From be48bf2fc69f509e4c1fc1b814ab78e0977b389b Mon Sep 17 00:00:00 2001
From: Tomas Plesnik <plesnik@ics.muni.cz>
Date: Sat, 14 Jan 2012 20:43:36 +0100
Subject: [PATCH] z baliku warden klienta prevzaty soubory install.sh,
update.sh, README a CHANGELOG - nutno predelat pro warden server
---
src/warden-server/doc/CHANGELOG | 5 +
src/warden-server/doc/README | 339 ++++++++++++++++++++++++++++++
src/warden-server/sh/install.sh | 351 +++++++++++++++++++++++++++++++
src/warden-server/sh/update.sh | 352 ++++++++++++++++++++++++++++++++
4 files changed, 1047 insertions(+)
create mode 100644 src/warden-server/doc/CHANGELOG
create mode 100644 src/warden-server/doc/README
create mode 100755 src/warden-server/sh/install.sh
create mode 100755 src/warden-server/sh/update.sh
diff --git a/src/warden-server/doc/CHANGELOG b/src/warden-server/doc/CHANGELOG
new file mode 100644
index 0000000..c7c363a
--- /dev/null
+++ b/src/warden-server/doc/CHANGELOG
@@ -0,0 +1,5 @@
+2012-01-31 v1.0.0 stable version
+--------------------------------
+- initial package of warden server
+- SSL certificate authentication/authorization supported
+- automatized installation process
diff --git a/src/warden-server/doc/README b/src/warden-server/doc/README
new file mode 100644
index 0000000..cf2f167
--- /dev/null
+++ b/src/warden-server/doc/README
@@ -0,0 +1,339 @@
++------------------------------+
+| README - Warden Server 1.0.0 |
++------------------------------+
+
+Content
+
+ A. Overall Information
+ B. Installation Dependencies
+ C. Registration
+ D. Installation
+ E. Integration with Local Applications
+ F. Client Upgrade
+ G. Functions, Arguments and Calls
+ H. Authors
+
+--------------------------------------------------------------------------------
+A. Overall Information
+
+ 1. About Warden Client
+
+ Warden is a client-based architecture service designed to share detected
+ security issues (events) among CSIRT and CERT teams in a simple and fast way.
+
+ This package offers full client functionality to both report events to
+ server and to retreive batch of new events from server. It is composed from
+ several perl modules/libraries which should be included into local
+ application of detection of reaction type.
+
+ 2. Version
+
+ 1.0.0 (2011-11-16)
+
+ 3. Package structure
+
+ warden-client/
+ doc/
+ example-sender.pl.txt
+ example-receiver.pl.txt
+ etc/
+ warden-client.conf
+ var/
+ lib/
+ WardenClientSend.pm
+ WardenClientReceive.pm
+ WardenConf.pm
+
+--------------------------------------------------------------------------------
+B. Installation Dependencies
+
+ Perl 5.10.1
+ SOAP::Lite
+ IO::Socket::SSL
+ SOAP::Transport::TCP
+ FindBin
+
+--------------------------------------------------------------------------------
+C. Registration
+
+ Any client attempting to communicate with Warden server must be registered
+ on this server. Unknown (not registered) clients are not allowed to exchange
+ any data with server.
+
+ Registration of your client is provided by Warden server administrator.
+ Usually via e-mail.
+
+ Clients need to have valid client certificate to prove their identity to
+ the Warden server.
+
+ Each client is defined by its hostname, service name, type of client, type
+ of requested events and CIDR the client is allowed to communicate from only.
+
+ Hostname - hostname of client to be registered
+ Service name - Text string. Unique name of the service
+ the client is integrated in.
+ E.g. 'ScanDetector_1.0'. This is mandatory for
+ 'Sender' client. Default value null is used for
+ 'Receiver' client.
+ Type of client - Either 'Sender' or 'Receiver'.
+ Type of requested events - Type of events the client only accepts from
+ Warden server. This is mandatory only for
+ 'Receiver' client. Default value null is used
+ for 'Sender' client. Brief information about
+ event types is provided in section G. Functions
+ arguments and calls.
