diff --git a/packages/TODO.zcu b/packages/TODO.zcu
new file mode 100644
index 0000000000000000000000000000000000000000..e12f02a4d0b5f06c57b09427bd66c4a4a81f7487
--- /dev/null
+++ b/packages/TODO.zcu
@@ -0,0 +1,6 @@
+* sjednotit warden-client.conf a warden-server.conf
+* ipv6
+* zrusit vsude licence a nahradit jedinym radkem s odkazem
+* generovani konfiguracnich souboru z template z balicku a ne primo ze shell skriptu
+* verze klienta a serveru jsou mimo sync coz je osklive, proc mam pouzivat c1.1.1 a s0.1.1 ? to nedava smysl ...
+
diff --git a/packages/build-client.sh b/packages/build-client.sh
index ae7b4666c885319df38c77648d30de6c10d9a70c..dfe9a89374faaf8273413019f283401b92c1cd16 100755
--- a/packages/build-client.sh
+++ b/packages/build-client.sh
@@ -52,7 +52,7 @@ err()
#-------------------------------------------------------------------------------
# edit when you build new package
-version="1.2.0"
+version="2.0.0-beta"
package_name="warden-client"
package="$package_name-$version"
diff --git a/packages/build-server.sh b/packages/build-server.sh
index 8170883ecec267057e48c7a6db69c8bc36aa4983..8e4fdedba61c75c13da94165fff69dbfc8e51b0c 100755
--- a/packages/build-server.sh
+++ b/packages/build-server.sh
@@ -49,7 +49,7 @@ err()
#-------------------------------------------------------------------------------
# edit when you build new package
-version="0.1.0"
+version="0.1.1"
package_name="warden-server"
package="$package_name-$version"
@@ -74,6 +74,8 @@ cp ../src/$package_name/doc/CHANGELOG $package 2> $err || err
cp ../src/$package_name/doc/INSTALL $package 2> $err || err
cp ../src/$package_name/doc/LICENSE $package 2> $err || err
cp ../src/$package_name/doc/README $package 2> $err || err
+cp ../src/$package_name/doc/README.warden-apache $package 2> $err || err
+
echo "OK"
echo -n "Building '$bin' directory ... "
@@ -90,6 +92,7 @@ echo "OK"
echo -n "Building '$etc' directory ... "
mkdir -p $etc 2> $err || err
cp ../src/$package_name/etc/package_version $etc 2> $err || err
+cp ../src/$package_name/etc/warden-apache.conf $etc 2> $err || err
echo "OK"
echo -n "Building '$lib' directory ... "
diff --git a/packages/warden-client-2.0.0-beta.tar.gz b/packages/warden-client-2.0.0-beta.tar.gz
new file mode 100644
index 0000000000000000000000000000000000000000..0f5ad73a7d993512f9352090408df44eff7d4a55
Binary files /dev/null and b/packages/warden-client-2.0.0-beta.tar.gz differ
diff --git a/packages/warden-client-2.0.0-beta.tar.gz.sig b/packages/warden-client-2.0.0-beta.tar.gz.sig
new file mode 100644
index 0000000000000000000000000000000000000000..1a4783f66d0a102b767f1aec1f66e89e061e16d3
--- /dev/null
+++ b/packages/warden-client-2.0.0-beta.tar.gz.sig
@@ -0,0 +1 @@
+c2d0cc933a689504f4146debbd6046dfd4773f7f warden-client-2.0.0-beta.tar.gz
diff --git a/src/meta/README b/src/meta/README
new file mode 100644
index 0000000000000000000000000000000000000000..a884efab6135abd6b33d5f1cd13c76444272f147
--- /dev/null
+++ b/src/meta/README
@@ -0,0 +1,11 @@
+* customize wrapper's clown computing nodes selector
+** set SERVER, IP, BASE (2x) variables in scripts
+** http://meta.cesnet.cz/wiki/Pl%C3%A1novac%C3%AD_syst%C3%A9m_-_detailn%C3%AD_popis
+* connect to any job submitter frontend (arda, skirit, ...)
+** submit a job `qsub wtw-lenny-meta.sh`
+** monitor it `qstat -u $USER`
+
+* populate clients table
+** set USER, PASS, DB (other/importMetaClients.sh)
+** 'meta-nodes' must be in the same directory
+** run;)
diff --git a/src/meta/other/importMetaClients.sh b/src/meta/other/importMetaClients.sh
new file mode 100755
index 0000000000000000000000000000000000000000..e4c3b28937b7e3b1ede2150cc6c7fcc94581ce2e
--- /dev/null
+++ b/src/meta/other/importMetaClients.sh
@@ -0,0 +1,16 @@
+#!/bin/bash
+
+USER=""
+PASS=""
+DB="warden"
+
+if [ -z $PASS ]; then
+ MYSQL_CMD="mysql -u$USER $DB";
+else
+ MYSQL_CMD="mysql -u$USER -p$PASS $DB";
+fi
+
+for host in `cat meta-nodes`; do
+ IP=`host $host | grep -v 'handle' | awk '{print $4}'`
+ echo "INSERT INTO clients VALUES (NULL, '$host', now(),'automatic', 'test', 's', NULL, 'n', 'bruteforce', '$IP/32');" | $MYSQL_CMD
+done
diff --git a/src/meta/other/meta-nodes b/src/meta/other/meta-nodes
new file mode 100644
index 0000000000000000000000000000000000000000..cb51ccca580f42a47187c8b062ed3c20a18301e2
--- /dev/null
+++ b/src/meta/other/meta-nodes
@@ -0,0 +1,802 @@
+tarkil10-1.cesnet.cz
+tarkil10-2.cesnet.cz
+tarkil11-1.cesnet.cz
+tarkil11-2.cesnet.cz
+tarkil12-1.cesnet.cz
+tarkil12-2.cesnet.cz
+tarkil13-1.cesnet.cz
+tarkil13-2.cesnet.cz
+tarkil14-1.cesnet.cz
+tarkil14-2.cesnet.cz
+tarkil15-1.cesnet.cz
+tarkil15-2.cesnet.cz
+tarkil17-1.cesnet.cz
+tarkil17-2.cesnet.cz
+tarkil18-1.cesnet.cz
+tarkil18-2.cesnet.cz
+tarkil19-1.cesnet.cz
+tarkil19-2.cesnet.cz
+tarkil20-1.cesnet.cz
+tarkil20-2.cesnet.cz
+tarkil21-1.cesnet.cz
+tarkil21-2.cesnet.cz
+tarkil22-1.cesnet.cz
+tarkil22-2.cesnet.cz
+tarkil23-1.cesnet.cz
+tarkil23-2.cesnet.cz
+tarkil24-1.cesnet.cz
+tarkil24-2.cesnet.cz
+tarkil25-1.cesnet.cz
+tarkil25-2.cesnet.cz
+tarkil26-1.cesnet.cz
+tarkil26-2.cesnet.cz
+tarkil27-1.cesnet.cz
+tarkil27-2.cesnet.cz
+tarkil5-1.cesnet.cz
+tarkil5-2.cesnet.cz
+tarkil7-1.cesnet.cz
+tarkil7-2.cesnet.cz
+tarkil9-1.cesnet.cz
+tarkil9-2.cesnet.cz
+konos20-1.fav.zcu.cz
+perian55-1.ncbr.muni.cz
+skirit51-1.ics.muni.cz
+skirit51-2.ics.muni.cz
+skirit52-1.ics.muni.cz
+skirit52-2.ics.muni.cz
+skirit53-1.ics.muni.cz
+skirit53-2.ics.muni.cz
+skirit54-1.ics.muni.cz
+skirit54-2.ics.muni.cz
+skirit55-1.ics.muni.cz
+skirit55-2.ics.muni.cz
+skirit56-1.ics.muni.cz
+skirit56-2.ics.muni.cz
+skirit57-1.ics.muni.cz
+skirit57-2.ics.muni.cz
+skirit58-1.ics.muni.cz
+skirit58-2.ics.muni.cz
+skirit59-1.ics.muni.cz
+skirit59-2.ics.muni.cz
+skirit60-1.ics.muni.cz
+skirit60-2.ics.muni.cz
+skirit61-1.ics.muni.cz
+skirit61-2.ics.muni.cz
+skirit62-1.ics.muni.cz
+skirit62-2.ics.muni.cz
+skirit63-1.ics.muni.cz
+skirit63-2.ics.muni.cz
+skirit64-1.ics.muni.cz
+skirit64-2.ics.muni.cz
+skirit65-1.ics.muni.cz
+skirit65-2.ics.muni.cz
+skirit67-1.ics.muni.cz
+skirit67-2.ics.muni.cz
+skirit68-1.ics.muni.cz
+skirit68-2.ics.muni.cz
+skirit69-1.ics.muni.cz
+skirit69-2.ics.muni.cz
+skirit70-1.ics.muni.cz
+skirit70-2.ics.muni.cz
+skirit71-1.ics.muni.cz
+skirit71-2.ics.muni.cz
+skirit72-1.ics.muni.cz
+skirit72-2.ics.muni.cz
+skirit73-1.ics.muni.cz
+skirit73-2.ics.muni.cz
+skirit74-1.ics.muni.cz
+skirit74-2.ics.muni.cz
+skirit75-1.ics.muni.cz
+skirit75-2.ics.muni.cz
+skirit76-1.ics.muni.cz
+skirit76-2.ics.muni.cz
+skirit77-1.ics.muni.cz
+skirit77-2.ics.muni.cz
+skirit78-1.ics.muni.cz
+skirit78-2.ics.muni.cz
+skirit79-1.ics.muni.cz
+skirit79-2.ics.muni.cz
+skirit84-1.ics.muni.cz
+skirit84-2.ics.muni.cz
+perian10-1.ncbr.muni.cz
+perian10-2.ncbr.muni.cz
+perian11-1.ncbr.muni.cz
+perian11-2.ncbr.muni.cz
+perian1-1.ncbr.muni.cz
+perian12-1.ncbr.muni.cz
+perian12-2.ncbr.muni.cz
+perian1-2.ncbr.muni.cz
+perian13-1.ncbr.muni.cz
+perian13-2.ncbr.muni.cz
+perian14-1.ncbr.muni.cz
+perian14-2.ncbr.muni.cz
+perian15-1.ncbr.muni.cz
+perian15-2.ncbr.muni.cz
+perian16-1.ncbr.muni.cz
+perian16-2.ncbr.muni.cz
+perian17-1.ncbr.muni.cz
+perian17-2.ncbr.muni.cz
+perian18-1.ncbr.muni.cz
+perian18-2.ncbr.muni.cz
+perian19-1.ncbr.muni.cz
+perian19-2.ncbr.muni.cz
+perian20-1.ncbr.muni.cz
+perian20-2.ncbr.muni.cz
+perian21-1.ncbr.muni.cz
+perian21-2.ncbr.muni.cz
+perian2-1.ncbr.muni.cz
+perian22-1.ncbr.muni.cz
+perian22-2.ncbr.muni.cz
+perian2-2.ncbr.muni.cz
+perian23-1.ncbr.muni.cz
+perian23-2.ncbr.muni.cz
+perian24-1.ncbr.muni.cz
+perian24-2.ncbr.muni.cz
+perian25-1.ncbr.muni.cz
+perian25-2.ncbr.muni.cz
+perian26-1.ncbr.muni.cz
+perian26-2.ncbr.muni.cz
+perian27-1.ncbr.muni.cz
+perian27-2.ncbr.muni.cz
+perian28-1.ncbr.muni.cz
+perian28-2.ncbr.muni.cz
+perian29-1.ncbr.muni.cz
+perian29-2.ncbr.muni.cz
+perian30-1.ncbr.muni.cz
+perian30-2.ncbr.muni.cz
+perian31-1.ncbr.muni.cz
+perian31-2.ncbr.muni.cz
+perian3-1.ncbr.muni.cz
+perian32-1.ncbr.muni.cz
+perian32-2.ncbr.muni.cz
+perian3-2.ncbr.muni.cz
+perian33-1.ncbr.muni.cz
+perian33-2.ncbr.muni.cz
+perian34-1.ncbr.muni.cz
+perian34-2.ncbr.muni.cz
+perian35-1.ncbr.muni.cz
+perian35-2.ncbr.muni.cz
+perian36-1.ncbr.muni.cz
+perian36-2.ncbr.muni.cz
+perian37-1.ncbr.muni.cz
+perian37-2.ncbr.muni.cz
+perian38-1.ncbr.muni.cz
+perian38-2.ncbr.muni.cz
+perian39-1.ncbr.muni.cz
+perian39-2.ncbr.muni.cz
+perian40-1.ncbr.muni.cz
+perian40-2.ncbr.muni.cz
+perian4-1.ncbr.muni.cz
+perian4-2.ncbr.muni.cz
+perian5-1.ncbr.muni.cz
+perian5-2.ncbr.muni.cz
+perian6-1.ncbr.muni.cz
+perian6-2.ncbr.muni.cz
+perian7-1.ncbr.muni.cz
+perian7-2.ncbr.muni.cz
+perian8-1.ncbr.muni.cz
+perian8-2.ncbr.muni.cz
+perian9-1.ncbr.muni.cz
+perian9-2.ncbr.muni.cz
+loslab1-1.ics.muni.cz
+loslab1-2.ics.muni.cz
+loslab2-1.ics.muni.cz
+loslab2-2.ics.muni.cz
+loslab3-1.ics.muni.cz
+loslab3-2.ics.muni.cz
+loslab4-1.ics.muni.cz
+loslab4-2.ics.muni.cz
+loslab5-1.ics.muni.cz
+loslab5-2.ics.muni.cz
+loslab6-1.ics.muni.cz
+loslab6-2.ics.muni.cz
+manwe3.ics.muni.cz
+manwe4.ics.muni.cz
+loslab1.ics.muni.cz
+loslab2.ics.muni.cz
+loslab3.ics.muni.cz
+loslab4.ics.muni.cz
+loslab5.ics.muni.cz
+loslab6.ics.muni.cz
+perian55-2.ncbr.muni.cz
+skirit50.ics.muni.cz
+skirit51.ics.muni.cz
+skirit52.ics.muni.cz
+skirit53.ics.muni.cz
+skirit54.ics.muni.cz
+skirit55.ics.muni.cz
+skirit56.ics.muni.cz
+skirit57.ics.muni.cz
+skirit58.ics.muni.cz
+skirit59.ics.muni.cz
+skirit60.ics.muni.cz
+skirit61.ics.muni.cz
+skirit62.ics.muni.cz
+skirit63.ics.muni.cz
+skirit64.ics.muni.cz
+skirit65.ics.muni.cz
+skirit66.ics.muni.cz
+skirit67.ics.muni.cz
+skirit68.ics.muni.cz
+skirit69.ics.muni.cz
+skirit70.ics.muni.cz
+skirit71.ics.muni.cz
+skirit72.ics.muni.cz
+skirit73.ics.muni.cz
+skirit74.ics.muni.cz
+skirit75.ics.muni.cz
+skirit76.ics.muni.cz
+skirit77.ics.muni.cz
+skirit78.ics.muni.cz
+skirit79.ics.muni.cz
+skirit80.ics.muni.cz
+skirit84.ics.muni.cz
+perian10.ncbr.muni.cz
+perian11.ncbr.muni.cz
+perian12.ncbr.muni.cz
+perian13.ncbr.muni.cz
+perian14.ncbr.muni.cz
+perian15.ncbr.muni.cz
+perian16.ncbr.muni.cz
+perian17.ncbr.muni.cz
+perian18.ncbr.muni.cz
+perian19.ncbr.muni.cz
+perian1.ncbr.muni.cz
+perian20.ncbr.muni.cz
+perian21.ncbr.muni.cz
+perian22.ncbr.muni.cz
+perian23.ncbr.muni.cz
+perian24.ncbr.muni.cz
+perian25.ncbr.muni.cz
+perian26.ncbr.muni.cz
+perian27.ncbr.muni.cz
+perian28.ncbr.muni.cz
+perian29.ncbr.muni.cz
+perian2.ncbr.muni.cz
+perian30.ncbr.muni.cz
+perian31.ncbr.muni.cz
+perian32.ncbr.muni.cz
+perian33.ncbr.muni.cz
+perian34.ncbr.muni.cz
+perian35.ncbr.muni.cz
+perian36.ncbr.muni.cz
+perian37.ncbr.muni.cz
+perian38.ncbr.muni.cz
+perian39.ncbr.muni.cz
+perian3.ncbr.muni.cz
+perian40.ncbr.muni.cz
+perian4.ncbr.muni.cz
+perian5.ncbr.muni.cz
+perian6.ncbr.muni.cz
+perian7.ncbr.muni.cz
+perian8.ncbr.muni.cz
+perian9.ncbr.muni.cz
+tarkil10.cesnet.cz
+tarkil11.cesnet.cz
+tarkil12.cesnet.cz
+tarkil13.cesnet.cz
+tarkil14.cesnet.cz
+tarkil15.cesnet.cz
+tarkil17.cesnet.cz
+tarkil18.cesnet.cz
+tarkil19.cesnet.cz
+tarkil20.cesnet.cz
+tarkil21.cesnet.cz
+tarkil22.cesnet.cz
+tarkil23.cesnet.cz
+tarkil24.cesnet.cz
+tarkil25.cesnet.cz
+tarkil26.cesnet.cz
+tarkil27.cesnet.cz
+tarkil5.cesnet.cz
+tarkil7.cesnet.cz
+tarkil9.cesnet.cz
+konos10.fav.zcu.cz
+konos1.fav.zcu.cz
+konos2.fav.zcu.cz
+konos3.fav.zcu.cz
+konos4.fav.zcu.cz
+konos5.fav.zcu.cz
+konos6.fav.zcu.cz
+konos7.fav.zcu.cz
+konos8.fav.zcu.cz
+konos9.fav.zcu.cz
+tarkil8-1.cesnet.cz
+tarkil8-2.cesnet.cz
+tarkil8.cesnet.cz
+alela1-1.feec.vutbr.cz
+alela1-2.feec.vutbr.cz
+alela1.feec.vutbr.cz
+alela10-1.feec.vutbr.cz
+alela10-2.feec.vutbr.cz
+alela10.feec.vutbr.cz
+alela11-1.feec.vutbr.cz
+alela11-2.feec.vutbr.cz
+alela11.feec.vutbr.cz
+alela12-1.feec.vutbr.cz
+alela12-2.feec.vutbr.cz
+alela12.feec.vutbr.cz
+alela2-1.feec.vutbr.cz
+alela2-2.feec.vutbr.cz
+alela2.feec.vutbr.cz
+alela3-1.feec.vutbr.cz
+alela3-2.feec.vutbr.cz
