Skip to content
Snippets Groups Projects
Commit 47c643d1 authored by Jan Soukal's avatar Jan Soukal
Browse files

Merge branch 'master' of homeproj.cesnet.cz:warden

parents 3f9dc03c 4422a2b2
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
src/warden-client/doc/README
+ 2
0
View file @ 47c643d1
...@@ -345,6 +345,8 @@ I. Functions, Arguments and Calls ...@@ -345,6 +345,8 @@ I. Functions, Arguments and Calls
# portscan - scannig of TCP/UDP ports # portscan - scannig of TCP/UDP ports
# bruteforce - bruteforce/dictionary attack against authentication # bruteforce - bruteforce/dictionary attack against authentication
# service(s) # service(s)
# probe - other connection attempts (for example ICMP) or
# unrecognized/undecided portscan or bruteforce
# spam - unsolicited e-mail that does not have phishing-like # spam - unsolicited e-mail that does not have phishing-like
# character # character
# phishing - e-mail attempting to gather sensitive data # phishing - e-mail attempting to gather sensitive data
......
src/warden-client/doc/README.cesnet
+ 2
0
View file @ 47c643d1
...@@ -128,6 +128,8 @@ D. Types of events ...@@ -128,6 +128,8 @@ D. Types of events
* portscan - TCP/UDP port scanning/sweeping * portscan - TCP/UDP port scanning/sweeping
* bruteforce - dictionary/bruteforce attack to services authentication * bruteforce - dictionary/bruteforce attack to services authentication
* probe - other connection attempts (for example ICMP) or
unrecognized/undecided portscan or bruteforce
* spam - unsolicited commercial email (except phishing) * spam - unsolicited commercial email (except phishing)
* phishing - email, trying to scam user to revealing personal information * phishing - email, trying to scam user to revealing personal information
(possibly by some other channel) (possibly by some other channel)
......
src/warden-server/doc/CHANGELOG
+ 5
3
View file @ 47c643d1
2012-00-00 v2.1 stable version 2012-00-00 v2.1 stable version
------------------------------ ------------------------------
- add limit of events that can be downloaded from server to client - added limit of events that can be downloaded from server to client
- add receiving of all types of events - added receiving of all types of events
- add validation of types of received events - added validation of types of received events
- added support for client maximum received events limit option
(for more information see client documentation)
2012-07-27 v2.0 stable version 2012-07-27 v2.0 stable version
......
src/warden-server/etc/warden-server.conf
+ 1
1
View file @ 47c643d1
...@@ -42,5 +42,5 @@ $MAX_EVENTS_LIMIT = "1000000"; ...@@ -42,5 +42,5 @@ $MAX_EVENTS_LIMIT = "1000000";
# VALID_STRINGS - validation hash containing allowed event attributes # VALID_STRINGS - validation hash containing allowed event attributes
#------------------------------------------------------------------------------- #-------------------------------------------------------------------------------
%VALID_STRINGS = ( %VALID_STRINGS = (
"type" => ["portscan", "bruteforce", "spam", "phishing", "botnet_c_c", "dos", "malware", "copyright", "webattack", "test", "other", "_any_"], "type" => ["portscan", "bruteforce", "probe", "spam", "phishing", "botnet_c_c", "dos", "malware", "copyright", "webattack", "test", "other", "_any_"],
); );
src/warden-server/lib/Warden.pm
+ 9
8
View file @ 47c643d1
...@@ -253,8 +253,9 @@ sub getNewEvents ...@@ -253,8 +253,9 @@ sub getNewEvents
my $function_name = 'getNewEvents'; my $function_name = 'getNewEvents';
# parse SOAP data object # parse SOAP data object
my $requested_type = $data->{'REQUESTED_TYPE'}; my $requested_type = $data->{'REQUESTED_TYPE'};
my $last_id = $data->{'LAST_ID'}; my $last_id = $data->{'LAST_ID'};
my $max_rcv_events_limit = $data->{'MAX_RCV_EVENTS_LIMIT'};
my %client = authorizeClient($alt_names, $ip, $requested_type, $client_type, $function_name); my %client = authorizeClient($alt_names, $ip, $requested_type, $client_type, $function_name);
if(defined %client) { if(defined %client) {
...@@ -262,11 +263,11 @@ sub getNewEvents ...@@ -262,11 +263,11 @@ sub getNewEvents
if ($requested_type eq '_any_') { # check if client want each or only one type of messages if ($requested_type eq '_any_') { # check if client want each or only one type of messages
$sth = $DBH->prepare("SELECT * FROM events WHERE type != 'test' AND id > ? AND valid = 't' ORDER BY id ASC LIMIT ?;"); $sth = $DBH->prepare("SELECT * FROM events WHERE type != 'test' AND id > ? AND valid = 't' ORDER BY id ASC LIMIT ?;");
if (!defined $sth) {die("Cannot prepare ROE-ANY statement in $function_name: $DBI::errstr\n")} if (!defined $sth) {die("Cannot prepare ROE-ANY statement in $function_name: $DBI::errstr\n")}