+ CIDR - CIDR stands for IP address or IP (sub)net
+ the client is going to communicate from. Any
+ communications between the client and Warden
+ Server must be performed from IP address from
+ a range stated in CIDR.
+ Examples: '123.123.0.0/16', '123.123.123.123/32'
+
+
+ For complete information about client attributes and/or event types see
+ Warden project documentation.
+
+--------------------------------------------------------------------------------
+D. Installation
+
+ 1. Check SHA1 checksum of corresponding Warden client package archive
+
+ $ sha1sum -c warden-client-1.0.0.tar.gz.sig
+
+ 2. Untar it
+
+ $ tar xzvf warden-client-1.0.0.tar.gz
+
+ 3. Run install.sh
+
+ Default destination directory is /opt/warden-client/
+
+ For more information about install.sh options run install.sh -h
+
+ You must be root for running this script.
+
+ 4. Installation Privileges
+
+ Warden-client is designed to be run under standard privileges. It should be
+ part of other applications run under usual user privileges. However
+ warden-client uses SSL certificates for security purposes which are often
+ not accessible by standard users.
+
+ To solve this issue warden-client should be install under root privileges.
+ It copyies local SSL key and certificate files into warden-client/etc
+ folder where those are accessible even with standard privileges.
+
+ Should any user want to preserve standard location of certificate files,
+ he or she is advised to remove key and certificate files after installation
+ from /warden-client/etc/ and manually edit paths to certificate files in
+ warden-client/etc/warden-client.conf. In most cases, this change will force
+ warden-client to be run under root privileges though.
+
+ 5. Configuration file
+
+ You are advised to check configuration file
+ warden-client/etc/warden-client.conf. After installation.
+
+ SOAP protocol is used for handling communication between server and clients.
+ Therefore, correct URI of Warden server must be set.
+
+ Authentication of clients and server is performed using client and server
+ SSL certificates. Both clients and server must have valid certificate.
+
+ Configuration file contains following parameters:
+
+ URI - URI Warden server
+ e.g. 'https://warden-dev.cesnet.cz:443/Warden'
+
+ SSL_KEY_FILE - path to a host key file,
+ e.g. '/opt/warden-client/etc/warden-dev.cesnet.cz.key'
+
+ SSL_CERT_FILE - path to a host certificate file,
+ e.g. '/opt/warden-client/etc/warden-dev.cesnet.cz.pem'
+
+ SSL_CA_FILE - path to a CA file
+ e.g. '/etc/ssl/certs/tcs-ca-bundle.pem'
+
+ 6. Usage of install.sh
+
+ Usage: $ ./install.sh [-d <directory>] [-u <user>] [-k <ssl_key_file>]
+ [-c <ssl_cert_file>] [-a <ssl_ca_file>] [-hV]"
+ -d <directory> installation directory (default: /opt)
+ -u <user> owner of warden client package (user for
+ running detection scripts)
+ -k <ssl_key_file> SSL certificate key file path
+ -c <ssl_cert_file> SSL certificate file path
+ -a <ssl_ca_file> CA certificate file path
+ -h print this help
+ -V print script version number and exit
+
+ Example: $ ./install.sh -d /opt -u detector -k /etc/ssl/private/client.key
+ -c /etc/ssl/certs/client.pem -a /etc/ssl/certs"
+
+--------------------------------------------------------------------------------
+E. Integration with Local Applications
+
+ (Note: Clients need to be registered on server to be able to communicate with
+ server properly. See section C. Registration for more information about
+ client registration.)
+
+ 1. Client sender (this type of client reports events to Warden server)
+
+ Client functionality is included as a Perl module (WardenClientSend.pm)
+ into Perl code of local detection application.
+
+ See warden-client/doc/example-sender.pl.txt for example how to use
+ warden-client sender functionality.
+
+ Brief information about syntax of sending functions and functionality is
+ provided in section G. Functions arguments and calls.
