diff --git a/src/warden-server/sh/update.sh b/src/warden-server/sh/update.sh new file mode 100755 index 0000000000000000000000000000000000000000..21f0a7fbc102bd59f83dad0e4a8c431b8118783b --- /dev/null +++ b/src/warden-server/sh/update.sh @@ -0,0 +1,434 @@ +#!/bin/bash +# +# update.sh +# +# Copyright (C) 2011-2012 Cesnet z.s.p.o +# +# Use of this source is governed by a BSD-style license, see LICENSE file. + + +VERSION="2.1" + +#------------------------------------------------------------------------------- +# FUNCTIONS +#------------------------------------------------------------------------------- +usage() +{ + echo "Usage: `basename $0` [-d <directory>] [-hV]" + echo "-d <directory> destination directory (default: /opt)" + echo "-h print this help" + echo "-V print script version number and exit" + echo + echo "Example: # ./`basename $0` -d /opt" + echo + echo "Note: You must be root for running this script." + echo " For more information about update process, see README file (section Update)." + echo + exit 0 +} + + +version() +{ + echo "`basename ${0}` - current version is $VERSION" + exit 0 +} + + +err() +{ + echo "FAILED!" + cat $err + rm -rf $err + rm -rf $backup_dir + echo + echo "Update from $old_package_version to $package_version package FAILED!!!" + exit 1 +} + + +err_clean() +{ + echo "FAILED!" + echo " -> Reverting changes of Warden server package ... OK" + rm -rf ${server_path}/* > /dev/null 2>&1 + cp -R ${backup_dir}/* $server_path + cat $err + rm -rf $err $backup_dir + echo + echo "Update from $old_package_version to $package_version package FAILED!!!" + exit 1 +} + + +root_chck() +{ + if [ $UID -ne 0 ]; then + echo "You must be root for running this script!" + exit 1 + fi +} + + +params_chck() +{ + if [ -z $prefix ]; then + prefix=/opt + echo "Warning: parameter -d <directory> is not set - default update directory is ${prefix}!" + fi +} + + +obtain_package_version() +{ + if [ -f $old_package_version_file ]; then + old_package_version=`cat $old_package_version_file` + if [ "$old_package_version" == "$package_version" ]; then + echo "Sorry, but $package_version package is already installed!" + exit 1 + fi + else + echo "Sorry, but Warden server package is not installed!" + echo "For installation of Warden server package please use install.sh script." + exit 1 + fi +} + + +perl_chck() +{ + echo -n "Checking Perl interpreter ... " + if which perl 1> /dev/null; then + echo "OK" + else + echo "FAILED!" + echo "Error: Perl interpreter is not installed!" + exit 1 + fi +} + + +modules_chck() +{ + for module in ${modules[@]}; + do + echo -n "Checking $module module ... " + if perl -e "use $module" 2> $err; then + echo "OK" + else + err + fi + done +} + + +warden_dir_chck() +{ + echo -n "Checking Warden server directory ... " + if [ ! -d $server_path ]; then + echo "FAILED!" + ls $server_path + exit 1 + else + echo "OK" + fi +} + + +backup() +{ + echo -n "Backing-up Warden server directory ... " + mkdir $backup_dir + if cp -R ${server_path}/* $backup_dir 2> $err; then + echo "OK" + else + err + fi +} + + +obtain_warden_user() +{ + echo -n "Obtaining Warden server directory owner ... " + if user=`stat -c %U $server_conf_file` 2> $err; then + echo "OK" + else + err + fi +} + + +update_warden_dir() +{ + echo -n "Updating Warden server directory ... " + if rsync -q --recursive --archive --delete --exclude='etc' --exclude='sh' ${dirname}/warden-server $prefix 2> $err; then + echo "OK" + else + err_clean + fi + cp ${dirname}/warden-server/etc/package_version $etc + cp ${dirname}/uninstall.sh $server_path +} + + +update_conf_files() +{ + echo "Updating $apache_conf_file ... " + + ssl_certificate_file=`cat $apache_conf_file | grep 'SSLCertificateFile'` + ssl_certificate_key_file=`cat $apache_conf_file | grep 'SSLCertificateKeyFile'` + ssl_ca_certificate_file=`cat $apache_conf_file | grep 'SSLCACertificateFile'` + perl_switches=`cat $apache_conf_file | grep 'PerlSwitches'` + + echo "# +# warden-apache.conf - configuration file for the Apache server +# + +SSLEngine on + +SSLVerifyDepth 3 +SSLVerifyClient require +SSLOptions +StdEnvVars +ExportCertData + +SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL + +$ssl_certificate_file +$ssl_certificate_key_file +$ssl_ca_certificate_file + +PerlOptions +Parent +$perl_switches + +<Location /Warden> + SetHandler perl-script + PerlHandler Warden::ApacheDispatch + SSLOptions +StdEnvVars +</Location> +" > $apache_conf_file 2> $err; ret_val=`echo $?