Skip to content
Snippets Groups Projects

Compare revisions

Changes are shown as if the source revision was being merged into the target revision. Learn more about comparing revisions.

Source

Select target project
No results found

Target

Select target project
  • Pavel.Valach/warden
1 result
Show changes
Hide whitespace changes
Inline Side-by-side
Showing
with 0 additions and 2625 deletions
src/warden-client/doc/README deleted 100644 → 0
View file @ acad04cb
+----------------------------+
| README - Warden Client 2.1 |
+----------------------------+
Content
A. Overall Information
B. Installation Dependencies
C. Installation
D. Update
E. Uninstallation
F. Configuration
G. Registration
H. Integration with Local Applications
I. Functions, Arguments and Calls
--------------------------------------------------------------------------------
A. Overall Information
1. About Warden Client
Warden is a client-based architecture service designed to share detected
security events (issues) among CSIRT and CERT teams in a simple and fast
way.
This package offers a client capable of both reporting events to server and
retreiving batch of new events from server. It consists of several Perl
modules/libraries which should be included into detection applications.
2. Version
2.1 (2012-11-05)
3. Package structure
warden-client/
doc/
CHANGELOG
example-sender.pl.txt
example-receiver.pl.txt
INSTALL
LICENSE
README
README.cesnet
etc/
warden-client.conf
package_version
lib/
WardenClientConf.pm
WardenClientSend.pm
WardenClientReceive.pm
WardenClientCommon.pm
var/
--------------------------------------------------------------------------------
B. Installation Dependencies
Perl >= 5.10.1
SOAP::Lite >= 0.712
IO::Socket::SSL >= 1.74
SOAP::Transport::HTTP >= 0.712
FindBin >= 1.50
DateTime >= 0.61
Carp >= 1.11
--------------------------------------------------------------------------------
C. Installation (First installation of the Warden client package)
1. Check SHA1 checksum of corresponding Warden client package archive
$ sha1sum -c warden-client-2.1.tar.gz.sig
2. Untar it
$ tar xzvf warden-client-2.1.tar.gz
3. Run install.sh
Default destination directory is /opt/warden-client/
For more information about install.sh options run install.sh -h
You must be root for running this script.
4. Installation Privileges
The Warden client is designed to be run under standard privileges. It should
be a part of other applications that are run under usual user privileges.
However, the Warden client uses SSL certificates for security purposes which
are often not accessible by standard users.
Install script does check the accessibility of SSL certificates to
provided user. If these files are restricted, the install script will raise
a warning. However this will not stop the install process. Either privileges
to read them must be changed or Warden client must be run under root.
Of course, after installation of Warden client, SSL certificates may also be
copied to another location accessible by the user and corresponding paths
changed in warden-client/etc/warden-client.conf.
5. Configuration file
After successful installation process you are advised to check configuration
file warden-client/etc/warden-client.conf. For more information see section
below F. Configuration.
6. Usage of install.sh
Usage: install.sh [-d <directory>] [-u <user>] [-k <ssl_key_file>]
[-c <ssl_cert_file>] [-a <ssl_ca_file>] [-hV]
-d <directory> installation directory (default: /opt)
-u <user> owner of warden client package (user for
running detection scripts)
-k <ssl_key_file> SSL certificate key file path
-c <ssl_cert_file> SSL certificate file path
-a <ssl_ca_file> CA certificate file path
-h print this help
-V print script version number and exit
Example: # ./install.sh -d /opt -u detector -k /etc/ssl/private/client.key
-c /etc/ssl/certs/client.pem -a /etc/ssl/certs"
--------------------------------------------------------------------------------
D. Update (Update of previously installed the Warden client package)
1. Check SHA1 checksum of corresponding the Warden client package archive
$ sha1sum -c warden-client-2.0.tar.gz.sig
2. Untar it
$ tar xzvf warden-client-2.0.tar.gz
3. Run update.sh
Default destination directory is /opt/warden-client/
For more information about update.sh options run update.sh -h
You must be root for running this script.
4. Configuration file
After successful update process you are advised to check configuration
file warden-client/etc/warden-client.conf. For more information see section
F. Configuration.
5. Usage of update.sh
Usage: update.sh [-d <directory>] [-hV]
-d <directory> destination directory (default: /opt)
-h print this help
-V print script version number and exit
Example: # ./update.sh -d /opt
Note: You must be root for running this script.
--------------------------------------------------------------------------------
E. Uninstallation
1. Run uninstall.sh
The script is located in warden-client package directory.
Default uninstallation directory is /opt/warden-client/.
For more information about uninstall.sh options, run uninstall.sh -h.
You must be root for running this script.
2. Usage of uninstall.sh
Usage: uninstall.sh [-d <directory>] [-hV]
-d <directory> uninstallation directory (default: /opt)
-h print this help
-V print script version number and exit
Example: # ./uninstall.sh -d /opt
Note: You must be root for running this script.
--------------------------------------------------------------------------------
F. Configuration
SOAP protocol is used for handling communication between server and clients.
Therefore, correct URI of the Warden server must be set.
Authentication of clients and server is performed using client and server
SSL certificates. Both clients and server must have valid certificate.
Configuration file contains following parameters:
URI - URI of the Warden server
e.g. 'https://mywarden.server.com:443/Warden'
SSL_KEY_FILE - path to a host key file,
e.g. '/opt/warden-client/etc/mywarden.server.com.key'
SSL_CERT_FILE - path to a host certificate file,
e.g. '/opt/warden-client/etc/mywarden.server.com.pem'
SSL_CA_FILE - path to a CA file
e.g. '/etc/ssl/certs/tcs-ca-bundle.pem'
Client receives events in batches. Maximum number of events received in one
batch can is set in MAX_RCV_EVENTS_LIMIT. Note that this option only
affects clients that receives events from the Warden server (e.g., uses
lib/WardenClientReceive.pm module).
MAX_RCV_EVENTS_LIMIT - maximum number of events in one batch
- default set to 6000, which generates app. 250 MB
of memory consumption.
- only affects "receiving" clients
Note: server is queried for the MAX_RCV_EVENTS_LIMIT number of events,
however server can have its own internal maximum size of batch. Contact
your Warden server administrator if you need to know Warden server batch
limits.
Since Warden client 2.1 there is also possibility to log status and other
information either to STDERR of Syslog.
LOG_STDERR - if set to 1 (default), all status information and
possible error will be printed to STDERR
- to disable, set LOG_STDERR to 0
LOG_SYSLOG - if set to 1, all status information and possible
errors will be reported to Syslog
- default is 0, which means that reporting to Syslog
is disabled
LOG_SYSLOG_FACILITY - facility to use when logging via Syslog
- deafult is "local7"
LOG_VERBOSE - when set to 1, also debug information (such as stack
dump) will be printed when logging.
- default is 0, which means that verbose mode is
disabled
--------------------------------------------------------------------------------
G. Registration
Any client attempting to communicate with the Warden server must be
registered on this server. Unknown (not registered) clients are not allowed
to exchange any data with server.
Registration of your client is provided by the Warden server administrator.
Usually via e-mail.
Clients also need to have valid client SSL certificates to prove their
identity to the Warden server.
Each client is defined by its hostname, service name, type of client, type
of requested events, receiving of own events, description tags and CIDR
this client is allowed to communicate from.
Hostname hostname of client to be registered
Service name Text string. Unique name of the service the client
is integrated in.
E.g. 'ScanDetector_1.0'. This is mandatory for
'Sender' client. Default value null is used for
'Receiver' client.
Type of client Either 'Sender' or 'Receiver'.
Type of requested events Type of events the client only accepts from
the Warden server. This is mandatory only for
'Receiver' client. Default value null is used
for 'Sender' client. Brief information about
event types is provided in section I. Functions
arguments and calls.
Receiving of own events Enables receiving of events sent from your
organization domain = yes/no (organizations are
separated based on the top-level and
second-level domain). This is mandatory only
for 'Receiver' client.
Description tags Tags are case insensitive alphanumeric strings
designed to allow event receivers to filter
according to event source. For example,
receiver can decide to use only events
originating from honeypots or filter out events
generated manually by users. This is mandatory
for 'Sender' client.
CIDR CIDR stands for IP (sub)net the client is going
to communicate from (see examples below!). Any
communications between the client and the Warden
server must be performed from IP address from
a range stated in CIDR.
Examples: '123.123.0.0/16', '123.123.123.123/32'
For complete information about client attributes and/or event types you will
have to contact particular Warden server administrator/provider.
--------------------------------------------------------------------------------
H. Integration with Local Applications
(Note: Clients need to be registered on server to be able to communicate with
server properly. See section G. Registration for more information about
client registration.)
1. Client sender (this type of client reports events to the Warden server)
Client is included as a Perl module (WardenClientSend.pm) into Perl code of
local detection application.
See warden-client/doc/example-sender.pl.txt for example how to use
the Warden client sender.
Brief information about syntax of sending functions and functionality is
provided in section I. Functions, Arguments and Calls.
2. Client receiver (this type of clients downloads events from the Warden
server)
Client is included as a Perl module (WardenClientReceive.pm)
into Perl code of local 'reaction' application or may be used as core of
standalone local application.
See warden-client/doc/example-receiver.pl.txt for example how to use
the Warden client receiver.
Brief information about syntax of receiving functions is provided in
section I. Functions, Arguments and Calls.
