diff --git a/src/warden-server/lib/Warden.pm b/src/warden-server/lib/Warden.pm
index 7e3b7513bcb32b47e82147ff0121d2881a882a9c..05ab9bcd6070bb66c0c6860d46bba656b4615778 100755
--- a/src/warden-server/lib/Warden.pm
+++ b/src/warden-server/lib/Warden.pm
@@ -37,8 +37,8 @@ our $DB_NAME = undef;
our $DB_USER = undef;
our $DB_PASS = undef;
our $DB_HOST = undef;
-our $MAX_EVENTS_LIMIT = 1000000; # default value
-our %VALID_STRINGS = undef;
+our $MAX_EVENTS_LIMIT = 1000000; # default value
+our %VALID_STRINGS = (); # inicialization of empty hash
# load set variables by user
unless (do $conf_file) {
@@ -127,10 +127,9 @@ sub authorizeClient
} elsif($function_name eq 'getNewEvents') {
$sth = $DBH->prepare("SELECT hostname, ip_net_client, receive_own_events FROM clients WHERE hostname IN ($alt_names) AND (type = ? OR type = '_any_') AND client_type = ? ORDER BY SUBSTRING_INDEX(ip_net_client,'/', -1) DESC;");
}
-
if (!defined $sth) {
sendMsg("err",
- "Cannot prepare authorization statement in $function_name: $DBH->errstr",
+ "Cannot prepare authorization statement in '$function_name': $DBH->errstr",
"Internal 'prepare' server error")
}
$sth->execute($service_type, $client_type);
@@ -154,16 +153,16 @@ sub authorizeClient
# check if client is registered
if ($sth->rows == 0) {
sendMsg("err",
- "Unauthorized access to function '$function_name' from: '$ip'; CN(AN): $alt_names; used service: '$service_type' - client is not registered",
- "Access denied - client is not registered at warden server $ENV{'SERVER_NAME'}");
+ "Unauthorized access to function '$function_name' from [IP: '$ip'; CN(AN): $alt_names; Client_type: '$client_type'; Service/Type: '$service_type'] - client is not registered",
+ "Access denied - client is not registered at Warden server '$ENV{'SERVER_NAME'}'");
return undef;
}
# check if client has IP from registered CIDR
if (!$correct_ip_source) {
sendMsg ("err",
- "Unauthorized access to function '$function_name' from: '$ip'; CN(AN): $alt_names; used service: '$service_type' - access from bad subnet: Registered subnet '$ret{'cidr'}'",
- "Access denied - access to $ENV{'SERVER_NAME'} from unauthorized subnet");
+ "Unauthorized access to function '$function_name' from [IP: '$ip'; CN(AN): $alt_names; Client_type: '$client_type'; Service/Type: '$service_type'] - access from another subnet than '$ret{'cidr'}'",
+ "Access denied - access to Warden server '$ENV{'SERVER_NAME'}' from unauthorized subnet");
return undef;
}
@@ -208,46 +207,36 @@ sub saveNewEvent
my $timeout = $data->{'TIMEOUT'};
my %client = authorizeClient($alt_names, $ip, $service, $client_type, $function_name);
- if(defined %client) {
- if (!(exists $VALID_STRINGS{'type'} && grep $type eq $_, @{$VALID_STRINGS{'type'}})) {
- sendMsg("err",
- "Unknown event type - client from: '$ip'; CN(AN): $alt_names; used type: '$type'",
- "Unknown event type '$type'");
- } elsif (!(exists $VALID_STRINGS{'source_type'} && grep $source_type eq $_, @{$VALID_STRINGS{'source_type'}})) {
- sendMsg("err",
- "Unknown source type - client from: '$ip'; CN(AN): $alt_names; used source_type: '$source_type'",
- "Unknown source type '$source_type'");
+ if (defined %client) {
+ if (%VALID_STRINGS) { # check if hash is not empty - use VALIDATION HASH
+ if (!(exists $VALID_STRINGS{'type'} && grep $type eq $_, @{$VALID_STRINGS{'type'}})) {
+ sendMsg("err",
+ "Unknown event type from [IP: '$ip'; CN(AN): $alt_names; Service: '$service'; Type: '$type']",
+ "Unknown event type: '$type'");
+ } elsif (!(exists $VALID_STRINGS{'source_type'} && grep $source_type eq $_, @{$VALID_STRINGS{'source_type'}})) {
+ sendMsg("err",
