diff --git a/src/warden-server/doc/README b/src/warden-server/doc/README
index 7f86cc10f9d898c6ee393c5cbae94dc74f5f97cd..10e33223718e226e8fcc8896d3cf328dcc857ad4 100644
--- a/src/warden-server/doc/README
+++ b/src/warden-server/doc/README
@@ -4,100 +4,104 @@
Content
- A. Overall Information
- B. Installation Dependencies
- C. Installation
- D. Update
- E. Uninstallation
- F. Miscellaneous
- G. Registration of Clients
- H. Status Info
+ A. Overall Information
+ B. Installation Dependencies
+ C. Installation
+ D. Update
+ E. Uninstallation
+ F. Miscellaneous
+ G. Registration of Clients
+ H. Status Info
--------------------------------------------------------------------------------
A. Overall Information
- 1. About Warden System
+ 1. About Warden System
Warden is a client-server architecture service designed to share detected
security events (issues) among CSIRT and CERT teams in a simple and fast way.
This package contains the Warden server.
- 2. Version
+ 2. Version
2.2 (2013-??-??)
- 3. Package structure
+ 3. Package structure
warden-server/
bin/
- getClients.pl
- getStatus.pl
- registerReceiver.pl
- registerSender.pl
- unregisterClients.pl
+ getClients.pl
+ getStatus.pl
+ registerReceiver.pl
+ registerSender.pl
+ unregisterClients.pl
+ wardenWatchdog.pl
doc/
- AUTHORS
+ AUTHORS
CHANGELOG
- INSTALL
- LICENSE
- README
- UNINSTALL
- UPDATE
- warden.mysql
- warden21to22.patch
+ INSTALL
+ LICENSE
+ README
+ README.wardenWatchdog
+ UNINSTALL
+ UPDATE
+ warden.mysql
+ warden21to22.patch
etc/
- package_version
+ package_version
warden-apache.conf
- warden-server.conf
+ warden-server.conf
+ WardenWatchdog.conf
lib/
- Warden.pm
- WardenCommon.pm
- Warden/
- ApacheDispatch.pm
+ Warden.pm
+ WardenCommon.pm
+ WardenWatchdog.pm
+ Warden/
+ ApacheDispatch.pm
uninstall.sh
--------------------------------------------------------------------------------
B. Installation Dependencies
- 1. Applications:
+ 1. Applications:
- Perl >= 5.10.1
- MySQL >= 5.1.63
- Apache >= 2.2.14
+ Perl >= 5.10.1
+ MySQL >= 5.1.63
+ Apache >= 2.2.14
- 2. Perl modules:
+ 2. Perl modules:
- SOAP::Lite >= 0.712
- SOAP::Transport::HTTP >= 0.712
- DBI >= 1.612
- DBD::mysql >= 4.016
- Format::Human::Bytes >= 0.05
- Sys::Syslog >= 0.27
- File::Basename >= 2.77
- Net::CIDR::Lite >= 0.21
- DateTime >= 0.61
- Getopt::Std >= 1.06
- Switch >= 2.14
- IO::Socket::SSL >= 1.66
- MIME::Base64 >= 3.08
- Crypt::X509 >= 0.40
- Carp >= 1.11
+ SOAP::Lite >= 0.712
+ SOAP::Transport::HTTP >= 0.712
+ DBI >= 1.612
+ DBD::mysql >= 4.016
+ Format::Human::Bytes >= 0.05
+ Sys::Syslog >= 0.27
+ File::Basename >= 2.77
+ Net::CIDR::Lite >= 0.21
+ DateTime >= 0.61
+ Getopt::Std >= 1.06
+ Switch >= 2.14
+ IO::Socket::SSL >= 1.66
+ MIME::Base64 >= 3.08
+ Crypt::X509 >= 0.40
+ Carp >= 1.11
--------------------------------------------------------------------------------
C. Installation
- 1. Check SHA1 checksum of the Warden server package archive.
+ 1. Check SHA1 checksum of the Warden server package archive.
$ sha1sum -c warden-server-2.2.tar.gz.sig
- 2. Untar it.
+ 2. Untar it.
$ tar xzvf warden-server-2.2.tar.gz
- 3. Run install.sh.
+ 3. Run install.sh.
Default installation directory is /opt/warden-server/
@@ -105,20 +109,20 @@ C. Installation
Usage: $ ./install.sh [-d <directory>] [-k <ssl_key_file>]
[-c <ssl_cert_file>] [-a <ssl_ca_file>] [-hV]"
- -d <directory> installation directory (default: /opt)
- -k <ssl_key_file> SSL certificate key file path
- -c <ssl_cert_file> SSL certificate file path
- -a <ssl_ca_file> CA certificate file path
- -h print this help
- -V print script version number and exit
+ -d <directory> installation directory (default: /opt)
+ -k <ssl_key_file> SSL certificate key file path
+ -c <ssl_cert_file> SSL certificate file path
+ -a <ssl_ca_file> CA certificate file path
+ -h print this help
+ -V print script version number and exit
Example: # ./install.sh -d /opt -k /etc/ssl/private/server.key
-c /etc/ssl/certs/server.pem
- -a /etc/ssl/certs/bundle.pem
+ -a /etc/ssl/certs/bundle.pem
You must be root for running this script.
- 4. Configuration files
+ 4. Configuration files
You are advised to check configuration file warden-apache.conf and
warden-server.conf in warden-server/etc/ directory after installation.
@@ -138,40 +142,40 @@ C. Installation
The Warden server configuration file contains:
- BASEDIR - base directory of the Warden server
- e.g. /opt/warden-server/
+ BASEDIR - base directory of the Warden server
+ e.g. /opt/warden-server/
- SYSLOG - enable/disable syslog logging
- e.g. 1
+ SYSLOG - enable/disable syslog logging
+ e.g. 1
- SYSLOG_VERBOSE - enable/disable logging in verbose mode (stack info added)
- e.g. 1
+ SYSLOG_VERBOSE - enable/disable logging in verbose mode (stack info added)
+ e.g. 1
- SYSLOG_FACILITY - syslog facility
- e.g. local7
+ SYSLOG_FACILITY - syslog facility
+ e.g. local7
- DB_NAME - MySQL database name of Warden server
- e.g. warden
+ DB_NAME - MySQL database name of Warden server
+ e.g. warden
- DB_USER - MySQL database user of Warden server
- e.g. warden
+ DB_USER - MySQL database user of Warden server
+ e.g. warden
- DB_PASS - MySQL database password of Warden server
+ DB_PASS - MySQL database password of Warden server
- DB_HOST - MySQL database host
- e.g. localhost
+ DB_HOST - MySQL database host
+ e.g. localhost
- MAX_EVENTS_LIMIT - server limit of maximum number of events that can be
+ MAX_EVENTS_LIMIT - server limit of maximum number of events that can be
delivered to one client in one batch
- e.g. 1000000
+ e.g. 1000000
VALID_STRINGS - validation hash containing allowed event attributes
e.g.
- %VALID_STRINGS = (
- 'type' => ['portscan', 'bruteforce', 'probe', 'spam', 'phishing', 'botnet_c_c', 'dos', 'malware', 'copyright', 'webattack', 'test', 'other'],
- 'source_type' => ['IP', 'URL', 'Reply-To:']
- );
+ %VALID_STRINGS = (
+ 'type' => ['portscan', 'bruteforce', 'probe', 'spam', 'phishing', 'botnet_c_c', 'dos', 'malware', 'copyright', 'webattack', 'test', 'other'],
+ 'source_type' => ['IP', 'URL', 'Reply-To:']
+ );
b) warden-apache.conf
@@ -186,15 +190,15 @@ C. Installation
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
- SSLCertificateFile <path_to_server_certificate>
- SSLCertificateKeyFile <path_to_server_certificate_key>
- SSLCACertificateFile <path_to_CA_certificate>
+ SSLCertificateFile <path_to_server_certificate>
+ SSLCertificateKeyFile <path_to_server_certificate_key>
+ SSLCACertificateFile <path_to_CA_certificate>
PerlOptions +Parent
PerlSwitches -I <path_to_warden_server_libs>
<Location /Warden>
- SetHandler perl-script
+ SetHandler perl-script
PerlHandler Warden::ApacheDispatch
SSLOptions +StdEnvVars
</Location>
@@ -203,69 +207,69 @@ C. Installation
--------------------------------------------------------------------------------
D. Update
- For update of the Warden server package from local machine use update.sh.
+ For update of the Warden server package from local machine use update.sh.
- Default destination directory is /opt/warden-server/.
+ Default destination directory is /opt/warden-server/.
- For more information about update.sh options run update.sh -h
+ For more information about update.sh options run update.sh -h
- Usage: $ ./update.sh [-d <directory>] [-hV]
+ Usage: $ ./update.sh [-d <directory>] [-hV]
-d <directory> destination directory (default: /opt)
-h print this help
-V print script version number and exit
- Example: # ./update.sh -d /opt
+ Example: # ./update.sh -d /opt
- You must be root for running this script.
+ You must be root for running this script.
- For more information about post-update steps see UPDATE file in 'doc'
- directory.
+ For more information about post-update steps see UPDATE file in 'doc'
+ directory.
--------------------------------------------------------------------------------
E. Uninstallation
- For uninstallation of the Warden server package from local machine use uninstall.sh.
+ For uninstallation of the Warden server package from local machine use uninstall.sh.