+
+ 2. Client receiver (this type of clients uploads events from Warden server)
+
+ Client functionality is included as a perl module (WardenClientReceive.pm)
+ into perl code of local 'reaction' application or may be used as as core of
+ standalone local application.
+
+ See warden-client/doc/example-receiver.pl.txt for example how to use
+ warden-client receiver functionality.
+
+ Brief information about syntax of receiving functions and functionality is
+ provided in section G. Functions arguments and calls.
+
+--------------------------------------------------------------------------------
+F. Client Upgrade
+
+ To upgrade a client, install a new version.
+
+--------------------------------------------------------------------------------
+G. Functions, Arguments and Calls
+
+ 1. WardenClientSend::saveNewEvent
+
+ Function to upload one event on the Warden server. See example 'Sender'
+ client in warden-client/doc/example-sender.pl.txt
+
+ Function call (Perl):
+
+ # Path to warden-client folder
+ $warden_path = '/opt/warden-client';
+
+ # Inclusion of warden-client sender module
+ require $warden_path . '/lib/WardenClientSend.pm';
+
+ # Sending event to Warden server
+ WardenClientSend::saveNewEvent($warden_path, \@event);
+
+ Event array is defined as (perl):
+
+ @event = ($service, $detected, $type, $source_type, $source, $target_proto,
+ $target_port, $attack_scale, $note, $priority, $timeout );
+
+ Event array attributes with example value and explanation on the right
+ (Perl):
+
+ # SERVICE - VARCHAR (64)
+ # Name of a service detecting this event. Service must be the same with this
+ # provided in 'Sender' client registration. See more about this issue in
+ # section C. Registration.
+ $service = "ScanDetector";
+
+ # DETECTED - TIMESTAMP in UTC, ISO 8601
+ # Date and time when was event detected.
+ $detected = "2011-07-16T19:20:30.45";
+
+ # TYPE - VARCHAR (64)
+ # Type of reported event. Currently supported values are:
+ # darkspace - access into honeypot segment
+ # portscan - scannig of TCP/UDP ports
+ # bruteforce - bruteforce/dictionary attack against authentication
+ # service(s)
+ # spam - unsolicited e-mail that does not have phishing-like
+ # character
+ # phishing - e-mail attempting to gather sensitive data
+ # botnet_c_c - command and control center of botnet
+ # dos - (distributed) denial of service attack
+ # malware - virus sample
+ # copyright - copyright infringement issue
+ # webattack - attack against web application
+ # other - anything that does not match any of previous categories
+ $type = "portscan";
+
+ # SOURCE_TYPE - VARCHAR 64
+ # Type of source of reported attack/issue. Currently supported values are:
+ # IP, URL, Reply-To:, null
+ $source_type = "IP";
+
+ # SOURCE - VARCHAR 256
+ # identification of attack source/origin according to source_type
+ $source = "123.123.123.123";
+
+ # TARGET_PROTO - VARCHAR 16
+ # Protocol type of reported attack/issue target. Supported are all L3 and L4
+ # protocols and null
+ $target_proto = "TCP";
+
+ # TARGET_PORT - INT 2
+ # Port number of reported attack/issue target or null.
+ $target_port = "22";
+
+ # ATTACK_SCALE - INT 4
+ # Definition of attack scale, e.g. number of affected targets. Null is also
+ # possible when attack scale is not known or clear enough.
+ $attack_scale = "1234567890";
+
+ # NOTE - TEXT
+ # Some important(!) note or comment or null. Also, it may contain virus
+ # sample, phishing e-mail with headers and other accordingly to event type.
+ $note = "this threat is dangerous";
+
+ # PRIORITY - INT 1
+ # Subjective definition of incident severity. Values 0-255 or null are
+ # possible where 0 is the lowest priority.
+ $priority = "null";
+
+ # TIMEOUT - INT 2
+ # Subjective time (in minutes) or null. After this time event might be
+ # considered timeouted.
