diff --git a/packages/TODO.zcu b/packages/TODO.zcu
index db086f4433725f1978e8aa05886f35e8e78bbe10..e12f02a4d0b5f06c57b09427bd66c4a4a81f7487 100644
--- a/packages/TODO.zcu
+++ b/packages/TODO.zcu
@@ -1,6 +1,6 @@
* sjednotit warden-client.conf a warden-server.conf
* ipv6
* zrusit vsude licence a nahradit jedinym radkem s odkazem
-* generovani konfigutracnich souboru z template z balicku a ne primo ze shell skriptu
+* generovani konfiguracnich souboru z template z balicku a ne primo ze shell skriptu
* verze klienta a serveru jsou mimo sync coz je osklive, proc mam pouzivat c1.1.1 a s0.1.1 ? to nedava smysl ...
diff --git a/packages/build-client.sh b/packages/build-client.sh
index 5e176f4e0ac3da5d3e47bf75fdc2ae8f4fbdeec7..47c615e194f4342b8a48e896c62dcae4aa99c0bf 100755
--- a/packages/build-client.sh
+++ b/packages/build-client.sh
@@ -49,7 +49,7 @@ err()
#-------------------------------------------------------------------------------
# edit when you build new package
-version="1.1.0"
+version="1.1.1"
package_name="warden-client"
package="$package_name-$version"
diff --git a/src/warden-client/lib/WardenClientReceive.pm b/src/warden-client/lib/WardenClientReceive.pm
index 5ed525a01247b1f744cfb5e633c6a609620d9735..c8f7d456f692a3894e6f822d26d6bbf094252344 100755
--- a/src/warden-client/lib/WardenClientReceive.pm
+++ b/src/warden-client/lib/WardenClientReceive.pm
@@ -36,10 +36,11 @@ package WardenClientReceive;
use strict;
use SOAP::Lite;
use IO::Socket::SSL qw(debug1);
-use SOAP::Transport::TCP;
+#use SOAP::Transport::TCP;
+use SOAP::Transport::HTTP;
use FindBin;
-our $VERSION = "1.2";
+our $VERSION = "1.1";
#-------------------------------------------------------------------------------
# errMsg - print error message and die
@@ -54,6 +55,52 @@ sub errMsg
#-------------------------------------------------------------------------------
# c2s - connect to server, send request and receive response
#-------------------------------------------------------------------------------
+#sub c2s
+#{
+# my $uri = shift;
+# my $ssl_key_file = shift;
+# my $ssl_cert_file = shift;
+# my $ssl_ca_file = shift;
+# my $method = shift;
+# my $data = shift;
+#
+# my $client;
+# my ($server, $port, $service) = $uri =~ /https:\/\/(.+)\:(\d+)\/(.+)/;
+# if (!($client = SOAP::Transport::TCP::Client->new(
+# PeerAddr => $server,
+# PeerPort => $port,
+# Proto => 'tcp',
+# SSL_use_cert => 1,
+# SSL_verify_mode => 0x02,
+# SSL_key_file => $ssl_key_file,
+# SSL_cert_file => $ssl_cert_file,
+# SSL_ca_file => $ssl_ca_file,
+# ))) {errMsg("Sorry, unable to create socket: " . &SOAP::Transport::TCP::Client::errstr)}
+#
+# # setting of URI and serialize SOAP envelope and data object
+# my $soap = SOAP::Lite->uri($uri);
+# my $envelope;
+# if (!defined $data) {
+# $envelope = $soap->serializer->envelope(method => $method);
+# } else {
+# $envelope = $soap->serializer->envelope(method => $method, $data);
+# }
+#
+# # setting of TCP URI and send serialized SOAP envelope and data
+# my $tcp_uri = "tcp://$server:$port/$service";
+# my $result = $client->send_receive(envelope => $envelope, endpoint => $tcp_uri);
