inicialni stav

src/warden-client/bin/receiver.pl

+#!/usr/bin/perl -w
+#
+# receiver.pl
+#
+# Copyright (C) 2011 Cesnet z.s.p.o
+# Author(s):    Tomas PLESNIK   <plesnik@ics.muni.cz>
+#               Jan SOUKAL      <soukal@ics.muni.cz>
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in
+#    the documentation and/or other materials provided with the
+#    distribution.
+# 3. Neither the name of the Cesnet z.s.p.o nor the names of its
+#    contributors may be used to endorse or promote products derived from
+#    this software without specific prior written permission.
+#
+# This software is provided ``as is'', and any express or implied
+# warranties, including, but not limited to, the implied warranties of
+# merchantability and fitness for a particular purpose are disclaimed.
+# In no event shall the Masaryk University or contributors be liable for
+# any direct, indirect, incidental, special, exemplary, or consequential
+# damages (including, but not limited to, procurement of substitute
+# goods or services; loss of use, data, or profits; or business
+# interruption) however caused and on any theory of liability, whether
+# in contract, strict liability, or tort (including negligence or
+# otherwise) arising in any way out of the use of this software, even
+# if advised of the possibility of such damage.
+#
+
+use strict;
+
+my $warden_path = '/opt/warden-client';
+require $warden_path . '/lib/WardenClientReceive.pm';
+
+#my $requested_type = "copyright";
+#my $requested_type = "botnet_c_c";
+my $requested_type = "bruteforce";
+my @new_events = WardenClientReceive::getNewEvents($warden_path, $requested_type);
+
+print "+------------------------------------------------------------------------------------------------------------------------------------------+\n";
+print "| id | hostname | service | detected | type | source_type | source | target_proto | target_port | attack_scale | note | priority | timeout |\n";
+print "+------------------------------------------------------------------------------------------------------------------------------------------+\n";
+
+foreach (@new_events) {
+  print "| " . join(' | ', @$_) . " |" . "\n";
+}
+print "+------------------------------------------------------------------------------------------------------------------------------------------+";
+print "\n";
+print "Last events in: " . scalar(localtime(time)) . "\n";
+
+exit 0;

src/warden-client/bin/sender.pl

+#!/usr/bin/perl -w
+#
+# sender.pl
+#
+# Copyright (C) 2011 Cesnet z.s.p.o
+# Author(s):    Tomas PLESNIK   <plesnik@ics.muni.cz>
+#               Jan SOUKAL      <soukal@ics.muni.cz>
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in
+#    the documentation and/or other materials provided with the
+#    distribution.
+# 3. Neither the name of the Cesnet z.s.p.o nor the names of its
+#    contributors may be used to endorse or promote products derived from
+#    this software without specific prior written permission.
+#
+# This software is provided ``as is'', and any express or implied
+# warranties, including, but not limited to, the implied warranties of
+# merchantability and fitness for a particular purpose are disclaimed.
+# In no event shall the Masaryk University or contributors be liable for
+# any direct, indirect, incidental, special, exemplary, or consequential
+# damages (including, but not limited to, procurement of substitute
+# goods or services; loss of use, data, or profits; or business
+# interruption) however caused and on any theory of liability, whether
+# in contract, strict liability, or tort (including negligence or
+# otherwise) arising in any way out of the use of this software, even
+# if advised of the possibility of such damage.
+#
+
+use Switch;
+use strict;
+
+my $warden_path = '/opt/warden-client';
+require $warden_path . '/lib/WardenClientSend.pm';
+
+my $service = "";
+switch (int(rand(2) + 0.5)) {
+  case 0 { $service = 'ScanDetector'; }
+  case 1 { $service = 'PhiGaro'; }
+  case 2 { $service = 'HoneyScan'; }
+  }
+
+my $detected = "2011-0" . int(rand(9) + 0.5) . "-" . (int(rand(20) + 0.5) + 10) . "T" . (int(rand(14) + 0.5) + 10) . ":" . (int(rand(50) + 0.5) + 10) . ":" . (int(rand(50) + 0.5) + 10);
+
+my $type = "";
+switch (int(rand(9) + 0.5)) {
+  case 0 { $type = 'portscan'; }
+  case 1 { $type = 'bruteforce'; }
+  case 2 { $type = 'spam'; }
+  case 3 { $type = 'phishing'; }
+  case 4 { $type = 'botnet_c_c'; }
+  case 5 { $type = 'dos'; }
+  case 6 { $type = 'malware'; }
+  case 7 { $type = 'copyright'; }
+  case 8 { $type = 'webattack'; }
+  case 9 { $type = 'other'; }
+  }
+  
+my $source_type = "";
+switch (int(rand(2) + 0.5)) {
+  case 0 { $source_type = 'IP'; }
+  case 1 { $source_type = 'url'; }
+  case 2 { $source_type = 'Reply-To:'; }
+  }
+
+my $source = (int(rand(254) + 0.5) + 1) . "." . (int(rand(254) + 0.5) + 1) . "." . (int(rand(254) + 0.5) + 1) . "." . (int(rand(254) + 0.5) + 1);
+
+my $target_proto = "";
+switch (int(rand(1) + 0.5)) {
+  case 0 { $target_proto = 'TCP'; }
+  case 1 { $target_proto = 'UDP'; }
+  }
+
+my $target_port = "";
+switch (int(rand(5) + 0.5)) {
+  case 0 { $target_port = '22'; }
+  case 1 { $target_port = '23'; }
+  case 2 { $target_port = '25'; }
+  case 3 { $target_port = '443'; }
+  case 4 { $target_port = '3389'; }
+  case 5 { $target_port = 'null'; }
+  }
+
+my $attack_scale = (int(rand(100000) + 0.5) + 1000);
+
+my $note = "tohle je takova normalni jednoducha poznamka";
+
+my $priority = "";
+switch (int(rand(1) + 0.5)) {
+  case 0 { $priority = int(rand(255) + 0.5); }
+  case 1 { $priority = 'null'; }
+  }
+  
+my $timeout = "";
+switch (int(rand(1) + 0.5)) {
+  case 0 { $timeout = int(rand(255) + 0.5); }
+  case 1 { $timeout = 'null'; }
+  } 
+
+my @event = (
+  $service, # $service
+  $detected, # $detected
+  $type, # $type
+  $source_type, # $source_type
+  $source, # $source
+  $target_proto, # $target_proto
+  $target_port, # $target_port
+  $attack_scale, # $attack_scale
+  $note, # $note
+  $priority, # $priority
+  $timeout, # $timeout
+  );
+
+WardenClientSend::saveNewEvent($warden_path, \@event);
+
+#foreach (@event) {
+#  print "$_\n";
+#}

src/warden-client/etc/warden-client.conf

+#
+# warden-client.conf - configuration file for the warden sender/receiver client
+#
+
+#-------------------------------------------------------------------------------
+# URI -	URI address of Warden server
+#-------------------------------------------------------------------------------
+$URI = "https://warden-dev.cesnet.cz:443/Warden";
+
+#-------------------------------------------------------------------------------
+# SSL_KEY_FILE - path to client SSL certificate key file
+#-------------------------------------------------------------------------------
+$SSL_KEY_FILE = "/opt/warden-client/etc/warden-dev.cesnet.cz.key";
+
+#-------------------------------------------------------------------------------
+# SSL_CERT_FILE - path to client SSL certificate file
+#-------------------------------------------------------------------------------
+$SSL_CERT_FILE = "/opt/warden-client/etc/warden-dev.cesnet.cz.pem";
+
+#-------------------------------------------------------------------------------
+# SSL_CA_FILE - path to CA certificate file
+#-------------------------------------------------------------------------------
+$SSL_CA_FILE = "/etc/ssl/certs/tcs-ca-bundle.pem";

src/warden-client/lib/WardenClientConf.pm

+#!/usr/bin/perl -w
+#
+# WardenClientConf.pm
+#
+# Copyright (C) 2011 Cesnet z.s.p.o
+# Author(s): 	Tomas PLESNIK 	<plesnik@ics.muni.cz>
+#		Jan SOUKAL	<soukal@ics.muni.cz>
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in
+#    the documentation and/or other materials provided with the
+#    distribution.