+ $timeout = "20";
+
+ 2. WardenClientReceive::getNewEvents
+
+ Function to download batch of events from the Warden server. Downloaded
+ events are stored in @events array. See example 'Receiver' client in
+ warden-client/doc/example-receiver.pl.txt
+
+ Function call (perl):
+
+ # Path to warden-client directory
+ my $warden_path = '/opt/warden-client';
+
+ # Inclusion of warden-client receiving functionality
+ require $warden_path . '/lib/WardenClientReceive.pm';
+
+ # Definition of requested event type. Type must be the same with this
+ # provided in 'Receiver' client registration. See more about this issue in
+ # section C. Registration. See more about event types in section
+ # G. 1. WardenClientSend::saveNewEvent
+ $requested_type = "botnet_c_c";
+
+ # Download batch of new events from Warden server
+ @new_events = WardenClientReceive::getNewEvents($warden_path,
+ $requested_type);
+
+ Structure of each received event in the event array equals to this explained
+ in section G. 1. WardenClientSend::saveNewEvent. It has one additional
+ attribute ID - unique id of this particular event (BIGINT).
+
+--------------------------------------------------------------------------------
+H. Authors
+
+Development: Tomas PLESNIK <plesnik@ics.muni.cz>
+ Jan SOUKAL <soukal@ics.muni.cz>
+
+Copyright (C) 2011 Cesnet z.s.p.o
+
+Special thanks go to Martin Drasar from CSIRT-MU for his help and support
+in the development of Warden system.
+
+
diff --git a/src/warden-server/sh/install.sh b/src/warden-server/sh/install.sh
new file mode 100755
index 0000000..d7032f0
--- /dev/null
+++ b/src/warden-server/sh/install.sh
@@ -0,0 +1,351 @@
+#!/bin/bash
+#
+# install.sh
+#
+# Copyright (C) 2012 Cesnet z.s.p.o
+# Author(s): Tomas PLESNIK <plesnik@ics.muni.cz>
+# Jan SOUKAL <soukal@ics.muni.cz>
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in
+# the documentation and/or other materials provided with the
+# distribution.
+# 3. Neither the name of the Cesnet z.s.p.o nor the names of its
+# contributors may be used to endorse or promote products derived from
+# this software without specific prior written permission.
+#
+# This software is provided ``as is'', and any express or implied
+# warranties, including, but not limited to, the implied warranties of
+# merchantability and fitness for a particular purpose are disclaimed.
+# In no event shall the Cesnet z.s.p.o or contributors be liable for
+# any direct, indirect, incidental, special, exemplary, or consequential
+# damages (including, but not limited to, procurement of substitute
+# goods or services; loss of use, data, or profits; or business
+# interruption) however caused and on any theory of liability, whether
+# in contract, strict liability, or tort (including negligence or
+# otherwise) arising in any way out of the use of this software, even
+# if advised of the possibility of such damage.
+
+VERSION="1.0.0"
+
+#-------------------------------------------------------------------------------
+# FUNCTIONS
+#-------------------------------------------------------------------------------
+usage()
+{
+ echo "Usage: `basename $0` [-d <directory>] [-u <user>] [-k <ssl_key_file>] [-c <ssl_cert_file>] [-a <ssl_ca_file>] [-hV]"
+ echo "-d <directory> installation directory (default: /opt)"
+ echo "-u <user> owner of warden client package (user for running detection scripts)"
+ echo "-k <ssl_key_file> path to SSL certificate key file"
+ echo "-c <ssl_cert_file> path to SSL certificate file"
+ echo "-a <ssl_ca_file> path to CA certificate file"
+ echo "-h print this help"
+ echo "-V print script version number and exit"
+ echo
+ echo "Example: ./`basename $0` -d /opt -u detector -k /etc/ssl/private/client.key -c /etc/ssl/certs/client.pem -a /etc/ssl/certs/tcs-ca-bundle.pem"
+ echo
+ echo "Note: You must be root for running this script."
+ echo " For more information about installation process, see README file (section Installation)."
+ echo
+ exit 0
+}
+
+
+version()
+{
+ echo "`basename ${0}` - current version is $VERSION"
+ exit 0
+}
+
+
+err()
+{
+ echo "FAILED!"