--------------------------------------------------------------------------------
I. Functions, Arguments and Calls
1. WardenClientSend::saveNewEvent
A function to report one event to the Warden server. See example 'Sender'
client in warden-client/doc/example-sender.pl.txt
Function call (Perl):
# Path to warden-client folder
$warden_path = '/opt/warden-client';
# Inclusion of the Warden client sender module
require $warden_path . '/lib/WardenClientSend.pm';
# Sending event to the Warden server
WardenClientSend::saveNewEvent($warden_path, \@event);
Event array is defined as (Perl):
@event = ($service, $detected, $type, $source_type, $source, $target_proto,
$target_port, $attack_scale, $note, $priority, $timeout );
Event array attributes with example value and explanation on the right
(Perl):
# SERVICE - VARCHAR (64)
# Name of a service detecting this event. Service must be the same with this
# provided in 'Sender' client registration. See more about this issue in
# section G. Registration.
$service = "ScanDetector";
# DETECTED - TIMESTAMP in UTC, ISO 8601
# Date and time when was event detected.
$detected = "2011-07-16T19:20:30.45";
# TYPE - VARCHAR (64)
# Type of reported event. Currently supported values are:
# darkspace - access into honeypot segment
# portscan - scannig of TCP/UDP ports
# bruteforce - bruteforce/dictionary attack against authentication
# service(s)
# probe - other connection attempts (for example ICMP) or
# unrecognized/undecided portscan or bruteforce
# spam - unsolicited e-mail that does not have phishing-like
# character
# phishing - e-mail attempting to gather sensitive data
# botnet_c_c - command and control center of botnet
# dos - (distributed) denial of service attack
# malware - virus sample
# copyright - copyright infringement issue
# webattack - attack against web application
# other - anything that does not match any of previous categories
$type = "portscan";
# SOURCE_TYPE - VARCHAR 64
# Type of source of reported attack/issue. Currently supported values are:
# 'IP', 'URL', 'Reply-To:'
$source_type = "IP";
# SOURCE - VARCHAR 256
# Identification of an attack source/origin according to source_type.
$source = "123.123.123.123";
# TARGET_PROTO - VARCHAR 16
# Protocol type of reported attack/issue target. Supported are all L3 and L4
# protocols or 'undef'.
$target_proto = "TCP";
# TARGET_PORT - INT 2
# Port number of reported attack/issue target or 'undef'.
$target_port = "22";
# ATTACK_SCALE - INT 4
# Definition of attack scale, e.g., number of affected targets. 'undef' is also
# possible when attack scale is not known or clear enough.
$attack_scale = "1234567890";
# NOTE - TEXT
# Some important(!) note, comment or 'undef'. Also, it may contain virus
# sample, phishing e-mail with headers and other accordingly to event type.
$note = "this threat is dangerous";
# PRIORITY - INT 1
# Subjective definition of incident severity. Values 0-255 are
# possible where 0 is the lowest priority or 'undef'.
$priority = "1";
# TIMEOUT - INT 2
# Subjective time (in minutes) or 'undef'. After this time event might be
# considered timeouted.
$timeout = "20";
The return value of function SaveNewEvent is 1 when an event was
successfully received by the Warden server. Otherwise, the return value
is 0.
2. WardenClientReceive::getNewEvents
A function to download batch of events from the Warden server. Received
events are stored in @events array. See example 'Receiver' client in
warden-client/doc/example-receiver.pl.txt
Function call (perl):
# Path to warden-client directory
my $warden_path = '/opt/warden-client';
# Inclusion of warden-client receiving functionality
require $warden_path . '/lib/WardenClientReceive.pm';
# Definition of requested event type. Type must be the same with this
# provided in 'Receiver' client registration. See more about this issue in
# section G. Registration. See more about event types in section
# I. 1. WardenClientSend::saveNewEvent
$requested_type = "botnet_c_c";
# Download batch of new events from the Warden server
@new_events = WardenClientReceive::getNewEvents($warden_path,
$requested_type);
Structure of each received event in the event array equals to those
explained in section I. 1. WardenClientSend::saveNewEvent. It has one
additional attribute ID - unique id of this particular event (BIGINT).
Amount of events received in each batch equals to MAX_RCV_EVENTS_LIMIT
value set in warden-client/etc/warden-client.conf. For more information see
section F. Configuration.
--------------------------------------------------------------------------------
Copyright (C) 2011-2012 Cesnet z.s.p.o
src/warden-client/doc/README.cesnet deleted 100644 → 0
View file @ acad04cb
+-----------------------------------+
| README.cesnet - Warden Client 2.1 |
| |
| CESNET Specifics |
+-----------------------------------+
Content
A. Overall Information
B. Registration
C. Description tags
D. Types of events
E. Configuration
F. Testing
G. Authors of this document
--------------------------------------------------------------------------------
A. Overall Information
1. About CESNET Warden Server
Warden is a client-based architecture service designed to share detected
security events (issues) among CSIRT and CERT teams in a simple and fast way.
CESNET offers Warden server for security events exchange within its networks.
2. Version
2.1 (2012-10-18)
--------------------------------------------------------------------------------
B. Registration
Client attempting to communicate with CESNET Warden server must be
registered. Registration is currently provided by Tomas Plesnik at
mail address plesnik@ics.muni.cz and following information is needed:
* For sender client:
- hostname of the machine, where client runs,
- client type = sender,
- name of the detection service (for example 'ScanDetector'),
- description tags of sent events (see below)
- CIDR from which client will communicate with Warden server.
* For receiver client:
- hostname of the machine, where client runs,
- client type = receiver,
- whether client should receive all events, or type of requested
events (for example 'portscan', see below) otherwise
- receiving of sent events from my organization = yes/no (organizations
are separated based on the top-level and second-level domain),
- CIDR from which client will communicate with Warden server.
Clients need to have valid certificate to prove their identity to the
Warden server. For CESNET network, 'server' type certificate from Terena
Certificate Service (provided by Comodo) is needed. Hostname of the
machine must correspond with certificate subject, Alternative Name
extension is not supported. Administrator of Warden client must be
entitled to obtain this certificate. CESNET TCS request service
interface resides at
https://tcs.cesnet.cz/
--------------------------------------------------------------------------------
C. Description tags
Tags are case insensitive alphanumeric strings, designed to allow event
receivers to do more general filtering according to event source. Receiver
can for example decide to use only events originating at honeypots, or
filter out events, generated by human conclusions or correlation engines.
Sender client specifies its descriptive tags during registration, it is
up to client administrator's judgment to select or omit any particular tag.
Currently tags fall into four general categories - based on event medium,
data source, detection methodology and detector or analyzer product name.
Product name tag is free to choose if same product name was not yet
accepted by registrar, otherwise existing form must be used (registrar will
notify about such cases).
Categories list is certainly not complete. Therefore if new client's
administrator feels that name or type of important feature of his (or
others) detector is not covered, providers of Warden server are glad to
discuss it at registration address or at Warden project mailing list
(warden@cesnet.cz).
However, it may or may not be accepted, as aim is to keep the list of
categories possibly unambiguous, short and usable.
Following is grouped list of tags together with closer description and
examples.
1. Detection medium
* Network - network data based (Snort, Suricata, Bro, FTAS, LaBrea, Kippo,
Dionaea)
* Host - host based (Swatch, Logcheck)
* Correlation - corellation engines (Prelude, OSSIM)
* External - credible external sources (incident reporting, ticket
systems, human verified events)
2. Data source
* Content - datagram content based detectors (Snort, Bro)
* Flow - netflow based (FTAS, FlowMon, HoneyScan)
* Connection - connection data (portscan, portsweep)
* Data - application data based (SpamAssassin, antiviruses)
* Log - based on system logs, where more specific source is not
applicable (Swatch, Logcheck, SSH scans)
* IR - incident reporting, ticket systems, human verified events
3. Detection methodology
* Honeypot (LaBrea, Kippo, Dionaea)
* Antispam (SpamAssassin, Bogofilter, CRM114, Policyd, greylisting)
* Antivirus (ClamAV)
* IDS - IDS/IPS, Snort, Suricata, Bro
4. Detector/analyzer product name examples
* Snort, FTAS, SpamAssassin, LaBrea, Swatch, Prelude, Kippo, Dionaea
--------------------------------------------------------------------------------
D. Types of events
Event types purpose is to allow event receivers to filter and/or categorise
particular events according to attack characteristics. Types are loosely
chosen as list of common security incidents nowadays observed. List is by no
means complete, however it was created based on expected use cases at
receiving places. Possibility of a new type is also open to discussion.
* portscan - TCP/UDP port scanning/sweeping
* bruteforce - dictionary/bruteforce attack to services authentication
* probe - other connection attempts (for example ICMP) or
unrecognized/undecided portscan or bruteforce
* spam - unsolicited commercial email (except phishing)
* phishing - email, trying to scam user to revealing personal information
(possibly by some other channel)
* botnet_c_c - botnet command & control master machine
* dos - (possibly distributed) denial of service attack
* malware - virus/malware sample
* copyright - copyright infringement
* webattack - web application attack
* test - clients can use these at will when debugging/testing, these
messages will be processed and stored, but ignored later
* other - the rest, uncategorizable yet
In case of complex scenarios with structured info more events with
particular parts of information can be created.
--------------------------------------------------------------------------------
E. Configuration
CESNET Warden server resides at URI 'https://warden.cesnet.cz:443/Warden'.
