diff --git a/packages/build-client.sh b/packages/build-client.sh
index d85f748bb8c233e20a01c852572927202a3b5ebb..f2f3f1db295a2f63669655d7f2f3770b857f5627 100755
--- a/packages/build-client.sh
+++ b/packages/build-client.sh
@@ -27,7 +27,7 @@ err()
#-------------------------------------------------------------------------------
# edit when you build new package
-version="2.1"
+version="2.2-beta"
package_name="warden-client"
package="${package_name}-${version}"
diff --git a/src/warden-client/doc/CHANGELOG b/src/warden-client/doc/CHANGELOG
index e66cbe3bd60c54364c5c223046b2c0acb108c37f..e70b8163d0e953e2408634d5e8abbcd7dfcf3b23 100644
--- a/src/warden-client/doc/CHANGELOG
+++ b/src/warden-client/doc/CHANGELOG
@@ -1,10 +1,17 @@
+2012-12-?? v.2.2-beta version
+--------------------------------------------------------------------------------
+- Added support of connection timeout interval (#925)
+- Added new getClientInfo() function allowing the client to see (#609)
+ information regarding other involved clients
+- Enhanced handling of errors. Die() functions are removed from (#599)
+ the code, errors are handled using return values.
+
2013-02-05 v.2.1 stable
-----------------------
- Minor changes in documentation
-
2012-11-05 v.2.1-beta version
--------------------------------
+--------------------------------------------------------------------------------
- Added WardenClientCommon.pm package containing error-handling and
connect-to-server functions
- Installation of Warden client does not require copying of certificates
@@ -22,13 +29,13 @@
2012-07-27 v.2.0 stable version and bugfix release of warden-client-2.0.0-beta
-------------------------------------------------------------------------------
+--------------------------------------------------------------------------------
- Sender client code fixed, so that it will not terminate "parent"
application when crashed
2012-05-10 v.2.0.0-beta beta version of warden-client-2.0.0
------------------------------------------------------------
+--------------------------------------------------------------------------------
- Changed communication with server: HTTP layer added (compatible with
Apache mod_perl version of Warden server)
- Removed Linux version check in install.sh, unistall.sh and update.sh
@@ -36,7 +43,7 @@
2012-03-30 v1.2.0 stable version and bugfix release of warden-client-1.1.0
---------------------------------------------------------------------------
+--------------------------------------------------------------------------------
- Fixed SSL certificate/key access privileges security issue
- Fixed client crash after multiple events download
- Fixed install.sh crash when warden client installation dictionary doesn't exist
@@ -46,7 +53,7 @@
2012-02-06 v1.1.0 stable version and bugfix release of warden-client-1.0.0
---------------------------------------------------------------------------
+--------------------------------------------------------------------------------
- Fixed bug when receiving of events
- Fixed earlier declaration in same scope of variable $data
- Fixed errMsg function -> finishing by the die function
@@ -59,7 +66,7 @@
2011-11-16 v1.0.0 stable version
---------------------------------
+--------------------------------------------------------------------------------
- Initial package of warden client
- SSL certificate authentication/authorization supported
- Automatized installation process
diff --git a/src/warden-client/doc/README b/src/warden-client/doc/README
index 71caccfef12a29fc9f9d77e132dd64a270da3595..038a9a3da8c4a2a8427ac97c1da33f719110fb0d 100644
--- a/src/warden-client/doc/README
+++ b/src/warden-client/doc/README
@@ -159,6 +159,21 @@ D. Update (Update of previously installed the Warden client package)
Note: You must be root for running this script.
+ 6. Note that unlike version 2.1, in 2.2 the name of the file in which id of
+ the last received message is stored have changed. Previously, name was
+ "CALLER_NAME.id" (where CALLER_NAME is the name of calling script),
+ whereas now name contains name of requested message type
+ "CALLER_NAME-TYPE.id".
+
+ Should you want to continue downloading events where previous version
+ left off, you will have to rename the file by hand.
+
+ For example, where name of the file was "./var/example-receiver.pl.id"
+ and downloaded type was "portscan", new name should be
+ "./var/example-receiver.pl-portscan.id". If caller passes undef as
+ requested type to receive all types, new name should be
+ "./var/example-receiver.pl-any.id"
+
--------------------------------------------------------------------------------
E. Uninstallation
@@ -224,6 +239,14 @@ F. Configuration
your Warden server administrator if you need to know Warden server batch
limits.
+ Option CONNECTION_TIMEOUT was added to prevent some troubles when receiving
+ large batches of new data. Default value is 60 seconds.
+
+ CONNECTION_TIMEOUT - interval in seconds to timeout connection with Warden
+ server. If your client timeouts, consider using higher
+ timeout number. Also, in case of receiving clients, you
+ can optimize the MAX_RCV_EVENTS_LIMIT value.
+
Since Warden client 2.1 there is also possibility to log status and other
information either to STDERR of Syslog.
@@ -422,11 +445,15 @@ I. Functions, Arguments and Calls
$note = "this threat is dangerous";
# PRIORITY - INT 1
+ # Note: Currently obsolete (although still supported). Will be removed in
+ # warden-client 3.0!
# Subjective definition of incident severity. Values 0-255 are
# possible where 0 is the lowest priority or 'undef'.
$priority = "1";
# TIMEOUT - INT 2
+ # Note: Currently obsolete (although still supported). Will be removed in
+ # warden-client 3.0!
# Subjective time (in minutes) or 'undef'. After this time event might be
# considered timeouted.
$timeout = "20";
diff --git a/src/warden-client/doc/command-line-sender.pl b/src/warden-client/doc/command-line-sender.pl
new file mode 100755
index 0000000000000000000000000000000000000000..75fce01dd9b0c5a99a47571bed8d8bab4ffc4385
--- /dev/null
+++ b/src/warden-client/doc/command-line-sender.pl
@@ -0,0 +1,95 @@
+#!/usr/bin/perl -w
+#
+# Copyright (C) 2011-2013 Cesnet z.s.p.o
+#
+# Use of this source is governed by a BSD-style license, see LICENSE file.