+ cat $err
+ rm -rf $err
+ echo
+ echo "Installation FAILED!!!"
+ exit 1
+}
+
+
+err_clean()
+{
+ echo "FAILED!"
+ echo " -> Uninstalling client package ... OK"
+ rm -rf $client_path > /dev/null 2>&1
+ cat $err
+ rm -rf $err
+ echo
+ echo "Installation FAILED!!!"
+ exit 1
+}
+
+
+os_chck()
+{
+ OS=`uname`
+ if [ "$OS" != "Linux" ]; then
+ echo "Sorry, unsupported operating system detected - \"$OS\"!"
+ exit 1
+ fi
+}
+
+
+shell_chck()
+{
+ SHELL=`echo $SHELL`
+ if [ "$SHELL" != "/bin/bash" ]; then
+ echo "Sorry, this script is usable in Bourne Again Shell (bash) only!"
+ exit 1
+ fi
+}
+
+
+root_chck()
+{
+ if [ $UID -ne 0 ]; then
+ echo "You must be root for running this script!"
+ exit 1
+ fi
+}
+
+
+params_chck()
+{
+ if [ -z $prefix ]; then
+ prefix=/opt
+ echo "Warning: parameter -d <directory> is not set - default installation directory is $prefix!"
+ fi
+ if [ -z $user ]; then
+ echo "Parameter -u <user> is not set!"
+ exit 1
+ fi
+ if [ -z $key ]; then
+ echo "Parameter -k <ssl_key_file> is not set!"
+ exit 1
+ fi
+ if [ -z $cert ]; then
+ echo "Parameter -c <ssl_cert_file> is not set!"
+ exit 1
+ fi
+ if [ -z $ca_file ]; then
+ echo "Parameter -a <ssl_ca_file> is not set!"
+ exit 1
+ fi
+}
+
+
+perl_chck()
+{
+ echo -n "Checking Perl interpreter ... "
+ which perl 1>/dev/null; ret_val=`echo $?`
+ if [ $ret_val -eq 0 ]; then
+ echo "OK"
+ else
+ echo "FAILED!"
+ echo "Error: Perl interpreter is not installed!"
+ exit 1
+ fi
+}
+
+
+modules_chck()
+{
+ for module in ${modules[@]};
+ do
+ echo -n "Checking $module module ... "
+ perl -e "use $module" 2> $err; ret_val=`echo $?`
+ if [ $ret_val -eq 0 ]; then
+ echo "OK"
+ else
+ err
+ fi
+ done
+}
+
+
+installation_dir_chck()
+{
+ echo -n "Checking installation directory ... "
+ if [ ! -d $prefix ]; then
+ echo "FAILED!"
+ ls $prefix
+ exit 1
+ else
+ echo "OK"
+ fi
+}
+
+
+make_warden_dir()
+{
+ echo -n "Making warden client directory ... "
+ cp -R ./warden-client $prefix 2> $err; ret_val=`echo $?`
+ if [ $ret_val -eq 0 ]; then
+ echo "OK"
+ else
+ err_clean
+ fi
+ cp -u CHANGELOG INSTALL LICENSE README README.cesnet "$client_path/doc"
+}
+
+
+copy_key()
+{
+ echo -n "Copying certificate key file ... "
+ cp $key $etc 2> $err; ret_val=`echo $?`
+ if [ $ret_val -eq 0 ]; then
+ echo "OK"
+ else
+ err_clean
+ fi
+}
+
+
+copy_cert()
+{
+ echo -n "Copying certificate file ... "
+ cp $cert $etc 2> $err; ret_val=`echo $?`
+ if [ $ret_val -eq 0 ]; then
+ echo "OK"
+ else
+ err_clean
+ fi
+}
+
+
+make_conf_file()
+{
+ echo -n "Creating configuration file ... "
+echo "#
+# warden-client.conf - configuration file for the warden sender/receiver client
+#
+
+#-------------------------------------------------------------------------------
+# URI - URI address of Warden server
+#-------------------------------------------------------------------------------
+\$URI = \"https://warden.cesnet.cz:443/Warden\";
+
+#-------------------------------------------------------------------------------
+# SSL_KEY_FILE - path to client SSL certificate key file
+#-------------------------------------------------------------------------------
+\$SSL_KEY_FILE = \"$etc/$key_file\";
+
