Skip to content
Snippets Groups Projects

Compare revisions

Changes are shown as if the source revision was being merged into the target revision. Learn more about comparing revisions.

Source

Select target project
No results found
Select Git revision
  • devel
  • hruska-feature-#6799-filter-keys
  • hruska-feature-5066-duplicateIdeaID
  • hruska-feature-clients-api
  • malostik-#5066-deduplicate-idea-ids
  • master
  • warden-postgresql-port
  • warden-client-1.1.0
  • warden-client-1.2.0
  • warden-client-2.0
  • warden-client-2.0.0-beta1
  • warden-client-2.0.0-beta2
  • warden-client-2.1
  • warden-client-2.1-beta
  • warden-client-2.2
  • warden-client-2.2-final
  • warden-client-3.0-beta0
  • warden-client-3.0-beta1
  • warden-client-3.0-beta2
  • warden-client-3.0-beta3
  • warden-server-0.1.0
  • warden-server-2.0
  • warden-server-2.0.0-beta1
  • warden-server-2.1
  • warden-server-2.1-aplha1
  • warden-server-2.1-beta1
  • warden-server-2.1-beta2
  • warden-server-2.1-beta3
  • warden-server-2.1-beta4
  • warden-server-2.1-beta5
  • warden-server-2.1-beta6
  • warden-server-2.1-patch1
  • warden-server-2.2
  • warden-server-2.2-final
  • warden-server-2.2-patch1
  • warden-server-2.2-patch3
  • warden-server-3.0-beta0
  • warden-server-3.0-beta1
  • warden-server-3.0-beta2
  • warden-server-3.0-beta3
40 results

Target

Select target project
  • Pavel.Valach/warden
1 result
Select Git revision
  • devel
  • hruska-feature-#6799-filter-keys
  • hruska-feature-5066-duplicateIdeaID
  • hruska-feature-clients-api
  • malostik-#5066-deduplicate-idea-ids
  • master
  • warden-postgresql-port
  • warden-client-1.1.0
  • warden-client-1.2.0
  • warden-client-2.0
  • warden-client-2.0.0-beta1
  • warden-client-2.0.0-beta2
  • warden-client-2.1
  • warden-client-2.1-beta
  • warden-client-2.2
  • warden-client-2.2-final
  • warden-client-3.0-beta0
  • warden-client-3.0-beta1
  • warden-client-3.0-beta2
  • warden-client-3.0-beta3
  • warden-server-0.1.0
  • warden-server-2.0
  • warden-server-2.0.0-beta1
  • warden-server-2.1
  • warden-server-2.1-aplha1
  • warden-server-2.1-beta1
  • warden-server-2.1-beta2
  • warden-server-2.1-beta3
  • warden-server-2.1-beta4
  • warden-server-2.1-beta5
  • warden-server-2.1-beta6
  • warden-server-2.1-patch1
  • warden-server-2.2
  • warden-server-2.2-final
  • warden-server-2.2-patch1
  • warden-server-2.2-patch3
  • warden-server-3.0-beta0
  • warden-server-3.0-beta1
  • warden-server-3.0-beta2
  • warden-server-3.0-beta3
40 results
Show changes
Hide whitespace changes
Inline Side-by-side
Showing
with 0 additions and 3296 deletions
src/warden-client/doc/example-sender.pl.txt deleted 100644 → 0
View file @ be94e0fe
#!/usr/bin/perl -w
#
# Copyright (C) 2011-2012 Cesnet z.s.p.o
# Author(s): Tomas PLESNIK <plesnik@ics.muni.cz>
# Jan SOUKAL <soukal@ics.muni.cz>
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
# 1. Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in
# the documentation and/or other materials provided with the
# distribution.
# 3. Neither the name of the Cesnet z.s.p.o nor the names of its
# contributors may be used to endorse or promote products derived from
# this software without specific prior written permission.
#
# This software is provided ``as is'', and any express or implied
# warranties, including, but not limited to, the implied warranties of
# merchantability and fitness for a particular purpose are disclaimed.
# In no event shall the Cesnet z.s.p.o or contributors be liable for
# any direct, indirect, incidental, special, exemplary, or consequential
# damages (including, but not limited to, procurement of substitute
# goods or services; loss of use, data, or profits; or business
# interruption) however caused and on any theory of liability, whether
# in contract, strict liability, or tort (including negligence or
# otherwise) arising in any way out of the use of this software, even
# if advised of the possibility of such damage.
#
use strict;
use DateTime;
#-------------------------------------------------------------------------------
# Warden 1.1.0. Client, Sender, Example
#
# Sample script using warden-client sending functionality. This example is not
# intended to be a standalone script. It only shows how to use warden-client
# functionality.
#-------------------------------------------------------------------------------
#-------------------------------------------------------------------------------
# Preparation of event attributes.
# This should be handled by detection application.
my $local_detected = DateTime->from_epoch(epoch => time());
my $service = "ScanDetector";
my $detected = "$local_detected";
my $type = "portscan";
my $source_type = "IP";
my $source = "123.123.123.123";
my $target_proto = "TCP";
my $target_port = "22";
my $attack_scale = "1234567890";
my $note = "important note or comment";
my $priority = "null";
my $timeout = "20";
my @event = ($service, $detected, $type, $source_type, $source,
$target_proto, $target_port, $attack_scale, $note,
$priority, $timeout );
#-------------------------------------------------------------------------------
# Use of warden-client sender.
# This code should developer add to his/her detection application
# (with corresponding paths appropriately changed).
# Path to warden-client folder
my $warden_path = '/opt/warden-client';
# Inclusion of warden-client sender module
require $warden_path . '/lib/WardenClientSend.pm';
# Sending event to Warden server
WardenClientSend::saveNewEvent($warden_path, \@event);
exit 0;
src/warden-client/etc/package_version deleted 100644 → 0
View file @ be94e0fe
warden-client-1.2.0
src/warden-client/etc/warden-client.conf deleted 100644 → 0
View file @ be94e0fe
#
# warden-client.conf - configuration file for the warden sender/receiver client
#
#-------------------------------------------------------------------------------
# URI - URI address of Warden server
#-------------------------------------------------------------------------------
$URI = "https://warden-dev.cesnet.cz:443/Warden";
#-------------------------------------------------------------------------------
# SSL_KEY_FILE - path to client SSL certificate key file
#-------------------------------------------------------------------------------
$SSL_KEY_FILE = "/opt/warden-client/etc/warden-dev.cesnet.cz.key";
#-------------------------------------------------------------------------------
# SSL_CERT_FILE - path to client SSL certificate file
#-------------------------------------------------------------------------------
$SSL_CERT_FILE = "/opt/warden-client/etc/warden-dev.cesnet.cz.pem";
#-------------------------------------------------------------------------------
# SSL_CA_FILE - path to CA certificate file
#-------------------------------------------------------------------------------
$SSL_CA_FILE = "/etc/ssl/certs/tcs-ca-bundle.pem";
src/warden-client/lib/WardenClientConf.pm deleted 100755 → 0
View file @ be94e0fe
#!/usr/bin/perl -w
#
# WardenClientConf.pm
#
# Copyright (C) 2011-2012 Cesnet z.s.p.o
# Author(s): Tomas PLESNIK <plesnik@ics.muni.cz>
# Jan SOUKAL <soukal@ics.muni.cz>
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
# 1. Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in
# the documentation and/or other materials provided with the
# distribution.
# 3. Neither the name of the Cesnet z.s.p.o nor the names of its
# contributors may be used to endorse or promote products derived from
# this software without specific prior written permission.
#
# This software is provided ``as is'', and any express or implied
# warranties, including, but not limited to, the implied warranties of
# merchantability and fitness for a particular purpose are disclaimed.
# In no event shall the Cesnet z.s.p.o or contributors be liable for
# any direct, indirect, incidental, special, exemplary, or consequential
# damages (including, but not limited to, procurement of substitute
# goods or services; loss of use, data, or profits; or business
# interruption) however caused and on any theory of liability, whether
# in contract, strict liability, or tort (including negligence or
# otherwise) arising in any way out of the use of this software, even
# if advised of the possibility of such damage.
#
package WardenClientConf;
use strict;
our $VERSION = "1.0";
#-------------------------------------------------------------------------------
# loadConf - load variables from configuration file
#-------------------------------------------------------------------------------
sub loadConf
{
my $conf_file = shift;
# preset of default variables
our $URI = undef;
our $SSL_KEY_FILE = undef;
our $SSL_CERT_FILE = undef;
our $SSL_CA_FILE = undef;
# read config file
if ( ! open( TMP, $conf_file) ) {
die("Can't read config file '$conf_file': $!\n");
}
close TMP;
# load set variables by user
if ( !do $conf_file ) {
die("Errors in config file '$conf_file': $@");
}
return ($URI, $SSL_KEY_FILE, $SSL_CERT_FILE, $SSL_CA_FILE);
} # End of loadConf
1;