$sth->execute($last_id, $MAX_EVENTS_LIMIT); (defined $max_rcv_events_limit && $max_rcv_events_limit < $MAX_EVENTS_LIMIT) ? $sth->execute($last_id, $max_rcv_events_limit) : $sth->execute($last_id, $MAX_EVENTS_LIMIT);
} else { } else {
$sth = $DBH->prepare("SELECT * FROM events WHERE type != 'test' AND id > ? AND type = ? AND valid = 't' ORDER BY id ASC LIMIT ?;"); $sth = $DBH->prepare("SELECT * FROM events WHERE type != 'test' AND id > ? AND type = ? AND valid = 't' ORDER BY id ASC LIMIT ?;");
if (!defined $sth) {die("Cannot prepare ROE statement in $function_name: $DBI::errstr\n")} if (!defined $sth) {die("Cannot prepare ROE statement in $function_name: $DBI::errstr\n")}
$sth->execute($last_id, $requested_type, $MAX_EVENTS_LIMIT); (defined $max_rcv_events_limit && $max_rcv_events_limit < $MAX_EVENTS_LIMIT) ? $sth->execute($last_id, $requested_type, $max_rcv_events_limit) : $sth->execute($last_id, $requested_type, $MAX_EVENTS_LIMIT);
} }
} else { } else {
if ($requested_type eq '_any_') { if ($requested_type eq '_any_') {
...@@ -274,13 +275,13 @@ sub getNewEvents ...@@ -274,13 +275,13 @@ sub getNewEvents
if (!defined $sth) {die("Cannot prepare ANY statement in $function_name: $DBI::errstr\n")} if (!defined $sth) {die("Cannot prepare ANY statement in $function_name: $DBI::errstr\n")}
my ($domain) = $cn =~ /([^\.]+\.[^\.]+)$/; my ($domain) = $cn =~ /([^\.]+\.[^\.]+)$/;
$domain = '\%' . $domain; $domain = '\%' . $domain;
$sth->execute($last_id, $domain, $MAX_EVENTS_LIMIT); (defined $max_rcv_events_limit && $max_rcv_events_limit < $MAX_EVENTS_LIMIT) ? $sth->execute($last_id, $domain, $max_rcv_events_limit) : $sth->execute($last_id, $domain, $MAX_EVENTS_LIMIT);
} else { } else {
$sth = $DBH->prepare("SELECT * FROM events WHERE type != 'test' AND id > ? AND type = ? AND valid = 't' AND hostname NOT LIKE ? ORDER BY id ASC LIMIT ?;"); $sth = $DBH->prepare("SELECT * FROM events WHERE type != 'test' AND id > ? AND type = ? AND valid = 't' AND hostname NOT LIKE ? ORDER BY id ASC LIMIT ?;");
if (!defined $sth) {die("Cannot prepare statement in $function_name: $DBI::errstr\n")} if (!defined $sth) {die("Cannot prepare statement in $function_name: $DBI::errstr\n")}
my ($domain) = $cn =~ /([^\.]+\.[^\.]+)$/; my ($domain) = $cn =~ /([^\.]+\.[^\.]+)$/;
$domain = '\%' . $domain; $domain = '\%' . $domain;
$sth->execute($last_id, $requested_type, $domain, $MAX_EVENTS_LIMIT); (defined $max_rcv_events_limit && $max_rcv_events_limit < $MAX_EVENTS_LIMIT) ? $sth->execute($last_id, $requested_type, $domain, $max_rcv_events_limit) : $sth->execute($last_id, $requested_type, $domain, $MAX_EVENTS_LIMIT);
} }
} }
...@@ -323,9 +324,9 @@ sub getNewEvents ...@@ -323,9 +324,9 @@ sub getNewEvents
# log sent ID of events # log sent ID of events
if (scalar @events != 0) { if (scalar @events != 0) {
if (scalar @ids == 1) { if (scalar @ids == 1) {
write2log("info", "Sent 1 events [#$ids[0]] to $ip (CN(AN): $alt_names)"); write2log("info", "Sent 1 event [#$ids[0]] to $ip (CN(AN): $alt_names) with client limit $max_rcv_events_limit events");
} else { } else {
write2log("info", "Sent " . scalar @ids . " events [#$ids[0] - #$ids[-1]] to $ip (CN(AN): $alt_names)"); write2log("info", "Sent " . scalar @ids . " events [#$ids[0] - #$ids[-1]] to $ip (CN(AN): $alt_names) with client limit $max_rcv_events_limit events");
} }
} }
return @events; return @events;
......
src/warden-server/lib/WardenConf.pm
+ 4
4
View file @ 47c643d1
...@@ -20,10 +20,10 @@ sub loadConf ...@@ -20,10 +20,10 @@ sub loadConf
my $conf_file = shift; my $conf_file = shift;
# preset of default variables # preset of default variables
our $URI = undef; our $URI = undef;
our $SSL_KEY_FILE = undef; our $SSL_KEY_FILE = undef;
our $SSL_CERT_FILE = undef; our $SSL_CERT_FILE = undef;
our $SSL_CA_FILE = undef; our $SSL_CA_FILE = undef;
# read config file # read config file
if ( ! open( TMP, $conf_file) ) { if ( ! open( TMP, $conf_file) ) {
......
src/warden-server/sh/install.sh
+ 1
1
View file @ 47c643d1
...@@ -232,7 +232,7 @@ make_server_conf() ...@@ -232,7 +232,7 @@ make_server_conf()
# VALID_STRINGS - validation hash containing allowed event attributes # VALID_STRINGS - validation hash containing allowed event attributes
#------------------------------------------------------------------------------- #-------------------------------------------------------------------------------
%VALID_STRINGS = ( %VALID_STRINGS = (
\"type\" => [\"portscan\", \"bruteforce\", \"spam\", \"phishing\", \"botnet_c_c\", \"dos\", \"malware\", \"copyright\", \"webattack\", \"test\", \"other\", \"_any_\"], \"type\" => [\"portscan\", \"bruteforce\", \"probe\", \"spam\", \"phishing\", \"botnet_c_c\", \"dos\", \"malware\", \"copyright\", \"webattack\", \"test\", \"other\", \"_any_\"],
); );
" > $server_conf 2> $err; ret_val=`echo $?` " > $server_conf 2> $err; ret_val=`echo $?`
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment