opraveny chyby popsane v ticketech #622, #623 a #624

acad04cb · Tomáš Plesník · d371f109 · acad04cb · acad04cb
Commit acad04cb authored 12 years ago by Tomáš Plesník
--- a/src/warden-server/etc/warden-apache.conf
+++ b/src/warden-server/etc/warden-apache.conf
@@ -11,11 +11,11 @@ SSLOptions +StdEnvVars +ExportCertData
 SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

 SSLCertificateFile    /etc/ssl/certs/warden-dev.cesnet.cz.pem
-SSLCertificateKeyFile /opt/warden-client/etc/warden-dev.cesnet.cz.key
+SSLCertificateKeyFile /etc/ssl/private/warden-dev.cesnet.cz.key
 SSLCACertificateFile  /etc/ssl/certs/tcs-ca-bundle.pem

 PerlOptions +Parent
-PerlSwitches -I/opt/warden-server/lib
+PerlSwitches -I /opt/warden-server/lib

 <Location /Warden>
 	SetHandler perl-script

--- a/src/warden-server/sh/install.sh
+++ b/src/warden-server/sh/install.sh
@@ -168,8 +168,7 @@ make_client_conf()
 #-------------------------------------------------------------------------------
 # SSL_CA_FILE - path to CA certificate file
 #-------------------------------------------------------------------------------
-\$SSL_CA_FILE = \"${ca_file}\";
-" > $client_conf 2> $err; ret_val=`echo $?`
+\$SSL_CA_FILE = \"${ca_file}\";" > $client_conf 2> $err; ret_val=`echo $?`

 	if [ $ret_val -eq 0 ]; then
 		echo "OK"
@@ -189,7 +188,7 @@ make_server_conf()
 #-------------------------------------------------------------------------------
 # BASEDIR - base directory of Warden server
 #-------------------------------------------------------------------------------
-\$BASEDIR = \'${server_path}\';
+\$BASEDIR = '${server_path}';

 #-------------------------------------------------------------------------------
 # SYSLOG - enable/disable syslog logging
@@ -204,42 +203,77 @@ make_server_conf()
 #-------------------------------------------------------------------------------
 # SYSLOG_FACILITY - syslog facility
 #-------------------------------------------------------------------------------
-\$YSLOG_FACILITY = \'local7\';
+\$SYSLOG_FACILITY = 'local7';

 #-------------------------------------------------------------------------------
 # DB_NAME - MySQL database name of Warden server
 #-------------------------------------------------------------------------------
-\$DB_NAME = \'warden\';
+\$DB_NAME = 'warden';

 #-------------------------------------------------------------------------------
 # DB_USER - MySQL database user of Warden server
 #-------------------------------------------------------------------------------
-\$DB_USER = \'username\';
+\$DB_USER = '$username';

 #-------------------------------------------------------------------------------
 # DB_PASS - MySQL database password of Warden server
 #-------------------------------------------------------------------------------
-\$DB_PASS = \'\';
+\$DB_PASS = '';

 #-------------------------------------------------------------------------------
 # DB_HOST - MySQL database host
 #-------------------------------------------------------------------------------
-\$DB_HOST = \'localhost\';
+\$DB_HOST = 'localhost';

 #-------------------------------------------------------------------------------
 # MAX_EVENTS_LIMIT - server limit of maximum number of events that can be
 #                    delivered to one client in one batch
 #-------------------------------------------------------------------------------
-\$MAX_EVENTS_LIMIT = \'1000000\';
+\$MAX_EVENTS_LIMIT = '1000000';

 #-------------------------------------------------------------------------------
 # VALID_STRINGS - validation hash containing allowed event attributes
 #-------------------------------------------------------------------------------
-\%VALID_STRINGS = ( 
-  \'type\' => [\'portscan\', \'bruteforce\', \'probe\', \'spam\', \'phishing\', \'botnet_c_c\', \'dos\', \'malware\', \'copyright\', \'webattack\', \'test\', \'other\', \'_any_\'],
-  \'source_type' => ['IP', 'URL', 'Reply-To:']
-);
-" > $server_conf 2> $err; ret_val=`echo $?`
+%VALID_STRINGS = ( 
+  'type' => ['portscan', 'bruteforce', 'probe', 'spam', 'phishing', 'botnet_c_c', 'dos', 'malware', 'copyright', 'webattack', 'test', 'other', '_any_'],
+  'source_type' => ['IP', 'URL', 'Reply-To:']
+);" > $server_conf 2> $err; ret_val=`echo $?`
+
+	if [ $ret_val -eq 0 ]; then
+		echo "OK"
+	else
+		err_clean
+	fi
+}
+
+make_apache_conf()
+{
+	echo -n "Creating Apache configuration file ... "
+	echo "#
+#
+# warden-apache.conf - configuration file for the Apache server
+#
+
+SSLEngine on
+
+SSLVerifyDepth 3
+SSLVerifyClient require
+SSLOptions +StdEnvVars +ExportCertData
+
+SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
+
+SSLCertificateFile    $cert
+SSLCertificateKeyFile $key
+SSLCACertificateFile  $ca_file
+
+PerlOptions +Parent
+PerlSwitches -I $lib
+
+<Location /Warden>
+        SetHandler perl-script
+        PerlHandler Warden::ApacheDispatch
+        SSLOptions +StdEnvVars
+</Location>" > $apache_conf 2> $err; ret_val=`echo $?`

 	if [ $ret_val -eq 0 ]; then
 		echo "OK"
@@ -267,16 +301,6 @@ changeServerPath()
 }


-updateCertsPath()
-{
-
-	echo "- update certs path: $apache_conf"
-	perl -pi -e "s#server-cert.pem#${cert}#" $apache_conf
-	perl -pi -e "s#server-key.pem#${key}#" $apache_conf
-	perl -pi -e "s#ca-cert.pem#${ca_file}#" $apache_conf
-}
-
-
 create_symlinks()
 {
 	echo "Creating symbolic links ..."
@@ -316,7 +340,7 @@ params_chck

 # create variables
 dirname=`dirname $0`
-hostname=`hostname`
+hostname=`hostname -f`
 key_file=`basename $key`
 cert_file=`basename $cert`
 package_version=`cat ${dirname}/warden-server/etc/package_version`
@@ -357,6 +381,9 @@ make_client_conf
 # create server configuration file
 make_server_conf

+# create Apache configuration file
+make_apache_conf
+
 #update paths in utilities
 changeServerPath