--------------------------------------------------------------------------------
F. Testing
For testing purposes of sender clients, event type 'test' can be used.
These events will end up in server database, but will not be taken
further into consideration.
--------------------------------------------------------------------------------
G. Authors of this document
Pavel Kacha <ph@cesnet.cz>
Jan Soukal <soukal@ics.muni.cz>
Copyright (C) 2011-2012 Cesnet z.s.p.o
src/warden-client/doc/example-receiver.pl.txt deleted 100755 → 0
View file @ acad04cb
#!/usr/bin/perl -w
#
# Copyright (C) 2011-2012 Cesnet z.s.p.o
#
# Use of this source is governed by a BSD-style license, see LICENSE file.
use strict;
#------------------------------------------------------------------------------
# Warden 2.1 Client, Receiver, Example
#
# Simple use of warden-client receiver functionality to download new events
# from # Warden server. This code illustrates how to integrate warden-client
# receive functionality into local applications.
#------------------------------------------------------------------------------
#------------------------------------------------------------------------------
# This code should developer add into his/her application.
# Path to warden-client directory
my $warden_path = '/opt/warden-client/';
# Inclusion of warden-client receiving functionality
require $warden_path . '/lib/WardenClientReceive.pm';
# Definition of requested event type. This attributes is also set on server
# and must not change.
my $requested_type = "portscan";
#------------------------------------------------------------------------------
# Simple code that prints out new events obtained from Warden server.
print "+------------------------------------------------------------------------------------------------------------------------------------------+\n";
print "| id | hostname | service | detected | type | source_type | source | target_proto | target_port | attack_scale | note | priority | timeout |\n";
print "+------------------------------------------------------------------------------------------------------------------------------------------+\n";
# Download of new evetns from Warden server
while (my @new_events = WardenClientReceive::getNewEvents($warden_path, $requested_type)) {
foreach my $event_ref (@new_events) {
my @event = @$event_ref;
print "| " . join(' | ', @event) . " |" . "\n";
}
print "+------------------------------------------------------------------------------------------------------------------------------------------+\n";
}
print "+------------------------------------------------------------------------------------------------------------------------------------------+";
print "\n";
print "Last events in: " . scalar(localtime(time)) . "\n";
exit 0;
src/warden-client/doc/example-sender.pl.txt deleted 100755 → 0
View file @ acad04cb
#!/usr/bin/perl -w
#
# Copyright (C) 2011-2012 Cesnet z.s.p.o
#
# Use of this source is governed by a BSD-style license, see LICENSE file.
use strict;
use DateTime;
#-------------------------------------------------------------------------------
# Warden 2.1. Client, Sender, Example
#
# Sample script using warden-client sending functionality. This example is not
# intended to be a standalone script. It only shows how to use warden-client
# functionality.
#-------------------------------------------------------------------------------
#-------------------------------------------------------------------------------
# Preparation of event attributes.
# This should be handled by detection application.
my $local_detected = DateTime->from_epoch(epoch => time());
my $service = "ScanDetector";
my $detected = "$local_detected";
my $type = "portscan";
my $source_type = "IP";
my $source = "123.123.123.123";
my $target_proto = "TCP";
my $target_port = "22";
my $attack_scale = "1234567890";
my $note = "important note or comment";
my $priority = undef;
my $timeout = "20";
my @event = ($service, $detected, $type, $source_type, $source,
$target_proto, $target_port, $attack_scale, $note,
$priority, $timeout );
#-------------------------------------------------------------------------------
# Use of warden-client sender.
# This code should developer add to his/her detection application
# (with corresponding paths appropriately changed).
# Path to warden-client folder
my $warden_path = '/opt/warden-client';
# Inclusion of warden-client sender module
require $warden_path . '/lib/WardenClientSend.pm';
# Sending event to Warden server
WardenClientSend::saveNewEvent($warden_path, \@event);
exit 0;
src/warden-client/etc/package_version deleted 100644 → 0
View file @ acad04cb
warden-client-2.1
src/warden-client/etc/warden-client.conf deleted 100644 → 0
View file @ acad04cb
#
# warden-client.conf - configuration file for the warden sender/receiver client
#
#-------------------------------------------------------------------------------
# URI - URI address of Warden server
#-------------------------------------------------------------------------------
$URI = "https://warden-dev.cesnet.cz:443/Warden";
#-------------------------------------------------------------------------------
# SSL_KEY_FILE - path to client SSL certificate key file
#-------------------------------------------------------------------------------
$SSL_KEY_FILE = "/opt/warden-client/etc/warden-dev.cesnet.cz.key";
#-------------------------------------------------------------------------------
# SSL_CERT_FILE - path to client SSL certificate file
#-------------------------------------------------------------------------------
$SSL_CERT_FILE = "/opt/warden-client/etc/warden-dev.cesnet.cz.pem";
#-------------------------------------------------------------------------------
# SSL_CA_FILE - path to CA certificate file
#-------------------------------------------------------------------------------
$SSL_CA_FILE = "/etc/ssl/certs/tcs-ca-bundle.pem";
#-------------------------------------------------------------------------------
# MAX_RCV_EVENTS_LIMIT - maximum number of events the client is allowd to get
# from the Warden server in one batch
#-------------------------------------------------------------------------------
$MAX_RCV_EVENTS_LIMIT = 6000; #consumes app. 250 MB of memory
#-------------------------------------------------------------------------------
# Log options
#
# LOG_STDERR, LOG_SYSLOG - hide (0) or allow (1) error reporting on STDERR
# and/or to Syslog
# LOG_STDERR_VERBOSE, LOG_SYSLOG_VERBOSE - print only error message without
# a stack (0) or print debug info
# including err. message and stack (1)
#-------------------------------------------------------------------------------
$LOG_STDERR = 1;
$LOG_SYSLOG = 1;
$LOG_SYSLOG_FACILITY = "local7";
$LOG_VERBOSE = 0;
1;
\ No newline at end of file
src/warden-client/lib/WardenClientCommon.pm deleted 100755 → 0
View file @ acad04cb
#!/usr/bin/perl -w
#
# WardenClientCommon.pm
#
# Copyright (C) 2011-2012 Cesnet z.s.p.o
#
# Use of this source is governed by a BSD-style license, see LICENSE file.
package WardenClientCommon;
use strict;
use Carp;
use SOAP::Lite;
use IO::Socket::SSL qw(debug1);
use SOAP::Transport::HTTP;
our $VERSION = "2.1";
#-------------------------------------------------------------------------------
# errMsg - print error message and die
#-------------------------------------------------------------------------------
sub errMsg
{
my $msg = shift;
if ($WardenClientConf::LOG_VERBOSE) { # user wants to log debug information
$msg .= "\nStack info: " . Carp::longmess();
}
die($msg . "\n");
} # End of errMsg
#-------------------------------------------------------------------------------
# c2s - connect to server, send request and receive response
#-------------------------------------------------------------------------------
sub c2s
{
my $uri = shift;
my $ssl_key_file = shift;
my $ssl_cert_file = shift;
my $ssl_ca_file = shift;
my $method = shift;
my $data = shift;
my $client;
my ($server, $port, $service) = $uri =~ /https:\/\/(.+)\:(\d+)\/(.+)/;
if (!($client = SOAP::Transport::HTTP::Client->new())) {
errMsg("Unable to create socket: " . &SOAP::Transport::HTTP::Client::errstr)
}
$client->timeout(10);
$client->ssl_opts(verify_hostname => 1,
SSL_use_cert => 1,
SSL_verify_mode => 0x02,
SSL_key_file => $ssl_key_file,
SSL_cert_file => $ssl_cert_file,
SSL_ca_file => $ssl_ca_file);
# setting of URI and serialize SOAP envelope and data object
my $soap = SOAP::Lite->uri($service)->proxy($uri);
my $envelope;
if (!defined $data) {
$envelope = $soap->serializer->envelope(method => $method);
} else {
$envelope = $soap->serializer->envelope(method => $method, $data);
}
# setting of TCP URI and send serialized SOAP envelope and data
my $server_uri = "https://$server:$port/$service";
my $result = $client->send_receive(envelope => $envelope, endpoint => $server_uri);
# check server response
if (!defined $result) {
errMsg("Server returned empty response. Problem with used SSL ceritificates or Warden server at $server:$port is down.");
} else {
# deserialized response from server -> create SOAP envelope and data object
my $response;
eval {
$response = $soap->deserializer->deserialize($result);
} or errMsg($@ . "Received data: " . $result);
# check SOAP fault status
$response->fault ? errMsg("Server sent error message:: " . $response->faultstring) : return $response;