+#-------------------------------------------------------------------------------
+# SSL_CERT_FILE - path to client SSL certificate file
+#-------------------------------------------------------------------------------
+\$SSL_CERT_FILE = \"$etc/$cert_file\";
+
+#-------------------------------------------------------------------------------
+# SSL_CA_FILE - path to CA certificate file
+#-------------------------------------------------------------------------------
+\$SSL_CA_FILE = \"$ca_file\";
+" > $conf_file 2> $err; ret_val=`echo $?`
+ if [ $ret_val -eq 0 ]; then
+ echo "OK"
+ else
+ err_clean
+ fi
+}
+
+
+change_permissions()
+{
+ echo -n "Changing permissions to installed package ... "
+ chown -R $user: $client_path 2>$err; ret_val=`echo $?`
+ if [ $ret_val -eq 0 ]; then
+ echo "OK"
+ else
+ err_clean
+ fi
+}
+
+
+
+#-------------------------------------------------------------------------------
+# MAIN
+#-------------------------------------------------------------------------------
+
+# list of used Perl modules
+modules=(SOAP::Lite IO::Socket::SSL SOAP::Transport::TCP FindBin)
+
+# OS test
+os_chck
+
+# Shell test
+shell_chck
+
+# read input
+while getopts "d:u:k:c:a:Vh" options; do
+ case $options in
+ d ) prefix=$OPTARG;;
+ u ) user=$OPTARG;;
+ k ) key=$OPTARG;;
+ c ) cert=$OPTARG;;
+ a ) ca_file=$OPTARG;;
+ h ) usage;;
+ V ) version;;
+ * ) usage;;
+ esac
+done
+
+# root test
+root_chck
+
+# params test
+params_chck
+
+# create variables
+key_file=`basename $key`
+cert_file=`basename $cert`
+client_path="$prefix/warden-client"
+etc="$client_path/etc"
+conf_file="$etc/warden-client.conf"
+err="/tmp/warden-err"
+
+echo
+echo "------------------------- Dependencies check-in -------------------------"
+
+# Perl interpreter test
+perl_chck
+
+# Perl modules test
+modules_chck
+
+
+echo
+echo "------------------------- Installation process --------------------------"
+
+# check installation directory
+installation_dir_chck
+
+# make warden client directory
+make_warden_dir
+
+# copy cert key file
+copy_key
+
+# copy cert file
+copy_cert
+
+# create conf file
+make_conf_file
+
+# change permissions
+change_permissions
+
+echo
+echo "Please check configuration file in $conf_file!"
+echo
+echo "Installation was SUCCESSFUL!!!"
+
+# cleanup section
+rm -rf $err
+
+exit 0
diff --git a/src/warden-server/sh/update.sh b/src/warden-server/sh/update.sh
new file mode 100755
index 0000000..9d44e29
--- /dev/null
+++ b/src/warden-server/sh/update.sh
@@ -0,0 +1,352 @@
+#!/bin/bash
+#
+# update.sh
+#
+# Copyright (C) 2012 Cesnet z.s.p.o
+# Author(s): Tomas PLESNIK <plesnik@ics.muni.cz>
+# Jan SOUKAL <soukal@ics.muni.cz>
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in
+# the documentation and/or other materials provided with the
+# distribution.
+# 3. Neither the name of the Cesnet z.s.p.o nor the names of its
+# contributors may be used to endorse or promote products derived from
+# this software without specific prior written permission.
+#
+# This software is provided ``as is'', and any express or implied
+# warranties, including, but not limited to, the implied warranties of
+# merchantability and fitness for a particular purpose are disclaimed.
