From c77b04df727cae8df6cbc5f801c3fa7c5e494554 Mon Sep 17 00:00:00 2001
From: Tomas Plesnik <plesnik@ics.muni.cz>
Date: Thu, 1 Dec 2011 22:35:10 +0100
Subject: [PATCH] inicialni stav
---
src/warden-client/bin/receiver.pl | 56 ++++
src/warden-client/bin/sender.pl | 123 ++++++++
src/warden-client/etc/warden-client.conf | 23 ++
src/warden-client/lib/WardenClientConf.pm | 68 ++++
src/warden-client/lib/WardenClientReceive.pm | 204 ++++++++++++
src/warden-client/lib/WardenClientSend.pm | 149 +++++++++
src/warden-client/sh/install.sh | 316 +++++++++++++++++++
7 files changed, 939 insertions(+)
create mode 100755 src/warden-client/bin/receiver.pl
create mode 100755 src/warden-client/bin/sender.pl
create mode 100644 src/warden-client/etc/warden-client.conf
create mode 100755 src/warden-client/lib/WardenClientConf.pm
create mode 100755 src/warden-client/lib/WardenClientReceive.pm
create mode 100755 src/warden-client/lib/WardenClientSend.pm
create mode 100755 src/warden-client/sh/install.sh
diff --git a/src/warden-client/bin/receiver.pl b/src/warden-client/bin/receiver.pl
new file mode 100755
index 0000000..81a6e46
--- /dev/null
+++ b/src/warden-client/bin/receiver.pl
@@ -0,0 +1,56 @@
+#!/usr/bin/perl -w
+#
+# receiver.pl
+#
+# Copyright (C) 2011 Cesnet z.s.p.o
+# Author(s): Tomas PLESNIK <plesnik@ics.muni.cz>
+# Jan SOUKAL <soukal@ics.muni.cz>
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in
+# the documentation and/or other materials provided with the
+# distribution.
+# 3. Neither the name of the Cesnet z.s.p.o nor the names of its
+# contributors may be used to endorse or promote products derived from
+# this software without specific prior written permission.
+#
+# This software is provided ``as is'', and any express or implied
+# warranties, including, but not limited to, the implied warranties of
+# merchantability and fitness for a particular purpose are disclaimed.
+# In no event shall the Masaryk University or contributors be liable for
+# any direct, indirect, incidental, special, exemplary, or consequential
+# damages (including, but not limited to, procurement of substitute
+# goods or services; loss of use, data, or profits; or business
+# interruption) however caused and on any theory of liability, whether
+# in contract, strict liability, or tort (including negligence or
+# otherwise) arising in any way out of the use of this software, even
+# if advised of the possibility of such damage.
+#
+
+use strict;
+
+my $warden_path = '/opt/warden-client';
+require $warden_path . '/lib/WardenClientReceive.pm';
+
+#my $requested_type = "copyright";
+#my $requested_type = "botnet_c_c";
+my $requested_type = "bruteforce";
+my @new_events = WardenClientReceive::getNewEvents($warden_path, $requested_type);
+
+print "+------------------------------------------------------------------------------------------------------------------------------------------+\n";
+print "| id | hostname | service | detected | type | source_type | source | target_proto | target_port | attack_scale | note | priority | timeout |\n";
+print "+------------------------------------------------------------------------------------------------------------------------------------------+\n";
+
+foreach (@new_events) {
+ print "| " . join(' | ', @$_) . " |" . "\n";
+}
+print "+------------------------------------------------------------------------------------------------------------------------------------------+";
+print "\n";
+print "Last events in: " . scalar(localtime(time)) . "\n";
+
+exit 0;
diff --git a/src/warden-client/bin/sender.pl b/src/warden-client/bin/sender.pl
new file mode 100755
index 0000000..0328da1
--- /dev/null
+++ b/src/warden-client/bin/sender.pl
@@ -0,0 +1,123 @@
+#!/usr/bin/perl -w
+#
+# sender.pl
+#
+# Copyright (C) 2011 Cesnet z.s.p.o
+# Author(s): Tomas PLESNIK <plesnik@ics.muni.cz>
+# Jan SOUKAL <soukal@ics.muni.cz>
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in
+# the documentation and/or other materials provided with the
+# distribution.
+# 3. Neither the name of the Cesnet z.s.p.o nor the names of its
+# contributors may be used to endorse or promote products derived from
+# this software without specific prior written permission.