}
}
src/warden-client/lib/WardenClientConf.pm deleted 100755 → 0
View file @ acad04cb
#!/usr/bin/perl -w
#
# WardenClientConf.pm
#
# Copyright (C) 2011-2012 Cesnet z.s.p.o
#
# Use of this source is governed by a BSD-style license, see LICENSE file.
package WardenClientConf;
use strict;
# preset of default variables
our $URI = undef;
our $SSL_KEY_FILE = undef;
our $SSL_CERT_FILE = undef;
our $SSL_CA_FILE = undef;
our $MAX_RCV_EVENTS_LIMIT = undef;
our $LOG_STDERR = 1;
our $LOG_SYSLOG = 0;
our $LOG_SYSLOG_FACILITY = "local7";
our $LOG_VERBOSE = 0;
our $VERSION = "2.1";
sub loadConf
{
my $conf_file = shift;
# load configuration variables set by user
unless (do $conf_file) {
die("Errors in config file '$conf_file': $@") if $@;
die("Can't read config file '$conf_file': $!") unless defined $_;
# if $_ defined, it's retvalue of last statement of conf, for which we don't care
}
}
1;
src/warden-client/lib/WardenClientReceive.pm deleted 100755 → 0
View file @ acad04cb
#!/usr/bin/perl -w
#
# WardenClientReceive.pm
#
# Copyright (C) 2011-2012 Cesnet z.s.p.o
#
# Use of this source is governed by a BSD-style license, see LICENSE file.
package WardenClientReceive;
use strict;
use SOAP::Lite;
use IO::Socket::SSL qw(debug1);
use SOAP::Transport::HTTP;
use FindBin;
use Sys::Syslog;
our $VERSION = "2.1";
#-------------------------------------------------------------------------------
# getNewEvents - get new events from warden server greater than last received ID
#-------------------------------------------------------------------------------
sub getNewEvents
{
my @events;
eval {
my $warden_path = shift;
my $requested_type = shift;
my $vardir = $warden_path . "/var/";
my $etcdir = $warden_path . "/etc/";
my $libdir = $warden_path . "/lib/";
require $libdir . "WardenClientConf.pm";
require $libdir . "WardenClientCommon.pm";
# read the config file
my $conf_file = $etcdir . "warden-client.conf";
WardenClientConf::loadConf($conf_file);
# set name of ID file for each client aplication
my $caller_name = $FindBin::Script;
my $id_file = $vardir . $caller_name . ".id";
#-----------------------------------------------------------------------------
# get last ID from ID file (if exist) or
# get last ID from warden server DB and save it into ID file
my $last_id;
if (-e $id_file) {
open(ID, "< $id_file") || WardenClientCommon::errMsg("Cannot open ID file $id_file: $!");
foreach(<ID>) {
$last_id = $_;
}
close ID;
} else {
my $response = WardenClientCommon::c2s($WardenClientConf::URI, $WardenClientConf::SSL_KEY_FILE, $WardenClientConf::SSL_CERT_FILE, $WardenClientConf::SSL_CA_FILE, "getLastId");
$last_id = $response->result;
open(ID, "> $id_file") || WardenClientCommon::errMsg("Cannot open ID file $id_file: $!");
print ID $last_id;
close ID;
}
#-----------------------------------------------------------------------------
# get new events from warden server DB based on gathered last ID
# create SOAP data obejct
my $request_data = SOAP::Data->name(
request => \SOAP::Data->value(
SOAP::Data->name(REQUESTED_TYPE => $requested_type),
SOAP::Data->name(LAST_ID => $last_id),
SOAP::Data->name(MAX_RCV_EVENTS_LIMIT => $WardenClientConf::MAX_RCV_EVENTS_LIMIT)
)
);
# call server method getNewEvents
my $response = WardenClientCommon::c2s($WardenClientConf::URI, $WardenClientConf::SSL_KEY_FILE, $WardenClientConf::SSL_CERT_FILE, $WardenClientConf::SSL_CA_FILE, "getNewEvents", $request_data);
# parse returned SOAP data object
my ($id, $hostname, $service, $detected, $type, $source_type, $source, $target_proto, $target_port, $attack_scale, $note, $priority, $timeout);
my @response_list = $response->valueof('/Envelope/Body/getNewEventsResponse/event/');
while (scalar @response_list) {
my $response_data = shift(@response_list);
my @event;
# parse items of one event
$id = $response_data->{'ID'};
$hostname = $response_data->{'HOSTNAME'};
$service = $response_data->{'SERVICE'};
$detected = $response_data->{'DETECTED'};
$type = $response_data->{'TYPE'};
$source_type = $response_data->{'SOURCE_TYPE'};
$source = $response_data->{'SOURCE'};
$target_proto = $response_data->{'TARGET_PROTO'};
$target_port = $response_data->{'TARGET_PORT'};
$attack_scale = $response_data->{'ATTACK_SCALE'};
$note = $response_data->{'NOTE'};
$priority = $response_data->{'PRIORITY'};
$timeout = $response_data->{'TIMEOUT'};
# push new event from warden server into @events which is returned
@event = ($id, $hostname, $service, $detected, $type, $source_type, $source, $target_proto, $target_port, $attack_scale, $note, $priority, $timeout);
push (@events, \@event);
# set maximum received ID from current batch
if ($id > $last_id) {
$last_id = $id;
}
} #end of while loop
# write last return ID
if (defined $last_id) { # must be defined for first check ID
open(ID, "> $id_file") || WardenClientCommon::errMsg("Cannot open ID file $id_file: $!");
print ID $last_id;
close ID;
}
} # End of eval block
or do {
if ($WardenClientConf::LOG_STDERR) {
print STDERR $@ . "\n";
}
if ($WardenClientConf::LOG_SYSLOG) {
openlog("Warden:", "pid", "WardenClientConf::LOG_SYSLOG_FACILITY");
syslog("err|WardenClientConf::LOG_SYSLOG_FACILITY", $@ . "\n");
closelog();
}
return;
};
return @events;
} # End of getNewEvents
1;
src/warden-client/lib/WardenClientSend.pm deleted 100755 → 0
View file @ acad04cb
#!/usr/bin/perl -w
#
# WardenClientSend.pm
#
# Copyright (C) 2011-2012 Cesnet z.s.p.o
#
# Use of this source is governed by a BSD-style license, see LICENSE file.
package WardenClientSend;
use strict;
use SOAP::Lite;
use IO::Socket::SSL qw(debug1);
use SOAP::Transport::HTTP;
use Sys::Syslog;
our $VERSION = "2.1";
#-------------------------------------------------------------------------------
# saveNewEvent - send new event from detection scripts to warden server
#-------------------------------------------------------------------------------
sub saveNewEvent
{
my $result;
eval {
my $warden_path = shift;
my $event_ref = shift;
my $etcdir = $warden_path . "/etc/";
my $libdir = $warden_path . "/lib/";
require $libdir . "WardenClientConf.pm";
require $libdir . "WardenClientCommon.pm";
# read the config file
my $conf_file = $etcdir . "warden-client.conf";
WardenClientConf::loadConf($conf_file);
# prepare variables of event
my @event = @{$event_ref};
my $service = $event[0];
my $detected = $event[1];
my $type = $event[2];
my $source_type = $event[3];
my $source = $event[4];
my $target_proto = $event[5];
my $target_port = $event[6];
my $attack_scale = $event[7];
my $note = $event[8];
my $priority = $event[9];
my $timeout = $event[10];
# create SOAP data object
my $event = SOAP::Data->name(
event => \SOAP::Data->value(
SOAP::Data->name(SERVICE => $service),
SOAP::Data->name(DETECTED => $detected),
SOAP::Data->name(TYPE => $type),
SOAP::Data->name(SOURCE_TYPE => $source_type),
SOAP::Data->name(SOURCE => $source),
SOAP::Data->name(TARGET_PROTO => $target_proto),
SOAP::Data->name(TARGET_PORT => $target_port),
SOAP::Data->name(ATTACK_SCALE => $attack_scale),
SOAP::Data->name(NOTE => $note),
SOAP::Data->name(PRIORITY => $priority),
SOAP::Data->name(TIMEOUT => $timeout)
)
);
$result = WardenClientCommon::c2s($WardenClientConf::URI, $WardenClientConf::SSL_KEY_FILE, $WardenClientConf::SSL_CERT_FILE, $WardenClientConf::SSL_CA_FILE, "saveNewEvent", $event);
} # End of eval block
or do {
if ($WardenClientConf::LOG_STDERR) {
print STDERR $@ . "\n";
}
if ($WardenClientConf::LOG_SYSLOG) {
openlog("Warden-client:", "pid", "$WardenClientConf::LOG_SYSLOG_FACILITY");
syslog("err|$WardenClientConf::LOG_SYSLOG_FACILITY", $@ . "\n");
closelog();
}
return 0;
};
$result ? return 1 : return 0;
} # End of saveNewEvent
1;
src/warden-client/lib/WardenClientSend.t deleted 100644 → 0
View file @ acad04cb
#!/usr/bin/perl
use strict;
use warnings;
use Test::More tests => 2;
use lib '..';
use WardenClientSend;
my $uri_ok = 'https://warden-dev.cesnet.cz:443/Warden';
my $ssl_key_file_ok = '/opt/warden-client/etc/warden-dev.cesnet.cz.key';
my $ssl_cert_file_ok = '/opt/warden-client/etc/warden-dev.cesnet.cz.pem';
my $ssl_ca_file_ok = '/opt/warden-client/etc/tcs-ca-meta-bundle.pem';
my $method_ok = 'saveNewEvent';
my $data_ok = '';
my $warden_path_ok = '/opt/warden-client';
my $warden_path_fail = '/path/to/fail';
my @event_ok = ("honeyscan", "1234567890", "portscan","IP", "123.123.123.123", "TCP", "22", "1234567890", "important note or comment", "null", "20");
my @vent_ok = ('HoneyScan', '2012-09-01T23:02:48', 'webattackReply-To:', '170.96.48.164', 'UDP', '44392354', 'tohle je takova normalni jednoducha poznamka', '180187');
my $ret;
#my ($ret) = WardenClientSend::c2s($uri_ok, $ssl_key_file_ok, $ssl_cert_file_ok, $ssl_ca_file_ok, $method_ok, $data_ok);
#ok ($ret == 1, 'Everything is fine!');
$ret = WardenClientSend::saveNewEvent($warden_path_fail,\@event_ok);
ok ($ret == 0, 'Bad Warden path!');
$ret = WardenClientSend::saveNewEvent($warden_path_ok,\@event_ok);
ok ($ret == 1, 'Everything is fine.');