+alela3.feec.vutbr.cz
+alela4-1.feec.vutbr.cz
+alela4-2.feec.vutbr.cz
+alela4.feec.vutbr.cz
+alela5-1.feec.vutbr.cz
+alela5-2.feec.vutbr.cz
+alela5.feec.vutbr.cz
+alela6-1.feec.vutbr.cz
+alela6-2.feec.vutbr.cz
+alela6.feec.vutbr.cz
+alela7-1.feec.vutbr.cz
+alela7-2.feec.vutbr.cz
+alela7.feec.vutbr.cz
+alela8-1.feec.vutbr.cz
+alela8-2.feec.vutbr.cz
+alela8.feec.vutbr.cz
+alela9-1.feec.vutbr.cz
+alela9-2.feec.vutbr.cz
+alela9.feec.vutbr.cz
+konos15-1.fav.zcu.cz
+konos15-2.fav.zcu.cz
+konos15.fav.zcu.cz
+konos17-1.fav.zcu.cz
+konos17-2.fav.zcu.cz
+konos17.fav.zcu.cz
+konos18-1.fav.zcu.cz
+konos18-2.fav.zcu.cz
+konos18.fav.zcu.cz
+konos20-2.fav.zcu.cz
+konos20.fav.zcu.cz
+konos22-1.fav.zcu.cz
+konos22-2.fav.zcu.cz
+konos22.fav.zcu.cz
+konos27-1.fav.zcu.cz
+konos27-2.fav.zcu.cz
+konos27.fav.zcu.cz
+konos30-1.fav.zcu.cz
+konos30-2.fav.zcu.cz
+konos30.fav.zcu.cz
+konos34-1.fav.zcu.cz
+konos34-2.fav.zcu.cz
+konos34.fav.zcu.cz
+hermes05-1.prf.jcu.cz
+hermes05-2.prf.jcu.cz
+hermes05.prf.jcu.cz
+orca1-1.ics.muni.cz
+orca1-2.ics.muni.cz
+orca1.ics.muni.cz
+orca10-1.ics.muni.cz
+orca10-2.ics.muni.cz
+orca10.ics.muni.cz
+orca11-1.ics.muni.cz
+orca11-2.ics.muni.cz
+orca11.ics.muni.cz
+orca12-1.ics.muni.cz
+orca12-2.ics.muni.cz
+orca12.ics.muni.cz
+orca13-1.ics.muni.cz
+orca13-2.ics.muni.cz
+orca13.ics.muni.cz
+orca14-1.ics.muni.cz
+orca14-2.ics.muni.cz
+orca14.ics.muni.cz
+orca15-1.ics.muni.cz
+orca15-2.ics.muni.cz
+orca15.ics.muni.cz
+orca16-1.ics.muni.cz
+orca16-2.ics.muni.cz
+orca16.ics.muni.cz
+orca17-1.ics.muni.cz
+orca17-2.ics.muni.cz
+orca17.ics.muni.cz
+orca18-1.ics.muni.cz
+orca18-2.ics.muni.cz
+orca18.ics.muni.cz
+orca2-1.ics.muni.cz
+orca2-2.ics.muni.cz
+orca2.ics.muni.cz
+orca3-1.ics.muni.cz
+orca3-2.ics.muni.cz
+orca3.ics.muni.cz
+orca5-1.ics.muni.cz
+orca5-2.ics.muni.cz
+orca5.ics.muni.cz
+orca6-1.ics.muni.cz
+orca6-2.ics.muni.cz
+orca6.ics.muni.cz
+orca7-1.ics.muni.cz
+orca7-2.ics.muni.cz
+orca7.ics.muni.cz
+orca8-1.ics.muni.cz
+orca8-2.ics.muni.cz
+orca8.ics.muni.cz
+orca9-1.ics.muni.cz
+orca9-2.ics.muni.cz
+orca9.ics.muni.cz
+quark11-1.video.muni.cz
+quark11-2.video.muni.cz
+quark11.video.muni.cz
+quark12-1.video.muni.cz
+quark12-2.video.muni.cz
+quark12.video.muni.cz
+quark13-1.video.muni.cz
+quark13-2.video.muni.cz
+quark13.video.muni.cz
+quark14-1.video.muni.cz
+quark14-2.video.muni.cz
+quark14.video.muni.cz
+quark15-1.video.muni.cz
+quark15-2.video.muni.cz
+quark15.video.muni.cz
+quark6-1.video.muni.cz
+quark6-2.video.muni.cz
+quark6.video.muni.cz
+quark7-1.video.muni.cz
+quark7-2.video.muni.cz
+quark7.video.muni.cz
+hermes07-1.prf.jcu.cz
+hermes07-2.prf.jcu.cz
+hermes07.prf.jcu.cz
+hermes08-1.prf.jcu.cz
+hermes08-2.prf.jcu.cz
+hermes08.prf.jcu.cz
+hermes09-1.prf.jcu.cz
+hermes09-2.prf.jcu.cz
+hermes09.prf.jcu.cz
+hermes10-1.prf.jcu.cz
+hermes10-2.prf.jcu.cz
+hermes10.prf.jcu.cz
+hermes03-1.prf.jcu.cz
+hermes03-2.prf.jcu.cz
+hermes03.prf.jcu.cz
+konos37-1.fav.zcu.cz
+konos37-2.fav.zcu.cz
+konos37.fav.zcu.cz
+tarkil1-1.cesnet.cz
+tarkil1-2.cesnet.cz
+tarkil1.cesnet.cz
+nympha1-1.zcu.cz
+nympha1-2.zcu.cz
+nympha1.zcu.cz
+nympha2-1.zcu.cz
+nympha2-2.zcu.cz
+nympha2.zcu.cz
+nympha3-1.zcu.cz
+nympha3-2.zcu.cz
+nympha3.zcu.cz
+nympha4-1.zcu.cz
+nympha4-2.zcu.cz
+nympha4.zcu.cz
+nympha5-1.zcu.cz
+nympha5-2.zcu.cz
+nympha5.zcu.cz
+nympha6-1.zcu.cz
+nympha6-2.zcu.cz
+nympha6.zcu.cz
+nympha7-1.zcu.cz
+nympha7-2.zcu.cz
+nympha7.zcu.cz
+nympha8-1.zcu.cz
+nympha8-2.zcu.cz
+nympha8.zcu.cz
+nympha9-1.zcu.cz
+nympha9-2.zcu.cz
+nympha9.zcu.cz
+hermes06-1.prf.jcu.cz
+hermes06-2.prf.jcu.cz
+hermes06.prf.jcu.cz
+quark9-1.video.muni.cz
+quark9-2.video.muni.cz
+quark9.video.muni.cz
+konos16-1.fav.zcu.cz
+konos16-2.fav.zcu.cz
+konos16.fav.zcu.cz
+konos24-1.fav.zcu.cz
+konos24-2.fav.zcu.cz
+konos24.fav.zcu.cz
+konos26-1.fav.zcu.cz
+konos26-2.fav.zcu.cz
+konos26.fav.zcu.cz
+konos36-1.fav.zcu.cz
+konos36-2.fav.zcu.cz
+konos36.fav.zcu.cz
+nympha10-1.zcu.cz
+nympha10-2.zcu.cz
+nympha10.zcu.cz
+tarkil16-1.cesnet.cz
+tarkil16-2.cesnet.cz
+tarkil16.cesnet.cz
+tarkil2-1.cesnet.cz
+tarkil2-2.cesnet.cz
+tarkil2.cesnet.cz
+ajax.zcu.cz
+eru1.ruk.cuni.cz
+eru2.ruk.cuni.cz
+hermes02-1.prf.jcu.cz
+hermes02-2.prf.jcu.cz
+hermes02.prf.jcu.cz
+nympha12-1.zcu.cz
+nympha12-2.zcu.cz
+nympha12.zcu.cz
+nympha13-1.zcu.cz
+nympha13-2.zcu.cz
+nympha13.zcu.cz
+nympha15-1.zcu.cz
+nympha15-2.zcu.cz
+nympha15.zcu.cz
+nympha16-1.zcu.cz
+nympha16-2.zcu.cz
+nympha16.zcu.cz
+nympha17-1.zcu.cz
+nympha17-2.zcu.cz
+nympha17.zcu.cz
+nympha19-1.zcu.cz
+nympha19-2.zcu.cz
+nympha19.zcu.cz
+quark10-1.video.muni.cz
+quark10-2.video.muni.cz
+quark10.video.muni.cz
+quark8-1.video.muni.cz
+quark8-2.video.muni.cz
+quark8.video.muni.cz
+hermes11-1.prf.jcu.cz
+hermes11-2.prf.jcu.cz
+hermes11.prf.jcu.cz
+orca4-1.ics.muni.cz
+orca4-2.ics.muni.cz
+orca4.ics.muni.cz
+hermes01-1.prf.jcu.cz
+hermes01-2.prf.jcu.cz
+hermes01.prf.jcu.cz
+quark16-1.video.muni.cz
+quark16-2.video.muni.cz
+quark16.video.muni.cz
+nympha11-1.zcu.cz
+nympha11-2.zcu.cz
+nympha11.zcu.cz
+nympha18-1.zcu.cz
+nympha18-2.zcu.cz
+nympha18.zcu.cz
+tarkil3-1.cesnet.cz
+tarkil3-2.cesnet.cz
+tarkil3.cesnet.cz
+tarkil28-1.cesnet.cz
+tarkil28-2.cesnet.cz
+tarkil28.cesnet.cz
+manwe1.ics.muni.cz
+manwe2.ics.muni.cz
+manwe5.ics.muni.cz
+manwe6.ics.muni.cz
+manwe7.ics.muni.cz
+perian55.ncbr.muni.cz
+skirit80-1.ics.muni.cz
+tarkil4-1.cesnet.cz
+tarkil4-2.cesnet.cz
+tarkil4.cesnet.cz
+tarkil6-1.cesnet.cz
+tarkil6-2.cesnet.cz
+tarkil6.cesnet.cz
+nympha14-1.zcu.cz
+nympha14-2.zcu.cz
+nympha14.zcu.cz
+skirit83.ics.muni.cz
+skirit83-1.ics.muni.cz
+skirit83-2.ics.muni.cz
+luna3.fzu.cz
+apollo1.fzu.cz
+apollo2.fzu.cz
+apollo3.fzu.cz
+perian56-1.ncbr.muni.cz
+perian56-2.ncbr.muni.cz
+perian56.ncbr.muni.cz
+perian41-1.ncbr.muni.cz
+perian41-2.ncbr.muni.cz
+perian41.ncbr.muni.cz
+perian42-1.ncbr.muni.cz
+perian42-2.ncbr.muni.cz
+perian42.ncbr.muni.cz
+perian43-1.ncbr.muni.cz
+perian43-2.ncbr.muni.cz
+perian43.ncbr.muni.cz
+perian44-1.ncbr.muni.cz
+perian44-2.ncbr.muni.cz
+perian44.ncbr.muni.cz
+perian45-1.ncbr.muni.cz
+perian45-2.ncbr.muni.cz
+perian45.ncbr.muni.cz
+perian46-1.ncbr.muni.cz
+perian46-2.ncbr.muni.cz
+perian46.ncbr.muni.cz
+perian47-1.ncbr.muni.cz
+perian47-2.ncbr.muni.cz
+perian47.ncbr.muni.cz
+perian48-1.ncbr.muni.cz
+perian48-2.ncbr.muni.cz
+perian48.ncbr.muni.cz
+perian49-1.ncbr.muni.cz
+perian49-2.ncbr.muni.cz
+perian49.ncbr.muni.cz
+perian50-1.ncbr.muni.cz
+perian50-2.ncbr.muni.cz
+perian50.ncbr.muni.cz
+perian51-1.ncbr.muni.cz
+perian51-2.ncbr.muni.cz
+perian51.ncbr.muni.cz
+perian52-1.ncbr.muni.cz
+perian52-2.ncbr.muni.cz
+perian52.ncbr.muni.cz
+perian53-1.ncbr.muni.cz
+perian53-2.ncbr.muni.cz
+perian53.ncbr.muni.cz
+perian54-1.ncbr.muni.cz
+perian54-2.ncbr.muni.cz
+perian54.ncbr.muni.cz
+skirit80-2.ics.muni.cz
+minos1.zcu.cz
+minos1-1.zcu.cz
+minos1-2.zcu.cz
+minos2.zcu.cz
+minos2-1.zcu.cz
+minos2-2.zcu.cz
+minos3.zcu.cz
+minos3-1.zcu.cz
+minos3-2.zcu.cz
+minos4.zcu.cz
+minos4-1.zcu.cz
+minos4-2.zcu.cz
+minos5.zcu.cz
+minos5-1.zcu.cz
+minos5-2.zcu.cz
+minos6.zcu.cz
+minos6-1.zcu.cz
+minos6-2.zcu.cz
+minos7.zcu.cz
+minos7-1.zcu.cz
+minos7-2.zcu.cz
+minos8.zcu.cz
+minos8-1.zcu.cz
+minos8-2.zcu.cz
+minos9.zcu.cz
+minos9-1.zcu.cz
+minos9-2.zcu.cz
+minos10.zcu.cz
+minos10-1.zcu.cz
+minos10-2.zcu.cz
+minos11.zcu.cz
+minos11-1.zcu.cz
+minos11-2.zcu.cz
+minos12.zcu.cz
+minos12-1.zcu.cz
+minos12-2.zcu.cz
+minos13.zcu.cz
+minos13-1.zcu.cz
+minos13-2.zcu.cz
+minos14.zcu.cz
+minos14-1.zcu.cz
+minos14-2.zcu.cz
+minos15.zcu.cz
+minos15-1.zcu.cz
+minos15-2.zcu.cz
+minos16.zcu.cz
+minos16-1.zcu.cz
+minos16-2.zcu.cz
+minos17.zcu.cz
+minos17-1.zcu.cz
+minos17-2.zcu.cz
+minos18.zcu.cz
+minos18-1.zcu.cz
+minos18-2.zcu.cz
+minos19.zcu.cz
+minos19-1.zcu.cz
+minos19-2.zcu.cz
+minos20.zcu.cz
+minos20-1.zcu.cz
+minos20-2.zcu.cz
+minos21.zcu.cz
+minos21-1.zcu.cz
+minos21-2.zcu.cz
+minos22.zcu.cz
+minos22-1.zcu.cz
+minos22-2.zcu.cz
+minos23.zcu.cz
+minos23-1.zcu.cz
+minos23-2.zcu.cz
+minos24.zcu.cz
+minos24-1.zcu.cz
+minos24-2.zcu.cz
+minos25.zcu.cz
+minos25-1.zcu.cz
+minos25-2.zcu.cz
+minos26.zcu.cz
+minos26-1.zcu.cz
+minos26-2.zcu.cz
+minos27.zcu.cz
+minos27-1.zcu.cz
+minos27-2.zcu.cz
+minos28.zcu.cz
+minos28-1.zcu.cz
+minos28-2.zcu.cz
+minos29.zcu.cz
+minos29-1.zcu.cz
+minos29-2.zcu.cz
+minos30.zcu.cz
+minos30-1.zcu.cz
+minos30-2.zcu.cz
+minos31.zcu.cz
+minos31-1.zcu.cz
+minos31-2.zcu.cz
+minos32.zcu.cz
+minos32-1.zcu.cz
+minos32-2.zcu.cz
+minos33.zcu.cz
+minos33-1.zcu.cz
+minos33-2.zcu.cz
+minos34.zcu.cz
+minos34-1.zcu.cz
+minos34-2.zcu.cz
+minos35.zcu.cz
+minos35-1.zcu.cz
+minos35-2.zcu.cz
+minos36.zcu.cz
+minos36-1.zcu.cz
+minos36-2.zcu.cz
+minos37.zcu.cz
+minos37-1.zcu.cz
+minos37-2.zcu.cz
+minos38.zcu.cz
+minos38-1.zcu.cz
+minos38-2.zcu.cz
+minos39.zcu.cz
+minos39-1.zcu.cz
+minos39-2.zcu.cz
+minos40.zcu.cz
+minos40-1.zcu.cz
+minos40-2.zcu.cz
+minos41.zcu.cz
+minos41-1.zcu.cz
+minos41-2.zcu.cz
+minos42.zcu.cz
+minos42-1.zcu.cz
+minos42-2.zcu.cz
+minos43.zcu.cz
+minos43-1.zcu.cz
+minos43-2.zcu.cz
+minos44.zcu.cz
+minos44-1.zcu.cz
+minos44-2.zcu.cz
+minos45.zcu.cz
+minos45-1.zcu.cz
+minos45-2.zcu.cz
+minos46.zcu.cz
+minos46-1.zcu.cz
+minos46-2.zcu.cz
+minos47.zcu.cz
+minos47-1.zcu.cz
+minos47-2.zcu.cz
+minos48.zcu.cz
+minos48-1.zcu.cz
+minos48-2.zcu.cz
+minos49.zcu.cz
+minos49-1.zcu.cz
+minos49-2.zcu.cz
+skirit66-1.ics.muni.cz
+skirit66-2.ics.muni.cz
+luna1.fzu.cz
+mandos1.ics.muni.cz
+mandos2.ics.muni.cz
+mandos3.ics.muni.cz
+mandos4.ics.muni.cz
+mandos5.ics.muni.cz
+mandos6.ics.muni.cz
+mandos7.ics.muni.cz
+mandos8.ics.muni.cz
+mandos9.ics.muni.cz
+mandos10.ics.muni.cz
+mandos11.ics.muni.cz
+mandos12.ics.muni.cz
+mandos13.ics.muni.cz
+mandos14.ics.muni.cz
diff --git a/src/meta/warden-client-meta.tgz b/src/meta/warden-client-meta.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..da544a5e0a3cede6d7741e1bb44c05d16d35439e
Binary files /dev/null and b/src/meta/warden-client-meta.tgz differ
diff --git a/src/meta/wardentest-lenny-meta.sh b/src/meta/wardentest-lenny-meta.sh
new file mode 100755
index 0000000000000000000000000000000000000000..a89860795c8de1615c1cf6f5af3a47d27931f66c
--- /dev/null
+++ b/src/meta/wardentest-lenny-meta.sh
@@ -0,0 +1,38 @@
+#!/bin/bash
+
+#IP serveru
+SERVER=""
+PORT=""
+
+#Cesta ke scriptum a zdrojakum, typicky AFS, napr. /afs/zcu.cz/users/v/vomacka/public/wardentest
+BASE=""
+
+HNAME=`hostname -f`
+
+# STAGEIN
+WDIR="/scratch/${PBS_O_LOGNAME}/wardentest.$$"
+mkdir -p $WDIR || exit 1
+cd $WDIR
+
+tar xzf $BASE/warden-client-meta.tgz
+perl -pi -e "s#\[path\]#$WDIR#" performance-sender.pm
+perl -pi -e "s#\[path\]#$WDIR#" etc/warden-client.conf
+perl -pi -e "s#\[server\]#$SERVER#" etc/warden-client.conf
+perl -pi -e "s#\[port\]#$PORT#" etc/warden-client.conf
+
+openssl req -new -nodes -keyform PEM -outform PEM -config ./ca/openssl.cnf -keyout ./ca/server-key.pem -out ./ca/server.csr -subj "/CN=$HNAME" -days 365
+openssl ca -batch -keyform PEM -passin pass:test -name client_ca -config ./ca/openssl.cnf -out ./ca/server-cert.pem -infiles ./ca/server.csr
+
+# JOB
+for i in `seq 1 1000`; do
+./performance-sender.pm test 10 &> /dev/null
+done
+
+date
+
+# STAGEOUT
+#cp p1.log $BASE/output-p1.log.$PBS_JOBID.$HNAME
+#cp p2.log $BASE/output-p2.log.$PBS_JOBID.$HNAME
+cd /tmp
+rm -rf $WDIR
+
diff --git a/src/meta/wtw-lenny-meta.sh b/src/meta/wtw-lenny-meta.sh
new file mode 100644
index 0000000000000000000000000000000000000000..dc242b8b11ba84450a26c956c463ea9c73c66f24
--- /dev/null
+++ b/src/meta/wtw-lenny-meta.sh
@@ -0,0 +1,28 @@
+#!/bin/bash
+#PBS -N wtw-lenny.sh
+#PBS -q short
+#PBS -l nodes=1:ppn=1:^cl_luna
+#PBS -j oe
+#PBS -m abe
+#
+# describtion from 'man qsub':
+# -N ... declares a name for the job. The name specified may be up to and including 15 characters in length. It
+# must consist of printable, non white space characters with the first character alphabetic.