+# 3. Neither the name of the Cesnet z.s.p.o nor the names of its
+#    contributors may be used to endorse or promote products derived from
+#    this software without specific prior written permission.
+#
+# This software is provided ``as is'', and any express or implied
+# warranties, including, but not limited to, the implied warranties of
+# merchantability and fitness for a particular purpose are disclaimed.
+# In no event shall the Masaryk University or contributors be liable for
+# any direct, indirect, incidental, special, exemplary, or consequential
+# damages (including, but not limited to, procurement of substitute
+# goods or services; loss of use, data, or profits; or business
+# interruption) however caused and on any theory of liability, whether
+# in contract, strict liability, or tort (including negligence or
+# otherwise) arising in any way out of the use of this software, even
+# if advised of the possibility of such damage.
+#
+
+package WardenClientConf;
+
+use strict;
+
+our $VERSION = 100;
+
+#-------------------------------------------------------------------------------
+# loadConf - load variables from configuration file
+#-------------------------------------------------------------------------------
+sub loadConf
+{
+  my $conf_file = shift;
+
+  # preset of default variables
+  our $URI = undef;
+  our $SSL_KEY_FILE = undef;
+  our $SSL_CERT_FILE = undef;
+  our $SSL_CA_FILE = undef;
+
+  # read config file
+  if ( ! open( TMP, $conf_file) ) {
+    die("Can't read config file '$conf_file': $!\n");
+  }
+  close TMP;
+
+  # load set variables by user
+  if ( !do $conf_file ) {
+    die("Errors in config file '$conf_file': $@");
+  }
+
+  return ($URI, $SSL_KEY_FILE, $SSL_CERT_FILE, $SSL_CA_FILE);
+
+} # End of loadConf
+1;

src/warden-client/lib/WardenClientReceive.pm

+#!/usr/bin/perl -w
+#
+# WardenClientReceive.pm
+#
+# Copyright (C) 2011 Cesnet z.s.p.o
+# Author(s): 	Tomas PLESNIK 	<plesnik@ics.muni.cz>
+#		Jan SOUKAL	<soukal@ics.muni.cz>
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in
+#    the documentation and/or other materials provided with the
+#    distribution.
+# 3. Neither the name of the Cesnet z.s.p.o nor the names of its
+#    contributors may be used to endorse or promote products derived from
+#    this software without specific prior written permission.
+#
+# This software is provided ``as is'', and any express or implied
+# warranties, including, but not limited to, the implied warranties of
+# merchantability and fitness for a particular purpose are disclaimed.
+# In no event shall the Masaryk University or contributors be liable for
+# any direct, indirect, incidental, special, exemplary, or consequential
+# damages (including, but not limited to, procurement of substitute
+# goods or services; loss of use, data, or profits; or business
+# interruption) however caused and on any theory of liability, whether
+# in contract, strict liability, or tort (including negligence or
+# otherwise) arising in any way out of the use of this software, even
+# if advised of the possibility of such damage.
