is only allowed to communicate from.
One can run registerSender.pl with -h argument to see a help.
2. Register Receiver
New receiver clients are registered in Warden system via
registerReceiver.pl.
Following attributes must be provided in order to register new client
successfully:
hostname - hostname of the client,
requestor - organization or authorized person who demands new
client registration,
type - the type of events the client wish to receive or '_any_'
for receiving of all types of events,
receive_own_events - boolean value describing if events originating from
the same CIDR will be sent to the client,
ip_net_client - CIDR the client is only allowed to communicate from.
One can run registerReceiver.pl with -h argument to see a help.
3. Unregister Client
In the Warden system, already registered clients can be removed
(unregistered) via unregisterClient.pl.
Following attribute must be provided in order to unregister existing client
successfully:
client_id - ID of the client that should be removed (unregistered).
One can run unregisterClient.pl with -h argument to see a help.
The process of unregistration deletes this client from clients table in DB.
But all messages stored by this client (considering "sender" client) are not
deleted, they are merely set 'invalid' in DB table events.
--------------------------------------------------------------------------------
H. Status Info
Functions in this section show status of the Warden server and active
(registered) clients to the Warden system administrator.
Similarly to (un)registration, these functions should be run from
localhost (e. g. from the same machine the Warden server is installed and
running on).
1. Get Status
Function getStatus is accessible via getStatus.pl. Function has no input
parameters and returns info about the Warden server, its DB status and
event's statistics of active registered senders.
2. Get Clients
Function getClients is accessible via getClients.pl. Function has no input
parameters and returns detailed information about all registered clients.
--------------------------------------------------------------------------------
Copyright (C) 2011-2012 Cesnet z.s.p.o
Uninstallation process
======================
Content
A. Overview
B. Uninstallation step
C. Post-uninstallation steps
--------------------------------------------------------------------------------
A. Overview
-----------
For uninstallation of warden-server package from local machine use uninstall.sh.
Default uninstallation directory is /opt/warden-server/.
For more information about uninstall.sh options run uninstall.sh -h.
You must be root for running this script.
B. Uninstallation step
----------------------
1) Uninstall Warden server package (example for default installation path)
# /opt/warden-server/uninstall.sh -d /opt
C. Post-uninstallation steps
----------------------------
1) Stop Apache server
# /etc/init.d/apache2 stop
2) Disable of mod_ssl module
# a2dismod ssl
3) Remove Apache server configuration
a) VirtualHost section configuration
- remove include parameters from the Warden server configuration file (<warden-server_path>/etc/warden-apache.conf)
# vim /etc/apache2/sites-enables/default(-ssl)
<VirtualHost *:443>
...
Include /opt/warden-server/etc/warden-apache.conf
</VirtualHost>
b) remove Apache server performance configuration
# vim /etc/apache2/apache2.conf
- prefork module settings
<IfModule mpm_prefork_module>
StartServers 2
MinSpareServers 4
MaxSpareServers 8
ServerLimit 700
MaxClients 700
MaxRequestsPerChild 0
</IfModule>
- connection settings
Timeout 10
KeepAlive Off
4) Drop MySQL database
$ mysql -u <user> -h localhost -p <password>
mysql> DROP DATABASE warden;
mysql> exit
5) Uninstall unnecessary packages (optional)
# aptitude remove apache2 mysql-server libapache2-mod-perl2 apache2-mpm-prefork
6) Start Apache server
# /etc/init.d/apache2 start
Update process
==============
Content
A. Overview
B. Update steps
C. Post-update steps
--------------------------------------------------------------------------------
A. Overview
-----------
For update of warden-server package from local machine use update.sh.
Default destination directory is /opt/warden-server/.
For more information about update.sh options run update.sh -h.
You must be root for running this script.
B. Update steps
---------------
1) Update Warden server package (default destination path)
# ./warden-server-2.1/update.sh -d /opt
C. Post-update steps
--------------------
1) Update Warden server database
$ mysql -u <user> -h localhost -p <password> < {warden-server_path}/doc/warden20to21.patch
2) Restart Apache server
# /etc/init.d/apache2 restart
-- MySQL dump 10.11
--
-- Host: localhost Database: warden
-- ------------------------------------------------------
-- Server version 5.0.51a-24+lenny3
/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
/*!40101 SET NAMES utf8 */;
/*!40103 SET @OLD_TIME_ZONE=@@TIME_ZONE */;
/*!40103 SET TIME_ZONE='+00:00' */;
/*!40014 SET @OLD_UNIQUE_CHECKS=@@UNIQUE_CHECKS, UNIQUE_CHECKS=0 */;
/*!40014 SET @OLD_FOREIGN_KEY_CHECKS=@@FOREIGN_KEY_CHECKS, FOREIGN_KEY_CHECKS=0 */;
/*!40101 SET @OLD_SQL_MODE=@@SQL_MODE, SQL_MODE='NO_AUTO_VALUE_ON_ZERO' */;
/*!40111 SET @OLD_SQL_NOTES=@@SQL_NOTES, SQL_NOTES=0 */;
--
-- Current Database: `warden`
--
CREATE DATABASE /*!32312 IF NOT EXISTS*/ `warden` /*!40100 DEFAULT CHARACTER SET latin1 */;
USE `warden`;
--
-- Table structure for table `clients`
--
DROP TABLE IF EXISTS `clients`;
SET @saved_cs_client = @@character_set_client;
SET character_set_client = utf8;
CREATE TABLE `clients` (
`client_id` int(11) NOT NULL auto_increment,
`hostname` varchar(256) default NULL,
`registered` timestamp NOT NULL default '0000-00-00 00:00:00',
`requestor` varchar(256) default NULL,
`service` varchar(64) default NULL,
`client_type` varchar(1) default NULL,
`type` varchar(64) default NULL,
`receive_own_events` varchar(1) default NULL,
`description_tags` varchar(256) default NULL,
`ip_net_client` varchar(256) default NULL,