src/warden-client/sh/install.sh deleted 100755 → 0
View file @ acad04cb
#!/bin/bash
#
# install.sh
#
# Copyright (C) 2011-2012 Cesnet z.s.p.o
#
# Use of this source is governed by a BSD-style license, see LICENSE file.
VERSION="2.1"
#-------------------------------------------------------------------------------
# FUNCTIONS
#-------------------------------------------------------------------------------
usage()
{
echo "Usage: `basename $0` [-d <directory>] [-u <user>] [-k <ssl_key_file>] [-c <ssl_cert_file>] [-a <ssl_ca_file>] [-hV]"
echo "-d <directory> installation directory (default: /opt)"
echo "-u <user> owner of warden client package (user for running detection scripts)"
echo "-k <ssl_key_file> path to SSL certificate key file"
echo "-c <ssl_cert_file> path to SSL certificate file"
echo "-a <ssl_ca_file> path to CA certificate file"
echo "-h print this help"
echo "-V print script version number and exit"
echo
echo "Example: # ./`basename $0` -d /opt -u detector -k /etc/ssl/private/client.key -c /etc/ssl/certs/client.pem -a /etc/ssl/certs/tcs-ca-bundle.pem"
echo
echo "Note: You must be root for running this script."
echo " For more information about installation process, see README file (section Installation)."
echo
exit 0
}
version()
{
echo "`basename ${0}` - current version is $VERSION"
exit 0
}
err()
{
echo "FAILED!"
cat $err
rm -rf $err
echo
echo "Installation of $package_version package FAILED!!!"
exit 1
}
err_clean()
{
echo "FAILED!"
echo " -> Uninstalling client package ... OK"
rm -rf $client_path > /dev/null 2>&1
cat $err
rm -rf $err
echo
echo "Installation of $package_version package FAILED!!!"
exit 1
}
root_chck()
{
if [ $UID -ne 0 ]; then
echo "You must be root for running this script!"
exit 1
fi
}
params_chck()
{
if [ -z $prefix ]; then
prefix=/opt
echo "Warning: parameter -d <directory> is not set - default installation directory is ${prefix}!"
fi
if [ -z $user ]; then
echo "Parameter -u <user> is not set!"
exit 1
fi
if [ -z $key ]; then
echo "Parameter -k <ssl_key_file> is not set!"
exit 1
fi
if [ -z $cert ]; then
echo "Parameter -c <ssl_cert_file> is not set!"
exit 1
fi
if [ -z $ca_file ]; then
echo "Parameter -a <ssl_ca_file> is not set!"
exit 1
fi
}
old_client_chck()
{
old_package_version_file={$etc}/package_version
if [ -f $old_package_version_file ]; then
old_package_version=`cat $old_package_version_file`
echo "Sorry, but $old_package_version package is installed!"
echo "For update of warden client package please use update.sh script."
exit 1
fi
}
perl_chck()
{
echo -n "Checking Perl interpreter ... "
if which perl 1> /dev/null; then
echo "OK"
else
echo "FAILED!"
echo "Error: Perl interpreter is not installed!"
exit 1
fi
}
modules_chck()
{
for module in ${modules[@]};
do
echo -n "Checking $module module ... "
if perl -e "use $module" 2> $err; then
echo "OK"
else
err
fi
done
}
make_warden_dir()
{
echo -n "Creating warden client directory ... "
test -d $prefix || mkdir -p prefix
if cp -R ${dirname}/warden-client $prefix 2> $err; then
echo "OK"
else
err_clean
fi
echo -n "Copying files ... "
files=(CHANGELOG INSTALL LICENSE README README.cesnet)
for file in ${files[@]};
do
cp ${dirname}/warden-client/doc/$file ${client_path}/doc
done
test -d ${client_path}/ || mkdir -p ${client_path}/
cp ${dirname}/uninstall.sh ${client_path}/
echo "OK"
}
check_key()
{
echo -n "Checking certificate key file ... "
if su ${user} -c "test -r ${key}" 2> $err; then
echo "OK"
else
echo "Warning: certificate key file is not readable by user ${user}!"
fi
}
check_cert()
{
echo -n "Checking certificate file ... "
if su ${user} -c "test -r ${key}" 2> $err; then
echo "OK"
else
echo "Warning: certificate file is not readable by user ${user}!"
fi
}
make_conf_file()
{
echo -n "Creating configuration file ... "
echo "#
# warden-client.conf - configuration file for the warden sender/receiver client
#
#-------------------------------------------------------------------------------
# URI - URI address of Warden server
#-------------------------------------------------------------------------------
\$URI = \"https://warden.cesnet.cz:443/Warden\";
#-------------------------------------------------------------------------------
# SSL_KEY_FILE - path to client SSL certificate key file
#-------------------------------------------------------------------------------
\$SSL_KEY_FILE = \"${key}\";
#-------------------------------------------------------------------------------
# SSL_CERT_FILE - path to client SSL certificate file
#-------------------------------------------------------------------------------
\$SSL_CERT_FILE = \"${cert}\";
#-------------------------------------------------------------------------------
# SSL_CA_FILE - path to CA certificate file
#-------------------------------------------------------------------------------
\$SSL_CA_FILE = \"${ca_file}\";
#-------------------------------------------------------------------------------
# MAX_RCV_EVENTS_LIMIT - maximum number of events the client is allowd to get
# from the Warden server in one batch
#-------------------------------------------------------------------------------
\$MAX_RCV_EVENTS_LIMIT = 6000; #consumes app. 250 MB of memory
#-------------------------------------------------------------------------------
# Log options
#
# LOG_STDERR, LOG_SYSLOG - hide (0) or allow (1) error reporting on STDERR
# and/or to Syslog
# LOG_STDERR_VERBOSE, LOG_SYSLOG_VERBOSE - print only error message without
# a stack (0) or print debug info
# including err. message and stack (1)
#-------------------------------------------------------------------------------
\$LOG_STDERR = 1;
\$LOG_SYSLOG = 0;
\$LOG_SYSLOG_FACILITY = \"local7\";
\$LOG_VERBOSE = 0;
1;
" > $conf_file 2> $err; ret_val=`echo $?`
if [ $ret_val -eq 0 ]; then
echo "OK"
else
err_clean
fi
}
change_permissions()
{
echo -n "Changing permissions to installed package ... "
chown -R $user: $client_path 2> $err || err_clean
chmod 644 ${etc}/package_version || err_clean
if chmod 600 $conf_file; then
echo "OK"
else
err_clean
fi
}
#-------------------------------------------------------------------------------
# MAIN
#-------------------------------------------------------------------------------
# list of used Perl modules
modules=(SOAP::Lite IO::Socket::SSL SOAP::Transport::HTTP FindBin DateTime Carp)
# read input
while getopts "d:u:k:c:a:Vh" options; do
case $options in
d ) prefix=$OPTARG;;
u ) user=$OPTARG;;
k ) key=$OPTARG;;
c ) cert=$OPTARG;;
a ) ca_file=$OPTARG;;
h ) usage;;
V ) version;;
* ) usage;;
esac
done
# root test
root_chck
# params test
params_chck
# create variables
dirname=`dirname $0`
package_version=`cat ${dirname}/warden-client/etc/package_version`
key_file=`basename $key`
cert_file=`basename $cert`
[[ $prefix == */ ]] && prefix="${prefix%?}" # remove last char (slash) from prefix
client_path="${prefix}/warden-client"
etc="${client_path}/etc"
conf_file="${etc}/warden-client.conf"
err="/tmp/warden-err"
# check if warden-client is installed
old_client_chck
echo
echo "------------------------- Dependencies check-in -------------------------"
# Perl interpreter test
perl_chck
# Perl modules test
modules_chck
echo
echo "------------------------- Installation process --------------------------"
# make warden client directory
make_warden_dir
# copy cert key file
check_key
# copy cert file
check_cert
# create conf file
make_conf_file
# change permissions
change_permissions
echo
echo "Please check configuration file in ${conf_file}!"
echo
echo "Warden client directory: $client_path"
echo
echo "Installation of $package_version package was SUCCESSFUL!!!"
# cleanup section
rm -rf $err
exit 0
src/warden-client/sh/uninstall.sh deleted 100755 → 0
View file @ acad04cb
#!/bin/bash
#
# uninstall.sh
#
# Copyright (C) 2011-2012 Cesnet z.s.p.o
#
# Use of this source is governed by a BSD-style license, see LICENSE file.
VERSION="2.1"
#-------------------------------------------------------------------------------
# FUNCTIONS
#-------------------------------------------------------------------------------
usage()
{
echo "Usage: `basename $0` [-d <directory>] [-hV]"
echo "-d <directory> uninstallation directory (default: /opt)"
echo "-h print this help"
echo "-V print script version number and exit"
echo
echo "Example: # ./`basename $0` -d /opt"
echo
echo "Note: You must be root for running this script."
echo " For more information about uninstallation process, see README file (section Uninstallation)."
echo
exit 0
}
version()
{
echo "`basename ${0}` - current version is $VERSION"
exit 0
}
err()
{
echo "FAILED!"
cat $err
rm -rf $err $backup_dir
echo
echo "Uninstallation of $package_version package FAILED!!!"
exit 1
}
err_clean()
{
echo "FAILED!"
echo " -> Reverting changes of warden client package ... OK"
rm -rf ${client_path}/* > /dev/null 2>&1
cp -R ${backup_dir}/* $client_path
cat $err
rm -rf $err $backup_dir
echo
echo "Uninstallation of $package_version package FAILED!!!"
exit 1
}
root_chck()
{
if [ $UID -ne 0 ]; then
echo "You must be root for running this script!"
exit 1
fi
}
params_chck()
{
if [ -z $prefix ]; then
prefix=/opt
echo "Warning: parameter -d <directory> is not set - default uninstallation directory is ${prefix}!"
fi
}
obtain_package_version()
{
if [ -f $old_package_version_file ]; then
package_version=`cat $old_package_version_file`
else
package_version="unknown"
fi
}
warden_dir_chck()
{
echo -n "Checking warden client directory ... "
if [ ! -d $client_path ]; then
echo "FAILED!"
ls $client_path
exit 1
else
echo "OK"
fi
}
backup()
{
echo -n "Backing-up warden client directory ... "
mkdir $backup_dir
if cp -R ${client_path}/* $backup_dir 2> $err; then
echo "OK"
else
err
fi
}
uninstall_warden_client()
{
echo -n "Uninstalling $package_version package ... "
if rm -rf $client_path 2> $err; then
echo "OK"
else
err_clean
fi
}
#-------------------------------------------------------------------------------
# MAIN
#-------------------------------------------------------------------------------
# read input
while getopts "d:Vh" options; do
case $options in
d ) prefix=$OPTARG;;
h ) usage;;
V ) version;;
* ) usage;;
esac
done
# create variables
[[ $prefix == */ ]] && prefix="${prefix%?}" # remove last char (slash) from prefix
client_path="${prefix}/warden-client"
etc="${client_path}/etc"
old_package_version_file="${etc}/package_version"
err="/tmp/warden-err"
backup_dir="/tmp/warden-backup"
# obtain version of installed warden-client package
obtain_package_version
echo
echo "------------------------- Uninstallation process --------------------------------"
# root check
root_chck
# check if $prefix/warden-client directory exist
warden_dir_chck
# make backup of currently installed warden-client package
backup
# do uninstallation
uninstall_warden_client
echo
echo "Uninstallation of $package_version package was SUCCESSFUL!!!"
# cleanup section
rm -rf $err $backup_dir
exit 0
src/warden-client/sh/update.sh deleted 100755 → 0
View file @ acad04cb
#!/bin/bash
#
# update.sh
#
# Copyright (C) 2011-2012 Cesnet z.s.p.o
#
# Use of this source is governed by a BSD-style license, see LICENSE file.
VERSION="2.1"
#-------------------------------------------------------------------------------
# FUNCTIONS
#-------------------------------------------------------------------------------
usage()
{
echo "Usage: `basename $0` [-d <directory>] [-hV]"
echo "-d <directory> destination directory (default: /opt)"
echo "-h print this help"
echo "-V print script version number and exit"
echo
echo "Example: # ./`basename $0` -d /opt"
echo
echo "Note: You must be root for running this script."
echo " For more information about update process, see README file (section Update)."
echo
exit 0
}
version()
{
echo "`basename ${0}` - current version is $VERSION"
exit 0
}
err()
{
echo "FAILED!"
cat $err
rm -rf $err
rm -rf $backup_dir
echo
echo "Update from $old_package_version to $package_version package FAILED!!!"
exit 1
}
err_clean()
{
echo "FAILED!"
echo " -> Reverting changes of warden client package ... OK"
rm -rf ${client_path}/* > /dev/null 2>&1
cp -R ${backup_dir}/* $client_path
cat $err
rm -rf $err $backup_dir
echo
echo "Update from $old_package_version to $package_version package FAILED!!!"
exit 1
}
root_chck()
{
if [ $UID -ne 0 ]; then
echo "You must be root for running this script!"
exit 1
fi
}
params_chck()
{
if [ -z $prefix ]; then
prefix=/opt
echo "Warning: parameter -d <directory> is not set - default installation directory is ${prefix}!"
fi
}
obtain_package_version()
{
if [ -f $old_package_version_file ]; then
old_package_version=`cat $old_package_version_file`
if [ "$old_package_version" == "$package_version" ]; then
echo "Sorry, but $package_version package is already installed!"
exit 1
fi
else
echo "Sorry, but warden-client package is not installed!"
echo "For installation of warden client package please use install.sh script."
exit 1
fi
}
perl_chck()
{
echo -n "Checking Perl interpreter ... "
if which perl 1> /dev/null; then
echo "OK"
else
echo "FAILED!"
echo "Error: Perl interpreter is not installed!"
exit 1
fi
}
modules_chck()
{
for module in ${modules[@]};
do
echo -n "Checking $module module ... "
if perl -e "use $module" 2> $err; then
echo "OK"
else
err
fi
done
}
warden_dir_chck()
{
echo -n "Checking warden client directory ... "
if [ ! -d $client_path ]; then
echo "FAILED!"
ls $client_path
exit 1
else
echo "OK"
fi
}
backup()
{
echo -n "Backing-up warden client directory ... "
mkdir $backup_dir
if cp -R ${client_path}/* $backup_dir 2> $err; then
echo "OK"
else
err
fi
}
obtain_warden_user()
{
echo -n "Obtaining warden client directory owner ... "
if user=`stat -c %U $conf_file` 2> $err; then
echo "OK"
else
err
fi
}
update_warden_dir()
{
echo -n "Updating warden client directory ... "
if rsync -q --recursive --archive --delete --exclude='etc' --exclude='var' ${dirname}/warden-client $prefix 2> $err; then
echo "OK"
else
err_clean
fi
files=(CHANGELOG INSTALL LICENSE README README.cesnet)
for file in ${files[@]};
do
cp ${dirname}/$file ${client_path}/doc
done
cp ${dirname}/uninstall.sh $client_path
cp ${dirname}/warden-client/etc/package_version $etc
}
make_conf_file()
{
echo -n "Creating configuration file ... "
uri=`cat $conf_file | grep '$URI'`
ssl_key_file=`cat $conf_file | grep '$SSL_KEY_FILE'`
ssl_cert_file=`cat $conf_file | grep '$SSL_CERT_FILE'`
ssl_ca_file=`cat $conf_file | grep '$SSL_CA_FILE'`
max_rcv_events_limit=`cat $conf_file | grep '$MAX_RCV_EVENTS_LIMIT'`
log_stderr=`cat $conf_file | grep '$LOG_STDERR'`
if [ -z $log_stderr ]; then
log_stderr="\$LOG_STDERR = 1;"
fi
log_syslog=`cat $conf_file | grep '$LOG_SYSLOG'`
if [ -z $log_syslog ]; then
log_syslog="\$LOG_SYSLOG = 0;"
fi
log_syslog_facility=`cat $conf_file | grep '$LOG_SYSLOG_FACILITY'`
if [ -z $log_syslog_facility ]; then
log_syslog_facility="\$LOG_SYSLOG_FACILITY = \"local7\";"
fi
log_verbose=`cat $conf_file | grep '$LOG_VERBOSE'`
if [ -z $log_verbose ]; then
log_verbose="\$LOG_VERBOSE = 0;"
fi
echo "#
# warden-client.conf - configuration file for the warden sender/receiver client
#
#-------------------------------------------------------------------------------
# URI - URI address of Warden server
#-------------------------------------------------------------------------------
$uri
#-------------------------------------------------------------------------------
# SSL_KEY_FILE - path to client SSL certificate key file
#-------------------------------------------------------------------------------
$ssl_key_file
#-------------------------------------------------------------------------------
# SSL_CERT_FILE - path to client SSL certificate file
#-------------------------------------------------------------------------------
$ssl_cert_file
#-------------------------------------------------------------------------------
# SSL_CA_FILE - path to CA certificate file
#-------------------------------------------------------------------------------
$ssl_ca_file
#-------------------------------------------------------------------------------
# MAX_RCV_EVENTS_LIMIT - maximum number of events the client is allowd to get
# from the Warden server in one batch
#-------------------------------------------------------------------------------
$max_rcv_events_limit
#-------------------------------------------------------------------------------
# Log options
#
# LOG_STDERR, LOG_SYSLOG - hide (0) or allow (1) error reporting on STDERR
# and/or to Syslog
# LOG_STDERR_VERBOSE, LOG_SYSLOG_VERBOSE - print only error message without
# a stack (0) or print debug info
# including err. message and stack (1)
#-------------------------------------------------------------------------------
$log_stderr
$log_syslog
$log_syslog_facility
$log_verbose
1;
" > $conf_file 2> $err; ret_val=`echo $?`
if [ $ret_val -eq 0 ]; then
echo "OK"
else
err_clean
fi
}
change_permissions()
{
echo -n "Changing permissions to updated package ... "
chown -R $user: $client_path 2>$err || err_clean
chmod 644 $old_package_version_file || err_clean
if chmod 600 $conf_file; then
echo "OK"
else
err_clean
fi
}
#-------------------------------------------------------------------------------
# MAIN
#-------------------------------------------------------------------------------
# list of used Perl modules
modules=(SOAP::Lite IO::Socket::SSL SOAP::Transport::HTTP FindBin DateTime Carp)
# read input
while getopts "d:Vh" options; do
case $options in
d ) prefix=$OPTARG;;
h ) usage;;
V ) version;;
* ) usage;;
esac
done
# root test
root_chck
# params test
params_chck
# create variables
dirname=`dirname $0`
package_version=`cat ${dirname}/warden-client/etc/package_version`
[[ $prefix == */ ]] && prefix="${prefix%?}" # remove last char (slash) from prefix
client_path="${prefix}/warden-client"
etc="${client_path}/etc"
old_package_version_file="${etc}/package_version"
conf_file="${etc}/warden-client.conf"
err="/tmp/warden-err"
backup_dir="/tmp/warden-backup"
# obtain version of old warden client
obtain_package_version
echo
echo "------------------------- Dependencies check-in -------------------------"
# Perl interpreter test
perl_chck
# Perl modules test
modules_chck
echo
echo "------------------------- Update process --------------------------------"
# check warden client directory
warden_dir_chck
# backup old warden client installation
backup
# obtain current warden client user
obtain_warden_user
# make warden client directory
update_warden_dir
# create conf file
make_conf_file
# change permissions
change_permissions
echo
echo "Please check configuration file in ${conf_file}!"
echo
echo "Warden client directory: $client_path"
echo
echo "Update from $old_package_version to $package_version package was SUCCESSFUL!!!"
# cleanup section
rm -rf $err $backup_dir
exit 0
src/warden-server/bin/getClients.pl deleted 100755 → 0
View file @ acad04cb
#!/usr/bin/perl -w
#
# getClients.pl
#
# Copyright (C) 2011-2012 Cesnet z.s.p.o
#
# Use of this source is governed by a BSD-style license, see LICENSE file.
use strict;
use Getopt::Std;
use File::Basename;
our $VERSION = "2.1";
my $warden_path = '/opt/warden-server';
require $warden_path . '/lib/WardenStatus.pm';
my $filename = basename($0);
#-------------------------------------------------------------------------------
# Functions
#-------------------------------------------------------------------------------
sub usage {
print "Usage: $filename [without parameters]\n";
exit 1;
}
#-------------------------------------------------------------------------------
# errMsg - print error message and die
#-------------------------------------------------------------------------------
sub errMsg
{
my $msg = shift;
$msg = trim($msg);
print $msg . "\n";
exit 1;
} # End of errMsg
#-------------------------------------------------------------------------------
# trim - remove whitespace from the start and end of the string
#-------------------------------------------------------------------------------
sub trim
{
my $string = shift;
$string =~ s/^\s+//;
$string =~ s/\s+$//;
return $string;
} # End of trim
#-------------------------------------------------------------------------------
# MAIN
#-------------------------------------------------------------------------------
our ($opt_h);
die usage unless getopts("h");
my $help = $opt_h;
# catch help param
if ($help) {
usage;
}
# superuser controle
my $UID = $<;
if ($UID != 0) {
die errMsg("You must be root for running this script!")
}
my @clients = WardenStatus::getClients($warden_path);
print "+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+\n";
print "| Client ID | Hostname | Registered | Requestor | Service | CT | Type | ROE | Description tags | IP Net Client |\n";
print "+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+\n";
foreach (@clients) {
printf("| %-10s ", @$_[0] || "unknown");
printf("| %-30s ", @$_[1] || "unknown");
printf("| %19s ", @$_[2] || "unknown");
printf("| %-23s ", @$_[3] || "unknown");
printf("| %-25s ", @$_[4] || "unknown");
printf("| %-2s ", @$_[5] || "unknown");
printf("| %-15s ", @$_[6] || "unknown");
printf("| %-4s ", @$_[7] || "unknown");
printf("| %-50s ", @$_[8] || "unknown");
printf("| %-18s |\n", @$_[9] || "unknown");
}
print "+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+\n";
print "\n";
print "Current registered clients in: " . scalar localtime(time) . "\n";
exit 0;
src/warden-server/bin/getStatus.pl deleted 100755 → 0
View file @ acad04cb
#!/usr/bin/perl -w
#
# getStatus.pl
#
# Copyright (C) 2011-2012 Cesnet z.s.p.o
#
# Use of this source is governed by a BSD-style license, see LICENSE file.
use strict;
use Getopt::Std;
use File::Basename;
our $VERSION = "2.1";
my $warden_path = '/opt/warden-server';
require $warden_path . '/lib/WardenStatus.pm';
my $filename = basename($0);
#-------------------------------------------------------------------------------
# Functions
#-------------------------------------------------------------------------------
sub usage {
print "Usage: $filename [without parameters]\n";
exit 1;
}
#-------------------------------------------------------------------------------
# errMsg - print error message and die
#-------------------------------------------------------------------------------
sub errMsg
{
my $msg = shift;
$msg = trim($msg);
print $msg . "\n";
exit 1;
} # End of errMsg
#-------------------------------------------------------------------------------
# trim - remove whitespace from the start and end of the string
#-------------------------------------------------------------------------------
sub trim
{
my $string = shift;
$string =~ s/^\s+//;
$string =~ s/\s+$//;
return $string;
} # End of trim
#-------------------------------------------------------------------------------
# MAIN
#-------------------------------------------------------------------------------
our ($opt_h);
die usage unless getopts("h");
my $help = $opt_h;
# catch help param
if ($help) {
usage;
}
# superuser controle
my $UID = $<;
if ($UID != 0) {
die errMsg("You must be root for running this script!")
}
my @status = WardenStatus::getStatus($warden_path);
# take and remove first element of array @status and save it into $server_status_ref
my $server_status_ref = shift(@status);
my @server_status = @$server_status_ref;
my $syslog;
my $syslog_verbose;
if ($server_status[7] == 1) {
$syslog = "enabled";
} else {
$syslog = "disabled";
}
if ($server_status[8] == 1) {
$syslog_verbose = "enabled";
} else {
$syslog_verbose = "disabled";
}
print "Warden server variables:\n";
print "========================\n";
print "SERVER_VERSION:\t\t$server_status[0]\n";
print "HOSTNAME:\t\t$server_status[1]\n";
print "IP_ADDRESS:\t\t$server_status[2]\n";
print "PORT:\t\t\t$server_status[3]\n";
print "DB_NAME:\t\t$server_status[4]\n";
print "DB_USER:\t\t$server_status[5]\n";
print "DB_HOST:\t\t$server_status[6]\n";
print "SYSLOG:\t\t\t$syslog\n";
print "SYSLOG_VERBOSE:\t\t$syslog_verbose\n";
print "SYSLOG_FACILITY:\t$server_status[9]\n";
print "\n";
print "Warden server status:\n";
print "=====================\n";
print "Database size:\t\t\t$server_status[10]\n";
print "Count of saved events:\t\t$server_status[11]\n";
print "Last ID in events table:\t$server_status[12]\n";
print "Time of first inserted event:\t$server_status[13] (UTC)\n";
print "Time of latest inserted event:\t$server_status[14] (UTC)\n";
print "Count of registered clients:\t$server_status[15]\n";
print "\n";
# check if sum of registered client isn't 0
if ($server_status[15] != 0) {
print "Statistics of active registered senders:\n";
print "========================================\n";
print "+----------------------------------------------------------------------------------------------------------------+\n";
print "| Client ID | Hostname | Service | Stored events | Last insertion (UTC) |\n";
print "+----------------------------------------------------------------------------------------------------------------+\n";
foreach my $client_status_ref (@status){
my @client_status = @$client_status_ref;
printf("| %-10s ", $client_status[0] || "unknown");
printf("| %-30s ", $client_status[1] || "unknown");
printf("| %-25s ", $client_status[2] || "unknown");
printf("| %-13s ", $client_status[3] || "unknown");
printf("| %-20s |\n", $client_status[4] || "unknown");
}
print "+----------------------------------------------------------------------------------------------------------------+\n";
print "\n";
}
print "Current server status in:\t" . scalar localtime(time) . "\n";
exit 0;
src/warden-server/bin/getWebStatus.sh deleted 100755 → 0
View file @ acad04cb
#!/bin/bash
#
# getStatus.pl
#
# Copyright (C) 2011-2012 Cesnet z.s.p.o
#
# Use of this source is governed by a BSD-style license, see LICENSE file.
VERSION='2.0'
if [ $UID -ne 0 ]; then
echo "You must be root for running this script!"