+
+package WardenClientReceive;
+
+use strict;
+use SOAP::Lite;
+use IO::Socket::SSL qw(debug1);
+use SOAP::Transport::TCP;
+use FindBin;
+
+our $VERSION = 100;
+
+#-------------------------------------------------------------------------------
+# errMsg - print error message and die
+#-------------------------------------------------------------------------------
+sub errMsg
+{
+  my $msg = shift;
+  die($msg . "\n");
+} # End of errMsg
+
+
+#-------------------------------------------------------------------------------
+# c2s - connect to server, send request and receive response
+#-------------------------------------------------------------------------------
+sub c2s 
+{
+  my $uri		= shift;
+  my $ssl_key_file	= shift;
+  my $ssl_cert_file	= shift;
+  my $ssl_ca_file	= shift;
+  my $method		= shift;
+  my $data		= shift;
+
+  my $client;
+  my ($server, $port, $service) = $uri =~ /https:\/\/(.+)\:(\d+)\/(.+)/;
+  if (!($client = SOAP::Transport::TCP::Client->new(
+    PeerAddr            => $server,
+    PeerPort            => $port,
+    Proto               => 'tcp',
+    SSL_use_cert        => 1,
+    SSL_verify_mode     => 0x02,
+    SSL_key_file        => $ssl_key_file,
+    SSL_cert_file       => $ssl_cert_file,
+    SSL_ca_file         => $ssl_ca_file,
+  ))) {errMsg("Sorry, unable to create socket: " . &SOAP::Transport::TCP::Client::errstr)}
+
+  # setting of URI and serialize SOAP envelope and data object
+  my $soap = SOAP::Lite->uri($uri);
+  my $envelope;
+  if (!defined $data) {
+    $envelope = $soap->serializer->envelope(method => $method);
+  } else {
+    $envelope = $soap->serializer->envelope(method => $method, $data);
+  }
+
+  # setting of TCP URI and send serialized SOAP envelope and data
+  my $tcp_uri = "tcp://$server:$port/$service";
+  my $result = $client->send_receive(envelope => $envelope, endpoint => $tcp_uri);
+
+  # check server response
+  if (!defined $result) {
+    errMsg("Error: server returned empty response. Probably problem with used SSL ceritificates.");
+  } else {
+    # deserialized response from server -> create SOAP envelope and data object
+    my $response = $soap->deserializer->deserialize($result);
+    # check SOAP fault status
+    $response->fault ? errMsg("Server sent error message:: " . $response->faultstring) : return $response;
+  }
+}
+
+
+#-------------------------------------------------------------------------------
+# getNewEvents - get new events from warden server greater than last received ID
+#-------------------------------------------------------------------------------
+sub getNewEvents
+{
+  my $warden_path = shift;
+  my $requested_type = shift;
+
+  my $vardir = $warden_path . "/var/";
+  my $etcdir = $warden_path . "/etc/";
+  my $libdir = $warden_path . "/lib/";
+
+  # read the config file
+  require $libdir .  "WardenClientConf.pm";
+  my $conf_file = $etcdir . "warden-client.conf";
+  my ($uri, $ssl_key_file, $ssl_cert_file, $ssl_ca_file) = WardenClientConf::loadConf($conf_file);
+
+  # set name of ID file for each client aplication 
+  my $caller_name = $FindBin::Script;
+  my $id_file = $vardir . $caller_name . ".id";
+
+  #-----------------------------------------------------------------------------
+  # get last ID from ID file (if exist) or
+  # get last ID from warden server DB and save it into ID file
+  my $last_id;
+  if (-e $id_file) {
+    open(ID, "< $id_file") || errMsg("Cannot open ID file $id_file: $!");
+    foreach(<ID>) {
+      $last_id = $_;
+    }
+    close ID;
+  } else {
+    my $response = c2s($uri, $ssl_key_file, $ssl_cert_file, $ssl_ca_file, "getLastId");
+    $last_id = $response->result;
+    open(ID, "> $id_file") || die ("Cannot open ID file $id_file: $!");
+    print ID $last_id;
+    close ID;
+  }
+
+  #-----------------------------------------------------------------------------
+  # get new events from warden server DB based on gathered last ID 
+
+  # create SOAP data obejct
+  my $data = SOAP::Data->name(request => \SOAP::Data->value(
+    SOAP::Data->name(REQUESTED_TYPE => $requested_type),
+    SOAP::Data->name(LAST_ID => $last_id)
+  ));
+  my $response = c2s($uri, $ssl_key_file, $ssl_cert_file, $ssl_ca_file, "getNewEvents", $data);
+
+  # match getNewEvents functions response
+  $response->match('/Envelope/Body/getNewEventsResponse/');
+  my ($id, $hostname, $service, $detected, $type, $source_type, $source, $target_proto, $target_port, $attack_scale, $note, $priority, $timeout);
+  my @events;
+
+  # parse returned SOAP data object
+  my $i = 1;
+  $data = $response->valueof("[$i]");
+  while (defined $data) {
+    my @event;
+
+    # parse items of one event
+    $id			= $data->{'ID'};
+    $hostname		= $data->{'HOSTNAME'};
+    $service		= $data->{'SERVICE'};
+    $detected 		= $data->{'DETECTED'};
+    $type		= $data->{'TYPE'};
+    $source_type	= $data->{'SOURCE_TYPE'};
+    $source		= $data->{'SOURCE'};
+    $target_proto	= $data->{'TARGET_PROTO'};
+    $target_port	= $data->{'TARGET_PORT'};
+    $attack_scale	= $data->{'ATTACK_SCALE'};
+    $note		= $data->{'NOTE'};
+    $priority		= $data->{'PRIORITY'};
+    $timeout		= $data->{'TIMEOUT'};
+
+    # push new event from warden server into @events which is returned
+    @event = ("$id", "$hostname", "$service", "$detected", "$type", "$source_type", "$source", "$target_proto", "$target_port", "$attack_scale", "$note", "$priority", "$timeout");
+    push (@events, \@event);
+
+    # set maximum received ID from current batch
+    if ($id > $last_id) {
+	    $last_id = $id;
+    }
+
+    # go to the next received event
+    $i++;
+    $data = $response->valueof("[$i]");
+  }
+
+  # write last return ID
+  if (defined $last_id) {		# must be defined for first check ID
+    open(ID, "> $id_file") || die ("Cannot open ID file $id_file: $!");
+    print ID $last_id;
+    close ID;
+  }
+
+  # return event array of arrays 
+  return @events;
+} # End of getNewEvents
+
+1;

src/warden-client/lib/WardenClientSend.pm

+#!/usr/bin/perl -w
+#
+# WardenClientSend.pm
+#
+# Copyright (C) 2011 Cesnet z.s.p.o
+# Author(s):	Tomas PLESNIK	<plesnik@ics.muni.cz>
+#		Jan SOUKAL	<soukal@ics.muni.cz>
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in
+#    the documentation and/or other materials provided with the
+#    distribution.
+# 3. Neither the name of the Cesnet z.s.p.o nor the names of its
+#    contributors may be used to endorse or promote products derived from
+#    this software without specific prior written permission.
+#
+# This software is provided ``as is'', and any express or implied
+# warranties, including, but not limited to, the implied warranties of
+# merchantability and fitness for a particular purpose are disclaimed.
+# In no event shall the Masaryk University or contributors be liable for
+# any direct, indirect, incidental, special, exemplary, or consequential
+# damages (including, but not limited to, procurement of substitute
+# goods or services; loss of use, data, or profits; or business
+# interruption) however caused and on any theory of liability, whether
+# in contract, strict liability, or tort (including negligence or
+# otherwise) arising in any way out of the use of this software, even
+# if advised of the possibility of such damage.
+
+package WardenClientSend;
+
+use strict;
+use SOAP::Lite;
+use IO::Socket::SSL qw(debug1);
+use SOAP::Transport::TCP;
+
+my $VERSION = 100;
+
+
+#-------------------------------------------------------------------------------
+# errMsg - print error message and die
+#-------------------------------------------------------------------------------
+sub errMsg
+{
+  my $msg = shift;
+  die($msg . "\n");
+} # End of errMsg
+
+
+#-------------------------------------------------------------------------------
+# c2s - connect to server, send request and receive response
+#-------------------------------------------------------------------------------
+sub c2s 
+{
+  my $uri		= shift;
+  my $ssl_key_file	= shift;
+  my $ssl_cert_file	= shift;
+  my $ssl_ca_file	= shift;
+  my $method		= shift;
+  my $data		= shift;
+
+  my $client;
+  my ($server, $port, $service) = $uri =~ /https:\/\/(.+)\:(\d+)\/(.+)/;
+  if (!($client = SOAP::Transport::TCP::Client->new(
+    PeerAddr            => $server,
+    PeerPort            => $port,
+    Proto               => 'tcp',
+    SSL_use_cert        => 1,
