Skip to content
Snippets Groups Projects

Compare revisions

Changes are shown as if the source revision was being merged into the target revision. Learn more about comparing revisions.

Source

Select target project
No results found

Target

Select target project
  • 713/warden/warden
1 result
Show changes
Hide whitespace changes
Inline Side-by-side
Showing
with 0 additions and 2381 deletions
src/warden-client/etc/package_version deleted 100644 → 0
View file @ 032d8560
warden-client-2.0
src/warden-client/etc/warden-client.conf deleted 100644 → 0
View file @ 032d8560
#
# warden-client.conf - configuration file for the warden sender/receiver client
#
#-------------------------------------------------------------------------------
# URI - URI address of Warden server
#-------------------------------------------------------------------------------
$URI = "https://warden-dev.cesnet.cz:443/Warden";
#-------------------------------------------------------------------------------
# SSL_KEY_FILE - path to client SSL certificate key file
#-------------------------------------------------------------------------------
$SSL_KEY_FILE = "/opt/warden-client/etc/warden-dev.cesnet.cz.key";
#-------------------------------------------------------------------------------
# SSL_CERT_FILE - path to client SSL certificate file
#-------------------------------------------------------------------------------
$SSL_CERT_FILE = "/opt/warden-client/etc/warden-dev.cesnet.cz.pem";
#-------------------------------------------------------------------------------
# SSL_CA_FILE - path to CA certificate file
#-------------------------------------------------------------------------------
$SSL_CA_FILE = "/etc/ssl/certs/tcs-ca-bundle.pem";
#-------------------------------------------------------------------------------
# MAX_RCV_EVENTS_LIMIT - maximum number of events the client is allowd to get
# from the Warden server in one batch
#-------------------------------------------------------------------------------
$MAX_RCV_EVENTS_LIMIT = 6000; #consumes app. 250 MB of memory
#-------------------------------------------------------------------------------
# Log options
#
# LOG_STDERR, LOG_SYSLOG - hide (0) or allow (1) error reporting on STDERR
# and/or to Syslog
# LOG_STDERR_VERBOSE, LOG_SYSLOG_VERBOSE - print only error message without
# a stack (0) or print debug info
# including err. message and stack (1)
#-------------------------------------------------------------------------------
$LOG_STDERR = 1;
$LOG_SYSLOG = 1;
$LOG_SYSLOG_FACILITY = "local7";
$LOG_VERBOSE = 0;
1;
\ No newline at end of file
src/warden-client/lib/WardenClientConf.pm deleted 100755 → 0
View file @ 032d8560
#!/usr/bin/perl -w
#
# WardenClientConf.pm
#
# Copyright (C) 2011-2012 Cesnet z.s.p.o
#
# Use of this source is governed by a BSD-style license, see LICENSE file.
package WardenClientConf;
use strict;
our $VERSION = "2.0";
#-------------------------------------------------------------------------------
# loadConf - load variables from configuration file
#-------------------------------------------------------------------------------
sub loadConf
{
my $conf_file = shift;
# preset of default variables
our $URI = undef;
our $SSL_KEY_FILE = undef;
our $SSL_CERT_FILE = undef;
our $SSL_CA_FILE = undef;
our $MAX_RCV_EVENTS_LIMIT = undef;
our $LOG_STDERR = 0;
our $LOG_SYSLOG = 0;
our $LOG_SYSLOG_FACILITY = "local7";
our $LOG_VERBOSE = 0;
# load set variables by user
unless (do $conf_file) {
die("Errors in config file '$conf_file': $@") if $@;
die("Can't read config file '$conf_file': $!") unless defined $_;
# if $_ defined, it's retvalue of last statement of conf, for which we don't care
}
return ($URI, $SSL_KEY_FILE, $SSL_CERT_FILE, $SSL_CA_FILE, $MAX_RCV_EVENTS_LIMIT, $LOG_STDERR, $LOG_SYSLOG, $LOG_SYSLOG_FACILITY, $LOG_VERBOSE);
} # End of loadConf
1;
src/warden-client/lib/WardenClientReceive.pm deleted 100755 → 0
View file @ 032d8560
#!/usr/bin/perl -w
#
# WardenClientReceive.pm
#
# Copyright (C) 2011-2012 Cesnet z.s.p.o
#
# Use of this source is governed by a BSD-style license, see LICENSE file.
package WardenClientReceive;
use strict;
use SOAP::Lite;
use IO::Socket::SSL qw(debug1);
use SOAP::Transport::HTTP;
use FindBin;
use Carp;
use Sys::Syslog;
our $VERSION = "2.0";
#----- global configuration variables - default initialization -----------------
our $LOG_STDERR = 1;
our $LOG_SYSLOG = 0;
our $LOG_SYSLOG_FACILITY;
our $LOG_VERBOSE = 0;
#----- end of configuration variables ------------------------------------------
#-------------------------------------------------------------------------------
# errMsg - print error message and die
#-------------------------------------------------------------------------------
sub errMsg
{
my $msg = "Error message: " . shift;
if ($LOG_VERBOSE) { # user wants to log debug information
$msg .= "\nStack info: " . Carp::longmess();
}
die($msg . "\n");
} # End of errMsg
#-------------------------------------------------------------------------------
# c2s - connect to server, send request and receive response
#-------------------------------------------------------------------------------
sub c2s
{
my $uri = shift;
my $ssl_key_file = shift;
my $ssl_cert_file = shift;
my $ssl_ca_file = shift;
my $method = shift;
my $data = shift;
my $client;
my ($server, $port, $service) = $uri =~ /https:\/\/(.+)\:(\d+)\/(.+)/;
if (!($client = SOAP::Transport::HTTP::Client->new())) {
errMsg("Sorry, unable to create socket: " . &SOAP::Transport::HTTP::Client::errstr)
}
$client->timeout(10);
$client->ssl_opts(verify_hostname => 1,
SSL_use_cert => 1,
SSL_verify_mode => 0x02,
SSL_key_file => $ssl_key_file,
SSL_cert_file => $ssl_cert_file,
SSL_ca_file => $ssl_ca_file);
# setting of URI and serialize SOAP envelope and data object
my $soap = SOAP::Lite->uri($service)->proxy($uri);
my $envelope;
if (!defined $data) {
$envelope = $soap->serializer->envelope(method => $method);
} else {
$envelope = $soap->serializer->envelope(method => $method, $data);
}
# setting of TCP URI and send serialized SOAP envelope and data
my $server_uri = "https://$server:$port/$service";
my $result = $client->send_receive(envelope => $envelope, endpoint => $server_uri);
# check server response
if (!defined $result) {
errMsg("Error: server returned empty response." . "\n" . "Problem with used SSL ceritificates or Warden server at $server:$port is down.");
} else {
# deserialized response from server -> create SOAP envelope and data object
my $response;
eval {
$response = $soap->deserializer->deserialize($result);
} or errMsg($@ . "Received data: " . $result);
# check SOAP fault status
$response->fault ? errMsg("Server sent error message:: " . $response->faultstring) : return $response;
}
}
#-------------------------------------------------------------------------------
# getNewEvents - get new events from warden server greater than last received ID
#-------------------------------------------------------------------------------
sub getNewEvents
{
my @events;
eval {
my $warden_path = shift;
my $requested_type = shift;
my $vardir = $warden_path . "/var/";
my $etcdir = $warden_path . "/etc/";
my $libdir = $warden_path . "/lib/";
# read the config file
require $libdir . "WardenClientConf.pm";
my $conf_file = $etcdir . "warden-client.conf";
my ($uri, $ssl_key_file, $ssl_cert_file, $ssl_ca_file, $max_rcv_events_limit);
($uri, $ssl_key_file, $ssl_cert_file, $ssl_ca_file, $max_rcv_events_limit, $LOG_STDERR, $LOG_SYSLOG, $LOG_SYSLOG_FACILITY, $LOG_VERBOSE) = WardenClientConf::loadConf($conf_file);
# set name of ID file for each client aplication
my $caller_name = $FindBin::Script;
my $id_file = $vardir . $caller_name . ".id";