+#
+# # check server response
+# if (!defined $result) {
+# errMsg("Error: server returned empty response." . "\n" . "Problem with used SSL ceritificates or Warden server at $server:$port is down.");
+# } else {
+# # deserialized response from server -> create SOAP envelope and data object
+# my $response = $soap->deserializer->deserialize($result);
+# # check SOAP fault status
+# $response->fault ? errMsg("Server sent error message:: " . $response->faultstring) : return $response;
+# }
+#}
+
sub c2s
{
my $uri = shift;
@@ -65,19 +112,17 @@ sub c2s
my $client;
my ($server, $port, $service) = $uri =~ /https:\/\/(.+)\:(\d+)\/(.+)/;
- if (!($client = SOAP::Transport::TCP::Client->new(
- PeerAddr => $server,
- PeerPort => $port,
- Proto => 'tcp',
- SSL_use_cert => 1,
- SSL_verify_mode => 0x02,
- SSL_key_file => $ssl_key_file,
- SSL_cert_file => $ssl_cert_file,
- SSL_ca_file => $ssl_ca_file,
- ))) {errMsg("Sorry, unable to create socket: " . &SOAP::Transport::TCP::Client::errstr)}
+ if (!($client = SOAP::Transport::HTTP::Client->new(
+))) {errMsg("Sorry, unable to create socket: " . &SOAP::Transport::HTTP::Client::errstr)}
+ $client->ssl_opts( verify_hostname => 1,
+ SSL_use_cert => 1,
+ SSL_verify_mode => 0x02,
+ SSL_key_file => $ssl_key_file,
+ SSL_cert_file => $ssl_cert_file,
+ SSL_ca_file => $ssl_ca_file);
# setting of URI and serialize SOAP envelope and data object
- my $soap = SOAP::Lite->uri($uri);
+ my $soap = SOAP::Lite->uri($service)->proxy($uri);
my $envelope;
if (!defined $data) {
$envelope = $soap->serializer->envelope(method => $method);
@@ -86,7 +131,7 @@ sub c2s
}
# setting of TCP URI and send serialized SOAP envelope and data
- my $tcp_uri = "tcp://$server:$port/$service";
+ my $tcp_uri = "https://$server:$port/$service";
my $result = $client->send_receive(envelope => $envelope, endpoint => $tcp_uri);
# check server response
@@ -101,6 +146,8 @@ sub c2s
}
+
+
#-------------------------------------------------------------------------------
# getNewEvents - get new events from warden server greater than last received ID
#-------------------------------------------------------------------------------
@@ -145,19 +192,20 @@ sub getNewEvents
# create SOAP data obejct
my $request_data = SOAP::Data->name(request => \SOAP::Data->value(
- SOAP::Data->name(REQUESTED_TYPE => $requested_type),
- SOAP::Data->name(LAST_ID => $last_id)
+ SOAP::Data->name(REQUESTED_TYPE => $requested_type),
+ SOAP::Data->name(LAST_ID => $last_id)
));
- # call server method getNewEvents
my $response = c2s($uri, $ssl_key_file, $ssl_cert_file, $ssl_ca_file, "getNewEvents", $request_data);
+ # match getNewEvents functions response
+ $response->match('/Envelope/Body/getNewEventsResponse/');
my ($id, $hostname, $service, $detected, $type, $source_type, $source, $target_proto, $target_port, $attack_scale, $note, $priority, $timeout);
my @events;
# parse returned SOAP data object
- my @response_list = $response->valueof('/Envelope/Body/getNewEventsResponse/event/');
- while (scalar @response_list) {
- my $response_data = shift(@response_list);
