Uprava drobnosti po porade s Tomem

src/warden-server/bin/wardenWatchdog.pl

@@ -2,7 +2,7 @@
 #
 # wardenWatchdog.pl
 #
-# Copyright (C) 2011-2012 Cesnet z.s.p.o
+# Copyright (C) 2011-2013 Cesnet z.s.p.o
 #
 # Use of this source is governed by a BSD-style license, see LICENSE file.
 
@@ -10,7 +10,7 @@ use strict;
 use warnings;
 
 use Getopt::Long;
-use FindBin qw($RealBin);
+use FindBin qw($RealBin $RealScript);
 FindBin::again();
 use lib "$RealBin/../lib";
 use WardenWatchdog;
@@ -30,11 +30,11 @@ use WardenWatchdog;
 #-------------------------------------------------------------------------------
 sub help
 {
-  my $help ="  USAGE: ./wardenWatchdog.pl -c /path/WardenWatchdog.conf -i 7
+  my $help ="$RealScript -c <conf_file_with_path> -i <interval>
+-c      path and name of a file with configuration
+-i      interval in days from now back to the past
 
-  OPTIONS
-  -c conf           configuration file name and path
-  -i interval       interval in days from now back to the past
+EXAMPLE: ./wardenWatchdog.pl -c /path/WardenWatchdog.conf -i 7
 ";
   print $help;
   return 1;

src/warden-server/doc/README

@@ -12,6 +12,7 @@ Content
   F. Miscellaneous
   G. Registration of Clients
   H. Status Info
+  I. Warden Watchdog
 
 --------------------------------------------------------------------------------
 A. Overall Information
@@ -42,7 +43,6 @@ A. Overall Information
         INSTALL
         LICENSE
         README
-        README.wardenWatchdog
         UNINSTALL
         UPDATE
         warden21to22.patch
@@ -58,13 +58,13 @@ A. Overall Information
         WardenCommon.pm
         Warden.pm
         WardenWatchdog.pm
-     sh/	  
+     sh/
        uninstall.sh
 
 
 --------------------------------------------------------------------------------
 B. Installation Dependencies
- 
+
  1. Applications:
 
     Perl >= 5.10.1
@@ -103,25 +103,25 @@ C. Installation
 
     $ tar xzvf warden-server-2.2.tar.gz
 
- 3. Run install.sh. 
-    
+ 3. Run install.sh.
+
     For more information about install.sh options run install.sh -h
 
     Usage: $ ./install.sh -d <directory> -k <ssl_key_file> -c <ssl_cert_file> -a <ssl_ca_file> [-s <directory>] [-hV]"
-	-d <directory>            installation directory
-	-k <ssl_key_file>         SSL certificate key file path
-	-c <ssl_cert_file>        SSL certificate file path
-	-a <ssl_ca_file>          CA certificate file path
-	-s <directory>            directory for symlinks to Warden server control scripts (optional)
-	-h                        print this help
-	-V                        print script version number and exit
+        -d <directory>            installation directory
+        -k <ssl_key_file>         SSL certificate key file path
+        -c <ssl_cert_file>        SSL certificate file path
+        -a <ssl_ca_file>          CA certificate file path
+        -s <directory>            directory for symlinks to Warden server control scripts (optional)
+        -h                        print this help
+        -V                        print script version number and exit
 
 
     Example: # ./install.sh -d /opt/warden-server
                             -k /etc/ssl/private/server.key
-                            -c /etc/ssl/certs/server.pem                            
-			    -a /etc/ssl/certs/bundle.pem
-			    -s /usr/local/bin
+                            -c /etc/ssl/certs/server.pem
+                            -a /etc/ssl/certs/bundle.pem
+                            -s /usr/local/bin
 
  4. Configuration files
 
@@ -208,16 +208,16 @@ C. Installation
 --------------------------------------------------------------------------------
 D. Update
 
- For update of the Warden server package from local machine use update.sh.
-    
- For more information about update.sh options run update.sh -h
+  For update of the Warden server package from local machine use update.sh.
 
-   Usage: $ ./update.sh -d <directory> [-hV]
+  For more information about update.sh options run update.sh -h
+
+  Usage: $ ./update.sh -d <directory> [-hV]
         -d <directory>            destination directory
         -h                        print this help
         -V                        print script version number and exit
 
-   Example: # ./update.sh -d /opt/warden-server
+  Example: # ./update.sh -d /opt/warden-server
 
   For more information about post-update steps see UPDATE file in 'doc'
   directory.
@@ -226,16 +226,16 @@ D. Update
 --------------------------------------------------------------------------------
 E. Uninstallation
 
- For uninstallation of the Warden server package from local machine use uninstall.sh.
-    
- For more information about uninstall.sh options run uninstall.sh -h
+  For uninstallation of the Warden server package from local machine use uninstall.sh.
+
+  For more information about uninstall.sh options run uninstall.sh -h
 
-   Usage: $ ./uninstall.sh -d <directory> [-hV]
+  Usage: $ ./uninstall.sh -d <directory> [-hV]
         -d <directory>            uninstallation directory
         -h                        print this help
         -V                        print script version number and exit
 
-   Example: # ./uninstall.sh -d /opt/warden-server
+  Example: # ./uninstall.sh -d /opt/warden-server
 
   For more information about post-uninstallation steps see UNINSTALL file in 'doc'
   directory.
@@ -356,6 +356,55 @@ H. Status Info
      Function getClients is accessible via getClients.pl. Function has no input
      parameters and returns detailed information about all registered clients.
 
+--------------------------------------------------------------------------------
+I. Warden Watchdog
+
+  Warden Watchdog is a simple script for check of an Warden server DB. You can
+  create various SQL queries (checks) for an example for events from wrong IPs,
+  for events with incomplete description or for long quiet reporting clients.
+  Then you can run watchdog by hand or a repeatedly via Cron.
+
+  If one or more events are found by a check, than predefined information
+  email is sent to a person, who is responsible for a client. You can also set
+  a different recipient of a notification email for each check with a setting
+  'contact' field in a configuration file.
+
+  1. Configuration file
+
+    Each configuration file for a Warden Watchdog has four important groups
+    of settings. First group is clear and contains parameters such as path
+    to Warden server configuration file, notification email subject and
+    a email server configuration. Second group called SQL preconditions is
+    an array containing SQL queries which can be executed before Warden DB
+    check. Last, fourth, group called SQL postconditions is also an array
+    which can contains SQL queries useful for a Warden DB clean up after
+    a DB check.
+
+    The second group in a configuration file is a different. It is an array
+    of hashes with a following structure and each one performs one check.
+    In a query is possible to use a '\$date' variable, which will be expanded
+    by a Watchdog on a today's date.
+
+    @sql_queries = (
+      {
+        query   => '<SQL query (check) on Warden DB>';
+        text    => 'Text of notification email for this DB check';
+        contact => '<email address>' # override contact from 'requestor' column
+      }
+    )
+
+  2. Application run
+
+    You will need just a prepared configuration file and a count of days
+    back from now to the past. Warden database check from config will be
+    then run in this defined time interval.
+
+    USAGE:
+      ./wardenWatchdog.pl -c /path/WardenWatchdog.conf -i 7
+
+    CRON USAGE:
+      33  00  * * * /full/path/watchdog/wardenWatchdog.pl -c /path/WardenWatchdog.conf -i 7 >> err.txt
+
 --------------------------------------------------------------------------------
 
 Copyright (C) 2011-2013 Cesnet z.s.p.o

src/warden-server/etc/warden-watchdog.conf

 #
-# wardenWatchdog.conf - configuration file for Wachdog script
+# warden-watchdog.conf - configuration file for Wachdog script
 #
+# Copyright (C) 2011-2013 Cesnet z.s.p.o
+#
+# Use of this source is governed by a BSD-style license, see LICENSE file.
 
 #-------------------------------------------------------------------------------
 # domain_name - server full domain name
@@ -10,7 +13,7 @@ $domain_name = "warden-dev.cesnet.cz";
 #-------------------------------------------------------------------------------
 # email_subject - ...
 #-------------------------------------------------------------------------------
-$email_subject = "Kontrola stavu udalosti warden serveru na stroji $domain_name";
+$email_subject = "Database check of a Warden server ($domain_name)";
 