` + + if [ $ret_val -eq 0 ]; then + echo "OK" + else + err_clean + fi + +#------------------------------------------------------------------------------- + + echo "Updating $client_conf_file ... " + + uri=`cat $client_conf_file | grep '$URI'` + ssl_key_file=`cat $client_conf_file | grep '$SSL_KEY_FILE'` + ssl_cert_file=`cat $client_conf_file | grep '$SSL_CERT_FILE'` + ssl_ca_file=`cat $client_conf_file | grep '$SSL_CA_FILE'` + + echo "# +# warden-client.conf - configuration file for registration and status clients +# + +#------------------------------------------------------------------------------- +# URI - URI address of Warden server +#------------------------------------------------------------------------------- +$uri + +#------------------------------------------------------------------------------- +# SSL_KEY_FILE - path to server SSL certificate key file +#------------------------------------------------------------------------------- +$ssl_key_file + +#------------------------------------------------------------------------------- +# SSL_CERT_FILE - path to server SSL certificate file +#------------------------------------------------------------------------------- +$ssl_cert_file + +#------------------------------------------------------------------------------- +# SSL_CA_FILE - path to CA certificate file +#------------------------------------------------------------------------------- +$ssl_ca_file +" > $client_conf_file 2> $err; ret_val=`echo $?` + + if [ $ret_val -eq 0 ]; then + echo "OK" + else + err_clean + fi + +#------------------------------------------------------------------------------- + + echo "Updating $server_conf_file ... " + + basedir=`cat $server_conf_file | grep '$BASEDIR'` + syslog=`cat $server_conf_file | grep '$SYSLOG' | head -n1` + if [ -z "$syslog" ]; then + syslog='$SYSLOG = 1;' + fi + syslog_verbose=`cat $server_conf_file | grep '$SYSLOG_VERBOSE'` + if [ -z "$syslog_verbose" ]; then + syslog_verbose='$SYSLOG_VERBOSE = 1;' + fi + syslog_facility=`cat $server_conf_file | grep '$SYSLOG_FACILITY'` + if [ -z "$syslog_facility" ]; then + syslog_facility=`cat $server_conf_file | grep '$FACILITY'` + else + syslog_facility='$SYSLOG_FACILITY = local7;' + fi + db_name=`cat $server_conf_file | grep '$DB_NAME'` + db_user=`cat $server_conf_file | grep '$DB_USER'` + db_pass=`cat $server_conf_file | grep '$DB_PASS'` + db_host=`cat $server_conf_file | grep '$DB_HOST'` + max_events_limit=`cat $server_conf_file | grep '$MAX_EVENTS_LIMIT'` + if [ -z "$max_events_limit" ]; then + max_events_limit='$MAX_EVENTS_LIMIT = 1000000;' + fi + valid_strings=`cat $server_conf_file | grep -A 3 '%VALID_STRINGS'` + if [ -z "$valid_strings" ]; then + valid_strings="\%VALID_STRINGS = ( + \'type\' => [\'portscan\', \'bruteforce\', \'probe\', \'spam\', \'phishing\', \'botnet_c_c\', \'dos\', \'malware\', \'copyright\', \'webattack\', \'test\', \'other\'], + \'source_type\' => [\'IP\', \'URL\', \'Reply-To:\'] +);" + fi + + echo "# +# warden-server.conf - configuration file for Warden server +# + +#------------------------------------------------------------------------------- +# BASEDIR - base directory of Warden server +#------------------------------------------------------------------------------- +$basedir + +#------------------------------------------------------------------------------- +# SYSLOG - enable/disable syslog logging +#------------------------------------------------------------------------------- +$syslog + +#------------------------------------------------------------------------------- +# SYSLOG_VERBOSE - enable/disable logging in verbose mode (stack info added) +#------------------------------------------------------------------------------- +$syslog_verbose + +#------------------------------------------------------------------------------- +# SYSLOG_FACILITY - syslog facility +#------------------------------------------------------------------------------- +$syslog_facility + +#------------------------------------------------------------------------------- +# DB_NAME - MySQL database name of Warden server +#------------------------------------------------------------------------------- +$db_name + +#------------------------------------------------------------------------------- +# DB_USER - MySQL database user of Warden server +#------------------------------------------------------------------------------- +$db_user + +#------------------------------------------------------------------------------- +# DB_PASS - MySQL database password of Warden server +#------------------------------------------------------------------------------- +$db_pass + +#------------------------------------------------------------------------------- +# DB_HOST - MySQL database host +#------------------------------------------------------------------------------- +$db_host + +#------------------------------------------------------------------------------- +# MAX_EVENTS_LIMIT - server limit of maximum number of events that can be +# delivered to one client in one batch +#------------------------------------------------------------------------------- +$max_events_limit + +#------------------------------------------------------------------------------- +# VALID_STRINGS - validation hash containing allowed event attributes +#------------------------------------------------------------------------------- +$valid_strings +" > $server_conf_file 2> $err; ret_val=`echo $?` + + if [ $ret_val -eq 0 ]; then + echo "OK" + else + err_clean + fi +} + + + +#------------------------------------------------------------------------------- +# MAIN +#------------------------------------------------------------------------------- + +# list of used Perl modules +modules=(SOAP::Lite SOAP::Transport::HTTP DBI DBD::mysql Format::Human::Bytes Sys::Syslog File::Basename Net::CIDR::Lite DateTime Getopt::Std Switch IO::Socket::SSL MIME::Base64 Crypt::X509 Carp) + +# read input +while getopts "d:Vh" options; do + case $options in + d ) prefix=$OPTARG;; + h ) usage;; + V ) version;; + * ) usage;; + esac +done + +# root test +root_chck + +# params test +params_chck + +# create variables +dirname=`dirname $0` +package_version=`cat ${dirname}/warden-server/etc/package_version` +[[ $prefix == */ ]] && prefix="${prefix%?}" # remove last char (slash) from prefix +server_path="${prefix}/warden-server" +etc="${server_path}/etc" +old_package_version_file="${etc}/package_version" +apache_conf_file="${etc}/warden-apache.conf" +client_conf_file="${etc}/warden-client.conf" +server_conf_file="${etc}/warden-server.conf" +err="/tmp/warden-err" +backup_dir="/tmp/warden-server-backup" + +# obtain version of old warden server +obtain_package_version + +echo +echo "------------------------- Dependencies check-in -------------------------" + +# Perl interpreter test +perl_chck + +# Perl modules test +modules_chck + +echo +echo "------------------------- Update process --------------------------------" + +# check warden server directory +warden_dir_chck + +# backup old warden server installation +backup + +# obtain current warden server user +obtain_warden_user + +# make warden server directory +update_warden_dir + +# create conf files +update_conf_files + +echo +echo "Please check configuration file in ${conf_file}!" +echo +echo "Warden server directory: $server_path" +echo +echo "Update from $old_package_version to $package_version package was SUCCESSFUL!!!" +echo +echo "Please follow post-update steps in ${dirname}/doc/UPDATE!" +echo + +# cleanup section +rm -rf $err $backup_dir + +exit 0