zmena na staticke nacitani konfiguracniho souboru; validace logovacich a...

zmena na staticke nacitani konfiguracniho souboru; validace logovacich a chybovech hlasek; pridana moznost vypnout kontrolni hash VALID_STRING pomoci jejiho zakomentovani v konfiguracnim souboru; odstranena puvodni sendMsg, nepojeno na WardenCommon::sendMsg; pridano automaticke prenastaveni vybranych polozek udalosti na undef, pokud nejsou cele cislo

zmena na staticke nacitani konfiguracniho souboru; validace logovacich a...
0d1d4deb · Tomáš Plesník · ebe3059f · 0d1d4deb
Commit 0d1d4deb authored Jan 29, 2013 by Tomáš Plesník
--- a/src/warden-server/lib/Warden.pm
+++ b/src/warden-server/lib/Warden.pm
@@ -19,12 +19,20 @@ use MIME::Base64;
 use Crypt::X509;
 use SOAP::Lite;
 use Carp;
-use FindBin qw($RealBin $RealScript);
-use lib "$FindBin::RealBin/../lib";
+use File::Basename;
+
+my $basedir = "/opt/warden-server/";
+use lib $basedir . "lib";
 use WardenCommon;

+
+
+################################################################################
+#				VARIABLES
+################################################################################
 our $VERSION = "2.2";
-my $etc = "$FindBin::RealBin/../etc";
+my $etc = $basedir . "etc";
+our $FILENAME = File::Basename::basename($0);



@@ -40,7 +48,7 @@ our $DB_USER		= undef;
 our $DB_PASS		= undef;
 our $DB_HOST		= undef;
 our $MAX_EVENTS_LIMIT	= 1000000; 	# default value
-our %VALID_STRINGS	= undef;
+our %VALID_STRINGS	= ();		# inicialization of empty hash

 # load set variables by user
 unless (do $conf_file) {
@@ -52,42 +60,30 @@ unless (do $conf_file) {


 ################################################################################
-#				VARIABLES
+#				DB CONNECT
 ################################################################################
 our $DBH = DBI->connect("DBI:mysql:database=$DB_NAME;host=$DB_HOST", $DB_USER, $DB_PASS, {RaiseError => 1, mysql_auto_reconnect => 1})
           || die "Could not connect to database: $DBH->errstr";


+
 ################################################################################
-#				LOCAL FUNCTIONS
+#				FUNCTIONS
 ################################################################################

 #-------------------------------------------------------------------------------
-# sendMsg - sent message to syslog (SYS::Syslog) and to client (SOAP::Fault)
-#
-# Args:	(SYSLOG severity, SYSLOG msg, SOAP msg)
+# sendMsg - wrapper for more complex WardenCommon::sendMsg function
 #-------------------------------------------------------------------------------
 sub sendMsg
 {
  my $severity          = shift;
  my $syslog_msg        = shift;
  my $soap_msg          = shift;
-  my $filename		= $RealScript;

-  if ($SYSLOG_VERBOSE == 1 && ($severity eq "err" || $severity eq "debug")) {
-    $syslog_msg .= "\nStack info: " . Carp::longmess();
+  WardenCommon::sendMsg($SYSLOG, $SYSLOG_VERBOSE, $SYSLOG_FACILITY, $severity,
+			$syslog_msg, $soap_msg, $FILENAME);
 }

-  if ($SYSLOG == 1 && defined $severity && defined $syslog_msg) {
-    Sys::Syslog::openlog($filename, "cons,pid", $SYSLOG_FACILITY);
-    Sys::Syslog::syslog("$severity", "$syslog_msg");
-    Sys::Syslog::closelog();
-  }
-
-  if (defined $soap_msg) {die SOAP::Fault->faultstring($soap_msg)};
-  }
-} # End of sendMsg
-