+ my $i = 1;
+ my $response_data = $response->valueof("[$i]");
+ while (defined $response_data) {
my @event;
# parse items of one event
@@ -181,8 +229,12 @@ sub getNewEvents
# set maximum received ID from current batch
if ($id > $last_id) {
- $last_id = $id;
+ $last_id = $id;
}
+
+ # go to the next received event
+ $i++;
+ $response_data = $response->valueof("[$i]");
}
# write last return ID
@@ -192,6 +244,7 @@ sub getNewEvents
close ID;
}
+ # return event array of arrays
return @events;
} # End of getNewEvents
diff --git a/src/warden-client/lib/WardenClientSend.pm b/src/warden-client/lib/WardenClientSend.pm
index f8cac0e9be7c5d0cc41189ca8adffeeaf7f0850d..75d12479f23fa06c3a4b1c086d7f0084c78c04bc 100755
--- a/src/warden-client/lib/WardenClientSend.pm
+++ b/src/warden-client/lib/WardenClientSend.pm
@@ -35,12 +35,12 @@ package WardenClientSend;
use strict;
use SOAP::Lite;
+#use SOAP::Lite 'trace', 'debug';
use IO::Socket::SSL qw(debug1);
-use SOAP::Transport::TCP;
-
+#use SOAP::Transport::TCP;
+use SOAP::Transport::HTTP;
our $VERSION = "1.1";
-
#-------------------------------------------------------------------------------
# errMsg - print error message and die
#-------------------------------------------------------------------------------
@@ -65,23 +65,21 @@ sub c2s
my $client;
my ($server, $port, $service) = $uri =~ /https:\/\/(.+)\:(\d+)\/(.+)/;
- if (!($client = SOAP::Transport::TCP::Client->new(
- PeerAddr => $server,
- PeerPort => $port,
- Proto => 'tcp',
- SSL_use_cert => 1,
- SSL_verify_mode => 0x02,
- SSL_key_file => $ssl_key_file,
- SSL_cert_file => $ssl_cert_file,
- SSL_ca_file => $ssl_ca_file,
- ))) {errMsg("Sorry, unable to create socket: " . &SOAP::Transport::TCP::Client::errstr)}
+ if (!($client = SOAP::Transport::HTTP::Client->new(
+))) {errMsg("Sorry, unable to create socket: " . &SOAP::Transport::HTTP::Client::errstr)}
+ $client->ssl_opts( verify_hostname => 1,
+ SSL_use_cert => 1,
+ SSL_verify_mode => 0x02,
+ SSL_key_file => $ssl_key_file,
+ SSL_cert_file => $ssl_cert_file,
+ SSL_ca_file => $ssl_ca_file);
# setting of URI and serialize SOAP envelope and data object
- my $soap = SOAP::Lite->uri($uri);
+ my $soap = SOAP::Lite->uri($service)->proxy($uri);
my $envelope = $soap->serializer->envelope(method => $method, $data);
-
- # setting of TCP URI and send serialized SOAP envelope and data
- my $tcp_uri = "tcp://$server:$port/$service";
+
+# setting of TCP URI and send serialized SOAP envelope and data
+ my $tcp_uri = "https://$server:$port/$service";
my $result = $client->send_receive(envelope => $envelope, endpoint => $tcp_uri);
# check server response
diff --git a/src/warden-client/sh/install.sh b/src/warden-client/sh/install.sh
index 8d0e21b9a634184771888ff21f65bc4642b0cb11..726318b7e8a7e644e288df642b7de2609f7249a0 100755
--- a/src/warden-client/sh/install.sh
+++ b/src/warden-client/sh/install.sh
@@ -156,7 +156,8 @@ old_client_chck()
perl_chck()
{
echo -n "Checking Perl interpreter ... "
- if which perl 1> /dev/null; then
+ which perl 1>/dev/null; ret_val=`echo $?`
+ if [ $ret_val -eq 0 ]; then
echo "OK"
else
echo "FAILED!"