+#
+# This software is provided ``as is'', and any express or implied
+# warranties, including, but not limited to, the implied warranties of
+# merchantability and fitness for a particular purpose are disclaimed.
+# In no event shall the Masaryk University or contributors be liable for
+# any direct, indirect, incidental, special, exemplary, or consequential
+# damages (including, but not limited to, procurement of substitute
+# goods or services; loss of use, data, or profits; or business
+# interruption) however caused and on any theory of liability, whether
+# in contract, strict liability, or tort (including negligence or
+# otherwise) arising in any way out of the use of this software, even
+# if advised of the possibility of such damage.
+#
+
+use Switch;
+use strict;
+
+my $warden_path = '/opt/warden-client';
+require $warden_path . '/lib/WardenClientSend.pm';
+
+my $service = "";
+switch (int(rand(2) + 0.5)) {
+ case 0 { $service = 'ScanDetector'; }
+ case 1 { $service = 'PhiGaro'; }
+ case 2 { $service = 'HoneyScan'; }
+ }
+
+my $detected = "2011-0" . int(rand(9) + 0.5) . "-" . (int(rand(20) + 0.5) + 10) . "T" . (int(rand(14) + 0.5) + 10) . ":" . (int(rand(50) + 0.5) + 10) . ":" . (int(rand(50) + 0.5) + 10);
+
+my $type = "";
+switch (int(rand(9) + 0.5)) {
+ case 0 { $type = 'portscan'; }
+ case 1 { $type = 'bruteforce'; }
+ case 2 { $type = 'spam'; }
+ case 3 { $type = 'phishing'; }
+ case 4 { $type = 'botnet_c_c'; }
+ case 5 { $type = 'dos'; }
+ case 6 { $type = 'malware'; }
+ case 7 { $type = 'copyright'; }
+ case 8 { $type = 'webattack'; }
+ case 9 { $type = 'other'; }
+ }
+
+my $source_type = "";
+switch (int(rand(2) + 0.5)) {
+ case 0 { $source_type = 'IP'; }
+ case 1 { $source_type = 'url'; }
+ case 2 { $source_type = 'Reply-To:'; }
+ }
+
+my $source = (int(rand(254) + 0.5) + 1) . "." . (int(rand(254) + 0.5) + 1) . "." . (int(rand(254) + 0.5) + 1) . "." . (int(rand(254) + 0.5) + 1);
+
+my $target_proto = "";
+switch (int(rand(1) + 0.5)) {
+ case 0 { $target_proto = 'TCP'; }
+ case 1 { $target_proto = 'UDP'; }
+ }
+
+my $target_port = "";
+switch (int(rand(5) + 0.5)) {
+ case 0 { $target_port = '22'; }
+ case 1 { $target_port = '23'; }
+ case 2 { $target_port = '25'; }
+ case 3 { $target_port = '443'; }
+ case 4 { $target_port = '3389'; }
+ case 5 { $target_port = 'null'; }
+ }
+
+my $attack_scale = (int(rand(100000) + 0.5) + 1000);
+
+my $note = "tohle je takova normalni jednoducha poznamka";
+
+my $priority = "";
+switch (int(rand(1) + 0.5)) {
+ case 0 { $priority = int(rand(255) + 0.5); }
+ case 1 { $priority = 'null'; }
+ }
+
+my $timeout = "";
+switch (int(rand(1) + 0.5)) {
+ case 0 { $timeout = int(rand(255) + 0.5); }
+ case 1 { $timeout = 'null'; }
+ }
+
+my @event = (
+ $service, # $service
+ $detected, # $detected
+ $type, # $type
+ $source_type, # $source_type
+ $source, # $source
+ $target_proto, # $target_proto
+ $target_port, # $target_port
+ $attack_scale, # $attack_scale
+ $note, # $note
+ $priority, # $priority
+ $timeout, # $timeout
+ );
+
+WardenClientSend::saveNewEvent($warden_path, \@event);
+
+#foreach (@event) {
+# print "$_\n";
+#}
diff --git a/src/warden-client/etc/warden-client.conf b/src/warden-client/etc/warden-client.conf
new file mode 100644
index 0000000..3eedc98
--- /dev/null
+++ b/src/warden-client/etc/warden-client.conf
@@ -0,0 +1,23 @@
+#
+# warden-client.conf - configuration file for the warden sender/receiver client
+#
+
+#-------------------------------------------------------------------------------
+# URI - URI address of Warden server
+#-------------------------------------------------------------------------------
+$URI = "https://warden-dev.cesnet.cz:443/Warden";
+
+#-------------------------------------------------------------------------------
+# SSL_KEY_FILE - path to client SSL certificate key file
+#-------------------------------------------------------------------------------