PRIMARY KEY (`client_id`)
) ENGINE=MyISAM AUTO_INCREMENT=1 DEFAULT CHARSET=latin1;
SET character_set_client = @saved_cs_client;
--
-- Table structure for table `events`
--
DROP TABLE IF EXISTS `events`;
SET @saved_cs_client = @@character_set_client;
SET character_set_client = utf8;
CREATE TABLE `events` (
`id` int(11) NOT NULL auto_increment,
`hostname` varchar(256) default NULL,
`service` varchar(64) default NULL,
`detected` timestamp NOT NULL default '0000-00-00 00:00:00',
`received` timestamp NOT NULL default '0000-00-00 00:00:00',
`type` varchar(64) default NULL,
`source_type` varchar(64) default NULL,
`source` varchar(256) default NULL,
`target_proto` varchar(16) default NULL,
`target_port` int(2) unsigned default NULL,
`attack_scale` int(4) unsigned default NULL,
`note` text,
`priority` int(1) unsigned default NULL,
`timeout` int(2) unsigned default NULL,
`valid` varchar(1) default NULL,
PRIMARY KEY (`id`)
) ENGINE=MyISAM AUTO_INCREMENT=1 DEFAULT CHARSET=latin1;
SET character_set_client = @saved_cs_client;
/*!40103 SET TIME_ZONE=@OLD_TIME_ZONE */;
/*!40101 SET SQL_MODE=@OLD_SQL_MODE */;
/*!40014 SET FOREIGN_KEY_CHECKS=@OLD_FOREIGN_KEY_CHECKS */;
/*!40014 SET UNIQUE_CHECKS=@OLD_UNIQUE_CHECKS */;
/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;
/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
/*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */;
-- Dump completed on 2012-03-22 15:29:35
ALTER TABLE `clients` CHANGE `registered` `registered` TIMESTAMP NOT NULL DEFAULT '0000-00-00 00:00:00';
ALTER TABLE `events`
CHANGE `detected` `detected` TIMESTAMP NOT NULL DEFAULT '0000-00-00 00:00:00',
CHANGE `target_port` `target_port` INT( 2 ) UNSIGNED DEFAULT NULL ,
CHANGE `attack_scale` `attack_scale` INT( 4 ) UNSIGNED DEFAULT NULL ,
CHANGE `priority` `priority` INT( 1 ) UNSIGNED DEFAULT NULL ,
CHANGE `timeout` `timeout` INT( 2 ) UNSIGNED DEFAULT NULL;
warden-server-2.2
#
#
# warden-apache.conf - configuration file for the Apache server
#
SSLEngine on
SSLVerifyDepth 3
SSLVerifyClient require
SSLOptions +StdEnvVars +ExportCertData
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /etc/ssl/certs/warden-c.cesnet.cz.pem
SSLCertificateKeyFile /etc/ssl/private/warden-c.cesnet.cz.key
SSLCACertificateFile /etc/ssl/certs/tcs-ca-bundle.pem
PerlOptions +Parent
PerlSwitches -I /opt/warden-server/lib
<Location /Warden>
SetHandler perl-script
PerlHandler Warden::ApacheDispatch
SSLOptions +StdEnvVars
</Location>
#
# warden-server.conf - configuration file for Warden server
#
#-------------------------------------------------------------------------------
# BASEDIR - base directory of Warden server
#-------------------------------------------------------------------------------
$BASEDIR = "/opt/warden-server";
#-------------------------------------------------------------------------------
# SYSLOG - enable/disable syslog logging
#-------------------------------------------------------------------------------
$SYSLOG = 1;
#-------------------------------------------------------------------------------
# SYSLOG_VERBOSE - enable/disable logging in verbose mode (stack info added)
#-------------------------------------------------------------------------------
$SYSLOG_VERBOSE = 1;
#-------------------------------------------------------------------------------
# SYSLOG_FACILITY - syslog facility
#-------------------------------------------------------------------------------
$SYSLOG_FACILITY = "local7";
#-------------------------------------------------------------------------------
# DB_NAME - MySQL database name of Warden server
#-------------------------------------------------------------------------------
$DB_NAME = "warden";
#-------------------------------------------------------------------------------
# DB_USER - MySQL database user of Warden server
#-------------------------------------------------------------------------------
$DB_USER = "root";
#-------------------------------------------------------------------------------
# DB_PASS - MySQL database password of Warden server
#-------------------------------------------------------------------------------
$DB_PASS = "";
#-------------------------------------------------------------------------------
# DB_HOST - MySQL database host
#-------------------------------------------------------------------------------
$DB_HOST = "localhost";
#-------------------------------------------------------------------------------
# MAX_EVENTS_LIMIT - server limit of maximum number of events that can be
# delivered to one client in one batch
#-------------------------------------------------------------------------------
$MAX_EVENTS_LIMIT = 1000000;
#-------------------------------------------------------------------------------
# VALID_STRINGS - validation hash containing allowed event attributes
#-------------------------------------------------------------------------------
%VALID_STRINGS = (
"type" => ["portscan", "bruteforce", "probe", "spam", "phishing", "botnet_c_c", "dos", "malware", "copyright", "webattack", "test", "other", "_any_"],
"source_type" => ["IP", "URL", "Reply-To:"]
);
#!/usr/bin/perl -w
#
# Warden.pm
#
# Copyright (C) 2011-2013 Cesnet z.s.p.o
#
# Use of this source is governed by a BSD-style license, see LICENSE file.
package Warden;
use strict;
use DBI;
use DBD::mysql;
use Sys::Syslog qw(:DEFAULT setlogsock);
Sys::Syslog::setlogsock('unix');
use File::Basename;
use Net::CIDR::Lite;
use DateTime;
use MIME::Base64;
use Crypt::X509;
use SOAP::Lite;
use Carp;
our $VERSION = "2.2";
################################################################################
# READING OF CONFIGURATION VARIABLES
################################################################################
my $conf_file = "/opt/warden-server/etc/warden-server.conf"; # path is updated by install.sh
our $SYSLOG = undef;
our $SYSLOG_VERBOSE = undef;
our $SYSLOG_FACILITY = undef;
our $DB_NAME = undef;
our $DB_USER = undef;
our $DB_PASS = undef;
our $DB_HOST = undef;