+
+use strict;
+use DateTime;
+use Getopt::Long;
+
+#-------------------------------------------------------------------------------
+# Warden 2.2. Command-line Client, Sender
+#
+# Command-line warden-client sender. For detailed info how to use particular
+# variables and/or values see warden-client/doc/README file.
+#-------------------------------------------------------------------------------
+
+#-------------------------------------------------------------------------------
+# Preparation of event attributes.
+
+# Mandatory attributes
+my $opt_s; # service
+my $opt_t = "" . DateTime->from_epoch(epoch => time()) . ""; # time of detection
+my $opt_e; # type of detected event
+my $opt_o; # event source type
+
+# Optional attributes
+my $opt_v = ""; # event source value
+my $opt_p = ""; # target protocol
+my $opt_r = ""; # target port
+my $opt_a = ""; # attack scale
+my $opt_n = ""; # note
+
+# Other attributes
+my $opt_w = "../../warden-client"; # path to warden directory
+my $opt_h; # display help
+
+# Check whether mandatory fields are given. Otherwise print help and exit.
+if (!GetOptions("service|s=s" => \$opt_s,
+ "timestamp|t=s" => \$opt_t,
+ "event-type|e=s" => \$opt_e,
+ "source-type|o=s" => \$opt_o,
+ "source-value|v=s" => \$opt_v,
+ "proto|p=s" => \$opt_p,
+ "port|r=i" => \$opt_r,
+ "attack-scale|a=i" => \$opt_a,
+ "note|n=s" => \$opt_n,
+ "warden-dir|w=s" => \$opt_w,
+ "help|h" => \$opt_h) ||
+ !defined($opt_s) || !defined($opt_e) || !defined($opt_o) ||
+ $opt_h) {
+ print "\nAbout command-line-sender.pl\n";
+ print "\n Script is supposed to be used as a simple command-line warden client that can send one event to the warden server at a time. For more information about the Warden system and it's events' structure, please see warden-client/doc/README file.\n";
+ print "\nUsage:\n\n ./command-line-sender.pl -s <service> -e <event_type> -o <source_type> [-t <timestamp_of_detection>] [-v <source>] [-p <protocol>] [-r <port>] [-a <attack_scale>] [-n <note>] [-w <warden_directory>] [-h]\n";
+ print "\nArguments:\n\n";
+ print " -s SERVICE, --service=SERVICE - Name of detection service\n\n";
+ print " -e EVENT_TYPE, --event-type=EVENT_TYPE - Type of detected event\n\n";
+ print " -o SOURCE_TYPE, --source-type=SOURCE_TYPE - Type of detected event\'s source\n\n";
+ print "\n";
+ print "Optional (but important) arguments:\n\n";
+ print " -t TIMESTAMP, --timestamp=TIMESTAMP - Timestamp of detection.\n";
+ print " Default is current system time (" . DateTime->from_epoch(epoch => time()) . ")\n\n";
+ print " -v SOURCE_VALUE, --source-value=SOURCE_VALUE - Source of detected event\n\n";
+ print " -p PROTO, --proto=PROTO - Protocol\n\n";
+ print " -r PORT, --port=PORT - Port\n\n";
+ print " -a ATTACK_SCALE, --attack-scale=ATTACK_SCALE - Scale of detected event\n\n";
+ print " -n NOTE, --note=NOTE - Note, comment or other data\n\n";
+ print " -w WARDEN_DIR, --warden-dir=WARDEN_DIR - Path to the warden-client directory. Default is \'../../warden-client\'\n\n";
+ print " -h, --help - Print help\n\n";
+
+ print "\nExample #1: ./command-line-sender.pl -s PhishTracker -e webattack -o URL -v 123.123.098.098 -p TCP -r 443 -a 100 -n \"important notice\"\n";
+ print "\nExample #2: ./command-line-sender.pl --service=ScanGuardian --event-type=portscan --source-type=IP --timestamp=\"2013-04-25T13:36:31\" --source-value=\"123.123.1.23\" --proto=TCP --port=25 --attack-scale=1234 --note=\"The very first run of ScanGuardian :)\" --warden-dir \"/opt/warden/warden-client\"\n";
+
+ print "\nNOTE: For more information how to use particular values see warden-client/doc/README file.\n\n";
+
+ exit 0;
+}
+
+
+my @event = ($opt_s, $opt_t, $opt_e, $opt_o, $opt_v,
+ $opt_p, $opt_r, $opt_a, $opt_n);
+
+#-------------------------------------------------------------------------------
+# Use of warden-client sender.
+
+# Path to warden-client folder
+my $warden_path = $opt_w;
+
+# Inclusion of warden-client sender module
+require $warden_path . '/lib/WardenClientSend.pm';
+
+# Sending event to Warden server
+WardenClientSend::saveNewEvent($warden_path, \@event);
+
+exit 0;
diff --git a/src/warden-client/doc/example-info.pl.txt b/src/warden-client/doc/example-info.pl.txt
new file mode 100755
index 0000000000000000000000000000000000000000..f84e263b306845a96a4afad6cf1be34e197ad9ec
--- /dev/null
+++ b/src/warden-client/doc/example-info.pl.txt
@@ -0,0 +1,48 @@
+#!/usr/bin/perl -w
+#
+# Copyright (C) 2011-2013 Cesnet z.s.p.o
+#
+# Use of this source is governed by a BSD-style license, see LICENSE file.