 #-------------------------------------------------------------------------------
 # email_server_conf - path and params of an email server for reports sending
@@ -56,10 +59,10 @@ END;');
 #                          in a database table.
 #-------------------------------------------------------------------------------
 @sql_queries = (
- {query => "SELECT hostname, service, MAX(received) FROM events WHERE valid = 't' GROUP BY hostname, service ORDER BY MAX(received) ASC;", text => "Uvedeny klient, nebo klienti jiz delsi dobu nereportovali zadne udalosti do Wardenu. Je mozne, ze nefunguji spravne.", contact => 'jakubcegan@cesnet.cz, ph@cesnet.cz'},
- {query => "SELECT clients.* FROM clients JOIN events ON clients.service=events.service WHERE events.detected > '\$date' AND NOT FIND_IN_SET(events.type, 'portscan,bruteforce,probe,spam,phishing,botnet_c_c,dos,malware,copyright,webattack,test,other') AND events.valid = 't' GROUP BY requestor;", text => "Uvedeny klient, nebo klienti zasilaji nepodporovany nebo zastaraly typ udalosti na server Warden", contact => 'jakubcegan@cesnet.cz, ph@cesnet.cz'},
- {query => "SELECT hostname, service, type, COUNT(*) FROM events WHERE detected - received > 0 AND received > '$date' GROUP BY hostname, service, type;", text => "Uvedeny klient, nebo klienti odesilaji odesilaji udalosti s casem z budoucnosti. Cas prirazeny serverem pri prichodu udalosti (received) musi byt vzdy roven nebo vetsi casu detekce (detected).", contact => 'jakubcegan@cesnet.cz, ph@cesnet.cz'},
- {query => "SELECT hostname, service, received, source, count(source) AS c, min(received), max(received) FROM events WHERE valid = 't' AND source_type = 'IP' AND iptest(source) GROUP BY hostname, service, source ORDER BY c DESC;", text => "Uvedeni klient, nebo klienti odesilaji udalosti se zdrojovou adresou, ktera by se nemela objevit v internetu (privatni rozsah), nebo je neplatna (prazdny oktet, oktet je vetsi nez 255, apod.). kvuli omezeni verzi MySQL serveru funguje zatim pouze pro IPv6.", contact => 'jakubcegan@cesnet.cz, ph@cesnet.cz'});
+ {query => "SELECT hostname, service, MAX(received) FROM events WHERE valid = 't' GROUP BY hostname, service ORDER BY MAX(received) ASC;", text => "These clients do not report any events for a long time. It is possible, that they are misconfigured or not running.", contact => 'jakubcegan@cesnet.cz, ph@cesnet.cz'},
+ {query => "SELECT clients.* FROM clients JOIN events ON clients.service=events.service WHERE events.detected > '\$date' AND NOT FIND_IN_SET(events.type, 'portscan,bruteforce,probe,spam,phishing,botnet_c_c,dos,malware,copyright,webattack,test,other') AND events.valid = 't' GROUP BY requestor;", text => "Following client(s) report unsupported or obsolete type of event to a Warden server.", contact => 'jakubcegan@cesnet.cz, ph@cesnet.cz'},
+ {query => "SELECT hostname, service, type, COUNT(*) FROM events WHERE detected - received > 0 AND received > '$date' GROUP BY hostname, service, type;", text => "Following client(s) report events to a Warden server with a timestamp from future. Server timestamp (received) has to be always greater or equal to a timestam of detection.", contact => 'jakubcegan@cesnet.cz, ph@cesnet.cz'},
+ {query => "SELECT hostname, service, received, source, count(source) AS c, min(received), max(received) FROM events WHERE valid = 't' AND source_type = 'IP' AND iptest(source) GROUP BY hostname, service, source ORDER BY c DESC;", text => "Following client(s) report events to a Warden server with a private or invalid IPv4 address.", contact => 'jakubcegan@cesnet.cz, ph@cesnet.cz'});
 
 #-------------------------------------------------------------------------------
 # sql_postcondition - array of procedures which are executed "after" main action

src/warden-server/lib/WardenWatchdog.pm

@@ -2,7 +2,7 @@
 #
 # WardenWatchdog.pm
 #
-# Copyright (C) 2011-2012 Cesnet z.s.p.o
+# Copyright (C) 2011-2013 Cesnet z.s.p.o
 #
 # Use of this source is governed by a BSD-style license, see LICENSE file.
 
@@ -11,8 +11,6 @@ package WardenWatchdog;
 use strict;
 use warnings;
 
-#use Data::Dumper;
-#use WardenConf;
 use DBI;
 use DBD::mysql;
 use DateTime;