+$SSL_KEY_FILE = "/opt/warden-client/etc/warden-dev.cesnet.cz.key";
+
+#-------------------------------------------------------------------------------
+# SSL_CERT_FILE - path to client SSL certificate file
+#-------------------------------------------------------------------------------
+$SSL_CERT_FILE = "/opt/warden-client/etc/warden-dev.cesnet.cz.pem";
+
+#-------------------------------------------------------------------------------
+# SSL_CA_FILE - path to CA certificate file
+#-------------------------------------------------------------------------------
+$SSL_CA_FILE = "/etc/ssl/certs/tcs-ca-bundle.pem";
diff --git a/src/warden-client/lib/WardenClientConf.pm b/src/warden-client/lib/WardenClientConf.pm
new file mode 100755
index 0000000..73b84c1
--- /dev/null
+++ b/src/warden-client/lib/WardenClientConf.pm
@@ -0,0 +1,68 @@
+#!/usr/bin/perl -w
+#
+# WardenClientConf.pm
+#
+# Copyright (C) 2011 Cesnet z.s.p.o
+# Author(s): Tomas PLESNIK <plesnik@ics.muni.cz>
+# Jan SOUKAL <soukal@ics.muni.cz>
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in
+# the documentation and/or other materials provided with the
+# distribution.
+# 3. Neither the name of the Cesnet z.s.p.o nor the names of its
+# contributors may be used to endorse or promote products derived from
+# this software without specific prior written permission.
+#
+# This software is provided ``as is'', and any express or implied
+# warranties, including, but not limited to, the implied warranties of
+# merchantability and fitness for a particular purpose are disclaimed.
+# In no event shall the Masaryk University or contributors be liable for
+# any direct, indirect, incidental, special, exemplary, or consequential
+# damages (including, but not limited to, procurement of substitute
+# goods or services; loss of use, data, or profits; or business
+# interruption) however caused and on any theory of liability, whether
+# in contract, strict liability, or tort (including negligence or
+# otherwise) arising in any way out of the use of this software, even
+# if advised of the possibility of such damage.
+#
+
+package WardenClientConf;
+
+use strict;
+
+our $VERSION = 100;
+
+#-------------------------------------------------------------------------------
+# loadConf - load variables from configuration file
+#-------------------------------------------------------------------------------
+sub loadConf
+{
+ my $conf_file = shift;
+
+ # preset of default variables
+ our $URI = undef;
+ our $SSL_KEY_FILE = undef;
+ our $SSL_CERT_FILE = undef;
+ our $SSL_CA_FILE = undef;
+
+ # read config file
+ if ( ! open( TMP, $conf_file) ) {
+ die("Can't read config file '$conf_file': $!\n");
+ }
+ close TMP;
+
+ # load set variables by user
+ if ( !do $conf_file ) {
+ die("Errors in config file '$conf_file': $@");
+ }
+
+ return ($URI, $SSL_KEY_FILE, $SSL_CERT_FILE, $SSL_CA_FILE);
+
+} # End of loadConf
+1;
diff --git a/src/warden-client/lib/WardenClientReceive.pm b/src/warden-client/lib/WardenClientReceive.pm
new file mode 100755
index 0000000..a90f725
--- /dev/null
+++ b/src/warden-client/lib/WardenClientReceive.pm
@@ -0,0 +1,204 @@
+#!/usr/bin/perl -w
+#
+# WardenClientReceive.pm
+#
+# Copyright (C) 2011 Cesnet z.s.p.o
+# Author(s): Tomas PLESNIK <plesnik@ics.muni.cz>
+# Jan SOUKAL <soukal@ics.muni.cz>
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in
+# the documentation and/or other materials provided with the
+# distribution.
+# 3. Neither the name of the Cesnet z.s.p.o nor the names of its
+# contributors may be used to endorse or promote products derived from
+# this software without specific prior written permission.
+#
+# This software is provided ``as is'', and any express or implied
+# warranties, including, but not limited to, the implied warranties of
+# merchantability and fitness for a particular purpose are disclaimed.