+
+use strict;
+
+#------------------------------------------------------------------------------
+# Warden 2.2 Client, Info, Example
+#
+# Simple use of warden-client Info functionality to receive information about
+# client registered to Warden server. This code illustrates how to integrate
+# warden-client info functionality into local applications.
+#------------------------------------------------------------------------------
+
+#------------------------------------------------------------------------------
+# This code should developer add into his/her application.
+
+# Path to warden-client directory
+my $warden_path = '/home/soukal/pokus/warden/warden-client/';
+
+# Inclusion of warden-client receiving functionality
+require $warden_path . '/lib/WardenClientCommon.pm';
+
+my @clients = WardenClientCommon::getClientsInfo($warden_path) or exit 1; # receive data or exit
+
+print "+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+\n";
+print "| Client ID | Hostname | Registered | Requestor | Service | CT | Type | ROE | Description tags | IP Net Client |\n";
+print "+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+\n";
+
+foreach (@clients) {
+ printf("| %-10s ", $_->{'client_id'} || "NULL");
+ printf("| %-30s ", $_->{'hostname'} || "NULL");
+ printf("| %19s ", $_->{'registered'} || "NULL");
+ printf("| %-23s ", $_->{'requestor'} || "NULL");
+ printf("| %-25s ", $_->{'service'} || "NULL");
+ printf("| %-2s ", $_->{'client_type'} || "NULL");
+ printf("| %-15s ", $_->{'type'} || "NULL");
+ printf("| %-4s ", $_->{'receive_own_events'} || "NULL");
+ printf("| %-50s ", $_->{'description_tags'} || "NULL");
+ printf("| %-18s |\n", $_->{'ip_net_client'} || "NULL");
+}
+print "+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+\n";
+print "\n";
+print "Current registered clients in: " . scalar localtime(time) . "\n";
+
+exit 0;
diff --git a/src/warden-client/doc/example-receiver.pl.txt b/src/warden-client/doc/example-receiver.pl.txt
index 090e9a9d4d9fb5289814f12d708eed811bd475ee..55076103b0b847098d5e26450cfffb22e97d149a 100755
--- a/src/warden-client/doc/example-receiver.pl.txt
+++ b/src/warden-client/doc/example-receiver.pl.txt
@@ -7,7 +7,7 @@
use strict;
#------------------------------------------------------------------------------
-# Warden 2.1 Client, Receiver, Example
+# Warden 2.2 Client, Receiver, Example
#
# Simple use of warden-client receiver functionality to download new events
# from # Warden server. This code illustrates how to integrate warden-client
@@ -18,7 +18,7 @@ use strict;
# This code should developer add into his/her application.
# Path to warden-client directory
-my $warden_path = '/opt/warden-client/';
+my $warden_path = '/home/soukal/pokus/warden/warden-client/';
# Inclusion of warden-client receiving functionality
require $warden_path . '/lib/WardenClientReceive.pm';
diff --git a/src/warden-client/doc/example-sender-random.pl.txt b/src/warden-client/doc/example-sender-random.pl.txt
new file mode 100755
index 0000000000000000000000000000000000000000..07a9e77493949e7dd9cf5cbf476802c8fa726e36
--- /dev/null
+++ b/src/warden-client/doc/example-sender-random.pl.txt
@@ -0,0 +1,119 @@
+#!/usr/bin/perl -w
+#
+# sender.pl
+#
+# Copyright (C) 2011-2012 Cesnet z.s.p.o
+# Author(s): Tomas PLESNIK <plesnik@ics.muni.cz>
+# Jan SOUKAL <soukal@ics.muni.cz>
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in
+# the documentation and/or other materials provided with the
+# distribution.
+# 3. Neither the name of the Cesnet z.s.p.o nor the names of its
+# contributors may be used to endorse or promote products derived from
+# this software without specific prior written permission.
+#
+# This software is provided ``as is'', and any express or implied
+# warranties, including, but not limited to, the implied warranties of
+# merchantability and fitness for a particular purpose are disclaimed.
+# In no event shall the Cesnet z.s.p.o or contributors be liable for
+# any direct, indirect, incidental, special, exemplary, or consequential
+# damages (including, but not limited to, procurement of substitute
+# goods or services; loss of use, data, or profits; or business
+# interruption) however caused and on any theory of liability, whether
+# in contract, strict liability, or tort (including negligence or
+# otherwise) arising in any way out of the use of this software, even
+# if advised of the possibility of such damage.
