WardenClientSend.pm

#!/usr/bin/perl -w
#
# WardenClientSend.pm
#
# Copyright (C) 2011-2012 Cesnet z.s.p.o
#
# Use of this source is governed by a BSD-style license, see LICENSE file.  

package WardenClientSend;

use strict;
use SOAP::Lite;
use IO::Socket::SSL qw(debug1);
use SOAP::Transport::HTTP;
use Sys::Syslog;

our $VERSION = "2.0"; #first iteration after 'port to Apache'

#----- global configuration variables - default initialization -----------------
our $LOG_STDERR = 1;

our $LOG_SYSLOG = 0;
our $LOG_SYSLOG_FACILITY;

our $LOG_VERBOSE = 0;
#----- end of configuration variables ------------------------------------------

#-------------------------------------------------------------------------------
# saveNewEvent - send new event from detection scripts to warden server
#-------------------------------------------------------------------------------
sub saveNewEvent
{
  my $result;

  eval {
    my $warden_path = shift;
    my $event_ref = shift;

    my $etcdir = $warden_path . "/etc/";
    my $libdir = $warden_path . "/lib/";

    # read the config file
    require $libdir .  "WardenClientConf.pm";
    my $conf_file = $etcdir . "warden-client.conf";
    my ($uri, $ssl_key_file, $ssl_cert_file, $ssl_ca_file, $max_rcv_events_limit);
    ($uri, $ssl_key_file, $ssl_cert_file, $ssl_ca_file, $max_rcv_events_limit, $LOG_STDERR, $LOG_SYSLOG, $LOG_SYSLOG_FACILITY) = WardenClientConf::loadConf($conf_file);

    # prepare variables of event 
    my @event         = @{$event_ref};
    my $service		    = $event[0];
    my $detected		  = $event[1];
    my $type		      = $event[2];
    my $source_type	  = $event[3];
    my $source		    = $event[4];
    my $target_proto	= $event[5];
    my $target_port	  = $event[6];
    my $attack_scale	= $event[7];
    my $note		      = $event[8];
    my $priority		  = $event[9];
    my $timeout		    = $event[10];

    # create SOAP data object
    my $event = SOAP::Data->name(
      event => \SOAP::Data->value(
        SOAP::Data->name(SERVICE		  => $service),
        SOAP::Data->name(DETECTED		  => $detected),
        SOAP::Data->name(TYPE	    	  => $type),
        SOAP::Data->name(SOURCE_TYPE  => $source_type),
        SOAP::Data->name(SOURCE		    => $source),
        SOAP::Data->name(TARGET_PROTO	=> $target_proto),
        SOAP::Data->name(TARGET_PORT	=> $target_port),
        SOAP::Data->name(ATTACK_SCALE	=> $attack_scale),
        SOAP::Data->name(NOTE		      => $note),
        SOAP::Data->name(PRIORITY     => $priority),
        SOAP::Data->name(TIMEOUT		  => $timeout)
      )
    );

    $result = WardenClientConf::c2s($uri, $ssl_key_file, $ssl_cert_file, $ssl_ca_file, "saveNewEvent", $event);
  } # End of eval block
  or do { 
    
    if ($LOG_STDERR) {
      print STDERR "Warden-client unexpected end in eval block.\n" . $@ . "\n";
    }

    if ($LOG_SYSLOG) {
      openlog("Warden-client:", "pid", "$LOG_SYSLOG_FACILITY");
      syslog("err|$LOG_SYSLOG_FACILITY", "Warden-client unexpected end in eval block.\n" . $@ . "\n");
      closelog();
    }

    return 0;
  };
  
  $result ? return 1 : return 0;  
  
} # End of saveNewEvent

1;