src/warden-client/lib/WardenClientReceive.pm deleted 100755 → 0
View file @ be94e0fe
#!/usr/bin/perl -w
#
# WardenClientReceive.pm
#
# Copyright (C) 2011-2012 Cesnet z.s.p.o
# Author(s): Tomas PLESNIK <plesnik@ics.muni.cz>
# Jan SOUKAL <soukal@ics.muni.cz>
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
# 1. Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in
# the documentation and/or other materials provided with the
# distribution.
# 3. Neither the name of the Cesnet z.s.p.o nor the names of its
# contributors may be used to endorse or promote products derived from
# this software without specific prior written permission.
#
# This software is provided ``as is'', and any express or implied
# warranties, including, but not limited to, the implied warranties of
# merchantability and fitness for a particular purpose are disclaimed.
# In no event shall the Cesnet z.s.p.o or contributors be liable for
# any direct, indirect, incidental, special, exemplary, or consequential
# damages (including, but not limited to, procurement of substitute
# goods or services; loss of use, data, or profits; or business
# interruption) however caused and on any theory of liability, whether
# in contract, strict liability, or tort (including negligence or
# otherwise) arising in any way out of the use of this software, even
# if advised of the possibility of such damage.
package WardenClientReceive;
use strict;
use SOAP::Lite;
use IO::Socket::SSL qw(debug1);
#use SOAP::Transport::TCP;
use SOAP::Transport::HTTP;
use FindBin;
our $VERSION = "1.1";
#-------------------------------------------------------------------------------
# errMsg - print error message and die
#-------------------------------------------------------------------------------
sub errMsg
{
my $msg = shift;
die($msg . "\n");
} # End of errMsg
#-------------------------------------------------------------------------------
# c2s - connect to server, send request and receive response
#-------------------------------------------------------------------------------
#sub c2s
#{
# my $uri = shift;
# my $ssl_key_file = shift;
# my $ssl_cert_file = shift;
# my $ssl_ca_file = shift;
# my $method = shift;
# my $data = shift;
#
# my $client;
# my ($server, $port, $service) = $uri =~ /https:\/\/(.+)\:(\d+)\/(.+)/;
# if (!($client = SOAP::Transport::TCP::Client->new(
# PeerAddr => $server,
# PeerPort => $port,
# Proto => 'tcp',
# SSL_use_cert => 1,
# SSL_verify_mode => 0x02,
# SSL_key_file => $ssl_key_file,
# SSL_cert_file => $ssl_cert_file,
# SSL_ca_file => $ssl_ca_file,
# ))) {errMsg("Sorry, unable to create socket: " . &SOAP::Transport::TCP::Client::errstr)}
#
# # setting of URI and serialize SOAP envelope and data object
# my $soap = SOAP::Lite->uri($uri);
# my $envelope;
# if (!defined $data) {
# $envelope = $soap->serializer->envelope(method => $method);
# } else {
# $envelope = $soap->serializer->envelope(method => $method, $data);
# }
#
# # setting of TCP URI and send serialized SOAP envelope and data
# my $tcp_uri = "tcp://$server:$port/$service";
# my $result = $client->send_receive(envelope => $envelope, endpoint => $tcp_uri);
#
# # check server response
# if (!defined $result) {
# errMsg("Error: server returned empty response." . "\n" . "Problem with used SSL ceritificates or Warden server at $server:$port is down.");
# } else {
# # deserialized response from server -> create SOAP envelope and data object
# my $response = $soap->deserializer->deserialize($result);
# # check SOAP fault status
# $response->fault ? errMsg("Server sent error message:: " . $response->faultstring) : return $response;
# }
#}
sub c2s
{
my $uri = shift;
my $ssl_key_file = shift;
my $ssl_cert_file = shift;
my $ssl_ca_file = shift;
my $method = shift;
my $data = shift;
my $client;
my ($server, $port, $service) = $uri =~ /https:\/\/(.+)\:(\d+)\/(.+)/;
if (!($client = SOAP::Transport::HTTP::Client->new(
))) {errMsg("Sorry, unable to create socket: " . &SOAP::Transport::HTTP::Client::errstr)}
$client->ssl_opts( verify_hostname => 1,
SSL_use_cert => 1,
SSL_verify_mode => 0x02,
SSL_key_file => $ssl_key_file,
SSL_cert_file => $ssl_cert_file,
SSL_ca_file => $ssl_ca_file);
# setting of URI and serialize SOAP envelope and data object
my $soap = SOAP::Lite->uri($service)->proxy($uri);
my $envelope;
if (!defined $data) {
$envelope = $soap->serializer->envelope(method => $method);
} else {
$envelope = $soap->serializer->envelope(method => $method, $data);
}
# setting of TCP URI and send serialized SOAP envelope and data
my $tcp_uri = "https://$server:$port/$service";
my $result = $client->send_receive(envelope => $envelope, endpoint => $tcp_uri);
# check server response
if (!defined $result) {
errMsg("Error: server returned empty response." . "\n" . "Problem with used SSL ceritificates or Warden server at $server:$port is down.");
} else {
# deserialized response from server -> create SOAP envelope and data object
my $response = $soap->deserializer->deserialize($result);
# check SOAP fault status
$response->fault ? errMsg("Server sent error message:: " . $response->faultstring) : return $response;
}
}
#-------------------------------------------------------------------------------
# getNewEvents - get new events from warden server greater than last received ID
#-------------------------------------------------------------------------------
sub getNewEvents
{
my $warden_path = shift;
my $requested_type = shift;
my $vardir = $warden_path . "/var/";
my $etcdir = $warden_path . "/etc/";
my $libdir = $warden_path . "/lib/";
# read the config file
require $libdir . "WardenClientConf.pm";
my $conf_file = $etcdir . "warden-client.conf";
my ($uri, $ssl_key_file, $ssl_cert_file, $ssl_ca_file) = WardenClientConf::loadConf($conf_file);
# set name of ID file for each client aplication
my $caller_name = $FindBin::Script;
my $id_file = $vardir . $caller_name . ".id";
#-----------------------------------------------------------------------------
# get last ID from ID file (if exist) or
# get last ID from warden server DB and save it into ID file
my $last_id;
if (-e $id_file) {
open(ID, "< $id_file") || errMsg("Cannot open ID file $id_file: $!");
foreach(<ID>) {
$last_id = $_;
}
close ID;
} else {
my $response = c2s($uri, $ssl_key_file, $ssl_cert_file, $ssl_ca_file, "getLastId");
$last_id = $response->result;
open(ID, "> $id_file") || die ("Cannot open ID file $id_file: $!");
print ID $last_id;
close ID;
}
#-----------------------------------------------------------------------------
# get new events from warden server DB based on gathered last ID
# create SOAP data obejct
my $request_data = SOAP::Data->name(request => \SOAP::Data->value(
SOAP::Data->name(REQUESTED_TYPE => $requested_type),
SOAP::Data->name(LAST_ID => $last_id)
));
my $response = c2s($uri, $ssl_key_file, $ssl_cert_file, $ssl_ca_file, "getNewEvents", $request_data);
# match getNewEvents functions response
$response->match('/Envelope/Body/getNewEventsResponse/');
my ($id, $hostname, $service, $detected, $type, $source_type, $source, $target_proto, $target_port, $attack_scale, $note, $priority, $timeout);
my @events;
# parse returned SOAP data object
my $i = 1;
my $response_data = $response->valueof("[$i]");
while (defined $response_data) {
my @event;
# parse items of one event
$id = $response_data->{'ID'};
$hostname = $response_data->{'HOSTNAME'};
$service = $response_data->{'SERVICE'};
$detected = $response_data->{'DETECTED'};
$type = $response_data->{'TYPE'};
$source_type = $response_data->{'SOURCE_TYPE'};
$source = $response_data->{'SOURCE'};
$target_proto = $response_data->{'TARGET_PROTO'};
$target_port = $response_data->{'TARGET_PORT'};
$attack_scale = $response_data->{'ATTACK_SCALE'};
$note = $response_data->{'NOTE'};
$priority = $response_data->{'PRIORITY'};
$timeout = $response_data->{'TIMEOUT'};
# push new event from warden server into @events which is returned
@event = ("$id", "$hostname", "$service", "$detected", "$type", "$source_type", "$source", "$target_proto", "$target_port", "$attack_scale", "$note", "$priority", "$timeout");
push (@events, \@event);
# set maximum received ID from current batch
if ($id > $last_id) {
$last_id = $id;
}
# go to the next received event
$i++;
$response_data = $response->valueof("[$i]");
}
# write last return ID
if (defined $last_id) { # must be defined for first check ID
open(ID, "> $id_file") || die ("Cannot open ID file $id_file: $!");
print ID $last_id;
close ID;
}
# return event array of arrays
return @events;
} # End of getNewEvents
1;
src/warden-client/lib/WardenClientSend.pm deleted 100755 → 0
View file @ be94e0fe
#!/usr/bin/perl -w
#
# WardenClientSend.pm
#
# Copyright (C) 2011-2012 Cesnet z.s.p.o
# Author(s): Tomas PLESNIK <plesnik@ics.muni.cz>
# Jan SOUKAL <soukal@ics.muni.cz>
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
# 1. Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in
# the documentation and/or other materials provided with the
# distribution.
# 3. Neither the name of the Cesnet z.s.p.o nor the names of its
# contributors may be used to endorse or promote products derived from
# this software without specific prior written permission.
#
# This software is provided ``as is'', and any express or implied
# warranties, including, but not limited to, the implied warranties of
# merchantability and fitness for a particular purpose are disclaimed.
# In no event shall the Cesnet z.s.p.o or contributors be liable for
# any direct, indirect, incidental, special, exemplary, or consequential
# damages (including, but not limited to, procurement of substitute
# goods or services; loss of use, data, or profits; or business
# interruption) however caused and on any theory of liability, whether
# in contract, strict liability, or tort (including negligence or
# otherwise) arising in any way out of the use of this software, even
# if advised of the possibility of such damage.
package WardenClientSend;
use strict;
use SOAP::Lite;
#use SOAP::Lite 'trace', 'debug';
use IO::Socket::SSL qw(debug1);
#use SOAP::Transport::TCP;
use SOAP::Transport::HTTP;
our $VERSION = "1.1";
#-------------------------------------------------------------------------------
# errMsg - print error message and die
#-------------------------------------------------------------------------------
sub errMsg
{
my $msg = shift;
die($msg . "\n");
} # End of errMsg
#-------------------------------------------------------------------------------
# c2s - connect to server, send request and receive response
#-------------------------------------------------------------------------------
sub c2s
{
my $uri = shift;
my $ssl_key_file = shift;
my $ssl_cert_file = shift;
my $ssl_ca_file = shift;
my $method = shift;
my $data = shift;
my $client;
my ($server, $port, $service) = $uri =~ /https:\/\/(.+)\:(\d+)\/(.+)/;
if (!($client = SOAP::Transport::HTTP::Client->new(
))) {errMsg("Sorry, unable to create socket: " . &SOAP::Transport::HTTP::Client::errstr)}
$client->ssl_opts( verify_hostname => 1,
SSL_use_cert => 1,
SSL_verify_mode => 0x02,
SSL_key_file => $ssl_key_file,
SSL_cert_file => $ssl_cert_file,
SSL_ca_file => $ssl_ca_file);
# setting of URI and serialize SOAP envelope and data object
my $soap = SOAP::Lite->uri($service)->proxy($uri);
my $envelope = $soap->serializer->envelope(method => $method, $data);
# setting of TCP URI and send serialized SOAP envelope and data
my $tcp_uri = "https://$server:$port/$service";
my $result = $client->send_receive(envelope => $envelope, endpoint => $tcp_uri);
# check server response
if (!defined $result) {
errMsg("Error: server returned empty response." . "\n" . "Problem with used SSL ceritificates or Warden server at $server:$port is down.");
} else {
# deserialized response from server -> create SOAP envelope and data object
my $response = $soap->deserializer->deserialize($result);
# check SOAP fault status
$response->fault ? errMsg("Server sent error message:: " . $response->faultstring) : return 1;
}
}
#-------------------------------------------------------------------------------
# saveNewEvent - send new event from detection scripts to warden server
#-------------------------------------------------------------------------------
sub saveNewEvent
{
my $warden_path = shift;
my $event_ref = shift;
my $etcdir = $warden_path . "/etc/";
my $libdir = $warden_path . "/lib/";
# read the config file
require $libdir . "WardenClientConf.pm";
my $conf_file = $etcdir . "warden-client.conf";
my ($uri, $ssl_key_file, $ssl_cert_file, $ssl_ca_file) = WardenClientConf::loadConf($conf_file);
# prepare variables of event
my @event = @{$event_ref};
my $service = $event[0];
my $detected = $event[1];
my $type = $event[2];
my $source_type = $event[3];
my $source = $event[4];
my $target_proto = $event[5];
my $target_port = $event[6];
my $attack_scale = $event[7];
my $note = $event[8];
my $priority = $event[9];
my $timeout = $event[10];
# create SOAP data object
my $event = SOAP::Data->name(event => \SOAP::Data->value(
SOAP::Data->name(SERVICE => $service),
SOAP::Data->name(DETECTED => $detected),
SOAP::Data->name(TYPE => $type),
SOAP::Data->name(SOURCE_TYPE => $source_type),
SOAP::Data->name(SOURCE => $source),
SOAP::Data->name(TARGET_PROTO => $target_proto),
SOAP::Data->name(TARGET_PORT => $target_port),
SOAP::Data->name(ATTACK_SCALE => $attack_scale),
SOAP::Data->name(NOTE => $note),
SOAP::Data->name(PRIORITY => $priority),
SOAP::Data->name(TIMEOUT => $timeout)
));
my $result = c2s($uri, $ssl_key_file, $ssl_cert_file, $ssl_ca_file, "saveNewEvent", $event);
$result ? return 1 : return 0;
} # End of saveNewEvent
1;
src/warden-client/sh/install.sh deleted 100755 → 0
View file @ be94e0fe
#!/bin/bash
#
# install.sh
#
# Copyright (C) 2011-2012 Cesnet z.s.p.o
# Author(s): Tomas PLESNIK <plesnik@ics.muni.cz>
# Jan SOUKAL <soukal@ics.muni.cz>
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
# 1. Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in
# the documentation and/or other materials provided with the
# distribution.
# 3. Neither the name of the Cesnet z.s.p.o nor the names of its
# contributors may be used to endorse or promote products derived from
# this software without specific prior written permission.
#
# This software is provided ``as is'', and any express or implied
# warranties, including, but not limited to, the implied warranties of
# merchantability and fitness for a particular purpose are disclaimed.
# In no event shall the Cesnet z.s.p.o or contributors be liable for
# any direct, indirect, incidental, special, exemplary, or consequential
# damages (including, but not limited to, procurement of substitute
# goods or services; loss of use, data, or profits; or business
# interruption) however caused and on any theory of liability, whether
# in contract, strict liability, or tort (including negligence or
# otherwise) arising in any way out of the use of this software, even
# if advised of the possibility of such damage.
VERSION="1.1"
#-------------------------------------------------------------------------------
# FUNCTIONS
#-------------------------------------------------------------------------------
usage()
{
echo "Usage: `basename $0` [-d <directory>] [-u <user>] [-k <ssl_key_file>] [-c <ssl_cert_file>] [-a <ssl_ca_file>] [-hV]"
echo "-d <directory> installation directory (default: /opt)"
echo "-u <user> owner of warden client package (user for running detection scripts)"
echo "-k <ssl_key_file> path to SSL certificate key file"
echo "-c <ssl_cert_file> path to SSL certificate file"
echo "-a <ssl_ca_file> path to CA certificate file"
echo "-h print this help"
echo "-V print script version number and exit"
echo
echo "Example: # ./`basename $0` -d /opt -u detector -k /etc/ssl/private/client.key -c /etc/ssl/certs/client.pem -a /etc/ssl/certs/tcs-ca-bundle.pem"
echo
echo "Note: You must be root for running this script."
echo " For more information about installation process, see README file (section Installation)."
echo
exit 0
}
version()
{
echo "`basename ${0}` - current version is $VERSION"
exit 0
}
err()
{
echo "FAILED!"
cat $err
rm -rf $err
echo
echo "Installation of $package_version package FAILED!!!"
exit 1
}
err_clean()
{
echo "FAILED!"
echo " -> Uninstalling client package ... OK"
rm -rf $client_path > /dev/null 2>&1
cat $err
rm -rf $err
echo
echo "Installation of $package_version package FAILED!!!"
exit 1
}
os_chck()
{
OS=`uname`
if [ "$OS" != "Linux" ]; then
echo "Sorry, unsupported operating system detected - \"$OS\"!"
exit 1
fi
}
shell_chck()
{
SHELL=`echo $SHELL`
if [ "$SHELL" != "/bin/bash" ]; then
echo "Sorry, this script is usable in Bourne Again Shell (bash) only!"
exit 1
fi
}
root_chck()
{
if [ $UID -ne 0 ]; then
echo "You must be root for running this script!"
