diff --git a/src/warden-client/doc/README b/src/warden-client/doc/README
index 6477e13e90e12656dc288e170c5033366d64dde1..20002393a38c824da37dc8383597c3746814ce62 100644
--- a/src/warden-client/doc/README
+++ b/src/warden-client/doc/README
@@ -345,6 +345,8 @@ I. Functions, Arguments and Calls
# portscan - scannig of TCP/UDP ports
# bruteforce - bruteforce/dictionary attack against authentication
# service(s)
+ # probe - other connection attempts (for example ICMP) or
+ # unrecognized/undecided portscan or bruteforce
# spam - unsolicited e-mail that does not have phishing-like
# character
# phishing - e-mail attempting to gather sensitive data
diff --git a/src/warden-client/doc/README.cesnet b/src/warden-client/doc/README.cesnet
index c32f38d02fb255c84560d9c7bbece6d27e82114b..d49a045601d86697eb171b28320e63d65f6883fd 100644
--- a/src/warden-client/doc/README.cesnet
+++ b/src/warden-client/doc/README.cesnet
@@ -128,6 +128,8 @@ D. Types of events
* portscan - TCP/UDP port scanning/sweeping
* bruteforce - dictionary/bruteforce attack to services authentication
+ * probe - other connection attempts (for example ICMP) or
+ unrecognized/undecided portscan or bruteforce
* spam - unsolicited commercial email (except phishing)
* phishing - email, trying to scam user to revealing personal information
(possibly by some other channel)
diff --git a/src/warden-server/doc/CHANGELOG b/src/warden-server/doc/CHANGELOG
index d72926ebf2f1a9cb76499c317be122dbc71fc6ca..7abfe60d716619fa6c26e6b19db67b8e4315b117 100644
--- a/src/warden-server/doc/CHANGELOG
+++ b/src/warden-server/doc/CHANGELOG
@@ -1,8 +1,10 @@
2012-00-00 v2.1 stable version
------------------------------
-- add limit of events that can be downloaded from server to client
-- add receiving of all types of events
-- add validation of types of received events
+- added limit of events that can be downloaded from server to client
+- added receiving of all types of events
+- added validation of types of received events
+- added support for client maximum received events limit option
+ (for more information see client documentation)
2012-07-27 v2.0 stable version
diff --git a/src/warden-server/etc/warden-server.conf b/src/warden-server/etc/warden-server.conf
index 78d29a08b13b9ea0acfdd9e1c4821b9225ba0b80..acb9eb9695bb98195ea46548f5393f591e520f38 100644
--- a/src/warden-server/etc/warden-server.conf
+++ b/src/warden-server/etc/warden-server.conf
@@ -42,5 +42,5 @@ $MAX_EVENTS_LIMIT = "1000000";
# VALID_STRINGS - validation hash containing allowed event attributes
#-------------------------------------------------------------------------------
%VALID_STRINGS = (
-"type" => ["portscan", "bruteforce", "spam", "phishing", "botnet_c_c", "dos", "malware", "copyright", "webattack", "test", "other", "_any_"],
+"type" => ["portscan", "bruteforce", "probe", "spam", "phishing", "botnet_c_c", "dos", "malware", "copyright", "webattack", "test", "other", "_any_"],
);
diff --git a/src/warden-server/lib/Warden.pm b/src/warden-server/lib/Warden.pm
index e210653eaf0691bb9f640cd0a040e07438ae94b1..a42eb590f4650f60320ff4b7ca39857d17022b93 100755
--- a/src/warden-server/lib/Warden.pm
+++ b/src/warden-server/lib/Warden.pm
@@ -253,8 +253,9 @@ sub getNewEvents
my $function_name = 'getNewEvents';
# parse SOAP data object
- my $requested_type = $data->{'REQUESTED_TYPE'};
- my $last_id = $data->{'LAST_ID'};
+ my $requested_type = $data->{'REQUESTED_TYPE'};
+ my $last_id = $data->{'LAST_ID'};
+ my $max_rcv_events_limit = $data->{'MAX_RCV_EVENTS_LIMIT'};
my %client = authorizeClient($alt_names, $ip, $requested_type, $client_type, $function_name);
if(defined %client) {
@@ -262,11 +263,11 @@ sub getNewEvents
if ($requested_type eq '_any_') { # check if client want each or only one type of messages
$sth = $DBH->prepare("SELECT * FROM events WHERE type != 'test' AND id > ? AND valid = 't' ORDER BY id ASC LIMIT ?;");
if (!defined $sth) {die("Cannot prepare ROE-ANY statement in $function_name: $DBI::errstr\n")}