 #-------------------------------------------------------------------------------
 # getAltNames - parse Alternate names from SSL certifiate
@@ -138,7 +134,7 @@ sub authorizeClient
  if (!defined $sth) {
    sendMsg("err",
            "Cannot prepare authorization statement in $function_name: $DBH->errstr",
-	   "Internal 'prepare' server error")
+	    "Internal 'prepare' server error");
  }

  # execute query for two or none params functions
@@ -169,16 +165,16 @@ sub authorizeClient
  # check if client is registered
  if ($sth->rows == 0) {
    sendMsg("err",
-           "Unauthorized access to function '$function_name' from: '$ip'; CN(AN): $alt_names; used service: '$service_type' - client is not registered",
-           "Access denied - client is not registered at warden server $ENV{'SERVER_NAME'}");
+            "Unauthorized access to function '$function_name' from [IP: '$ip'; CN(AN): $alt_names; Client_type: '$client_type'; Service/Type: '$service_type'] - client is not registered at Warden server '$ENV{'SERVER_NAME'}'",
+            "Access denied - client is not registered at Warden server '$ENV{'SERVER_NAME'}'");
    return undef;
  }

  # check if client has IP from registered CIDR
  if (!$correct_ip_source) {
    sendMsg ("err",
-            "Unauthorized access to function '$function_name' from: '$ip'; CN(AN): $alt_names; used service: '$service_type' - access from bad subnet: Registered subnet '$ret{'cidr'}'",
-            "Access denied - access to $ENV{'SERVER_NAME'} from unauthorized subnet");
+             "Unauthorized access to function '$function_name' from [IP: '$ip'; CN(AN): $alt_names; Client_type: '$client_type'; Service/Type: '$service_type'] - access to Warden server '$ENV{'SERVER_NAME'}' from another subnet than '$ret{'cidr'}'",
+             "Access denied - access to Warden server '$ENV{'SERVER_NAME'}' from unauthorized subnet '$ret{'cidr'}'");
    return undef;
  }