+ "Unknown source type from [IP '$ip'; CN(AN): $alt_names; Service: '$service'; Source_type: '$source_type']",
+ "Unknown source type: '$source_type'");
+ }
+ }
# http://my.safaribooksonline.com/book/programming/regular-expressions/9780596802837/4dot-validation-and-formatting/id2983571
- } elsif ($detected !~ /^((?:[1-9][0-9]*)?[0-9]{4})-(1[0-2]|0[1-9])-(3[0-1]|0[1-9]|[1-2][0-9])T(2[0-3]|[0-1][0-9]):([0-5][0-9]):([0-5][0-9])(\.[0-9]+)?(Z|[+-](?:2[0-3]|[0-1][0-9]):[0-5][0-9])?/) {
- sendMsg("err",
- "Unknown detected time format - client from: '$ip'; CN(AN): $alt_names; used detected: '$detected'",
- "Unknown detected time format '$detected'");
- } elsif ($target_port !~ /^\d+\z/ && defined $target_port) {
- sendMsg("err",
- "Unknown target port - client from: '$ip'; CN(AN): $alt_names; used target_port: '$target_port'",
- "Unknown target port '$target_port'");
- } elsif ($attack_scale !~ /^\d+\z/ && defined $attack_scale) {
+ if ($detected !~ /^((?:[1-9][0-9]*)?[0-9]{4})-(1[0-2]|0[1-9])-(3[0-1]|0[1-9]|[1-2][0-9])T(2[0-3]|[0-1][0-9]):([0-5][0-9]):([0-5][0-9])(\.[0-9]+)?(Z|[+-](?:2[0-3]|[0-1][0-9]):[0-5][0-9])?/) {
sendMsg("err",
- "Unknown attack scale - client from: '$ip'; CN(AN): $alt_names; used attack_scale: '$attack_scale'",
- "Unknown attack scale '$attack_scale'");
- } elsif ($priority !~ /^\d+\z/ && defined $priority) {
- sendMsg("err",
- "Unknown priority - client from: '$ip'; CN(AN): $alt_names; used priority: '$priority'",
- "Unknown priority '$priority'");
- } elsif ($timeout !~ /^\d+\z/ && defined $timeout) {
- sendMsg("err",
- "Unknown timeout - client from: '$ip'; CN(AN): $alt_names; used timeout: '$timeout'",
- "Unknown timeout '$timeout'");
- } else {
- $sth=$DBH->prepare("INSERT INTO events VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?);");
- if (!defined $sth) {
+ "Unknown detected time format from [IP: '$ip'; CN(AN): $alt_names; Service: '$service'; Detected: '$detected']",
+ "Unknown detected time format: '$detected'");
+ }
+ if ($target_port !~ /^\d+\z/) { $target_port = undef }
+ if ($attack_scale !~ /^\d+\z/) { $attack_scale = undef }
+ if ($priority !~ /^\d+\z/) { $priority = undef }
+ if ($timeout !~ /^\d+\z/) { $timeout = undef }
+ $sth=$DBH->prepare("INSERT INTO events VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?);");
+ if (!defined $sth) {
sendMsg("err",
- "Cannot prepare statement in function '$function_name': $DBH->errstr",
- "Internal 'prepare' server error");
- }
- $sth->execute(undef, $client{'dns'}, $service, $detected, $received, $type, $source_type, $source, $target_proto, $target_port, $attack_scale, $note, $priority, $timeout, $valid);
- return 1;
+ "Cannot prepare statement in function '$function_name': $DBH->errstr",
+ "Internal 'prepare' server error");
}
+ $sth->execute(undef, $client{'dns'}, $service, $detected, $received, $type, $source_type, $source, $target_proto, $target_port, $attack_scale, $note, $priority, $timeout, $valid);
+ return 1;
}
} # END of saveNewEvent
@@ -366,11 +355,11 @@ sub getNewEvents
if (scalar @events != 0) {
if (scalar @ids == 1) {
sendMsg("info",
- "Sent 1 event [#$ids[0]] to '$ip' [CN(AN): $alt_names], client_limit: '$max_rcv_events_limit', requested_type: '$requested_type'",
+ "Sent 1 event [#$ids[0]] to [IP: '$ip'; CN(AN): $alt_names; Client_limit: '$max_rcv_events_limit', Requested_type: '$requested_type']",
undef);
} else {
sendMsg("info",
- "Sent " . scalar @ids . " events [#$ids[0] - #$ids[-1]] to '$ip' [CN(AN): $alt_names], client_limit: '$max_rcv_events_limit', requested_type: '$requested_type'",
+ "Sent " . scalar @ids . " events [#$ids[0] - #$ids[-1]] to [IP: '$ip'; CN(AN): $alt_names, Client_limit: '$max_rcv_events_limit', Requested_type: '$requested_type']",
undef);
}
}
@@ -417,8 +406,8 @@ sub registerSender
if ($local_ip ne $ip) {
sendMsg("err",
- "Unauthorized access to function '$function_name' from: '$ip' ('$cn') - access allowed only from localhost",
- "Access denied - access allowed only from localhost");
+ "Unauthorized access to function '$function_name' from [IP: '$ip'; CN(AN): '$cn'] - access allowed only from 'localhost'",
+ "Access denied - access allowed only from 'localhost'");
} else {
# defined variables by method
my $client_type = "s";
@@ -446,8 +435,8 @@ sub registerSender
# register new sender
if (defined $result) {
sendMsg("err",
- "Attempt to re-register the sender: {hostname: '$hostname', service: '$service', cidr: '$ip_net_client'}",
- "Sender has been already registered at $ENV{'SERVER_NAME'} in '$result'");
+ "Attempt to re-register sender [Hostname: '$hostname', Service: '$service', CIDR: '$ip_net_client'] from '$ip'",
+ "Sender has been already registered at Warden server '$ENV{'SERVER_NAME'}' in '$result'");
} else {
$sth = $DBH->prepare("INSERT INTO clients VALUES (?,?,?,?,?,?,?,?,?,?);");
if (!defined $sth) {
@@ -457,7 +446,7 @@ sub registerSender
}
$sth->execute(undef, $hostname, $registered, $requestor, $service, $client_type, $type, $receive_own_events, $description_tags, $ip_net_client);
sendMsg("info",
- "New sender '$hostname' {service: '$service', cidr: '$ip_net_client'} was registered at $ENV{'SERVER_NAME'}",
+ "New sender [Hostname: '$hostname', Service: '$service', CIDR: '$ip_net_client'] has been registered at Warden server '$ENV{'SERVER_NAME'}'",
undef);
return 1;
}
@@ -482,8 +471,8 @@ sub registerReceiver
if ($local_ip ne $ip) {
sendMsg("err",
- "Unauthorized access to function '$function_name' from: '$ip' ('$cn') - access allowed only from localhost",
- "Access denied - access allowed only from localhost");
+ "Unauthorized access to function '$function_name' from [IP: '$ip'; CN(AN): '$cn'] - access allowed only from 'localhost'",
+ "Access denied - access allowed only from 'localhost'");
} else {
# variables defined by method
my $client_type = "r";
@@ -511,8 +500,8 @@ sub registerReceiver
# register new receiver
if (defined $result) {
sendMsg("err",
- "Attempt to re-register the receiver: {hostname: '$hostname', type: '$type', cidr: '$ip_net_client'}",
- "Receiver has already been registered at $ENV{'SERVER_NAME'} in '$result'");
+ "Attempt to re-register receiver [Hostname: '$hostname', Type: '$type', CIDR: '$ip_net_client'] from '$ip'",
+ "Receiver has already been registered at Warden server '$ENV{'SERVER_NAME'}' in '$result'");
} else {
$sth = $DBH->prepare("INSERT INTO clients VALUES (?,?,?,?,?,?,?,?,?,?);");
if (!defined($sth)) {
@@ -522,7 +511,7 @@ sub registerReceiver
}
$sth->execute(undef, $hostname, $registered, $requestor, $service, $client_type, $type, $receive_own_events, $description_tags, $ip_net_client);
sendMsg("info",
- "New receiver '$hostname' {type: '$type', cidr: '$ip_net_client'} was registered at $ENV{'SERVER_NAME'}",
+ "New receiver [Hostname: '$hostname', Type: '$type', CIDR: '$ip_net_client'] has been registered at Warden server '$ENV{'SERVER_NAME'}'",
undef);
return 1;
}
@@ -547,27 +536,27 @@ sub unregisterClient
if ($local_ip ne $ip) {
sendMsg("err",
- "Unauthorized access to function '$function_name' from: '$ip' ('$cn') - access allowed only from localhost",
- "Access denied - access allowed only from localhost");
+ "Unauthorized access to function '$function_name' from [IP: '$ip', CN(AN): '$cn'] - access allowed only from 'localhost'",
+ "Access denied - access allowed only from 'localhost'");
} else {
# parse SOAP data oject
my $client_id = $data->{'CLIENT_ID'};
# check if receiver has been already registered
- $sth = $DBH->prepare("SELECT client_id, hostname, service, client_type FROM clients WHERE client_id = ? LIMIT 1;");
+ $sth = $DBH->prepare("SELECT client_id, hostname, service, type, client_type FROM clients WHERE client_id = ? LIMIT 1;");
if (!defined $sth) {
sendMsg("err",
"Cannot prepare statement in function '$function_name': $DBH->errstr",
"Internal 'prepare' server error");
}
$sth->execute($client_id);
- my ($id, $hostname, $service, $client_type) = $sth->fetchrow();
+ my ($id, $hostname, $service, $type, $client_type) = $sth->fetchrow();
# delete registered client
if (!defined $id) {
sendMsg("err",
- "Attempt to delete unregister client '$id', '$hostname', '$service', '$client_type'",
- "Client (#$client_id) is not registered at $ENV{'SERVER_NAME'}");
+ "Attempt to delete unregister client [Client_id: $id, Hostname: '$hostname', Service: '$service', Type: '$type', Client_type: '$client_type']",
+ "Client (#$client_id) is not registered at Warden server '$ENV{'SERVER_NAME'}'");
} else {
if ($client_type eq 's') {
$sth = $DBH->prepare("DELETE FROM clients WHERE client_id = ?;");
@@ -586,7 +575,7 @@ sub unregisterClient
}
$sth->execute($hostname, $service);
sendMsg("info",
- "Sender '$hostname' (client_id: '$client_id', service: '$service') was deleted and its data were invalidated",
+ "Sender [Client_id: '$client_id', Hostname: '$hostname', Service: '$service'] has been deleted from Warden server '$ENV{'SERVER_NAME'}' and its data were invalidated",
undef);
return 1;
} else {
@@ -598,7 +587,7 @@ sub unregisterClient
}
$sth->execute($client_id);
sendMsg("info",
- "Receiver '$hostname' (client_id: '$client_id') was deleted from $ENV{'SERVER_NAME'}",
+ "Receiver [Client_id: '$client_id', Hostname: '$hostname', Type: '$type'] has been deleted from Warden server '$ENV{'SERVER_NAME'}'",
undef);
return 1;
}
@@ -623,8 +612,8 @@ sub getClients
if ($local_ip ne $ip) {
sendMsg("err",
- "Unauthorized access to function '$function_name' from: '$ip' ('$cn') - access allowed only from localhost",
- "Access denied - access allowed only from localhost");
+ "Unauthorized access to function '$function_name' from [IP: '$ip', CN(AN): '$cn'] - access allowed only from 'localhost'",
+ "Access denied - access allowed only from 'localhost'");
} else {
my (@clients, $client);
my ($client_id, $hostname, $registered, $requestor, $service, $client_type, $type, $receive_own_events, $description_tags, $ip_net_client);
@@ -664,7 +653,7 @@ sub getClients
}
my $sum = scalar @clients;
sendMsg("info",
- "Sending information about '$sum' registered clients from $ENV{'SERVER_NAME'}",
+ "Sent information about $sum registered clients from Warden server '$ENV{'SERVER_NAME'}'",
undef);
return @clients;
}
@@ -690,8 +679,8 @@ sub getStatus
if ($local_ip ne $ip) {
sendMsg("err",
- "Unauthorized access to function '$function_name' from: '$ip' ('$cn') - access allowed only from localhost",
- "Access denied - access allowed only from localhost");
+ "Unauthorized access to function '$function_name' from [IP: '$ip', CN(AN): '$cn'] - access allowed only from 'localhost'",
+ "Access denied - access allowed only from 'localhost'");
} else {
my ($sth, @status);
@@ -810,7 +799,7 @@ sub getStatus
}
}
sendMsg("info",
- "Sent warden server status info from $ENV{'SERVER_NAME'}",
+ "Server status info sent from Warden server '$ENV{'SERVER_NAME'}'",
undef);
return @status;
}