+# -q ... defines the destination of the job (queue)
+# -l ... defines the resources that are required by the job
+# -j oe ... standard error stream of the job will be merged with the standard output stream
+# -m ace ... mail is sent anytime
+
+#in file name of which can be found in variable PBS_NODEFILE, is list of allocated machines
+echo '***PBS_NODEFILE***START*******'
+cat $PBS_NODEFILE
+echo '***PBS_NODEFILE***END*********'
+
+#Cesta ke scriptum a zdrojakum, typicky AFS, napr. /afs/zcu.cz/users/v/vomacka/public/wardentest
+BASE=""
+cd $BASE || exit 1
+
+# spusti dany prikaz na vsech pridelenych strojich
+pbsdsh -o -- bash ${BASE}/wardentest-lenny-meta.sh
+
+
diff --git a/src/warden-client/doc/AUTHORS b/src/warden-client/doc/AUTHORS
new file mode 100644
index 0000000000000000000000000000000000000000..55961f38fce4c1d8d442a572443e431c3b8c4f5a
--- /dev/null
+++ b/src/warden-client/doc/AUTHORS
@@ -0,0 +1,24 @@
+AUTHORS AND MAINTAINERS :
+
+MAIN DEVELOPERS:
+Tomas Plesnik <plesnik@ics.muni.cz>
+Jan Soukal <soukal@ics.muni.cz>
+Michal Kostenec <kostenec@civ.zcu.cz>
+
+CONTRIBUTORS:
+Vit Slama <slama@cis.vutbr.cz>
+Martin Drasar <drasar@ics.muni.cz>
+
+TESTING:
+Jakub Cegan <cegan@ics.muni.cz>
+
+DEVELOPMENT MANAGER:
+Jan Vykopal <vykopal@ics.muni.cz>
+
+PROJECT MANAGERS:
+Pavel Kacha <ph@cesnet.cz>
+Andrea Kropacova <andrea@cesnet.cz>
+
+COMMUNITY:
+Radoslav Bodo <bodik@civ.zcu.cz>
+Radomir Orkac <orkac@cesnet.cz>
diff --git a/src/warden-client/doc/CHANGELOG b/src/warden-client/doc/CHANGELOG
index 1de1f5599e6f4290c994042665ca1d4477120c23..1a7dbfc908ec4d300e3ac9ceda807aeb6487607e 100644
--- a/src/warden-client/doc/CHANGELOG
+++ b/src/warden-client/doc/CHANGELOG
@@ -1,3 +1,11 @@
+2012-05-10 v.2.0.0-beta beta version of warden-client-2.0.0
+-----------------------------------------------------------
+- Changed communication with server: HTTP layer added (compatible with
+ Apache mod_perl version of Warden server)
+- Removed Linux version check in install.sh, unistall.sh and update.sh
+- Removed shell (BASH) dependencies in install.sh, unistall.sh and update.sh
+
+
2012-03-30 v1.2.0 stable version and bugfix release of warden-client-1.1.0
--------------------------------------------------------------------------
- Fixed SSL certificate/key access privileges security issue
diff --git a/src/warden-client/doc/README b/src/warden-client/doc/README
index 777d20399be552d3a2528e33529bc357d18d928f..51cd655cd80581edd699f5f48f02959fb2970c25 100644
--- a/src/warden-client/doc/README
+++ b/src/warden-client/doc/README
@@ -1,6 +1,6 @@
-+------------------------------+
-| README - Warden Client 1.2.0 |
-+------------------------------+
++-----------------------------------+
+| README - Warden Client 2.0.0-beta |
++-----------------------------------+
Content
@@ -13,7 +13,6 @@ Content
G. Configuration
H. Integration with Local Applications
I. Functions, Arguments and Calls
- J. Authors
--------------------------------------------------------------------------------
@@ -30,7 +29,7 @@ A. Overall Information
2. Version
- 1.2.0 (2012-03-30)
+ 2.0.0-beta (2012-05-10)
3. Package structure
@@ -39,13 +38,13 @@ A. Overall Information
CHANGELOG
example-sender.pl.txt
example-receiver.pl.txt
- INSTALL
- LICENSE
- README
- README.cesnet
+ INSTALL
+ LICENSE
+ README
+ README.cesnet
etc/
warden-client.conf
- package_version
+ package_version
lib/
WardenClientConf.pm
WardenClientSend.pm
@@ -57,11 +56,11 @@ A. Overall Information
B. Installation Dependencies
Perl >= 5.10.1
- SOAP::Lite >= 0.712
- IO::Socket::SSL >= 1.33
- SOAP::Transport::TCP >= 0.712
- FindBin >= 1.50
- DateTime >= 0.61
+ SOAP::Lite >= 0.712
+ IO::Socket::SSL >= 1.33
+ SOAP::Transport::HTTP >= 0.712
+ FindBin >= 1.50
+ DateTime >= 0.61
--------------------------------------------------------------------------------
@@ -129,11 +128,11 @@ D. Installation (First installation of the Warden client package)
1. Check SHA1 checksum of corresponding Warden client package archive
- $ sha1sum -c warden-client-1.2.0.tar.gz.sig
+ $ sha1sum -c warden-client-2.0.0-beta.tar.gz.sig
2. Untar it
- $ tar xzvf warden-client-1.2.0.tar.gz
+ $ tar xzvf warden-client-2.0.0-beta.tar.gz
3. Run install.sh
@@ -189,11 +188,11 @@ E. Update (Update of previously installed the Warden client package)
1. Check SHA1 checksum of corresponding the Warden client package archive
- $ sha1sum -c warden-client-1.2.0.tar.gz.sig
+ $ sha1sum -c warden-client-2.0.0-beta.tar.gz.sig
2. Untar it
- $ tar xzvf warden-client-1.2.0.tar.gz
+ $ tar xzvf warden-client-2.0.0-beta.tar.gz
3. Run update.sh
@@ -427,12 +426,5 @@ I. Functions, Arguments and Calls
additional attribute ID - unique id of this particular event (BIGINT).
--------------------------------------------------------------------------------
-J. Authors
-
-Development: Tomas PLESNIK <plesnik@ics.muni.cz>
- Jan SOUKAL <soukal@ics.muni.cz>
Copyright (C) 2011-2012 Cesnet z.s.p.o
-
-Special thanks go to Martin Drasar from CSIRT-MU for his help and support
-in the development of the Warden system.
diff --git a/src/warden-client/doc/example-receiver.pl.txt b/src/warden-client/doc/example-receiver.pl.txt
index 2f4f92624c46ff90899f8501f93eb9840b8ee6f6..7236548d03518741f5f4f644bfc04b1b4a4c117d 100644
--- a/src/warden-client/doc/example-receiver.pl.txt
+++ b/src/warden-client/doc/example-receiver.pl.txt
@@ -1,34 +1,8 @@
#!/usr/bin/perl -w
#
# Copyright (C) 2011-2012 Cesnet z.s.p.o
-# Author(s): Tomas PLESNIK <plesnik@ics.muni.cz>
-# Jan SOUKAL <soukal@ics.muni.cz>
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions
-# are met:
-# 1. Redistributions of source code must retain the above copyright
-# notice, this list of conditions and the following disclaimer.
-# 2. Redistributions in binary form must reproduce the above copyright
-# notice, this list of conditions and the following disclaimer in
-# the documentation and/or other materials provided with the
-# distribution.
-# 3. Neither the name of the Cesnet z.s.p.o nor the names of its
-# contributors may be used to endorse or promote products derived from
-# this software without specific prior written permission.
-#
-# This software is provided ``as is'', and any express or implied
-# warranties, including, but not limited to, the implied warranties of
-# merchantability and fitness for a particular purpose are disclaimed.
-# In no event shall the Cesnet z.s.p.o or contributors be liable for
-# any direct, indirect, incidental, special, exemplary, or consequential
-# damages (including, but not limited to, procurement of substitute
-# goods or services; loss of use, data, or profits; or business
-# interruption) however caused and on any theory of liability, whether
-# in contract, strict liability, or tort (including negligence or
-# otherwise) arising in any way out of the use of this software, even
-# if advised of the possibility of such damage.
#
+# Use of this source is governed by a BSD-style license, see LICENSE file.
use strict;
diff --git a/src/warden-client/doc/example-sender.pl.txt b/src/warden-client/doc/example-sender.pl.txt
index 9e1089a380dac5461f96e905070e3c984e543055..b0988177f135a3335c6087a59e4f4181602df4ad 100644
--- a/src/warden-client/doc/example-sender.pl.txt
+++ b/src/warden-client/doc/example-sender.pl.txt
@@ -1,34 +1,8 @@
#!/usr/bin/perl -w
#
# Copyright (C) 2011-2012 Cesnet z.s.p.o
-# Author(s): Tomas PLESNIK <plesnik@ics.muni.cz>
-# Jan SOUKAL <soukal@ics.muni.cz>
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions
-# are met:
-# 1. Redistributions of source code must retain the above copyright
-# notice, this list of conditions and the following disclaimer.
-# 2. Redistributions in binary form must reproduce the above copyright
-# notice, this list of conditions and the following disclaimer in
-# the documentation and/or other materials provided with the
-# distribution.
-# 3. Neither the name of the Cesnet z.s.p.o nor the names of its
-# contributors may be used to endorse or promote products derived from
-# this software without specific prior written permission.
-#
-# This software is provided ``as is'', and any express or implied
-# warranties, including, but not limited to, the implied warranties of
-# merchantability and fitness for a particular purpose are disclaimed.
-# In no event shall the Cesnet z.s.p.o or contributors be liable for
-# any direct, indirect, incidental, special, exemplary, or consequential
-# damages (including, but not limited to, procurement of substitute
-# goods or services; loss of use, data, or profits; or business
-# interruption) however caused and on any theory of liability, whether
-# in contract, strict liability, or tort (including negligence or
-# otherwise) arising in any way out of the use of this software, even
-# if advised of the possibility of such damage.
#
+# Use of this source is governed by a BSD-style license, see LICENSE file.
use strict;
use DateTime;
diff --git a/src/warden-client/etc/package_version b/src/warden-client/etc/package_version
index bb011d5987d805b75cfd45215a9e78b44b2c8620..faa8f64f32791692b7686b61ce2aea3a8bf3a4cc 100644
--- a/src/warden-client/etc/package_version
+++ b/src/warden-client/etc/package_version
@@ -1 +1 @@
-warden-client-1.2.0
+warden-client-2.0.0-beta
diff --git a/src/warden-client/etc/warden-client.conf b/src/warden-client/etc/warden-client.conf
index 3eedc988855e6939db708ad64b3af4d81d4d4928..276b8ed18c54a9e9020cf90660538ab3fcd95fff 100644
--- a/src/warden-client/etc/warden-client.conf
+++ b/src/warden-client/etc/warden-client.conf
@@ -3,7 +3,7 @@
#
#-------------------------------------------------------------------------------
-# URI - URI address of Warden server
+# URI - URI address of Warden server
#-------------------------------------------------------------------------------
$URI = "https://warden-dev.cesnet.cz:443/Warden";
@@ -21,3 +21,4 @@ $SSL_CERT_FILE = "/opt/warden-client/etc/warden-dev.cesnet.cz.pem";
# SSL_CA_FILE - path to CA certificate file
#-------------------------------------------------------------------------------
$SSL_CA_FILE = "/etc/ssl/certs/tcs-ca-bundle.pem";
+
diff --git a/src/warden-client/lib/WardenClientConf.pm b/src/warden-client/lib/WardenClientConf.pm
index ba1f661fcf3d869f4d56bd2a636e8281e82afa57..637e046f324073e02e1d3557d598e9257145f71b 100755
--- a/src/warden-client/lib/WardenClientConf.pm
+++ b/src/warden-client/lib/WardenClientConf.pm
@@ -3,40 +3,14 @@
# WardenClientConf.pm
#
# Copyright (C) 2011-2012 Cesnet z.s.p.o
-# Author(s): Tomas PLESNIK <plesnik@ics.muni.cz>
-# Jan SOUKAL <soukal@ics.muni.cz>
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions
-# are met:
-# 1. Redistributions of source code must retain the above copyright
-# notice, this list of conditions and the following disclaimer.
-# 2. Redistributions in binary form must reproduce the above copyright
-# notice, this list of conditions and the following disclaimer in
-# the documentation and/or other materials provided with the
-# distribution.
-# 3. Neither the name of the Cesnet z.s.p.o nor the names of its
-# contributors may be used to endorse or promote products derived from
-# this software without specific prior written permission.
-#
-# This software is provided ``as is'', and any express or implied
-# warranties, including, but not limited to, the implied warranties of
-# merchantability and fitness for a particular purpose are disclaimed.
-# In no event shall the Cesnet z.s.p.o or contributors be liable for
-# any direct, indirect, incidental, special, exemplary, or consequential
-# damages (including, but not limited to, procurement of substitute
-# goods or services; loss of use, data, or profits; or business
-# interruption) however caused and on any theory of liability, whether
-# in contract, strict liability, or tort (including negligence or
-# otherwise) arising in any way out of the use of this software, even
-# if advised of the possibility of such damage.
#
+# Use of this source is governed by a BSD-style license, see LICENSE file.
package WardenClientConf;
use strict;
-our $VERSION = "1.0";
+our $VERSION = "2.0";
#-------------------------------------------------------------------------------
# loadConf - load variables from configuration file
diff --git a/src/warden-client/lib/WardenClientReceive.pm b/src/warden-client/lib/WardenClientReceive.pm
index 7888ec96d8165652b978548af2c9df44adaeaca1..4fb27b867ae89d8935e7a17f28c1ca0138a8f93e 100755
--- a/src/warden-client/lib/WardenClientReceive.pm
+++ b/src/warden-client/lib/WardenClientReceive.pm
@@ -1,45 +1,20 @@
#!/usr/bin/perl -w
-#
+#
# WardenClientReceive.pm
#
# Copyright (C) 2011-2012 Cesnet z.s.p.o
-# Author(s): Tomas PLESNIK <plesnik@ics.muni.cz>
-# Jan SOUKAL <soukal@ics.muni.cz>
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions
-# are met:
-# 1. Redistributions of source code must retain the above copyright
-# notice, this list of conditions and the following disclaimer.
-# 2. Redistributions in binary form must reproduce the above copyright
-# notice, this list of conditions and the following disclaimer in
-# the documentation and/or other materials provided with the
-# distribution.
-# 3. Neither the name of the Cesnet z.s.p.o nor the names of its
-# contributors may be used to endorse or promote products derived from
-# this software without specific prior written permission.
#
-# This software is provided ``as is'', and any express or implied
-# warranties, including, but not limited to, the implied warranties of
-# merchantability and fitness for a particular purpose are disclaimed.
-# In no event shall the Cesnet z.s.p.o or contributors be liable for
-# any direct, indirect, incidental, special, exemplary, or consequential
-# damages (including, but not limited to, procurement of substitute
-# goods or services; loss of use, data, or profits; or business
-# interruption) however caused and on any theory of liability, whether
-# in contract, strict liability, or tort (including negligence or
-# otherwise) arising in any way out of the use of this software, even
-# if advised of the possibility of such damage.
+# Use of this source is governed by a BSD-style license, see LICENSE file.
package WardenClientReceive;
use strict;
use SOAP::Lite;
use IO::Socket::SSL qw(debug1);
-use SOAP::Transport::TCP;
+use SOAP::Transport::HTTP;
use FindBin;
-our $VERSION = "1.2";
+our $VERSION = "2.0"; #first iteration after 'port to Apache'
#-------------------------------------------------------------------------------
# errMsg - print error message and die
@@ -56,28 +31,27 @@ sub errMsg
#-------------------------------------------------------------------------------
sub c2s
{
- my $uri = shift;
+ my $uri = shift;
my $ssl_key_file = shift;
my $ssl_cert_file = shift;
- my $ssl_ca_file = shift;
- my $method = shift;
- my $data = shift;
+ my $ssl_ca_file = shift;
+ my $method = shift;
+ my $data = shift;
my $client;
my ($server, $port, $service) = $uri =~ /https:\/\/(.+)\:(\d+)\/(.+)/;
- if (!($client = SOAP::Transport::TCP::Client->new(
- PeerAddr => $server,
- PeerPort => $port,
- Proto => 'tcp',
- SSL_use_cert => 1,
- SSL_verify_mode => 0x02,
- SSL_key_file => $ssl_key_file,
- SSL_cert_file => $ssl_cert_file,
- SSL_ca_file => $ssl_ca_file,
- ))) {errMsg("Sorry, unable to create socket: " . &SOAP::Transport::TCP::Client::errstr)}
+ if (!($client = SOAP::Transport::HTTP::Client->new())) {
+ errMsg("Sorry, unable to create socket: " . &SOAP::Transport::HTTP::Client::errstr)
+ }
+ $client->ssl_opts(verify_hostname => 1,
+ SSL_use_cert => 1,
+ SSL_verify_mode => 0x02,
+ SSL_key_file => $ssl_key_file,
+ SSL_cert_file => $ssl_cert_file,
+ SSL_ca_file => $ssl_ca_file);
# setting of URI and serialize SOAP envelope and data object
- my $soap = SOAP::Lite->uri($uri);
+ my $soap = SOAP::Lite->uri($service)->proxy($uri);
my $envelope;
if (!defined $data) {
$envelope = $soap->serializer->envelope(method => $method);
@@ -86,8 +60,8 @@ sub c2s
}
# setting of TCP URI and send serialized SOAP envelope and data
- my $tcp_uri = "tcp://$server:$port/$service";
- my $result = $client->send_receive(envelope => $envelope, endpoint => $tcp_uri);
+ my $server_uri = "https://$server:$port/$service";
+ my $result = $client->send_receive(envelope => $envelope, endpoint => $server_uri);
# check server response
if (!defined $result) {
@@ -101,6 +75,8 @@ sub c2s
}
+
+
#-------------------------------------------------------------------------------
# getNewEvents - get new events from warden server greater than last received ID
#-------------------------------------------------------------------------------
@@ -144,10 +120,13 @@ sub getNewEvents
# get new events from warden server DB based on gathered last ID
# create SOAP data obejct
- my $request_data = SOAP::Data->name(request => \SOAP::Data->value(
- SOAP::Data->name(REQUESTED_TYPE => $requested_type),
- SOAP::Data->name(LAST_ID => $last_id)
- ));
+ my $request_data = SOAP::Data->name(
+ request => \SOAP::Data->value(
+ SOAP::Data->name(REQUESTED_TYPE => $requested_type),
+ SOAP::Data->name(LAST_ID => $last_id)
+ )
+ );
+
# call server method getNewEvents
my $response = c2s($uri, $ssl_key_file, $ssl_cert_file, $ssl_ca_file, "getNewEvents", $request_data);
@@ -160,19 +139,19 @@ sub getNewEvents
my @event;
# parse items of one event
- $id = $response_data->{'ID'};
- $hostname = $response_data->{'HOSTNAME'};
- $service = $response_data->{'SERVICE'};
- $detected = $response_data->{'DETECTED'};
- $type = $response_data->{'TYPE'};
- $source_type = $response_data->{'SOURCE_TYPE'};
- $source = $response_data->{'SOURCE'};
- $target_proto = $response_data->{'TARGET_PROTO'};
- $target_port = $response_data->{'TARGET_PORT'};
- $attack_scale = $response_data->{'ATTACK_SCALE'};
- $note = $response_data->{'NOTE'};
- $priority = $response_data->{'PRIORITY'};
- $timeout = $response_data->{'TIMEOUT'};
+ $id = $response_data->{'ID'};
+ $hostname = $response_data->{'HOSTNAME'};
+ $service = $response_data->{'SERVICE'};
+ $detected = $response_data->{'DETECTED'};
+ $type = $response_data->{'TYPE'};
+ $source_type = $response_data->{'SOURCE_TYPE'};
+ $source = $response_data->{'SOURCE'};
+ $target_proto = $response_data->{'TARGET_PROTO'};
+ $target_port = $response_data->{'TARGET_PORT'};
+ $attack_scale = $response_data->{'ATTACK_SCALE'};
+ $note = $response_data->{'NOTE'};
+ $priority = $response_data->{'PRIORITY'};
+ $timeout = $response_data->{'TIMEOUT'};
# push new event from warden server into @events which is returned
@event = ($id, $hostname, $service, $detected, $type, $source_type, $source, $target_proto, $target_port, $attack_scale, $note, $priority, $timeout);
@@ -180,18 +159,19 @@ sub getNewEvents
# set maximum received ID from current batch
if ($id > $last_id) {
- $last_id = $id;
+ $last_id = $id;
}
- }
+ } #end of while loop
# write last return ID
- if (defined $last_id) { # must be defined for first check ID
+ if (defined $last_id) { # must be defined for first check ID
open(ID, "> $id_file") || die ("Cannot open ID file $id_file: $!");
print ID $last_id;
close ID;
}
return @events;
+
} # End of getNewEvents
1;
diff --git a/src/warden-client/lib/WardenClientSend.pm b/src/warden-client/lib/WardenClientSend.pm
index f8cac0e9be7c5d0cc41189ca8adffeeaf7f0850d..25966b09ba51c78c1f3978c5c2ab88f155a209ee 100755
--- a/src/warden-client/lib/WardenClientSend.pm
+++ b/src/warden-client/lib/WardenClientSend.pm
@@ -3,42 +3,17 @@
# WardenClientSend.pm
#
# Copyright (C) 2011-2012 Cesnet z.s.p.o
-# Author(s): Tomas PLESNIK <plesnik@ics.muni.cz>
-# Jan SOUKAL <soukal@ics.muni.cz>
#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions
-# are met:
-# 1. Redistributions of source code must retain the above copyright
-# notice, this list of conditions and the following disclaimer.
-# 2. Redistributions in binary form must reproduce the above copyright
-# notice, this list of conditions and the following disclaimer in
-# the documentation and/or other materials provided with the
-# distribution.
-# 3. Neither the name of the Cesnet z.s.p.o nor the names of its
-# contributors may be used to endorse or promote products derived from
-# this software without specific prior written permission.
-#
-# This software is provided ``as is'', and any express or implied
-# warranties, including, but not limited to, the implied warranties of
-# merchantability and fitness for a particular purpose are disclaimed.
-# In no event shall the Cesnet z.s.p.o or contributors be liable for
-# any direct, indirect, incidental, special, exemplary, or consequential
-# damages (including, but not limited to, procurement of substitute
-# goods or services; loss of use, data, or profits; or business
-# interruption) however caused and on any theory of liability, whether
-# in contract, strict liability, or tort (including negligence or
-# otherwise) arising in any way out of the use of this software, even
-# if advised of the possibility of such damage.