#-----------------------------------------------------------------------------
# get last ID from ID file (if exist) or
# get last ID from warden server DB and save it into ID file
my $last_id;
if (-e $id_file) {
open(ID, "< $id_file") || errMsg("Cannot open ID file $id_file: $!");
foreach(<ID>) {
$last_id = $_;
}
close ID;
} else {
my $response = c2s($uri, $ssl_key_file, $ssl_cert_file, $ssl_ca_file, "getLastId");
$last_id = $response->result;
open(ID, "> $id_file") || errMsg("Cannot open ID file $id_file: $!");
print ID $last_id;
close ID;
}
#-----------------------------------------------------------------------------
# get new events from warden server DB based on gathered last ID
# create SOAP data obejct
my $request_data = SOAP::Data->name(
request => \SOAP::Data->value(
SOAP::Data->name(REQUESTED_TYPE => $requested_type),
SOAP::Data->name(LAST_ID => $last_id),
SOAP::Data->name(MAX_RCV_EVENTS_LIMIT => $max_rcv_events_limit)
)
);
# call server method getNewEvents
my $response = c2s($uri, $ssl_key_file, $ssl_cert_file, $ssl_ca_file, "getNewEvents", $request_data);
# parse returned SOAP data object
my ($id, $hostname, $service, $detected, $type, $source_type, $source, $target_proto, $target_port, $attack_scale, $note, $priority, $timeout);
my @response_list = $response->valueof('/Envelope/Body/getNewEventsResponse/event/');
while (scalar @response_list) {
my $response_data = shift(@response_list);
my @event;
# parse items of one event
$id = $response_data->{'ID'};
$hostname = $response_data->{'HOSTNAME'};
$service = $response_data->{'SERVICE'};
$detected = $response_data->{'DETECTED'};
$type = $response_data->{'TYPE'};
$source_type = $response_data->{'SOURCE_TYPE'};
$source = $response_data->{'SOURCE'};
$target_proto = $response_data->{'TARGET_PROTO'};
$target_port = $response_data->{'TARGET_PORT'};
$attack_scale = $response_data->{'ATTACK_SCALE'};
$note = $response_data->{'NOTE'};
$priority = $response_data->{'PRIORITY'};
$timeout = $response_data->{'TIMEOUT'};
# push new event from warden server into @events which is returned
@event = ($id, $hostname, $service, $detected, $type, $source_type, $source, $target_proto, $target_port, $attack_scale, $note, $priority, $timeout);
push (@events, \@event);
# set maximum received ID from current batch
if ($id > $last_id) {
$last_id = $id;
}
} #end of while loop
# write last return ID
if (defined $last_id) { # must be defined for first check ID
open(ID, "> $id_file") || errMsg("Cannot open ID file $id_file: $!");
print ID $last_id;
close ID;
}
} # End of eval block
or do {
if ($LOG_STDERR) {
print STDERR "Warden-client unexpected end in eval block.\n" . $@ . "\n";
}
if ($LOG_SYSLOG) {
openlog("Warden:", "pid", "$LOG_SYSLOG_FACILITY");
syslog("err|$LOG_SYSLOG_FACILITY", "Warden-client unexpected end in eval block.\n" . $@ . "\n");
closelog();
}
return;
};
return @events;
} # End of getNewEvents
1;
src/warden-client/lib/WardenClientSend.pm deleted 100755 → 0
View file @ 032d8560
#!/usr/bin/perl -w
#
# WardenClientSend.pm
#
# Copyright (C) 2011-2012 Cesnet z.s.p.o
#
# Use of this source is governed by a BSD-style license, see LICENSE file.
package WardenClientSend;
use strict;
use SOAP::Lite;
use IO::Socket::SSL qw(debug1);
use SOAP::Transport::HTTP;
use Carp;
use Sys::Syslog;
our $VERSION = "2.0"; #first iteration after 'port to Apache'
#----- global configuration variables - default initialization -----------------
our $LOG_STDERR = 1;
our $LOG_SYSLOG = 0;
our $LOG_SYSLOG_FACILITY;
our $LOG_VERBOSE = 0;
#----- end of configuration variables ------------------------------------------
#-------------------------------------------------------------------------------
# errMsg - print error message and die
#-------------------------------------------------------------------------------
sub errMsg
{
my $msg = "Error message: " . shift;
if ($LOG_VERBOSE) { # user wants to log debug information
$msg .= "\nStack info: " . Carp::longmess();
}
die($msg . "\n");
} # End of errMsg
#-------------------------------------------------------------------------------
# c2s - connect to server, send request and receive response
#-------------------------------------------------------------------------------
sub c2s
{
my $uri = shift;
my $ssl_key_file = shift;
my $ssl_cert_file = shift;
my $ssl_ca_file = shift;
my $method = shift;
my $data = shift;
my ($server, $port, $service) = $uri =~ /https:\/\/(.+)\:(\d+)\/(.+)/;
my $client;
if (!($client = SOAP::Transport::HTTP::Client->new())) {
errMsg("Sorry, unable to create socket: " . &SOAP::Transport::HTTP::Client::errstr)
}
$client->timeout(60);
$client->ssl_opts(verify_hostname => 1,
SSL_use_cert => 1,
SSL_verify_mode => 0x02,
SSL_key_file => $ssl_key_file,
SSL_cert_file => $ssl_cert_file,
SSL_ca_file => $ssl_ca_file);
# setting of URI and serialize SOAP envelope and data object
my $soap = SOAP::Lite->uri($service)->proxy($uri);
my $envelope = $soap->serializer->envelope(method => $method, $data);
# setting of TCP URI and send serialized SOAP envelope and data
my $server_uri = "https://$server:$port/$service";
my $result = $client->send_receive(envelope => $envelope, endpoint => $server_uri);
# check server response
if (!defined $result) {
errMsg("Error: server returned empty response." . "\n" . "Problem with used SSL ceritificates or Warden server at $server:$port is down.");
} else {
# deserialized response from server -> create SOAP envelope and data object
my $response = $soap->deserializer->deserialize($result);
# check SOAP fault status
$response->fault ? errMsg("Server sent error message:: " . $response->faultstring) : return 1;
}
}
#-------------------------------------------------------------------------------
# saveNewEvent - send new event from detection scripts to warden server
#-------------------------------------------------------------------------------
sub saveNewEvent
{
my $result;
eval {
my $warden_path = shift;
my $event_ref = shift;
my $etcdir = $warden_path . "/etc/";
my $libdir = $warden_path . "/lib/";
# read the config file
require $libdir . "WardenClientConf.pm";
my $conf_file = $etcdir . "warden-client.conf";
my ($uri, $ssl_key_file, $ssl_cert_file, $ssl_ca_file, $max_rcv_events_limit);
($uri, $ssl_key_file, $ssl_cert_file, $ssl_ca_file, $max_rcv_events_limit, $LOG_STDERR, $LOG_SYSLOG, $LOG_SYSLOG_FACILITY, $LOG_VERBOSE) = WardenClientConf::loadConf($conf_file);
# prepare variables of event
my @event = @{$event_ref};
my $service = $event[0];
my $detected = $event[1];
my $type = $event[2];
my $source_type = $event[3];
my $source = $event[4];
my $target_proto = $event[5];
my $target_port = $event[6];
my $attack_scale = $event[7];
my $note = $event[8];
my $priority = $event[9];
my $timeout = $event[10];
# create SOAP data object
my $event = SOAP::Data->name(
event => \SOAP::Data->value(
SOAP::Data->name(SERVICE => $service),
SOAP::Data->name(DETECTED => $detected),
SOAP::Data->name(TYPE => $type),
SOAP::Data->name(SOURCE_TYPE => $source_type),
SOAP::Data->name(SOURCE => $source),
SOAP::Data->name(TARGET_PROTO => $target_proto),
SOAP::Data->name(TARGET_PORT => $target_port),
SOAP::Data->name(ATTACK_SCALE => $attack_scale),
SOAP::Data->name(NOTE => $note),
SOAP::Data->name(PRIORITY => $priority),
SOAP::Data->name(TIMEOUT => $timeout)
)
);
$result = c2s($uri, $ssl_key_file, $ssl_cert_file, $ssl_ca_file, "saveNewEvent", $event);
} # End of eval block
or do {
if ($LOG_STDERR) {
print STDERR "Warden-client unexpected end in eval block.\n" . $@ . "\n";
}
if ($LOG_SYSLOG) {
openlog("Warden-client:", "pid", "$LOG_SYSLOG_FACILITY");
syslog("err|$LOG_SYSLOG_FACILITY", "Warden-client unexpected end in eval block.\n" . $@ . "\n");
closelog();
}
return 0;
};
$result ? return 1 : return 0;
} # End of saveNewEvent
1;