- $sth->execute($last_id, $MAX_EVENTS_LIMIT);
+ (defined $max_rcv_events_limit && $max_rcv_events_limit < $MAX_EVENTS_LIMIT) ? $sth->execute($last_id, $max_rcv_events_limit) : $sth->execute($last_id, $MAX_EVENTS_LIMIT);
} else {
$sth = $DBH->prepare("SELECT * FROM events WHERE type != 'test' AND id > ? AND type = ? AND valid = 't' ORDER BY id ASC LIMIT ?;");
if (!defined $sth) {die("Cannot prepare ROE statement in $function_name: $DBI::errstr\n")}
- $sth->execute($last_id, $requested_type, $MAX_EVENTS_LIMIT);
+ (defined $max_rcv_events_limit && $max_rcv_events_limit < $MAX_EVENTS_LIMIT) ? $sth->execute($last_id, $requested_type, $max_rcv_events_limit) : $sth->execute($last_id, $requested_type, $MAX_EVENTS_LIMIT);
}
} else {
if ($requested_type eq '_any_') {
@@ -274,13 +275,13 @@ sub getNewEvents
if (!defined $sth) {die("Cannot prepare ANY statement in $function_name: $DBI::errstr\n")}
my ($domain) = $cn =~ /([^\.]+\.[^\.]+)$/;
$domain = '\%' . $domain;
- $sth->execute($last_id, $domain, $MAX_EVENTS_LIMIT);
+ (defined $max_rcv_events_limit && $max_rcv_events_limit < $MAX_EVENTS_LIMIT) ? $sth->execute($last_id, $domain, $max_rcv_events_limit) : $sth->execute($last_id, $domain, $MAX_EVENTS_LIMIT);
} else {
$sth = $DBH->prepare("SELECT * FROM events WHERE type != 'test' AND id > ? AND type = ? AND valid = 't' AND hostname NOT LIKE ? ORDER BY id ASC LIMIT ?;");
if (!defined $sth) {die("Cannot prepare statement in $function_name: $DBI::errstr\n")}
my ($domain) = $cn =~ /([^\.]+\.[^\.]+)$/;
$domain = '\%' . $domain;
- $sth->execute($last_id, $requested_type, $domain, $MAX_EVENTS_LIMIT);
+ (defined $max_rcv_events_limit && $max_rcv_events_limit < $MAX_EVENTS_LIMIT) ? $sth->execute($last_id, $requested_type, $domain, $max_rcv_events_limit) : $sth->execute($last_id, $requested_type, $domain, $MAX_EVENTS_LIMIT);
}
}
@@ -323,9 +324,9 @@ sub getNewEvents
# log sent ID of events
if (scalar @events != 0) {
if (scalar @ids == 1) {
- write2log("info", "Sent 1 events [#$ids[0]] to $ip (CN(AN): $alt_names)");
+ write2log("info", "Sent 1 event [#$ids[0]] to $ip (CN(AN): $alt_names) with client limit $max_rcv_events_limit events");
} else {
- write2log("info", "Sent " . scalar @ids . " events [#$ids[0] - #$ids[-1]] to $ip (CN(AN): $alt_names)");
+ write2log("info", "Sent " . scalar @ids . " events [#$ids[0] - #$ids[-1]] to $ip (CN(AN): $alt_names) with client limit $max_rcv_events_limit events");
}
}
return @events;
diff --git a/src/warden-server/lib/WardenConf.pm b/src/warden-server/lib/WardenConf.pm
index 68103e459944098b7415a443724d5827a724f0e8..1d1ad54c2f656c2cef3e3122ac78a33ad91daf94 100755
--- a/src/warden-server/lib/WardenConf.pm
+++ b/src/warden-server/lib/WardenConf.pm
@@ -20,10 +20,10 @@ sub loadConf
my $conf_file = shift;
# preset of default variables
- our $URI = undef;
- our $SSL_KEY_FILE = undef;
- our $SSL_CERT_FILE = undef;
- our $SSL_CA_FILE = undef;
+ our $URI = undef;
+ our $SSL_KEY_FILE = undef;
+ our $SSL_CERT_FILE = undef;
+ our $SSL_CA_FILE = undef;
# read config file
if ( ! open( TMP, $conf_file) ) {
diff --git a/src/warden-server/sh/install.sh b/src/warden-server/sh/install.sh
index 0485dab70f88c233e500cf78ac5f2eef41aaa284..52d2170103f21c164709a98e310bc80b87c92f36 100755
--- a/src/warden-server/sh/install.sh
+++ b/src/warden-server/sh/install.sh
@@ -232,7 +232,7 @@ make_server_conf()
# VALID_STRINGS - validation hash containing allowed event attributes
#-------------------------------------------------------------------------------
%VALID_STRINGS = (
-\"type\" => [\"portscan\", \"bruteforce\", \"spam\", \"phishing\", \"botnet_c_c\", \"dos\", \"malware\", \"copyright\", \"webattack\", \"test\", \"other\", \"_any_\"],
+\"type\" => [\"portscan\", \"bruteforce\", \"probe\", \"spam\", \"phishing\", \"botnet_c_c\", \"dos\", \"malware\", \"copyright\", \"webattack\", \"test\", \"other\", \"_any_\"],
);
" > $server_conf 2> $err; ret_val=`echo $?`