+# Use of this source is governed by a BSD-style license, see LICENSE file.
package WardenClientSend;
use strict;
use SOAP::Lite;
use IO::Socket::SSL qw(debug1);
-use SOAP::Transport::TCP;
+use SOAP::Transport::HTTP;
-our $VERSION = "1.1";
+our $VERSION = "2.0"; #first iteration after 'port to Apache'
#-------------------------------------------------------------------------------
@@ -56,33 +31,35 @@ sub errMsg
#-------------------------------------------------------------------------------
sub c2s
{
- my $uri = shift;
+ my $uri = shift;
my $ssl_key_file = shift;
my $ssl_cert_file = shift;
- my $ssl_ca_file = shift;
- my $method = shift;
- my $data = shift;
+ my $ssl_ca_file = shift;
+ my $method = shift;
+ my $data = shift;
- my $client;
my ($server, $port, $service) = $uri =~ /https:\/\/(.+)\:(\d+)\/(.+)/;
- if (!($client = SOAP::Transport::TCP::Client->new(
- PeerAddr => $server,
- PeerPort => $port,
- Proto => 'tcp',
- SSL_use_cert => 1,
- SSL_verify_mode => 0x02,
- SSL_key_file => $ssl_key_file,
- SSL_cert_file => $ssl_cert_file,
- SSL_ca_file => $ssl_ca_file,
- ))) {errMsg("Sorry, unable to create socket: " . &SOAP::Transport::TCP::Client::errstr)}
+
+ my $client;
+ if (!($client = SOAP::Transport::HTTP::Client->new())) {
+ errMsg("Sorry, unable to create socket: " . &SOAP::Transport::HTTP::Client::errstr)
+ }
+ $client->ssl_opts(verify_hostname => 1,
+ SSL_use_cert => 1,
+ SSL_verify_mode => 0x02,
+ SSL_key_file => $ssl_key_file,
+ SSL_cert_file => $ssl_cert_file,
+ SSL_ca_file => $ssl_ca_file);
+
# setting of URI and serialize SOAP envelope and data object
- my $soap = SOAP::Lite->uri($uri);
+ my $soap = SOAP::Lite->uri($service)->proxy($uri);
my $envelope = $soap->serializer->envelope(method => $method, $data);
# setting of TCP URI and send serialized SOAP envelope and data
- my $tcp_uri = "tcp://$server:$port/$service";
- my $result = $client->send_receive(envelope => $envelope, endpoint => $tcp_uri);
+ my $server_uri = "https://$server:$port/$service";
+
+ my $result = $client->send_receive(envelope => $envelope, endpoint => $server_uri);
# check server response
if (!defined $result) {
@@ -113,33 +90,35 @@ sub saveNewEvent
my ($uri, $ssl_key_file, $ssl_cert_file, $ssl_ca_file) = WardenClientConf::loadConf($conf_file);
# prepare variables of event
- my @event = @{$event_ref};
- my $service = $event[0];
- my $detected = $event[1];
- my $type = $event[2];
- my $source_type = $event[3];
- my $source = $event[4];
+ my @event = @{$event_ref};
+ my $service = $event[0];
+ my $detected = $event[1];
+ my $type = $event[2];
+ my $source_type = $event[3];
+ my $source = $event[4];
my $target_proto = $event[5];
- my $target_port = $event[6];
+ my $target_port = $event[6];
my $attack_scale = $event[7];
- my $note = $event[8];
- my $priority = $event[9];
- my $timeout = $event[10];
+ my $note = $event[8];
+ my $priority = $event[9];
+ my $timeout = $event[10];
# create SOAP data object
- my $event = SOAP::Data->name(event => \SOAP::Data->value(
- SOAP::Data->name(SERVICE => $service),
- SOAP::Data->name(DETECTED => $detected),
- SOAP::Data->name(TYPE => $type),
- SOAP::Data->name(SOURCE_TYPE => $source_type),
- SOAP::Data->name(SOURCE => $source),
- SOAP::Data->name(TARGET_PROTO => $target_proto),
- SOAP::Data->name(TARGET_PORT => $target_port),
- SOAP::Data->name(ATTACK_SCALE => $attack_scale),
- SOAP::Data->name(NOTE => $note),
- SOAP::Data->name(PRIORITY => $priority),
- SOAP::Data->name(TIMEOUT => $timeout)
- ));
+ my $event = SOAP::Data->name(
+ event => \SOAP::Data->value(
+ SOAP::Data->name(SERVICE => $service),
+ SOAP::Data->name(DETECTED => $detected),
+ SOAP::Data->name(TYPE => $type),
+ SOAP::Data->name(SOURCE_TYPE => $source_type),
+ SOAP::Data->name(SOURCE => $source),
+ SOAP::Data->name(TARGET_PROTO => $target_proto),
+ SOAP::Data->name(TARGET_PORT => $target_port),
+ SOAP::Data->name(ATTACK_SCALE => $attack_scale),
+ SOAP::Data->name(NOTE => $note),
+ SOAP::Data->name(PRIORITY => $priority),
+ SOAP::Data->name(TIMEOUT => $timeout)
+ )
+ );
my $result = c2s($uri, $ssl_key_file, $ssl_cert_file, $ssl_ca_file, "saveNewEvent", $event);
$result ? return 1 : return 0;
diff --git a/src/warden-client/sh/install.sh b/src/warden-client/sh/install.sh
index e7c85f8c749a7121169a8265f9e8572653555ad9..f121a99a219a690f47828541572584658ee9412d 100755
--- a/src/warden-client/sh/install.sh
+++ b/src/warden-client/sh/install.sh
@@ -3,35 +3,11 @@
# install.sh
#
# Copyright (C) 2011-2012 Cesnet z.s.p.o
-# Author(s): Tomas PLESNIK <plesnik@ics.muni.cz>
-# Jan SOUKAL <soukal@ics.muni.cz>
#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions
-# are met:
-# 1. Redistributions of source code must retain the above copyright
-# notice, this list of conditions and the following disclaimer.
-# 2. Redistributions in binary form must reproduce the above copyright
-# notice, this list of conditions and the following disclaimer in
-# the documentation and/or other materials provided with the
-# distribution.
-# 3. Neither the name of the Cesnet z.s.p.o nor the names of its
-# contributors may be used to endorse or promote products derived from
-# this software without specific prior written permission.
-#
-# This software is provided ``as is'', and any express or implied
-# warranties, including, but not limited to, the implied warranties of
-# merchantability and fitness for a particular purpose are disclaimed.
-# In no event shall the Cesnet z.s.p.o or contributors be liable for
-# any direct, indirect, incidental, special, exemplary, or consequential
-# damages (including, but not limited to, procurement of substitute
-# goods or services; loss of use, data, or profits; or business
-# interruption) however caused and on any theory of liability, whether
-# in contract, strict liability, or tort (including negligence or
-# otherwise) arising in any way out of the use of this software, even
-# if advised of the possibility of such damage.
-
-VERSION="1.2"
+# Use of this source is governed by a BSD-style license, see LICENSE file.
+
+
+VERSION="2.0"
#-------------------------------------------------------------------------------
# FUNCTIONS
@@ -87,26 +63,6 @@ err_clean()
}
-os_chck()
-{
- OS=`uname`
- if [ "$OS" != "Linux" ]; then
- echo "Sorry, unsupported operating system detected - \"${OS}\"!"
- exit 1
- fi
-}
-
-
-shell_chck()
-{
- SHELL=`echo $SHELL`
- if [ "$SHELL" != "/bin/bash" ]; then
- echo "Sorry, this script is usable in Bourne Again Shell (bash) only!"
- exit 1
- fi
-}
-
-
root_chck()
{
if [ $UID -ne 0 ]; then
@@ -279,12 +235,6 @@ change_permissions()
# list of used Perl modules
modules=(SOAP::Lite IO::Socket::SSL SOAP::Transport::TCP FindBin DateTime)
-# OS test
-os_chck
-
-# Shell test
-shell_chck
-
# read input
while getopts "d:u:k:c:a:Vh" options; do
case $options in
diff --git a/src/warden-client/sh/uninstall.sh b/src/warden-client/sh/uninstall.sh
index 38b5a05b7657e18eadf1a20a19b0aaa338afcc9c..c2b52d0c2acd5a1d6fa0f7c152935347f202270f 100755
--- a/src/warden-client/sh/uninstall.sh
+++ b/src/warden-client/sh/uninstall.sh
@@ -3,35 +3,10 @@
# uninstall.sh
#
# Copyright (C) 2011-2012 Cesnet z.s.p.o
-# Author(s): Tomas PLESNIK <plesnik@ics.muni.cz>
-# Jan SOUKAL <soukal@ics.muni.cz>
#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions
-# are met:
-# 1. Redistributions of source code must retain the above copyright
-# notice, this list of conditions and the following disclaimer.
-# 2. Redistributions in binary form must reproduce the above copyright
-# notice, this list of conditions and the following disclaimer in
-# the documentation and/or other materials provided with the
-# distribution.
-# 3. Neither the name of the Cesnet z.s.p.o nor the names of its
-# contributors may be used to endorse or promote products derived from
-# this software without specific prior written permission.
-#
-# This software is provided ``as is'', and any express or implied
-# warranties, including, but not limited to, the implied warranties of
-# merchantability and fitness for a particular purpose are disclaimed.
-# In no event shall the Cesnet z.s.p.o or contributors be liable for
-# any direct, indirect, incidental, special, exemplary, or consequential
-# damages (including, but not limited to, procurement of substitute
-# goods or services; loss of use, data, or profits; or business
-# interruption) however caused and on any theory of liability, whether
-# in contract, strict liability, or tort (including negligence or
-# otherwise) arising in any way out of the use of this software, even
-# if advised of the possibility of such damage.
-
-VERSION="1.1"
+# Use of this source is governed by a BSD-style license, see LICENSE file.
+
+VERSION="2.0"
#-------------------------------------------------------------------------------
# FUNCTIONS
@@ -84,26 +59,6 @@ err_clean()
}
-os_chck()
-{
- OS=`uname`
- if [ "$OS" != "Linux" ]; then
- echo "Sorry, unsupported operating system detected - \"${OS}\"!"
- exit 1
- fi
-}
-
-
-shell_chck()
-{
- SHELL=`echo $SHELL`
- if [ "$SHELL" != "/bin/bash" ]; then
- echo "Sorry, this script is usable in Bourne Again Shell (bash) only!"
- exit 1
- fi
-}
-
-
root_chck()
{
if [ $UID -ne 0 ]; then
@@ -187,12 +142,6 @@ while getopts "d:Vh" options; do
esac
done
-# root test
-root_chck
-
-# params test
-params_chck
-
# create variables
[[ $prefix == */ ]] && prefix="${prefix%?}" # remove last char (slash) from prefix
client_path="${prefix}/warden-client"
diff --git a/src/warden-client/sh/update.sh b/src/warden-client/sh/update.sh
index 9205d9bfe90b21ec4e9e9791e802ebd3ee303769..5590252bdbbde0598ff2b54743c8dc81e91d6923 100755
--- a/src/warden-client/sh/update.sh
+++ b/src/warden-client/sh/update.sh
@@ -3,36 +3,11 @@
# update.sh
#
# Copyright (C) 2011-2012 Cesnet z.s.p.o
-# Author(s): Tomas PLESNIK <plesnik@ics.muni.cz>
-# Jan SOUKAL <soukal@ics.muni.cz>
#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions
-# are met:
-# 1. Redistributions of source code must retain the above copyright
-# notice, this list of conditions and the following disclaimer.
-# 2. Redistributions in binary form must reproduce the above copyright
-# notice, this list of conditions and the following disclaimer in
-# the documentation and/or other materials provided with the
-# distribution.
-# 3. Neither the name of the Cesnet z.s.p.o nor the names of its
-# contributors may be used to endorse or promote products derived from
-# this software without specific prior written permission.
-#
-# This software is provided ``as is'', and any express or implied
-# warranties, including, but not limited to, the implied warranties of
-# merchantability and fitness for a particular purpose are disclaimed.
-# In no event shall the Cesnet z.s.p.o or contributors be liable for
-# any direct, indirect, incidental, special, exemplary, or consequential
-# damages (including, but not limited to, procurement of substitute
-# goods or services; loss of use, data, or profits; or business
-# interruption) however caused and on any theory of liability, whether
-# in contract, strict liability, or tort (including negligence or
-# otherwise) arising in any way out of the use of this software, even
-# if advised of the possibility of such damage.
+# Use of this source is governed by a BSD-style license, see LICENSE file.
-VERSION="1.2"
+VERSION="2.0"
#-------------------------------------------------------------------------------
# FUNCTIONS
@@ -86,26 +61,6 @@ err_clean()
}
-os_chck()
-{
- OS=`uname`
- if [ "$OS" != "Linux" ]; then
- echo "Sorry, unsupported operating system detected - \"${OS}\"!"
- exit 1
- fi
-}
-
-
-shell_chck()
-{
- SHELL=`echo $SHELL`
- if [ "$SHELL" != "/bin/bash" ]; then
- echo "Sorry, this script is usable in Bourne Again Shell (bash) only!"
- exit 1
- fi
-}
-
-
root_chck()
{
if [ $UID -ne 0 ]; then
@@ -286,12 +241,6 @@ change_permissions()
# list of used Perl modules
modules=(SOAP::Lite IO::Socket::SSL SOAP::Transport::TCP FindBin DateTime)
-# OS test
-os_chck
-
-# Shell test
-shell_chck
-
# read input
while getopts "d:Vh" options; do
case $options in
diff --git a/src/warden-server/bin/getClients.pl b/src/warden-server/bin/getClients.pl
index 2d3b4715439f720f3b7277a4e8b0e9b017668eca..987d19238c679ada8c18003887b7b53d9575b003 100755
--- a/src/warden-server/bin/getClients.pl
+++ b/src/warden-server/bin/getClients.pl
@@ -3,39 +3,14 @@
# getClients.pl
#
# Copyright (C) 2011-2012 Cesnet z.s.p.o
-# Author(s): Tomas PLESNIK <plesnik@ics.muni.cz>
-# Jan SOUKAL <soukal@ics.muni.cz>
#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions
-# are met:
-# 1. Redistributions of source code must retain the above copyright
-# notice, this list of conditions and the following disclaimer.
-# 2. Redistributions in binary form must reproduce the above copyright
-# notice, this list of conditions and the following disclaimer in
-# the documentation and/or other materials provided with the
-# distribution.
-# 3. Neither the name of the Cesnet z.s.p.o nor the names of its
-# contributors may be used to endorse or promote products derived from
-# this software without specific prior written permission.
-#
-# This software is provided ``as is'', and any express or implied
-# warranties, including, but not limited to, the implied warranties of
-# merchantability and fitness for a particular purpose are disclaimed.
-# In no event shall the Cesnet z.s.p.o or contributors be liable for
-# any direct, indirect, incidental, special, exemplary, or consequential
-# damages (including, but not limited to, procurement of substitute
-# goods or services; loss of use, data, or profits; or business
-# interruption) however caused and on any theory of liability, whether
-# in contract, strict liability, or tort (including negligence or
-# otherwise) arising in any way out of the use of this software, even
-# if advised of the possibility of such damage.
+# Use of this source is governed by a BSD-style license, see LICENSE file.
use strict;
use Getopt::Std;
use File::Basename;
-our $VERSION = "0.1";
+our $VERSION = "2.0";
my $warden_path = '/opt/warden-server';
require $warden_path . '/lib/WardenStatus.pm';
diff --git a/src/warden-server/bin/getStatus.pl b/src/warden-server/bin/getStatus.pl
index bc788f470b570c3a4e8c3f26c6b8ad9f2d98fff0..bc49afbad74bed2cc8728e8e8a9849c467e82c69 100755
--- a/src/warden-server/bin/getStatus.pl
+++ b/src/warden-server/bin/getStatus.pl
@@ -3,39 +3,14 @@
# getStatus.pl
#
# Copyright (C) 2011-2012 Cesnet z.s.p.o
-# Author(s): Tomas PLESNIK <plesnik@ics.muni.cz>
-# Jan SOUKAL <soukal@ics.muni.cz>
#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions
-# are met:
-# 1. Redistributions of source code must retain the above copyright
-# notice, this list of conditions and the following disclaimer.
-# 2. Redistributions in binary form must reproduce the above copyright
-# notice, this list of conditions and the following disclaimer in
-# the documentation and/or other materials provided with the
-# distribution.
-# 3. Neither the name of the Cesnet z.s.p.o nor the names of its
-# contributors may be used to endorse or promote products derived from
-# this software without specific prior written permission.
-#
-# This software is provided ``as is'', and any express or implied
-# warranties, including, but not limited to, the implied warranties of
-# merchantability and fitness for a particular purpose are disclaimed.
-# In no event shall the Cesnet z.s.p.o or contributors be liable for
-# any direct, indirect, incidental, special, exemplary, or consequential
-# damages (including, but not limited to, procurement of substitute
-# goods or services; loss of use, data, or profits; or business
-# interruption) however caused and on any theory of liability, whether
-# in contract, strict liability, or tort (including negligence or
-# otherwise) arising in any way out of the use of this software, even
-# if advised of the possibility of such damage.
+# Use of this source is governed by a BSD-style license, see LICENSE file.
use strict;
use Getopt::Std;
use File::Basename;
-our $VERSION = "0.1";
+our $VERSION = "2.0";
my $warden_path = '/opt/warden-server';
require $warden_path . '/lib/WardenStatus.pm';
@@ -102,29 +77,27 @@ my @server_status = @$server_status_ref;
print "Warden server variables:\n";
print "========================\n";
print "SERVER_VERSION:\t\t$server_status[0]\n";
-print "ADDRESS:\t\t$server_status[1]\n";
-print "PORT:\t\t\t$server_status[2]\n";
-print "LOGDIR:\t\t\t$server_status[3]\n";
-print "PIDDIR:\t\t\t$server_status[4]\n";
-print "VARDIR:\t\t\t$server_status[5]\n";
-print "SSL_KEY_FILE:\t\t$server_status[6]\n";
-print "SSL_CERT_FILE:\t\t$server_status[7]\n";
-print "SSLCA_FILE:\t\t$server_status[8]\n";
-print "SYSLOG_FACILITY:\t$server_status[9]\n";
+print "HOSTNAME:\t\t$server_status[1]\n";
+print "IP_ADDRESS:\t\t$server_status[2]\n";
+print "PORT:\t\t\t$server_status[3]\n";
+print "DB_NAME:\t\t$server_status[4]\n";
+print "DB_USER:\t\t$server_status[5]\n";
+print "DB_HOST:\t\t$server_status[6]\n";
+print "SYSLOG_FACILITY:\t$server_status[7]\n";
print "\n";
print "Warden server status:\n";
print "=====================\n";
-print "Database size:\t\t\t$server_status[10]\n";
-print "Count of saved events:\t\t$server_status[11]\n";
-print "Last ID in events table:\t$server_status[12]\n";
-print "Time of first inserted event:\t$server_status[13] (UTC)\n";
-print "Time of latest inserted event:\t$server_status[14] (UTC)\n";
-print "Count of registered clients:\t$server_status[15]\n";
+print "Database size:\t\t\t$server_status[8]\n";
+print "Count of saved events:\t\t$server_status[9]\n";
+print "Last ID in events table:\t$server_status[10]\n";
+print "Time of first inserted event:\t$server_status[11] (UTC)\n";
+print "Time of latest inserted event:\t$server_status[12] (UTC)\n";
+print "Count of registered clients:\t$server_status[13]\n";
print "\n";
# check if sum of registered client isn't 0
-if ($server_status[15] != 0) {
+if ($server_status[13] != 0) {
print "Statistics of registered senders:\n";
print "+-----------------------------------------------------------------------------------------------------------+\n";
print "| Client ID | Hostname | Service | Stored events | Last insertion (UTC) |\n";
diff --git a/src/warden-server/bin/getWebStatus.sh b/src/warden-server/bin/getWebStatus.sh
new file mode 100755
index 0000000000000000000000000000000000000000..726e0ac93d3cc32d4cba9ab4e099dc92f8e68f7e
--- /dev/null
+++ b/src/warden-server/bin/getWebStatus.sh
@@ -0,0 +1,28 @@
+#!/bin/bash
+
+DB_NAME=`cat /opt/warden-server/etc/warden-server.conf | grep '$DB_NAME' | sed 's/[";]//g' |awk '{print $3}'`
+DB_USER=`cat /opt/warden-server/etc/warden-server.conf | grep '$DB_USER' | sed 's/[";]//g' |awk '{print $3}'`
+DB_PASS=`cat /opt/warden-server/etc/warden-server.conf | grep '$DB_PASS' | sed 's/[";]//g' |awk '{print $3}'`
+DB_HOST=`cat /opt/warden-server/etc/warden-server.conf | grep '$DB_HOST' | sed 's/[";]//g' |awk '{print $3}'`
+
+echo "DB_NAME: $DB_NAME"
+echo "DB_USER: $DB_USER"
+#echo "DB_PASS: $DB_PASS"
+echo "DB_HOST: $DB_HOST"
+echo
+
+echo "DB status:"
+echo "----------"
+echo "SELECT FROM_UNIXTIME( UNIX_TIMESTAMP( received ) - ( UNIX_TIMESTAMP( received ) % ( 60 ) ) ) AS t, COUNT( id ) FROM events GROUP BY t" | mysql -h $DB_HOST --user=$DB_USER $DB_NAME --password=$DB_PASS
+echo
+echo "apache2ctl status:"
+echo "------------------"
+apache2ctl status
+echo
+echo "uptime:"
+echo "-------"
+uptime
+echo
+echo -n klientu: ; netstat -nlpa | grep :443 | grep ESTA | wc -l;
+echo -n FIN:; netstat | grep WAIT2 | wc -l
+
diff --git a/src/warden-server/bin/registerReceiver.pl b/src/warden-server/bin/registerReceiver.pl
index f345e5a4f3dbfeeb92d120f499fc33f1cf1dcf8f..b9df7a45ca833cf8eaf45a53956347921703255f 100755
--- a/src/warden-server/bin/registerReceiver.pl
+++ b/src/warden-server/bin/registerReceiver.pl
@@ -3,40 +3,15 @@
# registerReceiver.pl
#
# Copyright (C) 2011-2012 Cesnet z.s.p.o
-# Author(s): Tomas PLESNIK <plesnik@ics.muni.cz>
-# Jan SOUKAL <soukal@ics.muni.cz>
#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions
-# are met:
-# 1. Redistributions of source code must retain the above copyright
-# notice, this list of conditions and the following disclaimer.