src/warden-client/sh/install.sh deleted 100755 → 0
View file @ 032d8560
#!/bin/bash
#
# install.sh
#
# Copyright (C) 2011-2012 Cesnet z.s.p.o
#
# Use of this source is governed by a BSD-style license, see LICENSE file.
VERSION="2.0"
#-------------------------------------------------------------------------------
# FUNCTIONS
#-------------------------------------------------------------------------------
usage()
{
echo "Usage: `basename $0` [-d <directory>] [-u <user>] [-k <ssl_key_file>] [-c <ssl_cert_file>] [-a <ssl_ca_file>] [-hV]"
echo "-d <directory> installation directory (default: /opt)"
echo "-u <user> owner of warden client package (user for running detection scripts)"
echo "-k <ssl_key_file> path to SSL certificate key file"
echo "-c <ssl_cert_file> path to SSL certificate file"
echo "-a <ssl_ca_file> path to CA certificate file"
echo "-h print this help"
echo "-V print script version number and exit"
echo
echo "Example: # ./`basename $0` -d /opt -u detector -k /etc/ssl/private/client.key -c /etc/ssl/certs/client.pem -a /etc/ssl/certs/tcs-ca-bundle.pem"
echo
echo "Note: You must be root for running this script."
echo " For more information about installation process, see README file (section Installation)."
echo
exit 0
}
version()
{
echo "`basename ${0}` - current version is $VERSION"
exit 0
}
err()
{
echo "FAILED!"
cat $err
rm -rf $err
echo
echo "Installation of $package_version package FAILED!!!"
exit 1
}
err_clean()
{
echo "FAILED!"
echo " -> Uninstalling client package ... OK"
rm -rf $client_path > /dev/null 2>&1
cat $err
rm -rf $err
echo
echo "Installation of $package_version package FAILED!!!"
exit 1
}
root_chck()
{
if [ $UID -ne 0 ]; then
echo "You must be root for running this script!"
exit 1
fi
}
params_chck()
{
if [ -z $prefix ]; then
prefix=/opt
echo "Warning: parameter -d <directory> is not set - default installation directory is ${prefix}!"
fi
if [ -z $user ]; then
echo "Parameter -u <user> is not set!"
exit 1
fi
if [ -z $key ]; then
echo "Parameter -k <ssl_key_file> is not set!"
exit 1
fi
if [ -z $cert ]; then
echo "Parameter -c <ssl_cert_file> is not set!"
exit 1
fi
if [ -z $ca_file ]; then
echo "Parameter -a <ssl_ca_file> is not set!"
exit 1
fi
}
old_client_chck()
{
old_package_version_file={$etc}/package_version
if [ -f $old_package_version_file ]; then
old_package_version=`cat $old_package_version_file`
echo "Sorry, but $old_package_version package is installed!"
echo "For update of warden client package please use update.sh script."
exit 1
fi
}
perl_chck()
{
echo -n "Checking Perl interpreter ... "
if which perl 1> /dev/null; then
echo "OK"
else
echo "FAILED!"
echo "Error: Perl interpreter is not installed!"
exit 1
fi
}
modules_chck()
{
for module in ${modules[@]};
do
echo -n "Checking $module module ... "
if perl -e "use $module" 2> $err; then
echo "OK"
else
err
fi
done
}
make_warden_dir()
{
echo -n "Creating warden client directory ... "
test -d $prefix || mkdir -p $prefix
if cp -R ${dirname}/warden-client $prefix 2> $err; then
echo "OK"
else
err_clean
fi
files=(CHANGELOG INSTALL LICENSE README README.cesnet)
for file in ${files[@]};
do
cp ${dirname}/$file ${client_path}/doc
done
cp ${dirname}/uninstall.sh $client_path
}
copy_key()
{
echo -n "Copying certificate key file ... "
if cp $key $etc 2> $err; then
echo "OK"
else
err_clean
fi
}
copy_cert()
{
echo -n "Copying certificate file ... "
if cp $cert $etc 2> $err; then
echo "OK"
else
err_clean
fi
}
make_conf_file()
{
echo -n "Creating configuration file ... "
echo "#
# warden-client.conf - configuration file for the warden sender/receiver client
#
#-------------------------------------------------------------------------------
# URI - URI address of Warden server
#-------------------------------------------------------------------------------
\$URI = \"https://warden.cesnet.cz:443/Warden\";
#-------------------------------------------------------------------------------
# SSL_KEY_FILE - path to client SSL certificate key file
#-------------------------------------------------------------------------------
\$SSL_KEY_FILE = \"${etc}/${key_file}\";
#-------------------------------------------------------------------------------
# SSL_CERT_FILE - path to client SSL certificate file
#-------------------------------------------------------------------------------
\$SSL_CERT_FILE = \"${etc}/${cert_file}\";
#-------------------------------------------------------------------------------
# SSL_CA_FILE - path to CA certificate file
#-------------------------------------------------------------------------------
\$SSL_CA_FILE = \"${ca_file}\";
" > $conf_file 2> $err; ret_val=`echo $?`
if [ $ret_val -eq 0 ]; then
echo "OK"
else
err_clean
fi
}
change_permissions()
{
echo -n "Changing permissions to installed package ... "
chown -R $user: $client_path 2> $err || err_clean
chmod 400 ${etc}/$key_file ${etc}/$cert_file || err_clean
chmod 644 ${etc}/package_version || err_clean
if chmod 600 $conf_file; then
echo "OK"
else
err_clean
fi
}
#-------------------------------------------------------------------------------
# MAIN
#-------------------------------------------------------------------------------
# list of used Perl modules
modules=(SOAP::Lite IO::Socket::SSL SOAP::Transport::HTTP FindBin DateTime)
# read input
while getopts "d:u:k:c:a:Vh" options; do
case $options in
d ) prefix=$OPTARG;;
u ) user=$OPTARG;;
k ) key=$OPTARG;;
c ) cert=$OPTARG;;
a ) ca_file=$OPTARG;;
h ) usage;;
V ) version;;
* ) usage;;
esac
done
# root test
root_chck
# params test
params_chck
# create variables
dirname=`dirname $0`
package_version=`cat ${dirname}/warden-client/etc/package_version`
key_file=`basename $key`
cert_file=`basename $cert`
[[ $prefix == */ ]] && prefix="${prefix%?}" # remove last char (slash) from prefix
client_path="${prefix}/warden-client"
etc="${client_path}/etc"
conf_file="${etc}/warden-client.conf"
err="/tmp/warden-err"
# check if warden-client is installed
old_client_chck
echo
echo "------------------------- Dependencies check-in -------------------------"
# Perl interpreter test
perl_chck
# Perl modules test
modules_chck
echo
echo "------------------------- Installation process --------------------------"
# make warden client directory
make_warden_dir
# copy cert key file
copy_key
# copy cert file
copy_cert
# create conf file
make_conf_file
# change permissions
change_permissions
echo
echo "Please check configuration file in ${conf_file}!"
echo
echo "Warden client directory: $client_path"
echo
echo "Installation of $package_version package was SUCCESSFUL!!!"