+# In no event shall the Cesnet z.s.p.o or contributors be liable for
+# any direct, indirect, incidental, special, exemplary, or consequential
+# damages (including, but not limited to, procurement of substitute
+# goods or services; loss of use, data, or profits; or business
+# interruption) however caused and on any theory of liability, whether
+# in contract, strict liability, or tort (including negligence or
+# otherwise) arising in any way out of the use of this software, even
+# if advised of the possibility of such damage.
+
+
+VERSION="1.0.0"
+
+#-------------------------------------------------------------------------------
+# FUNCTIONS
+#-------------------------------------------------------------------------------
+usage()
+{
+ echo "Usage: `basename $0` [-d <directory>] [-hV]"
+ echo "-d <directory> installation directory (default: /opt)"
+ echo "-h print this help"
+ echo "-V print script version number and exit"
+ echo
+ echo "Example: ./`basename $0` -d /opt"
+ echo
+ echo "Note: You must be root for running this script."
+ echo " For more information about update process, see README file (section Update)."
+ echo
+ exit 0
+}
+
+
+version()
+{
+ echo "`basename ${0}` - current version is $VERSION"
+ exit 0
+}
+
+
+err()
+{
+ echo "FAILED!"
+ cat $err
+ rm -rf $err
+ rm -rf $backup_dir
+ echo
+ echo "Update FAILED!!!"
+ exit 1
+}
+
+
+err_clean()
+{
+ echo "FAILED!"
+ echo " -> Reverting changes of warden client package ... OK"
+ rm -rf "$client_path/*" > /dev/null 2>&1
+ cp -R "$backup_dir/*" $client_path
+ cat $err
+ rm -rf $err
+ rm -rf $backup_dir
+ echo
+ echo "Update FAILED!!!"
+ exit 1
+}
+
+
+os_chck()
+{
+ OS=`uname`
+ if [ "$OS" != "Linux" ]; then
+ echo "Sorry, unsupported operating system detected - \"$OS\"!"
+ exit 1
+ fi
+}
+
+
+shell_chck()
+{
+ SHELL=`echo $SHELL`
+ if [ "$SHELL" != "/bin/bash" ]; then
+ echo "Sorry, this script is usable in Bourne Again Shell (bash) only!"
+ exit 1
+ fi
+}
+
+
+root_chck()
+{
+ if [ $UID -ne 0 ]; then
+ echo "You must be root for running this script!"
+ exit 1
+ fi
+}
+
+
+params_chck()
+{
+ if [ -z $prefix ]; then
+ prefix=/opt
+ echo "Warning: parameter -d <directory> is not set - default installation directory is $prefix!"
+ fi
+}
+
+
+perl_chck()
+{
+ echo -n "Checking Perl interpreter ... "
+ which perl 1>/dev/null; ret_val=`echo $?`
+ if [ $ret_val -eq 0 ]; then
+ echo "OK"
+ else
+ echo "FAILED!"
+ echo "Error: Perl interpreter is not installed!"
+ exit 1
+ fi
+}
+
+
+modules_chck()
+{
+ for module in ${modules[@]};
+ do
+ echo -n "Checking $module module ... "
+ perl -e "use $module" 2> $err; ret_val=`echo $?`
+ if [ $ret_val -eq 0 ]; then
+ echo "OK"
+ else
+ err
+ fi
+ done
+}
+
+
+installation_dir_chck()
+{
+ echo -n "Checking installation directory ... "
+ if [ ! -d $prefix ]; then
+ echo "FAILED!"
+ ls $prefix
+ exit 1
+ else
+ echo "OK"
+ fi
+}
+
+
+warden_dir_chck()
+{
+ echo -n "Checking warden client directory ... "
+ if [ ! -d $client_path ]; then
+ echo "FAILED!"