-# 2. Redistributions in binary form must reproduce the above copyright
-# notice, this list of conditions and the following disclaimer in
-# the documentation and/or other materials provided with the
-# distribution.
-# 3. Neither the name of the Cesnet z.s.p.o nor the names of its
-# contributors may be used to endorse or promote products derived from
-# this software without specific prior written permission.
-#
-# This software is provided ``as is'', and any express or implied
-# warranties, including, but not limited to, the implied warranties of
-# merchantability and fitness for a particular purpose are disclaimed.
-# In no event shall the Cesnet z.s.p.o or contributors be liable for
-# any direct, indirect, incidental, special, exemplary, or consequential
-# damages (including, but not limited to, procurement of substitute
-# goods or services; loss of use, data, or profits; or business
-# interruption) however caused and on any theory of liability, whether
-# in contract, strict liability, or tort (including negligence or
-# otherwise) arising in any way out of the use of this software, even
-# if advised of the possibility of such damage.
+# Use of this source is governed by a BSD-style license, see LICENSE file.
use strict;
use Getopt::Std;
use Switch;
use File::Basename;
-our $VERSION = "0.1";
+our $VERSION = "2.0";
my $warden_path = '/opt/warden-server';
require $warden_path . '/lib/WardenReg.pm';
@@ -111,6 +86,10 @@ if ($help) {
help;
}
+if ($ip_net_client !~ /^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(\d|[1-2]\d|3[0-2]))$/) {
+ die errMsg("Enter correct IP in CIDR format!");
+}
+
# superuser controle
my $UID = $<;
if ($UID != 0) {die errMsg("You must be root for running this script!")}
diff --git a/src/warden-server/bin/registerSender.pl b/src/warden-server/bin/registerSender.pl
index ec7ed41c484d7bd1025cc3dc4c11d071094bd9ea..da34a2d8f2206608a673f745cc2d7eaf2cd33495 100755
--- a/src/warden-server/bin/registerSender.pl
+++ b/src/warden-server/bin/registerSender.pl
@@ -3,40 +3,15 @@
# registerSender.pl
#
# Copyright (C) 2011-2012 Cesnet z.s.p.o
-# Author(s): Tomas PLESNIK <plesnik@ics.muni.cz>
-# Jan SOUKAL <soukal@ics.muni.cz>
#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions
-# are met:
-# 1. Redistributions of source code must retain the above copyright
-# notice, this list of conditions and the following disclaimer.
-# 2. Redistributions in binary form must reproduce the above copyright
-# notice, this list of conditions and the following disclaimer in
-# the documentation and/or other materials provided with the
-# distribution.
-# 3. Neither the name of the Cesnet z.s.p.o nor the names of its
-# contributors may be used to endorse or promote products derived from
-# this software without specific prior written permission.
-#
-# This software is provided ``as is'', and any express or implied
-# warranties, including, but not limited to, the implied warranties of
-# merchantability and fitness for a particular purpose are disclaimed.
-# In no event shall the Cesnet z.s.p.o or contributors be liable for
-# any direct, indirect, incidental, special, exemplary, or consequential
-# damages (including, but not limited to, procurement of substitute
-# goods or services; loss of use, data, or profits; or business
-# interruption) however caused and on any theory of liability, whether
-# in contract, strict liability, or tort (including negligence or
-# otherwise) arising in any way out of the use of this software, even
-# if advised of the possibility of such damage.
+# Use of this source is governed by a BSD-style license, see LICENSE file.
use strict;
use Getopt::Std;
use Switch;
use File::Basename;
-our $VERSION = "0.1";
+our $VERSION = "2.0";
my $warden_path = '/opt/warden-server';
require $warden_path . '/lib/WardenReg.pm';
@@ -106,6 +81,10 @@ if ($help) {
help;
}
+if ($ip_net_client !~ /^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(\d|[1-2]\d|3[0-2]))$/) {
+ die errMsg("Enter correct IP in CIDR format!");
+}
+
# superuser controle
my $UID = $<;
if ($UID != 0) {die errMsg("You must be root for running this script!")}
diff --git a/src/warden-server/bin/unregisterClient.pl b/src/warden-server/bin/unregisterClient.pl
index fd7cd5c4459751a2cb8852d8df995dcff425d28f..f054b40753053ac76eaeecbd7e95f636d3dacd32 100755
--- a/src/warden-server/bin/unregisterClient.pl
+++ b/src/warden-server/bin/unregisterClient.pl
@@ -3,40 +3,15 @@
# unregisterClient.pl
#
# Copyright (C) 2011-2012 Cesnet z.s.p.o
-# Author(s): Tomas PLESNIK <plesnik@ics.muni.cz>
-# Jan SOUKAL <soukal@ics.muni.cz>
#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions
-# are met:
-# 1. Redistributions of source code must retain the above copyright
-# notice, this list of conditions and the following disclaimer.
-# 2. Redistributions in binary form must reproduce the above copyright
-# notice, this list of conditions and the following disclaimer in
-# the documentation and/or other materials provided with the
-# distribution.
-# 3. Neither the name of the Cesnet z.s.p.o nor the names of its
-# contributors may be used to endorse or promote products derived from
-# this software without specific prior written permission.
-#
-# This software is provided ``as is'', and any express or implied
-# warranties, including, but not limited to, the implied warranties of
-# merchantability and fitness for a particular purpose are disclaimed.
-# In no event shall the Cesnet z.s.p.o or contributors be liable for
-# any direct, indirect, incidental, special, exemplary, or consequential
-# damages (including, but not limited to, procurement of substitute
-# goods or services; loss of use, data, or profits; or business
-# interruption) however caused and on any theory of liability, whether
-# in contract, strict liability, or tort (including negligence or
-# otherwise) arising in any way out of the use of this software, even
-# if advised of the possibility of such damage.
+# Use of this source is governed by a BSD-style license, see LICENSE file.
use strict;
use Getopt::Std;
use Switch;
use File::Basename;
-our $VERSION = "0.1";
+our $VERSION = "2.0";
my $warden_path = '/opt/warden-server';
require $warden_path . '/lib/WardenReg.pm';
diff --git a/src/warden-server/bin/warden-alive b/src/warden-server/bin/warden-alive
index 7745798c8ce8abe00f006e9b78126effa5a0750e..214acc9a48a663e8b80251c04be569a7b0cb8a02 100755
--- a/src/warden-server/bin/warden-alive
+++ b/src/warden-server/bin/warden-alive
@@ -1,4 +1,7 @@
#!/usr/bin/perl
+
+# Pri pouziti Apache + mod_perl se tento soubor nepouziva
+
#
# warden-alive
#
diff --git a/src/warden-server/bin/warden-server.pl b/src/warden-server/bin/warden-server.pl
index 0e53be5b8517dd688aa45a534dd83bd51009fb21..3b1ccd94d4daefaf82f55313df9326d2931c178d 100755
--- a/src/warden-server/bin/warden-server.pl
+++ b/src/warden-server/bin/warden-server.pl
@@ -1,4 +1,8 @@
#!/usr/bin/perl -w
+
+# Pri pouziti Apache + mod_perl se tento soubor nepouziva
+
+
#
# warden-server.pl
#
@@ -96,7 +100,7 @@ my $db = $VARDIR . $db_file;
# connect to DB - DBH is GLOBAL variable
my $dbargs = {AutoCommit => 0, PrintError => 1};
our $DBH = DBI->connect("dbi:SQLite:dbname=$db","","",$dbargs) or die errMsg("Can't connect to DB: $!");
-
+#our $DBH = DBI->connect("DBI:mysql:database=warden;host=localhost", "root", "", {RaiseError => 1, mysql_auto_reconnect => 1}) || die "Could not connect to database: $DBI::errstr";
################################################################################
@@ -246,38 +250,38 @@ sub saveNewEvent
#-----------------------------------------------------------------------------
# obtain cidr based on rigth common name and alternate names, service and client_type
- $sth = $DBH->prepare("SELECT hostname, ip_net_client FROM clients WHERE hostname IN ($AN_FILTER) AND service = $service_db AND client_type = $client_type_db limit 1;");
- if ( !defined $sth ) {die("Cannot prepare authorization statement in saveNewEvent: $DBI::errstr\n")}
- $sth->execute;
- my ($an, $cidr) = $sth->fetchrow();
-
- # check if client is registered
- if (!defined $cidr) {
- write2log ("err", "Unauthorized access to saveNewEvent from: $IP (CN: $CN; AN: $an) - client is not registered");
- die("Access denied - client is not registered at warden server!");
- } else {
- $cidr_list = Net::CIDR::Lite
- -> new
- -> add($cidr);
- }
+ # $sth = $DBH->prepare("SELECT hostname, ip_net_client FROM clients WHERE hostname IN ($AN_FILTER) AND service = $service_db AND client_type = $client_type_db limit 1;");
+ # if ( !defined $sth ) {die("Cannot prepare authorization statement in saveNewEvent: $DBI::errstr\n")}
+ # $sth->execute;
+ # my ($an, $cidr) = $sth->fetchrow();
+
+ # # check if client is registered
+ # if (!defined $cidr) {
+ # write2log ("err", "Unauthorized access to saveNewEvent from: $IP (CN: $CN; AN: $an) - client is not registered");
+ # die("Access denied - client is not registered at warden server!");
+ # } else {
+ # $cidr_list = Net::CIDR::Lite
+ # -> new
+ # -> add($cidr);
+ # }
# check if client has IP from registered CIDR
- if (!$cidr_list->bin_find($IP)) {
- write2log ("err", "Unauthorized access to saveNewEvent from: $IP (CN: $CN; AN: $an) - access from bad subnet: $cidr");
- die("Access denied - access from bad subnet!");
- } else {
-
+ # if (!$cidr_list->bin_find($IP)) {
+ # write2log ("err", "Unauthorized access to saveNewEvent from: $IP (CN: $CN; AN: $an) - access from bad subnet: $cidr");
+ # die("Access denied - access from bad subnet!");
+ # } else {
+{
# insert new event
$DBH->do("INSERT INTO events VALUES (null,$cn_db,$service_db,$detected_db,$received_db,$type_db,$source_type_db,$source_db,$target_proto_db,$target_port_db,$attack_scale_db,$note_db,$priority_db,$timeout_db,$valid_db);");
if ($DBH->err()) {die("Cannot do insert statement in saveNewEvent: $DBI::errstr\n")}
- $DBH->commit();
+ #$DBH->commit();
# log last inserted ID
- $sth = $DBH->prepare("SELECT last_insert_rowid();");
+ $sth = $DBH->prepare("SELECT last_insert_rowid()");
if ( !defined $sth ) {die("Cannot prepare last ID statement in saveNewEvent: $DBI::errstr\n")}
$sth->execute;
my $id= $sth->fetchrow();
- write2log ("info", "Stored new event (#$id) from $IP (CN: $CN; AN: $an)");
+ write2log ("info", "Stored new event (#$id) from $IP (CN: $CN; AN: )");
if (! defined $id) {
write2log ("err", "Event from $IP ($CN) was not save: INSERT INTO events VALUES (null,$cn_db,$service_db,$detected_db,$received_db,$type_db,$source_type_db,$source_db,$target_proto_db,$target_port_db,$attack_scale_db,$note_db,$priority_db,$timeout_db,$valid_db);");
@@ -285,7 +289,7 @@ sub saveNewEvent
} else {
return 1;
}
- }
+ }
} # END of saveNewEvent
@@ -810,12 +814,12 @@ write2log("info", "Size of DB file ($db_file) is: $db_size_human");
# start TCP server
my $server = SOAP::Transport::TCP::Server
->new(
- Listen => 5,
+ Listen => 20,
LocalAddr => $ADDRESS,
LocalPort => $PORT,
Proto => "tcp",
ReuseAddr => 1,
- SSL_verify_mode => 0x03,
+ SSL_verify_mode => 0x02,
SSL_use_cert => 1,
SSL_server => 1,
SSL_key_file => $SSL_KEY_FILE,
diff --git a/src/warden-server/bin/wardend b/src/warden-server/bin/wardend
index 8818b333ee8ff5fc76cb7d4cc3f461356c91345e..ffd4a3b61c3d157bfba6ceced71d2198dad06d9b 100755
--- a/src/warden-server/bin/wardend
+++ b/src/warden-server/bin/wardend
@@ -1,4 +1,7 @@
#!/bin/bash
+
+# Pri pouziti Apache + mod_perl se tento soubor nepouziva
+
#
# wardend
#
diff --git a/src/warden-server/doc/AUTHORS b/src/warden-server/doc/AUTHORS
new file mode 100644
index 0000000000000000000000000000000000000000..dc439cbfa32b7859975d91970a955506f0441c3c
--- /dev/null
+++ b/src/warden-server/doc/AUTHORS
@@ -0,0 +1,23 @@
+AUTHORS AND MAINTAINERS :
+
+MAIN DEVELOPERS:
+Tomas Plesnik <plesnik@ics.muni.cz>
+Jan Soukal <soukal@ics.muni.cz>
+Michal Kostenec <kostenec@civ.zcu.cz>
+
+CONTRIBUTORS:
+Vit Slama <slama@cis.vutbr.cz>
+Martin Drasar <drasar@ics.muni.cz>
+
+TESTING:
+Jakub Cegan <cegan@ics.muni.cz>
+
+DEVELOPMENT MANAGER:
+Jan Vykopal <vykopal@ics.muni.cz>
+
+PROJECT MANAGERS:
+Pavel Kacha <ph@cesnet.cz>
+Andrea Kropacova <andrea@cesnet.cz>
+
+COMMUNITY:
+Radomir Orkac <orkac@cesnet.cz>
diff --git a/src/warden-server/doc/README b/src/warden-server/doc/README
index 77e98a8c5cd129caf772b0c80f85dbe8515f14c3..4f395dccebfcfc7d67da289b37d598825c08091c 100644
--- a/src/warden-server/doc/README
+++ b/src/warden-server/doc/README
@@ -10,7 +10,6 @@ Content
D. Miscellaneous
E. Registration of Clients
F. Status Info
- G. Authors
--------------------------------------------------------------------------------
A. Overall Information
@@ -319,12 +318,5 @@ F. Status Info
parameters and returns detailed information about all registered clients.
--------------------------------------------------------------------------------
-G. Authors
-
-Development: Tomas PLESNIK <plesnik@ics.muni.cz>
- Jan SOUKAL <soukal@ics.muni.cz>
Copyright (C) 2011-2012 Cesnet z.s.p.o
-
-Special thanks go to Martin Drasar from CSIRT-MU for his help and support
-in the development of Warden system.
diff --git a/src/warden-server/doc/README.warden-apache b/src/warden-server/doc/README.warden-apache
new file mode 100644
index 0000000000000000000000000000000000000000..9f3647a2d266bbf560912def591a3d7584501eb5
--- /dev/null
+++ b/src/warden-server/doc/README.warden-apache
@@ -0,0 +1,91 @@
+Strucny technicky navod pro preklopeni Warden serveru pod Apache a mod_perl
+===========================================================================
+
+INSTALACE
+=========
+
+1) Instalace Apache a MySQL DB
+
+ aptitude install apache2 mysql-server
+
+2) Povoleni mod_ssl
+
+ an2enmod ssl
+
+3) Instalace knihovny mod_perl
+
+ libapache2-mod-perl2
+
+4) Instalace podpory metody prefork pro Apache
+
+ apache2-mpm-prefork
+
+5) Instalace nove pridanych modulu
+
+ aptitude install libcrypt-x509-perl libmime-base64-perl
+
+
+KONFIGURACE
+===========
+
+1) Nastaveni APACHE
+
+ a) /etc/apache2/sites-enables/default
+ - konfigurace sekce <VirtualHost *:443>
+ - includovani potrebnych parametru ze souboru {warden-server}/etc/warden-apache.conf
+ Include /opt/warden-server/etc/warden-apache.conf
+
+ b) Nastaveni vykonovych parametru Apache (/etc/apache2/apache2.conf)
+ - modul prefork (nastavujte dle vykonu vaseho serveru)
+ = pro 12C, 16GB RAM funguje dobre
+
+ <IfModule mpm_prefork_module>
+ StartServers 2
+ MinSpareServers 4
+ MaxSpareServers 8
+ ServerLimit 700
+ MaxClients 700
+ MaxRequestsPerChild 0
+ </IfModule>
+
+
+ - parametry spojeni
+
+ Timeout 10
+ KeepAlive Off
+
+
+ c) restartovani Apache po kazde zmene Warden.pm (serverova cast)
+
+
+2) Nastaveni DB
+
+ a) (volitelne) Vytvoreni noveho uzivatele
+ b) Vytvoreni databazove struktury
+
+ mysql -u uzivatel -p heslo < {warden-server}/doc/warden.mysql
+
+3) Nastaveni warden-server.conf, warden-client.conf, {warden-server}/etc/warden-apache.conf
+
+ a) Zkontrolovat spravnost IP adres, portu a hlavne cest k certifikatum + nove udaje pro pripojeni do DB
+ b) Pro klienta a server na jednom stroji jsou zrejme treba 2 ruzne certifikaty (me to jinak nejde, zkuste;))
+
+ Tato chyba se vypisuje pri problemu s certifikaty (chybna adresa serveru, chybne cesty pro certifikat, stejny certifikat pro klienta a server)
+
+ DEBUG: .../IO/Socket/SSL.pm:420: fatal SSL error: SSL connect attempt failed with unknown errorerror:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed not well-formed (invalid token) at line 1, column 3, byte 3 at /usr/lib/perl5/XML/Parser.pm line 187
+
+
+SLEDOVATKO
+==========
+
+ Pro sledovani stavu Apache, poctu prijatych udalosti, poctu klientu lze pouzit sledovatko
+ {warden-server}/bin/getWebStatus.sh
+
+
+
+
+
+
+
+
+
diff --git a/src/warden-server/doc/warden.mysql b/src/warden-server/doc/warden.mysql
new file mode 100644
index 0000000000000000000000000000000000000000..8015a38bc13d0423fad8a77f18d94c49a4728f7a
--- /dev/null
+++ b/src/warden-server/doc/warden.mysql
@@ -0,0 +1,84 @@
+-- MySQL dump 10.11
+--
+-- Host: localhost Database: warden
+-- ------------------------------------------------------
+-- Server version 5.0.51a-24+lenny3
+
+/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
+/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
+/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
+/*!40101 SET NAMES utf8 */;
+/*!40103 SET @OLD_TIME_ZONE=@@TIME_ZONE */;
+/*!40103 SET TIME_ZONE='+00:00' */;
+/*!40014 SET @OLD_UNIQUE_CHECKS=@@UNIQUE_CHECKS, UNIQUE_CHECKS=0 */;
+/*!40014 SET @OLD_FOREIGN_KEY_CHECKS=@@FOREIGN_KEY_CHECKS, FOREIGN_KEY_CHECKS=0 */;
+/*!40101 SET @OLD_SQL_MODE=@@SQL_MODE, SQL_MODE='NO_AUTO_VALUE_ON_ZERO' */;
+/*!40111 SET @OLD_SQL_NOTES=@@SQL_NOTES, SQL_NOTES=0 */;
+
+--
+-- Current Database: `warden`
+--
+
+CREATE DATABASE /*!32312 IF NOT EXISTS*/ `warden` /*!40100 DEFAULT CHARACTER SET latin1 */;
+
+USE `warden`;
+
+--
+-- Table structure for table `clients`
+--
+
+DROP TABLE IF EXISTS `clients`;
+SET @saved_cs_client = @@character_set_client;
+SET character_set_client = utf8;
+CREATE TABLE `clients` (
+ `client_id` int(11) NOT NULL auto_increment,
+ `hostname` varchar(256) default NULL,
+ `registered` timestamp NOT NULL default CURRENT_TIMESTAMP on update CURRENT_TIMESTAMP,
+ `requestor` varchar(256) default NULL,
+ `service` varchar(64) default NULL,
+ `client_type` varchar(1) default NULL,
+ `type` varchar(64) default NULL,
+ `receive_own_events` varchar(1) default NULL,
+ `description_tags` varchar(256) default NULL,
+ `ip_net_client` varchar(256) default NULL,
+ PRIMARY KEY (`client_id`)
+) ENGINE=MyISAM AUTO_INCREMENT=1 DEFAULT CHARSET=latin1;
+SET character_set_client = @saved_cs_client;
+
+--
+-- Table structure for table `events`
+--
+
+DROP TABLE IF EXISTS `events`;
+SET @saved_cs_client = @@character_set_client;
+SET character_set_client = utf8;
+CREATE TABLE `events` (
+ `id` int(11) NOT NULL auto_increment,
+ `hostname` varchar(256) default NULL,
+ `service` varchar(64) default NULL,
+ `detected` timestamp NOT NULL default CURRENT_TIMESTAMP on update CURRENT_TIMESTAMP,
+ `received` timestamp NOT NULL default '0000-00-00 00:00:00',
+ `type` varchar(64) default NULL,
+ `source_type` varchar(64) default NULL,
+ `source` varchar(256) default NULL,
+ `target_proto` varchar(16) default NULL,
+ `target_port` int(2) default NULL,
+ `attack_scale` int(4) default NULL,
+ `note` text,
+ `priority` int(1) default NULL,
+ `timeout` int(2) default NULL,
+ `valid` varchar(1) default NULL,
+ PRIMARY KEY (`id`)
+) ENGINE=MyISAM AUTO_INCREMENT=1 DEFAULT CHARSET=latin1;
+SET character_set_client = @saved_cs_client;
+/*!40103 SET TIME_ZONE=@OLD_TIME_ZONE */;
+
+/*!40101 SET SQL_MODE=@OLD_SQL_MODE */;
+/*!40014 SET FOREIGN_KEY_CHECKS=@OLD_FOREIGN_KEY_CHECKS */;
+/*!40014 SET UNIQUE_CHECKS=@OLD_UNIQUE_CHECKS */;
+/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
+/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;
+/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
+/*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */;
+
+-- Dump completed on 2012-03-22 15:29:35
diff --git a/src/warden-server/etc/package_version b/src/warden-server/etc/package_version
index 69b3cb1d810801d8b0198886045c519848d22088..dab9935085995a0173d2a4ecbef8c889dca05383 100644
--- a/src/warden-server/etc/package_version
+++ b/src/warden-server/etc/package_version
@@ -1 +1 @@
-warden-server-0.1.0
+warden-server-2.0.0
diff --git a/src/warden-server/etc/warden-apache.conf b/src/warden-server/etc/warden-apache.conf
new file mode 100644
index 0000000000000000000000000000000000000000..118d4622ff6913884209fa686c72b5d2a59cc84e
--- /dev/null
+++ b/src/warden-server/etc/warden-apache.conf
@@ -0,0 +1,24 @@
+#
+# warden-apache.conf - configuration file for the Apache server
+#
+
+SSLEngine on
+
+SSLVerifyDepth 3
+SSLVerifyClient require
+SSLOptions +StdEnvVars +ExportCertData
+
+SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
+
+SSLCertificateFile /etc/ssl/certs/warden-dev.cesnet.cz.pem
+SSLCertificateKeyFile /opt/warden-client/etc/warden-dev.cesnet.cz.key
+SSLCACertificateFile /etc/ssl/certs/tcs-ca-bundle.pem
+
+PerlOptions +Parent
+PerlSwitches -I/opt/warden-server/lib
+
+<Location /Warden>
+ SetHandler perl-script
+ PerlHandler Warden::ApacheDispatch
+ SSLOptions +StdEnvVars
+</Location>
diff --git a/src/warden-server/etc/warden-server.conf b/src/warden-server/etc/warden-server.conf
index 48fba30e2d8f4aaa7eda4001db594cd1aa2f0ce7..4d9ff78c9ad5823b7db7abf08e27e2259e6677e7 100644
--- a/src/warden-server/etc/warden-server.conf
+++ b/src/warden-server/etc/warden-server.conf
@@ -2,52 +2,33 @@
# warden-server.conf - configuration file for Warden server
#
-#-------------------------------------------------------------------------------
-# ADDRESS - IP address of warden server
-#-------------------------------------------------------------------------------
-$ADDRESS = "warden-dev.cesnet.cz";
-
-#-------------------------------------------------------------------------------
-# PORT - used TCP port for Warden server
-#-------------------------------------------------------------------------------
-$PORT = "443";
-
#-------------------------------------------------------------------------------
# BASEDIR - base directory of Warden server
#-------------------------------------------------------------------------------
$BASEDIR = "/opt/warden-server";
#-------------------------------------------------------------------------------
-# VARDIR - var directory
-#-------------------------------------------------------------------------------
-$VARDIR = "$BASEDIR/var/";
-
-#-------------------------------------------------------------------------------
-# LOGDIR - logging directory
+# FACILITY - syslog facility
#-------------------------------------------------------------------------------
-$LOGDIR = "/var/log/";
+$FACILITY = "local7";
#-------------------------------------------------------------------------------
-# PIDDIR - process ID directory
+# DB_NAME - database name of Warden server
#-------------------------------------------------------------------------------
-$PIDDIR = "/var/run/";
+$DB_NAME = "warden";
#-------------------------------------------------------------------------------
-# SSL_KEY_FILE - path to server SSL certificate key file
+# DB_USER - user of Warden server database
#-------------------------------------------------------------------------------
-$SSL_KEY_FILE = "/etc/ssl/private/warden-dev.cesnet.cz.key";
+$DB_USER = "root";
#-------------------------------------------------------------------------------
-# SSL_CERT_FILE - path to server SSL certificate file
+# DB_PASS - password of Warden server database
#-------------------------------------------------------------------------------
-$SSL_CERT_FILE = "/etc/ssl/certs/warden-dev.cesnet.cz.pem";
+$DB_PASS = "";
#-------------------------------------------------------------------------------
-# SSL_CA_FILE - path to CA ceritificate file
+# DB_HOST - what IP address to listen on of Warden server
#-------------------------------------------------------------------------------
-$SSL_CA_FILE = "/etc/ssl/certs/tcs-ca-bundle.pem";
+$DB_HOST = "localhost";
-#-------------------------------------------------------------------------------
-# FACILITY - syslog facility
-#-------------------------------------------------------------------------------
-$FACILITY = "local7";
diff --git a/src/warden-server/lib/Warden.pm b/src/warden-server/lib/Warden.pm
new file mode 100755
index 0000000000000000000000000000000000000000..e01884952be35737961d788502c37180e91fee14
--- /dev/null
+++ b/src/warden-server/lib/Warden.pm
@@ -0,0 +1,680 @@
+#!/usr/bin/perl -w
+#
+# Warden.pm
+#
+# Copyright (C) 2011-2012 Cesnet z.s.p.o
+#
+# Use of this source is governed by a BSD-style license, see LICENSE file.
+
+package Warden;
+
+use strict;
+use DBI;
+use DBD::mysql;
+use Format::Human::Bytes;
+use Sys::Syslog qw(:DEFAULT setlogsock);
+Sys::Syslog::setlogsock('unix');
+use File::Basename;
+use Net::CIDR::Lite;
+use DateTime;
+use MIME::Base64;
+use Crypt::X509;
+
+our $VERSION = "2.0";
+
+
+################################################################################
+# READING OF CONFIGURATION VARIABLES
+################################################################################
+
+my $conf_file = "/opt/warden-server/etc/warden-server.conf";
+our $FACILITY = undef;
+our $DB_NAME = undef;
+our $DB_USER = undef;
+our $DB_PASS = undef;
+our $DB_HOST = undef;
+
+# read config file
+if (!open( TMP, $conf_file)) {
+ die errMsg("Can't read config file '$conf_file': $!\n");
+}
+close TMP;
+
+# load set variables by user
+if (!do $conf_file) {
+ die errMsg("Errors in config file '$conf_file': $@");
+}
+
+
+################################################################################
+# VARIABLES
+################################################################################
+
+our $DBH = DBI->connect("DBI:mysql:database=$DB_NAME;host=$DB_HOST", $DB_USER, $DB_PASS, {RaiseError => 1, mysql_auto_reconnect => 0}) || die "Could not connect to database: $DBI::errstr";
+
+
+################################################################################
+# LOCAL FUNCTIONS
+################################################################################
+
+#-------------------------------------------------------------------------------
+# errMsg - print error message and die
+#-------------------------------------------------------------------------------
+sub errMsg
+{
+ my $msg = shift;
+ $msg = trim($msg);
+ print $msg . "\n";
+ exit 1;
+} # End of errMsg
+
+
+#-------------------------------------------------------------------------------
+# trim - remove whitespace from the start and end of the string
+#-------------------------------------------------------------------------------
+sub trim
+{
+ my $string = shift;
+ $string =~ s/^\s+//;
+ $string =~ s/\s+$//;
+ return $string;
+} # End of trim
+
+
+#-------------------------------------------------------------------------------
+# write2log - writing message to syslog
+#-------------------------------------------------------------------------------
+sub write2log
+{
+ my $priority = shift;
+ my $msg = shift;
+ my $filename = File::Basename::basename($0);
+
+ Sys::Syslog::openlog($filename, "cons,pid", $FACILITY);
+ Sys::Syslog::syslog("$priority", "$msg");
+ Sys::Syslog::closelog();
+} # End of write2log
+
+
+#-------------------------------------------------------------------------------
+# getAltNames - parse Alternate names from SSL certifiate
+#-------------------------------------------------------------------------------
+sub getAltNames
+{
+ my @an_array;
+ my $cn = $ENV{'SSL_CLIENT_S_DN_CN'};
+
+ push(@an_array, $DBH->quote($cn));
+ my @a = split("\n", $ENV{'SSL_CLIENT_CERT'});
+ pop @a;
+ shift @a;
+ my $der = decode_base64(join("", @a));
+ my $decoded= Crypt::X509->new(cert => $der);
+
+ foreach my $tmp (@{$decoded->SubjectAltName}){
+ if($tmp =~ s/dNSName=//){
+ push(@an_array, $DBH->quote($tmp));
+ }
+ }
+ my $alt_names = join(',', @an_array);
+ return $alt_names;
+}
+
+
+#-------------------------------------------------------------------------------
+# authorizeClient - authorize client by CN,AN and source IP range
+#-------------------------------------------------------------------------------
+
+sub authorizeClient
+{
+ my ($alt_names, $ip, $service_type, $client_type, $function_name) = @_;
+
+ my $sth;
+ # obtain cidr based on rigth common name and alternate names, service and client_type
+ if($function_name eq 'saveNewEvent') {
+ $sth = $DBH->prepare_cached("SELECT hostname, ip_net_client, receive_own_events
+ FROM clients WHERE hostname IN ($alt_names) AND service = ? AND client_type = ?
+ ORDER BY SUBSTRING_INDEX(ip_net_client,'/', -1) DESC;");
+ }
+ elsif($function_name eq 'getNewEvents') {
+ $sth = $DBH->prepare_cached("SELECT hostname, ip_net_client, receive_own_events
+ FROM clients WHERE hostname IN ($alt_names) AND type = ? AND client_type = ?
+ ORDER BY SUBSTRING_INDEX(ip_net_client,'/', -1) DESC;");
+ }
+
+ if (!defined $sth) { die("Cannot prepare authorization statement in $function_name: $DBI::errstr\n")}
+ $sth->execute($service_type, $client_type);
+
+ my ($an, $cidr, $receive_own, $cidr_list);
+ my $correct_ip_source = 0;
+ my %ret;
+
+ while(($an, $cidr, $receive_own) = $sth->fetchrow()) {
+ my $cidr_list = Net::CIDR::Lite-> new -> add($cidr);
+
+ $ret{'dns'} = $an;
+ $ret{'cidr'} = $cidr;
+ $ret{'receive_own'} = $receive_own;
+
+ if ($cidr_list->bin_find($ip)) {
+ $correct_ip_source = 1;
+ last;
+ }
+ };
+
+ # check if client is registered
+ if ($sth->rows == 0) {
+ write2log ("err", "Unauthorized access to $function_name from: $ip (CN(AN): $alt_names) - client is not registered");
+ die("Access denied - client is not registered at warden server!");
+ return undef;
+ }
+
+ # check if client has IP from registered CIDR
+ if (!$correct_ip_source) {
+ write2log ("err", "Unauthorized access to $function_name from: $ip (CN(AN): $alt_names) - access from bad subnet: " . $ret{'cidr'});
+ die("Access denied - access from unauthorized subnet!");
+ return undef;
+ }
+
+ return %ret;
+}
+
+
+################################################################################
+# SOAP Functions
+################################################################################
+
+#-----------------------------------------------------------------------------
+# saveNewEvent - save new received event into database
+#-----------------------------------------------------------------------------
+sub saveNewEvent
+{
+ my ($class, $data) = @_;
+ my ($sth, $cidr_list);
+
+ # client network information
+ my $cn = $ENV{'SSL_CLIENT_S_DN_CN'};
+ my $alt_names = getAltNames(undef);
+ my $ip = $ENV{'REMOTE_ADDR'};
+
+ # variables defined by server
+ my $client_type = "s"; # incoming client MUST be sender
+ my $valid = "t"; # registered sender has valid events
+ my $received = DateTime->now; # time of event delivery (UTC)
+
+ # parse object (event) parameters
+ my $service = $data->{'SERVICE'};
+ my $detected = $data->{'DETECTED'};
+ my $type = $data->{'TYPE'};
+ my $source_type = $data->{'SOURCE_TYPE'};
+ my $source = $data->{'SOURCE'};
+ my $target_proto = $data->{'TARGET_PROTO'};
+ my $target_port = $data->{'TARGET_PORT'};
+ my $attack_scale = $data->{'ATTACK_SCALE'};
+ my $note = $data->{'NOTE'};
+ my $priority = $data->{'PRIORITY'};
+ my $timeout = $data->{'TIMEOUT'};
+
+
+ my %client = authorizeClient($alt_names, $ip, $service, $client_type, 'saveNewEvent');
+ if(defined %client) {
+ # insert new events into DB
+ $sth=$DBH->prepare_cached("INSERT INTO events VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?);");
+ if (!defined $sth) {die("Cannot do insert statement in saveNewEvent: $DBI::errstr\n")}
+ $sth->execute(undef, $client{'dns'}, $service, $detected, $received, $type, $source_type, $source, $target_proto, $target_port, $attack_scale, $note, $priority, $timeout, $valid);
+
+ ## log last inserted ID
+ #$sth = $DBH->prepare("SELECT last_insert_id()");
+ #if ( !defined $sth ) {die("Cannot prepare last ID statement in saveNewEvent: $DBI::errstr\n")}
+ #$sth->execute;
+ #my $id= $sth->fetchrow();
+ #write2log ("info", "Stored new event (#$id) from $ip (CN: $cn; AN: $an)");
+
+ #if (! defined $id) {
+ # write2log ("err", "Event from $ip ($cn) was not save: INSERT INTO events VALUES (NULL,$cn,$service,$detected,$received,$type,$source_type,$source,$target_proto,$target_port,$attack_scale,$note,$priority,$timeout,$valid);");
+ # die("Event was not save at warden server - database return empty ID!");
+ # return 0;
+ #} else {
+ return 1;
+ # }
+ }
+} # END of saveNewEvent
+
+
+#-----------------------------------------------------------------------------
+# getNewEvents - get new events from the DB greater than received ID
+#-----------------------------------------------------------------------------
+sub getNewEvents
+{
+ my ($class, $data) = @_;
+ my ($sth, @events, $event, @ids, $cidr_list);
+ my ($id, $hostname, $service, $detected, $type, $source_type, $source, $target_proto, $target_port, $attack_scale, $note, $priority, $timeout);
+
+ # client network information
+ my $cn = $ENV{'SSL_CLIENT_S_DN_CN'};
+ my $alt_names = getAltNames(undef);
+ my $ip = $ENV{'REMOTE_ADDR'};
+
+ my $client_type = "r"; # incoming client MUST be sender
+
+ # parse SOAP data object
+ my $requested_type = $data->{'REQUESTED_TYPE'};
+ my $last_id = $data->{'LAST_ID'};
+
+
+ my %client = authorizeClient($alt_names, $ip, $requested_type, $client_type, 'getNewEvents');
+ if(defined %client) {
+ # check if client want your own events or not
+ if ($client{'receive_own'} eq 't') {
+ $sth = $DBH->prepare("SELECT * FROM events WHERE type != 'test' AND id > ? AND type = ? AND valid = 't' ORDER BY id ASC;");
+ if (!defined $sth) {die("Cannot prepare ROE statement in getNewEvents: $DBI::errstr\n")}
+ $sth->execute($last_id, $requested_type);
+ } else {
+ $sth = $DBH->prepare("SELECT * FROM events WHERE type != 'test' AND id > ? AND type = ? AND valid = 't' AND hostname NOT LIKE ? ORDER BY id ASC;");
+ if (!defined $sth) {die("Cannot prepare statement in getNewEvents: $DBI::errstr\n")}
+ my ($domain) = $cn =~ /([^\.]+\.[^\.]+)$/;
+ $domain = '\%' . $domain;
+ $sth->execute($last_id, $requested_type, $domain);
+ }
+
+ # parse items of events stored in DB
+ while (my @result = $sth->fetchrow()) {
+ $id = $result[0];
+ $hostname = $result[1];
+ $service = $result[2];
+ $detected = $result[3];