exit 1
fi
DB_NAME=`cat /opt/warden-server/etc/warden-server.conf | grep '$DB_NAME' | sed 's/[";]//g' |awk '{print $3}'`
DB_USER=`cat /opt/warden-server/etc/warden-server.conf | grep '$DB_USER' | sed 's/[";]//g' |awk '{print $3}'`
DB_HOST=`cat /opt/warden-server/etc/warden-server.conf | grep '$DB_HOST' | sed 's/[";]//g' |awk '{print $3}'`
echo "DB_NAME: $DB_NAME"
echo "DB_USER: $DB_USER"
echo "DB_HOST: $DB_HOST"
echo
echo "DB status:"
echo "----------"
echo "SELECT FROM_UNIXTIME( UNIX_TIMESTAMP( received ) - ( UNIX_TIMESTAMP( received ) % ( 60 ) ) ) AS t, COUNT( id ) FROM events GROUP BY t" | mysql -h $DB_HOST --user=$DB_USER $DB_NAME --password=$DB_PASS
echo
echo "apache2ctl status:"
echo "------------------"
apache2ctl status
echo
echo "uptime:"
echo "-------"
uptime
echo
echo -n klientu: ; netstat -nlpa | grep :443 | grep ESTA | wc -l;
echo -n FIN:; netstat | grep WAIT2 | wc -l
exit 0
src/warden-server/bin/registerReceiver.pl deleted 100755 → 0
View file @ acad04cb
#!/usr/bin/perl -w
#
# registerReceiver.pl
#
# Copyright (C) 2011-2012 Cesnet z.s.p.o
#
# Use of this source is governed by a BSD-style license, see LICENSE file.
use strict;
use Getopt::Std;
use Switch;
use File::Basename;
our $VERSION = "2.0";
my $warden_path = '/opt/warden-server';
require $warden_path . '/lib/WardenReg.pm';
my $filename = basename($0);
#-------------------------------------------------------------------------------
# Functions
#-------------------------------------------------------------------------------
sub usage {
print "Usage: $filename [-h -o -n <hostname> -r <requestor> -t <type> -i <ip_net_client>]\n";
exit 1;
}
sub help {
print "$filename [-h -o -n <hostname> -r <requestor> -t <type> -i <ip_net_client>]\n";
print "-h print this text and exit\n";
print "-n hostname of receiver\n";
print "-r client registration requestor\n";
print "-t type of received events or '_any_' for receiving of all types of events\n";
print "-o enable receiving of own events\n";
print "-i CIDR of receiver\n";
exit 0;
}
#-------------------------------------------------------------------------------
# errMsg - print error message and die
#-------------------------------------------------------------------------------
sub errMsg
{
my $msg = shift;
$msg = trim($msg);
print $msg . "\n";
exit 1;
} # End of errMsg
#-------------------------------------------------------------------------------
# trim - remove whitespace from the start and end of the string
#-------------------------------------------------------------------------------
sub trim
{
my $string = shift;
$string =~ s/^\s+//;
$string =~ s/\s+$//;
return $string;
} # End of trim
#-------------------------------------------------------------------------------
# MAIN
#-------------------------------------------------------------------------------
our ($opt_n, $opt_r, $opt_t, $opt_o, $opt_i, $opt_h);
if ($#ARGV == -1) {usage}
die usage unless getopts("n:r:t:i:ho");
my $hostname = $opt_n;
my $requestor = $opt_r;
my $type = $opt_t;
my $ip_net_client = $opt_i;
my $help = $opt_h;
my $receive_own_events = "f";
if ($opt_o) {
$receive_own_events = "t";
}
# catch help param
if ($help) {
help;
}
if ($ip_net_client !~ /^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(\d|[1-2]\d|3[0-2]))$/) {
die errMsg("Enter correct IP in CIDR format!");
}
# superuser controle
my $UID = $<;
if ($UID != 0) {die errMsg("You must be root for running this script!")}
# check parameters definition
switch () {
case {!defined $hostname} { print "ERROR: Parameter 'hostname' is not defined!\n"; exit 1; }
case {!defined $requestor} { print "ERROR: Parameter 'requestor' is not defined!\n"; exit 1; }
case {!defined $type} { print "ERROR: Parameter 'type' is not defined!\n"; exit 1; }
case {!defined $receive_own_events} { print "ERROR: Parameter 'receive_own_events' is not defined!\n"; exit 1; }
case {!defined $ip_net_client} { print "ERROR: Parameter 'ip_net_client' is not defined!\n"; exit 1; }
}
my $return = WardenReg::registerReceiver($warden_path, $hostname, $requestor, $type, $receive_own_events, $ip_net_client);
$return ? print "Registration of $hostname was SUCCESSFUL...\n" : print "Registration of $hostname FAILED!\n";
exit 0;
src/warden-server/bin/registerSender.pl deleted 100755 → 0
View file @ acad04cb
#!/usr/bin/perl -w
#
# registerSender.pl
#
# Copyright (C) 2011-2012 Cesnet z.s.p.o
#
# Use of this source is governed by a BSD-style license, see LICENSE file.
use strict;
use Getopt::Std;
use Switch;
use File::Basename;
our $VERSION = "2.0";
my $warden_path = '/opt/warden-server';
require $warden_path . '/lib/WardenReg.pm';
my $filename = basename($0);
#-------------------------------------------------------------------------------
# Functions
#-------------------------------------------------------------------------------
sub usage {
print "Usage: $filename [-h -n <hostname> -r <requestor> -s <service> -d <description_tags> -i <ip_net_client>]\n";
exit 1;
}
sub help {
print "$filename [-h -n <hostname> -r <requestor> -s <service> -d <description_tags> -i <ip_net_client>]\n";
print "-h print this text and exit\n";
print "-n hostname of sender\n";
print "-r client registration requestor\n";
print "-s name of service which sent events\n";
print "-d description tags of send events\n";
print "-i CIDR of sender\n";
exit 0;
}
#-------------------------------------------------------------------------------
# errMsg - print error message and die
#-------------------------------------------------------------------------------
sub errMsg
{
my $msg = shift;
$msg = trim($msg);
print $msg . "\n";
exit 1;
} # End of errMsg
#-------------------------------------------------------------------------------
# trim - remove whitespace from the start and end of the string
#-------------------------------------------------------------------------------
sub trim
{
my $string = shift;
$string =~ s/^\s+//;
$string =~ s/\s+$//;
return $string;
} # End of trim
#-------------------------------------------------------------------------------
# MAIN
#-------------------------------------------------------------------------------
our ($opt_n, $opt_r, $opt_s, $opt_d, $opt_i, $opt_h);
if ($#ARGV == -1) {usage}
die usage unless getopts("n:r:s:d:i:h");
my $hostname = $opt_n;
my $requestor = $opt_r;
my $service = $opt_s;
my $description_tags = $opt_d;
my $ip_net_client = $opt_i;
my $help = $opt_h;
# catch help param
if ($help) {
help;
}
if ($ip_net_client !~ /^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(\d|[1-2]\d|3[0-2]))$/) {
die errMsg("Enter correct IP in CIDR format!");
}
# superuser controle
my $UID = $<;
if ($UID != 0) {die errMsg("You must be root for running this script!")}
# check parameters definition
switch () {
case {!defined $hostname} { print "ERROR: Parameter 'hostname' is not defined!\n"; exit 1; }
case {!defined $requestor} { print "ERROR: Parameter 'requestor' is not defined!\n"; exit 1; }
case {!defined $service} { print "ERROR: Parameter 'service' is not defined!\n"; exit 1; }
case {!defined $description_tags} { print "ERROR: Parameter 'description_tags' is not defined!\n"; exit 1; }
case {!defined $ip_net_client} { print "ERROR: Parameter 'ip_net_client' is not defined!\n"; exit 1; }
}
# register sender at warden server
my $return = WardenReg::registerSender($warden_path, $hostname, $requestor, $service, $description_tags, $ip_net_client);
$return ? print "Registration of $hostname was SUCCESSFUL...\n" : print "Registration of $hostname FAILED!\n";
exit 0;
src/warden-server/bin/unregisterClient.pl deleted 100755 → 0
View file @ acad04cb
#!/usr/bin/perl -w
#
# unregisterClient.pl
#
# Copyright (C) 2011-2012 Cesnet z.s.p.o
#
# Use of this source is governed by a BSD-style license, see LICENSE file.
use strict;
use Getopt::Std;
use Switch;
use File::Basename;
our $VERSION = "2.0";
my $warden_path = '/opt/warden-server';
require $warden_path . '/lib/WardenReg.pm';
my $filename = basename($0);
#-------------------------------------------------------------------------------
# Functions
#-------------------------------------------------------------------------------
sub usage {
print "Usage: $filename [-h -i <client_id>]\n";
exit 1;
}
sub help {
print "$filename [-h -i <client_id>]\n";
print "-h print this text and exit\n";
print "-i client_id for unregistration\n";
exit 0;
}
#-------------------------------------------------------------------------------
# errMsg - print error message and die
#-------------------------------------------------------------------------------
sub errMsg
{
my $msg = shift;
$msg = trim($msg);
print $msg . "\n";
exit 1;
} # End of errMsg
#-------------------------------------------------------------------------------
# trim - remove whitespace from the start and end of the string
#-------------------------------------------------------------------------------
sub trim
{
my $string = shift;
$string =~ s/^\s+//;
$string =~ s/\s+$//;
return $string;
} # End of trim
#-------------------------------------------------------------------------------
# MAIN
#-------------------------------------------------------------------------------
our ($opt_h, $opt_i);
if ($#ARGV == -1) {usage}
die usage unless getopts("i:h");
my $client_id = $opt_i;
my $help = $opt_h;
# catch help param
if ($help) {
help;
}
# superuser controle
my $UID = $<;
if ($UID != 0) {die errMsg("You must be root for running this script!")}
# check parameters definition
if (!defined $client_id) {
print "ERROR: Parameter 'client_id' is not defined!\n";
exit 1;
}
my $return = WardenReg::unregisterClient($warden_path, $client_id);
$return ? print "Unregistration of client (#$client_id) was SUCCESSFUL...\n" : print "Unregistration of client (# $client_id) FAILED!\n";
exit 0;