+# In no event shall the Masaryk University or contributors be liable for
+# any direct, indirect, incidental, special, exemplary, or consequential
+# damages (including, but not limited to, procurement of substitute
+# goods or services; loss of use, data, or profits; or business
+# interruption) however caused and on any theory of liability, whether
+# in contract, strict liability, or tort (including negligence or
+# otherwise) arising in any way out of the use of this software, even
+# if advised of the possibility of such damage.
+
+package WardenClientReceive;
+
+use strict;
+use SOAP::Lite;
+use IO::Socket::SSL qw(debug1);
+use SOAP::Transport::TCP;
+use FindBin;
+
+our $VERSION = 100;
+
+#-------------------------------------------------------------------------------
+# errMsg - print error message and die
+#-------------------------------------------------------------------------------
+sub errMsg
+{
+ my $msg = shift;
+ die($msg . "\n");
+} # End of errMsg
+
+
+#-------------------------------------------------------------------------------
+# c2s - connect to server, send request and receive response
+#-------------------------------------------------------------------------------
+sub c2s
+{
+ my $uri = shift;
+ my $ssl_key_file = shift;
+ my $ssl_cert_file = shift;
+ my $ssl_ca_file = shift;
+ my $method = shift;
+ my $data = shift;
+
+ my $client;
+ my ($server, $port, $service) = $uri =~ /https:\/\/(.+)\:(\d+)\/(.+)/;
+ if (!($client = SOAP::Transport::TCP::Client->new(
+ PeerAddr => $server,
+ PeerPort => $port,
+ Proto => 'tcp',
+ SSL_use_cert => 1,
+ SSL_verify_mode => 0x02,
+ SSL_key_file => $ssl_key_file,
+ SSL_cert_file => $ssl_cert_file,
+ SSL_ca_file => $ssl_ca_file,
+ ))) {errMsg("Sorry, unable to create socket: " . &SOAP::Transport::TCP::Client::errstr)}
+
+ # setting of URI and serialize SOAP envelope and data object
+ my $soap = SOAP::Lite->uri($uri);
+ my $envelope;
+ if (!defined $data) {
+ $envelope = $soap->serializer->envelope(method => $method);
+ } else {
+ $envelope = $soap->serializer->envelope(method => $method, $data);
+ }
+
+ # setting of TCP URI and send serialized SOAP envelope and data
+ my $tcp_uri = "tcp://$server:$port/$service";
+ my $result = $client->send_receive(envelope => $envelope, endpoint => $tcp_uri);
+
+ # check server response
+ if (!defined $result) {
+ errMsg("Error: server returned empty response. Probably problem with used SSL ceritificates.");
+ } else {
+ # deserialized response from server -> create SOAP envelope and data object
+ my $response = $soap->deserializer->deserialize($result);
+ # check SOAP fault status
+ $response->fault ? errMsg("Server sent error message:: " . $response->faultstring) : return $response;
+ }
+}
+
+
+#-------------------------------------------------------------------------------
+# getNewEvents - get new events from warden server greater than last received ID
+#-------------------------------------------------------------------------------
+sub getNewEvents
+{
+ my $warden_path = shift;
+ my $requested_type = shift;
+
+ my $vardir = $warden_path . "/var/";
+ my $etcdir = $warden_path . "/etc/";
+ my $libdir = $warden_path . "/lib/";
+
+ # read the config file
+ require $libdir . "WardenClientConf.pm";
+ my $conf_file = $etcdir . "warden-client.conf";
+ my ($uri, $ssl_key_file, $ssl_cert_file, $ssl_ca_file) = WardenClientConf::loadConf($conf_file);
+
+ # set name of ID file for each client aplication
+ my $caller_name = $FindBin::Script;
+ my $id_file = $vardir . $caller_name . ".id";
+
+ #-----------------------------------------------------------------------------
+ # get last ID from ID file (if exist) or
+ # get last ID from warden server DB and save it into ID file
+ my $last_id;
+ if (-e $id_file) {
+ open(ID, "< $id_file") || errMsg("Cannot open ID file $id_file: $!");