- Default uninstallation directory is /opt/warden-server/.
+ Default uninstallation directory is /opt/warden-server/.
- For more information about uninstall.sh options run uninstall.sh -h
+ For more information about uninstall.sh options run uninstall.sh -h
- Usage: $ ./uninstall.sh [-d <directory>] [-hV]
+ Usage: $ ./uninstall.sh [-d <directory>] [-hV]
-d <directory> uninstallation directory (default: /opt)
-h print this help
-V print script version number and exit
- Example: # ./uninstall.sh -d /opt
+ Example: # ./uninstall.sh -d /opt
- You must be root for running this script.
+ You must be root for running this script.
- For more information about post-uninstallation steps see UNINSTALL file in 'doc'
- directory.
+ For more information about post-uninstallation steps see UNINSTALL file in 'doc'
+ directory.
--------------------------------------------------------------------------------
F. Miscellaneous
- 1. Error Messages
+ 1. Error Messages
Error messages of the server functions are sent via Syslog.
Default is local7 facility.
- 2. Firewall Settings
+ 2. Firewall Settings
Make sure that the TCP port listed in /etc/apache2/sites-enables/default(-ssl)
is allowed on your firewall.
- 3. Privileges
+ 3. Privileges
The Warden server runs only under root privileges.
- 4. Known Issues
+ 4. Known Issues
No issues are known.
- 5. Database checks
+ 5. Database checks
If you want apply an offline checks to your received data health, you can use
the wardenWatchdog.pl script. You can found the documentation in a separate
@@ -275,17 +279,17 @@ F. Miscellaneous
--------------------------------------------------------------------------------
G. Registration of Clients
- The Warden server administrator is responsible for registering new clients or
- removing those already registered. Both registration or unregistration scripts
- are provided in the Warden server package. Those scripts should be run from
- the same machine the Warden server is installed and running on.
+ The Warden server administrator is responsible for registering new clients or
+ removing those already registered. Both registration or unregistration scripts
+ are provided in the Warden server package. Those scripts should be run from
+ the same machine the Warden server is installed and running on.
- Members of Warden community who would like to have their client registered must
- contact the Warden server administrator with the requirement. This is usually
- done via secured e-mail. Requestor should provide all important data to the
- Warden server administrator so that the client can be successfully registered.
+ Members of Warden community who would like to have their client registered must
+ contact the Warden server administrator with the requirement. This is usually
+ done via secured e-mail. Requestor should provide all important data to the
+ Warden server administrator so that the client can be successfully registered.
- 1. Register Sender
+ 1. Register Sender
New sender clients are registered in Warden system via registerSender.pl.
@@ -302,7 +306,7 @@ G. Registration of Clients
One can run registerSender.pl with -h argument to see a help.
- 2. Register Receiver
+ 2. Register Receiver
New receiver clients are registered in Warden system via
registerReceiver.pl.
@@ -314,7 +318,7 @@ G. Registration of Clients
requestor - organization or authorized person who demands new
client registration,
type - the type of events the client wish to receive or '_any_'
- for receiving of all types of events,
+ for receiving of all types of events,
receive_own_events - boolean value describing if events originating from
the same CIDR will be sent to the client,
ip_net_client - CIDR the client is only allowed to communicate from,
@@ -322,7 +326,7 @@ G. Registration of Clients
One can run registerReceiver.pl with -h argument to see a help.
- 3. Unregister Client
+ 3. Unregister Client
In the Warden system, already registered clients can be unregistered
via unregisterClient.pl.
diff --git a/src/warden-server/doc/README.wardenWatchdog b/src/warden-server/doc/README.wardenWatchdog
index dbc09b9b8d5e367e4a52093e13fb618e5668f9de..9cf4de6c222ac98f9c502a41ec94fd3b1850f718 100644
--- a/src/warden-server/doc/README.wardenWatchdog
+++ b/src/warden-server/doc/README.wardenWatchdog
@@ -28,19 +28,19 @@ B. Installation Dependencies
1. Applications:
- Perl >= 5.10.1
- MySQL >= 5.1.63
- Apache >= 2.2.14
+ Perl >= 5.10.1
+ MySQL >= 5.1.63
+ Apache >= 2.2.14
2. Perl modules:
- DBI >= 1.612
- DBD::mysql >= 4.016
- DateTime >= 0.61
- Getopt::Long >= 1.06
- Email::Simple >= 2.100
- Sys::Hostname >= 1.11
- FindBin >= 1.50
+ DBI >= 1.612
+ DBD::mysql >= 4.016
+ DateTime >= 0.61
+ Getopt::Long >= 1.06
+ Email::Simple >= 2.100
+ Sys::Hostname >= 1.11
+ FindBin >= 1.50
--------------------------------------------------------------------------------