+#
+
+use Switch;
+use strict;
+use DateTime;
+
+my $warden_path = '/home/soukal/pokus/warden-2.2-beta-package/warden-client-2.2-beta-installation-3/dummy/foo/whatever/warden-client';
+require $warden_path . '/lib/WardenClientSend.pm';
+
+my $service = "test";
+# service is needed in authorization process of the client,
+# therefore it can not be set randomly
+#switch (int(rand(3) + 0.5)) {
+# case 1 { $service = 'ScanDetector'; }
+# case 2 { $service = 'PhiGaro'; }
+# case 3 { $service = 'HoneyScan'; }
+# }
+
+my $detected = DateTime->from_epoch(epoch => time());
+
+my $type = "";
+switch (int(rand(10) + 0.5)) {
+ case 1 { $type = 'portscan'; }
+ case 2 { $type = 'bruteforce'; }
+ case 3 { $type = 'spam'; }
+ case 4 { $type = 'phishing'; }
+ case 5 { $type = 'botnet_c_c'; }
+ case 6 { $type = 'dos'; }
+ case 7 { $type = 'malware'; }
+ case 8 { $type = 'copyright'; }
+ case 9 { $type = 'webattack'; }
+ case 10 { $type = 'other'; }
+ }
+
+my $source_type = "";
+switch (int(rand(3) + 0.5)) {
+ case 1 { $source_type = 'IP'; }
+ case 2 { $source_type = 'URL'; }
+ case 3 { $source_type = 'Reply-To:'; }
+ }
+
+my $source = (int(rand(254) + 0.5) + 1) . "." . (int(rand(254) + 0.5) + 1) . "." . (int(rand(254) + 0.5) + 1) . "." . (int(rand(254) + 0.5) + 1);
+
+my $target_proto = "";
+switch (int(rand(2) + 0.5)) {
+ case 1 { $target_proto = 'TCP'; }
+ case 2 { $target_proto = 'UDP'; }
+ }
+
+my $target_port = "";
+switch (int(rand(6) + 0.5)) {
+ case 1 { $target_port = '22'; }
+ case 2 { $target_port = '23'; }
+ case 3 { $target_port = '25'; }
+ case 4 { $target_port = '443'; }
+ case 5 { $target_port = '3389'; }
+ case 6 { $target_port = 'null'; }
+ }
+
+my $attack_scale = (int(rand(100000) + 0.5) + 1000);
+
+my $note = "tohle je takova normalni jednoducha poznamka";
+
+my $priority = int(rand(255) + 0.5);
+
+my $timeout = int(rand(255) + 0.5);
+
+
+my @event = (
+ $service, # $service
+ "$detected", # $detected
+ $type, # $type
+ $source_type, # $source_type
+ $source, # $source
+ $target_proto, # $target_proto
+ $target_port, # $target_port
+ $attack_scale, # $attack_scale
+ $note, # $note
+ $priority, # $priority
+ $timeout, # $timeout
+ );
+
+WardenClientSend::saveNewEvent($warden_path, \@event);
+
+#foreach (@event) {
+# print "$_\n";
+#}
diff --git a/src/warden-client/doc/example-sender.pl.txt b/src/warden-client/doc/example-sender.pl.txt
index 40af31a0b048fb37204e076a8e64c59c7a514fd4..e123eaf1a41fe8791f07ae9bf73eeb23b872aa17 100755
--- a/src/warden-client/doc/example-sender.pl.txt
+++ b/src/warden-client/doc/example-sender.pl.txt
@@ -8,7 +8,7 @@ use strict;
use DateTime;
#-------------------------------------------------------------------------------
-# Warden 2.1. Client, Sender, Example
+# Warden 2.2. Client, Sender, Example
#
# Sample script using warden-client sending functionality. This example is not
# intended to be a standalone script. It only shows how to use warden-client
@@ -23,7 +23,7 @@ use DateTime;
my $local_detected = DateTime->from_epoch(epoch => time());
-my $service = "ScanDetector";
+my $service = "test";
my $detected = "$local_detected";
my $type = "portscan";
my $source_type = "IP";
@@ -32,8 +32,8 @@ my $target_proto = "TCP";
my $target_port = "22";
my $attack_scale = "1234567890";
my $note = "important note or comment";
-my $priority = undef;
-my $timeout = "20";
+my $priority = 1;
+my $timeout = 20;
my @event = ($service, $detected, $type, $source_type, $source,
$target_proto, $target_port, $attack_scale, $note,
@@ -45,12 +45,15 @@ my @event = ($service, $detected, $type, $source_type, $source,
# (with corresponding paths appropriately changed).
# Path to warden-client folder
-my $warden_path = '/opt/warden-client';
+my $warden_path = '/home/soukal/pokus/warden/warden-client';
# Inclusion of warden-client sender module
require $warden_path . '/lib/WardenClientSend.pm';
# Sending event to Warden server
-WardenClientSend::saveNewEvent($warden_path, \@event);
+for (my $i = 0; $i < 10; $i++) {
+ print "Sending $i-st event on server\n";
+ WardenClientSend::saveNewEvent($warden_path, \@event);
+ }
exit 0;
diff --git a/src/warden-client/etc/package_version b/src/warden-client/etc/package_version
index b0e13726b780dad53fd80e1534c75ee691e0d022..12155bef209c7a3acec4c0bba730374d14316ca9 100644
--- a/src/warden-client/etc/package_version
+++ b/src/warden-client/etc/package_version
@@ -1 +1 @@
-warden-client-2.1
+warden-client-2.2
diff --git a/src/warden-client/etc/warden-client.conf b/src/warden-client/etc/warden-client.conf
index a58d30bd8e688630132ffd3c64ac777c95a050f2..34a06b1418631e32d139b3477bb0b34e34c1234f 100644
--- a/src/warden-client/etc/warden-client.conf
+++ b/src/warden-client/etc/warden-client.conf
@@ -5,17 +5,17 @@
#-------------------------------------------------------------------------------
# URI - URI address of Warden server
#-------------------------------------------------------------------------------
-$URI = "https://warden-dev.cesnet.cz:443/Warden";
+$URI = "https://warden-c.cesnet.cz:443/Warden";
#-------------------------------------------------------------------------------
# SSL_KEY_FILE - path to client SSL certificate key file
#-------------------------------------------------------------------------------
-$SSL_KEY_FILE = "/opt/warden-client/etc/warden-dev.cesnet.cz.key";
+$SSL_KEY_FILE = "/home/soukal/client-test/2.0.0_beta/warden-client/etc/warden-c.cesnet.cz.key";
#-------------------------------------------------------------------------------
# SSL_CERT_FILE - path to client SSL certificate file
#-------------------------------------------------------------------------------
-$SSL_CERT_FILE = "/opt/warden-client/etc/warden-dev.cesnet.cz.pem";
+$SSL_CERT_FILE = "/home/soukal/client-test/2.0.0_beta/warden-client/etc/warden-c.cesnet.cz.pem";
#-------------------------------------------------------------------------------
# SSL_CA_FILE - path to CA certificate file
@@ -28,6 +28,14 @@ $SSL_CA_FILE = "/etc/ssl/certs/tcs-ca-bundle.pem";
#-------------------------------------------------------------------------------
$MAX_RCV_EVENTS_LIMIT = 6000; #consumes app. 250 MB of memory
+#-------------------------------------------------------------------------------
+# CONNECTION_TIMEOUT - interval in seconds to timeout connection with Warden
+# server. If your client timeouts, consider using higher
+# timeout number. Also, in case of receiving clients, you
+# can optimize the MAX_RCV_EVENTS_LIMIT value.