# cleanup section
rm -rf $err
exit 0
src/warden-client/sh/uninstall.sh deleted 100755 → 0
View file @ 032d8560
#!/bin/bash
#
# uninstall.sh
#
# Copyright (C) 2011-2012 Cesnet z.s.p.o
#
# Use of this source is governed by a BSD-style license, see LICENSE file.
VERSION="2.0"
#-------------------------------------------------------------------------------
# FUNCTIONS
#-------------------------------------------------------------------------------
usage()
{
echo "Usage: `basename $0` [-d <directory>] [-hV]"
echo "-d <directory> uninstallation directory (default: /opt)"
echo "-h print this help"
echo "-V print script version number and exit"
echo
echo "Example: # ./`basename $0` -d /opt"
echo
echo "Note: You must be root for running this script."
echo " For more information about uninstallation process, see README file (section Uninstallation)."
echo
exit 0
}
version()
{
echo "`basename ${0}` - current version is $VERSION"
exit 0
}
err()
{
echo "FAILED!"
cat $err
rm -rf $err $backup_dir
echo
echo "Uninstallation of $package_version package FAILED!!!"
exit 1
}
err_clean()
{
echo "FAILED!"
echo " -> Reverting changes of warden client package ... OK"
rm -rf ${client_path}/* > /dev/null 2>&1
cp -R ${backup_dir}/* $client_path
cat $err
rm -rf $err $backup_dir
echo
echo "Uninstallation of $package_version package FAILED!!!"
exit 1
}
root_chck()
{
if [ $UID -ne 0 ]; then
echo "You must be root for running this script!"
exit 1
fi
}
params_chck()
{
if [ -z $prefix ]; then
prefix=/opt
echo "Warning: parameter -d <directory> is not set - default uninstallation directory is ${prefix}!"
fi
}
obtain_package_version()
{
if [ -f $old_package_version_file ]; then
package_version=`cat $old_package_version_file`
else
package_version="unknown"
fi
}
warden_dir_chck()
{
echo -n "Checking warden client directory ... "
if [ ! -d $client_path ]; then
echo "FAILED!"
ls $client_path
exit 1
else
echo "OK"
fi
}
backup()
{
echo -n "Backing-up warden client directory ... "
mkdir $backup_dir
if cp -R ${client_path}/* $backup_dir 2> $err; then
echo "OK"
else
err
fi
}
uninstall_warden_client()
{
echo -n "Uninstalling $package_version package ... "
if rm -rf $client_path 2> $err; then
echo "OK"
else
err_clean
fi
}
#-------------------------------------------------------------------------------
# MAIN
#-------------------------------------------------------------------------------
# OS test
os_chck
# Shell test
shell_chck
# read input
while getopts "d:Vh" options; do
case $options in
d ) prefix=$OPTARG;;
h ) usage;;
V ) version;;
* ) usage;;
esac
done
# create variables
[[ $prefix == */ ]] && prefix="${prefix%?}" # remove last char (slash) from prefix
client_path="${prefix}/warden-client"
etc="${client_path}/etc"
old_package_version_file="${etc}/package_version"
err="/tmp/warden-err"
backup_dir="/tmp/warden-backup"
# obtain version of installed warden-client package
obtain_package_version
echo
echo "------------------------- Uninstallation process --------------------------------"
# check if $prefix/warden-client directory exist
warden_dir_chck
# make backup of currently installed warden-client package
backup
# do uninstallation
uninstall_warden_client
echo
echo "Uninstallation of $package_version package was SUCCESSFUL!!!"
# cleanup section
rm -rf $err $backup_dir
exit 0
src/warden-client/sh/update.sh deleted 100755 → 0
View file @ 032d8560
#!/bin/bash
#
# update.sh
#
# Copyright (C) 2011-2012 Cesnet z.s.p.o
#
# Use of this source is governed by a BSD-style license, see LICENSE file.
VERSION="2.0"
#-------------------------------------------------------------------------------
# FUNCTIONS
#-------------------------------------------------------------------------------
usage()
{
echo "Usage: `basename $0` [-d <directory>] [-hV]"
echo "-d <directory> destination directory (default: /opt)"
echo "-h print this help"
echo "-V print script version number and exit"
echo
echo "Example: # ./`basename $0` -d /opt"
echo
echo "Note: You must be root for running this script."
echo " For more information about update process, see README file (section Update)."
echo
exit 0
}
version()
{
echo "`basename ${0}` - current version is $VERSION"
exit 0
}
err()
{
echo "FAILED!"
cat $err
rm -rf $err
rm -rf $backup_dir
echo
echo "Update from $old_package_version to $package_version package FAILED!!!"
exit 1
}
err_clean()
{
echo "FAILED!"
echo " -> Reverting changes of warden client package ... OK"
rm -rf ${client_path}/* > /dev/null 2>&1
cp -R ${backup_dir}/* $client_path
cat $err
rm -rf $err $backup_dir
echo
echo "Update from $old_package_version to $package_version package FAILED!!!"
exit 1
}
root_chck()
{
if [ $UID -ne 0 ]; then
echo "You must be root for running this script!"
exit 1
fi
}
params_chck()
{
if [ -z $prefix ]; then
prefix=/opt
echo "Warning: parameter -d <directory> is not set - default installation directory is ${prefix}!"
fi
}
obtain_package_version()
{
if [ -f $old_package_version_file ]; then
old_package_version=`cat $old_package_version_file`
if [ "$old_package_version" == "$package_version" ]; then
echo "Sorry, but $package_version package is already installed!"
exit 1
fi
else
echo "Sorry, but warden-client package is not installed!"
echo "For installation of warden client package please use install.sh script."
exit 1
fi
}
perl_chck()
{
echo -n "Checking Perl interpreter ... "
if which perl 1> /dev/null; then
echo "OK"
else
echo "FAILED!"
echo "Error: Perl interpreter is not installed!"
exit 1
fi
}
modules_chck()
{
for module in ${modules[@]};
do
echo -n "Checking $module module ... "
if perl -e "use $module" 2> $err; then
echo "OK"
else
err
fi
done
}
warden_dir_chck()
{
echo -n "Checking warden client directory ... "
if [ ! -d $client_path ]; then
echo "FAILED!"
ls $client_path
exit 1
else
echo "OK"
fi
}
backup()
{
echo -n "Backing-up warden client directory ... "
mkdir $backup_dir
if cp -R ${client_path}/* $backup_dir 2> $err; then
echo "OK"
else
err
fi
}
obtain_warden_user()
{
echo -n "Obtaining warden client directory owner ... "
if user=`stat -c %U $conf_file` 2> $err; then
echo "OK"
else
err
fi
}
update_warden_dir()
{
echo -n "Updating warden client directory ... "
if rsync -q --recursive --archive --delete --exclude='etc' --exclude='var' ${dirname}/warden-client $prefix 2> $err; then
echo "OK"
else
err_clean
fi
files=(CHANGELOG INSTALL LICENSE README README.cesnet)
for file in ${files[@]};
do
cp ${dirname}/$file ${client_path}/doc
done
cp ${dirname}/uninstall.sh $client_path
cp ${dirname}/warden-client/etc/package_version $etc
}
make_conf_file()
{
echo -n "Creating configuration file ... "
uri=`cat $conf_file | grep '$URI'`
ssl_key_file=`cat $conf_file | grep '$SSL_KEY_FILE'`
ssl_cert_file=`cat $conf_file | grep '$SSL_CERT_FILE'`
ssl_ca_file=`cat $conf_file | grep '$SSL_CA_FILE'`
echo "#
# warden-client.conf - configuration file for the warden sender/receiver client
#
#-------------------------------------------------------------------------------
# URI - URI address of Warden server
#-------------------------------------------------------------------------------
$uri
#-------------------------------------------------------------------------------
# SSL_KEY_FILE - path to client SSL certificate key file
#-------------------------------------------------------------------------------
$ssl_key_file
#-------------------------------------------------------------------------------
# SSL_CERT_FILE - path to client SSL certificate file
#-------------------------------------------------------------------------------
$ssl_cert_file
#-------------------------------------------------------------------------------
# SSL_CA_FILE - path to CA certificate file
#-------------------------------------------------------------------------------
$ssl_ca_file
" > $conf_file 2> $err; ret_val=`echo $?`
if [ $ret_val -eq 0 ]; then
echo "OK"
else
err_clean
fi
}
change_permissions()
{
echo -n "Changing permissions to updated package ... "
chown -R $user: $client_path 2>$err || err_clean
key_file=`echo $ssl_key_file | cut -d "\"" -f 2`
cert_file=`echo $ssl_cert_file | cut -d "\"" -f 2`
chmod 400 $key_file $cert_file || err_clean
chmod 644 $old_package_version_file || err_clean
if chmod 600 $conf_file; then
echo "OK"
else
err_clean
fi
}
#-------------------------------------------------------------------------------
# MAIN
#-------------------------------------------------------------------------------
# list of used Perl modules
modules=(SOAP::Lite IO::Socket::SSL SOAP::Transport::HTTP FindBin DateTime)
# read input
while getopts "d:Vh" options; do
case $options in
d ) prefix=$OPTARG;;
h ) usage;;
V ) version;;
* ) usage;;
esac
done
# root test
root_chck
# params test
params_chck
# create variables
dirname=`dirname $0`
package_version=`cat ${dirname}/warden-client/etc/package_version`
[[ $prefix == */ ]] && prefix="${prefix%?}" # remove last char (slash) from prefix
client_path="${prefix}/warden-client"
etc="${client_path}/etc"
old_package_version_file="${etc}/package_version"
conf_file="${etc}/warden-client.conf"
err="/tmp/warden-err"
backup_dir="/tmp/warden-backup"
# obtain version of old warden client
obtain_package_version
echo
echo "------------------------- Dependencies check-in -------------------------"
# Perl interpreter test
perl_chck
# Perl modules test
modules_chck
echo
echo "------------------------- Update process --------------------------------"
# check warden client directory
warden_dir_chck
# backup old warden client installation
backup
# obtain current warden client user
obtain_warden_user
# make warden client directory
update_warden_dir
# create conf file
make_conf_file
# change permissions
change_permissions
echo
echo "Please check configuration file in ${conf_file}!"
echo
echo "Warden client directory: $client_path"
echo
echo "Update from $old_package_version to $package_version package was SUCCESSFUL!!!"
# cleanup section
rm -rf $err $backup_dir
exit 0
src/warden-server/bin/getClients.pl deleted 100755 → 0
View file @ 032d8560
#!/usr/bin/perl -w
#
# getClients.pl
#
# Copyright (C) 2011-2012 Cesnet z.s.p.o
#
# Use of this source is governed by a BSD-style license, see LICENSE file.
use strict;
use Getopt::Std;
use File::Basename;
our $VERSION = "2.0";
my $warden_path = '/opt/warden-server';
require $warden_path . '/lib/WardenStatus.pm';
my $filename = basename($0);
#-------------------------------------------------------------------------------
# Functions
#-------------------------------------------------------------------------------
sub usage {
print "Usage: $filename [without parameters]\n";
exit 1;
}
#-------------------------------------------------------------------------------
# errMsg - print error message and die
#-------------------------------------------------------------------------------
sub errMsg
{
my $msg = shift;
$msg = trim($msg);
print $msg . "\n";
exit 1;
} # End of errMsg
#-------------------------------------------------------------------------------
# trim - remove whitespace from the start and end of the string
#-------------------------------------------------------------------------------
sub trim
{
my $string = shift;
$string =~ s/^\s+//;
$string =~ s/\s+$//;
return $string;
} # End of trim
#-------------------------------------------------------------------------------
# MAIN
#-------------------------------------------------------------------------------
our ($opt_h);
die usage unless getopts("h");
my $help = $opt_h;
# catch help param
if ($help) {
usage;
}
# superuser controle
my $UID = $<;
if ($UID != 0) {
die errMsg("You must be root for running this script!")
}
my @clients = WardenStatus::getClients($warden_path);
print "+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+\n";
print "| Client ID | Hostname | Registered | Requestor | Service | CT | Type | ROE | Description tags | IP Net Client |\n";
print "+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+\n";
foreach (@clients) {
printf("| %-10s ", @$_[0]);
printf("| %-30s ", @$_[1]);
printf("| %19s ", @$_[2]);
printf("| %-10s ", @$_[3]);
printf("| %-20s ", @$_[4]);
printf("| %-2s ", @$_[5]);
printf("| %-15s ", @$_[6]);
printf("| %-4s ", @$_[7]);
printf("| %-30s ", @$_[8]);
printf("| %-18s |\n", @$_[9]);
}
print "+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+\n";
print "\n";
print "Current registered clients in: " . scalar localtime(time) . "\n";
exit 0;
src/warden-server/bin/getStatus.pl deleted 100755 → 0
View file @ 032d8560
#!/usr/bin/perl -w
#
# getStatus.pl
#
# Copyright (C) 2011-2012 Cesnet z.s.p.o
#
# Use of this source is governed by a BSD-style license, see LICENSE file.
use strict;
use Getopt::Std;
use File::Basename;
our $VERSION = "2.0";
my $warden_path = '/opt/warden-server';
require $warden_path . '/lib/WardenStatus.pm';
my $filename = basename($0);
#-------------------------------------------------------------------------------
# Functions
#-------------------------------------------------------------------------------
sub usage {
print "Usage: $filename [without parameters]\n";
exit 1;
}
#-------------------------------------------------------------------------------
# errMsg - print error message and die
#-------------------------------------------------------------------------------
sub errMsg
{
my $msg = shift;
$msg = trim($msg);
print $msg . "\n";
exit 1;
} # End of errMsg
#-------------------------------------------------------------------------------
# trim - remove whitespace from the start and end of the string
#-------------------------------------------------------------------------------
sub trim
{
my $string = shift;
$string =~ s/^\s+//;
$string =~ s/\s+$//;
return $string;
} # End of trim
#-------------------------------------------------------------------------------
# MAIN
#-------------------------------------------------------------------------------
our ($opt_h);
die usage unless getopts("h");
my $help = $opt_h;
# catch help param
if ($help) {
usage;
}
# superuser controle
my $UID = $<;
if ($UID != 0) {
die errMsg("You must be root for running this script!")
}
my @status = WardenStatus::getStatus($warden_path);
# take and remove first element of array @status and save it into $server_status_ref
my $server_status_ref = shift(@status);
my @server_status = @$server_status_ref;
print "Warden server variables:\n";
print "========================\n";
print "SERVER_VERSION:\t\t$server_status[0]\n";
print "HOSTNAME:\t\t$server_status[1]\n";
print "IP_ADDRESS:\t\t$server_status[2]\n";
print "PORT:\t\t\t$server_status[3]\n";
print "DB_NAME:\t\t$server_status[4]\n";
print "DB_USER:\t\t$server_status[5]\n";
print "DB_HOST:\t\t$server_status[6]\n";
print "SYSLOG_FACILITY:\t$server_status[7]\n";
print "\n";
print "Warden server status:\n";
print "=====================\n";
print "Database size:\t\t\t$server_status[8]\n";
print "Count of saved events:\t\t$server_status[9]\n";
print "Last ID in events table:\t$server_status[10]\n";
print "Time of first inserted event:\t$server_status[11] (UTC)\n";
print "Time of latest inserted event:\t$server_status[12] (UTC)\n";
print "Count of registered clients:\t$server_status[13]\n";
print "\n";
# check if sum of registered client isn't 0
if ($server_status[13] != 0) {
print "Statistics of registered senders:\n";
print "+-----------------------------------------------------------------------------------------------------------+\n";
print "| Client ID | Hostname | Service | Stored events | Last insertion (UTC) |\n";
print "+-----------------------------------------------------------------------------------------------------------+\n";
foreach my $client_status_ref (@status){
my @client_status = @$client_status_ref;
printf("| %-10s ", $client_status[0]);
printf("| %-30s ", $client_status[1]);
printf("| %-20s ", $client_status[2]);
printf("| %-13s ", $client_status[3]);
printf("| %-20s |\n", $client_status[4]);
}
print "+-----------------------------------------------------------------------------------------------------------+\n";
print "\n";
}
print "Current server status in:\t" . scalar localtime(time) . "\n";
exit 0;
src/warden-server/bin/getWebStatus.sh deleted 100755 → 0
View file @ 032d8560
#!/bin/bash
#
# getStatus.pl
#
# Copyright (C) 2011-2012 Cesnet z.s.p.o
#
# Use of this source is governed by a BSD-style license, see LICENSE file.
VERSION='2.0'
if [ $UID -ne 0 ]; then
echo "You must be root for running this script!"