+    SSL_verify_mode     => 0x02,
+    SSL_key_file        => $ssl_key_file,
+    SSL_cert_file       => $ssl_cert_file,
+    SSL_ca_file         => $ssl_ca_file,
+  ))) {errMsg("Sorry, unable to create socket: " . &SOAP::Transport::TCP::Client::errstr)}
+
+  # setting of URI and serialize SOAP envelope and data object
+  my $soap     = SOAP::Lite->uri($uri);
+  my $envelope = $soap->serializer->envelope(method => $method, $data);
+
+  # setting of TCP URI and send serialized SOAP envelope and data
+  my $tcp_uri = "tcp://$server:$port/$service";
+  my $result = $client->send_receive(envelope => $envelope, endpoint => $tcp_uri);
+
+  # check server response
+  if (!defined $result) {
+    errMsg("Error: server returned empty response. Probably problem with used SSL ceritificates.");
+  } else {
+    # deserialized response from server -> create SOAP envelope and data object
+    my $response = $soap->deserializer->deserialize($result);
+    # check SOAP fault status
+    $response->fault ? errMsg("Server sent error message:: " . $response->faultstring) : return 1;
+  }
+}
+
+
+#-------------------------------------------------------------------------------
+# saveNewEvent - send new event from detection scripts to warden server
+#-------------------------------------------------------------------------------
+sub saveNewEvent
+{
+  my $warden_path = shift;
+  my $event_ref = shift;
+
+  my $etcdir = $warden_path . "/etc/";
+  my $libdir = $warden_path . "/lib/";
+
+  # read the config file
+  require $libdir .  "WardenClientConf.pm";
+  my $conf_file = $etcdir . "warden-client.conf";
+  my ($uri, $ssl_key_file, $ssl_cert_file, $ssl_ca_file) = WardenClientConf::loadConf($conf_file);
+
+  # prepare variables of event 
+  my @event = @{$event_ref};
+  my $service		= $event[0];
+  my $detected		= $event[1];
+  my $type		= $event[2];
+  my $source_type	= $event[3];
+  my $source		= $event[4];
+  my $target_proto	= $event[5];
+  my $target_port	= $event[6];
+  my $attack_scale	= $event[7];
+  my $note		= $event[8];
+  my $priority		= $event[9];
+  my $timeout		= $event[10];
+
+  # create SOAP data object
+  my $event = SOAP::Data->name(event => \SOAP::Data->value(
+    SOAP::Data->name(SERVICE		=> $service),
+    SOAP::Data->name(DETECTED		=> $detected),
+    SOAP::Data->name(TYPE		=> $type),
+    SOAP::Data->name(SOURCE_TYPE    	=> $source_type),
+    SOAP::Data->name(SOURCE		=> $source),
+    SOAP::Data->name(TARGET_PROTO	=> $target_proto),
+    SOAP::Data->name(TARGET_PORT	=> $target_port),
+    SOAP::Data->name(ATTACK_SCALE	=> $attack_scale),
+    SOAP::Data->name(NOTE		=> $note),
+    SOAP::Data->name(PRIORITY       	=> $priority),
+    SOAP::Data->name(TIMEOUT		=> $timeout)
+   ));
+
+  my $result = c2s($uri, $ssl_key_file, $ssl_cert_file, $ssl_ca_file, "saveNewEvent", $event);
+  $result ? return 1 : return 0;
+
+} # End of saveNewEvent
+
+1;

src/warden-client/sh/install.sh

+#!/bin/bash
+#
+# install.sh
+#
+# Copyright (C) 2011 Cesnet z.s.p.o
+# Author(s): 	Tomas PLESNIK 	<plesnik@ics.muni.cz>
+#		Jan SOUKAL	<soukal@ics.muni.cz>
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in
+#    the documentation and/or other materials provided with the
+#    distribution.
+# 3. Neither the name of the Company nor the names of its
+#    contributors may be used to endorse or promote products derived from
+#     this software without specific prior written permission.
+#
+# This software is provided ``as is'', and any express or implied
+# warranties, including, but not limited to, the implied warranties of
+# merchantability and fitness for a particular purpose are disclaimed.
+# In no event shall the Masaryk University or contributors be liable for
+# any direct, indirect, incidental, special, exemplary, or consequential
+# damages (including, but not limited to, procurement of substitute
+# goods or services; loss of use, data, or profits; or business
+# interruption) however caused and on any theory of liability, whether
+# in contract, strict liability, or tort (including negligence or
+# otherwise) arising in any way out of the use of this software, even
+# if advised of the possibility of such damage.