our $MAX_EVENTS_LIMIT = 1000000; # default value
our %VALID_STRINGS = undef;
# load set variables by user
unless (do $conf_file) {
die("Errors in config file '$conf_file': $@") if $@;
die("Can't read config file '$conf_file': $!") unless defined $_;
# if $_ defined, it's retvalue of last statement of conf, for which we don't care
}
################################################################################
# VARIABLES
################################################################################
our $DBH = DBI->connect("DBI:mysql:database=$DB_NAME;host=$DB_HOST", $DB_USER, $DB_PASS, {RaiseError => 1, mysql_auto_reconnect => 1}) || die "Could not connect to database: $DBH->errstr";
################################################################################
# LOCAL FUNCTIONS
################################################################################
#-------------------------------------------------------------------------------
# sendMsg - sent message to syslog (SYS::Syslog) and to client (SOAP::Fault)
#
# Args: (SYSLOG severity, SYSLOG msg, SOAP msg)
#-------------------------------------------------------------------------------
sub sendMsg
{
my $severity = shift;
my $syslog_msg = shift;
my $soap_msg = shift;
my $filename = File::Basename::basename($0);
if ($SYSLOG_VERBOSE == 1 && ($severity eq "err" || $severity eq "debug")) {
$syslog_msg .= "\nStack info: " . Carp::longmess();
}
if ($SYSLOG == 1 && defined $severity && defined $syslog_msg) {
Sys::Syslog::openlog($filename, "cons,pid", $SYSLOG_FACILITY);
Sys::Syslog::syslog("$severity", "$syslog_msg");
Sys::Syslog::closelog();
}
if (defined $soap_msg) {
die SOAP::Fault->faultstring($soap_msg);
}
} # End of sendMsg
#-------------------------------------------------------------------------------
# getAltNames - parse Alternate names from SSL certifiate
#-------------------------------------------------------------------------------
sub getAltNames
{
my @an_array;
my $cn = $ENV{'SSL_CLIENT_S_DN_CN'};
push(@an_array, $DBH->quote($cn));
my @a = split("\n", $ENV{'SSL_CLIENT_CERT'});
pop @a;
shift @a;
my $der = decode_base64(join("", @a));
my $decoded= Crypt::X509->new(cert => $der);
foreach my $tmp (@{$decoded->SubjectAltName}) {
if($tmp =~ s/dNSName=//){
push(@an_array, $DBH->quote($tmp));
}
}
my $alt_names = join(',', @an_array);
return $alt_names;
}
#-------------------------------------------------------------------------------
# authorizeClient - authorize client by CN,AN and source IP range
#-------------------------------------------------------------------------------
sub authorizeClient
{
my ($alt_names, $ip, $service_type, $client_type, $function_name) = @_;
my $sth;
# obtain cidr based on rigth common name and alternate names, service and client_type
if($function_name eq 'saveNewEvent') {
$sth = $DBH->prepare("SELECT client_id, hostname, ip_net_client, receive_own_events FROM clients WHERE hostname IN ($alt_names) AND service = ? AND client_type = ? ORDER BY SUBSTRING_INDEX(ip_net_client,'/', -1) DESC;");
} elsif($function_name eq 'getNewEvents') {
$sth = $DBH->prepare("SELECT client_id, hostname, ip_net_client, receive_own_events FROM clients WHERE hostname IN ($alt_names) AND (type = ? OR type = '_any_') AND client_type = ? ORDER BY SUBSTRING_INDEX(ip_net_client,'/', -1) DESC;");
} elsif($function_name eq 'getClientInfo') {
$sth = $DBH->prepare("SELECT client_id, hostname, ip_net_client, receive_own_events FROM clients WHERE hostname IN ($alt_names) ORDER BY SUBSTRING_INDEX(ip_net_client,'/', -1) DESC;");
} elsif($function_name eq 'getLastId') {
$sth = $DBH->prepare("SELECT client_id, hostname, ip_net_client, receive_own_events FROM clients WHERE hostname IN ($alt_names) AND client_type = 'r' ORDER BY SUBSTRING_INDEX(ip_net_client,'/', -1) DESC;");
}
# check db handler
if (!defined $sth) {
sendMsg("err",
"Cannot prepare authorization statement in $function_name: $DBH->errstr",
"Internal 'prepare' server error")
}
# execute query for two or none params functions
if ($function_name eq 'saveNewEvent' || $function_name eq 'getNewEvents') {
$sth->execute($service_type, $client_type);
} else {
$sth->execute;
}
# obtain registration info about clients
my ($client_id, $an, $cidr, $receive_own, $cidr_list);
my $correct_ip_source = 0;
my %ret;
while(($client_id, $an, $cidr, $receive_own) = $sth->fetchrow()) {
my $cidr_list = Net::CIDR::Lite-> new -> add($cidr);
$ret{'client_id'} = $client_id;
$ret{'dns'} = $an;
$ret{'cidr'} = $cidr;
$ret{'receive_own'} = $receive_own;
if ($cidr_list->bin_find($ip)) {
$correct_ip_source = 1;
last;
}
}
# check if client is registered
if ($sth->rows == 0) {
sendMsg("err",
"Unauthorized access to function '$function_name' from: '$ip'; CN(AN): $alt_names; used service: '$service_type' - client is not registered",
"Access denied - client is not registered at warden server $ENV{'SERVER_NAME'}");
return undef;
}
# check if client has IP from registered CIDR
if (!$correct_ip_source) {
sendMsg ("err",
"Unauthorized access to function '$function_name' from: '$ip'; CN(AN): $alt_names; used service: '$service_type' - access from bad subnet: Registered subnet '$ret{'cidr'}'",
"Access denied - access to $ENV{'SERVER_NAME'} from unauthorized subnet");
return undef;
}
return %ret;
} # END of authorizeClient
################################################################################
# SOAP Functions
################################################################################
#-----------------------------------------------------------------------------
# saveNewEvent - save new received event into database
#-----------------------------------------------------------------------------
sub saveNewEvent
{
my ($class, $data) = @_;
my ($sth, $cidr_list);
# client network information
my $cn = $ENV{'SSL_CLIENT_S_DN_CN'};
my $alt_names = getAltNames(undef);
my $ip = $ENV{'REMOTE_ADDR'};
# variables defined by server
my $function_name = 'saveNewEvent';
my $client_type = 's'; # incoming client MUST be sender
