Skip to content
Snippets Groups Projects

Compare revisions

Changes are shown as if the source revision was being merged into the target revision. Learn more about comparing revisions.

Source

Select target project
No results found

Target

Select target project
  • 713/warden/warden
  • Pavel.Valach/warden
2 results
Show changes
Commits on Source (18)
---
server_admin: "{{ root@inventory_hostname }}"
warden_filer_bin_path: /opt/warden-filer
warden_filer_lib_path: /var/lib/warden_filer
warden_filer_run_path: /run/warden_filer
warden_client_cert_path: /etc/ssl/certs/warden.cert.pem
warden_client_key_path: /etc/ssl/private/warden.key.pem
warden_client_id_store: /var/lib/warden_filer/warden_filer.id
......
---
- name: Checkout Warden repository
git:
repo: https://homeproj.cesnet.cz/git/warden.git/
repo: https://gitlab.cesnet.cz/713/warden/warden.git
version: warden-client-3.0-beta3
dest: /tmp/warden_client_repository
- name: Create bin dir for warden_filer
file:
path: "{{ warden_filer_bin_path }}"
state: directory
owner: root
group: root
mode: "755"
- name: Create lib and run dir for warden_filer
file:
path: "{{ item }}"
state: directory
owner: "{{ warden_filer_uid }}"
group: "{{ warden_filer_gid }}"
mode: "755"
with_items:
- "{{ warden_filer_lib_path }}"
- "{{ warden_filer_run_path }}"
- name: Install Filer binaries
copy:
src: "/tmp/warden_client_repository/{{ src }}"
dest: "{{ warden_filer_bin_path }}/{{ dest }}"
remote_src: true
src: "/tmp/warden_client_repository/{{ item.src }}"
dest: "{{ warden_filer_bin_path }}/{{ item.dest }}"
mode: "755"
with_items:
- src: warden_client/warden_client.py
dest: warden_client.py
......@@ -17,15 +38,26 @@
- src: warden_filer/check_file_count
dest: check_file_count
- name: Link Filer binary to /usr/local/bin
file:
src: "{{ warden_filer_bin_path }}/warden_filer.py"
dest: "/usr/local/bin/warden_filer.py"
state: link
owner: root
group: root
mode: "755"
- name: Install Warden Filer config
template:
src: "{{ item }}"
dest: "/{{ item }}"
with_items:
- etc/warden_filer.cfg
- etc/defaults/warden_filer_receiver
- etc/default/warden_filer_receiver
- name: Install Warden Filer init script
copy:
remote_src: true
src: /tmp/warden_client_repository/warden_filer/warden_filer_receiver
dest: /etc/init.d/warden_filer_receiver
mode: "755"
---
- name: Checkout Warden repository
git:
repo: https://homeproj.cesnet.cz/git/warden.git/
repo: https://gitlab.cesnet.cz/713/warden/warden.git
version: warden-server-3.0-beta3
dest: /tmp/warden_server_repository
......
......@@ -22,10 +22,7 @@ def main(args):
banners = [{'name': banner_name_en, 'database' : "Database Size:", 'events' : "Number of Events:", 'senders' : "Number of Senders:", 'receivers' : "Number of Receivers:", 'created' : "Banner Created:"}, {'name': banner_name_cz, 'database' : "Velikost databáze:", 'events' : "Suma všech událostí:", 'senders' : "Odesílající klienti:", 'receivers' : "Přijímající klienti:", 'created' : "Banner vytvořen:"}]
# We have DB credentials
user = "warden"
password = "w4rd3n&u53r"
database = "warden3"
host = "localhost"
host, database, user, password = sys.argv[1:]
db = MySQLdb.connect(host = host, user = user, passwd = password, db = database)
cursor = db.cursor()
......
......@@ -20,7 +20,7 @@
<script src="https://d3js.org/d3.v3.min.js"></script>
<script src="https://d3js.org/topojson.v1.min.js"></script>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js"></script>
<script src="./js/datamaps.world.hires.min.js"></script>
<script src="./js/datamaps.world.min.js"></script>
<script src="./js/warden-map.js"></script>
<!--
......
......@@ -53,7 +53,7 @@ C.1. Event description format
IDEA - Intrusion Detection Extensible Alert, flexible extensible format
for security events, see:
https://csirt.cesnet.cz/IDEA
https://idea.cesnet.cz/