+
+VERSION="1.0.0"
+
+#-------------------------------------------------------------------------------
+#				FUNCTIONS
+#-------------------------------------------------------------------------------
+usage()
+{
+echo "Usage: `basename $0` [-d <directory>] [-u <user>] [-k <ssl_key_file>] [-c <ssl_cert_file>] [-a <ssl_ca_file>] [-hV]"
+echo "-d <directory>            installation directory (default: /opt)"
+echo "-u <user>                 owner of warden client package (user for running detection scripts)"
+echo "-k <ssl_key_file>         path to SSL certificate key file"
+echo "-c <ssl_cert_file>        path to SSL certificate file"
+echo "-a <ssl_ca_file>          path to CA certificate file"
+echo "-h                        print this help"
+echo "-V                        print script version number and exit"
+echo
+echo "Example: ./`basename $0` -d /opt -u detector -k /etc/ssl/private/client.key -c /etc/ssl/certs/client.pem -a /etc/ssl/certs/tcs-ca-bundle.pem"
+echo
+echo "Note: You must be root for running this script."
+echo "      For more information about installation process, see README file (section Installation)."
+echo
+exit 0
+}
+
+
+version()
+{
+  echo "`basename ${0}` - current version is $VERSION"
+  exit 0
+}
+
+
+err()
+{
+  echo "FAILED!"
+  cat $err
+  echo
+  echo "Installation FAILED!!!"
+  exit 1
+}
+
+
+err_clean()
+{
+  echo "FAILED!"
+  echo " -> Uninstalling client package ... OK"
+  rm -rf $client_path > /dev/null 2>&1
+  cat $err
+  rm -rf $err
+  echo
+  echo "Installation FAILED!!!"
+  exit 1
+}
+
+
+#-------------------------------------------------------------------------------
+#				MAIN
+#-------------------------------------------------------------------------------
+
+# OS test
+OS=`uname`
+if [ "$OS" != "Linux" ]; then
+  echo "Sorry, unsupported operating system detected - \"$OS\"!"
+  exit 1
+fi
+
+
+# shell test
+SHELL=`echo $SHELL`
+if [ "$SHELL" != "/bin/bash" ]; then
+  echo "Sorry, this script is usable in Bourne Again Shell (bash) only!"
+  exit 1
+fi
+
+
+# read input
+while getopts "d:u:k:c:a:Vh" options; do
+  case $options in
+    d ) prefix=$OPTARG;;
+    u ) user=$OPTARG;;
+    k ) key=$OPTARG;;
+    c ) cert=$OPTARG;;
+    a ) ca_file=$OPTARG;;
+    h ) usage;;
+    V ) version;;
+    * ) usage;;
+  esac
+done
+
+
+# root controle
+if [ $UID -ne 0 ]; then
+  echo "You must be root for running this script!"
+  exit 1
+fi
+
+
+# check inputs
+if [ -z $prefix ]; then
+  prefix=/opt
+  echo "Warning: parameter -d <directory> is not set - default installation directory is /opt!"
+fi
+if [ -z $user ]; then
+  echo "Parameter -u <user> is not set!"
+  exit 1
+fi
+if [ -z $key ]; then
+  echo "Parameter -k <ssl_key_file> is not set!"
+  exit 1
+fi
+if [ -z $cert ]; then
+  echo "Parameter -c <ssl_cert_file> is not set!"
+  exit 1
+fi
+if [ -z $ca_file ]; then
+  echo "Parameter -a <ssl_ca_file> is not set!"
+  exit 1
+fi
+
+
+# create variables
+key_file=`basename $key`
+cert_file=`basename $cert`
+client_path="$prefix/warden-client"
+etc="$client_path/etc"
+conf_file="$etc/warden-client.conf"
+err="/tmp/warden-err"
+
+#-------------------------------------------------------------------------------
+#				Dependencies check-in
+
+echo "------------------------- Dependencies check-in ---------------------------"
+
+# check Perl interpreter
+echo -n "Checking Perl package ... "
+which perl 1>/dev/null; ret_val=`echo $?`
+if [ $ret_val -eq 0 ]; then
+  echo "OK"
+else
+  echo "FAILED!"