+#-------------------------------------------------------------------------------
+$CONNECTION_TIMEOUT = 60;
+
#-------------------------------------------------------------------------------
# Log options
#
@@ -37,14 +45,15 @@ $MAX_RCV_EVENTS_LIMIT = 6000; #consumes app. 250 MB of memory
# a stack (0) or print debug info
# including err. message and stack (1)
#-------------------------------------------------------------------------------
-$LOG_STDERR = 1;
+$LOG_STDERR = 1;
-$LOG_SYSLOG = 1;
-$LOG_SYSLOG_FACILITY = "local7";
+$LOG_SYSLOG = 0;
+$LOG_SYSLOG_FACILITY = "local7";
-$LOG_VERBOSE = 0;
+$LOG_VERBOSE = 1;
1;
-
\ No newline at end of file
+
+
diff --git a/src/warden-client/lib/WardenClientCommon.pm b/src/warden-client/lib/WardenClientCommon.pm
index 8170d9129a5c6ebd1c08e2ab756bde8bca452209..db5cd580d20ec84362f80c28e8d5219e26f90993 100755
--- a/src/warden-client/lib/WardenClientCommon.pm
+++ b/src/warden-client/lib/WardenClientCommon.pm
@@ -14,20 +14,40 @@ use SOAP::Lite;
use IO::Socket::SSL qw(debug1);
use SOAP::Transport::HTTP;
-our $VERSION = "2.1";
+our $VERSION = "2.2";
#-------------------------------------------------------------------------------
-# errMsg - print error message and die
+# errMsg - prints error msg and returns undef or prints warning and returns 1
#-------------------------------------------------------------------------------
sub errMsg
{
my $msg = shift;
-
- if ($WardenClientConf::LOG_VERBOSE) { # user wants to log debug information
+ my $type = shift;
+ defined $type or $type = "err"; # default type is err. Other: warn
+
+ # is this error report and is Verbose logging mode enabled?
+ if (($type eq "err") && ($WardenClientConf::LOG_VERBOSE)) { # user wants to log debug information
$msg .= "\nStack info: " . Carp::longmess();
}
- die($msg . "\n");
+ # log into STDERR?
+ if ($WardenClientConf::LOG_STDERR) {
+ print STDERR $msg . "\n";
+ }
+
+ # log into Syslog?
+ if ($WardenClientConf::LOG_SYSLOG) {
+ openlog("Warden-client:", "pid", "$WardenClientConf::LOG_SYSLOG_FACILITY");
+ syslog("$type|$WardenClientConf::LOG_SYSLOG_FACILITY", $msg . "\n");
+ closelog();
+ }
+
+ if ($type eq 'warn') { # case of 'warn'
+ return 1;
+ } else { # case of 'err'
+ return;
+ }
+
} # End of errMsg
@@ -45,42 +65,110 @@ sub c2s
my $client;
my ($server, $port, $service) = $uri =~ /https:\/\/(.+)\:(\d+)\/(.+)/;
- if (!($client = SOAP::Transport::HTTP::Client->new())) {
- errMsg("Unable to create socket: " . &SOAP::Transport::HTTP::Client::errstr)
- }
- $client->timeout(10);
- $client->ssl_opts(verify_hostname => 1,
+ eval {
+ $client = SOAP::Transport::HTTP::Client->new();
+ } or return errMsg('Unknown error in c2s() when creating socket, SOAP::Transport::HTTP::Client->new(), ' . $@);
+
+ eval {$client->timeout($WardenClientConf::CONNECTION_TIMEOUT);}
+ or return errMsg('Unknown error in c2s() when setting socket timeout, ' . $@);
+
+ eval {
+ $client->ssl_opts(verify_hostname => 1,
SSL_use_cert => 1,
SSL_verify_mode => 0x02,
SSL_key_file => $ssl_key_file,
SSL_cert_file => $ssl_cert_file,
SSL_ca_file => $ssl_ca_file);
+ return 1; # fix of eval triggering 'or' statement
+ } or return errMsg('Unknown error in c2s() when setting socket SSL options, ' . $@);
# setting of URI and serialize SOAP envelope and data object
- my $soap = SOAP::Lite->uri($service)->proxy($uri);
+
+ my $soap;
+ eval {
+ $soap = SOAP::Lite->uri($service)->proxy($uri);
+ } or return errMsg('Unknown error in c2s() when serializing SOAP object, ' . $@);
+
my $envelope;
if (!defined $data) {
- $envelope = $soap->serializer->envelope(method => $method);
+ eval {
+ $envelope = $soap->serializer->envelope(method => $method);
+ } or return errMsg('Unknown error in c2s() when setting enevelope, ' . $@);
} else {
- $envelope = $soap->serializer->envelope(method => $method, $data);
+ eval {
+ $envelope = $soap->serializer->envelope(method => $method, $data);
+ } or return errMsg('Unknown error in c2s() when setting envelope, ' . $@);
}
# setting of TCP URI and send serialized SOAP envelope and data
my $server_uri = "https://$server:$port/$service";
- my $result = $client->send_receive(envelope => $envelope, endpoint => $server_uri);
+ my $result;
+ eval {
+ $result = $client->send_receive(envelope => $envelope, endpoint => $server_uri);
+ } or return errMsg('Unknown error in c2s() sending SOAP data, ' . $@);
# check server response
if (!defined $result) {
errMsg("Server returned empty response. Problem with used SSL ceritificates or Warden server at $server:$port is down.");
} else {
# deserialized response from server -> create SOAP envelope and data object
+
my $response;
eval {
$response = $soap->deserializer->deserialize($result);
- } or errMsg($@ . "Received data: " . $result);