@@ -171,7 +172,8 @@ modules_chck()
for module in ${modules[@]};
do
echo -n "Checking $module module ... "
- if perl -e "use $module" 2> $err; then
+ perl -e "use $module" 2> $err; ret_val=`echo $?`
+ if [ $ret_val -eq 0 ]; then
echo "OK"
else
err
@@ -183,7 +185,8 @@ modules_chck()
make_warden_dir()
{
echo -n "Creating warden client directory ... "
- if cp -R ${dirname}/warden-client $prefix 2> $err; then
+ cp -R $dirname/warden-client $prefix 2> $err; ret_val=`echo $?`
+ if [ $ret_val -eq 0 ]; then
echo "OK"
else
err_clean
@@ -192,16 +195,17 @@ make_warden_dir()
files=(CHANGELOG INSTALL LICENSE README README.cesnet)
for file in ${files[@]};
do
- cp ${dirname}/$file "${client_path}/doc"
+ cp $dirname/$file "$client_path/doc"
done
- cp ${dirname}/uninstall.sh "$client_path"
+ cp $dirname/uninstall.sh "$client_path"
}
copy_key()
{
echo -n "Copying certificate key file ... "
- if cp $key $etc 2> $err; then
+ cp $key $etc 2> $err; ret_val=`echo $?`
+ if [ $ret_val -eq 0 ]; then
echo "OK"
else
err_clean
@@ -212,7 +216,8 @@ copy_key()
copy_cert()
{
echo -n "Copying certificate file ... "
- if cp $cert $etc 2> $err; then
+ cp $cert $etc 2> $err; ret_val=`echo $?`
+ if [ $ret_val -eq 0 ]; then
echo "OK"
else
err_clean
@@ -235,17 +240,17 @@ make_conf_file()
#-------------------------------------------------------------------------------
# SSL_KEY_FILE - path to client SSL certificate key file
#-------------------------------------------------------------------------------
-\$SSL_KEY_FILE = \"${etc}/${key_file}\";
+\$SSL_KEY_FILE = \"$etc/$key_file\";
#-------------------------------------------------------------------------------
# SSL_CERT_FILE - path to client SSL certificate file
#-------------------------------------------------------------------------------
-\$SSL_CERT_FILE = \"${etc}/${cert_file}\";
+\$SSL_CERT_FILE = \"$etc/$cert_file\";
#-------------------------------------------------------------------------------
# SSL_CA_FILE - path to CA certificate file
#-------------------------------------------------------------------------------
-\$SSL_CA_FILE = \"${ca_file}\";
+\$SSL_CA_FILE = \"$ca_file\";
" > $conf_file 2> $err; ret_val=`echo $?`
if [ $ret_val -eq 0 ]; then
@@ -259,10 +264,8 @@ make_conf_file()
change_permissions()
{
echo -n "Changing permissions to installed package ... "
- chown -R $user: $client_path 2> $err || err_clean
- chmod 400 ${etc}/$key_file ${etc}/$cert_file || err_clean
- chmod 644 ${etc}/package_version || err_clean
- if chmod 600 $conf_file; then
+ chown -R $user: $client_path 2>$err; ret_val=`echo $?`
+ if [ $ret_val -eq 0 ]; then
echo "OK"
else
err_clean
@@ -306,13 +309,13 @@ params_chck
# create variables
dirname=`dirname $0`
-package_version=`cat ${dirname}/warden-client/etc/package_version`
+package_version=`cat $dirname/warden-client/etc/package_version`
key_file=`basename $key`
cert_file=`basename $cert`
[[ $prefix == */ ]] && prefix="${prefix%?}" # remove last char (slash) from prefix
-client_path="${prefix}/warden-client"
-etc="${client_path}/etc"
-conf_file="${etc}/warden-client.conf"
+client_path="$prefix/warden-client"
+etc="$client_path/etc"
+conf_file="$etc/warden-client.conf"
err="/tmp/warden-err"
# check if warden-client is installed
@@ -349,8 +352,6 @@ change_permissions
echo
echo "Please check configuration file in $conf_file!"
echo
-echo "Warden client directory: $client_path"
-echo
echo "Installation of $package_version package was SUCCESSFUL!!!"