exit 1
fi
}
params_chck()
{
if [ -z $prefix ]; then
prefix=/opt
echo "Warning: parameter -d <directory> is not set - default installation directory is $prefix!"
fi
if [ -z $user ]; then
echo "Parameter -u <user> is not set!"
exit 1
fi
if [ -z $key ]; then
echo "Parameter -k <ssl_key_file> is not set!"
exit 1
fi
if [ -z $cert ]; then
echo "Parameter -c <ssl_cert_file> is not set!"
exit 1
fi
if [ -z $ca_file ]; then
echo "Parameter -a <ssl_ca_file> is not set!"
exit 1
fi
}
old_client_chck()
{
old_package_version_file="$etc/package_version"
if [ -f $old_package_version_file ]; then
old_package_version=`cat $old_package_version_file`
echo "Sorry, but $old_package_version package is installed!"
echo "For update of warden client package please use update.sh script."
exit 1
fi
}
perl_chck()
{
echo -n "Checking Perl interpreter ... "
which perl 1>/dev/null; ret_val=`echo $?`
if [ $ret_val -eq 0 ]; then
echo "OK"
else
echo "FAILED!"
echo "Error: Perl interpreter is not installed!"
exit 1
fi
}
modules_chck()
{
for module in ${modules[@]};
do
echo -n "Checking $module module ... "
perl -e "use $module" 2> $err; ret_val=`echo $?`
if [ $ret_val -eq 0 ]; then
echo "OK"
else
err
fi
done
}
make_warden_dir()
{
echo -n "Creating warden client directory ... "
cp -R $dirname/warden-client $prefix 2> $err; ret_val=`echo $?`
if [ $ret_val -eq 0 ]; then
echo "OK"
else
err_clean
fi
files=(CHANGELOG INSTALL LICENSE README README.cesnet)
for file in ${files[@]};
do
cp $dirname/$file "$client_path/doc"
done
cp $dirname/uninstall.sh "$client_path"
}
copy_key()
{
echo -n "Copying certificate key file ... "
cp $key $etc 2> $err; ret_val=`echo $?`
if [ $ret_val -eq 0 ]; then
echo "OK"
else
err_clean
fi
}
copy_cert()
{
echo -n "Copying certificate file ... "
cp $cert $etc 2> $err; ret_val=`echo $?`
if [ $ret_val -eq 0 ]; then
echo "OK"
else
err_clean
fi
}
make_conf_file()
{
echo -n "Creating configuration file ... "
echo "#
# warden-client.conf - configuration file for the warden sender/receiver client
#
#-------------------------------------------------------------------------------
# URI - URI address of Warden server
#-------------------------------------------------------------------------------
\$URI = \"https://warden.cesnet.cz:443/Warden\";
#-------------------------------------------------------------------------------
# SSL_KEY_FILE - path to client SSL certificate key file
#-------------------------------------------------------------------------------
\$SSL_KEY_FILE = \"$etc/$key_file\";
#-------------------------------------------------------------------------------
# SSL_CERT_FILE - path to client SSL certificate file
#-------------------------------------------------------------------------------
\$SSL_CERT_FILE = \"$etc/$cert_file\";
#-------------------------------------------------------------------------------
# SSL_CA_FILE - path to CA certificate file
#-------------------------------------------------------------------------------
\$SSL_CA_FILE = \"$ca_file\";
" > $conf_file 2> $err; ret_val=`echo $?`
if [ $ret_val -eq 0 ]; then
echo "OK"
else
err_clean
fi
}
change_permissions()
{
echo -n "Changing permissions to installed package ... "
chown -R $user: $client_path 2>$err; ret_val=`echo $?`
if [ $ret_val -eq 0 ]; then
echo "OK"
else
err_clean
fi
}
#-------------------------------------------------------------------------------
# MAIN
#-------------------------------------------------------------------------------
# list of used Perl modules
modules=(SOAP::Lite IO::Socket::SSL SOAP::Transport::TCP FindBin DateTime)
# OS test
os_chck
# Shell test
shell_chck
# read input
while getopts "d:u:k:c:a:Vh" options; do
case $options in
d ) prefix=$OPTARG;;
u ) user=$OPTARG;;
k ) key=$OPTARG;;
c ) cert=$OPTARG;;
a ) ca_file=$OPTARG;;
h ) usage;;
V ) version;;
* ) usage;;
esac
done
# root test
root_chck
# params test
params_chck
# create variables
dirname=`dirname $0`
package_version=`cat $dirname/warden-client/etc/package_version`
key_file=`basename $key`
cert_file=`basename $cert`
[[ $prefix == */ ]] && prefix="${prefix%?}" # remove last char (slash) from prefix
client_path="$prefix/warden-client"
etc="$client_path/etc"
conf_file="$etc/warden-client.conf"
err="/tmp/warden-err"
# check if warden-client is installed
old_client_chck
echo
echo "------------------------- Dependencies check-in -------------------------"
# Perl interpreter test
perl_chck
# Perl modules test
modules_chck
echo
echo "------------------------- Installation process --------------------------"
# make warden client directory
make_warden_dir
# copy cert key file
copy_key
# copy cert file
copy_cert
# create conf file
make_conf_file
# change permissions
change_permissions
echo
echo "Please check configuration file in $conf_file!"
echo
echo "Installation of $package_version package was SUCCESSFUL!!!"
# cleanup section
rm -rf $err
exit 0
src/warden-client/sh/uninstall.sh deleted 100755 → 0
View file @ be94e0fe
#!/bin/bash
#
# uninstall.sh
#
# Copyright (C) 2011-2012 Cesnet z.s.p.o
# Author(s): Tomas PLESNIK <plesnik@ics.muni.cz>
# Jan SOUKAL <soukal@ics.muni.cz>
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
# 1. Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in
# the documentation and/or other materials provided with the
# distribution.
# 3. Neither the name of the Cesnet z.s.p.o nor the names of its
# contributors may be used to endorse or promote products derived from
# this software without specific prior written permission.
#
# This software is provided ``as is'', and any express or implied
# warranties, including, but not limited to, the implied warranties of
# merchantability and fitness for a particular purpose are disclaimed.
# In no event shall the Cesnet z.s.p.o or contributors be liable for
# any direct, indirect, incidental, special, exemplary, or consequential
# damages (including, but not limited to, procurement of substitute
# goods or services; loss of use, data, or profits; or business
# interruption) however caused and on any theory of liability, whether
# in contract, strict liability, or tort (including negligence or
# otherwise) arising in any way out of the use of this software, even
# if advised of the possibility of such damage.
VERSION="1.0"
#-------------------------------------------------------------------------------
# FUNCTIONS
#-------------------------------------------------------------------------------
usage()
{
echo "Usage: `basename $0` [-d <directory>] [-hV]"
echo "-d <directory> uninstallation directory (default: /opt)"
echo "-h print this help"
echo "-V print script version number and exit"
echo
echo "Example: # ./`basename $0` -d /opt"
echo
echo "Note: You must be root for running this script."
echo " For more information about uninstallation process, see README file (section Uninstallation)."
echo
exit 0
}
version()
{
echo "`basename ${0}` - current version is $VERSION"
exit 0
}
err()
{
echo "FAILED!"
cat $err
rm -rf $err $backup_dir
echo
echo "Uninstallation of $package_version package FAILED!!!"
exit 1
}
err_clean()
{
echo "FAILED!"
echo " -> Reverting changes of warden client package ... OK"
rm -rf ${client_path}/* > /dev/null 2>&1
cp -R ${backup_dir}/* $client_path
cat $err
rm -rf $err $backup_dir
echo
echo "Uninstallation of $package_version package FAILED!!!"
exit 1
}
os_chck()
{
OS=`uname`
if [ "$OS" != "Linux" ]; then
echo "Sorry, unsupported operating system detected - \"$OS\"!"
exit 1
fi
}
shell_chck()
{
SHELL=`echo $SHELL`
if [ "$SHELL" != "/bin/bash" ]; then
echo "Sorry, this script is usable in Bourne Again Shell (bash) only!"
exit 1
fi
}
root_chck()
{
if [ $UID -ne 0 ]; then
echo "You must be root for running this script!"
exit 1
fi
}
params_chck()
{
if [ -z $prefix ]; then
prefix=/opt
echo "Warning: parameter -d <directory> is not set - default uninstallation directory is $prefix!"
fi
}
obtain_package_version()
{
if [ -f $old_package_version_file ]; then
package_version=`cat $old_package_version_file`
else
package_version="unknown"
fi
}
warden_dir_chck()
{
echo -n "Checking warden client directory ... "
if [ ! -d $client_path ]; then
echo "FAILED!"
ls $client_path
exit 1
else
echo "OK"
fi
}
backup()
{
echo -n "Backing-up warden client directory ... "
mkdir $backup_dir
if cp -R $client_path $backup_dir 2> $err; then
echo "OK"
else
err
fi
}
uninstall_warden_client()
{
echo -n "Uninstalling $package_version package ... "
if rm -rf $client_path 2> $err; then
echo "OK"
else
err_clean
fi
}
#-------------------------------------------------------------------------------
# MAIN
#-------------------------------------------------------------------------------
# OS test
os_chck
# Shell test
shell_chck
# read input
while getopts "d:Vh" options; do
case $options in
d ) prefix=$OPTARG;;
h ) usage;;
V ) version;;
* ) usage;;
esac
done
# root test
root_chck
# params test
params_chck
# create variables
[[ $prefix == */ ]] && prefix="${prefix%?}" # remove last char (slash) from prefix
client_path="${prefix}/warden-client"
etc="${client_path}/etc"
old_package_version_file="${etc}/package_version"
err="/tmp/warden-err"
backup_dir="/tmp/warden-backup"
# obtain version of installed warden-client package
obtain_package_version
echo
echo "------------------------- Uninstallation process --------------------------------"
# check if $prefix/warden-client directory exist
warden_dir_chck
# make backup of currently installed warden-client package
backup
# do uninstallation
uninstall_warden_client
echo
echo "Uninstallation of $package_version package was SUCCESSFUL!!!"
# cleanup section
rm -rf $err $backup_dir
exit 0
src/warden-client/sh/update.sh deleted 100755 → 0
View file @ be94e0fe
#!/bin/bash
#
# update.sh
#
# Copyright (C) 2011-2012 Cesnet z.s.p.o
# Author(s): Tomas PLESNIK <plesnik@ics.muni.cz>
# Jan SOUKAL <soukal@ics.muni.cz>
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
# 1. Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in
# the documentation and/or other materials provided with the
# distribution.
# 3. Neither the name of the Cesnet z.s.p.o nor the names of its
# contributors may be used to endorse or promote products derived from
# this software without specific prior written permission.
#
# This software is provided ``as is'', and any express or implied
# warranties, including, but not limited to, the implied warranties of
# merchantability and fitness for a particular purpose are disclaimed.
# In no event shall the Cesnet z.s.p.o or contributors be liable for
# any direct, indirect, incidental, special, exemplary, or consequential
# damages (including, but not limited to, procurement of substitute
# goods or services; loss of use, data, or profits; or business
# interruption) however caused and on any theory of liability, whether
# in contract, strict liability, or tort (including negligence or
# otherwise) arising in any way out of the use of this software, even
# if advised of the possibility of such damage.
VERSION="1.1"
#-------------------------------------------------------------------------------
# FUNCTIONS
#-------------------------------------------------------------------------------
usage()
{
echo "Usage: `basename $0` [-d <directory>] [-hV]"
echo "-d <directory> destination directory (default: /opt)"
echo "-h print this help"
echo "-V print script version number and exit"
echo
echo "Example: # ./`basename $0` -d /opt"
echo
echo "Note: You must be root for running this script."
echo " For more information about update process, see README file (section Update)."
echo
exit 0
}
version()
{
echo "`basename ${0}` - current version is $VERSION"
exit 0
}
err()
{
echo "FAILED!"
cat $err
rm -rf $err
rm -rf $backup_dir
echo
echo "Update from $old_package_version to $package_version package FAILED!!!"
exit 1
}
err_clean()
{
echo "FAILED!"
echo " -> Reverting changes of warden client package ... OK"
rm -rf ${client_path}/* > /dev/null 2>&1
cp -R ${backup_dir}/* $client_path
cat $err
rm -rf $err $backup_dir
echo
echo "Update from $old_package_version to $package_version package FAILED!!!"
exit 1
}
os_chck()
{
OS=`uname`
if [ "$OS" != "Linux" ]; then
echo "Sorry, unsupported operating system detected - \"$OS\"!"
exit 1
fi
}
shell_chck()
{
SHELL=`echo $SHELL`
if [ "$SHELL" != "/bin/bash" ]; then
echo "Sorry, this script is usable in Bourne Again Shell (bash) only!"
exit 1
fi
}
root_chck()
{
if [ $UID -ne 0 ]; then
echo "You must be root for running this script!"