+ } or return errMsg('Unknown error in SOAP data deserialization. Received data: ' . $result . ', ' . $@);
# check SOAP fault status
- $response->fault ? errMsg("Server sent error message:: " . $response->faultstring) : return $response;
+ $response->fault ? return errMsg("Server sent error message:: " . $response->faultstring) : return $response;
+ }
+}
+
+#-------------------------------------------------------------------------------
+# getClientsInfo - retrieve information about other clients from Warden server
+#-------------------------------------------------------------------------------
+sub getClientsInfo
+{
+ my $warden_path = shift;
+
+ my $etcdir = $warden_path . "/etc/";
+ my $libdir = $warden_path . "/lib/";
+
+ require $libdir . "WardenClientConf.pm";
+
+ # read the config file
+ my $conf_file = $etcdir . "warden-client.conf";
+ WardenClientConf::loadConf($conf_file);
+
+ # c2s() returns undef on fail
+ my $response = c2s($WardenClientConf::URI, $WardenClientConf::SSL_KEY_FILE, $WardenClientConf::SSL_CERT_FILE, $WardenClientConf::SSL_CA_FILE, "getClientInfo");
+
+ defined $response or return; # receive data or return undef
+
+ # parse returned SOAP data object with clients
+ my @clients;
+ my ($client_id, $hostname, $registered, $requestor, $service, $client_type, $type, $receive_own_events, $description_tags, $ip_net_client);
+ my @response_list = $response->valueof('/Envelope/Body/getClientInfoResponse/client/');
+
+ while (scalar @response_list) {
+ my $response_data = shift(@response_list);
+ my %client;
+
+ $client{'client_id'} = $response_data->{'CLIENT_ID'} ;
+ $client{'hostname'} = $response_data->{'HOSTNAME'};
+ $client{'registered'} = $response_data->{'REGISTERED'};
+ $client{'requestor'} = $response_data->{'REQUESTOR'};
+ $client{'service'} = $response_data->{'SERVICE'};
+ $client{'client_type'} = $response_data->{'CLIENT_TYPE'};
+ $client{'type'} = $response_data->{'TYPE'};
+ $client{'receive_own_events'} = $response_data->{'RECEIVE_OWN_EVENTS'};
+ $client{'description_tags'} = $response_data->{'DESCRIPTION_TAGS'};
+ $client{'ip_net_client'} = $response_data->{'IP_NET_CLIENT'};
+
+ # push received clients from warden server into @clients which is returned
+ push (@clients,\%client);
}
+
+ return @clients;
}
+1;
diff --git a/src/warden-client/lib/WardenClientConf.pm b/src/warden-client/lib/WardenClientConf.pm
index 034ad9e00d695779e094e0c707867de9ffbbcf2f..a83d40f741ce10224c420eefdcac7883d5ff46e2 100755
--- a/src/warden-client/lib/WardenClientConf.pm
+++ b/src/warden-client/lib/WardenClientConf.pm
@@ -20,9 +20,10 @@ our $LOG_STDERR = 1;
our $LOG_SYSLOG = 0;
our $LOG_SYSLOG_FACILITY = "local7";
our $LOG_VERBOSE = 0;
+our $CONNECTION_TIMEOUT = 60;
-our $VERSION = "2.1";
+our $VERSION = "2.2";
sub loadConf
{
diff --git a/src/warden-client/lib/WardenClientReceive.pm b/src/warden-client/lib/WardenClientReceive.pm
index dc52f622693600c7b41c21f79b77ad2120e4e62f..faf2d29b9fd2308d56b6b4858615c1502c3dfa3c 100755
--- a/src/warden-client/lib/WardenClientReceive.pm
+++ b/src/warden-client/lib/WardenClientReceive.pm
@@ -15,7 +15,7 @@ use SOAP::Transport::HTTP;
use FindBin;
use Sys::Syslog;
-our $VERSION = "2.1";
+our $VERSION = "2.2";
#-------------------------------------------------------------------------------
# getNewEvents - get new events from warden server greater than last received ID
@@ -24,8 +24,6 @@ sub getNewEvents
{
my @events;
- eval {
-
my $warden_path = shift;
my $requested_type = shift;
@@ -42,22 +40,25 @@ sub getNewEvents
# set name of ID file for each client aplication
my $caller_name = $FindBin::Script;
- my $id_file = $vardir . $caller_name . ".id";
+ my $id_file = $vardir . $caller_name . "-". ($requested_type || "any") . ".id";
#-----------------------------------------------------------------------------
# get last ID from ID file (if exist) or
# get last ID from warden server DB and save it into ID file
my $last_id;
if (-e $id_file) {
- open(ID, "< $id_file") || WardenClientCommon::errMsg("Cannot open ID file $id_file: $!");
+ open(ID, "< $id_file") or return WardenClientCommon::errMsg("Cannot open ID file $id_file: $!");
foreach(<ID>) {
$last_id = $_;
}
close ID;
} else {
+ # c2s() returns undef on fail
my $response = WardenClientCommon::c2s($WardenClientConf::URI, $WardenClientConf::SSL_KEY_FILE, $WardenClientConf::SSL_CERT_FILE, $WardenClientConf::SSL_CA_FILE, "getLastId");
+ defined $response or return; # receive data or return undef
+
$last_id = $response->result;
- open(ID, "> $id_file") || WardenClientCommon::errMsg("Cannot open ID file $id_file: $!");
+ open(ID, "> $id_file") or return WardenClientCommon::errMsg("Cannot open ID file $id_file: $!");
print ID $last_id;
close ID;
}
@@ -65,27 +66,33 @@ sub getNewEvents
#-----------------------------------------------------------------------------