my $valid = 't'; # registered sender has valid events
my $received = DateTime->now; # time of event delivery (UTC)
# parse object (event) parameters
my $service = $data->{'SERVICE'};
my $detected = $data->{'DETECTED'};
my $type = $data->{'TYPE'};
my $source_type = $data->{'SOURCE_TYPE'};
my $source = $data->{'SOURCE'};
my $target_proto = $data->{'TARGET_PROTO'};
my $target_port = $data->{'TARGET_PORT'};
my $attack_scale = $data->{'ATTACK_SCALE'};
my $note = $data->{'NOTE'};
my $priority = $data->{'PRIORITY'};
my $timeout = $data->{'TIMEOUT'};
my %client = authorizeClient($alt_names, $ip, $service, $client_type, $function_name);
if(defined %client) {
if (!(exists $VALID_STRINGS{'type'} && grep $type eq $_, @{$VALID_STRINGS{'type'}})) {
sendMsg("err",
"Unknown event type - client from: '$ip'; CN(AN): $alt_names; used type: '$type'",
"Unknown event type '$type'");
} elsif (!(exists $VALID_STRINGS{'source_type'} && grep $source_type eq $_, @{$VALID_STRINGS{'source_type'}})) {
sendMsg("err",
"Unknown source type - client from: '$ip'; CN(AN): $alt_names; used source_type: '$source_type'",
"Unknown source type '$source_type'");
# http://my.safaribooksonline.com/book/programming/regular-expressions/9780596802837/4dot-validation-and-formatting/id2983571
} elsif ($detected !~ /^((?:[1-9][0-9]*)?[0-9]{4})-(1[0-2]|0[1-9])-(3[0-1]|0[1-9]|[1-2][0-9])T(2[0-3]|[0-1][0-9]):([0-5][0-9]):([0-5][0-9])(\.[0-9]+)?(Z|[+-](?:2[0-3]|[0-1][0-9]):[0-5][0-9])?/) {
sendMsg("err",
"Unknown detected time format - client from: '$ip'; CN(AN): $alt_names; used detected: '$detected'",
"Unknown detected time format '$detected'");
} elsif ($target_port !~ /^\d+\z/ && defined $target_port) {
sendMsg("err",
"Unknown target port - client from: '$ip'; CN(AN): $alt_names; used target_port: '$target_port'",
"Unknown target port '$target_port'");
} elsif ($attack_scale !~ /^\d+\z/ && defined $attack_scale) {
sendMsg("err",
"Unknown attack scale - client from: '$ip'; CN(AN): $alt_names; used attack_scale: '$attack_scale'",
"Unknown attack scale '$attack_scale'");
} elsif ($priority !~ /^\d+\z/ && defined $priority) {
sendMsg("err",
"Unknown priority - client from: '$ip'; CN(AN): $alt_names; used priority: '$priority'",
"Unknown priority '$priority'");
} elsif ($timeout !~ /^\d+\z/ && defined $timeout) {
sendMsg("err",
"Unknown timeout - client from: '$ip'; CN(AN): $alt_names; used timeout: '$timeout'",
"Unknown timeout '$timeout'");
} else {
$sth=$DBH->prepare("INSERT INTO events VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?);");
if (!defined $sth) {
sendMsg("err",
"Cannot prepare statement in function '$function_name': $DBH->errstr",
"Internal 'prepare' server error");
}
$sth->execute(undef, $client{'dns'}, $service, $detected, $received, $type, $source_type, $source, $target_proto, $target_port, $attack_scale, $note, $priority, $timeout, $valid);
return 1;
}
}
} # END of saveNewEvent
#-----------------------------------------------------------------------------
# getNewEvents - get new events from the DB greater than received ID
#-----------------------------------------------------------------------------
sub getNewEvents
{
my ($class, $data) = @_;
my ($sth, @events, $event, @ids, $cidr_list);
my ($id, $hostname, $service, $detected, $type, $source_type, $source, $target_proto, $target_port, $attack_scale, $note, $priority, $timeout);
# client network information
my $cn = $ENV{'SSL_CLIENT_S_DN_CN'};
my $alt_names = getAltNames(undef);
my $ip = $ENV{'REMOTE_ADDR'};
my $client_type = 'r'; # incoming client MUST be sender
my $function_name = 'getNewEvents';
# parse SOAP data object
my $requested_type = $data->{'REQUESTED_TYPE'} || '_any_';
my $last_id = $data->{'LAST_ID'};
my $max_rcv_events_limit = $data->{'MAX_RCV_EVENTS_LIMIT'}; # client events limit
# comparison of client and server limit - which can be used
my $used_limit;
if (defined $max_rcv_events_limit && $max_rcv_events_limit < $MAX_EVENTS_LIMIT) {
$used_limit = $max_rcv_events_limit;
} else {
$used_limit = $MAX_EVENTS_LIMIT;
}
my %client = authorizeClient($alt_names, $ip, $requested_type, $client_type, $function_name);
if(defined %client) {
if ($client{'receive_own'} eq 't') {
if ($requested_type eq '_any_') {
$sth = $DBH->prepare("SELECT * FROM events WHERE type != 'test' AND id > ? AND valid = 't' ORDER BY id ASC LIMIT ?;");
if (!defined $sth) {
sendMsg("err",
"Cannot prepare ROE-ANY statement in function '$function_name': $DBH->errstr",
"Internal 'prepare' server error");
}
$sth->execute($last_id, $used_limit);
} else {
$sth = $DBH->prepare("SELECT * FROM events WHERE type != 'test' AND id > ? AND type = ? AND valid = 't' ORDER BY id ASC LIMIT ?;");
if (!defined $sth) {
sendMsg("err",
"Cannot prepare ROE statement in function '$function_name': $DBH->errstr",
"Internal 'prepare' server error");
}
$sth->execute($last_id, $requested_type, $used_limit);
}
} else {
if ($requested_type eq '_any_') {
$sth = $DBH->prepare("SELECT * FROM events WHERE type != 'test' AND id > ? AND valid = 't' AND hostname NOT LIKE ? ORDER BY id ASC LIMIT ?;");
if (!defined $sth) {
sendMsg("err",
"Cannot prepare ANY statement in function '$function_name': $DBH->errstr",
"Internal 'prepare' server error");
}
my ($domain) = $cn =~ /([^\.]+\.[^\.]+)$/;
$domain = '\%' . $domain;
$sth->execute($last_id, $domain, $used_limit);
} else {
$sth = $DBH->prepare("SELECT * FROM events WHERE type != 'test' AND id > ? AND type = ? AND valid = 't' AND hostname NOT LIKE ? ORDER BY id ASC LIMIT ?;");
if (!defined $sth) {
sendMsg("err",
"Cannot prepare statement in function '$function_name': $DBH->errstr\n",
"Internal 'prepare' server error");
}
my ($domain) = $cn =~ /([^\.]+\.[^\.]+)$/;
$domain = '\%' . $domain;
$sth->execute($last_id, $requested_type, $domain, $used_limit);
}
}
# parse items of events stored in DB
while (my @result = $sth->fetchrow()) {
$id = $result[0];
$hostname = $result[1];
$service = $result[2];
$detected = $result[3];
$type = $result[5];
$source_type = $result[6];