exit 1
fi
}
params_chck()
{
if [ -z $prefix ]; then
prefix=/opt
echo "Warning: parameter -d <directory> is not set - default installation directory is $prefix!"
fi
}
obtain_package_version()
{
if [ -f $old_package_version_file ]; then
old_package_version=`cat $old_package_version_file`
if [ "$old_package_version" == "$package_version" ]; then
echo "Sorry, but $package_version package is already installed!"
exit 1
fi
else
echo "Sorry, but warden-client package is not installed!"
echo "For installation of warden client package please use install.sh script."
exit 1
fi
}
perl_chck()
{
echo -n "Checking Perl interpreter ... "
if which perl 1> /dev/null; then
echo "OK"
else
echo "FAILED!"
echo "Error: Perl interpreter is not installed!"
exit 1
fi
}
modules_chck()
{
for module in ${modules[@]};
do
echo -n "Checking $module module ... "
if perl -e "use $module" 2> $err; then
echo "OK"
else
err
fi
done
}
warden_dir_chck()
{
echo -n "Checking warden client directory ... "
if [ ! -d $client_path ]; then
echo "FAILED!"
ls $client_path
exit 1
else
echo "OK"
fi
}
backup()
{
echo -n "Backing-up warden client directory ... "
mkdir $backup_dir
if cp -R $client_path $backup_dir 2> $err; then
echo "OK"
else
err
fi
}
obtain_warden_user()
{
echo -n "Obtaining warden client directory owner ... "
if user=`stat -c %U $conf_file` 2> $err; then
echo "OK"
else
err
fi
}
update_warden_dir()
{
echo -n "Updating warden client directory ... "
if rsync -q --recursive --archive --delete --exclude='etc' --exclude='var' ${dirname}/warden-client $prefix 2> $err; then
echo "OK"
else
err_clean
fi
files=(CHANGELOG INSTALL LICENSE README README.cesnet)
for file in ${files[@]};
do
cp ${dirname}/$file ${client_path}/doc
done
cp ${dirname}/uninstall.sh $client_path
cp ${dirname}/warden-client/etc/package_version $etc
}
make_conf_file()
{
echo -n "Creating configuration file ... "
uri=`cat $conf_file | grep '$URI'`
ssl_key_file=`cat $conf_file | grep '$SSL_KEY_FILE'`
ssl_cert_file=`cat $conf_file | grep '$SSL_CERT_FILE'`
ssl_ca_file=`cat $conf_file | grep '$SSL_CA_FILE'`
echo "#
# warden-client.conf - configuration file for the warden sender/receiver client
#
#-------------------------------------------------------------------------------
# URI - URI address of Warden server
#-------------------------------------------------------------------------------
$uri
#-------------------------------------------------------------------------------
# SSL_KEY_FILE - path to client SSL certificate key file
#-------------------------------------------------------------------------------
$ssl_key_file
#-------------------------------------------------------------------------------
# SSL_CERT_FILE - path to client SSL certificate file
#-------------------------------------------------------------------------------
$ssl_cert_file
#-------------------------------------------------------------------------------
# SSL_CA_FILE - path to CA certificate file
#-------------------------------------------------------------------------------
$ssl_ca_file
" > $conf_file 2> $err; ret_val=`echo $?`
if [ $ret_val -eq 0 ]; then
echo "OK"
else
err_clean
fi
}
change_permissions()
{
echo -n "Changing permissions to updated package ... "
chown -R $user: $client_path 2>$err || err_clean
key_file=`echo $ssl_key_file` | cut -d "\"" -f 2 | cut -d "\"" -f 1
cert_file=`echo $ssl_cert_file` | cut -d "\"" -f 2 | cut -d "\"" -f 1
chmod 400 ${etc}/$key_file ${etc}/$cert_file || err_clean
chmod 644 $old_package_version_file || err_clean
if chmod 600 $conf_file; then
echo "OK"
else
err_clean
fi
}
#-------------------------------------------------------------------------------
# MAIN
#-------------------------------------------------------------------------------
# list of used Perl modules
modules=(SOAP::Lite IO::Socket::SSL SOAP::Transport::TCP FindBin DateTime)
# OS test
os_chck
# Shell test
shell_chck
# read input
while getopts "d:Vh" options; do
case $options in
d ) prefix=$OPTARG;;
h ) usage;;
V ) version;;
* ) usage;;
esac
done
# root test
root_chck
# params test
params_chck
# create variables
dirname=`dirname $0`
package_version=`cat ${dirname}/warden-client/etc/package_version`
[[ $prefix == */ ]] && prefix="${prefix%?}" # remove last char (slash) from prefix
client_path="${prefix}/warden-client"
etc="${client_path}/etc"
old_package_version_file="${etc}/package_version"
conf_file="${etc}/warden-client.conf"
err="/tmp/warden-err"
backup_dir="/tmp/warden-backup"
# obtain version of old warden client
obtain_package_version
echo
echo "------------------------- Dependencies check-in -------------------------"
# Perl interpreter test
perl_chck
# Perl modules test
modules_chck
echo
echo "------------------------- Update process --------------------------------"
# check warden client directory
warden_dir_chck
# backup old warden client installation
backup
# obtain current warden client user
obtain_warden_user
# make warden client directory
update_warden_dir
# create conf file
make_conf_file
# change permissions
change_permissions
echo
echo "Please check configuration file in $conf_file!"
echo
echo "Warden client directory: $client_path"
echo
echo "Update from $old_package_version to $package_version package was SUCCESSFUL!!!"
# cleanup section
rm -rf $err $backup_dir
exit 0
src/warden-server/bin/getClients.pl deleted 100755 → 0
View file @ be94e0fe
#!/usr/bin/perl -w
#
# getClients.pl
#
# Copyright (C) 2011-2012 Cesnet z.s.p.o
# Author(s): Tomas PLESNIK <plesnik@ics.muni.cz>
# Jan SOUKAL <soukal@ics.muni.cz>
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
# 1. Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in
# the documentation and/or other materials provided with the
# distribution.
# 3. Neither the name of the Cesnet z.s.p.o nor the names of its
# contributors may be used to endorse or promote products derived from
# this software without specific prior written permission.
#
# This software is provided ``as is'', and any express or implied
# warranties, including, but not limited to, the implied warranties of
# merchantability and fitness for a particular purpose are disclaimed.
# In no event shall the Cesnet z.s.p.o or contributors be liable for
# any direct, indirect, incidental, special, exemplary, or consequential
# damages (including, but not limited to, procurement of substitute
# goods or services; loss of use, data, or profits; or business
# interruption) however caused and on any theory of liability, whether
# in contract, strict liability, or tort (including negligence or
# otherwise) arising in any way out of the use of this software, even
# if advised of the possibility of such damage.
use strict;
use Getopt::Std;
use File::Basename;
our $VERSION = "0.1";
my $warden_path = '/opt/warden-server';
require $warden_path . '/lib/WardenStatus.pm';
my $filename = basename($0);
#-------------------------------------------------------------------------------
# Functions
#-------------------------------------------------------------------------------
sub usage {
print "Usage: $filename [without parameters]\n";
exit 1;
}
#-------------------------------------------------------------------------------
# errMsg - print error message and die
#-------------------------------------------------------------------------------
sub errMsg
{
my $msg = shift;
$msg = trim($msg);
print $msg . "\n";
exit 1;
} # End of errMsg
#-------------------------------------------------------------------------------
# trim - remove whitespace from the start and end of the string
#-------------------------------------------------------------------------------
sub trim
{
my $string = shift;
$string =~ s/^\s+//;
$string =~ s/\s+$//;
return $string;
} # End of trim
#-------------------------------------------------------------------------------
# MAIN
#-------------------------------------------------------------------------------
our ($opt_h);
die usage unless getopts("h");
my $help = $opt_h;
# catch help param
if ($help) {
usage;
}
# superuser controle
my $UID = $<;
if ($UID != 0) {
die errMsg("You must be root for running this script!")
}
my @clients = WardenStatus::getClients($warden_path);
print "+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+\n";
print "| Client ID | Hostname | Registered | Requestor | Service | CT | Type | ROE | Description tags | IP Net Client |\n";
print "+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+\n";
foreach (@clients) {
printf("| %-10s ", @$_[0]);
printf("| %-30s ", @$_[1]);
printf("| %19s ", @$_[2]);
printf("| %-10s ", @$_[3]);
printf("| %-20s ", @$_[4]);
printf("| %-2s ", @$_[5]);
printf("| %-15s ", @$_[6]);
printf("| %-4s ", @$_[7]);
printf("| %-30s ", @$_[8]);
printf("| %-18s |\n", @$_[9]);
}
print "+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+\n";
print "\n";
print "Current registered clients in: " . scalar localtime(time) . "\n";
exit 0;
src/warden-server/bin/getStatus.pl deleted 100755 → 0
View file @ be94e0fe
#!/usr/bin/perl -w
#
# getStatus.pl
#
# Copyright (C) 2011-2012 Cesnet z.s.p.o
# Author(s): Tomas PLESNIK <plesnik@ics.muni.cz>
# Jan SOUKAL <soukal@ics.muni.cz>
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
# 1. Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in
# the documentation and/or other materials provided with the
# distribution.
# 3. Neither the name of the Cesnet z.s.p.o nor the names of its
# contributors may be used to endorse or promote products derived from
# this software without specific prior written permission.
#
# This software is provided ``as is'', and any express or implied
# warranties, including, but not limited to, the implied warranties of
# merchantability and fitness for a particular purpose are disclaimed.
# In no event shall the Cesnet z.s.p.o or contributors be liable for
# any direct, indirect, incidental, special, exemplary, or consequential
# damages (including, but not limited to, procurement of substitute
# goods or services; loss of use, data, or profits; or business
# interruption) however caused and on any theory of liability, whether
# in contract, strict liability, or tort (including negligence or
# otherwise) arising in any way out of the use of this software, even
# if advised of the possibility of such damage.
use strict;
use Getopt::Std;
use File::Basename;
our $VERSION = "0.1";
my $warden_path = '/opt/warden-server';
require $warden_path . '/lib/WardenStatus.pm';
my $filename = basename($0);
#-------------------------------------------------------------------------------
# Functions
#-------------------------------------------------------------------------------
sub usage {
print "Usage: $filename [without parameters]\n";
exit 1;
}
#-------------------------------------------------------------------------------
# errMsg - print error message and die
#-------------------------------------------------------------------------------
sub errMsg
{
my $msg = shift;
$msg = trim($msg);
print $msg . "\n";
exit 1;
} # End of errMsg
#-------------------------------------------------------------------------------
# trim - remove whitespace from the start and end of the string
#-------------------------------------------------------------------------------
sub trim
{
my $string = shift;
$string =~ s/^\s+//;
$string =~ s/\s+$//;
return $string;
} # End of trim
#-------------------------------------------------------------------------------
# MAIN
#-------------------------------------------------------------------------------
our ($opt_h);
die usage unless getopts("h");
my $help = $opt_h;
# catch help param
if ($help) {
usage;
}
# superuser controle
my $UID = $<;
if ($UID != 0) {
die errMsg("You must be root for running this script!")