# get new events from warden server DB based on gathered last ID
- # create SOAP data obejct
- my $request_data = SOAP::Data->name(
- request => \SOAP::Data->value(
- SOAP::Data->name(REQUESTED_TYPE => $requested_type),
- SOAP::Data->name(LAST_ID => $last_id),
- SOAP::Data->name(MAX_RCV_EVENTS_LIMIT => $WardenClientConf::MAX_RCV_EVENTS_LIMIT)
+ my $request_data;
+ eval {
+ # create SOAP data object
+ $request_data = SOAP::Data->name(
+ request => \SOAP::Data->value(
+ SOAP::Data->name(REQUESTED_TYPE => $requested_type),
+ SOAP::Data->name(LAST_ID => $last_id),
+ SOAP::Data->name(MAX_RCV_EVENTS_LIMIT => $WardenClientConf::MAX_RCV_EVENTS_LIMIT)
+ )
)
- );
+ } or return errMsg('Unknown error when creating SOAP data object, ' . $@);
- # call server method getNewEvents
+ # call server method getNewEvents
my $response = WardenClientCommon::c2s($WardenClientConf::URI, $WardenClientConf::SSL_KEY_FILE, $WardenClientConf::SSL_CERT_FILE, $WardenClientConf::SSL_CA_FILE, "getNewEvents", $request_data);
-
+ defined $response or return; # connect to warden server or return undef
+
# parse returned SOAP data object
my ($id, $hostname, $service, $detected, $type, $source_type, $source, $target_proto, $target_port, $attack_scale, $note, $priority, $timeout);
+
my @response_list = $response->valueof('/Envelope/Body/getNewEventsResponse/event/');
+
while (scalar @response_list) {
my $response_data = shift(@response_list);
my @event;
# parse items of one event
- $id = $response_data->{'ID'};
+ $id = $response_data->{'ID'};
$hostname = $response_data->{'HOSTNAME'};
$service = $response_data->{'SERVICE'};
$detected = $response_data->{'DETECTED'};
@@ -111,24 +118,10 @@ sub getNewEvents
# write last return ID
if (defined $last_id) { # must be defined for first check ID
- open(ID, "> $id_file") || WardenClientCommon::errMsg("Cannot open ID file $id_file: $!");
+ open(ID, "> $id_file") or return WardenClientCommon::errMsg("Cannot open ID file $id_file: $!");
print ID $last_id;
close ID;
}
- } # End of eval block
- or do {
-
- if ($WardenClientConf::LOG_STDERR) {
- print STDERR $@ . "\n";
- }
-
- if ($WardenClientConf::LOG_SYSLOG) {
- openlog("Warden:", "pid", "WardenClientConf::LOG_SYSLOG_FACILITY");
- syslog("err|WardenClientConf::LOG_SYSLOG_FACILITY", $@ . "\n");
- closelog();
- }
- return;
- };
return @events;
diff --git a/src/warden-client/lib/WardenClientSend.pm b/src/warden-client/lib/WardenClientSend.pm
index 2e20210f1683984f123159f60d9f56e66e3642af..a77b95c1d3f8149dc4e459f42373ef23c2daff39 100755
--- a/src/warden-client/lib/WardenClientSend.pm
+++ b/src/warden-client/lib/WardenClientSend.pm
@@ -14,7 +14,7 @@ use IO::Socket::SSL qw(debug1);
use SOAP::Transport::HTTP;
use Sys::Syslog;
-our $VERSION = "2.1";
+our $VERSION = "2.2";
#-------------------------------------------------------------------------------
# saveNewEvent - send new event from detection scripts to warden server
@@ -23,7 +23,6 @@ sub saveNewEvent
{
my $result;
- eval {
my $warden_path = shift;
my $event_ref = shift;
@@ -51,8 +50,28 @@ sub saveNewEvent
my $priority = $event[9];
my $timeout = $event[10];
+ # Issue #596 - Should be removed in Warden client 3.0.
+ # Checking for obsolete attributes priority or timeout. If not default or 'undef' values are found, print out warning.
+
+ # check if obsolete event attribute Priority is used
+ if ((defined $priority) && ($priority >= 1)) {
+ # print warning
+ WardenClientCommon::errMsg('Event attribute "Priority" is now obsolete and will be removed in Warden client 3.0', 'warn');
+ }
+
+ # check if obsolete event attribute Timeout is used
+ if ((defined $timeout) && ($timeout >= 0)) {
+ # print warning
+ WardenClientCommon::errMsg('Event attribute "Timeout" is now obsolete and will be removed in Warden client 3.0', 'warn');
+ }
+
+ # end of Issue #596
+
+
+ my $event;
+ eval {
# create SOAP data object
- my $event = SOAP::Data->name(
+ $event = SOAP::Data->name(
event => \SOAP::Data->value(
SOAP::Data->name(SERVICE => $service),
SOAP::Data->name(DETECTED => $detected),
@@ -67,26 +86,14 @@ sub saveNewEvent
SOAP::Data->name(TIMEOUT => $timeout)
)
);
+ } # end of eval
+ or WardenClientCommon::errMsg('Unknown error when creating SOAP data object, ' . $@);
- $result = WardenClientCommon::c2s($WardenClientConf::URI, $WardenClientConf::SSL_KEY_FILE, $WardenClientConf::SSL_CERT_FILE, $WardenClientConf::SSL_CA_FILE, "saveNewEvent", $event);
- } # End of eval block
- or do {
-
- if ($WardenClientConf::LOG_STDERR) {
- print STDERR $@ . "\n";
- }
-
- if ($WardenClientConf::LOG_SYSLOG) {
- openlog("Warden-client:", "pid", "$WardenClientConf::LOG_SYSLOG_FACILITY");
- syslog("err|$WardenClientConf::LOG_SYSLOG_FACILITY", $@ . "\n");
- closelog();
- }
+ # c2s() returns undef on fail.