exit 1
fi
DB_NAME=`cat /opt/warden-server/etc/warden-server.conf | grep '$DB_NAME' | sed 's/[";]//g' |awk '{print $3}'`
DB_USER=`cat /opt/warden-server/etc/warden-server.conf | grep '$DB_USER' | sed 's/[";]//g' |awk '{print $3}'`
DB_HOST=`cat /opt/warden-server/etc/warden-server.conf | grep '$DB_HOST' | sed 's/[";]//g' |awk '{print $3}'`
echo "DB_NAME: $DB_NAME"
echo "DB_USER: $DB_USER"
echo "DB_HOST: $DB_HOST"
echo
echo "DB status:"
echo "----------"
echo "SELECT FROM_UNIXTIME( UNIX_TIMESTAMP( received ) - ( UNIX_TIMESTAMP( received ) % ( 60 ) ) ) AS t, COUNT( id ) FROM events GROUP BY t" | mysql -h $DB_HOST --user=$DB_USER $DB_NAME --password=$DB_PASS
echo
echo "apache2ctl status:"
echo "------------------"
apache2ctl status
echo
echo "uptime:"
echo "-------"
uptime
echo
echo -n klientu: ; netstat -nlpa | grep :443 | grep ESTA | wc -l;
echo -n FIN:; netstat | grep WAIT2 | wc -l
exit 0
src/warden-server/bin/registerReceiver.pl deleted 100755 → 0
View file @ 032d8560
#!/usr/bin/perl -w
#
# registerReceiver.pl
#
# Copyright (C) 2011-2012 Cesnet z.s.p.o
#
# Use of this source is governed by a BSD-style license, see LICENSE file.
use strict;
use Getopt::Std;
use Switch;
use File::Basename;
our $VERSION = "2.0";
my $warden_path = '/opt/warden-server';
require $warden_path . '/lib/WardenReg.pm';
my $filename = basename($0);
#-------------------------------------------------------------------------------
# Functions
#-------------------------------------------------------------------------------
sub usage {
print "Usage: $filename [-h -o -n <hostname> -r <requestor> -t <type> -i <ip_net_client>]\n";
exit 1;
}
sub help {
print "$filename [-h -o -n <hostname> -r <requestor> -t <type> -i <ip_net_client>]\n";
print "-h print this text and exit\n";
print "-n hostname of receiver\n";
print "-r client registration requestor\n";
print "-t type of received events or '_any_' for receiving of all types of events\n";
print "-o enable receiving of own events\n";
print "-i CIDR of receiver\n";
exit 0;
}
#-------------------------------------------------------------------------------
# errMsg - print error message and die
#-------------------------------------------------------------------------------
sub errMsg
{
my $msg = shift;
$msg = trim($msg);
print $msg . "\n";
exit 1;
} # End of errMsg
#-------------------------------------------------------------------------------
# trim - remove whitespace from the start and end of the string
#-------------------------------------------------------------------------------
sub trim
{
my $string = shift;
$string =~ s/^\s+//;
$string =~ s/\s+$//;
return $string;
} # End of trim
#-------------------------------------------------------------------------------
# MAIN
#-------------------------------------------------------------------------------
our ($opt_n, $opt_r, $opt_t, $opt_o, $opt_i, $opt_h);
if ($#ARGV == -1) {usage}
die usage unless getopts("n:r:t:i:ho");
my $hostname = $opt_n;
my $requestor = $opt_r;
my $type = $opt_t;
my $ip_net_client = $opt_i;
my $help = $opt_h;
my $receive_own_events = "f";
if ($opt_o) {
$receive_own_events = "t";
}
# catch help param
if ($help) {
help;
}
if ($ip_net_client !~ /^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(\d|[1-2]\d|3[0-2]))$/) {
die errMsg("Enter correct IP in CIDR format!");
}
# superuser controle
my $UID = $<;
if ($UID != 0) {die errMsg("You must be root for running this script!")}
# check parameters definition
switch () {
case {!defined $hostname} { print "ERROR: Parameter 'hostname' is not defined!\n"; exit 1; }
case {!defined $requestor} { print "ERROR: Parameter 'requestor' is not defined!\n"; exit 1; }
case {!defined $type} { print "ERROR: Parameter 'type' is not defined!\n"; exit 1; }
case {!defined $receive_own_events} { print "ERROR: Parameter 'receive_own_events' is not defined!\n"; exit 1; }
case {!defined $ip_net_client} { print "ERROR: Parameter 'ip_net_client' is not defined!\n"; exit 1; }
}
my $return = WardenReg::registerReceiver($warden_path, $hostname, $requestor, $type, $receive_own_events, $ip_net_client);
$return ? print "Registration of $hostname was SUCCESSFUL...\n" : print "Registration of $hostname FAILED!\n";
exit 0;
src/warden-server/bin/registerSender.pl deleted 100755 → 0
View file @ 032d8560
#!/usr/bin/perl -w
#
# registerSender.pl
#
# Copyright (C) 2011-2012 Cesnet z.s.p.o
#
# Use of this source is governed by a BSD-style license, see LICENSE file.
use strict;
use Getopt::Std;
use Switch;
use File::Basename;
our $VERSION = "2.0";
my $warden_path = '/opt/warden-server';
require $warden_path . '/lib/WardenReg.pm';
my $filename = basename($0);
#-------------------------------------------------------------------------------
# Functions
#-------------------------------------------------------------------------------
sub usage {
print "Usage: $filename [-h -n <hostname> -r <requestor> -s <service> -d <description_tags> -i <ip_net_client>]\n";
exit 1;
}
sub help {
print "$filename [-h -n <hostname> -r <requestor> -s <service> -d <description_tags> -i <ip_net_client>]\n";
print "-h print this text and exit\n";
print "-n hostname of sender\n";
print "-r client registration requestor\n";
print "-s name of service which sent events\n";
print "-d description tags of send events\n";
print "-i CIDR of sender\n";
exit 0;
}
#-------------------------------------------------------------------------------
# errMsg - print error message and die
#-------------------------------------------------------------------------------
sub errMsg
{
my $msg = shift;
$msg = trim($msg);
print $msg . "\n";
exit 1;
} # End of errMsg
#-------------------------------------------------------------------------------
# trim - remove whitespace from the start and end of the string
#-------------------------------------------------------------------------------
sub trim
{
my $string = shift;
$string =~ s/^\s+//;
$string =~ s/\s+$//;
return $string;
} # End of trim
#-------------------------------------------------------------------------------
# MAIN
#-------------------------------------------------------------------------------
our ($opt_n, $opt_r, $opt_s, $opt_d, $opt_i, $opt_h);
if ($#ARGV == -1) {usage}
die usage unless getopts("n:r:s:d:i:h");
my $hostname = $opt_n;
my $requestor = $opt_r;
my $service = $opt_s;
my $description_tags = $opt_d;
my $ip_net_client = $opt_i;
my $help = $opt_h;
# catch help param
if ($help) {
help;
}
if ($ip_net_client !~ /^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(\d|[1-2]\d|3[0-2]))$/) {
die errMsg("Enter correct IP in CIDR format!");
}
# superuser controle
my $UID = $<;
if ($UID != 0) {die errMsg("You must be root for running this script!")}
# check parameters definition
switch () {
case {!defined $hostname} { print "ERROR: Parameter 'hostname' is not defined!\n"; exit 1; }
case {!defined $requestor} { print "ERROR: Parameter 'requestor' is not defined!\n"; exit 1; }
case {!defined $service} { print "ERROR: Parameter 'service' is not defined!\n"; exit 1; }
case {!defined $description_tags} { print "ERROR: Parameter 'description_tags' is not defined!\n"; exit 1; }
case {!defined $ip_net_client} { print "ERROR: Parameter 'ip_net_client' is not defined!\n"; exit 1; }
}
# register sender at warden server
my $return = WardenReg::registerSender($warden_path, $hostname, $requestor, $service, $description_tags, $ip_net_client);
$return ? print "Registration of $hostname was SUCCESSFUL...\n" : print "Registration of $hostname FAILED!\n";
exit 0;
src/warden-server/bin/unregisterClient.pl deleted 100755 → 0
View file @ 032d8560
#!/usr/bin/perl -w
#
# unregisterClient.pl
#
# Copyright (C) 2011-2012 Cesnet z.s.p.o
#
# Use of this source is governed by a BSD-style license, see LICENSE file.
use strict;
use Getopt::Std;
use Switch;
use File::Basename;
our $VERSION = "2.0";
my $warden_path = '/opt/warden-server';
require $warden_path . '/lib/WardenReg.pm';
my $filename = basename($0);
#-------------------------------------------------------------------------------
# Functions
#-------------------------------------------------------------------------------
sub usage {
print "Usage: $filename [-h -i <client_id>]\n";
exit 1;
}
sub help {
print "$filename [-h -i <client_id>]\n";
print "-h print this text and exit\n";
print "-i client_id for unregistration\n";
exit 0;
}
#-------------------------------------------------------------------------------
# errMsg - print error message and die
#-------------------------------------------------------------------------------
sub errMsg
{
my $msg = shift;
$msg = trim($msg);
print $msg . "\n";
exit 1;
} # End of errMsg
#-------------------------------------------------------------------------------
# trim - remove whitespace from the start and end of the string
#-------------------------------------------------------------------------------
sub trim
{
my $string = shift;
$string =~ s/^\s+//;
$string =~ s/\s+$//;
return $string;
} # End of trim
#-------------------------------------------------------------------------------
# MAIN
#-------------------------------------------------------------------------------
our ($opt_h, $opt_i);
if ($#ARGV == -1) {usage}
die usage unless getopts("i:h");
my $client_id = $opt_i;
my $help = $opt_h;
# catch help param
if ($help) {
help;
}
# superuser controle
my $UID = $<;
if ($UID != 0) {die errMsg("You must be root for running this script!")}
# check parameters definition
if (!defined $client_id) {
print "ERROR: Parameter 'client_id' is not defined!\n";
exit 1;
}
my $return = WardenReg::unregisterClient($warden_path, $client_id);
$return ? print "Unregistration of client (#$client_id) was SUCCESSFUL...\n" : print "Unregistration of client (# $client_id) FAILED!\n";
exit 0;
src/warden-server/doc/AUTHORS deleted 100644 → 0
View file @ 032d8560
AUTHORS AND MAINTAINERS :
MAIN DEVELOPERS:
Tomas Plesnik <plesnik@ics.muni.cz>
Jan Soukal <soukal@ics.muni.cz>
Michal Kostenec <kostenec@civ.zcu.cz>
CONTRIBUTORS:
Vit Slama <slama@cis.vutbr.cz>
Martin Drasar <drasar@ics.muni.cz>
TESTING:
Jakub Cegan <cegan@ics.muni.cz>
DEVELOPMENT MANAGER:
Jan Vykopal <vykopal@ics.muni.cz>
PROJECT MANAGERS:
Pavel Kacha <ph@cesnet.cz>
Andrea Kropacova <andrea@cesnet.cz>
COMMUNITY:
Radomir Orkac <orkac@cesnet.cz>
src/warden-server/doc/CHANGELOG deleted 100644 → 0
View file @ 032d8560
2012-00-00 v2.1 stable version
------------------------------
- added limit of events that can be downloaded from server to client
- added receiving of all types of events
- added validation of types of received events
- added support for client maximum received events limit option
(for more information see client documentation)
2012-07-27 v2.0 stable version
------------------------------
- MySQL database engine used
- Apache used to support faster multithread processing (communication switched to HTTPs protocol)
- enhanced authentization and authorization
- enhanced support of Alternate Names in SSL certificates
- added automatic reconnect to DB
- other minor bugs and issues fixed
2012-03-02 v0.1.0 beta version
------------------------------
- initial release of the Warden server
- SSL certificate authentication/authorization supported
- Subject Alternative Names of SSL certificates supported
- Syslog logging supported
- Nagios system check supported
- automated installation and uninstallation process
- SQLite database engine used
src/warden-server/doc/INSTALL deleted 100644 → 0
View file @ 032d8560
Installation process
====================
Overview
--------
For installation of warden-server package on local machine use install.sh.
Default destination directory is /opt/warden-server/.
For more information about install.sh options run install.sh -h.
You must be root for running this script.
Post-installation steps
-----------------------
1) Install necessary packages
# aptitude install apache2 mysql-server libapache2-mod-perl2 apache2-mpm-prefork libcrypt-x509-perl libmime-base64-perl
2) Enable of mod_ssl module
# an2enmod ssl
3) Apache server configuration
a) VirtualHost section configuration
- include parameters from the Warden server configuration file (<warden-server_path>/etc/warden-apache.conf)
# vim /etc/apache2/sites-enables/default
<VirtualHost *:443>
...
Include /opt/warden-server/etc/warden-apache.conf
</VirtualHost>
b) Apache server performance configuration
# vim /etc/apache2/apache2.conf
- prefork module settings
<IfModule mpm_prefork_module>
StartServers 2
MinSpareServers 4
MaxSpareServers 8
ServerLimit 700
MaxClients 700
MaxRequestsPerChild 0
</IfModule>
- connection settings
Timeout 10
KeepAlive Off
4) MySQL database configuration
a) Create new user acount (optional)
b) Create new database structure
$ mysql -u <user> -h localhost -p <password> < {warden-server_path}/doc/warden.mysql
5) Warden server configuration
- configure warden-server.conf, warden-client.conf and warden-apache.conf placed in <warden-server_path>/etc directory
6) Restart of Apache server
# /etc/init.d/apache2 restart
Uninstallation process
======================
Overview
--------
For uninstallation of warden-server package from local machine use uninstall.sh.
Default uninstallation directory is /opt/warden-server/.
For more information about uninstall.sh options run uninstall.sh -h.
You must be root for running this script.
src/warden-server/doc/README deleted 100644 → 0
View file @ 032d8560
+----------------------------+
| README - Warden Server 2.1 |
+----------------------------+
Content
A. Overall Information
B. Installation Dependencies
C. Installation
D. Miscellaneous
E. Registration of Clients
F. Status Info
--------------------------------------------------------------------------------
A. Overall Information
1. About Warden System
Warden is a client-server architecture service designed to share detected
security events (issues) among CSIRT and CERT teams in a simple and fast way.
This package contains the Warden server.
2. Version
2.1 (2012-00-00)
3. Package structure
warden-server/
bin/
getClients.pl
getStatus.pl
getWebStatus.sh
registerReceiver.pl
registerSender.pl
unregisterClients.pl
doc/
AUTHORS
CHANGELOG
INSTALL
LICENSE
README
warden.mysql
etc/
package_version
warden-apache.conf
warden-client.conf
warden-server.conf
lib/
WardenConf.pm
Warden.pm
WardenReg.pm
WardenStatus.pm
Warden/
ApacheDispatch.pm
uninstall.sh
--------------------------------------------------------------------------------
B. Installation Dependencies
1. Applications:
Perl >= 5.10.1
MySQL >= 5.1.63
Apache >= 2.2.14
2. Perl modules:
SOAP::Lite >= 0.712
SOAP::Transport::HTTP >= 0.712
DBI >= 1.612
DBD::mysql >= 4.016
Format::Human::Bytes >= 0.05
Sys::Syslog >= 0.27
File::Basename >= 2.77
Net::CIDR::Lite >= 0.21
DateTime >= 0.61
Getopt::Std >= 1.06
Switch >= 2.14
IO::Socket::SSL >= 1.74
MIME::Base64 >= 3.08
Crypt::X509 >= 0.40
--------------------------------------------------------------------------------
C. Installation
1. Check SHA1 checksum of the Warden server package archive.
$ sha1sum -c warden-server-2.1.tar.gz.sig
2. Untar it.
$ tar xzvf warden-server-2.1.tar.gz
3. Run install.sh.
Default destination directory is /opt/warden-server/
For more information about install.sh options run install.sh -h
You must be root for running this script.
4. Configuration files
You are advised to check configuration file warden-apache.conf,
warden-server.conf and warden-client.conf in warden-server/etc/
directory after installation. For more information about post-installation
steps see INSTALL file.
Although this is the Warden server package it also contains several
functions (for administration and maintenance) that are strictly
client-side in a way the Warden system handles functions. Therefore you have
to check both server and client config files to make sure your installation
of the Warden server was successful and complete.
SOAP protocol is used for handling communication between server and clients.
Therefore, correct URI of Warden server must be set.
Authentication of clients and server is performed using client and server
SSL certificates. Both clients and server must have valid certificate.
Configuration files contain following parameters:
a) warden-client.conf:
URI - URI Warden server
e.g. 'https://warden.server.com:443/Warden'
SSL_KEY_FILE - path to a host key file,
e.g. '/etc/ssl/private/warden.server.com.key'
SSL_CERT_FILE - path to a host certificate file,
e.g. '/etc/ssl/certs/warden.server.com.pem'
SSL_CA_FILE - path to a CA file
e.g. '/etc/ssl/certs/tcs-ca-bundle.pem'
b) warden-server.conf
The Warden server configuration file contains:
BASEDIR - base directory of the Warden server
e.g. /opt/warden-server/
FACILITY - syslog facility
e.g. local7
DB_NAME - MySQL database name of Warden server
e.g. warden
DB_USER - MySQL database user of Warden server
e.g. warden
DB_PASS - MySQL database password of Warden server
DB_HOST - MySQL database host
e.g. localhost
MAX_EVENTS_LIMIT - maximum number of events that can be downloaded from Warden server
in a single getNewEvents client function call
e.g. 2000000
c) warden-apache.conf
The Apache2 configuration file for Warden server
SSLEngine on
SSLVerifyDepth 3
SSLVerifyClient require
SSLOptions +StdEnvVars +ExportCertData
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile <path_to_server_certificate>
SSLCertificateKeyFile <path_to_server_certificate_key>
SSLCACertificateFile <path_to_CA_certificate>
PerlOptions +Parent
PerlSwitches -I <path_to_warden_server_libs>
<Location /Warden>
SetHandler perl-script
PerlHandler Warden::ApacheDispatch
SSLOptions +StdEnvVars
</Location>
5. Usage of install.sh
Usage: $ ./install.sh [-d <directory>] [-k <ssl_key_file>]
[-c <ssl_cert_file>] [-a <ssl_ca_file>] [-hV]"
-d <directory> installation directory (default: /opt)
-k <ssl_key_file> SSL certificate key file path
-c <ssl_cert_file> SSL certificate file path
-a <ssl_ca_file> CA certificate file path
-h print this help
-V print script version number and exit
Example: $ ./install.sh -d /opt -k /etc/ssl/private/server.key
-c /etc/ssl/certs/server.pem
-a /etc/ssl/certs/bundle.pem
6. Usage of uninstall.sh
Usage: $ ./uninstall.sh [-d <directory>] [-hV]
-d <directory> uninstallation directory (default: /opt)
-h print this help
-V print script version number and exit
Example: # ./uninstall.sh -d /opt
--------------------------------------------------------------------------------
D. Miscellaneous
1. Error Messages
Error messages of the server functions are sent via Syslog.
Default is local7 facility.
2. Firewall Settings
Make sure that the TCP port listed in /etc/apache2/sites-enables/default
is allowed on your firewall.
3. Privileges
The Warden server runs only under root privileges.
4. Known Issues
No issues are known.
--------------------------------------------------------------------------------
E. Registration of Clients
The Warden server administrator is responsible for registering new clients or
removing those already registered. Both registration or unregistration scripts
are provided in the Warden server package. Those scripts should be run from
localhost (the same machine the Warden server is installed and running on).
Members of Warden community who would like to have their client registered must
contact the Warden server administrator with the requirement. This is usually
done via secured e-mail. Requestor should provide all important data to the
Warden server administrator so that the client can be successfully registered.
1. Register Sender
New sender clients are registered in Warden system via registerSender.pl.
Following attributes must be provided in order to register new client
successfully:
hostname - hostname of the client,
requestor - organization or authorized person who demands new
client registration,
service - name of the service of a new registered client,
description_tags - tags describing the nature of the service,
ip_net_client - CIDR the client is only allowed to communicate from.
One can run registerSender.pl with -h argument to see a help.
2. Register Receiver
New receiver clients are registered in Warden system via
registerReceiver.pl.
Following attributes must be provided in order to register new client
successfully:
hostname - hostname of the client,
requestor - organization or authorized person who demands new
client registration,
type - the type of events the client wish to receive or '_any_'
for receiving of all types of events,
receive_own_events - boolean value describing if events originating from
the same CIDR will be sent to the client,
ip_net_client - CIDR the client is only allowed to communicate from.
One can run registerReceiver.pl with -h argument to see a help.
3. Unregister Client
In the Warden system, already registered clients can be removed
(unregistered) via unregisterClient.pl.
Following attribute must be provided in order to unregister existing client
successfully:
client_id - ID of the client that should be removed (unregistered).
One can run unregisterClient.pl with -h argument to see a help.
The process of unregistration deletes this client from clients table in DB.
But all messages stored by this client (considering "sender" client) are not
deleted, they are merely set 'invalid' in DB table events.
--------------------------------------------------------------------------------
F. Status Info
Functions in this section show status of the Warden server and active
(registered) clients to the Warden system administrator.
Similarly to (un)registration, these functions should be run from
localhost (e. g. from the same machine the Warden server is installed and
running on).
1. Get Status
Function getStatus is accessible via getStatus.pl. Function has no input
parameters and returns info about the Warden server and its DB status.
2. Get Clients
Function getClients is accessible via getClients.pl. Function has no input
parameters and returns detailed information about all registered clients.
--------------------------------------------------------------------------------
Copyright (C) 2011-2012 Cesnet z.s.p.o
src/warden-server/doc/warden.mysql deleted 100644 → 0
View file @ 032d8560
-- MySQL dump 10.11
--
-- Host: localhost Database: warden
-- ------------------------------------------------------
-- Server version 5.0.51a-24+lenny3
/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
/*!40101 SET NAMES utf8 */;
/*!40103 SET @OLD_TIME_ZONE=@@TIME_ZONE */;
/*!40103 SET TIME_ZONE='+00:00' */;
/*!40014 SET @OLD_UNIQUE_CHECKS=@@UNIQUE_CHECKS, UNIQUE_CHECKS=0 */;
/*!40014 SET @OLD_FOREIGN_KEY_CHECKS=@@FOREIGN_KEY_CHECKS, FOREIGN_KEY_CHECKS=0 */;
/*!40101 SET @OLD_SQL_MODE=@@SQL_MODE, SQL_MODE='NO_AUTO_VALUE_ON_ZERO' */;
/*!40111 SET @OLD_SQL_NOTES=@@SQL_NOTES, SQL_NOTES=0 */;
--
-- Current Database: `warden`
--
CREATE DATABASE /*!32312 IF NOT EXISTS*/ `warden` /*!40100 DEFAULT CHARACTER SET latin1 */;
USE `warden`;
--
-- Table structure for table `clients`
--
DROP TABLE IF EXISTS `clients`;
SET @saved_cs_client = @@character_set_client;
SET character_set_client = utf8;
CREATE TABLE `clients` (
`client_id` int(11) NOT NULL auto_increment,
`hostname` varchar(256) default NULL,
`registered` timestamp NOT NULL default CURRENT_TIMESTAMP on update CURRENT_TIMESTAMP,
`requestor` varchar(256) default NULL,
`service` varchar(64) default NULL,
`client_type` varchar(1) default NULL,
`type` varchar(64) default NULL,
`receive_own_events` varchar(1) default NULL,
`description_tags` varchar(256) default NULL,
`ip_net_client` varchar(256) default NULL,
PRIMARY KEY (`client_id`)
) ENGINE=MyISAM AUTO_INCREMENT=1 DEFAULT CHARSET=latin1;
SET character_set_client = @saved_cs_client;
--
-- Table structure for table `events`
--
DROP TABLE IF EXISTS `events`;
SET @saved_cs_client = @@character_set_client;
SET character_set_client = utf8;
CREATE TABLE `events` (
`id` int(11) NOT NULL auto_increment,
`hostname` varchar(256) default NULL,
`service` varchar(64) default NULL,
`detected` timestamp NOT NULL default CURRENT_TIMESTAMP on update CURRENT_TIMESTAMP,
`received` timestamp NOT NULL default '0000-00-00 00:00:00',
`type` varchar(64) default NULL,
`source_type` varchar(64) default NULL,
`source` varchar(256) default NULL,
`target_proto` varchar(16) default NULL,
`target_port` int(2) default NULL,
`attack_scale` int(4) default NULL,
`note` text,
`priority` int(1) default NULL,
`timeout` int(2) default NULL,
`valid` varchar(1) default NULL,
PRIMARY KEY (`id`)
) ENGINE=MyISAM AUTO_INCREMENT=1 DEFAULT CHARSET=latin1;
SET character_set_client = @saved_cs_client;
/*!40103 SET TIME_ZONE=@OLD_TIME_ZONE */;
/*!40101 SET SQL_MODE=@OLD_SQL_MODE */;
/*!40014 SET FOREIGN_KEY_CHECKS=@OLD_FOREIGN_KEY_CHECKS */;
/*!40014 SET UNIQUE_CHECKS=@OLD_UNIQUE_CHECKS */;
/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;
/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
/*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */;
-- Dump completed on 2012-03-22 15:29:35
src/warden-server/etc/package_version deleted 100644 → 0
View file @ 032d8560
warden-server-2.0