Opraveny nazvy polozek ve WardenWatchdog.conf a opraven mix tabu a mezer v Common.

src/warden-server/etc/warden-watchdog.conf

@@ -6,29 +6,24 @@
 # Use of this source is governed by a BSD-style license, see LICENSE file.
 
 #-------------------------------------------------------------------------------
-# domain_name - server full domain name
+# DOMAIN_NAME - server full domain name
 #-------------------------------------------------------------------------------
-$domain_name = "warden-dev.cesnet.cz";
+$DOMAIN_NAME = "warden-dev.cesnet.cz";
 
 #-------------------------------------------------------------------------------
-# contact - contact to server administrator
+# EMAIL_SUBJECT - subject of an report for Warden watchdog script
 #-------------------------------------------------------------------------------
-$contact = "jakubcegan@cesnet.cz, ph@cesnet.cz";
+$EMAIL_SUBJECT = "Database check of a Warden server ($DOMAIN_NAME)";
 
 #-------------------------------------------------------------------------------
-# email_subject - ...
+# EMAIL_SERVER_CONF - path and params of an email server for reports sending
 #-------------------------------------------------------------------------------
-$email_subject = "Database check of a Warden server ($domain_name)";
+$EMAIL_SERVER_CONF = '|/usr/sbin/sendmail -oi -t';
 
 #-------------------------------------------------------------------------------
-# email_server_conf - path and params of an email server for reports sending
+# SQL_PRECONDITION - array of procedures which are executed "before" main action
 #-------------------------------------------------------------------------------
-$email_server_conf = '|/usr/sbin/sendmail -oi -t';
-
-#-------------------------------------------------------------------------------
-# sql_precondition - array of procedures which are executed "before" main action
-#-------------------------------------------------------------------------------
-@sql_precondition = ('DROP FUNCTION IF EXISTS iptest;', 'CREATE FUNCTION iptest(ip VARCHAR(15)) RETURNS TINYINT(1) DETERMINISTIC
+@SQL_PRECONDITION = ('DROP FUNCTION IF EXISTS iptest;', 'CREATE FUNCTION iptest(ip VARCHAR(15)) RETURNS TINYINT(1) DETERMINISTIC
 BEGIN
  SET @nip = INET_ATON(ip);
  IF(
@@ -55,7 +50,7 @@ BEGIN
 END;');
 
 #-------------------------------------------------------------------------------
-# sql_queries - array of hashes of actions for the WardenWatchdog script.
+# SQL_QUERIES - array of hashes of actions for the WardenWatchdog script.
 #               Each action has three followin parts:
 #               query   => sql query of an action (check) on Warden database
 #               text    => body of an email which is send to a admin of an client
@@ -63,13 +58,13 @@ END;');
 #               contact => contact for message, which overrides contact collumn
 #                          in a database table.
 #-------------------------------------------------------------------------------
-@sql_queries = (
- {query => "SELECT hostname, service, MAX(received) FROM events WHERE valid = 't' GROUP BY hostname, service ORDER BY MAX(received) ASC;", text => "These clients do not report any events for a long time. It is possible, that they are misconfigured or not running.", contact => "$contact"},
- {query => "SELECT clients.* FROM clients JOIN events ON clients.service=events.service WHERE events.detected > '$date' AND NOT FIND_IN_SET(events.type, 'portscan,bruteforce,probe,spam,phishing,botnet_c_c,dos,malware,copyright,webattack,test,other') AND events.valid = 't' GROUP BY requestor;", text => "Following client(s) report unsupported or obsolete type of event to a Warden server.", contact => "$contact"},
- {query => "SELECT hostname, service, type, COUNT(*) FROM events WHERE detected - received > 0 AND received > '$date' GROUP BY hostname, service, type;", text => "Following client(s) report events to a Warden server with a timestamp from future. Server timestamp (received) has to be always greater or equal to a timestam of detection.", contact => "$contact"},
- {query => "SELECT hostname, service, received, source, count(source) AS c, min(received), max(received) FROM events WHERE valid = 't' AND source_type = 'IP' AND iptest(source) GROUP BY hostname, service, source ORDER BY c DESC;", text => "Following client(s) report events to a Warden server with a private or invalid IPv4 address.", contact => "$contact"});
+@SQL_QUERIES = (
+ {query => "SELECT hostname, service, MAX(received) FROM events WHERE valid = 't' GROUP BY hostname, service ORDER BY MAX(received) ASC;", text => "These clients do not report any events for a long time. It is possible, that they are misconfigured or not running.", contact => "jakubcegan@cesnet.cz, ph@cesnet.cz"},
+ {query => "SELECT clients.* FROM clients JOIN events ON clients.service=events.service WHERE events.detected > '$date' AND NOT FIND_IN_SET(events.type, 'portscan,bruteforce,probe,spam,phishing,botnet_c_c,dos,malware,copyright,webattack,test,other') AND events.valid = 't' GROUP BY requestor;", text => "Following client(s) report unsupported or obsolete type of event to a Warden server.", contact => "jakubcegan@cesnet.cz, ph@cesnet.cz"},
+ {query => "SELECT hostname, service, type, COUNT(*) FROM events WHERE detected - received > 0 AND received > '$date' GROUP BY hostname, service, type;", text => "Following client(s) report events to a Warden server with a timestamp from future. Server timestamp (received) has to be always greater or equal to a timestam of detection.", contact => "jakubcegan@cesnet.cz, ph@cesnet.cz"},
+ {query => "SELECT hostname, service, received, source, count(source) AS c, min(received), max(received) FROM events WHERE valid = 't' AND source_type = 'IP' AND iptest(source) GROUP BY hostname, service, source ORDER BY c DESC;", text => "Following client(s) report events to a Warden server with a private or invalid IPv4 address.", contact => "jakubcegan@cesnet.cz, ph@cesnet.cz"});
 
