Skip to content
Snippets Groups Projects
Commit 078fc14f authored by Tomáš Plesník's avatar Tomáš Plesník
Browse files

pridana podpora pro stahovani vsechny typu zprav pomoci ridiciho prikazu '_any_'

parent eb47e923
No related branches found
No related tags found
No related merge requests found
2012-00-00 v.2.1 stable version
-------------------------------
- receiving of all types of messages now supported
2012-07-27 v.2.0 stable version and bugfix release of warden-client-2.0.0-beta 2012-07-27 v.2.0 stable version and bugfix release of warden-client-2.0.0-beta
------------------------------------------------------------------------------ ------------------------------------------------------------------------------
- Sender client code fixed, so that it will not terminate "parent" - Sender client code fixed, so that it will not terminate "parent"
......
...@@ -138,6 +138,7 @@ D. Types of events ...@@ -138,6 +138,7 @@ D. Types of events
* test - clients can use these at will when debugging/testing, these * test - clients can use these at will when debugging/testing, these
messages will be processed and stored, but ignored later messages will be processed and stored, but ignored later
* other - the rest, uncategorizable yet * other - the rest, uncategorizable yet
* _any_ - clients can use these for receiving of all types of messages
In case of complex scenarios with structured info more events with In case of complex scenarios with structured info more events with
particular parts of information can be created. particular parts of information can be created.
......
2012-00-00 v2.1 stable version
------------------------------
- receiving of all types of messages now supported
2012-07-27 v2.0 stable version 2012-07-27 v2.0 stable version
------------------------------ ------------------------------
- MySQL database engine used - MySQL database engine used
...@@ -7,6 +12,7 @@ ...@@ -7,6 +12,7 @@
- added automatic reconnect to DB - added automatic reconnect to DB
- other minor bugs and issues fixed - other minor bugs and issues fixed
2012-03-02 v0.1.0 beta version 2012-03-02 v0.1.0 beta version
------------------------------ ------------------------------
- initial release of the Warden server - initial release of the Warden server
......
+----------------------------+ +----------------------------+
| README - Warden Server 2.0 | | README - Warden Server 2.1 |
+----------------------------+ +----------------------------+
Content Content
...@@ -23,7 +23,7 @@ A. Overall Information ...@@ -23,7 +23,7 @@ A. Overall Information
2. Version 2. Version
2.0 (2012-07-27) 2.1 (2012-00-00)
3. Package structure 3. Package structure
...@@ -87,11 +87,11 @@ C. Installation ...@@ -87,11 +87,11 @@ C. Installation
1. Check SHA1 checksum of the Warden server package archive. 1. Check SHA1 checksum of the Warden server package archive.
$ sha1sum -c warden-server-2.0.tar.gz.sig $ sha1sum -c warden-server-2.1.tar.gz.sig
2. Untar it. 2. Untar it.
$ tar xzvf warden-server-2.0.tar.gz $ tar xzvf warden-server-2.1.tar.gz
3. Run install.sh. 3. Run install.sh.
......
...@@ -20,7 +20,7 @@ use DateTime; ...@@ -20,7 +20,7 @@ use DateTime;
use MIME::Base64; use MIME::Base64;
use Crypt::X509; use Crypt::X509;
our $VERSION = "2.0"; our $VERSION = "2.1";
################################################################################ ################################################################################
...@@ -128,15 +128,14 @@ sub getAltNames ...@@ -128,15 +128,14 @@ sub getAltNames
sub authorizeClient sub authorizeClient
{ {
my ($alt_names, $ip, $service_type, $client_type, $function_name) = @_; my ($alt_names, $ip, $service_type, $client_type, $function_name) = @_;
my $sth; my $sth;
# obtain cidr based on rigth common name and alternate names, service and client_type # obtain cidr based on rigth common name and alternate names, service and client_type
if($function_name eq 'saveNewEvent') { if($function_name eq 'saveNewEvent') {
$sth = $DBH->prepare("SELECT hostname, ip_net_client, receive_own_events $sth = $DBH->prepare("SELECT hostname, ip_net_client, receive_own_events
FROM clients WHERE hostname IN ($alt_names) AND service = ? AND client_type = ? FROM clients WHERE hostname IN ($alt_names) AND service = ? AND client_type = ?
ORDER BY SUBSTRING_INDEX(ip_net_client,'/', -1) DESC;"); ORDER BY SUBSTRING_INDEX(ip_net_client,'/', -1) DESC;");
} } elsif($function_name eq 'getNewEvents') {
elsif($function_name eq 'getNewEvents') {
$sth = $DBH->prepare("SELECT hostname, ip_net_client, receive_own_events $sth = $DBH->prepare("SELECT hostname, ip_net_client, receive_own_events
FROM clients WHERE hostname IN ($alt_names) AND type = ? AND client_type = ? FROM clients WHERE hostname IN ($alt_names) AND type = ? AND client_type = ?