+ $result = WardenClientCommon::c2s($WardenClientConf::URI, $WardenClientConf::SSL_KEY_FILE, $WardenClientConf::SSL_CERT_FILE, $WardenClientConf::SSL_CA_FILE, "saveNewEvent", $event);
- return 0;
- };
-
- $result ? return 1 : return 0;
-
+ defined $result ? return 1 : return 0;
+
} # End of saveNewEvent
1;
diff --git a/src/warden-client/sh/install.sh b/src/warden-client/sh/install.sh
index ee5b2b6e7c7a1422fc7a68aeb259db29681aa8e0..22b9e106af7c1051159ea1add77d1953c2bf7f71 100755
--- a/src/warden-client/sh/install.sh
+++ b/src/warden-client/sh/install.sh
@@ -139,7 +139,13 @@ modules_chck()
make_warden_dir()
{
echo -n "Creating warden client directory ... "
- test -d $prefix || mkdir -p prefix
+
+ while [ ! -d `echo ${path_to_chown} | rev | cut -d '/' -f2- | rev` ]
+ do
+ path_to_chown=`echo ${path_to_chown} | rev | cut -d '/' -f2- | rev`
+ done
+
+ test -d $prefix || mkdir -p $prefix
if cp -R ${dirname}/warden-client $prefix 2> $err; then
echo "OK"
@@ -217,14 +223,22 @@ make_conf_file()
#-------------------------------------------------------------------------------
\$MAX_RCV_EVENTS_LIMIT = 6000; #consumes app. 250 MB of memory
+#-------------------------------------------------------------------------------
+# CONNECTION_TIMEOUT - interval in seconds to timeout connection with Warden
+# server. If your client timeouts, consider using higher
+# timeout number. Also, in case of receiving clients, you
+# can optimize the MAX_RCV_EVENTS_LIMIT value.
+#-------------------------------------------------------------------------------
+\$CONNECTION_TIMEOUT = 60;
+
#-------------------------------------------------------------------------------
# Log options
#
# LOG_STDERR, LOG_SYSLOG - hide (0) or allow (1) error reporting on STDERR
# and/or to Syslog
-# LOG_STDERR_VERBOSE, LOG_SYSLOG_VERBOSE - print only error message without
-# a stack (0) or print debug info
-# including err. message and stack (1)
+# LOG_SYSLOG_FACILITY - specify a Syslog facility to log in
+# LOG_VERBOSE - print only error message without a stack (0) or print debug info
+# including err. message and stack (1)
#-------------------------------------------------------------------------------
\$LOG_STDERR = 1;
@@ -250,7 +264,7 @@ make_conf_file()
change_permissions()
{
echo -n "Changing permissions to installed package ... "
- chown -R $user: $client_path 2> $err || err_clean
+ chown -R $user: $path_to_chown 2> $err || err_clean
chmod 644 ${etc}/package_version || err_clean
if chmod 600 $conf_file; then
echo "OK"
@@ -294,6 +308,7 @@ key_file=`basename $key`
cert_file=`basename $cert`
[[ $prefix == */ ]] && prefix="${prefix%?}" # remove last char (slash) from prefix
client_path="${prefix}/warden-client"
+path_to_chown="${client_path}"
etc="${client_path}/etc"
conf_file="${etc}/warden-client.conf"
err="/tmp/warden-err"
diff --git a/src/warden-client/sh/update.sh b/src/warden-client/sh/update.sh
index a061f733c60208794175abae2d0b9dedbb2bd15f..228b429c9160905e5de36f3496f8e5deee09396a 100755
--- a/src/warden-client/sh/update.sh
+++ b/src/warden-client/sh/update.sh
@@ -185,6 +185,7 @@ make_conf_file()
ssl_cert_file=`cat $conf_file | grep '$SSL_CERT_FILE'`
ssl_ca_file=`cat $conf_file | grep '$SSL_CA_FILE'`
max_rcv_events_limit=`cat $conf_file | grep '$MAX_RCV_EVENTS_LIMIT'`
+ connection_timeout=`cat $conf_file | grep '$CONNECTION_TIMEOUT'`
log_stderr=`cat $conf_file | grep '$LOG_STDERR'`
if [ -z $log_stderr ]; then
@@ -236,14 +237,22 @@ $ssl_ca_file
#-------------------------------------------------------------------------------
$max_rcv_events_limit
+#-------------------------------------------------------------------------------
+# CONNECTION_TIMEOUT - interval in seconds to timeout connection with Warden
+# server. If your client timeouts, consider using higher
+# timeout number. Also, in case of receiving clients, you
+# can optimize the MAX_RCV_EVENTS_LIMIT value.
+#-------------------------------------------------------------------------------
+$connection_timeout
+
#-------------------------------------------------------------------------------
# Log options
#
# LOG_STDERR, LOG_SYSLOG - hide (0) or allow (1) error reporting on STDERR
# and/or to Syslog
-# LOG_STDERR_VERBOSE, LOG_SYSLOG_VERBOSE - print only error message without
-# a stack (0) or print debug info
-# including err. message and stack (1)
+# LOG_SYSLOG_FACILITY - specify a Syslog facility to log in
+# LOG_VERBOSE - print only error message without a stack (0) or print debug info
+# including err. message and stack (1)
#-------------------------------------------------------------------------------
$log_stderr