+ ls $prefix
+ exit 1
+ else
+ echo "OK"
+ fi
+}
+
+backup()
+{
+ echo -n "Backing-up warden client directory ... "
+ mkdir $backup_dir
+ cp -R $client_path $backup_dir 2> $err; ret_val=`echo $?`
+ if [ $ret_val -eq 0 ]; then
+ echo "OK"
+ else
+ err
+ fi
+}
+
+
+obtain_warden_user()
+{
+ echo -n "Obtaining warden client directory owner ... "
+ user=`stat -c %U $conf_file` 2> $err; ret_val=`echo $?`
+ if [ $ret_val -eq 0 ]; then
+ echo "OK"
+ else
+ err
+ fi
+}
+
+
+update_warden_dir()
+{
+ echo -n "Updating warden client directory ... "
+ rsync -q --recursive --archive --delete --exclude="warden-client/etc" --exclude="warden-client/var" warden-client $prefix 2> $err; ret_val=`echo $?`
+ if [ $ret_val -eq 0 ]; then
+ echo "OK"
+ else
+ err_clean
+ fi
+ cp -u CHANGELOG INSTALL LICENSE README README.cesnet "$client_path/doc"
+}
+
+
+make_conf_file()
+{
+ echo -n "Creating configuration file ... "
+ uri=`cat $conf_file | grep '$URI'`
+ ssl_key_file=`cat $conf_file | grep '$SSL_KEY_FILE'`
+ ssl_cert_file=`cat $conf_file | grep '$SSL_CERT_FILE'`
+ ssl_ca_file=`cat $conf_file | grep '$SSL_CA_FILE'`
+echo "#
+# warden-client.conf - configuration file for the warden sender/receiver client
+#
+
+#-------------------------------------------------------------------------------
+# URI - URI address of Warden server
+#-------------------------------------------------------------------------------
+$uri
+
+#-------------------------------------------------------------------------------
+# SSL_KEY_FILE - path to client SSL certificate key file
+#-------------------------------------------------------------------------------
+$ssl_key_file
+
+#-------------------------------------------------------------------------------
+# SSL_CERT_FILE - path to client SSL certificate file
+#-------------------------------------------------------------------------------
+$ssl_cert_file
+
+#-------------------------------------------------------------------------------
+# SSL_CA_FILE - path to CA certificate file
+#-------------------------------------------------------------------------------
+$ssl_ca_file
+" > $conf_file 2> $err; ret_val=`echo $?`
+ if [ $ret_val -eq 0 ]; then
+ echo "OK"
+ else
+ err_clean
+ fi
+}
+
+
+change_permissions()
+{
+ echo -n "Changing permissions to updated package ... "
+ chown -R $user: $client_path 2>$err; ret_val=`echo $?`
+ if [ $ret_val -eq 0 ]; then
+ echo "OK"
+ else
+ err_clean
+ fi
+}
+
+
+
+#-------------------------------------------------------------------------------
+# MAIN
+#-------------------------------------------------------------------------------
+
+# list of used Perl modules
+modules=(SOAP::Lite IO::Socket::SSL SOAP::Transport::TCP FindBin)
+
+# OS test
+os_chck
+
+# Shell test
+shell_chck
+
+# read input
+while getopts "d:Vh" options; do
+ case $options in
+ d ) prefix=$OPTARG;;
+ h ) usage;;
+ V ) version;;
+ * ) usage;;
+ esac
+done
+
+# root test
+root_chck
+
+# params test
+params_chck
+
+# create variables
+client_path="$prefix/warden-client"
+etc="$client_path/etc"
+conf_file="$etc/warden-client.conf"
+err="/tmp/warden-err"
+backup_dir="/tmp/warden-backup"
+
+
+echo
+echo "------------------------- Dependencies check-in -------------------------"
+
+# Perl interpreter test
+perl_chck
+
+# Perl modules test
+modules_chck
+
+
+echo
+echo "------------------------- Update process --------------------------------"
+
+# check installation directory
+installation_dir_chck
+
+# check warden client directory
+warden_dir_chck
+
+# backup old warden client installation
+backup
+
+# obtain current warden client user
+obtain_warden_user
+
+# make warden client directory
+update_warden_dir
+
+# create conf file
+make_conf_file
+
+# change permissions
+change_permissions
+
+echo
+echo "Please check configuration file in $conf_file!"
+echo
+echo "Update was SUCCESSFUL!!!"
+
+# cleanup section
+rm -rf $err
+rm -rf $backup_dir
+
+exit 0
--
GitLab