}
my @status = WardenStatus::getStatus($warden_path);
# take and remove first element of array @status and save it into $server_status_ref
my $server_status_ref = shift(@status);
my @server_status = @$server_status_ref;
print "Warden server variables:\n";
print "========================\n";
print "SERVER_VERSION:\t\t$server_status[0]\n";
#print "ADDRESS:\t\t$server_status[1]\n";
#print "PORT:\t\t\t$server_status[2]\n";
#print "LOGDIR:\t\t\t$server_status[3]\n";
#print "PIDDIR:\t\t\t$server_status[4]\n";
#print "VARDIR:\t\t\t$server_status[5]\n";
#print "SSL_KEY_FILE:\t\t$server_status[6]\n";
#print "SSL_CERT_FILE:\t\t$server_status[7]\n";
#print "SSLCA_FILE:\t\t$server_status[8]\n";
print "SYSLOG_FACILITY:\t$server_status[9]\n";
print "\n";
print "Warden server status:\n";
print "=====================\n";
print "Database size:\t\t\t$server_status[10]\n";
print "Count of saved events:\t\t$server_status[11]\n";
print "Last ID in events table:\t$server_status[12]\n";
print "Time of first inserted event:\t$server_status[13] (UTC)\n";
print "Time of latest inserted event:\t$server_status[14] (UTC)\n";
print "Count of registered clients:\t$server_status[15]\n";
print "\n";
# check if sum of registered client isn't 0
if ($server_status[15] != 0) {
print "Statistics of registered senders:\n";
print "+-----------------------------------------------------------------------------------------------------------+\n";
print "| Client ID | Hostname | Service | Stored events | Last insertion (UTC) |\n";
print "+-----------------------------------------------------------------------------------------------------------+\n";
foreach my $client_status_ref (@status){
my @client_status = @$client_status_ref;
printf("| %-10s ", $client_status[0]);
printf("| %-30s ", $client_status[1]);
printf("| %-20s ", $client_status[2]);
printf("| %-13s ", $client_status[3]);
printf("| %-20s |\n", $client_status[4]);
}
print "+-----------------------------------------------------------------------------------------------------------+\n";
print "\n";
}
print "Current server status in:\t" . scalar localtime(time) . "\n";
exit 0;
src/warden-server/bin/getWebStatus.sh deleted 100755 → 0
View file @ be94e0fe
#!/bin/bash
DB_NAME=`cat /opt/warden-server/etc/warden-server.conf | grep DB_NAME | sed 's/[";]//g' |awk '{print $3}'`
DB_USER=`cat /opt/warden-server/etc/warden-server.conf | grep DB_USER | sed 's/[";]//g' |awk '{print $3}'`
DB_PASS=`cat /opt/warden-server/etc/warden-server.conf | grep DB_PASS | sed 's/[";]//g' |awk '{print $3}'`
DB_HOST=`cat /opt/warden-server/etc/warden-server.conf | grep DB_HOST | sed 's/[";]//g' |awk '{print $3}'`
echo "SELECT FROM_UNIXTIME( UNIX_TIMESTAMP( received ) - ( UNIX_TIMESTAMP( received ) % ( 60 ) ) ) AS t, COUNT( id ) FROM events GROUP BY t" | mysql -h $DB_HOST -u $DB_USER $DB_NAME
apache2ctl status
echo -n ""
uptime
echo -n klientu: ; netstat -nlpa | grep :443 | grep ESTA |wc -l;
echo -n FIN:; netstat | grep WAIT2 | wc -l
src/warden-server/bin/registerReceiver.pl deleted 100755 → 0
View file @ be94e0fe
#!/usr/bin/perl -w
#
# registerReceiver.pl
#
# Copyright (C) 2011-2012 Cesnet z.s.p.o
# Author(s): Tomas PLESNIK <plesnik@ics.muni.cz>
# Jan SOUKAL <soukal@ics.muni.cz>
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
# 1. Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in
# the documentation and/or other materials provided with the
# distribution.
# 3. Neither the name of the Cesnet z.s.p.o nor the names of its
# contributors may be used to endorse or promote products derived from
# this software without specific prior written permission.
#
# This software is provided ``as is'', and any express or implied
# warranties, including, but not limited to, the implied warranties of
# merchantability and fitness for a particular purpose are disclaimed.
# In no event shall the Cesnet z.s.p.o or contributors be liable for
# any direct, indirect, incidental, special, exemplary, or consequential
# damages (including, but not limited to, procurement of substitute
# goods or services; loss of use, data, or profits; or business
# interruption) however caused and on any theory of liability, whether
# in contract, strict liability, or tort (including negligence or
# otherwise) arising in any way out of the use of this software, even
# if advised of the possibility of such damage.
use strict;
use Getopt::Std;
use Switch;
use File::Basename;
our $VERSION = "0.1";
my $warden_path = '/opt/warden-server';
require $warden_path . '/lib/WardenReg.pm';
my $filename = basename($0);
#-------------------------------------------------------------------------------
# Functions
#-------------------------------------------------------------------------------
sub usage {
print "Usage: $filename [-h -o -n <hostname> -r <requestor> -t <type> -i <ip_net_client>]\n";
exit 1;
}
sub help {
print "$filename [-h -o -n <hostname> -r <requestor> -t <type> -i <ip_net_client>]\n";
print "-h print this text and exit\n";
print "-n hostname of receiver\n";
print "-r client registration requestor\n";
print "-t type of received events\n";
print "-o enable receiving of own events\n";
print "-i CIDR of receiver\n";
exit 0;
}
#-------------------------------------------------------------------------------
# errMsg - print error message and die
#-------------------------------------------------------------------------------
sub errMsg
{
my $msg = shift;
$msg = trim($msg);
print $msg . "\n";
exit 1;
} # End of errMsg
#-------------------------------------------------------------------------------
# trim - remove whitespace from the start and end of the string
#-------------------------------------------------------------------------------
sub trim
{
my $string = shift;
$string =~ s/^\s+//;
$string =~ s/\s+$//;
return $string;
} # End of trim
#-------------------------------------------------------------------------------
# MAIN
#-------------------------------------------------------------------------------
our ($opt_n, $opt_r, $opt_t, $opt_o, $opt_i, $opt_h);
if ($#ARGV == -1) {usage}
die usage unless getopts("n:r:t:i:ho");
my $hostname = $opt_n;
my $requestor = $opt_r;
my $type = $opt_t;
my $ip_net_client = $opt_i;
my $help = $opt_h;
my $receive_own_events = "f";
if ($opt_o) {
$receive_own_events = "t";
}
# catch help param
if ($help) {
help;
}
# superuser controle
my $UID = $<;
if ($UID != 0) {die errMsg("You must be root for running this script!")}
# check parameters definition
switch () {
case {!defined $hostname} { print "ERROR: Parameter 'hostname' is not defined!\n"; exit 1; }
case {!defined $requestor} { print "ERROR: Parameter 'requestor' is not defined!\n"; exit 1; }
case {!defined $type} { print "ERROR: Parameter 'type' is not defined!\n"; exit 1; }
case {!defined $receive_own_events} { print "ERROR: Parameter 'receive_own_events' is not defined!\n"; exit 1; }
case {!defined $ip_net_client} { print "ERROR: Parameter 'ip_net_client' is not defined!\n"; exit 1; }
}
my $return = WardenReg::registerReceiver($warden_path, $hostname, $requestor, $type, $receive_own_events, $ip_net_client);
$return ? print "Registration of $hostname was SUCCESSFUL...\n" : print "Registration of $hostname FAILED!\n";
exit 0;
src/warden-server/bin/registerSender.pl deleted 100755 → 0
View file @ be94e0fe
#!/usr/bin/perl -w
#
# registerSender.pl
#
# Copyright (C) 2011-2012 Cesnet z.s.p.o
# Author(s): Tomas PLESNIK <plesnik@ics.muni.cz>
# Jan SOUKAL <soukal@ics.muni.cz>
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
# 1. Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in
# the documentation and/or other materials provided with the
# distribution.
# 3. Neither the name of the Cesnet z.s.p.o nor the names of its
# contributors may be used to endorse or promote products derived from
# this software without specific prior written permission.
#
# This software is provided ``as is'', and any express or implied
# warranties, including, but not limited to, the implied warranties of
# merchantability and fitness for a particular purpose are disclaimed.
# In no event shall the Cesnet z.s.p.o or contributors be liable for
# any direct, indirect, incidental, special, exemplary, or consequential
# damages (including, but not limited to, procurement of substitute
# goods or services; loss of use, data, or profits; or business
# interruption) however caused and on any theory of liability, whether
# in contract, strict liability, or tort (including negligence or
# otherwise) arising in any way out of the use of this software, even
# if advised of the possibility of such damage.
use strict;
use Getopt::Std;
use Switch;
use File::Basename;
our $VERSION = "0.1";
my $warden_path = '/opt/warden-server';
require $warden_path . '/lib/WardenReg.pm';
my $filename = basename($0);
#-------------------------------------------------------------------------------
# Functions
#-------------------------------------------------------------------------------
sub usage {
print "Usage: $filename [-h -n <hostname> -r <requestor> -s <service> -d <description_tags> -i <ip_net_client>]\n";
exit 1;
}
sub help {
print "$filename [-h -n <hostname> -r <requestor> -s <service> -d <description_tags> -i <ip_net_client>]\n";
print "-h print this text and exit\n";
print "-n hostname of sender\n";
print "-r client registration requestor\n";
print "-s name of service which sent events\n";
print "-d description tags of send events\n";
print "-i CIDR of sender\n";
exit 0;
}
#-------------------------------------------------------------------------------
# errMsg - print error message and die
#-------------------------------------------------------------------------------
sub errMsg
{
my $msg = shift;
$msg = trim($msg);
print $msg . "\n";
exit 1;
} # End of errMsg
#-------------------------------------------------------------------------------
# trim - remove whitespace from the start and end of the string
#-------------------------------------------------------------------------------
sub trim
{
my $string = shift;
$string =~ s/^\s+//;
$string =~ s/\s+$//;
return $string;
} # End of trim
#-------------------------------------------------------------------------------
# MAIN
#-------------------------------------------------------------------------------
our ($opt_n, $opt_r, $opt_s, $opt_d, $opt_i, $opt_h);
if ($#ARGV == -1) {usage}
die usage unless getopts("n:r:s:d:i:h");
my $hostname = $opt_n;
my $requestor = $opt_r;
my $service = $opt_s;
my $description_tags = $opt_d;
my $ip_net_client = $opt_i;
my $help = $opt_h;
# catch help param
if ($help) {
help;
}
# superuser controle
my $UID = $<;
if ($UID != 0) {die errMsg("You must be root for running this script!")}
# check parameters definition
switch () {
case {!defined $hostname} { print "ERROR: Parameter 'hostname' is not defined!\n"; exit 1; }
case {!defined $requestor} { print "ERROR: Parameter 'requestor' is not defined!\n"; exit 1; }
case {!defined $service} { print "ERROR: Parameter 'service' is not defined!\n"; exit 1; }
case {!defined $description_tags} { print "ERROR: Parameter 'description_tags' is not defined!\n"; exit 1; }
case {!defined $ip_net_client} { print "ERROR: Parameter 'ip_net_client' is not defined!\n"; exit 1; }
}
# register sender at warden server
my $return = WardenReg::registerSender($warden_path, $hostname, $requestor, $service, $description_tags, $ip_net_client);
$return ? print "Registration of $hostname was SUCCESSFUL...\n" : print "Registration of $hostname FAILED!\n";
exit 0;
src/warden-server/bin/unregisterClient.pl deleted 100755 → 0
View file @ be94e0fe
#!/usr/bin/perl -w
#
# unregisterClient.pl
#
# Copyright (C) 2011-2012 Cesnet z.s.p.o
# Author(s): Tomas PLESNIK <plesnik@ics.muni.cz>
# Jan SOUKAL <soukal@ics.muni.cz>
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
# 1. Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in
# the documentation and/or other materials provided with the
# distribution.
# 3. Neither the name of the Cesnet z.s.p.o nor the names of its
# contributors may be used to endorse or promote products derived from
# this software without specific prior written permission.
#
# This software is provided ``as is'', and any express or implied
# warranties, including, but not limited to, the implied warranties of
# merchantability and fitness for a particular purpose are disclaimed.
# In no event shall the Cesnet z.s.p.o or contributors be liable for
# any direct, indirect, incidental, special, exemplary, or consequential
# damages (including, but not limited to, procurement of substitute
# goods or services; loss of use, data, or profits; or business
# interruption) however caused and on any theory of liability, whether
# in contract, strict liability, or tort (including negligence or
# otherwise) arising in any way out of the use of this software, even
# if advised of the possibility of such damage.
use strict;
use Getopt::Std;
use Switch;
use File::Basename;
our $VERSION = "0.1";
my $warden_path = '/opt/warden-server';
require $warden_path . '/lib/WardenReg.pm';
my $filename = basename($0);
#-------------------------------------------------------------------------------
# Functions
#-------------------------------------------------------------------------------
sub usage {
print "Usage: $filename [-h -i <client_id>]\n";
exit 1;
}
sub help {
print "$filename [-h -i <client_id>]\n";
print "-h print this text and exit\n";
print "-i client_id for unregistration\n";
exit 0;
}
#-------------------------------------------------------------------------------
# errMsg - print error message and die
#-------------------------------------------------------------------------------
sub errMsg
{
my $msg = shift;
$msg = trim($msg);
print $msg . "\n";
exit 1;
} # End of errMsg
#-------------------------------------------------------------------------------
# trim - remove whitespace from the start and end of the string
#-------------------------------------------------------------------------------
sub trim
{
my $string = shift;
$string =~ s/^\s+//;
$string =~ s/\s+$//;
return $string;
} # End of trim
#-------------------------------------------------------------------------------
# MAIN
#-------------------------------------------------------------------------------
our ($opt_h, $opt_i);
if ($#ARGV == -1) {usage}
die usage unless getopts("i:h");
my $client_id = $opt_i;
my $help = $opt_h;
# catch help param
if ($help) {
help;
}
# superuser controle
my $UID = $<;
if ($UID != 0) {die errMsg("You must be root for running this script!")}
# check parameters definition
if (!defined $client_id) {
print "ERROR: Parameter 'client_id' is not defined!\n";
exit 1;
}
my $return = WardenReg::unregisterClient($warden_path, $client_id);
$return ? print "Unregistration of client (#$client_id) was SUCCESSFUL...\n" : print "Unregistration of client (# $client_id) FAILED!\n";
exit 0;
