WardenClientReceive.pm

#!/usr/bin/perl -w
#                                                                    
# WardenClientReceive.pm
#
# Copyright (C) 2011-2012 Cesnet z.s.p.o
#
# Use of this source is governed by a BSD-style license, see LICENSE file.  

package WardenClientReceive;

use strict;
use SOAP::Lite;
use IO::Socket::SSL qw(debug1);
use SOAP::Transport::HTTP;
use FindBin;
use Carp;
use Sys::Syslog;

our $VERSION = "2.0";

#----- global configuration variables -----------------------------------------
our $LOG_STDERR = 1;

our $LOG_SYSLOG = 0;
our $LOG_SYSLOG_FACILITY;

our $LOG_VERBOSE = 0;
#----- end of configuration variables ------------------------------------------

#-------------------------------------------------------------------------------
# errMsg - print error message and die
#-------------------------------------------------------------------------------
sub errMsg
{
  my $msg = "Error message: " . shift;

  if ($LOG_VERBOSE) { # user wants to log debug information
    $msg .= "\nStack info: " . Carp::longmess();
  }

  die($msg . "\n");
} # End of errMsg


#-------------------------------------------------------------------------------
# c2s - connect to server, send request and receive response
#-------------------------------------------------------------------------------
sub c2s 
{
  my $uri		= shift;
  my $ssl_key_file	= shift;
  my $ssl_cert_file	= shift;
  my $ssl_ca_file	= shift;
  my $method		= shift;
  my $data		= shift;

  my $client;
  my ($server, $port, $service) = $uri =~ /https:\/\/(.+)\:(\d+)\/(.+)/;
  if (!($client = SOAP::Transport::HTTP::Client->new())) {
    errMsg("Sorry, unable to create socket: " . &SOAP::Transport::HTTP::Client::errstr)
  }
  $client->timeout(10);
  $client->ssl_opts(verify_hostname     => 1,
		    SSL_use_cert        => 1,
		    SSL_verify_mode     => 0x02,
		    SSL_key_file        => $ssl_key_file,
		    SSL_cert_file       => $ssl_cert_file,
		    SSL_ca_file         => $ssl_ca_file);

  # setting of URI and serialize SOAP envelope and data object
  my $soap     = SOAP::Lite->uri($service)->proxy($uri);
  my $envelope;
  if (!defined $data) {
    $envelope = $soap->serializer->envelope(method => $method);
  } else {
    $envelope = $soap->serializer->envelope(method => $method, $data);
  }

  # setting of TCP URI and send serialized SOAP envelope and data
  my $server_uri = "https://$server:$port/$service";
  my $result = $client->send_receive(envelope => $envelope, endpoint => $server_uri);

  # check server response
  if (!defined $result) {
    errMsg("Error: server returned empty response." . "\n" . "Problem with used SSL ceritificates or Warden server at $server:$port is down.");
  } else {
    # deserialized response from server -> create SOAP envelope and data object
    my $response;
    
    # test
    errMsg("test error in c2s()");

    eval {
      $response = $soap->deserializer->deserialize($result);
    } or errMsg($@ . "Received data: " . $result);
    # check SOAP fault status
    $response->fault ? errMsg("Server sent error message:: " . $response->faultstring) : return $response;
  }
}


#-------------------------------------------------------------------------------
# getNewEvents - get new events from warden server greater than last received ID
#-------------------------------------------------------------------------------
sub getNewEvents
{
  my @events;  

  eval {

    my $warden_path = shift;
    my $requested_type = shift;

    my $vardir = $warden_path . "/var/";
    my $etcdir = $warden_path . "/etc/";
    my $libdir = $warden_path . "/lib/";

    # read the config file
    require $libdir .  "WardenClientConf.pm";
    my $conf_file = $etcdir . "warden-client.conf";
    my ($uri, $ssl_key_file, $ssl_cert_file, $ssl_ca_file, $max_rcv_events_limit);
    ($uri, $ssl_key_file, $ssl_cert_file, $ssl_ca_file, $max_rcv_events_limit, $LOG_STDERR, $LOG_SYSLOG, $LOG_SYSLOG_FACILITY, $LOG_VERBOSE) = WardenClientConf::loadConf($conf_file);