$source = $result[7];
$target_proto = $result[8];
$target_port = $result[9];
$attack_scale = $result[10];
$note = $result[11];
$priority = $result[12];
$timeout = $result[13];
# create SOAP data object
$event = SOAP::Data->name(event => \SOAP::Data->value(
SOAP::Data->name(ID => $id),
SOAP::Data->name(HOSTNAME => $hostname),
SOAP::Data->name(SERVICE => $service),
SOAP::Data->name(DETECTED => $detected),
SOAP::Data->name(TYPE => $type),
SOAP::Data->name(SOURCE_TYPE => $source_type),
SOAP::Data->name(SOURCE => $source),
SOAP::Data->name(TARGET_PROTO => $target_proto),
SOAP::Data->name(TARGET_PORT => $target_port),
SOAP::Data->name(ATTACK_SCALE => $attack_scale),
SOAP::Data->name(NOTE => $note),
SOAP::Data->name(PRIORITY => $priority),
SOAP::Data->name(TIMEOUT => $timeout)
));
push(@events, $event);
push(@ids, $id);
}
# log sent ID of events
if (scalar @events != 0) {
if (scalar @ids == 1) {
sendMsg("info",
"Sent 1 event [#$ids[0]] to '$ip' [CN(AN): $alt_names], client_limit: '$max_rcv_events_limit', requested_type: '$requested_type'",
undef);
} else {
sendMsg("info",
"Sent " . scalar @ids . " events [#$ids[0] - #$ids[-1]] to '$ip' [CN(AN): $alt_names], client_limit: '$max_rcv_events_limit', requested_type: '$requested_type'",
undef);
}
}
return @events;
}
} # END of getNewEvents
#-----------------------------------------------------------------------------
# getLastId - get lastest saved event ID
#-----------------------------------------------------------------------------
sub getLastId
{
my ($class, $arg) = @_;
# client network information
my $cn = $ENV{'SSL_CLIENT_S_DN_CN'};
my $alt_names = getAltNames(undef);
my $ip = $ENV{'REMOTE_ADDR'};
my $service = undef;
my $client_type = undef;
my $function_name = 'getLastId';
my %client = authorizeClient($alt_names, $ip, $service, $client_type, $function_name);
if (defined %client) {
my $sth = $DBH->prepare("SELECT max(id) FROM events;");
if (!defined $sth) {
sendMsg("err",
"Cannot prepare statement in function '$function_name': $DBH->errstr",
"Internal 'prepare' server error");
}
$sth->execute;
my $result = $sth->fetchrow();
return $result;
}
} # END of getLastID
#-------------------------------------------------------------------------------
# getClientInfo - get list of registered clients on Warden server
# by Warden client
#-------------------------------------------------------------------------------
sub getClientInfo
{
my ($class, $data) = @_;
my (@clients, $client);
my ($client_id, $hostname, $registered, $requestor, $service, $client_type, $type, $receive_own_events, $description_tags, $ip_net_client);
# client network information
my $cn = $ENV{'SSL_CLIENT_S_DN_CN'};
my $alt_names = getAltNames(undef);
my $ip = $ENV{'REMOTE_ADDR'};
my $service = undef;
my $client_type = undef;
my $function_name = 'getClientInfo';
my %client = authorizeClient($alt_names, $ip, $service, $client_type, $function_name);
if (defined %client) {
my $sth = $DBH->prepare("SELECT * FROM clients ORDER BY client_id ASC;");
if (!defined $sth) {
sendMsg("err",
"Cannot prepare statement in function '$function_name': $DBH->errstr",
"Internal 'prepare' server error");
}
$sth->execute;
while ( my @result = $sth->fetchrow() ) {
$client_id = $result[0];
$hostname = $result[1];
$registered = $result[2];
$requestor = $result[3];
$service = $result[4];
$client_type = $result[5];
$type = $result[6];
$receive_own_events = $result[7];
$description_tags = $result[8];
$ip_net_client = $result[9];
$client = SOAP::Data->name(client => \SOAP::Data->value(
SOAP::Data->name(CLIENT_ID => $client_id),
SOAP::Data->name(HOSTNAME => $hostname),
SOAP::Data->name(REGISTERED => $registered),
SOAP::Data->name(REQUESTOR => $requestor),
SOAP::Data->name(SERVICE => $service),
SOAP::Data->name(CLIENT_TYPE => $client_type),
SOAP::Data->name(TYPE => $type),
SOAP::Data->name(RECEIVE_OWN_EVENTS => $receive_own_events),
SOAP::Data->name(DESCRIPTION_TAGS => $description_tags),
SOAP::Data->name(IP_NET_CLIENT => $ip_net_client),
));
push(@clients, $client);
}
my $sum = scalar @clients;
sendMsg("info",
"Sending information about '$sum' registered clients from $ENV{'SERVER_NAME'}",
undef);
return @clients;
}
} # END of getClientInfo
1;
#!/usr/bin/perl
use strict;
use warnings;
use DBI;
use DBD::mysql;
use Data::Dumper;
use Test::More tests => 18;
use Test::MockModule;
use Test::Exception;
use lib '..';
use Warden;
# Fake $ENV values
BEGIN {
$ENV{'SSL_CLIENT_S_DN_CN'} = 'warden-dev.cesnet.cz';
$ENV{'SSL_CLIENT_CERT'} = '-----BEGIN CERTIFICATE-----
MIIEZzCCA0+gAwIBAgIRAKV1flST9dLTKDnQZsgWFmQwDQYJKoZIhvcNAQEFBQAw
NjELMAkGA1UEBhMCTkwxDzANBgNVBAoTBlRFUkVOQTEWMBQGA1UEAxMNVEVSRU5B
IFNTTCBDQTAeFw0xMTA4MTgwMDAwMDBaFw0xMzA4MTcyMzU5NTlaMD0xCzAJBgNV
BAYTAkNaMQ8wDQYDVQQKEwZDRVNORVQxHTAbBgNVBAMTFHdhcmRlbi1kZXYuY2Vz
bmV0LmN6MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxIzyexCL/CB6
COj691JLEWYEVkBLhROqbENk0ka/LbTtS5oNS3WDJVOK7aoHO3yluAdg1VocfFeY
hTgZGAzC82IuNLc+873XTfO2bzotbJL31CBUwpz2QhEAjGgjdvSx++VZAlbDKIa7
RnRcp9AsxPgqlUokVZbmR55sRO7QPaFqBUO061rj56uKzZocXy9RB+vVBQFUR5CF
GKOJhsiRU3GtHpEshKpOGX6jiC5OkUkcVr61Fb4BgKPFFptiiuwTuHUM40PLAdC/
B2lWdt4qPZqeiDFOVAQJH2tpi0Bhn2dmS1ttU76qpfP4RCPXZFxdxqxWgMjGq7Fp
ON3G3ySb3QIDAQABo4IBZzCCAWMwHwYDVR0jBBgwFoAUDL2TaAzz3qujSWsrN1dH
6pDjue0wHQYDVR0OBBYEFMfGqZzdRFP42/ewN/5kPQoI83hxMA4GA1UdDwEB/wQE
AwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcD
AjAYBgNVHSAEETAPMA0GCysGAQQBsjEBAgIdMDoGA1UdHwQzMDEwL6AtoCuGKWh0
dHA6Ly9jcmwudGNzLnRlcmVuYS5vcmcvVEVSRU5BU1NMQ0EuY3JsMG0GCCsGAQUF
BwEBBGEwXzA1BggrBgEFBQcwAoYpaHR0cDovL2NydC50Y3MudGVyZW5hLm9yZy9U
RVJFTkFTU0xDQS5jcnQwJgYIKwYBBQUHMAGGGmh0dHA6Ly9vY3NwLnRjcy50ZXJl
bmEub3JnMB8GA1UdEQQYMBaCFHdhcmRlbi1kZXYuY2VzbmV0LmN6MA0GCSqGSIb3
DQEBBQUAA4IBAQC/mZ2bKGj4ysHVB4q/skhYXMiTYBmVD7G7X434YIg70VDBM5IJ
efNNfx8HNdCprboX5PSPCpxl9n3TPARnEO2cm7XvVvt+wkdjNOys8z7a2DIPaeJ+
An3sIPzWUtm85UxujghIJ9nPh1ovZ75cQ2HF5C79qCyKzHtfP77Kq61Nm2Ay4aTq
gWyjFAPRjnB9fczhjdzntVRdjUFVq8z4ifq3Lv+hbN6aOjhfKRt8Ksr3IFlfKJdy
0sE0lEZdjG+O8rsuHCT/c+90IvGsG5JLT5SPJIxwQ1+fPJDfB37VWmUC9meSe7rt