+  exit 1
+fi
+
+
+# check SOAP::Lite package
+echo -n "Checking SOAP::Lite package ... "
+perl -e 'use SOAP::Lite' 2> $err; ret_val=`echo $?`
+if [ $ret_val -eq 0 ]; then
+  echo "OK"
+else
+ err
+fi
+
+
+# check IO::Socket::SSL package
+echo -n "Checking IO::Socket::SSL package ... "
+perl -e 'use IO::Socket::SSL' 2> $err; ret_val=`echo $?`
+if [ $ret_val -eq 0 ]; then
+  echo "OK"
+else
+  err
+fi
+
+
+# check SOAP::Transport::TCP package
+echo -n "Checking SOAP::Transport::TCP package ... "
+perl -e 'use SOAP::Transport::TCP' 2> $err; ret_val=`echo $?`
+if [ $ret_val -eq 0 ]; then
+  echo "OK"
+else
+  err
+fi
+
+
+# check FindBin package
+echo -n "Checking FindBin package ... "
+perl -e 'use FindBin' 2> $err; ret_val=`echo $?`
+if [ $ret_val -eq 0 ]; then
+  echo "OK"
+else
+  err
+fi
+
+#-------------------------------------------------------------------------------
+#				Installation process
+
+echo
+echo "------------------------- Installation process ---------------------------"
+
+
+# check installation directory
+echo -n "Checking installation directory ... "
+if [ ! -d $prefix ]; then
+  echo "FAILED!"
+  ls $prefix
+  exit 1
+else
+  echo "OK"
+fi
+
+
+# make warden client directory
+echo -n "Making warden client directory ... "
+cp -R ./warden-client $prefix 2> $err; ret_val=`echo $?`
+if [ $ret_val -eq 0 ]; then
+  echo "OK"
+else
+  err_clean
+fi
+
+
+# copy cert key file 
+echo -n "Copying certificate key file ... "
+cp $key $etc 2> $err; ret_val=`echo $?`
+if [ $ret_val -eq 0 ]; then
+  echo "OK"
+else
+  err_clean
+fi
+
+
+# copy cert file
+echo -n "Copying certificate file ... "
+cp $cert $etc 2> $err; ret_val=`echo $?`
+if [ $ret_val -eq 0 ]; then
+  echo "OK"
+else
+  err_clean
+fi
+
+
+# create conf file
+echo -n "Creating configuration file ... "
+echo "#
+# warden-client.conf - configuration file for the warden sender/receiver client
+#
+
+#-------------------------------------------------------------------------------
+# URI - URI address of Warden server
+#-------------------------------------------------------------------------------
+\$URI = \"https://warden.cesnet.cz:443/Warden\";
+
+#-------------------------------------------------------------------------------
+# SSL_KEY_FILE - path to client SSL certificate key file
+#-------------------------------------------------------------------------------
+\$SSL_KEY_FILE = \"$etc/$key_file\";
+
+#-------------------------------------------------------------------------------
+# SSL_CERT_FILE - path to client SSL certificate file
+#-------------------------------------------------------------------------------
+\$SSL_CERT_FILE = \"$etc/$cert_file\";
+
+#-------------------------------------------------------------------------------
+# SSL_CA_FILE - path to CA certificate file
+#-------------------------------------------------------------------------------
+\$SSL_CA_FILE = \"$ca_file\";
+" > $conf_file 2> $err; ret_val=`echo $?`
+if [ $ret_val -eq 0 ]; then
+  echo "OK"
+else
+  err_clean
+fi
+
+
+# change permissions
+echo -n "Changing permissions to installed package ... "
+chown -R $user: $client_path 2>$err; ret_val=`echo $?`
+if [ $ret_val -eq 0 ]; then
+  echo "OK"
+else
+  err_clean
+fi
+
+
+echo
+echo "Please check configuration file in $conf_file!"
+echo
+echo "Installation was SUCCESSFUL!!!"
+
+# cleanup section
+rm -rf $err
+
+exit 0