src/warden-server/bin/warden-alive deleted 100755 → 0
View file @ be94e0fe
#!/usr/bin/perl
# Pri pouziti Apache + mod_perl se tento soubor nepouziva
#
# warden-alive
#
# Copyright (C) 2011-2012 Cesnet z.s.p.o
# Author(s): Jan Mach <jan.mach@cesnet.cz>
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
# 1. Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in
# the documentation and/or other materials provided with the
# distribution.
# 3. Neither the name of the Cesnet z.s.p.o nor the names of its
# contributors may be used to endorse or promote products derived from
# this software without specific prior written permission.
#
# This software is provided ``as is'', and any express or implied
# warranties, including, but not limited to, the implied warranties of
# merchantability and fitness for a particular purpose are disclaimed.
# In no event shall the Cesnet z.s.p.o or contributors be liable for
# any direct, indirect, incidental, special, exemplary, or consequential
# damages (including, but not limited to, procurement of substitute
# goods or services; loss of use, data, or profits; or business
# interruption) however caused and on any theory of liability, whether
# in contract, strict liability, or tort (including negligence or
# otherwise) arising in any way out of the use of this software, even
# if advised of the possibility of such damage.
our $VERSION = "0.1";
my $rv = `ps aux | grep "/usr/bin/perl -w /opt/warden-server/bin/warden-server.pl" | grep -v grep | grep -v process-alive | wc -l`;
if ($rv) {
print "WARDEN OK: Warden server is running\n";
}
else {
print "WARDEN CRITICAL: Warden server is not running\n";
};
src/warden-server/bin/warden-server.pl deleted 100755 → 0
View file @ be94e0fe
#!/usr/bin/perl -w
# Pri pouziti Apache + mod_perl se tento soubor nepouziva
#
# warden-server.pl
#
# Copyright (C) 2011-2012 Cesnet z.s.p.o
# Author(s): Tomas PLESNIK <plesnik@ics.muni.cz>
# Jan SOUKAL <soukal@ics.muni.cz>
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
# 1. Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in
# the documentation and/or other materials provided with the
# distribution.
# 3. Neither the name of the Cesnet z.s.p.o nor the names of its
# contributors may be used to endorse or promote products derived from
# this software without specific prior written permission.
#
# This software is provided ``as is'', and any express or implied
# warranties, including, but not limited to, the implied warranties of
# merchantability and fitness for a particular purpose are disclaimed.
# In no event shall the Cesnet z.s.p.o or contributors be liable for
# any direct, indirect, incidental, special, exemplary, or consequential
# damages (including, but not limited to, procurement of substitute
# goods or services; loss of use, data, or profits; or business
# interruption) however caused and on any theory of liability, whether
# in contract, strict liability, or tort (including negligence or
# otherwise) arising in any way out of the use of this software, even
# if advised of the possibility of such damage.
package Warden;
use strict;
use SOAP::Lite;
use SOAP::Transport::TCP;
use File::Pid;
use POSIX;
use DBI;
use Format::Human::Bytes;
use Sys::Syslog qw(:DEFAULT setlogsock);
Sys::Syslog::setlogsock('unix');
use File::Basename;
use FindBin;
use Data::Dumper;
use Net::CIDR::Lite;
use DateTime;
our $VERSION = "0.1";
################################################################################
# CONFIG FILE VARIABLES
################################################################################
my $script_name = $FindBin::Script;
my $conf_file = "/opt/warden-server/etc/warden-server.conf";
# first declaration of globa variables from config file
our $ADDRESS = undef;
our $PORT = undef;
our $LOGDIR = undef;
our $PIDDIR = undef;
our $VARDIR = undef;
our $SSL_KEY_FILE = undef;
our $SSL_CERT_FILE = undef;
our $SSL_CA_FILE = undef;
our $FACILITY = undef;
# read config file
if ( ! open( TMP, $conf_file) ) {
die errMsg("Can't read config file '$conf_file': $!\n");
}
close TMP;
# load set variables by user
if ( !do $conf_file ) {
die errMsg("Errors in config file '$conf_file': $@");
}
################################################################################
# VARIABLES
################################################################################
my $die_now = 0;
# PID path
my $pid_file = $PIDDIR . $script_name . ".pid";
# DB file
my $db_file = "warden.db";
my $db = $VARDIR . $db_file;
# connect to DB - DBH is GLOBAL variable
my $dbargs = {AutoCommit => 0, PrintError => 1};
our $DBH = DBI->connect("dbi:SQLite:dbname=$db","","",$dbargs) or die errMsg("Can't connect to DB: $!");
#our $DBH = DBI->connect("DBI:mysql:database=warden;host=localhost", "root", "", {RaiseError => 1, mysql_auto_reconnect => 1}) || die "Could not connect to database: $DBI::errstr";
################################################################################
# LOCAL FUNCTIONS
################################################################################
#-------------------------------------------------------------------------------
# errMsg - print error message and die
#-------------------------------------------------------------------------------
sub errMsg
{
my $msg = shift;
$msg = trim($msg);
print $msg . "\n";
exit 1;
} # End of errMsg
#-------------------------------------------------------------------------------
# trim - remove whitespace from the start and end of the string
#-------------------------------------------------------------------------------
sub trim
{
my $string = shift;
$string =~ s/^\s+//;
$string =~ s/\s+$//;
return $string;
} # End of trim
#-------------------------------------------------------------------------------
# write2log - writing message to syslog
#-------------------------------------------------------------------------------
sub write2log
{
my $priority = shift;
my $msg = shift;
my $filename = File::Basename::basename($0);
Sys::Syslog::openlog($filename, "cons,pid", $FACILITY);
Sys::Syslog::syslog("$priority", "$msg");
Sys::Syslog::closelog();
} # End of write2log
#-------------------------------------------------------------------------------
# signalHandler - catch signals and end the program if one is caught.
#-------------------------------------------------------------------------------
sub signalHandler
{
$die_now = 1; # this will cause the "infinite loop" to exit
} # End of signalHandler
#-------------------------------------------------------------------------------
# sslErrorHandler - handle errors in SSL negitiation
#-------------------------------------------------------------------------------
sub sslErrorHandler
{
my $socket = shift;
my $msg = shift;
my $ip = $socket->peerhost;
print $socket $msg;
$socket->close;
write2log ("err", "Caught SSL handshake error from $ip: $msg");
return 1;
} # End of sslErrorHandler
#-------------------------------------------------------------------------------
# altNamesFilter - parse hostnames from subjectAltNames array for SQL
# IN operator in database query
#-------------------------------------------------------------------------------
sub altNamesFilter
{
my $alt_names_array_ref = shift;
my @alt_names_array = @$alt_names_array_ref;
our $CN;
my @an_array;
push @an_array, $DBH->quote($CN);
my $i = 1;
while ($i <= scalar @alt_names_array) {
push @an_array, $DBH->quote($alt_names_array[$i]);
$i+=2;
}
my $an_filter = join(',', @an_array);
return $an_filter;
}
################################################################################
# SOAP Functions
################################################################################
#-----------------------------------------------------------------------------
# saveNewEvent - save new received event into database
#-----------------------------------------------------------------------------
sub saveNewEvent
{
my ($class, $data) = @_;
my ($sth, $cidr_list);
# variables defined by server
our $IP; # IP address of sender
our $CN; # common name of sender
our $AN_FILTER; # alternate names of sender
my $cn_db = $DBH->quote($CN);
# variables defined by server
my $client_type = "s"; # incoming client MUST be sender
my $client_type_db = $DBH->quote($client_type);
my $valid = "t"; # registered sender has valid events
my $valid_db = $DBH->quote($valid);
my $received = DateTime->now; # time of event delivery (UTC)
my $received_db = $DBH->quote($received);
# parse object (event) parameters
my $service = $data->{'SERVICE'};
my $service_db = $DBH->quote($service);
my $detected = $data->{'DETECTED'};
my $detected_db = $DBH->quote($detected);
my $type = $data->{'TYPE'};
my $type_db = $DBH->quote($type);
my $source_type = $data->{'SOURCE_TYPE'};
my $source_type_db = $DBH->quote($source_type);
my $source = $data->{'SOURCE'};
my $source_db = $DBH->quote($source);
my $target_proto = $data->{'TARGET_PROTO'};
my $target_proto_db = $DBH->quote($target_proto);
my $target_port = $data->{'TARGET_PORT'};
my $target_port_db = $DBH->quote($target_port);
my $attack_scale = $data->{'ATTACK_SCALE'};
my $attack_scale_db = $DBH->quote($attack_scale);
my $note = $data->{'NOTE'};
my $note_db = $DBH->quote($note);
my $priority = $data->{'PRIORITY'};
my $priority_db = $DBH->quote($priority);
my $timeout = $data->{'TIMEOUT'};
my $timeout_db = $DBH->quote($timeout);
# Authorization of incomming client
#-----------------------------------------------------------------------------
# obtain cidr based on rigth common name and alternate names, service and client_type
# $sth = $DBH->prepare("SELECT hostname, ip_net_client FROM clients WHERE hostname IN ($AN_FILTER) AND service = $service_db AND client_type = $client_type_db limit 1;");
# if ( !defined $sth ) {die("Cannot prepare authorization statement in saveNewEvent: $DBI::errstr\n")}
# $sth->execute;
# my ($an, $cidr) = $sth->fetchrow();
# # check if client is registered
# if (!defined $cidr) {
# write2log ("err", "Unauthorized access to saveNewEvent from: $IP (CN: $CN; AN: $an) - client is not registered");
# die("Access denied - client is not registered at warden server!");
# } else {
# $cidr_list = Net::CIDR::Lite
# -> new
# -> add($cidr);
# }
# check if client has IP from registered CIDR
# if (!$cidr_list->bin_find($IP)) {
# write2log ("err", "Unauthorized access to saveNewEvent from: $IP (CN: $CN; AN: $an) - access from bad subnet: $cidr");
# die("Access denied - access from bad subnet!");
# } else {
{
# insert new event
$DBH->do("INSERT INTO events VALUES (null,$cn_db,$service_db,$detected_db,$received_db,$type_db,$source_type_db,$source_db,$target_proto_db,$target_port_db,$attack_scale_db,$note_db,$priority_db,$timeout_db,$valid_db);");
if ($DBH->err()) {die("Cannot do insert statement in saveNewEvent: $DBI::errstr\n")}
#$DBH->commit();
# log last inserted ID
$sth = $DBH->prepare("SELECT last_insert_rowid()");
if ( !defined $sth ) {die("Cannot prepare last ID statement in saveNewEvent: $DBI::errstr\n")}
$sth->execute;
my $id= $sth->fetchrow();
write2log ("info", "Stored new event (#$id) from $IP (CN: $CN; AN: )");
if (! defined $id) {
write2log ("err", "Event from $IP ($CN) was not save: INSERT INTO events VALUES (null,$cn_db,$service_db,$detected_db,$received_db,$type_db,$source_type_db,$source_db,$target_proto_db,$target_port_db,$attack_scale_db,$note_db,$priority_db,$timeout_db,$valid_db);");
die("Event was not save at warden server - database return empty ID!");
} else {
return 1;
}
}
} # END of saveNewEvent
#-----------------------------------------------------------------------------
# getNewEvents - get new events from the DB greater than received ID
#-----------------------------------------------------------------------------
sub getNewEvents
{
my ($class, $data) = @_;
my ($sth, @events, $event, @ids);
my ($id, $hostname, $service, $detected, $type, $source_type, $source, $target_proto, $target_port, $attack_scale, $note, $priority, $timeout);
# variables defined by server
our $IP; # IP address of receiver
our $CN; # common name of receiver
our $AN_FILTER; # alternate name of receiver
my $cn_db = $DBH->quote($CN);
my $client_type = "r"; # incoming client MUST be sender
my $client_type_db = $DBH->quote($client_type);
my $cidr_list;
# parse SOAP data object
my $requested_type = $data->{'REQUESTED_TYPE'};
my $requested_type_db = $DBH->quote($requested_type);
my $last_id = $data->{'LAST_ID'};
my $last_id_db = $DBH->quote($last_id);
# Authorization of incomming client
#-----------------------------------------------------------------------------
# obtain cidr based on rigth common name, service and client_type
$sth = $DBH->prepare("SELECT hostname, receive_own_events, ip_net_client FROM clients WHERE hostname IN ($AN_FILTER) AND type = $requested_type_db AND client_type = $client_type_db limit 1;");
if ( !defined $sth ) {die("Cannot prepare authorization statement in getNewEvents: $DBI::errstr\n")}
$sth->execute;
my ($an, $receive_own_events, $cidr) = $sth->fetchrow();
# check if client is registered
if (!defined $cidr) {
write2log ("err", "Unauthorized access to getNewEvents from: $IP (CN: $CN; AN: $an) - client is not registered");
die("Access denied - client is not registered at warden server!");
} else {
$cidr_list = Net::CIDR::Lite
-> new
-> add($cidr);
}
# check if client has IP from registered CIDR
if (!$cidr_list->bin_find($IP)) {
write2log ("err", "Unauthorized access to getNewEvents from: $IP (CN: $CN; AN: $an) - access from bad subnet: $cidr");
die("Access denied - access from bad subnet!");
} else {
# check if client want your own events or not
if ($receive_own_events eq 't') {
$sth = $DBH->prepare("SELECT * FROM events WHERE type != 'test' AND id > $last_id_db AND type = $requested_type_db AND valid = 't' ORDER BY id ASC;");
} else {
my ($domain) = $CN =~ /([^\.]+\.[^\.]+)$/;
my $domain_db = $DBH->quote("%$domain");
$sth = $DBH->prepare("SELECT * FROM events WHERE type != 'test' AND id > $last_id_db AND type = $requested_type_db AND valid = 't' AND hostname NOT LIKE $domain_db ORDER BY id ASC;");
}
if ( !defined $sth ) { die("Cannot prepare statement in getNewEvents: $DBI::errstr\n") }
$sth->execute;
# parse items of events stored in DB
while (my @result = $sth->fetchrow()) {
$id = $result[0];
$hostname = $result[1];
$service = $result[2];
$detected = $result[3];
$type = $result[5];
$source_type = $result[6];
$source = $result[7];
$target_proto = $result[8];
$target_port = $result[9];
$attack_scale = $result[10];
$note = $result[11];
$priority = $result[12];
$timeout = $result[13];
# create SOAP data object
$event = SOAP::Data->name(event => \SOAP::Data->value(
SOAP::Data->name(ID => $id),
SOAP::Data->name(HOSTNAME => $hostname),
SOAP::Data->name(SERVICE => $service),
SOAP::Data->name(DETECTED => $detected),
SOAP::Data->name(TYPE => $type),
SOAP::Data->name(SOURCE_TYPE => $source_type),
SOAP::Data->name(SOURCE => $source),
SOAP::Data->name(TARGET_PROTO => $target_proto),
SOAP::Data->name(TARGET_PORT => $target_port),
SOAP::Data->name(ATTACK_SCALE => $attack_scale),
SOAP::Data->name(NOTE => $note),
SOAP::Data->name(PRIORITY => $priority),
SOAP::Data->name(TIMEOUT => $timeout)
));
push(@events, $event);
push(@ids, $id);
}
# log sent ID of events
if (scalar(@events)!=0) {
write2log("info", "Sent events with ID: [@ids] to $IP (CN: $CN; AN: $an)");
}
return @events;
}
} # END of getNewEvents
#-----------------------------------------------------------------------------
# getLastId - get lastest saved event ID
#-----------------------------------------------------------------------------
sub getLastId
{
my ($class, $arg) = @_;
my $sth = $DBH->prepare("SELECT max(id) FROM events;");
if ( !defined $sth ) { die("Cannot prepare statement in getLastId: $DBI::errstr\n") }
$sth->execute;
my $result = $sth->fetchrow();
return $result;
} # END of getLastID
#-----------------------------------------------------------------------------
# registerSender - register new sender
#-----------------------------------------------------------------------------
sub registerSender
{
my ($class, $data) = @_;
my $sth;
our $IP;
our $LOCAL_IP;
our $CN;
if ($LOCAL_IP ne $IP) {
write2log ("err", "Unauthorized access to registerSender from: $IP ($CN) - access allowed only from localhost");
die("Access denied - access allowed only from localhost!");
} else {
# defined variables by server
my $client_type = "s";
my $client_type_db = $DBH->quote($client_type);
my $registered = DateTime->now;
my $registered_db = $DBH->quote($registered);
my $type = "null";
my $type_db = $DBH->quote($type);
my $receive_own_events = "null";
my $receive_own_events_db = $DBH->quote($receive_own_events);
# parse SOAP data oject
my $hostname = $data->{'HOSTNAME'};
my $hostname_db = $DBH->quote($hostname);
my $requestor = $data->{'REQUESTOR'};
my $requestor_db = $DBH->quote($requestor);
my $service = $data->{'SERVICE'};
my $service_db = $DBH->quote($service);
my $description_tags = $data->{'DESCRIPTION_TAGS'};
my $description_tags_db = $DBH->quote($description_tags);
my $ip_net_client = $data->{'IP_NET_CLIENT'};
my $ip_net_client_db = $DBH->quote($ip_net_client);
# check if sender has been already registered
$sth = $DBH->prepare("SELECT registered FROM clients WHERE hostname = $hostname_db AND requestor = $requestor_db AND service = $service_db AND client_type = $client_type_db AND type = $type_db AND receive_own_events = $receive_own_events_db AND description_tags = $description_tags_db AND ip_net_client = $ip_net_client_db;");
if ( !defined $sth ) {die("Cannot prepare check statement in registerSender: $DBI::errstr\n")}
$sth->execute;
my $result = $sth->fetchrow();
# register new sender
if (defined $result) {
write2log ("err", "Attempt to re-register the sender");
die("Error - sender has already been registered at $result");
} else {
$DBH->do("INSERT INTO clients VALUES (null,$hostname_db,$registered_db,$requestor_db,$service_db,$client_type_db,$type_db,$receive_own_events_db,$description_tags_db,$ip_net_client_db);");
if ($DBH->err()) {die("Cannot do statement in registerSender: $DBI::errstr\n")}
$DBH->commit();
write2log("info", "New sender $hostname (service: $service, cidr: $ip_net_client) was registered");
return 1;
}
}
} # END of registerSender
#-----------------------------------------------------------------------------
# registerReceiver - register new receiver
#-----------------------------------------------------------------------------
sub registerReceiver
{
my ($class, $data) = @_;
my $sth;
our $IP;
our $LOCAL_IP;
our $CN;
if ($LOCAL_IP ne $IP) {
write2log ("err", "Unauthorized access to registerReceiver from: $IP ($CN) - access allowed only from localhost");
die("Access denied - access allowed only from localhost!");
} else {
# variables defined by server
my $client_type = "r";
my $client_type_db = $DBH->quote($client_type);
my $registered = DateTime->now;
my $registered_db = $DBH->quote($registered);
my $service = "null";
my $service_db = $DBH->quote($service);
my $description_tags = "null";
my $description_tags_db = $DBH->quote($description_tags);
# parse SOAP data oject
my $hostname = $data->{'HOSTNAME'};
my $hostname_db = $DBH->quote($hostname);
my $requestor = $data->{'REQUESTOR'};
my $requestor_db = $DBH->quote($requestor);
my $type = $data->{'TYPE'};
my $type_db = $DBH->quote($type);
my $receive_own_events = $data->{'RECEIVE_OWN_EVENTS'};
my $receive_own_events_db = $DBH->quote($receive_own_events);
my $ip_net_client = $data->{'IP_NET_CLIENT'};
my $ip_net_client_db = $DBH->quote($ip_net_client);
# check if receiver has been already registered
$sth = $DBH->prepare("SELECT registered FROM clients WHERE hostname = $hostname_db AND requestor = $requestor_db AND service = $service_db AND client_type = $client_type_db AND type = $type_db AND receive_own_events = $receive_own_events_db AND description_tags = $description_tags_db AND ip_net_client = $ip_net_client_db;");
if ( !defined $sth ) {die("Cannot prepare check statement in registerReceiver: $DBI::errstr\n")}
$sth->execute;
my $result = $sth->fetchrow();
# register new receiver
if (defined $result) {
write2log ("err", "Attempt to re-register the receiver");
die("Error - receiver has already been registered at $result");
} else {
$DBH->do("INSERT INTO clients VALUES (null,$hostname_db,$registered_db,$requestor_db,$service_db,$client_type_db,$type_db,$receive_own_events_db,$description_tags_db,$ip_net_client_db);");
if ($DBH->err()) {die("Cannot do statement in registerReceiver: $DBI::errstr\n")}
$DBH->commit();
write2log("info", "New receiver $hostname (type: $type, cidr: $ip_net_client: receive_own_events: $receive_own_events) was registered");
return 1;
}
}
} # END of registerReceiver
#-----------------------------------------------------------------------------
# unregisterClient - unregister client
#-----------------------------------------------------------------------------
sub unregisterClient
{
my ($class, $data) = @_;
my $sth;
our $IP;
our $LOCAL_IP;
our $CN;
if ($LOCAL_IP ne $IP) {
write2log ("err", "Unauthorized access to unregisterClients from: $IP ($CN) - access allowed only from localhost");
die("Access denied - access allowed only from localhost!");
} else {
# parse SOAP data oject
my $client_id = $data->{'CLIENT_ID'};
my $client_id_db = $DBH->quote($client_id);
# check if receiver has been already registered
$sth = $DBH->prepare("SELECT client_id, hostname, service, client_type FROM clients WHERE client_id = $client_id_db;");
if ( !defined $sth ) {die("Cannot prepare check statement in unregisterClient: $DBI::errstr\n")}
$sth->execute;
my ($id, $hostname, $service, $client_type) = $sth->fetchrow();
my $hostname_db = $DBH->quote($hostname);
my $service_db = $DBH->quote($service);
# delete registered client
if (!defined $id) {
write2log ("err", "Attempt to delete unregister client");
die("Error - client (#$client_id) is not registered");
} else {
if ($client_type eq 's') {
$DBH->do("DELETE FROM clients WHERE client_id = $client_id_db;");
if ($DBH->err()) {die("Cannot do delete statement of sender in unregisterClient: $DBI::errstr\n")}
$DBH->commit();
$DBH->do("UPDATE events SET valid = 'f' where hostname = $hostname_db AND service = $service_db;");
if ($DBH->err()) {die("Cannot do unvalidation statement in unregisterClient: $DBI::errstr\n")}
$DBH->commit();
write2log("info", "Sender $hostname (client_id: $client_id, service: $service) was deleted and its data were invalidated" );
return 1;
} else {
$DBH->do("DELETE FROM clients WHERE client_id = $client_id_db;");
if ($DBH->err()) {die("Cannot do delete statement of receiver in unregisterClient: $DBI::errstr\n")}
$DBH->commit();
write2log("info", "Receiver $hostname (client_id: $client_id) was deleted" );
return 1;
}
}
}
} # END of unregisterClient
#-----------------------------------------------------------------------------
# getClients - get list of clients which were registered at warden server
#-----------------------------------------------------------------------------
sub getClients
{
my ($class, $arg) = @_;
our $IP;
our $LOCAL_IP;
our $CN;
if ($LOCAL_IP ne $IP) {
write2log ("err", "Unauthorized access to getClients from: $IP ($CN) - access allowed only from localhost");
die("Access denied - access allowed only from localhost!");
} else {
my (@clients, $client);
my ($client_id, $hostname, $registered, $requestor, $service, $client_type, $type, $receive_own_events, $description_tags, $ip_net_client);
my $sth = $DBH->prepare("SELECT * FROM clients;");
if (!defined $sth) { die("Cannot prepare statement in getClients: $DBI::errstr\n") }
$sth->execute;
while ( my @result = $sth->fetchrow() ) {
$client_id = $result[0];
$hostname = $result[1];
$registered = $result[2];
$requestor = $result[3];
$service = $result[4];
$client_type = $result[5];
$type = $result[6];
$receive_own_events = $result[7];
$description_tags = $result[8];
$ip_net_client = $result[9];
$client = SOAP::Data->name(client => \SOAP::Data->value(
SOAP::Data->name(CLIENT_ID => $client_id),
SOAP::Data->name(HOSTNAME => $hostname),
SOAP::Data->name(REGISTERED => $registered),
SOAP::Data->name(REQUESTOR => $requestor),
SOAP::Data->name(SERVICE => $service),
SOAP::Data->name(CLIENT_TYPE => $client_type),
SOAP::Data->name(TYPE => $type),
SOAP::Data->name(RECEIVE_OWN_EVENTS => $receive_own_events),
SOAP::Data->name(DESCRIPTION_TAGS => $description_tags),
SOAP::Data->name(IP_NET_CLIENT => $ip_net_client),
));
push(@clients, $client);
}
my $sum = scalar @clients;
write2log("info", "Sending information about $sum registered clients");
return @clients;
}
} # END of getClients
#-----------------------------------------------------------------------------
# getStatus - get list of status items of warden server
#-----------------------------------------------------------------------------
sub getStatus
{
my ($class, $arg) = @_;
our $IP;
our $LOCAL_IP;
our $CN;
if ($LOCAL_IP ne $IP) {
write2log ("err", "Unauthorized access to getStatus from: $IP ($CN) - access allowed only from localhost");
die("Access denied - access allowed only from localhost!");
} else {
my ($sth, @status);
# size of database events
my $db_size = Format::Human::Bytes::base10(-s $db);
# sum of records in table events
$sth = $DBH->prepare("SELECT count(*) FROM events WHERE valid = 't';");
if (!defined $sth) { die("Cannot prepare statement in getStatus: $DBI::errstr\n") }