 #-------------------------------------------------------------------------------
-# sql_postcondition - array of procedures which are executed "after" main action
+# SQL_POSTCONDITION - array of procedures which are executed "after" main action
 #-------------------------------------------------------------------------------
-@sql_postcondition = ('DROP FUNCTION IF EXISTS iptest;');
+@SQL_POSTCONDITION = ('DROP FUNCTION IF EXISTS iptest;');

src/warden-server/lib/WardenCommon.pm

@@ -83,20 +83,20 @@ sub sendMsg
 #-------------------------------------------------------------------------------
 # loadConf - load configuration file
 #-------------------------------------------------------------------------------
-sub loadConf 
+sub loadConf
 {
-  my $conf_file	= shift;
+  my $conf_file = shift;
 
-  our $BASEDIR		= undef;
-  our $SYSLOG		= undef;
-  our $SYSLOG_VERBOSE	= undef;
-  our $SYSLOG_FACILITY	= undef;
+  our $BASEDIR          = undef;
+  our $SYSLOG           = undef;
+  our $SYSLOG_VERBOSE   = undef;
+  our $SYSLOG_FACILITY  = undef;
   our $DB_NAME          = undef;
   our $DB_USER          = undef;
   our $DB_PASS          = undef;
   our $DB_HOST          = undef;
-  our $MAX_EVENTS_LIMIT	= 1000000;
-  our %VALID_STRINGS 	= ();
+  our $MAX_EVENTS_LIMIT = 1000000;
+  our %VALID_STRINGS  = ();
   unless (do $conf_file) {
     die("Errors in config file '$conf_file': $@") if $@;
     die("Can't read config file '$conf_file': $!") unless defined $_;
@@ -110,10 +110,10 @@ sub loadConf
 #-------------------------------------------------------------------------------
 sub connectDB
 {
-  my $db_name	= shift;
-  my $db_host	= shift;
-  my $db_user	= shift;
-  my $db_pass	= shift;
+  my $db_name = shift;
+  my $db_host = shift;
+  my $db_user = shift;
+  my $db_pass = shift;
 
   my $dbh = DBI->connect("DBI:mysql:database=$db_name;host=$db_host",$db_user, $db_pass, {RaiseError => 1, mysql_auto_reconnect => 1}) || die "Could not connect to database '$db_name' at '$db_host': $DBI::errstr";
   return $dbh;