From acad04cb412c9e8d7896d24b1d50ef1490f06f2c Mon Sep 17 00:00:00 2001
From: Tomas Plesnik <plesnik@ics.muni.cz>
Date: Tue, 11 Dec 2012 17:40:43 +0100
Subject: [PATCH] opraveny chyby popsane v ticketech #622, #623 a #624
---
src/warden-server/etc/warden-apache.conf | 4 +-
src/warden-server/sh/install.sh | 77 ++++++++++++++++--------
2 files changed, 54 insertions(+), 27 deletions(-)
diff --git a/src/warden-server/etc/warden-apache.conf b/src/warden-server/etc/warden-apache.conf
index 118d462..0035c33 100644
--- a/src/warden-server/etc/warden-apache.conf
+++ b/src/warden-server/etc/warden-apache.conf
@@ -11,11 +11,11 @@ SSLOptions +StdEnvVars +ExportCertData
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /etc/ssl/certs/warden-dev.cesnet.cz.pem
-SSLCertificateKeyFile /opt/warden-client/etc/warden-dev.cesnet.cz.key
+SSLCertificateKeyFile /etc/ssl/private/warden-dev.cesnet.cz.key
SSLCACertificateFile /etc/ssl/certs/tcs-ca-bundle.pem
PerlOptions +Parent
-PerlSwitches -I/opt/warden-server/lib
+PerlSwitches -I /opt/warden-server/lib
<Location /Warden>
SetHandler perl-script
diff --git a/src/warden-server/sh/install.sh b/src/warden-server/sh/install.sh
index 58955b1..4683adc 100755
--- a/src/warden-server/sh/install.sh
+++ b/src/warden-server/sh/install.sh
@@ -168,8 +168,7 @@ make_client_conf()
#-------------------------------------------------------------------------------
# SSL_CA_FILE - path to CA certificate file
#-------------------------------------------------------------------------------
-\$SSL_CA_FILE = \"${ca_file}\";
-" > $client_conf 2> $err; ret_val=`echo $?`
+\$SSL_CA_FILE = \"${ca_file}\";" > $client_conf 2> $err; ret_val=`echo $?`
if [ $ret_val -eq 0 ]; then
echo "OK"
@@ -189,7 +188,7 @@ make_server_conf()
#-------------------------------------------------------------------------------
# BASEDIR - base directory of Warden server
#-------------------------------------------------------------------------------
-\$BASEDIR = \'${server_path}\';
+\$BASEDIR = '${server_path}';
#-------------------------------------------------------------------------------
# SYSLOG - enable/disable syslog logging
@@ -204,42 +203,77 @@ make_server_conf()
#-------------------------------------------------------------------------------
# SYSLOG_FACILITY - syslog facility
#-------------------------------------------------------------------------------
-\$YSLOG_FACILITY = \'local7\';
+\$SYSLOG_FACILITY = 'local7';
#-------------------------------------------------------------------------------
# DB_NAME - MySQL database name of Warden server
#-------------------------------------------------------------------------------
-\$DB_NAME = \'warden\';
+\$DB_NAME = 'warden';
#-------------------------------------------------------------------------------
# DB_USER - MySQL database user of Warden server
#-------------------------------------------------------------------------------
-\$DB_USER = \'username\';
+\$DB_USER = '$username';
#-------------------------------------------------------------------------------
# DB_PASS - MySQL database password of Warden server
#-------------------------------------------------------------------------------
-\$DB_PASS = \'\';
+\$DB_PASS = '';
#-------------------------------------------------------------------------------
# DB_HOST - MySQL database host
#-------------------------------------------------------------------------------
-\$DB_HOST = \'localhost\';
+\$DB_HOST = 'localhost';
#-------------------------------------------------------------------------------
# MAX_EVENTS_LIMIT - server limit of maximum number of events that can be
# delivered to one client in one batch
#-------------------------------------------------------------------------------
-\$MAX_EVENTS_LIMIT = \'1000000\';
+\$MAX_EVENTS_LIMIT = '1000000';
#-------------------------------------------------------------------------------
# VALID_STRINGS - validation hash containing allowed event attributes
#-------------------------------------------------------------------------------
-\%VALID_STRINGS = (
- \'type\' => [\'portscan\', \'bruteforce\', \'probe\', \'spam\', \'phishing\', \'botnet_c_c\', \'dos\', \'malware\', \'copyright\', \'webattack\', \'test\', \'other\', \'_any_\'],
- \'source_type' => ['IP', 'URL', 'Reply-To:']
-);
-" > $server_conf 2> $err; ret_val=`echo $?`
+%VALID_STRINGS = (
+ 'type' => ['portscan', 'bruteforce', 'probe', 'spam', 'phishing', 'botnet_c_c', 'dos', 'malware', 'copyright', 'webattack', 'test', 'other', '_any_'],
+ 'source_type' => ['IP', 'URL', 'Reply-To:']
+);" > $server_conf 2> $err; ret_val=`echo $?`
+
+ if [ $ret_val -eq 0 ]; then
+ echo "OK"
+ else
+ err_clean
+ fi
+}
+
+make_apache_conf()
+{
+ echo -n "Creating Apache configuration file ... "
+ echo "#
+#
+# warden-apache.conf - configuration file for the Apache server
+#
+
+SSLEngine on
+
+SSLVerifyDepth 3
+SSLVerifyClient require
+SSLOptions +StdEnvVars +ExportCertData
+
+SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
+
+SSLCertificateFile $cert
+SSLCertificateKeyFile $key
+SSLCACertificateFile $ca_file
+
+PerlOptions +Parent
+PerlSwitches -I $lib
+
+<Location /Warden>
+ SetHandler perl-script
+ PerlHandler Warden::ApacheDispatch
+ SSLOptions +StdEnvVars
+</Location>" > $apache_conf 2> $err; ret_val=`echo $?`
if [ $ret_val -eq 0 ]; then
echo "OK"
@@ -267,16 +301,6 @@ changeServerPath()
}
-updateCertsPath()
-{
-
- echo "- update certs path: $apache_conf"
- perl -pi -e "s#server-cert.pem#${cert}#" $apache_conf
- perl -pi -e "s#server-key.pem#${key}#" $apache_conf
- perl -pi -e "s#ca-cert.pem#${ca_file}#" $apache_conf
-}
-
-
create_symlinks()
{
echo "Creating symbolic links ..."
@@ -316,7 +340,7 @@ params_chck
# create variables
dirname=`dirname $0`
-hostname=`hostname`
+hostname=`hostname -f`
key_file=`basename $key`
cert_file=`basename $cert`
package_version=`cat ${dirname}/warden-server/etc/package_version`
@@ -357,6 +381,9 @@ make_client_conf
# create server configuration file
make_server_conf
+# create Apache configuration file
+make_apache_conf
+
#update paths in utilities
changeServerPath
--
GitLab