+ $type = $result[5];
+ $source_type = $result[6];
+ $source = $result[7];
+ $target_proto = $result[8];
+ $target_port = $result[9];
+ $attack_scale = $result[10];
+ $note = $result[11];
+ $priority = $result[12];
+ $timeout = $result[13];
+
+ # create SOAP data object
+ $event = SOAP::Data->name(event => \SOAP::Data->value(
+ SOAP::Data->name(ID => $id),
+ SOAP::Data->name(HOSTNAME => $hostname),
+ SOAP::Data->name(SERVICE => $service),
+ SOAP::Data->name(DETECTED => $detected),
+ SOAP::Data->name(TYPE => $type),
+ SOAP::Data->name(SOURCE_TYPE=> $source_type),
+ SOAP::Data->name(SOURCE => $source),
+ SOAP::Data->name(TARGET_PROTO => $target_proto),
+ SOAP::Data->name(TARGET_PORT => $target_port),
+ SOAP::Data->name(ATTACK_SCALE => $attack_scale),
+ SOAP::Data->name(NOTE => $note),
+ SOAP::Data->name(PRIORITY => $priority),
+ SOAP::Data->name(TIMEOUT => $timeout)
+ ));
+ push(@events, $event);
+ push(@ids, $id);
+ }
+
+ # log sent ID of events
+ if (scalar @events != 0) {
+ if (scalar @ids == 1) {
+ write2log("info", "Sent 1 events [#$ids[0]] to $ip (CN(AN): $alt_names)");
+ } else {
+ write2log("info", "Sent " . scalar @ids . " events [#$ids[0] - #$ids[-1]] to $ip (CN(AN): $alt_names)");
+ }
+ }
+ return @events;
+ }
+} # END of getNewEvents
+
+
+#-----------------------------------------------------------------------------
+# getLastId - get lastest saved event ID
+#-----------------------------------------------------------------------------
+sub getLastId
+{
+ my ($class, $arg) = @_;
+
+ my $sth = $DBH->prepare("SELECT max(id) FROM events;");
+ if ( !defined $sth ) { die("Cannot prepare statement in getLastId: $DBI::errstr\n") }
+ $sth->execute;
+ my $result = $sth->fetchrow();
+
+ return $result;
+} # END of getLastID
+
+
+#-----------------------------------------------------------------------------
+# registerSender - register new sender
+#-----------------------------------------------------------------------------
+sub registerSender
+{
+ my ($class, $data) = @_;
+ my $sth;
+
+ # client network information
+ my $cn = $ENV{'SSL_CLIENT_S_DN_CN'};
+ my $ip = $ENV{'REMOTE_ADDR'};
+ my $local_ip = $ENV{'SERVER_ADDR'};
+
+ if ($local_ip ne $ip) {
+ write2log ("err", "Unauthorized access to registerSender from: $ip ($cn) - access allowed only from localhost");
+ die("Access denied - access allowed only from localhost!");
+ } else {
+ # defined variables by method
+ my $client_type = "s";
+ my $registered = DateTime->now;
+ my $type = undef;
+ my $receive_own_events = undef;
+
+ # parse SOAP data oject
+ my $hostname = $data->{'HOSTNAME'};
+ my $requestor = $data->{'REQUESTOR'};
+ my $service = $data->{'SERVICE'};
+ my $description_tags = $data->{'DESCRIPTION_TAGS'};
+ my $ip_net_client = $data->{'IP_NET_CLIENT'};
+
+ # check if sender has been already registered
+ $sth = $DBH->prepare_cached("SELECT registered FROM clients WHERE hostname = ? AND requestor = ? AND service = ? AND client_type = ? AND type = ? AND receive_own_events = ? AND description_tags = ? AND ip_net_client = ? LIMIT 1;");
+ if (!defined $sth) {die("Cannot prepare check statement in registerSender: $DBI::errstr\n")}
+ $sth->execute($hostname, $requestor, $service, $client_type, $type, $receive_own_events, $description_tags, $ip_net_client);
+ my $result = $sth->fetchrow();
+
+ # register new sender
+ if (defined $result) {
+ write2log ("err", "Attempt to re-register the sender");
+ die("Error - sender has already been registered at $result");
+ } else {
+ $sth = $DBH->prepare_cached("INSERT INTO clients VALUES (?,?,?,?,?,?,?,?,?,?);");
+ if (!defined $sth) {die("Cannot do statement in registerSender: $DBI::errstr\n")}
+ $sth->execute(undef, $hostname, $registered, $requestor, $service, $client_type, $type, $receive_own_events, $description_tags, $ip_net_client);
+ write2log("info", "New sender $hostname (service: $service, cidr: $ip_net_client) was registered");
+ return 1;
+ }
+ }
+} # END of registerSender
+
+
+##-----------------------------------------------------------------------------
+## registerReceiver - register new receiver
+##-----------------------------------------------------------------------------
+sub registerReceiver
+{
+ my ($class, $data) = @_;
+ my $sth;
+
+ # client network information
+ my $cn = $ENV{'SSL_CLIENT_S_DN_CN'};
+ my $ip = $ENV{'REMOTE_ADDR'};
+ my $local_ip = $ENV{'SERVER_ADDR'};
+
+ if ($local_ip ne $ip) {
+ write2log ("err", "Unauthorized access to registerReceiver from: $ip ($cn) - access allowed only from localhost");
+ die("Access denied - access allowed only from localhost!");
+ } else {
+ # variables defined by method
+ my $client_type = "r";
+ my $registered = DateTime->now;
+ my $service = undef;
+ my $description_tags = undef;
+
+ # parse SOAP data oject
+ my $hostname = $data->{'HOSTNAME'};
+ my $requestor = $data->{'REQUESTOR'};
+ my $type = $data->{'TYPE'};
+ my $receive_own_events = $data->{'RECEIVE_OWN_EVENTS'};
+ my $ip_net_client = $data->{'IP_NET_CLIENT'};
+
+ # check if receiver has been already registered
+ $sth = $DBH->prepare_cached("SELECT registered FROM clients WHERE hostname = ? AND requestor = ? AND service = ? AND client_type = ? AND type = ? AND receive_own_events = ? AND description_tags = ? AND ip_net_client = ? LIMIT 1;");
+ if (!defined $sth) {die("Cannot prepare check statement in registerReceiver: $DBI::errstr\n")}
+ $sth->execute($hostname, $requestor, $service, $client_type, $type, $receive_own_events, $description_tags, $ip_net_client);
+ my $result = $sth->fetchrow();
+
+ # register new receiver
+ if (defined $result) {
+ write2log ("err", "Attempt to re-register the receiver");
+ die("Error - receiver has already been registered at $result");
+ } else {
+ $sth = $DBH->prepare_cached("INSERT INTO clients VALUES (?,?,?,?,?,?,?,?,?,?);");
+ if (!defined($sth)) {die("Cannot do statement in registerReceiver: $DBI::errstr\n")}
+ $sth->execute(undef, $hostname, $registered, $requestor, $service, $client_type, $type, $receive_own_events, $description_tags, $ip_net_client);
+ write2log("info", "New receiver $hostname (type: $type, cidr: $ip_net_client: receive_own_events: $receive_own_events) was registered");
+ return 1;
+ }
+ }
+} # END of registerReceiver
+
+
+#-----------------------------------------------------------------------------
+# unregisterClient - unregister client
+#-----------------------------------------------------------------------------
+sub unregisterClient
+{
+ my ($class, $data) = @_;
+ my $sth;
+
+ # client network information
+ my $cn = $ENV{'SSL_CLIENT_S_DN_CN'};
+ my $ip = $ENV{'REMOTE_ADDR'};
+ my $local_ip = $ENV{'SERVER_ADDR'};
+
+ if ($local_ip ne $ip) {
+ write2log ("err", "Unauthorized access to unregisterClients from: $ip ($cn) - access allowed only from localhost");
+ die("Access denied - access allowed only from localhost!");
+ } else {
+ # parse SOAP data oject
+ my $client_id = $data->{'CLIENT_ID'};
+
+ # check if receiver has been already registered
+ $sth = $DBH->prepare_cached("SELECT client_id, hostname, service, client_type FROM clients WHERE client_id = ? LIMIT 1;");
+ if (!defined $sth) {die("Cannot prepare check statement in unregisterClient: $DBI::errstr\n")}
+ $sth->execute($client_id);
+ my ($id, $hostname, $service, $client_type) = $sth->fetchrow();
+
+ # delete registered client
+ if (!defined $id) {
+ write2log ("err", "Attempt to delete unregister client");
+ die("Error - client (#$client_id) is not registered");
+ } else {
+ if ($client_type eq 's') {
+ $sth = $DBH->prepare_cached("DELETE FROM clients WHERE client_id = ?;");
+ if (!defined $sth) {die("Cannot do delete statement of sender in unregisterClient: $DBI::errstr\n")}
+ $sth->execute($client_id);
+
+ $sth = $DBH->prepare_cached("UPDATE events SET valid = 'f' where hostname = ? AND service = ?;");
+ if (!defined $sth) {die("Cannot do unvalidation statement in unregisterClient: $DBI::errstr\n")}
+ $sth->execute($hostname, $service);
+
+ write2log("info", "Sender $hostname (client_id: $client_id, service: $service) was deleted and its data were invalidated" );
+ return 1;
+ } else {
+ $sth = $DBH->prepare_cached("DELETE FROM clients WHERE client_id = ?;");
+ if (!defined $sth) {die("Cannot do delete statement of receiver in unregisterClient: $DBI::errstr\n")}
+ $sth->execute($client_id);
+
+ write2log("info", "Receiver $hostname (client_id: $client_id) was deleted" );
+ return 1;
+ }
+ }
+ }
+} # END of unregisterClient
+
+
+#-----------------------------------------------------------------------------
+# getClients - get list of clients which were registered at warden server
+#-----------------------------------------------------------------------------
+sub getClients
+{
+ my ($class, $arg) = @_;
+
+ # client network information
+ my $cn = $ENV{'SSL_CLIENT_S_DN_CN'};
+ my $ip = $ENV{'REMOTE_ADDR'};
+ my $local_ip = $ENV{'SERVER_ADDR'};
+
+ if ($local_ip ne $ip) {
+ write2log ("err", "Unauthorized access to getClients from: $ip ($cn) - access allowed only from localhost");
+ die("Access denied - access allowed only from localhost!");
+ } else {
+ my (@clients, $client);
+ my ($client_id, $hostname, $registered, $requestor, $service, $client_type, $type, $receive_own_events, $description_tags, $ip_net_client);
+ my $sth = $DBH->prepare("SELECT * FROM clients ORDER BY client_id ASC;");
+ if (!defined $sth) { die("Cannot prepare statement in getClients: $DBI::errstr\n") }
+ $sth->execute;
+
+ while ( my @result = $sth->fetchrow() ) {
+ $client_id = $result[0];
+ $hostname = $result[1];
+ $registered = $result[2];
+ $requestor = $result[3];
+ $service = $result[4];
+ $client_type = $result[5];
+ $type = $result[6];
+ $receive_own_events = $result[7];
+ $description_tags = $result[8];
+ $ip_net_client = $result[9];
+
+ $client = SOAP::Data->name(client => \SOAP::Data->value(
+ SOAP::Data->name(CLIENT_ID => $client_id),
+ SOAP::Data->name(HOSTNAME => $hostname),
+ SOAP::Data->name(REGISTERED => $registered),
+ SOAP::Data->name(REQUESTOR => $requestor),
+ SOAP::Data->name(SERVICE => $service),
+ SOAP::Data->name(CLIENT_TYPE => $client_type),
+ SOAP::Data->name(TYPE => $type),
+ SOAP::Data->name(RECEIVE_OWN_EVENTS => $receive_own_events),
+ SOAP::Data->name(DESCRIPTION_TAGS => $description_tags),
+ SOAP::Data->name(IP_NET_CLIENT => $ip_net_client),
+ ));
+ push(@clients, $client);
+ }
+ my $sum = scalar @clients;
+ write2log("info", "Sending information about $sum registered clients");
+ return @clients;
+ }
+} # END of getClients
+
+
+#-----------------------------------------------------------------------------
+# getStatus - get list of status items of warden server
+#-----------------------------------------------------------------------------
+sub getStatus
+{
+ my ($class, $arg) = @_;
+
+ # client network information
+ my $cn = $ENV{'SSL_CLIENT_S_DN_CN'};
+ my $ip = $ENV{'REMOTE_ADDR'};
+ my $local_ip = $ENV{'SERVER_ADDR'};
+
+ if ($local_ip ne $ip) {
+ write2log ("err", "Unauthorized access to getStatus from: $ip ($cn) - access allowed only from localhost");
+ die("Access denied - access allowed only from localhost!");
+ } else {
+ my ($sth, @status);
+
+ # Warden server hostname
+ my $hostname = $ENV{'SERVER_NAME'};
+
+ # IP address of Warden server
+ my $ip_address = $ENV{'REMOTE_ADDR'};
+
+ # used port
+ my $port = $ENV{'SERVER_PORT'};
+
+ # size of database events
+ $sth = $DBH->prepare_cached("SELECT data_length + index_length FROM information_schema.TABLES WHERE table_schema = ? AND TABLE_NAME = ?");
+ $sth->execute('warden', 'events');
+ my $size = $sth->fetchrow();
+ my $db_size = (defined $size ? Format::Human::Bytes::base10($size) : "none");
+
+ # sum of records in table events
+ $sth = $DBH->prepare("SELECT count(*) FROM events WHERE valid = 't';");
+ if (!defined $sth) { die("Cannot prepare statement in getStatus: $DBI::errstr\n") }
+ $sth->execute;
+ my $events_sum = $sth->fetchrow();
+ if (!defined $events_sum) { $events_sum = "none" }
+
+ # id of last record in table events
+ $sth = $DBH->prepare("SELECT max(id) FROM events;");
+ if (!defined $sth) { die("Cannot prepare statement in getStatus: $DBI::errstr\n") }
+ $sth->execute;
+ my $events_last_id = $sth->fetchrow();
+ if (!defined $events_last_id) { $events_last_id = "none" }
+
+ # timestamp of first record in table events
+ $sth = $DBH->prepare("SELECT received FROM events WHERE id = (SELECT min(id) FROM events);");
+ if (!defined $sth) { die("Cannot prepare statement in getStatus: $DBI::errstr\n") }
+ $sth->execute;
+ my $events_first_timestamp = $sth->fetchrow();
+ if (!defined $events_first_timestamp) { $events_first_timestamp = "none" }
+
+ # timestamp of last record in table events
+ $sth = $DBH->prepare("SELECT received FROM events WHERE id = (SELECT max(id) FROM events);");
+ if (!defined $sth) { die("Cannot prepare statement in getStatus: $DBI::errstr\n") }
+ $sth->execute;
+ my $events_last_timestamp = $sth->fetchrow();
+ if (!defined $events_last_timestamp) { $events_last_timestamp = "none" }
+
+ # sum of records in table clients
+ $sth = $DBH->prepare("SELECT count(*) FROM clients;");
+ if (!defined $sth) { die("Cannot prepare statement in getStatus: $DBI::errstr\n") }
+ $sth->execute;
+ my $clients_sum = $sth->fetchrow();
+ if (!defined $clients_sum) { $clients_sum = "none" }
+
+ my $server_status = SOAP::Data->name(server_status => \SOAP::Data->value(
+ SOAP::Data->name(VERSION => $VERSION),
+ SOAP::Data->name(HOSTNAME => $hostname),
+ SOAP::Data->name(IP_ADDRESS => $ip_address),
+ SOAP::Data->name(PORT => $port),
+ SOAP::Data->name(FACILITY => $FACILITY),
+ SOAP::Data->name(DB_NAME => $DB_NAME),
+ SOAP::Data->name(DB_USER => $DB_USER),
+ SOAP::Data->name(DB_HOST => $DB_HOST),
+ SOAP::Data->name(DB_SIZE => $db_size),
+ SOAP::Data->name(EVENTS_SUM => $events_sum),
+ SOAP::Data->name(EVENTS_LAST_ID => $events_last_id),
+ SOAP::Data->name(EVENTS_FIRST_TIMESTAMP => $events_first_timestamp),
+ SOAP::Data->name(EVENTS_LAST_TIMESTAMP => $events_last_timestamp),
+ SOAP::Data->name(CLIENTS_SUM => $clients_sum)
+ ));
+ push(@status, $server_status);
+
+ # statistics of senders
+ if ($clients_sum != 0) {
+ $sth = $DBH->prepare("SELECT client_id, hostname, service FROM clients WHERE client_type = 's' ORDER BY client_id ASC;");
+ if (!defined $sth) {die("Cannot prepare statement in getStatus: $DBI::errstr\n")}
+ $sth->execute;
+ my ($client_id, $hostname, $service);
+ my $client_status;
+ while(($client_id, $hostname, $service) = $sth->fetchrow()) {
+ my $sth2;
+ # sum of stored events
+ $sth2 = $DBH->prepare_cached("SELECT count(*) FROM events WHERE hostname = ? AND service = ?;");
+ if (!defined $sth2) {die("Cannot prepare statement in getStatus: $DBI::errstr\n")}
+ $sth2->execute($hostname, $service);
+ my $count = $sth2->fetchrow();
+ if (!defined $count) {$count = "none"}
+ # timestamp of last stored event
+ $sth2 = $DBH->prepare_cached("SELECT max(received) FROM events WHERE hostname = ? AND service = ?;");
+ if (!defined $sth2) {die("Cannot prepare statement in getStatus: $DBI::errstr\n")}
+ $sth2->execute($hostname, $service);
+ my $timestamp = $sth2->fetchrow();
+ if (!defined $timestamp) {$timestamp = "none"}
+ # create SOAP data object
+ $client_status = SOAP::Data->name(client_status => \SOAP::Data->value(
+ SOAP::Data->name(CLIENT_ID => $client_id),
+ SOAP::Data->name(HOSTNAME => $hostname),
+ SOAP::Data->name(SERVICE => $service),
+ SOAP::Data->name(COUNT => $count),
+ SOAP::Data->name(TIMESTAMP => $timestamp),
+ ));
+ push(@status, $client_status);
+ }
+ }
+ write2log("info", "Sent of warden server status info");
+ return @status;
+ }
+} # END of getStatus
+
+1;
diff --git a/src/warden-server/lib/Warden/ApacheDispatch.pm b/src/warden-server/lib/Warden/ApacheDispatch.pm
new file mode 100644
index 0000000000000000000000000000000000000000..11d1e4f0931f9157398bcb18e26ee6ca26239e93
--- /dev/null
+++ b/src/warden-server/lib/Warden/ApacheDispatch.pm
@@ -0,0 +1,26 @@
+#!/usr/bin/perl -w
+#
+# ApacheDispatch.pm
+#
+# Copyright (C) 2011-2012 Cesnet z.s.p.o
+#
+# Use of this source is governed by a BSD-style license, see LICENSE file.
+
+package Warden::ApacheDispatch;
+
+use strict;
+use SOAP::Transport::HTTP;
+
+our $VERSION = "2.0";
+
+# set server dispatch_to
+my $server = SOAP::Transport::HTTP::Apache->dispatch_to('.','Warden');
+
+#-------------------------------------------------------------------------------
+# handler - call handler for Warden server
+#-------------------------------------------------------------------------------
+sub handler {
+ $server->handler(@_)
+}
+
+1;
diff --git a/src/warden-server/lib/WardenConf.pm b/src/warden-server/lib/WardenConf.pm
index 1f8e7c3741f30a4f794dba4fdb6a3e3199682710..68103e459944098b7415a443724d5827a724f0e8 100755
--- a/src/warden-server/lib/WardenConf.pm
+++ b/src/warden-server/lib/WardenConf.pm
@@ -3,40 +3,14 @@
# WardenConf.pm
#
# Copyright (C) 2011-2012 Cesnet z.s.p.o
-# Author(s): Tomas PLESNIK <plesnik@ics.muni.cz>
-# Jan SOUKAL <soukal@ics.muni.cz>
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions
-# are met:
-# 1. Redistributions of source code must retain the above copyright
-# notice, this list of conditions and the following disclaimer.
-# 2. Redistributions in binary form must reproduce the above copyright
-# notice, this list of conditions and the following disclaimer in
-# the documentation and/or other materials provided with the
-# distribution.
-# 3. Neither the name of the Cesnet z.s.p.o nor the names of its
-# contributors may be used to endorse or promote products derived from
-# this software without specific prior written permission.
-#
-# This software is provided ``as is'', and any express or implied
-# warranties, including, but not limited to, the implied warranties of
-# merchantability and fitness for a particular purpose are disclaimed.
-# In no event shall the Cesnet z.s.p.o or contributors be liable for
-# any direct, indirect, incidental, special, exemplary, or consequential
-# damages (including, but not limited to, procurement of substitute
-# goods or services; loss of use, data, or profits; or business
-# interruption) however caused and on any theory of liability, whether
-# in contract, strict liability, or tort (including negligence or
-# otherwise) arising in any way out of the use of this software, even
-# if advised of the possibility of such damage.
#
+# Use of this source is governed by a BSD-style license, see LICENSE file.
package WardenConf;
use strict;
-our $VERSION = "0.1";
+our $VERSION = "2.0";
#-------------------------------------------------------------------------------
# loadConf - load variables from configuration file
diff --git a/src/warden-server/lib/WardenReg.pm b/src/warden-server/lib/WardenReg.pm
index 06c8f59fbedc2059c38fd223773e83e867e74c0a..e5ff0cd13991b48ea419fd88d175d3986df899e3 100755
--- a/src/warden-server/lib/WardenReg.pm
+++ b/src/warden-server/lib/WardenReg.pm
@@ -3,42 +3,17 @@
# WardenReg.pm
#
# Copyright (C) 2011-2012 Cesnet z.s.p.o
-# Author(s): Tomas PLESNIK <plesnik@ics.muni.cz>
-# Jan SOUKAL <soukal@ics.muni.cz>
#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions
-# are met:
-# 1. Redistributions of source code must retain the above copyright
-# notice, this list of conditions and the following disclaimer.
-# 2. Redistributions in binary form must reproduce the above copyright
-# notice, this list of conditions and the following disclaimer in
-# the documentation and/or other materials provided with the
-# distribution.
-# 3. Neither the name of the Cesnet z.s.p.o nor the names of its
-# contributors may be used to endorse or promote products derived from
-# this software without specific prior written permission.
-#
-# This software is provided ``as is'', and any express or implied
-# warranties, including, but not limited to, the implied warranties of
-# merchantability and fitness for a particular purpose are disclaimed.
-# In no event shall the Cesnet z.s.p.o or contributors be liable for
-# any direct, indirect, incidental, special, exemplary, or consequential
-# damages (including, but not limited to, procurement of substitute
-# goods or services; loss of use, data, or profits; or business
-# interruption) however caused and on any theory of liability, whether
-# in contract, strict liability, or tort (including negligence or
-# otherwise) arising in any way out of the use of this software, even
-# if advised of the possibility of such damage.