@@ -225,36 +221,35 @@ sub saveNewEvent

  my %client = authorizeClient($alt_names, $ip, $service, $client_type, $function_name);
  if (defined %client) {
+    if (%VALID_STRINGS) {	# check if hash is not empty - use VALIDATION HASH
      if (!(exists $VALID_STRINGS{'type'} && grep $type eq $_, @{$VALID_STRINGS{'type'}})) {
        sendMsg("err",
-             "Unknown event type - client from: '$ip'; CN(AN): $alt_names; used type: '$type'",
-             "Unknown event type '$type'");
+                "Unknown event type from [IP: '$ip'; CN(AN): $alt_names; Service: '$service'; Type: '$type']",
+	        "Unknown event type: '$type'");
      } elsif (!(exists $VALID_STRINGS{'source_type'} && grep $source_type eq $_, @{$VALID_STRINGS{'source_type'}})) {
        sendMsg("err",
-             "Unknown source type - client from: '$ip'; CN(AN): $alt_names; used source_type: '$source_type'",
-             "Unknown source type '$source_type'");
+                "Unknown source type from [IP '$ip'; CN(AN): $alt_names; Service: '$service'; Source_type: '$source_type']",
+                "Unknown source type: '$source_type'");
+      }
+    }
    # http://my.safaribooksonline.com/book/programming/regular-expressions/9780596802837/4dot-validation-and-formatting/id2983571
-    } elsif ($detected !~ /^((?:[1-9][0-9]*)?[0-9]{4})-(1[0-2]|0[1-9])-(3[0-1]|0[1-9]|[1-2][0-9])T(2[0-3]|[0-1][0-9]):([0-5][0-9]):([0-5][0-9])(\.[0-9]+)?(Z|[+-](?:2[0-3]|[0-1][0-9]):[0-5][0-9])?/) {
-      sendMsg("err",
-             "Unknown detected time format - client from: '$ip'; CN(AN): $alt_names; used detected: '$detected'",
-             "Unknown detected time format '$detected'");
-    } elsif ($target_port !~ /^\d+\z/ && defined $target_port) {
-      sendMsg("err",
-             "Unknown target port - client from: '$ip'; CN(AN): $alt_names; used target_port: '$target_port'",
-             "Unknown target port '$target_port'");
-    } elsif ($attack_scale !~ /^\d+\z/ && defined $attack_scale) {
+    if ($detected !~ /^((?:[1-9][0-9]*)?[0-9]{4})-(1[0-2]|0[1-9])-(3[0-1]|0[1-9]|[1-2][0-9])T(2[0-3]|[0-1][0-9]):([0-5][0-9]):([0-5][0-9])(\.[0-9]+)?(Z|[+-](?:2[0-3]|[0-1][0-9]):[0-5][0-9])?/) {
      sendMsg("err",
-             "Unknown attack scale - client from: '$ip'; CN(AN): $alt_names; used attack_scale: '$attack_scale'",
-             "Unknown attack scale '$attack_scale'");
-    } elsif ($priority !~ /^\d+\z/ && defined $priority) {
-      sendMsg("err",
-             "Unknown priority - client from: '$ip'; CN(AN): $alt_names; used priority: '$priority'",
-             "Unknown priority '$priority'");
-    } elsif ($timeout !~ /^\d+\z/ && defined $timeout) {
-      sendMsg("err",
-             "Unknown timeout - client from: '$ip'; CN(AN): $alt_names; used timeout: '$timeout'",
-             "Unknown timeout '$timeout'");
-    } else {
+              "Unknown detected time format from [IP: '$ip'; CN(AN): $alt_names; Service: '$service'; Detected: '$detected']",
+              "Unknown detected time format: '$detected'");
+    }
+    if ($target_port !~ /^\d+\z/) {
+      $target_port = undef;
+    }
+    if ($attack_scale !~ /^\d+\z/) {
+      $attack_scale = undef;
+    }
+    if ($priority !~ /^\d+\z/) {
+      $priority = undef;
+    }
+    if ($timeout !~ /^\d+\z/) {
+      $timeout = undef;
+    }
    $sth=$DBH->prepare("INSERT INTO events VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?);");
    if (!defined $sth) {
      sendMsg("err",
@@ -264,7 +259,6 @@ sub saveNewEvent
    $sth->execute(undef, $client{'dns'}, $service, $detected, $received, $type, $source_type, $source, $target_proto, $target_port, $attack_scale, $note, $priority, $timeout, $valid);
    return 1;
  }
-  }
 } # END of saveNewEvent


@@ -382,11 +376,11 @@ sub getNewEvents
    if (scalar @events != 0) {
      if (scalar @ids == 1) {
        sendMsg("info",
-	       "Sent 1 event [#$ids[0]] to '$ip' [CN(AN): $alt_names], client_limit: '$max_rcv_events_limit', requested_type: '$requested_type'",
+	        "Sent 1 event [#$ids[0]] to [IP: '$ip'; CN(AN): $alt_names; Client_limit: '$max_rcv_events_limit', Requested_type: '$requested_type']",
 	        undef);
      } else {
        sendMsg("info",
-	       "Sent " . scalar @ids . " events [#$ids[0] - #$ids[-1]] to '$ip' [CN(AN): $alt_names], client_limit: '$max_rcv_events_limit', requested_type: '$requested_type'",
+                "Sent " . scalar @ids . " events [#$ids[0] - #$ids[-1]] to [IP: '$ip'; CN(AN): $alt_names, Client_limit: '$max_rcv_events_limit', Requested_type: '$requested_type']",
 	        undef);
      }
    }
@@ -485,7 +479,7 @@ sub getClientInfo
    }
    my $sum = scalar @clients;
    sendMsg("info",
-            "Sending information about '$sum' registered clients from $ENV{'SERVER_NAME'}",
+            "Sent information about $sum registered clients from Warden server '$ENV{'SERVER_NAME'}'",
            undef);
    return @clients;
  }