iP0EQsnY1ytKuyUylJl0FiF/wG3rB8N7qlua
-----END CERTIFICATE-----';
$ENV{'REMOTE_ADDR'} = '195.113.161.39';
$ENV{'SERVER_NAME'} = 'warden-dev.cesnet.cz';
$ENV{'SERVER_ADDR'} = '195.113.161.39';
$ENV{'SERVER_PORT'} = '443';
$Warden::MAX_EVENTS_LIMIT = "1000001";
%Warden::VALID_STRINGS = (
'type' => ['portscan', 'bruteforce', 'probe', 'spam', 'phishing', 'botnet_c_c', 'dos', 'malware', 'copyright', 'webattack', 'test', 'other'],
'source_type' => ['IP', 'URL', 'Reply-To:']);
my $correctDBH = DBI->connect("DBI:mysql:database=warden;host=localhost", "root", "w4rd3n&r00t", {RaiseError => 1, mysql_auto_reconnect => 1}) || die "Could not connect to database: $DBI::errstr";
my $failDBH;
$Warden::DBH = $correctDBH;
}
my $ret;
# Alternate names test
print "GetAltNames test\n";
# 1
#$alt_names, $ip, $service_type, $client_type, $function_name
lives_and( sub{ is Warden::getAltNames("warden-dev.cesnet.cz","195.113.161.39","honeyscan","s","someEvent"), "'warden-dev.cesnet.cz','warden-dev.cesnet.cz'"}, 'everything is OK.');
#print "$@\n";
# Client authorizaton test
print "AuthorizeClient tests\n";
# 2
dies_ok( sub{ Warden::authorizeClient("'warden-dev.cesnet.cz','warden-dev.cesnet.cz'","195.113.161.39","honeyscan","s","badAndUglyEvent") }, 'badAndUglyEvent: die (doesn\'t exist)' );
#print "$@\n";
# 3
dies_ok( sub{ Warden::authorizeClient("'warden-dev.cesnet.cz','warden-dev.cesnet.cz'","195.113.161.222","badType","s","saveNewEvent")}, 'saveNewEvent: client is not registered');
#print "$@\n";
# 4
dies_ok( sub{ Warden::authorizeClient("'warden-dev.cesnet.cz','warden-dev.cesnet.cz'","195.113.161.222","badType","s","getNewEvents")}, 'getNewEvents: client is not registered');
#print "$@\n";
# 5
lives_and( sub{ is Warden::authorizeClient("'warden-dev.cesnet.cz','warden-dev.cesnet.cz'","195.113.161.39","honeyscan","s","saveNewEvent"), '3/8'}, 'saveNewEvent: OK.');
#print "$@\n";
# 6
lives_and( sub{ is Warden::authorizeClient("'warden-dev.cesnet.cz','warden-dev.cesnet.cz'","195.113.161.39","any","r","getNewEvents"), '3/8'}, 'getNewEvents: OK.');
#print "$@\n";
# Save event test
print "SaveNewEvent tests\n";
# TODO: run database and SELECT error checks
my %event = ('TYPE' => 'badType', 'DETECTED' => '2012-09-18T06:06:06+01:00', 'SERVICE' => 'test', 'SOURCE_TYPE' => 'IP', 'SOURCE' => '123.123.123.123', 'TARGET_PROTO' => 'TCP', 'TARGET_PORT' => '22', 'ATTACK_SCALE' => '1234567890', 'NOTE' => 'Unit testing event', 'PRIORITY' => '1', 'TIMEOUT' => '20');
dies_ok( sub{ $ret = Warden::saveNewEvent("test", \%event)}, 'bad type');
%event = ('TYPE' => 'test', 'DETECTED' => '2012-09-18T06:06:06+01:00', 'SERVICE' => 'test', 'SOURCE_TYPE' => 'BADTYPE', 'SOURCE' => '123.123.123.123', 'TARGET_PROTO' => 'TCP', 'TARGET_PORT' => '22', 'ATTACK_SCALE' => '1234567890', 'NOTE' => 'Unit testing event', 'PRIORITY' => '1', 'TIMEOUT' => '20');
dies_ok( sub{ $ret = Warden::saveNewEvent("test", \%event)}, 'bad source type.');
%event = ('TYPE' => 'test', 'DETECTED' => 'XXXX-09-18T06:06:06+01:00', 'SERVICE' => 'test', 'SOURCE_TYPE' => 'IP', 'SOURCE' => '123.123.123.123', 'TARGET_PROTO' => 'TCP', 'TARGET_PORT' => '22', 'ATTACK_SCALE' => '1234567890', 'NOTE' => 'Unit testing event', 'PRIORITY' => '1', 'TIMEOUT' => '20');
dies_ok( sub{ $ret = Warden::saveNewEvent("test", \%event)}, 'bad date format.');
%event = ('TYPE' => 'test', 'DETECTED' => '2012-09-18T06:06:06+01:00', 'SERVICE' => 'test', 'SOURCE_TYPE' => 'IP', 'SOURCE' => '123.123.123.123', 'TARGET_PROTO' => 'TCP', 'TARGET_PORT' => 'XXX', 'ATTACK_SCALE' => '1234567890', 'NOTE' => 'Unit testing event', 'PRIORITY' => '1', 'TIMEOUT' => '20');
dies_ok( sub{ $ret = Warden::saveNewEvent("test", \%event)}, 'port is not a number.');
%event = ('TYPE' => 'test', 'DETECTED' => '2012-09-18T06:06:06+01:00', 'SERVICE' => 'test', 'SOURCE_TYPE' => 'IP', 'SOURCE' => '123.123.123.123', 'TARGET_PROTO' => 'TCP', 'TARGET_PORT' => '22', 'ATTACK_SCALE' => 'XXX', 'NOTE' => 'Unit testing event', 'PRIORITY' => '1', 'TIMEOUT' => '20');
dies_ok( sub{ $ret = Warden::saveNewEvent("test", \%event)}, 'attack scale is not a number.');
%event = ('TYPE' => 'test', 'DETECTED' => '2012-09-18T06:06:06+01:00', 'SERVICE' => 'test', 'SOURCE_TYPE' => 'IP', 'SOURCE' => '123.123.123.123', 'TARGET_PROTO' => 'TCP', 'TARGET_PORT' => '22', 'ATTACK_SCALE' => '1234567890', 'NOTE' => 'Unit testing event', 'PRIORITY' => 'XXX', 'TIMEOUT' => '20');
dies_ok( sub{ $ret = Warden::saveNewEvent("test", \%event)}, 'priority is not a number.');
%event = ('TYPE' => 'test', 'DETECTED' => '2012-09-18T06:06:06+01:00', 'SERVICE' => 'test', 'SOURCE_TYPE' => 'IP', 'SOURCE' => '123.123.123.123', 'TARGET_PROTO' => 'TCP', 'TARGET_PORT' => '22', 'ATTACK_SCALE' => '1234567890', 'NOTE' => 'Unit testing event', 'PRIORITY' => '1', 'TIMEOUT' => 'XXX');
dies_ok( sub{ $ret = Warden::saveNewEvent("test", \%event)}, 'timeout is not a number.');
%event = ('TYPE' => 'test', 'DETECTED' => '2012-09-18T06:06:06+01:00', 'SERVICE' => 'test', 'SOURCE_TYPE' => 'IP', 'SOURCE' => '123.123.123.123', 'TARGET_PROTO' => 'TCP', 'TARGET_PORT' => '22', 'ATTACK_SCALE' => '1234567890', 'NOTE' => 'Unit testing event', 'PRIORITY' => '1', 'TIMEOUT' => '20');
lives_ok( sub{ $ret = Warden::saveNewEvent("test", \%event)}, 'everything is fine.');
# Get new event
print "GetNewEvents tests\n";
# TODO: run database and SELECT error checks
# dies_ok {Warden::getNewEvents()} 'Cannot work with the database.';
my %getEventHash = ('REQUESTED_TYPE' => 'any', 'LAST_ID' => '1', 'MAX_RCV_EVENTS_LIMIT' => '10');
lives_ok( sub{ Warden::getNewEvents("test",\%getEventHash)}, 'everything is fine.');
# Get last ID test
print "GetLastId test\n";
# TODO: run database and SELECT error checks
lives_ok( sub{Warden::getLastId() =~ /^\d+$/}, 'getLastID is OK.');
# Get clients test
print "GetClients\n";
# TODO: run database and SELECT error checks
lives_ok( sub{ Warden::getClients()}, 'everything is fine.');
print "GetStatus\n";
# run database and SELECT error checks
lives_ok( sub{ Warden::getStatus()}, 'everything is fine.');
#!/usr/bin/perl -w
#
# ApacheDispatch.pm
#
# Copyright (C) 2011-2012 Cesnet z.s.p.o
#
# Use of this source is governed by a BSD-style license, see LICENSE file.
package Warden::ApacheDispatch;
use strict;
use SOAP::Transport::HTTP;
our $VERSION = "2.0";
# set server dispatch_to
my $server = SOAP::Transport::HTTP::Apache->dispatch_to('.','Warden');
#-------------------------------------------------------------------------------
# handler - call handler for Warden server
#-------------------------------------------------------------------------------
sub handler {
$server->handler(@_)
}
1;
#!/usr/bin/perl -w
#
# WardenConf.pm
#
# Copyright (C) 2011-2012 Cesnet z.s.p.o
#
# Use of this source is governed by a BSD-style license, see LICENSE file.
package WardenConf;
use strict;
our $VERSION = "2.0";
#-------------------------------------------------------------------------------
# loadConf - load variables from configuration file
#-------------------------------------------------------------------------------
sub loadConf
{
my $conf_file = shift;
# preset of default variables
our $URI = undef;
our $SSL_KEY_FILE = undef;
our $SSL_CERT_FILE = undef;
our $SSL_CA_FILE = undef;
# load set variables by user
unless (do $conf_file) {
die("Errors in config file '$conf_file': $@") if $@;
die("Can't read config file '$conf_file': $!") unless defined $_;
# if $_ defined, it's retvalue of last statement of conf, for which we don't care
}
return ($URI, $SSL_KEY_FILE, $SSL_CERT_FILE, $SSL_CA_FILE);
} # End of loadConf
1;
#!/bin/bash
#
# install.sh
#
# Copyright (C) 2011-2012 Cesnet z.s.p.o
#
# Use of this source is governed by a BSD-style license, see LICENSE file.
VERSION="2.1"
#-------------------------------------------------------------------------------
# FUNCTIONS
#-------------------------------------------------------------------------------
usage()
{
echo "Usage: `basename $0` [-d <directory>] [-k <ssl_key_file>] [-c <ssl_cert_file>] [-a <ssl_ca_file>] [-hV]"
echo "-d <directory> installation directory (default: /opt)"
echo "-k <ssl_key_file> path to SSL certificate key file"
echo "-c <ssl_cert_file> path to SSL certificate file"
echo "-a <ssl_ca_file> path to CA certificate file"
echo "-h print this help"
echo "-V print script version number and exit"
echo
echo "Example: # ./`basename $0` -d /opt -k /etc/ssl/private/server.key -c /etc/ssl/certs/server.pem -a /etc/ssl/certs/tcs-ca-bundle.pem"
echo
echo "Note: You must be root for running this script."
echo " For more information about installation process, see README file (section Installation)."
echo
exit 0
}
version()
{
echo "`basename ${0}` - current version is $VERSION"
exit 0
}
err()
{
echo "FAILED!"
cat $err
rm -rf $err
echo
echo "Installation of $package_version package FAILED!!!"
exit 1
}
err_clean()
{
echo "FAILED!"
echo " -> Uninstalling server package ... OK"
rm -rf $server_path > /dev/null 2>&1
cat $err
rm -rf $err
echo
echo "Installation of $package_version package FAILED!!!"
exit 1
}
root_chck()
{
if [ $UID -ne 0 ]; then
echo "You must be root for running this script!"
exit 1
fi
}
params_chck()
{
if [ -z $prefix ]; then
prefix=/opt
echo "Warning: parameter -d <directory> is not set - default installation directory is ${prefix}!"
fi
if [ -z $key ]; then
echo "Parameter -k <ssl_key_file> is not set!"
exit 1
fi
if [ -z $cert ]; then
echo "Parameter -c <ssl_cert_file> is not set!"
exit 1
fi
if [ -z $ca_file ]; then
echo "Parameter -a <ssl_ca_file> is not set!"
exit 1
fi
}
old_package_chck()
{
old_package_version_file="${etc}/package_version"
if [ -f $old_package_version_file ]; then
old_package_version=`cat $old_package_version_file`
echo "Sorry, but $old_package_version package is installed!"
echo "For update of warden server package please use update.sh"
exit 1
fi
}
perl_chck()
{
echo -n "Checking Perl interpreter ... "
if which perl 1> /dev/null; then
echo "OK"
else
echo "FAILED!"
echo "Error: Perl interpreter is not installed!"
exit 1
fi
}
modules_chck()
{
for module in ${modules[@]};
do
echo -n "Checking $module module ... "
if perl -e "use $module" 2> $err; then
echo "OK"
else
err
fi
done
}
make_warden_dir()
{
echo -n "Creating Warden server directory ... "
test -d $prefix || mkdir -p $prefix
if cp -R ${dirname}/warden-server $prefix 2> $err; then
echo "OK"
else
err_clean
fi
cp ${dirname}/uninstall.sh $server_path
}
make_client_conf()
{
echo -n "Creating client configuration file ... "
echo "#
# warden-client.conf - configuration file for the warden sender/receiver client
#
#-------------------------------------------------------------------------------
# URI - URI address of Warden server
#-------------------------------------------------------------------------------
\$URI = \"https://${hostname}:443/Warden\";
#-------------------------------------------------------------------------------
# SSL_KEY_FILE - path to client SSL certificate key file
#-------------------------------------------------------------------------------
\$SSL_KEY_FILE = \"${key}\";
#-------------------------------------------------------------------------------
# SSL_CERT_FILE - path to client SSL certificate file
#-------------------------------------------------------------------------------
\$SSL_CERT_FILE = \"${cert}\";
#-------------------------------------------------------------------------------
# SSL_CA_FILE - path to CA certificate file
#-------------------------------------------------------------------------------
\$SSL_CA_FILE = \"${ca_file}\";" > $client_conf 2> $err; ret_val=`echo $?`
if [ $ret_val -eq 0 ]; then
echo "OK"
else
err_clean
fi
}
make_server_conf()
{
echo -n "Creating server configuration file ... "
echo "#
# warden-server.conf - configuration file for Warden server
#
#-------------------------------------------------------------------------------
# BASEDIR - base directory of Warden server
#-------------------------------------------------------------------------------
\$BASEDIR = \"${server_path}\";
#-------------------------------------------------------------------------------
# SYSLOG - enable/disable syslog logging
#-------------------------------------------------------------------------------
\$SYSLOG = 1;
#-------------------------------------------------------------------------------
# SYSLOG_VERBOSE - enable/disable logging in verbose mode (stack info added)
#-------------------------------------------------------------------------------
\$SYSLOG_VERBOSE = 1;
#-------------------------------------------------------------------------------
# SYSLOG_FACILITY - syslog facility
#-------------------------------------------------------------------------------
\$SYSLOG_FACILITY = \"local7\";
#-------------------------------------------------------------------------------
# DB_NAME - MySQL database name of Warden server
#-------------------------------------------------------------------------------
\$DB_NAME = \"warden\";
#-------------------------------------------------------------------------------
# DB_USER - MySQL database user of Warden server
#-------------------------------------------------------------------------------
\$DB_USER = \"warden\";
#-------------------------------------------------------------------------------
# DB_PASS - MySQL database password of Warden server
#-------------------------------------------------------------------------------
\$DB_PASS = \"\";
#-------------------------------------------------------------------------------
# DB_HOST - MySQL database host
#-------------------------------------------------------------------------------
\$DB_HOST = \"localhost\";
#-------------------------------------------------------------------------------
# MAX_EVENTS_LIMIT - server limit of maximum number of events that can be
# delivered to one client in one batch
#-------------------------------------------------------------------------------
\$MAX_EVENTS_LIMIT = 1000000;
#-------------------------------------------------------------------------------
# VALID_STRINGS - validation hash containing allowed event attributes
#-------------------------------------------------------------------------------
%VALID_STRINGS = (
\"type\" => [\"portscan\", \"bruteforce\", \"probe\", \"spam\", \"phishing\", \"botnet_c_c\", \"dos\", \"malware\", \"copyright\", \"webattack\", \"test\", \"other\", \"_any_\"],
\"source_type\" => [\"IP\", \"URL\", \"Reply-To:\"]
);" > $server_conf 2> $err; ret_val=`echo $?`
if [ $ret_val -eq 0 ]; then
echo "OK"
else
err_clean
fi
}
make_apache_conf()
{
echo -n "Creating Apache configuration file ... "
echo "#
#
# warden-apache.conf - configuration file for the Apache server
#
SSLEngine on
SSLVerifyDepth 3
SSLVerifyClient require
SSLOptions +StdEnvVars +ExportCertData
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile $cert
SSLCertificateKeyFile $key
SSLCACertificateFile $ca_file
PerlOptions +Parent
PerlSwitches -I $lib
<Location /Warden>
SetHandler perl-script
PerlHandler Warden::ApacheDispatch
SSLOptions +StdEnvVars
</Location>" > $apache_conf 2> $err; ret_val=`echo $?`
if [ $ret_val -eq 0 ]; then
echo "OK"
else
err_clean
fi
}
changeServerPath()
{
echo "Update server path ...";
for file in `ls -1 $bin`
do
echo "- update server path: ${bin}/$file"
perl -pi -e "s#/opt#${prefix}#" ${bin}/$file
done
echo "- update server path: ${lib}/Warden.pm"
perl -pi -e "s#/opt#${prefix}#" ${lib}/Warden.pm
}
create_symlinks()
{
echo "Creating symbolic links ..."
for file in `ls -1 $bin`
do
echo "- making symlink: ${local_bin}/$file -> ${bin}/$file"
ln -s ${bin}/$file ${local_bin}/$file
done
}
#-------------------------------------------------------------------------------
# MAIN
#-------------------------------------------------------------------------------
# list of used Perl modules
modules=(SOAP::Lite SOAP::Transport::HTTP DBI DBD::mysql Format::Human::Bytes Sys::Syslog File::Basename Net::CIDR::Lite DateTime Getopt::Std Switch IO::Socket::SSL MIME::Base64 Crypt::X509 Carp)
# read input
while getopts "d:k:c:a:Vh" options; do
case $options in
d ) prefix=$OPTARG;;
k ) key=$OPTARG;;
c ) cert=$OPTARG;;
a ) ca_file=$OPTARG;;
h ) usage;;
V ) version;;
* ) usage;;
esac
done
# root test
root_chck
# params test
params_chck
# create variables
dirname=`dirname $0`
hostname=`hostname -f`
key_file=`basename $key`
cert_file=`basename $cert`
package_version=`cat ${dirname}/warden-server/etc/package_version`
[[ $prefix == */ ]] && prefix="${prefix%?}" # remove last char (slash) from prefix
server_path="${prefix}/warden-server"
bin="${server_path}/bin"
local_bin="/usr/local/bin"
etc="${server_path}/etc"
client_conf="${etc}/warden-client.conf"
server_conf="${etc}/warden-server.conf"
apache_conf="${etc}/warden-apache.conf"
var="${server_path}/var"
lib="${server_path}/lib"
doc="${server_path}/doc"
err="/tmp/warden-err"
# check if warden-server is installed
old_package_chck
echo
echo "------------------------- Dependencies check-in -------------------------"
# Perl interpreter test
perl_chck
# Perl modules test
modules_chck
echo
echo "------------------------- Installation process --------------------------"
# make warden client directory
make_warden_dir
# create client configuration file
make_client_conf
# create server configuration file
make_server_conf
# create Apache configuration file
make_apache_conf
#update paths in utilities
changeServerPath
# crate symlinks from warden server bin directory to /usr/local/bin
create_symlinks
echo
echo "Please check configuration files:"
echo " - ${client_conf}"
echo " - ${server_conf}"
echo " - ${apache_conf}"
echo
echo "Warden server directory: $server_path"
echo
echo "Please follow post-installation steps in ${doc}/INSTALL!"
echo
echo "Installation of $package_version package was SUCCESSFUL!!!"
echo
# cleanup section
rm -rf $err
exit 0