# cleanup section
diff --git a/src/warden-server/doc/warden-apache.readme b/src/warden-server/doc/warden-apache.readme
index 4698aaab835e418c59453944ff9834ab47f4341e..7db3050bc20a2d58e0756313f41fcbfff1476342 100644
--- a/src/warden-server/doc/warden-apache.readme
+++ b/src/warden-server/doc/warden-apache.readme
@@ -1,46 +1,74 @@
-apache2
-mysql-server
-a2enmod ssl
-libapache2-mod-perl2
-mysql -u root -p < warden.sql
-libcrypt-x509-perl
-libmime-base64-perl
-apache2-mpm-prefork
-
-<IfModule mpm_prefork_module>
- StartServers 2
- MinSpareServers 4
- MaxSpareServers 8
- ServerLimit 700
- MaxClients 700
- MaxRequestsPerChild 0
-</IfModule>
-Timeout 10
-KeepAlive Off
-
-
-Instalace Apache
-Povoleni SSL
-Instalace mod_perl
-Apache - Virtual Host <*:443> - pro jine jeste povolit port
-Include cesty do Apache
-Nastaveni spravnych Adres - klient, server
-Nastaveni db na serveru
-Pouziti jineho cert server/client
-Instalace 2 balicku
-Instalace prefork
-nastavni apache2.conf
-================
-Instalace DB
-restore db z adr. etc/warden.sql
-
-====
-Instalace serveru do jine cesty nez /opt -> nevytvari adresar, nemaze pri odinstalaci
+Strucny technicky navod pro preklopeni Warden serveru pod Apache a mod_perl
+===========================================================================
+INSTALACE
+=========
+1) Instalace Apache a MySQL DB
+
+ aptitude install apache2 mysql-server
+2) Povoleni mod_ssl
+ an2enmod ssl
+3) Instalace knihovny mod_perl
+
+ libapache2-mod-perl2
+
+4) Instalace podpory metody prefork pro Apache
+
+ apache2-mpm-prefork
+
+5) Instalace nove pridanych modulu
+
+ aptitude install libcrypt-x509-perl libmime-base64-perl
+
+
+Konfigurace
+===========
+
+1) Nastaveni APACHE
+
+ a) /etc/apache2/sites-enables/default
+ - konfigurace sekce <VirtualHost *:443>
+ - includovani potrebnych parametru ze souboru {warden-server}/etc/warden-apache.conf
+ Include /opt/warden-server/etc/warden-apache.conf
+
+ b) Nastaveni vykonovych parametru Apache (/etc/apache2/apache2.conf)
+ - modul prefork (nastavujte dle vykonu vaseho serveru)
+ = pro 12C, 16GB RAM funguje dobre
+
+ <IfModule mpm_prefork_module>
+ StartServers 2
+ MinSpareServers 4
+ MaxSpareServers 8
+ ServerLimit 700
+ MaxClients 700
+ MaxRequestsPerChild 0
+ </IfModule>
+
+
+ - parametry spojeni
+
+ Timeout 10
+ KeepAlive Off
+
+
+ c) restartovani Apache po kazde zmene Warden.pm (serverova cast)
+
+
+2) Nastaveni DB
+
+ a) (volitelne) Vytvoreni noveho uzivatele
+ b) Vytvoreni databazove struktury
+
+ mysql -u uzivatel -p heslo < {warden-server}/doc/warden.mysql
+
+3) Nastaveni warden-server.conf, warden-client.conf, {warden-server}/etc/warden-apache.conf
+
+ a) Zkontrolovat spravnost IP adres, portu a hlavne cest k certifikatum + nove udaje pro pripojeni do DB
+ b) Pro klienta a server na jednom stroji jsou zrejme treba 2 ruzne certifikaty (me to jinak nejde, zkuste;))