    # test
    # errMsg("testovaci error\n");

    # set name of ID file for each client aplication 
    my $caller_name = $FindBin::Script;
    my $id_file = $vardir . $caller_name . ".id";

    #-----------------------------------------------------------------------------
    # get last ID from ID file (if exist) or
    # get last ID from warden server DB and save it into ID file
    my $last_id;
    if (-e $id_file) {
      open(ID, "< $id_file") || errMsg("Cannot open ID file $id_file: $!");
      foreach(<ID>) {
        $last_id = $_;
      }
      close ID;
    } else {
      my $response = c2s($uri, $ssl_key_file, $ssl_cert_file, $ssl_ca_file, "getLastId");
      $last_id = $response->result;
      open(ID, "> $id_file") || die ("Cannot open ID file $id_file: $!");
      print ID $last_id;
      close ID;
    }

    #-----------------------------------------------------------------------------
    # get new events from warden server DB based on gathered last ID 

    # create SOAP data obejct
    my $request_data = SOAP::Data->name(
      request => \SOAP::Data->value(
        SOAP::Data->name(REQUESTED_TYPE 		=> $requested_type),
        SOAP::Data->name(LAST_ID        		=> $last_id),
        SOAP::Data->name(MAX_RCV_EVENTS_LIMIT 	=> $max_rcv_events_limit)
      )
    );
  
    # call server method getNewEvents 
    my $response = c2s($uri, $ssl_key_file, $ssl_cert_file, $ssl_ca_file, "getNewEvents", $request_data);

    # parse returned SOAP data object
    my ($id, $hostname, $service, $detected, $type, $source_type, $source, $target_proto, $target_port, $attack_scale, $note, $priority, $timeout);
#    my @events;
    my @response_list = $response->valueof('/Envelope/Body/getNewEventsResponse/event/');
    while (scalar @response_list) {
      my $response_data = shift(@response_list);
      my @event;

      # parse items of one event
      $id			= $response_data->{'ID'};
      $hostname		= $response_data->{'HOSTNAME'};
      $service		= $response_data->{'SERVICE'};
      $detected		= $response_data->{'DETECTED'};
      $type		= $response_data->{'TYPE'};
      $source_type	= $response_data->{'SOURCE_TYPE'};
      $source		= $response_data->{'SOURCE'};
      $target_proto	= $response_data->{'TARGET_PROTO'};
      $target_port	= $response_data->{'TARGET_PORT'};
      $attack_scale	= $response_data->{'ATTACK_SCALE'};
      $note		= $response_data->{'NOTE'};
      $priority		= $response_data->{'PRIORITY'};
      $timeout		= $response_data->{'TIMEOUT'};

      # push new event from warden server into @events which is returned
      @event = ($id, $hostname, $service, $detected, $type, $source_type, $source, $target_proto, $target_port, $attack_scale, $note, $priority, $timeout);
      push (@events, \@event);
 
      # set maximum received ID from current batch
      if ($id > $last_id) {
  	    $last_id = $id;
      }
    } #end of while loop

    # write last return ID
    if (defined $last_id) { # must be defined for first check ID
      open(ID, "> $id_file") || die ("Cannot open ID file $id_file: $!");
      print ID $last_id;
      close ID;
    }
  } # End of eval block
  or do {
   
    if ($LOG_STDERR) {
      print STDERR "(STDERR)Warden-client unexpected end in eval block.\n" . $@ . "\n";
    }
    
    if ($LOG_SYSLOG) {
      #TODO: zapis do syslogu, ne STDERR
      print STDERR "(SYSLOG)Warden-client unexpected end in eval block.\n" . $@ . "\n";

      # openlog("Warden:", "pid", "$LOG_SYSLOG_FACILITY");
      # syslog("err|$LOG_SYSLOG_FACILITY", "Warden-client unexpected end in eval block.\n" . $@ . "\n");
      # closelog();
    }
    return;
  };

  return @events;

} # End of getNewEvents

1;