+ foreach(<ID>) {
+ $last_id = $_;
+ }
+ close ID;
+ } else {
+ my $response = c2s($uri, $ssl_key_file, $ssl_cert_file, $ssl_ca_file, "getLastId");
+ $last_id = $response->result;
+ open(ID, "> $id_file") || die ("Cannot open ID file $id_file: $!");
+ print ID $last_id;
+ close ID;
+ }
+
+ #-----------------------------------------------------------------------------
+ # get new events from warden server DB based on gathered last ID
+
+ # create SOAP data obejct
+ my $data = SOAP::Data->name(request => \SOAP::Data->value(
+ SOAP::Data->name(REQUESTED_TYPE => $requested_type),
+ SOAP::Data->name(LAST_ID => $last_id)
+ ));
+ my $response = c2s($uri, $ssl_key_file, $ssl_cert_file, $ssl_ca_file, "getNewEvents", $data);
+
+ # match getNewEvents functions response
+ $response->match('/Envelope/Body/getNewEventsResponse/');
+ my ($id, $hostname, $service, $detected, $type, $source_type, $source, $target_proto, $target_port, $attack_scale, $note, $priority, $timeout);
+ my @events;
+
+ # parse returned SOAP data object
+ my $i = 1;
+ $data = $response->valueof("[$i]");
+ while (defined $data) {
+ my @event;
+
+ # parse items of one event
+ $id = $data->{'ID'};
+ $hostname = $data->{'HOSTNAME'};
+ $service = $data->{'SERVICE'};
+ $detected = $data->{'DETECTED'};
+ $type = $data->{'TYPE'};
+ $source_type = $data->{'SOURCE_TYPE'};
+ $source = $data->{'SOURCE'};
+ $target_proto = $data->{'TARGET_PROTO'};
+ $target_port = $data->{'TARGET_PORT'};
+ $attack_scale = $data->{'ATTACK_SCALE'};
+ $note = $data->{'NOTE'};
+ $priority = $data->{'PRIORITY'};
+ $timeout = $data->{'TIMEOUT'};
+
+ # push new event from warden server into @events which is returned
+ @event = ("$id", "$hostname", "$service", "$detected", "$type", "$source_type", "$source", "$target_proto", "$target_port", "$attack_scale", "$note", "$priority", "$timeout");
+ push (@events, \@event);
+
+ # set maximum received ID from current batch
+ if ($id > $last_id) {
+ $last_id = $id;
+ }
+
+ # go to the next received event
+ $i++;
+ $data = $response->valueof("[$i]");
+ }
+
+ # write last return ID
+ if (defined $last_id) { # must be defined for first check ID
+ open(ID, "> $id_file") || die ("Cannot open ID file $id_file: $!");
+ print ID $last_id;
+ close ID;
+ }
+
+ # return event array of arrays
+ return @events;
+} # End of getNewEvents
+
+1;
diff --git a/src/warden-client/lib/WardenClientSend.pm b/src/warden-client/lib/WardenClientSend.pm
new file mode 100755
index 0000000..5644e29
--- /dev/null
+++ b/src/warden-client/lib/WardenClientSend.pm
@@ -0,0 +1,149 @@
+#!/usr/bin/perl -w
+#
+# WardenClientSend.pm
+#
+# Copyright (C) 2011 Cesnet z.s.p.o
+# Author(s): Tomas PLESNIK <plesnik@ics.muni.cz>
+# Jan SOUKAL <soukal@ics.muni.cz>
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in
+# the documentation and/or other materials provided with the
+# distribution.
+# 3. Neither the name of the Cesnet z.s.p.o nor the names of its
+# contributors may be used to endorse or promote products derived from
+# this software without specific prior written permission.
+#
+# This software is provided ``as is'', and any express or implied
+# warranties, including, but not limited to, the implied warranties of
+# merchantability and fitness for a particular purpose are disclaimed.
+# In no event shall the Masaryk University or contributors be liable for
+# any direct, indirect, incidental, special, exemplary, or consequential
+# damages (including, but not limited to, procurement of substitute
+# goods or services; loss of use, data, or profits; or business
+# interruption) however caused and on any theory of liability, whether
+# in contract, strict liability, or tort (including negligence or
+# otherwise) arising in any way out of the use of this software, even
+# if advised of the possibility of such damage.