+# Use of this source is governed by a BSD-style license, see LICENSE file.
package WardenReg;
use strict;
use SOAP::Lite;
use IO::Socket::SSL qw(debug1);
-use SOAP::Transport::TCP;
+use SOAP::Transport::HTTP;
-our $VERSION = "0.1";
+our $VERSION = "2.0";
#-------------------------------------------------------------------------------
@@ -56,33 +31,32 @@ sub errMsg
#-------------------------------------------------------------------------------
sub c2s
{
- my $uri = shift;
- my $ssl_key_file = shift;
- my $ssl_cert_file = shift;
- my $ssl_ca_file = shift;
- my $method = shift;
- my $data = shift;
-
+ my $uri = shift;
+ my $ssl_key_file = shift;
+ my $ssl_cert_file = shift;
+ my $ssl_ca_file = shift;
+ my $method = shift;
+ my $data = shift;
my $client;
+
my ($server, $port, $service) = $uri =~ /https:\/\/(.+)\:(\d+)\/(.+)/;
- if (!($client = SOAP::Transport::TCP::Client->new(
- PeerAddr => $server,
- PeerPort => $port,
- Proto => 'tcp',
- SSL_use_cert => 1,
- SSL_verify_mode => 0x02,
- SSL_key_file => $ssl_key_file,
- SSL_cert_file => $ssl_cert_file,
- SSL_ca_file => $ssl_ca_file,
- ))) {errMsg("Sorry, unable to create socket: " . &SOAP::Transport::TCP::Client::errstr)}
-
- # setting of URI and serialize SOAP envelope and data object
- my $soap = SOAP::Lite->uri($uri);
+ if (!($client = SOAP::Transport::HTTP::Client->new())) {
+ errMsg("Sorry, unable to create socket: " . &SOAP::Transport::HTTP::Client::errstr)
+ }
+ $client->ssl_opts( verify_hostname => 1,
+ SSL_use_cert => 1,
+ SSL_verify_mode => 0x02,
+ SSL_key_file => $ssl_key_file,
+ SSL_cert_file => $ssl_cert_file,
+ SSL_ca_file => $ssl_ca_file);
+
+ # set URI and serialize SOAP envelope and data object
+ my $soap = SOAP::Lite->uri($service)->proxy($uri);
my $envelope = $soap->serializer->envelope(method => $method, $data);
- # setting of TCP URI and send serialized SOAP envelope and data
- my $tcp_uri = "tcp://$server:$port/$service";
- my $result = $client->send_receive(envelope => $envelope, endpoint => $tcp_uri);
+ # set URI and send serialized SOAP envelope and data
+ my $server_uri = "https://$server:$port/$service";
+ my $result = $client->send_receive(envelope => $envelope, endpoint => $server_uri);
# check server response
if (!defined $result) {
@@ -95,6 +69,7 @@ sub c2s
}
}
+
#-------------------------------------------------------------------------------
# registerSender - register new warden sender
#-------------------------------------------------------------------------------
diff --git a/src/warden-server/lib/WardenStatus.pm b/src/warden-server/lib/WardenStatus.pm
index e7840c2fdf882e94af122c1e2b3d94c5c60d4c88..eea49e48d8112aa0e606206cef183129c60c5496 100755
--- a/src/warden-server/lib/WardenStatus.pm
+++ b/src/warden-server/lib/WardenStatus.pm
@@ -3,42 +3,18 @@
# WardenStatus.pm
#
# Copyright (C) 2011-2012 Cesnet z.s.p.o
-# Author(s): Tomas PLESNIK <plesnik@ics.muni.cz>
-# Jan SOUKAL <soukal@ics.muni.cz>
#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions
-# are met:
-# 1. Redistributions of source code must retain the above copyright
-# notice, this list of conditions and the following disclaimer.
-# 2. Redistributions in binary form must reproduce the above copyright
-# notice, this list of conditions and the following disclaimer in
-# the documentation and/or other materials provided with the
-# distribution.
-# 3. Neither the name of the Cesnet z.s.p.o nor the names of its
-# contributors may be used to endorse or promote products derived from
-# this software without specific prior written permission.
-#
-# This software is provided ``as is'', and any express or implied
-# warranties, including, but not limited to, the implied warranties of
-# merchantability and fitness for a particular purpose are disclaimed.
-# In no event shall the Cesnet z.s.p.o or contributors be liable for
-# any direct, indirect, incidental, special, exemplary, or consequential
-# damages (including, but not limited to, procurement of substitute
-# goods or services; loss of use, data, or profits; or business
-# interruption) however caused and on any theory of liability, whether
-# in contract, strict liability, or tort (including negligence or
-# otherwise) arising in any way out of the use of this software, even
-# if advised of the possibility of such damage.
+# Use of this source is governed by a BSD-style license, see LICENSE file.
package WardenStatus;
use strict;
use SOAP::Lite;
use IO::Socket::SSL qw(debug1);
-use SOAP::Transport::TCP;
+use SOAP::Transport::HTTP;
+
+our $VERSION = "2.0";
-our $VERSION = "0.2";
#-------------------------------------------------------------------------------
# errMsg - print error message and die
@@ -55,32 +31,32 @@ sub errMsg
#-------------------------------------------------------------------------------
sub c2s
{
- my $uri = shift;
- my $ssl_key_file = shift;
- my $ssl_cert_file = shift;
- my $ssl_ca_file = shift;
- my $method = shift;
-
+ my $uri = shift;
+ my $ssl_key_file = shift;
+ my $ssl_cert_file = shift;
+ my $ssl_ca_file = shift;
+ my $method = shift;
+ my $data = shift;
my $client;
+
my ($server, $port, $service) = $uri =~ /https:\/\/(.+)\:(\d+)\/(.+)/;
- if (!($client = SOAP::Transport::TCP::Client->new(
- PeerAddr => $server,
- PeerPort => $port,
- Proto => 'tcp',
- SSL_use_cert => 1,
- SSL_verify_mode => 0x02,
- SSL_key_file => $ssl_key_file,
- SSL_cert_file => $ssl_cert_file,
- SSL_ca_file => $ssl_ca_file,
- ))) {errMsg("Sorry, unable to create socket: " . &SOAP::Transport::TCP::Client::errstr)}
-
- # setting of URI and serialize SOAP envelope and data object
- my $soap = SOAP::Lite->uri($uri);
+ if (!($client = SOAP::Transport::HTTP::Client->new())) {
+ errMsg("Sorry, unable to create socket: " . &SOAP::Transport::HTTP::Client::errstr)
+ }
+ $client->ssl_opts(verify_hostname => 1,
+ SSL_use_cert => 1,
+ SSL_verify_mode => 0x02,
+ SSL_key_file => $ssl_key_file,
+ SSL_cert_file => $ssl_cert_file,
+ SSL_ca_file => $ssl_ca_file);
+
+ # set URI and serialize SOAP envelope and data object
+ my $soap = SOAP::Lite->uri($service)->proxy($uri);
my $envelope = $soap->serializer->envelope(method => $method);
# setting of TCP URI and send serialized SOAP envelope and data
- my $tcp_uri = "tcp://$server:$port/$service";
- my $result = $client->send_receive(envelope => $envelope, endpoint => $tcp_uri);
+ my $server_uri = "https://$server:$port/$service";
+ my $result = $client->send_receive(envelope => $envelope, endpoint => $server_uri);
# check server response
if (!defined $result) {
@@ -109,10 +85,10 @@ sub getClients
my $conf_file = $etcdir . "warden-client.conf";
my ($uri, $ssl_key_file, $ssl_cert_file, $ssl_ca_file) = WardenConf::loadConf($conf_file);
- # call server method getClients
+ # call method getClients on the Warden server
my $response = c2s($uri, $ssl_key_file, $ssl_cert_file, $ssl_ca_file, "getClients");
- # parse returned SOAP data object
+ # parse returned SOAP data object with clients
my @clients;
my ($client_id, $hostname, $registered, $requestor, $service, $client_type, $type, $receive_own_events, $description_tags, $ip_net_client);
my @response_list = $response->valueof('/Envelope/Body/getClientsResponse/client/');
@@ -120,16 +96,15 @@ sub getClients
my $response_data = shift(@response_list);
my @client;
- # parse items of one client
- $client_id = $response_data->{'CLIENT_ID'};
+ $client_id = $response_data->{'CLIENT_ID'} ;
$hostname = $response_data->{'HOSTNAME'};
$registered = $response_data->{'REGISTERED'};
$requestor = $response_data->{'REQUESTOR'};
- $service = $response_data->{'SERVICE'};
+ $service = defined $response_data->{'SERVICE'} ? $response_data->{'SERVICE'} : "-";
$client_type = $response_data->{'CLIENT_TYPE'};
- $type = $response_data->{'TYPE'};
- $receive_own_events = $response_data->{'RECEIVE_OWN_EVENTS'};
- $description_tags = $response_data->{'DESCRIPTION_TAGS'};
+ $type = defined $response_data->{'TYPE'} ? $response_data->{'TYPE'} : "-";
+ $receive_own_events = defined $response_data->{'RECEIVE_OWN_EVENTS'} ? $response_data->{'RECEIVE_OWN_EVENTS'} : "-";
+ $description_tags = defined $response_data->{'DESCRIPTION_TAGS'} ? $response_data->{'DESCRIPTION_TAGS'} : "-";
$ip_net_client = $response_data->{'IP_NET_CLIENT'};
# push received clients from warden server into @clients which is returned
@@ -155,23 +130,21 @@ sub getStatus
my $conf_file = $etcdir . "warden-client.conf";
my ($uri, $ssl_key_file, $ssl_cert_file, $ssl_ca_file) = WardenConf::loadConf($conf_file);
- # call server method getStatus
+ # call method getStatus on Warden server
my $response = c2s($uri, $ssl_key_file, $ssl_cert_file, $ssl_ca_file, "getStatus");
#-----------------------------------------------------------------------------
- # parse server status
+ # parse returned SOAP object with server status
my @response_list = $response->valueof('/Envelope/Body/getStatusResponse/server_status/');
my $response_data = shift(@response_list);
my $version = $response_data->{'VERSION'};
- my $address = $response_data->{'ADDRESS'};
+ my $server_hostname = $response_data->{'HOSTNAME'};
+ my $ip_address = $response_data->{'IP_ADDRESS'};
my $port = $response_data->{'PORT'};
- my $logdir = $response_data->{'LOGDIR'};
- my $piddir = $response_data->{'PIDDIR'};
- my $vardir = $response_data->{'VARDIR'};
- my $ssl_key_file_server = $response_data->{'SSL_KEY_FILE'};
- my $ssl_cert_file_server = $response_data->{'SSL_CERT_FILE'};
- my $ssl_ca_file_server = $response_data->{'SSL_CA_FILE'};
+ my $db_name = $response_data->{'DB_NAME'};
+ my $db_user = $response_data->{'DB_USER'};
+ my $db_host = $response_data->{'DB_HOST'};
my $facility = $response_data->{'FACILITY'};
my $db_size = $response_data->{'DB_SIZE'};
my $events_sum = $response_data->{'EVENTS_SUM'};
@@ -180,23 +153,23 @@ sub getStatus
my $events_last_timestamp = $response_data->{'EVENTS_LAST_TIMESTAMP'};
my $clients_sum = $response_data->{'CLIENTS_SUM'};
+ my @server_status = ($version, $server_hostname, $ip_address, $port, $db_name, $db_user, $db_host, $facility, $db_size, $events_sum, $events_last_id, $events_first_timestamp, $events_last_timestamp, $clients_sum);
my @status;
- my @server_status = ($version, $address, $port, $logdir, $piddir, $vardir, $ssl_key_file_server, $ssl_cert_file_server, $ssl_ca_file_server, $facility, $db_size, $events_sum, $events_last_id, $events_first_timestamp, $events_last_timestamp, $clients_sum);
push(@status, \@server_status);
#-----------------------------------------------------------------------------
- # parse client status
- my ($client_id, $hostname, $service, $count, $timestamp);
+ # parse returned SOAP object with client status
@response_list = $response->valueof('/Envelope/Body/getStatusResponse/client_status/');
+ my ($client_id, $hostname, $service, $count, $timestamp);
while (scalar @response_list) {
my $response_data = shift(@response_list);
my @client_status;
- $client_id = $response_data->{'CLIENT_ID'};
- $hostname = $response_data->{'HOSTNAME'};
- $service = $response_data->{'SERVICE'};
- $count = $response_data->{'COUNT'};
- $timestamp = $response_data->{'TIMESTAMP'};
+ my $client_id = $response_data->{'CLIENT_ID'};
+ my $hostname = $response_data->{'HOSTNAME'};
+ my $service = $response_data->{'SERVICE'};
+ my $count = $response_data->{'COUNT'};
+ my $timestamp = $response_data->{'TIMESTAMP'};
@client_status = ($client_id, $hostname, $service, $count, $timestamp);
push(@status, \@client_status);
diff --git a/src/warden-server/sh/create_tables.sh b/src/warden-server/sh/create_tables.sh
index 50660ebb9f7d22834e8faaf2ca3fbe10db041db0..9fa8ecc2962ef788fbc6e8737a7255bcb96d553d 100755
--- a/src/warden-server/sh/create_tables.sh
+++ b/src/warden-server/sh/create_tables.sh
@@ -1,4 +1,7 @@
#!/bin/bash
+
+# Pri pouziti Apache + mod_perl se tento soubor nepouziva
+
#
# create_table.sh
#
diff --git a/src/warden-server/sh/install.sh b/src/warden-server/sh/install.sh
index d75691928fde6c979a9310266d693617e3f1714a..763699bfe4b2468778b5dd06d827fde0846261f6 100755
--- a/src/warden-server/sh/install.sh
+++ b/src/warden-server/sh/install.sh
@@ -160,18 +160,6 @@ perl_chck()
fi
}
-sqlite_chck()
-{
- echo -n "Checking SQLite database engine ... "
- if which sqlite3 1> /dev/null; then
- echo "OK"
- else
- echo "FAILED!"
- echo "Error: SQLite3 database engine is not installed!"
- exit 1
- fi
-}
-
modules_chck()
{
for module in ${modules[@]};
@@ -189,8 +177,8 @@ modules_chck()
make_warden_dir()
{
echo -n "Creating warden server directory ... "
- test -d $prefix || mkdir -p $prefix
- if cp -R ${dirname}/warden-server $prefix 2> $err; then
+ test -d ${prefix} || mkdir -p ${prefix}
+ if cp -R $dirname/warden-server $prefix 2> $err; then
echo "OK"
else
err_clean
@@ -248,55 +236,20 @@ make_server_conf()
# warden-server.conf - configuration file for Warden server
#
-#-------------------------------------------------------------------------------
-# ADDRESS - IP address of warden server
-#-------------------------------------------------------------------------------
-\$ADDRESS = \"${hostname}\";
-
-#-------------------------------------------------------------------------------
-# PORT - used TCP port for Warden server
-#-------------------------------------------------------------------------------
-\$PORT = \"443\";
-
#-------------------------------------------------------------------------------
# BASEDIR - base directory of Warden server
#-------------------------------------------------------------------------------
\$BASEDIR = \"${server_path}\";
-#-------------------------------------------------------------------------------
-# VARDIR - var directory
-#-------------------------------------------------------------------------------
-\$VARDIR = \"\$BASEDIR/var/\";
-
-#-------------------------------------------------------------------------------
-# LOGDIR - logging directory
-#-------------------------------------------------------------------------------
-\$LOGDIR = \"/var/log/\";
-
-#-------------------------------------------------------------------------------
-# PIDDIR - process ID directory
-#-------------------------------------------------------------------------------
-\$PIDDIR = \"/var/run/\";
-
-#-------------------------------------------------------------------------------
-# SSL_KEY_FILE - path to server SSL certificate key file
-#-------------------------------------------------------------------------------
-\$SSL_KEY_FILE = \"${key}\";
-
-#-------------------------------------------------------------------------------
-# SSL_CERT_FILE - path to server SSL certificate file
-#-------------------------------------------------------------------------------
-\$SSL_CERT_FILE = \"${cert}\";
-
-#-------------------------------------------------------------------------------
-# SSL_CA_FILE - path to CA ceritificate file
-#-------------------------------------------------------------------------------
-\$SSL_CA_FILE = \"${ca_file}\";
-
#-------------------------------------------------------------------------------
# FACILITY - syslog facility
#-------------------------------------------------------------------------------
\$FACILITY = \"local7\";
+
+\$DB_NAME = \"warden\";
+\$DB_USER = \"username\";
+\$DB_PASS = \"\";
+\$DB_HOST = \"localhost\";
" > $server_conf 2> $err; ret_val=`echo $?`
if [ $ret_val -eq 0 ]; then
@@ -307,18 +260,46 @@ make_server_conf()
}
-create_db()
+changeServerPath()
{
- echo -n "Creating warden server database ... "
- $create_tables $db_file 2> $err || err_clean
- if chmod 600 $db_file 2> $err; then
- echo "OK"
- else
- err_clean
- fi
+ echo "Update server path ...";
+ for file in `ls -1 $bin | grep -v warden-alive | grep -v create_tables.sh | grep -v wardend`
+ do
+ echo "- update server path: ${bin}/$file"
+ perl -pi -e "s#/opt#${prefix}#" ${bin}/$file
+ done
+
+ echo "- update server path: ${apache_conf}"
+ perl -pi -e "s#/opt#${prefix}#" ${apache_conf}
+
+ echo "- update server path: ${lib}/Warden.pm"
+ perl -pi -e "s#/opt#${prefix}#" ${lib}/Warden.pm
+
}
+updateCertsPath()
+{
+
+ echo "- update certs path: ${apache_conf}"
+ perl -pi -e "s#server-cert.pem#${cert}#" ${apache_conf}
+ perl -pi -e "s#server-key.pem#${key}#" ${apache_conf}
+ perl -pi -e "s#ca-cert.pem#${ca_file}#" ${apache_conf}
+}
+
+#create_db()
+#{
+# echo -n "Creating warden server database ... "
+# $create_tables $db_file 2> $err || err_clean
+# if chmod 600 $db_file 2> $err; then
+# echo "OK"
+# else
+# err_clean
+# fi
+#}
+
+
+
create_symlinks()
{
echo "Creating symbolic links ..."
@@ -327,8 +308,8 @@ create_symlinks()
echo "- making symlink: ${local_bin}/$file -> ${bin}/$file"
ln -s ${bin}/$file ${local_bin}/$file
done
- echo "- making symlink: ${bin}/wardend -> $init"
- ln -s ${bin}/wardend $init
+# echo "- making symlink: ${bin}/wardend -> $init"
+# ln -s ${bin}/wardend $init
}
@@ -337,7 +318,8 @@ create_symlinks()
#-------------------------------------------------------------------------------
# list of used Perl modules
-modules=(SOAP::Lite SOAP::Transport::TCP File::Pid POSIX DBI DBD::SQLite Format::Human::Bytes Sys::Syslog File::Basename FindBin Net::CIDR::Lite DateTime Getopt::Std Switch IO::Socket::SSL)
+#modules=(SOAP::Lite SOAP::Transport::TCP File::Pid POSIX DBI DBD::SQLite Format::Human::Bytes Sys::Syslog File::Basename FindBin Net::CIDR::Lite DateTime Getopt::Std Switch IO::Socket::SSL)
+modules=(DBI DBD::mysql Format::Human::Bytes Sys::Syslog File::Basename FindBin Net::CIDR::Lite DateTime Getopt::Std Switch IO::Socket::SSL MIME::Base64 Crypt::X509)
# OS test
os_chck
@@ -379,7 +361,9 @@ local_bin="/usr/local/bin"
etc="${server_path}/etc"
client_conf="${etc}/warden-client.conf"
server_conf="${etc}/warden-server.conf"
+apache_conf="${etc}/warden-apache.conf"
var="${server_path}/var"
+lib="${server_path}/lib"
db_file="${var}/warden.db"
err="/tmp/warden-err"
init="/etc/init.d/wardend"
@@ -393,8 +377,8 @@ echo "------------------------- Dependencies check-in -------------------------"
# Perl interpreter test
perl_chck
-# SQLite database engine test
-sqlite_chck
+## SQLite database engine test
+#sqlite_chck
# Perl modules test
modules_chck
@@ -411,8 +395,14 @@ make_client_conf
# create server configuration file
make_server_conf
-# create warden server database
-create_db
+## create warden server database
+#create_db
+
+#update paths in utilities
+changeServerPath
+
+#update paths in apachefile
+updateCertsPath
# crate symlinks from warden server bin directory to /usr/local/bin
create_symlinks
@@ -422,7 +412,7 @@ echo "Please check client configuration file in ${client_conf}!"
echo "Please check server configuration file in ${server_conf}!"
echo
echo "Warden server directory: $server_path"
-echo "Warden server daemon: $init [start|stop|status|restart|force-stop]"
+#echo "Warden server daemon: $init [start|stop|status|restart|force-stop]"
echo
echo "Installation of $package_version package was SUCCESSFUL!!!"