C.2. Event serial ID
......
......@@ -470,6 +470,18 @@ def get_configs():
def get_uid_gid(str_id, get_nam_func):
if str_id:
try:
id = int(str_id)
except ValueError:
id = get_nam_func(str_id)[2]
else:
id = None
return id
if __name__ == "__main__":
args = get_args()
......@@ -482,12 +494,17 @@ if __name__ == "__main__":
try:
if args.daemon:
from pwd import getpwnam
from grp import getgrnam
uid = get_uid_gid(fconfig.get("uid"), getpwnam)
gid = get_uid_gid(fconfig.get("gid"), getgrnam)
daemonize(
work_dir = fconfig.get("work_dir", "."),
chroot_dir = fconfig.get("chroot_dir"),
umask = fconfig.get("umask"),
uid = fconfig.get("uid"),
gid = fconfig.get("gid"),
uid = uid,
gid = gid,
pidfile = args.pid_file,
files_preserve = get_logger_files(wclient.logger),
signals = {
......
......@@ -23,9 +23,6 @@ import subprocess
import shlex
import tempfile
import M2Crypto
# *ph* server vulnerable to logjam, local openssl too new, use hammer to disable Diffie-Helmann
import ssl
ssl._DEFAULT_CIPHERS += ":!DH"
import ejbcaws
......@@ -253,7 +250,13 @@ class EjbcaRegistry(OpenSSLRegistry):
subjectDN = self.subject_dn_template % client.name
)
edata["subjectAltName"] = ",".join(("RFC822NAME=%s" % a for a in client.admins))
edata["status"] = self.status_str_to_ejbca.get(client.status, edata["status"])
try:
edata["status"] = self.status_str_to_ejbca.get(client.status)
except KeyError:
# Unknown status - either came from EJBCA and translated to
# "Other", or something wrong came in later. Let's just
# keep original EJBCA status unchanged.
pass
if client.pwd:
edata["password"] = client.pwd
edata["clearPwd"] = True
......
......@@ -8,11 +8,15 @@ import sys
import warnings
from os import path
from copy import deepcopy
import unittest2 as unittest
import MySQLdb as my
from warden_server import build_server
import warden_server
if sys.version_info >= (3, 10):
import unittest
else:
import unittest2 as unittest
if sys.version_info[0] >= 3:
from io import StringIO
else:
......@@ -408,8 +412,9 @@ def init_user():
conn = None
try:
conn = my.connect(user='root', passwd=getpass.getpass('Enter MySQL Root password:'))
with conn as cur: # Not a canonical connector implementation, for sure
cur.execute("GRANT SELECT, INSERT, UPDATE, CREATE, DELETE, DROP ON *.* TO %s@'localhost' IDENTIFIED BY %s", (USER, PASSWORD))
with conn.cursor() as cur:
cur.execute("CREATE USER IF NOT EXISTS %s@'localhost' IDENTIFIED BY %s", (USER, PASSWORD))
cur.execute("GRANT SELECT, INSERT, UPDATE, CREATE, DELETE, DROP ON *.* TO %s@'localhost'", (USER,))
conn.commit()
print("DB User set up successfuly")
except my.OperationalError as ex:
......
......@@ -493,7 +493,7 @@ class MySQL(ObjectBase):
with io.open(tagmap_filename, "r", encoding="utf-8") as tagmap_fd:
self.tagmap = json.load(tagmap_fd)
self.tagmap_other = self.catmap["Other"] # Catch error soon, avoid lookup later
self.tagmap_other = self.tagmap["Other"] # Catch error soon, avoid lookup later
self.con = None
......@@ -714,10 +714,11 @@ class MySQL(ObjectBase):
if group or nogroup:
subquery = []
for name in (group or nogroup):
subquery.append("c.name = %s") # exact client
escaped_name = name.replace('&', '&&').replace("_", "&_").replace("%", "&%") # escape for LIKE
subquery.append("c.name = %s") # exact client
params.append(name)
subquery.append("c.name LIKE %s") # whole subtree
params.append(name + ".%")
subquery.append("c.name LIKE CONCAT(%s, '.%%') ESCAPE '&'") # whole subtree
params.append(escaped_name)
query.append(" AND %s (%s)" % (self._get_not(group), " OR ".join(subquery)))
......@@ -1095,6 +1096,7 @@ class WardenHandler(ObjectBase):
if self.get_events_limit:
count = min(count, self.get_events_limit)
count = max(0, count)
res = self.db.fetch_events(self.req.client, id, count, cat, nocat, tag, notag, group, nogroup)
......