+
+package WardenClientSend;
+
+use strict;
+use SOAP::Lite;
+use IO::Socket::SSL qw(debug1);
+use SOAP::Transport::TCP;
+
+my $VERSION = 100;
+
+
+#-------------------------------------------------------------------------------
+# errMsg - print error message and die
+#-------------------------------------------------------------------------------
+sub errMsg
+{
+ my $msg = shift;
+ die($msg . "\n");
+} # End of errMsg
+
+
+#-------------------------------------------------------------------------------
+# c2s - connect to server, send request and receive response
+#-------------------------------------------------------------------------------
+sub c2s
+{
+ my $uri = shift;
+ my $ssl_key_file = shift;
+ my $ssl_cert_file = shift;
+ my $ssl_ca_file = shift;
+ my $method = shift;
+ my $data = shift;
+
+ my $client;
+ my ($server, $port, $service) = $uri =~ /https:\/\/(.+)\:(\d+)\/(.+)/;
+ if (!($client = SOAP::Transport::TCP::Client->new(
+ PeerAddr => $server,
+ PeerPort => $port,
+ Proto => 'tcp',
+ SSL_use_cert => 1,
+ SSL_verify_mode => 0x02,
+ SSL_key_file => $ssl_key_file,
+ SSL_cert_file => $ssl_cert_file,
+ SSL_ca_file => $ssl_ca_file,
+ ))) {errMsg("Sorry, unable to create socket: " . &SOAP::Transport::TCP::Client::errstr)}
+
+ # setting of URI and serialize SOAP envelope and data object
+ my $soap = SOAP::Lite->uri($uri);
+ my $envelope = $soap->serializer->envelope(method => $method, $data);
+
+ # setting of TCP URI and send serialized SOAP envelope and data
+ my $tcp_uri = "tcp://$server:$port/$service";
+ my $result = $client->send_receive(envelope => $envelope, endpoint => $tcp_uri);
+
+ # check server response
+ if (!defined $result) {
+ errMsg("Error: server returned empty response. Probably problem with used SSL ceritificates.");
+ } else {
+ # deserialized response from server -> create SOAP envelope and data object
+ my $response = $soap->deserializer->deserialize($result);
+ # check SOAP fault status
+ $response->fault ? errMsg("Server sent error message:: " . $response->faultstring) : return 1;
+ }
+}
+
+
+#-------------------------------------------------------------------------------
+# saveNewEvent - send new event from detection scripts to warden server
+#-------------------------------------------------------------------------------
+sub saveNewEvent
+{
+ my $warden_path = shift;
+ my $event_ref = shift;
+
+ my $etcdir = $warden_path . "/etc/";
+ my $libdir = $warden_path . "/lib/";
+
+ # read the config file
+ require $libdir . "WardenClientConf.pm";
+ my $conf_file = $etcdir . "warden-client.conf";
+ my ($uri, $ssl_key_file, $ssl_cert_file, $ssl_ca_file) = WardenClientConf::loadConf($conf_file);
+
+ # prepare variables of event
+ my @event = @{$event_ref};
+ my $service = $event[0];
+ my $detected = $event[1];
+ my $type = $event[2];
+ my $source_type = $event[3];
+ my $source = $event[4];
+ my $target_proto = $event[5];
+ my $target_port = $event[6];
+ my $attack_scale = $event[7];
+ my $note = $event[8];
+ my $priority = $event[9];
+ my $timeout = $event[10];
+
+ # create SOAP data object
+ my $event = SOAP::Data->name(event => \SOAP::Data->value(
+ SOAP::Data->name(SERVICE => $service),
+ SOAP::Data->name(DETECTED => $detected),
+ SOAP::Data->name(TYPE => $type),
+ SOAP::Data->name(SOURCE_TYPE => $source_type),
+ SOAP::Data->name(SOURCE => $source),
+ SOAP::Data->name(TARGET_PROTO => $target_proto),
+ SOAP::Data->name(TARGET_PORT => $target_port),
+ SOAP::Data->name(ATTACK_SCALE => $attack_scale),
+ SOAP::Data->name(NOTE => $note),
+ SOAP::Data->name(PRIORITY => $priority),
+ SOAP::Data->name(TIMEOUT => $timeout)
+ ));
+
+ my $result = c2s($uri, $ssl_key_file, $ssl_cert_file, $ssl_ca_file, "saveNewEvent", $event);
+ $result ? return 1 : return 0;
+
+} # End of saveNewEvent
+
+1;
diff --git a/src/warden-client/sh/install.sh b/src/warden-client/sh/install.sh
new file mode 100755
index 0000000..1ebe9a1
--- /dev/null
+++ b/src/warden-client/sh/install.sh
@@ -0,0 +1,316 @@
+#!/bin/bash
+#
+# install.sh
+#
+# Copyright (C) 2011 Cesnet z.s.p.o
+# Author(s): Tomas PLESNIK <plesnik@ics.muni.cz>
+# Jan SOUKAL <soukal@ics.muni.cz>
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in
+# the documentation and/or other materials provided with the
+# distribution.
+# 3. Neither the name of the Company nor the names of its
+# contributors may be used to endorse or promote products derived from
+# this software without specific prior written permission.
+#
+# This software is provided ``as is'', and any express or implied
+# warranties, including, but not limited to, the implied warranties of
+# merchantability and fitness for a particular purpose are disclaimed.
+# In no event shall the Masaryk University or contributors be liable for
+# any direct, indirect, incidental, special, exemplary, or consequential
+# damages (including, but not limited to, procurement of substitute
+# goods or services; loss of use, data, or profits; or business
+# interruption) however caused and on any theory of liability, whether
+# in contract, strict liability, or tort (including negligence or
+# otherwise) arising in any way out of the use of this software, even
+# if advised of the possibility of such damage.
+
+VERSION="1.0.0"
+
+#-------------------------------------------------------------------------------
+# FUNCTIONS
+#-------------------------------------------------------------------------------
+usage()
+{
+echo "Usage: `basename $0` [-d <directory>] [-u <user>] [-k <ssl_key_file>] [-c <ssl_cert_file>] [-a <ssl_ca_file>] [-hV]"
+echo "-d <directory> installation directory (default: /opt)"
+echo "-u <user> owner of warden client package (user for running detection scripts)"
+echo "-k <ssl_key_file> path to SSL certificate key file"
+echo "-c <ssl_cert_file> path to SSL certificate file"
+echo "-a <ssl_ca_file> path to CA certificate file"
+echo "-h print this help"
+echo "-V print script version number and exit"
+echo
+echo "Example: ./`basename $0` -d /opt -u detector -k /etc/ssl/private/client.key -c /etc/ssl/certs/client.pem -a /etc/ssl/certs/tcs-ca-bundle.pem"
+echo
+echo "Note: You must be root for running this script."
+echo " For more information about installation process, see README file (section Installation)."
+echo
+exit 0
+}
+
+
+version()
+{
+ echo "`basename ${0}` - current version is $VERSION"
+ exit 0
+}
+
+
+err()
+{
+ echo "FAILED!"
+ cat $err
+ echo
+ echo "Installation FAILED!!!"
+ exit 1
+}
+
+
+err_clean()
+{
+ echo "FAILED!"
+ echo " -> Uninstalling client package ... OK"
+ rm -rf $client_path > /dev/null 2>&1
+ cat $err
+ rm -rf $err
+ echo
+ echo "Installation FAILED!!!"
+ exit 1
+}
+
+
+#-------------------------------------------------------------------------------
+# MAIN
+#-------------------------------------------------------------------------------
+
+# OS test
+OS=`uname`
+if [ "$OS" != "Linux" ]; then
+ echo "Sorry, unsupported operating system detected - \"$OS\"!"
+ exit 1
+fi
+
+
+# shell test
+SHELL=`echo $SHELL`
+if [ "$SHELL" != "/bin/bash" ]; then
+ echo "Sorry, this script is usable in Bourne Again Shell (bash) only!"
+ exit 1
+fi
+
+
+# read input
+while getopts "d:u:k:c:a:Vh" options; do
+ case $options in
+ d ) prefix=$OPTARG;;
+ u ) user=$OPTARG;;
+ k ) key=$OPTARG;;
+ c ) cert=$OPTARG;;
+ a ) ca_file=$OPTARG;;
+ h ) usage;;
+ V ) version;;
+ * ) usage;;
+ esac
+done
+
+
+# root controle
+if [ $UID -ne 0 ]; then
+ echo "You must be root for running this script!"
+ exit 1
+fi
+
+
+# check inputs
+if [ -z $prefix ]; then
+ prefix=/opt
+ echo "Warning: parameter -d <directory> is not set - default installation directory is /opt!"
+fi
+if [ -z $user ]; then
+ echo "Parameter -u <user> is not set!"
+ exit 1
+fi
+if [ -z $key ]; then
+ echo "Parameter -k <ssl_key_file> is not set!"
+ exit 1
+fi
+if [ -z $cert ]; then
+ echo "Parameter -c <ssl_cert_file> is not set!"
+ exit 1
+fi
+if [ -z $ca_file ]; then
+ echo "Parameter -a <ssl_ca_file> is not set!"
+ exit 1
+fi
+
+
+# create variables
+key_file=`basename $key`
+cert_file=`basename $cert`
+client_path="$prefix/warden-client"
+etc="$client_path/etc"
+conf_file="$etc/warden-client.conf"
+err="/tmp/warden-err"
+
+#-------------------------------------------------------------------------------
+# Dependencies check-in
+
+echo "------------------------- Dependencies check-in ---------------------------"
+
+# check Perl interpreter
+echo -n "Checking Perl package ... "
+which perl 1>/dev/null; ret_val=`echo $?`
+if [ $ret_val -eq 0 ]; then
+ echo "OK"
+else
+ echo "FAILED!"
+ exit 1
+fi
+
+
+# check SOAP::Lite package
+echo -n "Checking SOAP::Lite package ... "
+perl -e 'use SOAP::Lite' 2> $err; ret_val=`echo $?`
+if [ $ret_val -eq 0 ]; then
+ echo "OK"
+else
+ err
+fi
+
+
+# check IO::Socket::SSL package
+echo -n "Checking IO::Socket::SSL package ... "
+perl -e 'use IO::Socket::SSL' 2> $err; ret_val=`echo $?`
+if [ $ret_val -eq 0 ]; then
+ echo "OK"
+else
+ err
+fi
+
+
+# check SOAP::Transport::TCP package
+echo -n "Checking SOAP::Transport::TCP package ... "
+perl -e 'use SOAP::Transport::TCP' 2> $err; ret_val=`echo $?`
+if [ $ret_val -eq 0 ]; then
+ echo "OK"
+else
+ err
+fi
+
+
+# check FindBin package
+echo -n "Checking FindBin package ... "
+perl -e 'use FindBin' 2> $err; ret_val=`echo $?`
+if [ $ret_val -eq 0 ]; then
+ echo "OK"
+else
+ err
+fi
+
+#-------------------------------------------------------------------------------
+# Installation process
+
+echo
+echo "------------------------- Installation process ---------------------------"
+
+
+# check installation directory
+echo -n "Checking installation directory ... "
+if [ ! -d $prefix ]; then
+ echo "FAILED!"
+ ls $prefix
+ exit 1
+else
+ echo "OK"
+fi
+
+
+# make warden client directory
+echo -n "Making warden client directory ... "
+cp -R ./warden-client $prefix 2> $err; ret_val=`echo $?`
+if [ $ret_val -eq 0 ]; then
+ echo "OK"
+else
+ err_clean
+fi
+
+
+# copy cert key file
+echo -n "Copying certificate key file ... "
+cp $key $etc 2> $err; ret_val=`echo $?`
+if [ $ret_val -eq 0 ]; then
+ echo "OK"
+else
+ err_clean
+fi
+
+
+# copy cert file
+echo -n "Copying certificate file ... "
+cp $cert $etc 2> $err; ret_val=`echo $?`
+if [ $ret_val -eq 0 ]; then
+ echo "OK"
+else
+ err_clean
+fi
+
+
+# create conf file
+echo -n "Creating configuration file ... "
+echo "#
+# warden-client.conf - configuration file for the warden sender/receiver client
+#
+
+#-------------------------------------------------------------------------------
+# URI - URI address of Warden server
+#-------------------------------------------------------------------------------
+\$URI = \"https://warden.cesnet.cz:443/Warden\";
+
+#-------------------------------------------------------------------------------
+# SSL_KEY_FILE - path to client SSL certificate key file
+#-------------------------------------------------------------------------------
+\$SSL_KEY_FILE = \"$etc/$key_file\";
+
+#-------------------------------------------------------------------------------
+# SSL_CERT_FILE - path to client SSL certificate file
+#-------------------------------------------------------------------------------
+\$SSL_CERT_FILE = \"$etc/$cert_file\";
+
+#-------------------------------------------------------------------------------
+# SSL_CA_FILE - path to CA certificate file
+#-------------------------------------------------------------------------------
+\$SSL_CA_FILE = \"$ca_file\";
+" > $conf_file 2> $err; ret_val=`echo $?`
+if [ $ret_val -eq 0 ]; then
+ echo "OK"
+else
+ err_clean
+fi
+
+
+# change permissions
+echo -n "Changing permissions to installed package ... "
+chown -R $user: $client_path 2>$err; ret_val=`echo $?`
+if [ $ret_val -eq 0 ]; then
+ echo "OK"
+else
+ err_clean
+fi
+
+
+echo
+echo "Please check configuration file in $conf_file!"
+echo
+echo "Installation was SUCCESSFUL!!!"
+
+# cleanup section
+rm -rf $err
+
+exit 0
--
GitLab