$sth->execute;
my $events_sum = $sth->fetchrow();
if (!defined $events_sum) { $events_sum = "none" }
# id of last record in table events
$sth = $DBH->prepare("SELECT max(id) FROM events;");
if (!defined $sth) { die("Cannot prepare statement in getStatus: $DBI::errstr\n") }
$sth->execute;
my $events_last_id = $sth->fetchrow();
if (!defined $events_last_id) { $events_last_id = "none" }
# timestamp of first record in table events
$sth = $DBH->prepare("SELECT received FROM events WHERE id = (SELECT min(id) FROM events);");
if (!defined $sth) { die("Cannot prepare statement in getStatus: $DBI::errstr\n") }
$sth->execute;
my $events_first_timestamp = $sth->fetchrow();
if (!defined $events_first_timestamp) { $events_first_timestamp = "none" }
# timestamp of last record in table events
$sth = $DBH->prepare("SELECT received FROM events WHERE id = (SELECT max(id) FROM events);");
if (!defined $sth) { die("Cannot prepare statement in getStatus: $DBI::errstr\n") }
$sth->execute;
my $events_last_timestamp = $sth->fetchrow();
if (!defined $events_last_timestamp) { $events_last_timestamp = "none" }
# sum of records in table clients
$sth = $DBH->prepare("SELECT count(*) FROM clients;");
if (!defined $sth) { die("Cannot prepare statement in getStatus: $DBI::errstr\n") }
$sth->execute;
my $clients_sum = $sth->fetchrow();
if (!defined $clients_sum) { $clients_sum = "none" }
my $server_status = SOAP::Data->name(server_status => \SOAP::Data->value(
SOAP::Data->name(VERSION => $VERSION),
SOAP::Data->name(ADDRESS => $ADDRESS),
SOAP::Data->name(PORT => $PORT),
SOAP::Data->name(LOGDIR => $LOGDIR),
SOAP::Data->name(PIDDIR => $PIDDIR),
SOAP::Data->name(VARDIR => $VARDIR),
SOAP::Data->name(SSL_KEY_FILE => $SSL_KEY_FILE),
SOAP::Data->name(SSL_CERT_FILE => $SSL_CERT_FILE),
SOAP::Data->name(SSL_CA_FILE => $SSL_CA_FILE),
SOAP::Data->name(FACILITY => $FACILITY),
SOAP::Data->name(DB_SIZE => $db_size),
SOAP::Data->name(EVENTS_SUM => $events_sum),
SOAP::Data->name(EVENTS_LAST_ID => $events_last_id),
SOAP::Data->name(EVENTS_FIRST_TIMESTAMP => $events_first_timestamp),
SOAP::Data->name(EVENTS_LAST_TIMESTAMP => $events_last_timestamp),
SOAP::Data->name(CLIENTS_SUM => $clients_sum)
));
push(@status, $server_status);
# statistics of senders
if ($clients_sum != 0) {
$sth = $DBH->prepare("SELECT client_id, hostname, service FROM clients WHERE client_type = 's';");
if (!defined $sth) { die("Cannot prepare statement in getStatus: $DBI::errstr\n") }
$sth->execute;
my ($client_id, $hostname, $service);
my $client_status;
while(($client_id, $hostname, $service) = $sth->fetchrow()) {
my $hostname_db = $DBH->quote($hostname);
my $service_db = $DBH->quote($service);
my $sth2;
# sum of stored events
$sth2 = $DBH->prepare("SELECT count(*) FROM events WHERE hostname = $hostname_db AND service = $service_db;");
if ( !defined $sth2 ) { die("Cannot prepare statement in getStatus: $DBI::errstr\n") }
$sth2->execute;
my $count = $sth2->fetchrow();
if (!defined $count) {$count = "none"}
# timestamp of last stored event
$sth2 = $DBH->prepare("SELECT max(received) FROM events WHERE hostname = $hostname_db AND service = $service_db;");
if ( !defined $sth2 ) { die("Cannot prepare statement in getStatus: $DBI::errstr\n") }
$sth2->execute;
my $timestamp = $sth2->fetchrow();
if (!defined $timestamp) { $timestamp = "none" }
# create SOAP data object
$client_status = SOAP::Data->name(client_status => \SOAP::Data->value(
SOAP::Data->name(CLIENT_ID => $client_id),
SOAP::Data->name(HOSTNAME => $hostname),
SOAP::Data->name(SERVICE => $service),
SOAP::Data->name(COUNT => $count),
SOAP::Data->name(TIMESTAMP => $timestamp),
));
push(@status, $client_status);
}
}
write2log("info", "Sent of warden server status info");
return @status;
}
} # END of getStatus
################################################################################
# MAIN warden-server
################################################################################
#-------------------------------------------------------------------------------
# Superuser controle
#-------------------------------------------------------------------------------
my $UID = $<;
if ($UID != 0) {
die errMsg("You must be root for running this script!")
}
#-------------------------------------------------------------------------------
# Daemonize section
#-------------------------------------------------------------------------------
use POSIX qw(setsid);
chdir '/';
umask 0;
# all STDERR messages are printed on terminal
open STDIN, '/dev/null' or die errMsg("Can't read /dev/null: $!");
open STDOUT, '/dev/null' or die errMsg("Can't write to /dev/null: $!");
defined( my $pid = fork ) or die errMsg("Can't fork: $!");
exit if $pid;
#-------------------------------------------------------------------------------
# Dissociate this process from the controlling terminal
# that started it and stop being part of whatever
# process group this process was a part of.
#------------------------------------------------------------------------------
POSIX::setsid() or die errMsg("Can't start a new session.");
#-------------------------------------------------------------------------------
# Callback signal handler for signals.
#-------------------------------------------------------------------------------
$SIG{INT} = $SIG{TERM} = $SIG{HUP} = \&signalHandler;
$SIG{PIPE} = 'ignore';
#-------------------------------------------------------------------------------
# Create pid file in /var/run/
#-------------------------------------------------------------------------------
my $pfh = File::Pid->new( { file => $pid_file, } );
$pfh->write or die errMsg("Can't write PID file $pid_file: $!");
my $pid_number = $pfh->pid;
#-------------------------------------------------------------------------------
# Starting of Warden server
#-------------------------------------------------------------------------------
write2log("info", "Starting WARDEN server daemon with pid $pid_number");
# log of warden database size
my $db_size_human = Format::Human::Bytes::base10(-s $db);
write2log("info", "Size of DB file ($db_file) is: $db_size_human");
# start TCP server
my $server = SOAP::Transport::TCP::Server
->new(
Listen => 20,
LocalAddr => $ADDRESS,
LocalPort => $PORT,
Proto => "tcp",
ReuseAddr => 1,
SSL_verify_mode => 0x02,
SSL_use_cert => 1,
SSL_server => 1,
SSL_key_file => $SSL_KEY_FILE,
SSL_cert_file => $SSL_CERT_FILE,
SSL_ca_file => $SSL_CA_FILE,
SSL_error_trap =>\&sslErrorHandler,
);
# check if socket exist
$server or die errMsg("Socket error: $!");
# start SOAP server
my $soap = SOAP::Server
->new()
->dispatch_to('Warden');
#-------------------------------------------------------------------------------
# Process of incoming client's requests and send response
#-------------------------------------------------------------------------------
write2log("info", "Starting TCP and SOAP server at $ADDRESS:$PORT");
while ($die_now != 1)
{
my $socket = $server->accept();
next if (!$socket);
our $CN = $socket->peer_certificate("cn");
my @alt_names_array = $socket->peer_certificate("subjectAltNames");
our $AN_FILTER = altNamesFilter(\@alt_names_array);
our $IP = $socket->peerhost;
our $LOCAL_IP = $socket->sockhost;
# read input serialized SOAP envelope and data
my ($request, $buf);
while (defined($buf = <$socket>))
{
$request .= $buf;
}
# handle of called server function from client and send response to client
my $response = $soap->handle($request);
print $socket $response;
$socket->close;
undef($socket);
undef($CN);
undef($AN_FILTER);
undef($IP);
undef($LOCAL_IP);
}
################################################################################
# Cleanup section
################################################################################
END {
if ($die_now == 1)
{
my $pid = trim(`cat $pid_file`);
write2log("info", "Stopping WARDEN server daemon with pid $pid");
# close connection to DB
$DBH->disconnect();
# remove pid file
$pfh->remove if defined $pfh;
}
}
src/warden-server/bin/wardend deleted 100755 → 0
View file @ be94e0fe
#!/bin/bash
# Pri pouziti Apache + mod_perl se tento soubor nepouziva
#
# wardend
#
# Copyright (C) 2011-2012 Cesnet z.s.p.o
# Author(s): Tomas PLESNIK <plesnik@ics.muni.cz>
# Jan SOUKAL <soukal@ics.muni.cz>
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
# 1. Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in
# the documentation and/or other materials provided with the
# distribution.
# 3. Neither the name of the Cesnet z.s.p.o nor the names of its
# contributors may be used to endorse or promote products derived from
# this software without specific prior written permission.
#
# This software is provided ``as is'', and any express or implied
# warranties, including, but not limited to, the implied warranties of
# merchantability and fitness for a particular purpose are disclaimed.
# In no event shall the Cesnet z.s.p.o or contributors be liable for
# any direct, indirect, incidental, special, exemplary, or consequential
# damages (including, but not limited to, procurement of substitute
# goods or services; loss of use, data, or profits; or business
# interruption) however caused and on any theory of liability, whether
# in contract, strict liability, or tort (including negligence or
# otherwise) arising in any way out of the use of this software, even
# if advised of the possibility of such damage.
### BEGIN INIT INFO
# Provides: wardend
# Required-Start: $local_fs $network $syslog $time
# Required-Stop: $local_fs $syslog $time
# Default-Start: 2 3 4 5
# Default-Stop:
# Short-Description: Start the Warden server
# Description: Starts or stops server for exchange of events
# among CSIRT teams
### END INIT INFO
VERSION="0.1"
DAEMON="/usr/local/bin/warden-server.pl"
PID_FILE="/var/run/warden-server.pl.pid"
LOCK_FILE="/var/lock/warden-server"
SCRIPTNAME=`basename "$0"`
# check if daemon is present and executable
test -x $DAEMON || exit 0
if [ $UID -ne 0 ]; then
echo "You must be root for runnnig this script!"
exit 1
fi
usage() {
echo "Usage: $0 [start|stop|status|restart|force-stop]"
exit 1
}
check_status() {
/bin/ps axo pid,comm | grep -q "warden-serv*"; RET_VAL=`echo $?`
if [ $RET_VAL -eq 0 ]; then
STATUS=1 # true - warden is running
else
STATUS=0 # false - warden is not running
fi
}
get_pid() {
PID=`ps axo pid,comm | grep "warden-serv*" | sed 's/^ \{1,4\}//g' | cut -f 1 -d " "`
return $PID
}
warden_start() {
check_status
if [ $STATUS -eq 1 ]; then
get_pid PID
echo "Warden server daemon is running (pid $PID)."
else
logger -s "Starting Warden server daemon ..."
$DAEMON
PID=`cat $PID_FILE`
logger -s "Warden server daemon is running (pid $PID)."
touch $LOCK_FILE
fi
}
warden_stop() {
check_status
if [ $STATUS -eq 1 ]; then
logger -s "Stopping Warden server daemon ..."
if [ -e $PID_FILE ]; then
PID=`cat $PID_FILE`
kill -1 $PID
rm -f $LOCK_FILE
logger -s "Warden server daemon (pid $PID) is stopped."
else
echo "Unable to stop Warden server daemon. Try to use: $SCRIPTNAME force-stop"
fi
else
echo "Warden daemon is NOT running."
fi
}
warden_status() {
check_status
if [ $STATUS -eq 1 ]; then
get_pid PID
echo "Warden daemon is running (pid $PID)."
exit 0
else
echo "Warden daemon is NOT running."
exit 1
fi
}
warden_force_stop() {
logger -s "Force stopping Warden server daemon ..."
get_pid PID
kill -9 $PID 1>/dev/null 2>&1
if [ -e $PID_FILE ]; then
rm -f $PID_FILE
fi
if [ -e $LOCK_FILE ]; then
rm -f $LOCK_FILE
fi
}
case $1 in
status)
warden_status
;;
start)
warden_start
;;
stop)
warden_stop
;;
force-stop)
warden_force_stop
;;
restart)
$0 stop
sleep 1
$0 start
;;
*)
usage
;;
esac
exit 0
src/warden-server/doc/CHANGELOG deleted 100644 → 0
View file @ be94e0fe
2012-03-02 v0.1.0 beta version
------------------------------
- initial release of the Warden server
- SSL certificate authentication/authorization supported
- Subject Alternative Names of SSL certificates supported
- Syslog logging supported
- Nagios system check supported
- automated installation and uninstallation process
- SQLite database engine used
src/warden-server/doc/INSTALL deleted 100644 → 0
View file @ be94e0fe
Installation process
--------------------
For installation of warden-server package on local machine use install.sh.
Default destination directory is /opt/warden-server/.
For more information about install.sh options run install.sh -h.
You must be root for running this script.
Uninstallation process
----------------------
For uninstallation of warden-server package from local machine use uninstall.sh.
Default uninstallation directory is /opt/warden-server/.
For more information about uninstall.sh options run uninstall.sh -h.
You must be root for running this script.