ORDER BY SUBSTRING_INDEX(ip_net_client,'/', -1) DESC;"); ORDER BY SUBSTRING_INDEX(ip_net_client,'/', -1) DESC;");
...@@ -160,7 +159,7 @@ sub authorizeClient ...@@ -160,7 +159,7 @@ sub authorizeClient
$correct_ip_source = 1; $correct_ip_source = 1;
last; last;
} }
}; }
# check if client is registered # check if client is registered
if ($sth->rows == 0) { if ($sth->rows == 0) {
...@@ -177,7 +176,7 @@ sub authorizeClient ...@@ -177,7 +176,7 @@ sub authorizeClient
} }
return %ret; return %ret;
} } # END of authorizeClient
################################################################################ ################################################################################
...@@ -215,15 +214,12 @@ sub saveNewEvent ...@@ -215,15 +214,12 @@ sub saveNewEvent
my $priority = $data->{'PRIORITY'}; my $priority = $data->{'PRIORITY'};
my $timeout = $data->{'TIMEOUT'}; my $timeout = $data->{'TIMEOUT'};
my %client = authorizeClient($alt_names, $ip, $service, $client_type, 'saveNewEvent'); my %client = authorizeClient($alt_names, $ip, $service, $client_type, 'saveNewEvent');
if(defined %client) { if(defined %client) {
# insert new events into DB # insert new events into DB
$sth=$DBH->prepare("INSERT INTO events VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?);"); $sth=$DBH->prepare("INSERT INTO events VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?);");
if (!defined $sth) { die("Cannot do insert statement in saveNewEvent: $DBI::errstr\n") } if (!defined $sth) { die("Cannot do insert statement in saveNewEvent: $DBI::errstr\n") }
$sth->execute(undef, $client{'dns'}, $service, $detected, $received, $type, $source_type, $source, $target_proto, $target_port, $attack_scale, $note, $priority, $timeout, $valid); $sth->execute(undef, $client{'dns'}, $service, $detected, $received, $type, $source_type, $source, $target_proto, $target_port, $attack_scale, $note, $priority, $timeout, $valid);
return 1; return 1;
} }
} # END of saveNewEvent } # END of saveNewEvent
...@@ -242,21 +238,31 @@ sub getNewEvents ...@@ -242,21 +238,31 @@ sub getNewEvents
my $cn = $ENV{'SSL_CLIENT_S_DN_CN'}; my $cn = $ENV{'SSL_CLIENT_S_DN_CN'};
my $alt_names = getAltNames(undef); my $alt_names = getAltNames(undef);
my $ip = $ENV{'REMOTE_ADDR'}; my $ip = $ENV{'REMOTE_ADDR'};
my $client_type = "r"; # incoming client MUST be sender my $client_type = "r"; # incoming client MUST be sender
# parse SOAP data object # parse SOAP data object
my $requested_type = $data->{'REQUESTED_TYPE'}; my $requested_type = $data->{'REQUESTED_TYPE'};
my $last_id = $data->{'LAST_ID'}; my $last_id = $data->{'LAST_ID'};
my %client = authorizeClient($alt_names, $ip, $requested_type, $client_type, 'getNewEvents'); my %client = authorizeClient($alt_names, $ip, $requested_type, $client_type, 'getNewEvents');
if(defined %client) { if(defined %client) {
# check if client want your own events or not if ($client{'receive_own'} eq 't') { # check if client want your own events or not
if ($client{'receive_own'} eq 't') { if ($requested_type eq '_any_') { # check if client want each or only one type of messages
$sth = $DBH->prepare("SELECT * FROM events WHERE type != 'test' AND id > ? AND valid = 't' ORDER BY id ASC;");
if (!defined $sth) {die("Cannot prepare ROE-ANY statement in getNewEvents: $DBI::errstr\n")}
$sth->execute($last_id);
} else {
$sth = $DBH->prepare("SELECT * FROM events WHERE type != 'test' AND id > ? AND type = ? AND valid = 't' ORDER BY id ASC;"); $sth = $DBH->prepare("SELECT * FROM events WHERE type != 'test' AND id > ? AND type = ? AND valid = 't' ORDER BY id ASC;");
if (!defined $sth) {die("Cannot prepare ROE statement in getNewEvents: $DBI::errstr\n")} if (!defined $sth) {die("Cannot prepare ROE statement in getNewEvents: $DBI::errstr\n")}
$sth->execute($last_id, $requested_type); $sth->execute($last_id, $requested_type);
}
} else {
if ($requested_type eq '_any_') {
$sth = $DBH->prepare("SELECT * FROM events WHERE type != 'test' AND id > ? AND valid = 't' AND hostname NOT LIKE ? ORDER BY id ASC;");
if (!defined $sth) {die("Cannot prepare ANY statement in getNewEvents: $DBI::errstr\n")}
my ($domain) = $cn =~ /([^\.]+\.[^\.]+)$/;
$domain = '\%' . $domain;
$sth->execute($last_id, $domain);
} else { } else {
$sth = $DBH->prepare("SELECT * FROM events WHERE type != 'test' AND id > ? AND type = ? AND valid = 't' AND hostname NOT LIKE ? ORDER BY id ASC;"); $sth = $DBH->prepare("SELECT * FROM events WHERE type != 'test' AND id > ? AND type = ? AND valid = 't' AND hostname NOT LIKE ? ORDER BY id ASC;");
if (!defined $sth) {die("Cannot prepare statement in getNewEvents: $DBI::errstr\n")} if (!defined $sth) {die("Cannot prepare statement in getNewEvents: $DBI::errstr\n")}
...@@ -264,6 +270,7 @@ sub getNewEvents ...@@ -264,6 +270,7 @@ sub getNewEvents
$domain = '\%' . $domain; $domain = '\%' . $domain;
$sth->execute($last_id, $requested_type, $domain); $sth->execute($last_id, $requested_type, $domain);
} }
}
# parse items of events stored in DB # parse items of events stored in DB
while (my @result = $sth->fetchrow()) { while (my @result = $sth->fetchrow()) {
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment